/* test HMAC
*/
int verify_hmac(const void *data, size_t datalen,
hashid hid, unsigned char *hmac, char *key, int keylen)
{
MHASH td;
unsigned char *our_hmac = NULL;
int rc = -1;
td = mhash_hmac_init(hid, key, keylen,
mhash_get_hash_pblock(hid));
if (!td)
return -1;
our_hmac = malloc(mhash_get_block_size(hid));
if (!our_hmac)
return -1;
(void)mhash(td, data, datalen);
if (mhash_hmac_deinit(td, our_hmac))
goto out_free;
rc = memcmp(our_hmac, hmac, mhash_get_block_size(hid));
out_free:
if (our_hmac)
free(our_hmac);
return rc;
}
int checkhash(unsigned char *data, size_t datalen, char *checkhash) {
char keyword[100];
memcpy(together + pos, data, datalen);
pos += datalen;
mhash_keygen((keygenid)0, (hashid)10, 10, keyword, 100, (void *)"aaaa", 3, key, keylen);
MHASH hash = mhash_hmac_init((hashid)10, keyword, 100, mhash_get_hash_pblock((hashid)10));
mhash(hash, data, datalen);
void *mac = mhash_hmac_end(hash);
char hash_printed[1000] = "0x";
for (int j = 0; j < mhash_get_block_size((hashid)10); j++) {
unsigned char *m = (unsigned char *)mac;
char r[3];
snprintf(r, 3, "%.2x", m[j]);
strcat(hash_printed, r);
}
printf("%s\n", hash_printed);
return strcmp(hash_printed, checkhash) == 0;
}
int conf_input_wrapper(char* buf, int max_size, FILE* in)
{
int retval=0;
int c=0;
char* tmp=NULL;
void* key=NULL;
int keylen=0;
/* FIXME Add support for gzipped config. :) */
#ifdef WITH_MHASH
/* Read a character at a time until we are doing md */
if(conf->do_configmd){
retval=fread(buf,1,max_size,in);
}else {
c=fgetc(in);
retval= (c==EOF) ? 0 : (buf[0] = c,1);
}
#else
retval=fread(buf,1,max_size,in);
#endif
#ifdef WITH_MHASH
if(conf->do_configmd||conf->config_check){
if(((conf->do_configmd==1)&&conf->config_check)||!conf->confmd){
if(conf->do_configmd==1){
conf->do_configmd+=1;
}
if((key=get_conf_key())!=NULL){
keylen=get_conf_key_len();
if( (conf->confmd=
mhash_hmac_init(conf->confhmactype,
key,
keylen,
mhash_get_hash_pblock(conf->confhmactype)))==
MHASH_FAILED){
error(0, "mhash_hmac_init() failed for %i for config check. Aborting\n",
conf->confhmactype);
exit(EXIT_FAILURE);
}
} else {
conf->do_configmd=0;
return retval;
}
}
/* FIXME This does not handle the case that @@end_config is on
buffer boundary. */
if((tmp=strnstr(buf,"@@end_config",retval))!=NULL){
/* We have end of config don't feed the last line to mhash */
mhash(conf->confmd,(void*)buf,tmp-buf);
} else {
mhash(conf->confmd,(void*)buf,retval);
}
}
#endif
return retval;
}
static const char *
vmod_hmac_sha256(const struct vrt_ctx *ctx,
const char *key,size_t lkey, const char *msg,size_t lmsg,bool raw)
{
hashid hash = MHASH_SHA256;
size_t blocksize = mhash_get_block_size(hash);
char *p;
char *ptmp;
p = WS_Alloc(ctx->ws, blocksize * 2 + 1);
ptmp = p;
unsigned char *mac;
unsigned u;
u = WS_Reserve(ctx->ws, 0);
assert(u > blocksize);
mac = (unsigned char*)ctx->ws->f;
int i;
MHASH td;
assert(msg);
assert(key);
assert(mhash_get_hash_pblock(hash) > 0);
td = mhash_hmac_init(hash, (void *) key, lkey,
mhash_get_hash_pblock(hash));
mhash(td, msg, lmsg);
mhash_hmac_deinit(td,mac);
if(raw){
WS_Release(ctx->ws, blocksize);
return (char *)mac;
}
WS_Release(ctx->ws, 0);
for (i = 0; i<blocksize;i++) {
sprintf(ptmp,"%.2x",mac[i]);
ptmp+=2;
}
return p;
}
/* calculate the HMAC of the message in data and store it in result
* it is up to the caller to make sure that there's enough space
* at result for the MAC
*/
int calc_hmac(const void *data, size_t datalen,
hashid hid, unsigned char *result, char *key, int keylen)
{
MHASH td;
size_t block_size;
block_size = mhash_get_hash_pblock(hid);
if (!block_size)
return -1;
td = mhash_hmac_init(hid, key, keylen, block_size);
if (!td)
return -1;
(void)mhash(td, data, datalen);
if (mhash_hmac_deinit(td, result))
return -1;
return 0;
}
int db_input_wrapper(char* buf, int max_size, int db)
{
int retval=0;
int c=0;
int err=0;
int* domd=NULL;
url_t* db_url=NULL;
#ifdef WITH_MHASH
char* tmp=NULL;
MHASH* md=NULL;
void* key=NULL;
int keylen;
#endif
FILE** db_filep=NULL;
#ifdef WITH_ZLIB
gzFile* db_gzp=NULL;
#endif
switch(db) {
case DB_OLD: {
db_url=conf->db_in_url;
domd=&(conf->do_dboldmd);
#ifdef WITH_MHASH
md=&(conf->dboldmd);
#endif
db_filep=&(conf->db_in);
#ifdef WITH_ZLIB
db_gzp=&(conf->db_gzin);
#endif
break;
}
case DB_NEW: {
db_url=conf->db_new_url;
domd=&(conf->do_dbnewmd);
#ifdef WITH_MHASH
md=&(conf->dbnewmd);
#endif
db_filep=&(conf->db_new);
#ifdef WITH_ZLIB
db_gzp=&(conf->db_gznew);
#endif
break;
}
}
#ifdef WITH_CURL
switch (db_url->type) {
case url_http:
case url_https:
case url_ftp: {
retval=url_fread(buf,1,max_size,(URL_FILE *)*db_filep);
break;
}
default:
#endif /* WITH CURL */
/* Read a character at a time until we are doing md */
#ifdef WITH_ZLIB
if((*db_gzp==NULL)&&(*domd)){
retval=fread(buf,1,max_size,*db_filep);
}
if((*db_gzp!=NULL)&&(*domd)){
if(gzeof(*db_gzp)){
retval=0;
buf[0]='\0';
}else {
if((retval=gzread(*db_gzp,buf,max_size))<0){
error(0,_("gzread() failed: gzerr=%s!\n"),gzerror(*db_gzp,&err));
retval=0;
buf[0]='\0';
} else {
/* gzread returns 0 even if uncompressed bytes were read*/
error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n",
retval,(unsigned long)strnlen((char*)buf, max_size),
strerror(errno),gzerror(*db_gzp,&err));
if(retval==0){
retval=strnlen((char*)buf, max_size);
}
}
}
}
if((*db_gzp!=NULL)&&!(*domd)){
c=gzgetc(*db_gzp);
retval= (c==EOF) ? 0 : (buf[0] = c,1);
}
if((*db_gzp==NULL)&&!(*domd)){
c=fgetc(*db_filep);
if(c==(unsigned char)'\037'){
c=fgetc(*db_filep);
if(c==(unsigned char)'\213'){
/* We got gzip header. */
error(255,"Got Gzip header. Handling..\n");
lseek(fileno(*db_filep),0L,SEEK_SET);
*db_gzp=gzdopen(fileno(*db_filep),"rb");
c=gzgetc(*db_gzp);
error(255,"First character after gzip header is: %c(%#X)\n",c,c);
if(c==-1) {
int xx;
error(0,"Error reading gzipped file: %s\n",gzerror(*db_gzp,&xx));
exit(EXIT_FAILURE);
}
}else {
/* False alarm */
ungetc(c,*db_filep);
}
}
retval= (c==EOF) ? 0 : (buf[0] = c,1);
}
#else /* WITH_ZLIB */
#ifdef WITH_MHASH
if(*domd){
retval=fread(buf,1,max_size,*db_filep);
}else {
c=fgetc(*db_filep);
retval= (c==EOF) ? 0 : (buf[0] = c,1);
}
#else /* WITH_MHASH */
retval=fread(buf,1,max_size,*db_filep);
#endif /* WITH_MHASH */
#endif /* WITH_ZLIB */
#ifdef WITH_MHASH
if(*domd){
if(!*md){
if((key=get_db_key())!=NULL){
keylen=get_db_key_len();
if( (*md=
mhash_hmac_init(conf->dbhmactype,
key,
keylen,
mhash_get_hash_pblock(conf->dbhmactype)))==
MHASH_FAILED){
error(0, "mhash_hmac_init() failed for db check. Aborting\n");
exit(EXIT_FAILURE);
}
} else {
*domd=0;
}
}
/* FIXME This does not handle the case that @@end_config is on
buffer boundary. */
if (*domd!=0) {
if((tmp=strnstr(buf,"@@end_db",retval))!=NULL){
/* We have end of db don't feed the last line to mhash */
mhash(*md,(void*)buf,tmp-buf);
/* We don't want to come here again after the *md has been deinited
by db_readline_file() */
*domd=0;
} else {
mhash(*md,(void*)buf,retval);
}
}
}
#endif
#ifdef WITH_CURL
}
#endif /* WITH CURL */
return retval;
}
int main()
{
mutils_word8 *tmp;
mutils_word8 *password;
mutils_word32 passlen;
mutils_word8 *data;
mutils_word32 datalen;
MHASH td;
mutils_word8 *mac;
mutils_word32 j;
int result;
passlen=sizeof(KEY1) - 1;
password = mutils_malloc(passlen + 1);
mutils_memcpy(password, (mutils_word8 *) KEY1, passlen);
datalen = mutils_strlen((mutils_word8 *) DATA1);
data = mutils_malloc(datalen+1);
mutils_strcpy(data, (mutils_word8 *) DATA1);
td = mhash_hmac_init(MHASH_MD5, password, passlen,
mhash_get_hash_pblock(MHASH_MD5));
mhash(td, data, datalen);
mac = mhash_hmac_end(td);
tmp = mutils_asciify(mac, mhash_get_block_size(MHASH_MD5));
result = mutils_strcmp((mutils_word8 *) DIGEST1, tmp);
mutils_free(password);
mutils_free(data);
if (result != 0) {
fprintf(stderr, "HMAC-Test: Failed\n");
fprintf(stderr, "Digest size: %d\n", mhash_get_block_size(MHASH_MD5));
fprintf(stderr, "Expecting: 0x%s\n", DIGEST1);
fprintf(stderr, "Got: 0x%s\n", tmp);
return(MUTILS_INVALID_RESULT);
}
mutils_free(tmp);
/* Test No 2 */
mutils_memset(tmp, 0, sizeof(tmp));
passlen=sizeof(KEY2) - 1;
password = (mutils_word8 *) mutils_malloc(passlen+1);
mutils_memcpy(password, KEY2, passlen);
datalen = mutils_strlen((mutils_word8 *) DATA2);
data = (mutils_word8 *) mutils_malloc(datalen+1);
mutils_strcpy(data, (mutils_word8 *) DATA2);
td = mhash_hmac_init(MHASH_MD5, password, passlen,
mhash_get_hash_pblock(MHASH_MD5));
mhash(td, data, datalen);
mac = mhash_hmac_end(td);
tmp = mutils_asciify(mac, mhash_get_block_size(MHASH_MD5));
result = mutils_strcmp((mutils_word8 *) DIGEST2, tmp);
mutils_free(password);
mutils_free(data);
if (result != 0)
{
fprintf(stderr, "HMAC-Test: Failed\n");
fprintf(stderr, "Expecting: 0x%s\nGot: 0x%s\n", DIGEST2, tmp);
return(MUTILS_INVALID_RESULT);
}
fprintf(stderr, "MD5 HMAC-Test: Ok\n");
mutils_free(tmp);
return(MUTILS_OK);
}
