Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CMAC API #159

Draft
wants to merge 3 commits into
base: openssl3-hmac-deprecates
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 14 additions & 5 deletions src/mac.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,17 @@ class CMAC::Impl
throw MoCOCrWException(formatter.str());
}

_ctx = openssl::_CMAC_CTX_new();
openssl::_CMAC_Init(_ctx.get(), key, cipher, nullptr);
openssl::OSSL_LIB_CTX_Ptr library_context = openssl::_OSSL_LIB_CTX_new();
openssl::EVP_MAC_Ptr mac = openssl::_EVP_MAC_fetch(library_context.get(), "CMAC");

_ctx = openssl::_EVP_MAC_CTX_new(mac.get());

std::array<OSSL_PARAM, 3> ossl_params = openssl::_getOSSLParamFromCmacCipherType(cipherType);
OSSL_PARAM params[3];
std::copy(std::begin(ossl_params), std::end(ossl_params), std::begin(params));

openssl::_EVP_MAC_init(_ctx.get(), key, params);

}

~Impl() = default;
Expand All @@ -150,7 +159,7 @@ class CMAC::Impl
if (_isFinished) {
throw MoCOCrWException("update() can't be called after finish()");
}
openssl::_CMAC_Update(_ctx.get(), message);
openssl::_EVP_MAC_update(_ctx.get(), message);
}

std::vector<uint8_t> finish()
Expand All @@ -159,7 +168,7 @@ class CMAC::Impl
throw MoCOCrWException("finish() can't be called twice.");
}

_result = openssl::_CMAC_Final(_ctx.get());
_result = openssl::_EVP_MAC_final(_ctx.get());

_isFinished = true;

Expand All @@ -184,7 +193,7 @@ class CMAC::Impl
}

private:
openssl::SSL_CMAC_CTX_Ptr _ctx = nullptr;
openssl::EVP_MAC_CTX_Ptr _ctx = nullptr;
bool _isFinished = false;
std::vector<uint8_t> _result;
};
Expand Down
16 changes: 1 addition & 15 deletions src/mococrw/openssl_lib.h
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,7 @@ class OpenSSLLib
static void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) noexcept;


/* HMAC */
/* MAC */
static void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) noexcept;
static EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) noexcept;
static int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, int *outl, int outsize) noexcept;
Expand All @@ -458,20 +458,6 @@ class OpenSSLLib

static void EVP_MAC_free(EVP_MAC *mac) noexcept;

/* CMAC */
static CMAC_CTX *SSL_CMAC_CTX_new() noexcept;
static void SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) noexcept;
static void SSL_CMAC_CTX_free(CMAC_CTX *ctx) noexcept;
static EVP_CIPHER_CTX *SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) noexcept;
static int SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) noexcept;
static int SSL_CMAC_Init(CMAC_CTX *ctx,
const void *key,
size_t keylen,
const EVP_CIPHER *cipher,
ENGINE *impl) noexcept;
static int SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) noexcept;
static int SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) noexcept;
static int SSL_CMAC_resume(CMAC_CTX *ctx) noexcept;

/* EC Point import and export */
static size_t SSL_EC_KEY_key2buf(const EC_KEY *eckey,
Expand Down
15 changes: 2 additions & 13 deletions src/mococrw/openssl_wrap.h
Original file line number Diff line number Diff line change
Expand Up @@ -179,10 +179,6 @@ using OSSL_LIB_CTX_Ptr =
std::unique_ptr<OSSL_LIB_CTX, SSLDeleter<OSSL_LIB_CTX, lib::OpenSSLLib::OSSL_LIB_CTX_free>>;
using OSSL_LIB_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr<OSSL_LIB_CTX_Ptr>;

using SSL_CMAC_CTX_Ptr =
std::unique_ptr<CMAC_CTX, SSLDeleter<CMAC_CTX, lib::OpenSSLLib::SSL_CMAC_CTX_free>>;
using SSL_CMAC_CTX_SharedPtr = utility::SharedPtrTypeFromUniquePtr<SSL_CMAC_CTX_Ptr>;

using SSL_X509_REQ_Ptr =
std::unique_ptr<X509_REQ, SSLDeleter<X509_REQ, lib::OpenSSLLib::SSL_X509_REQ_free>>;
using SSL_X509_REQ_SharedPtr = utility::SharedPtrTypeFromUniquePtr<SSL_X509_REQ_Ptr>;
Expand Down Expand Up @@ -1498,23 +1494,16 @@ void _ECDH_KDF_X9_63(std::vector<uint8_t> &out,

OSSL_LIB_CTX_Ptr _OSSL_LIB_CTX_new(void);

/* HMAC */
/* MAC */
void _EVP_MAC_init(EVP_MAC_CTX *ctx, const std::vector<uint8_t> &key, const OSSL_PARAM params[]);
std::vector<uint8_t> _EVP_MAC_final(EVP_MAC_CTX *ctx);
void _EVP_MAC_update(EVP_MAC_CTX *ctx, const std::vector<uint8_t> &data);
EVP_MAC_CTX_Ptr _EVP_MAC_CTX_new(EVP_MAC *mac);

EVP_MAC_Ptr _EVP_MAC_fetch(OSSL_LIB_CTX *libctx, std::string algorithm);

/* CMAC */
SSL_CMAC_CTX_Ptr _CMAC_CTX_new(void);
void _CMAC_Init(CMAC_CTX *ctx,
const std::vector<uint8_t> &key,
const EVP_CIPHER *cipher,
ENGINE *impl);
void _CMAC_Update(CMAC_CTX *ctx, const std::vector<uint8_t> &data);
std::vector<uint8_t> _CMAC_Final(CMAC_CTX *ctx);
const EVP_CIPHER *_getCipherPtrFromCmacCipherType(CmacCipherTypes cipherType);
const std::array<OSSL_PARAM, 3> _getOSSLParamFromCmacCipherType(CmacCipherTypes cipherType);

SSL_EC_KEY_Ptr _EC_KEY_oct2key(int nid, const std::vector<uint8_t> &buf);
void _EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
Expand Down
29 changes: 0 additions & 29 deletions src/openssl_lib.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1042,35 +1042,6 @@ int OpenSSLLib::SSL_BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
return BN_bn2binpad(a, to, tolen);
}

/* CMAC */
CMAC_CTX *OpenSSLLib::SSL_CMAC_CTX_new() noexcept { return CMAC_CTX_new(); }
void OpenSSLLib::SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) noexcept { CMAC_CTX_cleanup(ctx); }
void OpenSSLLib::SSL_CMAC_CTX_free(CMAC_CTX *ctx) noexcept { CMAC_CTX_free(ctx); }
EVP_CIPHER_CTX *OpenSSLLib::SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) noexcept
{
return CMAC_CTX_get0_cipher_ctx(ctx);
}
int OpenSSLLib::SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) noexcept
{
return CMAC_CTX_copy(out, in);
}
int OpenSSLLib::SSL_CMAC_Init(CMAC_CTX *ctx,
const void *key,
size_t keylen,
const EVP_CIPHER *cipher,
ENGINE *impl) noexcept
{
return CMAC_Init(ctx, key, keylen, cipher, impl);
}
int OpenSSLLib::SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) noexcept
{
return CMAC_Update(ctx, data, dlen);
}
int OpenSSLLib::SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) noexcept
{
return CMAC_Final(ctx, out, poutlen);
}
int OpenSSLLib::SSL_CMAC_resume(CMAC_CTX *ctx) noexcept { return CMAC_resume(ctx); }
EVP_PKEY *OpenSSLLib::SSL_ENGINE_load_private_key(ENGINE *e,
const char *key_id,
UI_METHOD *ui_method,
Expand Down
55 changes: 24 additions & 31 deletions src/openssl_wrap.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -705,12 +705,6 @@ EVP_MAC_CTX *createOpenSSLObject<EVP_MAC_CTX>(EVP_MAC *mac)
return OpensslCallPtr::callChecked(lib::OpenSSLLib::EVP_MAC_CTX_new, mac);
}

template <>
CMAC_CTX *createOpenSSLObject<CMAC_CTX>()
{
return OpensslCallPtr::callChecked(lib::OpenSSLLib::SSL_CMAC_CTX_new);
}

template <>
ECDSA_SIG *createOpenSSLObject<ECDSA_SIG>()
{
Expand Down Expand Up @@ -1517,31 +1511,6 @@ EVP_MAC_Ptr _EVP_MAC_fetch(OSSL_LIB_CTX *libctx, std::string algorithm) {
lib::OpenSSLLib::EVP_MAC_fetch, libctx, algorithm.c_str(), nullptr)};
}

SSL_CMAC_CTX_Ptr _CMAC_CTX_new(void) { return createManagedOpenSSLObject<SSL_CMAC_CTX_Ptr>(); }

void _CMAC_Init(CMAC_CTX *ctx,
const std::vector<uint8_t> &key,
const EVP_CIPHER *cipher,
ENGINE *impl)
{
OpensslCallIsOne::callChecked(
lib::OpenSSLLib::SSL_CMAC_Init, ctx, key.data(), key.size(), cipher, impl);
}

void _CMAC_Update(CMAC_CTX *ctx, const std::vector<uint8_t> &data)
{
OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_CMAC_Update, ctx, data.data(), data.size());
}

std::vector<uint8_t> _CMAC_Final(CMAC_CTX *ctx)
{
std::vector<uint8_t> cmac(EVP_MAX_BLOCK_LENGTH);
size_t length = 0;
OpensslCallIsOne::callChecked(lib::OpenSSLLib::SSL_CMAC_Final, ctx, cmac.data(), &length);
assert(length <= cmac.size());
cmac.resize(length);
return cmac;
}

const EVP_CIPHER *_getCipherPtrFromCmacCipherType(CmacCipherTypes cipherType)
{
Expand All @@ -1555,6 +1524,30 @@ const EVP_CIPHER *_getCipherPtrFromCmacCipherType(CmacCipherTypes cipherType)
}
}

const std::array<OSSL_PARAM, 3> _getOSSLParamFromCmacCipherType(CmacCipherTypes cipherType)
{
std::string cipher_name;
switch (cipherType) {
case CmacCipherTypes::AES_CBC_128:
cipher_name = "aes-128-cbc";
break;
case CmacCipherTypes::AES_CBC_256:
cipher_name = "aes-256-cbc";
break;
default:
throw std::runtime_error("Unknown cipher type");
}

OSSL_PARAM params[3], *p = params;
*p++ = lib::OpenSSLLib::SSL_OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, const_cast<char*>(cipher_name.c_str()), 0);
*p = lib::OpenSSLLib::SSL_OSSL_PARAM_construct_end();

std::array<OSSL_PARAM, 3> ossl_params;
std::copy(std::begin(params), std::end(params), ossl_params.begin());

return ossl_params;
}

SSL_EC_KEY_Ptr _EC_KEY_oct2key(int nid, const std::vector<uint8_t> &buf)
{
SSL_EC_KEY_Ptr key(
Expand Down
41 changes: 0 additions & 41 deletions tests/unit/openssl_lib_mock.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1208,47 +1208,6 @@ int OpenSSLLib::SSL_BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
return OpenSSLLibMockManager::getMockInterface().SSL_BN_bn2binpad(a, to, tolen);
}

/* CMAC */
CMAC_CTX *OpenSSLLib::SSL_CMAC_CTX_new() noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_new();
}
void OpenSSLLib::SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) noexcept
{
OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_cleanup(ctx);
}
void OpenSSLLib::SSL_CMAC_CTX_free(CMAC_CTX *ctx) noexcept
{
OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_free(ctx);
}
EVP_CIPHER_CTX *OpenSSLLib::SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_get0_cipher_ctx(ctx);
}
int OpenSSLLib::SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_CTX_copy(out, in);
}
int OpenSSLLib::SSL_CMAC_Init(CMAC_CTX *ctx,
const void *key,
size_t keylen,
const EVP_CIPHER *cipher,
ENGINE *impl) noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_Init(ctx, key, keylen, cipher, impl);
}
int OpenSSLLib::SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_Update(ctx, data, dlen);
}
int OpenSSLLib::SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_Final(ctx, out, poutlen);
}
int OpenSSLLib::SSL_CMAC_resume(CMAC_CTX *ctx) noexcept
{
return OpenSSLLibMockManager::getMockInterface().SSL_CMAC_resume(ctx);
}

int OpenSSLLib::SSL_EVP_CIPHER_key_length(const EVP_CIPHER *cipher) noexcept
{
Expand Down
15 changes: 1 addition & 14 deletions tests/unit/openssl_lib_mock.h
Original file line number Diff line number Diff line change
Expand Up @@ -426,20 +426,7 @@ class OpenSSLLibMockInterface
int keylen,
unsigned char *out) = 0;

/* CMAC */
virtual CMAC_CTX *SSL_CMAC_CTX_new() = 0;
virtual void SSL_CMAC_CTX_cleanup(CMAC_CTX *ctx) = 0;
virtual void SSL_CMAC_CTX_free(CMAC_CTX *ctx) = 0;
virtual EVP_CIPHER_CTX *SSL_CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) = 0;
virtual int SSL_CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) = 0;
virtual int SSL_CMAC_Init(CMAC_CTX *ctx,
const void *key,
size_t keylen,
const EVP_CIPHER *cipher,
ENGINE *impl) = 0;
virtual int SSL_CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen) = 0;
virtual int SSL_CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) = 0;
virtual int SSL_CMAC_resume(CMAC_CTX *ctx) = 0;

};

/**
Expand Down
Loading