logger_system/integrity__policy_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2025, kcenon

// See the LICENSE file in the project root for full license information.


#pragma once


#include <kcenon/logger/security/secure_key_storage.h>


#include <iomanip>

#include <memory>

#include <sstream>

#include <string>

#include <utility>


// OpenSSL 3.x+ for HMAC via EVP_MAC API (optional, fallback to portable hash)

#if __has_include(<openssl/hmac.h>)

#include <openssl/core_names.h>

#include <openssl/evp.h>

#include <openssl/hmac.h>

#include <openssl/params.h>

#ifndef LOGGER_INTEGRITY_HAS_OPENSSL

#define LOGGER_INTEGRITY_HAS_OPENSSL 1

#endif

#endif


namespace kcenon::logger::security {


class integrity_policy {

public:

    virtual ~integrity_policy() = default;


    virtual std::string sign(const std::string& record) const = 0;


    virtual bool verify(const std::string& record,

                        const std::string& signature) const = 0;


    virtual std::string name() const = 0;

};


class hmac_sha256_integrity_policy final : public integrity_policy {

public:


    explicit hmac_sha256_integrity_policy(secure_key key)

        : key_(std::make_shared<secure_key>(std::move(key))) {

    }


    std::string sign(const std::string& record) const override {

        return compute_hmac(record, *key_);

    }


    bool verify(const std::string& record,

                const std::string& signature) const override {

        if (signature.empty()) {

            return false;

        }

        const std::string expected = compute_hmac(record, *key_);

        if (expected.empty() || expected.size() != signature.size()) {

            return false;

        }

        // Constant-time compare to avoid signature-timing leaks.

        unsigned char diff = 0;

        for (size_t i = 0; i < expected.size(); ++i) {

            diff |= static_cast<unsigned char>(expected[i])

                  ^ static_cast<unsigned char>(signature[i]);

        }

        return diff == 0;

    }


    std::string name() const override {

        return "HMAC-SHA256";

    }


private:


    static std::string compute_hmac(const std::string& message,

                                    const secure_key& key) {

#ifdef LOGGER_INTEGRITY_HAS_OPENSSL

        unsigned char digest[EVP_MAX_MD_SIZE];

        size_t digest_len = 0;


        EVP_MAC* mac = EVP_MAC_fetch(nullptr, "HMAC", nullptr);

        if (!mac) {

            return std::string();

        }


        EVP_MAC_CTX* ctx = EVP_MAC_CTX_new(mac);

        if (!ctx) {

            EVP_MAC_free(mac);

            return std::string();

        }


        OSSL_PARAM params[] = {

            OSSL_PARAM_construct_utf8_string(

                OSSL_MAC_PARAM_DIGEST,

                const_cast<char*>("SHA256"),

                0),

            OSSL_PARAM_END

        };


        if (EVP_MAC_init(ctx, key.data().data(), key.size(), params) != 1) {

            EVP_MAC_CTX_free(ctx);

            EVP_MAC_free(mac);

            return std::string();

        }


        if (EVP_MAC_update(

                ctx,

                reinterpret_cast<const unsigned char*>(message.data()),

                message.size()) != 1) {

            EVP_MAC_CTX_free(ctx);

            EVP_MAC_free(mac);

            return std::string();

        }


        if (EVP_MAC_final(ctx, digest, &digest_len, sizeof(digest)) != 1) {

            EVP_MAC_CTX_free(ctx);

            EVP_MAC_free(mac);

            return std::string();

        }


        EVP_MAC_CTX_free(ctx);

        EVP_MAC_free(mac);


        std::ostringstream hex;

        hex << std::hex << std::setfill('0');

        for (size_t i = 0; i < digest_len; ++i) {

            hex << std::setw(2) << static_cast<int>(digest[i]);

        }

        return hex.str();

#else

        // Portable fallback. NOT cryptographically secure; intended only

        // to keep sign/verify round-trip working on builds without OpenSSL.

        std::size_t hash = 0xcbf29ce484222325ULL;

        for (size_t i = 0; i < message.size(); ++i) {

            hash ^= static_cast<unsigned char>(message[i]);

            hash *= 0x100000001b3ULL;

            if (i < key.size()) {

                hash ^= key.data()[i];

            }

        }

        std::ostringstream oss;

        oss << std::hex << std::setfill('0') << std::setw(16) << hash;

        return oss.str();

#endif

    }


    // shared_ptr so the policy can be copied cheaply across decorator chains

    // while still ensuring the key is zeroized when the last owner releases.

    std::shared_ptr<secure_key> key_;

};


inline std::string format_signature_suffix(const integrity_policy& policy,

                                           const std::string& record) {

    std::string sig = policy.sign(record);

    if (sig.empty()) {

        return std::string();

    }

    std::string out;

    out.reserve(14 + policy.name().size() + sig.size());

    out.append(" SIGNATURE[");

    out.append(policy.name());

    out.append("]:");

    out.append(sig);

    return out;

}


} // namespace kcenon::logger::security

kcenon::logger::security::hmac_sha256_integrity_policy
HMAC-SHA256 integrity policy (ISO/IEC 27001 A.12.4.2 default).
Definition integrity_policy.h:93

kcenon::logger::security::hmac_sha256_integrity_policy::hmac_sha256_integrity_policy
hmac_sha256_integrity_policy(secure_key key)
Construct from a secure_key.
Definition integrity_policy.h:102

kcenon::logger::security::hmac_sha256_integrity_policy::verify
bool verify(const std::string &record, const std::string &signature) const override
Verify that signature matches record.
Definition integrity_policy.h:110

kcenon::logger::security::hmac_sha256_integrity_policy::key_
std::shared_ptr< secure_key > key_
Definition integrity_policy.h:207

kcenon::logger::security::hmac_sha256_integrity_policy::compute_hmac
static std::string compute_hmac(const std::string &message, const secure_key &key)
Definition integrity_policy.h:133

kcenon::logger::security::hmac_sha256_integrity_policy::sign
std::string sign(const std::string &record) const override
Produce a signature for record.
Definition integrity_policy.h:106

kcenon::logger::security::hmac_sha256_integrity_policy::name
std::string name() const override
Short identifier used as a prefix in serialized signatures (e.g. "HMAC-SHA256"). Implementations must...
Definition integrity_policy.h:128

kcenon::logger::security::integrity_policy
Abstract interface for log integrity signing.
Definition integrity_policy.h:53

kcenon::logger::security::integrity_policy::~integrity_policy
virtual ~integrity_policy()=default

kcenon::logger::security::integrity_policy::verify
virtual bool verify(const std::string &record, const std::string &signature) const =0
Verify that signature matches record.

kcenon::logger::security::integrity_policy::sign
virtual std::string sign(const std::string &record) const =0
Produce a signature for record.

kcenon::logger::security::integrity_policy::name
virtual std::string name() const =0
Short identifier used as a prefix in serialized signatures (e.g. "HMAC-SHA256"). Implementations must...

kcenon::logger::security::secure_key
RAII wrapper for encryption keys with secure memory management.
Definition secure_key_storage.h:40

kcenon::logger::security::secure_key::size
size_t size() const
Get key size in bytes.
Definition secure_key_storage.h:102

kcenon::logger::security::secure_key::data
const std::vector< uint8_t > & data() const
Get const reference to key data.
Definition secure_key_storage.h:88

kcenon::logger::security
Definition logger_context.h:52

kcenon::logger::security::format_signature_suffix
std::string format_signature_suffix(const integrity_policy &policy, const std::string &record)
Format a signature line suitable for appending to a text log record.
Definition integrity_policy.h:218

secure_key_storage.h
RAII wrapper for encryption keys with secure memory management.