mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-02 15:45:25 +00:00
minor code cleanup, HMAC-MD5 bugfix
This commit is contained in:
Brian Wellington
@@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Principal Author: Brian Wellington
|
* Principal Author: Brian Wellington
|
||||||
* $Id: dst_api.c,v 1.1 1999/07/12 20:08:28 bwelling Exp $
|
* $Id: dst_api.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
@@ -100,18 +100,16 @@ dst_supported_algorithm(const int alg) {
|
|||||||
* context The state of the operation
|
* context The state of the operation
|
||||||
* data The data to be signed.
|
* data The data to be signed.
|
||||||
* sig The buffer to which the signature will be written.
|
* sig The buffer to which the signature will be written.
|
||||||
* mctx Memory context used for allocations
|
|
||||||
* Return
|
* Return
|
||||||
* DST_R_SUCCESS Success
|
* DST_R_SUCCESS Success
|
||||||
* !DST_R_SUCCESS Failure
|
* !DST_R_SUCCESS Failure
|
||||||
*/
|
*/
|
||||||
dst_result_t
|
dst_result_t
|
||||||
dst_sign(const int mode, dst_key_t *key, void **context,
|
dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
|
||||||
isc_region_t *data, isc_buffer_t *sig, isc_mem_t *mctx)
|
isc_region_t *data, isc_buffer_t *sig)
|
||||||
{
|
{
|
||||||
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
||||||
REQUIRE(VALID_KEY(key));
|
REQUIRE(VALID_KEY(key));
|
||||||
REQUIRE(mctx != NULL);
|
|
||||||
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
|
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
|
||||||
|
|
||||||
if ((mode & DST_SIG_MODE_UPDATE) != 0)
|
if ((mode & DST_SIG_MODE_UPDATE) != 0)
|
||||||
@@ -125,7 +123,8 @@ dst_sign(const int mode, dst_key_t *key, void **context,
|
|||||||
if (key->opaque == NULL)
|
if (key->opaque == NULL)
|
||||||
return (DST_R_NULL_KEY);
|
return (DST_R_NULL_KEY);
|
||||||
|
|
||||||
return (key->func->sign(mode, key, context, data, sig, mctx));
|
return (key->func->sign(mode, key, (void **)context, data, sig,
|
||||||
|
key->mctx));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -147,19 +146,17 @@ dst_sign(const int mode, dst_key_t *key, void **context,
|
|||||||
* context The state of the operation
|
* context The state of the operation
|
||||||
* data The data to be digested.
|
* data The data to be digested.
|
||||||
* sig The signature.
|
* sig The signature.
|
||||||
* mctx Memory context used for allocations
|
|
||||||
* Returns
|
* Returns
|
||||||
* DST_R_SUCCESS Success
|
* DST_R_SUCCESS Success
|
||||||
* !DST_R_SUCCESS Failure
|
* !DST_R_SUCCESS Failure
|
||||||
*/
|
*/
|
||||||
|
|
||||||
dst_result_t
|
dst_result_t
|
||||||
dst_verify(const int mode, dst_key_t *key, void **context,
|
dst_verify(const int mode, dst_key_t *key, dst_context_t *context,
|
||||||
isc_region_t *data, isc_region_t *sig, isc_mem_t *mctx)
|
isc_region_t *data, isc_region_t *sig)
|
||||||
{
|
{
|
||||||
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
||||||
REQUIRE(VALID_KEY(key));
|
REQUIRE(VALID_KEY(key));
|
||||||
REQUIRE(mctx != NULL);
|
|
||||||
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
|
REQUIRE((mode & DST_SIG_MODE_ALL) != 0);
|
||||||
|
|
||||||
if ((mode & DST_SIG_MODE_UPDATE) != 0)
|
if ((mode & DST_SIG_MODE_UPDATE) != 0)
|
||||||
@@ -173,7 +170,8 @@ dst_verify(const int mode, dst_key_t *key, void **context,
|
|||||||
if (key->opaque == NULL)
|
if (key->opaque == NULL)
|
||||||
return (DST_R_NULL_KEY);
|
return (DST_R_NULL_KEY);
|
||||||
|
|
||||||
return (key->func->verify(mode, key, context, data, sig, mctx));
|
return (key->func->verify(mode, key, (void **)context, data, sig,
|
||||||
|
key->mctx));
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -261,14 +259,14 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
|
|||||||
|
|
||||||
key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
|
key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
|
||||||
pubkey->key_proto, 0, mctx);
|
pubkey->key_proto, 0, mctx);
|
||||||
dst_key_free(pubkey, mctx);
|
dst_key_free(pubkey);
|
||||||
if (key == NULL)
|
if (key == NULL)
|
||||||
return (DST_R_NOMEMORY);
|
return (DST_R_NOMEMORY);
|
||||||
|
|
||||||
/* Fill in private key and some fields in the general key structure */
|
/* Fill in private key and some fields in the general key structure */
|
||||||
ret = key->func->from_file(key, id, mctx);
|
ret = key->func->from_file(key, id, mctx);
|
||||||
if (ret != DST_R_SUCCESS) {
|
if (ret != DST_R_SUCCESS) {
|
||||||
dst_key_free(key, mctx);
|
dst_key_free(key);
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -369,7 +367,7 @@ dst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
|
|||||||
|
|
||||||
ret = (*keyp)->func->from_dns(*keyp, source, mctx);
|
ret = (*keyp)->func->from_dns(*keyp, source, mctx);
|
||||||
if (ret != DST_R_SUCCESS)
|
if (ret != DST_R_SUCCESS)
|
||||||
dst_key_free((*keyp), mctx);
|
dst_key_free((*keyp));
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -412,7 +410,7 @@ dst_key_frombuffer(const char *name, const int alg, const int flags,
|
|||||||
|
|
||||||
ret = (*keyp)->func->from_dns((*keyp), source, mctx);
|
ret = (*keyp)->func->from_dns((*keyp), source, mctx);
|
||||||
if (ret != DST_R_SUCCESS) {
|
if (ret != DST_R_SUCCESS) {
|
||||||
dst_key_free((*keyp), mctx);
|
dst_key_free((*keyp));
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
return (DST_R_SUCCESS);
|
return (DST_R_SUCCESS);
|
||||||
@@ -489,7 +487,7 @@ dst_key_generate(const char *name, const int alg, const int bits,
|
|||||||
|
|
||||||
ret = (*keyp)->func->generate(*keyp, exp, mctx);
|
ret = (*keyp)->func->generate(*keyp, exp, mctx);
|
||||||
if (ret != DST_R_SUCCESS) {
|
if (ret != DST_R_SUCCESS) {
|
||||||
dst_key_free(*keyp, mctx);
|
dst_key_free(*keyp);
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -528,20 +526,18 @@ dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
|||||||
* Release all data structures pointed to by a key structure.
|
* Release all data structures pointed to by a key structure.
|
||||||
* Parameters
|
* Parameters
|
||||||
* key Key structure to be freed.
|
* key Key structure to be freed.
|
||||||
* mctx The memory context used to allocate the key
|
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
dst_key_free(dst_key_t *key, isc_mem_t *mctx) {
|
dst_key_free(dst_key_t *key) {
|
||||||
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
|
||||||
REQUIRE(VALID_KEY(key));
|
REQUIRE(VALID_KEY(key));
|
||||||
REQUIRE(mctx != NULL);
|
|
||||||
|
|
||||||
if (key->opaque != NULL)
|
if (key->opaque != NULL)
|
||||||
key->func->destroy(key->opaque, mctx);
|
key->func->destroy(key->opaque, key->mctx);
|
||||||
|
|
||||||
isc_mem_free(mctx, key->key_name);
|
isc_mem_free(key->mctx, key->key_name);
|
||||||
memset(key, 0, sizeof(dst_key_t));
|
memset(key, 0, sizeof(dst_key_t));
|
||||||
isc_mem_put(mctx, key, sizeof(dst_key_t));
|
isc_mem_put(key->mctx, key, sizeof(dst_key_t));
|
||||||
}
|
}
|
||||||
|
|
||||||
char *
|
char *
|
||||||
@@ -705,6 +701,7 @@ get_key_struct(const char *name, const int alg, const int flags,
|
|||||||
key->key_alg = alg;
|
key->key_alg = alg;
|
||||||
key->key_flags = flags;
|
key->key_flags = flags;
|
||||||
key->key_proto = protocol;
|
key->key_proto = protocol;
|
||||||
|
key->mctx = mctx;
|
||||||
key->opaque = NULL;
|
key->opaque = NULL;
|
||||||
key->key_size = bits;
|
key->key_size = bits;
|
||||||
key->func = dst_t_func[alg];
|
key->func = dst_t_func[alg];
|
||||||
|
|||||||
@@ -55,6 +55,7 @@ struct dst_key {
|
|||||||
int key_alg; /* algorithm of the key */
|
int key_alg; /* algorithm of the key */
|
||||||
isc_uint32_t key_flags; /* flags of the public key */
|
isc_uint32_t key_flags; /* flags of the public key */
|
||||||
isc_uint16_t key_id; /* identifier of the key */
|
isc_uint16_t key_id; /* identifier of the key */
|
||||||
|
isc_mem_t *mctx; /* memory context */
|
||||||
void * opaque; /* pointer to key in crypto pkg fmt */
|
void * opaque; /* pointer to key in crypto pkg fmt */
|
||||||
dst_func * func; /* crypto package specific functions */
|
dst_func * func; /* crypto package specific functions */
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Principal Author: Brian Wellington
|
* Principal Author: Brian Wellington
|
||||||
* $Id: hmac_link.c,v 1.1 1999/07/12 20:08:29 bwelling Exp $
|
* $Id: hmac_link.c,v 1.2 1999/07/29 17:21:23 bwelling Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
@@ -291,6 +291,7 @@ dst_hmacmd5_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) {
|
|||||||
return (DST_R_NOMEMORY);
|
return (DST_R_NOMEMORY);
|
||||||
|
|
||||||
memset(hkey->ipad, 0, sizeof(hkey->ipad));
|
memset(hkey->ipad, 0, sizeof(hkey->ipad));
|
||||||
|
memset(hkey->opad, 0, sizeof(hkey->opad));
|
||||||
|
|
||||||
if (r.length > HMAC_LEN) {
|
if (r.length > HMAC_LEN) {
|
||||||
MD5_CTX ctx;
|
MD5_CTX ctx;
|
||||||
@@ -300,15 +301,15 @@ dst_hmacmd5_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) {
|
|||||||
MD5Update(&ctx, r.base, r.length);
|
MD5Update(&ctx, r.base, r.length);
|
||||||
MD5Final(digest, &ctx);
|
MD5Final(digest, &ctx);
|
||||||
memcpy(hkey->ipad, digest, MD5_LEN);
|
memcpy(hkey->ipad, digest, MD5_LEN);
|
||||||
|
memcpy(hkey->opad, digest, MD5_LEN);
|
||||||
keylen = MD5_LEN;
|
keylen = MD5_LEN;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
memcpy(hkey->ipad, r.base, r.length);
|
memcpy(hkey->ipad, r.base, r.length);
|
||||||
|
memcpy(hkey->opad, r.base, r.length);
|
||||||
keylen = r.length;
|
keylen = r.length;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(hkey->opad, hkey->ipad, keylen);
|
|
||||||
|
|
||||||
/* XOR key with ipad and opad values */
|
/* XOR key with ipad and opad values */
|
||||||
for (i = 0; i < HMAC_LEN; i++) {
|
for (i = 0; i < HMAC_LEN; i++) {
|
||||||
hkey->ipad[i] ^= HMAC_IPAD;
|
hkey->ipad[i] ^= HMAC_IPAD;
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ ISC_LANG_BEGINDECLS
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
typedef struct dst_key dst_key_t;
|
typedef struct dst_key dst_key_t;
|
||||||
|
typedef void * dst_context_t;
|
||||||
|
|
||||||
/* DST algorithm codes */
|
/* DST algorithm codes */
|
||||||
#define DST_ALG_UNKNOWN 0
|
#define DST_ALG_UNKNOWN 0
|
||||||
@@ -35,7 +36,7 @@ typedef struct dst_key dst_key_t;
|
|||||||
#define DST_ALG_EXPAND 255
|
#define DST_ALG_EXPAND 255
|
||||||
#define DST_MAX_ALGS DST_ALG_HMAC_SHA1
|
#define DST_MAX_ALGS DST_ALG_HMAC_SHA1
|
||||||
|
|
||||||
/* 'Mode' passed into dst_sign_data() and dst_verify_data() */
|
/* 'Mode' passed into dst_sign() and dst_verify() */
|
||||||
#define DST_SIG_MODE_INIT 1 /* initialize digest */
|
#define DST_SIG_MODE_INIT 1 /* initialize digest */
|
||||||
#define DST_SIG_MODE_UPDATE 2 /* add data to digest */
|
#define DST_SIG_MODE_UPDATE 2 /* add data to digest */
|
||||||
#define DST_SIG_MODE_FINAL 4 /* generate/verify signature */
|
#define DST_SIG_MODE_FINAL 4 /* generate/verify signature */
|
||||||
@@ -69,15 +70,14 @@ dst_supported_algorithm(const int alg);
|
|||||||
* "context" contains a value appropriate for the value of "mode".
|
* "context" contains a value appropriate for the value of "mode".
|
||||||
* "data" is a valid region.
|
* "data" is a valid region.
|
||||||
* "sig" is a valid buffer.
|
* "sig" is a valid buffer.
|
||||||
* "mctx" is a valid memory context.
|
|
||||||
*
|
*
|
||||||
* Ensures:
|
* Ensures:
|
||||||
* All allocated memory will be freed after the FINAL call. "sig"
|
* All allocated memory will be freed after the FINAL call. "sig"
|
||||||
* will contain a signature if all operations completed successfully.
|
* will contain a signature if all operations completed successfully.
|
||||||
*/
|
*/
|
||||||
dst_result_t
|
dst_result_t
|
||||||
dst_sign(const int mode, dst_key_t *key, void **context,
|
dst_sign(const int mode, dst_key_t *key, dst_context_t *context,
|
||||||
isc_region_t *data, isc_buffer_t *sig, isc_mem_t *mctx);
|
isc_region_t *data, isc_buffer_t *sig);
|
||||||
|
|
||||||
/* Verify a signature on a block of data.
|
/* Verify a signature on a block of data.
|
||||||
*
|
*
|
||||||
@@ -88,14 +88,13 @@ dst_sign(const int mode, dst_key_t *key, void **context,
|
|||||||
* "context" contains a value appropriate for the value of "mode".
|
* "context" contains a value appropriate for the value of "mode".
|
||||||
* "data" is a valid region.
|
* "data" is a valid region.
|
||||||
* "sig" is a valid region.
|
* "sig" is a valid region.
|
||||||
* "mctx" is a valid memory context.
|
|
||||||
*
|
*
|
||||||
* Ensures:
|
* Ensures:
|
||||||
* All allocated memory will be freed after the FINAL call.
|
* All allocated memory will be freed after the FINAL call.
|
||||||
*/
|
*/
|
||||||
dst_result_t
|
dst_result_t
|
||||||
dst_verify(const int mode, dst_key_t *key, void **context,
|
dst_verify(const int mode, dst_key_t *key, dst_context_t *context,
|
||||||
isc_region_t *data, isc_region_t *sig, isc_mem_t *mctx);
|
isc_region_t *data, isc_region_t *sig);
|
||||||
|
|
||||||
/* Reads a key from permanent storage.
|
/* Reads a key from permanent storage.
|
||||||
*
|
*
|
||||||
@@ -210,13 +209,12 @@ dst_key_compare(const dst_key_t *key1, const dst_key_t *key2);
|
|||||||
*
|
*
|
||||||
* Requires:
|
* Requires:
|
||||||
* "key" is a valid key.
|
* "key" is a valid key.
|
||||||
* "mctx" is a valid memory context.
|
|
||||||
*
|
*
|
||||||
* Ensures:
|
* Ensures:
|
||||||
* All memory associated with "key" will be freed.
|
* All memory associated with "key" will be freed.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
dst_key_free(dst_key_t *key, isc_mem_t *mctx);
|
dst_key_free(dst_key_t *key);
|
||||||
|
|
||||||
/* Accessor functions to obtain key fields.
|
/* Accessor functions to obtain key fields.
|
||||||
*
|
*
|
||||||
|
|||||||
Reference in New Issue
Block a user