hmac_ossl.c (10033B)
1 /* 2 * hmac_ossl.c 3 * 4 * Implementation of hmac srtp_auth_type_t that leverages OpenSSL 5 * 6 * John A. Foley 7 * Cisco Systems, Inc. 8 */ 9 /* 10 * 11 * Copyright(c) 2013-2017, Cisco Systems, Inc. 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 18 * Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials provided 24 * with the distribution. 25 * 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 * contributors may be used to endorse or promote products derived 28 * from this software without specific prior written permission. 29 * 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 41 * OF THE POSSIBILITY OF SUCH DAMAGE. 42 * 43 */ 44 45 #ifdef HAVE_CONFIG_H 46 #include <config.h> 47 #endif 48 49 #include "auth.h" 50 #include "alloc.h" 51 #include "err.h" /* for srtp_debug */ 52 #include "auth_test_cases.h" 53 #include <openssl/evp.h> 54 55 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) 56 #define SRTP_OSSL_USE_EVP_MAC 57 /* before this version reinit of EVP_MAC_CTX was not supported so need to 58 * duplicate the CTX each time */ 59 #define SRTP_OSSL_MIN_REINIT_VERSION 0x30000030L 60 #endif 61 62 #ifndef SRTP_OSSL_USE_EVP_MAC 63 #include <openssl/hmac.h> 64 #endif 65 66 #define SHA1_DIGEST_SIZE 20 67 68 /* the debug module for authentication */ 69 70 srtp_debug_module_t srtp_mod_hmac = { 71 0, /* debugging is off by default */ 72 "hmac sha-1 openssl" /* printable name for module */ 73 }; 74 75 /* 76 * There are three different behaviors of OpenSSL HMAC for different versions. 77 * 78 * 1. Pre-3.0 - Use HMAC API 79 * 2. 3.0.0 - 3.0.2 - EVP API is required, but doesn't support reinitialization, 80 * so we have to use EVP_MAC_CTX_dup 81 * 3. 3.0.3 and later - EVP API is required and supports reinitialization 82 * 83 * The distingtion between cases 2 & 3 needs to be made at runtime, because in a 84 * shared library context you might end up building against 3.0.3 and running 85 * against 3.0.2. 86 */ 87 88 typedef struct { 89 #ifdef SRTP_OSSL_USE_EVP_MAC 90 EVP_MAC *mac; 91 EVP_MAC_CTX *ctx; 92 int use_dup; 93 EVP_MAC_CTX *ctx_dup; 94 #else 95 HMAC_CTX *ctx; 96 #endif 97 } srtp_hmac_ossl_ctx_t; 98 99 static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a, 100 int key_len, 101 int out_len) 102 { 103 extern const srtp_auth_type_t srtp_hmac; 104 srtp_hmac_ossl_ctx_t *hmac; 105 106 debug_print(srtp_mod_hmac, "allocating auth func with key length %d", 107 key_len); 108 debug_print(srtp_mod_hmac, " tag length %d", 109 out_len); 110 111 /* check output length - should be less than 20 bytes */ 112 if (out_len > SHA1_DIGEST_SIZE) { 113 return srtp_err_status_bad_param; 114 } 115 116 *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t)); 117 if (*a == NULL) { 118 return srtp_err_status_alloc_fail; 119 } 120 121 hmac = 122 (srtp_hmac_ossl_ctx_t *)srtp_crypto_alloc(sizeof(srtp_hmac_ossl_ctx_t)); 123 if (hmac == NULL) { 124 srtp_crypto_free(*a); 125 *a = NULL; 126 return srtp_err_status_alloc_fail; 127 } 128 129 #ifdef SRTP_OSSL_USE_EVP_MAC 130 hmac->mac = EVP_MAC_fetch(NULL, "HMAC", NULL); 131 if (hmac->mac == NULL) { 132 srtp_crypto_free(hmac); 133 srtp_crypto_free(*a); 134 *a = NULL; 135 return srtp_err_status_alloc_fail; 136 } 137 138 hmac->ctx = EVP_MAC_CTX_new(hmac->mac); 139 if (hmac->ctx == NULL) { 140 EVP_MAC_free(hmac->mac); 141 srtp_crypto_free(hmac); 142 srtp_crypto_free(*a); 143 *a = NULL; 144 return srtp_err_status_alloc_fail; 145 } 146 147 hmac->use_dup = 148 OpenSSL_version_num() < SRTP_OSSL_MIN_REINIT_VERSION ? 1 : 0; 149 150 if (hmac->use_dup) { 151 debug_print0(srtp_mod_hmac, "using EVP_MAC_CTX_dup"); 152 hmac->ctx_dup = hmac->ctx; 153 hmac->ctx = NULL; 154 } 155 #else 156 hmac->ctx = HMAC_CTX_new(); 157 if (hmac->ctx == NULL) { 158 srtp_crypto_free(hmac); 159 srtp_crypto_free(*a); 160 *a = NULL; 161 return srtp_err_status_alloc_fail; 162 } 163 #endif 164 165 /* set pointers */ 166 (*a)->state = hmac; 167 (*a)->type = &srtp_hmac; 168 (*a)->out_len = out_len; 169 (*a)->key_len = key_len; 170 (*a)->prefix_len = 0; 171 172 return srtp_err_status_ok; 173 } 174 175 static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a) 176 { 177 srtp_hmac_ossl_ctx_t *hmac = (srtp_hmac_ossl_ctx_t *)a->state; 178 179 if (hmac) { 180 #ifdef SRTP_OSSL_USE_EVP_MAC 181 EVP_MAC_CTX_free(hmac->ctx); 182 EVP_MAC_CTX_free(hmac->ctx_dup); 183 EVP_MAC_free(hmac->mac); 184 #else 185 HMAC_CTX_free(hmac->ctx); 186 #endif 187 /* zeroize entire state*/ 188 octet_string_set_to_zero(hmac, sizeof(srtp_hmac_ossl_ctx_t)); 189 190 srtp_crypto_free(hmac); 191 } 192 193 /* zeroize entire state*/ 194 octet_string_set_to_zero(a, sizeof(srtp_auth_t)); 195 196 /* free memory */ 197 srtp_crypto_free(a); 198 199 return srtp_err_status_ok; 200 } 201 202 static srtp_err_status_t srtp_hmac_start(void *statev) 203 { 204 srtp_hmac_ossl_ctx_t *hmac = (srtp_hmac_ossl_ctx_t *)statev; 205 206 #ifdef SRTP_OSSL_USE_EVP_MAC 207 if (hmac->use_dup) { 208 EVP_MAC_CTX_free(hmac->ctx); 209 hmac->ctx = EVP_MAC_CTX_dup(hmac->ctx_dup); 210 if (hmac->ctx == NULL) { 211 return srtp_err_status_alloc_fail; 212 } 213 } else { 214 if (EVP_MAC_init(hmac->ctx, NULL, 0, NULL) == 0) { 215 return srtp_err_status_auth_fail; 216 } 217 } 218 #else 219 if (HMAC_Init_ex(hmac->ctx, NULL, 0, NULL, NULL) == 0) 220 return srtp_err_status_auth_fail; 221 #endif 222 return srtp_err_status_ok; 223 } 224 225 static srtp_err_status_t srtp_hmac_init(void *statev, 226 const uint8_t *key, 227 int key_len) 228 { 229 srtp_hmac_ossl_ctx_t *hmac = (srtp_hmac_ossl_ctx_t *)statev; 230 231 #ifdef SRTP_OSSL_USE_EVP_MAC 232 OSSL_PARAM params[2]; 233 234 params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0); 235 params[1] = OSSL_PARAM_construct_end(); 236 237 if (EVP_MAC_init(hmac->use_dup ? hmac->ctx_dup : hmac->ctx, key, key_len, 238 params) == 0) { 239 return srtp_err_status_auth_fail; 240 } 241 #else 242 if (HMAC_Init_ex(hmac->ctx, key, key_len, EVP_sha1(), NULL) == 0) 243 return srtp_err_status_auth_fail; 244 #endif 245 return srtp_err_status_ok; 246 } 247 248 static srtp_err_status_t srtp_hmac_update(void *statev, 249 const uint8_t *message, 250 int msg_octets) 251 { 252 srtp_hmac_ossl_ctx_t *hmac = (srtp_hmac_ossl_ctx_t *)statev; 253 254 debug_print(srtp_mod_hmac, "input: %s", 255 srtp_octet_string_hex_string(message, msg_octets)); 256 257 #ifdef SRTP_OSSL_USE_EVP_MAC 258 if (EVP_MAC_update(hmac->ctx, message, msg_octets) == 0) { 259 return srtp_err_status_auth_fail; 260 } 261 #else 262 if (HMAC_Update(hmac->ctx, message, msg_octets) == 0) 263 return srtp_err_status_auth_fail; 264 #endif 265 return srtp_err_status_ok; 266 } 267 268 static srtp_err_status_t srtp_hmac_compute(void *statev, 269 const uint8_t *message, 270 int msg_octets, 271 int tag_len, 272 uint8_t *result) 273 { 274 srtp_hmac_ossl_ctx_t *hmac = (srtp_hmac_ossl_ctx_t *)statev; 275 uint8_t hash_value[SHA1_DIGEST_SIZE]; 276 int i; 277 #ifdef SRTP_OSSL_USE_EVP_MAC 278 size_t len; 279 #else 280 unsigned int len; 281 #endif 282 283 debug_print(srtp_mod_hmac, "input: %s", 284 srtp_octet_string_hex_string(message, msg_octets)); 285 286 /* check tag length, return error if we can't provide the value expected */ 287 if (tag_len > SHA1_DIGEST_SIZE) { 288 return srtp_err_status_bad_param; 289 } 290 291 /* hash message, copy output into H */ 292 #ifdef SRTP_OSSL_USE_EVP_MAC 293 if (EVP_MAC_update(hmac->ctx, message, msg_octets) == 0) { 294 return srtp_err_status_auth_fail; 295 } 296 297 if (EVP_MAC_final(hmac->ctx, hash_value, &len, sizeof hash_value) == 0) { 298 return srtp_err_status_auth_fail; 299 } 300 #else 301 if (HMAC_Update(hmac->ctx, message, msg_octets) == 0) 302 return srtp_err_status_auth_fail; 303 304 if (HMAC_Final(hmac->ctx, hash_value, &len) == 0) 305 return srtp_err_status_auth_fail; 306 #endif 307 if (tag_len < 0 || len < (unsigned int)tag_len) 308 return srtp_err_status_auth_fail; 309 310 /* copy hash_value to *result */ 311 for (i = 0; i < tag_len; i++) { 312 result[i] = hash_value[i]; 313 } 314 315 debug_print(srtp_mod_hmac, "output: %s", 316 srtp_octet_string_hex_string(hash_value, tag_len)); 317 318 return srtp_err_status_ok; 319 } 320 321 static const char srtp_hmac_description[] = 322 "hmac sha-1 authentication function"; 323 324 /* 325 * srtp_auth_type_t hmac is the hmac metaobject 326 */ 327 328 const srtp_auth_type_t srtp_hmac = { 329 srtp_hmac_alloc, /* */ 330 srtp_hmac_dealloc, /* */ 331 srtp_hmac_init, /* */ 332 srtp_hmac_compute, /* */ 333 srtp_hmac_update, /* */ 334 srtp_hmac_start, /* */ 335 srtp_hmac_description, /* */ 336 &srtp_hmac_test_case_0, /* */ 337 SRTP_HMAC_SHA1 /* */ 338 };