1 /* hash.c
2 *
3 * Copyright (c) 2019 Apple Computer, Inc. All rights reserved.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 * DNS SIG(0) hashature generation for DNSSD SRP using mbedtls.
18 *
19 * Functions required for loading, saving, and generating public/private keypairs, extracting the public key
20 * into KEY RR data, and computing hashatures.
21 */
22
23 #include <stdio.h>
24 #include <arpa/inet.h>
25 #include <string.h>
26 #include <stdlib.h>
27 #include <unistd.h>
28 #include <fcntl.h>
29 #include <errno.h>
30
31 #include "srp.h"
32 #include "dns-msg.h"
33 #define SRP_CRYPTO_MBEDTLS_INTERNAL
34 #include "srp-crypto.h"
35
36 // Function to generate a signature given some data and a private key
37 void
srp_hmac_iov(hmac_key_t * key,uint8_t * output,size_t max,struct iovec * iov,int count)38 srp_hmac_iov(hmac_key_t *key, uint8_t *output, size_t max, struct iovec *iov, int count)
39 {
40 int status;
41 char errbuf[64];
42 mbedtls_md_context_t ctx;
43 const mbedtls_md_info_t *md_type;
44 int digest_size;
45 int i, line;
46 #define KABLOOIE line = __LINE__ - 1; goto kablooie
47
48 switch(key->algorithm) {
49 case SRP_HMAC_TYPE_SHA256:
50 md_type = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
51 if (md_type == NULL) {
52 ERROR("srp_hmac_iov: HMAC_SHA256 support missing");
53 return;
54 }
55 digest_size = mbedtls_md_get_size(md_type);
56 break;
57 default:
58 ERROR("srp_hmac_iov: unsupported HMAC hash algorithm: %d", key->algorithm);
59 return;
60 }
61 if (max < digest_size) {
62 ERROR("srp_hmac_iov: not enough space in output buffer (%lu) for hash (%d).",
63 (unsigned long)max, digest_size);
64 return;
65 }
66
67 if ((status = mbedtls_md_setup(&ctx, md_type, 1)) != 0) {
68 KABLOOIE;
69 kablooie:
70 mbedtls_strerror(status, errbuf, sizeof errbuf);
71 ERROR("srp_hmac_iov failed at hmac-mbedtls.c line %d: " PUB_S_SRP, line, errbuf);
72 }
73
74 if ((status = mbedtls_md_hmac_starts(&ctx, key->secret, key->length)) != 0) {
75 KABLOOIE;
76 }
77 for (i = 0; i < count; i++) {
78 if ((status = mbedtls_md_hmac_update(&ctx, iov[i].iov_base, iov[i].iov_len)) != 0) {
79 KABLOOIE;
80 }
81 }
82 if ((status = mbedtls_md_hmac_finish(&ctx, output)) != 0) {
83 KABLOOIE;
84 }
85 }
86
87 int
srp_base64_parse(char * src,size_t * len_ret,uint8_t * buf,size_t buflen)88 srp_base64_parse(char *src, size_t *len_ret, uint8_t *buf, size_t buflen)
89 {
90 size_t slen = strlen(src);
91 int ret = mbedtls_base64_decode(buf, buflen, len_ret, (const unsigned char *)src, slen);
92 if (ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
93 return ENOBUFS;
94 } else if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
95 return EILSEQ;
96 } else if (ret < 0) {
97 return EINVAL;
98 }
99 return 0;
100 }
101
102 // Local Variables:
103 // mode: C
104 // tab-width: 4
105 // c-file-style: "bsd"
106 // c-basic-offset: 4
107 // fill-column: 108
108 // indent-tabs-mode: nil
109 // End:
110