/contrib/bind9/lib/isc/hmacmd5.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 149 lines · 91 code · 23 blank · 35 comment · 4 complexity · ae21a8c9470eff6ea68028f860e795b0 MD5 · raw file

  1. /*
  2. * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
  3. * Copyright (C) 2000, 2001 Internet Software Consortium.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15. * PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. /* $Id: hmacmd5.c,v 1.16 2009/02/06 23:47:42 tbox Exp $ */
  18. /*! \file
  19. * This code implements the HMAC-MD5 keyed hash algorithm
  20. * described in RFC2104.
  21. */
  22. #include "config.h"
  23. #include <isc/assertions.h>
  24. #include <isc/hmacmd5.h>
  25. #include <isc/md5.h>
  26. #include <isc/platform.h>
  27. #include <isc/string.h>
  28. #include <isc/types.h>
  29. #include <isc/util.h>
  30. #ifdef ISC_PLATFORM_OPENSSLHASH
  31. void
  32. isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
  33. unsigned int len)
  34. {
  35. HMAC_Init(ctx, (const void *) key, (int) len, EVP_md5());
  36. }
  37. void
  38. isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
  39. HMAC_CTX_cleanup(ctx);
  40. }
  41. void
  42. isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
  43. unsigned int len)
  44. {
  45. HMAC_Update(ctx, buf, (int) len);
  46. }
  47. void
  48. isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
  49. HMAC_Final(ctx, digest, NULL);
  50. HMAC_CTX_cleanup(ctx);
  51. }
  52. #else
  53. #define PADLEN 64
  54. #define IPAD 0x36
  55. #define OPAD 0x5C
  56. /*!
  57. * Start HMAC-MD5 process. Initialize an md5 context and digest the key.
  58. */
  59. void
  60. isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
  61. unsigned int len)
  62. {
  63. unsigned char ipad[PADLEN];
  64. int i;
  65. memset(ctx->key, 0, sizeof(ctx->key));
  66. if (len > sizeof(ctx->key)) {
  67. isc_md5_t md5ctx;
  68. isc_md5_init(&md5ctx);
  69. isc_md5_update(&md5ctx, key, len);
  70. isc_md5_final(&md5ctx, ctx->key);
  71. } else
  72. memcpy(ctx->key, key, len);
  73. isc_md5_init(&ctx->md5ctx);
  74. memset(ipad, IPAD, sizeof(ipad));
  75. for (i = 0; i < PADLEN; i++)
  76. ipad[i] ^= ctx->key[i];
  77. isc_md5_update(&ctx->md5ctx, ipad, sizeof(ipad));
  78. }
  79. void
  80. isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
  81. isc_md5_invalidate(&ctx->md5ctx);
  82. memset(ctx->key, 0, sizeof(ctx->key));
  83. }
  84. /*!
  85. * Update context to reflect the concatenation of another buffer full
  86. * of bytes.
  87. */
  88. void
  89. isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
  90. unsigned int len)
  91. {
  92. isc_md5_update(&ctx->md5ctx, buf, len);
  93. }
  94. /*!
  95. * Compute signature - finalize MD5 operation and reapply MD5.
  96. */
  97. void
  98. isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
  99. unsigned char opad[PADLEN];
  100. int i;
  101. isc_md5_final(&ctx->md5ctx, digest);
  102. memset(opad, OPAD, sizeof(opad));
  103. for (i = 0; i < PADLEN; i++)
  104. opad[i] ^= ctx->key[i];
  105. isc_md5_init(&ctx->md5ctx);
  106. isc_md5_update(&ctx->md5ctx, opad, sizeof(opad));
  107. isc_md5_update(&ctx->md5ctx, digest, ISC_MD5_DIGESTLENGTH);
  108. isc_md5_final(&ctx->md5ctx, digest);
  109. isc_hmacmd5_invalidate(ctx);
  110. }
  111. #endif /* !ISC_PLATFORM_OPENSSLHASH */
  112. /*!
  113. * Verify signature - finalize MD5 operation and reapply MD5, then
  114. * compare to the supplied digest.
  115. */
  116. isc_boolean_t
  117. isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest) {
  118. return (isc_hmacmd5_verify2(ctx, digest, ISC_MD5_DIGESTLENGTH));
  119. }
  120. isc_boolean_t
  121. isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len) {
  122. unsigned char newdigest[ISC_MD5_DIGESTLENGTH];
  123. REQUIRE(len <= ISC_MD5_DIGESTLENGTH);
  124. isc_hmacmd5_sign(ctx, newdigest);
  125. return (ISC_TF(memcmp(digest, newdigest, len) == 0));
  126. }