void buffer_copy_string_hex(buffer *b, const char *in, size_t in_len) { /* overflow protection */ force_assert(in_len * 2 > in_len); buffer_string_set_length(b, 2 * in_len); li_tohex(b->ptr, in, in_len); }
static void CvtHex(const HASH Bin, char (*Hex)[33]) { li_tohex(*Hex, sizeof(*Hex), (const char*) Bin, 16); }
static int secdl_verify_mac(server *srv, plugin_config *config, const char* protected_path, const char* mac, size_t maclen) { UNUSED(srv); if (0 == maclen || secdl_algorithm_mac_length(config->algorithm) != maclen) return 0; switch (config->algorithm) { case SECDL_INVALID: break; case SECDL_MD5: { li_MD5_CTX Md5Ctx; HASH HA1; char hexmd5[33]; const char *ts_str; const char *rel_uri; /* legacy message: * protected_path := '/' <timestamp-hex> <rel-path> * timestamp-hex := [0-9a-f]{8} * rel-path := '/' any* * (the protected path was already verified) * message = <secret><rel-path><timestamp-hex> */ ts_str = protected_path + 1; rel_uri = ts_str + 8; li_MD5_Init(&Md5Ctx); li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(config->secret)); li_MD5_Update(&Md5Ctx, rel_uri, strlen(rel_uri)); li_MD5_Update(&Md5Ctx, ts_str, 8); li_MD5_Final(HA1, &Md5Ctx); li_tohex(hexmd5, sizeof(hexmd5), (const char *)HA1, 16); return (32 == maclen) && const_time_memeq(mac, hexmd5, 32); } case SECDL_HMAC_SHA1: #ifdef USE_OPENSSL_CRYPTO { unsigned char digest[20]; char base64_digest[27]; if (NULL == HMAC( EVP_sha1(), (unsigned char const*) CONST_BUF_LEN(config->secret), (unsigned char const*) protected_path, strlen(protected_path), digest, NULL)) { log_error_write(srv, __FILE__, __LINE__, "s", "hmac-sha1: HMAC() failed"); return 0; } li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL); return (27 == maclen) && const_time_memeq(mac, base64_digest, 27); } #endif break; case SECDL_HMAC_SHA256: #ifdef USE_OPENSSL_CRYPTO { unsigned char digest[32]; char base64_digest[43]; if (NULL == HMAC( EVP_sha256(), (unsigned char const*) CONST_BUF_LEN(config->secret), (unsigned char const*) protected_path, strlen(protected_path), digest, NULL)) { log_error_write(srv, __FILE__, __LINE__, "s", "hmac-sha256: HMAC() failed"); return 0; } li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL); return (43 == maclen) && const_time_memeq(mac, base64_digest, 43); } #endif break; } return 0; }