Add cryptoHmacOne() for HMAC support.

There doesn't seem to be any need to implement this as a filter since current use cases (S3 authentication) work on small datasets. So, use the single function method provided by OpenSSL for simplicity.
pgbackrest · Sep 27, 2018 · e66e68e · e66e68e
1 parent 6470f03
commit e66e68e
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 2 deletions.
diff --git a/doc/xml/release.xml b/doc/xml/release.xml
@@ -90,6 +90,10 @@
                         <p>Add helper for repository storage.</p>
                     </release-item>
 
+                    <release-item>
+                        <p>Add <code>cryptoHmacOne()</code> for HMAC support.</p>
+                    </release-item>
+
                     <release-item>
                         <p>Add <code>bufNewZ()</code> and <code>bufHex()</code>to <code>Buffer</code> object.</p>
                     </release-item>

diff --git a/src/Makefile b/src/Makefile
@@ -299,7 +299,7 @@ crypto/cipherBlock.o: crypto/cipherBlock.c common/debug.h common/error.auto.h co
 crypto/crypto.o: crypto/crypto.c common/debug.h common/log.h common/logLevel.h common/stackTrace.h common/type/convert.h crypto/crypto.h
 	$(CC) $(CFLAGS) -c crypto/crypto.c -o crypto/crypto.o
 
-crypto/hash.o: crypto/hash.c common/debug.h common/error.auto.h common/error.h common/io/filter/filter.h common/io/filter/filter.intern.h common/log.h common/logLevel.h common/memContext.h common/stackTrace.h common/type/buffer.h common/type/convert.h common/type/keyValue.h common/type/string.h common/type/variant.h common/type/variantList.h crypto/crypto.h crypto/hash.h
+crypto/hash.o: crypto/hash.c common/assert.h common/debug.h common/error.auto.h common/error.h common/io/filter/filter.h common/io/filter/filter.intern.h common/log.h common/logLevel.h common/memContext.h common/stackTrace.h common/type/buffer.h common/type/convert.h common/type/keyValue.h common/type/string.h common/type/variant.h common/type/variantList.h crypto/crypto.h crypto/hash.h
 	$(CC) $(CFLAGS) -c crypto/hash.c -o crypto/hash.o
 
 crypto/random.o: crypto/random.c common/debug.h common/error.auto.h common/error.h common/log.h common/logLevel.h common/stackTrace.h common/type/convert.h crypto/random.h

diff --git a/src/crypto/hash.c b/src/crypto/hash.c
@@ -5,7 +5,9 @@ Cryptographic Hash
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/hmac.h>
 
+#include "common/assert.h"
 #include "common/debug.h"
 #include "common/io/filter/filter.intern.h"
 #include "common/log.h"
@@ -302,3 +304,32 @@ cryptoHashOneStr(const String *type, String *message)
 
     FUNCTION_TEST_RESULT(BUFFER, cryptoHashOneC(type, (const unsigned char *)strPtr(message), strSize(message)));
 }
+
+
+/***********************************************************************************************************************************
+Get hmac for one message/key
+***********************************************************************************************************************************/
+Buffer *
+cryptoHmacOne(const String *type, const Buffer *key, const Buffer *message)
+{
+    FUNCTION_DEBUG_BEGIN(logLevelTrace);
+        FUNCTION_DEBUG_PARAM(STRING, type);
+        FUNCTION_DEBUG_PARAM(BUFFER, key);
+        FUNCTION_DEBUG_PARAM(BUFFER, message);
+
+        FUNCTION_TEST_ASSERT(type != NULL);
+        FUNCTION_TEST_ASSERT(key != NULL);
+        FUNCTION_TEST_ASSERT(message != NULL);
+    FUNCTION_DEBUG_END();
+
+    const EVP_MD *hashType = EVP_get_digestbyname(strPtr(type));
+    ASSERT(hashType != NULL);
+
+    // Allocate a buffer to hold the hmac
+    Buffer *result = bufNew((size_t)EVP_MD_size(hashType));
+
+    // Calculate the HMAC
+    HMAC(hashType, bufPtr(key), (int)bufSize(key), bufPtr(message), bufSize(message), bufPtr(result), NULL);
+
+    FUNCTION_TEST_RESULT(BUFFER, result);
+}
diff --git a/src/crypto/hash.h b/src/crypto/hash.h
@@ -52,6 +52,8 @@ Buffer *cryptoHashOne(const String *type, Buffer *message);
 Buffer *cryptoHashOneC(const String *type, const unsigned char *message, size_t messageSize);
 Buffer *cryptoHashOneStr(const String *type, String *message);
 
+Buffer *cryptoHmacOne(const String *type, const Buffer *key, const Buffer *message);
+
 /***********************************************************************************************************************************
 Macros for function logging
 ***********************************************************************************************************************************/

diff --git a/test/define.yaml b/test/define.yaml
@@ -303,7 +303,7 @@ unit:
 
       # ----------------------------------------------------------------------------------------------------------------------------
       - name: hash
-        total: 2
+        total: 3
 
         coverage:
           crypto/hash: full

diff --git a/test/src/module/crypto/hashTest.c b/test/src/module/crypto/hashTest.c
@@ -64,5 +64,19 @@ testRun(void)
             "    check small hash");
     }
 
+    // *****************************************************************************************************************************
+    if (testBegin("cryptoHmacOne()"))
+    {
+        TEST_RESULT_STR(
+            strPtr(
+                bufHex(
+                    cryptoHmacOne(
+                        strNew(HASH_TYPE_SHA256),
+                        bufNewZ("AWS4wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"),
+                        bufNewZ("20170412")))),
+            "8b05c497afe9e1f42c8ada4cb88392e118649db1e5c98f0f0fb0a158bdd2dd76",
+            "    check hmac");
+    }
+
     FUNCTION_HARNESS_RESULT_VOID();
 }