/** * For a given client, calculate the master key and do key expansion * to determine the symmetric cypher key and IV salt, and hash key */ void calculate_client_keys(struct pr_group_list_t *group, int hostidx) { unsigned char *seed, *prf_buf; int explen, len, seedlen; struct pr_destinfo_t *dest; dest = &group->destinfo[hostidx]; explen = group->keylen + group->ivlen + group->hmaclen; seedlen = sizeof(group->rand1) * 2; seed = safe_calloc(seedlen, 1); prf_buf = safe_calloc(MASTER_LEN + explen + group->hmaclen, 1); memcpy(seed, group->rand1, sizeof(group->rand1)); memcpy(seed + sizeof(group->rand1), dest->rand2, sizeof(dest->rand2)); PRF(group->hashtype, MASTER_LEN, dest->premaster, dest->premaster_len, "master secret", seed, seedlen, prf_buf, &len); memcpy(dest->master,prf_buf, sizeof(dest->master)); PRF(group->hashtype, explen, dest->master, sizeof(dest->master), "key expansion", seed, seedlen, prf_buf, &len); memcpy(dest->hmackey, prf_buf, group->hmaclen); memcpy(dest->key, prf_buf + group->hmaclen, group->keylen); memcpy(dest->salt, prf_buf + group->hmaclen + group->keylen, group->ivlen); free(seed); free(prf_buf); }
static ELzma2State Lzma2Dec_UpdateState(CLzma2Dec *p, Byte b) { switch(p->state) { case LZMA2_STATE_CONTROL: p->control = b; PRF(printf("\n %4X ", p->decoder.dicPos)); PRF(printf(" %2X", b)); if (p->control == 0) return LZMA2_STATE_FINISHED; if (LZMA2_IS_UNCOMPRESSED_STATE(p)) { if ((p->control & 0x7F) > 2) return LZMA2_STATE_ERROR; p->unpackSize = 0; } else p->unpackSize = (UInt32)(p->control & 0x1F) << 16; return LZMA2_STATE_UNPACK0; case LZMA2_STATE_UNPACK0: p->unpackSize |= (UInt32)b << 8; return LZMA2_STATE_UNPACK1; case LZMA2_STATE_UNPACK1: p->unpackSize |= (UInt32)b; p->unpackSize++; PRF(printf(" %8d", p->unpackSize)); return (LZMA2_IS_UNCOMPRESSED_STATE(p)) ? LZMA2_STATE_DATA : LZMA2_STATE_PACK0; case LZMA2_STATE_PACK0: p->packSize = (UInt32)b << 8; return LZMA2_STATE_PACK1; case LZMA2_STATE_PACK1: p->packSize |= (UInt32)b; p->packSize++; PRF(printf(" %8d", p->packSize)); return LZMA2_IS_THERE_PROP(LZMA2_GET_LZMA_MODE(p)) ? LZMA2_STATE_PROP: (p->needInitProp ? LZMA2_STATE_ERROR : LZMA2_STATE_DATA); case LZMA2_STATE_PROP: { int lc, lp; if (b >= (9 * 5 * 5)) return LZMA2_STATE_ERROR; lc = b % 9; b /= 9; p->decoder.prop.pb = b / 5; lp = b % 5; if (lc + lp > LZMA2_LCLP_MAX) return LZMA2_STATE_ERROR; p->decoder.prop.lc = lc; p->decoder.prop.lp = lp; p->needInitProp = False; return LZMA2_STATE_DATA; } } return LZMA2_STATE_ERROR; }
void PRF_plus( u8 iter, u8 * key, u16 key_length, u8 * sequence, u16 sequence_length, u8 * result ){ u16 prf_size = EVP_MD_size((EVP_MD*) EVP_sha1()); u8 *temp = malloc(prf_size*sizeof(u8)); u8 *new_sequence = malloc((prf_size+sequence_length+1)*sizeof(u8)); u8 current_iter = 1; // New sequence = S | 0x01 memcpy(new_sequence, sequence, sequence_length); new_sequence[sequence_length] = current_iter; // Calculate T1 = prf(K, S | 0x01) = prf(K, new_sequence) PRF(key, key_length, new_sequence, sequence_length + 1, temp); // Insert into result memcpy(result, temp, prf_size); for (current_iter = 2; current_iter <= iter; current_iter++) { // New sequence = T | S | iter memcpy(new_sequence, temp,prf_size); memcpy(&new_sequence[prf_size], sequence, sequence_length); new_sequence[prf_size + sequence_length] = current_iter; // Calculate T1 = prf(K, S | 0x01) = prf(K, new_sequence) PRF(key, key_length, new_sequence, sequence_length + prf_size + 1, temp); // Insert into result memcpy(&result[ (current_iter - 1) * prf_size], temp, prf_size); } free(temp); free(new_sequence); }
int main(int argc, char* argv[]) { struct timeval tstart, tend; unsigned char output[64 + 20]; int32 usec; int j; memset(output, 0, 64); if (gettimeofday(&tstart, NULL)) exit(1); for (j = 0; j < NITER; j++) { fPRF(prf_vec[0].key, prf_vec[0].key_len, (const unsigned char *)"prefix", 6, prf_vec[0].data, prf_vec[0].data_len, output, 64); } if (gettimeofday(&tend, NULL)) exit(1); dprintf("fPRF", output, 64, 0); usec = tend.tv_usec - tstart.tv_usec; usec += 1000000 * (tend.tv_sec - tstart.tv_sec); printf("usec %d\n", usec); memset(output, 0, 64); if (gettimeofday(&tstart, NULL)) exit(1); for (j = 0; j < NITER; j++) { PRF(prf_vec[0].key, prf_vec[0].key_len, (const unsigned char *)"prefix", 6, prf_vec[0].data, prf_vec[0].data_len, output, 64); } if (gettimeofday(&tend, NULL)) exit(1); dprintf("PRF", output, 64, 0); usec = tend.tv_usec - tstart.tv_usec; usec += 1000000 * (tend.tv_sec - tstart.tv_sec); printf("usec %d\n", usec); memset(output, 0, 64); if (gettimeofday(&tstart, NULL)) exit(1); for (j = 0; j < NITER; j++) { fPRF(prf_vec[0].key, prf_vec[0].key_len, (const unsigned char *)"prefix", 6, prf_vec[0].data, prf_vec[0].data_len, output, 64); } if (gettimeofday(&tend, NULL)) exit(1); dprintf("fPRF", output, 64, 0); usec = tend.tv_usec - tstart.tv_usec; usec += 1000000 * (tend.tv_sec - tstart.tv_sec); printf("usec %d\n", usec); memset(output, 0, 64); if (gettimeofday(&tstart, NULL)) exit(1); for (j = 0; j < NITER; j++) { PRF(prf_vec[0].key, prf_vec[0].key_len, (unsigned char *)"prefix", 6, prf_vec[0].data, prf_vec[0].data_len, output, 64); } if (gettimeofday(&tend, NULL)) exit(1); dprintf("PRF", output, 64, 0); usec = tend.tv_usec - tstart.tv_usec; usec += 1000000 * (tend.tv_sec - tstart.tv_sec); printf("usec %d\n", usec); return (0); }
/*ARGSUSED*/ static int logiattach(dev_info_t *dip, ddi_attach_cmd_t cmd) { int unit; struct driver_minor_data *dmdp; struct strmseinfo *logiptr = 0; #ifdef LOGI_DEBUG if (logi_debug) { PRF("logiattach entry\n"); } #endif switch (cmd) { case DDI_ATTACH: unit = ddi_get_instance(dip); for (dmdp = logi_minor_data; dmdp->name != NULL; dmdp++) { if (ddi_create_minor_node(dip, dmdp->name, dmdp->type, dmdp->minor, DDI_PSEUDO, NULL) == DDI_FAILURE) { ddi_remove_minor_node(dip, NULL); ddi_prop_remove_all(dip); #ifdef LOGI_DEBUG if (logi_debug) PRF("logiattach: " "ddi_create_minor_node failed\n"); #endif return (DDI_FAILURE); } } logiunits[unit] = dip; /* allocate and initialize state structure */ logiptr = kmem_zalloc(sizeof (struct strmseinfo), KM_SLEEP); logiptr->state = 0; /* not opened */ ddi_set_driver_private(dip, logiptr); if (ddi_add_intr(dip, (uint_t)0, &logiptr->iblock, (ddi_idevice_cookie_t *)0, logiintr, (caddr_t)logiptr) != DDI_SUCCESS) { #ifdef LOGI_DEBUG if (logi_debug) PRF("logiattach: ddi_add_intr failed\n"); #endif cmn_err(CE_WARN, "logi: cannot add intr\n"); return (DDI_FAILURE); } mutex_init(&logiptr->lock, NULL, MUTEX_DRIVER, (void *)logiptr->iblock); ddi_report_dev(dip); return (DDI_SUCCESS); default: return (DDI_FAILURE); } }
int main(int argc, char* argv[]) { unsigned char digest[20]; unsigned char output[64 + 20]; int k, c, fail = 0; for (k = 0; k < NUM_VECTORS; k++) { printf("Test Vector %d:\n", k); hmac_sha1(prf_vec[k].data, prf_vec[k].data_len, prf_vec[k].key, prf_vec[k].key_len, digest); c = memcmp(digest, prf_vec[k].digest1, 20); dprintf("HMAC_SHA1", digest, 20, c); if (c) fail++; memset(output, 0, 64); if (PRF(prf_vec[k].key, prf_vec[k].key_len, prf_vec[k].prefix, prf_vec[k].prefix_len, prf_vec[k].data, prf_vec[k].data_len, output, 16)) fail++; c = memcmp(output, prf_vec[k].prf, 16); dprintf("PRF", output, 16, c); if (c) fail++; memset(output, 0, 64); if (fPRF(prf_vec[k].key, prf_vec[k].key_len, prf_vec[k].prefix, prf_vec[k].prefix_len, prf_vec[k].data, prf_vec[k].data_len, output, 16)) fail++; c = memcmp(output, prf_vec[k].prf, 16); dprintf("fPRF", output, 16, c); if (c) fail++; memset(output, 0, 64); if (PRF(prf_vec[k].key, prf_vec[k].key_len, prf_vec[k].prefix, prf_vec[k].prefix_len, prf_vec[k].data, prf_vec[k].data_len, output, 64)) fail++; c = memcmp(output, prf_vec[k].prf, 64); dprintf("PRF", output, 64, c); if (c) fail++; memset(output, 0, 64); if (fPRF(prf_vec[k].key, prf_vec[k].key_len, prf_vec[k].prefix, prf_vec[k].prefix_len, prf_vec[k].data, prf_vec[k].data_len, output, 64)) fail++; c = memcmp(output, prf_vec[k].prf, 64); dprintf("fPRF", output, 64, c); if (c) fail++; } fprintf(stderr, "%s: %s\n", *argv, fail?"FAILED":"PASSED"); return (fail); }
/* ARGSUSED */ static int logiinfo(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) { dev_t dev = (dev_t)arg; int unit; dev_info_t *devi; #ifdef LOGI_DEBUG if (logi_debug) PRF("logiinfo: call\n"); #endif if (((unit = LOGIUNIT(dev)) >= LOGI_MAXUNIT) || (devi = logiunits[unit]) == NULL) return (DDI_FAILURE); switch (infocmd) { case DDI_INFO_DEVT2DEVINFO: *result = (void *)devi; break; case DDI_INFO_DEVT2INSTANCE: *result = (void *)(uintptr_t)unit; break; default: return (DDI_FAILURE); } return (DDI_SUCCESS); }
uint256 PRF_addr(const uint252& a_sk, unsigned char t) { uint256 y; *(y.begin()) = t; return PRF(1, 1, 0, 0, a_sk, y); }
int MakeTlsMasterSecret(CYASSL* ssl) { int ret; byte seed[SEED_LEN]; XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); ret = PRF(ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, master_label, MASTER_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); if (ret != 0) return ret; #ifdef SHOW_SECRETS { int i; printf("master secret: "); for (i = 0; i < SECRET_LEN; i++) printf("%02x", ssl->arrays->masterSecret[i]); printf("\n"); } #endif return DeriveTlsKeys(ssl); }
void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) { const byte* side; byte handshake_hash[HSHASH_SZ]; word32 hashSz = FINISHED_SZ; #ifndef NO_OLD_TLS Md5Final(&ssl->hashMd5, handshake_hash); ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 if (ssl->specs.mac_algorithm <= sha256_mac) { Sha256Final(&ssl->hashSha256, handshake_hash); hashSz = SHA256_DIGEST_SIZE; } #endif #ifdef CYASSL_SHA384 if (ssl->specs.mac_algorithm == sha384_mac) { Sha384Final(&ssl->hashSha384, handshake_hash); hashSz = SHA384_DIGEST_SIZE; } #endif } if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) side = tls_client; else side = tls_server; PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); }
void TLSClient_Impl::handshake_finished_received(const void *data, int size) { if (conversation_state != cl_tls_state_receive_finished) throw Exception("TLS Expected server finished"); const int verify_data_size = 12; Secret server_verify_data(verify_data_size); copy_data(server_verify_data.get_data(), verify_data_size, data, size); Secret client_verify_data(verify_data_size); Secret md5_handshake_messages(16); Secret sha1_handshake_messages(20); server_handshake_md5_hash.calculate(); server_handshake_sha1_hash.calculate(); server_handshake_md5_hash.get_hash(md5_handshake_messages.get_data()); server_handshake_sha1_hash.get_hash(sha1_handshake_messages.get_data()); PRF(client_verify_data.get_data(), verify_data_size, security_parameters.master_secret, "server finished", md5_handshake_messages, sha1_handshake_messages); if (memcmp(client_verify_data.get_data(), server_verify_data.get_data(), verify_data_size)) throw Exception("TLS server finished verify data failed"); conversation_state = cl_tls_state_connected; }
/** * Sends a KEYINFO_ACK in response to a KEYINFO */ void send_keyinfo_ack(struct group_list_t *group) { unsigned char *buf, *encrypted; struct uftp_h *header; struct keyinfoack_h *keyinfo_ack; unsigned char *verifydata, *verify_hash, *verify_val; unsigned int payloadlen, hashlen; int verifylen, enclen, len; buf = safe_calloc(MAXMTU, 1); header = (struct uftp_h *)buf; keyinfo_ack = (struct keyinfoack_h *)(buf + sizeof(struct uftp_h)); set_uftp_header(header, KEYINFO_ACK, group); keyinfo_ack->func = KEYINFO_ACK; keyinfo_ack->hlen = sizeof(struct keyinfoack_h) / 4; verifydata = build_verify_data(group, &verifylen); if (!verifydata) { glog0(group, "Error getting verify data"); send_abort(group, "Error getting verify data"); free(buf); return; } verify_hash = safe_calloc(group->hmaclen, 1); verify_val = safe_calloc(VERIFY_LEN + group->hmaclen, 1); hash(group->hashtype, verifydata, verifylen, verify_hash, &hashlen); PRF(group->hashtype, VERIFY_LEN, group->groupmaster, sizeof(group->groupmaster), "client finished", verify_hash, hashlen, verify_val, &len); memcpy(keyinfo_ack->verify_data, verify_val, VERIFY_LEN); free(verifydata); free(verify_hash); free(verify_val); payloadlen = sizeof(struct keyinfoack_h); encrypted = NULL; if (!encrypt_and_sign(buf, &encrypted, payloadlen, &enclen, group->keytype, group->groupkey, group->groupsalt, &group->ivctr, group->ivlen, group->hashtype, group->grouphmackey, group->hmaclen,group->sigtype, group->keyextype, group->client_privkey,group->client_privkeylen)) { glog0(group, "Error encrypting KEYINFO_ACK"); free(buf); return; } payloadlen = enclen + sizeof(struct uftp_h); if (nb_sendto(listener, encrypted, payloadlen, 0, (struct sockaddr *)&(group->replyaddr), family_len(group->replyaddr)) == SOCKET_ERROR) { gsockerror(group, "Error sending KEYINFO_ACK"); } else { glog2(group, "KEYINFO_ACK sent"); } free(encrypted); free(buf); }
void SSL_Version_3_0::CalculateKeys(const SSL_varvector16 &mastersecret, SSL_CipherSpec *client, SSL_CipherSpec *server) { SSL_secure_varvector16 result; SSL_varvector32 random, random_c; //byte *result; const byte *source; uint32 keylen,keysize,ivsize,hashsize; SSL_GeneralCipher *clientcipher, *servercipher; clientcipher = client->Method; servercipher = server->Method; hashsize = client->MAC->Size(); keysize = clientcipher->KeySize(); ivsize = clientcipher->IVSize(); keylen = hashsize + keysize + ivsize; keylen += keylen; random.Concat(conn_state->server_random, conn_state->client_random); if(!PRF(result, keylen, mastersecret, random)) return; #ifdef TST_DUMP DumpTofile(result,keylen,"SSL Calckeys : keyblock","sslkeys.txt"); #endif source = result.GetDirect(); if(hashsize) { source = client->MAC->LoadSecret(source,hashsize); source = server->MAC->LoadSecret(source,hashsize); } if(keysize || ivsize) { SSL_Hash_Pointer t_md5(SSL_MD5); random_c.Concat(conn_state->client_random, conn_state->server_random); if(t_md5.ErrorRaisedFlag || random_c.ErrorRaisedFlag) return; if(keysize) { clientcipher->SetCipherDirection(SSL_Encrypt); servercipher->SetCipherDirection(SSL_Decrypt); source = LoadKeyData(t_md5, source, random_c, clientcipher, TRUE); source = LoadKeyData(t_md5, source, random, servercipher, TRUE); } if(ivsize) { source = LoadKeyData(t_md5, source, random_c, clientcipher, FALSE); source = LoadKeyData(t_md5, source, random, servercipher, FALSE); } } }
uint256 PRF_pk(const uint252& a_sk, size_t i0, const uint256& h_sig) { if ((i0 != 0) && (i0 != 1)) { throw std::domain_error("PRF_pk invoked with index out of bounds"); } return PRF(0, i0, 0, 0, a_sk, h_sig); }
uint256 PRF_rho(const uint252& phi, size_t i0, const uint256& h_sig) { if ((i0 != 0) && (i0 != 1)) { throw std::domain_error("PRF_rho invoked with index out of bounds"); } return PRF(0, i0, 1, 0, phi, h_sig); }
/** * Initialize crypto library, generate keys */ void key_init() { unsigned char *prf_buf; time_t t; uint32_t t2; int explen, len; if (keytype == KEY_NONE) { return; } set_sys_keys(sys_keys); get_key_info(keytype, &keylen, &ivlen); hmaclen = get_hash_len(hashtype); memset(groupkey, 0, sizeof(groupkey)); memset(groupsalt, 0, sizeof(groupsalt)); memset(grouphmackey, 0, sizeof(grouphmackey)); if (!get_random_bytes(groupmaster, sizeof(groupmaster))) { log(0, 0, "Failed to generate group master"); exit(1); } groupmaster[0] = UFTP_VER_NUM; if (!get_random_bytes(rand1, sizeof(rand1))) { log(0, 0, "Failed to generate rand1"); exit(1); } // Sets the first 4 bytes of rand1 to the current time t = time(NULL); t2 = (uint32_t)(t & 0xFFFFFFFF); *(uint32_t *)rand1 = t2; explen = hmaclen + keylen + ivlen; prf_buf = calloc(explen + hmaclen, 1); if (prf_buf == NULL) { syserror(0, 0, "calloc failed!"); exit(1); } PRF(hashtype, explen, groupmaster, sizeof(groupmaster), "key expansion", rand1, sizeof(rand1), prf_buf, &len); memcpy(grouphmackey, prf_buf, hmaclen); memcpy(groupkey, prf_buf + hmaclen, keylen); memcpy(groupsalt, prf_buf + hmaclen + keylen, ivlen); free(prf_buf); if ((!strcmp(keyfile, "")) || (newkeylen != 0)) { privkey = gen_RSA_key(newkeylen, RSA_EXP, keyfile); } else { privkey = read_RSA_key(keyfile); } if (!privkey) { log(0, 0, "Failed to read/generate private key"); exit(1); } rsalen = RSA_keylen(privkey); }
int _fini(void) { #ifdef DADK_DEBUG if (dadk_debug & DENT) PRF("dadk_fini: call\n"); #endif return (mod_remove(&modlinkage)); }
/** * Turn the premaster secret into an actual master secret (the * server side will do this concurrently) as specified in section 8.1: * master_secret = PRF( pre_master_secret, "master secret", * ClientHello.random + ServerHello.random ); * ( premaster_secret, parameters ); * Note that, with DH, the master secret len is determined by the generator (p) * value. */ static void compute_master_secret( const unsigned char *premaster_secret, int premaster_secret_len, TLSParameters *parameters ) { const char *label = "master secret"; PRF( premaster_secret, premaster_secret_len, label, strlen( label ), // Note - cheating, since client_random & server_random are defined // sequentially in the structure parameters->client_random, RANDOM_LENGTH * 2, parameters->master_secret, MASTER_SECRET_LENGTH ); }
/** * Handles an incoming KEYINFO_ACK message from a client */ void handle_keyinfo_ack(struct pr_group_list_t *group, int hostidx, const unsigned char *message, unsigned meslen) { const struct keyinfoack_h *keyinfoack; unsigned char *verifydata, *verify_hash, *verify_test; int verifylen, len, dupmsg; unsigned int hashlen; struct pr_destinfo_t *dest; keyinfoack = (const struct keyinfoack_h *)message; dest = &group->destinfo[hostidx]; if ((meslen < (keyinfoack->hlen * 4U)) || ((keyinfoack->hlen * 4U) < sizeof(struct keyinfoack_h))) { glog1(group, "Rejecting KEYINFO_ACK from %s: invalid message size", dest->name); send_downstream_abort(group, dest->id, "Invalid message size", 0); return; } if (!(verifydata = build_verify_data(group, hostidx, &verifylen,1))) { glog1(group, "Rejecting KEYINFO_ACK from %s: " "error exporting client public key", dest->name); return; } verify_hash = safe_calloc(group->hmaclen, 1); verify_test = safe_calloc(VERIFY_LEN + group->hmaclen, 1); hash(group->hashtype, verifydata, verifylen, verify_hash, &hashlen); PRF(group->hashtype, VERIFY_LEN, group->groupmaster, sizeof(group->groupmaster), "client finished", verify_hash, hashlen, verify_test, &len); if (memcmp(keyinfoack->verify_data, verify_test, VERIFY_LEN)) { glog1(group, "Rejecting KEYINFO_ACK from %s: verify data mismatch", dest->name); free(verifydata); free(verify_hash); free(verify_test); return; } free(verifydata); free(verify_hash); free(verify_test); dupmsg = (dest->state == PR_CLIENT_READY); glog2(group, "Received KEYINFO_ACK%s from %s", dupmsg ? "+" : "", dest->name); dest->state = PR_CLIENT_READY; if (!check_unfinished_clients(group, 0)) { group->phase = PR_PHASE_RECEIVING; } }
static int logiprobe(dev_info_t *dip) { int unit; #ifdef LOGI_DEBUG if (logi_debug) { PRF("logiprobe: entry\n"); } #endif unit = ddi_get_instance(dip); #ifdef LOGI_DEBUG if (logi_debug) PRF("unit is %x\n", unit); #endif if (unit >= LOGI_MAXUNIT || logiunits[unit]) return (DDI_PROBE_FAILURE); return (logiinit(dip)); }
/*ARGSUSED*/ static int logidetach(dev_info_t *dip, ddi_detach_cmd_t cmd) { dev_info_t *ldevi; struct strmseinfo *logiptr; int instance; switch (cmd) { case DDI_DETACH: /* * check if every instance can be unloaded before actually * starting to unload this one; this prevents the needless * detach/re-attach sequence */ for (instance = 0; instance < LOGI_MAXUNIT; instance++) { if (((ldevi = logiunits[instance]) == NULL) || (logiptr = ddi_get_driver_private(ldevi)) == NULL) continue; } /* * Undo what we did in logiattach & logiprobe, freeing resources * and removing things we installed. The system * framework guarantees we are not active with this devinfo * node in any other entry points at this time. */ instance = ddi_get_instance(dip); if ((instance >= LOGI_MAXUNIT) || (logiptr = ddi_get_driver_private(dip)) == NULL) return (DDI_FAILURE); logiunits[instance] = 0; ddi_prop_remove_all(dip); ddi_remove_minor_node(dip, NULL); mutex_destroy(&logiptr->lock); ddi_remove_intr(dip, 0, logiptr->iblock); kmem_free(logiptr, sizeof (struct strmseinfo)); return (DDI_SUCCESS); default: #ifdef LOGI_DEBUG if (logi_debug) { PRF("logidetach: cmd = %d unknown\n", cmd); } #endif return (DDI_FAILURE); } }
static void compute_verify_data( const char *finished_label, TLSParameters *parameters, char *verify_data ) { unsigned char handshake_hash[ ( MD5_RESULT_SIZE * sizeof( int ) ) + ( SHA1_RESULT_SIZE * sizeof( int ) ) ]; compute_handshake_hash( parameters, handshake_hash ); PRF( parameters->master_secret, MASTER_SECRET_LENGTH, finished_label, strlen( finished_label ), handshake_hash, MD5_RESULT_SIZE * sizeof( int ) + SHA1_RESULT_SIZE * sizeof( int ), verify_data, VERIFY_DATA_LEN ); }
/* * Generate keys according to RFC 2716 and add to reply */ void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label) { uint8_t out[4 * EAPTLS_MPPE_KEY_LEN]; uint8_t *p; size_t prf_size; if (!s->s3) { ERROR("No SSLv3 information"); return; } prf_size = strlen(prf_label); #if OPENSSL_VERSION_NUMBER >= 0x10001000L if (SSL_export_keying_material(s, out, sizeof(out), prf_label, prf_size, NULL, 0, 0) != 1) { ERROR("Failed generating keying material"); return; } #else { uint8_t seed[64 + (2 * SSL3_RANDOM_SIZE)]; uint8_t buf[4 * EAPTLS_MPPE_KEY_LEN]; p = seed; memcpy(p, prf_label, prf_size); p += prf_size; memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; prf_size += SSL3_RANDOM_SIZE; memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); prf_size += SSL3_RANDOM_SIZE; PRF(s->session->master_key, s->session->master_key_length, seed, prf_size, out, buf, sizeof(out)); } #endif p = out; eap_add_reply(request, "MS-MPPE-Recv-Key", p, EAPTLS_MPPE_KEY_LEN); p += EAPTLS_MPPE_KEY_LEN; eap_add_reply(request, "MS-MPPE-Send-Key", p, EAPTLS_MPPE_KEY_LEN); eap_add_reply(request, "EAP-MSK", out, 64); eap_add_reply(request, "EAP-EMSK", out + 64, 64); }
int DeriveTlsKeys(SSL* ssl) { int length = 2 * ssl->specs.hash_size + 2 * ssl->specs.key_size + 2 * ssl->specs.iv_size; byte seed[SEED_LEN]; byte key_data[MAX_PRF_DIG]; XMEMCPY(seed, ssl->arrays.serverRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays.clientRandom, RAN_LEN); PRF(key_data, length, ssl->arrays.masterSecret, SECRET_LEN, key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl)); return StoreKeys(ssl, key_data); }
/* Used by EAP-TLS and EAP-TTLS to derive keying material from * the master_secret. */ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len, const char* label) { byte seed[SEED_LEN]; /* * As per RFC-5281, the order of the client and server randoms is reversed * from that used by the TLS protocol to derive keys. */ XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); return PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, (const byte *)label, (word32)strlen(label), seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); }
void SSL_Version_3_0::CalculateMasterSecret(SSL_secure_varvector16 &mastersecret, const SSL_secure_varvector16 &premaster) { #ifdef TST_DUMP DumpTofile(premaster,premaster.GetLength(),"SSL Master : premaster","sslkeys.txt"); #endif SSL_secure_varvector32 random; random.Concat(conn_state->client_random, conn_state->server_random); if(!PRF(mastersecret, SSL_MASTER_SECRET_SIZE, premaster, random)) mastersecret.Resize(0); #ifdef TST_DUMP DumpTofile(mastersecret,SSL_MASTER_SECRET_SIZE,"SSL Calcmaster : ","sslkeys.txt"); #endif }
/* * Same as before, but for EAP-FAST the order of {server,client}_random is flipped */ void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_t size, char const *prf_label) { uint8_t seed[128 + 2*SSL3_RANDOM_SIZE]; uint8_t *p = seed; size_t len; len = strlen(prf_label); if (len > 128) len = 128; memcpy(p, prf_label, len); p += len; memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; PRF(s->session->master_key, s->session->master_key_length, seed, p - seed, buffer, scratch, size); }
int main( int argc, char *argv[ ] ) { unsigned char *output; int out_len, i; int secret_len; int label_len; int seed_len; unsigned char *secret; unsigned char *label; unsigned char *seed; if ( argc < 5 ) { fprintf( stderr, "usage: %s [0x]<secret> [0x]<label> [0x]<seed> <output len>\n", argv[ 0 ] ); exit( 0 ); } secret_len = hex_decode( argv[ 1 ], &secret ); label_len = hex_decode( argv[ 2 ], &label ); seed_len = hex_decode( argv[ 3 ], &seed ); out_len = atoi( argv[ 4 ] ); output = ( unsigned char * ) malloc( out_len ); PRF( secret, secret_len, label, label_len, seed, seed_len, output, out_len ); for ( i = 0; i < out_len; i++ ) { printf( "%.02x", output[ i ] ); } printf( "\n" ); free( secret ); free( label ); free( seed ); free( output ); return 0; }
/* ======================================================================== Routine Description: Generate random number by software. Arguments: pAd - pointer to our pAdapter context macAddr - pointer to local MAC address Return Value: Note: 802.1ii-2004 Annex H.5 ======================================================================== */ VOID GenRandom( IN PRTMP_ADAPTER pAd, IN UCHAR *macAddr, OUT UCHAR *random) { INT i, curr; UCHAR local[80], KeyCounter[32]; UCHAR result[80]; ULONG CurrentTime; UCHAR prefix[] = {'I', 'n', 'i', 't', ' ', 'C', 'o', 'u', 'n', 't', 'e', 'r'}; // Zero the related information NdisZeroMemory(result, 80); NdisZeroMemory(local, 80); NdisZeroMemory(KeyCounter, 32); for (i = 0; i < 32; i++) { // copy the local MAC address COPY_MAC_ADDR(local, macAddr); curr = MAC_ADDR_LEN; // concatenate the current time NdisGetSystemUpTime(&CurrentTime); NdisMoveMemory(&local[curr], &CurrentTime, sizeof(CurrentTime)); curr += sizeof(CurrentTime); // concatenate the last result NdisMoveMemory(&local[curr], result, 32); curr += 32; // concatenate a variable NdisMoveMemory(&local[curr], &i, 2); curr += 2; // calculate the result PRF(KeyCounter, 32, prefix,12, local, curr, result, 32); } NdisMoveMemory(random, result, 32); }
/* * Generate the TTLS challenge * * It's in the TLS module simply because it's only a few lines * of code, and it needs access to the TLS PRF functions. */ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size) { uint8_t out[32], buf[32]; uint8_t seed[sizeof(EAPTLS_PRF_CHALLENGE)-1 + 2*SSL3_RANDOM_SIZE]; uint8_t *p = seed; if (!s->s3) { radlog(L_ERR, "ERROR: OpenSSL build / link incompatibility detected"); return; } memcpy(p, EAPTLS_PRF_CHALLENGE, sizeof(EAPTLS_PRF_CHALLENGE)-1); p += sizeof(EAPTLS_PRF_CHALLENGE)-1; memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); PRF(s->session->master_key, s->session->master_key_length, seed, sizeof(seed), out, buf, sizeof(out)); memcpy(buffer, out, size); }