// Copyright (C) 2014-2015 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. #include #include #include #include #include #include namespace isc { namespace cryptolink { /// @brief OpenSSL implementation of HMAC. Each method is the counterpart /// of the HMAC corresponding method. class HMACImpl { public: /// @brief Constructor from a secret and a hash algorithm /// /// See constructor of the @ref isc::cryptolink::HMAC class for details. /// /// @param secret The secret to sign with /// @param secret_len The length of the secret /// @param hash_algorithm The hash algorithm explicit HMACImpl(const void* secret, size_t secret_len, const HashAlgorithm hash_algorithm) { const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm); if (algo == 0) { isc_throw(UnsupportedAlgorithm, "Unknown hash algorithm: " << static_cast(hash_algorithm)); } if (secret_len == 0) { isc_throw(BadKey, "Bad HMAC secret length: 0"); } md_.reset(new HMAC_CTX); HMAC_CTX_init(md_.get()); HMAC_Init_ex(md_.get(), secret, static_cast(secret_len), algo, NULL); } /// @brief Destructor ~HMACImpl() { if (md_) { HMAC_CTX_cleanup(md_.get()); } } /// @brief Returns the output size of the digest /// /// @return output size of the digest size_t getOutputLength() const { int size = HMAC_size(md_.get()); if (size < 0) { isc_throw(isc::cryptolink::LibraryError, "EVP_MD_CTX_size"); } return (static_cast(size)); } /// @brief Add data to digest /// /// See @ref isc::cryptolink::HMAC::update() for details. void update(const void* data, const size_t len) { HMAC_Update(md_.get(), static_cast(data), len); } /// @brief Calculate the final signature /// /// See @ref isc::cryptolink::HMAC::sign() for details. void sign(isc::util::OutputBuffer& result, size_t len) { size_t size = getOutputLength(); ossl::SecBuf digest(size); HMAC_Final(md_.get(), &digest[0], NULL); if (len > size) { len = size; } result.writeData(&digest[0], len); } /// @brief Calculate the final signature /// /// See @ref isc::cryptolink::HMAC::sign() for details. void sign(void* result, size_t len) { size_t size = getOutputLength(); ossl::SecBuf digest(size); HMAC_Final(md_.get(), &digest[0], NULL); if (len > size) { len = size; } std::memcpy(result, &digest[0], len); } /// @brief Calculate the final signature /// /// See @ref isc::cryptolink::HMAC::sign() for details. std::vector sign(size_t len) { size_t size = getOutputLength(); ossl::SecBuf digest(size); HMAC_Final(md_.get(), &digest[0], NULL); if (len < size) { digest.resize(len); } return (std::vector(digest.begin(), digest.end())); } /// @brief Verify an existing signature /// /// See @ref isc::cryptolink::HMAC::verify() for details. bool verify(const void* sig, size_t len) { size_t size = getOutputLength(); if (len < 10 || len < size / 2) { return (false); } ossl::SecBuf digest(size); HMAC_Final(md_.get(), &digest[0], NULL); if (len > size) { len = size; } return (digest.same(sig, len)); } private: /// @brief The protected pointer to the OpenSSL HMAC_CTX structure boost::scoped_ptr md_; }; HMAC::HMAC(const void* secret, size_t secret_length, const HashAlgorithm hash_algorithm) { impl_ = new HMACImpl(secret, secret_length, hash_algorithm); } HMAC::~HMAC() { delete impl_; } size_t HMAC::getOutputLength() const { return (impl_->getOutputLength()); } void HMAC::update(const void* data, const size_t len) { impl_->update(data, len); } void HMAC::sign(isc::util::OutputBuffer& result, size_t len) { impl_->sign(result, len); } void HMAC::sign(void* result, size_t len) { impl_->sign(result, len); } std::vector HMAC::sign(size_t len) { return impl_->sign(len); } bool HMAC::verify(const void* sig, const size_t len) { return (impl_->verify(sig, len)); } } // namespace cryptolink } // namespace isc