aboutsummaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp')
-rw-r--r--SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp244
1 files changed, 244 insertions, 0 deletions
diff --git a/SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp b/SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp
new file mode 100644
index 0000000..27e29d9
--- /dev/null
+++ b/SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp
@@ -0,0 +1,244 @@
+/*
+ * Copyright (c) 2017 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// TODO: Store context in securely allocated memory
+
+/*****************************************************************************
+ OSSLEVPCMacAlgorithm.cpp
+
+ OpenSSL CMAC algorithm implementation
+ *****************************************************************************/
+
+#include "config.h"
+#include "OSSLEVPCMacAlgorithm.h"
+#include "OSSLComp.h"
+#include <openssl/err.h>
+
+// Destructor
+OSSLEVPCMacAlgorithm::~OSSLEVPCMacAlgorithm()
+{
+ if (curCTX != NULL)
+ CMAC_CTX_free(curCTX);
+}
+
+// Signing functions
+bool OSSLEVPCMacAlgorithm::signInit(const SymmetricKey* key)
+{
+ // Call the superclass initialiser
+ if (!MacAlgorithm::signInit(key))
+ {
+ return false;
+ }
+
+ // Determine the cipher class
+ const EVP_CIPHER* cipher = getEVPCipher();
+ if (cipher == NULL)
+ {
+ ERROR_MSG("Invalid sign mac algorithm");
+
+ ByteString dummy;
+ MacAlgorithm::signFinal(dummy);
+
+ return false;
+ }
+
+ // Initialize the context
+ curCTX = CMAC_CTX_new();
+ if (curCTX == NULL)
+ {
+ ERROR_MSG("Failed to allocate space for CMAC_CTX");
+
+ return false;
+ }
+
+ // Initialize EVP signing
+ if (!CMAC_Init(curCTX, key->getKeyBits().const_byte_str(), key->getKeyBits().size(), cipher, NULL))
+ {
+ ERROR_MSG("CMAC_Init failed: %s", ERR_error_string(ERR_get_error(), NULL));
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ ByteString dummy;
+ MacAlgorithm::signFinal(dummy);
+
+ return false;
+ }
+
+ return true;
+}
+
+bool OSSLEVPCMacAlgorithm::signUpdate(const ByteString& dataToSign)
+{
+ if (!MacAlgorithm::signUpdate(dataToSign))
+ {
+ return false;
+ }
+
+ if (dataToSign.size() == 0) return true;
+
+ if (!CMAC_Update(curCTX, dataToSign.const_byte_str(), dataToSign.size()))
+ {
+ ERROR_MSG("CMAC_Update failed");
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ ByteString dummy;
+ MacAlgorithm::signFinal(dummy);
+
+ return false;
+ }
+
+ return true;
+}
+
+bool OSSLEVPCMacAlgorithm::signFinal(ByteString& signature)
+{
+ if (!MacAlgorithm::signFinal(signature))
+ {
+ return false;
+ }
+
+ size_t outLen = getMacSize();
+ signature.resize(outLen);
+
+ if (!CMAC_Final(curCTX, &signature[0], &outLen))
+ {
+ ERROR_MSG("CMAC_Final failed");
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ return false;
+ }
+
+ signature.resize(outLen);
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ return true;
+}
+
+// Verification functions
+bool OSSLEVPCMacAlgorithm::verifyInit(const SymmetricKey* key)
+{
+ // Call the superclass initialiser
+ if (!MacAlgorithm::verifyInit(key))
+ {
+ return false;
+ }
+
+ // Determine the cipher class
+ const EVP_CIPHER* cipher = getEVPCipher();
+ if (cipher == NULL)
+ {
+ ERROR_MSG("Invalid verify mac algorithm");
+
+ ByteString dummy;
+ MacAlgorithm::signFinal(dummy);
+
+ return false;
+ }
+
+ // Initialize the context
+ curCTX = CMAC_CTX_new();
+ if (curCTX == NULL)
+ {
+ ERROR_MSG("Failed to allocate space for CMAC_CTX");
+
+ return false;
+ }
+
+ // Initialize EVP signing
+ if (!CMAC_Init(curCTX, key->getKeyBits().const_byte_str(), key->getKeyBits().size(), cipher, NULL))
+ {
+ ERROR_MSG("CMAC_Init failed: %s", ERR_error_string(ERR_get_error(), NULL));
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ ByteString dummy;
+ MacAlgorithm::verifyFinal(dummy);
+
+ return false;
+ }
+
+ return true;
+}
+
+bool OSSLEVPCMacAlgorithm::verifyUpdate(const ByteString& originalData)
+{
+ if (!MacAlgorithm::verifyUpdate(originalData))
+ {
+ return false;
+ }
+
+ if (originalData.size() == 0) return true;
+
+ if (!CMAC_Update(curCTX, originalData.const_byte_str(), originalData.size()))
+ {
+ ERROR_MSG("CMAC_Update failed");
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ ByteString dummy;
+ MacAlgorithm::verifyFinal(dummy);
+
+ return false;
+ }
+
+ return true;
+}
+
+bool OSSLEVPCMacAlgorithm::verifyFinal(ByteString& signature)
+{
+ if (!MacAlgorithm::verifyFinal(signature))
+ {
+ return false;
+ }
+
+ ByteString macResult;
+ size_t outLen = getMacSize();
+ macResult.resize(outLen);
+
+ if (!CMAC_Final(curCTX, &macResult[0], &outLen))
+ {
+ ERROR_MSG("CMAC_Final failed");
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ return false;
+ }
+
+ CMAC_CTX_free(curCTX);
+ curCTX = NULL;
+
+ return macResult == signature;
+}