dovecot-2.2: lib: Generalize hmac to be hash independent
dovecot at dovecot.org
dovecot at dovecot.org
Tue Oct 2 22:55:54 EEST 2012
details: http://hg.dovecot.org/dovecot-2.2/rev/8802322d7257
changeset: 15172:8802322d7257
user: Florian Zeitz <florob at babelmonkeys.de>
date: Thu Aug 30 00:43:56 2012 +0200
description:
lib: Generalize hmac to be hash independent
diffstat:
src/auth/auth-token.c | 18 +++--
src/auth/mech-cram-md5.c | 11 ++-
src/auth/mech-scram-sha1.c | 51 +++++++++--------
src/auth/password-scheme.c | 9 +-
src/lib-imap-urlauth/imap-urlauth.c | 11 ++-
src/lib-ntlm/ntlm-encrypt.c | 23 ++++---
src/lib/Makefile.am | 8 +-
src/lib/hmac-cram-md5.c | 63 ++++++++++++++++++++++
src/lib/hmac-cram-md5.h | 14 ++++
src/lib/hmac-md5.c | 101 ------------------------------------
src/lib/hmac-md5.h | 29 ----------
src/lib/hmac-sha1.c | 52 ------------------
src/lib/hmac-sha1.h | 22 -------
src/lib/hmac.c | 58 ++++++++++++++++++++
src/lib/hmac.h | 26 +++++++++
15 files changed, 231 insertions(+), 265 deletions(-)
diffs (truncated from 740 to 300 lines):
diff -r fc512eba5207 -r 8802322d7257 src/auth/auth-token.c
--- a/src/auth/auth-token.c Tue Oct 02 22:45:34 2012 +0300
+++ b/src/auth/auth-token.c Thu Aug 30 00:43:56 2012 +0200
@@ -11,7 +11,8 @@
#include "auth-common.h"
#include "hex-binary.h"
-#include "hmac-sha1.h"
+#include "hmac.h"
+#include "sha1.h"
#include "randgen.h"
#include "read-full.h"
#include "write-full.h"
@@ -168,16 +169,17 @@
const char *auth_token_get(const char *service, const char *session_pid,
const char *username, const char *session_id)
{
- struct hmac_sha1_context ctx;
+ struct hmac_context ctx;
unsigned char result[SHA1_RESULTLEN];
- hmac_sha1_init(&ctx, username, strlen(username));
- hmac_sha1_update(&ctx, session_pid, strlen(session_pid));
+ hmac_init(&ctx, (const unsigned char*)username, strlen(username),
+ &hash_method_sha1);
+ hmac_update(&ctx, session_pid, strlen(session_pid));
if (session_id != NULL && *session_id != '\0')
- hmac_sha1_update(&ctx, session_id, strlen(session_id));
- hmac_sha1_update(&ctx, service, strlen(service));
- hmac_sha1_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
- hmac_sha1_final(&ctx, result);
+ hmac_update(&ctx, session_id, strlen(session_id));
+ hmac_update(&ctx, service, strlen(service));
+ hmac_update(&ctx, auth_token_secret, sizeof(auth_token_secret));
+ hmac_final(&ctx, result);
return binary_to_hex(result, sizeof(result));
}
diff -r fc512eba5207 -r 8802322d7257 src/auth/mech-cram-md5.c
--- a/src/auth/mech-cram-md5.c Tue Oct 02 22:45:34 2012 +0300
+++ b/src/auth/mech-cram-md5.c Thu Aug 30 00:43:56 2012 +0200
@@ -7,7 +7,9 @@
#include "ioloop.h"
#include "buffer.h"
#include "hex-binary.h"
-#include "hmac-md5.h"
+#include "hmac-cram-md5.h"
+#include "hmac.h"
+#include "md5.h"
#include "randgen.h"
#include "mech.h"
#include "passdb.h"
@@ -50,7 +52,7 @@
{
unsigned char digest[MD5_RESULTLEN];
- struct hmac_md5_context ctx;
+ struct hmac_context ctx;
const char *response_hex;
if (size != CRAM_MD5_CONTEXTLEN) {
@@ -59,9 +61,10 @@
return FALSE;
}
+ hmac_init(&ctx, NULL, 0, &hash_method_md5);
hmac_md5_set_cram_context(&ctx, credentials);
- hmac_md5_update(&ctx, request->challenge, strlen(request->challenge));
- hmac_md5_final(&ctx, digest);
+ hmac_update(&ctx, request->challenge, strlen(request->challenge));
+ hmac_final(&ctx, digest);
response_hex = binary_to_hex(digest, sizeof(digest));
diff -r fc512eba5207 -r 8802322d7257 src/auth/mech-scram-sha1.c
--- a/src/auth/mech-scram-sha1.c Tue Oct 02 22:45:34 2012 +0300
+++ b/src/auth/mech-scram-sha1.c Thu Aug 30 00:43:56 2012 +0200
@@ -9,7 +9,8 @@
#include "auth-common.h"
#include "base64.h"
#include "buffer.h"
-#include "hmac-sha1.h"
+#include "hmac.h"
+#include "sha1.h"
#include "randgen.h"
#include "safe-memset.h"
#include "str.h"
@@ -44,23 +45,23 @@
const unsigned char *salt, size_t salt_size, unsigned int i,
unsigned char result[SHA1_RESULTLEN])
{
- struct hmac_sha1_context ctx;
+ struct hmac_context ctx;
unsigned char U[SHA1_RESULTLEN];
unsigned int j, k;
/* Calculate U1 */
- hmac_sha1_init(&ctx, str, str_size);
- hmac_sha1_update(&ctx, salt, salt_size);
- hmac_sha1_update(&ctx, "\0\0\0\1", 4);
- hmac_sha1_final(&ctx, U);
+ hmac_init(&ctx, str, str_size, &hash_method_sha1);
+ hmac_update(&ctx, salt, salt_size);
+ hmac_update(&ctx, "\0\0\0\1", 4);
+ hmac_final(&ctx, U);
memcpy(result, U, SHA1_RESULTLEN);
/* Calculate U2 to Ui and Hi */
for (j = 2; j <= i; j++) {
- hmac_sha1_init(&ctx, str, str_size);
- hmac_sha1_update(&ctx, U, sizeof(U));
- hmac_sha1_final(&ctx, U);
+ hmac_init(&ctx, str, str_size, &hash_method_sha1);
+ hmac_update(&ctx, U, sizeof(U));
+ hmac_final(&ctx, U);
for (k = 0; k < SHA1_RESULTLEN; k++)
result[k] ^= U[k];
}
@@ -94,7 +95,7 @@
static const char *get_scram_server_final(struct scram_auth_request *request)
{
- struct hmac_sha1_context ctx;
+ struct hmac_context ctx;
const char *auth_message;
unsigned char server_key[SHA1_RESULTLEN];
unsigned char server_signature[SHA1_RESULTLEN];
@@ -104,17 +105,17 @@
request->server_first_message, ",",
request->client_final_message_without_proof, NULL);
- hmac_sha1_init(&ctx, request->salted_password,
- sizeof(request->salted_password));
- hmac_sha1_update(&ctx, "Server Key", 10);
- hmac_sha1_final(&ctx, server_key);
+ hmac_init(&ctx, request->salted_password,
+ sizeof(request->salted_password), &hash_method_sha1);
+ hmac_update(&ctx, "Server Key", 10);
+ hmac_final(&ctx, server_key);
safe_memset(request->salted_password, 0,
sizeof(request->salted_password));
- hmac_sha1_init(&ctx, server_key, sizeof(server_key));
- hmac_sha1_update(&ctx, auth_message, strlen(auth_message));
- hmac_sha1_final(&ctx, server_signature);
+ hmac_init(&ctx, server_key, sizeof(server_key), &hash_method_sha1);
+ hmac_update(&ctx, auth_message, strlen(auth_message));
+ hmac_final(&ctx, server_signature);
str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(server_signature)));
str_append(str, "v=");
@@ -213,7 +214,7 @@
static bool verify_credentials(struct scram_auth_request *request,
const unsigned char *credentials, size_t size)
{
- struct hmac_sha1_context ctx;
+ struct hmac_context ctx;
const char *auth_message;
unsigned char client_key[SHA1_RESULTLEN];
unsigned char client_signature[SHA1_RESULTLEN];
@@ -224,10 +225,10 @@
Hi(credentials, size, request->salt, sizeof(request->salt),
SCRAM_ITERATE_COUNT, request->salted_password);
- hmac_sha1_init(&ctx, request->salted_password,
- sizeof(request->salted_password));
- hmac_sha1_update(&ctx, "Client Key", 10);
- hmac_sha1_final(&ctx, client_key);
+ hmac_init(&ctx, request->salted_password,
+ sizeof(request->salted_password), &hash_method_sha1);
+ hmac_update(&ctx, "Client Key", 10);
+ hmac_final(&ctx, client_key);
sha1_get_digest(client_key, sizeof(client_key), stored_key);
@@ -235,9 +236,9 @@
request->server_first_message, ",",
request->client_final_message_without_proof, NULL);
- hmac_sha1_init(&ctx, stored_key, sizeof(stored_key));
- hmac_sha1_update(&ctx, auth_message, strlen(auth_message));
- hmac_sha1_final(&ctx, client_signature);
+ hmac_init(&ctx, stored_key, sizeof(stored_key), &hash_method_sha1);
+ hmac_update(&ctx, auth_message, strlen(auth_message));
+ hmac_final(&ctx, client_signature);
for (i = 0; i < sizeof(client_signature); i++)
client_signature[i] ^= client_key[i];
diff -r fc512eba5207 -r 8802322d7257 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c Tue Oct 02 22:45:34 2012 +0300
+++ b/src/auth/password-scheme.c Thu Aug 30 00:43:56 2012 +0200
@@ -6,7 +6,8 @@
#include "hex-binary.h"
#include "md4.h"
#include "md5.h"
-#include "hmac-md5.h"
+#include "hmac.h"
+#include "hmac-cram-md5.h"
#include "ntlm.h"
#include "mycrypt.h"
#include "randgen.h"
@@ -655,12 +656,12 @@
cram_md5_generate(const char *plaintext, const char *user ATTR_UNUSED,
const unsigned char **raw_password_r, size_t *size_r)
{
- struct hmac_md5_context ctx;
+ struct hmac_context ctx;
unsigned char *context_digest;
context_digest = t_malloc(CRAM_MD5_CONTEXTLEN);
- hmac_md5_init(&ctx, (const unsigned char *)plaintext,
- strlen(plaintext));
+ hmac_init(&ctx, (const unsigned char *)plaintext,
+ strlen(plaintext), &hash_method_md5);
hmac_md5_get_cram_context(&ctx, context_digest);
*raw_password_r = context_digest;
diff -r fc512eba5207 -r 8802322d7257 src/lib-imap-urlauth/imap-urlauth.c
--- a/src/lib-imap-urlauth/imap-urlauth.c Tue Oct 02 22:45:34 2012 +0300
+++ b/src/lib-imap-urlauth/imap-urlauth.c Thu Aug 30 00:43:56 2012 +0200
@@ -3,7 +3,8 @@
#include "lib.h"
#include "hostpid.h"
#include "var-expand.h"
-#include "hmac-sha1.h"
+#include "hmac.h"
+#include "sha1.h"
#include "randgen.h"
#include "safe-memset.h"
#include "mail-storage.h"
@@ -88,15 +89,15 @@
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
size_t *token_len_r)
{
- struct hmac_sha1_context hmac;
+ struct hmac_context hmac;
unsigned char *token;
token = t_new(unsigned char, SHA1_RESULTLEN + 1);
token[0] = IMAP_URLAUTH_MECH_INTERNAL_VERSION;
- hmac_sha1_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN);
- hmac_sha1_update(&hmac, rumpurl, strlen(rumpurl));
- hmac_sha1_final(&hmac, token+1);
+ hmac_init(&hmac, mailbox_key, IMAP_URLAUTH_KEY_LEN, &hash_method_sha1);
+ hmac_update(&hmac, rumpurl, strlen(rumpurl));
+ hmac_final(&hmac, token+1);
*token_len_r = SHA1_RESULTLEN + 1;
return token;
diff -r fc512eba5207 -r 8802322d7257 src/lib-ntlm/ntlm-encrypt.c
--- a/src/lib-ntlm/ntlm-encrypt.c Tue Oct 02 22:45:34 2012 +0300
+++ b/src/lib-ntlm/ntlm-encrypt.c Thu Aug 30 00:43:56 2012 +0200
@@ -11,7 +11,8 @@
#include "compat.h"
#include "safe-memset.h"
#include "md4.h"
-#include "hmac-md5.h"
+#include "md5.h"
+#include "hmac.h"
#include "ntlm.h"
#include "ntlm-des.h"
@@ -60,12 +61,12 @@
}
static void
-hmac_md5_ucs2le_string_ucase(struct hmac_md5_context *ctx, const char *str)
+hmac_md5_ucs2le_string_ucase(struct hmac_context *ctx, const char *str)
{
size_t len;
unsigned char *wstr = t_unicode_str(str, 1, &len);
- hmac_md5_update(ctx, wstr, len);
+ hmac_update(ctx, wstr, len);
}
static void ATTR_NULL(2)
@@ -73,13 +74,13 @@
const unsigned char *hash_v1,
unsigned char hash[NTLMSSP_V2_HASH_SIZE])
{
- struct hmac_md5_context ctx;
+ struct hmac_context ctx;
- hmac_md5_init(&ctx, hash_v1, NTLMSSP_HASH_SIZE);
+ hmac_init(&ctx, hash_v1, NTLMSSP_HASH_SIZE, &hash_method_md5);
hmac_md5_ucs2le_string_ucase(&ctx, user);
if (target != NULL)
hmac_md5_ucs2le_string_ucase(&ctx, target);
- hmac_md5_final(&ctx, hash);
+ hmac_final(&ctx, hash);
}
void
@@ -124,15 +125,15 @@
const unsigned char *blob, size_t blob_size,
unsigned char response[NTLMSSP_V2_RESPONSE_SIZE])
More information about the dovecot-cvs
mailing list