upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add generic hashed message authentication code API (isc_hmac) to replace specific HMAC functions hmacmd5/hmacsha1/hmacsha2...

Browse source
This commit is contained in:
Ondřej Surý 2018-03-20 17:20:50 +00:00
parent 7fd3dc63de
commit b98ac2593c
28 changed files with 1750 additions and 3834 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bin/named/server.c
View file

@ -30,7 +30,7 @@
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#include <isc/httpd.h>
#include <isc/lex.h>
#include <isc/meminfo.h>

6
bin/tests/optional/Makefile.in
View file

@ -49,7 +49,6 @@ XTARGETS = adb_test@EXEEXT@ \
db_test@EXEEXT@ \
dst_test@EXEEXT@ \
gsstest@EXEEXT@ \
hash_test@EXEEXT@ \
fsaccess_test@EXEEXT@ \
inter_test@EXEEXT@ \
lex_test@EXEEXT@ \
@ -78,7 +77,6 @@ XSRCS = adb_test.c \
byname_test.c \
db_test.c \
dst_test.c \
hash_test.c \
fsaccess_test.c \
gsstest.c \
inter_test.c \
@ -167,10 +165,6 @@ name_test@EXEEXT@: name_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ name_test.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
hash_test@EXEEXT@: hash_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ hash_test.@O@ \
${ISCLIBS} ${LIBS}
entropy_test@EXEEXT@: entropy_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy_test.@O@ \
${ISCLIBS} ${LIBS}

244
bin/tests/optional/hash_test.c
View file

@ -1,244 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <config.h>
#include <stdio.h>
#include <string.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/util.h>
#include <isc/print.h>
#include <isc/string.h>
#include <pk11/site.h>
static void
print_digest(const char *s, const char *hash, unsigned char *d,
unsigned int words)
{
unsigned int i, j;
printf("hash (%s) %s:\n\t", hash, s);
for (i = 0; i < words; i++) {
printf(" ");
for (j = 0; j < 4; j++)
printf("%02x", d[i * 4 + j]);
}
printf("\n");
}
int
main(int argc, char **argv) {
isc_hmacmd5_t hmacmd5;
isc_hmacsha1_t hmacsha1;
isc_hmacsha224_t hmacsha224;
isc_hmacsha256_t hmacsha256;
isc_hmacsha384_t hmacsha384;
isc_hmacsha512_t hmacsha512;
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char buffer[1024];
const char *s;
unsigned char key[20];
UNUSED(argc);
UNUSED(argv);
/*
* The 3 HMAC-MD5 examples from RFC2104
*/
s = "Hi There";
memset(key, 0x0b, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacmd5_init(&hmacmd5, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memmove(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
/*
* The 3 HMAC-SHA1 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha1_init(&hmacsha1, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA224 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha224_init(&hmacsha224, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA256 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha256_init(&hmacsha256, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA384 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha384_init(&hmacsha384, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA512 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strlcpy((char *)key, "Jefe", sizeof(key));
isc_hmacsha512_init(&hmacsha512, key, 4);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memmove(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
return (0);
}

1
lib/dns/dst_api.c
View file

@ -35,7 +35,6 @@
#include <isc/buffer.h>
#include <isc/dir.h>
#include <isc/fsaccess.h>
#include <isc/hmacsha.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/once.h>

25
lib/dns/dst_internal.h
View file

@ -38,8 +38,7 @@
#include <isc/types.h>
#include <isc/refcount.h>
#include <isc/stdtime.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#if USE_PKCS11
#include <pk11/pk11.h>
@ -72,12 +71,7 @@ LIBDNS_EXTERNAL_DATA extern isc_mem_t *dst__memory_pool;
typedef struct dst_func dst_func_t;
typedef struct dst_hmacmd5_key dst_hmacmd5_key_t;
typedef struct dst_hmacsha1_key dst_hmacsha1_key_t;
typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
typedef struct dst_hmac_key dst_hmac_key_t;
/*%
* Indicate whether a DST context will be used for signing
@ -113,13 +107,7 @@ struct dst_key {
#if USE_PKCS11
pk11_object_t *pkey;
#endif
dst_hmacmd5_key_t *hmacmd5;
dst_hmacsha1_key_t *hmacsha1;
dst_hmacsha224_key_t *hmacsha224;
dst_hmacsha256_key_t *hmacsha256;
dst_hmacsha384_key_t *hmacsha384;
dst_hmacsha512_key_t *hmacsha512;
dst_hmac_key_t *hmac_key;
} keydata; /*%< pointer to key in crypto pkg fmt */
isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
@ -146,12 +134,7 @@ struct dst_context {
union {
void *generic;
dst_gssapi_signverifyctx_t *gssctx;
isc_hmacmd5_t *hmacmd5ctx;
isc_hmacsha1_t *hmacsha1ctx;
isc_hmacsha224_t *hmacsha224ctx;
isc_hmacsha256_t *hmacsha256ctx;
isc_hmacsha384_t *hmacsha384ctx;
isc_hmacsha512_t *hmacsha512ctx;
isc_hmac_t *hmac_ctx;
EVP_MD_CTX *evp_md_ctx;
#if USE_PKCS11
pk11_context_t *pk11_ctx;

1989
lib/dns/hmac_link.c
View file

File diff suppressed because it is too large Load diff

1
lib/dns/pkcs11rsa_link.c
View file

@ -18,7 +18,6 @@
#include <inttypes.h>
#include <stdbool.h>
#include <isc/hmacmd5.h>
#include <isc/mem.h>
#include <isc/safe.h>
#include <isc/string.h>

55
lib/dns/resolver.c
View file

@ -32,7 +32,7 @@
#ifdef AES_CC
#include <isc/aes.h>
#else
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#endif
#include <dns/acl.h>
@ -2256,53 +2256,38 @@ compute_cc(resquery_t *query, unsigned char *cookie, size_t len) {
digest[i] ^= digest[i + 8];
memmove(cookie, digest, 8);
#endif
#ifdef HMAC_SHA1_CC
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
#if defined(HMAC_SHA1_CC) || defined(HMAC_SHA256_CC)
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char *input = NULL;
unsigned int length = 0;
isc_netaddr_t netaddr;
isc_hmacsha1_t hmacsha1;
INSIST(len >= 8U);
isc_hmacsha1_init(&hmacsha1, query->fctx->res->view->secret,
ISC_SHA1_DIGESTLENGTH);
isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr);
switch (netaddr.family) {
case AF_INET:
isc_hmacsha1_update(&hmacsha1,
(unsigned char *)&netaddr.type.in, 4);
break;
case AF_INET6:
isc_hmacsha1_update(&hmacsha1,
(unsigned char *)&netaddr.type.in6, 16);
break;
}
isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
memmove(cookie, digest, 8);
isc_hmacsha1_invalidate(&hmacsha1);
#if defined(HMAC_SHA1_CC)
isc_md_type_t type = ISC_MD_SHA1;
unsigned int secret_len = ISC_SHA1_DIGESTLENGTH;
#elif defined(HMAC_SHA256_CC)
isc_md_type_t type = ISC_MD_SHA256;
unsigned int secret_len = ISC_SHA256_DIGESTLENGHT;
#endif
#ifdef HMAC_SHA256_CC
unsigned char digest[ISC_SHA256_DIGESTLENGTH];
isc_netaddr_t netaddr;
isc_hmacsha256_t hmacsha256;
INSIST(len >= 8U);
isc_hmacsha256_init(&hmacsha256, query->fctx->res->view->secret,
ISC_SHA256_DIGESTLENGTH);
isc_netaddr_fromsockaddr(&netaddr, &query->addrinfo->sockaddr);
switch (netaddr.family) {
case AF_INET:
isc_hmacsha256_update(&hmacsha256,
(unsigned char *)&netaddr.type.in, 4);
input = (unsigned char *)&netaddr.type.in;
length = 4;
break;
case AF_INET6:
isc_hmacsha256_update(&hmacsha256,
(unsigned char *)&netaddr.type.in6, 16);
input = (unsigned char *)&netaddr.type.in6;
length = 16;
break;
}
isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
RUNTIME_CHECK(isc_hmac(type,
query->fctx->res->view->secret, secret_len,
input, length,
digest, NULL) == ISC_R_SUCCESS);
memmove(cookie, digest, 8);
isc_hmacsha256_invalidate(&hmacsha256);
#endif
}

8
lib/isc/Makefile.in
View file

@ -47,8 +47,8 @@ OBJS = pk11.@O@ pk11_result.@O@ \
aes.@O@ assertions.@O@ backtrace.@O@ base32.@O@ base64.@O@ \
bind9.@O@ buffer.@O@ bufferlist.@O@ \
commandline.@O@ counter.@O@ crc64.@O@ error.@O@ entropy.@O@ \
event.@O@ hash.@O@ ht.@O@ heap.@O@ hex.@O@ hmacmd5.@O@ \
hmacsha.@O@ httpd.@O@ iterated_hash.@O@ \
event.@O@ hash.@O@ ht.@O@ heap.@O@ hex.@O@ hmac.@O@ \
httpd.@O@ iterated_hash.@O@ \
lex.@O@ lfsr.@O@ lib.@O@ log.@O@ \
md.@O@ mem.@O@ mutexblock.@O@ \
netaddr.@O@ netscope.@O@ nonce.@O@ openssl_shim.@O@ pool.@O@ \
@ -65,8 +65,8 @@ SYMTBLOBJS = backtrace-emptytbl.@O@
SRCS = pk11.c pk11_result.c \
aes.c assertions.c backtrace.c base32.c base64.c bind9.c \
buffer.c bufferlist.c commandline.c counter.c crc64.c \
entropy.c error.c event.c hash.c ht.c heap.c hex.c hmacmd5.c \
hmacsha.c httpd.c iterated_hash.c \
entropy.c error.c event.c hash.c ht.c heap.c hex.c hmac.c \
httpd.c iterated_hash.c \
lex.c lfsr.c lib.c log.c \
md.c mem.c mutexblock.c \
netaddr.c netscope.c nonce.c openssl_shim.c pool.c \

151
lib/isc/hmac.c Normal file
View file

@ -0,0 +1,151 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#include <config.h>
#include <isc/assertions.h>
#include <isc/hmac.h>
#include <isc/md.h>
#include <isc/platform.h>
#include <isc/safe.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#include <openssl/hmac.h>
#include <openssl/opensslv.h>
#include "openssl_shim.h"
isc_hmac_t *
isc_hmac_new(void) {
isc_hmac_t *hmac = HMAC_CTX_new();
RUNTIME_CHECK(hmac != NULL);
return (hmac);
}
void
isc_hmac_free(isc_hmac_t *hmac) {
if (ISC_UNLIKELY(hmac == NULL)) {
return;
}
HMAC_CTX_free(hmac);
}
isc_result_t
isc_hmac_init(isc_hmac_t *hmac, const void *key,
size_t keylen, isc_md_type_t md_type)
{
REQUIRE(hmac != NULL);
REQUIRE(key != NULL);
if (md_type == NULL) {
return (ISC_R_NOTIMPLEMENTED);
}
if (HMAC_Init_ex(hmac, key, keylen, md_type, NULL) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hmac_reset(isc_hmac_t *hmac) {
REQUIRE(hmac != NULL);
if (HMAC_CTX_reset(hmac) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hmac_update(isc_hmac_t *hmac, const unsigned char *buf, const size_t len) {
REQUIRE(hmac != NULL);
if (ISC_UNLIKELY(buf == NULL || len == 0)) {
return (ISC_R_SUCCESS);
}
if (HMAC_Update(hmac, buf, len) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_result_t
isc_hmac_final(isc_hmac_t *hmac, unsigned char *digest,
unsigned int *digestlen)
{
REQUIRE(hmac != NULL);
REQUIRE(digest != NULL);
if (HMAC_Final(hmac, digest, digestlen) != 1) {
return (ISC_R_CRYPTOFAILURE);
}
return (ISC_R_SUCCESS);
}
isc_md_type_t
isc_hmac_get_md_type(isc_hmac_t *hmac) {
REQUIRE(hmac != NULL);
return (HMAC_CTX_get_md(hmac));
}
size_t
isc_hmac_get_size(isc_hmac_t *hmac) {
REQUIRE(hmac != NULL);
return ((size_t)EVP_MD_size(HMAC_CTX_get_md(hmac)));
}
int
isc_hmac_get_block_size(isc_hmac_t *hmac) {
REQUIRE(hmac != NULL);
return (EVP_MD_block_size(HMAC_CTX_get_md(hmac)));
}
isc_result_t
isc_hmac(isc_md_type_t type, const void *key, const int keylen,
const unsigned char *buf, const size_t len,
unsigned char *digest, unsigned int *digestlen)
{
isc_hmac_t *hmac = NULL;
isc_result_t res;
hmac = isc_hmac_new();
res = isc_hmac_init(hmac, key, keylen, type);
if (res != ISC_R_SUCCESS) {
goto end;
}
res = isc_hmac_update(hmac, buf, len);
if (res != ISC_R_SUCCESS) {
goto end;
}
res = isc_hmac_final(hmac, digest, digestlen);
if (res != ISC_R_SUCCESS) {
goto end;
}
end:
isc_hmac_free(hmac);
return (res);
}

145
lib/isc/hmacmd5.c
View file

@ -1,145 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <config.h>
#include <stdbool.h>
#include <isc/assertions.h>
#include <isc/hmacmd5.h>
#include <isc/platform.h>
#include <isc/safe.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define HMAC_CTX_new() &(ctx->_ctx), HMAC_CTX_init(&(ctx->_ctx))
#define HMAC_CTX_free(ptr) HMAC_CTX_cleanup(ptr)
#endif
void
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
unsigned int len)
{
ctx->ctx = HMAC_CTX_new();
RUNTIME_CHECK(ctx->ctx != NULL);
RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
(int) len, EVP_md5(), NULL) == 1);
}
void
isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) {
if (ctx->ctx == NULL)
return;
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
void
isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
unsigned int len)
{
RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
}
void
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
RUNTIME_CHECK(HMAC_Final(ctx->ctx, digest, NULL) == 1);
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
/*!
* Verify signature - finalize MD5 operation and reapply MD5, then
* compare to the supplied digest.
*/
bool
isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest) {
return (isc_hmacmd5_verify2(ctx, digest, ISC_MD5_DIGESTLENGTH));
}
bool
isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_MD5_DIGESTLENGTH];
REQUIRE(len <= ISC_MD5_DIGESTLENGTH);
isc_hmacmd5_sign(ctx, newdigest);
return (isc_safe_memequal(digest, newdigest, len));
}
/*
* Check for MD5 support; if it does not work, raise a fatal error.
*
* Use the first test vector from RFC 2104, with a second round using
* a too-short key.
*
* Standard use is testing 0 and expecting result true.
* Testing use is testing 1..4 and expecting result false.
*/
bool
isc_hmacmd5_check(int testing) {
isc_hmacmd5_t ctx;
unsigned char key[] = { /* 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b */
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
};
unsigned char input[] = { /* "Hi There" */
0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
};
unsigned char expected[] = {
0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c,
0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d
};
unsigned char expected2[] = {
0xad, 0xb8, 0x48, 0x05, 0xb8, 0x8d, 0x03, 0xe5,
0x90, 0x1e, 0x4b, 0x05, 0x69, 0xce, 0x35, 0xea
};
bool result;
/*
* Introduce a fault for testing.
*/
switch (testing) {
case 0:
default:
break;
case 1:
key[0] ^= 0x01;
break;
case 2:
input[0] ^= 0x01;
break;
case 3:
expected[0] ^= 0x01;
break;
case 4:
expected2[0] ^= 0x01;
break;
}
/*
* These functions do not return anything; any failure will be fatal.
*/
isc_hmacmd5_init(&ctx, key, 16U);
isc_hmacmd5_update(&ctx, input, 8U);
result = isc_hmacmd5_verify2(&ctx, expected, sizeof(expected));
if (!result) {
return (result);
}
/* Second round using a byte key */
isc_hmacmd5_init(&ctx, key, 1U);
isc_hmacmd5_update(&ctx, input, 8U);
return (isc_hmacmd5_verify2(&ctx, expected2, sizeof(expected2)));
}

357
lib/isc/hmacsha.c
View file

@ -1,357 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
* and HMAC-SHA512 keyed hash algorithm described in RFC 2104 and
* draft-ietf-dnsext-tsig-sha-01.txt.
*/
#include <config.h>
#include <stdbool.h>
#include <isc/assertions.h>
#include <isc/hmacsha.h>
#include <isc/platform.h>
#include <isc/safe.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define HMAC_CTX_new() &(ctx->_ctx), HMAC_CTX_init(&(ctx->_ctx))
#define HMAC_CTX_free(ptr) HMAC_CTX_cleanup(ptr)
#endif
void
isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
unsigned int len)
{
ctx->ctx = HMAC_CTX_new();
RUNTIME_CHECK(ctx->ctx != NULL);
RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
(int) len, EVP_sha1(), NULL) == 1);
}
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
if (ctx->ctx == NULL)
return;
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
void
isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
unsigned int len)
{
RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
}
void
isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
memmove(digest, newdigest, len);
isc_safe_memwipe(newdigest, sizeof(newdigest));
}
void
isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
unsigned int len)
{
ctx->ctx = HMAC_CTX_new();
RUNTIME_CHECK(ctx->ctx != NULL);
RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
(int) len, EVP_sha224(), NULL) == 1);
}
void
isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
if (ctx->ctx == NULL)
return;
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
void
isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
unsigned int len)
{
RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
}
void
isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
memmove(digest, newdigest, len);
isc_safe_memwipe(newdigest, sizeof(newdigest));
}
void
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
unsigned int len)
{
ctx->ctx = HMAC_CTX_new();
RUNTIME_CHECK(ctx->ctx != NULL);
RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
(int) len, EVP_sha256(), NULL) == 1);
}
void
isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
if (ctx->ctx == NULL)
return;
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
void
isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
unsigned int len)
{
RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
}
void
isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
memmove(digest, newdigest, len);
isc_safe_memwipe(newdigest, sizeof(newdigest));
}
void
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
unsigned int len)
{
ctx->ctx = HMAC_CTX_new();
RUNTIME_CHECK(ctx->ctx != NULL);
RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
(int) len, EVP_sha384(), NULL) == 1);
}
void
isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
if (ctx->ctx == NULL)
return;
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
void
isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
unsigned int len)
{
RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
}
void
isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
memmove(digest, newdigest, len);
isc_safe_memwipe(newdigest, sizeof(newdigest));
}
void
isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
unsigned int len)
{
ctx->ctx = HMAC_CTX_new();
RUNTIME_CHECK(ctx->ctx != NULL);
RUNTIME_CHECK(HMAC_Init_ex(ctx->ctx, (const void *) key,
(int) len, EVP_sha512(), NULL) == 1);
}
void
isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
if (ctx->ctx == NULL)
return;
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
}
void
isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
unsigned int len)
{
RUNTIME_CHECK(HMAC_Update(ctx->ctx, buf, (int) len) == 1);
}
void
isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
RUNTIME_CHECK(HMAC_Final(ctx->ctx, newdigest, NULL) == 1);
HMAC_CTX_free(ctx->ctx);
ctx->ctx = NULL;
memmove(digest, newdigest, len);
isc_safe_memwipe(newdigest, sizeof(newdigest));
}
/*
* Verify signature - finalize SHA1 operation and reapply SHA1, then
* compare to the supplied digest.
*/
bool
isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
return (isc_safe_memequal(digest, newdigest, len));
}
/*
* Verify signature - finalize SHA224 operation and reapply SHA224, then
* compare to the supplied digest.
*/
bool
isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
return (isc_safe_memequal(digest, newdigest, len));
}
/*
* Verify signature - finalize SHA256 operation and reapply SHA256, then
* compare to the supplied digest.
*/
bool
isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
return (isc_safe_memequal(digest, newdigest, len));
}
/*
* Verify signature - finalize SHA384 operation and reapply SHA384, then
* compare to the supplied digest.
*/
bool
isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
return (isc_safe_memequal(digest, newdigest, len));
}
/*
* Verify signature - finalize SHA512 operation and reapply SHA512, then
* compare to the supplied digest.
*/
bool
isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
return (isc_safe_memequal(digest, newdigest, len));
}
/*
* Check for SHA-1 support; if it does not work, raise a fatal error.
*
* Use the first test vector from RFC 2104, with a second round using
* a too-short key.
*
* Standard use is testing 0 and expecting result true.
* Testing use is testing 1..4 and expecting result false.
*/
bool
isc_hmacsha1_check(int testing) {
isc_hmacsha1_t ctx;
unsigned char key[] = { /* 20*0x0b */
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
unsigned char input[] = { /* "Hi There" */
0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
};
unsigned char expected[] = {
0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
0xf1, 0x46, 0xbe, 0x00
};
unsigned char expected2[] = {
0xa0, 0x75, 0xe0, 0x5f, 0x7f, 0x17, 0x9d, 0x34,
0xb2, 0xab, 0xc5, 0x19, 0x8f, 0x38, 0x62, 0x36,
0x42, 0xbd, 0xec, 0xde
};
bool result;
/*
* Introduce a fault for testing.
*/
switch (testing) {
case 0:
default:
break;
case 1:
key[0] ^= 0x01;
break;
case 2:
input[0] ^= 0x01;
break;
case 3:
expected[0] ^= 0x01;
break;
case 4:
expected2[0] ^= 0x01;
break;
}
/*
* These functions do not return anything; any failure will be fatal.
*/
isc_hmacsha1_init(&ctx, key, 20U);
isc_hmacsha1_update(&ctx, input, 8U);
result = isc_hmacsha1_verify(&ctx, expected, sizeof(expected));
if (!result) {
return (result);
}
/* Second round using a byte key */
isc_hmacsha1_init(&ctx, key, 1U);
isc_hmacsha1_update(&ctx, input, 8U);
return (isc_hmacsha1_verify(&ctx, expected2, sizeof(expected2)));
}

2
lib/isc/include/isc/Makefile.in
View file

@ -23,7 +23,7 @@ HEADERS = aes.h app.h assertions.h atomic.h backtrace.h base32.h base64.h \
commandline.h counter.h crc64.h deprecated.h \
errno.h error.h event.h eventclass.h \
file.h formatcheck.h fsaccess.h fuzz.h \
hash.h heap.h hex.h hmacmd5.h hmacsha.h ht.h httpd.h \
hash.h heap.h hex.h hmac.h ht.h httpd.h \
interfaceiter.h iterated_hash.h \
json.h lang.h lex.h lfsr.h lib.h likely.h list.h log.h \
magic.h mem.h meminfo.h msgcat.h msgs.h mutexblock.h \

149
lib/isc/include/isc/hmac.h Normal file
View file

@ -0,0 +1,149 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*!
* \file isc/hmac.h
* \brief This is the header for for message authentication code.
*/
#pragma once
#include <config.h>
#include <isc/lang.h>
#include <isc/md.h>
#include <isc/platform.h>
#include <isc/types.h>
#include <isc/result.h>
#include <openssl/hmac.h>
typedef HMAC_CTX isc_hmac_t;
/**
* isc_hmac:
* @type: the digest type
* @key: the key
* @keylen: the length of the key
* @buf: data to hash
* @len: length of the data to hash
* @digest: the output buffer
* @digestlen: the length of the data written to @digest
*
* This function computes the message authentication code using a digest type
* @type with key @key which is @keylen bytes long from data in @buf which is
* @len bytes long, and places the output into @digest, which must have space
* for the hash function output (use ISC_MAX_MD_SIZE if unsure). If the
* @digestlen parameter is not NULL then the number of bytes of data written
* (i.e. the length of the digest) will be written to the @digestlen.
*/
isc_result_t
isc_hmac(isc_md_type_t type, const void *key, const int keylen,
const unsigned char *buf, const size_t len,
unsigned char *digest, unsigned int *digestlen);
/**
* isc_hmac_new:
*
* This function allocates, initializes and returns HMAC context.
*/
isc_hmac_t *
isc_hmac_new(void);
/**
* isc_hmac_free:
* @md: HMAC context
*
* This function cleans up HMAC context and frees up the space allocated to it.
*/
void
isc_hmac_free(isc_hmac_t *hmac);
/**
* isc_hmac_init:
* @md: HMAC context
* @key: HMAC key
* @keylen: HMAC key length
* @type: digest type
*
* This function sets up HMAC context to use a hash function of @type and key
* @key which is @keylen bytes long.
*/
isc_result_t
isc_hmac_init(isc_hmac_t *hmac, const void *key,
size_t keylen, isc_md_type_t type);
/**
* isc_hmac_reset:
* @hmac: HMAC context
*
* This function resets the HMAC context. This can be used to reuse an already
* existing context.
*/
isc_result_t
isc_hmac_reset(isc_hmac_t *hmac);
/**
* isc_hmac_update:
* @hmac: HMAC context
* @buf: data to hash
* @len: length of the data to hash
*
* This function can be called repeatedly with chunks of the message @buf to be
* authenticated which is @len bytes long.
*/
isc_result_t
isc_hmac_update(isc_hmac_t *hmac, const unsigned char *buf, const size_t len);
/**
* isc_hmac_final:
* @hmac: HMAC context
* @digest: the output buffer
* @digestlen: the lenth of the data written to @digest
*
* This function retrieves the message authentication code from @hmac and places
* it in @digest, which must have space for the hash function output. If the
* @digestlen parameter is not NULL then the number of bytes of data written
* (i.e. the length of the digest) will be written to the @digestlen. After
* calling this function no additional calls to isc_hmac_update() can be made.
*/
isc_result_t
isc_hmac_final(isc_hmac_t *hmac, unsigned char *digest,
unsigned int *digestlen);
/**
* isc_hmac_md_type:
* @hmac: HMAC context
*
* This function return the isc_md_type_t previously set for the supplied
* HMAC context or NULL if no isc_md_type_t has been set.
*/
isc_md_type_t
isc_hmac_get_md_type(isc_hmac_t *hmac);
/**
* isc_hmac_get_size:
*
* This function return the size of the message digest when passed an isc_hmac_t
* structure, i.e. the size of the hash.
*/
size_t
isc_hmac_get_size(isc_hmac_t *hmac);
/**
* isc_hmac_get_block_size:
*
* This function return the block size of the message digest when passed an
* isc_hmac_t structure.
*/
int
isc_hmac_get_block_size(isc_hmac_t *hmac);

64
lib/isc/include/isc/hmacmd5.h
View file

@ -1,64 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file isc/hmacmd5.h
* \brief This is the header file for the HMAC-MD5 keyed hash algorithm
* described in RFC2104.
*/
#pragma once
#include <stdbool.h>
#include <isc/lang.h>
#include <isc/md.h>
#include <isc/platform.h>
#include <isc/types.h>
#define ISC_HMACMD5_KEYLENGTH 64
#include <openssl/opensslv.h>
#include <openssl/hmac.h>
typedef struct {
HMAC_CTX *ctx;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX _ctx;
#endif
} isc_hmacmd5_t;
ISC_LANG_BEGINDECLS
void
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
unsigned int len);
void
isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx);
void
isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf,
unsigned int len);
void
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest);
bool
isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest);
bool
isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacmd5_check(int testing);
ISC_LANG_ENDDECLS

145
lib/isc/include/isc/hmacsha.h
View file

@ -1,145 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file isc/hmacsha.h
* This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
* HMAC-SHA334 and HMAC-SHA512 hash algorithm described in RFC 2104.
*/
#pragma once
#include <stdbool.h>
#include <isc/lang.h>
#include <isc/platform.h>
#include <isc/md.h>
#include <isc/types.h>
#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_BLOCK_LENGTH
#define ISC_HMACSHA224_KEYLENGTH ISC_SHA224_BLOCK_LENGTH
#define ISC_HMACSHA256_KEYLENGTH ISC_SHA256_BLOCK_LENGTH
#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH
#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH
#include <openssl/opensslv.h>
#include <openssl/hmac.h>
#define ISC_HMAC_MAX_MD_CBLOCK HMAC_MAX_MD_CBLOCK
typedef struct {
HMAC_CTX *ctx;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
HMAC_CTX _ctx;
#endif
} isc_hmacsha_t;
typedef isc_hmacsha_t isc_hmacsha1_t;
typedef isc_hmacsha_t isc_hmacsha224_t;
typedef isc_hmacsha_t isc_hmacsha256_t;
typedef isc_hmacsha_t isc_hmacsha384_t;
typedef isc_hmacsha_t isc_hmacsha512_t;
ISC_LANG_BEGINDECLS
void
isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
unsigned int len);
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx);
void
isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
unsigned int len);
void
isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacsha1_check(int testing);
void
isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
unsigned int len);
void
isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx);
void
isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
unsigned int len);
void
isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len);
void
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
unsigned int len);
void
isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx);
void
isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
unsigned int len);
void
isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len);
void
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
unsigned int len);
void
isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx);
void
isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
unsigned int len);
void
isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len);
void
isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
unsigned int len);
void
isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx);
void
isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
unsigned int len);
void
isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len);
bool
isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len);
ISC_LANG_ENDDECLS

4
lib/isc/openssl_shim.c
View file

@ -101,5 +101,9 @@ HMAC_CTX_reset(HMAC_CTX *ctx) {
return (1);
}
const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) {
return ctx->md;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L ||
* defined(LIBRESSL_VERSION_NUMBER) */

1
lib/isc/openssl_shim.h
View file

@ -29,6 +29,7 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
HMAC_CTX *HMAC_CTX_new(void);
void HMAC_CTX_free(HMAC_CTX *ctx);
int HMAC_CTX_reset(HMAC_CTX *ctx);
const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L ||
* defined(LIBRESSL_VERSION_NUMBER) */

1
lib/isc/tests/Kyuafile
View file

@ -8,6 +8,7 @@ atf_test_program{name='errno_test'}
atf_test_program{name='file_test'}
atf_test_program{name='hash_test'}
atf_test_program{name='heap_test'}
tap_test_program{name='hmac_test'}
atf_test_program{name='ht_test'}
atf_test_program{name='lex_test'}
tap_test_program{name='md_test'}

9
lib/isc/tests/Makefile.in
View file

@ -34,7 +34,7 @@ OBJS = isctest.@O@
SRCS = isctest.c aes_test.c buffer_test.c \
counter_test.c errno_test.c file_test.c hash_test.c \
heap_test.c ht_test.c lex_test.c \
heap_test.c hmac_test.c ht_test.c lex_test.c \
mem_test.c md_test.c netaddr_test.c parse_test.c pool_test.c \
queue_test.c radix_test.c random_test.c \
regex_test.c result_test.c safe_test.c sockaddr_test.c \
@ -44,7 +44,8 @@ SRCS = isctest.c aes_test.c buffer_test.c \
SUBDIRS =
TARGETS = aes_test@EXEEXT@ buffer_test@EXEEXT@ \
counter_test@EXEEXT@ errno_test@EXEEXT@ file_test@EXEEXT@ \
hash_test@EXEEXT@ heap_test@EXEEXT@ ht_test@EXEEXT@ \
hash_test@EXEEXT@ heap_test@EXEEXT@ hmac_test@EXEEXT@ \
ht_test@EXEEXT@ \
lex_test@EXEEXT@ mem_test@EXEEXT@ md_test@EXEEXT@ \
netaddr_test@EXEEXT@ parse_test@EXEEXT@ pool_test@EXEEXT@ \
queue_test@EXEEXT@ radix_test@EXEEXT@ \
@ -83,6 +84,10 @@ heap_test@EXEEXT@: heap_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
heap_test.@O@ ${ISCLIBS} ${LIBS}
hmac_test@EXEEXT@: hmac_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${CMOCKA_CFLAGS} ${LDFLAGS} -o $@ \
hmac_test.@O@ ${ISCLIBS} ${LIBS} ${CMOCKA_LIBS}
ht_test@EXEEXT@: ht_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
ht_test.@O@ ${ISCLIBS} ${LIBS}

976
lib/isc/tests/hash_test.c
View file

File diff suppressed because it is too large Load diff

962
lib/isc/tests/hmac_test.c Normal file
View file

@ -0,0 +1,962 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/* ! \file */
#include <config.h>
#if HAVE_CMOCKA
#include <stdarg.h>
#include <stddef.h>
#include <setjmp.h>
#include <stdlib.h>
#include <string.h>
#define UNIT_TESTING
#include <cmocka.h>
#include <isc/buffer.h>
#include <isc/hex.h>
#include <isc/region.h>
#include <isc/result.h>
#include <isc/hmac.h>
#include "../hmac.c"
#define TEST_INPUT(x) (x), sizeof(x)-1
static int
_setup(void **state) {
isc_hmac_t *hmac = isc_hmac_new();
if (hmac == NULL) {
return (-1);
}
*state = hmac;
return (0);
}
static int
_teardown(void **state) {
if (*state == NULL) {
return (-1);
}
isc_hmac_free(*state);
return (0);
}
static int
_reset(void **state) {
if (*state == NULL) {
return (-1);
}
if (isc_hmac_reset(*state) != ISC_R_SUCCESS) {
return (-1);
}
return (0);
}
static void
isc_hmac_new_test(void **state) {
UNUSED(state);
isc_hmac_t *hmac = isc_hmac_new();
assert_non_null(hmac);
isc_hmac_free(hmac); /* Cleanup */
}
static void
isc_hmac_free_test(void **state) {
UNUSED(state);
isc_hmac_t *hmac = isc_hmac_new();
assert_non_null(hmac);
isc_hmac_free(hmac); /* Test freeing valid message digest context */
isc_hmac_free(NULL); /* Test freeing NULL argument */
}
static void
isc_hmac_test(isc_hmac_t *hmac, const void *key, size_t keylen,
isc_md_type_t type, const char *buf, size_t buflen,
const char *result, const int repeats)
{
assert_non_null(hmac);
assert_int_equal(isc_hmac_init(hmac, key, keylen, type), ISC_R_SUCCESS);
int i;
for (i = 0; i < repeats; i++) {
assert_int_equal(
isc_hmac_update(hmac,
(const unsigned char *)buf, buflen),
ISC_R_SUCCESS);
}
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen;
assert_int_equal(isc_hmac_final(hmac, digest, &digestlen),
ISC_R_SUCCESS);
char hexdigest[ISC_MAX_MD_SIZE * 2 + 3];
isc_region_t r = { .base = digest,
.length = digestlen
};
isc_buffer_t b;
isc_buffer_init(&b, hexdigest, sizeof(hexdigest));
assert_return_code(isc_hex_totext(&r, 0, "", &b), ISC_R_SUCCESS);
assert_memory_equal(hexdigest, result, (result?strlen(result):0));
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
}
static void
isc_hmac_init_test(void **state) {
isc_hmac_t *hmac = *state;
assert_non_null(hmac);
expect_assert_failure(isc_hmac_init(NULL, "", 0, ISC_MD_MD5));
assert_int_equal(isc_hmac_init(hmac, "", 0, NULL),
ISC_R_NOTIMPLEMENTED);
expect_assert_failure(isc_hmac_init(hmac, NULL, 0, ISC_MD_MD5));
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_MD5), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA1),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA224),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA256),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA384),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA512),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
}
static void
isc_hmac_update_test(void **state) {
isc_hmac_t *hmac = *state;
assert_non_null(hmac);
/* Uses message digest context initialized in isc_hmac_init_test() */
expect_assert_failure(isc_hmac_update(NULL, NULL, 0));
assert_int_equal(isc_hmac_update(hmac, NULL, 100), ISC_R_SUCCESS);
assert_int_equal(isc_hmac_update(hmac, (const unsigned char *)"", 0),
ISC_R_SUCCESS);
}
static void
isc_hmac_reset_test(void **state) {
isc_hmac_t *hmac = *state;
unsigned char digest[ISC_MAX_MD_SIZE] __attribute((unused));
unsigned int digestlen __attribute((unused));
assert_non_null(hmac);
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA512),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_update(hmac, (const unsigned char *)"a", 1),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_update(hmac, (const unsigned char *)"b", 1),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_reset(hmac), ISC_R_SUCCESS);
#if 0
/*
* This test would require OpenSSL compiled with mock_assert(),
* so this could be only manually checked that the test will
* segfault when called by hand
*/
expect_assert_failure(isc_hmac_final(hmac, digest, &digestlen));
#endif
}
static void
isc_hmac_final_test(void **state) {
isc_hmac_t *hmac = *state;
assert_non_null(hmac);
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen;
/* Fail when message digest context is empty */
expect_assert_failure(isc_hmac_final(NULL, digest, &digestlen));
/* Fail when output buffer is empty */
expect_assert_failure(isc_hmac_final(hmac, NULL, &digestlen));
assert_int_equal(isc_hmac_init(hmac, "", 0, ISC_MD_SHA512),
ISC_R_SUCCESS);
assert_int_equal(isc_hmac_final(hmac, digest, NULL), ISC_R_SUCCESS);
}
static void
isc_hmac_md5_test(void **state) {
isc_hmac_t *hmac = *state;
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_MD5, TEST_INPUT(""),
"74E6F7298A9C2D168935F58C001BAD88",
1);
/* Test 1 */
isc_hmac_test(hmac,
TEST_INPUT("\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b"),
ISC_MD_MD5,
TEST_INPUT("\x48\x69\x20\x54\x68\x65\x72\x65"),
"9294727A3638BB1C13F48EF8158BFC9D",
1);
/* Test 2 */
isc_hmac_test(hmac,
TEST_INPUT("Jefe"),
ISC_MD_MD5,
TEST_INPUT("\x77\x68\x61\x74\x20\x64\x6f\x20\x79"
"\x61\x20\x77\x61\x6e\x74\x20\x66\x6f"
"\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f"),
"750C783E6AB0B503EAA86E310A5DB738",
1);
/* Test 3 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_MD5,
TEST_INPUT("\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"),
"56BE34521D144C88DBB8C733F0E8B3F6",
1);
/* Test 4 */
isc_hmac_test(hmac,
TEST_INPUT("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19"),
ISC_MD_MD5,
TEST_INPUT("\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"),
"697EAF0ACA3A3AEA3A75164746FFAA79",
1);
#if 0
/* Test 5 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"),
ISC_MD_MD5,
TEST_INPUT("Test With Truncation"),
"4C1A03424B55E07FE7F27BE1",
1);
/* Test 6 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_MD5,
TEST_INPUT("Test Using Larger Than Block-Size Key - "
"Hash Key First"),
"AA4AE5E15272D00E95705637CE8A3B55ED402112",
1);
/* Test 7 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_MD5,
TEST_INPUT("Test Using Larger Than Block-Size Key and "
"Larger Than One Block-Size Data"),
"E8E99D0F45237D786D6BBAA7965C7808BBFF1A91",
1);
#endif
}
static void
isc_hmac_sha1_test(void **state) {
isc_hmac_t *hmac = *state;
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_SHA1, TEST_INPUT(""),
"FBDB1D1B18AA6C08324B7D64B71FB76370690E1D",
1);
/* Test 1 */
isc_hmac_test(hmac,
TEST_INPUT("\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
ISC_MD_SHA1,
TEST_INPUT("\x48\x69\x20\x54\x68\x65\x72\x65"),
"B617318655057264E28BC0B6FB378C8EF146BE00",
1);
/* Test 2 */
isc_hmac_test(hmac,
TEST_INPUT("Jefe"),
ISC_MD_SHA1,
TEST_INPUT("\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61"
"\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20"
"\x6e\x6f\x74\x68\x69\x6e\x67\x3f"),
"EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79",
1);
/* Test 3 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA1,
TEST_INPUT("\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"),
"125D7342B9AC11CD91A39AF48AA17B4F63F175D3",
1);
/* Test 4 */
isc_hmac_test(hmac,
TEST_INPUT("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19"),
ISC_MD_SHA1,
TEST_INPUT("\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"),
"4C9007F4026250C6BC8414F9BF50C86C2D7235DA",
1);
#if 0
/* Test 5 */
isc_hmac_test(hmac,
TEST_INPUT("\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"),
ISC_MD_SHA1,
TEST_INPUT("Test With Truncation"),
"4C1A03424B55E07FE7F27BE1",
1);
#endif
/* Test 6 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA1,
TEST_INPUT("Test Using Larger Than Block-Size Key - "
"Hash Key First"),
"AA4AE5E15272D00E95705637CE8A3B55ED402112", 1);
/* Test 7 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA1,
TEST_INPUT("Test Using Larger Than Block-Size Key and "
"Larger Than One Block-Size Data"),
"E8E99D0F45237D786D6BBAA7965C7808BBFF1A91",
1);
}
static void
isc_hmac_sha224_test(void **state) {
isc_hmac_t *hmac = *state;
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_SHA224, TEST_INPUT(""),
"5CE14F72894662213E2748D2A6BA234B74263910CEDDE2F5"
"A9271524",
1);
/* Test 1 */
isc_hmac_test(hmac,
TEST_INPUT("\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
ISC_MD_SHA224,
TEST_INPUT("\x48\x69\x20\x54\x68\x65\x72\x65"),
"896FB1128ABBDF196832107CD49DF33F47B4B1169912BA"
"4F53684B22",
1);
/* Test 2 */
isc_hmac_test(hmac,
TEST_INPUT("Jefe"),
ISC_MD_SHA224,
TEST_INPUT("\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61"
"\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20"
"\x6e\x6f\x74\x68\x69\x6e\x67\x3f"),
"A30E01098BC6DBBF45690F3A7E9E6D0F8BBEA2A39E61480"
"08FD05E44",
1);
/* Test 3 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA224,
TEST_INPUT("\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"),
"7FB3CB3588C6C1F6FFA9694D7D6AD2649365B0C1F65D69"
"D1EC8333EA",
1);
/* Test 4 */
isc_hmac_test(hmac,
TEST_INPUT("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19"),
ISC_MD_SHA224,
TEST_INPUT("\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"),
"6C11506874013CAC6A2ABC1BB382627CEC6A90D86EFC01"
"2DE7AFEC5A",
1);
#if 0
/* Test 5 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"),
ISC_MD_SHA224,
TEST_INPUT("Test With Truncation"),
"4C1A03424B55E07FE7F27BE1",
1);
#endif
/* Test 6 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA224,
TEST_INPUT("Test Using Larger Than Block-Size Key - "
"Hash Key First"),
"95E9A0DB962095ADAEBE9B2D6F0DBCE2D499F112F2D2B7"
"273FA6870E",
1);
/* Test 7 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA224,
TEST_INPUT("\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20"
"\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67"
"\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b"
"\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20"
"\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67"
"\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c"
"\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64"
"\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b"
"\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74"
"\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65"
"\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62"
"\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20"
"\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41"
"\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68"
"\x6d\x2e"),
"3A854166AC5D9F023F54D517D0B39DBD946770DB9C2B95"
"C9F6F565D1",
1);
}
static void
isc_hmac_sha256_test(void **state) {
isc_hmac_t *hmac = *state;
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_SHA256, TEST_INPUT(""),
"B613679A0814D9EC772F95D778C35FC5FF1697C493715653"
"C6C712144292C5AD",
1);
/* Test 1 */
isc_hmac_test(hmac,
TEST_INPUT("\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
ISC_MD_SHA256,
TEST_INPUT("\x48\x69\x20\x54\x68\x65\x72\x65"),
"B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833D"
"A726E9376C2E32CFF7",
1);
/* Test 2 */
isc_hmac_test(hmac,
TEST_INPUT("Jefe"),
ISC_MD_SHA256,
TEST_INPUT("\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61"
"\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20"
"\x6e\x6f\x74\x68\x69\x6e\x67\x3f"),
"5BDCC146BF60754E6A042426089575C75A003F089D2739"
"839DEC58B964EC3843",
1);
/* Test 3 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA256,
TEST_INPUT("\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"),
"773EA91E36800E46854DB8EBD09181A72959098B3EF8C1"
"22D9635514CED565FE",
1);
/* Test 4 */
isc_hmac_test(hmac,
TEST_INPUT("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19"),
ISC_MD_SHA256,
TEST_INPUT("\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"),
"82558A389A443C0EA4CC819899F2083A85F0FAA3E578F8"
"077A2E3FF46729665B",
1);
#if 0
/* Test 5 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"),
ISC_MD_SHA256,
TEST_INPUT("Test With Truncation"),
"4C1A03424B55E07FE7F27BE1",
1);
#endif
/* Test 6 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA256,
TEST_INPUT("Test Using Larger Than Block-Size Key - "
"Hash Key First"),
"60E431591EE0B67F0D8A26AACBF5B77F8E0BC6213728C5"
"140546040F0EE37F54",
1);
/* Test 7 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA256,
TEST_INPUT("\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20"
"\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67"
"\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b"
"\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20"
"\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67"
"\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c"
"\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64"
"\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b"
"\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74"
"\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65"
"\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62"
"\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20"
"\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41"
"\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68"
"\x6d\x2e"),
"9B09FFA71B942FCB27635FBCD5B0E944BFDC63644F0713"
"938A7F51535C3A35E2",
1);
}
static void
isc_hmac_sha384_test(void **state) {
isc_hmac_t *hmac = *state;
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_SHA384, TEST_INPUT(""),
"6C1F2EE938FAD2E24BD91298474382CA218C75DB3D83E114"
"B3D4367776D14D3551289E75E8209CD4B792302840234ADC",
1);
/* Test 1 */
isc_hmac_test(hmac,
TEST_INPUT("\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
ISC_MD_SHA384,
TEST_INPUT("\x48\x69\x20\x54\x68\x65\x72\x65"),
"AFD03944D84895626B0825F4AB46907F15F9DADBE4101E"
"C682AA034C7CEBC59CFAEA9EA9076EDE7F4AF152"
"E8B2FA9CB6",
1);
/* Test 2 */
isc_hmac_test(hmac,
TEST_INPUT("Jefe"),
ISC_MD_SHA384,
TEST_INPUT("\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61"
"\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20"
"\x6e\x6f\x74\x68\x69\x6e\x67\x3f"),
"AF45D2E376484031617F78D2B58A6B1B9C7EF464F5A01B"
"47E42EC3736322445E8E2240CA5E69E2C78B3239"
"ECFAB21649",
1);
/* Test 3 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA384,
TEST_INPUT("\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"),
"88062608D3E6AD8A0AA2ACE014C8A86F0AA635D947AC9F"
"EBE83EF4E55966144B2A5AB39DC13814B94E3AB6"
"E101A34F27",
1);
/* Test 4 */
isc_hmac_test(hmac,
TEST_INPUT("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19"),
ISC_MD_SHA384,
TEST_INPUT("\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"),
"3E8A69B7783C25851933AB6290AF6CA77A998148085000"
"9CC5577C6E1F573B4E6801DD23C4A7D679CCF8A3"
"86C674CFFB",
1);
#if 0
/* Test 5 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"),
ISC_MD_SHA384,
TEST_INPUT("Test With Truncation"),
"4C1A03424B55E07FE7F27BE1",
1);
#endif
/* Test 6 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA384,
TEST_INPUT("Test Using Larger Than Block-Size Key - "
"Hash Key First"),
"4ECE084485813E9088D2C63A041BC5B44F9EF1012A2B58"
"8F3CD11F05033AC4C60C2EF6AB4030FE8296248D"
"F163F44952",
1);
/* Test 7 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA384,
TEST_INPUT("\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20"
"\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67"
"\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b"
"\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20"
"\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67"
"\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c"
"\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64"
"\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b"
"\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74"
"\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65"
"\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62"
"\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20"
"\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41"
"\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68"
"\x6d\x2e"),
"6617178E941F020D351E2F254E8FD32C602420FEB0B8FB"
"9ADCCEBB82461E99C5A678CC31E799176D3860E6"
"110C46523E",
1);
}
static void
isc_hmac_sha512_test(void **state) {
isc_hmac_t *hmac = *state;
/* Test 0 */
isc_hmac_test(hmac, TEST_INPUT(""), ISC_MD_SHA512, TEST_INPUT(""),
"B936CEE86C9F87AA5D3C6F2E84CB5A4239A5FE50480A6EC6"
"6B70AB5B1F4AC6730C6C515421B327EC1D69402E53DFB49A"
"D7381EB067B338FD7B0CB22247225D47", 1);
/* Test 1 */
isc_hmac_test(hmac,
TEST_INPUT("\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"),
ISC_MD_SHA512,
TEST_INPUT("\x48\x69\x20\x54\x68\x65\x72\x65"),
"87AA7CDEA5EF619D4FF0B4241A1D6CB02379F4E2CE4EC2"
"787AD0B30545E17CDEDAA833B7D6B8A702038B27"
"4EAEA3F4E4BE9D914EEB61F1702E696C203A126854",
1);
/* Test 2 */
isc_hmac_test(hmac,
TEST_INPUT("Jefe"),
ISC_MD_SHA512,
TEST_INPUT("\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61"
"\x20\x77\x61\x6e\x74\x20\x66\x6f\x72\x20"
"\x6e\x6f\x74\x68\x69\x6e\x67\x3f"),
"164B7A7BFCF819E2E395FBE73B56E0A387BD64222E831F"
"D610270CD7EA2505549758BF75C05A994A6D034F"
"65F8F0E6FDCAEAB1A34D4A6B4B636E070A38BCE737",
1);
/* Test 3 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA512,
TEST_INPUT("\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"),
"FA73B0089D56A284EFB0F0756C890BE9B1B5DBDD8EE81A"
"3655F83E33B2279D39BF3E848279A722C806B485"
"A47E67C807B946A337BEE8942674278859E13292FB",
1);
/* Test 4 */
isc_hmac_test(hmac,
TEST_INPUT("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a"
"\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
"\x15\x16\x17\x18\x19"),
ISC_MD_SHA512,
TEST_INPUT("\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"),
"B0BA465637458C6990E5A8C5F61D4AF7E576D97FF94B87"
"2DE76F8050361EE3DBA91CA5C11AA25EB4D67927"
"5CC5788063A5F19741120C4F2DE2ADEBEB10A298DD",
1);
#if 0
/* Test 5 -- unimplemented optional functionality */
isc_hmac_test(hmac,
TEST_INPUT("\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"),
ISC_MD_SHA512,
TEST_INPUT("Test With Truncation"),
"4C1A03424B55E07FE7F27BE1",
1);
#endif
/* Test 6 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA512,
TEST_INPUT("Test Using Larger Than Block-Size Key - "
"Hash Key First"),
"80B24263C7C1A3EBB71493C1DD7BE8B49B46D1F41B4AEE"
"C1121B013783F8F3526B56D037E05F2598BD0FD2"
"215D6A1E5295E64F73F63F0AEC8B915A985D786598",
1);
/* Test 7 */
isc_hmac_test(hmac,
TEST_INPUT("\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"),
ISC_MD_SHA512,
TEST_INPUT("\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20"
"\x74\x65\x73\x74\x20\x75\x73\x69\x6e\x67"
"\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x62\x6c\x6f\x63\x6b"
"\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20"
"\x61\x6e\x64\x20\x61\x20\x6c\x61\x72\x67"
"\x65\x72\x20\x74\x68\x61\x6e\x20\x62\x6c"
"\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64"
"\x61\x74\x61\x2e\x20\x54\x68\x65\x20\x6b"
"\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74"
"\x6f\x20\x62\x65\x20\x68\x61\x73\x68\x65"
"\x64\x20\x62\x65\x66\x6f\x72\x65\x20\x62"
"\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20"
"\x62\x79\x20\x74\x68\x65\x20\x48\x4d\x41"
"\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68"
"\x6d\x2e"),
"E37B6A775DC87DBAA4DFA9F96E5E3FFDDEBD71F8867289"
"865DF5A32D20CDC944B6022CAC3C4982B10D5EEB"
"55C3E4DE15134676FB6DE0446065C97440FA8C6A58",
1);
}
int main(void) {
const struct CMUnitTest tests[] = {
/* isc_hmac_new() */
cmocka_unit_test(isc_hmac_new_test),
/* isc_hmac_init() */
cmocka_unit_test_setup_teardown(isc_hmac_init_test,
_reset, _reset),
/* isc_hmac_reset() */
cmocka_unit_test_setup_teardown(isc_hmac_reset_test,
_reset, _reset),
/* isc_hmac_init() -> isc_hmac_update() -> isc_hmac_final() */
cmocka_unit_test(isc_hmac_md5_test),
cmocka_unit_test(isc_hmac_sha1_test),
cmocka_unit_test(isc_hmac_sha224_test),
cmocka_unit_test(isc_hmac_sha256_test),
cmocka_unit_test(isc_hmac_sha384_test),
cmocka_unit_test(isc_hmac_sha512_test),
cmocka_unit_test_setup_teardown(isc_hmac_update_test,
_reset, _reset),
cmocka_unit_test_setup_teardown(isc_hmac_final_test,
_reset, _reset),
cmocka_unit_test(isc_hmac_free_test),
};
return (cmocka_run_group_tests(tests, _setup, _teardown));
}
#else /* HAVE_CMOCKA */
#include <stdio.h>
int main(void) {
printf("1..0 # Skipped: cmocka not available\n");
return (0);
}
#endif

43
lib/isc/win32/libisc.def.in
View file

@ -252,39 +252,16 @@ isc_heap_insert
isc_hex_decodestring
isc_hex_tobuffer
isc_hex_totext
isc_hmacmd5_check
isc_hmacmd5_init
isc_hmacmd5_invalidate
isc_hmacmd5_sign
isc_hmacmd5_update
isc_hmacmd5_verify
isc_hmacmd5_verify2
isc_hmacsha1_check
isc_hmacsha1_init
isc_hmacsha1_invalidate
isc_hmacsha1_sign
isc_hmacsha1_update
isc_hmacsha1_verify
isc_hmacsha224_init
isc_hmacsha224_invalidate
isc_hmacsha224_sign
isc_hmacsha224_update
isc_hmacsha224_verify
isc_hmacsha256_init
isc_hmacsha256_invalidate
isc_hmacsha256_sign
isc_hmacsha256_update
isc_hmacsha256_verify
isc_hmacsha384_init
isc_hmacsha384_invalidate
isc_hmacsha384_sign
isc_hmacsha384_update
isc_hmacsha384_verify
isc_hmacsha512_init
isc_hmacsha512_invalidate
isc_hmacsha512_sign
isc_hmacsha512_update
isc_hmacsha512_verify
isc_hmac
isc_hmac_new
isc_hmac_free
isc_hmac_init
isc_hmac_reset
isc_hmac_update
isc_hmac_final
isc_hmac_get_md_type
isc_hmac_get_size
isc_hmac_get_block_size
isc_ht_add
isc_ht_count
isc_ht_delete

10
lib/isc/win32/libisc.vcxproj.filters.in
View file

@ -98,10 +98,7 @@
<ClInclude Include="..\include\isc\hex.h">
<Filter>Library Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\isc\hmacmd5.h">
<Filter>Library Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\isc\hmacsha.h">
<ClInclude Include="..\include\isc\hmac.h">
<Filter>Library Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\isc\ht.h">
@ -514,10 +511,7 @@
<ClCompile Include="..\hex.c">
<Filter>Library Source Files</Filter>
</ClCompile>
<ClCompile Include="..\hmacmd5.c">
<Filter>Library Source Files</Filter>
</ClCompile>
<ClCompile Include="..\hmacsha.c">
<ClCompile Include="..\hmac.c">
<Filter>Library Source Files</Filter>
</ClCompile>
<ClCompile Include="..\ht.c">

6
lib/isc/win32/libisc.vcxproj.in
View file

@ -314,8 +314,7 @@ copy InstallFiles ..\Build\Release\
<ClInclude Include="..\include\isc\hash.h" />
<ClInclude Include="..\include\isc\heap.h" />
<ClInclude Include="..\include\isc\hex.h" />
<ClInclude Include="..\include\isc\hmacmd5.h" />
<ClInclude Include="..\include\isc\hmacsha.h" />
<ClInclude Include="..\include\isc\hmac.h" />
<ClInclude Include="..\include\isc\ht.h" />
<ClInclude Include="..\include\isc\httpd.h" />
<ClInclude Include="..\include\isc\interfaceiter.h" />
@ -430,8 +429,7 @@ copy InstallFiles ..\Build\Release\
<ClCompile Include="..\hash.c" />
<ClCompile Include="..\heap.c" />
<ClCompile Include="..\hex.c" />
<ClCompile Include="..\hmacmd5.c" />
<ClCompile Include="..\hmacsha.c" />
<ClCompile Include="..\hmac.c" />
<ClCompile Include="..\ht.c" />
<ClCompile Include="..\httpd.c" />
<ClCompile Include="..\iterated_hash.c" />

146
lib/isccc/cc.c
View file

@ -34,8 +34,7 @@
#include <errno.h>
#include <isc/assertions.h>
#include <isc/hmacmd5.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#include <isc/print.h>
#include <isc/safe.h>
@ -249,79 +248,47 @@ static isc_result_t
sign(unsigned char *data, unsigned int length, unsigned char *hmac,
uint32_t algorithm, isccc_region_t *secret)
{
union {
isc_hmacmd5_t hmd5;
isc_hmacsha1_t hsha;
isc_hmacsha224_t h224;
isc_hmacsha256_t h256;
isc_hmacsha384_t h384;
isc_hmacsha512_t h512;
} ctx;
isc_md_type_t md_type;
isc_result_t result;
isccc_region_t source, target;
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen;
unsigned char digestb64[HSHA_LENGTH + 4];
source.rstart = digest;
switch (algorithm) {
case ISCCC_ALG_HMACMD5:
isc_hmacmd5_init(&ctx.hmd5, secret->rstart,
REGION_SIZE(*secret));
isc_hmacmd5_update(&ctx.hmd5, data, length);
isc_hmacmd5_sign(&ctx.hmd5, digest);
source.rend = digest + ISC_MD5_DIGESTLENGTH;
md_type = ISC_MD_MD5;
break;
case ISCCC_ALG_HMACSHA1:
isc_hmacsha1_init(&ctx.hsha, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha1_update(&ctx.hsha, data, length);
isc_hmacsha1_sign(&ctx.hsha, digest,
ISC_SHA1_DIGESTLENGTH);
source.rend = digest + ISC_SHA1_DIGESTLENGTH;
md_type = ISC_MD_SHA1;
break;
case ISCCC_ALG_HMACSHA224:
isc_hmacsha224_init(&ctx.h224, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha224_update(&ctx.h224, data, length);
isc_hmacsha224_sign(&ctx.h224, digest,
ISC_SHA224_DIGESTLENGTH);
source.rend = digest + ISC_SHA224_DIGESTLENGTH;
md_type = ISC_MD_SHA224;
break;
case ISCCC_ALG_HMACSHA256:
isc_hmacsha256_init(&ctx.h256, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha256_update(&ctx.h256, data, length);
isc_hmacsha256_sign(&ctx.h256, digest,
ISC_SHA256_DIGESTLENGTH);
source.rend = digest + ISC_SHA256_DIGESTLENGTH;
md_type = ISC_MD_SHA256;
break;
case ISCCC_ALG_HMACSHA384:
isc_hmacsha384_init(&ctx.h384, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha384_update(&ctx.h384, data, length);
isc_hmacsha384_sign(&ctx.h384, digest,
ISC_SHA384_DIGESTLENGTH);
source.rend = digest + ISC_SHA384_DIGESTLENGTH;
md_type = ISC_MD_SHA384;
break;
case ISCCC_ALG_HMACSHA512:
isc_hmacsha512_init(&ctx.h512, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha512_update(&ctx.h512, data, length);
isc_hmacsha512_sign(&ctx.h512, digest,
ISC_SHA512_DIGESTLENGTH);
source.rend = digest + ISC_SHA512_DIGESTLENGTH;
md_type = ISC_MD_SHA512;
break;
default:
return (ISC_R_FAILURE);
return (ISC_R_NOTIMPLEMENTED);
}
result = isc_hmac(md_type,
secret->rstart, REGION_SIZE(*secret),
data, length,
digest, &digestlen);
if (result != ISC_R_SUCCESS) {
return (result);
}
source.rend = digest + digestlen;
memset(digestb64, 0, sizeof(digestb64));
target.rstart = digestb64;
target.rend = digestb64 + sizeof(digestb64);
@ -401,19 +368,13 @@ static isc_result_t
verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
uint32_t algorithm, isccc_region_t *secret)
{
union {
isc_hmacmd5_t hmd5;
isc_hmacsha1_t hsha;
isc_hmacsha224_t h224;
isc_hmacsha256_t h256;
isc_hmacsha384_t h384;
isc_hmacsha512_t h512;
} ctx;
isc_md_type_t md_type;
isccc_region_t source;
isccc_region_t target;
isc_result_t result;
isccc_sexpr_t *_auth, *hmac;
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned int digestlen;
unsigned char digestb64[HSHA_LENGTH * 4];
/*
@ -432,64 +393,39 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
* Compute digest.
*/
source.rstart = digest;
target.rstart = digestb64;
switch (algorithm) {
case ISCCC_ALG_HMACMD5:
isc_hmacmd5_init(&ctx.hmd5, secret->rstart,
REGION_SIZE(*secret));
isc_hmacmd5_update(&ctx.hmd5, data, length);
isc_hmacmd5_sign(&ctx.hmd5, digest);
source.rend = digest + ISC_MD5_DIGESTLENGTH;
md_type = ISC_MD_MD5;
break;
case ISCCC_ALG_HMACSHA1:
isc_hmacsha1_init(&ctx.hsha, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha1_update(&ctx.hsha, data, length);
isc_hmacsha1_sign(&ctx.hsha, digest,
ISC_SHA1_DIGESTLENGTH);
source.rend = digest + ISC_SHA1_DIGESTLENGTH;
md_type = ISC_MD_SHA1;
break;
case ISCCC_ALG_HMACSHA224:
isc_hmacsha224_init(&ctx.h224, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha224_update(&ctx.h224, data, length);
isc_hmacsha224_sign(&ctx.h224, digest,
ISC_SHA224_DIGESTLENGTH);
source.rend = digest + ISC_SHA224_DIGESTLENGTH;
md_type = ISC_MD_SHA224;
break;
case ISCCC_ALG_HMACSHA256:
isc_hmacsha256_init(&ctx.h256, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha256_update(&ctx.h256, data, length);
isc_hmacsha256_sign(&ctx.h256, digest,
ISC_SHA256_DIGESTLENGTH);
source.rend = digest + ISC_SHA256_DIGESTLENGTH;
md_type = ISC_MD_SHA256;
break;
case ISCCC_ALG_HMACSHA384:
isc_hmacsha384_init(&ctx.h384, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha384_update(&ctx.h384, data, length);
isc_hmacsha384_sign(&ctx.h384, digest,
ISC_SHA384_DIGESTLENGTH);
source.rend = digest + ISC_SHA384_DIGESTLENGTH;
md_type = ISC_MD_SHA384;
break;
case ISCCC_ALG_HMACSHA512:
isc_hmacsha512_init(&ctx.h512, secret->rstart,
REGION_SIZE(*secret));
isc_hmacsha512_update(&ctx.h512, data, length);
isc_hmacsha512_sign(&ctx.h512, digest,
ISC_SHA512_DIGESTLENGTH);
source.rend = digest + ISC_SHA512_DIGESTLENGTH;
md_type = ISC_MD_SHA512;
break;
default:
return (ISC_R_FAILURE);
return (ISC_R_NOTIMPLEMENTED);
}
result = isc_hmac(md_type,
secret->rstart, REGION_SIZE(*secret),
data, length,
digest, &digestlen);
if (result != ISC_R_SUCCESS) {
return (result);
}
source.rend = digest + digestlen;
target.rstart = digestb64;
target.rend = digestb64 + sizeof(digestb64);
memset(digestb64, 0, sizeof(digestb64));

74
lib/ns/client.c
View file

@ -17,7 +17,7 @@
#include <isc/aes.h>
#include <isc/formatcheck.h>
#include <isc/fuzz.h>
#include <isc/hmacsha.h>
#include <isc/hmac.h>
#include <isc/mutex.h>
#include <isc/once.h>
#include <isc/nonce.h>
@ -1824,74 +1824,52 @@ compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
break;
}
case ns_cookiealg_sha1: {
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
isc_netaddr_t netaddr;
unsigned char *cp;
isc_hmacsha1_t hmacsha1;
unsigned int length;
cp = isc_buffer_used(buf);
isc_buffer_putmem(buf, client->cookie, 8);
isc_buffer_putuint32(buf, nonce);
isc_buffer_putuint32(buf, when);
isc_hmacsha1_init(&hmacsha1, secret, ISC_SHA1_DIGESTLENGTH);
isc_hmacsha1_update(&hmacsha1, cp, 16);
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (netaddr.family) {
case AF_INET:
cp = (unsigned char *)&netaddr.type.in;
length = 4;
break;
case AF_INET6:
cp = (unsigned char *)&netaddr.type.in6;
length = 16;
break;
default:
INSIST(0);
}
isc_hmacsha1_update(&hmacsha1, cp, length);
isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
isc_buffer_putmem(buf, digest, 8);
isc_hmacsha1_invalidate(&hmacsha1);
break;
}
case ns_cookiealg_sha1:
case ns_cookiealg_sha256: {
unsigned char digest[ISC_SHA256_DIGESTLENGTH];
unsigned char digest[ISC_MAX_MD_SIZE];
unsigned char input[8 + 4 + 4 + 16];
isc_netaddr_t netaddr;
unsigned char *cp;
isc_hmacsha256_t hmacsha256;
unsigned int length;
unsigned int length = 0;
isc_md_type_t md_type =
(client->sctx->cookiealg == ns_cookiealg_sha1)
? ISC_MD_SHA1
: ISC_MD_SHA256;
unsigned int secret_len = isc_md_type_get_size(md_type);
cp = isc_buffer_used(buf);
isc_buffer_putmem(buf, client->cookie, 8);
isc_buffer_putuint32(buf, nonce);
isc_buffer_putuint32(buf, when);
memmove(input, cp, 16);
isc_hmacsha256_init(&hmacsha256, secret,
ISC_SHA256_DIGESTLENGTH);
isc_hmacsha256_update(&hmacsha256, cp, 16);
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (netaddr.family) {
case AF_INET:
cp = (unsigned char *)&netaddr.type.in;
length = 4;
memmove(input + 16,
(unsigned char *)&netaddr.type.in, 4);
length = 16 + 4;
break;
case AF_INET6:
cp = (unsigned char *)&netaddr.type.in6;
length = 16;
memmove(input + 16,
(unsigned char *)&netaddr.type.in6, 16);
length = 16 + 16;
break;
default:
INSIST(0);
}
isc_hmacsha256_update(&hmacsha256, cp, length);
isc_hmacsha256_sign(&hmacsha256, digest, sizeof(digest));
/*
* XXXOND: Feels wrong to assert on cookie calculation failure
*/
RUNTIME_CHECK(isc_hmac(md_type, secret, secret_len,
input, length,
digest, NULL) == ISC_R_SUCCESS);
isc_buffer_putmem(buf, digest, 8);
isc_hmacsha256_invalidate(&hmacsha256);
break;
}
default:
INSIST(0);
}

8
util/copyrights
View file

@ -312,7 +312,6 @@
./bin/tests/optional/dst_test.c C 2018
./bin/tests/optional/fsaccess_test.c C 2000,2001,2004,2005,2007,2012,2015,2016,2018
./bin/tests/optional/gsstest.c C 2018
./bin/tests/optional/hash_test.c C 2000,2001,2004,2005,2006,2007,2014,2015,2016,2017,2018
./bin/tests/optional/inter_test.c C 2000,2001,2003,2004,2005,2007,2008,2015,2016,2018
./bin/tests/optional/lex_test.c C 1998,1999,2000,2001,2004,2005,2007,2015,2016,2018
./bin/tests/optional/lfsr_test.c C 1999,2000,2001,2004,2005,2007,2015,2016,2018
@ -3356,8 +3355,7 @@
./lib/isc/hash.c C 2003,2004,2005,2006,2007,2009,2013,2014,2015,2016,2017,2018
./lib/isc/heap.c C 1997,1998,1999,2000,2001,2004,2005,2006,2007,2010,2011,2012,2013,2014,2015,2016,2017,2018
./lib/isc/hex.c C 2000,2001,2002,2003,2004,2005,2007,2008,2013,2014,2015,2016,2018
./lib/isc/hmacmd5.c C 2000,2001,2004,2005,2006,2007,2009,2013,2014,2015,2016,2017,2018
./lib/isc/hmacsha.c C 2005,2006,2007,2009,2011,2012,2013,2014,2015,2016,2017,2018
./lib/isc/hmac.c C 2000,2001,2004,2005,2006,2007,2009,2011,2012,2013,2014,2015,2016,2017,2018
./lib/isc/ht.c C 2016,2017,2018
./lib/isc/httpd.c C 2006,2007,2008,2010,2011,2012,2013,2014,2015,2016,2017,2018
./lib/isc/include/Makefile.in MAKE 1998,1999,2000,2001,2004,2007,2012,2014,2016,2018
@ -3387,8 +3385,7 @@
./lib/isc/include/isc/hash.h C 2003,2004,2005,2006,2007,2009,2013,2014,2015,2016,2017,2018
./lib/isc/include/isc/heap.h C 1997,1998,1999,2000,2001,2004,2005,2006,2007,2009,2012,2016,2018
./lib/isc/include/isc/hex.h C 2000,2001,2004,2005,2006,2007,2008,2016,2018
./lib/isc/include/isc/hmacmd5.h C 2000,2001,2004,2005,2006,2007,2009,2014,2016,2017,2018
./lib/isc/include/isc/hmacsha.h C 2005,2006,2007,2009,2014,2016,2017,2018
./lib/isc/include/isc/hmac.h C 2000,2001,2004,2005,2006,2007,2009,2011,2012,2013,2014,2015,2016,2017,2018
./lib/isc/include/isc/ht.h C 2016,2017,2018
./lib/isc/include/isc/httpd.h C 2006,2007,2008,2014,2016,2018
./lib/isc/include/isc/interfaceiter.h C 1999,2000,2001,2004,2005,2006,2007,2016,2018
@ -3509,6 +3506,7 @@
./lib/isc/tests/file_test.c C 2014,2016,2017,2018
./lib/isc/tests/hash_test.c C 2011,2012,2013,2014,2015,2016,2017,2018
./lib/isc/tests/heap_test.c C 2017,2018
./lib/isc/tests/hmac_test.c C 2018
./lib/isc/tests/ht_test.c C 2016,2017,2018
./lib/isc/tests/isctest.c C 2011,2012,2013,2014,2016,2017,2018
./lib/isc/tests/isctest.h C 2011,2012,2016,2018