1*90e502c7SAndroid Build Coastguard Worker /*
2*90e502c7SAndroid Build Coastguard Worker * hmac_ossl.c
3*90e502c7SAndroid Build Coastguard Worker *
4*90e502c7SAndroid Build Coastguard Worker * Implementation of hmac srtp_auth_type_t that leverages OpenSSL
5*90e502c7SAndroid Build Coastguard Worker *
6*90e502c7SAndroid Build Coastguard Worker * John A. Foley
7*90e502c7SAndroid Build Coastguard Worker * Cisco Systems, Inc.
8*90e502c7SAndroid Build Coastguard Worker */
9*90e502c7SAndroid Build Coastguard Worker /*
10*90e502c7SAndroid Build Coastguard Worker *
11*90e502c7SAndroid Build Coastguard Worker * Copyright(c) 2013-2017, Cisco Systems, Inc.
12*90e502c7SAndroid Build Coastguard Worker * All rights reserved.
13*90e502c7SAndroid Build Coastguard Worker *
14*90e502c7SAndroid Build Coastguard Worker * Redistribution and use in source and binary forms, with or without
15*90e502c7SAndroid Build Coastguard Worker * modification, are permitted provided that the following conditions
16*90e502c7SAndroid Build Coastguard Worker * are met:
17*90e502c7SAndroid Build Coastguard Worker *
18*90e502c7SAndroid Build Coastguard Worker * Redistributions of source code must retain the above copyright
19*90e502c7SAndroid Build Coastguard Worker * notice, this list of conditions and the following disclaimer.
20*90e502c7SAndroid Build Coastguard Worker *
21*90e502c7SAndroid Build Coastguard Worker * Redistributions in binary form must reproduce the above
22*90e502c7SAndroid Build Coastguard Worker * copyright notice, this list of conditions and the following
23*90e502c7SAndroid Build Coastguard Worker * disclaimer in the documentation and/or other materials provided
24*90e502c7SAndroid Build Coastguard Worker * with the distribution.
25*90e502c7SAndroid Build Coastguard Worker *
26*90e502c7SAndroid Build Coastguard Worker * Neither the name of the Cisco Systems, Inc. nor the names of its
27*90e502c7SAndroid Build Coastguard Worker * contributors may be used to endorse or promote products derived
28*90e502c7SAndroid Build Coastguard Worker * from this software without specific prior written permission.
29*90e502c7SAndroid Build Coastguard Worker *
30*90e502c7SAndroid Build Coastguard Worker * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31*90e502c7SAndroid Build Coastguard Worker * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32*90e502c7SAndroid Build Coastguard Worker * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33*90e502c7SAndroid Build Coastguard Worker * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34*90e502c7SAndroid Build Coastguard Worker * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35*90e502c7SAndroid Build Coastguard Worker * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36*90e502c7SAndroid Build Coastguard Worker * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37*90e502c7SAndroid Build Coastguard Worker * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38*90e502c7SAndroid Build Coastguard Worker * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39*90e502c7SAndroid Build Coastguard Worker * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40*90e502c7SAndroid Build Coastguard Worker * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41*90e502c7SAndroid Build Coastguard Worker * OF THE POSSIBILITY OF SUCH DAMAGE.
42*90e502c7SAndroid Build Coastguard Worker *
43*90e502c7SAndroid Build Coastguard Worker */
44*90e502c7SAndroid Build Coastguard Worker
45*90e502c7SAndroid Build Coastguard Worker #ifdef HAVE_CONFIG_H
46*90e502c7SAndroid Build Coastguard Worker #include <config.h>
47*90e502c7SAndroid Build Coastguard Worker #endif
48*90e502c7SAndroid Build Coastguard Worker
49*90e502c7SAndroid Build Coastguard Worker #include "auth.h"
50*90e502c7SAndroid Build Coastguard Worker #include "alloc.h"
51*90e502c7SAndroid Build Coastguard Worker #include "err.h" /* for srtp_debug */
52*90e502c7SAndroid Build Coastguard Worker #include <openssl/evp.h>
53*90e502c7SAndroid Build Coastguard Worker #include <openssl/hmac.h>
54*90e502c7SAndroid Build Coastguard Worker
55*90e502c7SAndroid Build Coastguard Worker #define SHA1_DIGEST_SIZE 20
56*90e502c7SAndroid Build Coastguard Worker
57*90e502c7SAndroid Build Coastguard Worker /* the debug module for authentiation */
58*90e502c7SAndroid Build Coastguard Worker
59*90e502c7SAndroid Build Coastguard Worker srtp_debug_module_t srtp_mod_hmac = {
60*90e502c7SAndroid Build Coastguard Worker 0, /* debugging is off by default */
61*90e502c7SAndroid Build Coastguard Worker "hmac sha-1 openssl" /* printable name for module */
62*90e502c7SAndroid Build Coastguard Worker };
63*90e502c7SAndroid Build Coastguard Worker
srtp_hmac_alloc(srtp_auth_t ** a,int key_len,int out_len)64*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
65*90e502c7SAndroid Build Coastguard Worker int key_len,
66*90e502c7SAndroid Build Coastguard Worker int out_len)
67*90e502c7SAndroid Build Coastguard Worker {
68*90e502c7SAndroid Build Coastguard Worker extern const srtp_auth_type_t srtp_hmac;
69*90e502c7SAndroid Build Coastguard Worker
70*90e502c7SAndroid Build Coastguard Worker debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
71*90e502c7SAndroid Build Coastguard Worker key_len);
72*90e502c7SAndroid Build Coastguard Worker debug_print(srtp_mod_hmac, " tag length %d",
73*90e502c7SAndroid Build Coastguard Worker out_len);
74*90e502c7SAndroid Build Coastguard Worker
75*90e502c7SAndroid Build Coastguard Worker /* check output length - should be less than 20 bytes */
76*90e502c7SAndroid Build Coastguard Worker if (out_len > SHA1_DIGEST_SIZE) {
77*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_bad_param;
78*90e502c7SAndroid Build Coastguard Worker }
79*90e502c7SAndroid Build Coastguard Worker
80*90e502c7SAndroid Build Coastguard Worker /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
81*90e502c7SAndroid Build Coastguard Worker using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
82*90e502c7SAndroid Build Coastguard Worker #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
83*90e502c7SAndroid Build Coastguard Worker {
84*90e502c7SAndroid Build Coastguard Worker /* allocate memory for auth and HMAC_CTX structures */
85*90e502c7SAndroid Build Coastguard Worker uint8_t *pointer;
86*90e502c7SAndroid Build Coastguard Worker HMAC_CTX *new_hmac_ctx;
87*90e502c7SAndroid Build Coastguard Worker pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) +
88*90e502c7SAndroid Build Coastguard Worker sizeof(srtp_auth_t));
89*90e502c7SAndroid Build Coastguard Worker if (pointer == NULL) {
90*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_alloc_fail;
91*90e502c7SAndroid Build Coastguard Worker }
92*90e502c7SAndroid Build Coastguard Worker *a = (srtp_auth_t *)pointer;
93*90e502c7SAndroid Build Coastguard Worker (*a)->state = pointer + sizeof(srtp_auth_t);
94*90e502c7SAndroid Build Coastguard Worker new_hmac_ctx = (HMAC_CTX *)((*a)->state);
95*90e502c7SAndroid Build Coastguard Worker
96*90e502c7SAndroid Build Coastguard Worker HMAC_CTX_init(new_hmac_ctx);
97*90e502c7SAndroid Build Coastguard Worker }
98*90e502c7SAndroid Build Coastguard Worker
99*90e502c7SAndroid Build Coastguard Worker #else
100*90e502c7SAndroid Build Coastguard Worker *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
101*90e502c7SAndroid Build Coastguard Worker if (*a == NULL) {
102*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_alloc_fail;
103*90e502c7SAndroid Build Coastguard Worker }
104*90e502c7SAndroid Build Coastguard Worker
105*90e502c7SAndroid Build Coastguard Worker (*a)->state = HMAC_CTX_new();
106*90e502c7SAndroid Build Coastguard Worker if ((*a)->state == NULL) {
107*90e502c7SAndroid Build Coastguard Worker srtp_crypto_free(*a);
108*90e502c7SAndroid Build Coastguard Worker *a = NULL;
109*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_alloc_fail;
110*90e502c7SAndroid Build Coastguard Worker }
111*90e502c7SAndroid Build Coastguard Worker #endif
112*90e502c7SAndroid Build Coastguard Worker
113*90e502c7SAndroid Build Coastguard Worker /* set pointers */
114*90e502c7SAndroid Build Coastguard Worker (*a)->type = &srtp_hmac;
115*90e502c7SAndroid Build Coastguard Worker (*a)->out_len = out_len;
116*90e502c7SAndroid Build Coastguard Worker (*a)->key_len = key_len;
117*90e502c7SAndroid Build Coastguard Worker (*a)->prefix_len = 0;
118*90e502c7SAndroid Build Coastguard Worker
119*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_ok;
120*90e502c7SAndroid Build Coastguard Worker }
121*90e502c7SAndroid Build Coastguard Worker
srtp_hmac_dealloc(srtp_auth_t * a)122*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
123*90e502c7SAndroid Build Coastguard Worker {
124*90e502c7SAndroid Build Coastguard Worker HMAC_CTX *hmac_ctx;
125*90e502c7SAndroid Build Coastguard Worker
126*90e502c7SAndroid Build Coastguard Worker hmac_ctx = (HMAC_CTX *)a->state;
127*90e502c7SAndroid Build Coastguard Worker
128*90e502c7SAndroid Build Coastguard Worker #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
129*90e502c7SAndroid Build Coastguard Worker HMAC_CTX_cleanup(hmac_ctx);
130*90e502c7SAndroid Build Coastguard Worker
131*90e502c7SAndroid Build Coastguard Worker /* zeroize entire state*/
132*90e502c7SAndroid Build Coastguard Worker octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
133*90e502c7SAndroid Build Coastguard Worker
134*90e502c7SAndroid Build Coastguard Worker #else
135*90e502c7SAndroid Build Coastguard Worker HMAC_CTX_free(hmac_ctx);
136*90e502c7SAndroid Build Coastguard Worker
137*90e502c7SAndroid Build Coastguard Worker /* zeroize entire state*/
138*90e502c7SAndroid Build Coastguard Worker octet_string_set_to_zero(a, sizeof(srtp_auth_t));
139*90e502c7SAndroid Build Coastguard Worker #endif
140*90e502c7SAndroid Build Coastguard Worker
141*90e502c7SAndroid Build Coastguard Worker /* free memory */
142*90e502c7SAndroid Build Coastguard Worker srtp_crypto_free(a);
143*90e502c7SAndroid Build Coastguard Worker
144*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_ok;
145*90e502c7SAndroid Build Coastguard Worker }
146*90e502c7SAndroid Build Coastguard Worker
srtp_hmac_start(void * statev)147*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t srtp_hmac_start(void *statev)
148*90e502c7SAndroid Build Coastguard Worker {
149*90e502c7SAndroid Build Coastguard Worker HMAC_CTX *state = (HMAC_CTX *)statev;
150*90e502c7SAndroid Build Coastguard Worker
151*90e502c7SAndroid Build Coastguard Worker if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
152*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_auth_fail;
153*90e502c7SAndroid Build Coastguard Worker
154*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_ok;
155*90e502c7SAndroid Build Coastguard Worker }
156*90e502c7SAndroid Build Coastguard Worker
srtp_hmac_init(void * statev,const uint8_t * key,int key_len)157*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t srtp_hmac_init(void *statev,
158*90e502c7SAndroid Build Coastguard Worker const uint8_t *key,
159*90e502c7SAndroid Build Coastguard Worker int key_len)
160*90e502c7SAndroid Build Coastguard Worker {
161*90e502c7SAndroid Build Coastguard Worker HMAC_CTX *state = (HMAC_CTX *)statev;
162*90e502c7SAndroid Build Coastguard Worker
163*90e502c7SAndroid Build Coastguard Worker if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
164*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_auth_fail;
165*90e502c7SAndroid Build Coastguard Worker
166*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_ok;
167*90e502c7SAndroid Build Coastguard Worker }
168*90e502c7SAndroid Build Coastguard Worker
srtp_hmac_update(void * statev,const uint8_t * message,int msg_octets)169*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t srtp_hmac_update(void *statev,
170*90e502c7SAndroid Build Coastguard Worker const uint8_t *message,
171*90e502c7SAndroid Build Coastguard Worker int msg_octets)
172*90e502c7SAndroid Build Coastguard Worker {
173*90e502c7SAndroid Build Coastguard Worker HMAC_CTX *state = (HMAC_CTX *)statev;
174*90e502c7SAndroid Build Coastguard Worker
175*90e502c7SAndroid Build Coastguard Worker debug_print(srtp_mod_hmac, "input: %s",
176*90e502c7SAndroid Build Coastguard Worker srtp_octet_string_hex_string(message, msg_octets));
177*90e502c7SAndroid Build Coastguard Worker
178*90e502c7SAndroid Build Coastguard Worker if (HMAC_Update(state, message, msg_octets) == 0)
179*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_auth_fail;
180*90e502c7SAndroid Build Coastguard Worker
181*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_ok;
182*90e502c7SAndroid Build Coastguard Worker }
183*90e502c7SAndroid Build Coastguard Worker
srtp_hmac_compute(void * statev,const uint8_t * message,int msg_octets,int tag_len,uint8_t * result)184*90e502c7SAndroid Build Coastguard Worker static srtp_err_status_t srtp_hmac_compute(void *statev,
185*90e502c7SAndroid Build Coastguard Worker const uint8_t *message,
186*90e502c7SAndroid Build Coastguard Worker int msg_octets,
187*90e502c7SAndroid Build Coastguard Worker int tag_len,
188*90e502c7SAndroid Build Coastguard Worker uint8_t *result)
189*90e502c7SAndroid Build Coastguard Worker {
190*90e502c7SAndroid Build Coastguard Worker HMAC_CTX *state = (HMAC_CTX *)statev;
191*90e502c7SAndroid Build Coastguard Worker uint8_t hash_value[SHA1_DIGEST_SIZE];
192*90e502c7SAndroid Build Coastguard Worker int i;
193*90e502c7SAndroid Build Coastguard Worker unsigned int len;
194*90e502c7SAndroid Build Coastguard Worker
195*90e502c7SAndroid Build Coastguard Worker /* check tag length, return error if we can't provide the value expected */
196*90e502c7SAndroid Build Coastguard Worker if (tag_len > SHA1_DIGEST_SIZE) {
197*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_bad_param;
198*90e502c7SAndroid Build Coastguard Worker }
199*90e502c7SAndroid Build Coastguard Worker
200*90e502c7SAndroid Build Coastguard Worker /* hash message, copy output into H */
201*90e502c7SAndroid Build Coastguard Worker if (HMAC_Update(state, message, msg_octets) == 0)
202*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_auth_fail;
203*90e502c7SAndroid Build Coastguard Worker
204*90e502c7SAndroid Build Coastguard Worker if (HMAC_Final(state, hash_value, &len) == 0)
205*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_auth_fail;
206*90e502c7SAndroid Build Coastguard Worker
207*90e502c7SAndroid Build Coastguard Worker if (len < tag_len)
208*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_auth_fail;
209*90e502c7SAndroid Build Coastguard Worker
210*90e502c7SAndroid Build Coastguard Worker /* copy hash_value to *result */
211*90e502c7SAndroid Build Coastguard Worker for (i = 0; i < tag_len; i++) {
212*90e502c7SAndroid Build Coastguard Worker result[i] = hash_value[i];
213*90e502c7SAndroid Build Coastguard Worker }
214*90e502c7SAndroid Build Coastguard Worker
215*90e502c7SAndroid Build Coastguard Worker debug_print(srtp_mod_hmac, "output: %s",
216*90e502c7SAndroid Build Coastguard Worker srtp_octet_string_hex_string(hash_value, tag_len));
217*90e502c7SAndroid Build Coastguard Worker
218*90e502c7SAndroid Build Coastguard Worker return srtp_err_status_ok;
219*90e502c7SAndroid Build Coastguard Worker }
220*90e502c7SAndroid Build Coastguard Worker
221*90e502c7SAndroid Build Coastguard Worker /* begin test case 0 */
222*90e502c7SAndroid Build Coastguard Worker /* clang-format off */
223*90e502c7SAndroid Build Coastguard Worker static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
224*90e502c7SAndroid Build Coastguard Worker 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
225*90e502c7SAndroid Build Coastguard Worker 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
226*90e502c7SAndroid Build Coastguard Worker 0x0b, 0x0b, 0x0b, 0x0b
227*90e502c7SAndroid Build Coastguard Worker };
228*90e502c7SAndroid Build Coastguard Worker /* clang-format on */
229*90e502c7SAndroid Build Coastguard Worker
230*90e502c7SAndroid Build Coastguard Worker /* clang-format off */
231*90e502c7SAndroid Build Coastguard Worker static const uint8_t srtp_hmac_test_case_0_data[8] = {
232*90e502c7SAndroid Build Coastguard Worker 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
233*90e502c7SAndroid Build Coastguard Worker };
234*90e502c7SAndroid Build Coastguard Worker /* clang-format on */
235*90e502c7SAndroid Build Coastguard Worker
236*90e502c7SAndroid Build Coastguard Worker /* clang-format off */
237*90e502c7SAndroid Build Coastguard Worker static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
238*90e502c7SAndroid Build Coastguard Worker 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
239*90e502c7SAndroid Build Coastguard Worker 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
240*90e502c7SAndroid Build Coastguard Worker 0xf1, 0x46, 0xbe, 0x00
241*90e502c7SAndroid Build Coastguard Worker };
242*90e502c7SAndroid Build Coastguard Worker /* clang-format on */
243*90e502c7SAndroid Build Coastguard Worker
244*90e502c7SAndroid Build Coastguard Worker static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
245*90e502c7SAndroid Build Coastguard Worker sizeof(srtp_hmac_test_case_0_key), /* octets in key */
246*90e502c7SAndroid Build Coastguard Worker srtp_hmac_test_case_0_key, /* key */
247*90e502c7SAndroid Build Coastguard Worker sizeof(srtp_hmac_test_case_0_data), /* octets in data */
248*90e502c7SAndroid Build Coastguard Worker srtp_hmac_test_case_0_data, /* data */
249*90e502c7SAndroid Build Coastguard Worker sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */
250*90e502c7SAndroid Build Coastguard Worker srtp_hmac_test_case_0_tag, /* tag */
251*90e502c7SAndroid Build Coastguard Worker NULL /* pointer to next testcase */
252*90e502c7SAndroid Build Coastguard Worker };
253*90e502c7SAndroid Build Coastguard Worker
254*90e502c7SAndroid Build Coastguard Worker /* end test case 0 */
255*90e502c7SAndroid Build Coastguard Worker
256*90e502c7SAndroid Build Coastguard Worker static const char srtp_hmac_description[] =
257*90e502c7SAndroid Build Coastguard Worker "hmac sha-1 authentication function";
258*90e502c7SAndroid Build Coastguard Worker
259*90e502c7SAndroid Build Coastguard Worker /*
260*90e502c7SAndroid Build Coastguard Worker * srtp_auth_type_t hmac is the hmac metaobject
261*90e502c7SAndroid Build Coastguard Worker */
262*90e502c7SAndroid Build Coastguard Worker
263*90e502c7SAndroid Build Coastguard Worker const srtp_auth_type_t srtp_hmac = {
264*90e502c7SAndroid Build Coastguard Worker srtp_hmac_alloc, /* */
265*90e502c7SAndroid Build Coastguard Worker srtp_hmac_dealloc, /* */
266*90e502c7SAndroid Build Coastguard Worker srtp_hmac_init, /* */
267*90e502c7SAndroid Build Coastguard Worker srtp_hmac_compute, /* */
268*90e502c7SAndroid Build Coastguard Worker srtp_hmac_update, /* */
269*90e502c7SAndroid Build Coastguard Worker srtp_hmac_start, /* */
270*90e502c7SAndroid Build Coastguard Worker srtp_hmac_description, /* */
271*90e502c7SAndroid Build Coastguard Worker &srtp_hmac_test_case_0, /* */
272*90e502c7SAndroid Build Coastguard Worker SRTP_HMAC_SHA1 /* */
273*90e502c7SAndroid Build Coastguard Worker };
274