static isc_result_t
compute_secret (isc_buffer_t * shared, isc_region_t * queryrandomness,
isc_region_t * serverrandomness, isc_buffer_t * secret)
{
isc_md5_t md5ctx;
isc_region_t r, r2;
unsigned char digests[32];
unsigned int i;
isc_buffer_usedregion (shared, &r);
/*
* MD5 ( query data | DH value ).
*/
isc_md5_init (&md5ctx);
isc_md5_update (&md5ctx, queryrandomness->base, queryrandomness->length);
isc_md5_update (&md5ctx, r.base, r.length);
isc_md5_final (&md5ctx, digests);
/*
* MD5 ( server data | DH value ).
*/
isc_md5_init (&md5ctx);
isc_md5_update (&md5ctx, serverrandomness->base, serverrandomness->length);
isc_md5_update (&md5ctx, r.base, r.length);
isc_md5_final (&md5ctx, &digests[ISC_MD5_DIGESTLENGTH]);
/*
* XOR ( DH value, MD5-1 | MD5-2).
*/
isc_buffer_availableregion (secret, &r);
isc_buffer_usedregion (shared, &r2);
if (r.length < sizeof (digests) || r.length < r2.length)
return (ISC_R_NOSPACE);
if (r2.length > sizeof (digests))
{
memcpy (r.base, r2.base, r2.length);
for (i = 0; i < sizeof (digests); i++)
r.base[i] ^= digests[i];
isc_buffer_add (secret, r2.length);
}
else
{
memcpy (r.base, digests, sizeof (digests));
for (i = 0; i < r2.length; i++)
r.base[i] ^= r2.base[i];
isc_buffer_add (secret, sizeof (digests));
}
return (ISC_R_SUCCESS);
}
static isc_result_t
opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
dst_key_t *key = dctx->key;
RSA *rsa = key->opaque;
/* note: ISC_SHA1_DIGESTLENGTH > ISC_MD5_DIGESTLENGTH */
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
int status = 0;
int type;
unsigned int digestlen;
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque;
isc_md5_final(md5ctx, digest);
type = NID_md5;
digestlen = ISC_MD5_DIGESTLENGTH;
} else {
isc_sha1_t *sha1ctx = dctx->opaque;
isc_sha1_final(sha1ctx, digest);
type = NID_sha1;
digestlen = ISC_SHA1_DIGESTLENGTH;
}
if (sig->length < (unsigned int) RSA_size(rsa))
return (DST_R_VERIFYFAILURE);
status = RSA_verify(type, digest, digestlen, sig->base,
RSA_size(rsa), rsa);
if (status == 0)
return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
return (ISC_R_SUCCESS);
}
static isc_result_t
hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) {
HMAC_Key *hkey;
int keylen;
isc_region_t r;
isc_md5_t md5ctx;
isc_buffer_remainingregion(data, &r);
if (r.length == 0)
return (ISC_R_SUCCESS);
hkey = (HMAC_Key *) isc_mem_get(key->mctx, sizeof(HMAC_Key));
if (hkey == NULL)
return (ISC_R_NOMEMORY);
memset(hkey->key, 0, sizeof(hkey->key));
if (r.length > HMAC_LEN) {
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, hkey->key);
keylen = ISC_MD5_DIGESTLENGTH;
}
else {
memcpy(hkey->key, r.base, r.length);
keylen = r.length;
}
key->key_size = keylen * 8;
key->opaque = hkey;
return (ISC_R_SUCCESS);
}
/*!
* Compute signature - finalize MD5 operation and reapply MD5.
*/
void
isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) {
unsigned char opad[PADLEN];
int i;
isc_md5_final(&ctx->md5ctx, digest);
memset(opad, OPAD, sizeof(opad));
for (i = 0; i < PADLEN; i++)
opad[i] ^= ctx->key[i];
isc_md5_init(&ctx->md5ctx);
isc_md5_update(&ctx->md5ctx, opad, sizeof(opad));
isc_md5_update(&ctx->md5ctx, digest, ISC_MD5_DIGESTLENGTH);
isc_md5_final(&ctx->md5ctx, digest);
isc_hmacmd5_invalidate(ctx);
}
static isc_result_t
opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
dst_key_t *key = dctx->key;
RSA *rsa = key->opaque;
isc_region_t r;
/* note: ISC_SHA1_DIGESTLENGTH > ISC_MD5_DIGESTLENGTH */
unsigned char digest[ISC_SHA1_DIGESTLENGTH];
unsigned int siglen = 0;
int status;
int type;
unsigned int digestlen;
char *message;
unsigned long err;
const char* file;
int line;
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
isc_buffer_availableregion(sig, &r);
if (r.length < (unsigned int) RSA_size(rsa))
return (ISC_R_NOSPACE);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque;
isc_md5_final(md5ctx, digest);
type = NID_md5;
digestlen = ISC_MD5_DIGESTLENGTH;
} else {
isc_sha1_t *sha1ctx = dctx->opaque;
isc_sha1_final(sha1ctx, digest);
type = NID_sha1;
digestlen = ISC_SHA1_DIGESTLENGTH;
}
status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
if (status == 0) {
err = ERR_peek_error_line(&file, &line);
if (err != 0U) {
message = ERR_error_string(err, NULL);
fprintf(stderr, "%s:%s:%d\n", message,
file ? file : "", line);
}
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
isc_buffer_add(sig, siglen);
return (ISC_R_SUCCESS);
}
/*!
* Start HMAC-MD5 process. Initialize an md5 context and digest the key.
*/
void
isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
unsigned int len)
{
unsigned char ipad[PADLEN];
int i;
memset(ctx->key, 0, sizeof(ctx->key));
if (len > sizeof(ctx->key)) {
isc_md5_t md5ctx;
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, key, len);
isc_md5_final(&md5ctx, ctx->key);
} else
memmove(ctx->key, key, len);
isc_md5_init(&ctx->md5ctx);
memset(ipad, IPAD, sizeof(ipad));
for (i = 0; i < PADLEN; i++)
ipad[i] ^= ctx->key[i];
isc_md5_update(&ctx->md5ctx, ipad, sizeof(ipad));
}
static isc_result_t
opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
dst_key_t *key = dctx->key;
int status = 0;
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey = key->keydata.pkey;
#else
/* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
int type = 0;
unsigned int digestlen = 0;
RSA *rsa = key->keydata.rsa;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
unsigned int prefixlen = 0;
const unsigned char *prefix = NULL;
#endif
#endif
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1 ||
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
#if USE_EVP
status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);
#else
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
{
isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
isc_md5_final(md5ctx, digest);
type = NID_md5;
digestlen = ISC_MD5_DIGESTLENGTH;
}
break;
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
{
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
isc_sha1_final(sha1ctx, digest);
type = NID_sha1;
digestlen = ISC_SHA1_DIGESTLENGTH;
}
break;
case DST_ALG_RSASHA256:
{
isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
isc_sha256_final(digest, sha256ctx);
digestlen = ISC_SHA256_DIGESTLENGTH;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
prefix = sha256_prefix;
prefixlen = sizeof(sha256_prefix);
#else
type = NID_sha256;
#endif
}
break;
case DST_ALG_RSASHA512:
{
isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
isc_sha512_final(digest, sha512ctx);
digestlen = ISC_SHA512_DIGESTLENGTH;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
prefix = sha512_prefix;
prefixlen = sizeof(sha512_prefix);
#else
type = NID_sha512;
#endif
}
break;
default:
INSIST(0);
}
if (sig->length != (unsigned int) RSA_size(rsa))
return (DST_R_VERIFYFAILURE);
#if OPENSSL_VERSION_NUMBER < 0x00908000L
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
INSIST(type != 0);
status = RSA_verify(type, digest, digestlen, sig->base,
RSA_size(rsa), rsa);
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
{
/*
* 1024 is big enough for all valid RSA bit sizes
* for use with DNSSEC.
*/
unsigned char original[PREFIXLEN + 1024];
INSIST(prefix != NULL);
INSIST(prefixlen != 0U);
if (RSA_size(rsa) > (int)sizeof(original))
return (DST_R_VERIFYFAILURE);
status = RSA_public_decrypt(sig->length, sig->base,
original, rsa,
RSA_PKCS1_PADDING);
if (status <= 0)
return (dst__openssl_toresult2(
"RSA_public_decrypt",
DST_R_VERIFYFAILURE));
if (status != (int)(prefixlen + digestlen))
return (DST_R_VERIFYFAILURE);
if (memcmp(original, prefix, prefixlen))
return (DST_R_VERIFYFAILURE);
if (memcmp(original + prefixlen, digest, digestlen))
return (DST_R_VERIFYFAILURE);
status = 1;
}
break;
default:
INSIST(0);
}
#else
INSIST(type != 0);
status = RSA_verify(type, digest, digestlen, sig->base,
RSA_size(rsa), rsa);
#endif
#endif
if (status != 1)
return (dst__openssl_toresult2("RSA_verify",
DST_R_VERIFYFAILURE));
return (ISC_R_SUCCESS);
}
static isc_result_t
opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
dst_key_t *key = dctx->key;
isc_region_t r;
unsigned int siglen = 0;
#if USE_EVP
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey = key->keydata.pkey;
#else
RSA *rsa = key->keydata.rsa;
/* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH];
int status;
int type = 0;
unsigned int digestlen = 0;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
unsigned int prefixlen = 0;
const unsigned char *prefix = NULL;
#endif
#endif
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1 ||
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
isc_buffer_availableregion(sig, &r);
#if USE_EVP
if (r.length < (unsigned int) EVP_PKEY_size(pkey))
return (ISC_R_NOSPACE);
if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) {
return (dst__openssl_toresult2("EVP_SignFinal",
ISC_R_FAILURE));
}
#else
if (r.length < (unsigned int) RSA_size(rsa))
return (ISC_R_NOSPACE);
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
{
isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
isc_md5_final(md5ctx, digest);
type = NID_md5;
digestlen = ISC_MD5_DIGESTLENGTH;
}
break;
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
{
isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
isc_sha1_final(sha1ctx, digest);
type = NID_sha1;
digestlen = ISC_SHA1_DIGESTLENGTH;
}
break;
case DST_ALG_RSASHA256:
{
isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
isc_sha256_final(digest, sha256ctx);
digestlen = ISC_SHA256_DIGESTLENGTH;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
prefix = sha256_prefix;
prefixlen = sizeof(sha256_prefix);
#else
type = NID_sha256;
#endif
}
break;
case DST_ALG_RSASHA512:
{
isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
isc_sha512_final(digest, sha512ctx);
digestlen = ISC_SHA512_DIGESTLENGTH;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
prefix = sha512_prefix;
prefixlen = sizeof(sha512_prefix);
#else
type = NID_sha512;
#endif
}
break;
default:
INSIST(0);
}
#if OPENSSL_VERSION_NUMBER < 0x00908000L
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
INSIST(type != 0);
status = RSA_sign(type, digest, digestlen, r.base,
&siglen, rsa);
break;
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
INSIST(prefix != NULL);
INSIST(prefixlen != 0);
INSIST(prefixlen + digestlen <= sizeof(digest));
memmove(digest + prefixlen, digest, digestlen);
memcpy(digest, prefix, prefixlen);
status = RSA_private_encrypt(digestlen + prefixlen,
digest, r.base, rsa,
RSA_PKCS1_PADDING);
if (status < 0)
status = 0;
else
siglen = status;
break;
default:
INSIST(0);
}
#else
INSIST(type != 0);
status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
#endif
if (status == 0)
return (dst__openssl_toresult2("RSA_sign",
DST_R_OPENSSLFAILURE));
#endif
isc_buffer_add(sig, siglen);
return (ISC_R_SUCCESS);
}
int
main(int argc, char **argv) {
isc_buffer_t buf;
unsigned char key[1024];
char secret[1024];
char base64[(1024*4)/3];
isc_region_t r;
isc_result_t result;
if (argc != 3) {
fprintf(stderr, "Usage:\t%s algorithm secret\n", argv[0]);
fprintf(stderr, "\talgorithm: (MD5 | SHA1 | SHA224 | "
"SHA256 | SHA384 | SHA512)\n");
return (1);
}
isc_buffer_init(&buf, secret, sizeof(secret));
result = isc_base64_decodestring(argv[2], &buf);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "error: %s\n", isc_result_totext(result));
return (1);
}
isc__buffer_usedregion(&buf, &r);
if (!strcasecmp(argv[1], "md5") ||
!strcasecmp(argv[1], "hmac-md5")) {
if (r.length > HMAC_LEN) {
isc_md5_t md5ctx;
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, key);
r.base = key;
r.length = ISC_MD5_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha1") ||
!strcasecmp(argv[1], "hmac-sha1")) {
if (r.length > ISC_SHA1_DIGESTLENGTH) {
isc_sha1_t sha1ctx;
isc_sha1_init(&sha1ctx);
isc_sha1_update(&sha1ctx, r.base, r.length);
isc_sha1_final(&sha1ctx, key);
r.base = key;
r.length = ISC_SHA1_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha224") ||
!strcasecmp(argv[1], "hmac-sha224")) {
if (r.length > ISC_SHA224_DIGESTLENGTH) {
isc_sha224_t sha224ctx;
isc_sha224_init(&sha224ctx);
isc_sha224_update(&sha224ctx, r.base, r.length);
isc_sha224_final(key, &sha224ctx);
r.base = key;
r.length = ISC_SHA224_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha256") ||
!strcasecmp(argv[1], "hmac-sha256")) {
if (r.length > ISC_SHA256_DIGESTLENGTH) {
isc_sha256_t sha256ctx;
isc_sha256_init(&sha256ctx);
isc_sha256_update(&sha256ctx, r.base, r.length);
isc_sha256_final(key, &sha256ctx);
r.base = key;
r.length = ISC_SHA256_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha384") ||
!strcasecmp(argv[1], "hmac-sha384")) {
if (r.length > ISC_SHA384_DIGESTLENGTH) {
isc_sha384_t sha384ctx;
isc_sha384_init(&sha384ctx);
isc_sha384_update(&sha384ctx, r.base, r.length);
isc_sha384_final(key, &sha384ctx);
r.base = key;
r.length = ISC_SHA384_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha512") ||
!strcasecmp(argv[1], "hmac-sha512")) {
if (r.length > ISC_SHA512_DIGESTLENGTH) {
isc_sha512_t sha512ctx;
isc_sha512_init(&sha512ctx);
isc_sha512_update(&sha512ctx, r.base, r.length);
isc_sha512_final(key, &sha512ctx);
r.base = key;
r.length = ISC_SHA512_DIGESTLENGTH;
}
} else {
fprintf(stderr, "unknown hmac/digest algorithm: %s\n", argv[1]);
return (1);
}
isc_buffer_init(&buf, base64, sizeof(base64));
result = isc_base64_totext(&r, 0, "", &buf);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "error: %s\n", isc_result_totext(result));
return (1);
}
fprintf(stdout, "%.*s\n", (int)isc_buffer_usedlength(&buf), base64);
return (0);
}
int
main(int argc, char **argv) {
isc_sha1_t sha1;
isc_sha224_t sha224;
isc_md5_t md5;
isc_hmacmd5_t hmacmd5;
isc_hmacsha1_t hmacsha1;
isc_hmacsha224_t hmacsha224;
isc_hmacsha256_t hmacsha256;
isc_hmacsha384_t hmacsha384;
isc_hmacsha512_t hmacsha512;
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
unsigned char buffer[1024];
const char *s;
unsigned char key[20];
UNUSED(argc);
UNUSED(argv);
s = "abc";
isc_sha1_init(&sha1);
memcpy(buffer, s, strlen(s));
isc_sha1_update(&sha1, buffer, strlen(s));
isc_sha1_final(&sha1, digest);
print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
isc_sha1_init(&sha1);
memcpy(buffer, s, strlen(s));
isc_sha1_update(&sha1, buffer, strlen(s));
isc_sha1_final(&sha1, digest);
print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "abc";
isc_sha224_init(&sha224);
memcpy(buffer, s, strlen(s));
isc_sha224_update(&sha224, buffer, strlen(s));
isc_sha224_final(digest, &sha224);
print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
isc_sha224_init(&sha224);
memcpy(buffer, s, strlen(s));
isc_sha224_update(&sha224, buffer, strlen(s));
isc_sha224_final(digest, &sha224);
print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "abc";
isc_md5_init(&md5);
memcpy(buffer, s, strlen(s));
isc_md5_update(&md5, buffer, strlen(s));
isc_md5_final(&md5, digest);
print_digest(s, "md5", digest, 4);
/*
* The 3 HMAC-MD5 examples from RFC2104
*/
s = "Hi There";
memset(key, 0x0b, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memcpy(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacmd5_init(&hmacmd5, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memcpy(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
/*
* The 3 HMAC-SHA1 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha1_init(&hmacsha1, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA224 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha224_init(&hmacsha224, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA256 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha256_init(&hmacsha256, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA384 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha384_init(&hmacsha384, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA512 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha512_init(&hmacsha512, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
return (0);
}
