aboutsummaryrefslogtreecommitdiffstats
path: root/libparc/parc/security/parc_SymmetricKeySigner.c
diff options
context:
space:
mode:
Diffstat (limited to 'libparc/parc/security/parc_SymmetricKeySigner.c')
-rw-r--r--libparc/parc/security/parc_SymmetricKeySigner.c281
1 files changed, 0 insertions, 281 deletions
diff --git a/libparc/parc/security/parc_SymmetricKeySigner.c b/libparc/parc/security/parc_SymmetricKeySigner.c
deleted file mode 100644
index 9f760326..00000000
--- a/libparc/parc/security/parc_SymmetricKeySigner.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * Copyright (c) 2017 Cisco and/or its affiliates.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-/**
- */
-#include <config.h>
-
-#include <parc/algol/parc_Object.h>
-#include <parc/algol/parc_DisplayIndented.h>
-#include <parc/algol/parc_Memory.h>
-
-#include <parc/security/parc_Signer.h>
-#include <parc/security/parc_SymmetricKeySigner.h>
-#include <parc/security/parc_KeyStore.h>
-
-#include <openssl/opensslv.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/safestack.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include <openssl/hmac.h>
-
-#define AES_KEYSTORE_VERSION 1L
-#define IV_SIZE 16
-#define AES_MAX_DIGEST_SIZE 128
-#define AES_DEFAULT_DIGEST_ALGORITHM "SHA256"
-
-struct PARCSymmetricKeySigner {
- PARCSymmetricKeyStore *keyStore;
- PARCKeyStore *generalKeyStore;
-
- PARCCryptoHash *secretKeyHash;
- PARCCryptoHasher *hasher;
- PARCCryptoHasherInterface hasherFunctor;
- PARCCryptoHashType hashType;
-
- unsigned hashLength;
- const EVP_MD *opensslMd;
-};
-
-// ==================================================
-// HMAC implementation
-
-static void *
-_hmacCreate(void *env)
-{
- PARCSymmetricKeySigner *signer = (PARCSymmetricKeySigner *) env;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- HMAC_CTX *ctx = HMAC_CTX_new();
- HMAC_CTX_reset(ctx);
-#else
- // HMAC_Init_ex seems to overrun the size of HMAC_CTX, so make it bigger
- HMAC_CTX *ctx = parcMemory_Allocate(sizeof(HMAC_CTX) * 2);
- parcAssertNotNull(ctx, "parcMemory_Allocate(%zu) returned NULL for HMAC_CTX", sizeof(HMAC_CTX) * 2);
- HMAC_CTX_init(ctx);
-#endif
-
- // Now initialize it with our digest and key, so in hmac_init we can avoid using those
- PARCBuffer *secretKey = parcSymmetricKeyStore_GetKey(signer->keyStore);
- parcAssertTrue(parcBuffer_Remaining(secretKey) < 512, "The keystore secret key cannot be longer than %d", 512);
-
- HMAC_Init_ex(ctx, parcByteArray_Array(parcBuffer_Array(secretKey)), (int) parcBuffer_Remaining(secretKey), signer->opensslMd, NULL);
-
- return ctx;
-}
-
-static int
-_hmacInit(void *ctx)
-{
- // reset the HMAC state with NULLs, so we'll re-use the values we had from setup.
- HMAC_Init_ex((HMAC_CTX *) ctx, NULL, 0, NULL, NULL);
- return 0;
-}
-
-static int
-_hmacUpdate(void *ctx, const void *buffer, size_t length)
-{
- HMAC_Update(ctx, buffer, length);
- return 0;
-}
-
-static PARCBuffer*
-_hmacFinalize(void *ctx)
-{
- uint8_t buffer[EVP_MAX_MD_SIZE];
- unsigned length;
- HMAC_Final(ctx, buffer, &length);
-
- PARCBuffer *output = parcBuffer_Allocate(length);
- parcBuffer_PutArray(output, length, buffer);
-
- return output;
-}
-
-static void
-_hmacDestroy(void **ctxPtr)
-{
-#if (OPENSSL_VERSION_NUMBER >= 0x1010003fL)
- HMAC_CTX_free(*ctxPtr);
-#else
- HMAC_CTX_cleanup(*ctxPtr);
- parcMemory_Deallocate((void **) ctxPtr);
-#endif
- *ctxPtr = NULL;
-}
-
-static PARCCryptoHasherInterface functor_hmac = {
- .functor_env = NULL,
- .hasher_setup = _hmacCreate,
- .hasher_init = _hmacInit,
- .hasher_update = _hmacUpdate,
- .hasher_finalize = _hmacFinalize,
- .hasher_destroy = _hmacDestroy
-};
-
-static bool
-_parcSymmetricKeySigner_Finalize(PARCSymmetricKeySigner **instancePtr)
-{
- parcAssertNotNull(instancePtr, "Parameter must be a non-null pointer to a PARCSymmetricKeySigner pointer.");
- PARCSymmetricKeySigner *signer = (PARCSymmetricKeySigner *) *instancePtr;
- if (signer->secretKeyHash != NULL) {
- parcCryptoHash_Release(&signer->secretKeyHash);
- }
- if (signer->hasher != NULL) {
- parcCryptoHasher_Release(&signer->hasher);
- }
-
- if (signer->keyStore != NULL) {
- parcSymmetricKeyStore_Release(&signer->keyStore);
- }
- if (signer->generalKeyStore != NULL) {
- parcKeyStore_Release(&signer->generalKeyStore);
- }
-
- return true;
-}
-
-parcObject_ImplementAcquire(parcSymmetricKeySigner, PARCSymmetricKeySigner);
-parcObject_ImplementRelease(parcSymmetricKeySigner, PARCSymmetricKeySigner);
-
-parcObject_Override(PARCSymmetricKeySigner, PARCObject,
- .destructor = (PARCObjectDestructor *) _parcSymmetricKeySigner_Finalize);
-
-void
-parcSymmetricKeySigner_AssertValid(const PARCSymmetricKeySigner *instance)
-{
- parcAssertTrue(parcSymmetricKeySigner_IsValid(instance),
- "PARCSymmetricKeySigner is not valid.");
-}
-
-PARCSymmetricKeySigner *
-parcSymmetricKeySigner_Create(PARCSymmetricKeyStore *keyStore, PARCCryptoHashType hmacHashType)
-{
- PARCSymmetricKeySigner *result = parcObject_CreateInstance(PARCSymmetricKeySigner);
-
- if (result != NULL) {
- result->hashType = hmacHashType;
- switch (hmacHashType) {
- case PARCCryptoHashType_SHA256:
- result->hashLength = SHA256_DIGEST_LENGTH;
- result->opensslMd = EVP_sha256();
- break;
-
- case PARCCryptoHashType_SHA512:
- result->hashLength = SHA512_DIGEST_LENGTH;
- result->opensslMd = EVP_sha512();
- break;
-
- default:
- parcObject_Release((void **) &result);
- parcTrapIllegalValue(hmacHashType, "Unknown HMAC hash type: %d", hmacHashType);
- }
-
- // the signer key digest is SHA256, independent of the HMAC digest
- result->secretKeyHash = parcSymmetricKeyStore_GetVerifierKeyDigest(keyStore);
- result->keyStore = parcSymmetricKeyStore_Acquire(keyStore);
- result->generalKeyStore = parcKeyStore_Create(result->keyStore, PARCSymmetricKeyStoreAsKeyStore);
-
- // create the functor from the template then specialize it to this keystore.
- // This depends on keystore->secret_key being set. It will cause a callback
- // into hmac_setup()
- result->hasherFunctor = functor_hmac;
- result->hasherFunctor.functor_env = result;
- result->hasher = parcCryptoHasher_CustomHasher(hmacHashType, result->hasherFunctor);
- }
-
- return result;
-}
-
-bool
-parcSymmetricKeySigner_IsValid(const PARCSymmetricKeySigner *instance)
-{
- bool result = false;
-
- if (instance != NULL) {
- result = true;
- }
-
- return result;
-}
-
-static PARCSigningAlgorithm
-_getSigningAlgorithm(PARCSymmetricKeySigner *signer)
-{
- return PARCSigningAlgorithm_HMAC;
-}
-
-static PARCCryptoHashType
-_getCryptoHashType(PARCSymmetricKeySigner *signer)
-{
- return signer->hashType;
-}
-
-static PARCCryptoHasher *
-_getCryptoHasher(PARCSymmetricKeySigner *signer)
-{
- return signer->hasher;
-}
-
-static PARCKeyStore *
-_getKeyStore(PARCSymmetricKeySigner *signer)
-{
- return signer->generalKeyStore;
-}
-
-static size_t
-_GetSignatureSize(PARCSymmetricKeySigner *signer)
-{
- parcAssertNotNull(signer, "Parameter must be non-null CCNxFileKeystore");
-
- // TODO: what is the best way to expose this?
- PARCSymmetricKeyStore *keyStore = signer->keyStore;
- PARCBuffer *secretKeyBuffer = parcSymmetricKeyStore_GetKey(keyStore);
-
- return parcBuffer_Limit(secretKeyBuffer);
-}
-
-// ==================================================
-// implementation
-
-/**
- * wrap the HMAC in digestToSign in a PARCSignature
- *
- * @param hashToSign is the HMAC computed by the our PARCCryptoHasher.
- */
-static PARCSignature *
-_signDigest(PARCSymmetricKeySigner *interfaceContext, const PARCCryptoHash *hashToSign)
-{
- // The digest computed via our hash function (hmac) is the actual signature.
- // just need to wrap it up with the right parameters.
- PARCBuffer *signatureBits = parcBuffer_Copy(parcCryptoHash_GetDigest(hashToSign));
- PARCSignature *result = parcSignature_Create(_getSigningAlgorithm(interfaceContext), parcCryptoHash_GetDigestType(hashToSign), signatureBits);
- parcBuffer_Release(&signatureBits);
- return result;
-}
-
-PARCSigningInterface *PARCSymmetricKeySignerAsSigner = &(PARCSigningInterface) {
- .GetCryptoHashType = (PARCCryptoHashType (*)(void *))_getCryptoHashType,
- .GetCryptoHasher = (PARCCryptoHasher * (*)(void *))_getCryptoHasher,
- .SignDigest = (PARCSignature * (*)(void *, const PARCCryptoHash *))_signDigest,
- .GetSigningAlgorithm = (PARCSigningAlgorithm (*)(void *))_getSigningAlgorithm,
- .GetKeyStore = (PARCKeyStore * (*)(void *))_getKeyStore,
- .GetSignatureSize = (size_t (*)(void *))_GetSignatureSize
-};