Esempio n. 1
0
void hmac_sha1( uint8_t* key, int32_t key_length,
                const uint8_t* data_chunks[],
                uint32_t data_chunck_length[],
                uint8_t* mac, int32_t* mac_length ) {
    HMAC_CTX ctx;
    HMAC_CTX_init( &ctx );
    HMAC_Init_ex( &ctx, key, key_length, EVP_sha1(), NULL );
    while ( *data_chunks ) {
        HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
        data_chunks ++;
        data_chunck_length ++;
    }
    HMAC_Final( &ctx, mac, reinterpret_cast<uint32_t*>(mac_length) );
    HMAC_CTX_cleanup( &ctx );
}
bool OSSLEVPMacAlgorithm::verifyFinal(ByteString& signature)
{
	if (!MacAlgorithm::verifyFinal(signature))
	{
		return false;
	}

	ByteString macResult;
	unsigned int outLen = EVP_MD_size(getEVPHash());
	macResult.resize(outLen);

	if (!HMAC_Final(&curCTX, &macResult[0], &outLen))
	{
		ERROR_MSG("HMAC_Final failed");

		HMAC_CTX_cleanup(&curCTX);

		return false;
	}

	HMAC_CTX_cleanup(&curCTX);

	return macResult == signature;
}
Esempio n. 3
0
static void 
xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
    xmlSecOpenSSLHmacCtxPtr ctx;

    xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));
    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));

    ctx = xmlSecOpenSSLHmacGetCtx(transform);
    xmlSecAssert(ctx != NULL);
    
#ifndef XMLSEC_OPENSSL_096
    HMAC_CTX_cleanup(&(ctx->hmacCtx));
#endif /* XMLSEC_OPENSSL_096 */
    memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
}
Esempio n. 4
0
int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt)
{
	int i, padlen;
	const int blksize = 16;
	unsigned int hmac_len = 20;
	int crypt_len;
	HMAC_CTX hmac_ctx;

	/* This gets much more fun if the IV is variable-length */
	pkt->esp.spi = vpninfo->esp_out.spi;
	pkt->esp.seq = htonl(vpninfo->esp_out.seq++);
	if (!RAND_bytes((void *)&pkt->esp.iv, sizeof(pkt->esp.iv))) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to generate random IV for ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EIO;
	}

	padlen = blksize - 1 - ((pkt->len + 1) % blksize);
	for (i=0; i<padlen; i++)
		pkt->data[pkt->len + i] = i + 1;
	pkt->data[pkt->len + padlen] = padlen;
	pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */
	
	if (!EVP_EncryptInit_ex(&vpninfo->esp_out.cipher, NULL, NULL, NULL,
				pkt->esp.iv)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to set up encryption context for ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	crypt_len = pkt->len + padlen + 2;
	if (!EVP_EncryptUpdate(&vpninfo->esp_out.cipher, pkt->data, &crypt_len,
			       pkt->data, crypt_len)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to encrypt ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	HMAC_CTX_copy(&hmac_ctx, &vpninfo->esp_out.hmac);
	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + crypt_len);
	HMAC_Final(&hmac_ctx, pkt->data + crypt_len, &hmac_len);
	HMAC_CTX_cleanup(&hmac_ctx);

	return sizeof(pkt->esp) + crypt_len + 12;
}
Esempio n. 5
0
/**
@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
@brief Finalizes (signed) digest computation and returns digest or signature.
@param soap context
@param[in,out] data smdevp engine context
@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)
@param[out] buf is populated with the digest or signature
@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)
@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
{ unsigned int n = 0;
  int err = 1;
  if (buf)
  { /* finalize the digest or signature computation */
    switch (data->alg & (SOAP_SMD_PASSTHRU-1))
    { case SOAP_SMD_DGST_MD5:
      case SOAP_SMD_DGST_SHA1:
      case SOAP_SMD_DGST_SHA256:
        EVP_DigestFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);
        break;
      case SOAP_SMD_HMAC_SHA1:
        HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);
        break;
      case SOAP_SMD_SIGN_DSA_SHA1:
      case SOAP_SMD_SIGN_RSA_SHA1:
      case SOAP_SMD_SIGN_RSA_SHA256:
        err = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);
        break;
      case SOAP_SMD_VRFY_DSA_SHA1:
      case SOAP_SMD_VRFY_RSA_SHA1:
        if (len)
        { n = (unsigned int)*len;
          err = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);
        }
        else
          err = 0;
        break;
    }
    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%d (%p) %d bytes--\n", data->alg, data->ctx, n));
    DBGHEX(TEST, buf, n);
    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
    /* return length of digest or signature produced */
    if (len)
      *len = (int)n;
  }
  /* cleanup and free the HMAC or EVP_MD context */
  if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)
    HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);
  else
    EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);
  SOAP_FREE(soap, data->ctx);
  data->ctx = NULL;
  /* check and return */
  return soap_smd_check(soap, data, err, "soap_smd_final() failed");
}
Esempio n. 6
0
int getHMACSHA256(char *msg, unsigned char* md_value, int len, unsigned char key[], int keylen)
{
	HMAC_CTX mdctx;
	int md_len;
	const EVP_MD *md;	
	OpenSSL_add_all_digests();

	md = EVP_get_digestbyname("sha256");

	HMAC_CTX_init(&mdctx);
	HMAC_Init_ex(&mdctx,key,keylen,md,NULL);
	HMAC_Update(&mdctx, msg, len);
	HMAC_Final(&mdctx, md_value, &md_len);
	HMAC_CTX_cleanup(&mdctx);
	return md_len;

}
Esempio n. 7
0
void aes_sha_combo(void* ctx, void* plaintext, void* ciphertext, int size, void* tag)
{
uint8_t iv[16];
AES_KEY* key = ctx;
HMAC_CTX hctx;
unsigned int rlen = 20;

	HMAC_CTX_init(&hctx);
	HMAC_Init_ex(&hctx, iv, 16, EVP_sha1(), NULL);

	HMAC_Update(&hctx, plaintext, size);

	HMAC_Final(&hctx, tag, &rlen);
	HMAC_CTX_cleanup(&hctx);

	AES_cbc_encrypt(plaintext, ciphertext, size, key, iv, 1);
}
Esempio n. 8
0
void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
{
	HMAC_CTX hmac_ctx;

	/*
	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
	 * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
	 */

	HMAC_CTX_init(&hmac_ctx);
	HMAC_Init_ex(&hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL);
	HMAC_Update(&hmac_ctx, context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);
	HMAC_Update(&hmac_ctx, context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer);
	HMAC_Update(&hmac_ctx, context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);
	HMAC_Final(&hmac_ctx, context->MessageIntegrityCheck, NULL);
	HMAC_CTX_cleanup(&hmac_ctx);
}
Esempio n. 9
0
/* rfc 3711, sections 4.2 and 4.2.1 */
static int hmac_sha1_rtp(struct crypto_context *c, char *out, str *in, u_int64_t index) {
	unsigned char hmac[20];
	HMAC_CTX hc;
	u_int32_t roc;

	HMAC_Init(&hc, c->session_auth_key, c->crypto_suite->srtp_auth_key_len, EVP_sha1());
	HMAC_Update(&hc, (unsigned char *) in->s, in->len);
	roc = htonl((index & 0xffffffff0000ULL) >> 16);
	HMAC_Update(&hc, (unsigned char *) &roc, sizeof(roc));
	HMAC_Final(&hc, hmac, NULL);
	HMAC_CTX_cleanup(&hc);

	assert(sizeof(hmac) >= c->crypto_suite->srtp_auth_tag);
	memcpy(out, hmac, c->crypto_suite->srtp_auth_tag);

	return 0;
}
Esempio n. 10
0
static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) {
  HMAC_PKEY_CTX *hctx = ctx->data;

  if (hctx == NULL) {
    return;
  }

  HMAC_CTX_cleanup(&hctx->ctx);
  if (hctx->ktmp.data) {
    if (hctx->ktmp.length) {
      OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
    }
    OPENSSL_free(hctx->ktmp.data);
    hctx->ktmp.data = NULL;
  }
  OPENSSL_free(hctx);
}
 /**
 * sha256 digest algorithm.
 * @param key the sha256 key, NULL to use EVP_Digest, for instance,
 *       hashlib.sha256(data).digest().
 */
 int openssl_HMACsha256(const void* key, int key_size, const void* data, int data_size, void* digest) 
 {
     int ret = ERROR_SUCCESS;
     
     unsigned int digest_size = 0;
     
     unsigned char* __key = (unsigned char*)key;
     unsigned char* __digest = (unsigned char*)digest;
     
     if (key == NULL) {
         // use data to digest.
         // @see ./crypto/sha/sha256t.c
         // @see ./crypto/evp/digest.c
         if (EVP_Digest(data, data_size, __digest, &digest_size, EVP_sha256(), NULL) < 0)
         {
             ret = ERROR_OpenSslSha256EvpDigest;
             return ret;
         }
     } else {
         // use key-data to digest.
         HMAC_CTX ctx;
         
         // @remark, if no key, use EVP_Digest to digest,
         // for instance, in python, hashlib.sha256(data).digest().
         HMAC_CTX_init(&ctx);
         
         if (HMAC_Init_ex(&ctx, __key, key_size, EVP_sha256(), NULL) < 0) {
             ret = ERROR_OpenSslSha256Init;
             return ret;
         }
         
         ret = __openssl_HMACsha256(&ctx, data, data_size, __digest, &digest_size);
         HMAC_CTX_cleanup(&ctx);
         
         if (ret != ERROR_SUCCESS) {
             return ret;
         }
     }
     
     if (digest_size != 32) {
         ret = ERROR_OpenSslSha256DigestSize;
         return ret;
     }
     
     return ret;
 }
Esempio n. 12
0
static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
{
    FILE *f = NULL;
    int rv = -1;
    unsigned char rbuf[READ_BUFFER_LENGTH];
    size_t len;
    unsigned int hlen;
    HMAC_CTX c;

    HMAC_CTX_init(&c);

    f = fopen(path, "r");

    if (f == NULL) {
        goto end;
    }

    HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256());

    while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
        HMAC_Update(&c, rbuf, len);
    }

    len = sizeof(rbuf);
    /* reuse rbuf for hmac */
    HMAC_Final(&c, rbuf, &hlen);

    *buf = malloc(hlen);
    if (*buf == NULL) {
        goto end;
    }

    *hmaclen = hlen;

    memcpy(*buf, rbuf, hlen);

    rv = 0;
end:
    HMAC_CTX_cleanup(&c);

    if (f)
        fclose(f);

    return rv;
}
Esempio n. 13
0
//------------------------------------------------------------------------------
// helper function to hash with HMAC algorithm:
static std::vector<unsigned char> 
hmac_sha512(const std::vector<unsigned char>& data, 
	    const std::vector<unsigned char>& key)
{   
   unsigned int len = EVP_MAX_MD_SIZE;
   std::vector<unsigned char> digest(len);

   HMAC_CTX ctx;
   HMAC_CTX_init(&ctx);

   HMAC_Init_ex(&ctx, key.data(), key.size(), EVP_sha512(), NULL);
   HMAC_Update(&ctx, data.data(), data.size());
   HMAC_Final(&ctx, digest.data(), &len);
   
   HMAC_CTX_cleanup(&ctx);
   
   return digest;
}
Esempio n. 14
0
/*----------------------------------------------------------------------
 * Name    : HmacSha256Hash
 * Purpose :
 * Input   : none
 * Output  : none
 *---------------------------------------------------------------------*/
int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key)
{
	HMAC_CTX hctx;

	HMAC_CTX_init(&hctx);
	HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL);

	/*
	 * FIXME: why we need this? NULL means to use whatever there is?
	 * if removed, result is different
	 */
	HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
	HMAC_Update(&hctx, data, len);
	HMAC_Final(&hctx, hash, NULL);

	HMAC_CTX_cleanup(&hctx);
	return 0;
}
Esempio n. 15
0
int winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output)
{
#if defined(WITH_OPENSSL)
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
	HMAC_Final((HMAC_CTX*) ctx, output, NULL);
#else
	if (HMAC_Final((HMAC_CTX*) ctx, output, NULL) != 1)
		return -1;
#endif
	HMAC_CTX_cleanup((HMAC_CTX*) ctx);
#elif defined(WITH_MBEDTLS)
	if (mbedtls_md_hmac_finish((mbedtls_md_context_t*) ctx, output) != 0)
		return -1;

	mbedtls_md_free((mbedtls_md_context_t*) ctx);
#endif
	return 0;
}
Esempio n. 16
0
void Hmac::init(ByteArray &key, MessageDigest::Algorithm algorithm, Engine &engine) throw (HmacException) {
	if (this->state != Hmac::NO_INIT)
	{
		HMAC_CTX_cleanup( &this->ctx );
	}
	HMAC_CTX_init( &this->ctx );

	this->algorithm = algorithm;
	const EVP_MD *md = MessageDigest::getMessageDigest( this->algorithm );
	int rc = HMAC_Init_ex( &this->ctx, (void*)key.getDataPointer(), key.size(), md, engine.getEngine() );
	if (!rc)
	{
		this->state = Hmac::NO_INIT;
		throw HmacException(HmacException::CTX_INIT, "Hmac::init");
	}

	this->state = Hmac::INIT;
}
Esempio n. 17
0
void hmac_sha256(uint8_t* key, uint32_t key_length,
                 uint8_t* data_chunks[],
                 uint32_t data_chunck_length[],
                 uint8_t* mac, uint32_t* mac_length )
{
    unsigned int tmp;
    HMAC_CTX ctx;
    HMAC_CTX_init( &ctx );
    HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
    while( *data_chunks ){
      HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
      data_chunks ++;
      data_chunck_length ++;
    }
    HMAC_Final( &ctx, mac, &tmp);
    *mac_length = tmp;
    HMAC_CTX_cleanup( &ctx );
}
Esempio n. 18
0
/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */
int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt)
{
	unsigned char hmac_buf[20];
	unsigned int hmac_len = sizeof(hmac_buf);
	int crypt_len = pkt->len;
	HMAC_CTX hmac_ctx;

	HMAC_CTX_copy(&hmac_ctx, &esp->hmac);
	HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + pkt->len);
	HMAC_Final(&hmac_ctx, hmac_buf, &hmac_len);
	HMAC_CTX_cleanup(&hmac_ctx);

	if (memcmp(hmac_buf, pkt->data + pkt->len, 12)) {
		vpn_progress(vpninfo, PRG_DEBUG,
			     _("Received ESP packet with invalid HMAC\n"));
		return -EINVAL;
	}

	/* Why in $DEITY's name would you ever *not* set this? Perhaps we
	 * should do th check anyway, but only warn instead of discarding
	 * the packet? */
	if (vpninfo->esp_replay_protect &&
	    verify_packet_seqno(vpninfo, esp, ntohl(pkt->esp.seq)))
		return -EINVAL;


	if (!EVP_DecryptInit_ex(&esp->cipher, NULL, NULL, NULL,
				pkt->esp.iv)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to set up decryption context for ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	if (!EVP_DecryptUpdate(&esp->cipher, pkt->data, &crypt_len,
			       pkt->data, pkt->len)) {
		vpn_progress(vpninfo, PRG_ERR,
			     _("Failed to decrypt ESP packet:\n"));
		openconnect_report_ssl_errors(vpninfo);
		return -EINVAL;
	}

	return 0;
}
Esempio n. 19
0
/**
@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
@brief Finalizes (signed) digest computation and returns digest or signature.
@param soap context
@param[in,out] data smdevp engine context
@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)
@param[out] buf is populated with the digest or signature
@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)
@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
{ unsigned int n = 0;
  int ok = 1;
  if (!data->ctx)
    return soap_set_receiver_error(soap, "soap_smd_final() failed", "No context", SOAP_SSL_ERROR);
  if (buf)
  { /* finalize the digest or signature computation */
    switch (data->alg & SOAP_SMD_ALGO)
    { case SOAP_SMD_HMAC:
        HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);
        break;
      case SOAP_SMD_DGST:
        EVP_DigestFinal_ex((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);
        break;
      case SOAP_SMD_SIGN:
        ok = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);
        break;
      case SOAP_SMD_VRFY:
        if (len)
        { n = (unsigned int)*len;
          ok = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);
        }
        else
          ok = 0;
        break;
    }
    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%x (%p) %d bytes--\n", data->alg, data->ctx, n));
    DBGHEX(TEST, buf, n);
    DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
    /* pass back length of digest or signature produced */
    if (len)
      *len = (int)n;
  }
  /* cleanup */
  if ((data->alg & SOAP_SMD_ALGO) == SOAP_SMD_HMAC)
    HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);
  else
    EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);
  SOAP_FREE(soap, data->ctx);
  data->ctx = NULL;
  /* check and return */
  return soap_smd_check(soap, data, ok, "soap_smd_final() failed");
}
static int build_packet(char *buffer, const char *metric)
{
	HMAC_CTX ctx;
	struct timespec now;
	uint64_t timestamp;
	uint32_t nonce;
	unsigned int hmac_len;
	int metric_len = strlen(metric);

	RAND_pseudo_bytes((void *)&nonce, sizeof(nonce));
	clock_gettime(CLOCK_REALTIME, &now);
	timestamp = (uint64_t)now.tv_sec - 2; /* fake delay */

	HMAC_CTX_init(&ctx);
	HMAC_Init_ex(&ctx, HMAC_KEY, strlen(HMAC_KEY), EVP_sha256(), NULL);

	HMAC_Update(&ctx, (void *)&timestamp, sizeof(timestamp));
	HMAC_Update(&ctx, (void *)&nonce, sizeof(nonce));
	HMAC_Update(&ctx, (void *)metric, metric_len);

	HMAC_Final(&ctx, buffer, &hmac_len);

	HMAC_CTX_cleanup(&ctx);

	memcpy(buffer + SHA_SIZE, &timestamp, sizeof(timestamp));
	memcpy(buffer + SHA_SIZE + 8, &nonce, sizeof(nonce));
	memcpy(buffer + SHA_SIZE + 12, metric, metric_len);

#ifdef DEBUG
	{
		int i;

		fprintf(stderr, "HMAC: ");
		for (i = 0; i < SHA_SIZE; ++i)
			fprintf(stderr, "%02x", (unsigned char)buffer[i]);

		fprintf(stderr, "\nTIMESTAMP: %llu\nNONCE: %08x\nMETRIC: %s\n",
			(long long unsigned int)timestamp, nonce, metric);
	}
#endif

	return SHA_SIZE + 12 + metric_len;
}
Esempio n. 21
0
static void switch_write_mac(void) {
  /* First we can clear the write MAC, kept from rekeying. */
  if (write_macs[write_mac_idx].key) {
    clear_mac(&(write_macs[write_mac_idx]));
#if OPENSSL_VERSION_NUMBER > 0x000907000L
    HMAC_CTX_cleanup(&(write_ctxs[write_mac_idx]));
#else
    HMAC_cleanup(&(write_ctxs[write_mac_idx]));
#endif

    /* Now we can switch the index. */
    if (write_mac_idx == 1) {
      write_mac_idx = 0;
      return;
    }

    write_mac_idx = 1;
  }
}
Esempio n. 22
0
static char* __aws_sign ( char * const str )
{
  HMAC_CTX ctx;
  unsigned char MD[256];
  unsigned len;

  __debug("StrToSign:%s", str );

  HMAC_CTX_init(&ctx);
  HMAC_Init(&ctx, awsKey, strlen(awsKey), EVP_sha1());
  HMAC_Update(&ctx,(unsigned char*)str, strlen(str));
  HMAC_Final(&ctx,(unsigned char*)MD,&len);
  HMAC_CTX_cleanup(&ctx);

  char * b64 = __b64_encode (MD,len);
  __debug("Signature:  %s", b64 );

  return b64;
}
 int openssl_HMACsha256(const void* data, int data_size, const void* key, int key_size, void* digest) 
 {
     HMAC_CTX ctx;
     
     HMAC_CTX_init(&ctx);
     HMAC_Init_ex(&ctx, (unsigned char*) key, key_size, EVP_sha256(), NULL);
     HMAC_Update(&ctx, (unsigned char *) data, data_size);
 
     unsigned int digest_size;
     HMAC_Final(&ctx, (unsigned char *) digest, &digest_size);
     
     HMAC_CTX_cleanup(&ctx);
     
     if (digest_size != 32) {
         return ERROR_OpenSslSha256DigestSize;
     }
     
     return ERROR_SUCCESS;
 }
Esempio n. 24
0
void
dsa_free(struct iked_dsa *dsa)
{
	if (dsa == NULL)
		return;
	if (dsa->dsa_hmac) {
		HMAC_CTX_cleanup((HMAC_CTX *)dsa->dsa_ctx);
		free(dsa->dsa_ctx);
	} else {
		EVP_MD_CTX_destroy((EVP_MD_CTX *)dsa->dsa_ctx);
		if (dsa->dsa_key)
			EVP_PKEY_free(dsa->dsa_key);
		if (dsa->dsa_cert)
			X509_free(dsa->dsa_cert);
	}

	ibuf_release(dsa->dsa_keydata);
	free(dsa);
}
Esempio n. 25
0
/**
@fn int soap_smd_check(struct soap *soap, struct soap_smd_data *data, int err, const char *msg)
@brief Check result of init/update/final smdevp engine operations.
@param soap context
@param[in,out] data smdevp engine context
@param[in] err EVP error value
@param[in] msg error message
@return SOAP_OK or SOAP_SSL_ERROR
*/
static int
soap_smd_check(struct soap *soap, struct soap_smd_data *data, int err, const char *msg)
{ if (err <= 0)
  { unsigned long r;
    while ((r = ERR_get_error()))
    { ERR_error_string_n(r, soap->msgbuf, sizeof(soap->msgbuf));
      DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Error (%d) %s: %s\n", err, msg, soap->msgbuf));
    }
    if (data->ctx)
    { if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)
        HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);
      else
        EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);
      SOAP_FREE(soap, data->ctx);
      data->ctx = NULL;
    }
    return soap_set_receiver_error(soap, msg, soap->msgbuf, SOAP_SSL_ERROR);
  }
  return SOAP_OK;
}
Esempio n. 26
0
static void switch_read_mac(void) {
  /* First we can clear the read MAC, kept from rekeying. */
  if (read_macs[read_mac_idx].key) {
    clear_mac(&(read_macs[read_mac_idx]));
#if OPENSSL_VERSION_NUMBER > 0x000907000L
    HMAC_CTX_cleanup(&(read_ctxs[read_mac_idx]));
#else
    HMAC_cleanup(&(read_ctxs[read_mac_idx]));
#endif
    mac_blockszs[read_mac_idx] = 0; 

    /* Now we can switch the index. */
    if (read_mac_idx == 1) {
      read_mac_idx = 0;
      return;
    }

    read_mac_idx = 1;
  }
}
Esempio n. 27
0
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
		    const unsigned char *d, size_t n, unsigned char *md,
		    unsigned int *md_len)
	{
	HMAC_CTX c;
	static unsigned char m[EVP_MAX_MD_SIZE];

	if (md == NULL) md=m;
	HMAC_CTX_init(&c);
	if (!HMAC_Init(&c,key,key_len,evp_md))
		goto err;
	if (!HMAC_Update(&c,d,n))
		goto err;
	if (!HMAC_Final(&c,md,md_len))
		goto err;
	HMAC_CTX_cleanup(&c);
	return md;
	err:
	return NULL;
	}
Esempio n. 28
0
/*
 * input: msg, len
 * output: hval, plen
 */
int get_hmac(void *msg, unsigned int len, void *hval, unsigned int *plen)
{
	int rc = 0;
	HMAC_CTX ctxObj;
	HMAC_CTX *ctx = &ctxObj;

	(void) HMAC_CTX_init(ctx);

	rc = HMAC_Init_ex(ctx, priv_key, sizeof(priv_key), EVP_sha512(), NULL);
	if (rc == 0) return -1;

	rc = HMAC_Update(ctx, (unsigned char*)msg, len);
	if (rc == 0) return -1;

	rc = HMAC_Final(ctx,  (unsigned char*)hval, plen);
	if (rc == 0) return -1;

	(void) HMAC_CTX_cleanup(ctx);
	return 0;
}
Esempio n. 29
0
int pbkdf2(const char *pass, const char *salt, long iter, const EVP_MD *digest, unsigned char *out)
{
  unsigned char digtmp[32], itmp[4];
  int k, mdlen, saltlen = strlen(salt);
  unsigned long j;
  HMAC_CTX hctx_tpl, hctx;

  mdlen = EVP_MD_size(digest);
  HMAC_CTX_init(&hctx_tpl);
  HMAC_Init_ex(&hctx_tpl, pass, strlen(pass), digest, NULL);
  itmp[0] = itmp[1] = itmp[2] = 0; itmp[3] = 1;
  HMAC_CTX_copy(&hctx, &hctx_tpl); HMAC_Update(&hctx, (const unsigned char*)salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); HMAC_CTX_cleanup(&hctx);
  memcpy(out, digtmp, mdlen);
  for (j = 1; j < iter; j++) {
    HMAC_CTX_copy(&hctx, &hctx_tpl); HMAC_Update(&hctx, digtmp, mdlen); HMAC_Final(&hctx, digtmp, NULL); HMAC_CTX_cleanup(&hctx);
    for (k = 0; k < mdlen; k++) out[k] ^= digtmp[k];
  }
  HMAC_CTX_cleanup(&hctx_tpl);
  return 1;
}
Esempio n. 30
0
char * Crypto_Digest_HMAC (int count, char * algoName,
                           char * data, char * key) {

  count = count;
  HMAC_CTX ctx;
  const EVP_MD *md;
  unsigned char hmac_value [EVP_MAX_MD_SIZE];
  unsigned int hmac_len;

  OpenSSL_add_all_digests ();
  md = EVP_get_digestbyname (algoName);
  if (!md) return "";

  HMAC_CTX_init (&ctx);
  HMAC_Init_ex (&ctx, key, strlen (key), md, NULL);
  HMAC_Update (&ctx, (unsigned char *) data, strlen (data));
  HMAC_Final (&ctx, hmac_value, &hmac_len);
  HMAC_CTX_cleanup (&ctx);

  return Crypto_Digest_MakeHexDigest (hmac_value, hmac_len);;
}