예제 #1
0
int32_t psHmacSha1(const unsigned char *key, uint16_t keyLen,
                   const unsigned char *buf, uint32_t len,
                   unsigned char hash[SHA1_HASHLEN], unsigned char *hmacKey,
                   uint16_t *hmacKeyLen)
{
    psSha1_t	sha;
    /*
    	Support for keys larger than 64 bytes.  In this case, we take the
    	hash of the key itself and use that instead.  Inform the caller by
    	updating the hmacKey and hmacKeyLen outputs
    */
    if (keyLen > 64) {
        psSha1Init(&sha);
        psSha1Update(&sha, key, keyLen);
        psSha1Final(&sha, hash);
        *hmacKeyLen = SHA1_HASHLEN;
        memcpy(hmacKey, hash, *hmacKeyLen);
    } else {
        hmacKey = (unsigned char*)key;
        *hmacKeyLen = keyLen;
    }
    if (HMAC(EVP_sha1(), hmacKey, *hmacKeyLen, buf, len, hash, NULL) != NULL) {
        return PS_SUCCESS;
    }
    return PS_FAIL;
}
예제 #2
0
파일: hmac.c 프로젝트: Deadolus/ecc
int32_t psHmacSha1Init(psHmacSha1_t *ctx,
				const unsigned char *key, uint16_t keyLen)
{
	int32_t		rc, i;
#ifdef CRYPTO_ASSERT
	psAssert(keyLen <= 64);
#endif
	for (i = 0; (uint32)i < keyLen; i++) {
		ctx->pad[i] = key[i] ^ 0x36;
	}
	for (i = keyLen; (uint32)i < 64; i++) {
		ctx->pad[i] = 0x36;
	}
	if ((rc = psSha1Init(&ctx->sha1)) < 0) {
		return rc;
	}
	psSha1Update(&ctx->sha1, ctx->pad, 64);
	for (i = 0; (uint32)i < keyLen; i++) {
		ctx->pad[i] = key[i] ^ 0x5c;
	}
	for (i = keyLen; i < 64; i++) {
		ctx->pad[i] = 0x5c;
	}
	return PS_SUCCESS;
}
예제 #3
0
int32 psHmacSha1(unsigned char *key, uint32 keyLen, const unsigned char *buf,
				uint32 len, unsigned char *hash, unsigned char *hmacKey,
				uint32 *hmacKeyLen)
{
	psHmacContext_t		ctx;
	psDigestContext_t	sha;
/*
	Support for keys larger than 64 bytes.  In this case, we take the
	hash of the key itself and use that instead.  Inform the caller by
	updating the hmacKey and hmacKeyLen outputs
*/
	if (keyLen > 64) {
		psSha1Init(&sha);
		psSha1Update(&sha, key, keyLen);
		*hmacKeyLen = psSha1Final(&sha, hash);
		memcpy(hmacKey, hash, *hmacKeyLen);
	} else {
		hmacKey = key;
		*hmacKeyLen = keyLen;
	}

	psHmacSha1Init(&ctx, hmacKey, *hmacKeyLen);
	psHmacSha1Update(&ctx, buf, len);
	return psHmacSha1Final(&ctx, hash);
}
예제 #4
0
파일: sslv3.c 프로젝트: sdhczw/winnermicro
/*
 *	Generates all key material.
 */
int32 sslDeriveKeys(ssl_t *ssl)
{
	psDigestContext_t	md5Ctx, sha1Ctx;
	unsigned char		buf[MD5_HASH_SIZE + SHA1_HASH_SIZE];
	unsigned char		*tmp;
	uint32				i;

/*
	If this session is resumed, we want to reuse the master secret to 
	regenerate the key block with the new random values.
*/
	if (ssl->flags & SSL_FLAGS_RESUMED) {
		goto skipPremaster;
	}
/*
	master_secret =
		MD5(pre_master_secret + SHA('A' + pre_master_secret +
			ClientHello.random + ServerHello.random)) +
		MD5(pre_master_secret + SHA('BB' + pre_master_secret +
			ClientHello.random + ServerHello.random)) +
		MD5(pre_master_secret + SHA('CCC' + pre_master_secret +
			ClientHello.random + ServerHello.random));
*/
	tmp = ssl->sec.masterSecret;
	for (i = 0; i < 3; i++) {
		psSha1Init(&sha1Ctx);
		psSha1Update(&sha1Ctx, salt[i], i + 1);
		psSha1Update(&sha1Ctx, ssl->sec.premaster, ssl->sec.premasterSize);
		psSha1Update(&sha1Ctx, ssl->sec.clientRandom, SSL_HS_RANDOM_SIZE);
		psSha1Update(&sha1Ctx, ssl->sec.serverRandom, SSL_HS_RANDOM_SIZE);
		psSha1Final(&sha1Ctx, buf);
		
		psMd5Init(&md5Ctx);
		psMd5Update(&md5Ctx, ssl->sec.premaster, ssl->sec.premasterSize);
		psMd5Update(&md5Ctx, buf, SHA1_HASH_SIZE);
		psMd5Final(&md5Ctx, tmp);
		tmp += MD5_HASH_SIZE;
	}
	memset(buf, 0x0, MD5_HASH_SIZE + SHA1_HASH_SIZE);
/*
	premaster is now allocated for DH reasons.  Can free here
*/
	psFree(ssl->sec.premaster);
	ssl->sec.premaster = NULL;
	ssl->sec.premasterSize = 0;

skipPremaster:
	if (createKeyBlock(ssl, ssl->sec.clientRandom, ssl->sec.serverRandom, 
			ssl->sec.masterSecret, SSL_HS_MASTER_SIZE) < 0) {
		psTraceInfo("Unable to create key block\n");
		return PS_FAILURE;
	}
	
	return SSL_HS_MASTER_SIZE;
}
/*
	Initialize the SHA1 and MD5 hash contexts for the handshake messages
*/
int32 sslInitHSHash(ssl_t *ssl)
{
#ifndef USE_ONLY_TLS_1_2
	psSha1Init(&ssl->sec.msgHashSha1);
	psMd5Init(&ssl->sec.msgHashMd5);
#endif
#ifdef USE_TLS_1_2
	psSha256Init(&ssl->sec.msgHashSha256);
#ifdef USE_SHA384
	psSha384Init(&ssl->sec.msgHashSha384);
#endif
#endif
	return 0;
}
예제 #6
0
파일: md5sha1.c 프로젝트: jamella/matrixssl
/**
	Maintain MD5 and SHA1 hashes of the same data.
	@note This could be done more optimally, give the use of this in TLS.
		Some state is shared between the two contexts, and some paralellism
		could be used in calculation.
*/
int32_t psMd5Sha1Init(psMd5Sha1_t *md)
{
	int32_t		rc;
#ifdef CRYPTO_ASSERT
	psAssert(md);
#endif
	if ((rc = psMd5Init(&md->md5)) < 0) {
		return rc;
	}
	if ((rc = psSha1Init(&md->sha1)) < 0) {
		/* We call Final to clear the state, ignoring the output */
		psMd5Final(&md->md5, NULL);
		return rc;
	}
	return PS_SUCCESS;
}
예제 #7
0
파일: sslv3.c 프로젝트: sdhczw/winnermicro
/*
	Combine the running hash of the handshake mesages with some constants
	and mix them up a bit more.  Output the result to the given buffer.
	This data will be part of the Finished handshake message.
*/
int32 sslGenerateFinishedHash(psDigestContext_t *md5, psDigestContext_t *sha1, 
								unsigned char *masterSecret,
								unsigned char *out, int32 sender)
{
	psDigestContext_t	omd5,osha1;
	unsigned char		ihash[SHA1_HASH_SIZE];

/*
	md5Hash = MD5(master_secret + pad2 + 
		MD5(handshake_messages + sender + master_secret + pad1));
*/
	if (sender >= 0) {
		psMd5Update(md5,
			(sender & SSL_FLAGS_SERVER) ? SENDER_SERVER : SENDER_CLIENT, 4);
	}
	psMd5Update(md5, masterSecret, SSL_HS_MASTER_SIZE);
	psMd5Update(md5, pad1, sizeof(pad1));
	psMd5Final(md5, ihash);

	psMd5Init(&omd5);
	psMd5Update(&omd5, masterSecret, SSL_HS_MASTER_SIZE);
	psMd5Update(&omd5, pad2, sizeof(pad2));
	psMd5Update(&omd5, ihash, MD5_HASH_SIZE);
	psMd5Final(&omd5, out);
/*
	The SHA1 hash is generated in the same way, except only 40 bytes
	of pad1 and pad2 are used.
	sha1Hash = SHA1(master_secret + pad2 + 
		SHA1(handshake_messages + sender + master_secret + pad1));
*/
	if (sender >= 0) {
		psSha1Update(sha1, 
			(sender & SSL_FLAGS_SERVER) ? SENDER_SERVER : SENDER_CLIENT, 4);
	}
	psSha1Update(sha1, masterSecret, SSL_HS_MASTER_SIZE);
	psSha1Update(sha1, pad1, 40);
	psSha1Final(sha1, ihash);

	psSha1Init(&osha1);
	psSha1Update(&osha1, masterSecret, SSL_HS_MASTER_SIZE);
	psSha1Update(&osha1, pad2, 40);
	psSha1Update(&osha1, ihash, SHA1_HASH_SIZE);
	psSha1Final(&osha1, out + MD5_HASH_SIZE);

	return MD5_HASH_SIZE + SHA1_HASH_SIZE;
}
예제 #8
0
int32 psHmacSha1Final(psHmacContext_t *ctx, unsigned char *hash)
{
	psAssert(ctx != NULL);
	if (hash == NULL) {
		psTraceCrypto("NULL hash storage passed to psHmacSha1Final\n");
		return PS_ARG_FAIL;
	}
	psSha1Final(&ctx->u.sha1, hash);

	psSha1Init(&ctx->u.sha1);
	psSha1Update(&ctx->u.sha1, ctx->pad, 64);
	psSha1Update(&ctx->u.sha1, hash, SHA1_HASH_SIZE);
	psSha1Final(&ctx->u.sha1, hash);

	memset(ctx->pad, 0x0, 64);
	return SHA1_HASH_SIZE;
}
예제 #9
0
int32  psSha1Test(void)
{
	psDigestContext_t	ctx;
#if defined(USE_MATRIX_SHA1) && !defined(PS_SHA1_IMPROVE_PERF_INCREASE_CODESIZE)
	_psTrace("##########\n#\n# ");
	_psTrace("SHA-1 speeds can be improved by enabling\n# ");
	_psTrace("PS_SHA1_IMPROVE_PERF_INCREASE_CODESIZE in cryptoConfig.h\n");
	_psTrace("#\n#\n#########\n");
#endif


	psSha1Init(&ctx.sha1);
	runDigestTime(&ctx, TINY_CHUNKS, SHA1_ALG);
	runDigestTime(&ctx, SMALL_CHUNKS, SHA1_ALG);
	runDigestTime(&ctx, MEDIUM_CHUNKS, SHA1_ALG);
	runDigestTime(&ctx, LARGE_CHUNKS, SHA1_ALG);
	runDigestTime(&ctx, HUGE_CHUNKS, SHA1_ALG);

	return PS_SUCCESS;
}
예제 #10
0
void psHmacSha1Init(psHmacContext_t *ctx, unsigned char *key, uint32 keyLen)
{
	int32	i;

	psAssert(keyLen <= 64);

	for (i = 0; (uint32)i < keyLen; i++) {
		ctx->pad[i] = key[i] ^ 0x36;
	}
	for (i = keyLen; (uint32)i < 64; i++) {
		ctx->pad[i] = 0x36;
	}
	psSha1Init(&ctx->u.sha1);
	psSha1Update(&ctx->u.sha1, ctx->pad, 64);
	for (i = 0; (uint32)i < keyLen; i++) {
		ctx->pad[i] = key[i] ^ 0x5c;
	}
	for (i = keyLen; i < 64; i++) {
		ctx->pad[i] = 0x5c;
	}
}
/**
  Add entropy to the PRNG state
  @param in       The data to add
  @param inlen    Length of the data to add
  @param prng     PRNG state to update
*/
int32 psYarrowAddEntropy(unsigned char *in, uint32 inlen, psYarrow_t *prng)
{
	psDigestContext_t md;
	int32 err;

	if (in == NULL || prng == NULL) {
		return PS_ARG_FAIL;
	}

#ifdef USE_SHA256
	/* start the hash */
	psSha256Init(&md);

	/* hash the current pool */
	psSha256Update(&md, prng->pool, SHA256_HASH_SIZE);

	/* add the new entropy */
	psSha256Update(&md, in, inlen);

	/* store result */
	if ((err = psSha256Final(&md, prng->pool)) != SHA256_HASH_SIZE) {
		return err;
	}
#else
	/* start the hash */
	psSha1Init(&md);

	/* hash the current pool */
	psSha1Update(&md, prng->pool, SHA1_HASH_SIZE);

	/* add the new entropy */
	psSha1Update(&md, in, inlen);

	/* store result */
	if ((err = psSha1Final(&md, prng->pool)) != SHA1_HASH_SIZE) {
		return err;
	}
#endif
	return PS_SUCCESS;
}
예제 #12
0
파일: hmac.c 프로젝트: Deadolus/ecc
void psHmacSha1Final(psHmacSha1_t *ctx, unsigned char hash[SHA1_HASHLEN])
{
	int32_t		rc;
#ifdef CRYPTO_ASSERT
	psAssert(ctx != NULL);
	if (hash == NULL) {
		psTraceCrypto("NULL hash storage passed to psHmacSha1Final\n");
		return;
	}
#endif
	psSha1Final(&ctx->sha1, hash);

	if ((rc = psSha1Init(&ctx->sha1)) < 0) {
		psAssert(rc >= 0);
		return;
	}
	psSha1Update(&ctx->sha1, ctx->pad, 64);
	psSha1Update(&ctx->sha1, hash, SHA1_HASHLEN);
	psSha1Final(&ctx->sha1, hash);

	memset(ctx->pad, 0x0, sizeof(ctx->pad));
}
예제 #13
0
파일: sslv3.c 프로젝트: sdhczw/winnermicro
/*
	SSLv3 uses a method similar to HMAC to generate the SHA1 message MAC.
	For SHA1, 40 bytes of the pad are used.

	SHA1(MAC_write_secret + pad2 + 
		SHA1(MAC_write_secret + pad1 + seq_num + length + content));
*/
int32 ssl3HMACSha1(ssl_t *ssl, int32 mode, unsigned char *key, unsigned char *seq, 
						unsigned char type, unsigned char *data, uint32 len,
						unsigned char *mac)
{
	psDigestContext_t	sha1;
	unsigned char		ihash[SHA1_HASH_SIZE];
	int32				i;
	psDigestContext_t* psha = &sha1;
#ifdef USE_APP_DATA_PARTIAL_PARSING
	if(ssl->rec.type == SSL_RECORD_TYPE_APPLICATION_DATA && mode == HMAC_VERIFY && ssl->deBlockSize <= 1)
		psha = &ssl->hmac_ctx;
	if(ssl->rec.type != SSL_RECORD_TYPE_APPLICATION_DATA || mode == HMAC_CREATE || ssl->deBlockSize > 1 || (data == NULL && len > 0)){
#endif
	psSha1Init(psha);
	psSha1Update(psha, key, SHA1_HASH_SIZE);
	psSha1Update(psha, pad1, 40);
	psSha1Update(psha, seq, 8);
	ihash[0] = type;
	ihash[1] = (len & 0xFF00) >> 8;
	ihash[2] = len & 0xFF;
	psSha1Update(psha, ihash, 3);
#ifdef USE_APP_DATA_PARTIAL_PARSING
	}
예제 #14
0
파일: hmac.c 프로젝트: Deadolus/ecc
int32_t psHmacSha1(const unsigned char *key, uint16_t keyLen,
				const unsigned char *buf, uint32_t len,
				unsigned char hash[SHA1_HASHLEN],
				unsigned char *hmacKey, uint16_t *hmacKeyLen)
{
	int32_t				rc;
	union {
		psHmacSha1_t	mac;
		psSha1_t		md;
	} u;
	psHmacSha1_t		*mac = &u.mac;
	psSha1_t			*md = &u.md;
/*
	Support for keys larger than 64 bytes.  In this case, we take the
	hash of the key itself and use that instead.  Inform the caller by
	updating the hmacKey and hmacKeyLen outputs
*/
	if (keyLen > 64) {
		if ((rc = psSha1Init(md)) < 0) {
			return rc;
		}
		psSha1Update(md, key, keyLen);
		psSha1Final(md, hash);
		*hmacKeyLen = SHA1_HASHLEN;
		memcpy(hmacKey, hash, *hmacKeyLen);
	} else {
		hmacKey = (unsigned char *)key; /* @note typecasting from const */
		*hmacKeyLen = keyLen;
	}

	if ((rc = psHmacSha1Init(mac, hmacKey, *hmacKeyLen)) < 0) {
		return rc;
	}
	psHmacSha1Update(mac, buf, len);
	psHmacSha1Final(mac, hash);
	return PS_SUCCESS;
}
예제 #15
0
파일: sslv3.c 프로젝트: sdhczw/winnermicro
/*
	Generate the key block as follows.  '+' indicates concatination.  
	key_block =
		MD5(master_secret + SHA(`A' + master_secret +
			ServerHello.random + ClientHello.random)) +
		MD5(master_secret + SHA(`BB' + master_secret +
			ServerHello.random + ClientHello.random)) +
		MD5(master_secret + SHA(`CCC' + master_secret +
			ServerHello.random + ClientHello.random)) + 
		[...];
*/
static int32 createKeyBlock(ssl_t *ssl, unsigned char *clientRandom,
						  unsigned char *serverRandom,
						  unsigned char *masterSecret, uint32 secretLen)
{
	psDigestContext_t	md5Ctx, sha1Ctx;
	unsigned char		buf[MD5_HASH_SIZE + SHA1_HASH_SIZE];
	unsigned char		*tmp;
	int32				ret = 0;
	uint32				i, keyIter, reqKeyLen;

/*
	We must generate enough key material to fill the various keys
*/
	reqKeyLen = 2 * ssl->cipher->macSize + 
				2 * ssl->cipher->keySize + 
				2 * ssl->cipher->ivSize;
/*
	Find the right number of iterations to make the requested length key block
*/
	keyIter = 1;
	while (MD5_HASH_SIZE * keyIter < reqKeyLen) {
		keyIter++;
	}
	if (keyIter > sizeof(salt)/sizeof(char*)) {
		psTraceIntInfo("Error: Not enough salt for key length %d\n", reqKeyLen);
		return PS_FAILURE;
	}

	tmp = ssl->sec.keyBlock;
	for (i = 0; i < keyIter; i++) {
		psSha1Init(&sha1Ctx);
		psSha1Update(&sha1Ctx, salt[i], i + 1);
		psSha1Update(&sha1Ctx, masterSecret, secretLen);
		psSha1Update(&sha1Ctx, serverRandom, SSL_HS_RANDOM_SIZE);
		psSha1Update(&sha1Ctx, clientRandom, SSL_HS_RANDOM_SIZE);
		psSha1Final(&sha1Ctx, buf);
		
		psMd5Init(&md5Ctx);
		psMd5Update(&md5Ctx, masterSecret, secretLen);
		psMd5Update(&md5Ctx, buf, SHA1_HASH_SIZE);
		psMd5Final(&md5Ctx, tmp);
		tmp += MD5_HASH_SIZE;
		ret += MD5_HASH_SIZE;
	}
	memset(buf, 0x0, MD5_HASH_SIZE + SHA1_HASH_SIZE);
/*
	Client and server use different read/write values, with the Client 
	write value being the server read value.
*/
	if (ssl->flags & SSL_FLAGS_SERVER) {
		ssl->sec.rMACptr = ssl->sec.keyBlock;
		ssl->sec.wMACptr = ssl->sec.rMACptr + ssl->cipher->macSize;
		ssl->sec.rKeyptr = ssl->sec.wMACptr + ssl->cipher->macSize;
		ssl->sec.wKeyptr = ssl->sec.rKeyptr + ssl->cipher->keySize;
		ssl->sec.rIVptr = ssl->sec.wKeyptr + ssl->cipher->keySize;
		ssl->sec.wIVptr = ssl->sec.rIVptr + ssl->cipher->ivSize;
	} else {
		ssl->sec.wMACptr = ssl->sec.keyBlock;
		ssl->sec.rMACptr = ssl->sec.wMACptr + ssl->cipher->macSize;
		ssl->sec.wKeyptr = ssl->sec.rMACptr + ssl->cipher->macSize;
		ssl->sec.rKeyptr = ssl->sec.wKeyptr + ssl->cipher->keySize;
		ssl->sec.wIVptr = ssl->sec.rKeyptr + ssl->cipher->keySize;
		ssl->sec.rIVptr = ssl->sec.wIVptr + ssl->cipher->ivSize;
	}

	return ret;
}
예제 #16
0
/*
    Parse DER encoded asn.1 RSA public key out of a certificate stream.
    We reach here with 'pp' pointing to the byte after the algorithm identifier.
 */
int32_t psRsaParseAsnPubKey(psPool_t *pool,
    const unsigned char **pp, psSize_t len,
    psRsaKey_t *key, unsigned char sha1KeyHash[SHA1_HASH_SIZE])
{
# ifdef USE_SHA1
    psDigestContext_t dc;
# endif
    const unsigned char *p = *pp;
    RSA *rsa;
    psSize_t keylen;
# ifndef USE_D2I
    psSize_t seqlen;
# endif

    if (len < 1 || (*(p++) != ASN_BIT_STRING) ||
        getAsnLength(&p, len - 1, &keylen))
    {
        goto L_FAIL;
    }
    /* ignored bits field should be zero */
    if (*p++ != 0)
    {
        goto L_FAIL;
    }
    keylen--;
# ifdef USE_SHA1
    /* A public key hash is used in PKI tools (OCSP, Trusted CA indication).
        Standard RSA form - SHA-1 hash of the value of the BIT STRING
        subjectPublicKey [excluding the tag, length, and number of unused
        bits] */
    psSha1Init(&dc.sha1);
    psSha1Update(&dc.sha1, p, keylen);
    psSha1Final(&dc.sha1, sha1KeyHash);
# endif

# ifdef USE_D2I
    /* OpenSSL expects to parse after the ignored bits field */
    if ((rsa = d2i_RSAPublicKey(NULL, &p, keylen)) == NULL)
    {
        goto L_FAIL;
    }
# else
    /* We can manually create the structures as OpenSSL would */
    rsa = RSA_new();
    if (getAsnSequence(&p, keylen, &seqlen) < 0 ||
        getBig(&p, seqlen, &rsa->n) < 0 ||
        getBig(&p, seqlen, &rsa->e) < 0)
    {

        RSA_free(rsa);
        goto L_FAIL;
    }
# endif
    /* RSA_print_fp(stdout, rsa, 0); */
    *pp = p;
    *key = rsa;
    return PS_SUCCESS;
L_FAIL:
    psTraceIntCrypto("psRsaParseAsnPubKey error on byte %d\n", p - *pp);
    return PS_PARSE_FAIL;
}