Home | History | Annotate | Download | only in conscrypt
      1 /*
      2  * Copyright (C) 2012 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package org.conscrypt;
     18 
     19 import java.security.InvalidAlgorithmParameterException;
     20 import java.security.InvalidKeyException;
     21 import java.security.Key;
     22 import java.security.NoSuchAlgorithmException;
     23 import java.security.spec.AlgorithmParameterSpec;
     24 
     25 import javax.crypto.MacSpi;
     26 import javax.crypto.SecretKey;
     27 
     28 public abstract class OpenSSLMac extends MacSpi {
     29     private final OpenSSLDigestContext ctx = new OpenSSLDigestContext(
     30             NativeCrypto.EVP_MD_CTX_create());
     31 
     32     /**
     33      * Holds the EVP_MD for the hashing algorithm, e.g.
     34      * EVP_get_digestbyname("sha1");
     35      */
     36     private final long evp_md;
     37 
     38     /**
     39      * The key type of the secret key.
     40      */
     41     private final int evp_pkey_type;
     42 
     43     /**
     44      * The secret key used in this keyed MAC.
     45      */
     46     private OpenSSLKey macKey;
     47 
     48     /**
     49      * Holds the output size of the message digest.
     50      */
     51     private final int size;
     52 
     53     /**
     54      * Holds a dummy buffer for writing single bytes to the digest.
     55      */
     56     private final byte[] singleByte = new byte[1];
     57 
     58     private OpenSSLMac(long evp_md, int size, int evp_pkey_type) {
     59         this.evp_md = evp_md;
     60         this.size = size;
     61         this.evp_pkey_type = evp_pkey_type;
     62     }
     63 
     64     @Override
     65     protected int engineGetMacLength() {
     66         return size;
     67     }
     68 
     69     @Override
     70     protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException,
     71             InvalidAlgorithmParameterException {
     72         if (!(key instanceof SecretKey)) {
     73             throw new InvalidKeyException("key must be a SecretKey");
     74         }
     75 
     76         if (params != null) {
     77             throw new InvalidAlgorithmParameterException("unknown parameter type");
     78         }
     79 
     80         if (key instanceof OpenSSLKeyHolder) {
     81             macKey = ((OpenSSLKeyHolder) key).getOpenSSLKey();
     82         } else {
     83             final byte[] keyBytes = key.getEncoded();
     84             if (keyBytes == null) {
     85                 throw new InvalidKeyException("key cannot be encoded");
     86             }
     87 
     88             macKey = new OpenSSLKey(NativeCrypto.EVP_PKEY_new_mac_key(evp_pkey_type, keyBytes));
     89         }
     90 
     91         NativeCrypto.EVP_MD_CTX_init(ctx.getContext());
     92 
     93         reset();
     94     }
     95 
     96     private void reset() {
     97         NativeCrypto.EVP_DigestSignInit(ctx.getContext(), evp_md, macKey.getPkeyContext());
     98     }
     99 
    100     @Override
    101     protected void engineUpdate(byte input) {
    102         singleByte[0] = input;
    103         engineUpdate(singleByte, 0, 1);
    104     }
    105 
    106     @Override
    107     protected void engineUpdate(byte[] input, int offset, int len) {
    108         NativeCrypto.EVP_DigestUpdate(ctx.getContext(), input, offset, len);
    109     }
    110 
    111     @Override
    112     protected byte[] engineDoFinal() {
    113         final byte[] output = NativeCrypto.EVP_DigestSignFinal(ctx.getContext());
    114         reset();
    115         return output;
    116     }
    117 
    118     @Override
    119     protected void engineReset() {
    120         reset();
    121     }
    122 
    123     public static class HmacMD5 extends OpenSSLMac {
    124         private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
    125         private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
    126 
    127         public HmacMD5() {
    128             super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC);
    129         }
    130     }
    131 
    132     public static class HmacSHA1 extends OpenSSLMac {
    133         private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
    134         private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
    135 
    136         public HmacSHA1() {
    137             super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC);
    138         }
    139     }
    140 
    141     public static class HmacSHA256 extends OpenSSLMac {
    142         private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
    143         private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
    144 
    145         public HmacSHA256() throws NoSuchAlgorithmException {
    146             super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC);
    147         }
    148     }
    149 
    150     public static class HmacSHA384 extends OpenSSLMac {
    151         private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
    152         private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
    153 
    154         public HmacSHA384() throws NoSuchAlgorithmException {
    155             super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC);
    156         }
    157     }
    158 
    159     public static class HmacSHA512 extends OpenSSLMac {
    160         private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
    161         private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
    162 
    163         public HmacSHA512() {
    164             super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC);
    165         }
    166     }
    167 }
    168