static isc_result_t compute_secret (isc_buffer_t * shared, isc_region_t * queryrandomness, isc_region_t * serverrandomness, isc_buffer_t * secret) { isc_md5_t md5ctx; isc_region_t r, r2; unsigned char digests[32]; unsigned int i; isc_buffer_usedregion (shared, &r); /* * MD5 ( query data | DH value ). */ isc_md5_init (&md5ctx); isc_md5_update (&md5ctx, queryrandomness->base, queryrandomness->length); isc_md5_update (&md5ctx, r.base, r.length); isc_md5_final (&md5ctx, digests); /* * MD5 ( server data | DH value ). */ isc_md5_init (&md5ctx); isc_md5_update (&md5ctx, serverrandomness->base, serverrandomness->length); isc_md5_update (&md5ctx, r.base, r.length); isc_md5_final (&md5ctx, &digests[ISC_MD5_DIGESTLENGTH]); /* * XOR ( DH value, MD5-1 | MD5-2). */ isc_buffer_availableregion (secret, &r); isc_buffer_usedregion (shared, &r2); if (r.length < sizeof (digests) || r.length < r2.length) return (ISC_R_NOSPACE); if (r2.length > sizeof (digests)) { memcpy (r.base, r2.base, r2.length); for (i = 0; i < sizeof (digests); i++) r.base[i] ^= digests[i]; isc_buffer_add (secret, r2.length); } else { memcpy (r.base, digests, sizeof (digests)); for (i = 0; i < r2.length; i++) r.base[i] ^= r2.base[i]; isc_buffer_add (secret, sizeof (digests)); } return (ISC_R_SUCCESS); }
static isc_result_t opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { dst_key_t *key = dctx->key; RSA *rsa = key->opaque; /* note: ISC_SHA1_DIGESTLENGTH > ISC_MD5_DIGESTLENGTH */ unsigned char digest[ISC_SHA1_DIGESTLENGTH]; int status = 0; int type; unsigned int digestlen; REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || dctx->key->key_alg == DST_ALG_RSASHA1); if (dctx->key->key_alg == DST_ALG_RSAMD5) { isc_md5_t *md5ctx = dctx->opaque; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } else { isc_sha1_t *sha1ctx = dctx->opaque; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; } if (sig->length < (unsigned int) RSA_size(rsa)) return (DST_R_VERIFYFAILURE); status = RSA_verify(type, digest, digestlen, sig->base, RSA_size(rsa), rsa); if (status == 0) return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); return (ISC_R_SUCCESS); }
static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { HMAC_Key *hkey; int keylen; isc_region_t r; isc_md5_t md5ctx; isc_buffer_remainingregion(data, &r); if (r.length == 0) return (ISC_R_SUCCESS); hkey = (HMAC_Key *) isc_mem_get(key->mctx, sizeof(HMAC_Key)); if (hkey == NULL) return (ISC_R_NOMEMORY); memset(hkey->key, 0, sizeof(hkey->key)); if (r.length > HMAC_LEN) { isc_md5_init(&md5ctx); isc_md5_update(&md5ctx, r.base, r.length); isc_md5_final(&md5ctx, hkey->key); keylen = ISC_MD5_DIGESTLENGTH; } else { memcpy(hkey->key, r.base, r.length); keylen = r.length; } key->key_size = keylen * 8; key->opaque = hkey; return (ISC_R_SUCCESS); }
/*! * Compute signature - finalize MD5 operation and reapply MD5. */ void isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) { unsigned char opad[PADLEN]; int i; isc_md5_final(&ctx->md5ctx, digest); memset(opad, OPAD, sizeof(opad)); for (i = 0; i < PADLEN; i++) opad[i] ^= ctx->key[i]; isc_md5_init(&ctx->md5ctx); isc_md5_update(&ctx->md5ctx, opad, sizeof(opad)); isc_md5_update(&ctx->md5ctx, digest, ISC_MD5_DIGESTLENGTH); isc_md5_final(&ctx->md5ctx, digest); isc_hmacmd5_invalidate(ctx); }
static isc_result_t opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { dst_key_t *key = dctx->key; RSA *rsa = key->opaque; isc_region_t r; /* note: ISC_SHA1_DIGESTLENGTH > ISC_MD5_DIGESTLENGTH */ unsigned char digest[ISC_SHA1_DIGESTLENGTH]; unsigned int siglen = 0; int status; int type; unsigned int digestlen; char *message; unsigned long err; const char* file; int line; REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || dctx->key->key_alg == DST_ALG_RSASHA1); isc_buffer_availableregion(sig, &r); if (r.length < (unsigned int) RSA_size(rsa)) return (ISC_R_NOSPACE); if (dctx->key->key_alg == DST_ALG_RSAMD5) { isc_md5_t *md5ctx = dctx->opaque; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } else { isc_sha1_t *sha1ctx = dctx->opaque; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; } status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa); if (status == 0) { err = ERR_peek_error_line(&file, &line); if (err != 0U) { message = ERR_error_string(err, NULL); fprintf(stderr, "%s:%s:%d\n", message, file ? file : "", line); } return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } isc_buffer_add(sig, siglen); return (ISC_R_SUCCESS); }
/*! * Start HMAC-MD5 process. Initialize an md5 context and digest the key. */ void isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key, unsigned int len) { unsigned char ipad[PADLEN]; int i; memset(ctx->key, 0, sizeof(ctx->key)); if (len > sizeof(ctx->key)) { isc_md5_t md5ctx; isc_md5_init(&md5ctx); isc_md5_update(&md5ctx, key, len); isc_md5_final(&md5ctx, ctx->key); } else memmove(ctx->key, key, len); isc_md5_init(&ctx->md5ctx); memset(ipad, IPAD, sizeof(ipad)); for (i = 0; i < PADLEN; i++) ipad[i] ^= ctx->key[i]; isc_md5_update(&ctx->md5ctx, ipad, sizeof(ipad)); }
static isc_result_t opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { dst_key_t *key = dctx->key; int status = 0; #if USE_EVP EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_PKEY *pkey = key->keydata.pkey; #else /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */ unsigned char digest[ISC_SHA512_DIGESTLENGTH]; int type = 0; unsigned int digestlen = 0; RSA *rsa = key->keydata.rsa; #if OPENSSL_VERSION_NUMBER < 0x00908000L unsigned int prefixlen = 0; const unsigned char *prefix = NULL; #endif #endif REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || dctx->key->key_alg == DST_ALG_RSASHA1 || dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || dctx->key->key_alg == DST_ALG_RSASHA256 || dctx->key->key_alg == DST_ALG_RSASHA512); #if USE_EVP status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey); #else switch (dctx->key->key_alg) { case DST_ALG_RSAMD5: { isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } break; case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: { isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; } break; case DST_ALG_RSASHA256: { isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; isc_sha256_final(digest, sha256ctx); digestlen = ISC_SHA256_DIGESTLENGTH; #if OPENSSL_VERSION_NUMBER < 0x00908000L prefix = sha256_prefix; prefixlen = sizeof(sha256_prefix); #else type = NID_sha256; #endif } break; case DST_ALG_RSASHA512: { isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; isc_sha512_final(digest, sha512ctx); digestlen = ISC_SHA512_DIGESTLENGTH; #if OPENSSL_VERSION_NUMBER < 0x00908000L prefix = sha512_prefix; prefixlen = sizeof(sha512_prefix); #else type = NID_sha512; #endif } break; default: INSIST(0); } if (sig->length != (unsigned int) RSA_size(rsa)) return (DST_R_VERIFYFAILURE); #if OPENSSL_VERSION_NUMBER < 0x00908000L switch (dctx->key->key_alg) { case DST_ALG_RSAMD5: case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: INSIST(type != 0); status = RSA_verify(type, digest, digestlen, sig->base, RSA_size(rsa), rsa); break; case DST_ALG_RSASHA256: case DST_ALG_RSASHA512: { /* * 1024 is big enough for all valid RSA bit sizes * for use with DNSSEC. */ unsigned char original[PREFIXLEN + 1024]; INSIST(prefix != NULL); INSIST(prefixlen != 0U); if (RSA_size(rsa) > (int)sizeof(original)) return (DST_R_VERIFYFAILURE); status = RSA_public_decrypt(sig->length, sig->base, original, rsa, RSA_PKCS1_PADDING); if (status <= 0) return (dst__openssl_toresult2( "RSA_public_decrypt", DST_R_VERIFYFAILURE)); if (status != (int)(prefixlen + digestlen)) return (DST_R_VERIFYFAILURE); if (memcmp(original, prefix, prefixlen)) return (DST_R_VERIFYFAILURE); if (memcmp(original + prefixlen, digest, digestlen)) return (DST_R_VERIFYFAILURE); status = 1; } break; default: INSIST(0); } #else INSIST(type != 0); status = RSA_verify(type, digest, digestlen, sig->base, RSA_size(rsa), rsa); #endif #endif if (status != 1) return (dst__openssl_toresult2("RSA_verify", DST_R_VERIFYFAILURE)); return (ISC_R_SUCCESS); }
static isc_result_t opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { dst_key_t *key = dctx->key; isc_region_t r; unsigned int siglen = 0; #if USE_EVP EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_PKEY *pkey = key->keydata.pkey; #else RSA *rsa = key->keydata.rsa; /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */ unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH]; int status; int type = 0; unsigned int digestlen = 0; #if OPENSSL_VERSION_NUMBER < 0x00908000L unsigned int prefixlen = 0; const unsigned char *prefix = NULL; #endif #endif REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || dctx->key->key_alg == DST_ALG_RSASHA1 || dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || dctx->key->key_alg == DST_ALG_RSASHA256 || dctx->key->key_alg == DST_ALG_RSASHA512); isc_buffer_availableregion(sig, &r); #if USE_EVP if (r.length < (unsigned int) EVP_PKEY_size(pkey)) return (ISC_R_NOSPACE); if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) { return (dst__openssl_toresult2("EVP_SignFinal", ISC_R_FAILURE)); } #else if (r.length < (unsigned int) RSA_size(rsa)) return (ISC_R_NOSPACE); switch (dctx->key->key_alg) { case DST_ALG_RSAMD5: { isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } break; case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: { isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; } break; case DST_ALG_RSASHA256: { isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; isc_sha256_final(digest, sha256ctx); digestlen = ISC_SHA256_DIGESTLENGTH; #if OPENSSL_VERSION_NUMBER < 0x00908000L prefix = sha256_prefix; prefixlen = sizeof(sha256_prefix); #else type = NID_sha256; #endif } break; case DST_ALG_RSASHA512: { isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; isc_sha512_final(digest, sha512ctx); digestlen = ISC_SHA512_DIGESTLENGTH; #if OPENSSL_VERSION_NUMBER < 0x00908000L prefix = sha512_prefix; prefixlen = sizeof(sha512_prefix); #else type = NID_sha512; #endif } break; default: INSIST(0); } #if OPENSSL_VERSION_NUMBER < 0x00908000L switch (dctx->key->key_alg) { case DST_ALG_RSAMD5: case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: INSIST(type != 0); status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa); break; case DST_ALG_RSASHA256: case DST_ALG_RSASHA512: INSIST(prefix != NULL); INSIST(prefixlen != 0); INSIST(prefixlen + digestlen <= sizeof(digest)); memmove(digest + prefixlen, digest, digestlen); memcpy(digest, prefix, prefixlen); status = RSA_private_encrypt(digestlen + prefixlen, digest, r.base, rsa, RSA_PKCS1_PADDING); if (status < 0) status = 0; else siglen = status; break; default: INSIST(0); } #else INSIST(type != 0); status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa); #endif if (status == 0) return (dst__openssl_toresult2("RSA_sign", DST_R_OPENSSLFAILURE)); #endif isc_buffer_add(sig, siglen); return (ISC_R_SUCCESS); }
int main(int argc, char **argv) { isc_buffer_t buf; unsigned char key[1024]; char secret[1024]; char base64[(1024*4)/3]; isc_region_t r; isc_result_t result; if (argc != 3) { fprintf(stderr, "Usage:\t%s algorithm secret\n", argv[0]); fprintf(stderr, "\talgorithm: (MD5 | SHA1 | SHA224 | " "SHA256 | SHA384 | SHA512)\n"); return (1); } isc_buffer_init(&buf, secret, sizeof(secret)); result = isc_base64_decodestring(argv[2], &buf); if (result != ISC_R_SUCCESS) { fprintf(stderr, "error: %s\n", isc_result_totext(result)); return (1); } isc__buffer_usedregion(&buf, &r); if (!strcasecmp(argv[1], "md5") || !strcasecmp(argv[1], "hmac-md5")) { if (r.length > HMAC_LEN) { isc_md5_t md5ctx; isc_md5_init(&md5ctx); isc_md5_update(&md5ctx, r.base, r.length); isc_md5_final(&md5ctx, key); r.base = key; r.length = ISC_MD5_DIGESTLENGTH; } } else if (!strcasecmp(argv[1], "sha1") || !strcasecmp(argv[1], "hmac-sha1")) { if (r.length > ISC_SHA1_DIGESTLENGTH) { isc_sha1_t sha1ctx; isc_sha1_init(&sha1ctx); isc_sha1_update(&sha1ctx, r.base, r.length); isc_sha1_final(&sha1ctx, key); r.base = key; r.length = ISC_SHA1_DIGESTLENGTH; } } else if (!strcasecmp(argv[1], "sha224") || !strcasecmp(argv[1], "hmac-sha224")) { if (r.length > ISC_SHA224_DIGESTLENGTH) { isc_sha224_t sha224ctx; isc_sha224_init(&sha224ctx); isc_sha224_update(&sha224ctx, r.base, r.length); isc_sha224_final(key, &sha224ctx); r.base = key; r.length = ISC_SHA224_DIGESTLENGTH; } } else if (!strcasecmp(argv[1], "sha256") || !strcasecmp(argv[1], "hmac-sha256")) { if (r.length > ISC_SHA256_DIGESTLENGTH) { isc_sha256_t sha256ctx; isc_sha256_init(&sha256ctx); isc_sha256_update(&sha256ctx, r.base, r.length); isc_sha256_final(key, &sha256ctx); r.base = key; r.length = ISC_SHA256_DIGESTLENGTH; } } else if (!strcasecmp(argv[1], "sha384") || !strcasecmp(argv[1], "hmac-sha384")) { if (r.length > ISC_SHA384_DIGESTLENGTH) { isc_sha384_t sha384ctx; isc_sha384_init(&sha384ctx); isc_sha384_update(&sha384ctx, r.base, r.length); isc_sha384_final(key, &sha384ctx); r.base = key; r.length = ISC_SHA384_DIGESTLENGTH; } } else if (!strcasecmp(argv[1], "sha512") || !strcasecmp(argv[1], "hmac-sha512")) { if (r.length > ISC_SHA512_DIGESTLENGTH) { isc_sha512_t sha512ctx; isc_sha512_init(&sha512ctx); isc_sha512_update(&sha512ctx, r.base, r.length); isc_sha512_final(key, &sha512ctx); r.base = key; r.length = ISC_SHA512_DIGESTLENGTH; } } else { fprintf(stderr, "unknown hmac/digest algorithm: %s\n", argv[1]); return (1); } isc_buffer_init(&buf, base64, sizeof(base64)); result = isc_base64_totext(&r, 0, "", &buf); if (result != ISC_R_SUCCESS) { fprintf(stderr, "error: %s\n", isc_result_totext(result)); return (1); } fprintf(stdout, "%.*s\n", (int)isc_buffer_usedlength(&buf), base64); return (0); }
int main(int argc, char **argv) { isc_sha1_t sha1; isc_sha224_t sha224; isc_md5_t md5; isc_hmacmd5_t hmacmd5; isc_hmacsha1_t hmacsha1; isc_hmacsha224_t hmacsha224; isc_hmacsha256_t hmacsha256; isc_hmacsha384_t hmacsha384; isc_hmacsha512_t hmacsha512; unsigned char digest[ISC_SHA512_DIGESTLENGTH]; unsigned char buffer[1024]; const char *s; unsigned char key[20]; UNUSED(argc); UNUSED(argv); s = "abc"; isc_sha1_init(&sha1); memcpy(buffer, s, strlen(s)); isc_sha1_update(&sha1, buffer, strlen(s)); isc_sha1_final(&sha1, digest); print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4); s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; isc_sha1_init(&sha1); memcpy(buffer, s, strlen(s)); isc_sha1_update(&sha1, buffer, strlen(s)); isc_sha1_final(&sha1, digest); print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4); s = "abc"; isc_sha224_init(&sha224); memcpy(buffer, s, strlen(s)); isc_sha224_update(&sha224, buffer, strlen(s)); isc_sha224_final(digest, &sha224); print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4); s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; isc_sha224_init(&sha224); memcpy(buffer, s, strlen(s)); isc_sha224_update(&sha224, buffer, strlen(s)); isc_sha224_final(digest, &sha224); print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4); s = "abc"; isc_md5_init(&md5); memcpy(buffer, s, strlen(s)); isc_md5_update(&md5, buffer, strlen(s)); isc_md5_final(&md5, digest); print_digest(s, "md5", digest, 4); /* * The 3 HMAC-MD5 examples from RFC2104 */ s = "Hi There"; memset(key, 0x0b, 16); isc_hmacmd5_init(&hmacmd5, key, 16); memcpy(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); isc_hmacmd5_sign(&hmacmd5, digest); print_digest(s, "hmacmd5", digest, 4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); isc_hmacmd5_init(&hmacmd5, key, 4); memcpy(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); isc_hmacmd5_sign(&hmacmd5, digest); print_digest(s, "hmacmd5", digest, 4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335"; memset(key, 0xaa, 16); isc_hmacmd5_init(&hmacmd5, key, 16); memcpy(buffer, s, strlen(s)); isc_hmacmd5_update(&hmacmd5, buffer, strlen(s)); isc_hmacmd5_sign(&hmacmd5, digest); print_digest(s, "hmacmd5", digest, 4); /* * The 3 HMAC-SHA1 examples from RFC4634. */ s = "Hi There"; memset(key, 0x0b, 20); isc_hmacsha1_init(&hmacsha1, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH); print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); isc_hmacsha1_init(&hmacsha1, key, 4); memcpy(buffer, s, strlen(s)); isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH); print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335"; memset(key, 0xaa, 20); isc_hmacsha1_init(&hmacsha1, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha1_update(&hmacsha1, buffer, strlen(s)); isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH); print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4); /* * The 3 HMAC-SHA224 examples from RFC4634. */ s = "Hi There"; memset(key, 0x0b, 20); isc_hmacsha224_init(&hmacsha224, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH); print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); isc_hmacsha224_init(&hmacsha224, key, 4); memcpy(buffer, s, strlen(s)); isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH); print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335"; memset(key, 0xaa, 20); isc_hmacsha224_init(&hmacsha224, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha224_update(&hmacsha224, buffer, strlen(s)); isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH); print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4); /* * The 3 HMAC-SHA256 examples from RFC4634. */ s = "Hi There"; memset(key, 0x0b, 20); isc_hmacsha256_init(&hmacsha256, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH); print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); isc_hmacsha256_init(&hmacsha256, key, 4); memcpy(buffer, s, strlen(s)); isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH); print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335"; memset(key, 0xaa, 20); isc_hmacsha256_init(&hmacsha256, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha256_update(&hmacsha256, buffer, strlen(s)); isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH); print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4); /* * The 3 HMAC-SHA384 examples from RFC4634. */ s = "Hi There"; memset(key, 0x0b, 20); isc_hmacsha384_init(&hmacsha384, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH); print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); isc_hmacsha384_init(&hmacsha384, key, 4); memcpy(buffer, s, strlen(s)); isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH); print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335"; memset(key, 0xaa, 20); isc_hmacsha384_init(&hmacsha384, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha384_update(&hmacsha384, buffer, strlen(s)); isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH); print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4); /* * The 3 HMAC-SHA512 examples from RFC4634. */ s = "Hi There"; memset(key, 0x0b, 20); isc_hmacsha512_init(&hmacsha512, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH); print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); s = "what do ya want for nothing?"; strcpy((char *)key, "Jefe"); isc_hmacsha512_init(&hmacsha512, key, 4); memcpy(buffer, s, strlen(s)); isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH); print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); s = "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335" "\335\335\335\335\335\335\335\335\335\335"; memset(key, 0xaa, 20); isc_hmacsha512_init(&hmacsha512, key, 20); memcpy(buffer, s, strlen(s)); isc_hmacsha512_update(&hmacsha512, buffer, strlen(s)); isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH); print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4); return (0); }