-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expand support for EVP_PKEY_HMAC #1933
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -81,6 +81,10 @@ static int hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { | |||||
sctx = src->data; | ||||||
dctx = dst->data; | ||||||
dctx->md = sctx->md; | ||||||
if(sctx->ktmp.key != NULL && !HMAC_KEY_copy(&sctx->ktmp, &dctx->ktmp)) { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we need to guard
Suggested change
|
||||||
OPENSSL_free(dctx); | ||||||
return 0; | ||||||
} | ||||||
if (!HMAC_CTX_copy_ex(&dctx->ctx, &sctx->ctx)) { | ||||||
OPENSSL_free(dctx); | ||||||
return 0; | ||||||
|
@@ -90,19 +94,82 @@ static int hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { | |||||
|
||||||
static void hmac_cleanup(EVP_PKEY_CTX *ctx) { | ||||||
HMAC_PKEY_CTX *hctx = ctx->data; | ||||||
OPENSSL_free(hctx->ktmp.key); | ||||||
OPENSSL_free(hctx); | ||||||
} | ||||||
|
||||||
static int hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { | ||||||
static int hmac_ctrl(EVP_PKEY_CTX *ctx, int cmd, int p1, void *p2) { | ||||||
int result = -2; | ||||||
|
||||||
HMAC_PKEY_CTX *hctx = ctx->data; | ||||||
switch (type) { | ||||||
switch (cmd) { | ||||||
case EVP_PKEY_CTRL_SET_MAC_KEY: | ||||||
if (p1 >= 0 && p1 <= INT16_MAX) { | ||||||
// p1 is the key length | ||||||
// p2 is the key | ||||||
if (HMAC_KEY_set(&hctx->ktmp, p2, p1)) { | ||||||
result = 1; | ||||||
} else { | ||||||
result = 0; | ||||||
} | ||||||
} | ||||||
break; | ||||||
case EVP_PKEY_CTRL_MD: | ||||||
hctx->md = p2; | ||||||
result = 1; | ||||||
break; | ||||||
default: | ||||||
OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); | ||||||
} | ||||||
return result; | ||||||
} | ||||||
|
||||||
static int hmac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, | ||||||
const char *value) { | ||||||
if (!value) { | ||||||
return 0; | ||||||
} | ||||||
if (strcmp(type, "key") == 0) { | ||||||
// What if the key contains a 0-byte? | ||||||
WillChilds-Klein marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
const size_t keylen = OPENSSL_strnlen(value, INT16_MAX); | ||||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HMAC, EVP_PKEY_OP_KEYGEN, | ||||||
EVP_PKEY_CTRL_SET_MAC_KEY, keylen, (void*)value); | ||||||
} | ||||||
if (strcmp(type, "hexkey") == 0) { | ||||||
size_t hex_keylen = 0; | ||||||
uint8_t *key = OPENSSL_hexstr2buf(value, &hex_keylen); | ||||||
if (key == NULL) { | ||||||
return 0; | ||||||
} | ||||||
int result = | ||||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HMAC, EVP_PKEY_OP_KEYGEN, | ||||||
EVP_PKEY_CTRL_SET_MAC_KEY, hex_keylen, key); | ||||||
OPENSSL_free(key); | ||||||
return result; | ||||||
} | ||||||
return -2; | ||||||
} | ||||||
|
||||||
static int hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { | ||||||
GUARD_PTR(pkey); | ||||||
HMAC_KEY *hmac = NULL; | ||||||
HMAC_PKEY_CTX *hctx = ctx->data; | ||||||
if(hctx == NULL) { | ||||||
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS); | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nit:
Suggested change
|
||||||
return 0; | ||||||
} | ||||||
|
||||||
if (!(hmac = HMAC_KEY_new())) { | ||||||
return 0; | ||||||
} | ||||||
|
||||||
if (!HMAC_KEY_copy(hmac, &hctx->ktmp) || | ||||||
!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hmac)) { | ||||||
OPENSSL_free(hmac->key); | ||||||
OPENSSL_free(hmac); | ||||||
return 0; | ||||||
} | ||||||
|
||||||
return 1; | ||||||
} | ||||||
|
||||||
|
@@ -111,20 +178,9 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_hmac_pkey_meth) { | |||||
out->init = hmac_init; | ||||||
out->copy = hmac_copy; | ||||||
out->cleanup = hmac_cleanup; | ||||||
out->keygen = NULL; | ||||||
out->sign_init = NULL; | ||||||
out->sign = NULL; | ||||||
out->sign_message = NULL; | ||||||
out->verify_init = NULL; | ||||||
out->verify = NULL; | ||||||
out->verify_message = NULL; | ||||||
out->verify_recover = NULL; | ||||||
out->encrypt = NULL; | ||||||
out->decrypt = NULL; | ||||||
out->derive = NULL; | ||||||
out->paramgen = NULL; | ||||||
out->keygen = hmac_keygen; | ||||||
out->ctrl = hmac_ctrl; | ||||||
out->ctrl_str = NULL; | ||||||
out->ctrl_str = hmac_ctrl_str; | ||||||
} | ||||||
|
||||||
int used_for_hmac(EVP_MD_CTX *ctx) { | ||||||
|
@@ -138,3 +194,30 @@ HMAC_KEY *HMAC_KEY_new(void) { | |||||
} | ||||||
return key; | ||||||
} | ||||||
|
||||||
int HMAC_KEY_set(HMAC_KEY* hmac_key, const uint8_t* key, const size_t key_len) { | ||||||
if(hmac_key == NULL ) { | ||||||
return 0; | ||||||
} | ||||||
if (key == NULL || key_len == 0) { | ||||||
hmac_key->key = NULL; | ||||||
hmac_key->key_len = 0; | ||||||
return 1; | ||||||
} | ||||||
|
||||||
uint8_t* new_key = OPENSSL_memdup(key, key_len); | ||||||
if(new_key == NULL) { | ||||||
return 0; | ||||||
} | ||||||
OPENSSL_free(hmac_key->key); | ||||||
hmac_key->key = new_key; | ||||||
hmac_key->key_len = key_len; | ||||||
return 1; | ||||||
} | ||||||
|
||||||
int HMAC_KEY_copy(HMAC_KEY* dest, HMAC_KEY* src) { | ||||||
GUARD_PTR(dest); | ||||||
GUARD_PTR(src); | ||||||
|
||||||
return HMAC_KEY_set(dest, src->key, src->key_len); | ||||||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RFC 5869 seems to be referring to HKDF?