1*1c60b9acSAndroid Build Coastguard Worker /*
2*1c60b9acSAndroid Build Coastguard Worker * libwebsockets - small server side websockets and web server implementation
3*1c60b9acSAndroid Build Coastguard Worker *
4*1c60b9acSAndroid Build Coastguard Worker * Copyright (C) 2010 - 2019 Andy Green <[email protected]>
5*1c60b9acSAndroid Build Coastguard Worker *
6*1c60b9acSAndroid Build Coastguard Worker * Permission is hereby granted, free of charge, to any person obtaining a copy
7*1c60b9acSAndroid Build Coastguard Worker * of this software and associated documentation files (the "Software"), to
8*1c60b9acSAndroid Build Coastguard Worker * deal in the Software without restriction, including without limitation the
9*1c60b9acSAndroid Build Coastguard Worker * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10*1c60b9acSAndroid Build Coastguard Worker * sell copies of the Software, and to permit persons to whom the Software is
11*1c60b9acSAndroid Build Coastguard Worker * furnished to do so, subject to the following conditions:
12*1c60b9acSAndroid Build Coastguard Worker *
13*1c60b9acSAndroid Build Coastguard Worker * The above copyright notice and this permission notice shall be included in
14*1c60b9acSAndroid Build Coastguard Worker * all copies or substantial portions of the Software.
15*1c60b9acSAndroid Build Coastguard Worker *
16*1c60b9acSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17*1c60b9acSAndroid Build Coastguard Worker * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18*1c60b9acSAndroid Build Coastguard Worker * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19*1c60b9acSAndroid Build Coastguard Worker * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20*1c60b9acSAndroid Build Coastguard Worker * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21*1c60b9acSAndroid Build Coastguard Worker * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22*1c60b9acSAndroid Build Coastguard Worker * IN THE SOFTWARE.
23*1c60b9acSAndroid Build Coastguard Worker *
24*1c60b9acSAndroid Build Coastguard Worker * lws_genhash provides a hash / hmac abstraction api in lws that works the
25*1c60b9acSAndroid Build Coastguard Worker * same whether you are using openssl or mbedtls hash functions underneath.
26*1c60b9acSAndroid Build Coastguard Worker */
27*1c60b9acSAndroid Build Coastguard Worker #include <private-lib-core.h>
28*1c60b9acSAndroid Build Coastguard Worker #include <openssl/obj_mac.h>
29*1c60b9acSAndroid Build Coastguard Worker #include <openssl/opensslv.h>
30*1c60b9acSAndroid Build Coastguard Worker /*
31*1c60b9acSAndroid Build Coastguard Worker * Care: many openssl apis return 1 for success. These are translated to the
32*1c60b9acSAndroid Build Coastguard Worker * lws convention of 0 for success.
33*1c60b9acSAndroid Build Coastguard Worker */
34*1c60b9acSAndroid Build Coastguard Worker
35*1c60b9acSAndroid Build Coastguard Worker int
lws_genhash_init(struct lws_genhash_ctx * ctx,enum lws_genhash_types type)36*1c60b9acSAndroid Build Coastguard Worker lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type)
37*1c60b9acSAndroid Build Coastguard Worker {
38*1c60b9acSAndroid Build Coastguard Worker ctx->type = (uint8_t)type;
39*1c60b9acSAndroid Build Coastguard Worker ctx->mdctx = EVP_MD_CTX_create();
40*1c60b9acSAndroid Build Coastguard Worker if (!ctx->mdctx)
41*1c60b9acSAndroid Build Coastguard Worker return 1;
42*1c60b9acSAndroid Build Coastguard Worker
43*1c60b9acSAndroid Build Coastguard Worker switch (ctx->type) {
44*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHASH_TYPE_MD5:
45*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_md5();
46*1c60b9acSAndroid Build Coastguard Worker break;
47*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHASH_TYPE_SHA1:
48*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha1();
49*1c60b9acSAndroid Build Coastguard Worker break;
50*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHASH_TYPE_SHA256:
51*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha256();
52*1c60b9acSAndroid Build Coastguard Worker break;
53*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHASH_TYPE_SHA384:
54*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha384();
55*1c60b9acSAndroid Build Coastguard Worker break;
56*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHASH_TYPE_SHA512:
57*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha512();
58*1c60b9acSAndroid Build Coastguard Worker break;
59*1c60b9acSAndroid Build Coastguard Worker default:
60*1c60b9acSAndroid Build Coastguard Worker return 1;
61*1c60b9acSAndroid Build Coastguard Worker }
62*1c60b9acSAndroid Build Coastguard Worker
63*1c60b9acSAndroid Build Coastguard Worker if (EVP_DigestInit_ex(ctx->mdctx, ctx->evp_type, NULL) != 1) {
64*1c60b9acSAndroid Build Coastguard Worker EVP_MD_CTX_destroy(ctx->mdctx);
65*1c60b9acSAndroid Build Coastguard Worker
66*1c60b9acSAndroid Build Coastguard Worker return 1;
67*1c60b9acSAndroid Build Coastguard Worker }
68*1c60b9acSAndroid Build Coastguard Worker
69*1c60b9acSAndroid Build Coastguard Worker return 0;
70*1c60b9acSAndroid Build Coastguard Worker }
71*1c60b9acSAndroid Build Coastguard Worker
72*1c60b9acSAndroid Build Coastguard Worker int
lws_genhash_update(struct lws_genhash_ctx * ctx,const void * in,size_t len)73*1c60b9acSAndroid Build Coastguard Worker lws_genhash_update(struct lws_genhash_ctx *ctx, const void *in, size_t len)
74*1c60b9acSAndroid Build Coastguard Worker {
75*1c60b9acSAndroid Build Coastguard Worker if (!len)
76*1c60b9acSAndroid Build Coastguard Worker return 0;
77*1c60b9acSAndroid Build Coastguard Worker
78*1c60b9acSAndroid Build Coastguard Worker return EVP_DigestUpdate(ctx->mdctx, in, len) != 1;
79*1c60b9acSAndroid Build Coastguard Worker }
80*1c60b9acSAndroid Build Coastguard Worker
81*1c60b9acSAndroid Build Coastguard Worker int
lws_genhash_destroy(struct lws_genhash_ctx * ctx,void * result)82*1c60b9acSAndroid Build Coastguard Worker lws_genhash_destroy(struct lws_genhash_ctx *ctx, void *result)
83*1c60b9acSAndroid Build Coastguard Worker {
84*1c60b9acSAndroid Build Coastguard Worker unsigned int len;
85*1c60b9acSAndroid Build Coastguard Worker int ret = 0;
86*1c60b9acSAndroid Build Coastguard Worker
87*1c60b9acSAndroid Build Coastguard Worker if (!ctx->mdctx)
88*1c60b9acSAndroid Build Coastguard Worker return 0;
89*1c60b9acSAndroid Build Coastguard Worker
90*1c60b9acSAndroid Build Coastguard Worker if (result)
91*1c60b9acSAndroid Build Coastguard Worker ret = EVP_DigestFinal_ex(ctx->mdctx, result, &len) != 1;
92*1c60b9acSAndroid Build Coastguard Worker
93*1c60b9acSAndroid Build Coastguard Worker (void)len;
94*1c60b9acSAndroid Build Coastguard Worker
95*1c60b9acSAndroid Build Coastguard Worker EVP_MD_CTX_destroy(ctx->mdctx);
96*1c60b9acSAndroid Build Coastguard Worker ctx->mdctx = NULL;
97*1c60b9acSAndroid Build Coastguard Worker
98*1c60b9acSAndroid Build Coastguard Worker return ret;
99*1c60b9acSAndroid Build Coastguard Worker }
100*1c60b9acSAndroid Build Coastguard Worker
101*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_HAVE_EVP_PKEY_new_raw_private_key)
102*1c60b9acSAndroid Build Coastguard Worker
103*1c60b9acSAndroid Build Coastguard Worker int
lws_genhmac_init(struct lws_genhmac_ctx * ctx,enum lws_genhmac_types type,const uint8_t * key,size_t key_len)104*1c60b9acSAndroid Build Coastguard Worker lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type,
105*1c60b9acSAndroid Build Coastguard Worker const uint8_t *key, size_t key_len)
106*1c60b9acSAndroid Build Coastguard Worker {
107*1c60b9acSAndroid Build Coastguard Worker ctx->ctx = EVP_MD_CTX_create();
108*1c60b9acSAndroid Build Coastguard Worker if (!ctx->ctx)
109*1c60b9acSAndroid Build Coastguard Worker return -1;
110*1c60b9acSAndroid Build Coastguard Worker
111*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = 0;
112*1c60b9acSAndroid Build Coastguard Worker ctx->type = (uint8_t)type;
113*1c60b9acSAndroid Build Coastguard Worker
114*1c60b9acSAndroid Build Coastguard Worker switch (type) {
115*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHMAC_TYPE_SHA256:
116*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha256();
117*1c60b9acSAndroid Build Coastguard Worker break;
118*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHMAC_TYPE_SHA384:
119*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha384();
120*1c60b9acSAndroid Build Coastguard Worker break;
121*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHMAC_TYPE_SHA512:
122*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha512();
123*1c60b9acSAndroid Build Coastguard Worker break;
124*1c60b9acSAndroid Build Coastguard Worker default:
125*1c60b9acSAndroid Build Coastguard Worker lwsl_err("%s: unknown HMAC type %d\n", __func__, type);
126*1c60b9acSAndroid Build Coastguard Worker goto bail;
127*1c60b9acSAndroid Build Coastguard Worker }
128*1c60b9acSAndroid Build Coastguard Worker
129*1c60b9acSAndroid Build Coastguard Worker ctx->key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, key_len);
130*1c60b9acSAndroid Build Coastguard Worker if (!ctx->key)
131*1c60b9acSAndroid Build Coastguard Worker goto bail;
132*1c60b9acSAndroid Build Coastguard Worker
133*1c60b9acSAndroid Build Coastguard Worker if (EVP_DigestSignInit(ctx->ctx, NULL, ctx->evp_type, NULL, ctx->key) != 1)
134*1c60b9acSAndroid Build Coastguard Worker goto bail1;
135*1c60b9acSAndroid Build Coastguard Worker
136*1c60b9acSAndroid Build Coastguard Worker return 0;
137*1c60b9acSAndroid Build Coastguard Worker
138*1c60b9acSAndroid Build Coastguard Worker bail1:
139*1c60b9acSAndroid Build Coastguard Worker EVP_PKEY_free(ctx->key);
140*1c60b9acSAndroid Build Coastguard Worker bail:
141*1c60b9acSAndroid Build Coastguard Worker EVP_MD_CTX_free(ctx->ctx);
142*1c60b9acSAndroid Build Coastguard Worker
143*1c60b9acSAndroid Build Coastguard Worker return -1;
144*1c60b9acSAndroid Build Coastguard Worker }
145*1c60b9acSAndroid Build Coastguard Worker
146*1c60b9acSAndroid Build Coastguard Worker int
lws_genhmac_update(struct lws_genhmac_ctx * ctx,const void * in,size_t len)147*1c60b9acSAndroid Build Coastguard Worker lws_genhmac_update(struct lws_genhmac_ctx *ctx, const void *in, size_t len)
148*1c60b9acSAndroid Build Coastguard Worker {
149*1c60b9acSAndroid Build Coastguard Worker
150*1c60b9acSAndroid Build Coastguard Worker if (EVP_DigestSignUpdate(ctx->ctx, in, len) != 1)
151*1c60b9acSAndroid Build Coastguard Worker return -1;
152*1c60b9acSAndroid Build Coastguard Worker
153*1c60b9acSAndroid Build Coastguard Worker return 0;
154*1c60b9acSAndroid Build Coastguard Worker }
155*1c60b9acSAndroid Build Coastguard Worker
156*1c60b9acSAndroid Build Coastguard Worker int
lws_genhmac_destroy(struct lws_genhmac_ctx * ctx,void * result)157*1c60b9acSAndroid Build Coastguard Worker lws_genhmac_destroy(struct lws_genhmac_ctx *ctx, void *result)
158*1c60b9acSAndroid Build Coastguard Worker {
159*1c60b9acSAndroid Build Coastguard Worker size_t size = (size_t)lws_genhmac_size(ctx->type);
160*1c60b9acSAndroid Build Coastguard Worker int n;
161*1c60b9acSAndroid Build Coastguard Worker
162*1c60b9acSAndroid Build Coastguard Worker n = EVP_DigestSignFinal(ctx->ctx, result, &size);
163*1c60b9acSAndroid Build Coastguard Worker EVP_MD_CTX_free(ctx->ctx);
164*1c60b9acSAndroid Build Coastguard Worker EVP_PKEY_free(ctx->key);
165*1c60b9acSAndroid Build Coastguard Worker
166*1c60b9acSAndroid Build Coastguard Worker if (n != 1)
167*1c60b9acSAndroid Build Coastguard Worker return -1;
168*1c60b9acSAndroid Build Coastguard Worker
169*1c60b9acSAndroid Build Coastguard Worker return 0;
170*1c60b9acSAndroid Build Coastguard Worker }
171*1c60b9acSAndroid Build Coastguard Worker
172*1c60b9acSAndroid Build Coastguard Worker #else
173*1c60b9acSAndroid Build Coastguard Worker
174*1c60b9acSAndroid Build Coastguard Worker int
lws_genhmac_init(struct lws_genhmac_ctx * ctx,enum lws_genhmac_types type,const uint8_t * key,size_t key_len)175*1c60b9acSAndroid Build Coastguard Worker lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type,
176*1c60b9acSAndroid Build Coastguard Worker const uint8_t *key, size_t key_len)
177*1c60b9acSAndroid Build Coastguard Worker {
178*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_HAVE_HMAC_CTX_new)
179*1c60b9acSAndroid Build Coastguard Worker ctx->ctx = HMAC_CTX_new();
180*1c60b9acSAndroid Build Coastguard Worker if (!ctx->ctx)
181*1c60b9acSAndroid Build Coastguard Worker return -1;
182*1c60b9acSAndroid Build Coastguard Worker #else
183*1c60b9acSAndroid Build Coastguard Worker HMAC_CTX_init(&ctx->ctx);
184*1c60b9acSAndroid Build Coastguard Worker #endif
185*1c60b9acSAndroid Build Coastguard Worker
186*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = 0;
187*1c60b9acSAndroid Build Coastguard Worker ctx->type = (uint8_t)type;
188*1c60b9acSAndroid Build Coastguard Worker
189*1c60b9acSAndroid Build Coastguard Worker switch (type) {
190*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHMAC_TYPE_SHA256:
191*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha256();
192*1c60b9acSAndroid Build Coastguard Worker break;
193*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHMAC_TYPE_SHA384:
194*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha384();
195*1c60b9acSAndroid Build Coastguard Worker break;
196*1c60b9acSAndroid Build Coastguard Worker case LWS_GENHMAC_TYPE_SHA512:
197*1c60b9acSAndroid Build Coastguard Worker ctx->evp_type = EVP_sha512();
198*1c60b9acSAndroid Build Coastguard Worker break;
199*1c60b9acSAndroid Build Coastguard Worker default:
200*1c60b9acSAndroid Build Coastguard Worker lwsl_err("%s: unknown HMAC type %d\n", __func__, type);
201*1c60b9acSAndroid Build Coastguard Worker goto bail;
202*1c60b9acSAndroid Build Coastguard Worker }
203*1c60b9acSAndroid Build Coastguard Worker
204*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_HAVE_HMAC_CTX_new)
205*1c60b9acSAndroid Build Coastguard Worker if (HMAC_Init_ex(ctx->ctx, key, (int)key_len, ctx->evp_type, NULL) != 1)
206*1c60b9acSAndroid Build Coastguard Worker #else
207*1c60b9acSAndroid Build Coastguard Worker if (HMAC_Init_ex(&ctx->ctx, key, (int)key_len, ctx->evp_type, NULL) != 1)
208*1c60b9acSAndroid Build Coastguard Worker #endif
209*1c60b9acSAndroid Build Coastguard Worker goto bail;
210*1c60b9acSAndroid Build Coastguard Worker
211*1c60b9acSAndroid Build Coastguard Worker return 0;
212*1c60b9acSAndroid Build Coastguard Worker
213*1c60b9acSAndroid Build Coastguard Worker bail:
214*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_HAVE_HMAC_CTX_new)
215*1c60b9acSAndroid Build Coastguard Worker HMAC_CTX_free(ctx->ctx);
216*1c60b9acSAndroid Build Coastguard Worker #endif
217*1c60b9acSAndroid Build Coastguard Worker
218*1c60b9acSAndroid Build Coastguard Worker return -1;
219*1c60b9acSAndroid Build Coastguard Worker }
220*1c60b9acSAndroid Build Coastguard Worker
221*1c60b9acSAndroid Build Coastguard Worker int
lws_genhmac_update(struct lws_genhmac_ctx * ctx,const void * in,size_t len)222*1c60b9acSAndroid Build Coastguard Worker lws_genhmac_update(struct lws_genhmac_ctx *ctx, const void *in, size_t len)
223*1c60b9acSAndroid Build Coastguard Worker {
224*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_HAVE_HMAC_CTX_new)
225*1c60b9acSAndroid Build Coastguard Worker #if defined(LIBRESSL_VERSION_NUMBER)
226*1c60b9acSAndroid Build Coastguard Worker if (HMAC_Update(ctx->ctx, in, len) != 1)
227*1c60b9acSAndroid Build Coastguard Worker #else
228*1c60b9acSAndroid Build Coastguard Worker if (HMAC_Update(ctx->ctx, in, (int)len) != 1)
229*1c60b9acSAndroid Build Coastguard Worker #endif
230*1c60b9acSAndroid Build Coastguard Worker #else /* HMAC_CTX_new */
231*1c60b9acSAndroid Build Coastguard Worker if (HMAC_Update(&ctx->ctx, in, len) != 1)
232*1c60b9acSAndroid Build Coastguard Worker #endif
233*1c60b9acSAndroid Build Coastguard Worker return -1;
234*1c60b9acSAndroid Build Coastguard Worker
235*1c60b9acSAndroid Build Coastguard Worker return 0;
236*1c60b9acSAndroid Build Coastguard Worker }
237*1c60b9acSAndroid Build Coastguard Worker
238*1c60b9acSAndroid Build Coastguard Worker int
lws_genhmac_destroy(struct lws_genhmac_ctx * ctx,void * result)239*1c60b9acSAndroid Build Coastguard Worker lws_genhmac_destroy(struct lws_genhmac_ctx *ctx, void *result)
240*1c60b9acSAndroid Build Coastguard Worker {
241*1c60b9acSAndroid Build Coastguard Worker unsigned int size = (unsigned int)lws_genhmac_size(ctx->type);
242*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_HAVE_HMAC_CTX_new)
243*1c60b9acSAndroid Build Coastguard Worker int n = HMAC_Final(ctx->ctx, result, &size);
244*1c60b9acSAndroid Build Coastguard Worker
245*1c60b9acSAndroid Build Coastguard Worker HMAC_CTX_free(ctx->ctx);
246*1c60b9acSAndroid Build Coastguard Worker #else
247*1c60b9acSAndroid Build Coastguard Worker int n = HMAC_Final(&ctx->ctx, result, &size);
248*1c60b9acSAndroid Build Coastguard Worker #endif
249*1c60b9acSAndroid Build Coastguard Worker
250*1c60b9acSAndroid Build Coastguard Worker if (n != 1)
251*1c60b9acSAndroid Build Coastguard Worker return -1;
252*1c60b9acSAndroid Build Coastguard Worker
253*1c60b9acSAndroid Build Coastguard Worker return 0;
254*1c60b9acSAndroid Build Coastguard Worker }
255*1c60b9acSAndroid Build Coastguard Worker
256*1c60b9acSAndroid Build Coastguard Worker
257*1c60b9acSAndroid Build Coastguard Worker #endif
258