version 1.8, 2001/02/11 12:59:24 |
version 1.9, 2014/01/27 18:58:14 |
|
|
|
/* $OpenBSD$ */ |
/* |
/* |
* Copyright (c) 2000 Markus Friedl. All rights reserved. |
* Copyright (c) 2014 Markus Friedl. All rights reserved. |
* |
* |
* Redistribution and use in source and binary forms, with or without |
* Permission to use, copy, modify, and distribute this software for any |
* modification, are permitted provided that the following conditions |
* purpose with or without fee is hereby granted, provided that the above |
* are met: |
* copyright notice and this permission notice appear in all copies. |
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* |
* |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
*/ |
*/ |
|
|
#include "includes.h" |
#include <sys/types.h> |
RCSID("$OpenBSD$"); |
#include <string.h> |
|
|
#include "xmalloc.h" |
#include "buffer.h" |
#include "getput.h" |
#include "digest.h" |
#include "log.h" |
#include "hmac.h" |
|
|
#include <openssl/hmac.h> |
struct ssh_hmac_ctx { |
|
int alg; |
|
struct ssh_digest_ctx *ictx; |
|
struct ssh_digest_ctx *octx; |
|
struct ssh_digest_ctx *digest; |
|
u_char *buf; |
|
size_t buf_len; |
|
}; |
|
|
#include "hmac.h" |
size_t |
|
ssh_hmac_bytes(int alg) |
|
{ |
|
return ssh_digest_bytes(alg); |
|
} |
|
|
u_char * |
struct ssh_hmac_ctx * |
hmac( |
ssh_hmac_start(int alg) |
EVP_MD *evp_md, |
|
u_int seqno, |
|
u_char *data, int datalen, |
|
u_char *key, int keylen) |
|
{ |
{ |
HMAC_CTX c; |
struct ssh_hmac_ctx *ret; |
static u_char m[EVP_MAX_MD_SIZE]; |
|
u_char b[4]; |
|
|
|
if (key == NULL) |
if ((ret = calloc(1, sizeof(*ret))) == NULL) |
fatal("hmac: no key"); |
return NULL; |
HMAC_Init(&c, key, keylen, evp_md); |
ret->alg = alg; |
PUT_32BIT(b, seqno); |
if ((ret->ictx = ssh_digest_start(alg)) == NULL || |
HMAC_Update(&c, b, sizeof b); |
(ret->octx = ssh_digest_start(alg)) == NULL || |
HMAC_Update(&c, data, datalen); |
(ret->digest = ssh_digest_start(alg)) == NULL) |
HMAC_Final(&c, m, NULL); |
goto fail; |
HMAC_cleanup(&c); |
ret->buf_len = ssh_digest_blocksize(ret->ictx); |
return(m); |
if ((ret->buf = calloc(1, ret->buf_len)) == NULL) |
|
goto fail; |
|
return ret; |
|
fail: |
|
ssh_hmac_free(ret); |
|
return NULL; |
} |
} |
|
|
|
int |
|
ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) |
|
{ |
|
size_t i; |
|
|
|
/* reset ictx and octx if no is key given */ |
|
if (key != NULL) { |
|
/* truncate long keys */ |
|
if (klen <= ctx->buf_len) |
|
memcpy(ctx->buf, key, klen); |
|
else if (ssh_digest_memory(ctx->alg, key, klen, ctx->buf, |
|
ctx->buf_len) < 0) |
|
return -1; |
|
for (i = 0; i < ctx->buf_len; i++) |
|
ctx->buf[i] ^= 0x36; |
|
if (ssh_digest_update(ctx->ictx, ctx->buf, ctx->buf_len) < 0) |
|
return -1; |
|
for (i = 0; i < ctx->buf_len; i++) |
|
ctx->buf[i] ^= 0x36 ^ 0x5c; |
|
if (ssh_digest_update(ctx->octx, ctx->buf, ctx->buf_len) < 0) |
|
return -1; |
|
bzero(ctx->buf, ctx->buf_len); |
|
} |
|
/* start with ictx */ |
|
if (ssh_digest_copy_state(ctx->ictx, ctx->digest) < 0) |
|
return -1; |
|
return 0; |
|
} |
|
|
|
int |
|
ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) |
|
{ |
|
return ssh_digest_update(ctx->digest, m, mlen); |
|
} |
|
|
|
int |
|
ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const Buffer *b) |
|
{ |
|
return ssh_digest_update_buffer(ctx->digest, b); |
|
} |
|
|
|
int |
|
ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) |
|
{ |
|
size_t len; |
|
|
|
len = ssh_digest_bytes(ctx->alg); |
|
if (dlen < len || |
|
ssh_digest_final(ctx->digest, ctx->buf, len)) |
|
return -1; |
|
/* switch to octx */ |
|
if (ssh_digest_copy_state(ctx->octx, ctx->digest) < 0 || |
|
ssh_digest_update(ctx->digest, ctx->buf, len) < 0 || |
|
ssh_digest_final(ctx->digest, d, dlen) < 0) |
|
return -1; |
|
return 0; |
|
} |
|
|
|
void |
|
ssh_hmac_free(struct ssh_hmac_ctx *ctx) |
|
{ |
|
if (ctx != NULL) { |
|
ssh_digest_free(ctx->ictx); |
|
ssh_digest_free(ctx->octx); |
|
ssh_digest_free(ctx->digest); |
|
if (ctx->buf) { |
|
bzero(ctx->buf, ctx->buf_len); |
|
free(ctx->buf); |
|
} |
|
bzero(ctx, sizeof(*ctx)); |
|
free(ctx); |
|
} |
|
} |
|
|
|
#ifdef TEST |
|
|
|
/* cc -DTEST hmac.c digest.c buffer.c cleanup.c fatal.c log.c xmalloc.c -lcrypto */ |
|
static void |
|
hmac_test(void *key, size_t klen, void *m, size_t mlen, u_char *e, size_t elen) |
|
{ |
|
struct ssh_hmac_ctx *ctx; |
|
size_t i; |
|
u_char digest[16]; |
|
|
|
if ((ctx = ssh_hmac_start(SSH_DIGEST_MD5)) == NULL) |
|
printf("ssh_hmac_start failed"); |
|
if (ssh_hmac_init(ctx, key, klen) < 0 || |
|
ssh_hmac_update(ctx, m, mlen) < 0 || |
|
ssh_hmac_final(ctx, digest, sizeof(digest)) < 0) |
|
printf("ssh_hmac_xxx failed"); |
|
ssh_hmac_free(ctx); |
|
|
|
if (memcmp(e, digest, elen)) { |
|
for (i = 0; i < elen; i++) |
|
printf("[%zd] %2.2x %2.2x\n", i, e[i], digest[i]); |
|
printf("mismatch\n"); |
|
} else |
|
printf("ok\n"); |
|
} |
|
|
|
int |
|
main(int argc, char **argv) |
|
{ |
|
/* try test vectors from RFC 2104 */ |
|
|
|
u_char key1[16] = { |
|
0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, |
|
0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb }; |
|
u_char *data1 = "Hi There"; |
|
u_char dig1[16] = { |
|
0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, |
|
0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d }; |
|
|
|
u_char *key2 = "Jefe"; |
|
u_char *data2 = "what do ya want for nothing?"; |
|
u_char dig2[16] = { |
|
0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, |
|
0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 }; |
|
|
|
u_char key3[16]; |
|
u_char data3[50]; |
|
u_char dig3[16] = { |
|
0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, |
|
0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 }; |
|
memset(key3, 0xaa, sizeof(key3)); |
|
memset(data3, 0xdd, sizeof(data3)); |
|
|
|
hmac_test(key1, sizeof(key1), data1, strlen(data1), dig1, sizeof(dig1)); |
|
hmac_test(key2, strlen(key2), data2, strlen(data2), dig2, sizeof(dig2)); |
|
hmac_test(key3, sizeof(key3), data3, sizeof(data3), dig3, sizeof(dig3)); |
|
|
|
return 0; |
|
} |
|
|
|
#endif |