1 /* $NetBSD: hmacsha.c,v 1.9 2015/07/08 17:28:59 christos Exp $ */
2
3 /*
4 * Copyright (C) 2005-2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id */
20
21 /*
22 * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
23 * and HMAC-SHA512 keyed hash algorithm described in RFC 2104 and
24 * draft-ietf-dnsext-tsig-sha-01.txt.
25 */
26
27 #include "config.h"
28
29 #include <isc/assertions.h>
30 #include <isc/hmacsha.h>
31 #include <isc/platform.h>
32 #include <isc/safe.h>
33 #include <isc/sha1.h>
34 #include <isc/sha2.h>
35 #include <isc/string.h>
36 #include <isc/types.h>
37 #include <isc/util.h>
38
39 #if PKCS11CRYPTO
40 #include <pk11/internal.h>
41 #include <pk11/pk11.h>
42 #endif
43
44 #ifdef ISC_PLATFORM_OPENSSLHASH
45 void
isc_hmacsha1_init(isc_hmacsha1_t * ctx,const unsigned char * key,unsigned int len)46 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
47 unsigned int len)
48 {
49 #ifdef HMAC_RETURN_INT
50 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
51 (int) len, EVP_sha1()) == 1);
52 #else
53 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
54 #endif
55 }
56
57 void
isc_hmacsha1_invalidate(isc_hmacsha1_t * ctx)58 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
59 HMAC_CTX_cleanup(ctx);
60 }
61
62 void
isc_hmacsha1_update(isc_hmacsha1_t * ctx,const unsigned char * buf,unsigned int len)63 isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
64 unsigned int len)
65 {
66 #ifdef HMAC_RETURN_INT
67 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
68 #else
69 HMAC_Update(ctx, buf, (int) len);
70 #endif
71 }
72
73 void
isc_hmacsha1_sign(isc_hmacsha1_t * ctx,unsigned char * digest,size_t len)74 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
75 unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
76
77 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
78
79 #ifdef HMAC_RETURN_INT
80 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
81 #else
82 HMAC_Final(ctx, newdigest, NULL);
83 #endif
84 HMAC_CTX_cleanup(ctx);
85 memmove(digest, newdigest, len);
86 memset(newdigest, 0, sizeof(newdigest));
87 }
88
89 void
isc_hmacsha224_init(isc_hmacsha224_t * ctx,const unsigned char * key,unsigned int len)90 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
91 unsigned int len)
92 {
93 #ifdef HMAC_RETURN_INT
94 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
95 (int) len, EVP_sha224()) == 1);
96 #else
97 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
98 #endif
99 }
100
101 void
isc_hmacsha224_invalidate(isc_hmacsha224_t * ctx)102 isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
103 HMAC_CTX_cleanup(ctx);
104 }
105
106 void
isc_hmacsha224_update(isc_hmacsha224_t * ctx,const unsigned char * buf,unsigned int len)107 isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
108 unsigned int len)
109 {
110 #ifdef HMAC_RETURN_INT
111 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
112 #else
113 HMAC_Update(ctx, buf, (int) len);
114 #endif
115 }
116
117 void
isc_hmacsha224_sign(isc_hmacsha224_t * ctx,unsigned char * digest,size_t len)118 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
119 unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
120
121 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
122
123 #ifdef HMAC_RETURN_INT
124 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
125 #else
126 HMAC_Final(ctx, newdigest, NULL);
127 #endif
128 HMAC_CTX_cleanup(ctx);
129 memmove(digest, newdigest, len);
130 memset(newdigest, 0, sizeof(newdigest));
131 }
132
133 void
isc_hmacsha256_init(isc_hmacsha256_t * ctx,const unsigned char * key,unsigned int len)134 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
135 unsigned int len)
136 {
137 #ifdef HMAC_RETURN_INT
138 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
139 (int) len, EVP_sha256()) == 1);
140 #else
141 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
142 #endif
143 }
144
145 void
isc_hmacsha256_invalidate(isc_hmacsha256_t * ctx)146 isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
147 HMAC_CTX_cleanup(ctx);
148 }
149
150 void
isc_hmacsha256_update(isc_hmacsha256_t * ctx,const unsigned char * buf,unsigned int len)151 isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
152 unsigned int len)
153 {
154 #ifdef HMAC_RETURN_INT
155 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
156 #else
157 HMAC_Update(ctx, buf, (int) len);
158 #endif
159 }
160
161 void
isc_hmacsha256_sign(isc_hmacsha256_t * ctx,unsigned char * digest,size_t len)162 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
163 unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
164
165 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
166
167 #ifdef HMAC_RETURN_INT
168 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
169 #else
170 HMAC_Final(ctx, newdigest, NULL);
171 #endif
172 HMAC_CTX_cleanup(ctx);
173 memmove(digest, newdigest, len);
174 memset(newdigest, 0, sizeof(newdigest));
175 }
176
177 void
isc_hmacsha384_init(isc_hmacsha384_t * ctx,const unsigned char * key,unsigned int len)178 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
179 unsigned int len)
180 {
181 #ifdef HMAC_RETURN_INT
182 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
183 (int) len, EVP_sha384()) == 1);
184 #else
185 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
186 #endif
187 }
188
189 void
isc_hmacsha384_invalidate(isc_hmacsha384_t * ctx)190 isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
191 HMAC_CTX_cleanup(ctx);
192 }
193
194 void
isc_hmacsha384_update(isc_hmacsha384_t * ctx,const unsigned char * buf,unsigned int len)195 isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
196 unsigned int len)
197 {
198 #ifdef HMAC_RETURN_INT
199 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
200 #else
201 HMAC_Update(ctx, buf, (int) len);
202 #endif
203 }
204
205 void
isc_hmacsha384_sign(isc_hmacsha384_t * ctx,unsigned char * digest,size_t len)206 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
207 unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
208
209 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
210
211 #ifdef HMAC_RETURN_INT
212 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
213 #else
214 HMAC_Final(ctx, newdigest, NULL);
215 #endif
216 HMAC_CTX_cleanup(ctx);
217 memmove(digest, newdigest, len);
218 memset(newdigest, 0, sizeof(newdigest));
219 }
220
221 void
isc_hmacsha512_init(isc_hmacsha512_t * ctx,const unsigned char * key,unsigned int len)222 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
223 unsigned int len)
224 {
225 #ifdef HMAC_RETURN_INT
226 RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
227 (int) len, EVP_sha512()) == 1);
228 #else
229 HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
230 #endif
231 }
232
233 void
isc_hmacsha512_invalidate(isc_hmacsha512_t * ctx)234 isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
235 HMAC_CTX_cleanup(ctx);
236 }
237
238 void
isc_hmacsha512_update(isc_hmacsha512_t * ctx,const unsigned char * buf,unsigned int len)239 isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
240 unsigned int len)
241 {
242 #ifdef HMAC_RETURN_INT
243 RUNTIME_CHECK(HMAC_Update(ctx, buf, (int) len) == 1);
244 #else
245 HMAC_Update(ctx, buf, (int) len);
246 #endif
247 }
248
249 void
isc_hmacsha512_sign(isc_hmacsha512_t * ctx,unsigned char * digest,size_t len)250 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
251 unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
252
253 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
254
255 #ifdef HMAC_RETURN_INT
256 RUNTIME_CHECK(HMAC_Final(ctx, newdigest, NULL) == 1);
257 #else
258 HMAC_Final(ctx, newdigest, NULL);
259 #endif
260 HMAC_CTX_cleanup(ctx);
261 memmove(digest, newdigest, len);
262 memset(newdigest, 0, sizeof(newdigest));
263 }
264
265 #elif PKCS11CRYPTO
266
267 static CK_BBOOL truevalue = TRUE;
268 static CK_BBOOL falsevalue = FALSE;
269
270 void
isc_hmacsha1_init(isc_hmacsha1_t * ctx,const unsigned char * key,unsigned int len)271 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
272 unsigned int len)
273 {
274 CK_RV rv;
275 CK_MECHANISM mech = { CKM_SHA_1_HMAC, NULL, 0 };
276 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
277 CK_KEY_TYPE keyType = CKK_SHA_1_HMAC;
278 CK_ATTRIBUTE keyTemplate[] =
279 {
280 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
281 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
282 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
283 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
284 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
285 { CKA_VALUE, NULL, (CK_ULONG) len }
286 };
287
288 DE_CONST(key, keyTemplate[5].pValue);
289 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
290 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
291 ctx->object = CK_INVALID_HANDLE;
292 PK11_FATALCHECK(pkcs_C_CreateObject,
293 (ctx->session, keyTemplate,
294 (CK_ULONG) 6, &ctx->object));
295 INSIST(ctx->object != CK_INVALID_HANDLE);
296 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object));
297 }
298
299 void
isc_hmacsha1_invalidate(isc_hmacsha1_t * ctx)300 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
301 CK_BYTE garbage[ISC_SHA1_DIGESTLENGTH];
302 CK_ULONG len = ISC_SHA1_DIGESTLENGTH;
303
304 if (ctx->handle == NULL)
305 return;
306 (void) pkcs_C_SignFinal(ctx->session, garbage, &len);
307 memset(garbage, 0, sizeof(garbage));
308 if (ctx->object != CK_INVALID_HANDLE)
309 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
310 ctx->object = CK_INVALID_HANDLE;
311 pk11_return_session(ctx);
312 }
313
314 void
isc_hmacsha1_update(isc_hmacsha1_t * ctx,const unsigned char * buf,unsigned int len)315 isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
316 unsigned int len)
317 {
318 CK_RV rv;
319 CK_BYTE_PTR pPart;
320
321 DE_CONST(buf, pPart);
322 PK11_FATALCHECK(pkcs_C_SignUpdate,
323 (ctx->session, pPart, (CK_ULONG) len));
324 }
325
326 void
isc_hmacsha1_sign(isc_hmacsha1_t * ctx,unsigned char * digest,size_t len)327 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
328 CK_RV rv;
329 CK_BYTE newdigest[ISC_SHA1_DIGESTLENGTH];
330 CK_ULONG psl = ISC_SHA1_DIGESTLENGTH;
331
332 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
333
334 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl));
335 if (ctx->object != CK_INVALID_HANDLE)
336 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
337 ctx->object = CK_INVALID_HANDLE;
338 pk11_return_session(ctx);
339 memmove(digest, newdigest, len);
340 memset(newdigest, 0, sizeof(newdigest));
341 }
342
343 void
isc_hmacsha224_init(isc_hmacsha224_t * ctx,const unsigned char * key,unsigned int len)344 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
345 unsigned int len)
346 {
347 CK_RV rv;
348 CK_MECHANISM mech = { CKM_SHA224_HMAC, NULL, 0 };
349 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
350 CK_KEY_TYPE keyType = CKK_SHA224_HMAC;
351 CK_ATTRIBUTE keyTemplate[] =
352 {
353 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
354 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
355 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
356 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
357 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
358 { CKA_VALUE, NULL, (CK_ULONG) len }
359 };
360
361 DE_CONST(key, keyTemplate[5].pValue);
362 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
363 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
364 ctx->object = CK_INVALID_HANDLE;
365 PK11_FATALCHECK(pkcs_C_CreateObject,
366 (ctx->session, keyTemplate,
367 (CK_ULONG) 6, &ctx->object));
368 INSIST(ctx->object != CK_INVALID_HANDLE);
369 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object));
370 }
371
372 void
isc_hmacsha224_invalidate(isc_hmacsha224_t * ctx)373 isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
374 CK_BYTE garbage[ISC_SHA224_DIGESTLENGTH];
375 CK_ULONG len = ISC_SHA224_DIGESTLENGTH;
376
377 if (ctx->handle == NULL)
378 return;
379 (void) pkcs_C_SignFinal(ctx->session, garbage, &len);
380 memset(garbage, 0, sizeof(garbage));
381 if (ctx->object != CK_INVALID_HANDLE)
382 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
383 ctx->object = CK_INVALID_HANDLE;
384 pk11_return_session(ctx);
385 }
386
387 void
isc_hmacsha224_update(isc_hmacsha224_t * ctx,const unsigned char * buf,unsigned int len)388 isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
389 unsigned int len)
390 {
391 CK_RV rv;
392 CK_BYTE_PTR pPart;
393
394 DE_CONST(buf, pPart);
395 PK11_FATALCHECK(pkcs_C_SignUpdate,
396 (ctx->session, pPart, (CK_ULONG) len));
397 }
398
399 void
isc_hmacsha224_sign(isc_hmacsha224_t * ctx,unsigned char * digest,size_t len)400 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
401 CK_RV rv;
402 CK_BYTE newdigest[ISC_SHA224_DIGESTLENGTH];
403 CK_ULONG psl = ISC_SHA224_DIGESTLENGTH;
404
405 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
406
407 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl));
408 if (ctx->object != CK_INVALID_HANDLE)
409 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
410 ctx->object = CK_INVALID_HANDLE;
411 pk11_return_session(ctx);
412 memmove(digest, newdigest, len);
413 memset(newdigest, 0, sizeof(newdigest));
414 }
415
416 void
isc_hmacsha256_init(isc_hmacsha256_t * ctx,const unsigned char * key,unsigned int len)417 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
418 unsigned int len)
419 {
420 CK_RV rv;
421 CK_MECHANISM mech = { CKM_SHA256_HMAC, NULL, 0 };
422 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
423 CK_KEY_TYPE keyType = CKK_SHA256_HMAC;
424 CK_ATTRIBUTE keyTemplate[] =
425 {
426 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
427 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
428 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
429 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
430 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
431 { CKA_VALUE, NULL, (CK_ULONG) len }
432 };
433
434 DE_CONST(key, keyTemplate[5].pValue);
435 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
436 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
437 ctx->object = CK_INVALID_HANDLE;
438 PK11_FATALCHECK(pkcs_C_CreateObject,
439 (ctx->session, keyTemplate,
440 (CK_ULONG) 6, &ctx->object));
441 INSIST(ctx->object != CK_INVALID_HANDLE);
442 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object));
443 }
444
445 void
isc_hmacsha256_invalidate(isc_hmacsha256_t * ctx)446 isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
447 CK_BYTE garbage[ISC_SHA256_DIGESTLENGTH];
448 CK_ULONG len = ISC_SHA256_DIGESTLENGTH;
449
450 if (ctx->handle == NULL)
451 return;
452 (void) pkcs_C_SignFinal(ctx->session, garbage, &len);
453 memset(garbage, 0, sizeof(garbage));
454 if (ctx->object != CK_INVALID_HANDLE)
455 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
456 ctx->object = CK_INVALID_HANDLE;
457 pk11_return_session(ctx);
458 }
459
460 void
isc_hmacsha256_update(isc_hmacsha256_t * ctx,const unsigned char * buf,unsigned int len)461 isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
462 unsigned int len)
463 {
464 CK_RV rv;
465 CK_BYTE_PTR pPart;
466
467 DE_CONST(buf, pPart);
468 PK11_FATALCHECK(pkcs_C_SignUpdate,
469 (ctx->session, pPart, (CK_ULONG) len));
470 }
471
472 void
isc_hmacsha256_sign(isc_hmacsha256_t * ctx,unsigned char * digest,size_t len)473 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
474 CK_RV rv;
475 CK_BYTE newdigest[ISC_SHA256_DIGESTLENGTH];
476 CK_ULONG psl = ISC_SHA256_DIGESTLENGTH;
477
478 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
479
480 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl));
481 if (ctx->object != CK_INVALID_HANDLE)
482 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
483 ctx->object = CK_INVALID_HANDLE;
484 pk11_return_session(ctx);
485 memmove(digest, newdigest, len);
486 memset(newdigest, 0, sizeof(newdigest));
487 }
488
489 void
isc_hmacsha384_init(isc_hmacsha384_t * ctx,const unsigned char * key,unsigned int len)490 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
491 unsigned int len)
492 {
493 CK_RV rv;
494 CK_MECHANISM mech = { CKM_SHA384_HMAC, NULL, 0 };
495 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
496 CK_KEY_TYPE keyType = CKK_SHA384_HMAC;
497 CK_ATTRIBUTE keyTemplate[] =
498 {
499 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
500 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
501 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
502 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
503 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
504 { CKA_VALUE, NULL, (CK_ULONG) len }
505 };
506
507 DE_CONST(key, keyTemplate[5].pValue);
508 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
509 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
510 ctx->object = CK_INVALID_HANDLE;
511 PK11_FATALCHECK(pkcs_C_CreateObject,
512 (ctx->session, keyTemplate,
513 (CK_ULONG) 6, &ctx->object));
514 INSIST(ctx->object != CK_INVALID_HANDLE);
515 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object));
516 }
517
518 void
isc_hmacsha384_invalidate(isc_hmacsha384_t * ctx)519 isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
520 CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH];
521 CK_ULONG len = ISC_SHA384_DIGESTLENGTH;
522
523 if (ctx->handle == NULL)
524 return;
525 (void) pkcs_C_SignFinal(ctx->session, garbage, &len);
526 memset(garbage, 0, sizeof(garbage));
527 if (ctx->object != CK_INVALID_HANDLE)
528 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
529 ctx->object = CK_INVALID_HANDLE;
530 pk11_return_session(ctx);
531 }
532
533 void
isc_hmacsha384_update(isc_hmacsha384_t * ctx,const unsigned char * buf,unsigned int len)534 isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
535 unsigned int len)
536 {
537 CK_RV rv;
538 CK_BYTE_PTR pPart;
539
540 DE_CONST(buf, pPart);
541 PK11_FATALCHECK(pkcs_C_SignUpdate,
542 (ctx->session, pPart, (CK_ULONG) len));
543 }
544
545 void
isc_hmacsha384_sign(isc_hmacsha384_t * ctx,unsigned char * digest,size_t len)546 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
547 CK_RV rv;
548 CK_BYTE newdigest[ISC_SHA384_DIGESTLENGTH];
549 CK_ULONG psl = ISC_SHA384_DIGESTLENGTH;
550
551 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
552
553 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl));
554 if (ctx->object != CK_INVALID_HANDLE)
555 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
556 ctx->object = CK_INVALID_HANDLE;
557 pk11_return_session(ctx);
558 memmove(digest, newdigest, len);
559 memset(newdigest, 0, sizeof(newdigest));
560 }
561
562 void
isc_hmacsha512_init(isc_hmacsha512_t * ctx,const unsigned char * key,unsigned int len)563 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
564 unsigned int len)
565 {
566 CK_RV rv;
567 CK_MECHANISM mech = { CKM_SHA512_HMAC, NULL, 0 };
568 CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
569 CK_KEY_TYPE keyType = CKK_SHA512_HMAC;
570 CK_ATTRIBUTE keyTemplate[] =
571 {
572 { CKA_CLASS, &keyClass, (CK_ULONG) sizeof(keyClass) },
573 { CKA_KEY_TYPE, &keyType, (CK_ULONG) sizeof(keyType) },
574 { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
575 { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
576 { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
577 { CKA_VALUE, NULL, (CK_ULONG) len }
578 };
579
580 DE_CONST(key, keyTemplate[5].pValue);
581 RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
582 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
583 ctx->object = CK_INVALID_HANDLE;
584 PK11_FATALCHECK(pkcs_C_CreateObject,
585 (ctx->session, keyTemplate,
586 (CK_ULONG) 6, &ctx->object));
587 INSIST(ctx->object != CK_INVALID_HANDLE);
588 PK11_FATALCHECK(pkcs_C_SignInit, (ctx->session, &mech, ctx->object));
589 }
590
591 void
isc_hmacsha512_invalidate(isc_hmacsha512_t * ctx)592 isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
593 CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH];
594 CK_ULONG len = ISC_SHA512_DIGESTLENGTH;
595
596 if (ctx->handle == NULL)
597 return;
598 (void) pkcs_C_SignFinal(ctx->session, garbage, &len);
599 memset(garbage, 0, sizeof(garbage));
600 if (ctx->object != CK_INVALID_HANDLE)
601 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
602 ctx->object = CK_INVALID_HANDLE;
603 pk11_return_session(ctx);
604 }
605
606 void
isc_hmacsha512_update(isc_hmacsha512_t * ctx,const unsigned char * buf,unsigned int len)607 isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
608 unsigned int len)
609 {
610 CK_RV rv;
611 CK_BYTE_PTR pPart;
612
613 DE_CONST(buf, pPart);
614 PK11_FATALCHECK(pkcs_C_SignUpdate,
615 (ctx->session, pPart, (CK_ULONG) len));
616 }
617
618 void
isc_hmacsha512_sign(isc_hmacsha512_t * ctx,unsigned char * digest,size_t len)619 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
620 CK_RV rv;
621 CK_BYTE newdigest[ISC_SHA512_DIGESTLENGTH];
622 CK_ULONG psl = ISC_SHA512_DIGESTLENGTH;
623
624 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
625
626 PK11_FATALCHECK(pkcs_C_SignFinal, (ctx->session, newdigest, &psl));
627 if (ctx->object != CK_INVALID_HANDLE)
628 (void) pkcs_C_DestroyObject(ctx->session, ctx->object);
629 ctx->object = CK_INVALID_HANDLE;
630 pk11_return_session(ctx);
631 memmove(digest, newdigest, len);
632 memset(newdigest, 0, sizeof(newdigest));
633 }
634
635 #else
636
637 #define IPAD 0x36
638 #define OPAD 0x5C
639
640 /*
641 * Start HMAC-SHA1 process. Initialize an sha1 context and digest the key.
642 */
643 void
isc_hmacsha1_init(isc_hmacsha1_t * ctx,const unsigned char * key,unsigned int len)644 isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
645 unsigned int len)
646 {
647 unsigned char ipad[ISC_SHA1_BLOCK_LENGTH];
648 unsigned int i;
649
650 memset(ctx->key, 0, sizeof(ctx->key));
651 if (len > sizeof(ctx->key)) {
652 isc_sha1_t sha1ctx;
653 isc_sha1_init(&sha1ctx);
654 isc_sha1_update(&sha1ctx, key, len);
655 isc_sha1_final(&sha1ctx, ctx->key);
656 } else
657 memmove(ctx->key, key, len);
658
659 isc_sha1_init(&ctx->sha1ctx);
660 memset(ipad, IPAD, sizeof(ipad));
661 for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
662 ipad[i] ^= ctx->key[i];
663 isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad));
664 }
665
666 void
isc_hmacsha1_invalidate(isc_hmacsha1_t * ctx)667 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
668 isc_sha1_invalidate(&ctx->sha1ctx);
669 memset(ctx->key, 0, sizeof(ctx->key));
670 memset(ctx, 0, sizeof(*ctx));
671 }
672
673 /*
674 * Update context to reflect the concatenation of another buffer full
675 * of bytes.
676 */
677 void
isc_hmacsha1_update(isc_hmacsha1_t * ctx,const unsigned char * buf,unsigned int len)678 isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
679 unsigned int len)
680 {
681 isc_sha1_update(&ctx->sha1ctx, buf, len);
682 }
683
684 /*
685 * Compute signature - finalize SHA1 operation and reapply SHA1.
686 */
687 void
isc_hmacsha1_sign(isc_hmacsha1_t * ctx,unsigned char * digest,size_t len)688 isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
689 unsigned char opad[ISC_SHA1_BLOCK_LENGTH];
690 unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
691 unsigned int i;
692
693 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
694 isc_sha1_final(&ctx->sha1ctx, newdigest);
695
696 memset(opad, OPAD, sizeof(opad));
697 for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
698 opad[i] ^= ctx->key[i];
699
700 isc_sha1_init(&ctx->sha1ctx);
701 isc_sha1_update(&ctx->sha1ctx, opad, sizeof(opad));
702 isc_sha1_update(&ctx->sha1ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
703 isc_sha1_final(&ctx->sha1ctx, newdigest);
704 isc_hmacsha1_invalidate(ctx);
705 memmove(digest, newdigest, len);
706 memset(newdigest, 0, sizeof(newdigest));
707 }
708
709 /*
710 * Start HMAC-SHA224 process. Initialize an sha224 context and digest the key.
711 */
712 void
isc_hmacsha224_init(isc_hmacsha224_t * ctx,const unsigned char * key,unsigned int len)713 isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
714 unsigned int len)
715 {
716 unsigned char ipad[ISC_SHA224_BLOCK_LENGTH];
717 unsigned int i;
718
719 memset(ctx->key, 0, sizeof(ctx->key));
720 if (len > sizeof(ctx->key)) {
721 isc_sha224_t sha224ctx;
722 isc_sha224_init(&sha224ctx);
723 isc_sha224_update(&sha224ctx, key, len);
724 isc_sha224_final(ctx->key, &sha224ctx);
725 } else
726 memmove(ctx->key, key, len);
727
728 isc_sha224_init(&ctx->sha224ctx);
729 memset(ipad, IPAD, sizeof(ipad));
730 for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++)
731 ipad[i] ^= ctx->key[i];
732 isc_sha224_update(&ctx->sha224ctx, ipad, sizeof(ipad));
733 }
734
735 void
isc_hmacsha224_invalidate(isc_hmacsha224_t * ctx)736 isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
737 memset(ctx->key, 0, sizeof(ctx->key));
738 memset(ctx, 0, sizeof(*ctx));
739 }
740
741 /*
742 * Update context to reflect the concatenation of another buffer full
743 * of bytes.
744 */
745 void
isc_hmacsha224_update(isc_hmacsha224_t * ctx,const unsigned char * buf,unsigned int len)746 isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
747 unsigned int len)
748 {
749 isc_sha224_update(&ctx->sha224ctx, buf, len);
750 }
751
752 /*
753 * Compute signature - finalize SHA224 operation and reapply SHA224.
754 */
755 void
isc_hmacsha224_sign(isc_hmacsha224_t * ctx,unsigned char * digest,size_t len)756 isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
757 unsigned char opad[ISC_SHA224_BLOCK_LENGTH];
758 unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
759 unsigned int i;
760
761 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
762 isc_sha224_final(newdigest, &ctx->sha224ctx);
763
764 memset(opad, OPAD, sizeof(opad));
765 for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++)
766 opad[i] ^= ctx->key[i];
767
768 isc_sha224_init(&ctx->sha224ctx);
769 isc_sha224_update(&ctx->sha224ctx, opad, sizeof(opad));
770 isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
771 isc_sha224_final(newdigest, &ctx->sha224ctx);
772 memmove(digest, newdigest, len);
773 memset(newdigest, 0, sizeof(newdigest));
774 }
775
776 /*
777 * Start HMAC-SHA256 process. Initialize an sha256 context and digest the key.
778 */
779 void
isc_hmacsha256_init(isc_hmacsha256_t * ctx,const unsigned char * key,unsigned int len)780 isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
781 unsigned int len)
782 {
783 unsigned char ipad[ISC_SHA256_BLOCK_LENGTH];
784 unsigned int i;
785
786 memset(ctx->key, 0, sizeof(ctx->key));
787 if (len > sizeof(ctx->key)) {
788 isc_sha256_t sha256ctx;
789 isc_sha256_init(&sha256ctx);
790 isc_sha256_update(&sha256ctx, key, len);
791 isc_sha256_final(ctx->key, &sha256ctx);
792 } else
793 memmove(ctx->key, key, len);
794
795 isc_sha256_init(&ctx->sha256ctx);
796 memset(ipad, IPAD, sizeof(ipad));
797 for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
798 ipad[i] ^= ctx->key[i];
799 isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad));
800 }
801
802 void
isc_hmacsha256_invalidate(isc_hmacsha256_t * ctx)803 isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
804 memset(ctx->key, 0, sizeof(ctx->key));
805 memset(ctx, 0, sizeof(*ctx));
806 }
807
808 /*
809 * Update context to reflect the concatenation of another buffer full
810 * of bytes.
811 */
812 void
isc_hmacsha256_update(isc_hmacsha256_t * ctx,const unsigned char * buf,unsigned int len)813 isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
814 unsigned int len)
815 {
816 isc_sha256_update(&ctx->sha256ctx, buf, len);
817 }
818
819 /*
820 * Compute signature - finalize SHA256 operation and reapply SHA256.
821 */
822 void
isc_hmacsha256_sign(isc_hmacsha256_t * ctx,unsigned char * digest,size_t len)823 isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
824 unsigned char opad[ISC_SHA256_BLOCK_LENGTH];
825 unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
826 unsigned int i;
827
828 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
829 isc_sha256_final(newdigest, &ctx->sha256ctx);
830
831 memset(opad, OPAD, sizeof(opad));
832 for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
833 opad[i] ^= ctx->key[i];
834
835 isc_sha256_init(&ctx->sha256ctx);
836 isc_sha256_update(&ctx->sha256ctx, opad, sizeof(opad));
837 isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
838 isc_sha256_final(newdigest, &ctx->sha256ctx);
839 memmove(digest, newdigest, len);
840 memset(newdigest, 0, sizeof(newdigest));
841 }
842
843 /*
844 * Start HMAC-SHA384 process. Initialize an sha384 context and digest the key.
845 */
846 void
isc_hmacsha384_init(isc_hmacsha384_t * ctx,const unsigned char * key,unsigned int len)847 isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
848 unsigned int len)
849 {
850 unsigned char ipad[ISC_SHA384_BLOCK_LENGTH];
851 unsigned int i;
852
853 memset(ctx->key, 0, sizeof(ctx->key));
854 if (len > sizeof(ctx->key)) {
855 isc_sha384_t sha384ctx;
856 isc_sha384_init(&sha384ctx);
857 isc_sha384_update(&sha384ctx, key, len);
858 isc_sha384_final(ctx->key, &sha384ctx);
859 } else
860 memmove(ctx->key, key, len);
861
862 isc_sha384_init(&ctx->sha384ctx);
863 memset(ipad, IPAD, sizeof(ipad));
864 for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++)
865 ipad[i] ^= ctx->key[i];
866 isc_sha384_update(&ctx->sha384ctx, ipad, sizeof(ipad));
867 }
868
869 void
isc_hmacsha384_invalidate(isc_hmacsha384_t * ctx)870 isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
871 memset(ctx->key, 0, sizeof(ctx->key));
872 memset(ctx, 0, sizeof(*ctx));
873 }
874
875 /*
876 * Update context to reflect the concatenation of another buffer full
877 * of bytes.
878 */
879 void
isc_hmacsha384_update(isc_hmacsha384_t * ctx,const unsigned char * buf,unsigned int len)880 isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
881 unsigned int len)
882 {
883 isc_sha384_update(&ctx->sha384ctx, buf, len);
884 }
885
886 /*
887 * Compute signature - finalize SHA384 operation and reapply SHA384.
888 */
889 void
isc_hmacsha384_sign(isc_hmacsha384_t * ctx,unsigned char * digest,size_t len)890 isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
891 unsigned char opad[ISC_SHA384_BLOCK_LENGTH];
892 unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
893 unsigned int i;
894
895 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
896 isc_sha384_final(newdigest, &ctx->sha384ctx);
897
898 memset(opad, OPAD, sizeof(opad));
899 for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++)
900 opad[i] ^= ctx->key[i];
901
902 isc_sha384_init(&ctx->sha384ctx);
903 isc_sha384_update(&ctx->sha384ctx, opad, sizeof(opad));
904 isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
905 isc_sha384_final(newdigest, &ctx->sha384ctx);
906 memmove(digest, newdigest, len);
907 memset(newdigest, 0, sizeof(newdigest));
908 }
909
910 /*
911 * Start HMAC-SHA512 process. Initialize an sha512 context and digest the key.
912 */
913 void
isc_hmacsha512_init(isc_hmacsha512_t * ctx,const unsigned char * key,unsigned int len)914 isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
915 unsigned int len)
916 {
917 unsigned char ipad[ISC_SHA512_BLOCK_LENGTH];
918 unsigned int i;
919
920 memset(ctx->key, 0, sizeof(ctx->key));
921 if (len > sizeof(ctx->key)) {
922 isc_sha512_t sha512ctx;
923 isc_sha512_init(&sha512ctx);
924 isc_sha512_update(&sha512ctx, key, len);
925 isc_sha512_final(ctx->key, &sha512ctx);
926 } else
927 memmove(ctx->key, key, len);
928
929 isc_sha512_init(&ctx->sha512ctx);
930 memset(ipad, IPAD, sizeof(ipad));
931 for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++)
932 ipad[i] ^= ctx->key[i];
933 isc_sha512_update(&ctx->sha512ctx, ipad, sizeof(ipad));
934 }
935
936 void
isc_hmacsha512_invalidate(isc_hmacsha512_t * ctx)937 isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
938 memset(ctx->key, 0, sizeof(ctx->key));
939 memset(ctx, 0, sizeof(*ctx));
940 }
941
942 /*
943 * Update context to reflect the concatenation of another buffer full
944 * of bytes.
945 */
946 void
isc_hmacsha512_update(isc_hmacsha512_t * ctx,const unsigned char * buf,unsigned int len)947 isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
948 unsigned int len)
949 {
950 isc_sha512_update(&ctx->sha512ctx, buf, len);
951 }
952
953 /*
954 * Compute signature - finalize SHA512 operation and reapply SHA512.
955 */
956 void
isc_hmacsha512_sign(isc_hmacsha512_t * ctx,unsigned char * digest,size_t len)957 isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
958 unsigned char opad[ISC_SHA512_BLOCK_LENGTH];
959 unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
960 unsigned int i;
961
962 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
963 isc_sha512_final(newdigest, &ctx->sha512ctx);
964
965 memset(opad, OPAD, sizeof(opad));
966 for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++)
967 opad[i] ^= ctx->key[i];
968
969 isc_sha512_init(&ctx->sha512ctx);
970 isc_sha512_update(&ctx->sha512ctx, opad, sizeof(opad));
971 isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
972 isc_sha512_final(newdigest, &ctx->sha512ctx);
973 memmove(digest, newdigest, len);
974 memset(newdigest, 0, sizeof(newdigest));
975 }
976 #endif /* !ISC_PLATFORM_OPENSSLHASH */
977
978 /*
979 * Verify signature - finalize SHA1 operation and reapply SHA1, then
980 * compare to the supplied digest.
981 */
982 isc_boolean_t
isc_hmacsha1_verify(isc_hmacsha1_t * ctx,unsigned char * digest,size_t len)983 isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
984 unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
985
986 REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
987 isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
988 return (isc_safe_memcmp(digest, newdigest, len));
989 }
990
991 /*
992 * Verify signature - finalize SHA224 operation and reapply SHA224, then
993 * compare to the supplied digest.
994 */
995 isc_boolean_t
isc_hmacsha224_verify(isc_hmacsha224_t * ctx,unsigned char * digest,size_t len)996 isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
997 unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
998
999 REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
1000 isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
1001 return (isc_safe_memcmp(digest, newdigest, len));
1002 }
1003
1004 /*
1005 * Verify signature - finalize SHA256 operation and reapply SHA256, then
1006 * compare to the supplied digest.
1007 */
1008 isc_boolean_t
isc_hmacsha256_verify(isc_hmacsha256_t * ctx,unsigned char * digest,size_t len)1009 isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
1010 unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
1011
1012 REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
1013 isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
1014 return (isc_safe_memcmp(digest, newdigest, len));
1015 }
1016
1017 /*
1018 * Verify signature - finalize SHA384 operation and reapply SHA384, then
1019 * compare to the supplied digest.
1020 */
1021 isc_boolean_t
isc_hmacsha384_verify(isc_hmacsha384_t * ctx,unsigned char * digest,size_t len)1022 isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
1023 unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
1024
1025 REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
1026 isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
1027 return (isc_safe_memcmp(digest, newdigest, len));
1028 }
1029
1030 /*
1031 * Verify signature - finalize SHA512 operation and reapply SHA512, then
1032 * compare to the supplied digest.
1033 */
1034 isc_boolean_t
isc_hmacsha512_verify(isc_hmacsha512_t * ctx,unsigned char * digest,size_t len)1035 isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
1036 unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
1037
1038 REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
1039 isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
1040 return (isc_safe_memcmp(digest, newdigest, len));
1041 }
1042