summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJosh Bailey <joshb@google.com>2012-03-21 10:22:19 -0700
committerAvneesh Sachdev <avneesh@opensourcerouting.org>2012-04-07 13:53:22 -0700
commitbed930fd70742af5ae138e0a5ee629dda296ea36 (patch)
tree38d107117db56d60ce8d136507cc1d79ac2e22dc
parent54dd61227352dd1dd4db4fe76dbf7d2e92522e74 (diff)
lib: add support for keyed-hashing with MD5
* lib/md5.[ch] Add implementation of HMAC-MD5 from RFC 2104. From: Josh Bailey <joshb@google.com> Signed-off-by: Avneesh Sachdev <avneesh@opensourcerouting.org> Signed-off-by: David Lamparter <equinox@diac24.net>
-rw-r--r--lib/md5.c73
-rw-r--r--lib/md5.h4
2 files changed, 77 insertions, 0 deletions
diff --git a/lib/md5.c b/lib/md5.c
index 894de648..2fc36e17 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -298,3 +298,76 @@ static void md5_calc(const uint8_t *b64, md5_ctxt * ctxt)
ctxt->md5_stc += C;
ctxt->md5_std += D;
}
+
+/* From RFC 2104 */
+void
+hmac_md5(text, text_len, key, key_len, digest)
+unsigned char* text; /* pointer to data stream */
+int text_len; /* length of data stream */
+unsigned char* key; /* pointer to authentication key */
+int key_len; /* length of authentication key */
+caddr_t digest; /* caller digest to be filled in */
+
+{
+ MD5_CTX context;
+ unsigned char k_ipad[65]; /* inner padding -
+ * key XORd with ipad
+ */
+ unsigned char k_opad[65]; /* outer padding -
+ * key XORd with opad
+ */
+ unsigned char tk[16];
+ int i;
+ /* if key is longer than 64 bytes reset it to key=MD5(key) */
+ if (key_len > 64) {
+
+ MD5_CTX tctx;
+
+ MD5Init(&tctx);
+ MD5Update(&tctx, key, key_len);
+ MD5Final(tk, &tctx);
+
+ key = tk;
+ key_len = 16;
+ }
+
+ /*
+ * the HMAC_MD5 transform looks like:
+ *
+ * MD5(K XOR opad, MD5(K XOR ipad, text))
+ *
+ * where K is an n byte key
+ * ipad is the byte 0x36 repeated 64 times
+ * opad is the byte 0x5c repeated 64 times
+ * and text is the data being protected
+ */
+
+ /* start out by storing key in pads */
+ bzero( k_ipad, sizeof k_ipad);
+ bzero( k_opad, sizeof k_opad);
+ bcopy( key, k_ipad, key_len);
+ bcopy( key, k_opad, key_len);
+
+ /* XOR key with ipad and opad values */
+ for (i=0; i<64; i++) {
+ k_ipad[i] ^= 0x36;
+ k_opad[i] ^= 0x5c;
+ }
+ /*
+ * perform inner MD5
+ */
+ MD5Init(&context); /* init context for 1st
+ * pass */
+ MD5Update(&context, k_ipad, 64); /* start with inner pad */
+ MD5Update(&context, text, text_len); /* then text of datagram */
+ MD5Final(digest, &context); /* finish up 1st pass */
+ /*
+ * perform outer MD5
+ */
+ MD5Init(&context); /* init context for 2nd
+ * pass */
+ MD5Update(&context, k_opad, 64); /* start with outer pad */
+ MD5Update(&context, digest, 16); /* then results of 1st
+ * hash */
+ MD5Final(digest, &context); /* finish up 2nd pass */
+}
diff --git a/lib/md5.h b/lib/md5.h
index 89b9a320..a03bf22a 100644
--- a/lib/md5.h
+++ b/lib/md5.h
@@ -82,4 +82,8 @@ do { \
md5_result((x), (y)); \
} while (0)
+/* From RFC 2104 */
+void hmac_md5(unsigned char* text, int text_len, unsigned char* key,
+ int key_len, caddr_t digest);
+
#endif /* ! _LIBZEBRA_MD5_H_*/