xref: /aosp_15_r20/external/tink/cc/subtle/hmac_boringssl.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2017 Google Inc.
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang 
17*e7b1675dSTing-Kang Chang #include "tink/subtle/hmac_boringssl.h"
18*e7b1675dSTing-Kang Chang 
19*e7b1675dSTing-Kang Chang #include <memory>
20*e7b1675dSTing-Kang Chang #include <string>
21*e7b1675dSTing-Kang Chang #include <utility>
22*e7b1675dSTing-Kang Chang 
23*e7b1675dSTing-Kang Chang #include "absl/memory/memory.h"
24*e7b1675dSTing-Kang Chang #include "absl/status/status.h"
25*e7b1675dSTing-Kang Chang #include "absl/strings/string_view.h"
26*e7b1675dSTing-Kang Chang #include "openssl/crypto.h"
27*e7b1675dSTing-Kang Chang #include "openssl/evp.h"
28*e7b1675dSTing-Kang Chang #include "openssl/hmac.h"
29*e7b1675dSTing-Kang Chang #include "tink/internal/md_util.h"
30*e7b1675dSTing-Kang Chang #include "tink/internal/util.h"
31*e7b1675dSTing-Kang Chang #include "tink/mac.h"
32*e7b1675dSTing-Kang Chang #include "tink/subtle/common_enums.h"
33*e7b1675dSTing-Kang Chang #include "tink/util/errors.h"
34*e7b1675dSTing-Kang Chang #include "tink/util/status.h"
35*e7b1675dSTing-Kang Chang #include "tink/util/statusor.h"
36*e7b1675dSTing-Kang Chang 
37*e7b1675dSTing-Kang Chang namespace crypto {
38*e7b1675dSTing-Kang Chang namespace tink {
39*e7b1675dSTing-Kang Chang namespace subtle {
40*e7b1675dSTing-Kang Chang 
New(HashType hash_type,uint32_t tag_size,util::SecretData key)41*e7b1675dSTing-Kang Chang util::StatusOr<std::unique_ptr<Mac>> HmacBoringSsl::New(HashType hash_type,
42*e7b1675dSTing-Kang Chang                                                         uint32_t tag_size,
43*e7b1675dSTing-Kang Chang                                                         util::SecretData key) {
44*e7b1675dSTing-Kang Chang   auto status = internal::CheckFipsCompatibility<HmacBoringSsl>();
45*e7b1675dSTing-Kang Chang   if (!status.ok()) return status;
46*e7b1675dSTing-Kang Chang 
47*e7b1675dSTing-Kang Chang   util::StatusOr<const EVP_MD*> md = internal::EvpHashFromHashType(hash_type);
48*e7b1675dSTing-Kang Chang   if (!md.ok()) {
49*e7b1675dSTing-Kang Chang     return md.status();
50*e7b1675dSTing-Kang Chang   }
51*e7b1675dSTing-Kang Chang   if (EVP_MD_size(*md) < tag_size) {
52*e7b1675dSTing-Kang Chang     // The key manager is responsible to security policies.
53*e7b1675dSTing-Kang Chang     // The checks here just ensure the preconditions of the primitive.
54*e7b1675dSTing-Kang Chang     // If this fails then something is wrong with the key manager.
55*e7b1675dSTing-Kang Chang     return util::Status(absl::StatusCode::kInvalidArgument, "invalid tag size");
56*e7b1675dSTing-Kang Chang   }
57*e7b1675dSTing-Kang Chang   if (key.size() < kMinKeySize) {
58*e7b1675dSTing-Kang Chang     return util::Status(absl::StatusCode::kInvalidArgument, "invalid key size");
59*e7b1675dSTing-Kang Chang   }
60*e7b1675dSTing-Kang Chang   return {absl::WrapUnique(new HmacBoringSsl(*md, tag_size, std::move(key)))};
61*e7b1675dSTing-Kang Chang }
62*e7b1675dSTing-Kang Chang 
ComputeMac(absl::string_view data) const63*e7b1675dSTing-Kang Chang util::StatusOr<std::string> HmacBoringSsl::ComputeMac(
64*e7b1675dSTing-Kang Chang     absl::string_view data) const {
65*e7b1675dSTing-Kang Chang   // BoringSSL expects a non-null pointer for data,
66*e7b1675dSTing-Kang Chang   // regardless of whether the size is 0.
67*e7b1675dSTing-Kang Chang   data = internal::EnsureStringNonNull(data);
68*e7b1675dSTing-Kang Chang 
69*e7b1675dSTing-Kang Chang   uint8_t buf[EVP_MAX_MD_SIZE];
70*e7b1675dSTing-Kang Chang   unsigned int out_len;
71*e7b1675dSTing-Kang Chang   const uint8_t* res = HMAC(md_, key_.data(), key_.size(),
72*e7b1675dSTing-Kang Chang                             reinterpret_cast<const uint8_t*>(data.data()),
73*e7b1675dSTing-Kang Chang                             data.size(), buf, &out_len);
74*e7b1675dSTing-Kang Chang   if (res == nullptr) {
75*e7b1675dSTing-Kang Chang     // TODO(bleichen): We expect that BoringSSL supports the
76*e7b1675dSTing-Kang Chang     //   hashes that we use. Maybe we should have a status that indicates
77*e7b1675dSTing-Kang Chang     //   such mismatches between expected and actual behaviour.
78*e7b1675dSTing-Kang Chang     return util::Status(absl::StatusCode::kInternal,
79*e7b1675dSTing-Kang Chang                         "BoringSSL failed to compute HMAC");
80*e7b1675dSTing-Kang Chang   }
81*e7b1675dSTing-Kang Chang   return std::string(reinterpret_cast<char*>(buf), tag_size_);
82*e7b1675dSTing-Kang Chang }
83*e7b1675dSTing-Kang Chang 
VerifyMac(absl::string_view mac,absl::string_view data) const84*e7b1675dSTing-Kang Chang util::Status HmacBoringSsl::VerifyMac(absl::string_view mac,
85*e7b1675dSTing-Kang Chang                                       absl::string_view data) const {
86*e7b1675dSTing-Kang Chang   // BoringSSL expects a non-null pointer for data,
87*e7b1675dSTing-Kang Chang   // regardless of whether the size is 0.
88*e7b1675dSTing-Kang Chang   data = internal::EnsureStringNonNull(data);
89*e7b1675dSTing-Kang Chang 
90*e7b1675dSTing-Kang Chang   if (mac.size() != tag_size_) {
91*e7b1675dSTing-Kang Chang     return util::Status(absl::StatusCode::kInvalidArgument,
92*e7b1675dSTing-Kang Chang                         "incorrect tag size");
93*e7b1675dSTing-Kang Chang   }
94*e7b1675dSTing-Kang Chang   uint8_t buf[EVP_MAX_MD_SIZE];
95*e7b1675dSTing-Kang Chang   unsigned int out_len;
96*e7b1675dSTing-Kang Chang   const uint8_t* res = HMAC(md_, key_.data(), key_.size(),
97*e7b1675dSTing-Kang Chang                             reinterpret_cast<const uint8_t*>(data.data()),
98*e7b1675dSTing-Kang Chang                             data.size(), buf, &out_len);
99*e7b1675dSTing-Kang Chang   if (res == nullptr) {
100*e7b1675dSTing-Kang Chang     return util::Status(absl::StatusCode::kInternal,
101*e7b1675dSTing-Kang Chang                         "BoringSSL failed to compute HMAC");
102*e7b1675dSTing-Kang Chang   }
103*e7b1675dSTing-Kang Chang   if (CRYPTO_memcmp(buf, mac.data(), tag_size_) != 0) {
104*e7b1675dSTing-Kang Chang     return util::Status(absl::StatusCode::kInvalidArgument,
105*e7b1675dSTing-Kang Chang                         "verification failed");
106*e7b1675dSTing-Kang Chang   }
107*e7b1675dSTing-Kang Chang   return util::OkStatus();
108*e7b1675dSTing-Kang Chang }
109*e7b1675dSTing-Kang Chang 
110*e7b1675dSTing-Kang Chang }  // namespace subtle
111*e7b1675dSTing-Kang Chang }  // namespace tink
112*e7b1675dSTing-Kang Chang }  // namespace crypto
113