/src/openssl/providers/implementations/macs/hmac_prov.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * HMAC low level APIs are deprecated for public use, but still ok for internal |
12 | | * use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <string.h> |
17 | | |
18 | | #include <openssl/core_dispatch.h> |
19 | | #include <openssl/core_names.h> |
20 | | #include <openssl/params.h> |
21 | | #include <openssl/evp.h> |
22 | | #include <openssl/hmac.h> |
23 | | #include <openssl/proverr.h> |
24 | | #include <openssl/err.h> |
25 | | |
26 | | #include "internal/ssl3_cbc.h" |
27 | | #include "internal/cryptlib.h" |
28 | | |
29 | | #include "prov/implementations.h" |
30 | | #include "prov/provider_ctx.h" |
31 | | #include "prov/provider_util.h" |
32 | | #include "prov/providercommon.h" |
33 | | #include "prov/securitycheck.h" |
34 | | #include "providers/implementations/macs/hmac_prov.inc" |
35 | | |
36 | | /* |
37 | | * Forward declaration of everything implemented here. This is not strictly |
38 | | * necessary for the compiler, but provides an assurance that the signatures |
39 | | * of the functions in the dispatch table are correct. |
40 | | */ |
41 | | static OSSL_FUNC_mac_newctx_fn hmac_new; |
42 | | static OSSL_FUNC_mac_dupctx_fn hmac_dup; |
43 | | static OSSL_FUNC_mac_freectx_fn hmac_free; |
44 | | static OSSL_FUNC_mac_gettable_ctx_params_fn hmac_gettable_ctx_params; |
45 | | static OSSL_FUNC_mac_get_ctx_params_fn hmac_get_ctx_params; |
46 | | static OSSL_FUNC_mac_settable_ctx_params_fn hmac_settable_ctx_params; |
47 | | static OSSL_FUNC_mac_set_ctx_params_fn hmac_set_ctx_params; |
48 | | static OSSL_FUNC_mac_init_fn hmac_init; |
49 | | static OSSL_FUNC_mac_update_fn hmac_update; |
50 | | static OSSL_FUNC_mac_final_fn hmac_final; |
51 | | |
52 | | /* local HMAC context structure */ |
53 | | |
54 | | /* typedef EVP_MAC_IMPL */ |
55 | | struct hmac_data_st { |
56 | | void *provctx; |
57 | | HMAC_CTX *ctx; /* HMAC context */ |
58 | | PROV_DIGEST digest; |
59 | | unsigned char *key; |
60 | | size_t keylen; |
61 | | /* Length of full TLS record including the MAC and any padding */ |
62 | | size_t tls_data_size; |
63 | | unsigned char tls_header[13]; |
64 | | int tls_header_set; |
65 | | unsigned char tls_mac_out[EVP_MAX_MD_SIZE]; |
66 | | size_t tls_mac_out_size; |
67 | | #ifdef FIPS_MODULE |
68 | | /* |
69 | | * 'internal' is set to 1 if HMAC is used inside another algorithm such as a |
70 | | * KDF. In this case it is the parent algorithm that is responsible for |
71 | | * performing any conditional FIPS indicator related checks for the HMAC. |
72 | | */ |
73 | | int internal; |
74 | | #endif |
75 | | OSSL_FIPS_IND_DECLARE |
76 | | }; |
77 | | |
78 | | static void *hmac_new(void *provctx) |
79 | 0 | { |
80 | 0 | struct hmac_data_st *macctx; |
81 | |
|
82 | 0 | if (!ossl_prov_is_running()) |
83 | 0 | return NULL; |
84 | | |
85 | 0 | if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL |
86 | 0 | || (macctx->ctx = HMAC_CTX_new()) == NULL) { |
87 | 0 | OPENSSL_free(macctx); |
88 | 0 | return NULL; |
89 | 0 | } |
90 | 0 | macctx->provctx = provctx; |
91 | 0 | OSSL_FIPS_IND_INIT(macctx) |
92 | |
|
93 | 0 | return macctx; |
94 | 0 | } |
95 | | |
96 | | static void hmac_free(void *vmacctx) |
97 | 0 | { |
98 | 0 | struct hmac_data_st *macctx = vmacctx; |
99 | |
|
100 | 0 | if (macctx != NULL) { |
101 | 0 | HMAC_CTX_free(macctx->ctx); |
102 | 0 | ossl_prov_digest_reset(&macctx->digest); |
103 | 0 | OPENSSL_clear_free(macctx->key, macctx->keylen); |
104 | 0 | OPENSSL_free(macctx); |
105 | 0 | } |
106 | 0 | } |
107 | | |
108 | | static void *hmac_dup(void *vsrc) |
109 | 0 | { |
110 | 0 | struct hmac_data_st *src = vsrc; |
111 | 0 | struct hmac_data_st *dst; |
112 | 0 | HMAC_CTX *ctx; |
113 | |
|
114 | 0 | if (!ossl_prov_is_running()) |
115 | 0 | return NULL; |
116 | 0 | dst = hmac_new(src->provctx); |
117 | 0 | if (dst == NULL) |
118 | 0 | return NULL; |
119 | | |
120 | 0 | ctx = dst->ctx; |
121 | 0 | *dst = *src; |
122 | 0 | dst->ctx = ctx; |
123 | 0 | dst->key = NULL; |
124 | 0 | memset(&dst->digest, 0, sizeof(dst->digest)); |
125 | |
|
126 | 0 | if (!HMAC_CTX_copy(dst->ctx, src->ctx) |
127 | 0 | || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { |
128 | 0 | hmac_free(dst); |
129 | 0 | return NULL; |
130 | 0 | } |
131 | 0 | if (src->key != NULL) { |
132 | 0 | dst->key = OPENSSL_malloc(src->keylen > 0 ? src->keylen : 1); |
133 | 0 | if (dst->key == NULL) { |
134 | 0 | hmac_free(dst); |
135 | 0 | return 0; |
136 | 0 | } |
137 | 0 | if (src->keylen > 0) |
138 | 0 | memcpy(dst->key, src->key, src->keylen); |
139 | 0 | } |
140 | 0 | return dst; |
141 | 0 | } |
142 | | |
143 | | static size_t hmac_size(struct hmac_data_st *macctx) |
144 | 0 | { |
145 | 0 | return HMAC_size(macctx->ctx); |
146 | 0 | } |
147 | | |
148 | | static int hmac_block_size(struct hmac_data_st *macctx) |
149 | 0 | { |
150 | 0 | const EVP_MD *md = ossl_prov_digest_md(&macctx->digest); |
151 | |
|
152 | 0 | if (md == NULL) |
153 | 0 | return 0; |
154 | 0 | return EVP_MD_block_size(md); |
155 | 0 | } |
156 | | |
157 | | static int hmac_setkey(struct hmac_data_st *macctx, |
158 | | const unsigned char *key, size_t keylen) |
159 | 0 | { |
160 | 0 | const EVP_MD *digest; |
161 | |
|
162 | | #ifdef FIPS_MODULE |
163 | | /* |
164 | | * KDF's pass a salt rather than a key, |
165 | | * which is why it skips the key check unless "HMAC" is fetched directly. |
166 | | */ |
167 | | if (!macctx->internal) { |
168 | | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(macctx->provctx); |
169 | | int approved = ossl_mac_check_key_size(keylen); |
170 | | |
171 | | if (!approved) { |
172 | | if (!OSSL_FIPS_IND_ON_UNAPPROVED(macctx, OSSL_FIPS_IND_SETTABLE0, |
173 | | libctx, "HMAC", "keysize", |
174 | | ossl_fips_config_hmac_key_check)) { |
175 | | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); |
176 | | return 0; |
177 | | } |
178 | | } |
179 | | } |
180 | | #endif |
181 | |
|
182 | 0 | if (macctx->key != NULL) |
183 | 0 | OPENSSL_clear_free(macctx->key, macctx->keylen); |
184 | | /* Keep a copy of the key in case we need it for TLS HMAC */ |
185 | 0 | macctx->key = OPENSSL_malloc(keylen > 0 ? keylen : 1); |
186 | 0 | if (macctx->key == NULL) |
187 | 0 | return 0; |
188 | | |
189 | 0 | if (keylen > 0) |
190 | 0 | memcpy(macctx->key, key, keylen); |
191 | 0 | macctx->keylen = keylen; |
192 | |
|
193 | 0 | digest = ossl_prov_digest_md(&macctx->digest); |
194 | | /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ |
195 | 0 | if (key != NULL || (macctx->tls_data_size == 0 && digest != NULL)) |
196 | 0 | return HMAC_Init_ex(macctx->ctx, key, (int)keylen, digest, |
197 | 0 | ossl_prov_digest_engine(&macctx->digest)); |
198 | 0 | return 1; |
199 | 0 | } |
200 | | |
201 | | static int hmac_init(void *vmacctx, const unsigned char *key, |
202 | | size_t keylen, const OSSL_PARAM params[]) |
203 | 0 | { |
204 | 0 | struct hmac_data_st *macctx = vmacctx; |
205 | |
|
206 | 0 | if (!ossl_prov_is_running() || !hmac_set_ctx_params(macctx, params)) |
207 | 0 | return 0; |
208 | | |
209 | 0 | if (key != NULL) |
210 | 0 | return hmac_setkey(macctx, key, keylen); |
211 | | |
212 | | /* Just reinit the HMAC context */ |
213 | 0 | return HMAC_Init_ex(macctx->ctx, NULL, 0, NULL, NULL); |
214 | 0 | } |
215 | | |
216 | | static int hmac_update(void *vmacctx, const unsigned char *data, |
217 | | size_t datalen) |
218 | 0 | { |
219 | 0 | struct hmac_data_st *macctx = vmacctx; |
220 | |
|
221 | 0 | if (macctx->tls_data_size > 0) { |
222 | | /* We're doing a TLS HMAC */ |
223 | 0 | if (!macctx->tls_header_set) { |
224 | | /* We expect the first update call to contain the TLS header */ |
225 | 0 | if (datalen != sizeof(macctx->tls_header)) |
226 | 0 | return 0; |
227 | 0 | memcpy(macctx->tls_header, data, datalen); |
228 | 0 | macctx->tls_header_set = 1; |
229 | 0 | return 1; |
230 | 0 | } |
231 | | /* macctx->tls_data_size is datalen plus the padding length */ |
232 | 0 | if (macctx->tls_data_size < datalen) |
233 | 0 | return 0; |
234 | | |
235 | 0 | return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest), |
236 | 0 | macctx->tls_mac_out, |
237 | 0 | &macctx->tls_mac_out_size, |
238 | 0 | macctx->tls_header, |
239 | 0 | data, |
240 | 0 | datalen, |
241 | 0 | macctx->tls_data_size, |
242 | 0 | macctx->key, |
243 | 0 | macctx->keylen, |
244 | 0 | 0); |
245 | 0 | } |
246 | | |
247 | 0 | return HMAC_Update(macctx->ctx, data, datalen); |
248 | 0 | } |
249 | | |
250 | | static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, |
251 | | size_t outsize) |
252 | 0 | { |
253 | 0 | unsigned int hlen; |
254 | 0 | struct hmac_data_st *macctx = vmacctx; |
255 | |
|
256 | 0 | if (!ossl_prov_is_running()) |
257 | 0 | return 0; |
258 | 0 | if (macctx->tls_data_size > 0) { |
259 | 0 | if (macctx->tls_mac_out_size == 0) |
260 | 0 | return 0; |
261 | 0 | if (outl != NULL) |
262 | 0 | *outl = macctx->tls_mac_out_size; |
263 | 0 | memcpy(out, macctx->tls_mac_out, macctx->tls_mac_out_size); |
264 | 0 | return 1; |
265 | 0 | } |
266 | 0 | if (!HMAC_Final(macctx->ctx, out, &hlen)) |
267 | 0 | return 0; |
268 | 0 | *outl = hlen; |
269 | 0 | return 1; |
270 | 0 | } |
271 | | |
272 | | static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, |
273 | | ossl_unused void *provctx) |
274 | 0 | { |
275 | 0 | return hmac_get_ctx_params_list; |
276 | 0 | } |
277 | | |
278 | | static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
279 | 0 | { |
280 | 0 | struct hmac_data_st *macctx = vmacctx; |
281 | 0 | struct hmac_get_ctx_params_st p; |
282 | |
|
283 | 0 | if (macctx == NULL || !hmac_get_ctx_params_decoder(params, &p)) |
284 | 0 | return 0; |
285 | | |
286 | 0 | if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, hmac_size(macctx))) |
287 | 0 | return 0; |
288 | | |
289 | 0 | if (p.bsize != NULL && !OSSL_PARAM_set_int(p.bsize, hmac_block_size(macctx))) |
290 | 0 | return 0; |
291 | | |
292 | | #ifdef FIPS_MODULE |
293 | | if (p.ind != NULL) { |
294 | | int approved = 0; |
295 | | |
296 | | if (!macctx->internal) |
297 | | approved = OSSL_FIPS_IND_GET(macctx)->approved; |
298 | | if (!OSSL_PARAM_set_int(p.ind, approved)) |
299 | | return 0; |
300 | | } |
301 | | #endif |
302 | 0 | return 1; |
303 | 0 | } |
304 | | |
305 | | static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *ctx, |
306 | | ossl_unused void *provctx) |
307 | 0 | { |
308 | 0 | return hmac_set_ctx_params_list; |
309 | 0 | } |
310 | | |
311 | | /* |
312 | | * ALL parameters should be set before init(). |
313 | | */ |
314 | | static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) |
315 | 0 | { |
316 | 0 | struct hmac_data_st *macctx = vmacctx; |
317 | 0 | OSSL_LIB_CTX *ctx; |
318 | 0 | struct hmac_set_ctx_params_st p; |
319 | |
|
320 | 0 | if (macctx == NULL || !hmac_set_ctx_params_decoder(params, &p)) |
321 | 0 | return 0; |
322 | | |
323 | 0 | ctx = PROV_LIBCTX_OF(macctx->provctx); |
324 | |
|
325 | 0 | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(macctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k)) |
326 | 0 | return 0; |
327 | | |
328 | 0 | if (p.digest != NULL |
329 | 0 | && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, |
330 | 0 | p.engine, ctx)) |
331 | 0 | return 0; |
332 | | |
333 | 0 | if (p.key != NULL) { |
334 | 0 | if (p.key->data_type != OSSL_PARAM_OCTET_STRING) |
335 | 0 | return 0; |
336 | | |
337 | 0 | if (!hmac_setkey(macctx, p.key->data, p.key->data_size)) |
338 | 0 | return 0; |
339 | 0 | } |
340 | | |
341 | 0 | if (p.tlssize != NULL && !OSSL_PARAM_get_size_t(p.tlssize, &macctx->tls_data_size)) |
342 | 0 | return 0; |
343 | | |
344 | 0 | return 1; |
345 | 0 | } |
346 | | |
347 | | const OSSL_DISPATCH ossl_hmac_functions[] = { |
348 | | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))hmac_new }, |
349 | | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))hmac_dup }, |
350 | | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))hmac_free }, |
351 | | { OSSL_FUNC_MAC_INIT, (void (*)(void))hmac_init }, |
352 | | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))hmac_update }, |
353 | | { OSSL_FUNC_MAC_FINAL, (void (*)(void))hmac_final }, |
354 | | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, |
355 | | (void (*)(void))hmac_gettable_ctx_params }, |
356 | | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))hmac_get_ctx_params }, |
357 | | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
358 | | (void (*)(void))hmac_settable_ctx_params }, |
359 | | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))hmac_set_ctx_params }, |
360 | | OSSL_DISPATCH_END |
361 | | }; |
362 | | |
363 | | #ifdef FIPS_MODULE |
364 | | static OSSL_FUNC_mac_newctx_fn hmac_internal_new; |
365 | | |
366 | | static void *hmac_internal_new(void *provctx) |
367 | | { |
368 | | struct hmac_data_st *macctx = hmac_new(provctx); |
369 | | |
370 | | if (macctx != NULL) |
371 | | macctx->internal = 1; |
372 | | return macctx; |
373 | | } |
374 | | |
375 | | const OSSL_DISPATCH ossl_hmac_internal_functions[] = { |
376 | | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))hmac_internal_new }, |
377 | | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))hmac_dup }, |
378 | | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))hmac_free }, |
379 | | { OSSL_FUNC_MAC_INIT, (void (*)(void))hmac_init }, |
380 | | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))hmac_update }, |
381 | | { OSSL_FUNC_MAC_FINAL, (void (*)(void))hmac_final }, |
382 | | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, |
383 | | (void (*)(void))hmac_gettable_ctx_params }, |
384 | | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))hmac_get_ctx_params }, |
385 | | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
386 | | (void (*)(void))hmac_settable_ctx_params }, |
387 | | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))hmac_set_ctx_params }, |
388 | | OSSL_DISPATCH_END |
389 | | }; |
390 | | |
391 | | #endif /* FIPS_MODULE */ |