Fix the dwDataLen parameter of CryptImportKey().

[create_hmac.git] / create_hmac / create_hmac.c

/**\r
 * Copyright (c) 2010-2014 Florian Forster\r
 *\r
 * Permission is hereby granted, free of charge, to any person obtaining a copy\r
 * of this software and associated documentation files (the "Software"), to deal\r
 * in the Software without restriction, including without limitation the rights\r
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
 * copies of the Software, and to permit persons to whom the Software is\r
 * furnished to do so, subject to the following conditions:\r
 *\r
 * The above copyright notice and this permission notice shall be included in\r
 * all copies or substantial portions of the Software.\r
 *\r
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r
 * THE SOFTWARE.\r
 **/\r
\r
#include "create_hmac.h"\r
\r
#include <stdlib.h>\r
#include <stdio.h>\r
#include <assert.h>\r
\r
/*\r
 * Creating a HCRYPTKEY from a plain text password is probably the most tricky\r
 * part when calculating an RFC2104 HMAC using Microsoft CryptoAPI. The\r
 * examples provided at the MSDN website encourage you to use "CryptDeriveKey",\r
 * which doesn't do the conditional hashing required by HMAC. (That is, it\r
 * might. The documentation on any of the functions is so vague that it's well\r
 * possible the elegant solution is just not documented nor demonstrated.\r
 */\r
static HCRYPTKEY create_hmac_key_exact (HCRYPTPROV hProv,\r
                                                                                BYTE *pbKey, DWORD dwKeySize)\r
{\r
        /* Layout of the memory expected when importing a plain text blob is\r
         * documented at the "CryptImportKey" under "Remarks". The four bytes\r
         * following the PUBLICKEYSTRUC structure hold the size of the key, then\r
         * follows the key itself. */\r
        struct plain_text_data_s\r
        {\r
                PUBLICKEYSTRUC blob;\r
                DWORD key_size;\r
        } *data;\r
        DWORD data_size;\r
        HCRYPTKEY ret_key = 0;\r
        BOOL status;\r
\r
        data_size = sizeof (*data) + dwKeySize;\r
        data = (struct plain_text_data_s *) malloc (data_size);\r
        if (data == NULL)\r
                return (0);\r
        memset (data, 0, data_size);\r
\r
        /* The key is not encrypted. */\r
        data->blob.bType = PLAINTEXTKEYBLOB;\r
        data->blob.bVersion = CUR_BLOB_VERSION;\r
        data->blob.reserved = 0;\r
        /* The "CryptImportKey" page explicitly states that "RC2" is to be used for\r
         * HMAC keys. What anyone might have been thinking, I don't know. */\r
        data->blob.aiKeyAlg = CALG_RC2;\r
\r
        /* Copy the key to the memory right behind the struct. "memcpy" should only\r
         * add memory protection crap *after* the region written to, so the blob\r
         * shouldn't be destroyed. We play it save, though, and set the key size\r
         * last. Should problems arise, we should switch to a loop just to be sure. */\r
        memcpy (data + 1, pbKey, dwKeySize);\r
        data->key_size = dwKeySize;\r
\r
        /* Actually convert our memory region to this mysterious key structure.\r
         * The "CRYPT_IPSEC_HMAC_KEY" is required to allow RC2 keys longer than\r
         * 16 byte. Again, this is documented on the "CryptImportKey" page as a\r
         * side note. */\r
        status = CryptImportKey (hProv,\r
                        /* pbData    = */ (void *) data,\r
                        /* dwDataLen = */ data_size,\r
                        /* hPubKey   = */ 0,\r
                        /* dwFlags   = */ CRYPT_IPSEC_HMAC_KEY,\r
                        /* phKey     = */ &ret_key);\r
        if (!status)\r
        {\r
                free (data);\r
                return (0);\r
        }\r
\r
        free (data);\r
        return (ret_key);\r
} /* HCRYPTKEY create_hmac_key_exact */\r
\r
/* If the key of the HMAC is larger than the hash size, use the hash of the\r
 * key instead of using the key directly. */\r
static HCRYPTKEY create_hmac_key_hashed (HCRYPTPROV hProv,\r
                                                                                 BYTE *pbKey, DWORD dwKeySize,\r
                                                                                 DWORD dwHashSize, HCRYPTHASH hHash)\r
{\r
        BOOL status;\r
        BYTE *hash_data;\r
        DWORD hash_data_size;\r
        HCRYPTKEY key;\r
\r
        assert (dwKeySize > dwHashSize);\r
\r
        status = CryptHashData (hHash, pbKey, dwKeySize, /* dwFlags = */ 0);\r
        if (!status)\r
                return (0);\r
\r
        hash_data = (BYTE *) malloc (dwHashSize);\r
        if (hash_data == NULL)\r
                return (0);\r
        memset (hash_data, 0, dwHashSize);\r
        hash_data_size = dwHashSize;\r
\r
        status = CryptGetHashParam (hHash, HP_HASHVAL,\r
                hash_data, &hash_data_size, /* flags = */ 0);\r
        if (!status)\r
        {\r
                free (hash_data);\r
                return (0);\r
        }\r
\r
        assert (hash_data_size == dwHashSize);\r
\r
        key = create_hmac_key_exact (hProv, hash_data, hash_data_size);\r
\r
        free (hash_data);\r
        return (key);\r
} /* HCRYPTKEY create_hmac_key_hashed */\r
\r
/* If the key is short enough, it is (right-)padded with zeros and otherwise\r
 * used as-is. */\r
static HCRYPTKEY create_hmac_key_padded (HCRYPTPROV hProv,\r
                                                                                 BYTE *pbKey, DWORD dwKeySize,\r
                                                                                 DWORD dwHashSize)\r
{\r
        BYTE *padded_key;\r
        HCRYPTKEY key;\r
        DWORD i;\r
\r
        assert (dwKeySize <= dwHashSize);\r
\r
        if (dwKeySize == dwHashSize)\r
                return (create_hmac_key_exact (hProv, pbKey, dwKeySize));\r
\r
        padded_key = (BYTE *) malloc (dwHashSize);\r
        if (padded_key == NULL)\r
                return (0);\r
\r
        /* Copy the key and right-pad with zeros. Don't use "memcpy" here because\r
         * the fucked up version of VS will corrupt memory. */\r
        for (i = 0; i < dwHashSize; i++)\r
                padded_key[i] = (i < dwKeySize) ? pbKey[i] : 0;\r
\r
        key = create_hmac_key_exact (hProv, padded_key, dwHashSize);\r
\r
        free (padded_key);\r
        return (key);\r
} /* HCRYPTKEY create_hmac_key_padded */\r
\r
static HCRYPTKEY create_hmac_key (HCRYPTPROV hProv,\r
                                                                  ALG_ID Algid,\r
                                                                  BYTE *pbKey, DWORD dwKeySize)\r
{\r
        HCRYPTHASH hash = 0;\r
        HCRYPTKEY key;\r
        DWORD hash_size = 0;\r
        DWORD param_size;\r
        BOOL status;\r
\r
        /* Allocate a hash object to determine the hash size. */\r
        status = CryptCreateHash (hProv, Algid,\r
                /* hKey = */ 0,\r
                /* dwFlags = */ 0,\r
                /* out phHash = */ &hash);\r
        if (!status)\r
                return (0);\r
\r
        param_size = (DWORD) sizeof (hash_size);\r
        status = CryptGetHashParam (hash, HP_HASHSIZE,\r
                (BYTE *) &hash_size, &param_size,\r
                /* flags = */ 0);\r
        if (!status)\r
        {\r
                CryptDestroyHash (hash);\r
                return (0);\r
        }\r
\r
        /* Determine whether we need to calculate the hash of the key or if\r
         * padding is sufficient. */\r
        if (dwKeySize > hash_size)\r
                key = create_hmac_key_hashed (hProv, pbKey, dwKeySize, hash_size, hash);\r
        else\r
                key = create_hmac_key_padded (hProv, pbKey, dwKeySize, hash_size);\r
\r
        CryptDestroyHash (hash);\r
        return (key);\r
} /* HCRYPTKEY create_hmac_key */\r
\r
BOOL CreateHMAC (HCRYPTPROV hProv,\r
                                 ALG_ID Algid,\r
                                 BYTE *pbKey, DWORD dwKeySize,\r
                                 DWORD dwFlags,\r
                                 HCRYPTHASH *phHash,\r
                                 HCRYPTKEY *phKey)\r
{\r
        HCRYPTKEY hmac_key;\r
        HCRYPTHASH hash = 0;\r
        HMAC_INFO hmac_info;\r
        BOOL status;\r
\r
        hmac_key = create_hmac_key (hProv, Algid, pbKey, dwKeySize);\r
        if (hmac_key == 0)\r
                return (FALSE);\r
\r
        status = CryptCreateHash (hProv, CALG_HMAC, hmac_key,\r
                /* flags = */ dwFlags,\r
                &hash);\r
        if (!status)\r
        {\r
                CryptDestroyKey (hmac_key);\r
                return (status);\r
        }\r
\r
        memset (&hmac_info, 0, sizeof (hmac_info));\r
        hmac_info.HashAlgid = Algid;\r
        hmac_info.pbInnerString = NULL;\r
        hmac_info.cbInnerString = 0;\r
        hmac_info.pbOuterString = NULL;\r
        hmac_info.cbOuterString = 0;\r
\r
        status = CryptSetHashParam (hash, HP_HMAC_INFO, (BYTE *) &hmac_info,\r
                /* flags = */ 0);\r
        if (!status)\r
        {\r
                CryptDestroyHash (hash);\r
                CryptDestroyKey (hmac_key);\r
                return (status);\r
        }\r
\r
        *phHash = hash;\r
        *phKey = hmac_key;\r
        return (TRUE);\r
} /* BOOL CreateHMAC */\r
\r
BOOL DestroyHMAC (HCRYPTHASH hHash, HCRYPTKEY hKey)\r
{\r
        if (hHash != 0)\r
                CryptDestroyHash (hHash);\r
\r
        if (hKey != 0)\r
                CryptDestroyKey (hKey);\r
\r
        return (TRUE);\r
} /* BOOL DestroyHMAC */\r
\r
/* vim: set ts=4 sw=4 noet : */\r