hmacsha.c revision 298770 
1143731Sdougb/*
2262706Serwin * Copyright (C) 2005-2007, 2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
3143731Sdougb *
4143731Sdougb * Permission to use, copy, modify, and/or distribute this software for any
5193149Sdougb * purpose with or without fee is hereby granted, provided that the above
6143731Sdougb * copyright notice and this permission notice appear in all copies.
7143731Sdougb *
8143731Sdougb * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9143731Sdougb * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10143731Sdougb * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11143731Sdougb * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12143731Sdougb * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13143731Sdougb * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14143731Sdougb * PERFORMANCE OF THIS SOFTWARE.
15143731Sdougb */
16143731Sdougb
17143731Sdougb/* $Id$ */
18234010Sdougb
19143731Sdougb/*
20143731Sdougb * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
21143731Sdougb * and HMAC-SHA512 keyed hash algorithm described in RFC 2104 and
22143731Sdougb * draft-ietf-dnsext-tsig-sha-01.txt.
23193149Sdougb */
24170222Sdougb
25193149Sdougb#include "config.h"
26143731Sdougb
27193149Sdougb#include <isc/assertions.h>
28143731Sdougb#include <isc/hmacsha.h>
29193149Sdougb#include <isc/platform.h>
30143731Sdougb#include <isc/sha1.h>
31193149Sdougb#include <isc/sha2.h>
32262706Serwin#include <isc/string.h>
33193149Sdougb#include <isc/types.h>
34193149Sdougb#include <isc/util.h>
35193149Sdougb
36193149Sdougb#ifdef ISC_PLATFORM_OPENSSLHASH
37224092Sdougb
38193149Sdougbvoid
39193149Sdougbisc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
40224092Sdougb		  unsigned int len)
41224092Sdougb{
42193149Sdougb	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
43224092Sdougb}
44193149Sdougb
45193149Sdougbvoid
46193149Sdougbisc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
47193149Sdougb	HMAC_CTX_cleanup(ctx);
48193149Sdougb}
49143731Sdougb
50143731Sdougbvoid
51143731Sdougbisc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
52143731Sdougb		   unsigned int len)
53143731Sdougb{
54143731Sdougb	HMAC_Update(ctx, buf, (int) len);
55143731Sdougb}
56143731Sdougb
57143731Sdougbvoid
58143731Sdougbisc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
59143731Sdougb	unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
60193149Sdougb
61193149Sdougb	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
62193149Sdougb
63193149Sdougb	HMAC_Final(ctx, newdigest, NULL);
64193149Sdougb	HMAC_CTX_cleanup(ctx);
65193149Sdougb	memcpy(digest, newdigest, len);
66193149Sdougb	memset(newdigest, 0, sizeof(newdigest));
67193149Sdougb}
68193149Sdougb
69193149Sdougbvoid
70193149Sdougbisc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
71193149Sdougb		    unsigned int len)
72193149Sdougb{
73193149Sdougb	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha224());
74193149Sdougb}
75193149Sdougb
76193149Sdougbvoid
77193149Sdougbisc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
78143731Sdougb	HMAC_CTX_cleanup(ctx);
79143731Sdougb}
80193149Sdougb
81193149Sdougbvoid
82193149Sdougbisc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
83193149Sdougb		   unsigned int len)
84193149Sdougb{
85193149Sdougb	HMAC_Update(ctx, buf, (int) len);
86193149Sdougb}
87193149Sdougb
88193149Sdougbvoid
89193149Sdougbisc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
90193149Sdougb	unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
91193149Sdougb
92193149Sdougb	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
93193149Sdougb
94143731Sdougb	HMAC_Final(ctx, newdigest, NULL);
95143731Sdougb	HMAC_CTX_cleanup(ctx);
96193149Sdougb	memcpy(digest, newdigest, len);
97224092Sdougb	memset(newdigest, 0, sizeof(newdigest));
98224092Sdougb}
99193149Sdougb
100193149Sdougbvoid
101193149Sdougbisc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
102193149Sdougb		    unsigned int len)
103193149Sdougb{
104193149Sdougb	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha256());
105193149Sdougb}
106193149Sdougb
107193149Sdougbvoid
108193149Sdougbisc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
109193149Sdougb	HMAC_CTX_cleanup(ctx);
110193149Sdougb}
111193149Sdougb
112193149Sdougbvoid
113193149Sdougbisc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
114193149Sdougb		   unsigned int len)
115193149Sdougb{
116224092Sdougb	HMAC_Update(ctx, buf, (int) len);
117193149Sdougb}
118143731Sdougb
119193149Sdougbvoid
120193149Sdougbisc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
121224092Sdougb	unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
122193149Sdougb
123193149Sdougb	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
124193149Sdougb
125143731Sdougb	HMAC_Final(ctx, newdigest, NULL);
126193149Sdougb	HMAC_CTX_cleanup(ctx);
127193149Sdougb	memcpy(digest, newdigest, len);
128193149Sdougb	memset(newdigest, 0, sizeof(newdigest));
129193149Sdougb}
130193149Sdougb
131193149Sdougbvoid
132193149Sdougbisc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
133193149Sdougb		    unsigned int len)
134193149Sdougb{
135193149Sdougb	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
136193149Sdougb}
137193149Sdougb
138193149Sdougbvoid
139193149Sdougbisc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
140193149Sdougb	HMAC_CTX_cleanup(ctx);
141193149Sdougb}
142193149Sdougb
143193149Sdougbvoid
144193149Sdougbisc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
145193149Sdougb		   unsigned int len)
146193149Sdougb{
147193149Sdougb	HMAC_Update(ctx, buf, (int) len);
148193149Sdougb}
149143731Sdougb
150143731Sdougbvoid
151193149Sdougbisc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
152193149Sdougb	unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
153193149Sdougb
154193149Sdougb	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
155193149Sdougb
156193149Sdougb	HMAC_Final(ctx, newdigest, NULL);
157193149Sdougb	HMAC_CTX_cleanup(ctx);
158193149Sdougb	memcpy(digest, newdigest, len);
159193149Sdougb	memset(newdigest, 0, sizeof(newdigest));
160193149Sdougb}
161193149Sdougb
162193149Sdougbvoid
163193149Sdougbisc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
164193149Sdougb		    unsigned int len)
165193149Sdougb{
166193149Sdougb	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512());
167193149Sdougb}
168193149Sdougb
169193149Sdougbvoid
170193149Sdougbisc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
171193149Sdougb	HMAC_CTX_cleanup(ctx);
172193149Sdougb}
173193149Sdougb
174193149Sdougbvoid
175193149Sdougbisc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
176193149Sdougb		   unsigned int len)
177193149Sdougb{
178193149Sdougb	HMAC_Update(ctx, buf, (int) len);
179193149Sdougb}
180193149Sdougb
181193149Sdougbvoid
182193149Sdougbisc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
183193149Sdougb	unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
184193149Sdougb
185193149Sdougb	REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
186193149Sdougb
187193149Sdougb	HMAC_Final(ctx, newdigest, NULL);
188193149Sdougb	HMAC_CTX_cleanup(ctx);
189193149Sdougb	memcpy(digest, newdigest, len);
190193149Sdougb	memset(newdigest, 0, sizeof(newdigest));
191193149Sdougb}
192193149Sdougb
193193149Sdougb#else
194193149Sdougb
195193149Sdougb#define IPAD 0x36
196193149Sdougb#define OPAD 0x5C
197193149Sdougb
198193149Sdougb/*
199193149Sdougb * Start HMAC-SHA1 process.  Initialize an sha1 context and digest the key.
200193149Sdougb */
201193149Sdougbvoid
202193149Sdougbisc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
203193149Sdougb		  unsigned int len)
204193149Sdougb{
205193149Sdougb	unsigned char ipad[ISC_SHA1_BLOCK_LENGTH];
206193149Sdougb	unsigned int i;
207193149Sdougb
208193149Sdougb	memset(ctx->key, 0, sizeof(ctx->key));
209193149Sdougb	if (len > sizeof(ctx->key)) {
210193149Sdougb		isc_sha1_t sha1ctx;
211193149Sdougb		isc_sha1_init(&sha1ctx);
212143731Sdougb		isc_sha1_update(&sha1ctx, key, len);
213143731Sdougb		isc_sha1_final(&sha1ctx, ctx->key);
214143731Sdougb	} else
215		memcpy(ctx->key, key, len);
216
217	isc_sha1_init(&ctx->sha1ctx);
218	memset(ipad, IPAD, sizeof(ipad));
219	for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
220		ipad[i] ^= ctx->key[i];
221	isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad));
222}
223
224void
225isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
226	isc_sha1_invalidate(&ctx->sha1ctx);
227	memset(ctx, 0, sizeof(*ctx));
228}
229
230/*
231 * Update context to reflect the concatenation of another buffer full
232 * of bytes.
233 */
234void
235isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
236		   unsigned int len)
237{
238	isc_sha1_update(&ctx->sha1ctx, buf, len);
239}
240
241/*
242 * Compute signature - finalize SHA1 operation and reapply SHA1.
243 */
244void
245isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
246	unsigned char opad[ISC_SHA1_BLOCK_LENGTH];
247	unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
248	unsigned int i;
249
250	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
251	isc_sha1_final(&ctx->sha1ctx, newdigest);
252
253	memset(opad, OPAD, sizeof(opad));
254	for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
255		opad[i] ^= ctx->key[i];
256
257	isc_sha1_init(&ctx->sha1ctx);
258	isc_sha1_update(&ctx->sha1ctx, opad, sizeof(opad));
259	isc_sha1_update(&ctx->sha1ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
260	isc_sha1_final(&ctx->sha1ctx, newdigest);
261	isc_hmacsha1_invalidate(ctx);
262	memcpy(digest, newdigest, len);
263	memset(newdigest, 0, sizeof(newdigest));
264}
265
266/*
267 * Start HMAC-SHA224 process.  Initialize an sha224 context and digest the key.
268 */
269void
270isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
271		    unsigned int len)
272{
273	unsigned char ipad[ISC_SHA224_BLOCK_LENGTH];
274	unsigned int i;
275
276	memset(ctx->key, 0, sizeof(ctx->key));
277	if (len > sizeof(ctx->key)) {
278		isc_sha224_t sha224ctx;
279		isc_sha224_init(&sha224ctx);
280		isc_sha224_update(&sha224ctx, key, len);
281		isc_sha224_final(ctx->key, &sha224ctx);
282	} else
283		memcpy(ctx->key, key, len);
284
285	isc_sha224_init(&ctx->sha224ctx);
286	memset(ipad, IPAD, sizeof(ipad));
287	for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++)
288		ipad[i] ^= ctx->key[i];
289	isc_sha224_update(&ctx->sha224ctx, ipad, sizeof(ipad));
290}
291
292void
293isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) {
294	memset(ctx, 0, sizeof(*ctx));
295}
296
297/*
298 * Update context to reflect the concatenation of another buffer full
299 * of bytes.
300 */
301void
302isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf,
303		   unsigned int len)
304{
305	isc_sha224_update(&ctx->sha224ctx, buf, len);
306}
307
308/*
309 * Compute signature - finalize SHA224 operation and reapply SHA224.
310 */
311void
312isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
313	unsigned char opad[ISC_SHA224_BLOCK_LENGTH];
314	unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
315	unsigned int i;
316
317	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
318	isc_sha224_final(newdigest, &ctx->sha224ctx);
319
320	memset(opad, OPAD, sizeof(opad));
321	for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++)
322		opad[i] ^= ctx->key[i];
323
324	isc_sha224_init(&ctx->sha224ctx);
325	isc_sha224_update(&ctx->sha224ctx, opad, sizeof(opad));
326	isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
327	isc_sha224_final(newdigest, &ctx->sha224ctx);
328	memcpy(digest, newdigest, len);
329	memset(newdigest, 0, sizeof(newdigest));
330}
331
332/*
333 * Start HMAC-SHA256 process.  Initialize an sha256 context and digest the key.
334 */
335void
336isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
337		    unsigned int len)
338{
339	unsigned char ipad[ISC_SHA256_BLOCK_LENGTH];
340	unsigned int i;
341
342	memset(ctx->key, 0, sizeof(ctx->key));
343	if (len > sizeof(ctx->key)) {
344		isc_sha256_t sha256ctx;
345		isc_sha256_init(&sha256ctx);
346		isc_sha256_update(&sha256ctx, key, len);
347		isc_sha256_final(ctx->key, &sha256ctx);
348	} else
349		memcpy(ctx->key, key, len);
350
351	isc_sha256_init(&ctx->sha256ctx);
352	memset(ipad, IPAD, sizeof(ipad));
353	for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
354		ipad[i] ^= ctx->key[i];
355	isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad));
356}
357
358void
359isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) {
360	memset(ctx, 0, sizeof(*ctx));
361}
362
363/*
364 * Update context to reflect the concatenation of another buffer full
365 * of bytes.
366 */
367void
368isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf,
369		   unsigned int len)
370{
371	isc_sha256_update(&ctx->sha256ctx, buf, len);
372}
373
374/*
375 * Compute signature - finalize SHA256 operation and reapply SHA256.
376 */
377void
378isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
379	unsigned char opad[ISC_SHA256_BLOCK_LENGTH];
380	unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
381	unsigned int i;
382
383	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
384	isc_sha256_final(newdigest, &ctx->sha256ctx);
385
386	memset(opad, OPAD, sizeof(opad));
387	for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++)
388		opad[i] ^= ctx->key[i];
389
390	isc_sha256_init(&ctx->sha256ctx);
391	isc_sha256_update(&ctx->sha256ctx, opad, sizeof(opad));
392	isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
393	isc_sha256_final(newdigest, &ctx->sha256ctx);
394	memcpy(digest, newdigest, len);
395	memset(newdigest, 0, sizeof(newdigest));
396}
397
398/*
399 * Start HMAC-SHA384 process.  Initialize an sha384 context and digest the key.
400 */
401void
402isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
403		    unsigned int len)
404{
405	unsigned char ipad[ISC_SHA384_BLOCK_LENGTH];
406	unsigned int i;
407
408	memset(ctx->key, 0, sizeof(ctx->key));
409	if (len > sizeof(ctx->key)) {
410		isc_sha384_t sha384ctx;
411		isc_sha384_init(&sha384ctx);
412		isc_sha384_update(&sha384ctx, key, len);
413		isc_sha384_final(ctx->key, &sha384ctx);
414	} else
415		memcpy(ctx->key, key, len);
416
417	isc_sha384_init(&ctx->sha384ctx);
418	memset(ipad, IPAD, sizeof(ipad));
419	for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++)
420		ipad[i] ^= ctx->key[i];
421	isc_sha384_update(&ctx->sha384ctx, ipad, sizeof(ipad));
422}
423
424void
425isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) {
426	memset(ctx, 0, sizeof(*ctx));
427}
428
429/*
430 * Update context to reflect the concatenation of another buffer full
431 * of bytes.
432 */
433void
434isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf,
435		   unsigned int len)
436{
437	isc_sha384_update(&ctx->sha384ctx, buf, len);
438}
439
440/*
441 * Compute signature - finalize SHA384 operation and reapply SHA384.
442 */
443void
444isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
445	unsigned char opad[ISC_SHA384_BLOCK_LENGTH];
446	unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
447	unsigned int i;
448
449	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
450	isc_sha384_final(newdigest, &ctx->sha384ctx);
451
452	memset(opad, OPAD, sizeof(opad));
453	for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++)
454		opad[i] ^= ctx->key[i];
455
456	isc_sha384_init(&ctx->sha384ctx);
457	isc_sha384_update(&ctx->sha384ctx, opad, sizeof(opad));
458	isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
459	isc_sha384_final(newdigest, &ctx->sha384ctx);
460	memcpy(digest, newdigest, len);
461	memset(newdigest, 0, sizeof(newdigest));
462}
463
464/*
465 * Start HMAC-SHA512 process.  Initialize an sha512 context and digest the key.
466 */
467void
468isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
469		    unsigned int len)
470{
471	unsigned char ipad[ISC_SHA512_BLOCK_LENGTH];
472	unsigned int i;
473
474	memset(ctx->key, 0, sizeof(ctx->key));
475	if (len > sizeof(ctx->key)) {
476		isc_sha512_t sha512ctx;
477		isc_sha512_init(&sha512ctx);
478		isc_sha512_update(&sha512ctx, key, len);
479		isc_sha512_final(ctx->key, &sha512ctx);
480	} else
481		memcpy(ctx->key, key, len);
482
483	isc_sha512_init(&ctx->sha512ctx);
484	memset(ipad, IPAD, sizeof(ipad));
485	for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++)
486		ipad[i] ^= ctx->key[i];
487	isc_sha512_update(&ctx->sha512ctx, ipad, sizeof(ipad));
488}
489
490void
491isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) {
492	memset(ctx, 0, sizeof(*ctx));
493}
494
495/*
496 * Update context to reflect the concatenation of another buffer full
497 * of bytes.
498 */
499void
500isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf,
501		   unsigned int len)
502{
503	isc_sha512_update(&ctx->sha512ctx, buf, len);
504}
505
506/*
507 * Compute signature - finalize SHA512 operation and reapply SHA512.
508 */
509void
510isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
511	unsigned char opad[ISC_SHA512_BLOCK_LENGTH];
512	unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
513	unsigned int i;
514
515	REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
516	isc_sha512_final(newdigest, &ctx->sha512ctx);
517
518	memset(opad, OPAD, sizeof(opad));
519	for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++)
520		opad[i] ^= ctx->key[i];
521
522	isc_sha512_init(&ctx->sha512ctx);
523	isc_sha512_update(&ctx->sha512ctx, opad, sizeof(opad));
524	isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
525	isc_sha512_final(newdigest, &ctx->sha512ctx);
526	memcpy(digest, newdigest, len);
527	memset(newdigest, 0, sizeof(newdigest));
528}
529#endif /* !ISC_PLATFORM_OPENSSLHASH */
530
531/*
532 * Verify signature - finalize SHA1 operation and reapply SHA1, then
533 * compare to the supplied digest.
534 */
535isc_boolean_t
536isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
537	unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
538
539	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
540	isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
541	return (ISC_TF(isc_tsmemcmp(digest, newdigest, len) == 0));
542}
543
544/*
545 * Verify signature - finalize SHA224 operation and reapply SHA224, then
546 * compare to the supplied digest.
547 */
548isc_boolean_t
549isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) {
550	unsigned char newdigest[ISC_SHA224_DIGESTLENGTH];
551
552	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
553	isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
554	return (ISC_TF(isc_tsmemcmp(digest, newdigest, len) == 0));
555}
556
557/*
558 * Verify signature - finalize SHA256 operation and reapply SHA256, then
559 * compare to the supplied digest.
560 */
561isc_boolean_t
562isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) {
563	unsigned char newdigest[ISC_SHA256_DIGESTLENGTH];
564
565	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
566	isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
567	return (ISC_TF(isc_tsmemcmp(digest, newdigest, len) == 0));
568}
569
570/*
571 * Verify signature - finalize SHA384 operation and reapply SHA384, then
572 * compare to the supplied digest.
573 */
574isc_boolean_t
575isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) {
576	unsigned char newdigest[ISC_SHA384_DIGESTLENGTH];
577
578	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
579	isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
580	return (ISC_TF(isc_tsmemcmp(digest, newdigest, len) == 0));
581}
582
583/*
584 * Verify signature - finalize SHA512 operation and reapply SHA512, then
585 * compare to the supplied digest.
586 */
587isc_boolean_t
588isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) {
589	unsigned char newdigest[ISC_SHA512_DIGESTLENGTH];
590
591	REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
592	isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
593	return (ISC_TF(isc_tsmemcmp(digest, newdigest, len) == 0));
594}
595