Commit b98ac259 authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Add generic hashed message authentication code API (isc_hmac) to replace...

Add generic hashed message authentication code API (isc_hmac) to replace specific HMAC functions hmacmd5/hmacsha1/hmacsha2...
parent 7fd3dc63
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
#include <isc/file.h> #include <isc/file.h>
#include <isc/hash.h> #include <isc/hash.h>
#include <isc/hex.h> #include <isc/hex.h>
#include <isc/hmacsha.h> #include <isc/hmac.h>
#include <isc/httpd.h> #include <isc/httpd.h>
#include <isc/lex.h> #include <isc/lex.h>
#include <isc/meminfo.h> #include <isc/meminfo.h>
......
...@@ -49,7 +49,6 @@ XTARGETS = adb_test@EXEEXT@ \ ...@@ -49,7 +49,6 @@ XTARGETS = adb_test@EXEEXT@ \
db_test@EXEEXT@ \ db_test@EXEEXT@ \
dst_test@EXEEXT@ \ dst_test@EXEEXT@ \
gsstest@EXEEXT@ \ gsstest@EXEEXT@ \
hash_test@EXEEXT@ \
fsaccess_test@EXEEXT@ \ fsaccess_test@EXEEXT@ \
inter_test@EXEEXT@ \ inter_test@EXEEXT@ \
lex_test@EXEEXT@ \ lex_test@EXEEXT@ \
...@@ -78,7 +77,6 @@ XSRCS = adb_test.c \ ...@@ -78,7 +77,6 @@ XSRCS = adb_test.c \
byname_test.c \ byname_test.c \
db_test.c \ db_test.c \
dst_test.c \ dst_test.c \
hash_test.c \
fsaccess_test.c \ fsaccess_test.c \
gsstest.c \ gsstest.c \
inter_test.c \ inter_test.c \
...@@ -167,10 +165,6 @@ name_test@EXEEXT@: name_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ...@@ -167,10 +165,6 @@ name_test@EXEEXT@: name_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ name_test.@O@ \ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ name_test.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}
hash_test@EXEEXT@: hash_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ hash_test.@O@ \
${ISCLIBS} ${LIBS}
entropy_test@EXEEXT@: entropy_test.@O@ ${ISCDEPLIBS} entropy_test@EXEEXT@: entropy_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy_test.@O@ \ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy_test.@O@ \
${ISCLIBS} ${LIBS} ${ISCLIBS} ${LIBS}
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/util.h>
#include <isc/print.h>
#include <isc/string.h>
#include <pk11/site.h>
static void
print_digest(const char *s, const char *hash, unsigned char *d,
unsigned int words)
{
unsigned int i, j;
printf("hash (%s) %s:\n\t", hash, s);
for (i = 0; i < words; i++) {
printf(" ");
for (j = 0; j < 4; j++)
printf("%02x", d[i * 4 + j]);
}
printf("\n");
}
int
main(int argc, char **argv) {
isc_hmacmd5_t hmacmd5;
isc_hmacsha1_t hmacsha1;
isc_hmacsha224_t hmacsha224;
isc_hmacsha256_t hmacsha256;
isc_hmacsha384_t hmacsha384;
isc_hmacsha512_t hmacsha512;
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char buffer[1024];
const char *s;
unsigned char key[20];
UNUSED(argc);
UNUSED(argv);
/*
* The 3 HMAC-MD5 examples from RFC2104
*/
s = "Hi There";
memset(key, 0x0b, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacmd5_init(&hmacmd5, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
/*
* The 3 HMAC-SHA1 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha1_init(&hmacsha1, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA224 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha224_init(&hmacsha224, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA256 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha256_init(&hmacsha256, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA384 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha384_init(&hmacsha384, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA512 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha512_init(&hmacsha512, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
return (0);
}
...@@ -35,7 +35,6 @@ ...@@ -35,7 +35,6 @@
#include <isc/buffer.h> #include <isc/buffer.h>
#include <isc/dir.h> #include <isc/dir.h>
#include <isc/fsaccess.h> #include <isc/fsaccess.h>
#include <isc/hmacsha.h>
#include <isc/lex.h> #include <isc/lex.h>
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/once.h> #include <isc/once.h>
......
...@@ -38,8 +38,7 @@ ...@@ -38,8 +38,7 @@
#include <isc/types.h> #include <isc/types.h>
#include <isc/refcount.h> #include <isc/refcount.h>
#include <isc/stdtime.h> #include <isc/stdtime.h>
#include <isc/hmacmd5.h> #include <isc/hmac.h>
#include <isc/hmacsha.h>
#if USE_PKCS11 #if USE_PKCS11
#include <pk11/pk11.h> #include <pk11/pk11.h>
...@@ -72,12 +71,7 @@ LIBDNS_EXTERNAL_DATA extern isc_mem_t *dst__memory_pool; ...@@ -72,12 +71,7 @@ LIBDNS_EXTERNAL_DATA extern isc_mem_t *dst__memory_pool;
typedef struct dst_func dst_func_t; typedef struct dst_func dst_func_t;
typedef struct dst_hmacmd5_key dst_hmacmd5_key_t; typedef struct dst_hmac_key dst_hmac_key_t;
typedef struct dst_hmacsha1_key dst_hmacsha1_key_t;
typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
/*% /*%
* Indicate whether a DST context will be used for signing * Indicate whether a DST context will be used for signing
...@@ -113,13 +107,7 @@ struct dst_key { ...@@ -113,13 +107,7 @@ struct dst_key {
#if USE_PKCS11 #if USE_PKCS11
pk11_object_t *pkey; pk11_object_t *pkey;
#endif #endif
dst_hmacmd5_key_t *hmacmd5; dst_hmac_key_t *hmac_key;
dst_hmacsha1_key_t *hmacsha1;
dst_hmacsha224_key_t *hmacsha224;
dst_hmacsha256_key_t *hmacsha256;
dst_hmacsha384_key_t *hmacsha384;
dst_hmacsha512_key_t *hmacsha512;
} keydata; /*%< pointer to key in crypto pkg fmt */ } keydata; /*%< pointer to key in crypto pkg fmt */
isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */ isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
...@@ -146,12 +134,7 @@ struct dst_context { ...@@ -146,12 +134,7 @@ struct dst_context {
union { union {
void *generic; void *generic;
dst_gssapi_signverifyctx_t *gssctx; dst_gssapi_signverifyctx_t *gssctx;
isc_hmacmd5_t *hmacmd5ctx; isc_hmac_t *hmac_ctx;
isc_hmacsha1_t *hmacsha1ctx;
isc_hmacsha224_t *hmacsha224ctx;
isc_hmacsha256_t *hmacsha256ctx;
isc_hmacsha384_t *hmacsha384ctx;
isc_hmacsha512_t *hmacsha512ctx;
EVP_MD_CTX *evp_md_ctx; EVP_MD_CTX *evp_md_ctx;
#if USE_PKCS11 #if USE_PKCS11
pk11_context_t *pk11_ctx; pk11_context_t *pk11_ctx;
......
This diff is collapsed.
...@@ -18,7 +18,6 @@ ...@@ -18,7 +18,6 @@
#include <inttypes.h> #include <inttypes.h>
#include <stdbool.h> #include <stdbool.h>
#include <isc/hmacmd5.h>
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/safe.h> #include <isc/safe.h>
#include <isc/string.h> #include <isc/string.h>
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
#ifdef AES_CC #ifdef AES_CC
#include <isc/aes.h> #include <isc/aes.h>
#else #else
#include <isc/hmacsha.h> #include <isc/hmac.h>
#endif #endif
#include <dns/acl.h> #include <dns/acl.h>
...@@ -2256,53 +2256,38 @@ compute_cc(resquery_t *query, unsigned char *cookie, size_t len) { ...@@ -2256,53 +2256,38 @@ compute_cc(resquery_t *query, unsigned char *cookie, size_t len) {
digest[i] ^= digest[i + 8]; digest[i] ^= digest[i + 8];
memmove(cookie, digest, 8); memmove(cookie, digest, 8);
#endif #endif
#ifdef HMAC_SHA1_CC #if defined(HMAC_SHA1_CC) || defined(HMAC_SHA256_CC)
unsigned char digest[ISC_SHA1_DIGESTLENGTH]; unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char *input = NULL;
unsigned int length = 0;
isc_netaddr_t netaddr; isc_netaddr_t netaddr;
isc_hmacsha1_t hmacsha1; #if defined(HMAC_SHA1_CC)
isc_md_type_t type = ISC_MD_SHA1;
INSIST(len >= 8U); unsigned int secret_len = ISC_SHA1_DIGESTLENGTH;
#elif defined(HMAC_SHA256_CC)
isc_hmacsha1_init(&hmacsha1, query->fctx->res->view->secret, isc_md_type_t type = ISC_MD_SHA256;
ISC_SHA1_DIGESTLENGTH); unsigned int secret_len = ISC_SHA256_DIGESTLENGHT;
isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr);
switch (netaddr.family) {
case AF_INET:
isc_hmacsha1_update(&hmacsha1,
(unsigned char *)&netaddr.type.in, 4);
break;
case AF_INET6:
isc_hmacsha1_update(&hmacsha1,
(unsigned char *)&netaddr.type.in6, 16);
break;
}
isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
memmove(cookie, digest, 8);
isc_hmacsha1_invalidate(&hmacsha1);
#endif #endif
#ifdef HMAC_SHA256_CC
unsigned char digest[ISC_SHA256_DIGESTLENGTH];
isc_netaddr_t netaddr;
isc_hmacsha256_t hmacsha256;
INSIST(len >= 8U); INSIST(len >= 8U);
isc_hmacsha256_init(&hmacsha256, query->fctx->res->view->secret,
ISC_SHA256_DIGESTLENGTH);
isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr); isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr);
switch (netaddr.family) { switch (netaddr.family) {
case AF_INET: case AF_INET:
isc_hmacsha256_update(&hmacsha256, input = (unsigned char *)&netaddr.type.in;
(unsigned char *)&netaddr.type.in, 4); length = 4;
break; break;
case AF_INET6: case AF_INET6:
isc_hmacsha256_update(&hmacsha256, input = (unsigned char *)&netaddr.type.in6;
(unsigned char *)&netaddr.type.in6, 16); length = 16;
break; break;
} }
isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
RUNTIME_CHECK(isc_hmac(type,
query->fctx->res->view->secret, secret_len,
input, length,
digest, NULL) == ISC_R_SUCCESS);
memmove(cookie, digest, 8); memmove(cookie, digest, 8);
isc_hmacsha256_invalidate(&hmacsha256);
#endif #endif
} }
......
...@@ -47,8 +47,8 @@ OBJS = pk11.@O@ pk11_result.@O@ \ ...@@ -47,8 +47,8 @@ OBJS = pk11.@O@ pk11_result.@O@ \
aes.@O@ assertions.@O@ backtrace.@O@ base32.@O@ base64.@O@ \ aes.@O@ assertions.@O@ backtrace.@O@ base32.@O@ base64.@O@ \
bind9.@O@ buffer.@O@ bufferlist.@O@ \ bind9.@O@ buffer.@O@ bufferlist.@O@ \
commandline.@O@ counter.@O@ crc64.@O@ error.@O@ entropy.@O@ \ commandline.@O@ counter.@O@ crc64.@O@ error.@O@ entropy.@O@ \
event.@O@ hash.@O@ ht.@O@ heap.@O@ hex.@O@ hmacmd5.@O@ \ event.@O@ hash.@O@ ht.@O@ heap.@O@ hex.@O@ hmac.@O@ \
hmacsha.@O@ httpd.@O@ iterated_hash.@O@ \ httpd.@O@ iterated_hash.@O@ \
lex.@O@ lfsr.@O@ lib.@O@ log.@O@ \ lex.@O@ lfsr.@O@ lib.@O@ log.@O@ \
md.@O@ mem.@O@ mutexblock.@O@ \ md.@O@ mem.@O@ mutexblock.@O@ \
netaddr.@O@ netscope.@O@ nonce.@O@ openssl_shim.@O@ pool.@O@ \ netaddr.@O@ netscope.@O@ nonce.@O@ openssl_shim.@O@ pool.@O@ \
...@@ -65,8 +65,8 @@ SYMTBLOBJS = backtrace-emptytbl.@O@ ...@@ -65,8 +65,8 @@ SYMTBLOBJS = backtrace-emptytbl.@O@
SRCS = pk11.c pk11_result.c \ SRCS = pk11.c pk11_result.c \
aes.c assertions.c backtrace.c base32.c base64.c bind9.c \ aes.c assertions.c backtrace.c base32.c base64.c bind9.c \
buffer.c bufferlist.c commandline.c counter.c crc64.c \ buffer.c bufferlist.c commandline.c counter.c crc64.c \
entropy.c error.c event.c hash.c ht.c heap.c hex.c hmacmd5.c \ entropy.c error.c event.c hash.c ht.c heap.c hex.c hmac.c \
hmacsha.c httpd.c iterated_hash.c \ httpd.c iterated_hash.c \
lex.c lfsr.c lib.c log.c \ lex.c lfsr.c lib.c log.c \
md.c mem.c mutexblock.c \ md.c mem.c mutexblock.c \
netaddr.c netscope.c nonce.c openssl_shim.c pool.c \ netaddr.c netscope.c nonce.c openssl_shim.c pool.c \
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#include <config.h>
#include <isc/assertions.h>
#include <isc/hmac.h>
#include <isc/md.h>
#include <isc/platform.h>
#include <isc/safe.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#include <openssl/hmac.h>
#include <openssl/opensslv.h>
#include "openssl_shim.h"
isc_hmac_t *
isc_hmac_new(void) {
isc_hmac_t *hmac = HMAC_CTX_new();
RUNTIME_CHECK(hmac != NULL);
return (hmac);
}
void
isc_hmac_free(isc_hmac_t *hmac) {
if (ISC_UNLIKELY(hmac == NULL)) {
return;
}
HMAC_CTX_free(hmac);
}
isc_result_t
isc_hmac_init(isc_hmac_t *hmac, const void *key,
size_t keylen, isc_md_type_t md_type)
{
REQUIRE(hmac != NULL);
REQUIRE(key != NULL);
if (md_type == NULL) {
return (ISC_R_NOTIMPLEMENTED);
}
if (HMAC_Init_ex(hmac, key, keylen, md_type, NULL) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hmac_reset(isc_hmac_t *hmac) {
REQUIRE(hmac != NULL);
if (HMAC_CTX_reset(hmac) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hmac_update(isc_hmac_t *hmac, const unsigned char *buf, const size_t len) {
REQUIRE(hmac != NULL);
if (ISC_UNLIKELY(buf == NULL || len == 0)) {
return (ISC_R_SUCCESS);
}
if (HMAC_Update(hmac, buf, len) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hmac_final(isc_hmac_t *hmac, unsigned char *digest,
unsigned int *digestlen)
{
REQUIRE(hmac != NULL);
REQUIRE(digest != NULL);