Blame - crypto/hmac_win.cc - fp2-dev/platform/external/chromium_org

blob: ba7d827503513cb2b6fe40c60c328457beb3a979 [file] [log] [blame]

Torne (Richard Coles)	5821806	2012-11-14 11:43:16 +0000	[diff] [blame]	1	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
				5	#include "crypto/hmac.h"
				6
				7	#include <windows.h>
				8	#include <wincrypt.h>
				9
				10	#include <algorithm>
				11	#include <vector>
				12
				13	#include "base/logging.h"
				14	#include "crypto/scoped_capi_types.h"
				15	#include "crypto/third_party/nss/chromium-blapi.h"
				16	#include "crypto/third_party/nss/chromium-sha256.h"
				17
				18	namespace crypto {
				19
				20	namespace {
				21
				22	// Implementation of HMAC-SHA-256:
				23	//
				24	// SHA-256 is supported in Windows XP SP3 or later. We still need to support
				25	// Windows XP SP2, so unfortunately we have to implement HMAC-SHA-256 here.
				26
				27	enum {
				28	SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256.
				29	};
				30
				31	// NSS doesn't accept size_t for text size, divide the data into smaller
				32	// chunks as needed.
				33	void Wrapped_SHA256_Update(SHA256Context* ctx, const unsigned char* text,
				34	size_t text_len) {
				35	const unsigned int kChunkSize = 1 << 30;
				36	while (text_len > kChunkSize) {
				37	SHA256_Update(ctx, text, kChunkSize);
				38	text += kChunkSize;
				39	text_len -= kChunkSize;
				40	}
				41	SHA256_Update(ctx, text, (unsigned int)text_len);
				42	}
				43
				44	// See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC).
				45	void ComputeHMACSHA256(const unsigned char* key, size_t key_len,
				46	const unsigned char* text, size_t text_len,
				47	unsigned char* output, size_t output_len) {
				48	SHA256Context ctx;
				49
				50	// Pre-process the key, if necessary.
				51	unsigned char key0[SHA256_BLOCK_SIZE];
				52	if (key_len > SHA256_BLOCK_SIZE) {
				53	SHA256_Begin(&ctx);
				54	Wrapped_SHA256_Update(&ctx, key, key_len);
				55	SHA256_End(&ctx, key0, NULL, SHA256_LENGTH);
				56	memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH);
				57	} else {
				58	memcpy(key0, key, key_len);
				59	if (key_len < SHA256_BLOCK_SIZE)
				60	memset(key0 + key_len, 0, SHA256_BLOCK_SIZE - key_len);
				61	}
				62
				63	unsigned char padded_key[SHA256_BLOCK_SIZE];
				64	unsigned char inner_hash[SHA256_LENGTH];
				65
				66	// XOR key0 with ipad.
				67	for (int i = 0; i < SHA256_BLOCK_SIZE; ++i)
				68	padded_key[i] = key0[i] ^ 0x36;
				69
				70	// Compute the inner hash.
				71	SHA256_Begin(&ctx);
				72	SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
				73	Wrapped_SHA256_Update(&ctx, text, text_len);
				74	SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH);
				75
				76	// XOR key0 with opad.
				77	for (int i = 0; i < SHA256_BLOCK_SIZE; ++i)
				78	padded_key[i] = key0[i] ^ 0x5c;
				79
				80	// Compute the outer hash.
				81	SHA256_Begin(&ctx);
				82	SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE);
				83	SHA256_Update(&ctx, inner_hash, SHA256_LENGTH);
				84	SHA256_End(&ctx, output, NULL, (unsigned int) output_len);
				85	}
				86
				87	} // namespace
				88
				89	struct HMACPlatformData {
				90	~HMACPlatformData() {
				91	if (!raw_key_.empty()) {
				92	SecureZeroMemory(&raw_key_[0], raw_key_.size());
				93	}
				94
				95	// Destroy the key before releasing the provider.
				96	key_.reset();
				97	}
				98
				99	ScopedHCRYPTPROV provider_;
				100	ScopedHCRYPTKEY key_;
				101
				102	// For HMAC-SHA-256 only.
				103	std::vector<unsigned char> raw_key_;
				104	};
				105
				106	HMAC::HMAC(HashAlgorithm hash_alg)
				107	: hash_alg_(hash_alg), plat_(new HMACPlatformData()) {
				108	// Only SHA-1 and SHA-256 hash algorithms are supported now.
				109	DCHECK(hash_alg_ == SHA1 \|\| hash_alg_ == SHA256);
				110	}
				111
Torne (Richard Coles)	2a99a7e	2013-03-28 15:31:22 +0000	[diff] [blame]	112	bool HMAC::Init(const unsigned char* key, size_t key_length) {
Torne (Richard Coles)	5821806	2012-11-14 11:43:16 +0000	[diff] [blame]	113	if (plat_->provider_ \|\| plat_->key_ \|\| !plat_->raw_key_.empty()) {
				114	// Init must not be called more than once on the same HMAC object.
				115	NOTREACHED();
				116	return false;
				117	}
				118
				119	if (hash_alg_ == SHA256) {
				120	plat_->raw_key_.assign(key, key + key_length);
				121	return true;
				122	}
				123
				124	if (!CryptAcquireContext(plat_->provider_.receive(), NULL, NULL,
				125	PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
				126	NOTREACHED();
				127	return false;
				128	}
				129
				130	// This code doesn't work on Win2k because PLAINTEXTKEYBLOB and
				131	// CRYPT_IPSEC_HMAC_KEY are not supported on Windows 2000. PLAINTEXTKEYBLOB
				132	// allows the import of an unencrypted key. For Win2k support, a cubmbersome
				133	// exponent-of-one key procedure must be used:
				134	// http://support.microsoft.com/kb/228786/en-us
				135	// CRYPT_IPSEC_HMAC_KEY allows keys longer than 16 bytes.
				136
				137	struct KeyBlob {
				138	BLOBHEADER header;
				139	DWORD key_size;
				140	BYTE key_data[1];
				141	};
				142	size_t key_blob_size = std::max(offsetof(KeyBlob, key_data) + key_length,
				143	sizeof(KeyBlob));
				144	std::vector<BYTE> key_blob_storage = std::vector<BYTE>(key_blob_size);
				145	KeyBlob* key_blob = reinterpret_cast<KeyBlob*>(&key_blob_storage[0]);
				146	key_blob->header.bType = PLAINTEXTKEYBLOB;
				147	key_blob->header.bVersion = CUR_BLOB_VERSION;
				148	key_blob->header.reserved = 0;
				149	key_blob->header.aiKeyAlg = CALG_RC2;
Torne (Richard Coles)	2a99a7e	2013-03-28 15:31:22 +0000	[diff] [blame]	150	key_blob->key_size = static_cast<DWORD>(key_length);
Torne (Richard Coles)	5821806	2012-11-14 11:43:16 +0000	[diff] [blame]	151	memcpy(key_blob->key_data, key, key_length);
				152
				153	if (!CryptImportKey(plat_->provider_, &key_blob_storage[0],
				154	(DWORD)key_blob_storage.size(), 0,
				155	CRYPT_IPSEC_HMAC_KEY, plat_->key_.receive())) {
				156	NOTREACHED();
				157	return false;
				158	}
				159
				160	// Destroy the copy of the key.
				161	SecureZeroMemory(key_blob->key_data, key_length);
				162
				163	return true;
				164	}
				165
				166	HMAC::~HMAC() {
				167	}
				168
				169	bool HMAC::Sign(const base::StringPiece& data,
				170	unsigned char* digest,
Torne (Richard Coles)	2a99a7e	2013-03-28 15:31:22 +0000	[diff] [blame]	171	size_t digest_length) const {
Torne (Richard Coles)	5821806	2012-11-14 11:43:16 +0000	[diff] [blame]	172	if (hash_alg_ == SHA256) {
				173	if (plat_->raw_key_.empty())
				174	return false;
				175	ComputeHMACSHA256(&plat_->raw_key_[0], plat_->raw_key_.size(),
				176	reinterpret_cast<const unsigned char*>(data.data()),
				177	data.size(), digest, digest_length);
				178	return true;
				179	}
				180
				181	if (!plat_->provider_ \|\| !plat_->key_)
				182	return false;
				183
				184	if (hash_alg_ != SHA1) {
				185	NOTREACHED();
				186	return false;
				187	}
				188
				189	ScopedHCRYPTHASH hash;
				190	if (!CryptCreateHash(plat_->provider_, CALG_HMAC, plat_->key_, 0,
				191	hash.receive()))
				192	return false;
				193
				194	HMAC_INFO hmac_info;
				195	memset(&hmac_info, 0, sizeof(hmac_info));
				196	hmac_info.HashAlgid = CALG_SHA1;
				197	if (!CryptSetHashParam(hash, HP_HMAC_INFO,
				198	reinterpret_cast<BYTE*>(&hmac_info), 0))
				199	return false;
				200
				201	if (!CryptHashData(hash, reinterpret_cast<const BYTE*>(data.data()),
				202	static_cast<DWORD>(data.size()), 0))
				203	return false;
				204
Torne (Richard Coles)	2a99a7e	2013-03-28 15:31:22 +0000	[diff] [blame]	205	DWORD sha1_size = static_cast<DWORD>(digest_length);
Torne (Richard Coles)	5821806	2012-11-14 11:43:16 +0000	[diff] [blame]	206	return !!CryptGetHashParam(hash, HP_HASHVAL, digest, &sha1_size, 0);
				207	}
				208
				209	} // namespace crypto