2965. [func] Test HMAC functions using test data from RFC 2104 and RFC 4634. [RT #21702]

2025-08-29 13:38:26 +00:00 · 2010-09-29 04:00:16 +00:00 · 2010-09-29 04:00:16 +00:00 · 2015023399
commit 2015023399
parent 560c6b3773
5 changed files with 521 additions and 3 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+2965.	[func]		Test HMAC functions using test data from RFC 2104 and
+			RFC 4634. [RT #21702]
+
 2964.	[placeholder]

 2963.	[security]	The allow-query acl was being applied instead of the
--- a/bin/tests/Makefile.in
+++ b/bin/tests/Makefile.in
@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: Makefile.in,v 1.141 2010/01/13 23:48:59 tbox Exp $
+# $Id: Makefile.in,v 1.142 2010/09/29 04:00:15 marka Exp $

 srcdir =	@srcdir@
 VPATH =		@srcdir@
@ -41,7 +41,7 @@ LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@

 LIBS =		@LIBS@

-SUBDIRS = db dst master mem names net rbt sockaddr tasks timers system
+SUBDIRS = db dst master mem hashes names net rbt sockaddr tasks timers system

 # Test programs that are built by default:
 # cfg_test is needed for regenerating doc/misc/options
--- a/bin/tests/hashes/Makefile.in
+++ b/bin/tests/hashes/Makefile.in
@ -0,0 +1,55 @@
+# Copyright (C) 2004, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1999-2002  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.2 2010/09/29 04:00:15 marka Exp $
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	${TEST_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCLIBS =	../../../lib/isc/libisc.@A@ @DNS_CRYPTO_LIBS@
+
+ISCDEPLIBS =	../../../lib/isc/libisc.@A@
+
+DEPLIBS =	${ISCDEPLIBS}
+
+LIBS =		${ISCLIBS} @LIBS@
+
+TLIB =		../../../lib/tests/libt_api.@A@
+
+TARGETS =	t_hashes@EXEEXT@
+
+SRCS =		t_hashes.c
+
+@BIND9_MAKE_RULES@
+
+t_hashes@EXEEXT@: t_hashes.@O@ ${DEPLIBS} ${TLIB}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ t_hashes.@O@ ${TLIB} ${LIBS}
+
+test: t_hashes@EXEEXT@
+	-@./t_hashes@EXEEXT@ -c @top_srcdir@/t_config -b @srcdir@ -q 60 -a
+
+testhelp:
+	@./t_hashes@EXEEXT@ -h
+
+clean distclean::
+	rm -f ${TARGETS}
--- a/bin/tests/hashes/t_hashes.c
+++ b/bin/tests/hashes/t_hashes.c
@ -0,0 +1,459 @@
+/*
+ * Copyright (C) 2004, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: t_hashes.c,v 1.2 2010/09/29 04:00:16 marka Exp $ */
+
+/*
+ * -d1 or larger shows hash or HMAC result even if correct
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/hmacmd5.h>
+#include <isc/hmacsha.h>
+#include <isc/md5.h>
+#include <isc/sha1.h>
+#include <isc/util.h>
+#include <isc/string.h>
+
+#include <tests/t_api.h>
+
+
+static int	    nprobs;
+
+typedef void(*HASH_INIT)(void *);
+typedef void(*HMAC_INIT)(void *, const unsigned char *, unsigned int);
+typedef void(*UPDATE)(void *, const unsigned char *, unsigned int);
+typedef void(*FINAL)(void *, const unsigned char *);
+typedef void(*SIGN)(void *, const unsigned char *, unsigned int);
+
+typedef struct {
+    const char *name;
+    const unsigned char	*key;
+    const unsigned int	key_len;
+    const unsigned char	*str;
+    const unsigned int	str_len;
+} IN;
+#define STR_INIT(s)	(const unsigned char *)(s), sizeof(s)-1
+
+
+union {
+    unsigned char b[1024];
+    unsigned char md5[16];
+    unsigned char sha1[ISC_SHA1_DIGESTLENGTH];
+    unsigned char sha224[ISC_SHA224_DIGESTLENGTH];
+    unsigned char sha256[ISC_SHA256_DIGESTLENGTH];
+    unsigned char sha384[ISC_SHA384_DIGESTLENGTH];
+    unsigned char sha512[ISC_SHA512_DIGESTLENGTH];
+} dbuf;
+#define DIGEST_FILL 0xdf
+
+typedef struct {
+    const char		*str;
+    const unsigned int	digest_len;
+} OUT;
+
+
+/*
+ * two ad hoc hash examples
+ */
+static IN abc = { "\"abc\"", NULL, 0, STR_INIT("abc")};
+static OUT abc_sha1 = {
+	"a9993e364706816aba3e25717850c26c9cd0d89d",
+	ISC_SHA1_DIGESTLENGTH};
+static OUT abc_sha224 = {
+	"23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7",
+	ISC_SHA224_DIGESTLENGTH};
+static OUT abc_md5 = {
+	"900150983cd24fb0d6963f7d28e17f72",
+	16};
+
+static IN abc_blah = { "\"abcdbc...\"", NULL, 0,
+	STR_INIT("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")};
+static OUT abc_blah_sha1 =  {
+	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+	ISC_SHA1_DIGESTLENGTH};
+static OUT abc_blah_sha224 = {
+	"75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525",
+	ISC_SHA224_DIGESTLENGTH};
+static OUT abc_blah_md5 = {
+	"8215ef0796a20bcaaae116d3876c664a",
+	16};
+
+/*
+ * three HMAC-md5 examples from RFC 2104
+ */
+static const unsigned char rfc2104_1_key[16] = {
+	0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+	0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
+static IN rfc2104_1 = {"RFC 2104 #1", rfc2104_1_key, sizeof(rfc2104_1_key),
+	STR_INIT("Hi There")};
+static OUT rfc2104_1_hmac = {
+	"9294727a3638bb1c13f48ef8158bfc9d",
+	16};
+
+static IN rfc2104_2 = {"RFC 2104 #2", STR_INIT("Jefe"),
+	STR_INIT("what do ya want for nothing?")};
+static OUT rfc2104_2_hmac = {
+	"750c783e6ab0b503eaa86e310a5db738",
+	16};
+
+static const unsigned char rfc2104_3_key[16] = {
+	0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
+	0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA};
+static const unsigned char rfc2104_3_s[50] = {
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
+	0xDD, 0xDD};
+static IN rfc2104_3 = {"RFC 2104 #3", rfc2104_3_key, sizeof(rfc2104_3_key),
+	rfc2104_3_s, sizeof(rfc2104_3_s)};
+static OUT rfc2104_3_hmac = {
+	"56be34521d144c88dbb8c733f0e8b3f6",
+	16};
+
+/*
+ * four three HMAC-SHA tests cut-and-pasted from RFC 4634 starting on page 86
+ */
+static const unsigned char rfc4634_1_key[20] = {
+      "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+      "\x0b\x0b\x0b\x0b\x0b"};
+static IN rfc4634_1 = {"RFC 4634 #1", rfc4634_1_key, sizeof(rfc4634_1_key),
+	STR_INIT("Hi There")};
+static OUT rfc4634_1_sha1 = {
+	"B617318655057264E28BC0B6FB378C8EF146BE00",
+	ISC_SHA1_DIGESTLENGTH};
+static OUT rfc4634_1_sha224 = {
+	"896FB1128ABBDF196832107CD49DF33F47B4B1169912BA4F53684B22",
+	ISC_SHA224_DIGESTLENGTH};
+static OUT rfc4634_1_sha256 = {
+	"B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32"
+	"CFF7",
+	ISC_SHA256_DIGESTLENGTH};
+static OUT rfc4634_1_sha384 = {
+	"AFD03944D84895626B0825F4AB46907F15F9DADBE4101EC682AA034C7CEB"
+	"C59CFAEA9EA9076EDE7F4AF152E8B2FA9CB6",
+	ISC_SHA384_DIGESTLENGTH};
+static OUT rfc4634_1_sha512 = {
+	"87AA7CDEA5EF619D4FF0B4241A1D6CB02379F4E2CE4EC2787AD0B30545E1"
+	"7CDEDAA833B7D6B8A702038B274EAEA3F4E4BE9D914EEB61F1702E696C20"
+	"3A126854",
+	ISC_SHA512_DIGESTLENGTH};
+
+static IN rfc4634_2 = {"RFC 4634 #2", STR_INIT("Jefe"),
+	STR_INIT("what do ya want for nothing?")};
+static OUT rfc4634_2_sha1 = {
+	"EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79",
+	ISC_SHA1_DIGESTLENGTH};
+static OUT rfc4634_2_sha224 = {
+	"A30E01098BC6DBBF45690F3A7E9E6D0F8BBEA2A39E6148008FD05E44",
+	ISC_SHA224_DIGESTLENGTH};
+static OUT rfc4634_2_sha256 = {
+	"5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC"
+	"3843",
+	ISC_SHA256_DIGESTLENGTH};
+static OUT rfc4634_2_sha384 = {
+	"AF45D2E376484031617F78D2B58A6B1B9C7EF464F5A01B47E42EC3736322"
+	"445E8E2240CA5E69E2C78B3239ECFAB21649",
+	ISC_SHA384_DIGESTLENGTH};
+static OUT rfc4634_2_sha512 = {
+	"164B7A7BFCF819E2E395FBE73B56E0A387BD64222E831FD610270CD7EA25"
+	"05549758BF75C05A994A6D034F65F8F0E6FDCAEAB1A34D4A6B4B636E070A"
+	"38BCE737",
+	ISC_SHA512_DIGESTLENGTH};
+
+static const unsigned char rfc4634_3_key[20] = {
+	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+	"\xaa\xaa\xaa\xaa\xaa"};
+static const unsigned char rfc4634_3_s[50] = {
+	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+	"\xdd\xdd\xdd\xdd\xdd"};
+static IN rfc4634_3 = {"RFC 4634 #3", rfc4634_3_key, sizeof(rfc4634_3_key),
+	rfc4634_3_s, sizeof(rfc4634_3_s)};
+static OUT rfc4634_3_sha1 = {
+	"125D7342B9AC11CD91A39AF48AA17B4F63F175D3",
+	ISC_SHA1_DIGESTLENGTH};
+static OUT rfc4634_3_sha224 = {
+	"7FB3CB3588C6C1F6FFA9694D7D6AD2649365B0C1F65D69D1EC8333EA",
+	ISC_SHA224_DIGESTLENGTH};
+static OUT rfc4634_3_sha256 = {
+	"773EA91E36800E46854DB8EBD09181A72959098B3EF8C122D9635514CED5"
+	"65FE",
+	ISC_SHA256_DIGESTLENGTH};
+static OUT rfc4634_3_sha384 = {
+	"88062608D3E6AD8A0AA2ACE014C8A86F0AA635D947AC9FEBE83EF4E55966"
+	"144B2A5AB39DC13814B94E3AB6E101A34F27",
+	ISC_SHA384_DIGESTLENGTH};
+static OUT rfc4634_3_sha512 = {
+	"FA73B0089D56A284EFB0F0756C890BE9B1B5DBDD8EE81A3655F83E33B227"
+	"9D39BF3E848279A722C806B485A47E67C807B946A337BEE8942674278859"
+	"E13292FB",
+	ISC_SHA512_DIGESTLENGTH};
+
+static const unsigned char rfc4634_4_key[25] = {
+	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+	"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19"};
+static const unsigned char rfc4634_4_s[50] = {
+	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+	"\xcd\xcd\xcd\xcd\xcd"};
+static IN rfc4634_4 = {"RFC 4634 #3", rfc4634_4_key, sizeof(rfc4634_4_key),
+	rfc4634_4_s, sizeof(rfc4634_4_s)};
+static OUT rfc4634_4_sha1 = {
+	"4C9007F4026250C6BC8414F9BF50C86C2D7235DA",
+	ISC_SHA1_DIGESTLENGTH};
+static OUT rfc4634_4_sha224 = {
+	"6C11506874013CAC6A2ABC1BB382627CEC6A90D86EFC012DE7AFEC5A",
+	ISC_SHA224_DIGESTLENGTH};
+static OUT rfc4634_4_sha256 = {
+	"82558A389A443C0EA4CC819899F2083A85F0FAA3E578F8077A2E3FF46729"
+	"665B",
+	ISC_SHA256_DIGESTLENGTH};
+static OUT rfc4634_4_sha384 = {
+	"3E8A69B7783C25851933AB6290AF6CA77A9981480850009CC5577C6E1F57"
+	"3B4E6801DD23C4A7D679CCF8A386C674CFFB",
+	ISC_SHA384_DIGESTLENGTH};
+static OUT rfc4634_4_sha512 = {
+	"B0BA465637458C6990E5A8C5F61D4AF7E576D97FF94B872DE76F8050361E"
+	"E3DBA91CA5C11AA25EB4D679275CC5788063A5F19741120C4F2DE2ADEBEB"
+	"10A298DD",
+	ISC_SHA512_DIGESTLENGTH};
+
+
+
+static const char *
+d2str(char *buf, unsigned int buf_len,
+      const unsigned char *d, unsigned int d_len)
+{
+	unsigned int i, l;
+
+	l = 0;
+	for (i = 0; i < d_len && l < buf_len-4; ++i) {
+		l += snprintf(&buf[l], buf_len-l, "%02x", d[i]);
+	}
+	if (l >= buf_len-3) {
+		REQUIRE(buf_len > sizeof("..."));
+		strcpy(&buf[l-sizeof(" ...")], " ...");
+	}
+	return buf;
+}
+
+
+
+/*
+ * Compare binary digest or HMAC to string of hex digits from an RFC
+ */
+static void
+ck(const char *name, const IN *in, const OUT *out)
+{
+	char buf[sizeof(dbuf)*2+1];
+	const char *str_name;
+	unsigned int l;
+
+	d2str(buf, sizeof(buf), dbuf.b, out->digest_len);
+	str_name = in->name != NULL ? in->name : (const char *)in->str;
+
+	if (T_debug != 0)
+		t_info("%s(%s) = %s\n", name, str_name, buf);
+
+	if (strcasecmp(buf, out->str)) {
+		t_info("%s(%s)\n%9s %s\n%9s %s\n",
+		       name, str_name,
+		       "is", buf,
+		       "should be", out->str);
+		++nprobs;
+		return;
+	}
+
+	/*
+	 * check that the hash or HMAC is no longer than we think it is
+	 */
+	for (l = out->digest_len; l < sizeof(dbuf); ++l) {
+		if (dbuf.b[l] != DIGEST_FILL) {
+			t_info("byte #%d after end of %s(%s) changed to %02x\n",
+			       l-out->digest_len, name, str_name, dbuf.b[l]);
+			++nprobs;
+			break;
+		}
+	}
+}
+
+
+
+static void
+t_hash(const char *hname, HASH_INIT init, UPDATE update, FINAL final,
+      IN *in, OUT *out)
+{
+	union {
+	    unsigned char b[1024];
+	    isc_sha1_t sha1;
+	    isc_md5_t md5;
+	} ctx;
+
+	init(&ctx);
+	update(&ctx, in->str, in->str_len);
+	memset(dbuf.b, DIGEST_FILL, sizeof(dbuf));
+	final(&ctx, dbuf.b);
+	ck(hname, in, out);
+}
+
+
+
+/*
+ * isc_sha224_final has a different calling sequence
+ */
+static void
+t_sha224(IN *in, OUT *out)
+{
+	isc_sha224_t ctx;
+
+	memset(dbuf.b, DIGEST_FILL, sizeof(dbuf));
+	isc_sha224_init(&ctx);
+	isc_sha224_update(&ctx, in->str, in->str_len);
+	memset(dbuf.b, DIGEST_FILL, sizeof(dbuf));
+	isc_sha224_final(dbuf.b, &ctx);
+	ck("SHA224", in, out);
+}
+
+
+
+static void
+t_hashes(IN *in, OUT *out_sha1, OUT *out_sha224, OUT *out_md5)
+{
+	t_hash("SHA1", (HASH_INIT)isc_sha1_init, (UPDATE)isc_sha1_update,
+	       (FINAL)isc_sha1_final, in, out_sha1);
+	t_sha224(in, out_sha224);
+	t_hash("md5", (HASH_INIT)isc_md5_init, (UPDATE)isc_md5_update,
+	       (FINAL)isc_md5_final, in, out_md5);
+}
+
+
+
+/*
+ * isc_hmacmd5_sign has a different calling sequence
+ */
+static void
+t_md5hmac(IN *in, OUT *out)
+{
+	isc_hmacmd5_t ctx;
+
+	isc_hmacmd5_init(&ctx, in->key, in->key_len);
+	isc_hmacmd5_update(&ctx, in->str, in->str_len);
+	memset(dbuf.b, DIGEST_FILL, sizeof(dbuf));
+	isc_hmacmd5_sign(&ctx, dbuf.b);
+	ck("HMAC-md5", in, out);
+}
+
+
+
+static void
+t_hmac(const char *hname, HMAC_INIT init, UPDATE update, SIGN sign,
+      IN *in, OUT *out)
+{
+	union {
+	    unsigned char b[1024];
+	    isc_hmacmd5_t hmacmd5;
+	    isc_hmacsha1_t hmacsha1;
+	    isc_hmacsha224_t hmacsha224;
+	    isc_hmacsha256_t hmacsha256;
+	    isc_hmacsha384_t hmacsha384;
+	    isc_hmacsha512_t hmacsha512;
+	} ctx;
+
+	init(&ctx, in->key, in->key_len);
+	update(&ctx, in->str, in->str_len);
+	memset(dbuf.b, DIGEST_FILL, sizeof(dbuf));
+	sign(&ctx, dbuf.b, out->digest_len);
+	ck(hname, in, out);
+}
+
+
+
+static void
+t_hmacs(IN *in, OUT *out_sha1, OUT *out_sha224, OUT *out_sha256,
+	OUT *out_sha384, OUT *out_sha512)
+{
+	t_hmac("HMAC-SHA1", (HMAC_INIT)isc_hmacsha1_init,
+	       (UPDATE)isc_hmacsha1_update, (SIGN)isc_hmacsha1_sign,
+	       in, out_sha1);
+	t_hmac("HMAC-SHA224", (HMAC_INIT)isc_hmacsha224_init,
+	       (UPDATE)isc_hmacsha224_update, (SIGN)isc_hmacsha224_sign,
+	       in, out_sha224);
+	t_hmac("HMAC-SHA256", (HMAC_INIT)isc_hmacsha256_init,
+	       (UPDATE)isc_hmacsha256_update, (SIGN)isc_hmacsha256_sign,
+	       in, out_sha256);
+	t_hmac("HMAC-SHA384", (HMAC_INIT)isc_hmacsha384_init,
+	       (UPDATE)isc_hmacsha384_update, (SIGN)isc_hmacsha384_sign,
+	       in, out_sha384);
+	t_hmac("HMAC-SHA512", (HMAC_INIT)isc_hmacsha512_init,
+	       (UPDATE)isc_hmacsha512_update, (SIGN)isc_hmacsha512_sign,
+	       in, out_sha512);
+}
+
+
+
+/*
+ * This will almost never fail, and so there is no need for the extra noise
+ * that would come from breaking it into several tests.
+ */
+static void
+t1(void)
+{
+	/*
+	 * two ad hoc hash examples
+	 */
+	t_hashes(&abc, &abc_sha1, &abc_sha224, &abc_md5);
+	t_hashes(&abc_blah, &abc_blah_sha1, &abc_blah_sha224, &abc_blah_md5);
+
+	/*
+	 * three HMAC-md5 examples from RFC 2104
+	 */
+	t_md5hmac(&rfc2104_1, &rfc2104_1_hmac);
+	t_md5hmac(&rfc2104_2, &rfc2104_2_hmac);
+	t_md5hmac(&rfc2104_3, &rfc2104_3_hmac);
+
+	/*
+	 * four HMAC-SHA tests from RFC 4634 starting on page 86
+	 */
+	t_hmacs(&rfc4634_1, &rfc4634_1_sha1, &rfc4634_1_sha224,
+		&rfc4634_1_sha256, &rfc4634_1_sha384, &rfc4634_1_sha512);
+	t_hmacs(&rfc4634_2, &rfc4634_2_sha1, &rfc4634_2_sha224,
+		&rfc4634_2_sha256, &rfc4634_2_sha384, &rfc4634_2_sha512);
+	t_hmacs(&rfc4634_3, &rfc4634_3_sha1, &rfc4634_3_sha224,
+		&rfc4634_3_sha256, &rfc4634_3_sha384, &rfc4634_3_sha512);
+	t_hmacs(&rfc4634_4, &rfc4634_4_sha1, &rfc4634_4_sha224,
+		&rfc4634_4_sha256, &rfc4634_4_sha384, &rfc4634_4_sha512);
+
+	if (nprobs != 0)
+		t_result(T_FAIL);
+	else
+		t_result(T_PASS);
+}
+
+
+testspec_t	T_testlist[] = {
+	{	t1,		"hashes"		},
+	{	NULL,		NULL			}
+};
--- a/configure.in
+++ b/configure.in
@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl

-AC_REVISION($Revision: 1.502 $)
+AC_REVISION($Revision: 1.503 $)

 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@ -3280,6 +3280,7 @@ AC_CONFIG_FILES([
 	bin/tests/timers/Makefile
 	bin/tests/dst/Makefile
 	bin/tests/mem/Makefile
+	bin/tests/hashes/Makefile
 	bin/tests/net/Makefile
 	bin/tests/sockaddr/Makefile
 	bin/tests/system/Makefile