173b230588
[ Merge of http://go/wvgerrit/152950 ] This CL introduces several functions for computing a HMAC-SHA256 signature. The functions wrap the OpenSSL/BoringSSL implementation of HMAC(), allowing for common C++ types to be passed in. Several of the functions follow several OEMCrypto conventions for generating signatures (ex. returning OEMCrypto_ERROR_SHORT_BUFFER if signature buffer is too small). Also provided limited wrappers for HMAC-SHA-1, which are used for a limited number of operations within OEMCrypto. Bug: 154055871 Bug: 145026434 Bug: 236317198 Test: hmac_unittest Change-Id: I4a9e56066a7c3f14c7159270503225cd794c1bb6
140 lines
6.3 KiB
C++
140 lines
6.3 KiB
C++
// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
//
|
|
// Reference implementation utilities of OEMCrypto APIs
|
|
//
|
|
#ifndef WVOEC_UTIL_HMAC_H_
|
|
#define WVOEC_UTIL_HMAC_H_
|
|
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "OEMCryptoCENCCommon.h"
|
|
|
|
namespace wvoec {
|
|
namespace util {
|
|
// Size of an HMAC-SHA-1 signature. Same size as a SHA-1 digest.
|
|
static constexpr size_t kHmacSha1SignatureSize = 20;
|
|
// Size of an HMAC-SHA-256 signature. Same size as a SHA-256 digest.
|
|
static constexpr size_t kHmacSha256SignatureSize = 32;
|
|
|
|
// == Signature Generate ==
|
|
|
|
// Generates a HMAC-SHA-1 signature using the provided |key| and
|
|
// |message|. Both |key| and |message| must be non-zero length.
|
|
// The input/output |signature_length| should initially contain the
|
|
// size of the |signature| buffer, and the function will assign
|
|
// the final length of the signature.
|
|
//
|
|
// Return values:
|
|
// OEMCrypto_SUCCESS if signature is generated successfully;
|
|
// |signature_length| may be updated with the actual
|
|
// signature size
|
|
// OEMCrypto_ERROR_SHORT_BUFFER if the provided |signature| buffer
|
|
// is too small to fit an HMAC-SHA-1 signature;
|
|
// |signature_length| is updated with the require size
|
|
// OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are
|
|
// incorrect
|
|
// OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise
|
|
OEMCryptoResult HmacSha1(const uint8_t* key, size_t key_length,
|
|
const uint8_t* message, size_t message_length,
|
|
uint8_t* signature, size_t* signature_length);
|
|
OEMCryptoResult HmacSha1(const std::vector<uint8_t>& key,
|
|
const uint8_t* message, size_t message_length,
|
|
uint8_t* signature, size_t* signature_length);
|
|
|
|
std::vector<uint8_t> HmacSha1(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& message);
|
|
|
|
// Generates a HMAC-SHA-256 signature using the provided |key| and
|
|
// |message|. Both |key| and |message| must be non-zero length.
|
|
// The input/output |signature_length| should initially contain the
|
|
// size of the |signature| buffer, and the function will assign
|
|
// the final length of the signature.
|
|
//
|
|
// Return values:
|
|
// OEMCrypto_SUCCESS if signature is generated successfully;
|
|
// |signature_length| may be updated with the actual
|
|
// signature size
|
|
// OEMCrypto_ERROR_SHORT_BUFFER if the provided |signature| buffer
|
|
// is too small to fit an HMAC-SHA-256 signature;
|
|
// |signature_length| is updated with the require size
|
|
// OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are
|
|
// incorrect
|
|
// OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise
|
|
OEMCryptoResult HmacSha256(const uint8_t* key, size_t key_length,
|
|
const uint8_t* message, size_t message_length,
|
|
uint8_t* signature, size_t* signature_length);
|
|
OEMCryptoResult HmacSha256(const std::vector<uint8_t>& key,
|
|
const uint8_t* message, size_t message_length,
|
|
uint8_t* signature, size_t* signature_length);
|
|
|
|
bool HmacSha256(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& message,
|
|
std::vector<uint8_t>* signature);
|
|
|
|
bool HmacSha256(const std::vector<uint8_t>& key, const std::string& message,
|
|
std::vector<uint8_t>* signature);
|
|
|
|
std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key,
|
|
const uint8_t* message, size_t message_length);
|
|
std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& message);
|
|
std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key,
|
|
const std::string& message);
|
|
|
|
// == Signature Verification ==
|
|
|
|
// Verifies an HMAC-SHA-1 signature using the provided |key| and
|
|
// |message| against the provided |signature|.
|
|
//
|
|
// Return values:
|
|
// OEMCrypto_SUCCESS if signature is valid
|
|
// OEMCrypto_ERROR_SIGNATURE_FAILURE if signature is invalid
|
|
// OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are
|
|
// incorrect
|
|
// OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise
|
|
OEMCryptoResult HmacSha1Verify(const uint8_t* key, size_t key_length,
|
|
const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult HmacSha1Verify(const std::vector<uint8_t>& key,
|
|
const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
|
|
OEMCryptoResult HmacSha1Verify(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& message,
|
|
const std::vector<uint8_t>& signature);
|
|
|
|
// Verifies an HMAC-SHA-256 signature using the provided |key| and
|
|
// |message| against the provided |signature|.
|
|
//
|
|
// Return values:
|
|
// OEMCrypto_SUCCESS if signature is valid
|
|
// OEMCrypto_ERROR_SIGNATURE_FAILURE if signature is invalid
|
|
// OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are
|
|
// incorrect
|
|
// OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise
|
|
OEMCryptoResult HmacSha256Verify(const uint8_t* key, size_t key_length,
|
|
const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult HmacSha256Verify(const std::vector<uint8_t>& key,
|
|
const uint8_t* message, size_t message_length,
|
|
const uint8_t* signature,
|
|
size_t signature_length);
|
|
OEMCryptoResult HmacSha256Verify(const std::vector<uint8_t>& key,
|
|
const std::vector<uint8_t>& message,
|
|
const std::vector<uint8_t>& signature);
|
|
OEMCryptoResult HmacSha256Verify(const std::vector<uint8_t>& key,
|
|
const std::string& message,
|
|
const std::vector<uint8_t>& signature);
|
|
} // namespace util
|
|
} // namespace wvoec
|
|
#endif // WVOEC_UTIL_HMAC_H_
|