search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync with HEAD.
[dragonfly.git] / contrib / dhcp-3.0 / dst / hmac_link.c
blob90b92e2c23cb1111bfe11e040abcc7029fffa46f
1 #ifdef HMAC_MD5
2 #ifndef LINT
3 static const char rcsid[] = "$Header: /proj/cvs/prod/DHCP/dst/hmac_link.c,v 1.1 2001/02/22 07:22:08 mellon Exp $";
4 #endif
5 /*
6 * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
7 *
8 * Permission to use, copy modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
13 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
14 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
15 * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
16 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
17 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
18 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
19 * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
20 */
21
22 /*
23 * This file contains an implementation of the HMAC-MD5 algorithm.
24 */
25
26 #include <stdio.h>
27 #include <unistd.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <memory.h>
31 #include <sys/param.h>
32 #include <sys/time.h>
33 #include <netinet/in.h>
34 #include <sys/socket.h>
35
36 #include "minires/minires.h"
37 #include "arpa/nameser.h"
38
39 #include "dst_internal.h"
40
41 #ifdef USE_MD5
42 # include "md5.h"
43 # ifndef _MD5_H_
44 # define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */
45 # endif
46 #endif
47
48 #define HMAC_LEN 64
49 #define HMAC_IPAD 0x36
50 #define HMAC_OPAD 0x5c
51 #define MD5_LEN 16
52
53
54 typedef struct hmackey {
55 u_char hk_ipad[64], hk_opad[64];
56 } HMAC_Key;
57
58
59 /**************************************************************************
60 * dst_hmac_md5_sign
61 * Call HMAC signing functions to sign a block of data.
62 * There are three steps to signing, INIT (initialize structures),
63 * UPDATE (hash (more) data), FINAL (generate a signature). This
64 * routine performs one or more of these steps.
65 * Parameters
66 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
67 * priv_key key to use for signing.
68 * context the context to be used in this digest
69 * data data to be signed.
70 * len length in bytes of data.
71 * signature location to store signature.
72 * sig_len size of the signature location
73 * returns
74 * N Success on SIG_MODE_FINAL = returns signature length in bytes
75 * 0 Success on SIG_MODE_INIT and UPDATE
76 * <0 Failure
77 */
78
79 static int
80 dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
81 const u_char *data, const unsigned len,
82 u_char *signature, const unsigned sig_len)
83 {
84 HMAC_Key *key;
85 int sign_len = 0;
86 MD5_CTX *ctx = NULL;
87
88 if (mode & SIG_MODE_INIT)
89 ctx = (MD5_CTX *) malloc(sizeof(*ctx));
90 else if (context)
91 ctx = (MD5_CTX *) *context;
92 if (ctx == NULL)
93 return (-1);
94
95 if (d_key == NULL || d_key->dk_KEY_struct == NULL)
96 return (-1);
97 key = (HMAC_Key *) d_key->dk_KEY_struct;
98
99 if (mode & SIG_MODE_INIT) {
100 MD5Init(ctx);
101 MD5Update(ctx, key->hk_ipad, HMAC_LEN);
102 }
103
104 if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
105 MD5Update(ctx, (const unsigned char *)data, len);
106
107 if (mode & SIG_MODE_FINAL) {
108 if (signature == NULL || sig_len < MD5_LEN)
109 return (SIGN_FINAL_FAILURE);
110 MD5Final(signature, ctx);
111
112 /* perform outer MD5 */
113 MD5Init(ctx);
114 MD5Update(ctx, key->hk_opad, HMAC_LEN);
115 MD5Update(ctx, signature, MD5_LEN);
116 MD5Final(signature, ctx);
117 sign_len = MD5_LEN;
118 SAFE_FREE(ctx);
119 }
120 else {
121 if (context == NULL)
122 return (-1);
123 *context = (void *) ctx;
124 }
125 return (sign_len);
126 }
127
128
129 /**************************************************************************
130 * dst_hmac_md5_verify()
131 * Calls HMAC verification routines. There are three steps to
132 * verification, INIT (initialize structures), UPDATE (hash (more) data),
133 * FINAL (generate a signature). This routine performs one or more of
134 * these steps.
135 * Parameters
136 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
137 * dkey key to use for verify.
138 * data data signed.
139 * len length in bytes of data.
140 * signature signature.
141 * sig_len length in bytes of signature.
142 * returns
143 * 0 Success
144 * <0 Failure
145 */
146
147 static int
148 dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
149 const u_char *data, const unsigned len,
150 const u_char *signature, const unsigned sig_len)
151 {
152 HMAC_Key *key;
153 MD5_CTX *ctx = NULL;
154
155 if (mode & SIG_MODE_INIT)
156 ctx = (MD5_CTX *) malloc(sizeof(*ctx));
157 else if (context)
158 ctx = (MD5_CTX *) *context;
159 if (ctx == NULL)
160 return (-1);
161
162 if (d_key == NULL || d_key->dk_KEY_struct == NULL)
163 return (-1);
164
165 key = (HMAC_Key *) d_key->dk_KEY_struct;
166 if (mode & SIG_MODE_INIT) {
167 MD5Init(ctx);
168 MD5Update(ctx, key->hk_ipad, HMAC_LEN);
169 }
170 if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
171 MD5Update(ctx, (const unsigned char *)data, len);
172
173 if (mode & SIG_MODE_FINAL) {
174 u_char digest[MD5_LEN];
175 if (signature == NULL || key == NULL || sig_len != MD5_LEN)
176 return (VERIFY_FINAL_FAILURE);
177 MD5Final(digest, ctx);
178
179 /* perform outer MD5 */
180 MD5Init(ctx);
181 MD5Update(ctx, key->hk_opad, HMAC_LEN);
182 MD5Update(ctx, digest, MD5_LEN);
183 MD5Final(digest, ctx);
184
185 SAFE_FREE(ctx);
186 if (memcmp(digest, signature, MD5_LEN) != 0)
187 return (VERIFY_FINAL_FAILURE);
188 }
189 else {
190 if (context == NULL)
191 return (-1);
192 *context = (void *) ctx;
193 }
194 return (0);
195 }
196
197
198 /**************************************************************************
199 * dst_buffer_to_hmac_md5
200 * Converts key from raw data to an HMAC Key
201 * This function gets in a pointer to the data
202 * Parameters
203 * hkey the HMAC key to be filled in
204 * key the key in raw format
205 * keylen the length of the key
206 * Return
207 * 0 Success
208 * <0 Failure
209 */
210 static int
211 dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const unsigned keylen)
212 {
213 int i;
214 HMAC_Key *hkey = NULL;
215 MD5_CTX ctx;
216 unsigned local_keylen = keylen;
217
218 if (dkey == NULL || key == NULL || keylen < 0)
219 return (-1);
220
221 if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
222 return (-2);
223
224 memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad));
225 memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad));
226
227 /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */
228 if (keylen > HMAC_LEN) {
229 u_char tk[MD5_LEN];
230 MD5Init(&ctx);
231 MD5Update(&ctx, (const unsigned char *)key, keylen);
232 MD5Final(tk, &ctx);
233 memset((void *) &ctx, 0, sizeof(ctx));
234 key = tk;
235 local_keylen = MD5_LEN;
236 }
237 /* start out by storing key in pads */
238 memcpy(hkey->hk_ipad, key, local_keylen);
239 memcpy(hkey->hk_opad, key, local_keylen);
240
241 /* XOR key with hk_ipad and opad values */
242 for (i = 0; i < HMAC_LEN; i++) {
243 hkey->hk_ipad[i] ^= HMAC_IPAD;
244 hkey->hk_opad[i] ^= HMAC_OPAD;
245 }
246 dkey->dk_key_size = local_keylen;
247 dkey->dk_KEY_struct = (void *) hkey;
248 return (1);
249 }
250
251
252 /**************************************************************************
253 * dst_hmac_md5_key_to_file_format
254 * Encodes an HMAC Key into the portable file format.
255 * Parameters
256 * hkey HMAC KEY structure
257 * buff output buffer
258 * buff_len size of output buffer
259 * Return
260 * 0 Failure - null input hkey
261 * -1 Failure - not enough space in output area
262 * N Success - Length of data returned in buff
263 */
264
265 static int
266 dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
267 const unsigned buff_len)
268 {
269 char *bp;
270 int i;
271 unsigned len, b_len, key_len;
272 u_char key[HMAC_LEN];
273 HMAC_Key *hkey;
274
275 if (dkey == NULL || dkey->dk_KEY_struct == NULL)
276 return (0);
277 if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
278 return (-1); /* no OR not enough space in output area */
279
280 hkey = (HMAC_Key *) dkey->dk_KEY_struct;
281 memset(buff, 0, buff_len); /* just in case */
282 /* write file header */
283 sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
284
285 bp = (char *) strchr(buff, '\0');
286 b_len = buff_len - (bp - buff);
287
288 memset(key, 0, HMAC_LEN);
289 for (i = 0; i < HMAC_LEN; i++)
290 key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
291 for (i = HMAC_LEN - 1; i >= 0; i--)
292 if (key[i] != 0)
293 break;
294 key_len = i + 1;
295
296 strcat(bp, "Key: ");
297 bp += strlen("Key: ");
298 b_len = buff_len - (bp - buff);
299
300 len = b64_ntop(key, key_len, bp, b_len);
301 if (len < 0)
302 return (-1);
303 bp += len;
304 *(bp++) = '\n';
305 *bp = '\0';
306 b_len = buff_len - (bp - buff);
307
308 return (buff_len - b_len);
309 }
310
311
312 /**************************************************************************
313 * dst_hmac_md5_key_from_file_format
314 * Converts contents of a key file into an HMAC key.
315 * Parameters
316 * hkey structure to put key into
317 * buff buffer containing the encoded key
318 * buff_len the length of the buffer
319 * Return
320 * n >= 0 Foot print of the key converted
321 * n < 0 Error in conversion
322 */
323
324 static int
325 dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff,
326 const unsigned buff_len)
327 {
328 const char *p = buff, *eol;
329 u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode
330 * it should probably be fixed rather than doing
331 * this
332 */
333 u_char *tmp;
334 unsigned key_len, len;
335
336 if (dkey == NULL)
337 return (-2);
338 if (buff == NULL)
339 return (-1);
340
341 memset(key, 0, sizeof(key));
342
343 if (!dst_s_verify_str(&p, "Key: "))
344 return (-3);
345
346 eol = strchr(p, '\n');
347 if (eol == NULL)
348 return (-4);
349 len = eol - p;
350 tmp = malloc(len + 2);
351 memcpy(tmp, p, len);
352 *(tmp + len) = 0x0;
353 key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */
354 SAFE_FREE2(tmp, len + 2);
355
356 if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) {
357 return (-6);
358 }
359 return (0);
360 }
361
362 /*
363 * dst_hmac_md5_to_dns_key()
364 * function to extract hmac key from DST_KEY structure
365 * intput:
366 * in_key: HMAC-MD5 key
367 * output:
368 * out_str: buffer to write ot
369 * out_len: size of output buffer
370 * returns:
371 * number of bytes written to output buffer
372 */
373 static int
374 dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str,
375 const unsigned out_len)
376 {
377
378 HMAC_Key *hkey;
379 int i;
380
381 if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
382 out_len <= in_key->dk_key_size || out_str == NULL)
383 return (-1);
384
385 hkey = (HMAC_Key *) in_key->dk_KEY_struct;
386 for (i = 0; i < in_key->dk_key_size; i++)
387 out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
388 return (i);
389 }
390
391 /**************************************************************************
392 * dst_hmac_md5_compare_keys
393 * Compare two keys for equality.
394 * Return
395 * 0 The keys are equal
396 * NON-ZERO The keys are not equal
397 */
398
399 static int
400 dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
401 {
402 HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct;
403 HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct;
404 return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN);
405 }
406
407 /**************************************************************************
408 * dst_hmac_md5_free_key_structure
409 * Frees all (none) dynamically allocated structures in hkey
410 */
411
412 static void *
413 dst_hmac_md5_free_key_structure(void *key)
414 {
415 HMAC_Key *hkey = key;
416 SAFE_FREE(hkey);
417 return (NULL);
418 }
419
420
421 /***************************************************************************
422 * dst_hmac_md5_generate_key
423 * Creates a HMAC key of size size with a maximum size of 63 bytes
424 * generating a HMAC key larger than 63 bytes makes no sense as that key
425 * is digested before use.
426 */
427
428 static int
429 dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
430 {
431 u_char *buff;
432 int n;
433 unsigned size, len;
434
435 if (key == NULL || key->dk_alg != KEY_HMAC_MD5)
436 return (0);
437 size = (key->dk_key_size + 7) / 8; /* convert to bytes */
438 if (size <= 0)
439 return(0);
440
441 len = size > 64 ? 64 : size;
442 buff = malloc(len+8);
443
444 n = dst_random(DST_RAND_SEMI, len, buff);
445 n += dst_random(DST_RAND_KEY, len, buff);
446 if (n <= len) { /* failed getting anything */
447 SAFE_FREE2(buff, len);
448 return (-1);
449 }
450 n = dst_buffer_to_hmac_md5(key, buff, len);
451 SAFE_FREE2(buff, len);
452 if (n <= 0)
453 return (n);
454 return (1);
455 }
456
457 /*
458 * dst_hmac_md5_init() Function to answer set up function pointers for HMAC
459 * related functions
460 */
461 int
462 dst_hmac_md5_init()
463 {
464 if (dst_t_func[KEY_HMAC_MD5] != NULL)
465 return (1);
466 dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func));
467 if (dst_t_func[KEY_HMAC_MD5] == NULL)
468 return (0);
469 memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func));
470 dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign;
471 dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify;
472 dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys;
473 dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key;
474 dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure;
475 dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key;
476 dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5;
477 dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format;
478 dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format;
479 return (1);
480 }
481
482 #else
483 int
484 dst_hmac_md5_init(){
485 return (0);
486 }
487 #endif
488
489
490
491
492
493
494
DragonFly BSD