blob: 8023662bfc3257653c159a583723e8cff841c21f [file] [log] [blame]
Shawn Willden0d560bf2014-12-15 17:44:02 -07001/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "hmac_operation.h"
18
19#include <openssl/evp.h>
20#include <openssl/hmac.h>
21
Adam Langleya550fba2015-02-13 14:44:14 -080022#if defined(OPENSSL_IS_BORINGSSL)
23typedef size_t openssl_size_t;
24#else
25typedef int openssl_size_t;
26#endif
27
Shawn Willden0d560bf2014-12-15 17:44:02 -070028namespace keymaster {
29
30HmacOperation::HmacOperation(keymaster_purpose_t purpose, const Logger& logger,
31 const uint8_t* key_data, size_t key_data_size,
32 keymaster_digest_t digest, size_t tag_length)
33 : Operation(purpose, logger), error_(KM_ERROR_OK), tag_length_(tag_length) {
34 // Initialize CTX first, so dtor won't crash even if we error out later.
35 HMAC_CTX_init(&ctx_);
36
37 const EVP_MD* md;
38 switch (digest) {
Shawn Willden62c22862014-12-17 08:36:20 -070039 case KM_DIGEST_SHA_2_224:
40 md = EVP_sha224();
41 break;
Shawn Willden0d560bf2014-12-15 17:44:02 -070042 case KM_DIGEST_SHA_2_256:
43 md = EVP_sha256();
44 break;
Shawn Willden62c22862014-12-17 08:36:20 -070045 case KM_DIGEST_SHA_2_384:
46 md = EVP_sha384();
47 break;
48 case KM_DIGEST_SHA_2_512:
49 md = EVP_sha512();
50 break;
Shawn Willden0d560bf2014-12-15 17:44:02 -070051 default:
52 error_ = KM_ERROR_UNSUPPORTED_DIGEST;
53 return;
54 }
55
Adam Langleya550fba2015-02-13 14:44:14 -080056 if ((openssl_size_t)tag_length_ > EVP_MD_size(md)) {
Shawn Willden0d560bf2014-12-15 17:44:02 -070057 error_ = KM_ERROR_UNSUPPORTED_MAC_LENGTH;
58 return;
59 }
60
61 HMAC_Init_ex(&ctx_, key_data, key_data_size, md, NULL /* engine */);
62}
63
64HmacOperation::~HmacOperation() {
65 HMAC_CTX_cleanup(&ctx_);
66}
67
Shawn Willden111edb32015-02-05 22:44:24 -070068keymaster_error_t HmacOperation::Begin(const AuthorizationSet& /* input_params */,
69 AuthorizationSet* /* output_params */) {
Shawn Willden0d560bf2014-12-15 17:44:02 -070070 return error_;
71}
72
73keymaster_error_t HmacOperation::Update(const Buffer& input, Buffer* /* output */,
74 size_t* input_consumed) {
75 if (!HMAC_Update(&ctx_, input.peek_read(), input.available_read()))
76 return KM_ERROR_UNKNOWN_ERROR;
77 *input_consumed = input.available_read();
78 return KM_ERROR_OK;
79}
80
81keymaster_error_t HmacOperation::Abort() {
82 return KM_ERROR_OK;
83}
84
85keymaster_error_t HmacOperation::Finish(const Buffer& signature, Buffer* output) {
86 uint8_t digest[EVP_MAX_MD_SIZE];
87 unsigned int digest_len;
88 if (!HMAC_Final(&ctx_, digest, &digest_len))
89 return KM_ERROR_UNKNOWN_ERROR;
90
91 switch (purpose()) {
92 case KM_PURPOSE_SIGN:
93 output->reserve(tag_length_);
94 output->write(digest, tag_length_);
95 return KM_ERROR_OK;
96 case KM_PURPOSE_VERIFY:
97 if (signature.available_read() != tag_length_)
98 return KM_ERROR_INVALID_INPUT_LENGTH;
99 if (memcmp(signature.peek_read(), digest, tag_length_) != 0)
100 return KM_ERROR_VERIFICATION_FAILED;
101 return KM_ERROR_OK;
102 default:
103 return KM_ERROR_UNSUPPORTED_PURPOSE;
104 }
105}
106
107} // namespace keymaster