diff options
author | Olivier Roques <olvrqs@gmail.com> | 2019-12-12 12:40:49 +0100 |
---|---|---|
committer | Olivier Roques <olvrqs@gmail.com> | 2019-12-13 12:00:10 +0100 |
commit | f5fe9c5b105feb2ba191a0af46d1633d0a2673d4 (patch) | |
tree | ac004df40ba0ff289968b28b0277f60ab55232e1 | |
parent | 75724e38f5c8d83b48e4974cf94bcb7c6dea268f (diff) |
[CICN-26] Add support for HMAC
Add support for HMAC, a symmetric signature algorithm, and
fix various bugs.
Signed-off-by: Olivier Roques <olvrqs@gmail.com>
Change-Id: Ic73e1f68813500fb37a8da4286424875438040f3
-rw-r--r-- | libparc/parc/security/parc_InMemoryVerifier.c | 41 | ||||
-rw-r--r-- | libparc/parc/security/parc_SymmetricKeySigner.c | 16 |
2 files changed, 34 insertions, 23 deletions
diff --git a/libparc/parc/security/parc_InMemoryVerifier.c b/libparc/parc/security/parc_InMemoryVerifier.c index 8955e1f1..00dddf46 100644 --- a/libparc/parc/security/parc_InMemoryVerifier.c +++ b/libparc/parc/security/parc_InMemoryVerifier.c @@ -51,6 +51,8 @@ _parcInMemoryVerifier_Destructor(PARCInMemoryVerifier **verifierPtr) parcCryptoHasher_Release(&(verifier->hasher_sha256)); parcCryptoHasher_Release(&(verifier->hasher_sha512)); parcCryptoCache_Destroy(&(verifier->key_cache)); + parcMemory_Deallocate((void **)verifierPtr); + *verifierPtr = NULL; return true; } @@ -88,8 +90,6 @@ _parcInMemoryVerifier_GetCryptoHasher(void *interfaceContext, PARCKeyId *keyid, return false; } - parcAssertFalse(parcKey_GetSigningAlgorithm(key) == PARCSigningAlgorithm_HMAC, "HMAC not supported yet"); - switch (hashType) { case PARCCryptoHashType_SHA256: return verifier->hasher_sha256; @@ -137,15 +137,14 @@ _parcInMemoryVerifier_AllowedCryptoSuite(void *interfaceContext, PARCKeyId *keyi } break; - - case PARCSigningAlgorithm_DSA: + case PARCSigningAlgorithm_DSA: switch (suite) { default: return false; } break; - case PARCSigningAlgorithm_HMAC: + case PARCSigningAlgorithm_HMAC: switch (suite) { case PARCCryptoSuite_HMAC_SHA256: return true; @@ -154,7 +153,7 @@ _parcInMemoryVerifier_AllowedCryptoSuite(void *interfaceContext, PARCKeyId *keyi } break; - default: + default: parcTrapUnexpectedState("Unknown signing algorithm: %s", parcSigningAlgorithm_ToString(parcKey_GetSigningAlgorithm(key))); return false; @@ -167,7 +166,9 @@ static bool _parcInMemoryVerifier_RSAKey_Verify(PARCInMemoryVerifier *verifier, PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey); static bool _parcInMemoryVerifier_ECDSAKey_Verify(PARCInMemoryVerifier *verifier, PARCCryptoHash *localHash, - PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey); + PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey); + +static bool _parcInMemoryVerifier_HMACKey_Verify(PARCCryptoHash *localHash, PARCSignature *signatureToVerify); /** * The signature verifies if: * 0) we know the key for keyid @@ -214,14 +215,13 @@ _parcInMemoryVerifier_VerifyDigest(void *interfaceContext, PARCKeyId *keyid, PAR case PARCSigningAlgorithm_ECDSA: return _parcInMemoryVerifier_ECDSAKey_Verify(verifier, locallyComputedHash, objectSignature, parcKey_GetKey(key)); + case PARCSigningAlgorithm_HMAC: + return _parcInMemoryVerifier_HMACKey_Verify(locallyComputedHash, objectSignature); + case PARCSigningAlgorithm_DSA: parcTrapNotImplemented("DSA not supported"); break; - case PARCSigningAlgorithm_HMAC: - parcTrapNotImplemented("HMAC not supported"); - break; - default: parcTrapUnexpectedState("Unknown signing algorithm: %d", parcSignature_GetSigningAlgorithm(objectSignature)); } @@ -334,7 +334,7 @@ _parcInMemoryVerifier_RSAKey_Verify(PARCInMemoryVerifier *verifier, PARCCryptoHa */ static bool _parcInMemoryVerifier_ECDSAKey_Verify(PARCInMemoryVerifier *verifier, PARCCryptoHash *localHash, - PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey) + PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey) { const uint8_t *der_bytes = parcByteArray_Array(parcBuffer_Array(derEncodedKey)); @@ -383,6 +383,23 @@ _parcInMemoryVerifier_ECDSAKey_Verify(PARCInMemoryVerifier *verifier, PARCCrypto return false; } +/** + * Return if the signature verify with the local hash. + * + * PRECONDITION: + * - You know the signature is HMAC. + * + * Example: + * @code + * <#example#> + * @endcode + */ +static bool +_parcInMemoryVerifier_HMACKey_Verify(PARCCryptoHash *localHash, PARCSignature *signatureToVerify) +{ + return parcBuffer_Equals(parcCryptoHash_GetDigest(localHash), parcSignature_GetSignature(signatureToVerify)); +} + PARCVerifierInterface *PARCInMemoryVerifierAsVerifier = &(PARCVerifierInterface) { .GetCryptoHasher = _parcInMemoryVerifier_GetCryptoHasher, .VerifyDigest = _parcInMemoryVerifier_VerifyDigest, diff --git a/libparc/parc/security/parc_SymmetricKeySigner.c b/libparc/parc/security/parc_SymmetricKeySigner.c index 5c2db778..88256961 100644 --- a/libparc/parc/security/parc_SymmetricKeySigner.c +++ b/libparc/parc/security/parc_SymmetricKeySigner.c @@ -85,15 +85,13 @@ static int _hmacInit(void *ctx) { // reset the HMAC state with NULLs, so we'll re-use the values we had from setup. - HMAC_Init_ex((HMAC_CTX *) ctx, NULL, 0, NULL, NULL); - return 0; + return HMAC_Init_ex((HMAC_CTX *) ctx, NULL, 0, NULL, NULL); } static int _hmacUpdate(void *ctx, const void *buffer, size_t length) { - HMAC_Update(ctx, buffer, length); - return 0; + return HMAC_Update(ctx, buffer, length); } static PARCBuffer* @@ -244,12 +242,7 @@ static size_t _GetSignatureSize(PARCSymmetricKeySigner *signer) { parcAssertNotNull(signer, "Parameter must be non-null CCNxFileKeystore"); - - // TODO: what is the best way to expose this? - PARCSymmetricKeyStore *keyStore = signer->keyStore; - PARCBuffer *secretKeyBuffer = parcSymmetricKeyStore_GetKey(keyStore); - - return parcBuffer_Limit(secretKeyBuffer); + return (size_t)(signer->hashLength); } // ================================================== @@ -266,7 +259,8 @@ _signDigestNoAlloc(PARCSymmetricKeySigner *interfaceContext, const PARCCryptoHas // The digest computed via our hash function (hmac) is the actual signature. // just need to wrap it up with the right parameters. PARCBuffer *signatureBits = parcBuffer_Wrap(signature, sig_len, 0, sig_len); - PARCSignature *result = parcSignature_Create(_getSigningAlgorithm(interfaceContext), parcCryptoHash_GetDigestType(hashToSign), signatureBits); + parcBuffer_PutBuffer(signatureBits, parcCryptoHash_GetDigest(hashToSign)); + PARCSignature *result = parcSignature_Create(_getSigningAlgorithm(interfaceContext), parcCryptoHash_GetDigestType(hashToSign), signatureBits); parcBuffer_Release(&signatureBits); return result; } |