Example #1
0
File: rsa_pmeth.c Project: 5y/node
static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
{
    RSA_PKEY_CTX *rctx = ctx->data;
    RSA *rsa = ctx->pkey->pkey.rsa;
    int rv = -1;
    if (!FIPS_mode())
        return 0;
    if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
        rv = 0;
    if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
        return -1;
    if (rctx->md) {
        const EVP_MD *fmd;
        fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md));
        if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
            return rv;
    }
    if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) {
        const EVP_MD *fmd;
        fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md));
        if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
            return rv;
    }
    return 1;
}
Example #2
0
const EVP_MD *evp_get_fips_md(const EVP_MD *md)
{
    int nid = EVP_MD_type(md);
    if (nid == NID_dsa)
        return FIPS_evp_dss1();
    else if (nid == NID_dsaWithSHA)
        return FIPS_evp_dss();
    else if (nid == NID_ecdsa_with_SHA1)
        return FIPS_evp_ecdsa();
    else
        return FIPS_get_digestbynid(nid);
}
Example #3
0
/*
 * SHA
 */
jlong Java_org_keysupport_provider_SHA_jniInit(JNIEnv *env, jobject obj, jint jmdid) {

//	LOGD("entering SHA_jniInit");

	EVP_MD_CTX *ctx = 0;
	const EVP_MD *md;

	if (!(ctx = (EVP_MD_CTX *) malloc(sizeof(EVP_MD_CTX)))) {
		throw_exception(env, "java/lang/RuntimeException", "allocating EVP_MD_CTX");
		free(ctx);
		return (0);
	}

	md = FIPS_get_digestbynid(jmdid);
	ctx = EVP_MD_CTX_create();
	FIPS_digestinit(ctx, md);

//	LOGD("leaving SHA_jniInit");

	return ((long) ctx);

}
Example #4
0
jint Java_org_keysupport_provider_ECDSASignature_jniVerifyFinal(JNIEnv *env,
		jobject obj, jbyteArray jmsg, jint jmdid, jbyteArray jsig) {

//	LOGD("entering ECDSASignature_jniVerifyFinal");

	EC_Ctx *ec;
	EVP_MD_CTX *ctx = 0;
	const EVP_MD *md;
	jsize msgLen = 0;
	jsize sigLen = 0;
	const unsigned char *sig_ptr = NULL;

	if (!(ec = get_ptr(env, obj))) {
		LOGE("Failed to obtain key pointer");
		return 0;
	}
	if (!(ctx = (EVP_MD_CTX *) malloc(sizeof(EVP_MD_CTX)))) {
		throw_exception(env, "java/lang/RuntimeException",
				"allocating EVP_MD_CTX");
		destroy_ec_ctx(ec);
		FIPS_md_ctx_destroy(ctx);
		return 0;
	}
	md = FIPS_get_digestbynid(jmdid);
	ctx = EVP_MD_CTX_create();
	msgLen = (*env)->GetArrayLength(env, jmsg);
	sigLen = (*env)->GetArrayLength(env, jsig);
	jbyte msg[msgLen];
	jbyte sig[sigLen];
	(*env)->GetByteArrayRegion(env, jmsg, 0, msgLen, msg);
	(*env)->GetByteArrayRegion(env, jsig, 0, sigLen, sig);
	sig_ptr = sig;
	ECDSA_SIG *esig = d2i_ECDSA_SIG(NULL, &sig_ptr, sigLen);
	FIPS_digestinit(ctx, md);
	int ok = FIPS_ecdsa_verify(ec->ec, msg, msgLen, md, esig);
	/*
	 * This is handled a bit differently than the way OpenSSL
	 * handles RSA Signatures, so our error handling below is a bit different.
	 *
	 *  returns
	 *      1: correct signature
	 *      0: incorrect signature
	 *     -1: error
	 */
//	LOGD("FIPS_ecdsa_verify Returned: %d\n", ok);
	FIPS_md_ctx_destroy(ctx);
	FIPS_ecdsa_sig_free(esig);
	if (ok == 0) {
		throw_exception(env, "java/security/SignatureException",
				"Bad Signature");
		return 0;
	} else if (ok == -1) {
		/*
		 * TODO:  Print any pending errors
		 * ERR_print_errors_fp(ANDROID_LOG_ERROR);
		 */
		ERR_load_crypto_strings();
		LOGE("%s", ERR_error_string(ERR_peek_error(), NULL));
		throw_exception(env, "java/security/SignatureException",
				"jniVerifyFinal fail");
		ERR_free_strings();
		return 0;
	}

//	LOGD("leaving ECDSASignature_jniVerifyFinal");

	return ok;

}
Example #5
0
jint Java_org_keysupport_provider_RSASignature_jniVerifyFinal(JNIEnv *env,
		jobject obj, jbyteArray jmsg, jint jmdid, jint jpadMode,
		jbyteArray jsig) {

//	LOGD("entering RSASignature_jniVerifyFinal");

	jsize msgLen = 0;
	jsize sigLen = 0;
	RSA_Ctx *rsa;
	EVP_MD_CTX *ctx = 0;
	const EVP_MD *md;
	const EVP_MD *mdMgf;
	int saltLen = 0;

	LOGI("FIPS Mode of operation: %d\n", FIPS_mode());

	if (!(rsa = get_ptr(env, obj))) {
		throw_exception(env,"java/lang/RuntimeException", "obtaining RSA_Ctx");
		return 0;
	}
	if (jpadMode == RSA_PKCS1_PADDING) {
//		LOGD("RSA PKCS#1 v1.5 Padding");
	} else if (jpadMode == RSA_PKCS1_PSS_PADDING) {
//		LOGD("RSA PSS Padding");
		mdMgf = FIPS_get_digestbynid(jmdid);
		saltLen = EVP_MD_size(mdMgf);
	}
	if (!(ctx = (EVP_MD_CTX *) malloc(sizeof(EVP_MD_CTX)))) {
		throw_exception(env, "java/lang/RuntimeException", "allocating EVP_MD_CTX");
		destroy_rsa_ctx(rsa);
		FIPS_md_ctx_destroy(ctx);
		return 0;
	}
	md = FIPS_get_digestbynid(jmdid);
	ctx = EVP_MD_CTX_create();
	msgLen = (*env)->GetArrayLength(env, jmsg);
	sigLen = (*env)->GetArrayLength(env, jsig);
	jbyte msg[msgLen];
	jbyte sig[sigLen];
	(*env)->GetByteArrayRegion(env, jmsg, 0, msgLen, msg);
	(*env)->GetByteArrayRegion(env, jsig, 0, sigLen, sig);
	FIPS_digestinit(ctx, md);
	int ok = FIPS_rsa_verify(rsa->rsa, msg, msgLen, md, jpadMode, saltLen,
			mdMgf, sig, sigLen);
//	LOGD("FIPS_rsa_verify Returned: %d\n", ok);
	FIPS_md_ctx_destroy(ctx);
	if (ok == 0) {
		/*
		 * TODO:  Print any pending errors
		 * ERR_print_errors_fp(ANDROID_LOG_ERROR);
		 */
		ERR_load_crypto_strings();
		LOGE("%s\n", ERR_error_string(ERR_peek_error(), NULL));
		throw_exception(env, "java/security/SignatureException",
				"Bad Signature");
		ERR_free_strings();
		return 0;
	}

//	LOGD("leaving RSASignature_jniVerifyFinal");

	return ok;

}
Example #6
0
File: hmac.c Project: Orav/kbengine
int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                 const EVP_MD *md, ENGINE *impl)
{
    int i, j, reset = 0;
    unsigned char pad[HMAC_MAX_MD_CBLOCK];

#ifdef OPENSSL_FIPS
    /* If FIPS mode switch to approved implementation if possible */
    if (FIPS_mode()) {
        const EVP_MD *fipsmd;
        if (md) {
            fipsmd = FIPS_get_digestbynid(EVP_MD_type(md));
            if (fipsmd)
                md = fipsmd;
        }
    }

    if (FIPS_mode()) {
        /* If we have an ENGINE need to allow non FIPS */
        if ((impl || ctx->i_ctx.engine)
            && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
            EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
            return 0;
        }
        /*
         * Other algorithm blocking will be done in FIPS_cmac_init, via
         * FIPS_hmac_init_ex().
         */
        if (!impl && !ctx->i_ctx.engine)
            return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
    }
#endif
    /* If we are changing MD then we must have a key */
    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
        return 0;

    if (md != NULL) {
        reset = 1;
        ctx->md = md;
    } else if (ctx->md) {
        md = ctx->md;
    } else {
        return 0;
    }

    if (key != NULL) {
        reset = 1;
        j = EVP_MD_block_size(md);
        OPENSSL_assert(j <= (int)sizeof(ctx->key));
        if (j < len) {
            if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
                goto err;
            if (!EVP_DigestUpdate(&ctx->md_ctx, key, len))
                goto err;
            if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key,
                                    &ctx->key_length))
                goto err;
        } else {
            if (len < 0 || len > (int)sizeof(ctx->key))
                return 0;
            memcpy(ctx->key, key, len);
            ctx->key_length = len;
        }
        if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
            memset(&ctx->key[ctx->key_length], 0,
                   HMAC_MAX_MD_CBLOCK - ctx->key_length);
    }

    if (reset) {
        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
            pad[i] = 0x36 ^ ctx->key[i];
        if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl))
            goto err;
        if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)))
            goto err;

        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
            pad[i] = 0x5c ^ ctx->key[i];
        if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl))
            goto err;
        if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)))
            goto err;
    }
    if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx))
        goto err;
    return 1;
 err:
    return 0;
}