1 /* $NetBSD: hmacsha.c,v 1.9 2015/07/08 17:28:59 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2005-2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* Id */ 20 21 /* 22 * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 23 * and HMAC-SHA512 keyed hash algorithm described in RFC 2104 and 24 * draft-ietf-dnsext-tsig-sha-01.txt. 25 */ 26 27 #include "config.h" 28 29 #include <isc/assertions.h> 30 #include <isc/hmacsha.h> 31 #include <isc/platform.h> 32 #include <isc/safe.h> 33 #include <isc/sha1.h> 34 #include <isc/sha2.h> 35 #include <isc/string.h> 36 #include <isc/types.h> 37 #include <isc/util.h> 38 39 #if PKCS11CRYPTO 40 #include <pk11/internal.h> 41 #include <pk11/pk11.h> 42 #endif 43 44 #ifdef ISC_PLATFORM_OPENSSLHASH 45 void 46 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, 47 unsigned int len) 48 { 49 #ifdef HMAC_RETURN_INT 50 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key, 51 (int) len, EVP_sha1()) == 1); 52 #else 53 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1()); 54 #endif 55 } 56 57 void 58 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) { 59 HMAC_CTX_cleanup(ctx); 60 } 61 62 void 63 isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, 64 unsigned int len) 65 { 66 #ifdef HMAC_RETURN_INT 67 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1); 68 #else 69 HMAC_Update(ctx, buf, (int) len); 70 #endif 71 } 72 73 void 74 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { 75 unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; 76 77 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); 78 79 #ifdef HMAC_RETURN_INT 80 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1); 81 #else 82 HMAC_Final(ctx, newdigest, NULL); 83 #endif 84 HMAC_CTX_cleanup(ctx); 85 memmove(digest, newdigest, len); 86 memset(newdigest, 0, sizeof(newdigest)); 87 } 88 89 void 90 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, 91 unsigned int len) 92 { 93 #ifdef HMAC_RETURN_INT 94 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key, 95 (int) len, EVP_sha224()) == 1); 96 #else 97 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224()); 98 #endif 99 } 100 101 void 102 isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) { 103 HMAC_CTX_cleanup(ctx); 104 } 105 106 void 107 isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, 108 unsigned int len) 109 { 110 #ifdef HMAC_RETURN_INT 111 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1); 112 #else 113 HMAC_Update(ctx, buf, (int) len); 114 #endif 115 } 116 117 void 118 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { 119 unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; 120 121 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); 122 123 #ifdef HMAC_RETURN_INT 124 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1); 125 #else 126 HMAC_Final(ctx, newdigest, NULL); 127 #endif 128 HMAC_CTX_cleanup(ctx); 129 memmove(digest, newdigest, len); 130 memset(newdigest, 0, sizeof(newdigest)); 131 } 132 133 void 134 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, 135 unsigned int len) 136 { 137 #ifdef HMAC_RETURN_INT 138 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key, 139 (int) len, EVP_sha256()) == 1); 140 #else 141 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256()); 142 #endif 143 } 144 145 void 146 isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) { 147 HMAC_CTX_cleanup(ctx); 148 } 149 150 void 151 isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, 152 unsigned int len) 153 { 154 #ifdef HMAC_RETURN_INT 155 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1); 156 #else 157 HMAC_Update(ctx, buf, (int) len); 158 #endif 159 } 160 161 void 162 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { 163 unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; 164 165 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); 166 167 #ifdef HMAC_RETURN_INT 168 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1); 169 #else 170 HMAC_Final(ctx, newdigest, NULL); 171 #endif 172 HMAC_CTX_cleanup(ctx); 173 memmove(digest, newdigest, len); 174 memset(newdigest, 0, sizeof(newdigest)); 175 } 176 177 void 178 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, 179 unsigned int len) 180 { 181 #ifdef HMAC_RETURN_INT 182 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key, 183 (int) len, EVP_sha384()) == 1); 184 #else 185 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384()); 186 #endif 187 } 188 189 void 190 isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) { 191 HMAC_CTX_cleanup(ctx); 192 } 193 194 void 195 isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, 196 unsigned int len) 197 { 198 #ifdef HMAC_RETURN_INT 199 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1); 200 #else 201 HMAC_Update(ctx, buf, (int) len); 202 #endif 203 } 204 205 void 206 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { 207 unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; 208 209 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); 210 211 #ifdef HMAC_RETURN_INT 212 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1); 213 #else 214 HMAC_Final(ctx, newdigest, NULL); 215 #endif 216 HMAC_CTX_cleanup(ctx); 217 memmove(digest, newdigest, len); 218 memset(newdigest, 0, sizeof(newdigest)); 219 } 220 221 void 222 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, 223 unsigned int len) 224 { 225 #ifdef HMAC_RETURN_INT 226 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key, 227 (int) len, EVP_sha512()) == 1); 228 #else 229 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512()); 230 #endif 231 } 232 233 void 234 isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) { 235 HMAC_CTX_cleanup(ctx); 236 } 237 238 void 239 isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, 240 unsigned int len) 241 { 242 #ifdef HMAC_RETURN_INT 243 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1); 244 #else 245 HMAC_Update(ctx, buf, (int) len); 246 #endif 247 } 248 249 void 250 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { 251 unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; 252 253 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); 254 255 #ifdef HMAC_RETURN_INT 256 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1); 257 #else 258 HMAC_Final(ctx, newdigest, NULL); 259 #endif 260 HMAC_CTX_cleanup(ctx); 261 memmove(digest, newdigest, len); 262 memset(newdigest, 0, sizeof(newdigest)); 263 } 264 265 #elif PKCS11CRYPTO 266 267 static CK_BBOOL truevalue = TRUE; 268 static CK_BBOOL falsevalue = FALSE; 269 270 void 271 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, 272 unsigned int len) 273 { 274 CK_RV rv; 275 CK_MECHANISM mech = { CKM_SHA_1_HMAC, NULL, 0 }; 276 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; 277 CK_KEY_TYPE keyType = CKK_SHA_1_HMAC; 278 CK_ATTRIBUTE keyTemplate[] = 279 { 280 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) }, 281 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) }, 282 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 283 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 284 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) }, 285 { CKA_VALUE, NULL, (CK_ULONG) len } 286 }; 287 288 DE_CONST(key, keyTemplate[5].pValue); 289 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE, 290 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 291 ctx->object = CK_INVALID_HANDLE; 292 PK11_FATALCHECK(pkcs_C_CreateObject, 293 (ctx->session, keyTemplate, 294 (CK_ULONG) 6, &ctx->object)); 295 INSIST(ctx->object != CK_INVALID_HANDLE); 296 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object)); 297 } 298 299 void 300 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) { 301 CK_BYTE garbage[ISC_SHA1_DIGESTLENGTH]; 302 CK_ULONG len = ISC_SHA1_DIGESTLENGTH; 303 304 if (ctx->handle == NULL) 305 return; 306 (void) pkcs_C_SignFinal(ctx->session, garbage, &len); 307 memset(garbage, 0, sizeof(garbage)); 308 if (ctx->object != CK_INVALID_HANDLE) 309 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 310 ctx->object = CK_INVALID_HANDLE; 311 pk11_return_session(ctx); 312 } 313 314 void 315 isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, 316 unsigned int len) 317 { 318 CK_RV rv; 319 CK_BYTE_PTR pPart; 320 321 DE_CONST(buf, pPart); 322 PK11_FATALCHECK(pkcs_C_SignUpdate, 323 (ctx->session, pPart, (CK_ULONG) len)); 324 } 325 326 void 327 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { 328 CK_RV rv; 329 CK_BYTE newdigest[ISC_SHA1_DIGESTLENGTH]; 330 CK_ULONG psl = ISC_SHA1_DIGESTLENGTH; 331 332 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); 333 334 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl)); 335 if (ctx->object != CK_INVALID_HANDLE) 336 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 337 ctx->object = CK_INVALID_HANDLE; 338 pk11_return_session(ctx); 339 memmove(digest, newdigest, len); 340 memset(newdigest, 0, sizeof(newdigest)); 341 } 342 343 void 344 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, 345 unsigned int len) 346 { 347 CK_RV rv; 348 CK_MECHANISM mech = { CKM_SHA224_HMAC, NULL, 0 }; 349 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; 350 CK_KEY_TYPE keyType = CKK_SHA224_HMAC; 351 CK_ATTRIBUTE keyTemplate[] = 352 { 353 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) }, 354 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) }, 355 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 356 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 357 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) }, 358 { CKA_VALUE, NULL, (CK_ULONG) len } 359 }; 360 361 DE_CONST(key, keyTemplate[5].pValue); 362 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE, 363 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 364 ctx->object = CK_INVALID_HANDLE; 365 PK11_FATALCHECK(pkcs_C_CreateObject, 366 (ctx->session, keyTemplate, 367 (CK_ULONG) 6, &ctx->object)); 368 INSIST(ctx->object != CK_INVALID_HANDLE); 369 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object)); 370 } 371 372 void 373 isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) { 374 CK_BYTE garbage[ISC_SHA224_DIGESTLENGTH]; 375 CK_ULONG len = ISC_SHA224_DIGESTLENGTH; 376 377 if (ctx->handle == NULL) 378 return; 379 (void) pkcs_C_SignFinal(ctx->session, garbage, &len); 380 memset(garbage, 0, sizeof(garbage)); 381 if (ctx->object != CK_INVALID_HANDLE) 382 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 383 ctx->object = CK_INVALID_HANDLE; 384 pk11_return_session(ctx); 385 } 386 387 void 388 isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, 389 unsigned int len) 390 { 391 CK_RV rv; 392 CK_BYTE_PTR pPart; 393 394 DE_CONST(buf, pPart); 395 PK11_FATALCHECK(pkcs_C_SignUpdate, 396 (ctx->session, pPart, (CK_ULONG) len)); 397 } 398 399 void 400 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { 401 CK_RV rv; 402 CK_BYTE newdigest[ISC_SHA224_DIGESTLENGTH]; 403 CK_ULONG psl = ISC_SHA224_DIGESTLENGTH; 404 405 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); 406 407 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl)); 408 if (ctx->object != CK_INVALID_HANDLE) 409 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 410 ctx->object = CK_INVALID_HANDLE; 411 pk11_return_session(ctx); 412 memmove(digest, newdigest, len); 413 memset(newdigest, 0, sizeof(newdigest)); 414 } 415 416 void 417 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, 418 unsigned int len) 419 { 420 CK_RV rv; 421 CK_MECHANISM mech = { CKM_SHA256_HMAC, NULL, 0 }; 422 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; 423 CK_KEY_TYPE keyType = CKK_SHA256_HMAC; 424 CK_ATTRIBUTE keyTemplate[] = 425 { 426 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) }, 427 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) }, 428 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 429 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 430 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) }, 431 { CKA_VALUE, NULL, (CK_ULONG) len } 432 }; 433 434 DE_CONST(key, keyTemplate[5].pValue); 435 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE, 436 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 437 ctx->object = CK_INVALID_HANDLE; 438 PK11_FATALCHECK(pkcs_C_CreateObject, 439 (ctx->session, keyTemplate, 440 (CK_ULONG) 6, &ctx->object)); 441 INSIST(ctx->object != CK_INVALID_HANDLE); 442 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object)); 443 } 444 445 void 446 isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) { 447 CK_BYTE garbage[ISC_SHA256_DIGESTLENGTH]; 448 CK_ULONG len = ISC_SHA256_DIGESTLENGTH; 449 450 if (ctx->handle == NULL) 451 return; 452 (void) pkcs_C_SignFinal(ctx->session, garbage, &len); 453 memset(garbage, 0, sizeof(garbage)); 454 if (ctx->object != CK_INVALID_HANDLE) 455 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 456 ctx->object = CK_INVALID_HANDLE; 457 pk11_return_session(ctx); 458 } 459 460 void 461 isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, 462 unsigned int len) 463 { 464 CK_RV rv; 465 CK_BYTE_PTR pPart; 466 467 DE_CONST(buf, pPart); 468 PK11_FATALCHECK(pkcs_C_SignUpdate, 469 (ctx->session, pPart, (CK_ULONG) len)); 470 } 471 472 void 473 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { 474 CK_RV rv; 475 CK_BYTE newdigest[ISC_SHA256_DIGESTLENGTH]; 476 CK_ULONG psl = ISC_SHA256_DIGESTLENGTH; 477 478 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); 479 480 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl)); 481 if (ctx->object != CK_INVALID_HANDLE) 482 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 483 ctx->object = CK_INVALID_HANDLE; 484 pk11_return_session(ctx); 485 memmove(digest, newdigest, len); 486 memset(newdigest, 0, sizeof(newdigest)); 487 } 488 489 void 490 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, 491 unsigned int len) 492 { 493 CK_RV rv; 494 CK_MECHANISM mech = { CKM_SHA384_HMAC, NULL, 0 }; 495 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; 496 CK_KEY_TYPE keyType = CKK_SHA384_HMAC; 497 CK_ATTRIBUTE keyTemplate[] = 498 { 499 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) }, 500 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) }, 501 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 502 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 503 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) }, 504 { CKA_VALUE, NULL, (CK_ULONG) len } 505 }; 506 507 DE_CONST(key, keyTemplate[5].pValue); 508 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE, 509 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 510 ctx->object = CK_INVALID_HANDLE; 511 PK11_FATALCHECK(pkcs_C_CreateObject, 512 (ctx->session, keyTemplate, 513 (CK_ULONG) 6, &ctx->object)); 514 INSIST(ctx->object != CK_INVALID_HANDLE); 515 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object)); 516 } 517 518 void 519 isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) { 520 CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH]; 521 CK_ULONG len = ISC_SHA384_DIGESTLENGTH; 522 523 if (ctx->handle == NULL) 524 return; 525 (void) pkcs_C_SignFinal(ctx->session, garbage, &len); 526 memset(garbage, 0, sizeof(garbage)); 527 if (ctx->object != CK_INVALID_HANDLE) 528 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 529 ctx->object = CK_INVALID_HANDLE; 530 pk11_return_session(ctx); 531 } 532 533 void 534 isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, 535 unsigned int len) 536 { 537 CK_RV rv; 538 CK_BYTE_PTR pPart; 539 540 DE_CONST(buf, pPart); 541 PK11_FATALCHECK(pkcs_C_SignUpdate, 542 (ctx->session, pPart, (CK_ULONG) len)); 543 } 544 545 void 546 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { 547 CK_RV rv; 548 CK_BYTE newdigest[ISC_SHA384_DIGESTLENGTH]; 549 CK_ULONG psl = ISC_SHA384_DIGESTLENGTH; 550 551 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); 552 553 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl)); 554 if (ctx->object != CK_INVALID_HANDLE) 555 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 556 ctx->object = CK_INVALID_HANDLE; 557 pk11_return_session(ctx); 558 memmove(digest, newdigest, len); 559 memset(newdigest, 0, sizeof(newdigest)); 560 } 561 562 void 563 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, 564 unsigned int len) 565 { 566 CK_RV rv; 567 CK_MECHANISM mech = { CKM_SHA512_HMAC, NULL, 0 }; 568 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY; 569 CK_KEY_TYPE keyType = CKK_SHA512_HMAC; 570 CK_ATTRIBUTE keyTemplate[] = 571 { 572 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) }, 573 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) }, 574 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 575 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, 576 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) }, 577 { CKA_VALUE, NULL, (CK_ULONG) len } 578 }; 579 580 DE_CONST(key, keyTemplate[5].pValue); 581 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE, 582 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 583 ctx->object = CK_INVALID_HANDLE; 584 PK11_FATALCHECK(pkcs_C_CreateObject, 585 (ctx->session, keyTemplate, 586 (CK_ULONG) 6, &ctx->object)); 587 INSIST(ctx->object != CK_INVALID_HANDLE); 588 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object)); 589 } 590 591 void 592 isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) { 593 CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH]; 594 CK_ULONG len = ISC_SHA512_DIGESTLENGTH; 595 596 if (ctx->handle == NULL) 597 return; 598 (void) pkcs_C_SignFinal(ctx->session, garbage, &len); 599 memset(garbage, 0, sizeof(garbage)); 600 if (ctx->object != CK_INVALID_HANDLE) 601 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 602 ctx->object = CK_INVALID_HANDLE; 603 pk11_return_session(ctx); 604 } 605 606 void 607 isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, 608 unsigned int len) 609 { 610 CK_RV rv; 611 CK_BYTE_PTR pPart; 612 613 DE_CONST(buf, pPart); 614 PK11_FATALCHECK(pkcs_C_SignUpdate, 615 (ctx->session, pPart, (CK_ULONG) len)); 616 } 617 618 void 619 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { 620 CK_RV rv; 621 CK_BYTE newdigest[ISC_SHA512_DIGESTLENGTH]; 622 CK_ULONG psl = ISC_SHA512_DIGESTLENGTH; 623 624 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); 625 626 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl)); 627 if (ctx->object != CK_INVALID_HANDLE) 628 (void) pkcs_C_DestroyObject(ctx->session, ctx->object); 629 ctx->object = CK_INVALID_HANDLE; 630 pk11_return_session(ctx); 631 memmove(digest, newdigest, len); 632 memset(newdigest, 0, sizeof(newdigest)); 633 } 634 635 #else 636 637 #define IPAD 0x36 638 #define OPAD 0x5C 639 640 /* 641 * Start HMAC-SHA1 process. Initialize an sha1 context and digest the key. 642 */ 643 void 644 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, 645 unsigned int len) 646 { 647 unsigned char ipad[ISC_SHA1_BLOCK_LENGTH]; 648 unsigned int i; 649 650 memset(ctx->key, 0, sizeof(ctx->key)); 651 if (len > sizeof(ctx->key)) { 652 isc_sha1_t sha1ctx; 653 isc_sha1_init(&sha1ctx); 654 isc_sha1_update(&sha1ctx, key, len); 655 isc_sha1_final(&sha1ctx, ctx->key); 656 } else 657 memmove(ctx->key, key, len); 658 659 isc_sha1_init(&ctx->sha1ctx); 660 memset(ipad, IPAD, sizeof(ipad)); 661 for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++) 662 ipad[i] ^= ctx->key[i]; 663 isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad)); 664 } 665 666 void 667 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) { 668 isc_sha1_invalidate(&ctx->sha1ctx); 669 memset(ctx->key, 0, sizeof(ctx->key)); 670 memset(ctx, 0, sizeof(*ctx)); 671 } 672 673 /* 674 * Update context to reflect the concatenation of another buffer full 675 * of bytes. 676 */ 677 void 678 isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, 679 unsigned int len) 680 { 681 isc_sha1_update(&ctx->sha1ctx, buf, len); 682 } 683 684 /* 685 * Compute signature - finalize SHA1 operation and reapply SHA1. 686 */ 687 void 688 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { 689 unsigned char opad[ISC_SHA1_BLOCK_LENGTH]; 690 unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; 691 unsigned int i; 692 693 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); 694 isc_sha1_final(&ctx->sha1ctx, newdigest); 695 696 memset(opad, OPAD, sizeof(opad)); 697 for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++) 698 opad[i] ^= ctx->key[i]; 699 700 isc_sha1_init(&ctx->sha1ctx); 701 isc_sha1_update(&ctx->sha1ctx, opad, sizeof(opad)); 702 isc_sha1_update(&ctx->sha1ctx, newdigest, ISC_SHA1_DIGESTLENGTH); 703 isc_sha1_final(&ctx->sha1ctx, newdigest); 704 isc_hmacsha1_invalidate(ctx); 705 memmove(digest, newdigest, len); 706 memset(newdigest, 0, sizeof(newdigest)); 707 } 708 709 /* 710 * Start HMAC-SHA224 process. Initialize an sha224 context and digest the key. 711 */ 712 void 713 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, 714 unsigned int len) 715 { 716 unsigned char ipad[ISC_SHA224_BLOCK_LENGTH]; 717 unsigned int i; 718 719 memset(ctx->key, 0, sizeof(ctx->key)); 720 if (len > sizeof(ctx->key)) { 721 isc_sha224_t sha224ctx; 722 isc_sha224_init(&sha224ctx); 723 isc_sha224_update(&sha224ctx, key, len); 724 isc_sha224_final(ctx->key, &sha224ctx); 725 } else 726 memmove(ctx->key, key, len); 727 728 isc_sha224_init(&ctx->sha224ctx); 729 memset(ipad, IPAD, sizeof(ipad)); 730 for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++) 731 ipad[i] ^= ctx->key[i]; 732 isc_sha224_update(&ctx->sha224ctx, ipad, sizeof(ipad)); 733 } 734 735 void 736 isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) { 737 memset(ctx->key, 0, sizeof(ctx->key)); 738 memset(ctx, 0, sizeof(*ctx)); 739 } 740 741 /* 742 * Update context to reflect the concatenation of another buffer full 743 * of bytes. 744 */ 745 void 746 isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, 747 unsigned int len) 748 { 749 isc_sha224_update(&ctx->sha224ctx, buf, len); 750 } 751 752 /* 753 * Compute signature - finalize SHA224 operation and reapply SHA224. 754 */ 755 void 756 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { 757 unsigned char opad[ISC_SHA224_BLOCK_LENGTH]; 758 unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; 759 unsigned int i; 760 761 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); 762 isc_sha224_final(newdigest, &ctx->sha224ctx); 763 764 memset(opad, OPAD, sizeof(opad)); 765 for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++) 766 opad[i] ^= ctx->key[i]; 767 768 isc_sha224_init(&ctx->sha224ctx); 769 isc_sha224_update(&ctx->sha224ctx, opad, sizeof(opad)); 770 isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH); 771 isc_sha224_final(newdigest, &ctx->sha224ctx); 772 memmove(digest, newdigest, len); 773 memset(newdigest, 0, sizeof(newdigest)); 774 } 775 776 /* 777 * Start HMAC-SHA256 process. Initialize an sha256 context and digest the key. 778 */ 779 void 780 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, 781 unsigned int len) 782 { 783 unsigned char ipad[ISC_SHA256_BLOCK_LENGTH]; 784 unsigned int i; 785 786 memset(ctx->key, 0, sizeof(ctx->key)); 787 if (len > sizeof(ctx->key)) { 788 isc_sha256_t sha256ctx; 789 isc_sha256_init(&sha256ctx); 790 isc_sha256_update(&sha256ctx, key, len); 791 isc_sha256_final(ctx->key, &sha256ctx); 792 } else 793 memmove(ctx->key, key, len); 794 795 isc_sha256_init(&ctx->sha256ctx); 796 memset(ipad, IPAD, sizeof(ipad)); 797 for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++) 798 ipad[i] ^= ctx->key[i]; 799 isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad)); 800 } 801 802 void 803 isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) { 804 memset(ctx->key, 0, sizeof(ctx->key)); 805 memset(ctx, 0, sizeof(*ctx)); 806 } 807 808 /* 809 * Update context to reflect the concatenation of another buffer full 810 * of bytes. 811 */ 812 void 813 isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, 814 unsigned int len) 815 { 816 isc_sha256_update(&ctx->sha256ctx, buf, len); 817 } 818 819 /* 820 * Compute signature - finalize SHA256 operation and reapply SHA256. 821 */ 822 void 823 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { 824 unsigned char opad[ISC_SHA256_BLOCK_LENGTH]; 825 unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; 826 unsigned int i; 827 828 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); 829 isc_sha256_final(newdigest, &ctx->sha256ctx); 830 831 memset(opad, OPAD, sizeof(opad)); 832 for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++) 833 opad[i] ^= ctx->key[i]; 834 835 isc_sha256_init(&ctx->sha256ctx); 836 isc_sha256_update(&ctx->sha256ctx, opad, sizeof(opad)); 837 isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH); 838 isc_sha256_final(newdigest, &ctx->sha256ctx); 839 memmove(digest, newdigest, len); 840 memset(newdigest, 0, sizeof(newdigest)); 841 } 842 843 /* 844 * Start HMAC-SHA384 process. Initialize an sha384 context and digest the key. 845 */ 846 void 847 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, 848 unsigned int len) 849 { 850 unsigned char ipad[ISC_SHA384_BLOCK_LENGTH]; 851 unsigned int i; 852 853 memset(ctx->key, 0, sizeof(ctx->key)); 854 if (len > sizeof(ctx->key)) { 855 isc_sha384_t sha384ctx; 856 isc_sha384_init(&sha384ctx); 857 isc_sha384_update(&sha384ctx, key, len); 858 isc_sha384_final(ctx->key, &sha384ctx); 859 } else 860 memmove(ctx->key, key, len); 861 862 isc_sha384_init(&ctx->sha384ctx); 863 memset(ipad, IPAD, sizeof(ipad)); 864 for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++) 865 ipad[i] ^= ctx->key[i]; 866 isc_sha384_update(&ctx->sha384ctx, ipad, sizeof(ipad)); 867 } 868 869 void 870 isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) { 871 memset(ctx->key, 0, sizeof(ctx->key)); 872 memset(ctx, 0, sizeof(*ctx)); 873 } 874 875 /* 876 * Update context to reflect the concatenation of another buffer full 877 * of bytes. 878 */ 879 void 880 isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, 881 unsigned int len) 882 { 883 isc_sha384_update(&ctx->sha384ctx, buf, len); 884 } 885 886 /* 887 * Compute signature - finalize SHA384 operation and reapply SHA384. 888 */ 889 void 890 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { 891 unsigned char opad[ISC_SHA384_BLOCK_LENGTH]; 892 unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; 893 unsigned int i; 894 895 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); 896 isc_sha384_final(newdigest, &ctx->sha384ctx); 897 898 memset(opad, OPAD, sizeof(opad)); 899 for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++) 900 opad[i] ^= ctx->key[i]; 901 902 isc_sha384_init(&ctx->sha384ctx); 903 isc_sha384_update(&ctx->sha384ctx, opad, sizeof(opad)); 904 isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH); 905 isc_sha384_final(newdigest, &ctx->sha384ctx); 906 memmove(digest, newdigest, len); 907 memset(newdigest, 0, sizeof(newdigest)); 908 } 909 910 /* 911 * Start HMAC-SHA512 process. Initialize an sha512 context and digest the key. 912 */ 913 void 914 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, 915 unsigned int len) 916 { 917 unsigned char ipad[ISC_SHA512_BLOCK_LENGTH]; 918 unsigned int i; 919 920 memset(ctx->key, 0, sizeof(ctx->key)); 921 if (len > sizeof(ctx->key)) { 922 isc_sha512_t sha512ctx; 923 isc_sha512_init(&sha512ctx); 924 isc_sha512_update(&sha512ctx, key, len); 925 isc_sha512_final(ctx->key, &sha512ctx); 926 } else 927 memmove(ctx->key, key, len); 928 929 isc_sha512_init(&ctx->sha512ctx); 930 memset(ipad, IPAD, sizeof(ipad)); 931 for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++) 932 ipad[i] ^= ctx->key[i]; 933 isc_sha512_update(&ctx->sha512ctx, ipad, sizeof(ipad)); 934 } 935 936 void 937 isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) { 938 memset(ctx->key, 0, sizeof(ctx->key)); 939 memset(ctx, 0, sizeof(*ctx)); 940 } 941 942 /* 943 * Update context to reflect the concatenation of another buffer full 944 * of bytes. 945 */ 946 void 947 isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, 948 unsigned int len) 949 { 950 isc_sha512_update(&ctx->sha512ctx, buf, len); 951 } 952 953 /* 954 * Compute signature - finalize SHA512 operation and reapply SHA512. 955 */ 956 void 957 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { 958 unsigned char opad[ISC_SHA512_BLOCK_LENGTH]; 959 unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; 960 unsigned int i; 961 962 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); 963 isc_sha512_final(newdigest, &ctx->sha512ctx); 964 965 memset(opad, OPAD, sizeof(opad)); 966 for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++) 967 opad[i] ^= ctx->key[i]; 968 969 isc_sha512_init(&ctx->sha512ctx); 970 isc_sha512_update(&ctx->sha512ctx, opad, sizeof(opad)); 971 isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH); 972 isc_sha512_final(newdigest, &ctx->sha512ctx); 973 memmove(digest, newdigest, len); 974 memset(newdigest, 0, sizeof(newdigest)); 975 } 976 #endif /* !ISC_PLATFORM_OPENSSLHASH */ 977 978 /* 979 * Verify signature - finalize SHA1 operation and reapply SHA1, then 980 * compare to the supplied digest. 981 */ 982 isc_boolean_t 983 isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { 984 unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; 985 986 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); 987 isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH); 988 return (isc_safe_memcmp(digest, newdigest, len)); 989 } 990 991 /* 992 * Verify signature - finalize SHA224 operation and reapply SHA224, then 993 * compare to the supplied digest. 994 */ 995 isc_boolean_t 996 isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { 997 unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; 998 999 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); 1000 isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH); 1001 return (isc_safe_memcmp(digest, newdigest, len)); 1002 } 1003 1004 /* 1005 * Verify signature - finalize SHA256 operation and reapply SHA256, then 1006 * compare to the supplied digest. 1007 */ 1008 isc_boolean_t 1009 isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { 1010 unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; 1011 1012 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); 1013 isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH); 1014 return (isc_safe_memcmp(digest, newdigest, len)); 1015 } 1016 1017 /* 1018 * Verify signature - finalize SHA384 operation and reapply SHA384, then 1019 * compare to the supplied digest. 1020 */ 1021 isc_boolean_t 1022 isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { 1023 unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; 1024 1025 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); 1026 isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH); 1027 return (isc_safe_memcmp(digest, newdigest, len)); 1028 } 1029 1030 /* 1031 * Verify signature - finalize SHA512 operation and reapply SHA512, then 1032 * compare to the supplied digest. 1033 */ 1034 isc_boolean_t 1035 isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { 1036 unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; 1037 1038 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); 1039 isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH); 1040 return (isc_safe_memcmp(digest, newdigest, len)); 1041 } 1042