void md5(
const void *content, ssize_t content_len,
char *result, ssize_t result_len)
{
assert(result_len==33); // md5+1 length
int i, j;
EVP_MD_CTX mdctx;
unsigned char md_value[EVP_MAX_MD_SIZE];
unsigned int md_len;
EVP_DigestInit(&mdctx, EVP_md5());
EVP_DigestUpdate(&mdctx, content, (size_t) content_len);
EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
EVP_MD_CTX_cleanup(&mdctx);
char byte[3];
j=0;
for(i=0; i<md_len; i++)
{
snprintf(byte, sizeof(byte), "%02x", md_value[i]);
result[j++]=byte[0];
result[j++]=byte[1];
}
result[j]=0;
}
static char *
digest_calculate(char *filename,
char **digest_type, char *digest_string, unsigned *md_len_p,
file_offset_t *filesizep)
{
int fd, i, rv;
EVP_MD_CTX md_ctx;
unsigned char md_value[EVP_MAX_MD_SIZE];
char buffer[GFS_FILE_BUFSIZE];
if ((fd = open(filename, O_RDONLY)) == -1)
return (gfarm_errno_to_error(errno));
EVP_DigestInit(&md_ctx, GFS_DEFAULT_DIGEST_MODE);
rv = gfs_digest_calculate_local(
fd, buffer, GFS_FILE_BUFSIZE,
GFS_DEFAULT_DIGEST_MODE,
&md_ctx, md_len_p, md_value, filesizep);
close(fd);
if (rv != 0)
return (gfarm_errno_to_error(rv));
for (i = 0; i < *md_len_p; i++)
sprintf(&digest_string[i + i], "%02x",
md_value[i]);
*digest_type = GFS_DEFAULT_DIGEST_NAME;
return (NULL);
}
/** @impl_interface_method{RTCRDIGESTDESC::pfnInit} */
static DECLCALLBACK(int) rtCrDigestOsslEvp_Init(void *pvState, void *pvOpaque, bool fReInit)
{
EVP_MD_CTX *pThis = (EVP_MD_CTX *)pvState;
EVP_MD const *pEvpType = (EVP_MD const *)pvOpaque;
if (fReInit)
{
pEvpType = EVP_MD_CTX_md(pThis);
# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_reset(pThis);
# else
EVP_MD_CTX_cleanup(pThis);
# endif
}
AssertPtrReturn(pEvpType, VERR_INVALID_PARAMETER);
# if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
Assert(EVP_MD_block_size(pEvpType));
# else
Assert(pEvpType->md_size);
# endif
if (EVP_DigestInit(pThis, pEvpType))
return VINF_SUCCESS;
return VERR_CR_DIGEST_OSSL_DIGEST_INIT_ERROR;
}
int
px_find_digest(const char *name, PX_MD ** res)
{
const EVP_MD *md;
EVP_MD_CTX *ctx;
PX_MD *h;
if (!px_openssl_initialized)
{
px_openssl_initialized = 1;
OpenSSL_add_all_algorithms();
}
md = EVP_get_digestbyname(name);
if (md == NULL)
return PXE_NO_HASH;
ctx = px_alloc(sizeof(*ctx));
EVP_DigestInit(ctx, md);
h = px_alloc(sizeof(*h));
h->result_size = digest_result_size;
h->block_size = digest_block_size;
h->reset = digest_reset;
h->update = digest_update;
h->finish = digest_finish;
h->free = digest_free;
h->p.ptr = (void *) ctx;
*res = h;
return 0;
}
static int create_digest(BIO *input, char *digest, const EVP_MD *md,
unsigned char **md_value)
{
int md_value_len;
md_value_len = EVP_MD_size(md);
if (md_value_len < 0)
return 0;
if (input) {
EVP_MD_CTX md_ctx;
unsigned char buffer[4096];
int length;
*md_value = app_malloc(md_value_len, "digest buffer");
EVP_DigestInit(&md_ctx, md);
while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
EVP_DigestUpdate(&md_ctx, buffer, length);
}
if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))
return 0;
} else {
long digest_len;
*md_value = string_to_hex(digest, &digest_len);
if (!*md_value || md_value_len != digest_len) {
OPENSSL_free(*md_value);
*md_value = NULL;
BIO_printf(bio_err, "bad digest, %d bytes "
"must be specified\n", md_value_len);
return 0;
}
}
return md_value_len;
}
char *do_sha1(char *tohash, int size)
{
EVP_MD_CTX ctx;
char *hash_ret;
int evp_ret_len;
if (!tohash)
{
debug_printf(DEBUG_NORMAL, "Invalid value passed to do_sha1()!\n");
return NULL;
}
hash_ret = (char *)malloc(21); // We should get 20 bytes returned.
if (hash_ret == NULL)
{
printf("There was a malloc() error in eapsim.c with hash_ret!\n");
return NULL;
}
EVP_DigestInit(&ctx, EVP_sha1());
EVP_DigestUpdate(&ctx, tohash, size);
EVP_DigestFinal(&ctx, hash_ret, (int *)&evp_ret_len);
if (evp_ret_len != 20) printf("SHA1 returned something other than what it should have!\n");
return hash_ret;
}
void HashFile(char *filename, unsigned char digest[EVP_MAX_MD_SIZE + 1], HashMethod type)
{
FILE *file;
EVP_MD_CTX context;
int len, md_len;
unsigned char buffer[1024];
const EVP_MD *md = NULL;
CfDebug("HashFile(%d,%s)\n", type, filename);
if ((file = fopen(filename, "rb")) == NULL)
{
CfOut(OUTPUT_LEVEL_INFORM, "fopen", "%s can't be opened\n", filename);
}
else
{
md = EVP_get_digestbyname(FileHashName(type));
EVP_DigestInit(&context, md);
while ((len = fread(buffer, 1, 1024, file)))
{
EVP_DigestUpdate(&context, buffer, len);
}
EVP_DigestFinal(&context, digest, &md_len);
/* Digest length stored in md_len */
fclose(file);
}
}
void HashString(const char *buffer, int len, unsigned char digest[EVP_MAX_MD_SIZE + 1], HashMethod type)
{
EVP_MD_CTX context;
const EVP_MD *md = NULL;
int md_len;
CfDebug("HashString(%c)\n", type);
switch (type)
{
case HASH_METHOD_CRYPT:
CfOut(OUTPUT_LEVEL_ERROR, "", "The crypt support is not presently implemented, please use another algorithm instead");
memset(digest, 0, EVP_MAX_MD_SIZE + 1);
break;
default:
md = EVP_get_digestbyname(FileHashName(type));
if (md == NULL)
{
CfOut(OUTPUT_LEVEL_INFORM, "", " !! Digest type %s not supported by OpenSSL library", CF_DIGEST_TYPES[type][0]);
}
EVP_DigestInit(&context, md);
EVP_DigestUpdate(&context, (unsigned char *) buffer, (size_t) len);
EVP_DigestFinal(&context, digest, &md_len);
break;
}
}
/*
* MD5authencrypt - generate message digest
*
* Returns length of MAC including key ID and digest.
*/
int
MD5authencrypt(
int type, /* hash algorithm */
u_char *key, /* key pointer */
u_int32 *pkt, /* packet pointer */
int length /* packet length */
)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX ctx;
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was creaded.
*/
INIT_SSL();
EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);
EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
EVP_DigestFinal(&ctx, digest, &len);
memmove((u_char *)pkt + length + 4, digest, len);
return (len + 4);
}
int _ldapfull_chk_hashed(moddata_t data, const char *scheme, int salted, const char *hash, const char *passwd) {
char *bhash; // binary hash, will get it from base64
EVP_MD_CTX mdctx;
const EVP_MD *md;
unsigned char digest[EVP_MAX_MD_SIZE];
int bhlen, rc;
md = EVP_get_digestbyname(scheme);
if (!md) {
return 0;
}
if( ! _ldapfull_base64_decode(hash, &bhash, &bhlen) ) {
return 0;
}
EVP_DigestInit(&mdctx, md);
EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
if (salted) {
EVP_DigestUpdate(&mdctx, &bhash[EVP_MD_size(md)],
bhlen - EVP_MD_size(md));
}
EVP_DigestFinal(&mdctx, digest, NULL);
rc = memcmp((char *)bhash, (char *)digest, EVP_MD_size(md));
free(bhash);
return !rc;
}
/*
* Caclulate a new key after a reconnect
*/
void
calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
{
int r;
const EVP_MD *md = EVP_sha1();
EVP_MD_CTX ctx;
char hash[EVP_MAX_MD_SIZE];
struct sshbuf *b;
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_u64(b, *key)) != 0 ||
(r = sshbuf_put_u64(b, cookie)) != 0 ||
(r = sshbuf_put_u64(b, challenge)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
EVP_DigestInit(&ctx, md);
EVP_DigestUpdate(&ctx, sshbuf_ptr(b), sshbuf_len(b));
EVP_DigestFinal(&ctx, hash, NULL);
sshbuf_reset(b);
if ((r = sshbuf_put(b, hash, EVP_MD_size(md))) != 0 ||
(r = sshbuf_get_u64(b, key)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
sshbuf_free(b);
}
QString pki_evp::sha512passwd(QString pass, QString salt)
{
EVP_MD_CTX mdctx;
QString str;
int n;
int j;
unsigned char m[EVP_MAX_MD_SIZE];
if (salt.length() <5)
abort();
str = salt.left(5);
pass = str + pass;
EVP_DigestInit(&mdctx, EVP_sha512());
EVP_DigestUpdate(&mdctx, CCHAR(pass), pass.size());
EVP_DigestFinal(&mdctx, m, (unsigned*)&n);
for (j=0; j<n; j++) {
char zs[4];
sprintf(zs, "%02X",m[j]);
str += zs;
}
return str;
}
bool _IDB_XCH::new_msgiv( IDB_PH1 * ph1 )
{
if( ph1->evp_cipher == NULL )
return false;
unsigned char iv_data[ EVP_MAX_MD_SIZE ];
unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
EVP_MD_CTX ctx_hash;
EVP_DigestInit( &ctx_hash, ph1->evp_hash );
EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );
EVP_DigestUpdate( &ctx_hash, &msgid, 4 );
EVP_DigestFinal( &ctx_hash, iv_data, NULL );
EVP_MD_CTX_cleanup( &ctx_hash );
iv.set( iv_data, iv_size );
iked.log.bin(
LLOG_DEBUG,
LLOG_DECODE,
iv.buff(),
iv.size(),
"== : new %s iv",
name() );
return true;
}
bool send_chal_reply(connection_t *c) {
char hash[EVP_MAX_MD_SIZE * 2 + 1];
EVP_MD_CTX *ctx;
/* Calculate the hash from the challenge we received */
ctx = EVP_MD_CTX_create();
if(!ctx) {
abort();
}
if(!EVP_DigestInit(ctx, c->indigest)
|| !EVP_DigestUpdate(ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|| !EVP_DigestFinal(ctx, (unsigned char *)hash, NULL)) {
EVP_MD_CTX_destroy(ctx);
logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
}
EVP_MD_CTX_destroy(ctx);
/* Convert the hash to a hexadecimal formatted string */
bin2hex(hash, hash, EVP_MD_size(c->indigest));
hash[EVP_MD_size(c->indigest) * 2] = '\0';
/* Send the reply */
return send_request(c, "%d %s", CHAL_REPLY, hash);
}
void
derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
u_int8_t cookie[8], u_int8_t id[16])
{
const EVP_MD *evp_md = EVP_md5();
EVP_MD_CTX md;
u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
int len;
EVP_DigestInit(&md, evp_md);
len = BN_num_bytes(host_modulus);
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad host modulus (len %d)", __func__, len);
BN_bn2bin(host_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
len = BN_num_bytes(server_modulus);
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
fatal("%s: bad server modulus (len %d)", __func__, len);
BN_bn2bin(server_modulus, nbuf);
EVP_DigestUpdate(&md, nbuf, len);
EVP_DigestUpdate(&md, cookie, 8);
EVP_DigestFinal(&md, obuf, NULL);
memcpy(id, obuf, 16);
memset(nbuf, 0, sizeof(nbuf));
memset(obuf, 0, sizeof(obuf));
memset(&md, 0, sizeof(md));
}
TSS_RESULT
Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
{
int rv;
EVP_MD *md;
switch (HashType) {
case TSS_HASH_SHA1:
md = (EVP_MD *)EVP_sha1();
break;
default:
return TSPERR(TSS_E_BAD_PARAMETER);
break;
}
if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
return TSPERR(TSS_E_OUTOFMEMORY);
rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
if (rv != EVP_SUCCESS) {
DEBUG_print_openssl_errors();
return TSPERR(TSS_E_INTERNAL_ERROR);
}
return TSS_SUCCESS;
}
/*
* MD5authdecrypt - verify MD5 message authenticator
*
* Returns one if digest valid, zero if invalid.
*/
int
MD5authdecrypt(
int type, /* hash algorithm */
const u_char * key, /* key pointer */
u_int32 * pkt, /* packet pointer */
size_t length, /* packet length */
size_t size /* MAC size */
)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX ctx;
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was created.
*/
INIT_SSL();
if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
msyslog(LOG_ERR,
"MAC decrypt: digest init failed");
return (0);
}
EVP_DigestUpdate(&ctx, key, cache_secretsize);
EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
EVP_DigestFinal(&ctx, digest, &len);
if (size != (size_t)len + 4) {
msyslog(LOG_ERR,
"MAC decrypt: MAC length error");
return (0);
}
return !isc_tsmemcmp(digest, (const char *)pkt + length + 4, len);
}
/*
* Calculate the reference id from the address. If it is an IPv4
* address, use it as is. If it is an IPv6 address, do a md5 on
* it and use the bottom 4 bytes.
* The result is in network byte order.
*/
u_int32
addr2refid(sockaddr_u *addr)
{
u_char digest[20];
u_int32 addr_refid;
EVP_MD_CTX ctx;
u_int len;
if (IS_IPV4(addr))
return (NSRCADR(addr));
INIT_SSL();
#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
#endif
if (!EVP_DigestInit(&ctx, EVP_md5())) {
msyslog(LOG_ERR,
"MD5 init failed");
exit(1);
}
EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal(&ctx, digest, &len);
memcpy(&addr_refid, digest, sizeof(addr_refid));
return (addr_refid);
}
/*
* Calculate the reference id from the address. If it is an IPv4
* address, use it as is. If it is an IPv6 address, do a md5 on
* it and use the bottom 4 bytes.
* The result is in network byte order.
*/
uint32_t
addr2refid(sockaddr_u *addr)
{
uint8_t digest[20];
uint32_t addr_refid;
EVP_MD_CTX ctx;
u_int len;
if (IS_IPV4(addr))
return (NSRCADR(addr));
INIT_SSL();
#if defined(HAVE_OPENSSL)
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) {
msyslog(LOG_ERR,
"MD5 init failed");
exit(1);
}
#else
EVP_DigestInit(&ctx, EVP_md5());
#endif
EVP_DigestUpdate(&ctx, (uint8_t *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal(&ctx, digest, &len);
memcpy(&addr_refid, digest, sizeof(addr_refid));
return (addr_refid);
}
/*
* keytype_from_text returns OpenSSL NID for digest by name, and
* optionally the associated digest length.
*
* Used by ntpd authreadkeys(), ntpq and ntpdc keytype()
*/
int
keytype_from_text(
const char *text,
size_t *pdigest_len
)
{
const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
int key_type;
u_int digest_len;
#ifdef OPENSSL
u_char digest[EVP_MAX_MD_SIZE];
char * upcased;
char * pch;
EVP_MD_CTX ctx;
/*
* OpenSSL digest short names are capitalized, so uppercase the
* digest name before passing to OBJ_sn2nid(). If it is not
* recognized but begins with 'M' use NID_md5 to be consistent
* with past behavior.
*/
INIT_SSL();
LIB_GETBUF(upcased);
strncpy(upcased, text, LIB_BUFLENGTH);
for (pch = upcased; '\0' != *pch; pch++)
*pch = (char)toupper((unsigned char)*pch);
key_type = OBJ_sn2nid(upcased);
#else
key_type = 0;
#endif
if (!key_type && 'm' == tolower((unsigned char)text[0]))
key_type = NID_md5;
if (!key_type)
return 0;
if (NULL != pdigest_len) {
#ifdef OPENSSL
EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(&ctx, digest, &digest_len);
if (digest_len + sizeof(keyid_t) > MAX_MAC_LEN) {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
return 0;
}
#else
digest_len = 16;
#endif
*pdigest_len = digest_len;
}
return key_type;
}
static void *x963_kdf(const EVP_MD *md, const void *in, size_t inlen,
void *out, size_t *outlen)
{
EVP_MD_CTX ctx;
uint32_t counter = 1;
uint32_t counter_be;
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
size_t rlen = *outlen;
size_t len;
EVP_MD_CTX_init(&ctx);
//FIXME: it might be wrong
while (rlen > 0) {
counter_be = cpu_to_be32(counter);
counter++;
EVP_DigestInit(&ctx, md);
EVP_DigestUpdate(&ctx, in, inlen);
EVP_DigestUpdate(&ctx, &counter_be, sizeof(counter_be));
EVP_DigestFinal(&ctx, dgst, &dgstlen);
len = dgstlen <= rlen ? dgstlen : rlen;
memcpy(out, dgst, len);
rlen -= len;
out += len;
}
EVP_MD_CTX_cleanup(&ctx);
return out;
}
int ssh_key_sign(ssh_key* key, const char* data, int length, unsigned char* sig) {
const EVP_MD* md;
EVP_MD_CTX md_ctx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen, len;
/* Get SHA1 digest */
if ((md = EVP_get_digestbynid(NID_sha1)) == NULL)
return -1;
/* Digest data */
EVP_DigestInit(&md_ctx, md);
EVP_DigestUpdate(&md_ctx, data, length);
EVP_DigestFinal(&md_ctx, digest, &dlen);
/* Sign with key */
switch (key->type) {
case SSH_KEY_RSA:
if (RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa) == 1)
return len;
case SSH_KEY_DSA: {
DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa);
if (dsa_sig != NULL) {
/* Compute size of each half of signature */
int rlen = BN_num_bytes(dsa_sig->r);
int slen = BN_num_bytes(dsa_sig->s);
/* Ensure each number is within the required size */
if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE)
return -1;
/* Init to all zeroes */
memset(sig, 0, DSA_SIG_SIZE);
/* Add R at the end of the first block of the signature */
BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE
- DSA_SIG_NUMBER_SIZE - rlen);
/* Add S at the end of the second block of the signature */
BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);
/* Done */
DSA_SIG_free(dsa_sig);
return DSA_SIG_SIZE;
}
}
}
return -1;
}
static int
_md_init (md_ctx *x, munge_mac_t md)
{
EVP_MD *algo;
assert (x != NULL);
if (_md_map_enum (md, &algo) < 0) {
return (-1);
}
if (_md_ctx_create (x) < 0) {
return (-1);
}
#if HAVE_EVP_DIGESTINIT_EX
/* OpenSSL >= 0.9.7 */
if (EVP_DigestInit_ex (x->ctx, algo, NULL) != 1) {
return (-1);
}
#elif HAVE_EVP_DIGESTINIT
/* EVP_DigestInit() implicitly initializes the EVP_MD_CTX. */
/* OpenSSL < 0.9.7 */
EVP_DigestInit (x->ctx, algo);
#else /* !HAVE_EVP_DIGESTINIT */
#error "No OpenSSL EVP_DigestInit"
#endif /* !HAVE_EVP_DIGESTINIT */
x->diglen = EVP_MD_size (algo);
return (0);
}
static u_char *
derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
BIGNUM *shared_secret)
{
Buffer b;
EVP_MD_CTX md;
char c = id;
u_int have;
int mdsz;
u_char *digest;
if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
fatal("bad kex md size %d", mdsz);
digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
buffer_put_bignum2(&b, shared_secret);
/* K1 = HASH(K || H || "A" || session_id) */
EVP_DigestInit(&md, kex->evp_md);
if (!(datafellows & SSH_BUG_DERIVEKEY))
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestUpdate(&md, hash, hashlen);
EVP_DigestUpdate(&md, &c, 1);
EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
EVP_DigestFinal(&md, digest, NULL);
/*
* expand key:
* Kn = HASH(K || H || K1 || K2 || ... || Kn-1)
* Key = K1 || K2 || ... || Kn
*/
for (have = mdsz; need > have; have += mdsz) {
EVP_DigestInit(&md, kex->evp_md);
if (!(datafellows & SSH_BUG_DERIVEKEY))
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestUpdate(&md, hash, hashlen);
EVP_DigestUpdate(&md, digest, have);
EVP_DigestFinal(&md, digest + have, NULL);
}
buffer_free(&b);
#ifdef DEBUG_KEX
fprintf(stderr, "key '%c'== ", c);
dump_digest("key", digest, need);
#endif
return digest;
}
static void
hmac_md5 (const char* password, char* challenge,
unsigned char* response)
{
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN];
unsigned char secret[MD5_BLOCK_LEN+1];
unsigned int secret_len, chal_len;
int i;
secret_len = strlen(password);
chal_len = strlen(challenge);
/* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5
* digests */
if (secret_len > MD5_BLOCK_LEN) {
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, (const unsigned char*) password, secret_len);
EVP_DigestFinal(ctx, secret, &secret_len);
}
else
strncpy ((char *) secret, password, sizeof (secret));
memset (ipad, 0, sizeof(ipad));
memset (opad, 0, sizeof(opad));
memcpy (ipad, secret, secret_len);
memcpy (opad, secret, secret_len);
for (i=0; i<MD5_BLOCK_LEN; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
/* inner hash: challenge and ipadded secret */
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, ipad, MD5_BLOCK_LEN);
EVP_DigestUpdate(ctx, (unsigned char*) challenge, chal_len);
EVP_DigestFinal(ctx, response, NULL);
/* outer hash: inner hash and opadded secret */
EVP_DigestInit(ctx, EVP_md5());
EVP_DigestUpdate(ctx, opad, MD5_BLOCK_LEN);
EVP_DigestUpdate(ctx, response, MD5_DIGEST_LEN);
EVP_DigestFinal(ctx, response, NULL);
EVP_MD_CTX_destroy(ctx);
}
void
kexgex_hash(
const EVP_MD *evp_md,
char *client_version_string,
char *server_version_string,
char *ckexinit, int ckexinitlen,
char *skexinit, int skexinitlen,
u_char *serverhostkeyblob, int sbloblen,
int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
BIGNUM *client_dh_pub,
BIGNUM *server_dh_pub,
BIGNUM *shared_secret,
u_char **hash, u_int *hashlen)
{
Buffer b;
static u_char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX md;
buffer_init(&b);
buffer_put_cstring(&b, client_version_string);
buffer_put_cstring(&b, server_version_string);
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
buffer_put_int(&b, ckexinitlen+1);
buffer_put_char(&b, SSH2_MSG_KEXINIT);
buffer_append(&b, ckexinit, ckexinitlen);
buffer_put_int(&b, skexinitlen+1);
buffer_put_char(&b, SSH2_MSG_KEXINIT);
buffer_append(&b, skexinit, skexinitlen);
buffer_put_string(&b, serverhostkeyblob, sbloblen);
if (min == -1 || max == -1)
buffer_put_int(&b, wantbits);
else {
buffer_put_int(&b, min);
buffer_put_int(&b, wantbits);
buffer_put_int(&b, max);
}
buffer_put_bignum2(&b, prime);
buffer_put_bignum2(&b, gen);
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
#ifdef DEBUG_KEXDH
buffer_dump(&b);
#endif
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
EVP_DigestFinal(&md, digest, NULL);
buffer_free(&b);
*hash = digest;
*hashlen = EVP_MD_size(evp_md);
#ifdef DEBUG_KEXDH
dump_digest("hash", digest, *hashlen);
#endif
}
bool chal_reply_h(connection_t *c) {
char hishash[MAX_STRING_SIZE];
char myhash[EVP_MAX_MD_SIZE];
EVP_MD_CTX *ctx;
if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) {
logger(LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
c->hostname);
return false;
}
/* Check if the length of the hash is all right */
if(strlen(hishash) != (size_t)EVP_MD_size(c->outdigest) * 2) {
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
c->hostname, "wrong challenge reply length");
return false;
}
/* Convert the hash to binary format */
if(!hex2bin(hishash, hishash, EVP_MD_size(c->outdigest))) {
logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
return false;
}
/* Calculate the hash from the challenge we sent */
ctx = EVP_MD_CTX_create();
if(!ctx) {
abort();
}
if(!EVP_DigestInit(ctx, c->outdigest)
|| !EVP_DigestUpdate(ctx, c->hischallenge, RSA_size(c->rsa_key))
|| !EVP_DigestFinal(ctx, (unsigned char *)myhash, NULL)) {
EVP_MD_CTX_destroy(ctx);
logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
return false;
}
EVP_MD_CTX_destroy(ctx);
/* Verify the incoming hash with the calculated hash */
if(memcmp(hishash, myhash, EVP_MD_size(c->outdigest))) {
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
c->hostname, "wrong challenge reply");
ifdebug(SCARY_THINGS) {
bin2hex(myhash, hishash, SHA_DIGEST_LENGTH);
hishash[SHA_DIGEST_LENGTH * 2] = '\0';
logger(LOG_DEBUG, "Expected challenge reply: %s", hishash);
}
return false;
}
uint8_t*
do_sha256_digest (uint8_t* msg, size_t msg_len)
{
uint8_t *dig;
unsigned int dig_len;
EVP_MD_CTX *ctx;
if (msg == NULL || msg_len == 0)
{
fprintf(stderr, "%s: invalid parameter value\n", __func__);
dig = NULL;
goto exit_do_sha256_digest;
}
dig = malloc(EVP_MD_size(EVP_sha256()));
if (dig == NULL)
{
fprintf(stderr, "Error allocating memory for the digest\n");
goto exit_do_sha256_digest;
}
// Do the hashing of the msg
ctx = EVP_MD_CTX_create();
if (EVP_DigestInit(ctx, EVP_sha256()) != 1)
{
fprintf(stderr, "Error initializing digest algorithm\n");
free(dig);
dig = NULL;
goto cleanup_do_sha256_digest;
}
if (EVP_DigestUpdate(ctx, msg, msg_len) != 1)
{
fprintf(stderr, "Error during the hashing of the message\n");
free(dig);
dig = NULL;
goto cleanup_do_sha256_digest;
}
if (EVP_DigestFinal(ctx, dig, &dig_len) != 1)
{
fprintf(stderr, "Error finalizing the digest\n");
free(dig);
dig = NULL;
goto cleanup_do_sha256_digest;
}
// Check if the size is correct
if (dig_len != EVP_MD_size(EVP_sha256()))
{
fprintf(stderr, "Error, the digest's length is less than expected\n");
free(dig);
dig = NULL;
}
cleanup_do_sha256_digest:
EVP_MD_CTX_cleanup(ctx);
free(ctx);
exit_do_sha256_digest:
return dig;
}
void
md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
{
ASSERT(NULL != ctx && NULL != kt);
EVP_MD_CTX_init(ctx);
EVP_DigestInit(ctx, kt);
}
int API_SWU_VerifyImage(unsigned char* image, unsigned int imageSize) {
unsigned char *md_value;
unsigned int md_len = 0;
md_value = malloc(0x40);
EVP_MD_CTX ctx1, ctx2;
EVP_DigestInit(&ctx1, EVP_get_digestbyname("sha1"));
EVP_DigestUpdate(&ctx1, image + SIGNATURE_SIZE, imageSize - SIGNATURE_SIZE);
EVP_DigestFinal(&ctx1, md_value, &md_len);
EVP_DigestInit(&ctx2, EVP_sha1());
EVP_DigestUpdate(&ctx2, md_value, md_len);
int result = 0;
if (EVP_VerifyFinal(&ctx2, image, SIGNATURE_SIZE, _gpPubKey) == 1) result = 1;
EVP_MD_CTX_cleanup(&ctx1);
EVP_MD_CTX_cleanup(&ctx2);
free(md_value);
return result;
}