Adding OpenSSL HMAC signer functions to openssl plugin
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_hmac_signer.c
1 /*
2 * Copyright (C) 2012 Aleksandr Grinberg
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20 * THE SOFTWARE.
21 */
22
23 #include <openssl/evp.h>
24 #include <openssl/hmac.h>
25
26 #include "openssl_hmac_signer.h"
27
28 typedef struct private_openssl_hmac_signer_t private_openssl_hmac_signer_t;
29
30 /**
31 * Private data of openssl_hmac_signer_t
32 */
33 struct private_openssl_hmac_signer_t {
34
35 /**
36 * Public part of this class.
37 */
38 openssl_hmac_signer_t public;
39
40 /**
41 * Hasher to use
42 */
43 const EVP_MD *hasher;
44
45 /**
46 * Current HMAC context
47 */
48 HMAC_CTX hmac;
49
50 /**
51 * Key stored for reuse
52 */
53 chunk_t key;
54
55 /**
56 * Signature truncation length
57 */
58 size_t trunc;
59 };
60
61 METHOD(signer_t, get_block_size, size_t,
62 private_openssl_hmac_signer_t *this)
63 {
64 return this->trunc;
65 }
66
67 METHOD(signer_t, get_key_size, size_t,
68 private_openssl_hmac_signer_t *this)
69 {
70 return this->key.len;
71 }
72
73 /**
74 * Resets HMAC context
75 */
76 static void reset(private_openssl_hmac_signer_t *this)
77 {
78 HMAC_Init_ex(&this->hmac, this->key.ptr, this->key.len, this->hasher, NULL);
79 }
80
81 static void get_bytes(private_openssl_hmac_signer_t *this, chunk_t seed,
82 u_int8_t *out)
83 {
84 if (out == NULL)
85 {
86 HMAC_Update(&this->hmac, seed.ptr, seed.len);
87 }
88 else
89 {
90 HMAC_Update(&this->hmac, seed.ptr, seed.len);
91 HMAC_Final(&this->hmac, out, NULL);
92 reset(this);
93 }
94 }
95
96 METHOD(signer_t, get_signature, void,
97 private_openssl_hmac_signer_t *this, chunk_t seed, u_int8_t *out)
98 {
99 if (out == NULL)
100 {
101 get_bytes(this, seed, NULL);
102 }
103 else
104 {
105 u_int8_t mac[this->key.len];
106
107 get_bytes(this, seed, mac);
108 memcpy(out, mac, this->trunc);
109 }
110 }
111
112 METHOD(signer_t, allocate_signature,void,
113 private_openssl_hmac_signer_t *this, chunk_t seed, chunk_t *out)
114 {
115 if (out == NULL)
116 {
117 get_bytes(this, seed, NULL);
118 }
119 else
120 {
121 u_int8_t mac[this->key.len];
122
123 get_bytes(this, seed, mac);
124 *out = chunk_alloc(this->trunc);
125 memcpy(out->ptr, mac, this->trunc);
126 }
127 }
128
129 METHOD(signer_t, verify_signature, bool,
130 private_openssl_hmac_signer_t *this, chunk_t seed, chunk_t signature)
131 {
132 u_int8_t mac[this->key.len];
133
134 get_bytes(this, seed, mac);
135
136 if (signature.len != this->trunc)
137 {
138 return FALSE;
139 }
140 return memeq(signature.ptr, mac, this->trunc);
141 }
142
143 METHOD(signer_t, set_key, void,
144 private_openssl_hmac_signer_t *this, chunk_t key)
145 {
146 chunk_clear(&this->key);
147 this->key = chunk_clone(key);
148 reset(this);
149 }
150
151 METHOD(signer_t, destroy, void,
152 private_openssl_hmac_signer_t *this)
153 {
154 HMAC_CTX_cleanup(&this->hmac);
155 chunk_clear(&this->key);
156 free(this);
157 }
158
159 /*
160 * Described in header
161 */
162 openssl_hmac_signer_t *openssl_hmac_signer_create(integrity_algorithm_t algo)
163 {
164 private_openssl_hmac_signer_t *this;
165
166 INIT(this,
167 .public = {
168 .signer = {
169 .get_signature = _get_signature,
170 .allocate_signature = _allocate_signature,
171 .verify_signature = _verify_signature,
172 .get_block_size = _get_block_size,
173 .get_key_size = _get_key_size,
174 .set_key = _set_key,
175 .destroy = _destroy,
176 },
177 },
178 );
179
180 switch (algo)
181 {
182 case AUTH_HMAC_MD5_96:
183 this->hasher = EVP_get_digestbyname("md5");
184 this->key.len = 16;
185 this->trunc = 12;
186 break;
187 case AUTH_HMAC_MD5_128:
188 this->hasher = EVP_get_digestbyname("md5");
189 this->key.len = 16;
190 this->trunc = 16;
191 break;
192 case AUTH_HMAC_SHA1_96:
193 this->hasher = EVP_get_digestbyname("sha1");
194 this->key.len = 20;
195 this->trunc = 12;
196 break;
197 case AUTH_HMAC_SHA1_128:
198 this->hasher = EVP_get_digestbyname("sha1");
199 this->key.len = 20;
200 this->trunc = 16;
201 break;
202 case AUTH_HMAC_SHA1_160:
203 this->hasher = EVP_get_digestbyname("sha1");
204 this->key.len = 20;
205 this->trunc = 20;
206 break;
207 case AUTH_HMAC_SHA2_256_128:
208 this->hasher = EVP_get_digestbyname("sha256");
209 this->key.len = 32;
210 this->trunc = 16;
211 break;
212 case AUTH_HMAC_SHA2_256_256:
213 this->hasher = EVP_get_digestbyname("sha256");
214 this->key.len = 32;
215 this->trunc = 32;
216 break;
217 case AUTH_HMAC_SHA2_384_192:
218 this->hasher = EVP_get_digestbyname("sha384");
219 this->key.len = 48;
220 this->trunc = 24;
221 break;
222 case AUTH_HMAC_SHA2_384_384:
223 this->hasher = EVP_get_digestbyname("sha384");
224 this->key.len = 48;
225 this->trunc = 48;
226 break;
227 case AUTH_HMAC_SHA2_512_256:
228 this->hasher = EVP_get_digestbyname("sha512");
229 this->key.len = 64;
230 this->trunc = 32;
231 break;
232 default:
233 break;
234 }
235
236 if (!this->hasher)
237 {
238 /* hash is not available */
239 free(this);
240 return NULL;
241 }
242
243 HMAC_CTX_init(&this->hmac);
244
245 return &this->public;
246 }