d5/d51/openssl__hmac_8cc_source.html

 // Copyright (C) 2014-2022 Internet Systems Consortium, Inc. ("ISC")

 //

 // This Source Code Form is subject to the terms of the Mozilla Public

 // License, v. 2.0. If a copy of the MPL was not distributed with this

 // file, You can obtain one at http://mozilla.org/MPL/2.0/.


 #include <config.h>


 #include <cryptolink.h>

 #include <cryptolink/crypto_hmac.h>


 #include <boost/scoped_ptr.hpp>


 #include <openssl/evp.h>


 #include <cryptolink/openssl_common.h>

 #define KEA_HASH

 #define KEA_HMAC

 #include <cryptolink/openssl_compat.h>


 #include <cstring>


 namespace isc {

 namespace cryptolink {


 class HMACImpl {

 public:

     explicit HMACImpl(const void* secret, size_t secret_len,

                       const HashAlgorithm hash_algorithm)

         : hash_algorithm_(hash_algorithm), md_(), digest_() {

         const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm);

         if (algo == 0) {

             isc_throw(UnsupportedAlgorithm,

                       "Unknown hash algorithm: " <<

                       static_cast<int>(hash_algorithm));

         }

         if (secret_len == 0) {

             isc_throw(BadKey, "Bad HMAC secret length: 0");

         }


         md_ = EVP_MD_CTX_new();

         if (md_ == 0) {

             isc_throw(LibraryError, "OpenSSL EVP_MD_CTX_new() failed");

         }


         EVP_PKEY* pkey =

             EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,

                                          reinterpret_cast<const unsigned char*>(secret),

                                          secret_len);


         if (pkey == 0) {

             isc_throw(LibraryError,

                       "OpenSSL EVP_PKEY_new_raw_private_key() failed");

         }


         if (!EVP_DigestSignInit(md_, NULL, algo, NULL, pkey)) {

             EVP_PKEY_free(pkey);

             isc_throw(LibraryError, "OpenSSL EVP_DigestSignInit() failed");

         }


         EVP_PKEY_free(pkey);

     }


     ~HMACImpl() {

         if (md_) {

             EVP_MD_CTX_free(md_);

         }

         md_ = 0;

     }


     HashAlgorithm getHashAlgorithm() const {

         return (hash_algorithm_);

     }


     size_t getOutputLength() const {

         return (EVP_MD_CTX_size(md_));

     }


     void update(const void* data, const size_t len) {

         if (len == 0) {

             return;

         }


         if (!EVP_DigestSignUpdate(md_, data, len)) {

             isc_throw(LibraryError, "OpenSSL EVP_DigestSignUpdate() failed");

         }

     }


     void sign(isc::util::OutputBuffer& result, size_t len) {

         size_t size = getOutputLength();

         ossl::SecBuf<unsigned char> digest(size);

         size_t digest_len = size;

         if (!EVP_DigestSignFinal(md_, &digest[0], &digest_len)) {

             isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

         }

         if (digest_len != size) {

             isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

         }

         if (len > size) {

             len = size;

         }

         result.writeData(&digest[0], len);

     }


     void sign(void* result, size_t len) {

         size_t size = getOutputLength();

         ossl::SecBuf<unsigned char> digest(size);

         size_t digest_len = size;

         if (!EVP_DigestSignFinal(md_, &digest[0], &digest_len)) {

             isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

         }

         if (digest_len != size) {

             isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

         }

         if (len > size) {

             len = size;

         }

         std::memcpy(result, &digest[0], len);

     }


     std::vector<uint8_t> sign(size_t len) {

         size_t size = getOutputLength();

         ossl::SecBuf<unsigned char> digest(size);

         size_t digest_len = size;

         if (!EVP_DigestSignFinal(md_, &digest[0], &digest_len)) {

             isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

         }

         if (digest_len != size) {

             isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

         }

         if (len < size) {

             digest.resize(len);

         }

         return (std::vector<uint8_t>(digest.begin(), digest.end()));

     }


     bool verify(const void* sig, size_t len) {

         // Check the length

         size_t size = getOutputLength();

         if (len < 10 || len < size / 2) {

             return (false);

         }

         if (digest_.size() == 0) {

             digest_.resize(size);

             size_t digest_len = size;

             if (!EVP_DigestSignFinal(md_, &digest_[0], &digest_len)) {

                 isc_throw(LibraryError, "OpenSSL EVP_DigestSignFinal() failed");

             }

             if (digest_len != size) {

                 isc_throw(LibraryError, "OpenSSL partial EVP_DigestSignFinal()");

             }

         }

         if (len > size) {

             len = size;

         }

         return (digest_.same(sig, len));

     }


 private:

     HashAlgorithm hash_algorithm_;


     EVP_MD_CTX* md_;


     ossl::SecBuf<unsigned char> digest_;

 };


 HMAC::HMAC(const void* secret, size_t secret_length,

            const HashAlgorithm hash_algorithm)

 {

     impl_ = new HMACImpl(secret, secret_length, hash_algorithm);

 }


 HMAC::~HMAC() {

     delete impl_;

 }


 HashAlgorithm

 HMAC::getHashAlgorithm() const {

     return (impl_->getHashAlgorithm());

 }


 size_t

 HMAC::getOutputLength() const {

     return (impl_->getOutputLength());

 }


 void

 HMAC::update(const void* data, const size_t len) {

     impl_->update(data, len);

 }


 void

 HMAC::sign(isc::util::OutputBuffer& result, size_t len) {

     impl_->sign(result, len);

 }


 void

 HMAC::sign(void* result, size_t len) {

     impl_->sign(result, len);

 }


 std::vector<uint8_t>

 HMAC::sign(size_t len) {

     return impl_->sign(len);

 }


 bool

 HMAC::verify(const void* sig, const size_t len) {

     return (impl_->verify(sig, len));

 }


 } // namespace cryptolink

 } // namespace isc

isc::cryptolink::BadKey
This exception is thrown when the underlying library could not handle the key data.
Definition: cryptolink.h:77

isc::cryptolink::HMACImpl::~HMACImpl
~HMACImpl()
Destructor.
Definition: openssl_hmac.cc:74

isc::cryptolink::HMACImpl::sign
std::vector< uint8_t > sign(size_t len)
Calculate the final signature.
Definition: openssl_hmac.cc:147

isc::cryptolink::HMACImpl::sign
void sign(void *result, size_t len)
Calculate the final signature.
Definition: openssl_hmac.cc:128

isc::cryptolink::HMACImpl::getOutputLength
size_t getOutputLength() const
Returns the output size of the digest.
Definition: openssl_hmac.cc:89

isc::cryptolink::HMACImpl::getHashAlgorithm
HashAlgorithm getHashAlgorithm() const
Returns the HashAlgorithm of the object.
Definition: openssl_hmac.cc:82

isc::cryptolink::HMACImpl::HMACImpl
HMACImpl(const void *secret, size_t secret_len, const HashAlgorithm hash_algorithm)
Constructor from a secret and a hash algorithm.
Definition: openssl_hmac.cc:37

isc::cryptolink::HMACImpl::sign
void sign(isc::util::OutputBuffer &result, size_t len)
Calculate the final signature.
Definition: openssl_hmac.cc:109

isc::cryptolink::HMACImpl::verify
bool verify(const void *sig, size_t len)
Verify an existing signature.
Definition: openssl_hmac.cc:166

isc::cryptolink::HMACImpl::update
void update(const void *data, const size_t len)
Add data to digest.
Definition: openssl_hmac.cc:96

isc::cryptolink::HMAC::update
void update(const void *data, const size_t len)
Add data to digest.
Definition: botan_hmac.cc:220

isc::cryptolink::HMAC::verify
bool verify(const void *sig, size_t len)
Verify an existing signature.
Definition: botan_hmac.cc:240

isc::cryptolink::HMAC::getOutputLength
size_t getOutputLength() const
Returns the output size of the digest.
Definition: botan_hmac.cc:215

isc::cryptolink::HMAC::~HMAC
~HMAC()
Destructor.
Definition: botan_hmac.cc:205

isc::cryptolink::HMAC::sign
void sign(isc::util::OutputBuffer &result, size_t len)
Calculate the final signature.
Definition: botan_hmac.cc:225

isc::cryptolink::HMAC::getHashAlgorithm
HashAlgorithm getHashAlgorithm() const
Returns the HashAlgorithm of the object.
Definition: botan_hmac.cc:210

isc::cryptolink::LibraryError
This exception is raised when a general error that was not specifically caught is thrown by the under...
Definition: cryptolink.h:87

isc::cryptolink::UnsupportedAlgorithm
This exception is thrown when a cryptographic action is requested for an algorithm that is not suppor...
Definition: cryptolink.h:69

isc::cryptolink::ossl::SecBuf< unsigned char >

isc::util::OutputBuffer
The OutputBuffer class is a buffer abstraction for manipulating mutable data.
Definition: buffer.h:294

isc::util::OutputBuffer::writeData
void writeData(const void *data, size_t len)
Copy an arbitrary length of data into the buffer.
Definition: buffer.h:550

crypto_hmac.h

cryptolink.h

isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition: exceptions/exceptions.h:210

isc::cryptolink::ossl::getHashAlgorithm
const EVP_MD * getHashAlgorithm(isc::cryptolink::HashAlgorithm algorithm)
Decode the HashAlgorithm enum into an EVP_MD pointer (or 0)
Definition: openssl_hash.cc:26

isc::cryptolink::HashAlgorithm
HashAlgorithm
Hash algorithm identifiers.
Definition: cryptolink.h:23

isc::cryptolink::digest
void digest(const void *data, const size_t data_len, const HashAlgorithm hash_algorithm, isc::util::OutputBuffer &result, size_t len)
Create an Hash digest for the given data.
Definition: crypto_hash.cc:20

isc
Defines the logger used by the top-level component of kea-lfc.
Definition: agent_parser.cc:148

openssl_common.h

openssl_compat.h