#include "db_config.h"
#ifndef lint
static const char revid[] = "$Id: hmac.c,v 1.2 2004/03/30 01:23:29 jtownsen Exp $";
#endif
#ifndef NO_SYSTEM_INCLUDES
#include <string.h>
#endif
#include "db_int.h"
#include "dbinc/crypto.h"
#include "dbinc/db_page.h"
#include "dbinc/hash.h"
#include "dbinc/hmac.h"
#define HMAC_OUTPUT_SIZE 20
#define HMAC_BLOCK_SIZE 64
static void __db_hmac __P((u_int8_t *, u_int8_t *, size_t, u_int8_t *));
static void
__db_hmac(k, data, data_len, mac)
u_int8_t *k, *data, *mac;
size_t data_len;
{
SHA1_CTX ctx;
u_int8_t key[HMAC_BLOCK_SIZE];
u_int8_t ipad[HMAC_BLOCK_SIZE];
u_int8_t opad[HMAC_BLOCK_SIZE];
u_int8_t tmp[HMAC_OUTPUT_SIZE];
int i;
memset(key, 0x00, HMAC_BLOCK_SIZE);
memset(ipad, 0x36, HMAC_BLOCK_SIZE);
memset(opad, 0x5C, HMAC_BLOCK_SIZE);
memcpy(key, k, HMAC_OUTPUT_SIZE);
for (i = 0; i < HMAC_BLOCK_SIZE; i++) {
ipad[i] ^= key[i];
opad[i] ^= key[i];
}
__db_SHA1Init(&ctx);
__db_SHA1Update(&ctx, ipad, HMAC_BLOCK_SIZE);
__db_SHA1Update(&ctx, data, data_len);
__db_SHA1Final(tmp, &ctx);
__db_SHA1Init(&ctx);
__db_SHA1Update(&ctx, opad, HMAC_BLOCK_SIZE);
__db_SHA1Update(&ctx, tmp, HMAC_OUTPUT_SIZE);
__db_SHA1Final(mac, &ctx);
return;
}
void
__db_chksum(data, data_len, mac_key, store)
u_int8_t *data;
size_t data_len;
u_int8_t *mac_key;
u_int8_t *store;
{
int sumlen;
u_int32_t hash4;
u_int8_t tmp[DB_MAC_KEY];
if (mac_key == NULL)
sumlen = sizeof(u_int32_t);
else
sumlen = DB_MAC_KEY;
memset(store, 0, sumlen);
if (mac_key == NULL) {
hash4 = __ham_func4(NULL, data, (u_int32_t)data_len);
memcpy(store, &hash4, sumlen);
} else {
memset(tmp, 0, DB_MAC_KEY);
__db_hmac(mac_key, data, data_len, tmp);
memcpy(store, tmp, sumlen);
}
return;
}
void
__db_derive_mac(passwd, plen, mac_key)
u_int8_t *passwd;
size_t plen;
u_int8_t *mac_key;
{
SHA1_CTX ctx;
__db_SHA1Init(&ctx);
__db_SHA1Update(&ctx, passwd, plen);
__db_SHA1Update(&ctx, (u_int8_t *)DB_MAC_MAGIC, strlen(DB_MAC_MAGIC));
__db_SHA1Update(&ctx, passwd, plen);
__db_SHA1Final(mac_key, &ctx);
return;
}
int
__db_check_chksum(dbenv, db_cipher, chksum, data, data_len, is_hmac)
DB_ENV *dbenv;
DB_CIPHER *db_cipher;
u_int8_t *chksum;
void *data;
size_t data_len;
int is_hmac;
{
int ret;
size_t sum_len;
u_int32_t hash4;
u_int8_t *mac_key, old[DB_MAC_KEY], new[DB_MAC_KEY];
if (is_hmac == 0) {
if (db_cipher != NULL) {
__db_err(dbenv,
"Unencrypted checksum with a supplied encryption key");
return (EINVAL);
}
sum_len = sizeof(u_int32_t);
mac_key = NULL;
} else {
if (db_cipher == NULL) {
__db_err(dbenv,
"Encrypted checksum: no encryption key specified");
return (EINVAL);
}
sum_len = DB_MAC_KEY;
mac_key = db_cipher->mac_key;
}
memcpy(old, chksum, sum_len);
memset(chksum, 0, sum_len);
if (mac_key == NULL) {
hash4 = __ham_func4(NULL, data, (u_int32_t)data_len);
ret = memcmp((u_int32_t *)old, &hash4, sum_len) ? -1 : 0;
} else {
__db_hmac(mac_key, data, data_len, new);
ret = memcmp(old, new, sum_len) ? -1 : 0;
}
return (ret);
}