Exemple #1
0
uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
              const uint8_t *data, size_t data_len, uint8_t *out,
              unsigned int *out_len) {
  HMAC_CTX ctx;
  HMAC_CTX_init(&ctx);
  if (!HMAC_Init_ex(&ctx, key, key_len, evp_md, NULL) ||
      !HMAC_Update(&ctx, data, data_len) ||
      !HMAC_Final(&ctx, out, out_len)) {
    out = NULL;
  }

  HMAC_CTX_cleanup(&ctx);
  return out;
}
Exemple #2
0
static int hmac_fdigest(lua_State *L)
{
  HANDLER_HMAC c;
  size_t written = 0;
  const char *t = luaL_checkstring(L, 1);
  size_t s_len;
  const char *s = luaL_checklstring(L, 2, &s_len);
  size_t k_len;
  const char *k = luaL_checklstring(L, 3, &k_len);
  DIGEST_TYPE type = DIGEST_BY_NAME(t);
#if CRYPTO_OPENSSL
  unsigned char digest[EVP_MAX_MD_SIZE];
#elif CRYPTO_GCRYPT
  unsigned char *digest;
#endif

  if (IS_DIGEST_INVALID(type)) {
    luaL_argerror(L, 1, "invalid digest type");
    return 0;
  }

#if CRYPTO_OPENSSL
  HMAC_CTX_init(&c);
  HMAC_Init_ex(&c, k, k_len, type, NULL);
  HMAC_Update(&c, (unsigned char *)s, s_len);
  HMAC_Final(&c, digest, &written);
#elif CRYPTO_GCRYPT
  gcry_md_open(&c, type, GCRY_MD_FLAG_HMAC);
  gcry_md_setkey(c, k, k_len);
  gcry_md_write(c, s, s_len);
  gcry_md_final(c);
  digest = gcry_md_read(c,type);
  written = gcry_md_get_algo_dlen(type);
#endif

  if (lua_toboolean(L, 4))
    lua_pushlstring(L, (char *)digest, written);
  else
  {
    char *hex = bin2hex(digest,written);
    lua_pushlstring(L, hex, written*2);
    free(hex);
  }

#if CRYPTO_GCRYPT
  gcry_md_close(c);
#endif

  return 1;
}
Exemple #3
0
int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size)
{
#if OPENSSL_VERSION_NUMBER > 0x0090900fL
	int rv = 0;
#endif

	if (!hmac || !hmac->initialized)
	{
		return PKI_ERROR(PKI_ERR_GENERAL, "PKI_HMAC is not initialized");
	}

#if OPENSSL_VERSION_NUMBER > 0x0090900fL
	rv = HMAC_Update(&hmac->ctx, (const unsigned char *) data, (unsigned int) data_size);
	if (rv == 0)
	{
		return PKI_ERROR(PKI_ERR_GENERAL, "Error while updating the HMAC value");
	}
#else
	HMAC_Update(&hmac->ctx, (const unsigned char *) data, (unsigned int) data_size);
#endif

	return PKI_OK;
}
Exemple #4
0
int
dsa_update(struct iked_dsa *dsa, const void *buf, size_t len)
{
	int	ret = 1;

	if (dsa->dsa_hmac)
		ret = HMAC_Update(dsa->dsa_ctx, buf, len);
	else if (dsa->dsa_sign)
		ret = EVP_SignUpdate(dsa->dsa_ctx, buf, len);
	else
		ret = EVP_VerifyUpdate(dsa->dsa_ctx, buf, len);

	return (ret ? 0 : -1);
}
Exemple #5
0
int
P_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret, int sslen,
       unsigned char *seed, int slen)
{
    unsigned char hmac[20];
    uint32_t hlen;
    HMAC_CTX hm;
    const EVP_MD *md = EVP_get_digestbyname(digest);
    uint32_t tmpslen;
    unsigned char tmpseed[slen];
    unsigned char *out = dest;
    int pending = dlen;

    // Copy initial seed
    memcpy(tmpseed, seed, slen);
    tmpslen = slen;

    // Calculate enough data to fill destination
    while (pending > 0) {
        HMAC_Init(&hm, secret, sslen, md);
        HMAC_Update(&hm, tmpseed, tmpslen);
        HMAC_Final(&hm, tmpseed, &tmpslen);

        HMAC_Init(&hm, secret, sslen, md);
        HMAC_Update(&hm, tmpseed, tmpslen);
        HMAC_Update(&hm, seed, slen);
        HMAC_Final(&hm, hmac, &hlen);

        hlen = (hlen > pending) ? pending : hlen;
        memcpy(out, hmac, hlen);
        out += hlen;
        pending -= hlen;
    }
    HMAC_cleanup(&hm);

    return hlen;
}
static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
  unsigned int outlen;
  int rc = SQLITE_OK;
  HMAC_CTX* hctx = NULL;

  if(in == NULL) goto error;

  hctx = HMAC_CTX_new();
  if(hctx == NULL) goto error;

  switch(algorithm) {
    case SQLCIPHER_HMAC_SHA1:
      if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error;
      break;
    case SQLCIPHER_HMAC_SHA256:
      if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error;
      break;
    case SQLCIPHER_HMAC_SHA512:
      if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error;
      break;
    default:
      goto error;
  }

  if(!HMAC_Update(hctx, in, in_sz)) goto error;
  if(in2 != NULL) {
    if(!HMAC_Update(hctx, in2, in2_sz)) goto error;
  }
  if(!HMAC_Final(hctx, out, &outlen)) goto error;
  
  goto cleanup;
error:
  rc = SQLITE_ERROR;
cleanup:
  if(hctx) HMAC_CTX_free(hctx);
  return rc;
}
Exemple #7
0
u_char *
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
{
	static union {
		u_char m[EVP_MAX_MD_SIZE];
		u_int64_t for_align;
	} u;
	u_char b[4], nonce[8];

	if (mac->mac_len > sizeof(u))
		fatal("mac_compute: mac too long %u %lu",
		    mac->mac_len, (u_long)sizeof(u));

	switch (mac->type) {
	case SSH_EVP:
		put_u32(b, seqno);
		/* reset HMAC context */
		HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
		HMAC_Update(&mac->evp_ctx, b, sizeof(b));
		HMAC_Update(&mac->evp_ctx, data, datalen);
		HMAC_Final(&mac->evp_ctx, u.m, NULL);
		break;
	case SSH_UMAC:
		put_u64(nonce, seqno);
		umac_update(mac->umac_ctx, data, datalen);
		umac_final(mac->umac_ctx, u.m, nonce);
		break;
	case SSH_UMAC128:
		put_u64(nonce, seqno);
		umac128_update(mac->umac_ctx, data, datalen);
		umac128_final(mac->umac_ctx, u.m, nonce);
		break;
	default:
		fatal("mac_compute: unknown MAC type");
	}
	return (u.m);
}
/* a counter-based KDF based on NIST SP800-108 */
static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int labellen, uint8_t *result, int resultbitlen)
{
	HMAC_CTX hctx;
	uint8_t digest[SHA256_DIGEST_LENGTH];
	uint16_t i, ctr, L;
	int resultbytelen, len = 0;
	unsigned int mdlen = SHA256_DIGEST_LENGTH;
	uint8_t mask = 0xff;

	resultbytelen = (resultbitlen + 7)/8;
	ctr = 0;
	L = htons(resultbitlen);
	while (len < resultbytelen) {
		ctr++; i = htons(ctr);
		HMAC_Init(&hctx, key, keylen, EVP_sha256());
		if (ctr > 1) {
			HMAC_Update(&hctx, digest, mdlen);
		}
		HMAC_Update(&hctx, (uint8_t *) &i, sizeof(uint16_t));
		HMAC_Update(&hctx, (uint8_t const *)label, labellen);
		HMAC_Update(&hctx, (uint8_t *) &L, sizeof(uint16_t));
		HMAC_Final(&hctx, digest, &mdlen);
		if ((len + (int) mdlen) > resultbytelen) {
			memcpy(result + len, digest, resultbytelen - len);
		} else {
			memcpy(result + len, digest, mdlen);
		}
		len += mdlen;
		HMAC_CTX_cleanup(&hctx);
	}

	/* since we're expanding to a bit length, mask off the excess */
	if (resultbitlen % 8) {
		mask <<= (8 - (resultbitlen % 8));
		result[resultbytelen - 1] &= mask;
	}
}
static uint64_t _checksum_64(encfs_common_custom_salt *cur_salt, unsigned char *key, const unsigned char *data, int dataLen, uint64_t *chainedIV)
{
	unsigned char md[EVP_MAX_MD_SIZE];
	unsigned int mdLen = EVP_MAX_MD_SIZE;
	int i;
	unsigned char h[8] = {0,0,0,0,0,0,0,0};
	uint64_t value;
	HMAC_CTX mac_ctx;

	HMAC_CTX_init(&mac_ctx);
	HMAC_Init_ex( &mac_ctx, key, cur_salt->keySize, EVP_sha1(), 0 );
	HMAC_Init_ex( &mac_ctx, 0, 0, 0, 0 );
	HMAC_Update( &mac_ctx, data, dataLen );
	if(chainedIV)
	{
	  // toss in the chained IV as well
		uint64_t tmp = *chainedIV;
		unsigned char h[8];
		for(i=0; i<8; ++i) {
			h[i] = tmp & 0xff;
			tmp >>= 8;
		}
		HMAC_Update( &mac_ctx, h, 8 );
	}
	HMAC_Final( &mac_ctx, md, &mdLen );
	HMAC_CTX_cleanup(&mac_ctx);

	// chop this down to a 64bit value..
	for(i=0; i < (mdLen - 1); ++i)
		h[i%8] ^= (unsigned char)(md[i]);

	value = (uint64_t)h[0];
	for(i=1; i<8; ++i)
		value = (value << 8) | (uint64_t)h[i];
	return value;
}
Exemple #10
0
void hmac_sha1( uint8_t* key, int32_t key_length,
                const uint8_t* data_chunks[],
                uint32_t data_chunck_length[],
                uint8_t* mac, int32_t* mac_length ) {
    HMAC_CTX ctx;
    HMAC_CTX_init( &ctx );
    HMAC_Init_ex( &ctx, key, key_length, EVP_sha1(), NULL );
    while ( *data_chunks ) {
        HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
        data_chunks ++;
        data_chunck_length ++;
    }
    HMAC_Final( &ctx, mac, reinterpret_cast<uint32_t*>(mac_length) );
    HMAC_CTX_cleanup( &ctx );
}
Exemple #11
0
int
rfc6287_ocra(const ocra_suite * ocra, const char *suite_string,
    const uint8_t *key, size_t key_l, uint64_t C, const char *Q,
    const uint8_t *P, size_t P_l, const uint8_t *S, size_t S_l,
    uint64_t T, char **resp)
{
	int ret;
	uint8_t qbuf[128];
	uint8_t CBE[8];
	uint8_t TBE[8];
	uint8_t *md = NULL;
	unsigned int md_l = 20;
	int suite_l = strlen(suite_string) + 1;
	int flags = ocra->flags;
	HMAC_CTX *ctx;

	if ((0 != (ret = check_di_params(ocra, key_l, Q, P_l, S_l, T))) ||
	    (0 != (ret = format_questions(ocra, qbuf, Q))))
		return ret;

	if (flags & FL_C)
		st64be(CBE, C);
	if (flags & FL_T)
		st64be(TBE, T);

	if (0 != (ret = hmac_new(&ctx)))
		return ret;

	if (NULL == (md = (uint8_t *)malloc(mdlen(ocra->hotp_alg))))
		return RFC6287_ERR_POSIX;

	if ((1 != HMAC_Init_ex(ctx, key, key_l, evp_md(ocra->hotp_alg), NULL)) ||
	    (1 !=
	    HMAC_Update(ctx, (const uint8_t *)suite_string, suite_l)) ||
	    ((flags & FL_C) && (1 != HMAC_Update(ctx, CBE, 8))) ||
	    (1 != HMAC_Update(ctx, qbuf, 128)) ||
	    ((flags & FL_P) && (1 != HMAC_Update(ctx, P, P_l))) ||
	    ((flags & FL_S) && (1 != HMAC_Update(ctx, S, S_l))) ||
	    ((flags & FL_T) && (1 != HMAC_Update(ctx, TBE, 8))) ||
	    (NULL == (md = (uint8_t *)malloc(mdlen(ocra->hotp_alg)))) ||
	    (1 != HMAC_Final(ctx, md, &md_l)) ||
	    (md_l != mdlen(ocra->hotp_alg))) {
		hmac_destroy(ctx);
		free(md);
		return RFC6287_ERR_OPENSSL;
	}
	hmac_destroy(ctx);
	if (ocra->hotp_trunc) {
		ret = truncate_md(md, md_l, ocra->hotp_trunc, resp);
		free(md);
	} else {
		*resp = (char *)md;
		ret = 0;
	}
	return ret;
}
Exemple #12
0
JNIEXPORT int JNICALL Java_com_facebook_crypto_mac_NativeMac_nativeUpdate__B(
  JNIEnv* env,
  jobject obj,
  jbyte data) {

  HMAC_CTX* ctx = Get_HMAC_CTX(env, obj);
  if (!ctx) {
    return CRYPTO_FAILURE;
  }

  if (!HMAC_Update(ctx, (unsigned char*)&data, sizeof(jbyte))) {
    return CRYPTO_FAILURE;
  }
  return CRYPTO_SUCCESS;
}
Exemple #13
0
unsigned char *HMAC2(//fixed to SHA256: EVP_MD *evp_md,
                    unsigned char *key, int key_len,
                    unsigned char *d, int n,
                    unsigned char *md)
                    //always 64, unsigned int *md_len)
	{
	HMAC_CTX c;
	//static unsigned char m[EVP_MAX_MD_SIZE];
	static unsigned char m[2*SHA256_DIGEST_LENGTH];

	if (md == NULL) md=m;

	//first round
        HMAC_Init(&c, key, key_len);
	HMAC_Update(&c,d,n);
	HMAC_Final(&c,md);

	//second round
        HMAC_Init(&c, NULL, key_len); //only performs memcpy
	HMAC_Update(&c,d,n);
	HMAC_Final(&c,md+SHA256_DIGEST_LENGTH);
	HMAC_cleanup(&c);
	return(md);
	}
Exemple #14
0
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
		    const unsigned char *d, size_t n, unsigned char *md,
		    unsigned int *md_len)
	{
	HMAC_CTX c;
	static unsigned char m[EVP_MAX_MD_SIZE];

	if (md == NULL) md=m;
	HMAC_CTX_init(&c);
	HMAC_Init(&c,key,key_len,evp_md);
	HMAC_Update(&c,d,n);
	HMAC_Final(&c,md,md_len);
	HMAC_CTX_cleanup(&c);
	return(md);
	}
Exemple #15
0
void *
HMAC(const EVP_MD *md,
     const void *key, size_t key_size,
     const void *data, size_t data_size,
     void *hash, unsigned int *hash_len)
{
    HMAC_CTX ctx;

    HMAC_CTX_init(&ctx);
    HMAC_Init_ex(&ctx, key, key_size, md, NULL);
    HMAC_Update(&ctx, data, data_size);
    HMAC_Final(&ctx, hash, hash_len);
    HMAC_CTX_cleanup(&ctx);
    return hash;
}
int
hmac_update(mac_ctx_t *mctx, uchar_t *data, uint64_t len)
{
	int cksum = mctx->mac_cksum;

	if (cksum == CKSUM_SKEIN256 || cksum == CKSUM_SKEIN512) {
		Skein_512_Update(mctx->mac_ctx, data, len);

	} else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) {
		if (cksum_provider == PROVIDER_OPENSSL) {
			if (HMAC_Update(mctx->mac_ctx, data, len) == 0)
				return (-1);
		} else {
			opt_HMAC_SHA256_Update(mctx->mac_ctx, data, len);
		}
	} else if (cksum == CKSUM_SHA512) {
		if (HMAC_Update(mctx->mac_ctx, data, len) == 0)
			return (-1);

	} else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) {
		// Keccak takes data length in bits so we have to scale
		while (len > KECCAK_MAX_SEG) {
			uint64_t blen;

			blen = KECCAK_MAX_SEG;
			if (Keccak_Update(mctx->mac_ctx, data, blen << 3) != 0)
				return (-1);
			len -= KECCAK_MAX_SEG;
		}
		if (Keccak_Update(mctx->mac_ctx, data, len << 3) != 0)
			return (-1);
	} else {
		return (-1);
	}
	return (0);
}
Exemple #17
0
int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt)
{
	int i, padlen;
	const int blksize = 16;
	unsigned int hmac_len = 20;
	int crypt_len;
	HMAC_CTX hmac_ctx;

	/* This gets much more fun if the IV is variable-length */
	pkt->esp.spi = vpninfo->esp_out.spi;
	pkt->esp.seq = htonl(vpninfo->esp_out.seq++);
	if (!RAND_bytes((void *)&pkt->esp.iv, sizeof(pkt->esp.iv))) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to generate random IV for ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EIO;
	}

	padlen = blksize - 1 - ((pkt->len + 1) % blksize);
	for (i=0; i<padlen; i++)
		pkt->data[pkt->len + i] = i + 1;
	pkt->data[pkt->len + padlen] = padlen;
	pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */
	
	if (!EVP_EncryptInit_ex(&vpninfo->esp_out.cipher, NULL, NULL, NULL,
				pkt->esp.iv)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to set up encryption context for ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	crypt_len = pkt->len + padlen + 2;
	if (!EVP_EncryptUpdate(&vpninfo->esp_out.cipher, pkt->data, &crypt_len,
			       pkt->data, crypt_len)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to encrypt ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	HMAC_CTX_copy(&hmac_ctx, &vpninfo->esp_out.hmac);
	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + crypt_len);
	HMAC_Final(&hmac_ctx, pkt->data + crypt_len, &hmac_len);
	HMAC_CTX_cleanup(&hmac_ctx);

	return sizeof(pkt->esp) + crypt_len + 12;
}
Exemple #18
0
/* Generate a MAC */
int PKCS12_gen_mac (PKCS12 * p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen)
{
    const EVP_MD *md_type;

    HMAC_CTX hmac;

    unsigned char key[EVP_MAX_MD_SIZE], *salt;

    int saltlen, iter;

    int md_size;

    if (!PKCS7_type_is_data (p12->authsafes))
    {
        PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
        return 0;
    }

    salt = p12->mac->salt->data;
    saltlen = p12->mac->salt->length;
    if (!p12->mac->iter)
        iter = 1;
    else
        iter = ASN1_INTEGER_get (p12->mac->iter);
    if (!(md_type = EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm)))
    {
        PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
        return 0;
    }
    md_size = EVP_MD_size (md_type);
    if (md_size < 0)
        return 0;
    if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, md_size, key, md_type))
    {
        PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
        return 0;
    }
    HMAC_CTX_init (&hmac);
    if (!HMAC_Init_ex (&hmac, key, md_size, md_type, NULL)
        || !HMAC_Update (&hmac, p12->authsafes->d.data->data,
                         p12->authsafes->d.data->length) || !HMAC_Final (&hmac, mac, maclen))
    {
        HMAC_CTX_cleanup (&hmac);
        return 0;
    }
    HMAC_CTX_cleanup (&hmac);
    return 1;
}
 int __openssl_HMACsha256(HMAC_CTX* ctx, const void* data, int data_size, void* digest, unsigned int* digest_size) 
 {
     int ret = ERROR_SUCCESS;
     
     if (HMAC_Update(ctx, (unsigned char *) data, data_size) < 0) {
         ret = ERROR_OpenSslSha256Update;
         return ret;
     }
 
     if (HMAC_Final(ctx, (unsigned char *) digest, digest_size) < 0) {
         ret = ERROR_OpenSslSha256Final;
         return ret;
     }
     
     return ret;
 }
Exemple #20
0
void aes_sha_combo(void* ctx, void* plaintext, void* ciphertext, int size, void* tag)
{
uint8_t iv[16];
AES_KEY* key = ctx;
HMAC_CTX hctx;
unsigned int rlen = 20;

	HMAC_CTX_init(&hctx);
	HMAC_Init_ex(&hctx, iv, 16, EVP_sha1(), NULL);

	HMAC_Update(&hctx, plaintext, size);

	HMAC_Final(&hctx, tag, &rlen);
	HMAC_CTX_cleanup(&hctx);

	AES_cbc_encrypt(plaintext, ciphertext, size, key, iv, 1);
}
int getHMACSHA256(char *msg, unsigned char* md_value, int len, unsigned char key[], int keylen)
{
	HMAC_CTX mdctx;
	int md_len;
	const EVP_MD *md;	
	OpenSSL_add_all_digests();

	md = EVP_get_digestbyname("sha256");

	HMAC_CTX_init(&mdctx);
	HMAC_Init_ex(&mdctx,key,keylen,md,NULL);
	HMAC_Update(&mdctx, msg, len);
	HMAC_Final(&mdctx, md_value, &md_len);
	HMAC_CTX_cleanup(&mdctx);
	return md_len;

}
Exemple #22
0
int32_t mz_crypt_hmac_update(void *handle, const void *buf, int32_t size)
{
    mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
    int32_t result = 0;

    if (hmac == NULL || buf == NULL)
        return MZ_PARAM_ERROR;

    result = HMAC_Update(hmac->ctx, buf, size);
    if (!result)
    {
        hmac->error = ERR_get_error();
        return MZ_HASH_ERROR;
    }

    return MZ_OK;
}
int compute_keys(UNUSED REQUEST *request, pwd_session_t *session, uint8_t *peer_confirm, uint8_t *msk, uint8_t *emsk)
{
	HMAC_CTX	*hmac_ctx;
	uint8_t		mk[SHA256_DIGEST_LENGTH], *cruft;
	uint8_t		session_id[SHA256_DIGEST_LENGTH + 1];
	uint8_t		msk_emsk[128];		/* 64 each */
	int	 	offset;

	MEM(cruft = talloc_array(session, uint8_t, BN_num_bytes(session->prime)));
	MEM(hmac_ctx = HMAC_CTX_new());

	/*
	 * first compute the session-id = TypeCode | H(ciphersuite | scal_p |
	 *	scal_s)
	 */
	session_id[0] = FR_EAP_METHOD_PWD;
	HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);
	HMAC_Update(hmac_ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite));
	offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar);
	memset(cruft, 0, BN_num_bytes(session->prime));
	BN_bn2bin(session->peer_scalar, cruft + offset);
	HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order));
	offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar);
	memset(cruft, 0, BN_num_bytes(session->prime));
	BN_bn2bin(session->my_scalar, cruft + offset);
	HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order));
	pwd_hmac_final(hmac_ctx, (uint8_t *)&session_id[1]);

	/* then compute MK = H(k | commit-peer | commit-server) */
	HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL);

	memset(cruft, 0, BN_num_bytes(session->prime));
	offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k);
	BN_bn2bin(session->k, cruft + offset);
	HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->prime));

	HMAC_Update(hmac_ctx, peer_confirm, SHA256_DIGEST_LENGTH);

	HMAC_Update(hmac_ctx, session->my_confirm, SHA256_DIGEST_LENGTH);

	pwd_hmac_final(hmac_ctx, mk);

	/* stretch the mk with the session-id to get MSK | EMSK */
	eap_pwd_kdf(mk, SHA256_DIGEST_LENGTH, (char const *)session_id,
		    SHA256_DIGEST_LENGTH + 1, msk_emsk, 1024);  /* it's bits, ((64 + 64) * 8) */

	memcpy(msk, msk_emsk, 64);
	memcpy(emsk, msk_emsk + 64, 64);

	HMAC_CTX_free(hmac_ctx);
	talloc_free(cruft);
	return 0;
}
Exemple #24
0
static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
{
    FILE *f = NULL;
    int rv = -1;
    unsigned char rbuf[READ_BUFFER_LENGTH];
    size_t len;
    unsigned int hlen;
    HMAC_CTX c;

    HMAC_CTX_init(&c);

    f = fopen(path, "r");

    if (f == NULL) {
        goto end;
    }

    HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256());

    while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
        HMAC_Update(&c, rbuf, len);
    }

    len = sizeof(rbuf);
    /* reuse rbuf for hmac */
    HMAC_Final(&c, rbuf, &hlen);

    *buf = malloc(hlen);
    if (*buf == NULL) {
        goto end;
    }

    *hmaclen = hlen;

    memcpy(*buf, rbuf, hlen);

    rv = 0;
end:
    HMAC_CTX_cleanup(&c);

    if (f)
        fclose(f);

    return rv;
}
void hmac_sha256(uint8_t* key, uint32_t key_length,
                 uint8_t* data_chunks[],
                 uint32_t data_chunck_length[],
                 uint8_t* mac, uint32_t* mac_length )
{
    unsigned int tmp;
    HMAC_CTX ctx;
    HMAC_CTX_init( &ctx );
    HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
    while( *data_chunks ){
      HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
      data_chunks ++;
      data_chunck_length ++;
    }
    HMAC_Final( &ctx, mac, &tmp);
    *mac_length = tmp;
    HMAC_CTX_cleanup( &ctx );
}
Exemple #26
0
//------------------------------------------------------------------------------
// helper function to hash with HMAC algorithm:
static std::vector<unsigned char> 
hmac_sha512(const std::vector<unsigned char>& data, 
	    const std::vector<unsigned char>& key)
{   
   unsigned int len = EVP_MAX_MD_SIZE;
   std::vector<unsigned char> digest(len);

   HMAC_CTX ctx;
   HMAC_CTX_init(&ctx);

   HMAC_Init_ex(&ctx, key.data(), key.size(), EVP_sha512(), NULL);
   HMAC_Update(&ctx, data.data(), data.size());
   HMAC_Final(&ctx, digest.data(), &len);
   
   HMAC_CTX_cleanup(&ctx);
   
   return digest;
}
Exemple #27
0
/*----------------------------------------------------------------------
 * Name    : HmacSha256Hash
 * Purpose :
 * Input   : none
 * Output  : none
 *---------------------------------------------------------------------*/
int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key)
{
	HMAC_CTX hctx;

	HMAC_CTX_init(&hctx);
	HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL);

	/*
	 * FIXME: why we need this? NULL means to use whatever there is?
	 * if removed, result is different
	 */
	HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
	HMAC_Update(&hctx, data, len);
	HMAC_Final(&hctx, hash, NULL);

	HMAC_CTX_cleanup(&hctx);
	return 0;
}
Exemple #28
0
static void dohmac(void)
    {
    HMAC_CTX ctx;
    unsigned char hmac_value[EVP_MAX_MD_SIZE];
    unsigned int hmac_len, i;
    char key[16] = "etaonrishdlcupfm";
    unsigned char buf[256];
    /* Generate digest of input stream */ 
    HMAC_Init(&ctx, key, sizeof(key), EVP_sha1());
    memcpy(buf, "abcdefghijklmnopqrstuvwxyz", 26);
    HMAC_Update(&ctx, buf, 26);
    HMAC_Final(&ctx, hmac_value, &hmac_len);
    HMAC_cleanup(&ctx);
    
    for(i = 0; i < hmac_len; i++) fprintf(stderr, "%02x", hmac_value[i]);
    fprintf(stderr, "\n");
    return;
}
Exemple #29
0
static int openssl_hmac(lua_State *L)
{
    if (lua_istable(L, 1))
    {
        if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))
        {
            lua_pop(L, 1);
            lua_remove(L, 1);
        }
        else
            luaL_error(L, "call function with invalid state");
    }
    {

        const EVP_MD *type = get_digest(L, 1);
        size_t len;
        const char *dat = luaL_checklstring(L, 2, &len);
        size_t l;
        const char *k = luaL_checklstring(L, 3, &l);
        int raw = (lua_isnoneornil(L, 4)) ? 0 : lua_toboolean(L, 4);
        ENGINE* e = lua_isnoneornil(L, 5) ? NULL : CHECK_OBJECT(5, ENGINE, "openssl.engine");

        unsigned char digest[EVP_MAX_MD_SIZE];

        HMAC_CTX *c = HMAC_CTX_new();
        HMAC_Init_ex(c, k, (int)l, type, e);

        HMAC_Update(c, (unsigned char *)dat, len);
        len = EVP_MAX_MD_SIZE;
        HMAC_Final(c, digest, (unsigned int*)&len);

        HMAC_CTX_free(c);

        if (raw)
            lua_pushlstring(L, (char *)digest, len);
        else
        {
            char hex[2 * EVP_MAX_MD_SIZE + 1];
            to_hex((const char*)digest, len, hex);
            lua_pushstring(L, hex);
        }
    }
    return 1;
}
Exemple #30
0
/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */
int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt)
{
	unsigned char hmac_buf[20];
	unsigned int hmac_len = sizeof(hmac_buf);
	int crypt_len = pkt->len;
	HMAC_CTX hmac_ctx;

	HMAC_CTX_copy(&hmac_ctx, &esp->hmac);
	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + pkt->len);
	HMAC_Final(&hmac_ctx, hmac_buf, &hmac_len);
	HMAC_CTX_cleanup(&hmac_ctx);

	if (memcmp(hmac_buf, pkt->data + pkt->len, 12)) {
		vpn_progress(vpninfo, PRG_DEBUG,
			     _("Received ESP packet with invalid HMAC\n"));
		return -EINVAL;
	}

	/* Why in $DEITY's name would you ever *not* set this? Perhaps we
	 * should do th check anyway, but only warn instead of discarding
	 * the packet? */
	if (vpninfo->esp_replay_protect &&
	    verify_packet_seqno(vpninfo, esp, ntohl(pkt->esp.seq)))
		return -EINVAL;


	if (!EVP_DecryptInit_ex(&esp->cipher, NULL, NULL, NULL,
				pkt->esp.iv)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to set up decryption context for ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	if (!EVP_DecryptUpdate(&esp->cipher, pkt->data, &crypt_len,
			       pkt->data, pkt->len)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to decrypt ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	return 0;
}