]> git.saurik.com Git - apple/libresolv.git/blob - dst_hmac_link.c
projects / apple / libresolv.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
libresolv-65.200.2.tar.gz
[apple/libresolv.git] / dst_hmac_link.c
1 #ifdef HMAC_MD5
2 #ifndef __APPLE__
3 #ifndef LINT
4 static const char rcsid[] = "$Header: /Users/Shared/libresolv_2/libresolv/dst_hmac_link.c,v 1.1 2006/03/01 19:01:36 majka Exp $";
5 #endif
6 #endif
7
8 /*
9 * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
10 *
11 * Permission to use, copy modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
16 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
18 * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
19 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
20 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
21 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
22 * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
23 */
24
25 /*
26 * This file contains an implementation of the HMAC-MD5 algorithm.
27 */
28 #ifndef __APPLE__
29 #include "port_before.h"
30 #endif
31
32 #include <stdio.h>
33 #include <unistd.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <memory.h>
37 #include <sys/param.h>
38 #include <sys/time.h>
39 #include <netinet/in.h>
40 #include <arpa/nameser.h>
41 #include <resolv.h>
42
43 #include "dst_internal.h"
44 #ifdef USE_MD5
45 # include "md5.h"
46 # ifndef _MD5_H_
47 # define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */
48 # endif
49 #endif
50
51 #ifndef __APPLE__
52 #include "port_after.h"
53 #endif
54
55
56 #define HMAC_LEN 64
57 #define HMAC_IPAD 0x36
58 #define HMAC_OPAD 0x5c
59 #define MD5_LEN 16
60
61
62 typedef struct hmackey {
63 u_char hk_ipad[64], hk_opad[64];
64 } HMAC_Key;
65
66
67 /**************************************************************************
68 * dst_hmac_md5_sign
69 * Call HMAC signing functions to sign a block of data.
70 * There are three steps to signing, INIT (initialize structures),
71 * UPDATE (hash (more) data), FINAL (generate a signature). This
72 * routine performs one or more of these steps.
73 * Parameters
74 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
75 * priv_key key to use for signing.
76 * context the context to be used in this digest
77 * data data to be signed.
78 * len length in bytes of data.
79 * signature location to store signature.
80 * sig_len size of the signature location
81 * returns
82 * N Success on SIG_MODE_FINAL = returns signature length in bytes
83 * 0 Success on SIG_MODE_INIT and UPDATE
84 * <0 Failure
85 */
86
87 static int
88 dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
89 const u_char *data, const int len,
90 u_char *signature, const int sig_len)
91 {
92 HMAC_Key *key;
93 int sign_len = 0;
94 MD5_CTX *ctx = NULL;
95
96 if (mode & SIG_MODE_INIT)
97 ctx = (MD5_CTX *) malloc(sizeof(*ctx));
98 else if (context)
99 ctx = (MD5_CTX *) *context;
100 if (ctx == NULL)
101 return (-1);
102
103 if (d_key == NULL || d_key->dk_KEY_struct == NULL)
104 return (-1);
105 key = (HMAC_Key *) d_key->dk_KEY_struct;
106
107 if (mode & SIG_MODE_INIT) {
108 MD5Init(ctx);
109 MD5Update(ctx, key->hk_ipad, HMAC_LEN);
110 }
111
112 if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
113 MD5Update(ctx, data, len);
114
115 if (mode & SIG_MODE_FINAL) {
116 if (signature == NULL || sig_len < MD5_LEN)
117 return (SIGN_FINAL_FAILURE);
118 MD5Final(signature, ctx);
119
120 /* perform outer MD5 */
121 MD5Init(ctx);
122 MD5Update(ctx, key->hk_opad, HMAC_LEN);
123 MD5Update(ctx, signature, MD5_LEN);
124 MD5Final(signature, ctx);
125 sign_len = MD5_LEN;
126 SAFE_FREE(ctx);
127 }
128 else {
129 if (context == NULL)
130 return (-1);
131 *context = (void *) ctx;
132 }
133 return (sign_len);
134 }
135
136
137 /**************************************************************************
138 * dst_hmac_md5_verify()
139 * Calls HMAC verification routines. There are three steps to
140 * verification, INIT (initialize structures), UPDATE (hash (more) data),
141 * FINAL (generate a signature). This routine performs one or more of
142 * these steps.
143 * Parameters
144 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
145 * dkey key to use for verify.
146 * data data signed.
147 * len length in bytes of data.
148 * signature signature.
149 * sig_len length in bytes of signature.
150 * returns
151 * 0 Success
152 * <0 Failure
153 */
154
155 static int
156 dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
157 const u_char *data, const int len,
158 const u_char *signature, const int sig_len)
159 {
160 HMAC_Key *key;
161 MD5_CTX *ctx = NULL;
162
163 if (mode & SIG_MODE_INIT)
164 ctx = (MD5_CTX *) malloc(sizeof(*ctx));
165 else if (context)
166 ctx = (MD5_CTX *) *context;
167 if (ctx == NULL)
168 return (-1);
169
170 if (d_key == NULL || d_key->dk_KEY_struct == NULL)
171 return (-1);
172
173 key = (HMAC_Key *) d_key->dk_KEY_struct;
174 if (mode & SIG_MODE_INIT) {
175 MD5Init(ctx);
176 MD5Update(ctx, key->hk_ipad, HMAC_LEN);
177 }
178 if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
179 MD5Update(ctx, data, len);
180
181 if (mode & SIG_MODE_FINAL) {
182 u_char digest[MD5_LEN];
183 if (signature == NULL || key == NULL || sig_len != MD5_LEN)
184 return (VERIFY_FINAL_FAILURE);
185 MD5Final(digest, ctx);
186
187 /* perform outer MD5 */
188 MD5Init(ctx);
189 MD5Update(ctx, key->hk_opad, HMAC_LEN);
190 MD5Update(ctx, digest, MD5_LEN);
191 MD5Final(digest, ctx);
192
193 SAFE_FREE(ctx);
194 if (memcmp(digest, signature, MD5_LEN) != 0)
195 return (VERIFY_FINAL_FAILURE);
196 }
197 else {
198 if (context == NULL)
199 return (-1);
200 *context = (void *) ctx;
201 }
202 return (0);
203 }
204
205
206 /**************************************************************************
207 * dst_buffer_to_hmac_md5
208 * Converts key from raw data to an HMAC Key
209 * This function gets in a pointer to the data
210 * Parameters
211 * hkey the HMAC key to be filled in
212 * key the key in raw format
213 * keylen the length of the key
214 * Return
215 * 0 Success
216 * <0 Failure
217 */
218 static int
219 dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const int keylen)
220 {
221 int i;
222 HMAC_Key *hkey = NULL;
223 MD5_CTX ctx;
224 int local_keylen = keylen;
225
226 if (dkey == NULL || key == NULL || keylen < 0)
227 return (-1);
228
229 if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
230 return (-2);
231
232 memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad));
233 memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad));
234
235 /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
236 if (keylen > HMAC_LEN) {
237 u_char tk[MD5_LEN];
238 MD5Init(&ctx);
239 MD5Update(&ctx, key, keylen);
240 MD5Final(tk, &ctx);
241 memset((void *) &ctx, 0, sizeof(ctx));
242 key = tk;
243 local_keylen = MD5_LEN;
244 }
245 /* start out by storing key in pads */
246 memcpy(hkey->hk_ipad, key, local_keylen);
247 memcpy(hkey->hk_opad, key, local_keylen);
248
249 /* XOR key with hk_ipad and opad values */
250 for (i = 0; i < HMAC_LEN; i++) {
251 hkey->hk_ipad[i] ^= HMAC_IPAD;
252 hkey->hk_opad[i] ^= HMAC_OPAD;
253 }
254 dkey->dk_key_size = local_keylen;
255 dkey->dk_KEY_struct = (void *) hkey;
256 return (1);
257 }
258
259
260 /**************************************************************************
261 * dst_hmac_md5_key_to_file_format
262 * Encodes an HMAC Key into the portable file format.
263 * Parameters
264 * hkey HMAC KEY structure
265 * buff output buffer
266 * buff_len size of output buffer
267 * Return
268 * 0 Failure - null input hkey
269 * -1 Failure - not enough space in output area
270 * N Success - Length of data returned in buff
271 */
272
273 static int
274 dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
275 const int buff_len)
276 {
277 char *bp;
278 int len, b_len, i, key_len;
279 u_char key[HMAC_LEN];
280 HMAC_Key *hkey;
281
282 if (dkey == NULL || dkey->dk_KEY_struct == NULL)
283 return (0);
284 if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
285 return (-1); /* no OR not enough space in output area */
286
287 hkey = (HMAC_Key *) dkey->dk_KEY_struct;
288 memset(buff, 0, buff_len); /* just in case */
289 /* write file header */
290 sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
291
292 bp = (char *) strchr(buff, '\0');
293 b_len = buff_len - (bp - buff);
294
295 memset(key, 0, HMAC_LEN);
296 for (i = 0; i < HMAC_LEN; i++)
297 key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
298 for (i = HMAC_LEN - 1; i >= 0; i--)
299 if (key[i] != 0)
300 break;
301 key_len = i + 1;
302
303 strcat(bp, "Key: ");
304 bp += strlen("Key: ");
305 b_len = buff_len - (bp - buff);
306
307 len = b64_ntop(key, key_len, bp, b_len);
308 if (len < 0)
309 return (-1);
310 bp += len;
311 *(bp++) = '\n';
312 *bp = '\0';
313 b_len = buff_len - (bp - buff);
314
315 return (buff_len - b_len);
316 }
317
318
319 /**************************************************************************
320 * dst_hmac_md5_key_from_file_format
321 * Converts contents of a key file into an HMAC key.
322 * Parameters
323 * hkey structure to put key into
324 * buff buffer containing the encoded key
325 * buff_len the length of the buffer
326 * Return
327 * n >= 0 Foot print of the key converted
328 * n < 0 Error in conversion
329 */
330
331 static int
332 dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff,
333 const int buff_len)
334 {
335 const char *p = buff, *eol;
336 u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode
337 * it should probably be fixed rather than doing
338 * this
339 */
340 u_char *tmp;
341 int key_len, len;
342
343 if (dkey == NULL)
344 return (-2);
345 if (buff == NULL || buff_len < 0)
346 return (-1);
347
348 memset(key, 0, sizeof(key));
349
350 if (!dst_s_verify_str(&p, "Key: "))
351 return (-3);
352
353 eol = strchr(p, '\n');
354 if (eol == NULL)
355 return (-4);
356 len = eol - p;
357 tmp = malloc(len + 2);
358 memcpy(tmp, p, len);
359 *(tmp + len) = 0x0;
360 key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */
361 SAFE_FREE2(tmp, len + 2);
362
363 if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) {
364 return (-6);
365 }
366 return (0);
367 }
368
369 /*
370 * dst_hmac_md5_to_dns_key()
371 * function to extract hmac key from DST_KEY structure
372 * intput:
373 * in_key: HMAC-MD5 key
374 * output:
375 * out_str: buffer to write ot
376 * out_len: size of output buffer
377 * returns:
378 * number of bytes written to output buffer
379 */
380 static int
381 dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str,
382 const int out_len)
383 {
384
385 HMAC_Key *hkey;
386 int i;
387
388 if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
389 out_len <= in_key->dk_key_size || out_str == NULL)
390 return (-1);
391
392 hkey = (HMAC_Key *) in_key->dk_KEY_struct;
393 for (i = 0; i < in_key->dk_key_size; i++)
394 out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
395 return (i);
396 }
397
398 /**************************************************************************
399 * dst_hmac_md5_compare_keys
400 * Compare two keys for equality.
401 * Return
402 * 0 The keys are equal
403 * NON-ZERO The keys are not equal
404 */
405
406 static int
407 dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
408 {
409 HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct;
410 HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct;
411 return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN);
412 }
413
414 /**************************************************************************
415 * dst_hmac_md5_free_key_structure
416 * Frees all (none) dynamically allocated structures in hkey
417 */
418
419 static void *
420 dst_hmac_md5_free_key_structure(void *key)
421 {
422 HMAC_Key *hkey = key;
423 SAFE_FREE(hkey);
424 return (NULL);
425 }
426
427
428 /***************************************************************************
429 * dst_hmac_md5_generate_key
430 * Creates a HMAC key of size size with a maximum size of 63 bytes
431 * generating a HMAC key larger than 63 bytes makes no sense as that key
432 * is digested before use.
433 */
434
435 static int
436 dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
437 {
438 (void)key;
439 (void)nothing;
440 return (-1);
441 }
442
443 /*
444 * dst_hmac_md5_init() Function to answer set up function pointers for HMAC
445 * related functions
446 */
447 int
448 dst_hmac_md5_init()
449 {
450 if (dst_t_func[KEY_HMAC_MD5] != NULL)
451 return (1);
452 dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func));
453 if (dst_t_func[KEY_HMAC_MD5] == NULL)
454 return (0);
455 memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func));
456 dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign;
457 dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify;
458 dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys;
459 dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key;
460 dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure;
461 dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key;
462 dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5;
463 dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format;
464 dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format;
465 return (1);
466 }
467
468 #else
469 #include "dst_internal.h"
470 #define dst_hmac_md5_init res_9_dst_hmac_md5_init
471 int
472 dst_hmac_md5_init(){
473 return (0);
474 }
475 #endif