// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary // source code may only be used and distributed under the Widevine License // Agreement. // // Reference implementation utilities of OEMCrypto APIs // #ifndef WVOEC_UTIL_HMAC_H_ #define WVOEC_UTIL_HMAC_H_ #include #include #include #include #include "OEMCryptoCENCCommon.h" namespace wvoec { namespace util { // Size of an HMAC-SHA-1 signature. Same size as a SHA-1 digest. static constexpr size_t kHmacSha1SignatureSize = 20; // Size of an HMAC-SHA-256 signature. Same size as a SHA-256 digest. static constexpr size_t kHmacSha256SignatureSize = 32; // == Signature Generate == // Generates a HMAC-SHA-1 signature using the provided |key| and // |message|. Both |key| and |message| must be non-zero length. // The input/output |signature_length| should initially contain the // size of the |signature| buffer, and the function will assign // the final length of the signature. // // Return values: // OEMCrypto_SUCCESS if signature is generated successfully; // |signature_length| may be updated with the actual // signature size // OEMCrypto_ERROR_SHORT_BUFFER if the provided |signature| buffer // is too small to fit an HMAC-SHA-1 signature; // |signature_length| is updated with the require size // OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are // incorrect // OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise OEMCryptoResult HmacSha1(const uint8_t* key, size_t key_length, const uint8_t* message, size_t message_length, uint8_t* signature, size_t* signature_length); OEMCryptoResult HmacSha1(const std::vector& key, const uint8_t* message, size_t message_length, uint8_t* signature, size_t* signature_length); std::vector HmacSha1(const std::vector& key, const std::vector& message); // Generates a HMAC-SHA-256 signature using the provided |key| and // |message|. Both |key| and |message| must be non-zero length. // The input/output |signature_length| should initially contain the // size of the |signature| buffer, and the function will assign // the final length of the signature. // // Return values: // OEMCrypto_SUCCESS if signature is generated successfully; // |signature_length| may be updated with the actual // signature size // OEMCrypto_ERROR_SHORT_BUFFER if the provided |signature| buffer // is too small to fit an HMAC-SHA-256 signature; // |signature_length| is updated with the require size // OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are // incorrect // OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise OEMCryptoResult HmacSha256(const uint8_t* key, size_t key_length, const uint8_t* message, size_t message_length, uint8_t* signature, size_t* signature_length); OEMCryptoResult HmacSha256(const std::vector& key, const uint8_t* message, size_t message_length, uint8_t* signature, size_t* signature_length); bool HmacSha256(const std::vector& key, const std::vector& message, std::vector* signature); bool HmacSha256(const std::vector& key, const std::string& message, std::vector* signature); std::vector HmacSha256(const std::vector& key, const uint8_t* message, size_t message_length); std::vector HmacSha256(const std::vector& key, const std::vector& message); std::vector HmacSha256(const std::vector& key, const std::string& message); // == Signature Verification == // Verifies an HMAC-SHA-1 signature using the provided |key| and // |message| against the provided |signature|. // // Return values: // OEMCrypto_SUCCESS if signature is valid // OEMCrypto_ERROR_SIGNATURE_FAILURE if signature is invalid // OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are // incorrect // OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise OEMCryptoResult HmacSha1Verify(const uint8_t* key, size_t key_length, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length); OEMCryptoResult HmacSha1Verify(const std::vector& key, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length); OEMCryptoResult HmacSha1Verify(const std::vector& key, const std::vector& message, const std::vector& signature); // Verifies an HMAC-SHA-256 signature using the provided |key| and // |message| against the provided |signature|. // // Return values: // OEMCrypto_SUCCESS if signature is valid // OEMCrypto_ERROR_SIGNATURE_FAILURE if signature is invalid // OEMCrypto_ERROR_INVALID_CONTEXT if any the parameters are // incorrect // OEMCrypto_ERROR_UNKNOWN_FAILURE otherwise OEMCryptoResult HmacSha256Verify(const uint8_t* key, size_t key_length, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length); OEMCryptoResult HmacSha256Verify(const std::vector& key, const uint8_t* message, size_t message_length, const uint8_t* signature, size_t signature_length); OEMCryptoResult HmacSha256Verify(const std::vector& key, const std::vector& message, const std::vector& signature); OEMCryptoResult HmacSha256Verify(const std::vector& key, const std::string& message, const std::vector& signature); } // namespace util } // namespace wvoec #endif // WVOEC_UTIL_HMAC_H_