int _hash_my_key(QSP_ARG_DECL void **vpp,const char *key,int key_len) { unsigned char *digest; unsigned char *storage; int i; int need_size; // get required digest size need_size = gcry_md_get_algo_dlen(the_hash_algo); storage = getbuf(need_size); for(i=0;i<key_len;i++){ gcry_md_putc(my_hash_hdl,key[i]); } gcry_md_final(my_hash_hdl); digest = gcry_md_read(my_hash_hdl,0); memcpy(storage,digest,need_size); *vpp = storage; gcry_md_reset(my_hash_hdl); // to compute a second hash // or we could close? // return the length of the hash // For SHA256, this is 32 return the_hash_len; }
/* Return an allocated buffer with the formatted fingerprint as one large hexnumber. This version inserts the usual colons. */ char * get_fingerprint_hexstring_colon (ksba_cert_t cert) { unsigned char digest[20]; gcry_md_hd_t md; int rc; char *buf; int i; rc = gcry_md_open (&md, GCRY_MD_SHA1, 0); if (rc) log_fatal (_("gcry_md_open failed: %s\n"), gpg_strerror (rc)); rc = ksba_cert_hash (cert, 0, HASH_FNC, md); if (rc) { log_error (_("oops: ksba_cert_hash failed: %s\n"), gpg_strerror (rc)); memset (digest, 0xff, 20); /* Use a dummy value. */ } else { gcry_md_final (md); memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20); } gcry_md_close (md); buf = xmalloc (61); *buf = 0; for (i=0; i < 20; i++ ) sprintf (buf+strlen(buf), "%02X:", digest[i]); buf[strlen(buf)-1] = 0; /* Remove railing colon. */ return buf; }
/* deterministically generate from seed/idx a string of buflen pseudorandom bytes */ static void det_randomize(void *buf, size_t buflen, const void *seed, size_t seedlen, uint32_t idx) { gcry_md_hd_t hd, hd2; size_t olen, cpylen; uint32_t ctr; olen = gcry_md_get_algo_dlen(RND_HASH); gcry_md_open(&hd, RND_HASH, 0); gcry_md_write(hd, seed, seedlen); gcry_md_putc(hd, (idx >> 24) & 0xff); gcry_md_putc(hd, (idx >> 16) & 0xff); gcry_md_putc(hd, (idx >> 8) & 0xff); gcry_md_putc(hd, (idx >> 0) & 0xff); for (ctr = 0; buflen; ctr++) { gcry_md_copy(&hd2, hd); gcry_md_putc(hd2, (ctr >> 24) & 0xff); gcry_md_putc(hd2, (ctr >> 16) & 0xff); gcry_md_putc(hd2, (ctr >> 8) & 0xff); gcry_md_putc(hd2, (ctr >> 0) & 0xff); gcry_md_final(hd2); cpylen = (buflen < olen) ? buflen : olen; memcpy(buf, gcry_md_read(hd2, RND_HASH), cpylen); gcry_md_close(hd2); buf += cpylen; buflen -= cpylen; } gcry_md_close(hd); }
char * get_hmac(char * cipher, char * key, size_t length){ /* Generating hmac from the encrypted content GCRY_MD_SHA512 - Algo flags or of GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC indicating that its secure mode and we need HMAC */ gcry_error_t err; gcry_md_hd_t hm; err = gcry_md_open(&hm, GCRY_MD_SHA512, GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC); if(err != GPG_ERR_NO_ERROR){ printf ("Error at opening handle for hmac: %s\n",gcry_strerror(err)); exit(-1); } err = gcry_md_enable(hm,GCRY_MD_SHA512); err = gcry_md_setkey(hm, key,KEYLENGTH_SHA ); if(err != GPG_ERR_NO_ERROR){ printf ("Error at setting key: %s\n",gcry_strerror(err)); exit(-1); } // generating the HMAC using the cipher text gcry_md_write(hm,cipher,length); gcry_md_final(hm); // printf("\nlength: %lu\n",length); char * hmac; hmac = gcry_md_read(hm , GCRY_MD_SHA512 ); if(hmac == NULL ){ printf ("hmac null ?\n"); // exit(-1); } // print_buf(hmac,64); // debug // printf("hmac length : %lu\n",strlen(hmac)); // debug to check hmac length should be 64 return hmac; }
int GWEN_MDigest_Gc_End(GWEN_MDIGEST *md) { GWEN_MDIGEST_GC *xmd; uint8_t *p; unsigned int len; assert(md); xmd=GWEN_INHERIT_GETDATA(GWEN_MDIGEST, GWEN_MDIGEST_GC, md); assert(xmd); gcry_md_final(xmd->handle); len=gcry_md_get_algo_dlen(xmd->algo); if (len<1) { DBG_INFO(GWEN_LOGDOMAIN, "gcry_md_get_algo_dlen(): %d", len); gcry_md_close(xmd->handle); xmd->isOpen=0; return GWEN_ERROR_GENERIC; } p=(uint8_t*)malloc(len); assert(p); memmove(p, gcry_md_read(xmd->handle, xmd->algo), len); GWEN_MDigest_SetDigestBuffer(md, p, len); gcry_md_close(xmd->handle); xmd->isOpen=0; return 0; }
std::vector<unsigned char> User::generateWHIRLPOOL(const std::string& password, std::vector<unsigned char>& salt) { std::vector<char> passwordBytes; passwordBytes.insert(passwordBytes.begin(), password.begin(), password.end()); if(salt.empty()) { std::random_device rd; std::default_random_engine generator(rd()); std::uniform_int_distribution<unsigned char> distribution(0, 255); auto randByte = std::bind(distribution, generator); for(uint32_t i = 0; i < 16; ++i) salt.push_back(randByte()); } passwordBytes.insert(passwordBytes.end(), salt.begin(), salt.end()); gcry_error_t result; gcry_md_hd_t stribogHandle = nullptr; if((result = gcry_md_open(&stribogHandle, GCRY_MD_WHIRLPOOL, 0)) != GPG_ERR_NO_ERROR) { GD::out.printError("Could not initialize WHIRLPOOL handle: " + GD::bl->hf.getGCRYPTError(result)); return std::vector<unsigned char>(); } gcry_md_write(stribogHandle, &passwordBytes.at(0), passwordBytes.size()); gcry_md_final(stribogHandle); uint8_t* digest = gcry_md_read(stribogHandle, GCRY_MD_WHIRLPOOL); if(!digest) { GD::out.printError("Could not generate WHIRLPOOL of password: " + GD::bl->hf.getGCRYPTError(result)); gcry_md_close(stribogHandle); return std::vector<unsigned char>(); } std::vector<unsigned char> keyBytes(digest, digest + gcry_md_get_algo_dlen(GCRY_MD_WHIRLPOOL)); gcry_md_close(stribogHandle); return keyBytes; }
int rasqal_digest_buffer(rasqal_digest_type type, unsigned char *output, const unsigned char * const input, size_t len) { gcry_md_hd_t hash; enum gcry_md_algos algo; unsigned int output_len; if(type > RASQAL_DIGEST_LAST) return -1; algo = rasqal_digest_to_gcry_md_algos[type]; if(algo == GCRY_MD_NONE) return -1; output_len = gcry_md_get_algo_dlen(algo); if(!input) return output_len; if(gcry_md_open(&hash, algo, 0)) return -1; gcry_md_write(hash, input, len); gcry_md_final(hash); memcpy(output, gcry_md_read(hash, algo), output_len); gcry_md_close(hash); return output_len; }
/** * cdk_pk_get_fingerprint: * @pk: the public key * @fpr: the buffer to hold the fingerprint * * Return the fingerprint of the given public key. * The buffer must be at least 20 octets. * This function should be considered deprecated and * the new cdk_pk_to_fingerprint() should be used whenever * possible to avoid overflows. **/ cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte *fpr) { gcry_md_hd_t hd; int md_algo; int dlen = 0; gcry_error_t err; if (!pk || !fpr) return CDK_Inv_Value; if (pk->version < 4 && is_RSA (pk->pubkey_algo)) md_algo = GCRY_MD_MD5; /* special */ else md_algo = GCRY_MD_SHA1; dlen = gcry_md_get_algo_dlen (md_algo); err = gcry_md_open (&hd, md_algo, 0); if (err) return map_gcry_error (err); _cdk_hash_pubkey (pk, hd, 1); gcry_md_final (hd); memcpy (fpr, gcry_md_read (hd, md_algo), dlen); gcry_md_close (hd); if (dlen == 16) memset (fpr + 16, 0, 4); return 0; }
/********************************************************************* * * DES KW implementation * *********************************************************************/ static int xmlSecGCryptKWDes3Sha1(void * context, const xmlSecByte * in, xmlSecSize inSize, xmlSecByte * out, xmlSecSize outSize) { xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context; gcry_md_hd_t digestCtx; unsigned char * res; unsigned int len; gcry_error_t err; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(in != NULL, -1); xmlSecAssert2(inSize > 0, -1); xmlSecAssert2(out != NULL, -1); xmlSecAssert2(outSize > 0, -1); len = gcry_md_get_algo_dlen(GCRY_MD_SHA1); xmlSecAssert2(outSize >= len, -1); err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_md_open(GCRY_MD_SHA1)", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GCRYPT_REPORT_ERROR(err)); return(-1); } gcry_md_write(digestCtx, in, inSize); err = gcry_md_final(digestCtx); if(err != GPG_ERR_NO_ERROR) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_md_final", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GCRYPT_REPORT_ERROR(err)); gcry_md_close(digestCtx); return(-1); } res = gcry_md_read(digestCtx, GCRY_MD_SHA1); if(res == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_md_read(GCRY_MD_SHA1)", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); gcry_md_close(digestCtx); return(-1); } /* done */ xmlSecAssert2(outSize >= len, -1); memcpy(out, res, len); gcry_md_close(digestCtx); return(len); }
/* Return the fingerprint of the certificate (we can't put this into libksba because we need libgcrypt support). The caller must provide an array of sufficient length or NULL so that the function allocates the array. If r_len is not NULL, the length of the digest is returned; well, this can also be done by using gcry_md_get_algo_dlen(). If algo is 0, a SHA-1 will be used. If there is a problem , the function does never return NULL but a digest of all 0xff. */ unsigned char * gpgsm_get_fingerprint (ksba_cert_t cert, int algo, unsigned char *array, int *r_len) { gcry_md_hd_t md; int rc, len; if (!algo) algo = GCRY_MD_SHA1; len = gcry_md_get_algo_dlen (algo); assert (len); if (!array) array = xmalloc (len); if (r_len) *r_len = len; /* Fist check whether we have cached the fingerprint. */ if (algo == GCRY_MD_SHA1) { size_t buflen; assert (len >= 20); if (!ksba_cert_get_user_data (cert, "sha1-fingerprint", array, len, &buflen) && buflen == 20) return array; } /* No, need to compute it. */ rc = gcry_md_open (&md, algo, 0); if (rc) { log_error ("md_open failed: %s\n", gpg_strerror (rc)); memset (array, 0xff, len); /* better return an invalid fpr than NULL */ return array; } rc = ksba_cert_hash (cert, 0, HASH_FNC, md); if (rc) { log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc)); gcry_md_close (md); memset (array, 0xff, len); /* better return an invalid fpr than NULL */ return array; } gcry_md_final (md); memcpy (array, gcry_md_read(md, algo), len ); gcry_md_close (md); /* Cache an SHA-1 fingerprint. */ if ( algo == GCRY_MD_SHA1 ) ksba_cert_set_user_data (cert, "sha1-fingerprint", array, 20); return array; }
static void bench_hash_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { gcry_md_hd_t hd = obj->priv; gcry_md_reset (hd); gcry_md_write (hd, buf, buflen); gcry_md_final (hd); }
void digestsha1(const struct iovec *iov, int iovcnt, void *dest) { gcry_md_hd_t c; int i; gcry_md_open(&c, GCRY_MD_SHA1, 0); for (i = 0; i < iovcnt; i++) gcry_md_write(c, iov[i].iov_base, iov[i].iov_len); gcry_md_final(c); memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1)); }
gchar * xfce_mailwatch_cram_md5(const gchar *username, const gchar *password, const gchar *challenge_base64) { #ifdef HAVE_SSL_SUPPORT gchar challenge[2048]; gsize len, username_len; gcry_md_hd_t hmac_md5; gchar *response, *response_base64 = NULL; g_return_val_if_fail(username && *username && password && *password && challenge_base64 && *challenge_base64, NULL); len = xfce_mailwatch_base64_decode(challenge_base64, (guchar *)challenge, sizeof(challenge) - 1); if(len <= 0) return NULL; challenge[len] = 0; DBG("challenge is \"%s\"\n", challenge); if(gcry_md_open(&hmac_md5, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR) return NULL; gcry_md_setkey(hmac_md5, password, strlen(password)); gcry_md_write(hmac_md5, challenge, len); gcry_md_final(hmac_md5); username_len = strlen(username); /* username + a space + MD5 in hex + null */ response = g_malloc0(username_len + 1 + gcry_md_get_algo_dlen(GCRY_MD_MD5)*2 + 1); strcpy(response, username); response[username_len] = ' '; bin2hex(response + username_len + 1, gcry_md_read(hmac_md5, GCRY_MD_MD5), gcry_md_get_algo_dlen(GCRY_MD_MD5)); gcry_md_close(hmac_md5); DBG("response before base64: %s\n", response); if(xfce_mailwatch_base64_encode((guchar *)response, strlen(response), &response_base64) <= 0) { g_free(response_base64); response_base64 = NULL; } g_free(response); return response_base64; #else g_warning("CRAM-MD5 computation unavailable: libmailwatch was not compiled with gnutls support."); return NULL; #endif }
void sha256_block32(const uint8_t *in, uint8_t *out) { gcry_md_hd_t hd; gcry_error_t gerr; gerr = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_SECURE); if (gerr != GPG_ERR_NO_ERROR) gcrypt_fatal(gerr); gcry_md_write(hd, in, 32); gcry_md_final(hd); memmove(out, gcry_md_read(hd, 0), 32); gcry_md_close(hd); }
void finish_running_checksum(struct running_checksum *c, unsigned char *digest) { unsigned char *gcry_digest; /* gcry_md_read() does this implicitly */ gcry_md_final(c->hd); gcry_digest = gcry_md_read(c->hd, 0); memcpy(digest, gcry_digest, digest_len); gcry_md_close(c->hd); free(c); }
/**************** * This filter is used to en/de-cipher data with a conventional algorithm */ int cipher_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) { size_t size = *ret_len; cipher_filter_context_t *cfx = opaque; int rc=0; if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */ rc = -1; /* not yet used */ } else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */ assert(a); if( !cfx->header ) { write_header( cfx, a ); } if (cfx->mdc_hash) gcry_md_write (cfx->mdc_hash, buf, size); gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0); rc = iobuf_write( a, buf, size ); } else if( control == IOBUFCTRL_FREE ) { if( cfx->mdc_hash ) { byte *hash; int hashlen = gcry_md_get_algo_dlen (gcry_md_get_algo (cfx->mdc_hash)); byte temp[22]; assert( hashlen == 20 ); /* We must hash the prefix of the MDC packet here. */ temp[0] = 0xd3; temp[1] = 0x14; gcry_md_putc (cfx->mdc_hash, temp[0]); gcry_md_putc (cfx->mdc_hash, temp[1]); gcry_md_final (cfx->mdc_hash); hash = gcry_md_read (cfx->mdc_hash, 0); memcpy(temp+2, hash, 20); gcry_cipher_encrypt (cfx->cipher_hd, temp, 22, NULL, 0); gcry_md_close (cfx->mdc_hash); cfx->mdc_hash = NULL; if( iobuf_write( a, temp, 22 ) ) log_error("writing MDC packet failed\n" ); } gcry_cipher_close (cfx->cipher_hd); } else if( control == IOBUFCTRL_DESC ) { *(char**)buf = "cipher_filter"; } return rc; }
static int hmac_fdigest(lua_State *L) { HANDLER_HMAC c; size_t written = 0; const char *t = luaL_checkstring(L, 1); size_t s_len; const char *s = luaL_checklstring(L, 2, &s_len); size_t k_len; const char *k = luaL_checklstring(L, 3, &k_len); DIGEST_TYPE type = DIGEST_BY_NAME(t); #if CRYPTO_OPENSSL unsigned char digest[EVP_MAX_MD_SIZE]; #elif CRYPTO_GCRYPT unsigned char *digest; #endif if (IS_DIGEST_INVALID(type)) { luaL_argerror(L, 1, "invalid digest type"); return 0; } #if CRYPTO_OPENSSL HMAC_CTX_init(&c); HMAC_Init_ex(&c, k, k_len, type, NULL); HMAC_Update(&c, (unsigned char *)s, s_len); HMAC_Final(&c, digest, &written); #elif CRYPTO_GCRYPT gcry_md_open(&c, type, GCRY_MD_FLAG_HMAC); gcry_md_setkey(c, k, k_len); gcry_md_write(c, s, s_len); gcry_md_final(c); digest = gcry_md_read(c,type); written = gcry_md_get_algo_dlen(type); #endif if (lua_toboolean(L, 4)) lua_pushlstring(L, (char *)digest, written); else { char *hex = bin2hex(digest,written); lua_pushlstring(L, hex, written*2); free(hex); } #if CRYPTO_GCRYPT gcry_md_close(c); #endif return 1; }
int main(int argc,char **argv) { gcry_md_hd_t md4; gcry_error_t error; int text_length; unsigned char* buffer; size_t len; int a,i; /*initialization of gcrypt library*/ /*check if subsystems are intialized, check version.*/ if (!gcry_check_version (GCRYPT_VERSION)){ err(1, "%s", "libgcrypt version mismatch\n"); } /*turn off warnings*/ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); /*allocate a pool of 16k for secure memory*/ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); /*libgcrypt check secure memory*/ gcry_control (GCRYCTL_RESUME_SECMEM_WARN); /*initialization has completed. */ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); /*end of initialization*/ text_length=strlen(argv[1]); buffer=(unsigned char*) malloc(text_length*sizeof(char)); strcpy(buffer,argv[1]); /*create a message digest object for algorithm GCRY_MD_MD4 - means MD4*/ error=gcry_md_open(&md4,GCRY_MD_MD4,GCRY_MD_FLAG_SECURE); if(error){ err(1, "Failed opening MD4: %s\n", gpg_strerror(error)); } gcry_md_write( md4, buffer, text_length ); gcry_md_final( md4 ); unsigned char *digest=(unsigned char*) malloc(gcry_md_get_algo_dlen( GCRY_MD_MD4 )*sizeof(char)); digest = gcry_md_read( md4, GCRY_MD_MD4 ); /*print hash*/ printf("HASH MD4:"); for ( i=0; i < gcry_md_get_algo_dlen(buffer[i]); i++){ printf("%X", digest[i]); } printf("\n"); /*for (int j = 0; j < gcry_md_get_algo_dlen(hashes[i]); j++) printf("%02x", digest[j]); printf("\n\n");*/ /*closing*/ gcry_md_close(md4); return 0; }
static int evp_digest(lua_State *L) { HANDLER_EVP *c = evp_pget(L, 1); #if CRYPTO_OPENSSL HANDLER_EVP *d = NULL; unsigned char digest[EVP_MAX_MD_SIZE]; #elif CRYPTO_GCRYPT HANDLER_EVP d = NULL; unsigned char *digest; int algo; #endif size_t written = 0; if (lua_isstring(L, 2)) { size_t s_len; const char *s = luaL_checklstring(L, 2, &s_len); EVP_UPDATE(c, s, s_len); } #if CRYPTO_OPENSSL d = EVP_MD_CTX_create(); EVP_MD_CTX_copy_ex(d, c); EVP_DigestFinal_ex(d, digest, &written); EVP_MD_CTX_destroy(d); #elif CRYPTO_GCRYPT algo = gcry_md_get_algo(*c); gcry_md_copy(&d, *c); gcry_md_final(d); digest = gcry_md_read(d, algo); written = gcry_md_get_algo_dlen(algo); #endif if (lua_toboolean(L, 3)) lua_pushlstring(L, (char *)digest, written); else { char *hex = bin2hex(digest, written); lua_pushlstring(L, hex, written*2); free(hex); } #if CRYPTO_GCRYPT gcry_md_close(d); #endif return 1; }
static int hmac_digest(lua_State *L) { HANDLER_HMAC *c = hmac_pget(L, 1); size_t written = 0; #if CRYPTO_OPENSSL unsigned char digest[EVP_MAX_MD_SIZE]; #elif CRYPTO_GCRYPT HANDLER_HMAC d; unsigned char *digest; int algo; #endif if (lua_isstring(L, 2)) { size_t s_len; const char *s = luaL_checklstring(L, 2, &s_len); HMAC_UPDATE(c, s, s_len); } #if CRYPTO_OPENSSL HMAC_Final(c, digest, &written); #elif CRYPTO_GCRYPT algo = gcry_md_get_algo(*c); gcry_md_copy(&d, *c); gcry_md_final(d); digest = gcry_md_read(d, algo); written = gcry_md_get_algo_dlen(algo); #endif if (lua_toboolean(L, 3)) lua_pushlstring(L, (char *)digest, written); else { char *hex = bin2hex(digest, written); lua_pushlstring(L, hex, written*2); free(hex); } #if CRYPTO_GCRYPT gcry_md_close(d); #endif return 1; }
char *pdfapp_calcfilehash(pdfapp_t *app, int fd) { static int HASH_DATA_SZ = 65535; gcry_md_hd_t digest; size_t data_sz = MIN(app->xref->file_size, HASH_DATA_SZ); void *data_buf = malloc(HASH_DATA_SZ); size_t read_sz = 0; size_t retrycnt = 0; size_t i; if (gcry_md_open(&digest, GCRY_MD_SHA1, 0)) { printf("md_open failure"); return NULL; } lseek(fd, 0, SEEK_SET); do { read_sz += read(fd, data_buf + read_sz, data_sz - read_sz); } while (read_sz < data_sz && retrycnt++ < 5); if (read_sz != data_sz) { printf("Calculating file hash failed. Skipping...\n"); gcry_md_close(digest); return NULL; } gcry_md_write(digest, data_buf, read_sz); gcry_md_final(digest); memcpy(app->hash, gcry_md_read(digest, 0), 20); gcry_md_close(digest); free(data_buf); for (i = 0; i < 20; i++) if (app->hash[i] == '\n' || app->hash[i] == '\r' || app->hash[i] == ' ') app->hash[i] = '_'; app->hash[20] = '\0'; return app->hash; }
void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) { size_t len; switch(ctx->mac_type){ case SSH_MAC_SHA1: len=SHA_DIGEST_LEN; break; case SSH_MAC_SHA256: len=SHA256_DIGEST_LENGTH; break; case SSH_MAC_SHA384: len=SHA384_DIGEST_LENGTH; break; case SSH_MAC_SHA512: len=SHA512_DIGEST_LENGTH; break; } gcry_md_final(ctx->ctx); memcpy(md, gcry_md_read(ctx->ctx, 0), len); gcry_md_close(ctx->ctx); SAFE_FREE(ctx); }
char * f4dns_hash( const char *fqn, char *hash_return ) { gcry_error_t err; gcry_md_hd_t mh; char *md; const char prefix[] = "F4DNS::"; err = gcry_md_open(&mh, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); assert( ! gcry_err_code(err) ); gcry_md_write(mh, prefix, sizeof(prefix)); //gcry_md_write(mh, request_type, strlen(request_type)); gcry_md_write(mh, fqn, strlen(fqn)); gcry_md_final(mh); md = (char*)gcry_md_read(mh, 0); memcpy(hash_return, md, 20); gcry_md_close(mh); return hash_return; }
const char * gc_hash_read (gc_hash_handle handle) { _gc_hash_ctx *ctx = handle; const char *digest; #ifdef GNULIB_GC_MD2 if (ctx->alg == GC_MD2) { md2_finish_ctx (&ctx->md2Context, ctx->hash); digest = ctx->hash; } else #endif { gcry_md_final (ctx->gch); digest = gcry_md_read (ctx->gch, 0); } return digest; }
char * f4crypto_hash_fqdn( const char *fqdn, uint8_t replica, char *hash_return ) { gcry_error_t err; gcry_md_hd_t mh; char *md; const char prefix[] = "F4DNS::"; assert( strlen(fqdn) ); assert( hash_return != NULL ); err = gcry_md_open(&mh, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); assert( ! gcry_err_code(err) ); gcry_md_write(mh, prefix, sizeof(prefix)); gcry_md_write(mh, fqdn, strlen(fqdn)); gcry_md_write(mh, &replica, sizeof(uint8_t)); gcry_md_final(mh); md = (char*)gcry_md_read(mh, 0); memcpy(hash_return, md, 20); gcry_md_close(mh); return hash_return; }
static struct aes256cprng* ecdsa_cprng_init(const char *msg, const gcry_mpi_t d, const struct curve_params *cp) { int len = cp->order_len_bin; struct aes256cprng *cprng; gcry_md_hd_t mh; char *buf; if (!(buf = gcry_malloc_secure(len))) { fprintf(stderr, "Failed to malloc secure memory in ecdsa_cprng_init()\n"); return NULL; } serialize_mpi(buf, len, DF_BIN, d); if (!hmacsha256_init(&mh, buf, len)) { fprintf(stderr, "Failed to run hmacsha256_init()\n"); return NULL; } gcry_free(buf); gcry_md_write(mh, msg, 64); gcry_md_final(mh); cprng = aes256cprng_init((const char*)gcry_md_read(mh, 0)); gcry_md_close(mh); return cprng; }
/* Compute the fingerprint of the certificate CERT and put it into the 20 bytes large buffer DIGEST. Return address of this buffer. */ unsigned char * cert_compute_fpr (ksba_cert_t cert, unsigned char *digest) { gpg_error_t err; gcry_md_hd_t md; err = gcry_md_open (&md, GCRY_MD_SHA1, 0); if (err) log_fatal ("gcry_md_open failed: %s\n", gpg_strerror (err)); err = ksba_cert_hash (cert, 0, HASH_FNC, md); if (err) { log_error ("oops: ksba_cert_hash failed: %s\n", gpg_strerror (err)); memset (digest, 0xff, 20); /* Use a dummy value. */ } else { gcry_md_final (md); memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20); } gcry_md_close (md); return digest; }
void md5_final(unsigned char *md, MD5CTX c) { gcry_md_final(c); memcpy(md, gcry_md_read(c, 0), MD5_DIGEST_LEN); gcry_md_close(c); }
void sha1_final(unsigned char *md, SHACTX c) { gcry_md_final(c); memcpy(md, gcry_md_read(c, 0), SHA_DIGEST_LEN); gcry_md_close(c); }
static int generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter, const char *pw, unsigned int req_keylen, char * keybuf) { int rc; unsigned int i, j; gcry_md_hd_t md; gcry_mpi_t num_b1 = NULL; size_t pwlen; char hash[20], buf_b[64], buf_i[128], *p; char *salt_p; int salt_size; size_t cur_keylen; size_t n; gcry_error_t err; cur_keylen = 0; salt_size = tvb_captured_length(salt_tvb); salt_p = (char *)tvb_memdup(wmem_packet_scope(), salt_tvb, 0, salt_size); if (pw == NULL) pwlen = 0; else pwlen = strlen(pw); if (pwlen > 63 / 2) { return FALSE; } /* Store salt and password in BUF_I */ p = buf_i; for (i = 0; i < 64; i++) *p++ = salt_p[i % salt_size]; if (pw) { for (i = j = 0; i < 64; i += 2) { *p++ = 0; *p++ = pw[j]; if (++j > pwlen) /* Note, that we include the trailing zero */ j = 0; } } else memset (p, 0, 64); for (;;) { err = gcry_md_open(&md, GCRY_MD_SHA1, 0); if (gcry_err_code(err)) { return FALSE; } for (i = 0; i < 64; i++) { unsigned char lid = id & 0xFF; gcry_md_write (md, &lid, 1); } gcry_md_write(md, buf_i, pw ? 128 : 64); gcry_md_final (md); memcpy (hash, gcry_md_read (md, 0), 20); gcry_md_close (md); for (i = 1; i < iter; i++) gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20); for (i = 0; i < 20 && cur_keylen < req_keylen; i++) keybuf[cur_keylen++] = hash[i]; if (cur_keylen == req_keylen) { gcry_mpi_release (num_b1); return TRUE; /* ready */ } /* need more bytes. */ for (i = 0; i < 64; i++) buf_b[i] = hash[i % 20]; n = 64; rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n); if (rc != 0) { return FALSE; } gcry_mpi_add_ui (num_b1, num_b1, 1); for (i = 0; i < 128; i += 64) { gcry_mpi_t num_ij; n = 64; rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n); if (rc != 0) { return FALSE; } gcry_mpi_add (num_ij, num_ij, num_b1); gcry_mpi_clear_highbit (num_ij, 64 * 8); n = 64; rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij); if (rc != 0) { return FALSE; } gcry_mpi_release (num_ij); } } }