334. [func] Added hmac-md5 to libisc.

CHANGES

+ 334.	[func]		Added hmac-md5 to libisc.
+
  333.	[bug]		The resolver incorrectly accepted referrals to
 			domains that were not parents of the query name,
 			causing assertion failures.

bin/tests/hash_test.c

@@ -15,12 +15,14 @@
  * SOFTWARE.
  */
 
-/* $Id: hash_test.c,v 1.4 2000/06/23 16:18:56 tale Exp $ */
+/* $Id: hash_test.c,v 1.5 2000/07/17 17:33:39 bwelling Exp $ */
 
 #include <config.h>
 
 #include <stdio.h>
+#include <string.h>
 
+#include <isc/hmacmd5.h>
 #include <isc/md5.h>
 #include <isc/sha1.h>
 #include <isc/util.h>
@@ -45,9 +47,11 @@ int
 main(int argc, char **argv) {
 	isc_sha1_t sha1;
 	isc_md5_t md5;
+	isc_hmacmd5_t hmacmd5;
 	unsigned char digest[20];
 	unsigned char buffer[1024];
 	const unsigned char *s;
+	unsigned char key[20];
 
 	UNUSED(argc);
 	UNUSED(argv);
@@ -73,5 +77,36 @@ main(int argc, char **argv) {
 	isc_md5_final(&md5, digest);
 	print_digest(buffer, "md5", digest, 4);
 
+	/*
+	 * The 3 HMAC-MD5 examples from RFC 2104
+	 */
+	s = "Hi There";
+	memset(key, 0x0b, 16);
+	isc_hmacmd5_init(&hmacmd5, key, 16);
+	strcpy(buffer, s);
+	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
+	isc_hmacmd5_sign(&hmacmd5, digest);
+	print_digest(buffer, "hmacmd5", digest, 4);
+
+	s = "what do ya want for nothing?";
+	strcpy(key, "Jefe");
+	isc_hmacmd5_init(&hmacmd5, key, 4);
+	strcpy(buffer, s);
+	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
+	isc_hmacmd5_sign(&hmacmd5, digest);
+	print_digest(buffer, "hmacmd5", digest, 4);
+
+	s = "\335\335\335\335\335\335\335\335\335\335"
+	    "\335\335\335\335\335\335\335\335\335\335"
+	    "\335\335\335\335\335\335\335\335\335\335"
+	    "\335\335\335\335\335\335\335\335\335\335"
+	    "\335\335\335\335\335\335\335\335\335\335";
+	memset(key, 0xaa, 16);
+	isc_hmacmd5_init(&hmacmd5, key, 16);
+	strcpy(buffer, s);
+	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
+	isc_hmacmd5_sign(&hmacmd5, digest);
+	print_digest(buffer, "hmacmd5", digest, 4);
+
 	return (0);
 }

lib/isc/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.61 2000/06/22 21:56:48 tale Exp $
+# $Id: Makefile.in,v 1.62 2000/07/17 17:33:31 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -50,7 +50,8 @@ WIN32OBJS = 	win32/condition.@O@ win32/dir.@O@ win32/file.@O@ \
 # Alphabetically
 OBJS =		@ISC_EXTRA_OBJS@ \
 		assertions.@O@ base64.@O@ bitstring.@O@ buffer.@O@ \
-		bufferlist.@O@ commandline.@O@ error.@O@ event.@O@ heap.@O@ \
+		bufferlist.@O@ commandline.@O@ error.@O@ event.@O@ \
+		heap.@O@ hmacmd5.@O@ \
 		lex.@O@ lfsr.@O@ lib.@O@ log.@O@ \
 		md5.@O@ mem.@O@ mutexblock.@O@ netaddr.@O@ ondestroy.@O@ \
 		quota.@O@ random.@O@ \
@@ -62,7 +63,8 @@ OBJS =		@ISC_EXTRA_OBJS@ \
 # Alphabetically
 SRCS =		@ISC_EXTRA_SRCS@ \
 		assertions.c base64.c bitstring.c buffer.c \
-		bufferlist.c commandline.c error.c event.c heap.c \
+		bufferlist.c commandline.c error.c event.c \
+		heap.c hmacmd5.c \
 		lex.c lfsr.c lib.c log.c \
 		md5.c mem.c mutexblock.c netaddr.c ondestroy.c \
 		quota.c random.c \

lib/isc/hmacmd5.c

+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: hmacmd5.c,v 1.1 2000/07/17 17:33:31 bwelling Exp $ */
+
+/*
+ * This code implements the HMAC-MD5 keyed hash algorithm
+ * described in RFC 2104.
+ */
+
+#include "config.h"
+
+#include <isc/assertions.h>
+#include <isc/hmacmd5.h>
+#include <isc/md5.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#define PADLEN 64
+#define IPAD 0x36
+#define OPAD 0x5C
+
+/*
+ * Start HMAC-MD5 process.  Initialize an md5 context and digest the key.
+ */
+void
+isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
+		 unsigned int len)
+{
+	unsigned char ipad[PADLEN];
+	int i;
+
+	memset(ctx->key, 0, sizeof (ctx->key));
+	if (len > sizeof(ctx->key)) {
+		isc_md5_t md5ctx;
+		isc_md5_init(&md5ctx);
+		isc_md5_update(&md5ctx, key, len);
+		isc_md5_final(&md5ctx, ctx->key);
+	} else
+		memcpy(ctx->key, key, len);
+
+	isc_md5_init(&ctx->md5ctx);
+	memset(ipad, IPAD, sizeof (ipad));
+	for (i = 0; i < PADLEN; i++)
+		ipad[i] ^= ctx->key[i];
+	isc_md5_update(&ctx->md5ctx, ipad, sizeof(ipad));
+}
+
+void
+isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
+	isc_md5_invalidate(&ctx->md5ctx);
+	memset(ctx->key, 0, sizeof (ctx->key));
+	memset(ctx, 0, sizeof (ctx));
+}
+
+/*
+ * Update context to reflect the concatenation of another buffer full
+ * of bytes.
+ */
+void
+isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
+		   unsigned int len)
+{
+	isc_md5_update(&ctx->md5ctx, buf, len);
+}
+
+/*
+ * Compute signature - finalize MD5 operation and reapply MD5.
+ */
+void
+isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
+	unsigned char opad[PADLEN];
+	int i;
+
+	isc_md5_final(&ctx->md5ctx, digest);
+
+	memset(opad, OPAD, sizeof (opad));
+	for (i = 0; i < PADLEN; i++)
+		opad[i] ^= ctx->key[i];
+
+	isc_md5_init(&ctx->md5ctx);
+	isc_md5_update(&ctx->md5ctx, opad, sizeof(opad));
+	isc_md5_update(&ctx->md5ctx, digest, ISC_MD5_DIGESTLENGTH);
+	isc_md5_final(&ctx->md5ctx, digest);
+	isc_hmacmd5_invalidate(ctx);
+}
+
+/*
+ * Verify signature - finalize MD5 operation and reapply MD5, then
+ * compare to the supplied digest.
+ */
+isc_boolean_t
+isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest) {
+	unsigned char newdigest[ISC_MD5_DIGESTLENGTH];
+
+	isc_hmacmd5_sign(ctx, newdigest);
+	return (ISC_TF(memcmp(digest, newdigest, ISC_MD5_DIGESTLENGTH) == 0));
+}

lib/isc/include/isc/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.39 2000/06/30 00:26:19 gson Exp $
+# $Id: Makefile.in,v 1.40 2000/07/17 17:33:34 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -28,8 +28,8 @@ top_srcdir =	@top_srcdir@
 #
 HEADERS =	assertions.h base64.h bitstring.h boolean.h buffer.h \
 		bufferlist.h commandline.h error.h event.h eventclass.h \
-		file.h formatcheck.h fsaccess.h heap.h interfaceiter.h \
-		@ISC_IPV6_H@ lang.h lex.h \
+		file.h formatcheck.h fsaccess.h heap.h hmacmd5.h \
+		interfaceiter.h @ISC_IPV6_H@ lang.h lex.h \
 		lfsr.h lib.h list.h log.h magic.h md5.h mem.h msgcat.h \
 		mutexblock.h netaddr.h ondestroy.h os.h \
 		print.h quota.h random.h ratelimiter.h region.h \

lib/isc/include/isc/hmacmd5.h

+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: hmacmd5.h,v 1.1 2000/07/17 17:33:32 bwelling Exp $ */
+
+/*
+ * This is the header file for the HMAC-MD5 keyed hash algorithm
+ * described in RFC 2104.
+ */
+
+#ifndef ISC_HMACMD5_H
+#define ISC_HMACMD5_H 1
+
+#include <isc/lang.h>
+#include <isc/md5.h>
+#include <isc/types.h>
+
+#define ISC_HMACMD5_KEYLENGTH 64
+
+typedef struct {
+	isc_md5_t md5ctx;
+	unsigned char key[ISC_HMACMD5_KEYLENGTH];
+} isc_hmacmd5_t;
+
+ISC_LANG_BEGINDECLS
+
+void
+isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
+		 unsigned int len);
+
+void
+isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx);
+
+void
+isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
+		   unsigned int len);
+
+void
+isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest);
+
+isc_boolean_t
+isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest);
+
+ISC_LANG_ENDDECLS
+
+#endif /* ISC_HMACMD5_H */

util/copyrights

@@ -994,6 +994,7 @@
 ./lib/isc/event.c				C	1998,1999,2000
 ./lib/isc/fsaccess.c				C	2000
 ./lib/isc/heap.c				C	1997,1998,1999,2000
+./lib/isc/hmacmd5.c				C	2000
 ./lib/isc/include/.cvsignore			X	1999,2000
 ./lib/isc/include/Makefile.in			MAKE	1998,1999,2000
 ./lib/isc/include/isc/.cvsignore		X	1999,2000
@@ -1013,6 +1014,7 @@
 ./lib/isc/include/isc/formatcheck.h		C	2000
 ./lib/isc/include/isc/fsaccess.h		C	2000
 ./lib/isc/include/isc/heap.h			C	1997,1998,1999,2000
+./lib/isc/include/isc/hmacmd5.h			C	2000
 ./lib/isc/include/isc/interfaceiter.h		C	1999,2000
 ./lib/isc/include/isc/ipv6.h			C	1999,2000
 ./lib/isc/include/isc/lang.h			C	1999,2000