xref: /aosp_15_r20/external/libsrtp2/crypto/hash/hmac_ossl.c (revision 90e502c7aef8d77d0622bb67d75435c6190cfc1a) 
1 /*
2  * hmac_ossl.c
3  *
4  * Implementation of hmac srtp_auth_type_t that leverages OpenSSL
5  *
6  * John A. Foley
7  * Cisco Systems, Inc.
8  */
9 /*
10  *
11  * Copyright(c) 2013-2017, Cisco Systems, Inc.
12  * All rights reserved.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions
16  * are met:
17  *
18  *   Redistributions of source code must retain the above copyright
19  *   notice, this list of conditions and the following disclaimer.
20  *
21  *   Redistributions in binary form must reproduce the above
22  *   copyright notice, this list of conditions and the following
23  *   disclaimer in the documentation and/or other materials provided
24  *   with the distribution.
25  *
26  *   Neither the name of the Cisco Systems, Inc. nor the names of its
27  *   contributors may be used to endorse or promote products derived
28  *   from this software without specific prior written permission.
29  *
30  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41  * OF THE POSSIBILITY OF SUCH DAMAGE.
42  *
43  */
44 
45 #ifdef HAVE_CONFIG_H
46 #include <config.h>
47 #endif
48 
49 #include "auth.h"
50 #include "alloc.h"
51 #include "err.h" /* for srtp_debug */
52 #include <openssl/evp.h>
53 #include <openssl/hmac.h>
54 
55 #define SHA1_DIGEST_SIZE 20
56 
57 /* the debug module for authentiation */
58 
59 srtp_debug_module_t srtp_mod_hmac = {
60     0,                   /* debugging is off by default */
61     "hmac sha-1 openssl" /* printable name for module   */
62 };
63 
srtp_hmac_alloc(srtp_auth_t ** a,int key_len,int out_len)64 static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
65                                          int key_len,
66                                          int out_len)
67 {
68     extern const srtp_auth_type_t srtp_hmac;
69 
70     debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
71                 key_len);
72     debug_print(srtp_mod_hmac, "                          tag length %d",
73                 out_len);
74 
75     /* check output length - should be less than 20 bytes */
76     if (out_len > SHA1_DIGEST_SIZE) {
77         return srtp_err_status_bad_param;
78     }
79 
80 /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
81    using HMAC_CTX_new.  But this function doesn't exist in OpenSSL 1.0.x. */
82 #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
83     {
84         /* allocate memory for auth and HMAC_CTX structures */
85         uint8_t *pointer;
86         HMAC_CTX *new_hmac_ctx;
87         pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) +
88                                                sizeof(srtp_auth_t));
89         if (pointer == NULL) {
90             return srtp_err_status_alloc_fail;
91         }
92         *a = (srtp_auth_t *)pointer;
93         (*a)->state = pointer + sizeof(srtp_auth_t);
94         new_hmac_ctx = (HMAC_CTX *)((*a)->state);
95 
96         HMAC_CTX_init(new_hmac_ctx);
97     }
98 
99 #else
100     *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
101     if (*a == NULL) {
102         return srtp_err_status_alloc_fail;
103     }
104 
105     (*a)->state = HMAC_CTX_new();
106     if ((*a)->state == NULL) {
107         srtp_crypto_free(*a);
108         *a = NULL;
109         return srtp_err_status_alloc_fail;
110     }
111 #endif
112 
113     /* set pointers */
114     (*a)->type = &srtp_hmac;
115     (*a)->out_len = out_len;
116     (*a)->key_len = key_len;
117     (*a)->prefix_len = 0;
118 
119     return srtp_err_status_ok;
120 }
121 
srtp_hmac_dealloc(srtp_auth_t * a)122 static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
123 {
124     HMAC_CTX *hmac_ctx;
125 
126     hmac_ctx = (HMAC_CTX *)a->state;
127 
128 #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
129     HMAC_CTX_cleanup(hmac_ctx);
130 
131     /* zeroize entire state*/
132     octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
133 
134 #else
135     HMAC_CTX_free(hmac_ctx);
136 
137     /* zeroize entire state*/
138     octet_string_set_to_zero(a, sizeof(srtp_auth_t));
139 #endif
140 
141     /* free memory */
142     srtp_crypto_free(a);
143 
144     return srtp_err_status_ok;
145 }
146 
srtp_hmac_start(void * statev)147 static srtp_err_status_t srtp_hmac_start(void *statev)
148 {
149     HMAC_CTX *state = (HMAC_CTX *)statev;
150 
151     if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
152         return srtp_err_status_auth_fail;
153 
154     return srtp_err_status_ok;
155 }
156 
srtp_hmac_init(void * statev,const uint8_t * key,int key_len)157 static srtp_err_status_t srtp_hmac_init(void *statev,
158                                         const uint8_t *key,
159                                         int key_len)
160 {
161     HMAC_CTX *state = (HMAC_CTX *)statev;
162 
163     if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
164         return srtp_err_status_auth_fail;
165 
166     return srtp_err_status_ok;
167 }
168 
srtp_hmac_update(void * statev,const uint8_t * message,int msg_octets)169 static srtp_err_status_t srtp_hmac_update(void *statev,
170                                           const uint8_t *message,
171                                           int msg_octets)
172 {
173     HMAC_CTX *state = (HMAC_CTX *)statev;
174 
175     debug_print(srtp_mod_hmac, "input: %s",
176                 srtp_octet_string_hex_string(message, msg_octets));
177 
178     if (HMAC_Update(state, message, msg_octets) == 0)
179         return srtp_err_status_auth_fail;
180 
181     return srtp_err_status_ok;
182 }
183 
srtp_hmac_compute(void * statev,const uint8_t * message,int msg_octets,int tag_len,uint8_t * result)184 static srtp_err_status_t srtp_hmac_compute(void *statev,
185                                            const uint8_t *message,
186                                            int msg_octets,
187                                            int tag_len,
188                                            uint8_t *result)
189 {
190     HMAC_CTX *state = (HMAC_CTX *)statev;
191     uint8_t hash_value[SHA1_DIGEST_SIZE];
192     int i;
193     unsigned int len;
194 
195     /* check tag length, return error if we can't provide the value expected */
196     if (tag_len > SHA1_DIGEST_SIZE) {
197         return srtp_err_status_bad_param;
198     }
199 
200     /* hash message, copy output into H */
201     if (HMAC_Update(state, message, msg_octets) == 0)
202         return srtp_err_status_auth_fail;
203 
204     if (HMAC_Final(state, hash_value, &len) == 0)
205         return srtp_err_status_auth_fail;
206 
207     if (len < tag_len)
208         return srtp_err_status_auth_fail;
209 
210     /* copy hash_value to *result */
211     for (i = 0; i < tag_len; i++) {
212         result[i] = hash_value[i];
213     }
214 
215     debug_print(srtp_mod_hmac, "output: %s",
216                 srtp_octet_string_hex_string(hash_value, tag_len));
217 
218     return srtp_err_status_ok;
219 }
220 
221 /* begin test case 0 */
222 /* clang-format off */
223 static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
224     0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
225     0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
226     0x0b, 0x0b, 0x0b, 0x0b
227 };
228 /* clang-format on */
229 
230 /* clang-format off */
231 static const uint8_t srtp_hmac_test_case_0_data[8] = {
232     0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
233 };
234 /* clang-format on */
235 
236 /* clang-format off */
237 static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
238     0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
239     0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
240     0xf1, 0x46, 0xbe, 0x00
241 };
242 /* clang-format on */
243 
244 static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
245     sizeof(srtp_hmac_test_case_0_key),  /* octets in key            */
246     srtp_hmac_test_case_0_key,          /* key                      */
247     sizeof(srtp_hmac_test_case_0_data), /* octets in data           */
248     srtp_hmac_test_case_0_data,         /* data                     */
249     sizeof(srtp_hmac_test_case_0_tag),  /* octets in tag            */
250     srtp_hmac_test_case_0_tag,          /* tag                      */
251     NULL                                /* pointer to next testcase */
252 };
253 
254 /* end test case 0 */
255 
256 static const char srtp_hmac_description[] =
257     "hmac sha-1 authentication function";
258 
259 /*
260  * srtp_auth_type_t hmac is the hmac metaobject
261  */
262 
263 const srtp_auth_type_t srtp_hmac = {
264     srtp_hmac_alloc,        /* */
265     srtp_hmac_dealloc,      /* */
266     srtp_hmac_init,         /* */
267     srtp_hmac_compute,      /* */
268     srtp_hmac_update,       /* */
269     srtp_hmac_start,        /* */
270     srtp_hmac_description,  /* */
271     &srtp_hmac_test_case_0, /* */
272     SRTP_HMAC_SHA1          /* */
273 };
274