/* An implementation of HMAC using SHA-1.
*
* Copyright (c) 2003 Red Hat, Inc.
* Written by Nalin Dahyabhai <nalin@redhat.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, and the entire permission notice in its entirety,
* including the disclaimer of warranties.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* See RFC 2104 for descriptions. */
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <syslog.h>
#include <security/pam_ext.h>
#include "hmacsha1.h"
#include "sha1.h"
#define MINIMUM_KEY_SIZE SHA1_OUTPUT_SIZE
#define MAXIMUM_KEY_SIZE SHA1_BLOCK_SIZE
static void
hmac_key_create(pam_handle_t *pamh, const char *filename, size_t key_size,
uid_t owner, gid_t group)
{
int randfd, keyfd, i;
size_t count;
char *key;
/* Open the destination file. */
keyfd = open(filename,
O_WRONLY | O_CREAT | O_EXCL | O_TRUNC,
S_IRUSR | S_IWUSR);
if (keyfd == -1) {
pam_syslog(pamh, LOG_ERR, "Cannot create %s: %m", filename);
return;
}
if (fchown(keyfd, owner, group) == -1) {
pam_syslog(pamh, LOG_ERR, "Cannot chown %s: %m", filename);
close(keyfd);
return;
}
/* Open the random device to get key data. */
randfd = open("/dev/urandom", O_RDONLY);
if (randfd == -1) {
pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
close(keyfd);
return;
}
/* Read random data for use as the key. */
key = malloc(key_size);
count = 0;
if (!key) {
close(keyfd);
close(randfd);
return;
}
while (count < key_size) {
i = read(randfd, key + count, key_size - count);
if ((i == 0) || (i == -1)) {
break;
}
count += i;
}
close(randfd);
/* If we didn't get enough, stop here. */
if (count < key_size) {
pam_syslog(pamh, LOG_ERR, "Short read on random device");
memset(key, 0, key_size);
free(key);
close(keyfd);
return;
}
/* Now write the key. */
count = 0;
while (count < key_size) {
i = write(keyfd, key + count, key_size - count);
if ((i == 0) || (i == -1)) {
break;
}
count += i;
}
memset(key, 0, key_size);
free(key);
close(keyfd);
}
static void
hmac_key_read(pam_handle_t *pamh, const char *filename, size_t default_key_size,
uid_t owner, gid_t group,
void **key, size_t *key_size)
{
char *tmp;
int keyfd, i, count;
struct stat st;
tmp = NULL;
*key = NULL;
*key_size = 0;
/* Try to open the key file. */
keyfd = open(filename, O_RDONLY);
if (keyfd == -1) {
/* No such thing? Create it. */
if (errno == ENOENT) {
hmac_key_create(pamh, filename, default_key_size,
owner, group);
keyfd = open(filename, O_RDONLY);
} else {
pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", filename);
}
if (keyfd == -1)
return;
}
/* If we failed to open the file, we're done. */
if (fstat(keyfd, &st) == -1) {
close(keyfd);
return;
}
/* Read the contents of the file. */
tmp = malloc(st.st_size);
if (!tmp) {
close(keyfd);
return;
}
count = 0;
while (count < st.st_size) {
i = read(keyfd, tmp + count, st.st_size - count);
if ((i == 0) || (i == -1)) {
break;
}
count += i;
}
close(keyfd);
/* Require that we got the expected amount of data. */
if (count < st.st_size) {
memset(tmp, 0, st.st_size);
free(tmp);
return;
}
/* Pass the key back. */
*key = tmp;
*key_size = st.st_size;
}
static void
xor_block(unsigned char *p, unsigned char byte, size_t length)
{
size_t i;
for (i = 0; i < length; i++) {
p[i] = p[i] ^ byte;
}
}
void
hmac_sha1_generate(void **mac, size_t *mac_length,
const void *raw_key, size_t raw_key_size,
const void *text, size_t text_length)
{
unsigned char key[MAXIMUM_KEY_SIZE], tmp_key[MAXIMUM_KEY_SIZE];
size_t maximum_key_size = SHA1_BLOCK_SIZE,
minimum_key_size = SHA1_OUTPUT_SIZE;
const unsigned char ipad = 0x36, opad = 0x5c;
struct sha1_context sha1;
unsigned char inner[SHA1_OUTPUT_SIZE], outer[SHA1_OUTPUT_SIZE];
*mac = NULL;
*mac_length = 0;
#ifndef HMAC_ALLOW_SHORT_KEYS
/* If the key is too short, don't bother. */
if (raw_key_size < minimum_key_size) {
return;
}
#endif
/* If the key is too long, "compress" it, else copy it and pad it
* out with zero bytes. */
memset(key, 0, sizeof(key));
if (raw_key_size > maximum_key_size) {
sha1_init(&sha1);
sha1_update(&sha1, raw_key, raw_key_size);
sha1_output(&sha1, key);
} else {
memmove(key, raw_key, raw_key_size);
}
/* Generate the inner sum. */
memcpy(tmp_key, key, sizeof(tmp_key));
xor_block(tmp_key, ipad, sizeof(tmp_key));
sha1_init(&sha1);
sha1_update(&sha1, tmp_key, sizeof(tmp_key));
sha1_update(&sha1, text, text_length);
sha1_output(&sha1, inner);
/* Generate the outer sum. */
memcpy(tmp_key, key, sizeof(tmp_key));
xor_block(tmp_key, opad, sizeof(tmp_key));
sha1_init(&sha1);
sha1_update(&sha1, tmp_key, sizeof(tmp_key));
sha1_update(&sha1, inner, sizeof(inner));
sha1_output(&sha1, outer);
/* We don't need any of the keys any more. */
memset(key, 0, sizeof(key));
memset(tmp_key, 0, sizeof(tmp_key));
/* Allocate space to store the output. */
*mac_length = sizeof(outer);
*mac = malloc(*mac_length);
if (*mac == NULL) {
*mac_length = 0;
return;
}
memcpy(*mac, outer, *mac_length);
}
void
hmac_sha1_generate_file(pam_handle_t *pamh, void **mac, size_t *mac_length,
const char *keyfile, uid_t owner, gid_t group,
const void *text, size_t text_length)
{
void *key;
size_t key_length;
hmac_key_read(pamh, keyfile,
MAXIMUM_KEY_SIZE, owner, group,
&key, &key_length);
if (key == NULL) {
*mac = NULL;
*mac_length = 0;
return;
}
hmac_sha1_generate(mac, mac_length,
key, key_length,
text, text_length);
memset(key, 0, key_length);
free(key);
}
size_t
hmac_sha1_size(void)
{
return SHA1_OUTPUT_SIZE;
}