2 #if !defined(LINT) && !defined(__AROS__)
3 static const char rcsid
[] = "$Header: /cvsroot/unmorphos/ezTCP/dhcp/dst/hmac_link.c,v 1.1.1.1 2005/12/07 10:50:33 sonic_amiga Exp $";
6 * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
8 * Permission to use, copy modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
13 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
14 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
15 * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
16 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
17 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
18 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
19 * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
23 * This file contains an implementation of the HMAC-MD5 algorithm.
31 #include <sys/param.h>
33 #include <netinet/in.h>
34 #include <sys/socket.h>
36 #include "minires/minires.h"
37 #include "arpa/nameser.h"
39 #include "dst_internal.h"
44 # define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */
49 #define HMAC_IPAD 0x36
50 #define HMAC_OPAD 0x5c
54 typedef struct hmackey
{
55 u_char hk_ipad
[64], hk_opad
[64];
59 /**************************************************************************
61 * Call HMAC signing functions to sign a block of data.
62 * There are three steps to signing, INIT (initialize structures),
63 * UPDATE (hash (more) data), FINAL (generate a signature). This
64 * routine performs one or more of these steps.
66 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
67 * priv_key key to use for signing.
68 * context the context to be used in this digest
69 * data data to be signed.
70 * len length in bytes of data.
71 * signature location to store signature.
72 * sig_len size of the signature location
74 * N Success on SIG_MODE_FINAL = returns signature length in bytes
75 * 0 Success on SIG_MODE_INIT and UPDATE
80 dst_hmac_md5_sign(const int mode
, DST_KEY
*d_key
, void **context
,
81 const u_char
*data
, const unsigned len
,
82 u_char
*signature
, const unsigned sig_len
)
88 if (mode
& SIG_MODE_INIT
)
89 ctx
= (MD5_CTX
*) malloc(sizeof(*ctx
));
91 ctx
= (MD5_CTX
*) *context
;
95 if (d_key
== NULL
|| d_key
->dk_KEY_struct
== NULL
)
97 key
= (HMAC_Key
*) d_key
->dk_KEY_struct
;
99 if (mode
& SIG_MODE_INIT
) {
101 MD5Update(ctx
, key
->hk_ipad
, HMAC_LEN
);
104 if ((mode
& SIG_MODE_UPDATE
) && (data
&& len
> 0))
105 MD5Update(ctx
, (const unsigned char *)data
, len
);
107 if (mode
& SIG_MODE_FINAL
) {
108 if (signature
== NULL
|| sig_len
< MD5_LEN
)
109 return (SIGN_FINAL_FAILURE
);
110 MD5Final(signature
, ctx
);
112 /* perform outer MD5 */
114 MD5Update(ctx
, key
->hk_opad
, HMAC_LEN
);
115 MD5Update(ctx
, signature
, MD5_LEN
);
116 MD5Final(signature
, ctx
);
123 *context
= (void *) ctx
;
129 /**************************************************************************
130 * dst_hmac_md5_verify()
131 * Calls HMAC verification routines. There are three steps to
132 * verification, INIT (initialize structures), UPDATE (hash (more) data),
133 * FINAL (generate a signature). This routine performs one or more of
136 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
137 * dkey key to use for verify.
139 * len length in bytes of data.
140 * signature signature.
141 * sig_len length in bytes of signature.
148 dst_hmac_md5_verify(const int mode
, DST_KEY
*d_key
, void **context
,
149 const u_char
*data
, const unsigned len
,
150 const u_char
*signature
, const unsigned sig_len
)
155 if (mode
& SIG_MODE_INIT
)
156 ctx
= (MD5_CTX
*) malloc(sizeof(*ctx
));
158 ctx
= (MD5_CTX
*) *context
;
162 if (d_key
== NULL
|| d_key
->dk_KEY_struct
== NULL
)
165 key
= (HMAC_Key
*) d_key
->dk_KEY_struct
;
166 if (mode
& SIG_MODE_INIT
) {
168 MD5Update(ctx
, key
->hk_ipad
, HMAC_LEN
);
170 if ((mode
& SIG_MODE_UPDATE
) && (data
&& len
> 0))
171 MD5Update(ctx
, (const unsigned char *)data
, len
);
173 if (mode
& SIG_MODE_FINAL
) {
174 u_char digest
[MD5_LEN
];
175 if (signature
== NULL
|| key
== NULL
|| sig_len
!= MD5_LEN
)
176 return (VERIFY_FINAL_FAILURE
);
177 MD5Final(digest
, ctx
);
179 /* perform outer MD5 */
181 MD5Update(ctx
, key
->hk_opad
, HMAC_LEN
);
182 MD5Update(ctx
, digest
, MD5_LEN
);
183 MD5Final(digest
, ctx
);
186 if (memcmp(digest
, signature
, MD5_LEN
) != 0)
187 return (VERIFY_FINAL_FAILURE
);
192 *context
= (void *) ctx
;
198 /**************************************************************************
199 * dst_buffer_to_hmac_md5
200 * Converts key from raw data to an HMAC Key
201 * This function gets in a pointer to the data
203 * hkey the HMAC key to be filled in
204 * key the key in raw format
205 * keylen the length of the key
211 dst_buffer_to_hmac_md5(DST_KEY
*dkey
, const u_char
*key
, const unsigned keylen
)
214 HMAC_Key
*hkey
= NULL
;
216 unsigned local_keylen
= keylen
;
218 if (dkey
== NULL
|| key
== NULL
|| keylen
< 0)
221 if ((hkey
= (HMAC_Key
*) malloc(sizeof(HMAC_Key
))) == NULL
)
224 memset(hkey
->hk_ipad
, 0, sizeof(hkey
->hk_ipad
));
225 memset(hkey
->hk_opad
, 0, sizeof(hkey
->hk_opad
));
227 /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
228 if (keylen
> HMAC_LEN
) {
231 MD5Update(&ctx
, (const unsigned char *)key
, keylen
);
233 memset((void *) &ctx
, 0, sizeof(ctx
));
235 local_keylen
= MD5_LEN
;
237 /* start out by storing key in pads */
238 memcpy(hkey
->hk_ipad
, key
, local_keylen
);
239 memcpy(hkey
->hk_opad
, key
, local_keylen
);
241 /* XOR key with hk_ipad and opad values */
242 for (i
= 0; i
< HMAC_LEN
; i
++) {
243 hkey
->hk_ipad
[i
] ^= HMAC_IPAD
;
244 hkey
->hk_opad
[i
] ^= HMAC_OPAD
;
246 dkey
->dk_key_size
= local_keylen
;
247 dkey
->dk_KEY_struct
= (void *) hkey
;
252 /**************************************************************************
253 * dst_hmac_md5_key_to_file_format
254 * Encodes an HMAC Key into the portable file format.
256 * hkey HMAC KEY structure
258 * buff_len size of output buffer
260 * 0 Failure - null input hkey
261 * -1 Failure - not enough space in output area
262 * N Success - Length of data returned in buff
266 dst_hmac_md5_key_to_file_format(const DST_KEY
*dkey
, char *buff
,
267 const unsigned buff_len
)
271 unsigned len
, b_len
, key_len
;
272 u_char key
[HMAC_LEN
];
275 if (dkey
== NULL
|| dkey
->dk_KEY_struct
== NULL
)
277 if (buff
== NULL
|| buff_len
<= (int) strlen(key_file_fmt_str
))
278 return (-1); /* no OR not enough space in output area */
280 hkey
= (HMAC_Key
*) dkey
->dk_KEY_struct
;
281 memset(buff
, 0, buff_len
); /* just in case */
282 /* write file header */
283 sprintf(buff
, key_file_fmt_str
, KEY_FILE_FORMAT
, KEY_HMAC_MD5
, "HMAC");
285 bp
= (char *) strchr(buff
, '\0');
286 b_len
= buff_len
- (bp
- buff
);
288 memset(key
, 0, HMAC_LEN
);
289 for (i
= 0; i
< HMAC_LEN
; i
++)
290 key
[i
] = hkey
->hk_ipad
[i
] ^ HMAC_IPAD
;
291 for (i
= HMAC_LEN
- 1; i
>= 0; i
--)
297 bp
+= strlen("Key: ");
298 b_len
= buff_len
- (bp
- buff
);
300 len
= b64_ntop(key
, key_len
, bp
, b_len
);
306 b_len
= buff_len
- (bp
- buff
);
308 return (buff_len
- b_len
);
312 /**************************************************************************
313 * dst_hmac_md5_key_from_file_format
314 * Converts contents of a key file into an HMAC key.
316 * hkey structure to put key into
317 * buff buffer containing the encoded key
318 * buff_len the length of the buffer
320 * n >= 0 Foot print of the key converted
321 * n < 0 Error in conversion
325 dst_hmac_md5_key_from_file_format(DST_KEY
*dkey
, const char *buff
,
326 const unsigned buff_len
)
328 const char *p
= buff
, *eol
;
329 u_char key
[HMAC_LEN
+1]; /* b64_pton needs more than 64 bytes do decode
330 * it should probably be fixed rather than doing
334 unsigned key_len
, len
;
341 memset(key
, 0, sizeof(key
));
343 if (!dst_s_verify_str(&p
, "Key: "))
346 eol
= strchr(p
, '\n');
350 tmp
= malloc(len
+ 2);
353 key_len
= b64_pton((char *)tmp
, key
, HMAC_LEN
+1); /* see above */
354 SAFE_FREE2(tmp
, len
+ 2);
356 if (dst_buffer_to_hmac_md5(dkey
, key
, key_len
) < 0) {
363 * dst_hmac_md5_to_dns_key()
364 * function to extract hmac key from DST_KEY structure
366 * in_key: HMAC-MD5 key
368 * out_str: buffer to write ot
369 * out_len: size of output buffer
371 * number of bytes written to output buffer
374 dst_hmac_md5_to_dns_key(const DST_KEY
*in_key
, u_char
*out_str
,
375 const unsigned out_len
)
381 if (in_key
== NULL
|| in_key
->dk_KEY_struct
== NULL
||
382 out_len
<= in_key
->dk_key_size
|| out_str
== NULL
)
385 hkey
= (HMAC_Key
*) in_key
->dk_KEY_struct
;
386 for (i
= 0; i
< in_key
->dk_key_size
; i
++)
387 out_str
[i
] = hkey
->hk_ipad
[i
] ^ HMAC_IPAD
;
391 /**************************************************************************
392 * dst_hmac_md5_compare_keys
393 * Compare two keys for equality.
395 * 0 The keys are equal
396 * NON-ZERO The keys are not equal
400 dst_hmac_md5_compare_keys(const DST_KEY
*key1
, const DST_KEY
*key2
)
402 HMAC_Key
*hkey1
= (HMAC_Key
*) key1
->dk_KEY_struct
;
403 HMAC_Key
*hkey2
= (HMAC_Key
*) key2
->dk_KEY_struct
;
404 return memcmp(hkey1
->hk_ipad
, hkey2
->hk_ipad
, HMAC_LEN
);
407 /**************************************************************************
408 * dst_hmac_md5_free_key_structure
409 * Frees all (none) dynamically allocated structures in hkey
413 dst_hmac_md5_free_key_structure(void *key
)
415 HMAC_Key
*hkey
= key
;
421 /***************************************************************************
422 * dst_hmac_md5_generate_key
423 * Creates a HMAC key of size size with a maximum size of 63 bytes
424 * generating a HMAC key larger than 63 bytes makes no sense as that key
425 * is digested before use.
429 dst_hmac_md5_generate_key(DST_KEY
*key
, const int nothing
)
435 if (key
== NULL
|| key
->dk_alg
!= KEY_HMAC_MD5
)
437 size
= (key
->dk_key_size
+ 7) / 8; /* convert to bytes */
441 len
= size
> 64 ? 64 : size
;
442 buff
= malloc(len
+8);
444 n
= dst_random(DST_RAND_SEMI
, len
, buff
);
445 n
+= dst_random(DST_RAND_KEY
, len
, buff
);
446 if (n
<= len
) { /* failed getting anything */
447 SAFE_FREE2(buff
, len
);
450 n
= dst_buffer_to_hmac_md5(key
, buff
, len
);
451 SAFE_FREE2(buff
, len
);
458 * dst_hmac_md5_init() Function to answer set up function pointers for HMAC
464 if (dst_t_func
[KEY_HMAC_MD5
] != NULL
)
466 dst_t_func
[KEY_HMAC_MD5
] = malloc(sizeof(struct dst_func
));
467 if (dst_t_func
[KEY_HMAC_MD5
] == NULL
)
469 memset(dst_t_func
[KEY_HMAC_MD5
], 0, sizeof(struct dst_func
));
470 dst_t_func
[KEY_HMAC_MD5
]->sign
= dst_hmac_md5_sign
;
471 dst_t_func
[KEY_HMAC_MD5
]->verify
= dst_hmac_md5_verify
;
472 dst_t_func
[KEY_HMAC_MD5
]->compare
= dst_hmac_md5_compare_keys
;
473 dst_t_func
[KEY_HMAC_MD5
]->generate
= dst_hmac_md5_generate_key
;
474 dst_t_func
[KEY_HMAC_MD5
]->destroy
= dst_hmac_md5_free_key_structure
;
475 dst_t_func
[KEY_HMAC_MD5
]->to_dns_key
= dst_hmac_md5_to_dns_key
;
476 dst_t_func
[KEY_HMAC_MD5
]->from_dns_key
= dst_buffer_to_hmac_md5
;
477 dst_t_func
[KEY_HMAC_MD5
]->to_file_fmt
= dst_hmac_md5_key_to_file_format
;
478 dst_t_func
[KEY_HMAC_MD5
]->from_file_fmt
= dst_hmac_md5_key_from_file_format
;