int _hash_my_key(QSP_ARG_DECL void **vpp,const char *key,int key_len)
{
unsigned char *digest;
unsigned char *storage;
int i;
int need_size;
// get required digest size
need_size = gcry_md_get_algo_dlen(the_hash_algo);
storage = getbuf(need_size);
for(i=0;i<key_len;i++){
gcry_md_putc(my_hash_hdl,key[i]);
}
gcry_md_final(my_hash_hdl);
digest = gcry_md_read(my_hash_hdl,0);
memcpy(storage,digest,need_size);
*vpp = storage;
gcry_md_reset(my_hash_hdl); // to compute a second hash
// or we could close?
// return the length of the hash
// For SHA256, this is 32
return the_hash_len;
}
/* Return an allocated buffer with the formatted fingerprint as one
large hexnumber. This version inserts the usual colons. */
char *
get_fingerprint_hexstring_colon (ksba_cert_t cert)
{
unsigned char digest[20];
gcry_md_hd_t md;
int rc;
char *buf;
int i;
rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
if (rc)
log_fatal (_("gcry_md_open failed: %s\n"), gpg_strerror (rc));
rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
if (rc)
{
log_error (_("oops: ksba_cert_hash failed: %s\n"), gpg_strerror (rc));
memset (digest, 0xff, 20); /* Use a dummy value. */
}
else
{
gcry_md_final (md);
memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
}
gcry_md_close (md);
buf = xmalloc (61);
*buf = 0;
for (i=0; i < 20; i++ )
sprintf (buf+strlen(buf), "%02X:", digest[i]);
buf[strlen(buf)-1] = 0; /* Remove railing colon. */
return buf;
}
/* deterministically generate from seed/idx a string of buflen pseudorandom bytes */
static void det_randomize(void *buf, size_t buflen, const void *seed, size_t seedlen, uint32_t idx) {
gcry_md_hd_t hd, hd2;
size_t olen, cpylen;
uint32_t ctr;
olen = gcry_md_get_algo_dlen(RND_HASH);
gcry_md_open(&hd, RND_HASH, 0);
gcry_md_write(hd, seed, seedlen);
gcry_md_putc(hd, (idx >> 24) & 0xff);
gcry_md_putc(hd, (idx >> 16) & 0xff);
gcry_md_putc(hd, (idx >> 8) & 0xff);
gcry_md_putc(hd, (idx >> 0) & 0xff);
for (ctr = 0; buflen; ctr++) {
gcry_md_copy(&hd2, hd);
gcry_md_putc(hd2, (ctr >> 24) & 0xff);
gcry_md_putc(hd2, (ctr >> 16) & 0xff);
gcry_md_putc(hd2, (ctr >> 8) & 0xff);
gcry_md_putc(hd2, (ctr >> 0) & 0xff);
gcry_md_final(hd2);
cpylen = (buflen < olen) ? buflen : olen;
memcpy(buf, gcry_md_read(hd2, RND_HASH), cpylen);
gcry_md_close(hd2);
buf += cpylen;
buflen -= cpylen;
}
gcry_md_close(hd);
}
char * get_hmac(char * cipher, char * key, size_t length){
/* Generating hmac from the encrypted content
GCRY_MD_SHA512 - Algo
flags or of GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC
indicating that its secure mode and we need HMAC
*/
gcry_error_t err;
gcry_md_hd_t hm;
err = gcry_md_open(&hm, GCRY_MD_SHA512, GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC);
if(err != GPG_ERR_NO_ERROR){
printf ("Error at opening handle for hmac: %s\n",gcry_strerror(err));
exit(-1);
}
err = gcry_md_enable(hm,GCRY_MD_SHA512);
err = gcry_md_setkey(hm, key,KEYLENGTH_SHA );
if(err != GPG_ERR_NO_ERROR){
printf ("Error at setting key: %s\n",gcry_strerror(err));
exit(-1);
}
// generating the HMAC using the cipher text
gcry_md_write(hm,cipher,length);
gcry_md_final(hm);
// printf("\nlength: %lu\n",length);
char * hmac;
hmac = gcry_md_read(hm , GCRY_MD_SHA512 );
if(hmac == NULL ){
printf ("hmac null ?\n");
// exit(-1);
}
// print_buf(hmac,64); // debug
// printf("hmac length : %lu\n",strlen(hmac)); // debug to check hmac length should be 64
return hmac;
}
int GWEN_MDigest_Gc_End(GWEN_MDIGEST *md) {
GWEN_MDIGEST_GC *xmd;
uint8_t *p;
unsigned int len;
assert(md);
xmd=GWEN_INHERIT_GETDATA(GWEN_MDIGEST, GWEN_MDIGEST_GC, md);
assert(xmd);
gcry_md_final(xmd->handle);
len=gcry_md_get_algo_dlen(xmd->algo);
if (len<1) {
DBG_INFO(GWEN_LOGDOMAIN, "gcry_md_get_algo_dlen(): %d", len);
gcry_md_close(xmd->handle);
xmd->isOpen=0;
return GWEN_ERROR_GENERIC;
}
p=(uint8_t*)malloc(len);
assert(p);
memmove(p, gcry_md_read(xmd->handle, xmd->algo), len);
GWEN_MDigest_SetDigestBuffer(md, p, len);
gcry_md_close(xmd->handle);
xmd->isOpen=0;
return 0;
}
std::vector<unsigned char> User::generateWHIRLPOOL(const std::string& password, std::vector<unsigned char>& salt)
{
std::vector<char> passwordBytes;
passwordBytes.insert(passwordBytes.begin(), password.begin(), password.end());
if(salt.empty())
{
std::random_device rd;
std::default_random_engine generator(rd());
std::uniform_int_distribution<unsigned char> distribution(0, 255);
auto randByte = std::bind(distribution, generator);
for(uint32_t i = 0; i < 16; ++i) salt.push_back(randByte());
}
passwordBytes.insert(passwordBytes.end(), salt.begin(), salt.end());
gcry_error_t result;
gcry_md_hd_t stribogHandle = nullptr;
if((result = gcry_md_open(&stribogHandle, GCRY_MD_WHIRLPOOL, 0)) != GPG_ERR_NO_ERROR)
{
GD::out.printError("Could not initialize WHIRLPOOL handle: " + GD::bl->hf.getGCRYPTError(result));
return std::vector<unsigned char>();
}
gcry_md_write(stribogHandle, &passwordBytes.at(0), passwordBytes.size());
gcry_md_final(stribogHandle);
uint8_t* digest = gcry_md_read(stribogHandle, GCRY_MD_WHIRLPOOL);
if(!digest)
{
GD::out.printError("Could not generate WHIRLPOOL of password: " + GD::bl->hf.getGCRYPTError(result));
gcry_md_close(stribogHandle);
return std::vector<unsigned char>();
}
std::vector<unsigned char> keyBytes(digest, digest + gcry_md_get_algo_dlen(GCRY_MD_WHIRLPOOL));
gcry_md_close(stribogHandle);
return keyBytes;
}
int
rasqal_digest_buffer(rasqal_digest_type type, unsigned char *output,
const unsigned char * const input, size_t len)
{
gcry_md_hd_t hash;
enum gcry_md_algos algo;
unsigned int output_len;
if(type > RASQAL_DIGEST_LAST)
return -1;
algo = rasqal_digest_to_gcry_md_algos[type];
if(algo == GCRY_MD_NONE)
return -1;
output_len = gcry_md_get_algo_dlen(algo);
if(!input)
return output_len;
if(gcry_md_open(&hash, algo, 0))
return -1;
gcry_md_write(hash, input, len);
gcry_md_final(hash);
memcpy(output, gcry_md_read(hash, algo), output_len);
gcry_md_close(hash);
return output_len;
}
/**
* cdk_pk_get_fingerprint:
* @pk: the public key
* @fpr: the buffer to hold the fingerprint
*
* Return the fingerprint of the given public key.
* The buffer must be at least 20 octets.
* This function should be considered deprecated and
* the new cdk_pk_to_fingerprint() should be used whenever
* possible to avoid overflows.
**/
cdk_error_t
cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte *fpr)
{
gcry_md_hd_t hd;
int md_algo;
int dlen = 0;
gcry_error_t err;
if (!pk || !fpr)
return CDK_Inv_Value;
if (pk->version < 4 && is_RSA (pk->pubkey_algo))
md_algo = GCRY_MD_MD5; /* special */
else
md_algo = GCRY_MD_SHA1;
dlen = gcry_md_get_algo_dlen (md_algo);
err = gcry_md_open (&hd, md_algo, 0);
if (err)
return map_gcry_error (err);
_cdk_hash_pubkey (pk, hd, 1);
gcry_md_final (hd);
memcpy (fpr, gcry_md_read (hd, md_algo), dlen);
gcry_md_close (hd);
if (dlen == 16)
memset (fpr + 16, 0, 4);
return 0;
}
/*********************************************************************
*
* DES KW implementation
*
*********************************************************************/
static int
xmlSecGCryptKWDes3Sha1(void * context,
const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize) {
xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
gcry_md_hd_t digestCtx;
unsigned char * res;
unsigned int len;
gcry_error_t err;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize > 0, -1);
len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
xmlSecAssert2(outSize >= len, -1);
err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_md_open(GCRY_MD_SHA1)",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
gcry_md_write(digestCtx, in, inSize);
err = gcry_md_final(digestCtx);
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_md_final",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
gcry_md_close(digestCtx);
return(-1);
}
res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
if(res == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_md_read(GCRY_MD_SHA1)",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
gcry_md_close(digestCtx);
return(-1);
}
/* done */
xmlSecAssert2(outSize >= len, -1);
memcpy(out, res, len);
gcry_md_close(digestCtx);
return(len);
}
/* Return the fingerprint of the certificate (we can't put this into
libksba because we need libgcrypt support). The caller must
provide an array of sufficient length or NULL so that the function
allocates the array. If r_len is not NULL, the length of the
digest is returned; well, this can also be done by using
gcry_md_get_algo_dlen(). If algo is 0, a SHA-1 will be used.
If there is a problem , the function does never return NULL but a
digest of all 0xff.
*/
unsigned char *
gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
unsigned char *array, int *r_len)
{
gcry_md_hd_t md;
int rc, len;
if (!algo)
algo = GCRY_MD_SHA1;
len = gcry_md_get_algo_dlen (algo);
assert (len);
if (!array)
array = xmalloc (len);
if (r_len)
*r_len = len;
/* Fist check whether we have cached the fingerprint. */
if (algo == GCRY_MD_SHA1)
{
size_t buflen;
assert (len >= 20);
if (!ksba_cert_get_user_data (cert, "sha1-fingerprint",
array, len, &buflen)
&& buflen == 20)
return array;
}
/* No, need to compute it. */
rc = gcry_md_open (&md, algo, 0);
if (rc)
{
log_error ("md_open failed: %s\n", gpg_strerror (rc));
memset (array, 0xff, len); /* better return an invalid fpr than NULL */
return array;
}
rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
if (rc)
{
log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
gcry_md_close (md);
memset (array, 0xff, len); /* better return an invalid fpr than NULL */
return array;
}
gcry_md_final (md);
memcpy (array, gcry_md_read(md, algo), len );
gcry_md_close (md);
/* Cache an SHA-1 fingerprint. */
if ( algo == GCRY_MD_SHA1 )
ksba_cert_set_user_data (cert, "sha1-fingerprint", array, 20);
return array;
}
static void
bench_hash_do_bench (struct bench_obj *obj, void *buf, size_t buflen)
{
gcry_md_hd_t hd = obj->priv;
gcry_md_reset (hd);
gcry_md_write (hd, buf, buflen);
gcry_md_final (hd);
}
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
{
gcry_md_hd_t c;
int i;
gcry_md_open(&c, GCRY_MD_SHA1, 0);
for (i = 0; i < iovcnt; i++)
gcry_md_write(c, iov[i].iov_base, iov[i].iov_len);
gcry_md_final(c);
memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1));
}
gchar *
xfce_mailwatch_cram_md5(const gchar *username,
const gchar *password,
const gchar *challenge_base64)
{
#ifdef HAVE_SSL_SUPPORT
gchar challenge[2048];
gsize len, username_len;
gcry_md_hd_t hmac_md5;
gchar *response, *response_base64 = NULL;
g_return_val_if_fail(username && *username && password && *password
&& challenge_base64 && *challenge_base64, NULL);
len = xfce_mailwatch_base64_decode(challenge_base64, (guchar *)challenge,
sizeof(challenge) - 1);
if(len <= 0)
return NULL;
challenge[len] = 0;
DBG("challenge is \"%s\"\n", challenge);
if(gcry_md_open(&hmac_md5, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR)
return NULL;
gcry_md_setkey(hmac_md5, password, strlen(password));
gcry_md_write(hmac_md5, challenge, len);
gcry_md_final(hmac_md5);
username_len = strlen(username);
/* username + a space + MD5 in hex + null */
response = g_malloc0(username_len + 1
+ gcry_md_get_algo_dlen(GCRY_MD_MD5)*2 + 1);
strcpy(response, username);
response[username_len] = ' ';
bin2hex(response + username_len + 1, gcry_md_read(hmac_md5, GCRY_MD_MD5),
gcry_md_get_algo_dlen(GCRY_MD_MD5));
gcry_md_close(hmac_md5);
DBG("response before base64: %s\n", response);
if(xfce_mailwatch_base64_encode((guchar *)response, strlen(response),
&response_base64) <= 0)
{
g_free(response_base64);
response_base64 = NULL;
}
g_free(response);
return response_base64;
#else
g_warning("CRAM-MD5 computation unavailable: libmailwatch was not compiled with gnutls support.");
return NULL;
#endif
}
void sha256_block32(const uint8_t *in, uint8_t *out)
{
gcry_md_hd_t hd;
gcry_error_t gerr;
gerr = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_SECURE);
if (gerr != GPG_ERR_NO_ERROR)
gcrypt_fatal(gerr);
gcry_md_write(hd, in, 32);
gcry_md_final(hd);
memmove(out, gcry_md_read(hd, 0), 32);
gcry_md_close(hd);
}
void finish_running_checksum(struct running_checksum *c, unsigned char *digest)
{
unsigned char *gcry_digest;
/* gcry_md_read() does this implicitly */
gcry_md_final(c->hd);
gcry_digest = gcry_md_read(c->hd, 0);
memcpy(digest, gcry_digest, digest_len);
gcry_md_close(c->hd);
free(c);
}
/****************
* This filter is used to en/de-cipher data with a conventional algorithm
*/
int
cipher_filter( void *opaque, int control,
IOBUF a, byte *buf, size_t *ret_len)
{
size_t size = *ret_len;
cipher_filter_context_t *cfx = opaque;
int rc=0;
if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
rc = -1; /* not yet used */
}
else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
assert(a);
if( !cfx->header ) {
write_header( cfx, a );
}
if (cfx->mdc_hash)
gcry_md_write (cfx->mdc_hash, buf, size);
gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0);
rc = iobuf_write( a, buf, size );
}
else if( control == IOBUFCTRL_FREE ) {
if( cfx->mdc_hash ) {
byte *hash;
int hashlen = gcry_md_get_algo_dlen (gcry_md_get_algo
(cfx->mdc_hash));
byte temp[22];
assert( hashlen == 20 );
/* We must hash the prefix of the MDC packet here. */
temp[0] = 0xd3;
temp[1] = 0x14;
gcry_md_putc (cfx->mdc_hash, temp[0]);
gcry_md_putc (cfx->mdc_hash, temp[1]);
gcry_md_final (cfx->mdc_hash);
hash = gcry_md_read (cfx->mdc_hash, 0);
memcpy(temp+2, hash, 20);
gcry_cipher_encrypt (cfx->cipher_hd, temp, 22, NULL, 0);
gcry_md_close (cfx->mdc_hash); cfx->mdc_hash = NULL;
if( iobuf_write( a, temp, 22 ) )
log_error("writing MDC packet failed\n" );
}
gcry_cipher_close (cfx->cipher_hd);
}
else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter";
}
return rc;
}
static int hmac_fdigest(lua_State *L)
{
HANDLER_HMAC c;
size_t written = 0;
const char *t = luaL_checkstring(L, 1);
size_t s_len;
const char *s = luaL_checklstring(L, 2, &s_len);
size_t k_len;
const char *k = luaL_checklstring(L, 3, &k_len);
DIGEST_TYPE type = DIGEST_BY_NAME(t);
#if CRYPTO_OPENSSL
unsigned char digest[EVP_MAX_MD_SIZE];
#elif CRYPTO_GCRYPT
unsigned char *digest;
#endif
if (IS_DIGEST_INVALID(type)) {
luaL_argerror(L, 1, "invalid digest type");
return 0;
}
#if CRYPTO_OPENSSL
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, k, k_len, type, NULL);
HMAC_Update(&c, (unsigned char *)s, s_len);
HMAC_Final(&c, digest, &written);
#elif CRYPTO_GCRYPT
gcry_md_open(&c, type, GCRY_MD_FLAG_HMAC);
gcry_md_setkey(c, k, k_len);
gcry_md_write(c, s, s_len);
gcry_md_final(c);
digest = gcry_md_read(c,type);
written = gcry_md_get_algo_dlen(type);
#endif
if (lua_toboolean(L, 4))
lua_pushlstring(L, (char *)digest, written);
else
{
char *hex = bin2hex(digest,written);
lua_pushlstring(L, hex, written*2);
free(hex);
}
#if CRYPTO_GCRYPT
gcry_md_close(c);
#endif
return 1;
}
int main(int argc,char **argv)
{
gcry_md_hd_t md4;
gcry_error_t error;
int text_length;
unsigned char* buffer;
size_t len;
int a,i;
/*initialization of gcrypt library*/
/*check if subsystems are intialized, check version.*/
if (!gcry_check_version (GCRYPT_VERSION)){
err(1, "%s", "libgcrypt version mismatch\n");
}
/*turn off warnings*/
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
/*allocate a pool of 16k for secure memory*/
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
/*libgcrypt check secure memory*/
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
/*initialization has completed. */
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
/*end of initialization*/
text_length=strlen(argv[1]);
buffer=(unsigned char*) malloc(text_length*sizeof(char));
strcpy(buffer,argv[1]);
/*create a message digest object for algorithm GCRY_MD_MD4 - means MD4*/
error=gcry_md_open(&md4,GCRY_MD_MD4,GCRY_MD_FLAG_SECURE);
if(error){
err(1, "Failed opening MD4: %s\n", gpg_strerror(error));
}
gcry_md_write( md4, buffer, text_length );
gcry_md_final( md4 );
unsigned char *digest=(unsigned char*) malloc(gcry_md_get_algo_dlen( GCRY_MD_MD4 )*sizeof(char));
digest = gcry_md_read( md4, GCRY_MD_MD4 );
/*print hash*/
printf("HASH MD4:");
for ( i=0; i < gcry_md_get_algo_dlen(buffer[i]); i++){
printf("%X", digest[i]);
}
printf("\n");
/*for (int j = 0; j < gcry_md_get_algo_dlen(hashes[i]); j++) printf("%02x", digest[j]);
printf("\n\n");*/
/*closing*/
gcry_md_close(md4);
return 0;
}
static int evp_digest(lua_State *L)
{
HANDLER_EVP *c = evp_pget(L, 1);
#if CRYPTO_OPENSSL
HANDLER_EVP *d = NULL;
unsigned char digest[EVP_MAX_MD_SIZE];
#elif CRYPTO_GCRYPT
HANDLER_EVP d = NULL;
unsigned char *digest;
int algo;
#endif
size_t written = 0;
if (lua_isstring(L, 2))
{
size_t s_len;
const char *s = luaL_checklstring(L, 2, &s_len);
EVP_UPDATE(c, s, s_len);
}
#if CRYPTO_OPENSSL
d = EVP_MD_CTX_create();
EVP_MD_CTX_copy_ex(d, c);
EVP_DigestFinal_ex(d, digest, &written);
EVP_MD_CTX_destroy(d);
#elif CRYPTO_GCRYPT
algo = gcry_md_get_algo(*c);
gcry_md_copy(&d, *c);
gcry_md_final(d);
digest = gcry_md_read(d, algo);
written = gcry_md_get_algo_dlen(algo);
#endif
if (lua_toboolean(L, 3))
lua_pushlstring(L, (char *)digest, written);
else
{
char *hex = bin2hex(digest, written);
lua_pushlstring(L, hex, written*2);
free(hex);
}
#if CRYPTO_GCRYPT
gcry_md_close(d);
#endif
return 1;
}
static int hmac_digest(lua_State *L)
{
HANDLER_HMAC *c = hmac_pget(L, 1);
size_t written = 0;
#if CRYPTO_OPENSSL
unsigned char digest[EVP_MAX_MD_SIZE];
#elif CRYPTO_GCRYPT
HANDLER_HMAC d;
unsigned char *digest;
int algo;
#endif
if (lua_isstring(L, 2))
{
size_t s_len;
const char *s = luaL_checklstring(L, 2, &s_len);
HMAC_UPDATE(c, s, s_len);
}
#if CRYPTO_OPENSSL
HMAC_Final(c, digest, &written);
#elif CRYPTO_GCRYPT
algo = gcry_md_get_algo(*c);
gcry_md_copy(&d, *c);
gcry_md_final(d);
digest = gcry_md_read(d, algo);
written = gcry_md_get_algo_dlen(algo);
#endif
if (lua_toboolean(L, 3))
lua_pushlstring(L, (char *)digest, written);
else
{
char *hex = bin2hex(digest, written);
lua_pushlstring(L, hex, written*2);
free(hex);
}
#if CRYPTO_GCRYPT
gcry_md_close(d);
#endif
return 1;
}
char *pdfapp_calcfilehash(pdfapp_t *app, int fd)
{
static int HASH_DATA_SZ = 65535;
gcry_md_hd_t digest;
size_t data_sz = MIN(app->xref->file_size, HASH_DATA_SZ);
void *data_buf = malloc(HASH_DATA_SZ);
size_t read_sz = 0;
size_t retrycnt = 0;
size_t i;
if (gcry_md_open(&digest, GCRY_MD_SHA1, 0))
{
printf("md_open failure");
return NULL;
}
lseek(fd, 0, SEEK_SET);
do
{
read_sz += read(fd, data_buf + read_sz, data_sz - read_sz);
} while (read_sz < data_sz && retrycnt++ < 5);
if (read_sz != data_sz)
{
printf("Calculating file hash failed. Skipping...\n");
gcry_md_close(digest);
return NULL;
}
gcry_md_write(digest, data_buf, read_sz);
gcry_md_final(digest);
memcpy(app->hash, gcry_md_read(digest, 0), 20);
gcry_md_close(digest);
free(data_buf);
for (i = 0; i < 20; i++)
if (app->hash[i] == '\n' || app->hash[i] == '\r' || app->hash[i] == ' ')
app->hash[i] = '_';
app->hash[20] = '\0';
return app->hash;
}
void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) {
size_t len;
switch(ctx->mac_type){
case SSH_MAC_SHA1:
len=SHA_DIGEST_LEN;
break;
case SSH_MAC_SHA256:
len=SHA256_DIGEST_LENGTH;
break;
case SSH_MAC_SHA384:
len=SHA384_DIGEST_LENGTH;
break;
case SSH_MAC_SHA512:
len=SHA512_DIGEST_LENGTH;
break;
}
gcry_md_final(ctx->ctx);
memcpy(md, gcry_md_read(ctx->ctx, 0), len);
gcry_md_close(ctx->ctx);
SAFE_FREE(ctx);
}
char *
f4dns_hash( const char *fqn, char *hash_return ) {
gcry_error_t err;
gcry_md_hd_t mh;
char *md;
const char prefix[] = "F4DNS::";
err = gcry_md_open(&mh, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE);
assert( ! gcry_err_code(err) );
gcry_md_write(mh, prefix, sizeof(prefix));
//gcry_md_write(mh, request_type, strlen(request_type));
gcry_md_write(mh, fqn, strlen(fqn));
gcry_md_final(mh);
md = (char*)gcry_md_read(mh, 0);
memcpy(hash_return, md, 20);
gcry_md_close(mh);
return hash_return;
}
const char *
gc_hash_read (gc_hash_handle handle)
{
_gc_hash_ctx *ctx = handle;
const char *digest;
#ifdef GNULIB_GC_MD2
if (ctx->alg == GC_MD2)
{
md2_finish_ctx (&ctx->md2Context, ctx->hash);
digest = ctx->hash;
}
else
#endif
{
gcry_md_final (ctx->gch);
digest = gcry_md_read (ctx->gch, 0);
}
return digest;
}
char *
f4crypto_hash_fqdn( const char *fqdn, uint8_t replica, char *hash_return ) {
gcry_error_t err;
gcry_md_hd_t mh;
char *md;
const char prefix[] = "F4DNS::";
assert( strlen(fqdn) );
assert( hash_return != NULL );
err = gcry_md_open(&mh, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE);
assert( ! gcry_err_code(err) );
gcry_md_write(mh, prefix, sizeof(prefix));
gcry_md_write(mh, fqdn, strlen(fqdn));
gcry_md_write(mh, &replica, sizeof(uint8_t));
gcry_md_final(mh);
md = (char*)gcry_md_read(mh, 0);
memcpy(hash_return, md, 20);
gcry_md_close(mh);
return hash_return;
}
static struct aes256cprng*
ecdsa_cprng_init(const char *msg, const gcry_mpi_t d,
const struct curve_params *cp)
{
int len = cp->order_len_bin;
struct aes256cprng *cprng;
gcry_md_hd_t mh;
char *buf;
if (!(buf = gcry_malloc_secure(len))) {
fprintf(stderr, "Failed to malloc secure memory in ecdsa_cprng_init()\n");
return NULL;
}
serialize_mpi(buf, len, DF_BIN, d);
if (!hmacsha256_init(&mh, buf, len)) {
fprintf(stderr, "Failed to run hmacsha256_init()\n");
return NULL;
}
gcry_free(buf);
gcry_md_write(mh, msg, 64);
gcry_md_final(mh);
cprng = aes256cprng_init((const char*)gcry_md_read(mh, 0));
gcry_md_close(mh);
return cprng;
}
/* Compute the fingerprint of the certificate CERT and put it into
the 20 bytes large buffer DIGEST. Return address of this buffer. */
unsigned char *
cert_compute_fpr (ksba_cert_t cert, unsigned char *digest)
{
gpg_error_t err;
gcry_md_hd_t md;
err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
if (err)
log_fatal ("gcry_md_open failed: %s\n", gpg_strerror (err));
err = ksba_cert_hash (cert, 0, HASH_FNC, md);
if (err)
{
log_error ("oops: ksba_cert_hash failed: %s\n", gpg_strerror (err));
memset (digest, 0xff, 20); /* Use a dummy value. */
}
else
{
gcry_md_final (md);
memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
}
gcry_md_close (md);
return digest;
}
void md5_final(unsigned char *md, MD5CTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), MD5_DIGEST_LEN);
gcry_md_close(c);
}
void sha1_final(unsigned char *md, SHACTX c) {
gcry_md_final(c);
memcpy(md, gcry_md_read(c, 0), SHA_DIGEST_LEN);
gcry_md_close(c);
}
static int
generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter,
const char *pw, unsigned int req_keylen, char * keybuf)
{
int rc;
unsigned int i, j;
gcry_md_hd_t md;
gcry_mpi_t num_b1 = NULL;
size_t pwlen;
char hash[20], buf_b[64], buf_i[128], *p;
char *salt_p;
int salt_size;
size_t cur_keylen;
size_t n;
gcry_error_t err;
cur_keylen = 0;
salt_size = tvb_captured_length(salt_tvb);
salt_p = (char *)tvb_memdup(wmem_packet_scope(), salt_tvb, 0, salt_size);
if (pw == NULL)
pwlen = 0;
else
pwlen = strlen(pw);
if (pwlen > 63 / 2)
{
return FALSE;
}
/* Store salt and password in BUF_I */
p = buf_i;
for (i = 0; i < 64; i++)
*p++ = salt_p[i % salt_size];
if (pw)
{
for (i = j = 0; i < 64; i += 2)
{
*p++ = 0;
*p++ = pw[j];
if (++j > pwlen) /* Note, that we include the trailing zero */
j = 0;
}
}
else
memset (p, 0, 64);
for (;;) {
err = gcry_md_open(&md, GCRY_MD_SHA1, 0);
if (gcry_err_code(err))
{
return FALSE;
}
for (i = 0; i < 64; i++)
{
unsigned char lid = id & 0xFF;
gcry_md_write (md, &lid, 1);
}
gcry_md_write(md, buf_i, pw ? 128 : 64);
gcry_md_final (md);
memcpy (hash, gcry_md_read (md, 0), 20);
gcry_md_close (md);
for (i = 1; i < iter; i++)
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
keybuf[cur_keylen++] = hash[i];
if (cur_keylen == req_keylen)
{
gcry_mpi_release (num_b1);
return TRUE; /* ready */
}
/* need more bytes. */
for (i = 0; i < 64; i++)
buf_b[i] = hash[i % 20];
n = 64;
rc = gcry_mpi_scan (&num_b1, GCRYMPI_FMT_USG, buf_b, n, &n);
if (rc != 0)
{
return FALSE;
}
gcry_mpi_add_ui (num_b1, num_b1, 1);
for (i = 0; i < 128; i += 64)
{
gcry_mpi_t num_ij;
n = 64;
rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
if (rc != 0)
{
return FALSE;
}
gcry_mpi_add (num_ij, num_ij, num_b1);
gcry_mpi_clear_highbit (num_ij, 64 * 8);
n = 64;
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
if (rc != 0)
{
return FALSE;
}
gcry_mpi_release (num_ij);
}
}
}
