aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/c_src/mac.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/crypto/c_src/mac.c')
-rw-r--r--lib/crypto/c_src/mac.c294
1 files changed, 283 insertions, 11 deletions
diff --git a/lib/crypto/c_src/mac.c b/lib/crypto/c_src/mac.c
index 0ee431f394..0482f97028 100644
--- a/lib/crypto/c_src/mac.c
+++ b/lib/crypto/c_src/mac.c
@@ -21,6 +21,7 @@
#include "common.h"
#include "cipher.h"
#include "digest.h"
+#include "hmac.h"
#include "mac.h"
/***************************
@@ -184,7 +185,6 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
size_t size;
EVP_PKEY *pkey = NULL;
EVP_MD_CTX *mctx = NULL;
- EVP_PKEY_CTX *pctx = NULL;
#endif
/*---------------------------------
@@ -341,7 +341,7 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
goto err;
}
- if (EVP_DigestSignInit(mctx, &pctx, md, /*engine*/ NULL, pkey) != 1)
+ if (EVP_DigestSignInit(mctx, /*&pctx*/ NULL, md, /*engine*/ NULL, pkey) != 1)
{
return_term = EXCP_ERROR(env, "EVP_DigestSign");
goto err;
@@ -399,7 +399,7 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
return_term = enif_make_binary(env, &ret_bin);
ret_bin_alloc = 0;
- out: /* Common for success: and for err: */
+ err:
#ifdef HAS_EVP_PKEY_CTX
if (pkey)
@@ -408,17 +408,10 @@ ERL_NIF_TERM mac_one_time(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
EVP_MD_CTX_free(mctx);
#endif
- return return_term;
-
-
- /*****************
- Error exit
- ******************/
- err:
if (ret_bin_alloc)
enif_release_binary(&ret_bin);
- goto out;
+ return return_term;
}
@@ -511,3 +504,282 @@ int hmac_low_level(ErlNifEnv* env, const EVP_MD *md,
return 1;
}
#endif
+
+
+/*******************************************************************
+ *
+ * Mac ctx
+ *
+ ******************************************************************/
+
+int init_mac_ctx(ErlNifEnv *env);
+
+struct mac_context
+{
+ EVP_MD_CTX *ctx;
+};
+
+static ErlNifResourceType* mac_context_rtype;
+
+static void mac_context_dtor(ErlNifEnv* env, struct mac_context*);
+
+int init_mac_ctx(ErlNifEnv *env) {
+ mac_context_rtype = enif_open_resource_type(env, NULL, "mac_context",
+ (ErlNifResourceDtor*) mac_context_dtor,
+ ERL_NIF_RT_CREATE|ERL_NIF_RT_TAKEOVER,
+ NULL);
+ if (mac_context_rtype == NULL)
+ goto err;
+
+ return 1;
+
+ err:
+ PRINTF_ERR0("CRYPTO: Could not open resource type 'mac_context'");
+ return 0;
+}
+
+
+static void mac_context_dtor(ErlNifEnv* env, struct mac_context *obj)
+{
+ if (obj == NULL)
+ return;
+
+ if (obj->ctx)
+ EVP_MD_CTX_free(obj->ctx);
+}
+
+/*******************************************************************
+ *
+ * Mac nif
+ *
+ ******************************************************************/
+
+ERL_NIF_TERM mac_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (MacType, SubType, Key) */
+#ifdef HAS_EVP_PKEY_CTX
+ struct mac_context *obj = NULL;
+ struct mac_type_t *macp;
+ ErlNifBinary key_bin;
+ ERL_NIF_TERM return_term;
+ const EVP_MD *md = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ /*---------------------------------
+ Get common indata and validate it
+ */
+ if (!enif_inspect_iolist_as_binary(env, argv[2], &key_bin))
+ {
+ return_term = EXCP_BADARG(env, "Bad key");
+ goto err;
+ }
+
+ if (!(macp = get_mac_type(argv[0])))
+ {
+ return_term = EXCP_BADARG(env, "Unknown mac algorithm");
+ goto err;
+ }
+
+ /*--------------------------------------------------
+ Algorithm dependent indata checking and computation.
+ If EVP_PKEY is available, only set the pkey variable
+ and do the computation after the switch statement.
+ If not available, do the low-level calls in the
+ corresponding case part
+ */
+ switch (macp->type) {
+
+ /********
+ * HMAC *
+ ********/
+ case HMAC_mac:
+ {
+ struct digest_type_t *digp;
+
+ if ((digp = get_digest_type(argv[1])) == NULL)
+ {
+ return_term = EXCP_BADARG(env, "Bad digest algorithm for HMAC");
+ goto err;
+ }
+ if (digp->md.p == NULL)
+ {
+ return_term = EXCP_NOTSUP(env, "Unsupported digest algorithm");
+ goto err;
+ }
+
+ md = digp->md.p;
+
+# ifdef HAVE_PKEY_new_raw_private_key
+ /* Prefered for new applications according to EVP_PKEY_new_mac_key(3) */
+ pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, /*engine*/ NULL, key_bin.data, key_bin.size);
+# else
+ /* Available in older versions */
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, /*engine*/ NULL, key_bin.data, key_bin.size);
+# endif
+ }
+ break;
+
+
+ /********
+ * CMAC *
+ ********/
+#if defined(HAVE_CMAC) && defined(HAVE_EVP_PKEY_new_CMAC_key)
+ case CMAC_mac:
+ {
+ const struct cipher_type_t *cipherp;
+ if (!(cipherp = get_cipher_type(argv[1], key_bin.size)))
+ { /* Something went wrong. Find out what by retrying in another way. */
+ if (!get_cipher_type_no_key(argv[1]))
+ return_term = EXCP_BADARG(env, "Unknown cipher");
+ else
+ /* Cipher exists, so it must be the key size that is wrong */
+ return_term = EXCP_BADARG(env, "Bad key size");
+ goto err;
+ }
+
+ if (FORBIDDEN_IN_FIPS(cipherp))
+ {
+ return_term = EXCP_NOTSUP(env, "Cipher algorithm not supported in FIPS");
+ goto err;
+ }
+
+ if (cipherp->cipher.p == NULL)
+ {
+ return_term = EXCP_NOTSUP(env, "Unsupported cipher algorithm");
+ goto err;
+ }
+
+ pkey = EVP_PKEY_new_CMAC_key(/*engine*/ NULL, key_bin.data, key_bin.size, cipherp->cipher.p);
+ }
+ break;
+#endif /* HAVE_CMAC && HAVE_EVP_PKEY_new_CMAC_key */
+
+
+ /************
+ * POLY1305 *
+ ************/
+#ifdef HAVE_POLY1305
+ case POLY1305_mac:
+ if (key_bin.size != 32)
+ {
+ return_term = EXCP_BADARG(env, "Bad key size, != 32 bytes");
+ goto err;
+ }
+ /* poly1305 implies that EVP_PKEY_new_raw_private_key exists */
+ pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_POLY1305, /*engine*/ NULL, key_bin.data, key_bin.size);
+ break;
+#endif
+
+
+ /***************
+ * Unknown MAC *
+ ***************/
+ case NO_mac:
+ default:
+ /* We know that this mac is supported with some version(s) of cryptolib */
+ return_term = EXCP_NOTSUP(env, "Unsupported mac algorithm");
+ goto err;
+ }
+
+ /*-----------------------------------------
+ Common computations
+ */
+ if (!pkey)
+ {
+ return_term = EXCP_ERROR(env, "EVP_PKEY_key creation");
+ goto err;
+ }
+
+ if ((obj = enif_alloc_resource(mac_context_rtype, sizeof(struct mac_context))) == NULL)
+ {
+ return_term = EXCP_ERROR(env, "Can't allocate mac_context_rtype");
+ goto err;
+ }
+
+ if ((obj->ctx = EVP_MD_CTX_new()) == NULL)
+ {
+ return_term = EXCP_ERROR(env, "EVP_MD_CTX_new");
+ goto err;
+ }
+
+ if (EVP_DigestSignInit(obj->ctx, /*&pctx*/ NULL, md, /*engine*/ NULL, pkey) != 1)
+ {
+ return_term = EXCP_ERROR(env, "EVP_DigestSign");
+ goto err;
+ }
+
+ return_term = enif_make_resource(env, obj);
+
+ err:
+
+ if (obj)
+ enif_release_resource(obj);
+
+ if (pkey)
+ EVP_PKEY_free(pkey);
+
+ return return_term;
+
+#else
+ if (argv[0] != atom_hmac)
+ return EXCP_NOTSUP(env, "Unsupported mac algorithm");
+
+ return hmac_init_nif(env, argc, argv);
+#endif
+}
+
+
+
+ERL_NIF_TERM mac_update_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Ref, Text) */
+#ifdef HAS_EVP_PKEY_CTX
+ struct mac_context *obj = NULL;
+ ErlNifBinary text;
+
+ if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)mac_context_rtype, (void**)&obj))
+ return EXCP_BADARG(env, "Bad ref");
+
+ if (!enif_inspect_iolist_as_binary(env, argv[1], &text))
+ return EXCP_BADARG(env, "Bad text");
+
+ if (EVP_DigestSignUpdate(obj->ctx, text.data, text.size) != 1)
+ return EXCP_ERROR(env, "EVP_DigestSignUpdate");
+
+ CONSUME_REDS(env, text);
+ return argv[0];
+
+#else
+ return hmac_update_nif(env, argc, argv);
+#endif
+}
+
+
+
+ERL_NIF_TERM mac_final_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Ref) */
+#ifdef HAS_EVP_PKEY_CTX
+ struct mac_context *obj;
+ size_t size;
+ ErlNifBinary ret_bin;
+
+ if (!enif_get_resource(env, argv[0], (ErlNifResourceType*)mac_context_rtype, (void**)&obj))
+ return EXCP_BADARG(env, "Bad ref");
+
+ if (EVP_DigestSignFinal(obj->ctx, NULL, &size) != 1)
+ return EXCP_ERROR(env, "Can't get sign size");
+
+ if (!enif_alloc_binary(size, &ret_bin))
+ return EXCP_ERROR(env, "Alloc binary");
+
+ if (EVP_DigestSignFinal(obj->ctx, ret_bin.data, &size) != 1)
+ {
+ enif_release_binary(&ret_bin);
+ return EXCP_ERROR(env, "Signing");
+ }
+
+ return enif_make_binary(env, &ret_bin);
+
+#else
+ return hmac_final_nif(env, argc, argv);
+#endif
+}
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 02:33:35 +0000