/**
@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
@brief Finalizes (signed) digest computation and returns digest or signature.
@param soap context
@param[in,out] data smdevp engine context
@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)
@param[out] buf is populated with the digest or signature
@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)
@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
{ unsigned int n = 0;
int err = 1;
if (buf)
{ /* finalize the digest or signature computation */
switch (data->alg & (SOAP_SMD_PASSTHRU-1))
{ case SOAP_SMD_DGST_MD5:
case SOAP_SMD_DGST_SHA1:
case SOAP_SMD_DGST_SHA256:
EVP_DigestFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);
break;
case SOAP_SMD_HMAC_SHA1:
HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);
break;
case SOAP_SMD_SIGN_DSA_SHA1:
case SOAP_SMD_SIGN_RSA_SHA1:
case SOAP_SMD_SIGN_RSA_SHA256:
err = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);
break;
case SOAP_SMD_VRFY_DSA_SHA1:
case SOAP_SMD_VRFY_RSA_SHA1:
if (len)
{ n = (unsigned int)*len;
err = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);
}
else
err = 0;
break;
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%d (%p) %d bytes--\n", data->alg, data->ctx, n));
DBGHEX(TEST, buf, n);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
/* return length of digest or signature produced */
if (len)
*len = (int)n;
}
/* cleanup and free the HMAC or EVP_MD context */
if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)
HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);
else
EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);
SOAP_FREE(soap, data->ctx);
data->ctx = NULL;
/* check and return */
return soap_smd_check(soap, data, err, "soap_smd_final() failed");
}
/**
@fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
@brief Finalizes (signed) digest computation and returns digest or signature.
@param soap context
@param[in,out] data smdevp engine context
@param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms)
@param[out] buf is populated with the digest or signature
@param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms)
@param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value)
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len)
{ unsigned int n = 0;
int ok = 1;
if (!data->ctx)
return soap_set_receiver_error(soap, "soap_smd_final() failed", "No context", SOAP_SSL_ERROR);
if (buf)
{ /* finalize the digest or signature computation */
switch (data->alg & SOAP_SMD_ALGO)
{ case SOAP_SMD_HMAC:
HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n);
break;
case SOAP_SMD_DGST:
EVP_DigestFinal_ex((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n);
break;
case SOAP_SMD_SIGN:
ok = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key);
break;
case SOAP_SMD_VRFY:
if (len)
{ n = (unsigned int)*len;
ok = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key);
}
else
ok = 0;
break;
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%x (%p) %d bytes--\n", data->alg, data->ctx, n));
DBGHEX(TEST, buf, n);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
/* pass back length of digest or signature produced */
if (len)
*len = (int)n;
}
/* cleanup */
if ((data->alg & SOAP_SMD_ALGO) == SOAP_SMD_HMAC)
HMAC_CTX_cleanup((HMAC_CTX*)data->ctx);
else
EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx);
SOAP_FREE(soap, data->ctx);
data->ctx = NULL;
/* check and return */
return soap_smd_check(soap, data, ok, "soap_smd_final() failed");
}
int md5_handler(struct soap *soap, void **context, enum md5_action action, char *buf, size_t len)
{ EVP_MD_CTX *ctx;
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned int size;
switch (action)
{ case MD5_INIT:
soap_ssl_init();
if (!*context)
{ *context = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX));
EVP_MD_CTX_init((EVP_MD_CTX*)*context);
}
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Init %p\n", ctx));
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
break;
case MD5_UPDATE:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Update %p (%lu) --\n", ctx, (unsigned long)len));
DBGMSG(TEST, buf, len);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
EVP_DigestUpdate(ctx, (const void*)buf, (unsigned int)len);
break;
case MD5_FINAL:
ctx = (EVP_MD_CTX*)*context;
EVP_DigestFinal_ex(ctx, (unsigned char*)hash, &size);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Final %p --\n", ctx));
DBGHEX(TEST, hash, size);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
soap_memcpy((void*)buf, 16, (const void*)hash, 16);
break;
case MD5_DELETE:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Delete %p --\n", ctx));
if (ctx)
{ EVP_MD_CTX_cleanup(ctx);
SOAP_FREE(soap, ctx);
}
*context = NULL;
}
return SOAP_OK;
}
/**
@fn int soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key)
@brief Start encryption or decryption of current message. If key is non-NULL,
use the symmetric triple DES key. Use soap_mec_start only after soap_mec_begin.
The soap_mec_start should be followed by a soap_mec_stop call.
@param soap context
@param[in] alg algorithm
@param[in] key secret triple DES key or NULL
@return SOAP_OK or error code
*/
int
soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key)
{ struct soap_mec_data *data;
int ok = 1;
data = (struct soap_mec_data*)soap->data[1];
if (!data)
return soap->error = SOAP_USER_ERROR;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC Start alg=%x\n", data->alg));
if (key)
data->key = key;
if (alg != SOAP_MEC_NONE)
data->alg = alg;
if (data->alg & SOAP_MEC_ENC)
{ unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
/* save and override the callbacks */
data->ffiltersend = soap->ffiltersend;
soap->ffiltersend = soap_mec_filtersend;
data->bufidx = 0;
data->i = 0;
data->m = 0;
ivlen = EVP_CIPHER_iv_length(data->type);
if (ivlen)
{ RAND_pseudo_bytes(iv, ivlen);
soap_mec_put_base64(soap, data, (unsigned char*)iv, ivlen);
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "IV = "));
DBGHEX(TEST, iv, ivlen);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
ok = EVP_EncryptInit_ex(data->ctx, NULL, NULL, data->key, iv);
}
else
{ size_t len;
/* algorithm */
if (data->alg & SOAP_MEC_DES_CBC)
data->type = EVP_des_ede3_cbc(); /* triple DES CBC */
else if (data->alg & SOAP_MEC_AES128_CBC)
data->type = EVP_get_cipherbyname("AES128");
else if (data->alg & SOAP_MEC_AES192_CBC)
data->type = EVP_get_cipherbyname("AES192");
else if (data->alg & SOAP_MEC_AES256_CBC)
data->type = EVP_get_cipherbyname("AES256");
else if (data->alg & SOAP_MEC_AES512_CBC)
data->type = EVP_get_cipherbyname("AES512");
else
data->type = EVP_enc_null();
len = 2 * sizeof(soap->buf) + EVP_CIPHER_block_size(data->type);
if (!data->buf || data->buflen < len)
{ if (data->buf)
SOAP_FREE(soap, data->buf);
data->buflen = len;
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
}
data->bufidx = soap->buflen - soap->bufidx;
/* copy buf[bufidx..buflen-1] to data buf */
memcpy(data->buf, soap->buf + soap->bufidx, data->bufidx);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Alloc buf=%lu, copy %lu message bytes\n", (unsigned long)data->buflen, (unsigned long)data->bufidx));
/* trigger ffilterrecv() */
soap->bufidx = soap->buflen;
/* INIT state */
data->i = 0;
data->m = 0;
data->state = SOAP_MEC_STATE_INIT;
}
return soap_mec_check(soap, data, ok, "soap_mec_start() failed");
}