d5/d51/openssl__hmac_8cc_source.html

// Copyright (C) 2014-2022 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


#include <config.h>


#include <cryptolink.h>

#include <cryptolink/crypto_hmac.h>


#include <boost/scoped_ptr.hpp>


#include <openssl/evp.h>


#include <cryptolink/openssl_common.h>

#define KEA_HASH

#define KEA_HMAC

#include <cryptolink/openssl_compat.h>


#include <cstring>


namespace isc {

namespace cryptolink {


class HMACImpl {

public:

    explicit HMACImpl(const void* secret, size_t secret_len,

                      const HashAlgorithm hash_algorithm)

        : hash_algorithm_(hash_algorithm), md_(), digest_() {

        const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm);

        if (algo == 0) {

            isc_throw(UnsupportedAlgorithm,

                      "Unknown hash algorithm: " <<

                      static_cast<int>(hash_algorithm));

        }

        if (secret_len == 0) {

            isc_throw(BadKey, "Bad HMAC secret length: 0");

        }


        md_ = EVP_MD_CTX_new();

        if (md_ == 0) {

            isc_throw(LibraryError, "OpenSSL EVP_MD_CTX_new() failed");

        }


        EVP_PKEY* pkey =

            EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,

                                         reinterpret_cast<const unsigned char*>(secret),

                                         secret_len);


        if (pkey == 0) {

            isc_throw(LibraryError,

                      "OpenSSL EVP_PKEY_new_raw_private_key() failed");

        }


        if (!EVP_DigestSignInit(md_, NULL, algo, NULL, pkey)) {

            EVP_PKEY_free(pkey);

            isc_throw(LibraryError, "OpenSSL EVP_DigestSignInit() failed");

        }


        EVP_PKEY_free(pkey);

    }


    ~HMACImpl() {

        if (md_) {

            EVP_MD_CTX_free(md_);

        }

        md_ = 0;

    }


    HashAlgorithm getHashAlgorithm() const {

        return (hash_algorithm_);

    }


    size_t getOutputLength() const {

        return (EVP_MD_CTX_size(md_));

    }


    void update(const void* data, const size_t len) {

        if (len == 0) {

            return;

        }


        if (!EVP_DigestSignUpdate(md_, data, len)) {

            isc_throw(LibraryError, "OpenSSL EVP_DigestSignUpdate() failed");

        }

    }


    void sign(isc::util::OutputBuffer& result, size_t len) {

        size_t size = getOutputLength();

        ossl::SecBuf<unsigned char> digest(size);

        size_t digest_len = size;

        if (!EVP_DigestSignFinal(md_, &digest[0], &digest_len)) {

            isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

        }

        if (digest_len != size) {

            isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

        }

        if (len > size) {

            len = size;

        }

        result.writeData(&digest[0], len);

    }


    void sign(void* result, size_t len) {

        size_t size = getOutputLength();

        ossl::SecBuf<unsigned char> digest(size);

        size_t digest_len = size;

        if (!EVP_DigestSignFinal(md_, &digest[0], &digest_len)) {

            isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

        }

        if (digest_len != size) {

            isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

        }

        if (len > size) {

            len = size;

        }

        std::memcpy(result, &digest[0], len);

    }


    std::vector<uint8_t> sign(size_t len) {

        size_t size = getOutputLength();

        ossl::SecBuf<unsigned char> digest(size);

        size_t digest_len = size;

        if (!EVP_DigestSignFinal(md_, &digest[0], &digest_len)) {

            isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

        }

        if (digest_len != size) {

            isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

        }

        if (len < size) {

            digest.resize(len);

        }

        return (std::vector<uint8_t>(digest.begin(), digest.end()));

    }


    bool verify(const void* sig, size_t len) {

        // Check the length

        size_t size = getOutputLength();

        if (len < 10 || len < size / 2) {

            return (false);

        }

        if (digest_.size() == 0) {

            digest_.resize(size);

            size_t digest_len = size;

            if (!EVP_DigestSignFinal(md_, &digest_[0], &digest_len)) {

                isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

            }

            if (digest_len != size) {

                isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

            }

        }

        if (len > size) {

            len = size;

        }

        return (digest_.same(sig, len));

    }


private:

    HashAlgorithm hash_algorithm_;


    EVP_MD_CTX* md_;


    ossl::SecBuf<unsigned char> digest_;

};


HMAC::HMAC(const void* secret, size_t secret_length,

           const HashAlgorithm hash_algorithm)

{

    impl_ = new HMACImpl(secret, secret_length, hash_algorithm);

}


HMAC::~HMAC() {

    delete impl_;

}


HashAlgorithm

HMAC::getHashAlgorithm() const {

    return (impl_->getHashAlgorithm());

}


size_t

HMAC::getOutputLength() const {

    return (impl_->getOutputLength());

}


void

HMAC::update(const void* data, const size_t len) {

    impl_->update(data, len);

}


void

HMAC::sign(isc::util::OutputBuffer& result, size_t len) {

    impl_->sign(result, len);

}


void

HMAC::sign(void* result, size_t len) {

    impl_->sign(result, len);

}


std::vector<uint8_t>

HMAC::sign(size_t len) {

    return impl_->sign(len);

}


bool

HMAC::verify(const void* sig, const size_t len) {

    return (impl_->verify(sig, len));

}


} // namespace cryptolink

} // namespace isc

isc::cryptolink::BadKey
This exception is thrown when the underlying library could not handle the key data.
Definition: cryptolink.h:76

isc::cryptolink::HMACImpl::sign
std::vector< uint8_t > sign(size_t len)
Calculate the final signature.
Definition: openssl_hmac.cc:147

isc::cryptolink::HMACImpl::~HMACImpl
~HMACImpl()
Destructor.
Definition: openssl_hmac.cc:74

isc::cryptolink::HMACImpl::sign
void sign(void *result, size_t len)
Calculate the final signature.
Definition: openssl_hmac.cc:128

isc::cryptolink::HMACImpl::getOutputLength
size_t getOutputLength() const
Returns the output size of the digest.
Definition: openssl_hmac.cc:89

isc::cryptolink::HMACImpl::getHashAlgorithm
HashAlgorithm getHashAlgorithm() const
Returns the HashAlgorithm of the object.
Definition: openssl_hmac.cc:82

isc::cryptolink::HMACImpl::HMACImpl
HMACImpl(const void *secret, size_t secret_len, const HashAlgorithm hash_algorithm)
Constructor from a secret and a hash algorithm.
Definition: openssl_hmac.cc:37

isc::cryptolink::HMACImpl::sign
void sign(isc::util::OutputBuffer &result, size_t len)
Calculate the final signature.
Definition: openssl_hmac.cc:109

isc::cryptolink::HMACImpl::verify
bool verify(const void *sig, size_t len)
Verify an existing signature.
Definition: openssl_hmac.cc:166

isc::cryptolink::HMACImpl::update
void update(const void *data, const size_t len)
Add data to digest.
Definition: openssl_hmac.cc:96

isc::cryptolink::HMAC::update
void update(const void *data, const size_t len)
Add data to digest.
Definition: botan_hmac.cc:220

isc::cryptolink::HMAC::verify
bool verify(const void *sig, size_t len)
Verify an existing signature.
Definition: botan_hmac.cc:240

isc::cryptolink::HMAC::getOutputLength
size_t getOutputLength() const
Returns the output size of the digest.
Definition: botan_hmac.cc:215

isc::cryptolink::HMAC::~HMAC
~HMAC()
Destructor.
Definition: botan_hmac.cc:205

isc::cryptolink::HMAC::sign
void sign(isc::util::OutputBuffer &result, size_t len)
Calculate the final signature.
Definition: botan_hmac.cc:225

isc::cryptolink::HMAC::getHashAlgorithm
HashAlgorithm getHashAlgorithm() const
Returns the HashAlgorithm of the object.
Definition: botan_hmac.cc:210

isc::cryptolink::LibraryError
This exception is raised when a general error that was not specifically caught is thrown by the under...
Definition: cryptolink.h:86

isc::cryptolink::UnsupportedAlgorithm
This exception is thrown when a cryptographic action is requested for an algorithm that is not suppor...
Definition: cryptolink.h:68

isc::cryptolink::ossl::SecBuf
Secure Buffers which are wiped out when released.
Definition: openssl_common.h:23

isc::util::OutputBuffer
The OutputBuffer class is a buffer abstraction for manipulating mutable data.
Definition: buffer.h:347

isc::util::OutputBuffer::writeData
void writeData(const void *data, size_t len)
Copy an arbitrary length of data into the buffer.
Definition: buffer.h:556

crypto_hmac.h

cryptolink.h

isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition: exceptions/exceptions.h:210

isc::cryptolink::ossl::getHashAlgorithm
const EVP_MD * getHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm)
Decode the HashAlgorithm enum into an EVP_MD pointer (or 0)
Definition: openssl_hash.cc:26

isc::cryptolink::HashAlgorithm
HashAlgorithm
Hash algorithm identifiers.
Definition: cryptolink.h:23

isc::cryptolink::digest
void digest(const void *data, const size_t data_len, const HashAlgorithm hash_algorithm, isc::util::OutputBuffer &result, size_t len)
Create an Hash digest for the given data.
Definition: crypto_hash.cc:20

isc
Defines the logger used by the top-level component of kea-lfc.
Definition: agent_parser.cc:148

openssl_common.h

openssl_compat.h