1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.conscrypt; 18 19 import java.security.InvalidAlgorithmParameterException; 20 import java.security.InvalidKeyException; 21 import java.security.Key; 22 import java.security.NoSuchAlgorithmException; 23 import java.security.spec.AlgorithmParameterSpec; 24 25 import javax.crypto.MacSpi; 26 import javax.crypto.SecretKey; 27 28 public abstract class OpenSSLMac extends MacSpi { 29 private OpenSSLDigestContext ctx; 30 31 /** 32 * Holds the EVP_MD for the hashing algorithm, e.g. 33 * EVP_get_digestbyname("sha1"); 34 */ 35 private final long evp_md; 36 37 /** 38 * The key type of the secret key. 39 */ 40 private final int evp_pkey_type; 41 42 /** 43 * The secret key used in this keyed MAC. 44 */ 45 private OpenSSLKey macKey; 46 47 /** 48 * Holds the output size of the message digest. 49 */ 50 private final int size; 51 52 /** 53 * Holds a dummy buffer for writing single bytes to the digest. 54 */ 55 private final byte[] singleByte = new byte[1]; 56 57 private OpenSSLMac(long evp_md, int size, int evp_pkey_type) { 58 this.evp_md = evp_md; 59 this.size = size; 60 this.evp_pkey_type = evp_pkey_type; 61 } 62 63 @Override 64 protected int engineGetMacLength() { 65 return size; 66 } 67 68 @Override 69 protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException, 70 InvalidAlgorithmParameterException { 71 if (!(key instanceof SecretKey)) { 72 throw new InvalidKeyException("key must be a SecretKey"); 73 } 74 75 if (params != null) { 76 throw new InvalidAlgorithmParameterException("unknown parameter type"); 77 } 78 79 if (key instanceof OpenSSLKeyHolder) { 80 macKey = ((OpenSSLKeyHolder) key).getOpenSSLKey(); 81 } else { 82 final byte[] keyBytes = key.getEncoded(); 83 if (keyBytes == null) { 84 throw new InvalidKeyException("key cannot be encoded"); 85 } 86 87 macKey = new OpenSSLKey(NativeCrypto.EVP_PKEY_new_mac_key(evp_pkey_type, keyBytes)); 88 } 89 90 resetContext(); 91 } 92 93 private final void resetContext() { 94 OpenSSLDigestContext ctxLocal = new OpenSSLDigestContext(NativeCrypto.EVP_MD_CTX_create()); 95 NativeCrypto.EVP_MD_CTX_init(ctxLocal); 96 97 final OpenSSLKey macKey = this.macKey; 98 if (macKey != null) { 99 NativeCrypto.EVP_DigestSignInit(ctxLocal, evp_md, macKey.getPkeyContext()); 100 } 101 102 this.ctx = ctxLocal; 103 } 104 105 @Override 106 protected void engineUpdate(byte input) { 107 singleByte[0] = input; 108 engineUpdate(singleByte, 0, 1); 109 } 110 111 @Override 112 protected void engineUpdate(byte[] input, int offset, int len) { 113 final OpenSSLDigestContext ctxLocal = ctx; 114 NativeCrypto.EVP_DigestUpdate(ctxLocal, input, offset, len); 115 } 116 117 @Override 118 protected byte[] engineDoFinal() { 119 final OpenSSLDigestContext ctxLocal = ctx; 120 final byte[] output = NativeCrypto.EVP_DigestSignFinal(ctxLocal); 121 resetContext(); 122 return output; 123 } 124 125 @Override 126 protected void engineReset() { 127 resetContext(); 128 } 129 130 public static class HmacMD5 extends OpenSSLMac { 131 private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("md5"); 132 private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); 133 134 public HmacMD5() { 135 super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC); 136 } 137 } 138 139 public static class HmacSHA1 extends OpenSSLMac { 140 private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1"); 141 private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); 142 143 public HmacSHA1() { 144 super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC); 145 } 146 } 147 148 public static class HmacSHA224 extends OpenSSLMac { 149 private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha224"); 150 private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); 151 152 public HmacSHA224() throws NoSuchAlgorithmException { 153 super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC); 154 } 155 } 156 157 public static class HmacSHA256 extends OpenSSLMac { 158 private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256"); 159 private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); 160 161 public HmacSHA256() throws NoSuchAlgorithmException { 162 super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC); 163 } 164 } 165 166 public static class HmacSHA384 extends OpenSSLMac { 167 private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384"); 168 private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); 169 170 public HmacSHA384() throws NoSuchAlgorithmException { 171 super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC); 172 } 173 } 174 175 public static class HmacSHA512 extends OpenSSLMac { 176 private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512"); 177 private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD); 178 179 public HmacSHA512() { 180 super(EVP_MD, SIZE, NativeCrypto.EVP_PKEY_HMAC); 181 } 182 } 183 } 184