hm_pmeth.c revision 325335
1/* 2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 3 * 2007. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2007 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/x509.h> 62#include <openssl/x509v3.h> 63#include <openssl/evp.h> 64#include <openssl/hmac.h> 65#include "evp_locl.h" 66 67/* HMAC pkey context structure */ 68 69typedef struct { 70 const EVP_MD *md; /* MD for HMAC use */ 71 ASN1_OCTET_STRING ktmp; /* Temp storage for key */ 72 HMAC_CTX ctx; 73} HMAC_PKEY_CTX; 74 75static int pkey_hmac_init(EVP_PKEY_CTX *ctx) 76{ 77 HMAC_PKEY_CTX *hctx; 78 hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); 79 if (!hctx) 80 return 0; 81 hctx->md = NULL; 82 hctx->ktmp.data = NULL; 83 hctx->ktmp.length = 0; 84 hctx->ktmp.flags = 0; 85 hctx->ktmp.type = V_ASN1_OCTET_STRING; 86 HMAC_CTX_init(&hctx->ctx); 87 88 ctx->data = hctx; 89 ctx->keygen_info_count = 0; 90 91 return 1; 92} 93 94static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 95{ 96 HMAC_PKEY_CTX *sctx, *dctx; 97 if (!pkey_hmac_init(dst)) 98 return 0; 99 sctx = src->data; 100 dctx = dst->data; 101 dctx->md = sctx->md; 102 if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) 103 goto err; 104 if (sctx->ktmp.data != NULL) { 105 if (!ASN1_OCTET_STRING_set(&dctx->ktmp, 106 sctx->ktmp.data, sctx->ktmp.length)) 107 goto err; 108 } 109 return 1; 110 err: 111 HMAC_CTX_cleanup(&dctx->ctx); 112 OPENSSL_free(dctx); 113 return 0; 114} 115 116static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) 117{ 118 HMAC_PKEY_CTX *hctx = ctx->data; 119 HMAC_CTX_cleanup(&hctx->ctx); 120 if (hctx->ktmp.data) { 121 if (hctx->ktmp.length) 122 OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); 123 OPENSSL_free(hctx->ktmp.data); 124 hctx->ktmp.data = NULL; 125 } 126 OPENSSL_free(hctx); 127} 128 129static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 130{ 131 ASN1_OCTET_STRING *hkey = NULL; 132 HMAC_PKEY_CTX *hctx = ctx->data; 133 if (!hctx->ktmp.data) 134 return 0; 135 hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); 136 if (!hkey) 137 return 0; 138 EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); 139 140 return 1; 141} 142 143static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) 144{ 145 HMAC_PKEY_CTX *hctx = ctx->pctx->data; 146 if (!HMAC_Update(&hctx->ctx, data, count)) 147 return 0; 148 return 1; 149} 150 151static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) 152{ 153 HMAC_PKEY_CTX *hctx = ctx->data; 154 HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); 155 EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); 156 mctx->update = int_update; 157 return 1; 158} 159 160static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 161 EVP_MD_CTX *mctx) 162{ 163 unsigned int hlen; 164 HMAC_PKEY_CTX *hctx = ctx->data; 165 int l = EVP_MD_CTX_size(mctx); 166 167 if (l < 0) 168 return 0; 169 *siglen = l; 170 if (!sig) 171 return 1; 172 173 if (!HMAC_Final(&hctx->ctx, sig, &hlen)) 174 return 0; 175 *siglen = (size_t)hlen; 176 return 1; 177} 178 179static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 180{ 181 HMAC_PKEY_CTX *hctx = ctx->data; 182 ASN1_OCTET_STRING *key; 183 switch (type) { 184 185 case EVP_PKEY_CTRL_SET_MAC_KEY: 186 if ((!p2 && p1 > 0) || (p1 < -1)) 187 return 0; 188 if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) 189 return 0; 190 break; 191 192 case EVP_PKEY_CTRL_MD: 193 hctx->md = p2; 194 break; 195 196 case EVP_PKEY_CTRL_DIGESTINIT: 197 key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; 198 if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, 199 ctx->engine)) 200 return 0; 201 break; 202 203 default: 204 return -2; 205 206 } 207 return 1; 208} 209 210static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, 211 const char *type, const char *value) 212{ 213 if (!value) { 214 return 0; 215 } 216 if (!strcmp(type, "key")) { 217 void *p = (void *)value; 218 return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); 219 } 220 if (!strcmp(type, "hexkey")) { 221 unsigned char *key; 222 int r; 223 long keylen; 224 key = string_to_hex(value, &keylen); 225 if (!key) 226 return 0; 227 r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); 228 OPENSSL_free(key); 229 return r; 230 } 231 return -2; 232} 233 234const EVP_PKEY_METHOD hmac_pkey_meth = { 235 EVP_PKEY_HMAC, 236 0, 237 pkey_hmac_init, 238 pkey_hmac_copy, 239 pkey_hmac_cleanup, 240 241 0, 0, 242 243 0, 244 pkey_hmac_keygen, 245 246 0, 0, 247 248 0, 0, 249 250 0, 0, 251 252 hmac_signctx_init, 253 hmac_signctx, 254 255 0, 0, 256 257 0, 0, 258 259 0, 0, 260 261 0, 0, 262 263 pkey_hmac_ctrl, 264 pkey_hmac_ctrl_str 265}; 266