3 static const char rcsid[] = "$Header: /rc0/proj/cvs/isc/DHCP/dst/hmac_link.c,v 1.1 2001/02/22 07:22:08 mellon Exp $";
6 * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
8 * Permission to use, copy modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
13 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
14 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
15 * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
16 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
17 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
18 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
19 * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
23 * This file contains an implementation of the HMAC-MD5 algorithm.
31 #include <sys/param.h>
33 #include <netinet/in.h>
34 #include <sys/socket.h>
36 #include "minires/minires.h"
37 #include "arpa/nameser.h"
39 #include "dst_internal.h"
44 # define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */
49 #define HMAC_IPAD 0x36
50 #define HMAC_OPAD 0x5c
54 typedef struct hmackey {
55 u_char hk_ipad[64], hk_opad[64];
59 /**************************************************************************
61 * Call HMAC signing functions to sign a block of data.
62 * There are three steps to signing, INIT (initialize structures),
63 * UPDATE (hash (more) data), FINAL (generate a signature). This
64 * routine performs one or more of these steps.
66 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
67 * priv_key key to use for signing.
68 * context the context to be used in this digest
69 * data data to be signed.
70 * len length in bytes of data.
71 * signature location to store signature.
72 * sig_len size of the signature location
74 * N Success on SIG_MODE_FINAL = returns signature length in bytes
75 * 0 Success on SIG_MODE_INIT and UPDATE
80 dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
81 const u_char *data, const unsigned len,
82 u_char *signature, const unsigned sig_len)
88 if (mode & SIG_MODE_INIT)
89 ctx = (MD5_CTX *) malloc(sizeof(*ctx));
91 ctx = (MD5_CTX *) *context;
95 if (d_key == NULL || d_key->dk_KEY_struct == NULL)
97 key = (HMAC_Key *) d_key->dk_KEY_struct;
99 if (mode & SIG_MODE_INIT) {
101 MD5Update(ctx, key->hk_ipad, HMAC_LEN);
104 if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
105 MD5Update(ctx, (const unsigned char *)data, len);
107 if (mode & SIG_MODE_FINAL) {
108 if (signature == NULL || sig_len < MD5_LEN)
109 return (SIGN_FINAL_FAILURE);
110 MD5Final(signature, ctx);
112 /* perform outer MD5 */
114 MD5Update(ctx, key->hk_opad, HMAC_LEN);
115 MD5Update(ctx, signature, MD5_LEN);
116 MD5Final(signature, ctx);
123 *context = (void *) ctx;
129 /**************************************************************************
130 * dst_hmac_md5_verify()
131 * Calls HMAC verification routines. There are three steps to
132 * verification, INIT (initialize structures), UPDATE (hash (more) data),
133 * FINAL (generate a signature). This routine performs one or more of
136 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
137 * dkey key to use for verify.
139 * len length in bytes of data.
140 * signature signature.
141 * sig_len length in bytes of signature.
148 dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
149 const u_char *data, const unsigned len,
150 const u_char *signature, const unsigned sig_len)
155 if (mode & SIG_MODE_INIT)
156 ctx = (MD5_CTX *) malloc(sizeof(*ctx));
158 ctx = (MD5_CTX *) *context;
162 if (d_key == NULL || d_key->dk_KEY_struct == NULL)
165 key = (HMAC_Key *) d_key->dk_KEY_struct;
166 if (mode & SIG_MODE_INIT) {
168 MD5Update(ctx, key->hk_ipad, HMAC_LEN);
170 if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
171 MD5Update(ctx, (const unsigned char *)data, len);
173 if (mode & SIG_MODE_FINAL) {
174 u_char digest[MD5_LEN];
175 if (signature == NULL || key == NULL || sig_len != MD5_LEN)
176 return (VERIFY_FINAL_FAILURE);
177 MD5Final(digest, ctx);
179 /* perform outer MD5 */
181 MD5Update(ctx, key->hk_opad, HMAC_LEN);
182 MD5Update(ctx, digest, MD5_LEN);
183 MD5Final(digest, ctx);
186 if (memcmp(digest, signature, MD5_LEN) != 0)
187 return (VERIFY_FINAL_FAILURE);
192 *context = (void *) ctx;
198 /**************************************************************************
199 * dst_buffer_to_hmac_md5
200 * Converts key from raw data to an HMAC Key
201 * This function gets in a pointer to the data
203 * hkey the HMAC key to be filled in
204 * key the key in raw format
205 * keylen the length of the key
211 dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen)
214 HMAC_Key *hkey = NULL;
216 unsigned local_keylen = keylen;
218 if (dkey == NULL || key == NULL || keylen < 0)
221 if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
224 memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad));
225 memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad));
227 /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
228 if (keylen > HMAC_LEN) {
231 MD5Update(&ctx, (const unsigned char *)key, keylen);
233 memset((void *) &ctx, 0, sizeof(ctx));
235 local_keylen = MD5_LEN;
237 /* start out by storing key in pads */
238 memcpy(hkey->hk_ipad, key, local_keylen);
239 memcpy(hkey->hk_opad, key, local_keylen);
241 /* XOR key with hk_ipad and opad values */
242 for (i = 0; i < HMAC_LEN; i++) {
243 hkey->hk_ipad[i] ^= HMAC_IPAD;
244 hkey->hk_opad[i] ^= HMAC_OPAD;
246 dkey->dk_key_size = local_keylen;
247 dkey->dk_KEY_struct = (void *) hkey;
252 /**************************************************************************
253 * dst_hmac_md5_key_to_file_format
254 * Encodes an HMAC Key into the portable file format.
256 * hkey HMAC KEY structure
258 * buff_len size of output buffer
260 * 0 Failure - null input hkey
261 * -1 Failure - not enough space in output area
262 * N Success - Length of data returned in buff
266 dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
267 const unsigned buff_len)
271 unsigned len, b_len, key_len;
272 u_char key[HMAC_LEN];
275 if (dkey == NULL || dkey->dk_KEY_struct == NULL)
277 if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
278 return (-1); /* no OR not enough space in output area */
280 hkey = (HMAC_Key *) dkey->dk_KEY_struct;
281 memset(buff, 0, buff_len); /* just in case */
282 /* write file header */
283 sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
285 bp = (char *) strchr(buff, '\0');
286 b_len = buff_len - (bp - buff);
288 memset(key, 0, HMAC_LEN);
289 for (i = 0; i < HMAC_LEN; i++)
290 key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
291 for (i = HMAC_LEN - 1; i >= 0; i--)
297 bp += strlen("Key: ");
298 b_len = buff_len - (bp - buff);
300 len = b64_ntop(key, key_len, bp, b_len);
306 b_len = buff_len - (bp - buff);
308 return (buff_len - b_len);
312 /**************************************************************************
313 * dst_hmac_md5_key_from_file_format
314 * Converts contents of a key file into an HMAC key.
316 * hkey structure to put key into
317 * buff buffer containing the encoded key
318 * buff_len the length of the buffer
320 * n >= 0 Foot print of the key converted
321 * n < 0 Error in conversion
325 dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff,
326 const unsigned buff_len)
328 const char *p = buff, *eol;
329 u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode
330 * it should probably be fixed rather than doing
334 unsigned key_len, len;
341 memset(key, 0, sizeof(key));
343 if (!dst_s_verify_str(&p, "Key: "))
346 eol = strchr(p, '\n');
350 tmp = malloc(len + 2);
353 key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */
354 SAFE_FREE2(tmp, len + 2);
356 if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) {
363 * dst_hmac_md5_to_dns_key()
364 * function to extract hmac key from DST_KEY structure
366 * in_key: HMAC-MD5 key
368 * out_str: buffer to write ot
369 * out_len: size of output buffer
371 * number of bytes written to output buffer
374 dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str,
375 const unsigned out_len)
381 if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
382 out_len <= in_key->dk_key_size || out_str == NULL)
385 hkey = (HMAC_Key *) in_key->dk_KEY_struct;
386 for (i = 0; i < in_key->dk_key_size; i++)
387 out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
391 /**************************************************************************
392 * dst_hmac_md5_compare_keys
393 * Compare two keys for equality.
395 * 0 The keys are equal
396 * NON-ZERO The keys are not equal
400 dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
402 HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct;
403 HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct;
404 return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN);
407 /**************************************************************************
408 * dst_hmac_md5_free_key_structure
409 * Frees all (none) dynamically allocated structures in hkey
413 dst_hmac_md5_free_key_structure(void *key)
415 HMAC_Key *hkey = key;
421 /***************************************************************************
422 * dst_hmac_md5_generate_key
423 * Creates a HMAC key of size size with a maximum size of 63 bytes
424 * generating a HMAC key larger than 63 bytes makes no sense as that key
425 * is digested before use.
429 dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
435 if (key == NULL || key->dk_alg != KEY_HMAC_MD5)
437 size = (key->dk_key_size + 7) / 8; /* convert to bytes */
441 len = size > 64 ? 64 : size;
442 buff = malloc(len+8);
444 n = dst_random(DST_RAND_SEMI, len, buff);
445 n += dst_random(DST_RAND_KEY, len, buff);
446 if (n <= len) { /* failed getting anything */
447 SAFE_FREE2(buff, len);
450 n = dst_buffer_to_hmac_md5(key, buff, len);
451 SAFE_FREE2(buff, len);
458 * dst_hmac_md5_init() Function to answer set up function pointers for HMAC
464 if (dst_t_func[KEY_HMAC_MD5] != NULL)
466 dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func));
467 if (dst_t_func[KEY_HMAC_MD5] == NULL)
469 memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func));
470 dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign;
471 dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify;
472 dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys;
473 dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key;
474 dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure;
475 dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key;
476 dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5;
477 dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format;
478 dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format;