hm_pmeth.c revision 296341
1/* 2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 3 * 2007. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2007 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/x509.h> 62#include <openssl/x509v3.h> 63#include <openssl/evp.h> 64#include <openssl/hmac.h> 65#include "evp_locl.h" 66 67/* HMAC pkey context structure */ 68 69typedef struct { 70 const EVP_MD *md; /* MD for HMAC use */ 71 ASN1_OCTET_STRING ktmp; /* Temp storage for key */ 72 HMAC_CTX ctx; 73} HMAC_PKEY_CTX; 74 75static int pkey_hmac_init(EVP_PKEY_CTX *ctx) 76{ 77 HMAC_PKEY_CTX *hctx; 78 hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); 79 if (!hctx) 80 return 0; 81 hctx->md = NULL; 82 hctx->ktmp.data = NULL; 83 hctx->ktmp.length = 0; 84 hctx->ktmp.flags = 0; 85 hctx->ktmp.type = V_ASN1_OCTET_STRING; 86 HMAC_CTX_init(&hctx->ctx); 87 88 ctx->data = hctx; 89 ctx->keygen_info_count = 0; 90 91 return 1; 92} 93 94static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 95{ 96 HMAC_PKEY_CTX *sctx, *dctx; 97 if (!pkey_hmac_init(dst)) 98 return 0; 99 sctx = src->data; 100 dctx = dst->data; 101 dctx->md = sctx->md; 102 HMAC_CTX_init(&dctx->ctx); 103 if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) 104 return 0; 105 if (sctx->ktmp.data) { 106 if (!ASN1_OCTET_STRING_set(&dctx->ktmp, 107 sctx->ktmp.data, sctx->ktmp.length)) 108 return 0; 109 } 110 return 1; 111} 112 113static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) 114{ 115 HMAC_PKEY_CTX *hctx = ctx->data; 116 HMAC_CTX_cleanup(&hctx->ctx); 117 if (hctx->ktmp.data) { 118 if (hctx->ktmp.length) 119 OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); 120 OPENSSL_free(hctx->ktmp.data); 121 hctx->ktmp.data = NULL; 122 } 123 OPENSSL_free(hctx); 124} 125 126static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 127{ 128 ASN1_OCTET_STRING *hkey = NULL; 129 HMAC_PKEY_CTX *hctx = ctx->data; 130 if (!hctx->ktmp.data) 131 return 0; 132 hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); 133 if (!hkey) 134 return 0; 135 EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); 136 137 return 1; 138} 139 140static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) 141{ 142 HMAC_PKEY_CTX *hctx = ctx->pctx->data; 143 if (!HMAC_Update(&hctx->ctx, data, count)) 144 return 0; 145 return 1; 146} 147 148static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) 149{ 150 HMAC_PKEY_CTX *hctx = ctx->data; 151 HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); 152 EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); 153 mctx->update = int_update; 154 return 1; 155} 156 157static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 158 EVP_MD_CTX *mctx) 159{ 160 unsigned int hlen; 161 HMAC_PKEY_CTX *hctx = ctx->data; 162 int l = EVP_MD_CTX_size(mctx); 163 164 if (l < 0) 165 return 0; 166 *siglen = l; 167 if (!sig) 168 return 1; 169 170 if (!HMAC_Final(&hctx->ctx, sig, &hlen)) 171 return 0; 172 *siglen = (size_t)hlen; 173 return 1; 174} 175 176static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 177{ 178 HMAC_PKEY_CTX *hctx = ctx->data; 179 ASN1_OCTET_STRING *key; 180 switch (type) { 181 182 case EVP_PKEY_CTRL_SET_MAC_KEY: 183 if ((!p2 && p1 > 0) || (p1 < -1)) 184 return 0; 185 if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) 186 return 0; 187 break; 188 189 case EVP_PKEY_CTRL_MD: 190 hctx->md = p2; 191 break; 192 193 case EVP_PKEY_CTRL_DIGESTINIT: 194 key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; 195 if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, 196 ctx->engine)) 197 return 0; 198 break; 199 200 default: 201 return -2; 202 203 } 204 return 1; 205} 206 207static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, 208 const char *type, const char *value) 209{ 210 if (!value) { 211 return 0; 212 } 213 if (!strcmp(type, "key")) { 214 void *p = (void *)value; 215 return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); 216 } 217 if (!strcmp(type, "hexkey")) { 218 unsigned char *key; 219 int r; 220 long keylen; 221 key = string_to_hex(value, &keylen); 222 if (!key) 223 return 0; 224 r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); 225 OPENSSL_free(key); 226 return r; 227 } 228 return -2; 229} 230 231const EVP_PKEY_METHOD hmac_pkey_meth = { 232 EVP_PKEY_HMAC, 233 0, 234 pkey_hmac_init, 235 pkey_hmac_copy, 236 pkey_hmac_cleanup, 237 238 0, 0, 239 240 0, 241 pkey_hmac_keygen, 242 243 0, 0, 244 245 0, 0, 246 247 0, 0, 248 249 hmac_signctx_init, 250 hmac_signctx, 251 252 0, 0, 253 254 0, 0, 255 256 0, 0, 257 258 0, 0, 259 260 pkey_hmac_ctrl, 261 pkey_hmac_ctrl_str 262}; 263