HashResult Sha256CommonCryptoImpl::Calculate(const Aws::String& str)
{
ByteBuffer hash(CC_SHA256_DIGEST_LENGTH);
CC_SHA256(str.c_str(), static_cast<CC_LONG>(str.length()), hash.GetUnderlyingData());
return HashResult(std::move(hash));
}
void SHA256(sLONG_PTR *pResult, PackagePtr pParams)
{
C_BLOB Param1;
C_LONGINT Param2;
C_TEXT returnValue;
Param1.fromParamAtIndex(pParams, 1);
Param2.fromParamAtIndex(pParams, 2);
uint8_t *buf = (uint8_t *)calloc(32, sizeof(uint8_t));
CC_SHA256((unsigned char *)Param1.getBytesPtr(), Param1.getBytesLength(), buf);
C_BLOB temp;
temp.setBytes((const uint8_t *)buf, 32);
switch (Param2.getIntValue())
{
case 1:
temp.toB64Text(&returnValue);
break;
default:
temp.toHexText(&returnValue);
break;
}
free(buf);
returnValue.setReturn(pResult);
}
void RSASHA256(sLONG_PTR *pResult, PackagePtr pParams)
{
C_BLOB Param1;
C_BLOB Param2;
C_LONGINT Param3;
C_TEXT returnValue;
Param1.fromParamAtIndex(pParams, 1);
Param2.fromParamAtIndex(pParams, 2);
Param3.fromParamAtIndex(pParams, 3);
uint8_t *buf = (uint8_t *)calloc(32, sizeof(uint8_t));
CC_SHA256((unsigned char *)Param1.getBytesPtr(), Param1.getBytesLength(), buf);
unsigned int signatureLength = 0;
BIO *bio = BIO_new_mem_buf((void *)Param2.getBytesPtr(), Param2.getBytesLength());
if(bio){
RSA *key = NULL;
key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
if(key){
uint8_t *sgn = (uint8_t *)calloc(RSA_size(key), sizeof(uint8_t));
if(RSA_sign(NID_sha256, buf, 32, sgn, &signatureLength, key)){
C_BLOB temp;
temp.setBytes((const uint8_t *)sgn, signatureLength);
switch (Param3.getIntValue())
{
case 1:
temp.toB64Text(&returnValue);
break;
default:
temp.toHexText(&returnValue);
break;
}
}
free(sgn);
}
BIO_free(bio);
}
free(buf);
returnValue.setReturn(pResult);
}
void SecOTRAppendDHMessage(SecOTRSessionRef session,
CFMutableDataRef appendTo)
{
//
// Message Type: kDHMessage (0x02)
// AES_CTR(r, 0) of G^X MPI
// SHA256(gxmpi)
//
if(!session) return;
CFMutableDataRef gxmpi = CFDataCreateMutable(kCFAllocatorDefault, 0);
if(!gxmpi) return;
AppendHeader(appendTo, kDHMessage);
SecFDHKAppendPublicSerialization(session->_myKey, gxmpi);
size_t gxmpiSize = (size_t)CFDataGetLength(gxmpi);
if(gxmpiSize == 0) {
CFReleaseNull(gxmpi);
return;
}
const uint8_t* gxmpiLocation = CFDataGetBytePtr(gxmpi);
/* 64 bits cast: gxmpiSize is the size of the EC public key, which is hardcoded and never more than 2^32 bytes. */
assert(gxmpiSize<UINT32_MAX); /* debug check only */
AppendLong(appendTo, (uint32_t)gxmpiSize);
assert(gxmpiSize<INT32_MAX);
uint8_t* encGxmpiLocation = CFDataIncreaseLengthAndGetMutableBytes(appendTo, (CFIndex)gxmpiSize);
AES_CTR_IV0_Transform(sizeof(session->_r), session->_r, gxmpiSize, gxmpiLocation, encGxmpiLocation);
AppendLong(appendTo, CCSHA256_OUTPUT_SIZE);
uint8_t* hashLocation = CFDataIncreaseLengthAndGetMutableBytes(appendTo, CCSHA256_OUTPUT_SIZE);
#ifdef USECOMMONCRYPTO
(void) CC_SHA256(gxmpiLocation, (uint32_t)gxmpiSize, hashLocation);
#else
ccdigest(ccsha256_di(), gxmpiSize, gxmpiLocation, hashLocation);
#endif
CFReleaseNull(gxmpi);
}
krb5_error_code
kcm_store_io(krb5_context context,
krb5_uuid uuid,
void *ptr,
size_t length,
krb5_data *data,
bool encrypt)
{
xtsEncrypt_InStruct_t xtsEncrypt_InStruct;
size_t inseed_size = 64;
io_connect_t conn;
kern_return_t kr;
uint8_t *inseed;
krb5_crypto crypto = NULL;
krb5_error_code ret;
krb5_data_zero(data);
inseed = malloc(inseed_size);
if (inseed == NULL)
err(1, "malloc");
memset(inseed, 0, inseed_size);
conn = openiodev();
if (conn == IO_OBJECT_NULL) {
free(inseed);
return EINVAL;
}
uuid_copy(xtsEncrypt_InStruct.key_uuid, uuid);
xtsEncrypt_InStruct.bufferAddress = (uint64_t) (intptr_t) inseed;
xtsEncrypt_InStruct.bufferLength = (uint64_t) inseed_size;
memset(xtsEncrypt_InStruct.tweak, 0, XTS_TWEAK_BYTES);
kr = IOConnectCallMethod(conn, kAppleFDEKeyStore_xtsEncrypt,
NULL, 0,
& xtsEncrypt_InStruct, sizeof(xtsEncrypt_InStruct),
NULL, 0,
NULL, 0);
closeiodev(conn);
if (kr != KERN_SUCCESS) {
free(inseed);
return EINVAL;
}
CC_SHA256(inseed, (CC_LONG)inseed_size, inseed);
krb5_keyblock keyblock;
keyblock.keytype = ETYPE_AES128_CTS_HMAC_SHA1_96;
keyblock.keyvalue.data = inseed;
keyblock.keyvalue.length = 16;
ret = krb5_crypto_init(context, &keyblock, 0, &crypto);
free(inseed);
if (ret)
return ret;
if (encrypt)
ret = krb5_encrypt(context, crypto, 1, ptr, length, data);
else
ret = krb5_decrypt(context, crypto, 1, ptr, length, data);
krb5_crypto_destroy(context, crypto);
return ret;
}
C4Err HASH_DO(HASH_Algorithm algorithm, const unsigned char *in, unsigned long inlen, unsigned long outLen, uint8_t *out)
{
C4Err err = kC4Err_NoErr;
HASH_ContextRef hashRef = kInvalidHASH_ContextRef;
uint8_t hashBuf[128];
uint8_t *p = (outLen < sizeof(hashBuf))?hashBuf:out;
#if _USES_COMMON_CRYPTO_
/* use apple algorithms if possible*/
switch(algorithm)
{
case kHASH_Algorithm_MD5:
CC_MD5(in, (CC_LONG) inlen, hashBuf);
goto complete;
break;
case kHASH_Algorithm_SHA1:
CC_SHA1(in, (CC_LONG) inlen, hashBuf);
goto complete;
break;
case kHASH_Algorithm_SHA224:
CC_SHA224(in, (CC_LONG) inlen, hashBuf);
goto complete;
break;
case kHASH_Algorithm_SHA256:
CC_SHA256(in, (CC_LONG) inlen, hashBuf);
goto complete;
break;
case kHASH_Algorithm_SHA384:
CC_SHA384(in, (CC_LONG) inlen, hashBuf);
goto complete;
break;
case kHASH_Algorithm_SHA512:
CC_SHA512(in, (CC_LONG) inlen, hashBuf);
goto complete;
break;
default:
break;
}
#endif
err = HASH_Init( algorithm, & hashRef); CKERR;
err = HASH_Update( hashRef, in, inlen); CKERR;
err = HASH_Final( hashRef, p); CKERR;
complete:
if((err == kC4Err_NoErr) & (p!= out))
COPY(hashBuf, out, outLen);
done:
if(!IsNull(hashRef))
HASH_Free(hashRef);
return err;
}
unsigned char *BlueSteel_SHA256(const void *data, uint32_t len, unsigned char *md) {
return CC_SHA256(data, len, md);
}
