int main(int argc, char *argv[]) { if(argc != 2) { printf("Usage: ./test_app <file_name>\n"); return -1; } ENGINE *e = load_engine(ENGINE_MODULE, "test_engine"); if(e == 0) { printf("Unable to load engine\n"); return -1; } ENGINE_ctrl_cmd_string(e, "username", "user", 0); ENGINE_ctrl_cmd_string(e, "password", "password", 0); ENGINE_init(e); HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, "test_key\0", 9, EVP_sha1(), e); FILE *f = fopen(argv[1], "r"); char buf[BUF_SIZE]; while(!feof(f)) { size_t ln = fread(buf, sizeof(char), BUF_SIZE, f); if(ln == 0) continue; HMAC_Update(&ctx, buf, ln); } fclose(f); unsigned int siglen; unsigned char md[20]; HMAC_Final(&ctx, md, &siglen); ENGINE_finish(e); printf("HMAC-SHA1: "); for(size_t i = 0; i < siglen; i++) printf("%02x", md[i]); printf("\n"); return 0; }
/* {{{ libssh2_mac_method_hmac_md5_hash * Calculate hash using full md5 value */ static int libssh2_mac_method_hmac_md5_hash(LIBSSH2_SESSION *session, unsigned char *buf, unsigned long seqno, const unsigned char *packet, unsigned long packet_len, const unsigned char *addtl, unsigned long addtl_len, void **abstract) { HMAC_CTX ctx; unsigned char seqno_buf[4]; libssh2_htonu32(seqno_buf, seqno); HMAC_Init(&ctx, *abstract, 16, EVP_md5()); HMAC_Update(&ctx, seqno_buf, 4); HMAC_Update(&ctx, packet, packet_len); if (addtl && addtl_len) { HMAC_Update(&ctx, addtl, addtl_len); } HMAC_Final(&ctx, buf, NULL); HMAC_cleanup(&ctx); return 0; }
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) { HMAC_CTX c; static unsigned char m[EVP_MAX_MD_SIZE]; if (md == NULL) md=m; HMAC_CTX_init(&c); if (!HMAC_Init(&c,key,key_len,evp_md)) goto err; if (!HMAC_Update(&c,d,n)) goto err; if (!HMAC_Final(&c,md,md_len)) goto err; HMAC_CTX_cleanup(&c); return md; err: return NULL; }
/* a counter-based KDF based on NIST SP800-108 */ static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int label_len, uint8_t *retult, int retult_bit_len) { HMAC_CTX *hmac_ctx; uint8_t digest[SHA256_DIGEST_LENGTH]; uint16_t i, ctr, L; int retult_byte_len, len = 0; unsigned int mdlen = SHA256_DIGEST_LENGTH; uint8_t mask = 0xff; MEM(hmac_ctx = HMAC_CTX_new()); retult_byte_len = (retult_bit_len + 7) / 8; ctr = 0; L = htons(retult_bit_len); while (len < retult_byte_len) { ctr++; i = htons(ctr); HMAC_Init_ex(hmac_ctx, key, keylen, EVP_sha256(), NULL); if (ctr > 1) HMAC_Update(hmac_ctx, digest, mdlen); HMAC_Update(hmac_ctx, (uint8_t *) &i, sizeof(uint16_t)); HMAC_Update(hmac_ctx, (uint8_t const *)label, label_len); HMAC_Update(hmac_ctx, (uint8_t *) &L, sizeof(uint16_t)); HMAC_Final(hmac_ctx, digest, &mdlen); if ((len + (int) mdlen) > retult_byte_len) { memcpy(retult + len, digest, retult_byte_len - len); } else { memcpy(retult + len, digest, mdlen); } len += mdlen; HMAC_CTX_reset(hmac_ctx); } /* since we're expanding to a bit length, mask off the excess */ if (retult_bit_len % 8) { mask <<= (8 - (retult_bit_len % 8)); retult[retult_byte_len - 1] &= mask; } HMAC_CTX_free(hmac_ctx); }
char * Crypto_Digest_HMAC (int count, char * algoName, char * data, char * key) { count = count; HMAC_CTX ctx; const EVP_MD *md; unsigned char hmac_value [EVP_MAX_MD_SIZE]; unsigned int hmac_len; OpenSSL_add_all_digests (); md = EVP_get_digestbyname (algoName); if (!md) return ""; HMAC_CTX_init (&ctx); HMAC_Init_ex (&ctx, key, strlen (key), md, NULL); HMAC_Update (&ctx, (unsigned char *) data, strlen (data)); HMAC_Final (&ctx, hmac_value, &hmac_len); HMAC_CTX_cleanup (&ctx); return Crypto_Digest_MakeHexDigest (hmac_value, hmac_len);; }
int cmeHMACFinal(HMAC_CTX **ctx, unsigned char *out, unsigned int *outl) { int result; result=HMAC_Final(*ctx,out,outl); cmeFree(*ctx); if (result==0) //1= success, 0=failure { #ifdef ERROR_LOG fprintf(stderr,"CaumeDSE Error: cmeHMACFinal(), HMAC_Final() failure!\n"); #endif return (1); } else { #ifdef DEBUG fprintf(stdout,"CaumeDSE Debug: cmeHMACFinal(), HMAC_Final() success.\n"); #endif return (0); }
int hmac::digest(lua_State * L) { target_type * self = lua::to<hmac>(L, 1); unsigned char * md = new unsigned char[EVP_MAX_MD_SIZE]; unsigned int md_len = EVP_MAX_MD_SIZE; HMAC_Final(self, md, &md_len); std::size_t output_len = md_len * 2 + 1; char * output = new char[output_len]; char * output_end = hex_encode(md, md + md_len, output, output + output_len); *output_end = '\0'; lua_pushstring(L, output); delete [] md; delete [] output; return 1; }
int por_verify_block(char *filepath, size_t filepath_len, unsigned char *block, size_t block_len, unsigned int index, unsigned char *tag, size_t tag_len){ HMAC_CTX ctx; POR_key *key = NULL; unsigned char digest[SHA_DIGEST_LENGTH]; unsigned int digest_len = 0; int ret = 0; if(!filepath || !block || !block_len || !tag || !tag_len) return 0; if(filepath_len >= MAXPATHLEN) return 0; key = por_get_keys(); if(!key) goto cleanup; HMAC_CTX_init(&ctx); HMAC_Init(&ctx, key->prf_key, key->prf_key_size, EVP_sha1()); HMAC_Update(&ctx, (const unsigned char *)&index, sizeof(unsigned int)); HMAC_Update(&ctx, (unsigned char *)filepath, (int)filepath_len); HMAC_Update(&ctx, block, block_len); HMAC_Final(&ctx, digest, &digest_len); HMAC_cleanup(&ctx); ret = memcmp(digest, tag, tag_len); /* printf("Tag: "); printhex(tag, tag_len); printf("Verify: "); printhex(digest, digest_len); */ if(key) destroy_por_key(key); if(ret == 0) return 1; cleanup: return 0; }
static int verify(const ocra_suite * ocra, const uint8_t *key, size_t key_l, const uint8_t *buf, size_t buf_l, const char *resp) { int ret; unsigned int md_l = 20; uint8_t *md = NULL; char *tmp; HMAC_CTX *ctx = NULL; if (0 != (ret = hmac_new(&ctx))) return ret; if (NULL == ((md = (uint8_t *)malloc(mdlen(ocra->hotp_alg))))) return RFC6287_ERR_POSIX; if ((1 != HMAC_Init_ex(ctx, key, key_l, evp_md(ocra->hotp_alg), NULL)) || (1 != HMAC_Update(ctx, buf, (int)buf_l)) || (1 != HMAC_Final(ctx, md, &md_l)) || (md_l != mdlen(ocra->hotp_alg))) { hmac_destroy(ctx); free(md); return RFC6287_ERR_OPENSSL; } hmac_destroy(ctx); if (ocra->hotp_trunc) { ret = truncate_md(md, md_l, ocra->hotp_trunc, &tmp); free(md); if (0 != ret) return ret; } else tmp = (char *)md; if (0 != memcmp(resp, tmp, (ocra->hotp_trunc) ? (unsigned int)ocra->hotp_trunc : md_l)) ret = RFC6287_VERIFY_FAILED; else ret = RFC6287_SUCCESS; free(tmp); return ret; }
static void kderive_update(struct kderive_context *ctx) { uint32_t i; #if (OPENSSL_VERSION_NUMBER < 0x1010002f) HMAC_CTX hctx; #endif HMAC_CTX *phctx = NULL; unsigned char *pos = ctx->out; uint32_t *p_iter = (uint32_t *)ctx->fid; uint32_t num_iters = ctx->out_len / PRF_OUTPUT_SIZE; check_prf_iters(num_iters); #if (OPENSSL_VERSION_NUMBER < 0x1010002f) HMAC_CTX_init(&hctx); phctx = &hctx; #else phctx = HMAC_CTX_new(); /* I guess we presume it was successful? */ #endif for (i = 0; i < num_iters; i++) { /* * update the iteration number in the fid */ *p_iter = htobe32(i); HMAC_Init_ex(phctx, ctx->pkey, ctx->pkey_len >> 3, EVP_sha256(), NULL); HMAC_Update(phctx, ctx->fid, ctx->fid_len); HMAC_Final(phctx, pos, NULL); pos += PRF_OUTPUT_SIZE; } #if (OPENSSL_VERSION_NUMBER < 0x1010002f) HMAC_CTX_cleanup(phctx); #else HMAC_CTX_free(phctx); #endif }
// Other 'common' functions for this format: void encfs_common_setIVec(encfs_common_custom_salt *cur_salt, unsigned char *ivec, uint64_t seed, unsigned char *key) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdLen = EVP_MAX_MD_SIZE; int i; HMAC_CTX mac_ctx; memcpy( ivec, &key[cur_salt->keySize], cur_salt->ivLength ); for(i=0; i<8; ++i) { md[i] = (unsigned char)(seed & 0xff); seed >>= 8; } // combine ivec and seed with HMAC HMAC_CTX_init(&mac_ctx); HMAC_Init_ex( &mac_ctx, key, cur_salt->keySize, EVP_sha1(), 0 ); HMAC_Init_ex( &mac_ctx, 0, 0, 0, 0 ); HMAC_Update( &mac_ctx, ivec, cur_salt->ivLength ); HMAC_Update( &mac_ctx, md, 8 ); HMAC_Final( &mac_ctx, md, &mdLen ); HMAC_CTX_cleanup(&mac_ctx); memcpy( ivec, md, cur_salt->ivLength ); }
void init(RC4_KEY* rc4, const unsigned char* session_key, const unsigned char* peer_key) { HMAC_CTX hmac_ctx; HMAC_CTX_init(&hmac_ctx); HMAC_Init_ex(&hmac_ctx, (void*)peer_key, peer_key_size, EVP_sha1(), NULL); HMAC_Update(&hmac_ctx, session_key, session_key_size); unsigned char rc4_keystring[SHA_DIGEST_LENGTH]; unsigned int rc4_keystring_size = SHA_DIGEST_LENGTH; HMAC_Final(&hmac_ctx, rc4_keystring, &rc4_keystring_size); HMAC_CTX_cleanup(&hmac_ctx); RC4_set_key(rc4, rc4_keystring_size, rc4_keystring); const unsigned char rc4_key_init[rc4_init_size] = { 0x00 }; unsigned char rc4_key_init_output[rc4_init_size]; RC4(rc4, sizeof(rc4_key_init), rc4_key_init, rc4_key_init_output); }
/* a counter-based KDF based on NIST SP800-108 */ static void eap_pwd_kdf(uint8_t *key, int keylen, const char *label, int labellen, uint8_t *result, int resultbitlen) { HMAC_CTX hctx; uint8_t digest[SHA256_DIGEST_LENGTH]; uint16_t i, ctr, L; int resultbytelen, len = 0; unsigned int mdlen = SHA256_DIGEST_LENGTH; uint8_t mask = 0xff; resultbytelen = (resultbitlen + 7)/8; ctr = 0; L = htons(resultbitlen); while (len < resultbytelen) { ctr++; i = htons(ctr); HMAC_Init(&hctx, key, keylen, EVP_sha256()); if (ctr > 1) { HMAC_Update(&hctx, digest, mdlen); } HMAC_Update(&hctx, (uint8_t *) &i, sizeof(uint16_t)); HMAC_Update(&hctx, (const uint8_t *)label, labellen); HMAC_Update(&hctx, (uint8_t *) &L, sizeof(uint16_t)); HMAC_Final(&hctx, digest, &mdlen); if ((len + (int) mdlen) > resultbytelen) { memcpy(result + len, digest, resultbytelen - len); } else { memcpy(result + len, digest, mdlen); } len += mdlen; HMAC_CTX_cleanup(&hctx); } /* since we're expanding to a bit length, mask off the excess */ if (resultbitlen % 8) { mask <<= (8 - (resultbitlen % 8)); result[resultbytelen - 1] &= mask; } }
ByteArray Hmac::doFinal() throw (HmacException, InvalidStateException) { if (this->state == Hmac::NO_INIT || this->state == Hmac::INIT) { throw InvalidStateException("Hmac::doFinal"); } unsigned int size; unsigned char *md = new unsigned char[EVP_MAX_MD_SIZE + 1]; int rc = HMAC_Final( &this->ctx, md, &size ); HMAC_CTX_cleanup( &this->ctx ); this->state = Hmac::NO_INIT; if (!rc) { delete( md ); throw HmacException(HmacException::CTX_FINISH, "Hmac::doFinal"); } ByteArray content; content.setDataPointer( md, size ); return content; }
void l4l_rest() { __l4l.data.l_trz=snprintf(__l4l.data.s_trz,L4L_MAX_TRZ_LEN-1,__l4l.data.s_trz_aux2,__l4l.data.s_trz_aux); __l4l.data.s_trz[__l4l.data.l_trz++]='\n';__l4l.data.s_trz[__l4l.data.l_trz]='\0'; __l4l.size+=fwrite(__l4l.data.s_trz,1,__l4l.data.l_trz,__l4l.data.logFile); strcpy(__l4l.data.s_trz_aux,__l4l.data.s_trz); if(__l4l.data.currMask & __l4l.cfg.flush_mask) { fflush (__l4l.data.logFile);\ fsync (fileno (__l4l.data.logFile)); } #ifdef L4L_HASH_METHOD if (__l4l.data.currMask & __l4l.cfg.hash_mask) { int i=0; HMAC_Update(&__l4l.data.ctx, (unsigned char*)&__l4l.data.s_trz, (size_t)(__l4l.data.l_trz-1)); HMAC_Final(&__l4l.data.ctx, __l4l.data.hash_bin, &__l4l.data.len); for(i=0;i < L4L_MAX_HASH_LEN;i+=2) { __l4l.data.hash_str[i]=lut[(int)(__l4l.data.hash_bin[i] >>4)]; __l4l.data.hash_str[i+1]=lut[(int)(__l4l.data.hash_bin[i] & 0x0f)]; } __l4l.data.hash_str[i]='\0'; }
unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len) { const unsigned char *p1 = FIPS_text_start(); const unsigned char *p2 = FIPS_text_end(); const unsigned char *p3 = FIPS_rodata_start; const unsigned char *p4 = FIPS_rodata_end; HMAC_CTX c; HMAC_CTX_init(&c); HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1()); /* detect overlapping regions */ if (p1<=p3 && p2>=p3) p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL; else if (p3<=p1 && p4>=p1) p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL; if (p1) HMAC_Update(&c,p1,(size_t)p2-(size_t)p1); if (FIPS_signature>=p3 && FIPS_signature<p4) { /* "punch" hole */ HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3); p3 = FIPS_signature+sizeof(FIPS_signature); if (p3<p4) HMAC_Update(&c,p3,(size_t)p4-(size_t)p3); } else HMAC_Update(&c,p3,(size_t)p4-(size_t)p3); if (!fips_post_corrupt(FIPS_TEST_INTEGRITY, 0, NULL)) HMAC_Update(&c, (unsigned char *)FIPS_hmac_key, 1); HMAC_Final(&c,sig,&len); HMAC_CTX_cleanup(&c); return len; }
static int hmac_fdigest(lua_State *L) { const char *t = luaL_checkstring(L, 1); const EVP_MD *type = EVP_get_digestbyname(t); const char *s; const char *k; unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int written = 0; unsigned int i; char *hex; HMAC_CTX c; if (type == NULL) { luaL_argerror(L, 1, "invalid digest type"); return 0; } s = luaL_checkstring(L, 2); k = luaL_checkstring(L, 3); HMAC_CTX_init(&c); HMAC_Init_ex(&c, k, (int)lua_strlen(L, 3), type, NULL); HMAC_Update(&c, (unsigned char *)s, lua_strlen(L, 2)); HMAC_Final(&c, digest, &written); HMAC_CTX_cleanup(&c); if (lua_toboolean(L, 4)) lua_pushlstring(L, (char *)digest, written); else { hex = (char*)calloc(sizeof(char), written*2 + 1); for (i = 0; i < written; i++) sprintf(hex + 2*i, "%02x", digest[i]); lua_pushlstring(L, hex, written*2); free(hex); } return 1; }
static int calculate_auth_data(const struct iovec *iov, int iovlen, const struct in6_addr *coa, const struct in6_addr *cn, const uint8_t *key, uint8_t *digest) { uint8_t buf[HMAC_SHA1_HASH_LEN]; int i; #ifdef HAVE_LIBCRYPTO unsigned int len = HMAC_SHA1_HASH_LEN; HMAC_CTX ctx; const EVP_MD *evp_md = EVP_sha1(); HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, HMAC_SHA1_KEY_SIZE, evp_md, NULL); HMAC_Update(&ctx, (uint8_t *)coa, sizeof(*coa)); HMAC_Update(&ctx, (uint8_t *)cn, sizeof(*coa)); for (i = 0; i < iovlen; i++) { HMAC_Update(&ctx, (uint8_t *)iov[i].iov_base, iov[i].iov_len); } HMAC_Final(&ctx, buf, &len); HMAC_CTX_cleanup(&ctx); #else HMAC_SHA1_CTX ctx; HMAC_SHA1_init(&ctx, key, HMAC_SHA1_KEY_SIZE); HMAC_SHA1_update(&ctx, (uint8_t *)coa, sizeof(*coa)); HMAC_SHA1_update(&ctx, (uint8_t *)cn, sizeof(*coa)); for (i = 0; i < iovlen; i++) { HMAC_SHA1_update(&ctx, (uint8_t *)iov[i].iov_base, iov[i].iov_len); } HMAC_SHA1_final(&ctx, buf); #endif memcpy(digest, buf, MIPV6_DIGEST_LEN); return 0; }
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { HMAC_CTX ctx; const EVP_MD * pmd = NULL; byte * rgbOut = NULL; unsigned int cbOut; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif HMAC_CTX_init(&ctx); if (0) { errorReturn: COSE_FREE(rgbOut, context); HMAC_cleanup(&ctx); return false; } switch (HSize) { case 256: pmd = EVP_sha256(); break; case 384: pmd = EVP_sha384(); break; case 512: pmd = EVP_sha512(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); HMAC_cleanup(&ctx); return true; }
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) { HMAC_CTX *c = NULL; static unsigned char m[EVP_MAX_MD_SIZE]; if (md == NULL) md = m; if ((c = HMAC_CTX_new()) == NULL) goto err; if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) goto err; if (!HMAC_Update(c, d, n)) goto err; if (!HMAC_Final(c, md, md_len)) goto err; HMAC_CTX_free(c); return md; err: HMAC_CTX_free(c); return NULL; }
char* CryptoHandler::hmac_sha512(char* datain, char* keyin, const bool& base64) { unsigned char* key = (unsigned char*) keyin; unsigned char* data = (unsigned char*) datain; unsigned char* result; unsigned int result_len = 64; HMAC_CTX ctx; result = (unsigned char*) malloc(sizeof(char) * result_len); ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, strlen(keyin), EVP_sha512(), NULL); HMAC_Update(&ctx, data, strlen(datain)); HMAC_Final(&ctx, result, &result_len); HMAC_CTX_cleanup(&ctx); if(base64) return base64encode(result,result_len); return (char*)result; }
/** Calculate HMAC using OpenSSL's MD5 implementation * * @param digest Caller digest to be filled in. * @param in Pointer to data stream. * @param inlen length of data stream. * @param key Pointer to authentication key. * @param key_len Length of authentication key. * */ void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen, uint8_t const *key, size_t key_len) { HMAC_CTX *ctx; if (unlikely(!md5_hmac_ctx)) { ctx = HMAC_CTX_new(); if (unlikely(!ctx)) return; fr_thread_local_set_destructor(md5_hmac_ctx, _hmac_md5_ctx_free_on_exit, ctx); } else { ctx = md5_hmac_ctx; } #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW /* Since MD5 is not allowed by FIPS, explicitly allow it. */ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); #endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */ HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL); HMAC_Update(ctx, in, inlen); HMAC_Final(ctx, digest, NULL); HMAC_CTX_reset(ctx); }
uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, const uint8_t *data, size_t data_len, uint8_t *out, unsigned int *out_len) { HMAC_CTX ctx; static uint8_t static_out_buffer[EVP_MAX_MD_SIZE]; /* OpenSSL has traditionally supported using a static buffer if |out| is * NULL. We maintain that but don't document it. This behaviour should be * considered to be deprecated. */ if (out == NULL) { out = static_out_buffer; } HMAC_CTX_init(&ctx); if (!HMAC_Init(&ctx, key, key_len, evp_md) || !HMAC_Update(&ctx, data, data_len) || !HMAC_Final(&ctx, out, out_len)) { out = NULL; } HMAC_CTX_cleanup(&ctx); return out; }
char * host_hash(const char *host, const char *name_from_hostfile, u_int src_len) { const EVP_MD *md = EVP_sha1(); HMAC_CTX mac_ctx; u_char salt[256], result[256]; char uu_salt[512], uu_result[512]; static char encoded[1024]; u_int i, len; len = EVP_MD_size(md); if (name_from_hostfile == NULL) { /* Create new salt */ for (i = 0; i < len; i++) salt[i] = arc4random(); } else { /* Extract salt from known host entry */ if (extract_salt(name_from_hostfile, src_len, salt, sizeof(salt)) == -1) return (NULL); } HMAC_Init(&mac_ctx, salt, len, md); HMAC_Update(&mac_ctx, __UNCONST(host), strlen(host)); HMAC_Final(&mac_ctx, result, NULL); HMAC_cleanup(&mac_ctx); if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) fatal("host_hash: __b64_ntop failed"); snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, HASH_DELIM, uu_result); return (encoded); }
u_char * mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) { static union { u_char m[EVP_MAX_MD_SIZE]; u_int64_t for_align; } u; u_char b[4], nonce[8]; if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %lu", mac->mac_len, (u_long)sizeof(u)); switch (mac->type) { case SSH_EVP: put_u32(b, seqno); /* reset HMAC context */ HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); HMAC_Update(&mac->evp_ctx, b, sizeof(b)); HMAC_Update(&mac->evp_ctx, data, datalen); HMAC_Final(&mac->evp_ctx, u.m, NULL); break; case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); umac_final(mac->umac_ctx, u.m, nonce); break; case SSH_UMAC128: put_u64(nonce, seqno); umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; default: fatal("mac_compute: unknown MAC type"); } return (u.m); }
static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { unsigned int outlen; int rc = SQLITE_OK; HMAC_CTX* hctx = NULL; if(in == NULL) goto error; hctx = HMAC_CTX_new(); if(hctx == NULL) goto error; switch(algorithm) { case SQLCIPHER_HMAC_SHA1: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error; break; case SQLCIPHER_HMAC_SHA256: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error; break; case SQLCIPHER_HMAC_SHA512: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error; break; default: goto error; } if(!HMAC_Update(hctx, in, in_sz)) goto error; if(in2 != NULL) { if(!HMAC_Update(hctx, in2, in2_sz)) goto error; } if(!HMAC_Final(hctx, out, &outlen)) goto error; goto cleanup; error: rc = SQLITE_ERROR; cleanup: if(hctx) HMAC_CTX_free(hctx); return rc; }
/** Completes computation of the HMAC-MD5 digest value. This function completes HMAC-MD5 digest computation and retrieves the digest value into the specified memory. After this function has been called, the HMAC-MD5 context cannot be used again. HMAC-MD5 context should be already correctly intialized by HmacMd5Init(), and should not be finalized by HmacMd5Final(). Behavior with invalid HMAC-MD5 context is undefined. If HmacMd5Context is NULL, then return FALSE. If HmacValue is NULL, then return FALSE. @param[in, out] HmacMd5Context Pointer to the HMAC-MD5 context. @param[out] HmacValue Pointer to a buffer that receives the HMAC-MD5 digest value (16 bytes). @retval TRUE HMAC-MD5 digest computation succeeded. @retval FALSE HMAC-MD5 digest computation failed. **/ BOOLEAN EFIAPI HmacMd5Final ( IN OUT VOID *HmacMd5Context, OUT UINT8 *HmacValue ) { UINT32 Length; // // Check input parameters. // if (HmacMd5Context == NULL || HmacValue == NULL) { return FALSE; } // // OpenSSL HMAC-MD5 digest finalization // HMAC_Final (HmacMd5Context, HmacValue, &Length); HMAC_CTX_cleanup (HmacMd5Context); return TRUE; }
ssize_t dsa_sign_final(struct iked_dsa *dsa, void *buf, size_t len) { unsigned int siglen; size_t off = 0; uint8_t *ptr = buf; if (len < dsa_length(dsa)) return (-1); if (dsa->dsa_hmac) { if (!HMAC_Final(dsa->dsa_ctx, buf, &siglen)) return (-1); } else { if (_dsa_sign_encode(dsa, ptr, &off) < 0) return (-1); if (!EVP_SignFinal(dsa->dsa_ctx, ptr + off, &siglen, dsa->dsa_key)) return (-1); siglen += off; } return (siglen); }
void hash(char data[]) { // The secret key for hashing const char key[] = "12345678"; // The data that we're going to hash //char data[] = "hello world"; // Be careful of the length of string with the choosen hash engine. SHA1 needed 20 characters. // Change the length accordingly with your choosen hash engine. unsigned char* result; unsigned int len = 20; result = (unsigned char*)malloc(sizeof(char) * len); HMAC_CTX ctx; HMAC_CTX_init(&ctx); // Using sha1 hash engine here. // You may use other hash engines. e.g EVP_md5(), EVP_sha224, EVP_sha512, etc HMAC_Init_ex(&ctx, key, strlen(key), EVP_sha1(), NULL); // HMAC_Update(&ctx, (unsigned char*)&data, strlen(data)); HMAC_Final(&ctx, result, &len); HMAC_CTX_cleanup(&ctx); printf("HMAC digest: "); for (int i = 0; i != len; i++) printf("%02x", (unsigned int)result[i]); printf("\n"); //free(result); }
/* Generate a MAC */ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; HMAC_CTX hmac; unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; int saltlen, iter; if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); return 0; } salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (!p12->mac->iter) iter = 1; else iter = ASN1_INTEGER_get (p12->mac->iter); if(!(md_type = EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, PKCS12_MAC_KEY_LENGTH, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); return 0; } HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final(&hmac, mac, maclen); HMAC_CTX_cleanup(&hmac); return 1; }