mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

use the dst md5 layer instead of openssl md5, replace verify with sign & compare

Browse Source
This commit is contained in:
Brian Wellington 2000-06-05 19:10:58 +00:00
parent 9ee00c4fa0
commit b15d35d4e6
1 changed files with 51 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
lib/dns/sec/dst/hmac_link.c
View File

@ -19,7 +19,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.30 2000/06/02 23:36:10 bwelling Exp $ * $Id: hmac_link.c,v 1.31 2000/06/05 19:10:58 bwelling Exp $
*/ */
#include <config.h> #include <config.h>
@ -39,29 +39,28 @@
#define HMAC_IPAD 0x36 #define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5c #define HMAC_OPAD 0x5c
#define RETERR(x) do { \
ret = (x); \
if (ret != ISC_R_SUCCESS) \
return (ret); \
} while (0)
static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data); static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data);
typedef struct hmackey { typedef struct hmackey {
unsigned char ipad[64], opad[64]; unsigned char key[HMAC_LEN];
} HMAC_Key; } HMAC_Key;
static isc_result_t static isc_result_t
hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) { hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) {
dst_context_t *md5ctx = NULL; dst_context_t *md5ctx = NULL;
HMAC_Key *hkey = key->opaque; HMAC_Key *hkey = key->opaque;
unsigned char ipad[HMAC_LEN];
isc_region_t r; isc_region_t r;
isc_result_t result; isc_result_t result;
int i;
result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx); result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);
r.base = hkey->ipad; memset(ipad, HMAC_IPAD, sizeof ipad);
for (i = 0; i < HMAC_LEN; i++)
ipad[i] ^= hkey->key[i];
r.base = ipad;
r.length = HMAC_LEN; r.length = HMAC_LEN;
result = dst_context_adddata(md5ctx, &r); result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
@ -92,10 +91,12 @@ hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) {
dst_context_t *md5ctx = dctx->opaque; dst_context_t *md5ctx = dctx->opaque;
dst_key_t *key = dctx->key; dst_key_t *key = dctx->key;
HMAC_Key *hkey = key->opaque; HMAC_Key *hkey = key->opaque;
isc_region_t r; unsigned char opad[HMAC_LEN];
isc_result_t result;
unsigned char digest[MD5_DIGEST_LENGTH]; unsigned char digest[MD5_DIGEST_LENGTH];
isc_buffer_t b; isc_buffer_t b;
isc_region_t r;
isc_result_t result;
int i;
isc_buffer_init(&b, digest, sizeof(digest)); isc_buffer_init(&b, digest, sizeof(digest));
@ -110,7 +111,10 @@ hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) {
return (result); return (result);
dctx->opaque = md5ctx; dctx->opaque = md5ctx;
r.base = hkey->opad; memset(opad, HMAC_OPAD, sizeof opad);
for (i = 0; i < HMAC_LEN; i++)
opad[i] ^= hkey->key[i];
r.base = opad;
r.length = HMAC_LEN; r.length = HMAC_LEN;
result = dst_context_adddata(md5ctx, &r); result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
@ -127,40 +131,15 @@ hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) {
static isc_result_t static isc_result_t
hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) { hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) {
dst_context_t *md5ctx = dctx->opaque;
dst_key_t *key = dctx->key;
HMAC_Key *hkey = key->opaque;
isc_region_t r;
isc_result_t result; isc_result_t result;
unsigned char digest[MD5_DIGEST_LENGTH]; unsigned char digest[MD5_DIGEST_LENGTH];
isc_buffer_t b; isc_buffer_t b;
if (sig->length < MD5_DIGEST_LENGTH)
return (DST_R_VERIFYFAILURE);
isc_buffer_init(&b, digest, sizeof(digest)); isc_buffer_init(&b, digest, sizeof(digest));
result = hmacmd5_sign(dctx, &b);
result = dst_context_digest(md5ctx, &b);
if (result != ISC_R_SUCCESS)
return (result);
dst_context_destroy(&md5ctx);
dctx->opaque = NULL;
result = dst_context_create(DST_KEY_MD5, dctx->mctx, &md5ctx);
if (result != ISC_R_SUCCESS)
return (result);
dctx->opaque = md5ctx;
r.base = hkey->opad;
r.length = HMAC_LEN;
result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_usedregion(&b, &r);
result = dst_context_adddata(md5ctx, &r);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_clear(&b);
result = dst_context_digest(md5ctx, &b);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);
@ -182,7 +161,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
else if (hkey1 == NULL || hkey2 == NULL) else if (hkey1 == NULL || hkey2 == NULL)
return (ISC_FALSE); return (ISC_FALSE);
if (memcmp(hkey1->ipad, hkey2->ipad, HMAC_LEN) == 0) if (memcmp(hkey1->key, hkey2->key, HMAC_LEN) == 0)
return (ISC_TRUE); return (ISC_TRUE);
else else
return (ISC_FALSE); return (ISC_FALSE);
@ -231,23 +210,16 @@ hmacmd5_destroy(dst_key_t *key) {
static isc_result_t static isc_result_t
hmacmd5_todns(const dst_key_t *key, isc_buffer_t *data) { hmacmd5_todns(const dst_key_t *key, isc_buffer_t *data) {
HMAC_Key *hkey; HMAC_Key *hkey;
isc_region_t r; unsigned int bytes;
unsigned int bytes, i;
REQUIRE(key->opaque != NULL); REQUIRE(key->opaque != NULL);
hkey = (HMAC_Key *) key->opaque; hkey = (HMAC_Key *) key->opaque;
isc_buffer_availableregion(data, &r);
bytes = (key->key_size + 7) / 8; bytes = (key->key_size + 7) / 8;
if (r.length < bytes) if (isc_buffer_availablelength(data) < bytes)
return (ISC_R_NOSPACE); return (ISC_R_NOSPACE);
isc_buffer_putmem(data, hkey->key, bytes);
for (i = 0; i < bytes; i++)
*r.base++ = hkey->ipad[i] ^ HMAC_IPAD;
isc_buffer_add(data, bytes);
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
@ -255,71 +227,69 @@ hmacmd5_todns(const dst_key_t *key, isc_buffer_t *data) {
static isc_result_t static isc_result_t
hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
HMAC_Key *hkey; HMAC_Key *hkey;
int keylen;
isc_buffer_t b;
isc_region_t r; isc_region_t r;
isc_mem_t *mctx = key->mctx; isc_result_t result;
int i, keylen; dst_context_t *md5ctx = NULL;
isc_buffer_remainingregion(data, &r); isc_buffer_remainingregion(data, &r);
if (r.length == 0) if (r.length == 0)
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
hkey = (HMAC_Key *) isc_mem_get(mctx, sizeof(HMAC_Key)); hkey = (HMAC_Key *) isc_mem_get(key->mctx, sizeof(HMAC_Key));
if (hkey == NULL) if (hkey == NULL)
return (ISC_R_NOMEMORY); return (ISC_R_NOMEMORY);
memset(hkey->ipad, 0, sizeof(hkey->ipad)); memset(hkey->key, 0, sizeof(hkey->key));
memset(hkey->opad, 0, sizeof(hkey->opad));
if (r.length > HMAC_LEN) { if (r.length > HMAC_LEN) {
MD5_CTX ctx; isc_buffer_init(&b, hkey->key, HMAC_LEN);
unsigned char digest[MD5_DIGEST_LENGTH]; result = dst_context_create(DST_KEY_MD5, key->mctx, &md5ctx);
if (result != ISC_R_SUCCESS)
MD5_Init(&ctx); goto fail;
MD5_Update(&ctx, r.base, r.length); result = dst_context_adddata(md5ctx, &r);
MD5_Final(digest, &ctx); if (result != ISC_R_SUCCESS)
memcpy(hkey->ipad, digest, MD5_DIGEST_LENGTH); goto fail;
memcpy(hkey->opad, digest, MD5_DIGEST_LENGTH); result = dst_context_digest(md5ctx, &b);
if (result != ISC_R_SUCCESS)
goto fail;
dst_context_destroy(&md5ctx);
keylen = MD5_DIGEST_LENGTH; keylen = MD5_DIGEST_LENGTH;
} }
else { else {
memcpy(hkey->ipad, r.base, r.length); memcpy(hkey->key, r.base, r.length);
memcpy(hkey->opad, r.base, r.length);
keylen = r.length; keylen = r.length;
} }
/* key->key_id = dst__id_calc(hkey->key, keylen);
* XOR key with ipad and opad values.
*/
for (i = 0; i < HMAC_LEN; i++) {
hkey->ipad[i] ^= HMAC_IPAD;
hkey->opad[i] ^= HMAC_OPAD;
}
key->key_id = dst__id_calc(r.base, r.length);
key->key_size = keylen * 8; key->key_size = keylen * 8;
key->opaque = hkey; key->opaque = hkey;
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
fail:
if (md5ctx != NULL)
dst_context_destroy(&md5ctx);
isc_mem_put(key->mctx, hkey, sizeof(HMAC_Key));
return (result);
} }
static isc_result_t static isc_result_t
hmacmd5_tofile(const dst_key_t *key) { hmacmd5_tofile(const dst_key_t *key) {
int i, cnt = 0; int cnt = 0;
HMAC_Key *hkey; HMAC_Key *hkey;
dst_private_t priv; dst_private_t priv;
unsigned char keydata[HMAC_LEN];
int bytes = (key->key_size + 7) / 8; int bytes = (key->key_size + 7) / 8;
if (key->opaque == NULL) if (key->opaque == NULL)
return (DST_R_NULLKEY); return (DST_R_NULLKEY);
hkey = (HMAC_Key *) key->opaque; hkey = (HMAC_Key *) key->opaque;
memset(keydata, 0, HMAC_LEN);
for (i = 0; i < bytes; i++)
keydata[i] = hkey->ipad[i] ^ HMAC_IPAD;
priv.elements[cnt].tag = TAG_HMACMD5_KEY; priv.elements[cnt].tag = TAG_HMACMD5_KEY;
priv.elements[cnt].length = bytes; priv.elements[cnt].length = bytes;
priv.elements[cnt++].data = keydata; priv.elements[cnt++].data = hkey->key;
priv.nelements = cnt; priv.nelements = cnt;
return (dst__privstruct_writefile(key, &priv)); return (dst__privstruct_writefile(key, &priv));
@ -368,5 +338,3 @@ dst__hmacmd5_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL && *funcp == NULL); REQUIRE(funcp != NULL && *funcp == NULL);
*funcp = &hmacmd5_functions; *funcp = &hmacmd5_functions;
} }