ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type){
ssh_mac_ctx ctx = malloc(sizeof(struct ssh_mac_ctx_struct));
if (ctx == NULL) {
return NULL;
}
ctx->mac_type=type;
switch(type){
case SSH_MAC_SHA1:
ctx->ctx.sha1_ctx = sha1_init();
return ctx;
case SSH_MAC_SHA256:
ctx->ctx.sha256_ctx = sha256_init();
return ctx;
case SSH_MAC_SHA384:
ctx->ctx.sha384_ctx = sha384_init();
return ctx;
case SSH_MAC_SHA512:
ctx->ctx.sha512_ctx = sha512_init();
return ctx;
default:
SAFE_FREE(ctx);
return NULL;
}
}
unsigned char* sha384_MemBlock(const unsigned char* msg, size_t size, HASH_ctx* ctx)
{
sha384_init(ctx);
sha384_update(ctx, msg, size);
sha384_final(ctx, msg, size);
return ctx->SHA384_result;
}
void hmac_sha384_init(hmac_sha384_ctx *ctx, unsigned char *key,
unsigned int key_size)
{
unsigned int fill;
unsigned int num;
unsigned char *key_used;
unsigned char key_temp[SHA384_DIGEST_SIZE];
int i;
if (key_size == SHA384_BLOCK_SIZE) {
key_used = key;
num = SHA384_BLOCK_SIZE;
} else {
if (key_size > SHA384_BLOCK_SIZE){
key_used = key_temp;
num = SHA384_DIGEST_SIZE;
sha384(key, key_size, key_used);
} else { /* key_size > SHA384_BLOCK_SIZE */
key_used = key;
num = key_size;
}
fill = SHA384_BLOCK_SIZE - num;
memset(ctx->block_ipad + num, 0x36, fill);
memset(ctx->block_opad + num, 0x5c, fill);
}
for (i = 0; i < num; i++) {
ctx->block_ipad[i] = key_used[i] ^ 0x36;
ctx->block_opad[i] = key_used[i] ^ 0x5c;
}
sha384_init(&ctx->ctx_inside);
sha384_update(&ctx->ctx_inside, ctx->block_ipad, SHA384_BLOCK_SIZE);
sha384_init(&ctx->ctx_outside);
sha384_update(&ctx->ctx_outside, ctx->block_opad,
SHA384_BLOCK_SIZE);
/* for hmac_reinit */
memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside,
sizeof(sha384_ctx));
memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside,
sizeof(sha384_ctx));
}
void sha384(unsigned char *digest, int len, unsigned char *hash)
{
SHA384CTX c = sha384_init();
if (c != NULL) {
sha384_update(c, digest, len);
sha384_final(hash, c);
}
}
void sha384(const unsigned char *message, unsigned int len,
unsigned char *digest)
{
sha384_ctx ctx;
sha384_init(&ctx);
sha384_update(&ctx, message, len);
sha384_final(&ctx, digest);
}
void
sha384_complete(const void *buf, size_t len, uint8_t *digest)
{
sha384_ctx ctx;
sha384_init(&ctx);
sha384_update(&ctx, buf, len);
sha384_final(&ctx, digest);
}
void sha384(void *dest, const void *msg, uint32_t length_b){
sha384_ctx_t ctx;
sha384_init(&ctx);
while(length_b >= 1024){
sha384_nextBlock(&ctx, msg);
msg = (uint8_t*)msg + 1024/8;
length_b -= 1024;
}
sha384_lastBlock(&ctx, msg, length_b);
sha384_ctx2hash(dest, &ctx);
}
ssh_string SshAgentSignEcdsaSha384(uint8_t* data, int dataSize, ssh_key key, uint32_t flags)
{
// Compute the hash.
unsigned char hash[SHA384_DIGEST_LEN] = {0};
SHACTX ctx;
ctx = sha384_init();
if (ctx == NULL)
{
return NULL;
}
sha384_update(ctx, data, dataSize);
sha384_final(hash, ctx); // This release ctx.
// Sign the hash.
ECDSA_SIG* sig = NULL;
sig = ECDSA_do_sign(hash, sizeof(hash), key->ecdsa);
if (sig == NULL)
{
return NULL;
}
// Format the signature in a blob of the form:
// blobLength[ typeNameLength[ typeName ] signatureLength[ rLength[ r ] sLength[ s ] ] ]
int rMpiLength = BN_bn2mpi(sig->r, NULL);
int sMpiLength = BN_bn2mpi(sig->s, NULL);
int signatureLength = rMpiLength + sMpiLength;
int typeNameLength = 19;
int blobLength = 8 + typeNameLength + signatureLength;
uint8_t* signatureBlob = malloc(4 + blobLength);
if (signatureBlob == NULL)
{
return NULL;
}
pack32(signatureBlob, blobLength);
int index = 4;
pack32(signatureBlob + index, typeNameLength);
index += 4;
memcpy(signatureBlob + index, "ecdsa-sha2-nistp384", typeNameLength);
index += typeNameLength;
pack32(signatureBlob + 15, signatureLength);
index += 4;
BN_bn2mpi(sig->r, signatureBlob + index);
index += rMpiLength;
BN_bn2mpi(sig->s, signatureBlob + index);
return (ssh_string)signatureBlob;
}
/**
* sha384_vector - SHA384 hash for data vector
* @num_elem: Number of elements in the data vector
* @addr: Pointers to the data areas
* @len: Lengths of the data blocks
* @mac: Buffer for the hash
* Returns: 0 on success, -1 of failure
*/
int sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
struct sha384_state ctx;
size_t i;
sha384_init(&ctx);
for (i = 0; i < num_elem; i++)
if (sha384_process(&ctx, addr[i], len[i]))
return -1;
if (sha384_done(&ctx, mac))
return -1;
return 0;
}
static int
_digest_nettle(int algo, uint8_t* buf, size_t len,
unsigned char* res)
{
switch(algo) {
case SHA1_DIGEST_SIZE:
{
struct sha1_ctx ctx;
sha1_init(&ctx);
sha1_update(&ctx, len, buf);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, res);
return 1;
}
case SHA256_DIGEST_SIZE:
{
struct sha256_ctx ctx;
sha256_init(&ctx);
sha256_update(&ctx, len, buf);
sha256_digest(&ctx, SHA256_DIGEST_SIZE, res);
return 1;
}
case SHA384_DIGEST_SIZE:
{
struct sha384_ctx ctx;
sha384_init(&ctx);
sha384_update(&ctx, len, buf);
sha384_digest(&ctx, SHA384_DIGEST_SIZE, res);
return 1;
}
case SHA512_DIGEST_SIZE:
{
struct sha512_ctx ctx;
sha512_init(&ctx);
sha512_update(&ctx, len, buf);
sha512_digest(&ctx, SHA512_DIGEST_SIZE, res);
return 1;
}
default:
break;
}
return 0;
}
/**
Self-test the hash
@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
*/
int sha384_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
const char *msg;
unsigned char hash[48];
} tests[] = {
{ "abc",
{ 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 }
},
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
{ 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 }
},
};
int i;
unsigned char tmp[48];
hash_state md;
for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
sha384_init(&md);
sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha384_done(&md, tmp);
if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA384", i)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
void sha384_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, unsigned int ole)
{
sha512_context ctx;
unsigned int length;
if (ole < 1)
return;
memset(ob, 0, ole);
if (ole > 48)
ole = 48;
sha384_init(&ctx);
SECStatus status = PK11_DigestOp(ctx.ctx_nss, ib, ile);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx.ctx_nss, ob, &length, ole);
PR_ASSERT(length == ole);
PR_ASSERT(status == SECSuccess);
PK11_DestroyContext(ctx.ctx_nss, PR_TRUE);
DBG(DBG_CRYPT, DBG_log("NSS: sha384 init end"));
}
static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
{
switch (alg_id)
{
case ALG_ID_MD2:
md2_init( &hash->u.md2 );
break;
case ALG_ID_MD4:
MD4Init( &hash->u.md4 );
break;
case ALG_ID_MD5:
MD5Init( &hash->u.md5 );
break;
case ALG_ID_SHA1:
A_SHAInit( &hash->u.sha1 );
break;
case ALG_ID_SHA256:
sha256_init( &hash->u.sha256 );
break;
case ALG_ID_SHA384:
sha384_init( &hash->u.sha512 );
break;
case ALG_ID_SHA512:
sha512_init( &hash->u.sha512 );
break;
default:
ERR( "unhandled id %u\n", alg_id );
return STATUS_NOT_IMPLEMENTED;
}
return STATUS_SUCCESS;
}
static int
wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx)
{
struct nettle_hash_ctx *ctx;
ctx = gnutls_malloc (sizeof (struct nettle_hash_ctx));
if (ctx == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ctx->algo = algo;
switch (algo)
{
case GNUTLS_DIG_MD5:
md5_init (&ctx->ctx.md5);
ctx->update = (update_func) md5_update;
ctx->digest = (digest_func) md5_digest;
ctx->ctx_ptr = &ctx->ctx.md5;
ctx->length = MD5_DIGEST_SIZE;
break;
case GNUTLS_DIG_SHA1:
sha1_init (&ctx->ctx.sha1);
ctx->update = (update_func) sha1_update;
ctx->digest = (digest_func) sha1_digest;
ctx->ctx_ptr = &ctx->ctx.sha1;
ctx->length = SHA1_DIGEST_SIZE;
break;
case GNUTLS_DIG_MD2:
md2_init (&ctx->ctx.md2);
ctx->update = (update_func) md2_update;
ctx->digest = (digest_func) md2_digest;
ctx->ctx_ptr = &ctx->ctx.md2;
ctx->length = MD2_DIGEST_SIZE;
break;
case GNUTLS_DIG_SHA224:
sha224_init (&ctx->ctx.sha224);
ctx->update = (update_func) sha224_update;
ctx->digest = (digest_func) sha224_digest;
ctx->ctx_ptr = &ctx->ctx.sha224;
ctx->length = SHA224_DIGEST_SIZE;
break;
case GNUTLS_DIG_SHA256:
sha256_init (&ctx->ctx.sha256);
ctx->update = (update_func) sha256_update;
ctx->digest = (digest_func) sha256_digest;
ctx->ctx_ptr = &ctx->ctx.sha256;
ctx->length = SHA256_DIGEST_SIZE;
break;
case GNUTLS_DIG_SHA384:
sha384_init (&ctx->ctx.sha384);
ctx->update = (update_func) sha384_update;
ctx->digest = (digest_func) sha384_digest;
ctx->ctx_ptr = &ctx->ctx.sha384;
ctx->length = SHA384_DIGEST_SIZE;
break;
case GNUTLS_DIG_SHA512:
sha512_init (&ctx->ctx.sha512);
ctx->update = (update_func) sha512_update;
ctx->digest = (digest_func) sha512_digest;
ctx->ctx_ptr = &ctx->ctx.sha512;
ctx->length = SHA512_DIGEST_SIZE;
break;
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
*_ctx = ctx;
return 0;
}
void libmaus::digest::SHA2_384::init() { sha384_init(reinterpret_cast<sha384_ctx *>(ctx)); }
void mySHA384_Init(void *c) { sha384_init((sha384_ctx *)c); }
static int
__archive_nettle_sha384init(archive_sha384_ctx *ctx)
{
sha384_init(ctx);
return (ARCHIVE_OK);
}
static void sha384_init_thunk(union hash_ctx *ctx)
{
sha384_init(&ctx->ctx_sha384);
}
