/** * @brief Calculate the EP_UID from the IMS (correct version) * * This is the EP_UID calculation, correctly implemented - usable * on post-ES3 chips * * @param ims_value A pointer to the 35-byte IMS value * @param ep_uid A pointer to the octet EP_UID output value */ void calculate_epuid(uint8_t * ims_value, mcl_octet * ep_uid) { /* same code used in ES3 boot ROM to generate the EUID */ int i; static uint8_t ep_uid_calc[SHA256_HASH_DIGEST_SIZE]; static uint8_t y1[SHA256_HASH_DIGEST_SIZE]; static uint8_t z0[SHA256_HASH_DIGEST_SIZE]; uint32_t temp; uint32_t *pims = (uint32_t *)ims_value; hash_start(); /* grab IMS 4 bytes at a time and feed that to hash_update */ for (i = 0; i < 4; i++) { temp = pims[i] ^ 0x3d3d3d3d; hash_update((uint8_t *)&temp, sizeof(temp)); } hash_final(y1); hash_start(); hash_update(y1, SHA256_HASH_DIGEST_SIZE); temp = 0x01010101; for (i = 0; i < 8; i++) {; hash_update((uint8_t *)&temp, sizeof(temp)); } hash_final(z0); hash_it(z0, SHA256_HASH_DIGEST_SIZE, ep_uid_calc); memcpy(ep_uid->val, ep_uid_calc, EP_UID_SIZE); ep_uid->len = EP_UID_SIZE; }
/* Returns the hash of the 'n' 32-bit words at 'p', starting from 'basis'. * 'p' must be properly aligned. */ uint32_t hash_words(const uint32_t *p, size_t n, uint32_t basis) { uint32_t a, b, c; a = b = c = 0xdeadbeef + (((uint32_t) n) << 2) + basis; while (n > 3) { a += p[0]; b += p[1]; c += p[2]; hash_mix(&a, &b, &c); n -= 3; p += 3; } switch (n) { case 3: c += p[2]; /* fall through */ case 2: b += p[1]; /* fall through */ case 1: a += p[0]; hash_final(&a, &b, &c); /* fall through */ case 0: break; } return c; }
/* Returns the hash of the 'n' bytes at 'p', starting from 'basis'. */ uint32_t hash_bytes(const void *p_, size_t n, uint32_t basis) { const uint8_t *p = p_; uint32_t a, b, c; a = b = c = 0xdeadbeef + n + basis; while (n >= 12) { a += get_unaligned_u32((uint32_t *) p); b += get_unaligned_u32((uint32_t *) (p + 4)); c += get_unaligned_u32((uint32_t *) (p + 8)); hash_mix(&a, &b, &c); n -= 12; p += 12; } if (n) { uint32_t tmp[3]; tmp[0] = tmp[1] = tmp[2] = 0; memcpy(tmp, p, n); a += tmp[0]; b += tmp[1]; c += tmp[2]; hash_final(&a, &b, &c); } return c; }
int ikev2_msg_integr(struct iked *env, struct iked_sa *sa, struct ibuf *src) { int ret = -1; size_t integrlen, tmplen; struct ibuf *integr, *prf, *tmp = NULL; u_int8_t *ptr; log_debug("%s: message length %d", __func__, ibuf_size(src)); print_hex(ibuf_data(src), 0, ibuf_size(src)); if (sa == NULL || sa->sa_integr == NULL) { log_debug("%s: invalid SA", __func__); return (-1); } if (sa->sa_hdr.sh_initiator) { integr = sa->sa_key_iauth; prf = sa->sa_key_iprf; } else { integr = sa->sa_key_rauth; prf = sa->sa_key_rprf; } integrlen = hash_length(sa->sa_integr); log_debug("%s: integrity checksum length %d", __func__, integrlen); /* * Validate packet checksum */ if ((tmp = ibuf_new(NULL, hash_keylength(sa->sa_integr))) == NULL) goto done; hash_setkey(sa->sa_integr, ibuf_data(integr), ibuf_size(integr)); hash_init(sa->sa_integr); hash_update(sa->sa_integr, ibuf_data(src), ibuf_size(src) - integrlen); hash_final(sa->sa_integr, ibuf_data(tmp), &tmplen); if (tmplen != integrlen) { log_debug("%s: hash failure", __func__); goto done; } if ((ptr = ibuf_seek(src, ibuf_size(src) - integrlen, integrlen)) == NULL) goto done; memcpy(ptr, ibuf_data(tmp), tmplen); print_hex(ibuf_data(tmp), 0, ibuf_size(tmp)); ret = 0; done: ibuf_release(tmp); return (ret); }
static SRP_Result calculate_M(SRP_HashAlgorithm alg, NGConstant *ng, unsigned char *dest, const char *I, const unsigned char *s_bytes, size_t s_len, const mpz_t A, const mpz_t B, const unsigned char *K) { unsigned char H_N[SHA512_DIGEST_LENGTH]; unsigned char H_g[SHA512_DIGEST_LENGTH]; unsigned char H_I[SHA512_DIGEST_LENGTH]; unsigned char H_xor[SHA512_DIGEST_LENGTH]; HashCTX ctx; size_t i = 0; size_t hash_len = hash_length(alg); if (!hash_num(alg, ng->N, H_N)) return SRP_ERR; if (!hash_num(alg, ng->g, H_g)) return SRP_ERR; hash(alg, (const unsigned char *)I, strlen(I), H_I); for (i = 0; i < hash_len; i++) H_xor[i] = H_N[i] ^ H_g[i]; hash_init(alg, &ctx); hash_update(alg, &ctx, H_xor, hash_len); hash_update(alg, &ctx, H_I, hash_len); hash_update(alg, &ctx, s_bytes, s_len); if (!update_hash_n(alg, &ctx, A)) return SRP_ERR; if (!update_hash_n(alg, &ctx, B)) return SRP_ERR; hash_update(alg, &ctx, K, hash_len); hash_final(alg, &ctx, dest); return SRP_OK; }
static void calculate_M( SRP_HashAlgorithm alg, NGConstant *ng, unsigned char * dest, const char * I, const BIGNUM * s, const BIGNUM * A, const BIGNUM * B, const unsigned char * K ) { unsigned char H_N[ SHA256_DIGEST_LENGTH ]; unsigned char H_g[ SHA256_DIGEST_LENGTH ]; unsigned char H_I[ SHA256_DIGEST_LENGTH ]; unsigned char H_xor[ SHA256_DIGEST_LENGTH ]; HashCTX ctx; int i = 0; int hash_len = hash_length(alg); hash_num( alg, ng->N, H_N ); hash_num( alg, ng->g, H_g ); hash(alg, (const unsigned char *)I, strlen(I), H_I); for (i=0; i < hash_len; i++ ) H_xor[i] = H_N[i] ^ H_g[i]; hash_init( alg, &ctx ); hash_update( alg, &ctx, H_xor, hash_len ); hash_update( alg, &ctx, H_I, hash_len ); update_hash_n( alg, &ctx, s ); update_hash_n( alg, &ctx, A ); update_hash_n( alg, &ctx, B ); hash_update( alg, &ctx, K, hash_len ); hash_final( alg, &ctx, dest ); }
//---------------------------------------------------------------------- void h_init(const void* key, size_t key_len) { memset(g_k_opad, 0, sizeof(g_k_opad)); // Key scheduling if (key_len > sizeof(g_k_opad)) { printf("Hashing the key\n"); // Hash the key hash_init(); hash_update(key, key_len); hash_final(g_k_opad); } else { // Copy the key memcpy(g_k_opad, key, key_len); } // Start the inner hash thread hash_init(); // Inner padding (ipad) for (size_t n = 0; n < sizeof(g_k_opad); ++n) { g_k_opad[n] ^= 0x36; } hash_update(g_k_opad, sizeof(g_k_opad)); }
static void hash_bytes(const byte t, const byte * const b, const size_t l, hash hash) { hash_ctx ctx; hash_init(&ctx, t); hash_update(&ctx, b, l); hash_final(&ctx, hash); }
struct ibuf * ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response) { struct ibuf *authmsg = NULL, *nonce, *prfkey, *buf; uint8_t *ptr; struct iked_id *id; size_t tmplen; /* * Create the payload to be signed/MAC'ed for AUTH */ if (!response) { if ((nonce = sa->sa_rnonce) == NULL || (sa->sa_iid.id_type == 0) || (prfkey = sa->sa_key_iprf) == NULL || (buf = sa->sa_1stmsg) == NULL) return (NULL); id = &sa->sa_iid; } else { if ((nonce = sa->sa_inonce) == NULL || (sa->sa_rid.id_type == 0) || (prfkey = sa->sa_key_rprf) == NULL || (buf = sa->sa_2ndmsg) == NULL) return (NULL); id = &sa->sa_rid; } if ((authmsg = ibuf_dup(buf)) == NULL) return (NULL); if (ibuf_cat(authmsg, nonce) != 0) goto fail; if ((hash_setkey(sa->sa_prf, ibuf_data(prfkey), ibuf_size(prfkey))) == NULL) goto fail; if ((ptr = ibuf_advance(authmsg, hash_length(sa->sa_prf))) == NULL) goto fail; hash_init(sa->sa_prf); hash_update(sa->sa_prf, ibuf_data(id->id_buf), ibuf_size(id->id_buf)); hash_final(sa->sa_prf, ptr, &tmplen); if (tmplen != hash_length(sa->sa_prf)) goto fail; log_debug("%s: %s auth data length %zu", __func__, response ? "responder" : "initiator", ibuf_size(authmsg)); print_hex(ibuf_data(authmsg), 0, ibuf_size(authmsg)); return (authmsg); fail: ibuf_release(authmsg); return (NULL); }
bool verify(const epoch_context& context, const hash256& header_hash, const hash256& mix_hash, uint64_t nonce, const hash256& boundary) noexcept { const hash512 seed = hash_seed(header_hash, nonce); if (!is_less_or_equal(hash_final(seed, mix_hash), boundary)) return false; const hash256 expected_mix_hash = hash_kernel(context, seed, calculate_dataset_item); return std::memcmp(expected_mix_hash.bytes, mix_hash.bytes, sizeof(mix_hash)) == 0; }
static __inline u32_t makehash(u32_t p1, u64_t p2) { u32_t offlo = ex64lo(p2), offhi = ex64hi(p2), v = 0x12345678; hash_mix(p1, offlo, offhi); hash_final(offlo, offhi, v); return v % HASHSIZE; }
/* Returns the hash of 'a', 'b', and 'c'. */ uint32_t hash_3words(uint32_t a, uint32_t b, uint32_t c) { a += 0xdeadbeef; b += 0xdeadbeef; c += 0xdeadbeef; hash_final(&a, &b, &c); return c; }
//---------------------------------------------------------------------- void h_final(unsigned char hmac[HASH_DIGEST_SIZE]) { // Finish inner hash hash_final(hmac); // Outer hash hash_init(); // Outer padding (opad) from inner padding for (size_t n = 0; n < sizeof(g_k_opad); ++n) { g_k_opad[n] ^= (0x36 ^ 0x5C); } hash_update(g_k_opad, sizeof(g_k_opad)); // Finish HMAC hash_update(hmac, HASH_DIGEST_SIZE); hash_final(hmac); // Cleanup memset(g_k_opad, 0, sizeof(g_k_opad)); }
static void calculate_H_AMK( SRP_HashAlgorithm alg, unsigned char *dest, const BIGNUM * A, const unsigned char * M, const unsigned char * K ) { HashCTX ctx; hash_init( alg, &ctx ); update_hash_n( alg, &ctx, A ); hash_update( alg, &ctx, M, hash_length(alg) ); hash_update( alg, &ctx, K, hash_length(alg) ); hash_final( alg, &ctx, dest ); }
void HashData( char *_data, char *_result ) { hash_context c; hash_initial(&c); hash_process(&c, (unsigned char *) _data, strlen(_data)); uint32 hash[5]; hash_final(&c, hash); sprintf(_result, "hsh%04x%04x%04x%04x%04x", hash[0], hash[1], hash[2], hash[3], hash[4]); }
int MD5_testRun(void) { int i; MD5_Context context; MD5_init(&context); hash_begin(&context.h); hash_update(&context.h, "abc", 3); ASSERT(memcmp(hash_final(&context.h), "\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72", 16) == 0); hash_begin(&context.h); hash_update(&context.h, "aaa", 3); ASSERT(memcmp(hash_final(&context.h), "\x47\xBC\xE5\xC7\x4F\x58\x9F\x48\x67\xDB\xD5\x7E\x9C\xA9\xF8\x08", 16) == 0); hash_begin(&context.h); hash_update(&context.h, "abcdefghijklmnopqrstuvwxyz", 26); ASSERT(memcmp(hash_final(&context.h), "\xC3\xFC\xD3\xD7\x61\x92\xE4\x00\x7D\xFB\x49\x6C\xCA\x67\xE1\x3B", 16) == 0); hash_begin(&context.h); hash_update(&context.h, "0123456789", 10); ASSERT(memcmp(hash_final(&context.h), "\x78\x1E\x5E\x24\x5D\x69\xB5\x66\x97\x9B\x86\xE2\x8D\x23\xF2\xC7", 16) == 0); hash_begin(&context.h); for (i = 0; i < 1000; i++) hash_update(&context.h, "a", 1); ASSERT(memcmp(hash_final(&context.h), "\xCA\xBE\x45\xDC\xC9\xAE\x5B\x66\xBA\x86\x60\x0C\xCA\x6B\x8B\xA8", 16) == 0); hash_begin(&context.h); for (i = 0; i < 1000000; i++) hash_update(&context.h, "a", 1); ASSERT(memcmp(hash_final(&context.h), "\x77\x07\xd6\xae\x4e\x02\x7c\x70\xee\xa2\xa9\x35\xc2\x29\x6f\x21", 16) == 0); return 0; }
cryptonite_decaf_error_t cryptonite_decaf_ed448_verify ( const uint8_t signature[CRYPTONITE_DECAF_EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES], const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len ) { API_NS(point_t) pk_point, r_point; cryptonite_decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey); if (CRYPTONITE_DECAF_SUCCESS != error) { return error; } error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(r_point,signature); if (CRYPTONITE_DECAF_SUCCESS != error) { return error; } API_NS(scalar_t) challenge_scalar; { /* Compute the challenge */ hash_ctx_t hash; hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,signature,CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES); hash_update(hash,pubkey,CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES); hash_update(hash,message,message_len); uint8_t challenge[2*CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES]; hash_final(hash,challenge,sizeof(challenge)); hash_destroy(hash); API_NS(scalar_decode_long)(challenge_scalar,challenge,sizeof(challenge)); cryptonite_decaf_bzero(challenge,sizeof(challenge)); } API_NS(scalar_sub)(challenge_scalar, API_NS(scalar_zero), challenge_scalar); API_NS(scalar_t) response_scalar; API_NS(scalar_decode_long)( response_scalar, &signature[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES], CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES ); #if EDDSA_BASE_POINT_RATIO == 2 API_NS(scalar_add)(response_scalar,response_scalar,response_scalar); #endif /* pk_point = -c(x(P)) + (cx + k)G = kG */ API_NS(base_double_scalarmul_non_secret)( pk_point, response_scalar, pk_point, challenge_scalar ); return cryptonite_decaf_succeed_if(API_NS(point_eq(pk_point,r_point))); }
static SRP_Result calculate_H_AMK(SRP_HashAlgorithm alg, unsigned char *dest, const mpz_t A, const unsigned char *M, const unsigned char *K) { HashCTX ctx; hash_init(alg, &ctx); if (!update_hash_n(alg, &ctx, A)) return SRP_ERR; hash_update(alg, &ctx, M, hash_length(alg)); hash_update(alg, &ctx, K, hash_length(alg)); hash_final(alg, &ctx, dest); return SRP_OK; }
static void calculate_y2(uint8_t *ims, uint8_t *y2) { /* Y2 = sha256(IMS[0:31] xor copy(0x5a, 32)) */ uint32_t i; uint32_t temp; uint32_t *pims = (uint32_t *)ims; hash_start(); /* grab IMS 4bytes at a time and feed that to hash_update */ for (i = 0; i < 8; i++) { temp = pims[i] ^ 0x5a5a5a5a; hash_update((unsigned char *)&temp, sizeof(temp)); } hash_final(y2); }
static BIGNUM * calculate_x( SRP_HashAlgorithm alg, const BIGNUM * salt, const char * username, const unsigned char * password, int password_len ) { unsigned char ucp_hash[SHA512_DIGEST_LENGTH]; HashCTX ctx; hash_init( alg, &ctx ); hash_update( alg, &ctx, username, strlen(username) ); hash_update( alg, &ctx, ":", 1 ); hash_update( alg, &ctx, password, password_len ); hash_final( alg, &ctx, ucp_hash ); return H_ns( alg, salt, ucp_hash, hash_length(alg) ); }
void HashData( char *_data, int _hashToken, char *_result ) { hash_context c; hash_initial(&c); char fullString[512]; sprintf( fullString, "%s-%d", _data, _hashToken ); hash_process(&c, (unsigned char *) fullString, strlen(fullString)); uint32 hash[5]; hash_final(&c, hash); sprintf(_result, "hsh%04x%04x%04x%04x%04x", hash[0], hash[1], hash[2], hash[3], hash[4]); }
static int calculate_x(mpz_t result, SRP_HashAlgorithm alg, const unsigned char *salt, size_t salt_len, const char *username, const unsigned char *password, size_t password_len) { unsigned char ucp_hash[SHA512_DIGEST_LENGTH]; HashCTX ctx; hash_init(alg, &ctx); srp_dbg_data((char*) username, strlen(username), "Username for x: "); srp_dbg_data((char*) password, password_len, "Password for x: "); hash_update(alg, &ctx, username, strlen(username)); hash_update(alg, &ctx, ":", 1); hash_update(alg, &ctx, password, password_len); hash_final(alg, &ctx, ucp_hash); return H_ns(result, alg, salt, salt_len, ucp_hash, hash_length(alg)); }
unsigned char GenerateSyncValue() { START_PROFILE( "GenerateSyncValue" ); // // Generate a number between 0 and 255 that represents every unit in game // So if a single one is different, we will know immediately unsigned char result = 0; // // Objects hash_context c; hash_initial(&c); #ifdef TRACK_SYNC_RAND for( int i = 0; i < g_app->GetWorld()->m_objects.Size(); ++i ) { if( g_app->GetWorld()->m_objects.ValidIndex(i) ) { WorldObject *obj = g_app->GetWorld()->m_objects[i]; Hash( c, obj->m_longitude ); Hash( c, obj->m_latitude ); Hash( c, obj->m_vel.x ); Hash( c, obj->m_vel.y ); Hash( c, obj->m_currentState ); } } #endif // // Random value Hash( c, syncfrand(255) ); uint32 hashResult[5]; hash_final(&c, hashResult); result = hashResult[0] & 0xFF; END_PROFILE( "GenerateSyncValue" ); return result; }
result hash(const epoch_context_full& context, const hash256& header_hash, uint64_t nonce) noexcept { static const auto lazy_lookup = [](const epoch_context& context, uint32_t index) noexcept { auto full_dataset = static_cast<const epoch_context_full&>(context).full_dataset; hash1024& item = full_dataset[index]; if (item.words[0] == 0) { // TODO: Copy elision here makes it thread-safe? item = calculate_dataset_item(context, index); } return item; }; const hash512 seed = hash_seed(header_hash, nonce); const hash256 mix_hash = hash_kernel(context, seed, lazy_lookup); return {hash_final(seed, mix_hash), mix_hash}; }
void cryptonite_decaf_ed448_sign_prehash ( uint8_t signature[CRYPTONITE_DECAF_EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES], const uint8_t pubkey[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES], const cryptonite_decaf_ed448_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len ) { uint8_t hash_output[64]; /* MAGIC but true for all existing schemes */ { cryptonite_decaf_ed448_prehash_ctx_t hash_too; memcpy(hash_too,hash,sizeof(hash_too)); hash_final(hash_too,hash_output,sizeof(hash_output)); hash_destroy(hash_too); } cryptonite_decaf_ed448_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len); cryptonite_decaf_bzero(hash_output,sizeof(hash_output)); }
cryptonite_decaf_error_t cryptonite_decaf_ed448_verify_prehash ( const uint8_t signature[CRYPTONITE_DECAF_EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES], const cryptonite_decaf_ed448_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len ) { cryptonite_decaf_error_t ret; uint8_t hash_output[64]; /* MAGIC but true for all existing schemes */ { cryptonite_decaf_ed448_prehash_ctx_t hash_too; memcpy(hash_too,hash,sizeof(hash_too)); hash_final(hash_too,hash_output,sizeof(hash_output)); hash_destroy(hash_too); } ret = cryptonite_decaf_ed448_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len); return ret; }
void cryptonite_decaf_ed448_sign ( uint8_t signature[CRYPTONITE_DECAF_EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES], const uint8_t pubkey[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES], const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len ) { API_NS(scalar_t) secret_scalar; hash_ctx_t hash; { /* Schedule the secret key */ struct { uint8_t secret_scalar_ser[CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES]; uint8_t seed[CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES]; } __attribute__((packed)) expanded; hash_hash( (uint8_t *)&expanded, sizeof(expanded), privkey, CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES ); clamp(expanded.secret_scalar_ser); API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser)); /* Hash to create the nonce */ hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,expanded.seed,sizeof(expanded.seed)); hash_update(hash,message,message_len); cryptonite_decaf_bzero(&expanded, sizeof(expanded)); } /* Decode the nonce */ API_NS(scalar_t) nonce_scalar; { uint8_t nonce[2*CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES]; hash_final(hash,nonce,sizeof(nonce)); API_NS(scalar_decode_long)(nonce_scalar, nonce, sizeof(nonce)); cryptonite_decaf_bzero(nonce, sizeof(nonce)); } uint8_t nonce_point[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES] = {0}; { /* Scalarmul to create the nonce-point */ API_NS(scalar_t) nonce_scalar_2; API_NS(scalar_halve)(nonce_scalar_2,nonce_scalar); for (unsigned int c = 2*EDDSA_BASE_POINT_RATIO; c < COFACTOR; c <<= 1) { API_NS(scalar_halve)(nonce_scalar_2,nonce_scalar_2); } API_NS(point_t) p; API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),nonce_scalar_2); API_NS(point_mul_by_cofactor_and_encode_like_eddsa)(nonce_point, p); API_NS(point_destroy)(p); API_NS(scalar_destroy)(nonce_scalar_2); } API_NS(scalar_t) challenge_scalar; { /* Compute the challenge */ hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,nonce_point,sizeof(nonce_point)); hash_update(hash,pubkey,CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES); hash_update(hash,message,message_len); uint8_t challenge[2*CRYPTONITE_DECAF_EDDSA_448_PRIVATE_BYTES]; hash_final(hash,challenge,sizeof(challenge)); hash_destroy(hash); API_NS(scalar_decode_long)(challenge_scalar,challenge,sizeof(challenge)); cryptonite_decaf_bzero(challenge,sizeof(challenge)); } API_NS(scalar_mul)(challenge_scalar,challenge_scalar,secret_scalar); API_NS(scalar_add)(challenge_scalar,challenge_scalar,nonce_scalar); cryptonite_decaf_bzero(signature,CRYPTONITE_DECAF_EDDSA_448_SIGNATURE_BYTES); memcpy(signature,nonce_point,sizeof(nonce_point)); API_NS(scalar_encode)(&signature[CRYPTONITE_DECAF_EDDSA_448_PUBLIC_BYTES],challenge_scalar); API_NS(scalar_destroy)(secret_scalar); API_NS(scalar_destroy)(nonce_scalar); API_NS(scalar_destroy)(challenge_scalar); }
CK_RV C_Digest(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* data to be digested */ CK_ULONG ulDataLen, /* bytes of data to be digested */ CK_BYTE_PTR pDigest, /* receives the message digest */ CK_ULONG_PTR pulDigestLen) /* receives byte length of digest */ { CK_RV ret; P11_SESSION *pSession = NULL; P11_DIGEST_DATA *pDigestData = NULL; if (p11_get_init() != BEIDP11_INITIALIZED) { log_trace(WHERE, "I: leave, CKR_CRYPTOKI_NOT_INITIALIZED"); return (CKR_CRYPTOKI_NOT_INITIALIZED); } p11_lock(); log_trace(WHERE, "I: enter, hSession = %i",hSession); ret = p11_get_session(hSession, &pSession); if (ret) { log_trace(WHERE, "E: Invalid session handle (%d)", hSession); goto cleanup; } //is there an active search operation for this session if ((pSession->Operation[P11_OPERATION_DIGEST].active) == 0) { log_trace(WHERE, "E: Session %d: no digest operation initialized", hSession); ret = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } /* get digest operation */ if((pDigestData = pSession->Operation[P11_OPERATION_DIGEST].pData) == NULL) { log_trace(WHERE, "E: no digest operation initialized"); ret = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } if(pDigestData->update) { log_trace(WHERE, "E: C_Digest() cannot be used to finalize C_DigestUpdate()"); ret = CKR_FUNCTION_FAILED; goto cleanup; } if (pDigest == NULL) { *pulDigestLen = pDigestData->l_hash; /* return ok without terminating digest params */ ret = CKR_OK; goto cleanup; } if (*pulDigestLen < pDigestData->l_hash) { *pulDigestLen = pDigestData->l_hash; ret = CKR_BUFFER_TOO_SMALL; goto cleanup; } ret = hash_update(pDigestData->phash, (char*)pData, ulDataLen); if(ret == 0) ret = hash_final(pDigestData->phash, pDigest, pulDigestLen); if(ret) { log_trace(WHERE, "E: hash failed()"); ret = CKR_FUNCTION_FAILED; //don't goto cleanup here } /* terminate digest operation */ free(pDigestData); pSession->Operation[P11_OPERATION_DIGEST].pData = NULL; pSession->Operation[P11_OPERATION_DIGEST].active = 0; cleanup: p11_unlock(); log_trace(WHERE, "I: leave, ret = 0x%08x",ret); return ret; }
CK_RV C_SignFinal(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pSignature, /* receives the signature */ CK_ULONG_PTR pulSignatureLen) /* receives byte count of signature */ { CK_RV ret; P11_SESSION *pSession = NULL; P11_SIGN_DATA *pSignData = NULL; unsigned char *pDigest = NULL; unsigned long ulDigestLen = 0; if (p11_get_init() != BEIDP11_INITIALIZED) { log_trace(WHERE, "I: leave, CKR_CRYPTOKI_NOT_INITIALIZED"); return (CKR_CRYPTOKI_NOT_INITIALIZED); } p11_lock(); log_trace(WHERE, "I: enter"); ret = p11_get_session(hSession, &pSession); if (ret) { log_trace(WHERE, "E: Invalid session handle (%d)", hSession); goto cleanup; } //is there an active search operation for this session if (pSession->Operation[P11_OPERATION_SIGN].active == 0) { log_trace(WHERE, "E: Session %d: no sign operation initialized", hSession); ret = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } /* get sign operation */ if((pSignData = pSession->Operation[P11_OPERATION_SIGN].pData) == NULL) { log_trace( WHERE, "E: no sign operation initialized"); ret = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } if(pSignature == NULL) { *pulSignatureLen = pSignData->l_sign; ret = CKR_OK; goto cleanup; } if(*pulSignatureLen < pSignData->l_sign) { *pulSignatureLen = pSignData->l_sign; ret = CKR_BUFFER_TOO_SMALL; goto cleanup; } if (pSignData->phash) { /* get hash */ pDigest = (unsigned char*) malloc(pSignData->l_hash); if (pDigest == NULL) { ret = CKR_HOST_MEMORY; goto cleanup; } ret = hash_final(pSignData->phash, pDigest, &ulDigestLen); if(ret) { log_trace(WHERE, "E: hash_final failed()"); ret = CKR_FUNCTION_FAILED; goto cleanup; } } else { /* no hash: get buffer to sign directly */ pDigest = (unsigned char*) malloc(pSignData->lbuf); if (pDigest == NULL) { ret = CKR_HOST_MEMORY; goto cleanup; } memcpy(pDigest, pSignData->pbuf, pSignData->lbuf); ulDigestLen = pSignData->lbuf; } ret = cal_sign(pSession->hslot, pSignData, pDigest, ulDigestLen, pSignature, pulSignatureLen); if (ret != CKR_OK) log_trace(WHERE, "E: cal_sign() returned %s", log_map_error(ret)); //terminate sign operation free(pSignData); pSession->Operation[P11_OPERATION_SIGN].pData = NULL; pSession->Operation[P11_OPERATION_SIGN].active = 0; cleanup: if (pDigest) free(pDigest); p11_unlock(); log_trace(WHERE, "I: leave, ret = 0x%08x",ret); return ret; }
CK_RV C_Sign(CK_SESSION_HANDLE hSession, /* the session's handle */ CK_BYTE_PTR pData, /* the data to be signed */ CK_ULONG ulDataLen, /* count of bytes to be signed */ CK_BYTE_PTR pSignature, /* receives the signature */ CK_ULONG_PTR pulSignatureLen) /* receives byte count of signature */ { CK_RV ret = CKR_OK; P11_SESSION* pSession = NULL; P11_SIGN_DATA* pSignData = NULL; unsigned char* pDigest = NULL; unsigned long ulDigestLen = 0; // unsigned int ulSignatureLen = *pulSignatureLen; if (p11_get_init() != BEIDP11_INITIALIZED) { log_trace(WHERE, "I: leave, CKR_CRYPTOKI_NOT_INITIALIZED"); return (CKR_CRYPTOKI_NOT_INITIALIZED); } p11_lock(); log_trace(WHERE, "I: enter"); ret = p11_get_session(hSession, &pSession); if (ret) { log_trace(WHERE, "E: Invalid session handle (%d)", hSession); goto cleanup; } //is there an active search operation for this session if (pSession->Operation[P11_OPERATION_SIGN].active == 0) { log_trace(WHERE, "E: Session %d: no sign operation initialized", hSession); ret = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } /* get sign operation */ if((pSignData = pSession->Operation[P11_OPERATION_SIGN].pData) == NULL) { log_trace( WHERE, "E: no sign operation initialized"); ret = CKR_OPERATION_NOT_INITIALIZED; goto cleanup; } if(pSignData->update) { log_trace(WHERE, "E: C_Sign() cannot be used to finalize a C_SignUpdate() function"); ret = CKR_FUNCTION_FAILED; goto cleanup; } if (pSignature == NULL) { /* just return the signature size */ *pulSignatureLen = pSignData->l_sign; ret = CKR_OK; goto cleanup; } if (pSignData->l_sign > *pulSignatureLen) { *pulSignatureLen = pSignData->l_sign; ret = CKR_BUFFER_TOO_SMALL; goto cleanup; } /* do we have to hash first? */ if (pSignData->phash) { /* reserve space for data to sign */ pDigest = (unsigned char*) malloc(pSignData->l_hash); if (pDigest == NULL) { ret = CKR_HOST_MEMORY; goto cleanup; } ret = hash_update(pSignData->phash, (char*)pData, ulDataLen); if(ret == 0) ret = hash_final(pSignData->phash, pDigest, &ulDigestLen); if(ret) { log_trace(WHERE, "E: hash failed()"); ret = CKR_FUNCTION_FAILED; goto terminate; } } else { /* reserve space for data to sign */ pDigest = (unsigned char*) malloc(ulDataLen); if (pDigest == NULL) { ret = CKR_HOST_MEMORY; goto cleanup; } memcpy(pDigest, pData, ulDataLen); ulDigestLen = ulDataLen; } /* do the signing (and add pkcs headers first if needed) */ ret = cal_sign(pSession->hslot, pSignData, pDigest, ulDigestLen, pSignature, pulSignatureLen); if (ret != CKR_OK) log_trace(WHERE, "E: cal_sign() returned %s", log_map_error(ret)); terminate: //terminate sign operation free(pSignData); pSession->Operation[P11_OPERATION_SIGN].pData = NULL; pSession->Operation[P11_OPERATION_SIGN].active = 0; cleanup: if (pDigest) free(pDigest); p11_unlock(); log_trace(WHERE, "I: leave, ret = 0x%08x",ret); return ret; }