Make sure HMAC_Init is called before HMAC_Update, fixes crash
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_hmac.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /*
17 * Copyright (C) 2012 Aleksandr Grinberg
18 *
19 * Permission is hereby granted, free of charge, to any person obtaining a copy
20 * of this software and associated documentation files (the "Software"), to deal
21 * in the Software without restriction, including without limitation the rights
22 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
23 * copies of the Software, and to permit persons to whom the Software is
24 * furnished to do so, subject to the following conditions:
25 *
26 * The above copyright notice and this permission notice shall be included in
27 * all copies or substantial portions of the Software.
28 *
29 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
31 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
32 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
33 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
34 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
35 * THE SOFTWARE.
36 */
37
38 #include <openssl/evp.h>
39 #include <openssl/hmac.h>
40
41 #include "openssl_hmac.h"
42
43 #include <crypto/mac.h>
44 #include <crypto/prfs/mac_prf.h>
45 #include <crypto/signers/mac_signer.h>
46
47 typedef struct private_mac_t private_mac_t;
48
49 /**
50 * Private data of a mac_t object.
51 */
52 struct private_mac_t {
53
54 /**
55 * Public interface
56 */
57 mac_t public;
58
59 /**
60 * Hasher to use
61 */
62 const EVP_MD *hasher;
63
64 /**
65 * Current HMAC context
66 */
67 HMAC_CTX hmac;
68
69 /**
70 * Key
71 */
72 chunk_t key;
73 };
74
75 /**
76 * Resets HMAC context
77 */
78 static bool reset(private_mac_t *this)
79 {
80 return HMAC_Init_ex(&this->hmac, this->key.ptr, this->key.len,
81 this->hasher, NULL);
82 }
83
84 METHOD(mac_t, get_mac, bool,
85 private_mac_t *this, chunk_t data, u_int8_t *out)
86 {
87 if (out == NULL)
88 {
89 return HMAC_Update(&this->hmac, data.ptr, data.len);
90 }
91 return HMAC_Update(&this->hmac, data.ptr, data.len) &&
92 HMAC_Final(&this->hmac, out, NULL) &&
93 reset(this);
94 }
95
96 METHOD(mac_t, get_mac_size, size_t,
97 private_mac_t *this)
98 {
99 return EVP_MD_size(this->hasher);
100 }
101
102 METHOD(mac_t, set_key, bool,
103 private_mac_t *this, chunk_t key)
104 {
105 chunk_clear(&this->key);
106 this->key = chunk_clone(key);
107 return reset(this);
108 }
109
110 METHOD(mac_t, destroy, void,
111 private_mac_t *this)
112 {
113 HMAC_CTX_cleanup(&this->hmac);
114 chunk_clear(&this->key);
115 free(this);
116 }
117
118 /*
119 * Create an OpenSSL-backed implementation of the mac_t interface
120 */
121 static mac_t *hmac_create(hash_algorithm_t algo)
122 {
123 private_mac_t *this;
124
125 INIT(this,
126 .public = {
127 .get_mac = _get_mac,
128 .get_mac_size = _get_mac_size,
129 .set_key = _set_key,
130 .destroy = _destroy,
131 },
132 );
133
134 switch (algo)
135 {
136 case HASH_MD5:
137 this->hasher = EVP_get_digestbyname("md5");
138 break;
139 case HASH_SHA1:
140 this->hasher = EVP_get_digestbyname("sha1");
141 break;
142 case HASH_SHA256:
143 this->hasher = EVP_get_digestbyname("sha256");
144 break;
145 case HASH_SHA384:
146 this->hasher = EVP_get_digestbyname("sha384");
147 break;
148 case HASH_SHA512:
149 this->hasher = EVP_get_digestbyname("sha512");
150 break;
151 default:
152 break;
153 }
154
155 if (!this->hasher)
156 {
157 free(this);
158 return NULL;
159 }
160
161 HMAC_CTX_init(&this->hmac);
162 if (!HMAC_Init_ex(&this->hmac, NULL, 0, this->hasher, NULL))
163 {
164 destroy(this);
165 return NULL;
166 }
167
168 return &this->public;
169 }
170
171 /*
172 * Described in header
173 */
174 prf_t *openssl_hmac_prf_create(pseudo_random_function_t algo)
175 {
176 mac_t *hmac;
177
178 hmac = hmac_create(hasher_algorithm_from_prf(algo));
179 if (hmac)
180 {
181 return mac_prf_create(hmac);
182 }
183 return NULL;
184 }
185
186 /*
187 * Described in header
188 */
189 signer_t *openssl_hmac_signer_create(integrity_algorithm_t algo)
190 {
191 mac_t *hmac;
192 size_t trunc;
193
194 hmac = hmac_create(hasher_algorithm_from_integrity(algo, &trunc));
195 if (hmac)
196 {
197 return mac_signer_create(hmac, trunc);
198 }
199 return NULL;
200 }
201
202