diff options
| author | Thai Duong <thaidn@google.com> | 2015-03-20 16:50:18 -0700 |
|---|---|---|
| committer | Thai Duong <thaidn@google.com> | 2015-03-23 16:27:01 -0700 |
| commit | 207b505371394dbf2118ca2beb8817cf4c617988 (patch) | |
| tree | ed9d26510acd70067b6c4d41e9ad25ccba3e47fe /hmac.cpp | |
| parent | c609659a4b469778f523bece9ad0235fcfe6dd91 (diff) | |
| download | android_system_keymaster-207b505371394dbf2118ca2beb8817cf4c617988.tar.gz android_system_keymaster-207b505371394dbf2118ca2beb8817cf4c617988.tar.bz2 android_system_keymaster-207b505371394dbf2118ca2beb8817cf4c617988.zip | |
ECIES: add HKDF (specified in RFC 5869) using HMAC-SHA256
Change-Id: I5dafc61aecdfd4d38aba0c1beb1b03716e212723
Diffstat (limited to 'hmac.cpp')
| -rw-r--r-- | hmac.cpp | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/hmac.cpp b/hmac.cpp new file mode 100644 index 0000000..08997c7 --- /dev/null +++ b/hmac.cpp @@ -0,0 +1,86 @@ +/* + * Copyright 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "hmac.h" + +#include <assert.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/sha.h> + +namespace keymaster { + +Hmac::Hmac(HashAlgorithm hash_alg) { + assert(hash_alg == SHA256); +} + +size_t Hmac::DigestLength() const { + return SHA256_DIGEST_LENGTH; +} + +bool Hmac::Init(const uint8_t* key, size_t key_len) { + if (!key) + return false; + + key_.Reinitialize(key, key_len); + return true; +} + +bool Hmac::Init(const Buffer& key) { + return Init(key.peek_read(), key.available_read()); +} + +bool Hmac::Sign(const Buffer& data, uint8_t* out_digest, size_t digest_len) const { + return Sign(data.peek_read(), data.available_read(), out_digest, digest_len); +} + +bool Hmac::Sign(const uint8_t* data, size_t data_len, uint8_t* out_digest, + size_t digest_len) const { + assert(digest_len); + + uint8_t tmp[SHA256_DIGEST_LENGTH]; + uint8_t* digest = tmp; + if (digest_len >= SHA256_DIGEST_LENGTH) + digest = out_digest; + + if (nullptr == ::HMAC(EVP_sha256(), key_.peek_read(), key_.available_read(), + data, data_len, digest, nullptr)) { + return false; + } + if (digest_len < SHA256_DIGEST_LENGTH) + memcpy(out_digest, tmp, digest_len); + + return true; +} + +bool Hmac::Verify(const Buffer& data, const Buffer& digest) const { + return Verify(data.peek_read(), data.available_read(), digest.peek_read(), + digest.available_read()); +} + +bool Hmac::Verify(const uint8_t* data, size_t data_len, const uint8_t* digest, + size_t digest_len) const { + if (digest_len != SHA256_DIGEST_LENGTH) + return false; + + uint8_t computed_digest[SHA256_DIGEST_LENGTH]; + if (!Sign(data, data_len, computed_digest, sizeof(computed_digest))) + return false; + + return 0 == CRYPTO_memcmp(digest, computed_digest, SHA256_DIGEST_LENGTH); +} + +} // namespace keymaster |