Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / sshsm / 0c89b3ccba7c9b7332ab67ae1936aff51ca62367 / . / SoftHSMv2 / src / lib / crypto / BotanMacAlgorithm.cpp
blob: 6c863f7ee87f20660256206f13a9ad3cf9150544 [file] [log] [blame]
NingSun0c89b3c2018-02-08 08:34:03 -0800[diff] [blame^]1/*
2 * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27// TODO: Store context in securely allocated memory
28
29/*****************************************************************************
30 BotanMacAlgorithm.cpp
31
32 Botan MAC algorithm implementation
33 *****************************************************************************/
34
35#include "config.h"
36#include "BotanMacAlgorithm.h"
37#include "salloc.h"
38
39#include <botan/symkey.h>
40#include <botan/mac.h>
41#include <botan/botan.h>
42#include <botan/version.h>
43#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,26)
44#include <botan/lookup.h>
45#endif
46
47// Constructor
48BotanMacAlgorithm::BotanMacAlgorithm()
49{
50 mac = NULL;
51}
52
53// Destructor
54BotanMacAlgorithm::~BotanMacAlgorithm()
55{
56 delete mac;
57 mac = NULL;
58}
59
60// Signing functions
61bool BotanMacAlgorithm::signInit(const SymmetricKey* key)
62{
63 // Call the superclass initialiser
64 if (!MacAlgorithm::signInit(key))
65 {
66 return false;
67 }
68
69 // Determine the hash name
70 std::string macName = getAlgorithm();
71
72 if (macName == "")
73 {
74 ERROR_MSG("Invalid sign mac algorithm");
75
76 ByteString dummy;
77 MacAlgorithm::signFinal(dummy);
78
79 return false;
80 }
81
82 // Allocate the context
83 try
84 {
85#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,26)
86 mac = Botan::MessageAuthenticationCode::create(macName).release();
87#else
88 mac = Botan::get_mac(macName);
89#endif
90 mac->set_key(key->getKeyBits().const_byte_str(), key->getKeyBits().size());
91 }
92 catch (std::exception &e)
93 {
94 ERROR_MSG("Failed to create the sign mac token: %s", e.what());
95
96 ByteString dummy;
97 MacAlgorithm::signFinal(dummy);
98
99 delete mac;
100 mac = NULL;
101
102 return false;
103 }
104
105 return true;
106}
107
108bool BotanMacAlgorithm::signUpdate(const ByteString& dataToSign)
109{
110 if (!MacAlgorithm::signUpdate(dataToSign))
111 {
112 delete mac;
113 mac = NULL;
114
115 return false;
116 }
117
118 try
119 {
120 if (dataToSign.size() != 0)
121 {
122 mac->update(dataToSign.const_byte_str(),
123 dataToSign.size());
124 }
125 }
126 catch (...)
127 {
128 ERROR_MSG("Failed to update the sign mac token");
129
130 ByteString dummy;
131 MacAlgorithm::signFinal(dummy);
132
133 delete mac;
134 mac = NULL;
135
136 return false;
137 }
138
139 return true;
140}
141
142bool BotanMacAlgorithm::signFinal(ByteString& signature)
143{
144 if (!MacAlgorithm::signFinal(signature))
145 {
146 return false;
147 }
148
149 // Perform the signature operation
150#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
151 Botan::secure_vector<Botan::byte> signResult;
152#else
153 Botan::SecureVector<Botan::byte> signResult;
154#endif
155 try
156 {
157 signResult = mac->final();
158 }
159 catch (...)
160 {
161 ERROR_MSG("Could not sign the data");
162
163 delete mac;
164 mac = NULL;
165
166 return false;
167 }
168
169 // Return the result
170 signature.resize(signResult.size());
171#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
172 memcpy(&signature[0], signResult.data(), signResult.size());
173#else
174 memcpy(&signature[0], signResult.begin(), signResult.size());
175#endif
176
177 delete mac;
178 mac = NULL;
179
180 return true;
181}
182
183// Verification functions
184bool BotanMacAlgorithm::verifyInit(const SymmetricKey* key)
185{
186 // Call the superclass initialiser
187 if (!MacAlgorithm::verifyInit(key))
188 {
189 return false;
190 }
191
192 // Determine the hash name
193 std::string macName = getAlgorithm();
194
195 if (macName == "")
196 {
197 ERROR_MSG("Invalid verify mac algorithm");
198
199 ByteString dummy;
200 MacAlgorithm::verifyFinal(dummy);
201
202 return false;
203 }
204
205 // Allocate the context
206 try
207 {
208#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,26)
209 mac = Botan::MessageAuthenticationCode::create(macName).release();
210#else
211 mac = Botan::get_mac(macName);
212#endif
213 mac->set_key(key->getKeyBits().const_byte_str(), key->getKeyBits().size());
214 }
215 catch (std::exception &e)
216 {
217 ERROR_MSG("Failed to create the verify mac token: %s", e.what());
218
219 ByteString dummy;
220 MacAlgorithm::verifyFinal(dummy);
221
222 delete mac;
223 mac = NULL;
224
225 return false;
226 }
227
228 return true;
229}
230
231bool BotanMacAlgorithm::verifyUpdate(const ByteString& originalData)
232{
233 if (!MacAlgorithm::verifyUpdate(originalData))
234 {
235 delete mac;
236 mac = NULL;
237
238 return false;
239 }
240
241 try
242 {
243 if (originalData.size() != 0)
244 {
245 mac->update(originalData.const_byte_str(),
246 originalData.size());
247 }
248 }
249 catch (...)
250 {
251 ERROR_MSG("Failed to update the verify mac token");
252
253 ByteString dummy;
254 MacAlgorithm::verifyFinal(dummy);
255
256 delete mac;
257 mac = NULL;
258
259 return false;
260 }
261
262 return true;
263}
264
265bool BotanMacAlgorithm::verifyFinal(ByteString& signature)
266{
267 if (!MacAlgorithm::verifyFinal(signature))
268 {
269 return false;
270 }
271
272 // Perform the verify operation
273#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
274 Botan::secure_vector<Botan::byte> macResult;
275#else
276 Botan::SecureVector<Botan::byte> macResult;
277#endif
278 try
279 {
280 macResult = mac->final();
281 }
282 catch (...)
283 {
284 ERROR_MSG("Failed to verify the data");
285
286 delete mac;
287 mac = NULL;
288
289 return false;
290 }
291
292 if (macResult.size() != signature.size())
293 {
294 ERROR_MSG("Bad verify result size");
295
296 delete mac;
297 mac = NULL;
298
299 return false;
300 }
301
302 delete mac;
303 mac = NULL;
304
305#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
306 return memcmp(&signature[0], macResult.data(), macResult.size()) == 0;
307#else
308 return memcmp(&signature[0], macResult.begin(), macResult.size()) == 0;
309#endif
310}