static void
do_init(void)
{
uint8_t sha1[SHA1_DIGEST_SIZE];
struct sha1_ctx sha1_ctx;
uint8_t random_seed[16];
struct timeval now;
/* Get seed data. */
get_entropy_or_die(random_seed, sizeof random_seed);
xgettimeofday(&now);
/* Convert seed into key. */
sha1_init(&sha1_ctx);
sha1_update(&sha1_ctx, random_seed, sizeof random_seed);
sha1_update(&sha1_ctx, &now, sizeof now);
sha1_update_int(&sha1_ctx, getpid());
#ifndef _WIN32
sha1_update_int(&sha1_ctx, getppid());
sha1_update_int(&sha1_ctx, getuid());
sha1_update_int(&sha1_ctx, getgid());
#endif
sha1_final(&sha1_ctx, sha1);
/* Generate key. */
BUILD_ASSERT(sizeof sha1 >= 16);
aes128_schedule(&key, sha1);
/* Generate initial counter. */
get_entropy_or_die(counter, sizeof counter);
}
/* Add padding and return the message digest. */
static void sha1_final(struct crypto_tfm *tfm, u8 *out)
{
struct sha1_ctx *sctx = crypto_tfm_ctx(tfm);
__be32 *dst = (__be32 *)out;
u32 i, index, padlen;
__be64 bits;
static const u8 padding[64] = { 0x80, };
bits = cpu_to_be64(sctx->count << 3);
/* Pad out to 56 mod 64 */
index = sctx->count & 0x3f;
padlen = (index < 56) ? (56 - index) : ((64+56) - index);
sha1_update(tfm, padding, padlen);
/* Append length */
sha1_update(tfm, (const u8 *)&bits, sizeof(bits));
/* Store state in digest */
for (i = 0; i < 5; i++)
dst[i] = cpu_to_be32(sctx->state[i]);
/* Wipe context */
memset(sctx, 0, sizeof *sctx);
}
static void
test_one(const struct test_vector *vec)
{
uint8_t md[SHA1_DIGEST_SIZE];
int i;
/* All at once. */
sha1_bytes(vec->data, vec->size, md);
assert(!memcmp(md, vec->output, SHA1_DIGEST_SIZE));
/* In two pieces. */
for (i = 0; i < 20; i++) {
int n0 = vec->size ? random_range(vec->size) : 0;
int n1 = vec->size - n0;
struct sha1_ctx sha1;
sha1_init(&sha1);
sha1_update(&sha1, vec->data, n0);
sha1_update(&sha1, vec->data + n0, n1);
sha1_final(&sha1, md);
assert(!memcmp(md, vec->output, SHA1_DIGEST_SIZE));
}
putchar('.');
fflush(stdout);
}
void
hmac_sha1_init(hmac_sha1_ctx *ctx, const void *key, size_t keylen)
{
uint8_t keybuf[SHA1_BLOCK_LEN], pad[SHA1_BLOCK_LEN];
/* prepare key */
memset(keybuf, 0, sizeof keybuf);
if (keylen > sizeof keybuf)
sha1_complete(key, keylen, keybuf);
else
memcpy(keybuf, key, keylen);
/* input pad */
for (unsigned int i = 0; i < sizeof pad; ++i)
pad[i] = 0x36 ^ keybuf[i];
sha1_init(&ctx->ictx);
sha1_update(&ctx->ictx, pad, sizeof pad);
/* output pad */
for (unsigned int i = 0; i < sizeof pad; ++i)
pad[i] = 0x5c ^ keybuf[i];
sha1_init(&ctx->octx);
sha1_update(&ctx->octx, pad, sizeof pad);
/* hide the evidence */
memset(keybuf, 0, sizeof keybuf);
memset(pad, 0, sizeof pad);
}
void
sha1_hmac_init(struct sha1_hmac_context *ctx, const byte *key, uint keylen)
{
byte keybuf[SHA1_BLOCK_SIZE], buf[SHA1_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= SHA1_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
memset(keybuf + keylen, 0, SHA1_BLOCK_SIZE - keylen);
}
else
{
sha1_hash_buffer(keybuf, key, keylen);
memset(keybuf + SHA1_SIZE, 0, SHA1_BLOCK_SIZE - SHA1_SIZE);
}
/* Initialize the inner digest */
sha1_init(&ctx->ictx);
int i;
for (i = 0; i < SHA1_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
sha1_update(&ctx->ictx, buf, SHA1_BLOCK_SIZE);
/* Initialize the outer digest */
sha1_init(&ctx->octx);
for (i = 0; i < SHA1_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
sha1_update(&ctx->octx, buf, SHA1_BLOCK_SIZE);
}
/* Begin SHA1 HMAC functions
*/
static void
hmac_sha1_init(hmac_sha1_ctx *ctx, const char *key, const int key_len)
{
unsigned char final_key[MAX_DIGEST_BLOCK_LEN] = {0};
unsigned char init_key[MAX_DIGEST_BLOCK_LEN] = {0};
int final_len = key_len;
if(key_len > MAX_DIGEST_BLOCK_LEN)
final_len = MAX_DIGEST_BLOCK_LEN;
memcpy(init_key, key, final_len);
if(SHA1_BLOCK_LEN < key_len)
{
/* Calculate the digest of the key
*/
sha1(final_key, init_key, final_len);
}
else
{
memcpy(final_key, init_key, key_len);
}
pad_init(ctx->block_inner_pad, ctx->block_outer_pad, final_key, final_len);
sha1_init(&ctx->ctx_inside);
sha1_update(&ctx->ctx_inside, ctx->block_inner_pad, SHA1_BLOCK_LEN);
sha1_init(&ctx->ctx_outside);
sha1_update(&ctx->ctx_outside, ctx->block_outer_pad, SHA1_BLOCK_LEN);
return;
}
/**
* sha1_finalize - Finalize the context and create the SHA1 digest
*/
void sha1_finalize(struct sha1_ctx *ctx, sha1_digest *out)
{
static unsigned char padding[64] = { 0x80, };
unsigned int bits[2];
unsigned int index, padlen;
/* add padding and update data with it */
bits[0] = cpu_to_be32((unsigned int) (ctx->sz >> 29));
bits[1] = cpu_to_be32((unsigned int) (ctx->sz << 3));
/* pad out to 56 */
index = (unsigned int) (ctx->sz & 0x3f);
padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
sha1_update(ctx, padding, padlen);
/* append length */
sha1_update(ctx, (unsigned char *) bits, sizeof(bits));
/* output hash */
out->digest[0] = cpu_to_be32(ctx->h[0]);
out->digest[1] = cpu_to_be32(ctx->h[1]);
out->digest[2] = cpu_to_be32(ctx->h[2]);
out->digest[3] = cpu_to_be32(ctx->h[3]);
out->digest[4] = cpu_to_be32(ctx->h[4]);
}
/*
* The routine final terminates the computation and returns the digest. The
* handle is prepared for a new cycle, but adding bytes to the handle will the
* destroy the returned buffer.
*
* Returns: 20 bytes representing the digest.
*/
byte *
sha1_final(struct sha1_context *ctx)
{
u32 t, msb, lsb;
sha1_update(ctx, NULL, 0); /* flush */
t = ctx->nblocks;
/* multiply by 64 to make a byte count */
lsb = t << 6;
msb = t >> 26;
/* add the count */
t = lsb;
if ((lsb += ctx->count) < t)
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 29;
if (ctx->count < 56)
{
/* enough room */
ctx->buf[ctx->count++] = 0x80; /* pad */
while (ctx->count < 56)
ctx->buf[ctx->count++] = 0; /* pad */
}
else
{
/* need one extra block */
ctx->buf[ctx->count++] = 0x80; /* pad character */
while (ctx->count < 64)
ctx->buf[ctx->count++] = 0;
sha1_update(ctx, NULL, 0); /* flush */
memset(ctx->buf, 0, 56); /* fill next block with zeroes */
}
/* append the 64 bit count */
ctx->buf[56] = msb >> 24;
ctx->buf[57] = msb >> 16;
ctx->buf[58] = msb >> 8;
ctx->buf[59] = msb;
ctx->buf[60] = lsb >> 24;
ctx->buf[61] = lsb >> 16;
ctx->buf[62] = lsb >> 8;
ctx->buf[63] = lsb;
sha1_transform(ctx, ctx->buf);
byte *p = ctx->buf;
#define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0)
X(0);
X(1);
X(2);
X(3);
X(4);
#undef X
return ctx->buf;
}
/*
* Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
* Well, not what's written there, but rather what they meant.
*/
static void mppe_rekey(ppp_mppe_state * state, int initial_key)
{
sha1_context sha1_ctx;
u8_t sha1_digest[SHA1_SIGNATURE_SIZE];
/*
* Key Derivation, from RFC 3078, RFC 3079.
* Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
*/
sha1_starts(&sha1_ctx);
sha1_update(&sha1_ctx, state->master_key, state->keylen);
sha1_update(&sha1_ctx, mppe_sha1_pad1, SHA1_PAD_SIZE);
sha1_update(&sha1_ctx, state->session_key, state->keylen);
sha1_update(&sha1_ctx, mppe_sha1_pad2, SHA1_PAD_SIZE);
sha1_finish(&sha1_ctx, sha1_digest);
MEMCPY(state->session_key, sha1_digest, state->keylen);
if (!initial_key) {
arc4_setup(&state->arc4, sha1_digest, state->keylen);
arc4_crypt(&state->arc4, state->session_key, state->keylen);
}
if (state->keylen == 8) {
/* See RFC 3078 */
state->session_key[0] = 0xd1;
state->session_key[1] = 0x26;
state->session_key[2] = 0x9e;
}
arc4_setup(&state->arc4, state->session_key, state->keylen);
}
void sha1_finish(ctx_sha1* p_ctx,unsigned char digest[20])
{
static unsigned char PADDING[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
unsigned char ml[8];
unsigned int hi = ( p_ctx->_count[0] >> 29 ) | ( p_ctx->_count[1] << 3 );
unsigned int lo = ( p_ctx->_count[0] << 3 );
unsigned int last,padn;
PUT_UINT32(hi, ml, 0);
PUT_UINT32(lo, ml, 4);
last = p_ctx->_count[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
sha1_update(p_ctx,PADDING, padn);
sha1_update(p_ctx,ml, 8);
PUT_UINT32(p_ctx->_state[0], digest, 0);
PUT_UINT32(p_ctx->_state[1], digest, 4);
PUT_UINT32(p_ctx->_state[2], digest, 8);
PUT_UINT32(p_ctx->_state[3], digest, 12);
PUT_UINT32(p_ctx->_state[4], digest, 16);
/* Zeroize sensitive information. */
sha1_initialize(p_ctx);
}
void hmac_sha1(const uint8_t *key, int keyLength,
const uint8_t *data, int dataLength,
uint8_t *result, int resultLength) {
SHA1_INFO ctx;
uint8_t hashed_key[SHA1_DIGEST_LENGTH];
if (keyLength > 64) {
// The key can be no bigger than 64 bytes. If it is, we'll hash it down to
// 20 bytes.
sha1_init(&ctx);
sha1_update(&ctx, key, keyLength);
sha1_final(&ctx, hashed_key);
key = hashed_key;
keyLength = SHA1_DIGEST_LENGTH;
}
// The key for the inner digest is derived from our key, by padding the key
// the full length of 64 bytes, and then XOR'ing each byte with 0x36.
uint8_t tmp_key[64];
for (int i = 0; i < keyLength; ++i) {
tmp_key[i] = key[i] ^ 0x36;
}
if (keyLength < 64) {
memset(tmp_key + keyLength, 0x36, 64 - keyLength);
}
// Compute inner digest
sha1_init(&ctx);
sha1_update(&ctx, tmp_key, 64);
sha1_update(&ctx, data, dataLength);
uint8_t sha[SHA1_DIGEST_LENGTH];
sha1_final(&ctx, sha);
// The key for the outer digest is derived from our key, by padding the key
// the full length of 64 bytes, and then XOR'ing each byte with 0x5C.
for (int i = 0; i < keyLength; ++i) {
tmp_key[i] = key[i] ^ 0x5C;
}
memset(tmp_key + keyLength, 0x5C, 64 - keyLength);
// Compute outer digest
sha1_init(&ctx);
sha1_update(&ctx, tmp_key, 64);
sha1_update(&ctx, sha, SHA1_DIGEST_LENGTH);
sha1_final(&ctx, sha);
// Copy result to output buffer and truncate or pad as necessary
memset(result, 0, resultLength);
if (resultLength > SHA1_DIGEST_LENGTH) {
resultLength = SHA1_DIGEST_LENGTH;
}
memcpy(result, sha, resultLength);
// Zero out all internal data structures
memset(hashed_key, 0, sizeof(hashed_key));
memset(sha, 0, sizeof(sha));
memset(tmp_key, 0, sizeof(tmp_key));
}
/**
* Verify an authentication block in a response.
* Since this func updates the nonce_even in the session data it has to be
* called when receiving a succesfull AUTH response.
* This func can verify the first as well as the second auth block (for
* double authorized commands).
*
* @param command_code command code of the request
* @param response pointer to the request (w/ uninitialised auth data)
* @param handles_len length of the handles area in response
* @param auth_session pointer to the (valid) auth session to be used
* @param response_auth pointer to the auth block of the response to be verified
* @param auth authentication data (HMAC key)
*/
static u32 verify_response_auth(u32 command_code, const void *response,
size_t response_len0, size_t handles_len,
struct session_data *auth_session,
const void *response_auth, const void *auth)
{
u8 hmac_data[DIGEST_LENGTH * 3 + 1];
u8 computed_auth[DIGEST_LENGTH];
sha1_context hash_ctx;
const size_t return_code_offset = 6;
const size_t auth_continue_offset = 20;
const size_t auth_auth_offset = 21;
u8 auth_continue;
if (!auth_session || !auth_session->valid)
return TPM_AUTHFAIL;
if (pack_byte_string(hmac_data, sizeof(hmac_data), "d",
0, command_code))
return TPM_LIB_ERROR;
if (response_len0 < TPM_RESPONSE_HEADER_LENGTH)
return TPM_LIB_ERROR;
sha1_starts(&hash_ctx);
sha1_update(&hash_ctx, response + return_code_offset, 4);
sha1_update(&hash_ctx, hmac_data, 4);
if (response_len0 > TPM_RESPONSE_HEADER_LENGTH + handles_len)
sha1_update(&hash_ctx,
response + TPM_RESPONSE_HEADER_LENGTH + handles_len,
response_len0 - TPM_RESPONSE_HEADER_LENGTH
- handles_len);
sha1_finish(&hash_ctx, hmac_data);
memcpy(auth_session->nonce_even, response_auth, DIGEST_LENGTH);
auth_continue = ((u8 *)response_auth)[auth_continue_offset];
if (pack_byte_string(hmac_data, sizeof(hmac_data), "ssb",
DIGEST_LENGTH,
response_auth,
DIGEST_LENGTH,
2 * DIGEST_LENGTH,
auth_session->nonce_odd,
DIGEST_LENGTH,
3 * DIGEST_LENGTH,
auth_continue))
return TPM_LIB_ERROR;
sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
computed_auth);
if (memcmp(computed_auth, response_auth + auth_auth_offset,
DIGEST_LENGTH))
return TPM_AUTHFAIL;
return TPM_SUCCESS;
}
void create_sha1(char* secret_hex, uint8_t* text, int clen, uint8_t * sha){
//SHA1 generates 20B string
SHA1_INFO ctx;
sha1_init(&ctx);
char str[50];
sha1_update(&ctx, secret_hex, strlen(secret_hex));
// keep calling sha1_update if you have more data to hash...
sha1_update(&ctx, text, clen);
sha1_final(&ctx, sha);
int i = 0;
return;
}
int
main(int argc, char *argv[])
{
unsigned int i;
struct sha1_context ctx;
char digest[SHA1_DIGEST_LENGTH];
char output[2*SHA1_DIGEST_LENGTH + 5];
/* silence gcc -Wextra */
(void)argc;
(void)argv;
printf("Verifying SHA-1 implementation... ");
fflush(stdout);
for (i = 0; i < sizeof(test_data) / sizeof(test_data[0]); i++) {
sha1_init(&ctx);
sha1_update(&ctx, test_data[i], strlen(test_data[i]));
sha1_final(&ctx, digest);
digest_to_hex(digest, output);
if (strcmp(output, test_results[i])) {
fprintf(stdout, "FAIL\n");
fprintf(stderr, "* hash of \"%s\" incorrect:\n"
"\t%s returned\n"
"\t%s is correct\n",
test_data[i], output, test_results[i]);
return EXIT_FAILURE;
}
}
/* the million 'a' vector we feed separately */
sha1_init(&ctx);
for (i = 0; i < 1000000; i++)
sha1_update(&ctx, "a", 1);
sha1_final(&ctx, digest);
digest_to_hex(digest, output);
if (strcmp(output, "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F")) {
fprintf(stdout, "FAIL\n");
fprintf(stderr, "* hash of a million a's is incorrect:\n"
"\t%s returned\n"
"\t34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F"
" is correct\n", output);
return 1;
}
printf("OK\n");
fflush(stdout);
return EXIT_SUCCESS;
}
const char* websocket_derive_key(const char* key){
static char hex[512] = {0,};
static char magic[] = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
/* compute concaternated hash */
sha1_t sha = sha1_new();
sha1_update(sha, key, strlen(key));
sha1_update(sha, magic, strlen(magic));
/* encode hash as base64 */
base64encode(sha1_hash_bytes(sha), 20, hex, sizeof(hex));
sha1_free(sha);
return hex;
}
u32 getFunctionId(const char* name)
{
const char* suffix = "\x67\x59\x65\x99\x04\x25\x04\x90\x56\x64\x27\x49\x94\x89\x74\x1A"; // Symbol name suffix
u8 output[20];
// Compute SHA-1 hash
sha1_context ctx;
sha1_starts(&ctx);
sha1_update(&ctx, (const u8*)name, strlen(name));
sha1_update(&ctx, (const u8*)suffix, strlen(suffix));
sha1_finish(&ctx, output);
return (u32&)output[0];
}
char *
ap_keying_material_pubkey_derivate(apr_pool_t *p,
const char *key, const char *pub)
{
sha1_context sha1;
sha1_init(&sha1);
sha1_update(&sha1, (byte *)key, strlen(key));
sha1_update(&sha1, (byte *)pub, strlen(pub));
char *hash = (char *)sha1_final(&sha1);
char *sec = apr_palloc(p, SHA1_HEX_SIZE);
mem_to_hex(sec, hash, SHA1_SIZE, 0);
return sec;
}
/**
* Fill an authentication block in a request.
* This func can create the first as well as the second auth block (for
* double authorized commands).
*
* @param request pointer to the request (w/ uninitialised auth data)
* @param request_len0 length of the request without auth data
* @param handles_len length of the handles area in request
* @param auth_session pointer to the (valid) auth session to be used
* @param request_auth pointer to the auth block of the request to be filled
* @param auth authentication data (HMAC key)
*/
static u32 create_request_auth(const void *request, size_t request_len0,
size_t handles_len,
struct session_data *auth_session,
void *request_auth, const void *auth)
{
u8 hmac_data[DIGEST_LENGTH * 3 + 1];
sha1_context hash_ctx;
const size_t command_code_offset = 6;
const size_t auth_nonce_odd_offset = 4;
const size_t auth_continue_offset = 24;
const size_t auth_auth_offset = 25;
if (!auth_session || !auth_session->valid)
return TPM_LIB_ERROR;
sha1_starts(&hash_ctx);
sha1_update(&hash_ctx, request + command_code_offset, 4);
if (request_len0 > TPM_REQUEST_HEADER_LENGTH + handles_len)
sha1_update(&hash_ctx,
request + TPM_REQUEST_HEADER_LENGTH + handles_len,
request_len0 - TPM_REQUEST_HEADER_LENGTH
- handles_len);
sha1_finish(&hash_ctx, hmac_data);
sha1_starts(&hash_ctx);
sha1_update(&hash_ctx, auth_session->nonce_odd, DIGEST_LENGTH);
sha1_update(&hash_ctx, hmac_data, sizeof(hmac_data));
sha1_finish(&hash_ctx, auth_session->nonce_odd);
if (pack_byte_string(request_auth, TPM_REQUEST_AUTH_LENGTH, "dsb",
0, auth_session->handle,
auth_nonce_odd_offset, auth_session->nonce_odd,
DIGEST_LENGTH,
auth_continue_offset, 1))
return TPM_LIB_ERROR;
if (pack_byte_string(hmac_data, sizeof(hmac_data), "ss",
DIGEST_LENGTH,
auth_session->nonce_even,
DIGEST_LENGTH,
2 * DIGEST_LENGTH,
request_auth + auth_nonce_odd_offset,
DIGEST_LENGTH + 1))
return TPM_LIB_ERROR;
sha1_hmac(auth, DIGEST_LENGTH, hmac_data, sizeof(hmac_data),
request_auth + auth_auth_offset);
return TPM_SUCCESS;
}
CAMLprim value stub_sha1_update_fd(value ctx, value fd, value len)
{
CAMLparam3(ctx, fd, len);
unsigned char buf[BLKSIZE];
struct sha1_ctx ctx_dup = *GET_CTX_STRUCT(ctx);
intnat ret, rest = Long_val(len);
caml_release_runtime_system();
do {
ret = rest < sizeof(buf) ? rest : sizeof(buf);
ret = read(Long_val(fd), buf, ret);
if (ret <= 0) break;
rest -= ret;
sha1_update(&ctx_dup, buf, ret);
} while (ret > 0 && rest > 0);
caml_acquire_runtime_system();
if (ret < 0)
caml_failwith("read error");
*GET_CTX_STRUCT(ctx) = ctx_dup;
CAMLreturn(Val_long(Long_val(len) - rest));
}
static int
calculate_chunk_sha1(struct filedes *in_fd, size_t this_chunk_size,
off_t offset, u8 sha1_md[])
{
u8 buf[BUFFER_SIZE];
SHA_CTX ctx;
size_t bytes_remaining;
size_t bytes_to_read;
int ret;
bytes_remaining = this_chunk_size;
sha1_init(&ctx);
do {
bytes_to_read = min(bytes_remaining, sizeof(buf));
ret = full_pread(in_fd, buf, bytes_to_read, offset);
if (ret) {
ERROR_WITH_ERRNO("Read error while calculating "
"integrity checksums");
return ret;
}
sha1_update(&ctx, buf, bytes_to_read);
bytes_remaining -= bytes_to_read;
offset += bytes_to_read;
} while (bytes_remaining);
sha1_final(sha1_md, &ctx);
return 0;
}
void
rsa_sign_msg(struct rsa_private_key *priv,mpz_t s, uint8_t *msg, const size_t len)
{
uint8_t digest[SHA1_DIGEST_SIZE];
struct sha1_ctx sha1ctx;
int i = 0,nloop = 0;
if(priv == NULL || msg == NULL || len == 0) {
die("priv == NULL || msg == NULL || len == 0");
}
//printf("\nMSG_LEN: %d\n",len);
bzero(&sha1ctx,sizeof(struct sha1_ctx));
bzero(&digest[0],SHA1_DIGEST_SIZE);
mpz_init(s);
sha1_init(&sha1ctx);
sha1_update(&sha1ctx,len,msg);
sha1_digest(&sha1ctx,SHA1_DIGEST_SIZE,digest);
if (!rsa_sha1_sign_digest(priv, digest, s)) {
// out("rsa_sha1_sign...try again\n");
rsa_sign_msg(priv,s,msg,len);
}
}
static void
hmac_sha1_update(hmac_sha1_ctx *ctx, const char *msg,
unsigned int msg_len)
{
sha1_update(&ctx->ctx_inside, (unsigned char *)msg, msg_len);
return;
}
extern u32 ppu_generate_id(const char* name)
{
// Symbol name suffix
const auto suffix = "\x67\x59\x65\x99\x04\x25\x04\x90\x56\x64\x27\x49\x94\x89\x74\x1A";
sha1_context ctx;
u8 output[20];
// Compute SHA-1 hash
sha1_starts(&ctx);
sha1_update(&ctx, reinterpret_cast<const u8*>(name), std::strlen(name));
sha1_update(&ctx, reinterpret_cast<const u8*>(suffix), std::strlen(suffix));
sha1_finish(&ctx, output);
return reinterpret_cast<le_t<u32>&>(output[0]);
}
void Connection_fingerprint_from_cert(Connection *conn)
{
x509_cert* _x509P = conn->iob->ssl.peer_cert;
int i = 0;
debug("Connection_send_to_handler: peer_cert: %016lX: tag=%d length=%ld",
(unsigned long) _x509P,
_x509P ? _x509P->raw.tag : -1,
_x509P ? _x509P->raw.len : -1);
if (_x509P != NULL && _x509P->raw.len > 0) {
sha1_context ctx;
unsigned char sha1sum[CERT_FINGERPRINT_SIZE + 1] = {0};
sha1_starts(&ctx);
sha1_update(&ctx, _x509P->raw.p, _x509P->raw.len);
sha1_finish(&ctx, sha1sum);
bstring hex = bfromcstr("");
for (i = 0; i < (int)sizeof(sha1sum); i++) {
bformata(hex, "%02X", sha1sum[i]);
}
Request_set(conn->req, &PEER_CERT_SHA1_KEY, hex, 1);
}
}
static int
__archive_nettle_sha1update(archive_sha1_ctx *ctx, const void *indata,
size_t insize)
{
sha1_update(ctx, insize, indata);
return (ARCHIVE_OK);
}
term_t cbif_sha_update2(proc_t *proc, term_t *regs)
{
term_t Context = regs[0];
term_t Data = regs[1];
if (!is_boxed_binary(Context))
badarg(Context);
bits_t bs, dst;
bits_get_real(peel_boxed(Context), &bs);
if (bs.ends -bs.starts != sizeof(struct sha1_ctx) *8)
badarg(Context);
struct sha1_ctx ctx;
bits_init_buf((uint8_t *)&ctx, sizeof(ctx), &dst);
bits_copy(&bs, &dst);
if (!is_boxed_binary(Data) && !is_list(Data))
badarg(Data);
int sz = iolist_size(Data);
if (sz < 0)
badarg(Data);
assert(sz <= 65536); //TODO: use heap_tmp_buf for larger Data
uint8_t buf[sz];
iolist_flatten(Data, buf);
sha1_update(&ctx, sz, buf);
uint8_t *ptr;
term_t bin = heap_make_bin(&proc->hp, sizeof(ctx), &ptr);
memcpy(ptr, &ctx, sizeof(ctx));
return bin;
}
//// Google TOTP HMAC SHA1
static void hmac_sha1(const unsigned char *secret, size_t secret_len,
const unsigned char *input, size_t input_len,
unsigned char *result, size_t result_size)
{
SHA1_INFO context;
// The scope on this is required here, because we may assign secret to
// point to this if secret_len > 64
unsigned char tmp_internal_hash[64];
// temp length
int i;
if( secret_length > 64 )
{
sha1_init(&context);
sha1_update(&context, secret, secret_len);
sha1_final(&context, tmp_internal_hash);
secret_len = SHA1_DIGEST_LENGTH;
}
else
{
memcpy(tmp_internal_hash, secret, secret_len);
}
for(i = 0; i < secret_len; ++i)
{
tmp_internal_hash[i] ^= 0x36;
}
memset(tmp_internal_hash + secret_len, 0x36, 64 - secret_len);
}
err_status_t
hmac_init(hmac_ctx_t *state, const octet_t *key, int key_len) {
int i;
/*
* check key length - note that we don't support keys larger
* than 20 bytes yet
*/
if (key_len > 20)
return err_status_bad_param;
/*
* set values of ipad and opad in the context by exoring the key
* into the appropriate constant values
*/
for (i=0; i < key_len; i++) {
state->ipad[i] = key[i] ^ 0x36;
state->opad[i] = key[i] ^ 0x5c;
}
/* set the rest of ipad, opad to constant values */
for ( ; i < 64; i++) {
((octet_t *)state->ipad)[i] = 0x36;
((octet_t *)state->opad)[i] = 0x5c;
}
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(state->ipad, 64));
/* initialize sha1 context */
sha1_init(&state->ctx);
/* hash ipad ^ key */
sha1_update(&state->ctx, (octet_t *)state->ipad, 64);
return err_status_ok;
}
/*
* Calculates SHA-1 hash of *src*. The size of *src* is *src_length* bytes.
* *dst* must be at least SHA1_DIGEST_SIZE.
*/
void sha1(uint8_t *dst, const uint8_t *src, size_t src_length)
{
struct sha1_ctx ctx;
sha1_init(&ctx);
sha1_update(&ctx, src_length, src);
sha1_digest(&ctx, SHA1_DIGEST_SIZE, dst);
}
uint8_t *flash_hash_rw(void)
{
sha1_init(&ctx);
sha1_update(&ctx, (void *)CONFIG_FLASH_BASE + CONFIG_FW_RW_OFF,
CONFIG_FW_RW_SIZE - 32);
return sha1_final(&ctx);
}