1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 7 #ifdef HMAC_MD5 8 /* 9 * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. 10 * 11 * Permission to use, copy modify, and distribute this software for any 12 * purpose with or without fee is hereby granted, provided that the above 13 * copyright notice and this permission notice appear in all copies. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS 16 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL 18 * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, 19 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING 20 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, 21 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION 22 * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. 23 */ 24 25 /*% 26 * This file contains an implementation of the HMAC-MD5 algorithm. 27 */ 28 #include "port_before.h" 29 30 #include <stdio.h> 31 #include <unistd.h> 32 #include <stdlib.h> 33 #include <string.h> 34 #include <memory.h> 35 #include <sys/param.h> 36 #include <sys/time.h> 37 #include <netinet/in.h> 38 #include <arpa/nameser.h> 39 #include <resolv.h> 40 41 #include "dst_internal.h" 42 43 #ifdef USE_MD5 44 # ifndef HAVE_MD5 45 # include "md5.h" 46 # else 47 # ifdef SOLARIS2 48 # include <sys/md5.h> 49 # endif 50 # endif 51 # ifndef _MD5_H_ 52 # define _MD5_H_ 1 /*%< make sure we do not include rsaref md5.h file */ 53 # endif 54 #endif 55 56 #include "port_after.h" 57 58 59 #define HMAC_LEN 64 60 #define HMAC_IPAD 0x36 61 #define HMAC_OPAD 0x5c 62 #define MD5_LEN 16 63 64 65 typedef struct hmackey { 66 u_char hk_ipad[64], hk_opad[64]; 67 } HMAC_Key; 68 69 70 /************************************************************************** 71 * dst_hmac_md5_sign 72 * Call HMAC signing functions to sign a block of data. 73 * There are three steps to signing, INIT (initialize structures), 74 * UPDATE (hash (more) data), FINAL (generate a signature). This 75 * routine performs one or more of these steps. 76 * Parameters 77 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL. 78 * priv_key key to use for signing. 79 * context the context to be used in this digest 80 * data data to be signed. 81 * len length in bytes of data. 82 * signature location to store signature. 83 * sig_len size of the signature location 84 * returns 85 * N Success on SIG_MODE_FINAL = returns signature length in bytes 86 * 0 Success on SIG_MODE_INIT and UPDATE 87 * <0 Failure 88 */ 89 90 static int 91 dst_hmac_md5_sign(const int mode, DST_KEY *d_key, void **context, 92 const u_char *data, const int len, 93 u_char *signature, const int sig_len) 94 { 95 HMAC_Key *key; 96 int sign_len = 0; 97 MD5_CTX *ctx = NULL; 98 99 if (d_key == NULL || d_key->dk_KEY_struct == NULL) 100 return (-1); 101 102 if (mode & SIG_MODE_INIT) 103 ctx = (MD5_CTX *) malloc(sizeof(*ctx)); 104 else if (context) 105 ctx = (MD5_CTX *) *context; 106 if (ctx == NULL) 107 return (-1); 108 109 key = (HMAC_Key *) d_key->dk_KEY_struct; 110 111 if (mode & SIG_MODE_INIT) { 112 MD5Init(ctx); 113 MD5Update(ctx, key->hk_ipad, HMAC_LEN); 114 } 115 116 if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) 117 MD5Update(ctx, data, len); 118 119 if (mode & SIG_MODE_FINAL) { 120 if (signature == NULL || sig_len < MD5_LEN) 121 return (SIGN_FINAL_FAILURE); 122 MD5Final(signature, ctx); 123 124 /* perform outer MD5 */ 125 MD5Init(ctx); 126 MD5Update(ctx, key->hk_opad, HMAC_LEN); 127 MD5Update(ctx, signature, MD5_LEN); 128 MD5Final(signature, ctx); 129 sign_len = MD5_LEN; 130 SAFE_FREE(ctx); 131 } 132 else { 133 if (context == NULL) 134 return (-1); 135 *context = (void *) ctx; 136 } 137 return (sign_len); 138 } 139 140 141 /************************************************************************** 142 * dst_hmac_md5_verify() 143 * Calls HMAC verification routines. There are three steps to 144 * verification, INIT (initialize structures), UPDATE (hash (more) data), 145 * FINAL (generate a signature). This routine performs one or more of 146 * these steps. 147 * Parameters 148 * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL. 149 * dkey key to use for verify. 150 * data data signed. 151 * len length in bytes of data. 152 * signature signature. 153 * sig_len length in bytes of signature. 154 * returns 155 * 0 Success 156 * <0 Failure 157 */ 158 159 static int 160 dst_hmac_md5_verify(const int mode, DST_KEY *d_key, void **context, 161 const u_char *data, const int len, 162 const u_char *signature, const int sig_len) 163 { 164 HMAC_Key *key; 165 MD5_CTX *ctx = NULL; 166 167 if (d_key == NULL || d_key->dk_KEY_struct == NULL) 168 return (-1); 169 170 if (mode & SIG_MODE_INIT) 171 ctx = (MD5_CTX *) malloc(sizeof(*ctx)); 172 else if (context) 173 ctx = (MD5_CTX *) *context; 174 if (ctx == NULL) 175 return (-1); 176 177 key = (HMAC_Key *) d_key->dk_KEY_struct; 178 if (mode & SIG_MODE_INIT) { 179 MD5Init(ctx); 180 MD5Update(ctx, key->hk_ipad, HMAC_LEN); 181 } 182 if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) 183 MD5Update(ctx, data, len); 184 185 if (mode & SIG_MODE_FINAL) { 186 u_char digest[MD5_LEN]; 187 if (signature == NULL || key == NULL || sig_len != MD5_LEN) 188 return (VERIFY_FINAL_FAILURE); 189 MD5Final(digest, ctx); 190 191 /* perform outer MD5 */ 192 MD5Init(ctx); 193 MD5Update(ctx, key->hk_opad, HMAC_LEN); 194 MD5Update(ctx, digest, MD5_LEN); 195 MD5Final(digest, ctx); 196 197 SAFE_FREE(ctx); 198 if (memcmp(digest, signature, MD5_LEN) != 0) 199 return (VERIFY_FINAL_FAILURE); 200 } 201 else { 202 if (context == NULL) 203 return (-1); 204 *context = (void *) ctx; 205 } 206 return (0); 207 } 208 209 210 /************************************************************************** 211 * dst_buffer_to_hmac_md5 212 * Converts key from raw data to an HMAC Key 213 * This function gets in a pointer to the data 214 * Parameters 215 * hkey the HMAC key to be filled in 216 * key the key in raw format 217 * keylen the length of the key 218 * Return 219 * 0 Success 220 * <0 Failure 221 */ 222 static int 223 dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const int keylen) 224 { 225 int i; 226 HMAC_Key *hkey = NULL; 227 MD5_CTX ctx; 228 int local_keylen = keylen; 229 u_char tk[MD5_LEN]; 230 231 if (dkey == NULL || key == NULL || keylen < 0) 232 return (-1); 233 234 if ((hkey = (HMAC_Key *) malloc(sizeof(HMAC_Key))) == NULL) 235 return (-2); 236 237 memset(hkey->hk_ipad, 0, sizeof(hkey->hk_ipad)); 238 memset(hkey->hk_opad, 0, sizeof(hkey->hk_opad)); 239 240 /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */ 241 if (keylen > HMAC_LEN) { 242 MD5Init(&ctx); 243 MD5Update(&ctx, key, keylen); 244 MD5Final(tk, &ctx); 245 memset((void *) &ctx, 0, sizeof(ctx)); 246 key = tk; 247 local_keylen = MD5_LEN; 248 } 249 /* start out by storing key in pads */ 250 memcpy(hkey->hk_ipad, key, local_keylen); 251 memcpy(hkey->hk_opad, key, local_keylen); 252 253 /* XOR key with hk_ipad and opad values */ 254 for (i = 0; i < HMAC_LEN; i++) { 255 hkey->hk_ipad[i] ^= HMAC_IPAD; 256 hkey->hk_opad[i] ^= HMAC_OPAD; 257 } 258 dkey->dk_key_size = local_keylen; 259 dkey->dk_KEY_struct = (void *) hkey; 260 return (1); 261 } 262 263 264 /************************************************************************** 265 * dst_hmac_md5_key_to_file_format 266 * Encodes an HMAC Key into the portable file format. 267 * Parameters 268 * hkey HMAC KEY structure 269 * buff output buffer 270 * buff_len size of output buffer 271 * Return 272 * 0 Failure - null input hkey 273 * -1 Failure - not enough space in output area 274 * N Success - Length of data returned in buff 275 */ 276 277 static int 278 dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff, 279 const int buff_len) 280 { 281 char *bp; 282 int len, i, key_len; 283 u_char key[HMAC_LEN]; 284 HMAC_Key *hkey; 285 286 if (dkey == NULL || dkey->dk_KEY_struct == NULL) 287 return (0); 288 /* 289 * Using snprintf() would be so much simpler here. 290 */ 291 if (buff == NULL || 292 buff_len <= (int)(strlen(key_file_fmt_str) + 293 strlen(KEY_FILE_FORMAT) + 4)) 294 return (-1); /*%< no OR not enough space in output area */ 295 hkey = (HMAC_Key *) dkey->dk_KEY_struct; 296 memset(buff, 0, buff_len); /*%< just in case */ 297 /* write file header */ 298 sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC"); 299 300 bp = buff + strlen(buff); 301 302 memset(key, 0, HMAC_LEN); 303 for (i = 0; i < HMAC_LEN; i++) 304 key[i] = hkey->hk_ipad[i] ^ HMAC_IPAD; 305 for (i = HMAC_LEN - 1; i >= 0; i--) 306 if (key[i] != 0) 307 break; 308 key_len = i + 1; 309 310 if (buff_len - (bp - buff) < 6) 311 return (-1); 312 strcat(bp, "Key: "); 313 bp += strlen("Key: "); 314 315 len = b64_ntop(key, key_len, bp, buff_len - (bp - buff)); 316 if (len < 0) 317 return (-1); 318 bp += len; 319 if (buff_len - (bp - buff) < 2) 320 return (-1); 321 *(bp++) = '\n'; 322 *bp = '\0'; 323 324 return (bp - buff); 325 } 326 327 328 /************************************************************************** 329 * dst_hmac_md5_key_from_file_format 330 * Converts contents of a key file into an HMAC key. 331 * Parameters 332 * hkey structure to put key into 333 * buff buffer containing the encoded key 334 * buff_len the length of the buffer 335 * Return 336 * n >= 0 Foot print of the key converted 337 * n < 0 Error in conversion 338 */ 339 340 static int 341 dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff, 342 const int buff_len) 343 { 344 const char *p = buff, *eol; 345 u_char key[HMAC_LEN+1]; /* b64_pton needs more than 64 bytes do decode 346 * it should probably be fixed rather than doing 347 * this 348 */ 349 u_char *tmp; 350 int key_len, len; 351 352 if (dkey == NULL) 353 return (-2); 354 if (buff == NULL || buff_len < 0) 355 return (-1); 356 357 memset(key, 0, sizeof(key)); 358 359 if (!dst_s_verify_str(&p, "Key: ")) 360 return (-3); 361 362 eol = strchr(p, '\n'); 363 if (eol == NULL) 364 return (-4); 365 len = eol - p; 366 tmp = malloc(len + 2); 367 if (tmp == NULL) 368 return (-5); 369 memcpy(tmp, p, len); 370 *(tmp + len) = 0x0; 371 key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /*%< see above */ 372 SAFE_FREE2(tmp, len + 2); 373 374 if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) { 375 return (-6); 376 } 377 return (0); 378 } 379 380 /*% 381 * dst_hmac_md5_to_dns_key() 382 * function to extract hmac key from DST_KEY structure 383 * intput: 384 * in_key: HMAC-MD5 key 385 * output: 386 * out_str: buffer to write ot 387 * out_len: size of output buffer 388 * returns: 389 * number of bytes written to output buffer 390 */ 391 static int 392 dst_hmac_md5_to_dns_key(const DST_KEY *in_key, u_char *out_str, 393 const int out_len) 394 { 395 396 HMAC_Key *hkey; 397 int i; 398 399 if (in_key == NULL || in_key->dk_KEY_struct == NULL || 400 out_len <= in_key->dk_key_size || out_str == NULL) 401 return (-1); 402 403 hkey = (HMAC_Key *) in_key->dk_KEY_struct; 404 for (i = 0; i < in_key->dk_key_size; i++) 405 out_str[i] = hkey->hk_ipad[i] ^ HMAC_IPAD; 406 return (i); 407 } 408 409 /************************************************************************** 410 * dst_hmac_md5_compare_keys 411 * Compare two keys for equality. 412 * Return 413 * 0 The keys are equal 414 * NON-ZERO The keys are not equal 415 */ 416 417 static int 418 dst_hmac_md5_compare_keys(const DST_KEY *key1, const DST_KEY *key2) 419 { 420 HMAC_Key *hkey1 = (HMAC_Key *) key1->dk_KEY_struct; 421 HMAC_Key *hkey2 = (HMAC_Key *) key2->dk_KEY_struct; 422 return memcmp(hkey1->hk_ipad, hkey2->hk_ipad, HMAC_LEN); 423 } 424 425 /************************************************************************** 426 * dst_hmac_md5_free_key_structure 427 * Frees all (none) dynamically allocated structures in hkey 428 */ 429 430 static void * 431 dst_hmac_md5_free_key_structure(void *key) 432 { 433 HMAC_Key *hkey = key; 434 SAFE_FREE(hkey); 435 return (NULL); 436 } 437 438 439 /*************************************************************************** 440 * dst_hmac_md5_generate_key 441 * Creates a HMAC key of size size with a maximum size of 63 bytes 442 * generating a HMAC key larger than 63 bytes makes no sense as that key 443 * is digested before use. 444 */ 445 446 static int 447 dst_hmac_md5_generate_key(DST_KEY *key, const int nothing) 448 { 449 (void)key; 450 (void)nothing; 451 return (-1); 452 } 453 454 /*% 455 * dst_hmac_md5_init() Function to answer set up function pointers for HMAC 456 * related functions 457 */ 458 int 459 dst_hmac_md5_init() 460 { 461 if (dst_t_func[KEY_HMAC_MD5] != NULL) 462 return (1); 463 dst_t_func[KEY_HMAC_MD5] = malloc(sizeof(struct dst_func)); 464 if (dst_t_func[KEY_HMAC_MD5] == NULL) 465 return (0); 466 memset(dst_t_func[KEY_HMAC_MD5], 0, sizeof(struct dst_func)); 467 dst_t_func[KEY_HMAC_MD5]->sign = dst_hmac_md5_sign; 468 dst_t_func[KEY_HMAC_MD5]->verify = dst_hmac_md5_verify; 469 dst_t_func[KEY_HMAC_MD5]->compare = dst_hmac_md5_compare_keys; 470 dst_t_func[KEY_HMAC_MD5]->generate = dst_hmac_md5_generate_key; 471 dst_t_func[KEY_HMAC_MD5]->destroy = dst_hmac_md5_free_key_structure; 472 dst_t_func[KEY_HMAC_MD5]->to_dns_key = dst_hmac_md5_to_dns_key; 473 dst_t_func[KEY_HMAC_MD5]->from_dns_key = dst_buffer_to_hmac_md5; 474 dst_t_func[KEY_HMAC_MD5]->to_file_fmt = dst_hmac_md5_key_to_file_format; 475 dst_t_func[KEY_HMAC_MD5]->from_file_fmt = dst_hmac_md5_key_from_file_format; 476 return (1); 477 } 478 479 #else 480 #define dst_hmac_md5_init __dst_hmac_md5_init 481 482 int 483 dst_hmac_md5_init(){ 484 return (0); 485 } 486 #endif 487 488 /*! \file */ 489