blob: 975991db7c0795a1d1a2da8f6f380430fa4a2e8b [file] [log] [blame]
henrike@webrtc.org0e118e72013-07-10 00:45:36 +00001/*
2 * libjingle
3 * Copyright 2011, Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#include "talk/base/messagedigest.h"
29
30#include <string.h>
31
32#include "talk/base/sslconfig.h"
33#if SSL_USE_OPENSSL
34#include "talk/base/openssldigest.h"
35#else
36#include "talk/base/md5digest.h"
37#include "talk/base/sha1digest.h"
38#endif
39#include "talk/base/scoped_ptr.h"
40#include "talk/base/stringencode.h"
41
42namespace talk_base {
43
44// From RFC 4572.
45const char DIGEST_MD5[] = "md5";
46const char DIGEST_SHA_1[] = "sha-1";
47const char DIGEST_SHA_224[] = "sha-224";
48const char DIGEST_SHA_256[] = "sha-256";
49const char DIGEST_SHA_384[] = "sha-384";
50const char DIGEST_SHA_512[] = "sha-512";
51
52static const size_t kBlockSize = 64; // valid for SHA-256 and down
53
54MessageDigest* MessageDigestFactory::Create(const std::string& alg) {
55#if SSL_USE_OPENSSL
56 MessageDigest* digest = new OpenSSLDigest(alg);
57 if (digest->Size() == 0) { // invalid algorithm
58 delete digest;
59 digest = NULL;
60 }
61 return digest;
62#else
63 MessageDigest* digest = NULL;
64 if (alg == DIGEST_MD5) {
65 digest = new Md5Digest();
66 } else if (alg == DIGEST_SHA_1) {
67 digest = new Sha1Digest();
68 }
69 return digest;
70#endif
71}
72
henrika@webrtc.org8485ec62014-01-14 10:00:58 +000073bool IsFips180DigestAlgorithm(const std::string& alg) {
74 // These are the FIPS 180 algorithms. According to RFC 4572 Section 5,
75 // "Self-signed certificates (for which legacy certificates are not a
76 // consideration) MUST use one of the FIPS 180 algorithms (SHA-1,
77 // SHA-224, SHA-256, SHA-384, or SHA-512) as their signature algorithm,
78 // and thus also MUST use it to calculate certificate fingerprints."
79 return alg == DIGEST_SHA_1 ||
80 alg == DIGEST_SHA_224 ||
81 alg == DIGEST_SHA_256 ||
82 alg == DIGEST_SHA_384 ||
83 alg == DIGEST_SHA_512;
84}
85
henrike@webrtc.org0e118e72013-07-10 00:45:36 +000086size_t ComputeDigest(MessageDigest* digest, const void* input, size_t in_len,
87 void* output, size_t out_len) {
88 digest->Update(input, in_len);
89 return digest->Finish(output, out_len);
90}
91
92size_t ComputeDigest(const std::string& alg, const void* input, size_t in_len,
93 void* output, size_t out_len) {
94 scoped_ptr<MessageDigest> digest(MessageDigestFactory::Create(alg));
95 return (digest) ?
96 ComputeDigest(digest.get(), input, in_len, output, out_len) :
97 0;
98}
99
100std::string ComputeDigest(MessageDigest* digest, const std::string& input) {
wu@webrtc.org5c9dd592013-10-25 21:18:33 +0000101 scoped_ptr<char[]> output(new char[digest->Size()]);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000102 ComputeDigest(digest, input.data(), input.size(),
103 output.get(), digest->Size());
104 return hex_encode(output.get(), digest->Size());
105}
106
107bool ComputeDigest(const std::string& alg, const std::string& input,
108 std::string* output) {
109 scoped_ptr<MessageDigest> digest(MessageDigestFactory::Create(alg));
110 if (!digest) {
111 return false;
112 }
113 *output = ComputeDigest(digest.get(), input);
114 return true;
115}
116
117std::string ComputeDigest(const std::string& alg, const std::string& input) {
118 std::string output;
119 ComputeDigest(alg, input, &output);
120 return output;
121}
122
123// Compute a RFC 2104 HMAC: H(K XOR opad, H(K XOR ipad, text))
124size_t ComputeHmac(MessageDigest* digest,
125 const void* key, size_t key_len,
126 const void* input, size_t in_len,
127 void* output, size_t out_len) {
128 // We only handle algorithms with a 64-byte blocksize.
129 // TODO: Add BlockSize() method to MessageDigest.
130 size_t block_len = kBlockSize;
131 if (digest->Size() > 32) {
132 return 0;
133 }
134 // Copy the key to a block-sized buffer to simplify padding.
135 // If the key is longer than a block, hash it and use the result instead.
wu@webrtc.org5c9dd592013-10-25 21:18:33 +0000136 scoped_ptr<uint8[]> new_key(new uint8[block_len]);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000137 if (key_len > block_len) {
138 ComputeDigest(digest, key, key_len, new_key.get(), block_len);
139 memset(new_key.get() + digest->Size(), 0, block_len - digest->Size());
140 } else {
141 memcpy(new_key.get(), key, key_len);
142 memset(new_key.get() + key_len, 0, block_len - key_len);
143 }
144 // Set up the padding from the key, salting appropriately for each padding.
wu@webrtc.org5c9dd592013-10-25 21:18:33 +0000145 scoped_ptr<uint8[]> o_pad(new uint8[block_len]), i_pad(new uint8[block_len]);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000146 for (size_t i = 0; i < block_len; ++i) {
147 o_pad[i] = 0x5c ^ new_key[i];
148 i_pad[i] = 0x36 ^ new_key[i];
149 }
150 // Inner hash; hash the inner padding, and then the input buffer.
wu@webrtc.org5c9dd592013-10-25 21:18:33 +0000151 scoped_ptr<uint8[]> inner(new uint8[digest->Size()]);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000152 digest->Update(i_pad.get(), block_len);
153 digest->Update(input, in_len);
154 digest->Finish(inner.get(), digest->Size());
155 // Outer hash; hash the outer padding, and then the result of the inner hash.
156 digest->Update(o_pad.get(), block_len);
157 digest->Update(inner.get(), digest->Size());
158 return digest->Finish(output, out_len);
159}
160
161size_t ComputeHmac(const std::string& alg, const void* key, size_t key_len,
162 const void* input, size_t in_len,
163 void* output, size_t out_len) {
164 scoped_ptr<MessageDigest> digest(MessageDigestFactory::Create(alg));
165 if (!digest) {
166 return 0;
167 }
168 return ComputeHmac(digest.get(), key, key_len,
169 input, in_len, output, out_len);
170}
171
172std::string ComputeHmac(MessageDigest* digest, const std::string& key,
173 const std::string& input) {
wu@webrtc.org5c9dd592013-10-25 21:18:33 +0000174 scoped_ptr<char[]> output(new char[digest->Size()]);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000175 ComputeHmac(digest, key.data(), key.size(),
176 input.data(), input.size(), output.get(), digest->Size());
177 return hex_encode(output.get(), digest->Size());
178}
179
180bool ComputeHmac(const std::string& alg, const std::string& key,
181 const std::string& input, std::string* output) {
182 scoped_ptr<MessageDigest> digest(MessageDigestFactory::Create(alg));
183 if (!digest) {
184 return false;
185 }
186 *output = ComputeHmac(digest.get(), key, input);
187 return true;
188}
189
190std::string ComputeHmac(const std::string& alg, const std::string& key,
191 const std::string& input) {
192 std::string output;
193 ComputeHmac(alg, key, input, &output);
194 return output;
195}
196
197} // namespace talk_base