#ifdef HMAC_MD5
#ifndef LINT
static const char rcsid[] = "$Header: /cvs/root/netinfo/resolver/dst_hmac_link.c,v 1.2 2003/02/18 16:52:03 majka Exp $";
#endif
#ifndef __APPLE__
#include "port_before.h"
#endif
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <memory.h>
#include <sys/param.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#include "dst_internal.h"
#ifdef USE_MD5
# include "md5.h"
# ifndef _MD5_H_
# define _MD5_H_ 1
# endif
#endif
#ifndef __APPLE__
#include "port_after.h"
#endif
#define HMAC_LEN 64
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c
#define MD5_LEN 16
typedef struct hmackey {
u_char hk_ipad[64], hk_opad[64];
} HMAC_Key;
static int
dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context,
const u_char *data, const int len,
u_char *signature, const int sig_len)
{
HMAC_Key *key;
int sign_len = 0;
MD5_CTX *ctx = NULL;
if (mode & SIG_MODE_INIT)
ctx = (MD5_CTX *) malloc(sizeof(*ctx));
else if (context)
ctx = (MD5_CTX *) *context;
if (ctx == NULL)
return (-1);
if (d_key == NULL || d_key->dk_KEY_struct == NULL)
return (-1);
key = (HMAC_Key *) d_key->dk_KEY_struct;
if (mode & SIG_MODE_INIT) {
MD5Init(ctx);
MD5Update(ctx, key->hk_ipad, HMAC_LEN);
}
if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
MD5Update(ctx, data, len);
if (mode & SIG_MODE_FINAL) {
if (signature == NULL || sig_len < MD5_LEN)
return (SIGN_FINAL_FAILURE);
MD5Final(signature, ctx);
MD5Init(ctx);
MD5Update(ctx, key->hk_opad, HMAC_LEN);
MD5Update(ctx, signature, MD5_LEN);
MD5Final(signature, ctx);
sign_len = MD5_LEN;
SAFE_FREE(ctx);
}
else {
if (context == NULL)
return (-1);
*context = (void *) ctx;
}
return (sign_len);
}
static int
dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context,
const u_char *data, const int len,
const u_char *signature, const int sig_len)
{
HMAC_Key *key;
MD5_CTX *ctx = NULL;
if (mode & SIG_MODE_INIT)
ctx = (MD5_CTX *) malloc(sizeof(*ctx));
else if (context)
ctx = (MD5_CTX *) *context;
if (ctx == NULL)
return (-1);
if (d_key == NULL || d_key->dk_KEY_struct == NULL)
return (-1);
key = (HMAC_Key *) d_key->dk_KEY_struct;
if (mode & SIG_MODE_INIT) {
MD5Init(ctx);
MD5Update(ctx, key->hk_ipad, HMAC_LEN);
}
if ((mode & SIG_MODE_UPDATE) && (data && len > 0))
MD5Update(ctx, data, len);
if (mode & SIG_MODE_FINAL) {
u_char digest[MD5_LEN];
if (signature == NULL || key == NULL || sig_len != MD5_LEN)
return (VERIFY_FINAL_FAILURE);
MD5Final(digest, ctx);
MD5Init(ctx);
MD5Update(ctx, key->hk_opad, HMAC_LEN);
MD5Update(ctx, digest, MD5_LEN);
MD5Final(digest, ctx);
SAFE_FREE(ctx);
if (memcmp(digest, signature, MD5_LEN) != 0)
return (VERIFY_FINAL_FAILURE);
}
else {
if (context == NULL)
return (-1);
*context = (void *) ctx;
}
return (0);
}
static int
dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const int keylen)
{
int i;
HMAC_Key *hkey = NULL;
MD5_CTX ctx;
int local_keylen = keylen;
if (dkey == NULL || key == NULL || keylen < 0)
return (-1);
if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL)
return (-2);
memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad));
memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad));
if (keylen > HMAC_LEN) {
u_char tk[MD5_LEN];
MD5Init(&ctx);
MD5Update(&ctx, key, keylen);
MD5Final(tk, &ctx);
memset((void *) &ctx, 0, sizeof(ctx));
key = tk;
local_keylen = MD5_LEN;
}
memcpy(hkey->hk_ipad, key, local_keylen);
memcpy(hkey->hk_opad, key, local_keylen);
for (i = 0; i < HMAC_LEN; i++) {
hkey->hk_ipad[i] ^= HMAC_IPAD;
hkey->hk_opad[i] ^= HMAC_OPAD;
}
dkey->dk_key_size = local_keylen;
dkey->dk_KEY_struct = (void *) hkey;
return (1);
}
static int
dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff,
const int buff_len)
{
char *bp;
int len, b_len, i, key_len;
u_char key[HMAC_LEN];
HMAC_Key *hkey;
if (dkey == NULL || dkey->dk_KEY_struct == NULL)
return (0);
if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
return (-1);
hkey = (HMAC_Key *) dkey->dk_KEY_struct;
memset(buff, 0, buff_len);
sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC");
bp = (char *) strchr(buff, '\0');
b_len = buff_len - (bp - buff);
memset(key, 0, HMAC_LEN);
for (i = 0; i < HMAC_LEN; i++)
key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
for (i = HMAC_LEN - 1; i >= 0; i--)
if (key[i] != 0)
break;
key_len = i + 1;
strcat(bp, "Key: ");
bp += strlen("Key: ");
b_len = buff_len - (bp - buff);
len = b64_ntop(key, key_len, bp, b_len);
if (len < 0)
return (-1);
bp += len;
*(bp++) = '\n';
*bp = '\0';
b_len = buff_len - (bp - buff);
return (buff_len - b_len);
}
static int
dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff,
const int buff_len)
{
const char *p = buff, *eol;
u_char key[HMAC_LEN+1];
u_char *tmp;
int key_len, len;
if (dkey == NULL)
return (-2);
if (buff == NULL || buff_len < 0)
return (-1);
memset(key, 0, sizeof(key));
if (!dst_s_verify_str(&p, "Key: "))
return (-3);
eol = strchr(p, '\n');
if (eol == NULL)
return (-4);
len = eol - p;
tmp = malloc(len + 2);
memcpy(tmp, p, len);
*(tmp + len) = 0x0;
key_len = b64_pton((char *)tmp, key, HMAC_LEN+1);
SAFE_FREE2(tmp, len + 2);
if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) {
return (-6);
}
return (0);
}
static int
dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str,
const int out_len)
{
HMAC_Key *hkey;
int i;
if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
out_len <= in_key->dk_key_size || out_str == NULL)
return (-1);
hkey = (HMAC_Key *) in_key->dk_KEY_struct;
for (i = 0; i < in_key->dk_key_size; i++)
out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD;
return (i);
}
static int
dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
{
HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct;
HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct;
return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN);
}
static void *
dst_hmac_md5_free_key_structure(void *key)
{
HMAC_Key *hkey = key;
SAFE_FREE(hkey);
return (NULL);
}
static int
dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
{
(void)key;
(void)nothing;
return (-1);
}
int
dst_hmac_md5_init()
{
if (dst_t_func[KEY_HMAC_MD5] != NULL)
return (1);
dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func));
if (dst_t_func[KEY_HMAC_MD5] == NULL)
return (0);
memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func));
dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign;
dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify;
dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys;
dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key;
dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure;
dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key;
dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5;
dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format;
dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format;
return (1);
}
#else
#define dst_hmac_md5_init res_9_dst_hmac_md5_init
int
dst_hmac_md5_init(){
return (0);
}
#endif