/*
* Start HMAC-SHA256 process. Initialize an sha256 context and digest the key.
*/
void
isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
unsigned int len)
{
unsigned char ipad[ISC_SHA256_BLOCK_LENGTH];
unsigned int i;
memset(ctx->key, 0, sizeof(ctx->key));
if (len > sizeof(ctx->key)) {
isc_sha256_t sha256ctx;
isc_sha256_init(&sha256ctx);
isc_sha256_update(&sha256ctx, key, len);
isc_sha256_final(ctx->key, &sha256ctx);
} else
memcpy(ctx->key, key, len);
isc_sha256_init(&ctx->sha256ctx);
memset(ipad, IPAD, sizeof(ipad));
for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
ipad[i] ^= ctx->key[i];
isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad));
}
/*
* Compute signature - finalize SHA256 operation and reapply SHA256.
*/
void
isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
unsigned char opad[ISC_SHA256_BLOCK_LENGTH];
unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
unsigned int i;
REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
isc_sha256_final(newdigest, &ctx->sha256ctx);
memset(opad, OPAD, sizeof(opad));
for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
opad[i] ^= ctx->key[i];
isc_sha256_init(&ctx->sha256ctx);
isc_sha256_update(&ctx->sha256ctx, opad, sizeof(opad));
isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
isc_sha256_final(newdigest, &ctx->sha256ctx);
memcpy(digest, newdigest, len);
memset(newdigest, 0, sizeof(newdigest));
}
isc_result_t
dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
unsigned int digest_type, unsigned char *buffer,
dns_rdata_t *rdata)
{
dns_fixedname_t fname;
dns_name_t *name;
unsigned char digest[ISC_SHA256_DIGESTLENGTH];
isc_region_t r;
isc_buffer_t b;
dns_rdata_ds_t ds;
isc_sha1_t sha1;
isc_sha256_t sha256;
#ifdef HAVE_OPENSSL_GOST
EVP_MD_CTX ctx;
const EVP_MD *md;
#endif
REQUIRE(key != NULL);
REQUIRE(key->type == dns_rdatatype_dnskey);
if (!dns_ds_digest_supported(digest_type))
return (ISC_R_NOTIMPLEMENTED);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
(void)dns_name_downcase(owner, name, NULL);
memset(buffer, 0, DNS_DS_BUFFERSIZE);
isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);
switch (digest_type) {
case DNS_DSDIGEST_SHA1:
isc_sha1_init(&sha1);
dns_name_toregion(name, &r);
isc_sha1_update(&sha1, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha1_update(&sha1, r.base, r.length);
isc_sha1_final(&sha1, digest);
break;
#ifdef HAVE_OPENSSL_GOST
#define CHECK(x) \
if ((x) != 1) { \
EVP_MD_CTX_cleanup(&ctx); \
return (DST_R_OPENSSLFAILURE); \
}
case DNS_DSDIGEST_GOST:
md = EVP_gost();
if (md == NULL)
return (DST_R_OPENSSLFAILURE);
EVP_MD_CTX_init(&ctx);
CHECK(EVP_DigestInit(&ctx, md));
dns_name_toregion(name, &r);
CHECK(EVP_DigestUpdate(&ctx,
(const void *) r.base,
(size_t) r.length));
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
CHECK(EVP_DigestUpdate(&ctx,
(const void *) r.base,
(size_t) r.length));
CHECK(EVP_DigestFinal(&ctx, digest, NULL));
break;
#endif
default:
isc_sha256_init(&sha256);
dns_name_toregion(name, &r);
isc_sha256_update(&sha256, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha256_update(&sha256, r.base, r.length);
isc_sha256_final(digest, &sha256);
break;
}
ds.mctx = NULL;
ds.common.rdclass = key->rdclass;
ds.common.rdtype = dns_rdatatype_ds;
ds.algorithm = r.base[3];
ds.key_tag = dst_region_computeid(&r, ds.algorithm);
ds.digest_type = digest_type;
switch (digest_type) {
case DNS_DSDIGEST_SHA1:
ds.length = ISC_SHA1_DIGESTLENGTH;
break;
#ifdef HAVE_OPENSSL_GOST
case DNS_DSDIGEST_GOST:
ds.length = ISC_GOST_DIGESTLENGTH;
break;
#endif
default:
ds.length = ISC_SHA256_DIGESTLENGTH;
break;
}
ds.digest = digest;
return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
&ds, &b));
}
static isc_result_t
opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
#endif
UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1 ||
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
#if USE_EVP
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL)
return (ISC_R_NOMEMORY);
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
type = EVP_md5(); /* MD5 + RSA */
break;
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
type = EVP_sha1(); /* SHA1 + RSA */
break;
#ifdef HAVE_EVP_SHA256
case DST_ALG_RSASHA256:
type = EVP_sha256(); /* SHA256 + RSA */
break;
#endif
#ifdef HAVE_EVP_SHA512
case DST_ALG_RSASHA512:
type = EVP_sha512();
break;
#endif
default:
INSIST(0);
}
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
return (dst__openssl_toresult2("EVP_DigestInit_ex",
ISC_R_FAILURE));
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
#else
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
{
isc_md5_t *md5ctx;
md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
if (md5ctx == NULL)
return (ISC_R_NOMEMORY);
isc_md5_init(md5ctx);
dctx->ctxdata.md5ctx = md5ctx;
}
break;
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
{
isc_sha1_t *sha1ctx;
sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
if (sha1ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha1_init(sha1ctx);
dctx->ctxdata.sha1ctx = sha1ctx;
}
break;
case DST_ALG_RSASHA256:
{
isc_sha256_t *sha256ctx;
sha256ctx = isc_mem_get(dctx->mctx,
sizeof(isc_sha256_t));
if (sha256ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha256_init(sha256ctx);
dctx->ctxdata.sha256ctx = sha256ctx;
}
break;
case DST_ALG_RSASHA512:
{
isc_sha512_t *sha512ctx;
sha512ctx = isc_mem_get(dctx->mctx,
sizeof(isc_sha512_t));
if (sha512ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha512_init(sha512ctx);
dctx->ctxdata.sha512ctx = sha512ctx;
}
break;
default:
INSIST(0);
}
#endif
return (ISC_R_SUCCESS);
}
isc_result_t
dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
unsigned int digest_type, unsigned char *buffer,
dns_rdata_t *rdata)
{
dns_fixedname_t fname;
dns_name_t *name;
unsigned char digest[ISC_SHA384_DIGESTLENGTH];
isc_region_t r;
isc_buffer_t b;
dns_rdata_ds_t ds;
isc_sha1_t sha1;
isc_sha256_t sha256;
isc_sha384_t sha384;
#if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
isc_gost_t gost;
#endif
REQUIRE(key != NULL);
REQUIRE(key->type == dns_rdatatype_dnskey);
if (!dst_ds_digest_supported(digest_type))
return (ISC_R_NOTIMPLEMENTED);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
(void)dns_name_downcase(owner, name, NULL);
memset(buffer, 0, DNS_DS_BUFFERSIZE);
isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);
switch (digest_type) {
case DNS_DSDIGEST_SHA1:
isc_sha1_init(&sha1);
dns_name_toregion(name, &r);
isc_sha1_update(&sha1, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha1_update(&sha1, r.base, r.length);
isc_sha1_final(&sha1, digest);
break;
#if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
#define RETERR(x) do { \
isc_result_t ret = (x); \
if (ret != ISC_R_SUCCESS) { \
isc_gost_invalidate(&gost); \
return (ret); \
} \
} while (/*CONSTCOND*/0)
case DNS_DSDIGEST_GOST:
RETERR(isc_gost_init(&gost));
dns_name_toregion(name, &r);
RETERR(isc_gost_update(&gost, r.base, r.length));
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
RETERR(isc_gost_update(&gost, r.base, r.length));
RETERR(isc_gost_final(&gost, digest));
break;
#endif
case DNS_DSDIGEST_SHA384:
isc_sha384_init(&sha384);
dns_name_toregion(name, &r);
isc_sha384_update(&sha384, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha384_update(&sha384, r.base, r.length);
isc_sha384_final(digest, &sha384);
break;
case DNS_DSDIGEST_SHA256:
default:
isc_sha256_init(&sha256);
dns_name_toregion(name, &r);
isc_sha256_update(&sha256, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha256_update(&sha256, r.base, r.length);
isc_sha256_final(digest, &sha256);
break;
}
ds.mctx = NULL;
ds.common.rdclass = key->rdclass;
ds.common.rdtype = dns_rdatatype_ds;
ds.algorithm = r.base[3];
ds.key_tag = dst_region_computeid(&r, ds.algorithm);
ds.digest_type = digest_type;
switch (digest_type) {
case DNS_DSDIGEST_SHA1:
ds.length = ISC_SHA1_DIGESTLENGTH;
break;
#if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
case DNS_DSDIGEST_GOST:
ds.length = ISC_GOST_DIGESTLENGTH;
break;
#endif
case DNS_DSDIGEST_SHA384:
ds.length = ISC_SHA384_DIGESTLENGTH;
break;
case DNS_DSDIGEST_SHA256:
default:
ds.length = ISC_SHA256_DIGESTLENGTH;
break;
}
ds.digest = digest;
return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
&ds, &b));
}
int
main(int argc, char **argv) {
isc_buffer_t buf;
unsigned char key[1024];
char secret[1024];
char base64[(1024*4)/3];
isc_region_t r;
isc_result_t result;
if (argc != 3) {
fprintf(stderr, "Usage:\t%s algorithm secret\n", argv[0]);
fprintf(stderr, "\talgorithm: (MD5 | SHA1 | SHA224 | "
"SHA256 | SHA384 | SHA512)\n");
return (1);
}
isc_buffer_init(&buf, secret, sizeof(secret));
result = isc_base64_decodestring(argv[2], &buf);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "error: %s\n", isc_result_totext(result));
return (1);
}
isc__buffer_usedregion(&buf, &r);
if (!strcasecmp(argv[1], "md5") ||
!strcasecmp(argv[1], "hmac-md5")) {
if (r.length > HMAC_LEN) {
isc_md5_t md5ctx;
isc_md5_init(&md5ctx);
isc_md5_update(&md5ctx, r.base, r.length);
isc_md5_final(&md5ctx, key);
r.base = key;
r.length = ISC_MD5_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha1") ||
!strcasecmp(argv[1], "hmac-sha1")) {
if (r.length > ISC_SHA1_DIGESTLENGTH) {
isc_sha1_t sha1ctx;
isc_sha1_init(&sha1ctx);
isc_sha1_update(&sha1ctx, r.base, r.length);
isc_sha1_final(&sha1ctx, key);
r.base = key;
r.length = ISC_SHA1_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha224") ||
!strcasecmp(argv[1], "hmac-sha224")) {
if (r.length > ISC_SHA224_DIGESTLENGTH) {
isc_sha224_t sha224ctx;
isc_sha224_init(&sha224ctx);
isc_sha224_update(&sha224ctx, r.base, r.length);
isc_sha224_final(key, &sha224ctx);
r.base = key;
r.length = ISC_SHA224_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha256") ||
!strcasecmp(argv[1], "hmac-sha256")) {
if (r.length > ISC_SHA256_DIGESTLENGTH) {
isc_sha256_t sha256ctx;
isc_sha256_init(&sha256ctx);
isc_sha256_update(&sha256ctx, r.base, r.length);
isc_sha256_final(key, &sha256ctx);
r.base = key;
r.length = ISC_SHA256_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha384") ||
!strcasecmp(argv[1], "hmac-sha384")) {
if (r.length > ISC_SHA384_DIGESTLENGTH) {
isc_sha384_t sha384ctx;
isc_sha384_init(&sha384ctx);
isc_sha384_update(&sha384ctx, r.base, r.length);
isc_sha384_final(key, &sha384ctx);
r.base = key;
r.length = ISC_SHA384_DIGESTLENGTH;
}
} else if (!strcasecmp(argv[1], "sha512") ||
!strcasecmp(argv[1], "hmac-sha512")) {
if (r.length > ISC_SHA512_DIGESTLENGTH) {
isc_sha512_t sha512ctx;
isc_sha512_init(&sha512ctx);
isc_sha512_update(&sha512ctx, r.base, r.length);
isc_sha512_final(key, &sha512ctx);
r.base = key;
r.length = ISC_SHA512_DIGESTLENGTH;
}
} else {
fprintf(stderr, "unknown hmac/digest algorithm: %s\n", argv[1]);
return (1);
}
isc_buffer_init(&buf, base64, sizeof(base64));
result = isc_base64_totext(&r, 0, "", &buf);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "error: %s\n", isc_result_totext(result));
return (1);
}
fprintf(stdout, "%.*s\n", (int)isc_buffer_usedlength(&buf), base64);
return (0);
}
static isc_result_t
opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
#if USE_EVP
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
#endif
UNUSED(key);
#ifndef PK11_MD5_DISABLE
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1 ||
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
#else
REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 ||
dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
dctx->key->key_alg == DST_ALG_RSASHA256 ||
dctx->key->key_alg == DST_ALG_RSASHA512);
#endif
/*
* Reject incorrect RSA key lengths.
*/
switch (dctx->key->key_alg) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
/* From RFC 3110 */
if (dctx->key->key_size > 4096)
return (ISC_R_FAILURE);
break;
case DST_ALG_RSASHA256:
/* From RFC 5702 */
if ((dctx->key->key_size < 512) ||
(dctx->key->key_size > 4096))
return (ISC_R_FAILURE);
break;
case DST_ALG_RSASHA512:
/* From RFC 5702 */
if ((dctx->key->key_size < 1024) ||
(dctx->key->key_size > 4096))
return (ISC_R_FAILURE);
break;
default:
INSIST(0);
}
#if USE_EVP
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL)
return (ISC_R_NOMEMORY);
switch (dctx->key->key_alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_RSAMD5:
type = EVP_md5(); /* MD5 + RSA */
break;
#endif
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
type = EVP_sha1(); /* SHA1 + RSA */
break;
#ifdef HAVE_EVP_SHA256
case DST_ALG_RSASHA256:
type = EVP_sha256(); /* SHA256 + RSA */
break;
#endif
#ifdef HAVE_EVP_SHA512
case DST_ALG_RSASHA512:
type = EVP_sha512();
break;
#endif
default:
INSIST(0);
}
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
return (dst__openssl_toresult3(dctx->category,
"EVP_DigestInit_ex",
ISC_R_FAILURE));
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
#else
switch (dctx->key->key_alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_RSAMD5:
{
isc_md5_t *md5ctx;
md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
if (md5ctx == NULL)
return (ISC_R_NOMEMORY);
isc_md5_init(md5ctx);
dctx->ctxdata.md5ctx = md5ctx;
}
break;
#endif
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
{
isc_sha1_t *sha1ctx;
sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
if (sha1ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha1_init(sha1ctx);
dctx->ctxdata.sha1ctx = sha1ctx;
}
break;
case DST_ALG_RSASHA256:
{
isc_sha256_t *sha256ctx;
sha256ctx = isc_mem_get(dctx->mctx,
sizeof(isc_sha256_t));
if (sha256ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha256_init(sha256ctx);
dctx->ctxdata.sha256ctx = sha256ctx;
}
break;
case DST_ALG_RSASHA512:
{
isc_sha512_t *sha512ctx;
sha512ctx = isc_mem_get(dctx->mctx,
sizeof(isc_sha512_t));
if (sha512ctx == NULL)
return (ISC_R_NOMEMORY);
isc_sha512_init(sha512ctx);
dctx->ctxdata.sha512ctx = sha512ctx;
}
break;
default:
INSIST(0);
}
#endif
return (ISC_R_SUCCESS);
}
