Commit b98ac259 authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Add generic hashed message authentication code API (isc_hmac) to replace...

Add generic hashed message authentication code API (isc_hmac) to replace specific HMAC functions hmacmd5/hmacsha1/hmacsha2...
parent 7fd3dc63
......@@ -30,7 +30,7 @@
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#include <isc/httpd.h>
#include <isc/lex.h>
#include <isc/meminfo.h>
......
......@@ -49,7 +49,6 @@ XTARGETS = adb_test@EXEEXT@ \
db_test@EXEEXT@ \
dst_test@EXEEXT@ \
gsstest@EXEEXT@ \
hash_test@EXEEXT@ \
fsaccess_test@EXEEXT@ \
inter_test@EXEEXT@ \
lex_test@EXEEXT@ \
......@@ -78,7 +77,6 @@ XSRCS = adb_test.c \
byname_test.c \
db_test.c \
dst_test.c \
hash_test.c \
fsaccess_test.c \
gsstest.c \
inter_test.c \
......@@ -167,10 +165,6 @@ name_test@EXEEXT@: name_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ name_test.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
hash_test@EXEEXT@: hash_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ hash_test.@O@ \
${ISCLIBS} ${LIBS}
entropy_test@EXEEXT@: entropy_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy_test.@O@ \
${ISCLIBS} ${LIBS}
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/util.h>
#include <isc/print.h>
#include <isc/string.h>
#include <pk11/site.h>
static void
print_digest(const char *s, const char *hash, unsigned char *d,
unsigned int words)
{
unsigned int i, j;
printf("hash (%s) %s:\n\t", hash, s);
for (i = 0; i < words; i++) {
printf(" ");
for (j = 0; j < 4; j++)
printf("%02x", d[i * 4 + j]);
}
printf("\n");
}
int
main(int argc, char **argv) {
isc_hmacmd5_t hmacmd5;
isc_hmacsha1_t hmacsha1;
isc_hmacsha224_t hmacsha224;
isc_hmacsha256_t hmacsha256;
isc_hmacsha384_t hmacsha384;
isc_hmacsha512_t hmacsha512;
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char buffer[1024];
const char *s;
unsigned char key[20];
UNUSED(argc);
UNUSED(argv);
/*
* The 3 HMAC-MD5 examples from RFC2104
*/
s = "Hi There";
memset(key, 0x0b, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacmd5_init(&hmacmd5, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
/*
* The 3 HMAC-SHA1 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha1_init(&hmacsha1, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA224 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha224_init(&hmacsha224, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA256 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha256_init(&hmacsha256, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA384 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha384_init(&hmacsha384, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA512 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha512_init(&hmacsha512, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
return (0);
}
......@@ -35,7 +35,6 @@
#include <isc/buffer.h>
#include <isc/dir.h>
#include <isc/fsaccess.h>
#include <isc/hmacsha.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/once.h>
......
......@@ -38,8 +38,7 @@
#include <isc/types.h>
#include <isc/refcount.h>
#include <isc/stdtime.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#if USE_PKCS11
#include <pk11/pk11.h>
......@@ -72,12 +71,7 @@ LIBDNS_EXTERNAL_DATA extern isc_mem_t *dst__memory_pool;
typedef struct dst_func dst_func_t;
typedef struct dst_hmacmd5_key dst_hmacmd5_key_t;
typedef struct dst_hmacsha1_key dst_hmacsha1_key_t;
typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
typedef struct dst_hmac_key dst_hmac_key_t;
/*%
* Indicate whether a DST context will be used for signing
......@@ -113,13 +107,7 @@ struct dst_key {
#if USE_PKCS11
pk11_object_t *pkey;
#endif
dst_hmacmd5_key_t *hmacmd5;
dst_hmacsha1_key_t *hmacsha1;
dst_hmacsha224_key_t *hmacsha224;
dst_hmacsha256_key_t *hmacsha256;
dst_hmacsha384_key_t *hmacsha384;
dst_hmacsha512_key_t *hmacsha512;
dst_hmac_key_t *hmac_key;
} keydata; /*%< pointer to key in crypto pkg fmt */
isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
......@@ -146,12 +134,7 @@ struct dst_context {
union {
void *generic;
dst_gssapi_signverifyctx_t *gssctx;
isc_hmacmd5_t *hmacmd5ctx;
isc_hmacsha1_t *hmacsha1ctx;
isc_hmacsha224_t *hmacsha224ctx;
isc_hmacsha256_t *hmacsha256ctx;
isc_hmacsha384_t *hmacsha384ctx;
isc_hmacsha512_t *hmacsha512ctx;
isc_hmac_t *hmac_ctx;
EVP_MD_CTX *evp_md_ctx;
#if USE_PKCS11
pk11_context_t *pk11_ctx;
......
......@@ -26,13 +26,13 @@
#include <config.h>
#include <stdbool.h>
#include <arpa/inet.h>
#include <isc/buffer.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#include <isc/md.h>
#include <isc/nonce.h>
#include <isc/random.h>
#include <isc/md.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/string.h>
......@@ -48,489 +48,317 @@
#endif
#include "dst_parse.h"
static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data);
#define ISC_MD_md5 ISC_MD_MD5
#define ISC_MD_sha1 ISC_MD_SHA1
#define ISC_MD_sha224 ISC_MD_SHA224
#define ISC_MD_sha256 ISC_MD_SHA256
#define ISC_MD_sha384 ISC_MD_SHA384
#define ISC_MD_sha512 ISC_MD_SHA512
#define hmac_register_algorithm(alg) \
static isc_result_t \
hmac##alg##_createctx(dst_key_t *key, \
dst_context_t *dctx) { \
return (hmac_createctx(ISC_MD_##alg, key, dctx)); \
} \
static void \
hmac##alg##_destroyctx(dst_context_t *dctx) { \
hmac_destroyctx(dctx); \
} \
static isc_result_t \
hmac##alg##_adddata(dst_context_t *dctx, \
const isc_region_t *data) { \
return (hmac_adddata(dctx, data)); \
} \
static isc_result_t \
hmac##alg##_sign(dst_context_t *dctx, \
isc_buffer_t *sig) { \
return (hmac_sign(dctx, sig)); \
} \
static isc_result_t \
hmac##alg##_verify(dst_context_t *dctx, \
const isc_region_t *sig) { \
return (hmac_verify(dctx, sig)); \
} \
static bool \
hmac##alg##_compare(const dst_key_t *key1, \
const dst_key_t *key2) { \
return (hmac_compare(ISC_MD_##alg, key1, key2)); \
} \
static isc_result_t \
hmac##alg##_generate(dst_key_t *key, \
int pseudorandom_ok, \
void (*callback)(int)) { \
UNUSED(pseudorandom_ok); \
UNUSED(callback); \
return (hmac_generate(ISC_MD_##alg, key)); \
} \
static bool \
hmac##alg##_isprivate(const dst_key_t *key) { \
return (hmac_isprivate(key)); \
} \
static void \
hmac##alg##_destroy(dst_key_t *key) { \
hmac_destroy(key); \
} \
static isc_result_t \
hmac##alg##_todns(const dst_key_t *key, isc_buffer_t *data) { \
return (hmac_todns(key, data)); \
} \
static isc_result_t \
hmac##alg##_fromdns(dst_key_t *key, isc_buffer_t *data) { \
return (hmac_fromdns(ISC_MD_##alg, key, data)); \
} \
static isc_result_t \
hmac##alg##_tofile(const dst_key_t *key, const char *directory) { \
return (hmac_tofile(ISC_MD_##alg, key, directory)); \
} \
static isc_result_t \
hmac##alg##_parse(dst_key_t *key, isc_lex_t *lexer, \
dst_key_t *pub) { \
return(hmac_parse(ISC_MD_##alg, key, lexer, pub)); \
} \
static dst_func_t hmac##alg##_functions = { \
hmac##alg##_createctx, \
NULL, /*%< createctx2 */ \
hmac##alg##_destroyctx, \
hmac##alg##_adddata, \
hmac##alg##_sign, \
hmac##alg##_verify, \
NULL, /*%< verify2 */ \
NULL, /*%< computesecret */ \
hmac##alg##_compare, \
NULL, /*%< paramcompare */ \
hmac##alg##_generate, \
hmac##alg##_isprivate, \
hmac##alg##_destroy, \
hmac##alg##_todns, \
hmac##alg##_fromdns, \
hmac##alg##_tofile, \
hmac##alg##_parse, \
NULL, /*%< cleanup */ \
NULL, /*%< fromlabel */ \
NULL, /*%< dump */ \
NULL, /*%< restore */ \
}; \
isc_result_t \
dst__hmac##alg##_init(dst_func_t **funcp) { \
REQUIRE(funcp != NULL); \
if (*funcp == NULL) { \
*funcp = &hmac##alg##_functions; \
} \
return (ISC_R_SUCCESS); \
}
static isc_result_t
hmac_fromdns(isc_md_type_t type, dst_key_t *key, isc_buffer_t *data);
struct dst_hmacmd5_key {
unsigned char key[ISC_HMAC_MAX_MD_CBLOCK];
struct dst_hmac_key {
uint8_t key[ISC_MAX_BLOCK_SIZE];
};
static isc_result_t
static inline isc_result_t
getkeybits(dst_key_t *key, struct dst_private_element *element) {
uint16_t *bits = (uint16_t *)element->data;
if (element->length != 2)
if (element->length != 2) {
return (DST_R_INVALIDPRIVATEKEY);
key->key_bits = (element->data[0] << 8) + element->data[1];
return (ISC_R_SUCCESS);
}
static isc_result_t
hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) {
isc_hmacmd5_t *hmacmd5ctx;
dst_hmacmd5_key_t *hkey = key->keydata.hmacmd5;
hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t));
if (hmacmd5ctx == NULL)
return (ISC_R_NOMEMORY);
isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH);
dctx->ctxdata.hmacmd5ctx = hmacmd5ctx;
return (ISC_R_SUCCESS);
}
static void
hmacmd5_destroyctx(dst_context_t *dctx) {
isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx;
if (hmacmd5ctx != NULL) {
isc_hmacmd5_invalidate(hmacmd5ctx);
isc_mem_put(dctx->mctx, hmacmd5ctx, sizeof(isc_hmacmd5_t));
dctx->ctxdata.hmacmd5ctx = NULL;
}
}
static isc_result_t
hmacmd5_adddata(dst_context_t *dctx, const isc_region_t *data) {
isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx;
isc_hmacmd5_update(hmacmd5ctx, data->base, data->length);
return (ISC_R_SUCCESS);
}
static isc_result_t
hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx;
unsigned char *digest;
if (isc_buffer_availablelength(sig) < ISC_MD5_DIGESTLENGTH)
return (ISC_R_NOSPACE);
digest = isc_buffer_used(sig);
isc_hmacmd5_sign(hmacmd5ctx, digest);
isc_buffer_add(sig, ISC_MD5_DIGESTLENGTH);
key->key_bits = ntohs(*bits);
return (ISC_R_SUCCESS);
}
static isc_result_t
hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx;
if (sig->length > ISC_MD5_DIGESTLENGTH)
return (DST_R_VERIFYFAILURE);
if (isc_hmacmd5_verify2(hmacmd5ctx, sig->base, sig->length))
return (ISC_R_SUCCESS);
else
return (DST_R_VERIFYFAILURE);
}
static bool
hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
dst_hmacmd5_key_t *hkey1, *hkey2;
hkey1 = key1->keydata.hmacmd5;
hkey2 = key2->keydata.hmacmd5;
if (hkey1 == NULL && hkey2 == NULL)
return (true);
else if (hkey1 == NULL || hkey2 == NULL)
return (false);
if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH))
return (true);
else
return (false);
}
static isc_result_t
hmacmd5_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int))
static inline isc_result_t
hmac_createctx(isc_md_type_t type, const dst_key_t *key,
dst_context_t *dctx)
{
isc_buffer_t b;
isc_result_t ret;
unsigned int bytes;
unsigned char data[ISC_MD5_BLOCK_LENGTH];
UNUSED(pseudorandom_ok);
UNUSED(callback);
bytes = (key->key_size + 7) / 8;
if (bytes > ISC_MD5_BLOCK_LENGTH) {
bytes = ISC_MD5_BLOCK_LENGTH;
key->key_size = ISC_MD5_BLOCK_LENGTH * 8;
isc_result_t result;
const dst_hmac_key_t *hkey = key->keydata.hmac_key;
isc_hmac_t *ctx = isc_hmac_new(); /* Either returns or abort()s */
result = isc_hmac_init(ctx, hkey->key,
isc_md_type_get_block_size(type), type);
if (result != ISC_R_SUCCESS) {
return (DST_R_UNSUPPORTEDALG);
}
memset(data, 0, ISC_MD5_BLOCK_LENGTH);
isc_nonce_buf(data, bytes);
isc_buffer_init(&b, data, bytes);
isc_buffer_add(&b, bytes);
ret = hmacmd5_fromdns(key, &b);
isc_safe_memwipe(data, sizeof(data));
return (ret);
}
static bool
hmacmd5_isprivate(const dst_key_t *key) {
UNUSED(key);
return (true);
}
static void
hmacmd5_destroy(dst_key_t *key) {