xref: /aosp_15_r20/external/tink/cc/subtle/hmac_boringssl.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2017 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #include "tink/subtle/hmac_boringssl.h"
18 
19 #include <memory>
20 #include <string>
21 #include <utility>
22 
23 #include "absl/memory/memory.h"
24 #include "absl/status/status.h"
25 #include "absl/strings/string_view.h"
26 #include "openssl/crypto.h"
27 #include "openssl/evp.h"
28 #include "openssl/hmac.h"
29 #include "tink/internal/md_util.h"
30 #include "tink/internal/util.h"
31 #include "tink/mac.h"
32 #include "tink/subtle/common_enums.h"
33 #include "tink/util/errors.h"
34 #include "tink/util/status.h"
35 #include "tink/util/statusor.h"
36 
37 namespace crypto {
38 namespace tink {
39 namespace subtle {
40 
New(HashType hash_type,uint32_t tag_size,util::SecretData key)41 util::StatusOr<std::unique_ptr<Mac>> HmacBoringSsl::New(HashType hash_type,
42                                                         uint32_t tag_size,
43                                                         util::SecretData key) {
44   auto status = internal::CheckFipsCompatibility<HmacBoringSsl>();
45   if (!status.ok()) return status;
46 
47   util::StatusOr<const EVP_MD*> md = internal::EvpHashFromHashType(hash_type);
48   if (!md.ok()) {
49     return md.status();
50   }
51   if (EVP_MD_size(*md) < tag_size) {
52     // The key manager is responsible to security policies.
53     // The checks here just ensure the preconditions of the primitive.
54     // If this fails then something is wrong with the key manager.
55     return util::Status(absl::StatusCode::kInvalidArgument, "invalid tag size");
56   }
57   if (key.size() < kMinKeySize) {
58     return util::Status(absl::StatusCode::kInvalidArgument, "invalid key size");
59   }
60   return {absl::WrapUnique(new HmacBoringSsl(*md, tag_size, std::move(key)))};
61 }
62 
ComputeMac(absl::string_view data) const63 util::StatusOr<std::string> HmacBoringSsl::ComputeMac(
64     absl::string_view data) const {
65   // BoringSSL expects a non-null pointer for data,
66   // regardless of whether the size is 0.
67   data = internal::EnsureStringNonNull(data);
68 
69   uint8_t buf[EVP_MAX_MD_SIZE];
70   unsigned int out_len;
71   const uint8_t* res = HMAC(md_, key_.data(), key_.size(),
72                             reinterpret_cast<const uint8_t*>(data.data()),
73                             data.size(), buf, &out_len);
74   if (res == nullptr) {
75     // TODO(bleichen): We expect that BoringSSL supports the
76     //   hashes that we use. Maybe we should have a status that indicates
77     //   such mismatches between expected and actual behaviour.
78     return util::Status(absl::StatusCode::kInternal,
79                         "BoringSSL failed to compute HMAC");
80   }
81   return std::string(reinterpret_cast<char*>(buf), tag_size_);
82 }
83 
VerifyMac(absl::string_view mac,absl::string_view data) const84 util::Status HmacBoringSsl::VerifyMac(absl::string_view mac,
85                                       absl::string_view data) const {
86   // BoringSSL expects a non-null pointer for data,
87   // regardless of whether the size is 0.
88   data = internal::EnsureStringNonNull(data);
89 
90   if (mac.size() != tag_size_) {
91     return util::Status(absl::StatusCode::kInvalidArgument,
92                         "incorrect tag size");
93   }
94   uint8_t buf[EVP_MAX_MD_SIZE];
95   unsigned int out_len;
96   const uint8_t* res = HMAC(md_, key_.data(), key_.size(),
97                             reinterpret_cast<const uint8_t*>(data.data()),
98                             data.size(), buf, &out_len);
99   if (res == nullptr) {
100     return util::Status(absl::StatusCode::kInternal,
101                         "BoringSSL failed to compute HMAC");
102   }
103   if (CRYPTO_memcmp(buf, mac.data(), tag_size_) != 0) {
104     return util::Status(absl::StatusCode::kInvalidArgument,
105                         "verification failed");
106   }
107   return util::OkStatus();
108 }
109 
110 }  // namespace subtle
111 }  // namespace tink
112 }  // namespace crypto
113