diff --git a/src/mac.cpp b/src/mac.cpp index 9a97414..c398d11 100644 --- a/src/mac.cpp +++ b/src/mac.cpp @@ -137,8 +137,17 @@ class CMAC::Impl throw MoCOCrWException(formatter.str()); } - _ctx = openssl::_CMAC_CTX_new(); - openssl::_CMAC_Init(_ctx.get(), key, cipher, nullptr); + openssl::OSSL_LIB_CTX_Ptr library_context = openssl::_OSSL_LIB_CTX_new(); + openssl::EVP_MAC_Ptr mac = openssl::_EVP_MAC_fetch(library_context.get(), "CMAC"); + + _ctx = openssl::_EVP_MAC_CTX_new(mac.get()); + + std::array ossl_params = openssl::_getOSSLParamFromCmacCipherType(cipherType); + OSSL_PARAM params[3]; + std::copy(std::begin(ossl_params), std::end(ossl_params), std::begin(params)); + + openssl::_EVP_MAC_init(_ctx.get(), key, params); + } ~Impl() = default; @@ -150,7 +159,7 @@ class CMAC::Impl if (_isFinished) { throw MoCOCrWException("update() can't be called after finish()"); } - openssl::_CMAC_Update(_ctx.get(), message); + openssl::_EVP_MAC_update(_ctx.get(), message); } std::vector finish() @@ -159,7 +168,7 @@ class CMAC::Impl throw MoCOCrWException("finish() can't be called twice."); } - _result = openssl::_CMAC_Final(_ctx.get()); + _result = openssl::_EVP_MAC_final(_ctx.get()); _isFinished = true; @@ -184,7 +193,7 @@ class CMAC::Impl } private: - openssl::SSL_CMAC_CTX_Ptr _ctx = nullptr; + openssl::EVP_MAC_CTX_Ptr _ctx = nullptr; bool _isFinished = false; std::vector _result; }; diff --git a/src/mococrw/openssl_lib.h b/src/mococrw/openssl_lib.h index 5231c2e..740e46b 100644 --- a/src/mococrw/openssl_lib.h +++ b/src/mococrw/openssl_lib.h @@ -443,7 +443,7 @@ class OpenSSLLib static void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) noexcept; - /* HMAC */ + /* MAC */ static void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) noexcept; static EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) noexcept; static int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, int *outl, int outsize) noexcept; @@ -458,20 +458,6 @@ class OpenSSLLib static void EVP_MAC_free(EVP_MAC *mac) noexcept; - /* CMAC */ - static CMAC_CTX *SSL_CMAC_CTX_new() noexcept; - static void SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) noexcept; - static void SSL_CMAC_CTX_free(CMAC_CTX *ctx) noexcept; - static EVP_CIPHER_CTX *SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) noexcept; - static int SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) noexcept; - static int SSL_CMAC_Init(CMAC_CTX *ctx, - const void *key, - size_t keylen, - const EVP_CIPHER *cipher, - ENGINE *impl) noexcept; - static int SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) noexcept; - static int SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) noexcept; - static int SSL_CMAC_resume(CMAC_CTX *ctx) noexcept; /* EC Point import and export */ static size_t SSL_EC_KEY_key2buf(const EC_KEY *eckey, diff --git a/src/mococrw/openssl_wrap.h b/src/mococrw/openssl_wrap.h index c738f2c..e79dc10 100644 --- a/src/mococrw/openssl_wrap.h +++ b/src/mococrw/openssl_wrap.h @@ -179,10 +179,6 @@ using OSSL_LIB_CTX_Ptr = std::unique_ptr>; using OSSL_LIB_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr; -using SSL_CMAC_CTX_Ptr = - std::unique_ptr>; -using SSL_CMAC_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr; - using SSL_X509_REQ_Ptr = std::unique_ptr>; using SSL_X509_REQ_SharedPtr = utility::SharedPtrTypeFromUniquePtr; @@ -1498,7 +1494,7 @@ void _ECDH_KDF_X9_63(std::vector &out, OSSL_LIB_CTX_Ptr _OSSL_LIB_CTX_new(void); -/* HMAC */ +/* MAC */ void _EVP_MAC_init(EVP_MAC_CTX *ctx, const std::vector &key, const OSSL_PARAM params[]); std::vector _EVP_MAC_final(EVP_MAC_CTX *ctx); void _EVP_MAC_update(EVP_MAC_CTX *ctx, const std::vector &data); @@ -1506,15 +1502,8 @@ EVP_MAC_CTX_Ptr _EVP_MAC_CTX_new(EVP_MAC *mac); EVP_MAC_Ptr _EVP_MAC_fetch(OSSL_LIB_CTX *libctx, std::string algorithm); -/* CMAC */ -SSL_CMAC_CTX_Ptr _CMAC_CTX_new(void); -void _CMAC_Init(CMAC_CTX *ctx, - const std::vector &key, - const EVP_CIPHER *cipher, - ENGINE *impl); -void _CMAC_Update(CMAC_CTX *ctx, const std::vector &data); -std::vector _CMAC_Final(CMAC_CTX *ctx); const EVP_CIPHER *_getCipherPtrFromCmacCipherType(CmacCipherTypes cipherType); +const std::array _getOSSLParamFromCmacCipherType(CmacCipherTypes cipherType); SSL_EC_KEY_Ptr _EC_KEY_oct2key(int nid, const std::vector &buf); void _EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); diff --git a/src/openssl_lib.cpp b/src/openssl_lib.cpp index 8c9f315..1ed0fa7 100644 --- a/src/openssl_lib.cpp +++ b/src/openssl_lib.cpp @@ -1042,35 +1042,6 @@ int OpenSSLLib::SSL_BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) return BN_bn2binpad(a, to, tolen); } -/* CMAC */ -CMAC_CTX *OpenSSLLib::SSL_CMAC_CTX_new() noexcept { return CMAC_CTX_new(); } -void OpenSSLLib::SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) noexcept { CMAC_CTX_cleanup(ctx); } -void OpenSSLLib::SSL_CMAC_CTX_free(CMAC_CTX *ctx) noexcept { CMAC_CTX_free(ctx); } -EVP_CIPHER_CTX *OpenSSLLib::SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) noexcept -{ - return CMAC_CTX_get0_cipher_ctx(ctx); -} -int OpenSSLLib::SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) noexcept -{ - return CMAC_CTX_copy(out, in); -} -int OpenSSLLib::SSL_CMAC_Init(CMAC_CTX *ctx, - const void *key, - size_t keylen, - const EVP_CIPHER *cipher, - ENGINE *impl) noexcept -{ - return CMAC_Init(ctx, key, keylen, cipher, impl); -} -int OpenSSLLib::SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) noexcept -{ - return CMAC_Update(ctx, data, dlen); -} -int OpenSSLLib::SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) noexcept -{ - return CMAC_Final(ctx, out, poutlen); -} -int OpenSSLLib::SSL_CMAC_resume(CMAC_CTX *ctx) noexcept { return CMAC_resume(ctx); } EVP_PKEY *OpenSSLLib::SSL_ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, diff --git a/src/openssl_wrap.cpp b/src/openssl_wrap.cpp index 8bd4bf6..7300caa 100644 --- a/src/openssl_wrap.cpp +++ b/src/openssl_wrap.cpp @@ -705,12 +705,6 @@ EVP_MAC_CTX *createOpenSSLObject(EVP_MAC *mac) return OpensslCallPtr::callChecked(lib::OpenSSLLib::EVP_MAC_CTX_new, mac); } -template <> -CMAC_CTX *createOpenSSLObject() -{ - return OpensslCallPtr::callChecked(lib::OpenSSLLib::SSL_CMAC_CTX_new); -} - template <> ECDSA_SIG *createOpenSSLObject() { @@ -1517,31 +1511,6 @@ EVP_MAC_Ptr _EVP_MAC_fetch(OSSL_LIB_CTX *libctx, std::string algorithm) { lib::OpenSSLLib::EVP_MAC_fetch, libctx, algorithm.c_str(), nullptr)}; } -SSL_CMAC_CTX_Ptr _CMAC_CTX_new(void) { return createManagedOpenSSLObject(); } - -void _CMAC_Init(CMAC_CTX *ctx, - const std::vector &key, - const EVP_CIPHER *cipher, - ENGINE *impl) -{ - OpensslCallIsOne::callChecked( - lib::OpenSSLLib::SSL_CMAC_Init, ctx, key.data(), key.size(), cipher, impl); -} - -void _CMAC_Update(CMAC_CTX *ctx, const std::vector &data) -{ - OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_CMAC_Update, ctx, data.data(), data.size()); -} - -std::vector _CMAC_Final(CMAC_CTX *ctx) -{ - std::vector cmac(EVP_MAX_BLOCK_LENGTH); - size_t length = 0; - OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_CMAC_Final, ctx, cmac.data(), &length); - assert(length <= cmac.size()); - cmac.resize(length); - return cmac; -} const EVP_CIPHER *_getCipherPtrFromCmacCipherType(CmacCipherTypes cipherType) { @@ -1555,6 +1524,30 @@ const EVP_CIPHER *_getCipherPtrFromCmacCipherType(CmacCipherTypes cipherType) } } +const std::array _getOSSLParamFromCmacCipherType(CmacCipherTypes cipherType) +{ + std::string cipher_name; + switch (cipherType) { + case CmacCipherTypes::AES_CBC_128: + cipher_name = "aes-128-cbc"; + break; + case CmacCipherTypes::AES_CBC_256: + cipher_name = "aes-256-cbc"; + break; + default: + throw std::runtime_error("Unknown cipher type"); + } + + OSSL_PARAM params[3], *p = params; + *p++ = lib::OpenSSLLib::SSL_OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, const_cast(cipher_name.c_str()), 0); + *p = lib::OpenSSLLib::SSL_OSSL_PARAM_construct_end(); + + std::array ossl_params; + std::copy(std::begin(params), std::end(params), ossl_params.begin()); + + return ossl_params; +} + SSL_EC_KEY_Ptr _EC_KEY_oct2key(int nid, const std::vector &buf) { SSL_EC_KEY_Ptr key( diff --git a/tests/unit/openssl_lib_mock.cpp b/tests/unit/openssl_lib_mock.cpp index 995a30f..d524591 100644 --- a/tests/unit/openssl_lib_mock.cpp +++ b/tests/unit/openssl_lib_mock.cpp @@ -1208,47 +1208,6 @@ int OpenSSLLib::SSL_BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) return OpenSSLLibMockManager::getMockInterface().SSL_BN_bn2binpad(a, to, tolen); } -/* CMAC */ -CMAC_CTX *OpenSSLLib::SSL_CMAC_CTX_new() noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_new(); -} -void OpenSSLLib::SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) noexcept -{ - OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_cleanup(ctx); -} -void OpenSSLLib::SSL_CMAC_CTX_free(CMAC_CTX *ctx) noexcept -{ - OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_free(ctx); -} -EVP_CIPHER_CTX *OpenSSLLib::SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_get0_cipher_ctx(ctx); -} -int OpenSSLLib::SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_copy(out, in); -} -int OpenSSLLib::SSL_CMAC_Init(CMAC_CTX *ctx, - const void *key, - size_t keylen, - const EVP_CIPHER *cipher, - ENGINE *impl) noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_Init(ctx, key, keylen, cipher, impl); -} -int OpenSSLLib::SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_Update(ctx, data, dlen); -} -int OpenSSLLib::SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_Final(ctx, out, poutlen); -} -int OpenSSLLib::SSL_CMAC_resume(CMAC_CTX *ctx) noexcept -{ - return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_resume(ctx); -} int OpenSSLLib::SSL_EVP_CIPHER_key_length(const EVP_CIPHER *cipher) noexcept { diff --git a/tests/unit/openssl_lib_mock.h b/tests/unit/openssl_lib_mock.h index 4c444c0..7de5d4c 100644 --- a/tests/unit/openssl_lib_mock.h +++ b/tests/unit/openssl_lib_mock.h @@ -426,20 +426,7 @@ class OpenSSLLibMockInterface int keylen, unsigned char *out) = 0; - /* CMAC */ - virtual CMAC_CTX *SSL_CMAC_CTX_new() = 0; - virtual void SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) = 0; - virtual void SSL_CMAC_CTX_free(CMAC_CTX *ctx) = 0; - virtual EVP_CIPHER_CTX *SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) = 0; - virtual int SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) = 0; - virtual int SSL_CMAC_Init(CMAC_CTX *ctx, - const void *key, - size_t keylen, - const EVP_CIPHER *cipher, - ENGINE *impl) = 0; - virtual int SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) = 0; - virtual int SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) = 0; - virtual int SSL_CMAC_resume(CMAC_CTX *ctx) = 0; + }; /**