void openssl_add_all_digests_internal(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); EVP_add_digest(EVP_md5_sha1()); #endif EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RMD160 EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif }
int main(int argc, char *argv[]) { int i,err=0; char **P,**R; char *p; unsigned char md[MD4_DIGEST_LENGTH]; P=test; R=ret; i=1; while (*P != NULL) { EVP_Digest(&(P[0][0]),TINYCLR_SSL_STRLEN((char *)*P),md,NULL,EVP_md4(), NULL); p=pt(md); if (TINYCLR_SSL_STRCMP(p,(char *)*R) != 0) { TINYCLR_SSL_PRINTF("error calculating MD4 on '%s'\n",*P); TINYCLR_SSL_PRINTF("got %s instead of %s\n",p,*R); err++; } else TINYCLR_SSL_PRINTF("test %d ok\n",i); i++; R++; P++; } EXIT(err); return(0); }
int main(int argc, char *argv[]) { int i, err = 0; char **P, **R; char *p; unsigned char md[MD4_DIGEST_LENGTH]; P = test; R = ret; i = 1; while (*P != NULL) { EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL); p = pt(md); if (strcmp(p, (char *)*R) != 0) { printf("error calculating MD4 on '%s'\n", *P); printf("got %s instead of %s\n", p, *R); err++; } else printf("test %d ok\n", i); i++; R++; P++; } EXIT(err); }
void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #ifndef OPENSSL_NO_GOST EVP_add_digest(EVP_gostr341194()); EVP_add_digest(EVP_gost2814789imit()); EVP_add_digest(EVP_streebog256()); EVP_add_digest(EVP_streebog512()); #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif }
bool OpensslManager::HMACString(Openssl_Hash algorithm, char *key, int key_len, unsigned char *input, int input_len, unsigned char *output, unsigned int *outlength) { switch(algorithm) { case Openssl_Hash_MD5: HMAC(EVP_md5(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_MD4: HMAC(EVP_md4(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA: HMAC(EVP_sha(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA1: HMAC(EVP_sha1(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA224: HMAC(EVP_sha224(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA256: HMAC(EVP_sha256(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA384: HMAC(EVP_sha384(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_SHA512: HMAC(EVP_sha512(), key, key_len, input, input_len, output, outlength); return true; case Openssl_Hash_RIPEMD160: HMAC(EVP_ripemd160(), key, key_len, input, input_len, output, outlength); return true; } return false; }
int otp_md4_hash (const char *data, size_t len, unsigned char *res) { return otp_md_hash (data, len, EVP_md4(), 0, res, 16); }
void mschap_ntpassword_hash(u_int8_t *in, int inlen, u_int8_t *hash) { EVP_MD_CTX ctx; u_int mdlen; EVP_DigestInit(&ctx, EVP_md4()); EVP_DigestUpdate(&ctx, in, inlen); EVP_DigestFinal(&ctx, hash, &mdlen); }
void EVP_MD_do_all_sorted(void (*callback)(const EVP_MD *cipher, const char *name, const char *unused, void *arg), void *arg) { callback(EVP_md4(), "MD4", NULL, arg); callback(EVP_md5(), "MD5", NULL, arg); callback(EVP_sha1(), "SHA1", NULL, arg); callback(EVP_sha224(), "SHA224", NULL, arg); callback(EVP_sha256(), "SHA256", NULL, arg); callback(EVP_sha384(), "SHA384", NULL, arg); callback(EVP_sha512(), "SHA512", NULL, arg); callback(EVP_md4(), "md4", NULL, arg); callback(EVP_md5(), "md5", NULL, arg); callback(EVP_sha1(), "sha1", NULL, arg); callback(EVP_sha224(), "sha224", NULL, arg); callback(EVP_sha256(), "sha256", NULL, arg); callback(EVP_sha384(), "sha384", NULL, arg); callback(EVP_sha512(), "sha512", NULL, arg); }
ikptr ikrt_openssl_evp_md4 (ikpcb * pcb) { #ifdef HAVE_EVP_MD4 const EVP_MD * rv; rv = EVP_md4(); return ika_pointer_alloc(pcb, (long)rv); #else feature_failure(__func__); #endif }
void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); #endif #ifndef OPENSSL_NO_SHA256 /* EVP_add_digest(EVP_sha224()); To be added later */ EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif }
const EVP_MD * hb_EVP_MD_par( int iParam ) { const EVP_MD * p; if( HB_ISCHAR( iParam ) ) return EVP_get_digestbyname( hb_parc( iParam ) ); switch( hb_parni( iParam ) ) { case HB_EVP_MD_MD_NULL: p = EVP_md_null(); break; #ifndef OPENSSL_NO_MD4 case HB_EVP_MD_MD4: p = EVP_md4(); break; #endif #ifndef OPENSSL_NO_MD5 case HB_EVP_MD_MD5: p = EVP_md5(); break; #endif #ifndef OPENSSL_NO_SHA #if OPENSSL_VERSION_NUMBER < 0x10100000L && \ ! defined( LIBRESSL_VERSION_NUMBER ) case HB_EVP_MD_SHA: p = EVP_sha(); break; #endif case HB_EVP_MD_SHA1: p = EVP_sha1(); break; #if OPENSSL_VERSION_NUMBER < 0x10100000L case HB_EVP_MD_DSS: p = EVP_dss(); break; case HB_EVP_MD_DSS1: p = EVP_dss1(); break; #endif #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ OPENSSL_VERSION_NUMBER < 0x10100000L case HB_EVP_MD_ECDSA: p = EVP_ecdsa(); break; #endif #endif #ifndef OPENSSL_NO_SHA256 case HB_EVP_MD_SHA224: p = EVP_sha224(); break; case HB_EVP_MD_SHA256: p = EVP_sha256(); break; #endif #ifndef OPENSSL_NO_SHA512 case HB_EVP_MD_SHA384: p = EVP_sha384(); break; case HB_EVP_MD_SHA512: p = EVP_sha512(); break; #endif #ifndef OPENSSL_NO_RIPEMD case HB_EVP_MD_RIPEMD160: p = EVP_ripemd160(); break; #endif default: p = NULL; } return p; }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA #if OPENSSL_VERSION_NUMBER < 0x10100000L && \ ! defined( LIBRESSL_VERSION_NUMBER ) else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; #endif else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; #if OPENSSL_VERSION_NUMBER < 0x10100000L else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #endif #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ OPENSSL_VERSION_NUMBER < 0x10100000L else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD2 else if( p == EVP_md2() ) n = HB_EVP_MD_MD2; #endif #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #if ! defined( HB_OPENSSL_OLD_OSX_ ) else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_MDC2 else if( p == EVP_mdc2() ) n = HB_EVP_MD_MDC2; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
static const EVP_MD *gtkhash_hash_lib_crypto_get_md(const enum hash_func_e id) { switch (id) { case HASH_FUNC_MD4: return EVP_md4(); case HASH_FUNC_MD5: return EVP_md5(); case HASH_FUNC_SHA0: return EVP_sha(); case HASH_FUNC_SHA1: return EVP_sha1(); case HASH_FUNC_RIPEMD160: return EVP_ripemd160(); case HASH_FUNC_MDC2: return EVP_mdc2(); default: return NULL; } g_assert_not_reached(); }
int otp_md4_init (OtpKey key, const char *pwd, const char *seed) { unsigned char res[16]; return otp_md_init (key, pwd, seed, EVP_md4(), 0, res, sizeof(res)); }
static void ntlm_service(void *ctx, const heim_idata *req, const heim_icred cred, heim_ipc_complete complete, heim_sipc_call cctx) { NTLMRequest2 ntq; unsigned char sessionkey[16]; heim_idata rep = { 0, NULL }; krb5_context context = ctx; hdb_entry_ex *user = NULL; Key *key = NULL; NTLMReply ntp; size_t size; int ret; char *domain; kdc_log(context, config, 1, "digest-request: uid=%d", (int)heim_ipc_cred_get_uid(cred)); if (heim_ipc_cred_get_uid(cred) != 0) { (*complete)(cctx, EPERM, NULL); return; } ntp.success = 0; ntp.flags = 0; ntp.sessionkey = NULL; ret = decode_NTLMRequest2(req->data, req->length, &ntq, NULL); if (ret) goto failed; /* XXX forward to NetrLogonSamLogonEx() if not a local domain */ if (strcmp(ntq.loginDomainName, "BUILTIN") == 0) { domain = ntq.loginDomainName; } else if (strcmp(ntq.loginDomainName, "") == 0) { domain = "BUILTIN"; } else { ret = EINVAL; goto failed; } kdc_log(context, config, 1, "digest-request: user=%s/%s", ntq.loginUserName, domain); if (ntq.lmchallenge.length != 8) goto failed; if (ntq.ntChallengeResponce.length == 0) goto failed; { krb5_principal client; ret = krb5_make_principal(context, &client, domain, ntq.loginUserName, NULL); if (ret) goto failed; krb5_principal_set_type(context, client, KRB5_NT_NTLM); ret = _kdc_db_fetch(context, config, client, HDB_F_GET_CLIENT, NULL, NULL, &user); krb5_free_principal(context, client); if (ret) goto failed; ret = hdb_enctype2key(context, &user->entry, ETYPE_ARCFOUR_HMAC_MD5, &key); if (ret) { krb5_set_error_message(context, ret, "NTLM missing arcfour key"); goto failed; } } kdc_log(context, config, 2, "digest-request: found user, processing ntlm request", ret); if (ntq.ntChallengeResponce.length != 24) { struct ntlm_buf infotarget, answer; answer.length = ntq.ntChallengeResponce.length; answer.data = ntq.ntChallengeResponce.data; ret = heim_ntlm_verify_ntlm2(key->key.keyvalue.data, key->key.keyvalue.length, ntq.loginUserName, ntq.loginDomainName, 0, ntq.lmchallenge.data, &answer, &infotarget, sessionkey); if (ret) { goto failed; } free(infotarget.data); /* XXX verify info target */ } else { struct ntlm_buf answer; if (ntq.flags & NTLM_NEG_NTLM2_SESSION) { unsigned char sessionhash[MD5_DIGEST_LENGTH]; EVP_MD_CTX *md5ctx; /* the first first 8 bytes is the challenge, what is the other 16 bytes ? */ if (ntq.lmChallengeResponce.length != 24) goto failed; md5ctx = EVP_MD_CTX_create(); EVP_DigestInit_ex(md5ctx, EVP_md5(), NULL); EVP_DigestUpdate(md5ctx, ntq.lmchallenge.data, 8); EVP_DigestUpdate(md5ctx, ntq.lmChallengeResponce.data, 8); EVP_DigestFinal_ex(md5ctx, sessionhash, NULL); EVP_MD_CTX_destroy(md5ctx); memcpy(ntq.lmchallenge.data, sessionhash, ntq.lmchallenge.length); } ret = heim_ntlm_calculate_ntlm1(key->key.keyvalue.data, key->key.keyvalue.length, ntq.lmchallenge.data, &answer); if (ret) goto failed; if (ntq.ntChallengeResponce.length != answer.length || memcmp(ntq.ntChallengeResponce.data, answer.data, answer.length) != 0) { free(answer.data); ret = EINVAL; goto failed; } free(answer.data); { EVP_MD_CTX *ctx; ctx = EVP_MD_CTX_create(); EVP_DigestInit_ex(ctx, EVP_md4(), NULL); EVP_DigestUpdate(ctx, key->key.keyvalue.data, key->key.keyvalue.length); EVP_DigestFinal_ex(ctx, sessionkey, NULL); EVP_MD_CTX_destroy(ctx); } } ntp.success = 1; ASN1_MALLOC_ENCODE(NTLMReply, rep.data, rep.length, &ntp, &size, ret); if (ret) goto failed; if (rep.length != size) abort(); failed: kdc_log(context, config, 1, "digest-request: %d", ret); (*complete)(cctx, ret, &rep); free(rep.data); free_NTLMRequest2(&ntq); if (user) _kdc_free_ent (context, user); }
int main(int argc, char **argv, char **envp) { #if 0 const char *algorithm = NULL; #else const char *algorithm = "md5"; #endif const char *key = NULL; const char *msg = NULL; const char *signature = NULL; #if 0 const char *type = NULL; #else const char *type = "rsa"; #endif xxxflag = false; if(!(prog = basename(argv[0]))) { fprintf(stderr, "err: basename: %s -- %s\n", strerror(errno), argv[0]); return(-1); /* NOTREACHED */ } { int ch = 0; #if 0 while((ch = getopt(argc, argv, "a:k:m:s:t:@")) != -1) { #else while((ch = getopt(argc, argv, "k:m:s:@")) != -1) { #endif switch (ch) { #if 0 case 'a': algorithm = optarg; break; #endif case 'k': key = optarg; break; case 'm': msg = optarg; break; case 's': signature = optarg; break; #if 0 case 't': type = optarg; break; #endif case '@': xxxflag = true; break; default: usage(); /* NOTREACHED */ break; } } argc -= optind; argv += optind; } if(argc || !algorithm || !key || !msg || !type) { usage(); /* NOTREACHED */ } return(sigcomp_main(algorithm, key, msg, signature, type)? 0: -1); /* NOTREACHED */ } static bool sigcomp_main(const char *const algorithm, const char *const key, const char *const msg, const char *const signature, const char *const type) { const EVP_MD *evp_md = NULL; BIGNUM *bn_key = NULL; BIGNUM *bn_msg = NULL; BIGNUM *bn_signature = NULL; ERR_load_crypto_strings(); if(!(evp_md = evp_md_with_algorithm(type, algorithm))) { fprintf(stderr, "err: algorithm: %s -- " "unknown algorithm for %s\n", algorithm, type); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } /* key -> bn_key */ if(!(bn_key = BN_new())) { openssl_strerror("BN_new"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!BN_hex2bn(&bn_key, (const char *)key)) { openssl_strerror("BN_hex2bn"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } /* msg -> bn_msg */ if(!(bn_msg = BN_new())) { openssl_strerror("BN_new"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!BN_hex2bn(&bn_msg, (const char *)msg)) { openssl_strerror("BN_hex2bn"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(signature) { /* signature -> bn_signature */ if(!(bn_signature = BN_new())) { openssl_strerror("BN_new"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!BN_hex2bn(&bn_signature, (const char *)signature)) { openssl_strerror("BN_hex2bn"); return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } if(!sigcomp_vrfy(evp_md, bn_key, bn_msg, bn_signature, type)) { return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } } else { if(!sigcomp_sign(evp_md, bn_key, bn_msg, type)) { return(sigcomp_return(false, bn_key, bn_msg, bn_signature)); } } return(sigcomp_return(true, bn_key, bn_msg, bn_signature)); } static bool sigcomp_return(const bool code, BIGNUM *bn_key, BIGNUM *bn_msg, BIGNUM *bn_signature) { if(bn_signature) { BN_free(bn_signature); bn_signature = NULL; } if(bn_msg) { BN_free(bn_msg); bn_msg = NULL; } if(bn_key) { BN_free(bn_key); bn_key = NULL; } return(code); } static bool sigcomp_sign(const EVP_MD *const evp_md, const BIGNUM *const bn_key, const BIGNUM *const bn_msg, const char *const type) { EVP_PKEY *pkey = NULL; unsigned char *key = NULL; unsigned char *msg = NULL; unsigned char *signature = NULL; unsigned char *ptr = NULL; int keylen = 0; int msglen = 0; int signaturelen = 0; int padding = 0; /* bn_key -> key */ if(!(keylen = BN_num_bytes(bn_key))) { openssl_strerror("BN_num_bytes"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(!(key = (unsigned char *)malloc(keylen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(BN_bn2bin(bn_key, key) != keylen) { openssl_strerror("BN_bn2bin"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } #ifdef DEBUG dmp(stderr, "key", key, keylen); #endif // DEBUG /* bn_msg -> msg */ if(!(msglen = BN_num_bytes(bn_msg))) { openssl_strerror("BN_num_bytes"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(!(msg = (unsigned char *)malloc(msglen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } if(BN_bn2bin(bn_msg, msg) != msglen) { openssl_strerror("BN_bn2bin"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } #ifdef DEBUG dmp(stderr, "msg", msg, msglen); #endif // DEBUG ptr = key; for( ; ; ) { if(!strcmp(type, "rsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PrivateKey"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } signaturelen = RSA_size(pkey->pkey.rsa); padding = RSA_PKCS1_PADDING; break; } if(!strcmp(type, "dsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PrivateKey"); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } fprintf(stderr, "err: type: %s -- not implemented\n", type); return(sigcomp_sign_return(false, key, msg, signature, pkey)); break; } fprintf(stderr, "err: type: %s -- unknown type\n", type); return(sigcomp_sign_return(false, key, msg, signature, pkey)); /* NOTREACHED */ } if(!(signature = (unsigned char *)malloc(signaturelen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_sign_return(false, key, msg, signature, pkey)); } RSA_private_encrypt(msglen, msg, signature, pkey->pkey.rsa, padding); #ifdef DEBUG dmp(stderr, "signature", signature, signaturelen); #endif // DEBUG sigcomp_sign_dump(key, keylen, msg, msglen, signature, signaturelen); return(sigcomp_sign_return(true, key, msg, signature, pkey)); } static void sigcomp_sign_dump(const unsigned char *const key, int keylen, const unsigned char *const msg, int msglen, const unsigned char *const signature, int signaturelen) { int d = 0; if(xxxflag) { #if 0 /* needless */ for(d = 0; d < msglen; d ++) { printf("%02x", msg[d]); } #endif for(d = 0; d < signaturelen; d ++) { printf("%02x", signature[d]); } printf("\n"); return; } printf("log:SigCompSign_Results (length:%d)\n", keylen + msglen + signaturelen); printf("log:| PrivateKey (length:%d)\n", keylen); printf("log:| | data = "); for(d = 0; d < keylen; d ++) { printf("%02x", key[d]); } printf("\n"); printf("log:| Message (length:%d)\n", msglen); printf("log:| | data = "); for(d = 0; d < msglen; d ++) { printf("%02x", msg[d]); } printf("\n"); printf("log:| Signature (length:%d)\n", signaturelen); printf("log:| | data = "); for(d = 0; d < signaturelen; d ++) { printf("%02x", signature[d]); } printf("\n"); return; } static bool sigcomp_sign_return(const bool code, unsigned char *key, unsigned char *msg, unsigned char *signature, EVP_PKEY *pkey) { if(pkey) { EVP_PKEY_free(pkey); pkey = NULL; } if(signature) { free(signature); signature = NULL; } if(msg) { free(msg); msg = NULL; } if(key) { free(key); key = NULL; } return(code); } static bool sigcomp_vrfy(const EVP_MD *const evp_md, const BIGNUM *const bn_key, const BIGNUM *const bn_msg, const BIGNUM *const bn_signature, const char *const type) { EVP_PKEY *pkey = NULL; unsigned char *key = NULL; unsigned char *msg = NULL; unsigned char *signature = NULL; unsigned char *to = NULL; unsigned char *ptr = NULL; int keylen = 0; int msglen = 0; int signaturelen = 0; int tolen = 0; int padding = 0; bool compare = true; /* bn_key -> key */ if(!(keylen = BN_num_bytes(bn_key))) { openssl_strerror("BN_num_bytes"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(!(key = (unsigned char *)malloc(keylen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(BN_bn2bin(bn_key, key) != keylen) { openssl_strerror("BN_bn2bin"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } #ifdef DEBUG dmp(stderr, "key", key, keylen); #endif // DEBUG /* bn_msg -> msg */ if(!(msglen = BN_num_bytes(bn_msg))) { openssl_strerror("BN_num_bytes"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(!(msg = (unsigned char *)malloc(msglen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(BN_bn2bin(bn_msg, msg) != msglen) { openssl_strerror("BN_bn2bin"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } #ifdef DEBUG dmp(stderr, "msg", msg, msglen); #endif // DEBUG /* bn_signature -> signature */ if(!(signaturelen = BN_num_bytes(bn_signature))) { openssl_strerror("BN_num_bytes"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(!(signature = (unsigned char *)malloc(signaturelen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(BN_bn2bin(bn_signature, signature) != signaturelen) { openssl_strerror("BN_bn2bin"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } #ifdef DEBUG dmp(stderr, "signature", signature, signaturelen); #endif // DEBUG ptr = key; for( ; ; ) { if(!strcmp(type, "rsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PublicKey"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } tolen = RSA_size(pkey->pkey.rsa); padding = RSA_PKCS1_PADDING; break; } if(!strcmp(type, "dsa")) { #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL) if(!(pkey = d2i_PublicKey(EVP_PKEY_DSA, NULL, (const unsigned char **)&ptr, keylen))) { #else if(!(pkey = d2i_PublicKey(EVP_PKEY_DSA, NULL, &ptr, keylen))) { #endif openssl_strerror("d2i_PublicKey"); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } fprintf(stderr, "err: type: %s -- not implemented\n", type); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); /* NOTREACHED */ break; } fprintf(stderr, "err: type: %s -- unknown type\n", type); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); /* NOTREACHED */ } if(!(to = (unsigned char *)malloc(tolen))) { fprintf(stderr, "err: malloc: %s\n", strerror(errno)); return(sigcomp_vrfy_return(false, key, msg, signature, to, pkey)); } if(RSA_public_decrypt(signaturelen, signature, to, pkey->pkey.rsa, padding) < 0) { openssl_strerror("RSA_public_decrypt"); return(sigcomp_vrfy_return(true, key, msg, signature, to, pkey)); } if(memcmp(msg, to, msglen)) { compare = false; } sigcomp_vrfy_dump(compare, key, keylen, msg, msglen, signature, signaturelen, to, tolen); return(sigcomp_vrfy_return(true, key, msg, signature, to, pkey)); } static void sigcomp_vrfy_dump(const bool code, const unsigned char *const key, int keylen, const unsigned char *const msg, int msglen, const unsigned char *const signature, int signaturelen, const unsigned char *const to, int tolen) { int d = 0; printf("log:SigCompVrfy_Results (length:%d)\n", keylen + msglen + signaturelen + tolen); printf("log:| PublicKey (length:%d)\n", keylen); printf("log:| | data = "); for(d = 0; d < keylen; d ++) { printf("%02x", key[d]); } printf("\n"); printf("log:| Message (length:%d)\n", msglen); printf("log:| | data = "); for(d = 0; d < msglen; d ++) { printf("%02x", msg[d]); } printf("\n"); printf("log:| Signature (length:%d)\n", signaturelen + tolen); printf("log:| | status = %s\n", code? "true": "false"); printf("log:| | Encrypted (length:%d)\n", signaturelen); printf("log:| | | data = "); for(d = 0; d < signaturelen; d ++) { printf("%02x", signature[d]); } printf("\n"); printf("log:| | Decrypted (length:%d)\n", tolen); printf("log:| | | data = "); for(d = 0; d < tolen; d ++) { printf("%02x", to[d]); } printf("\n"); return; } static bool sigcomp_vrfy_return(const bool code, unsigned char *key, unsigned char *msg, unsigned char *signature, unsigned char *to, EVP_PKEY *pkey) { if(pkey) { EVP_PKEY_free(pkey); pkey = NULL; } if(to) { free(to); to = NULL; } if(signature) { free(signature); signature = NULL; } if(msg) { free(msg); msg = NULL; } if(key) { free(key); key = NULL; } return(code); } static const EVP_MD * evp_md_with_algorithm(const char *const type, const char *const algorithm) { const EVP_MD *evp_md = NULL; bool dsa = false; bool rsa = false; for( ; ; ) { if(!strcmp(type, "dsa")) { dsa = true; break; } if(!strcmp(type, "rsa")) { rsa = true; break; } break; } for( ; ; ) { if(dsa && !strcmp(algorithm, "dss1")) { evp_md = EVP_dss1(); break; } if(rsa && !strcmp(algorithm, "md2")) { evp_md = EVP_md2(); break; } if(rsa && !strcmp(algorithm, "md4")) { evp_md = EVP_md4(); break; } if(rsa && !strcmp(algorithm, "md5")) { evp_md = EVP_md5(); break; } #if ! defined(__linux__) if(rsa && !strcmp(algorithm, "mdc2")) { evp_md = EVP_mdc2(); break; } #endif if(rsa && !strcmp(algorithm, "ripemd160")) { evp_md = EVP_ripemd160(); break; } if(rsa && !strcmp(algorithm, "sha1")) { evp_md = EVP_sha1(); break; } break; } return(evp_md); } static void openssl_strerror(const char *const label) { unsigned long code = 0; while((code = ERR_get_error())) { fprintf(stderr, "err: %s: %s\n", label, ERR_error_string(code, NULL)); } return; }
int otp_md4_next (OtpKey key) { unsigned char res[16]; return otp_md_next (key, EVP_md4(), 0, res, sizeof(res)); }
static void test(void) { uint8_t tmp1[EVP_MAX_MD_SIZE]; uint8_t tmp2[EVP_MAX_MD_SIZE]; uint8_t key[256]; uint8_t data[4096]; unsigned int tmp1len; size_t tmp2len; int stop; void *e1; const void *evps[] = { EVP_md2(), EVP_md4(), EVP_md5(), EVP_ripemd160(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), }; const char *names[] = { "md2", "md4", "md5", "rmd160", "sha1", "sha224", "sha256", "sha384", "sha512", }; for (size_t k = 0; k < sizeof(key); k++) key[k] = k; for (size_t d = 0; d < sizeof(data); d++) data[d] = d % 256; for (size_t t = 0; t < __arraycount(names); t++) for (size_t i = 1; i < sizeof(key); i += 9) for (size_t j = 3; j < sizeof(data); j += 111) { stop = 0; #ifdef DEBUG printf("%s: keysize = %zu datasize = %zu\n", names[t], i, j); #endif memset(tmp1, 0, sizeof(tmp1)); memset(tmp2, 0, sizeof(tmp2)); e1 = HMAC(evps[t], key, i, data, j, tmp1, &tmp1len); ATF_REQUIRE(e1 != NULL); tmp2len = hmac(names[t], key, i, data, j, tmp2, sizeof(tmp2)); ATF_REQUIRE_MSG(tmp1len == tmp2len, "hash %s len %u " "!= %zu", names[t], tmp1len, tmp2len); for (size_t k = 0; k < tmp2len; k++) if (tmp1[k] != tmp2[k]) { #ifdef DEBUG printf("%zu %.2x %.2x\n", k, tmp1[k], tmp2[k]); #endif stop = 1; break; } ATF_REQUIRE_MSG(!stop, "hash %s failed for " "keylen=%zu, datalen=%zu", names[t], i, j); } }