]>
Commit | Line | Data |
---|---|---|
5183ebdc | 1 | /* |
33388b44 | 2 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
5183ebdc RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
dbde4726 P |
10 | /* |
11 | * HMAC low level APIs are deprecated for public use, but still ok for internal | |
12 | * use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
3fddbb26 MC |
16 | #include <string.h> |
17 | ||
23c48d94 | 18 | #include <openssl/core_dispatch.h> |
5183ebdc RL |
19 | #include <openssl/core_names.h> |
20 | #include <openssl/params.h> | |
21 | #include <openssl/engine.h> | |
22 | #include <openssl/evp.h> | |
23 | #include <openssl/hmac.h> | |
24 | ||
af3e7e1b | 25 | #include "prov/implementations.h" |
ddd21319 RL |
26 | #include "prov/provider_ctx.h" |
27 | #include "prov/provider_util.h" | |
5b104a81 | 28 | #include "prov/providercommon.h" |
5183ebdc RL |
29 | |
30 | /* | |
31 | * Forward declaration of everything implemented here. This is not strictly | |
32 | * necessary for the compiler, but provides an assurance that the signatures | |
33 | * of the functions in the dispatch table are correct. | |
34 | */ | |
363b1e5d DMSP |
35 | static OSSL_FUNC_mac_newctx_fn hmac_new; |
36 | static OSSL_FUNC_mac_dupctx_fn hmac_dup; | |
37 | static OSSL_FUNC_mac_freectx_fn hmac_free; | |
38 | static OSSL_FUNC_mac_gettable_ctx_params_fn hmac_gettable_ctx_params; | |
39 | static OSSL_FUNC_mac_get_ctx_params_fn hmac_get_ctx_params; | |
40 | static OSSL_FUNC_mac_settable_ctx_params_fn hmac_settable_ctx_params; | |
41 | static OSSL_FUNC_mac_set_ctx_params_fn hmac_set_ctx_params; | |
42 | static OSSL_FUNC_mac_init_fn hmac_init; | |
43 | static OSSL_FUNC_mac_update_fn hmac_update; | |
44 | static OSSL_FUNC_mac_final_fn hmac_final; | |
5183ebdc RL |
45 | |
46 | /* local HMAC context structure */ | |
47 | ||
48 | /* typedef EVP_MAC_IMPL */ | |
49 | struct hmac_data_st { | |
50 | void *provctx; | |
51 | HMAC_CTX *ctx; /* HMAC context */ | |
103d8b0b | 52 | PROV_DIGEST digest; |
3fddbb26 MC |
53 | unsigned char *key; |
54 | size_t keylen; | |
2e2084da | 55 | /* Length of full TLS record including the MAC and any padding */ |
3fddbb26 MC |
56 | size_t tls_data_size; |
57 | unsigned char tls_header[13]; | |
58 | int tls_header_set; | |
59 | unsigned char tls_mac_out[EVP_MAX_MD_SIZE]; | |
60 | size_t tls_mac_out_size; | |
5183ebdc RL |
61 | }; |
62 | ||
3fddbb26 MC |
63 | /* Defined in ssl/s3_cbc.c */ |
64 | int ssl3_cbc_digest_record(const EVP_MD *md, | |
65 | unsigned char *md_out, | |
66 | size_t *md_out_size, | |
67 | const unsigned char header[13], | |
68 | const unsigned char *data, | |
e08f86dd | 69 | size_t data_size, |
3fddbb26 MC |
70 | size_t data_plus_mac_plus_padding_size, |
71 | const unsigned char *mac_secret, | |
72 | size_t mac_secret_length, char is_sslv3); | |
73 | ||
5183ebdc RL |
74 | static void *hmac_new(void *provctx) |
75 | { | |
76 | struct hmac_data_st *macctx; | |
77 | ||
5b104a81 P |
78 | if (!ossl_prov_is_running()) |
79 | return NULL; | |
80 | ||
5183ebdc RL |
81 | if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL |
82 | || (macctx->ctx = HMAC_CTX_new()) == NULL) { | |
83 | OPENSSL_free(macctx); | |
84 | return NULL; | |
85 | } | |
86 | /* TODO(3.0) Should we do something more with that context? */ | |
87 | macctx->provctx = provctx; | |
88 | ||
89 | return macctx; | |
90 | } | |
91 | ||
92 | static void hmac_free(void *vmacctx) | |
93 | { | |
94 | struct hmac_data_st *macctx = vmacctx; | |
95 | ||
96 | if (macctx != NULL) { | |
97 | HMAC_CTX_free(macctx->ctx); | |
103d8b0b | 98 | ossl_prov_digest_reset(&macctx->digest); |
3fddbb26 | 99 | OPENSSL_secure_clear_free(macctx->key, macctx->keylen); |
5183ebdc RL |
100 | OPENSSL_free(macctx); |
101 | } | |
102 | } | |
103 | ||
104 | static void *hmac_dup(void *vsrc) | |
105 | { | |
106 | struct hmac_data_st *src = vsrc; | |
5b104a81 | 107 | struct hmac_data_st *dst; |
3fddbb26 | 108 | HMAC_CTX *ctx; |
5183ebdc | 109 | |
5b104a81 P |
110 | if (!ossl_prov_is_running()) |
111 | return NULL; | |
112 | dst = hmac_new(src->provctx); | |
5183ebdc RL |
113 | if (dst == NULL) |
114 | return NULL; | |
115 | ||
3fddbb26 MC |
116 | ctx = dst->ctx; |
117 | *dst = *src; | |
118 | dst->ctx = ctx; | |
119 | dst->key = NULL; | |
120 | ||
103d8b0b P |
121 | if (!HMAC_CTX_copy(dst->ctx, src->ctx) |
122 | || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { | |
5183ebdc RL |
123 | hmac_free(dst); |
124 | return NULL; | |
125 | } | |
3fddbb26 MC |
126 | if (src->key != NULL) { |
127 | /* There is no "secure" OPENSSL_memdup */ | |
00108705 | 128 | dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1); |
3fddbb26 MC |
129 | if (dst->key == NULL) { |
130 | hmac_free(dst); | |
131 | return 0; | |
132 | } | |
133 | memcpy(dst->key, src->key, src->keylen); | |
134 | } | |
5183ebdc RL |
135 | return dst; |
136 | } | |
137 | ||
138 | static size_t hmac_size(void *vmacctx) | |
139 | { | |
140 | struct hmac_data_st *macctx = vmacctx; | |
141 | ||
142 | return HMAC_size(macctx->ctx); | |
143 | } | |
144 | ||
145 | static int hmac_init(void *vmacctx) | |
146 | { | |
147 | struct hmac_data_st *macctx = vmacctx; | |
5b104a81 | 148 | const EVP_MD *digest; |
5183ebdc RL |
149 | int rv = 1; |
150 | ||
5b104a81 P |
151 | if (!ossl_prov_is_running()) |
152 | return 0; | |
153 | ||
154 | digest = ossl_prov_digest_md(&macctx->digest); | |
5183ebdc | 155 | /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ |
3fddbb26 | 156 | if (macctx->tls_data_size == 0 && digest != NULL) |
103d8b0b P |
157 | rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest, |
158 | ossl_prov_digest_engine(&macctx->digest)); | |
3fddbb26 | 159 | |
5183ebdc RL |
160 | return rv; |
161 | } | |
162 | ||
163 | static int hmac_update(void *vmacctx, const unsigned char *data, | |
164 | size_t datalen) | |
165 | { | |
166 | struct hmac_data_st *macctx = vmacctx; | |
167 | ||
3fddbb26 MC |
168 | if (macctx->tls_data_size > 0) { |
169 | /* We're doing a TLS HMAC */ | |
170 | if (!macctx->tls_header_set) { | |
171 | /* We expect the first update call to contain the TLS header */ | |
172 | if (datalen != sizeof(macctx->tls_header)) | |
173 | return 0; | |
174 | memcpy(macctx->tls_header, data, datalen); | |
175 | macctx->tls_header_set = 1; | |
176 | return 1; | |
177 | } | |
2e2084da MC |
178 | /* macctx->tls_data_size is datalen plus the padding length */ |
179 | if (macctx->tls_data_size < datalen) | |
3fddbb26 MC |
180 | return 0; |
181 | ||
182 | return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest), | |
183 | macctx->tls_mac_out, | |
184 | &macctx->tls_mac_out_size, | |
185 | macctx->tls_header, | |
186 | data, | |
3fddbb26 | 187 | datalen, |
2e2084da | 188 | macctx->tls_data_size, |
3fddbb26 MC |
189 | macctx->key, |
190 | macctx->keylen, | |
191 | 0); | |
192 | } | |
193 | ||
5183ebdc RL |
194 | return HMAC_Update(macctx->ctx, data, datalen); |
195 | } | |
196 | ||
197 | static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, | |
198 | size_t outsize) | |
199 | { | |
200 | unsigned int hlen; | |
201 | struct hmac_data_st *macctx = vmacctx; | |
202 | ||
5b104a81 P |
203 | if (!ossl_prov_is_running()) |
204 | return 0; | |
3fddbb26 MC |
205 | if (macctx->tls_data_size > 0) { |
206 | if (macctx->tls_mac_out_size == 0) | |
207 | return 0; | |
208 | if (outl != NULL) | |
209 | *outl = macctx->tls_mac_out_size; | |
210 | memcpy(out, macctx->tls_mac_out, macctx->tls_mac_out_size); | |
211 | return 1; | |
212 | } | |
5183ebdc RL |
213 | if (!HMAC_Final(macctx->ctx, out, &hlen)) |
214 | return 0; | |
5f6a0b2f | 215 | *outl = hlen; |
5183ebdc RL |
216 | return 1; |
217 | } | |
218 | ||
219 | static const OSSL_PARAM known_gettable_ctx_params[] = { | |
703170d4 | 220 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
5183ebdc RL |
221 | OSSL_PARAM_END |
222 | }; | |
1017ab21 | 223 | static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *provctx) |
5183ebdc RL |
224 | { |
225 | return known_gettable_ctx_params; | |
226 | } | |
227 | ||
92d9d0ae | 228 | static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
5183ebdc RL |
229 | { |
230 | OSSL_PARAM *p; | |
231 | ||
703170d4 | 232 | if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL) |
5183ebdc RL |
233 | return OSSL_PARAM_set_size_t(p, hmac_size(vmacctx)); |
234 | ||
235 | return 1; | |
236 | } | |
237 | ||
238 | static const OSSL_PARAM known_settable_ctx_params[] = { | |
5183ebdc | 239 | OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, NULL, 0), |
5183ebdc RL |
240 | OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0), |
241 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), | |
242 | OSSL_PARAM_int(OSSL_MAC_PARAM_FLAGS, NULL), | |
3fddbb26 | 243 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, NULL), |
5183ebdc RL |
244 | OSSL_PARAM_END |
245 | }; | |
1017ab21 | 246 | static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *provctx) |
5183ebdc RL |
247 | { |
248 | return known_settable_ctx_params; | |
249 | } | |
250 | ||
251 | /* | |
252 | * ALL parameters should be set before init(). | |
253 | */ | |
92d9d0ae | 254 | static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) |
5183ebdc RL |
255 | { |
256 | struct hmac_data_st *macctx = vmacctx; | |
a829b735 | 257 | OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(macctx->provctx); |
5183ebdc RL |
258 | const OSSL_PARAM *p; |
259 | ||
103d8b0b P |
260 | if (!ossl_prov_digest_load_from_params(&macctx->digest, params, ctx)) |
261 | return 0; | |
5183ebdc | 262 | |
5183ebdc RL |
263 | /* TODO(3.0) formalize the meaning of "flags", perhaps as other params */ |
264 | if ((p = OSSL_PARAM_locate_const(params, | |
265 | OSSL_MAC_PARAM_FLAGS)) != NULL) { | |
266 | int flags = 0; | |
267 | ||
268 | if (!OSSL_PARAM_get_int(p, &flags)) | |
269 | return 0; | |
270 | HMAC_CTX_set_flags(macctx->ctx, flags); | |
271 | } | |
272 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { | |
273 | if (p->data_type != OSSL_PARAM_OCTET_STRING) | |
274 | return 0; | |
275 | ||
3fddbb26 MC |
276 | if (macctx->keylen > 0) |
277 | OPENSSL_secure_clear_free(macctx->key, macctx->keylen); | |
278 | /* Keep a copy of the key if we need it for TLS HMAC */ | |
00108705 | 279 | macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); |
3fddbb26 MC |
280 | if (macctx->key == NULL) |
281 | return 0; | |
282 | memcpy(macctx->key, p->data, p->data_size); | |
283 | macctx->keylen = p->data_size; | |
284 | ||
5183ebdc | 285 | if (!HMAC_Init_ex(macctx->ctx, p->data, p->data_size, |
103d8b0b P |
286 | ossl_prov_digest_md(&macctx->digest), |
287 | NULL /* ENGINE */)) | |
5183ebdc RL |
288 | return 0; |
289 | ||
3fddbb26 MC |
290 | } |
291 | if ((p = OSSL_PARAM_locate_const(params, | |
292 | OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) { | |
293 | if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size)) | |
294 | return 0; | |
5183ebdc RL |
295 | } |
296 | return 1; | |
297 | } | |
298 | ||
1be63951 | 299 | const OSSL_DISPATCH ossl_hmac_functions[] = { |
5183ebdc RL |
300 | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))hmac_new }, |
301 | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))hmac_dup }, | |
302 | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))hmac_free }, | |
303 | { OSSL_FUNC_MAC_INIT, (void (*)(void))hmac_init }, | |
304 | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))hmac_update }, | |
305 | { OSSL_FUNC_MAC_FINAL, (void (*)(void))hmac_final }, | |
306 | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, | |
307 | (void (*)(void))hmac_gettable_ctx_params }, | |
92d9d0ae | 308 | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))hmac_get_ctx_params }, |
5183ebdc RL |
309 | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
310 | (void (*)(void))hmac_settable_ctx_params }, | |
92d9d0ae | 311 | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))hmac_set_ctx_params }, |
5183ebdc RL |
312 | { 0, NULL } |
313 | }; |