Commit c1d7e056 authored by Francis Dupont's avatar Francis Dupont
Browse files

OpenSSL hashes

parent ddca7275
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.131 2008/09/25 04:02:38 tbox Exp $
# $Id: Makefile.in,v 1.132 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -28,7 +28,7 @@ CDEFINES =
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
LWRESLIBS = ../../lib/lwres/liblwres.@A@
......
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.21 2007/06/19 23:47:00 tbox Exp $
# $Id: Makefile.in,v 1.22 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@
......
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.30 2007/06/19 23:47:07 tbox Exp $
# $Id: Makefile.in,v 1.31 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
TAPIDEPLIBS = ../../../lib/tests/libt_api.@A@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@
......
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.28 2007/06/19 23:47:07 tbox Exp $
# $Id: Makefile.in,v 1.29 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -26,7 +26,7 @@ CINCLUDES = ${TEST_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
ISCLIBS = ../../../lib/isc/libisc.@A@
ISCLIBS = ../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@
......
......@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.466 $)
AC_REVISION($Revision: 1.467 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
......@@ -641,6 +641,30 @@ AC_SUBST(USE_OPENSSL)
AC_SUBST(DST_OPENSSL_INC)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
#
# Use OpenSSL for hash functions
#
AC_ARG_ENABLE(openssl-hash,
[ --enable-openssl-hash use OpenSSL for hash functions [[default=no]]],
want_openssl_hash="$enableval", want_openssl_hash="no")
case $want_openssl_hash in
yes)
if test "$USE_OPENSSL" = ""
then
AC_MSG_ERROR([No OpenSSL for hash functions])
fi
ISC_PLATFORM_OPENSSLHASH="#define ISC_PLATFORM_OPENSSLHASH 1"
ISC_OPENSSL_INC="$DST_OPENSSL_INC"
;;
no)
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
ISC_OPENSSL_INC=""
;;
esac
AC_SUBST(ISC_PLATFORM_OPENSSLHASH)
AC_SUBST(ISC_OPENSSL_INC)
#
# PKCS11 (aka crypto hardware) support
#
......
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.99 2009/01/27 23:47:54 tbox Exp $
# $Id: Makefile.in,v 1.100 2009/02/06 12:26:22 fdupont Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -27,8 +27,8 @@ CINCLUDES = -I${srcdir}/unix/include \
-I${srcdir}/@ISC_THREAD_DIR@/include \
-I${srcdir}/@ISC_ARCH_DIR@/include \
-I./include \
-I${srcdir}/include
CDEFINES =
-I${srcdir}/include @ISC_OPENSSL_INC@
CDEFINES = @USE_OPENSSL@
CWARNINGS =
# Alphabetically
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacmd5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */
/* $Id: hmacmd5.c,v 1.15 2009/02/06 12:26:22 fdupont Exp $ */
/*! \file
* This code implements the HMAC-MD5 keyed hash algorithm
......@@ -27,10 +27,40 @@
#include <isc/assertions.h>
#include <isc/hmacmd5.h>
#include <isc/md5.h>
#include <isc/platform.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5());
}
void
isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
HMAC_Final(ctx, digest, NULL);
HMAC_CTX_cleanup(ctx);
}
#else
#define PADLEN 64
#define IPAD 0x36
#define OPAD 0x5C
......@@ -98,6 +128,7 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
isc_md5_final(&ctx->md5ctx, digest);
isc_hmacmd5_invalidate(ctx);
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
/*!
* Verify signature - finalize MD5 operation and reapply MD5, then
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacsha.c,v 1.8 2007/08/27 03:27:53 marka Exp $ */
/* $Id: hmacsha.c,v 1.9 2009/02/06 12:26:23 fdupont Exp $ */
/*
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
......@@ -26,12 +26,172 @@
#include <isc/assertions.h>
#include <isc/hmacsha.h>
#include <isc/platform.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#ifdef ISC_PLATFORM_OPENSSLHASH
void
isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
}
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
}
void
isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
}
void
isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
}
void
isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
void
isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
unsigned int len)
{
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
}
void
isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
HMAC_CTX_cleanup(ctx);
}
void
isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
unsigned int len)
{
HMAC_Update(ctx, buf, (int) len);
}
void
isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
HMAC_Final(ctx, newdigest, NULL);
HMAC_CTX_cleanup(ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
#else
#define IPAD 0x36
#define OPAD 0x5C
......@@ -104,19 +264,6 @@ isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA1 operation and reapply SHA1, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA224 process. Initialize an sha224 context and digest the key.
*/
......@@ -184,19 +331,6 @@ isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA224 operation and reapply SHA224, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA256 process. Initialize an sha256 context and digest the key.
*/
......@@ -264,19 +398,6 @@ isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA256 operation and reapply SHA256, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA384 process. Initialize an sha384 context and digest the key.
*/
......@@ -344,19 +465,6 @@ isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
memset(newdigest, 0, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA384 operation and reapply SHA384, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Start HMAC-SHA512 process. Initialize an sha512 context and digest the key.
*/
......@@ -423,6 +531,59 @@ isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
#endif /* !ISC_PLATFORM_OPENSSLHASH */
/*
* Verify signature - finalize SHA1 operation and reapply SHA1, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA224 operation and reapply SHA224, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA256 operation and reapply SHA256, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA384 operation and reapply SHA384, then
* compare to the supplied digest.
*/
isc_boolean_t
isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
return (ISC_TF(memcmp(digest, newdigest, len) == 0));
}
/*
* Verify signature - finalize SHA512 operation and reapply SHA512, then
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacmd5.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: hmacmd5.h,v 1.13 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file isc/hmacmd5.h
* \brief This is the header file for the HMAC-MD5 keyed hash algorithm
......@@ -27,14 +27,23 @@
#include <isc/lang.h>
#include <isc/md5.h>
#include <isc/platform.h>
#include <isc/types.h>
#define ISC_HMACMD5_KEYLENGTH 64
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/hmac.h>
typedef HMAC_CTX isc_hmacmd5_t;
#else
typedef struct {
isc_md5_t md5ctx;
unsigned char key[ISC_HMACMD5_KEYLENGTH];
} isc_hmacmd5_t;
#endif
ISC_LANG_BEGINDECLS
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: hmacsha.h,v 1.7 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: hmacsha.h,v 1.8 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file isc/hmacsha.h
* This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
......@@ -25,6 +25,7 @@
#define ISC_HMACSHA_H 1
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/sha1.h>
#include <isc/sha2.h>
#include <isc/types.h>
......@@ -35,6 +36,17 @@
#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH
#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/hmac.h>
typedef HMAC_CTX isc_hmacsha1_t;
typedef HMAC_CTX isc_hmacsha224_t;
typedef HMAC_CTX isc_hmacsha256_t;
typedef HMAC_CTX isc_hmacsha384_t;
typedef HMAC_CTX isc_hmacsha512_t;
#else
typedef struct {
isc_sha1_t sha1ctx;
unsigned char key[ISC_HMACSHA1_KEYLENGTH];
......@@ -59,6 +71,7 @@ typedef struct {
isc_sha512_t sha512ctx;
unsigned char key[ISC_HMACSHA512_KEYLENGTH];
} isc_hmacsha512_t;
#endif
ISC_LANG_BEGINDECLS
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: md5.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */
/* $Id: md5.h,v 1.17 2009/02/06 12:26:23 fdupont Exp $ */
/*! \file isc/md5.h
* \brief This is the header file for the MD5 message-digest algorithm.
......@@ -44,15 +44,24 @@
#define ISC_MD5_H 1
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/types.h>
#define ISC_MD5_DIGESTLENGTH 16U
#ifdef ISC_PLATFORM_OPENSSLHASH
#include <openssl/evp.h>
typedef EVP_MD_CTX isc_md5_t;
#else
typedef struct {
isc_uint32_t buf[4];
isc_uint32_t bytes[2];
isc_uint32_t in[16];
} isc_md5_t;
#endif
ISC_LANG_BEGINDECLS
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: platform.h.in,v 1.49 2008/12/01 03:51:47 marka Exp $ */
/* $Id: platform.h.in,v 1.50 2009/02/06 12:26:23 fdupont Exp $ */
#ifndef ISC_PLATFORM_H
#define ISC_PLATFORM_H 1
......@@ -284,6 +284,11 @@
*/
@ISC_PLATFORM_HAVESTRINGSH@
/*
* Define if the hash functions must be provided by OpenSSL.
*/
@ISC_PLATFORM_OPENSSLHASH@
/***
*** Windows dll support.