uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, const uint8_t *data, size_t data_len, uint8_t *out, unsigned int *out_len) { HMAC_CTX ctx; HMAC_CTX_init(&ctx); if (!HMAC_Init_ex(&ctx, key, key_len, evp_md, NULL) || !HMAC_Update(&ctx, data, data_len) || !HMAC_Final(&ctx, out, out_len)) { out = NULL; } HMAC_CTX_cleanup(&ctx); return out; }
static int hmac_fdigest(lua_State *L) { HANDLER_HMAC c; size_t written = 0; const char *t = luaL_checkstring(L, 1); size_t s_len; const char *s = luaL_checklstring(L, 2, &s_len); size_t k_len; const char *k = luaL_checklstring(L, 3, &k_len); DIGEST_TYPE type = DIGEST_BY_NAME(t); #if CRYPTO_OPENSSL unsigned char digest[EVP_MAX_MD_SIZE]; #elif CRYPTO_GCRYPT unsigned char *digest; #endif if (IS_DIGEST_INVALID(type)) { luaL_argerror(L, 1, "invalid digest type"); return 0; } #if CRYPTO_OPENSSL HMAC_CTX_init(&c); HMAC_Init_ex(&c, k, k_len, type, NULL); HMAC_Update(&c, (unsigned char *)s, s_len); HMAC_Final(&c, digest, &written); #elif CRYPTO_GCRYPT gcry_md_open(&c, type, GCRY_MD_FLAG_HMAC); gcry_md_setkey(c, k, k_len); gcry_md_write(c, s, s_len); gcry_md_final(c); digest = gcry_md_read(c,type); written = gcry_md_get_algo_dlen(type); #endif if (lua_toboolean(L, 4)) lua_pushlstring(L, (char *)digest, written); else { char *hex = bin2hex(digest,written); lua_pushlstring(L, hex, written*2); free(hex); } #if CRYPTO_GCRYPT gcry_md_close(c); #endif return 1; }
int PKI_HMAC_update(PKI_HMAC *hmac, unsigned char *data, size_t data_size) { #if OPENSSL_VERSION_NUMBER > 0x0090900fL int rv = 0; #endif if (!hmac || !hmac->initialized) { return PKI_ERROR(PKI_ERR_GENERAL, "PKI_HMAC is not initialized"); } #if OPENSSL_VERSION_NUMBER > 0x0090900fL rv = HMAC_Update(&hmac->ctx, (const unsigned char *) data, (unsigned int) data_size); if (rv == 0) { return PKI_ERROR(PKI_ERR_GENERAL, "Error while updating the HMAC value"); } #else HMAC_Update(&hmac->ctx, (const unsigned char *) data, (unsigned int) data_size); #endif return PKI_OK; }
int dsa_update(struct iked_dsa *dsa, const void *buf, size_t len) { int ret = 1; if (dsa->dsa_hmac) ret = HMAC_Update(dsa->dsa_ctx, buf, len); else if (dsa->dsa_sign) ret = EVP_SignUpdate(dsa->dsa_ctx, buf, len); else ret = EVP_VerifyUpdate(dsa->dsa_ctx, buf, len); return (ret ? 0 : -1); }
int P_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret, int sslen, unsigned char *seed, int slen) { unsigned char hmac[20]; uint32_t hlen; HMAC_CTX hm; const EVP_MD *md = EVP_get_digestbyname(digest); uint32_t tmpslen; unsigned char tmpseed[slen]; unsigned char *out = dest; int pending = dlen; // Copy initial seed memcpy(tmpseed, seed, slen); tmpslen = slen; // Calculate enough data to fill destination while (pending > 0) { HMAC_Init(&hm, secret, sslen, md); HMAC_Update(&hm, tmpseed, tmpslen); HMAC_Final(&hm, tmpseed, &tmpslen); HMAC_Init(&hm, secret, sslen, md); HMAC_Update(&hm, tmpseed, tmpslen); HMAC_Update(&hm, seed, slen); HMAC_Final(&hm, hmac, &hlen); hlen = (hlen > pending) ? pending : hlen; memcpy(out, hmac, hlen); out += hlen; pending -= hlen; } HMAC_cleanup(&hm); return hlen; }
static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { unsigned int outlen; int rc = SQLITE_OK; HMAC_CTX* hctx = NULL; if(in == NULL) goto error; hctx = HMAC_CTX_new(); if(hctx == NULL) goto error; switch(algorithm) { case SQLCIPHER_HMAC_SHA1: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error; break; case SQLCIPHER_HMAC_SHA256: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error; break; case SQLCIPHER_HMAC_SHA512: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error; break; default: goto error; } if(!HMAC_Update(hctx, in, in_sz)) goto error; if(in2 != NULL) { if(!HMAC_Update(hctx, in2, in2_sz)) goto error; } if(!HMAC_Final(hctx, out, &outlen)) goto error; goto cleanup; error: rc = SQLITE_ERROR; cleanup: if(hctx) HMAC_CTX_free(hctx); return rc; }
u_char * mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) { static union { u_char m[EVP_MAX_MD_SIZE]; u_int64_t for_align; } u; u_char b[4], nonce[8]; if (mac->mac_len > sizeof(u)) fatal("mac_compute: mac too long %u %lu", mac->mac_len, (u_long)sizeof(u)); switch (mac->type) { case SSH_EVP: put_u32(b, seqno); /* reset HMAC context */ HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); HMAC_Update(&mac->evp_ctx, b, sizeof(b)); HMAC_Update(&mac->evp_ctx, data, datalen); HMAC_Final(&mac->evp_ctx, u.m, NULL); break; case SSH_UMAC: put_u64(nonce, seqno); umac_update(mac->umac_ctx, data, datalen); umac_final(mac->umac_ctx, u.m, nonce); break; case SSH_UMAC128: put_u64(nonce, seqno); umac128_update(mac->umac_ctx, data, datalen); umac128_final(mac->umac_ctx, u.m, nonce); break; default: fatal("mac_compute: unknown MAC type"); } return (u.m); }
/* a counter-based KDF based on NIST SP800-108 */ static void eap_pwd_kdf(uint8_t *key, int keylen, char const *label, int labellen, uint8_t *result, int resultbitlen) { HMAC_CTX hctx; uint8_t digest[SHA256_DIGEST_LENGTH]; uint16_t i, ctr, L; int resultbytelen, len = 0; unsigned int mdlen = SHA256_DIGEST_LENGTH; uint8_t mask = 0xff; resultbytelen = (resultbitlen + 7)/8; ctr = 0; L = htons(resultbitlen); while (len < resultbytelen) { ctr++; i = htons(ctr); HMAC_Init(&hctx, key, keylen, EVP_sha256()); if (ctr > 1) { HMAC_Update(&hctx, digest, mdlen); } HMAC_Update(&hctx, (uint8_t *) &i, sizeof(uint16_t)); HMAC_Update(&hctx, (uint8_t const *)label, labellen); HMAC_Update(&hctx, (uint8_t *) &L, sizeof(uint16_t)); HMAC_Final(&hctx, digest, &mdlen); if ((len + (int) mdlen) > resultbytelen) { memcpy(result + len, digest, resultbytelen - len); } else { memcpy(result + len, digest, mdlen); } len += mdlen; HMAC_CTX_cleanup(&hctx); } /* since we're expanding to a bit length, mask off the excess */ if (resultbitlen % 8) { mask <<= (8 - (resultbitlen % 8)); result[resultbytelen - 1] &= mask; } }
static uint64_t _checksum_64(encfs_common_custom_salt *cur_salt, unsigned char *key, const unsigned char *data, int dataLen, uint64_t *chainedIV) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdLen = EVP_MAX_MD_SIZE; int i; unsigned char h[8] = {0,0,0,0,0,0,0,0}; uint64_t value; HMAC_CTX mac_ctx; HMAC_CTX_init(&mac_ctx); HMAC_Init_ex( &mac_ctx, key, cur_salt->keySize, EVP_sha1(), 0 ); HMAC_Init_ex( &mac_ctx, 0, 0, 0, 0 ); HMAC_Update( &mac_ctx, data, dataLen ); if(chainedIV) { // toss in the chained IV as well uint64_t tmp = *chainedIV; unsigned char h[8]; for(i=0; i<8; ++i) { h[i] = tmp & 0xff; tmp >>= 8; } HMAC_Update( &mac_ctx, h, 8 ); } HMAC_Final( &mac_ctx, md, &mdLen ); HMAC_CTX_cleanup(&mac_ctx); // chop this down to a 64bit value.. for(i=0; i < (mdLen - 1); ++i) h[i%8] ^= (unsigned char)(md[i]); value = (uint64_t)h[0]; for(i=1; i<8; ++i) value = (value << 8) | (uint64_t)h[i]; return value; }
void hmac_sha1( uint8_t* key, int32_t key_length, const uint8_t* data_chunks[], uint32_t data_chunck_length[], uint8_t* mac, int32_t* mac_length ) { HMAC_CTX ctx; HMAC_CTX_init( &ctx ); HMAC_Init_ex( &ctx, key, key_length, EVP_sha1(), NULL ); while ( *data_chunks ) { HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); data_chunks ++; data_chunck_length ++; } HMAC_Final( &ctx, mac, reinterpret_cast<uint32_t*>(mac_length) ); HMAC_CTX_cleanup( &ctx ); }
int rfc6287_ocra(const ocra_suite * ocra, const char *suite_string, const uint8_t *key, size_t key_l, uint64_t C, const char *Q, const uint8_t *P, size_t P_l, const uint8_t *S, size_t S_l, uint64_t T, char **resp) { int ret; uint8_t qbuf[128]; uint8_t CBE[8]; uint8_t TBE[8]; uint8_t *md = NULL; unsigned int md_l = 20; int suite_l = strlen(suite_string) + 1; int flags = ocra->flags; HMAC_CTX *ctx; if ((0 != (ret = check_di_params(ocra, key_l, Q, P_l, S_l, T))) || (0 != (ret = format_questions(ocra, qbuf, Q)))) return ret; if (flags & FL_C) st64be(CBE, C); if (flags & FL_T) st64be(TBE, T); if (0 != (ret = hmac_new(&ctx))) return ret; if (NULL == (md = (uint8_t *)malloc(mdlen(ocra->hotp_alg)))) return RFC6287_ERR_POSIX; if ((1 != HMAC_Init_ex(ctx, key, key_l, evp_md(ocra->hotp_alg), NULL)) || (1 != HMAC_Update(ctx, (const uint8_t *)suite_string, suite_l)) || ((flags & FL_C) && (1 != HMAC_Update(ctx, CBE, 8))) || (1 != HMAC_Update(ctx, qbuf, 128)) || ((flags & FL_P) && (1 != HMAC_Update(ctx, P, P_l))) || ((flags & FL_S) && (1 != HMAC_Update(ctx, S, S_l))) || ((flags & FL_T) && (1 != HMAC_Update(ctx, TBE, 8))) || (NULL == (md = (uint8_t *)malloc(mdlen(ocra->hotp_alg)))) || (1 != HMAC_Final(ctx, md, &md_l)) || (md_l != mdlen(ocra->hotp_alg))) { hmac_destroy(ctx); free(md); return RFC6287_ERR_OPENSSL; } hmac_destroy(ctx); if (ocra->hotp_trunc) { ret = truncate_md(md, md_l, ocra->hotp_trunc, resp); free(md); } else { *resp = (char *)md; ret = 0; } return ret; }
JNIEXPORT int JNICALL Java_com_facebook_crypto_mac_NativeMac_nativeUpdate__B( JNIEnv* env, jobject obj, jbyte data) { HMAC_CTX* ctx = Get_HMAC_CTX(env, obj); if (!ctx) { return CRYPTO_FAILURE; } if (!HMAC_Update(ctx, (unsigned char*)&data, sizeof(jbyte))) { return CRYPTO_FAILURE; } return CRYPTO_SUCCESS; }
unsigned char *HMAC2(//fixed to SHA256: EVP_MD *evp_md, unsigned char *key, int key_len, unsigned char *d, int n, unsigned char *md) //always 64, unsigned int *md_len) { HMAC_CTX c; //static unsigned char m[EVP_MAX_MD_SIZE]; static unsigned char m[2*SHA256_DIGEST_LENGTH]; if (md == NULL) md=m; //first round HMAC_Init(&c, key, key_len); HMAC_Update(&c,d,n); HMAC_Final(&c,md); //second round HMAC_Init(&c, NULL, key_len); //only performs memcpy HMAC_Update(&c,d,n); HMAC_Final(&c,md+SHA256_DIGEST_LENGTH); HMAC_cleanup(&c); return(md); }
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) { HMAC_CTX c; static unsigned char m[EVP_MAX_MD_SIZE]; if (md == NULL) md=m; HMAC_CTX_init(&c); HMAC_Init(&c,key,key_len,evp_md); HMAC_Update(&c,d,n); HMAC_Final(&c,md,md_len); HMAC_CTX_cleanup(&c); return(md); }
void * HMAC(const EVP_MD *md, const void *key, size_t key_size, const void *data, size_t data_size, void *hash, unsigned int *hash_len) { HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, key_size, md, NULL); HMAC_Update(&ctx, data, data_size); HMAC_Final(&ctx, hash, hash_len); HMAC_CTX_cleanup(&ctx); return hash; }
int hmac_update(mac_ctx_t *mctx, uchar_t *data, uint64_t len) { int cksum = mctx->mac_cksum; if (cksum == CKSUM_SKEIN256 || cksum == CKSUM_SKEIN512) { Skein_512_Update(mctx->mac_ctx, data, len); } else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) { if (cksum_provider == PROVIDER_OPENSSL) { if (HMAC_Update(mctx->mac_ctx, data, len) == 0) return (-1); } else { opt_HMAC_SHA256_Update(mctx->mac_ctx, data, len); } } else if (cksum == CKSUM_SHA512) { if (HMAC_Update(mctx->mac_ctx, data, len) == 0) return (-1); } else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) { // Keccak takes data length in bits so we have to scale while (len > KECCAK_MAX_SEG) { uint64_t blen; blen = KECCAK_MAX_SEG; if (Keccak_Update(mctx->mac_ctx, data, blen << 3) != 0) return (-1); len -= KECCAK_MAX_SEG; } if (Keccak_Update(mctx->mac_ctx, data, len << 3) != 0) return (-1); } else { return (-1); } return (0); }
int encrypt_esp_packet(struct openconnect_info *vpninfo, struct pkt *pkt) { int i, padlen; const int blksize = 16; unsigned int hmac_len = 20; int crypt_len; HMAC_CTX hmac_ctx; /* This gets much more fun if the IV is variable-length */ pkt->esp.spi = vpninfo->esp_out.spi; pkt->esp.seq = htonl(vpninfo->esp_out.seq++); if (!RAND_bytes((void *)&pkt->esp.iv, sizeof(pkt->esp.iv))) { vpn_progress(vpninfo, PRG_ERR, _("Failed to generate random IV for ESP packet:\n")); openconnect_report_ssl_errors(vpninfo); return -EIO; } padlen = blksize - 1 - ((pkt->len + 1) % blksize); for (i=0; i<padlen; i++) pkt->data[pkt->len + i] = i + 1; pkt->data[pkt->len + padlen] = padlen; pkt->data[pkt->len + padlen + 1] = 0x04; /* Legacy IP */ if (!EVP_EncryptInit_ex(&vpninfo->esp_out.cipher, NULL, NULL, NULL, pkt->esp.iv)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set up encryption context for ESP packet:\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } crypt_len = pkt->len + padlen + 2; if (!EVP_EncryptUpdate(&vpninfo->esp_out.cipher, pkt->data, &crypt_len, pkt->data, crypt_len)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to encrypt ESP packet:\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } HMAC_CTX_copy(&hmac_ctx, &vpninfo->esp_out.hmac); HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + crypt_len); HMAC_Final(&hmac_ctx, pkt->data + crypt_len, &hmac_len); HMAC_CTX_cleanup(&hmac_ctx); return sizeof(pkt->esp) + crypt_len + 12; }
/* Generate a MAC */ int PKCS12_gen_mac (PKCS12 * p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; HMAC_CTX hmac; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; int md_size; if (!PKCS7_type_is_data (p12->authsafes)) { PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); return 0; } salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (!p12->mac->iter) iter = 1; else iter = ASN1_INTEGER_get (p12->mac->iter); if (!(md_type = EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) { PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } md_size = EVP_MD_size (md_type); if (md_size < 0) return 0; if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, md_size, key, md_type)) { PKCS12err (PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); return 0; } HMAC_CTX_init (&hmac); if (!HMAC_Init_ex (&hmac, key, md_size, md_type, NULL) || !HMAC_Update (&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length) || !HMAC_Final (&hmac, mac, maclen)) { HMAC_CTX_cleanup (&hmac); return 0; } HMAC_CTX_cleanup (&hmac); return 1; }
int __openssl_HMACsha256(HMAC_CTX* ctx, const void* data, int data_size, void* digest, unsigned int* digest_size) { int ret = ERROR_SUCCESS; if (HMAC_Update(ctx, (unsigned char *) data, data_size) < 0) { ret = ERROR_OpenSslSha256Update; return ret; } if (HMAC_Final(ctx, (unsigned char *) digest, digest_size) < 0) { ret = ERROR_OpenSslSha256Final; return ret; } return ret; }
void aes_sha_combo(void* ctx, void* plaintext, void* ciphertext, int size, void* tag) { uint8_t iv[16]; AES_KEY* key = ctx; HMAC_CTX hctx; unsigned int rlen = 20; HMAC_CTX_init(&hctx); HMAC_Init_ex(&hctx, iv, 16, EVP_sha1(), NULL); HMAC_Update(&hctx, plaintext, size); HMAC_Final(&hctx, tag, &rlen); HMAC_CTX_cleanup(&hctx); AES_cbc_encrypt(plaintext, ciphertext, size, key, iv, 1); }
int getHMACSHA256(char *msg, unsigned char* md_value, int len, unsigned char key[], int keylen) { HMAC_CTX mdctx; int md_len; const EVP_MD *md; OpenSSL_add_all_digests(); md = EVP_get_digestbyname("sha256"); HMAC_CTX_init(&mdctx); HMAC_Init_ex(&mdctx,key,keylen,md,NULL); HMAC_Update(&mdctx, msg, len); HMAC_Final(&mdctx, md_value, &md_len); HMAC_CTX_cleanup(&mdctx); return md_len; }
int32_t mz_crypt_hmac_update(void *handle, const void *buf, int32_t size) { mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle; int32_t result = 0; if (hmac == NULL || buf == NULL) return MZ_PARAM_ERROR; result = HMAC_Update(hmac->ctx, buf, size); if (!result) { hmac->error = ERR_get_error(); return MZ_HASH_ERROR; } return MZ_OK; }
int compute_keys(UNUSED REQUEST *request, pwd_session_t *session, uint8_t *peer_confirm, uint8_t *msk, uint8_t *emsk) { HMAC_CTX *hmac_ctx; uint8_t mk[SHA256_DIGEST_LENGTH], *cruft; uint8_t session_id[SHA256_DIGEST_LENGTH + 1]; uint8_t msk_emsk[128]; /* 64 each */ int offset; MEM(cruft = talloc_array(session, uint8_t, BN_num_bytes(session->prime))); MEM(hmac_ctx = HMAC_CTX_new()); /* * first compute the session-id = TypeCode | H(ciphersuite | scal_p | * scal_s) */ session_id[0] = FR_EAP_METHOD_PWD; HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL); HMAC_Update(hmac_ctx, (uint8_t *)&session->ciphersuite, sizeof(session->ciphersuite)); offset = BN_num_bytes(session->order) - BN_num_bytes(session->peer_scalar); memset(cruft, 0, BN_num_bytes(session->prime)); BN_bn2bin(session->peer_scalar, cruft + offset); HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order)); offset = BN_num_bytes(session->order) - BN_num_bytes(session->my_scalar); memset(cruft, 0, BN_num_bytes(session->prime)); BN_bn2bin(session->my_scalar, cruft + offset); HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->order)); pwd_hmac_final(hmac_ctx, (uint8_t *)&session_id[1]); /* then compute MK = H(k | commit-peer | commit-server) */ HMAC_Init_ex(hmac_ctx, allzero, SHA256_DIGEST_LENGTH, EVP_sha256(), NULL); memset(cruft, 0, BN_num_bytes(session->prime)); offset = BN_num_bytes(session->prime) - BN_num_bytes(session->k); BN_bn2bin(session->k, cruft + offset); HMAC_Update(hmac_ctx, cruft, BN_num_bytes(session->prime)); HMAC_Update(hmac_ctx, peer_confirm, SHA256_DIGEST_LENGTH); HMAC_Update(hmac_ctx, session->my_confirm, SHA256_DIGEST_LENGTH); pwd_hmac_final(hmac_ctx, mk); /* stretch the mk with the session-id to get MSK | EMSK */ eap_pwd_kdf(mk, SHA256_DIGEST_LENGTH, (char const *)session_id, SHA256_DIGEST_LENGTH + 1, msk_emsk, 1024); /* it's bits, ((64 + 64) * 8) */ memcpy(msk, msk_emsk, 64); memcpy(emsk, msk_emsk + 64, 64); HMAC_CTX_free(hmac_ctx); talloc_free(cruft); return 0; }
static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) { FILE *f = NULL; int rv = -1; unsigned char rbuf[READ_BUFFER_LENGTH]; size_t len; unsigned int hlen; HMAC_CTX c; HMAC_CTX_init(&c); f = fopen(path, "r"); if (f == NULL) { goto end; } HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256()); while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) { HMAC_Update(&c, rbuf, len); } len = sizeof(rbuf); /* reuse rbuf for hmac */ HMAC_Final(&c, rbuf, &hlen); *buf = malloc(hlen); if (*buf == NULL) { goto end; } *hmaclen = hlen; memcpy(*buf, rbuf, hlen); rv = 0; end: HMAC_CTX_cleanup(&c); if (f) fclose(f); return rv; }
void hmac_sha256(uint8_t* key, uint32_t key_length, uint8_t* data_chunks[], uint32_t data_chunck_length[], uint8_t* mac, uint32_t* mac_length ) { unsigned int tmp; HMAC_CTX ctx; HMAC_CTX_init( &ctx ); HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL ); while( *data_chunks ){ HMAC_Update( &ctx, *data_chunks, *data_chunck_length ); data_chunks ++; data_chunck_length ++; } HMAC_Final( &ctx, mac, &tmp); *mac_length = tmp; HMAC_CTX_cleanup( &ctx ); }
//------------------------------------------------------------------------------ // helper function to hash with HMAC algorithm: static std::vector<unsigned char> hmac_sha512(const std::vector<unsigned char>& data, const std::vector<unsigned char>& key) { unsigned int len = EVP_MAX_MD_SIZE; std::vector<unsigned char> digest(len); HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key.data(), key.size(), EVP_sha512(), NULL); HMAC_Update(&ctx, data.data(), data.size()); HMAC_Final(&ctx, digest.data(), &len); HMAC_CTX_cleanup(&ctx); return digest; }
/*---------------------------------------------------------------------- * Name : HmacSha256Hash * Purpose : * Input : none * Output : none *---------------------------------------------------------------------*/ int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key) { HMAC_CTX hctx; HMAC_CTX_init(&hctx); HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL); /* * FIXME: why we need this? NULL means to use whatever there is? * if removed, result is different */ HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL); HMAC_Update(&hctx, data, len); HMAC_Final(&hctx, hash, NULL); HMAC_CTX_cleanup(&hctx); return 0; }
static void dohmac(void) { HMAC_CTX ctx; unsigned char hmac_value[EVP_MAX_MD_SIZE]; unsigned int hmac_len, i; char key[16] = "etaonrishdlcupfm"; unsigned char buf[256]; /* Generate digest of input stream */ HMAC_Init(&ctx, key, sizeof(key), EVP_sha1()); memcpy(buf, "abcdefghijklmnopqrstuvwxyz", 26); HMAC_Update(&ctx, buf, 26); HMAC_Final(&ctx, hmac_value, &hmac_len); HMAC_cleanup(&ctx); for(i = 0; i < hmac_len; i++) fprintf(stderr, "%02x", hmac_value[i]); fprintf(stderr, "\n"); return; }
static int openssl_hmac(lua_State *L) { if (lua_istable(L, 1)) { if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1)) { lua_pop(L, 1); lua_remove(L, 1); } else luaL_error(L, "call function with invalid state"); } { const EVP_MD *type = get_digest(L, 1); size_t len; const char *dat = luaL_checklstring(L, 2, &len); size_t l; const char *k = luaL_checklstring(L, 3, &l); int raw = (lua_isnoneornil(L, 4)) ? 0 : lua_toboolean(L, 4); ENGINE* e = lua_isnoneornil(L, 5) ? NULL : CHECK_OBJECT(5, ENGINE, "openssl.engine"); unsigned char digest[EVP_MAX_MD_SIZE]; HMAC_CTX *c = HMAC_CTX_new(); HMAC_Init_ex(c, k, (int)l, type, e); HMAC_Update(c, (unsigned char *)dat, len); len = EVP_MAX_MD_SIZE; HMAC_Final(c, digest, (unsigned int*)&len); HMAC_CTX_free(c); if (raw) lua_pushlstring(L, (char *)digest, len); else { char hex[2 * EVP_MAX_MD_SIZE + 1]; to_hex((const char*)digest, len, hex); lua_pushstring(L, hex); } } return 1; }
/* pkt->len shall be the *payload* length. Omitting the header and the 12-byte HMAC */ int decrypt_esp_packet(struct openconnect_info *vpninfo, struct esp *esp, struct pkt *pkt) { unsigned char hmac_buf[20]; unsigned int hmac_len = sizeof(hmac_buf); int crypt_len = pkt->len; HMAC_CTX hmac_ctx; HMAC_CTX_copy(&hmac_ctx, &esp->hmac); HMAC_Update(&hmac_ctx, (void *)&pkt->esp, sizeof(pkt->esp) + pkt->len); HMAC_Final(&hmac_ctx, hmac_buf, &hmac_len); HMAC_CTX_cleanup(&hmac_ctx); if (memcmp(hmac_buf, pkt->data + pkt->len, 12)) { vpn_progress(vpninfo, PRG_DEBUG, _("Received ESP packet with invalid HMAC\n")); return -EINVAL; } /* Why in $DEITY's name would you ever *not* set this? Perhaps we * should do th check anyway, but only warn instead of discarding * the packet? */ if (vpninfo->esp_replay_protect && verify_packet_seqno(vpninfo, esp, ntohl(pkt->esp.seq))) return -EINVAL; if (!EVP_DecryptInit_ex(&esp->cipher, NULL, NULL, NULL, pkt->esp.iv)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set up decryption context for ESP packet:\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } if (!EVP_DecryptUpdate(&esp->cipher, pkt->data, &crypt_len, pkt->data, pkt->len)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to decrypt ESP packet:\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } return 0; }