DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
{
DIGEST_CTX ctx = xcalloc(1, sizeof(*ctx));
ctx->md_ctx = EVP_MD_CTX_new();
if (!ctx->md_ctx) {
free(ctx);
return NULL;
}
const EVP_MD *md = getEVPMD(hashalgo);
if (md == EVP_md_null()) {
free(ctx->md_ctx);
free(ctx);
return NULL;
}
ctx->algo = hashalgo;
ctx->flags = flags;
if (!EVP_DigestInit_ex(ctx->md_ctx, md, NULL)) {
free(ctx->md_ctx);
free(ctx);
return NULL;
}
return ctx;
}
const EVP_MD *
tsig_get_EVP_MD(u8 algorithm)
{
switch(algorithm)
{
#ifndef OPENSSL_NO_MD5
case HMAC_MD5:
return EVP_md5();
#endif
#ifndef OPENSSL_NO_SHA
case HMAC_SHA1:
return EVP_sha1();
#endif
#ifndef OPENSSL_NO_SHA256
case HMAC_SHA224:
return EVP_sha224();
case HMAC_SHA256:
return EVP_sha256();
#endif
#ifndef OPENSSL_NO_SHA512
case HMAC_SHA384:
return EVP_sha384();
case HMAC_SHA512:
return EVP_sha512();
#endif
default:
return EVP_md_null();
}
}
static const EVP_MD *getEVPMD(int hashalgo)
{
switch (hashalgo) {
case PGPHASHALGO_MD5:
return EVP_md5();
case PGPHASHALGO_SHA1:
return EVP_sha1();
case PGPHASHALGO_SHA256:
return EVP_sha256();
case PGPHASHALGO_SHA384:
return EVP_sha384();
case PGPHASHALGO_SHA512:
return EVP_sha512();
case PGPHASHALGO_SHA224:
return EVP_sha224();
default:
return EVP_md_null();
}
}
ikptr
ikrt_openssl_evp_md_null (ikpcb * pcb)
{
#ifdef HAVE_EVP_MD_NULL
const EVP_MD * rv;
rv = EVP_md_null();
return ika_pointer_alloc(pcb, (long)rv);
#else
feature_failure(__func__);
#endif
}
static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
switch (type) {
case EVP_PKEY_CTRL_MD:
/* Only NULL allowed as digest */
if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null())
return 1;
ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE);
return 0;
case EVP_PKEY_CTRL_DIGESTINIT:
return 1;
}
return -2;
}
const EVP_MD * hb_EVP_MD_par( int iParam )
{
const EVP_MD * p;
if( HB_ISCHAR( iParam ) )
return EVP_get_digestbyname( hb_parc( iParam ) );
switch( hb_parni( iParam ) )
{
case HB_EVP_MD_MD_NULL: p = EVP_md_null(); break;
#ifndef OPENSSL_NO_MD4
case HB_EVP_MD_MD4: p = EVP_md4(); break;
#endif
#ifndef OPENSSL_NO_MD5
case HB_EVP_MD_MD5: p = EVP_md5(); break;
#endif
#ifndef OPENSSL_NO_SHA
#if OPENSSL_VERSION_NUMBER < 0x10100000L && \
! defined( LIBRESSL_VERSION_NUMBER )
case HB_EVP_MD_SHA: p = EVP_sha(); break;
#endif
case HB_EVP_MD_SHA1: p = EVP_sha1(); break;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
case HB_EVP_MD_DSS: p = EVP_dss(); break;
case HB_EVP_MD_DSS1: p = EVP_dss1(); break;
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
OPENSSL_VERSION_NUMBER < 0x10100000L
case HB_EVP_MD_ECDSA: p = EVP_ecdsa(); break;
#endif
#endif
#ifndef OPENSSL_NO_SHA256
case HB_EVP_MD_SHA224: p = EVP_sha224(); break;
case HB_EVP_MD_SHA256: p = EVP_sha256(); break;
#endif
#ifndef OPENSSL_NO_SHA512
case HB_EVP_MD_SHA384: p = EVP_sha384(); break;
case HB_EVP_MD_SHA512: p = EVP_sha512(); break;
#endif
#ifndef OPENSSL_NO_RIPEMD
case HB_EVP_MD_RIPEMD160: p = EVP_ripemd160(); break;
#endif
default: p = NULL;
}
return p;
}
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p )
{
int n;
if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL;
#ifndef OPENSSL_NO_MD4
else if( p == EVP_md4() ) n = HB_EVP_MD_MD4;
#endif
#ifndef OPENSSL_NO_MD5
else if( p == EVP_md5() ) n = HB_EVP_MD_MD5;
#endif
#ifndef OPENSSL_NO_SHA
#if OPENSSL_VERSION_NUMBER < 0x10100000L && \
! defined( LIBRESSL_VERSION_NUMBER )
else if( p == EVP_sha() ) n = HB_EVP_MD_SHA;
#endif
else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
else if( p == EVP_dss() ) n = HB_EVP_MD_DSS;
else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1;
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
OPENSSL_VERSION_NUMBER < 0x10100000L
else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA;
#endif
#endif
#ifndef OPENSSL_NO_SHA256
else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224;
else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256;
#endif
#ifndef OPENSSL_NO_SHA512
else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384;
else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512;
#endif
#ifndef OPENSSL_NO_RIPEMD
else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160;
#endif
else n = HB_EVP_MD_UNSUPPORTED;
return n;
}
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p )
{
int n;
if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL;
#ifndef OPENSSL_NO_MD2
else if( p == EVP_md2() ) n = HB_EVP_MD_MD2;
#endif
#ifndef OPENSSL_NO_MD4
else if( p == EVP_md4() ) n = HB_EVP_MD_MD4;
#endif
#ifndef OPENSSL_NO_MD5
else if( p == EVP_md5() ) n = HB_EVP_MD_MD5;
#endif
#ifndef OPENSSL_NO_SHA
else if( p == EVP_sha() ) n = HB_EVP_MD_SHA;
else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1;
else if( p == EVP_dss() ) n = HB_EVP_MD_DSS;
else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1;
#if ! defined( HB_OPENSSL_OLD_OSX_ )
else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA;
#endif
#endif
#ifndef OPENSSL_NO_SHA256
else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224;
else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256;
#endif
#ifndef OPENSSL_NO_SHA512
else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384;
else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512;
#endif
#ifndef OPENSSL_NO_MDC2
else if( p == EVP_mdc2() ) n = HB_EVP_MD_MDC2;
#endif
#ifndef OPENSSL_NO_RIPEMD
else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160;
#endif
else n = HB_EVP_MD_UNSUPPORTED;
return n;
}
int ccn_verify_signature(const unsigned char *msg,
size_t size,
const struct ccn_parsed_ContentObject *co,
const struct ccn_pkey *verification_pubkey)
{
EVP_MD_CTX verc;
EVP_MD_CTX *ver_ctx = &verc;
X509_SIG *digest_info = NULL;
MP_info *merkle_path_info = NULL;
unsigned char *root_hash;
size_t root_hash_size;
int res;
const EVP_MD *digest = EVP_md_null();
const EVP_MD *merkle_path_digest = EVP_md_null();
const unsigned char *signature_bits = NULL;
size_t signature_bits_size = 0;
const unsigned char *witness = NULL;
size_t witness_size = 0;
EVP_PKEY *pkey = (EVP_PKEY *)verification_pubkey;
#ifdef DEBUG
int x, h;
#endif
res = ccn_ref_tagged_BLOB(CCN_DTAG_SignatureBits, msg,
co->offset[CCN_PCO_B_SignatureBits],
co->offset[CCN_PCO_E_SignatureBits],
&signature_bits,
&signature_bits_size);
if (res < 0)
return (-1);
if (co->offset[CCN_PCO_B_DigestAlgorithm] == co->offset[CCN_PCO_E_DigestAlgorithm]) {
digest = EVP_sha256();
}
else {
/* XXX - figure out what algorithm the OID represents */
fprintf(stderr, "not a DigestAlgorithm I understand right now\n");
return (-1);
}
EVP_MD_CTX_init(ver_ctx);
res = EVP_VerifyInit_ex(ver_ctx, digest, NULL);
if (!res)
return (-1);
if (co->offset[CCN_PCO_B_Witness] != co->offset[CCN_PCO_E_Witness]) {
/* The witness is a DigestInfo, where the octet-string therein encapsulates
* a sequence of [integer (origin 1 node#), sequence of [octet-string]]
* where the inner octet-string is the concatenated hashes on the merkle-path
*/
res = ccn_ref_tagged_BLOB(CCN_DTAG_Witness, msg,
co->offset[CCN_PCO_B_Witness],
co->offset[CCN_PCO_E_Witness],
&witness,
&witness_size);
if (res < 0)
return (-1);
digest_info = d2i_X509_SIG(NULL, &witness, witness_size);
/* digest_info->algor->algorithm->{length, data}
* digest_info->digest->{length, type, data}
*/
/* ...2.2 is an MHT w/ SHA256 */
ASN1_OBJECT *merkle_hash_tree_oid = OBJ_txt2obj("1.2.840.113550.11.1.2.2", 1);
if (0 != OBJ_cmp(digest_info->algor->algorithm, merkle_hash_tree_oid)) {
fprintf(stderr, "A witness is present without an MHT OID!\n");
ASN1_OBJECT_free(merkle_hash_tree_oid);
return (-1);
}
/* we're doing an MHT */
ASN1_OBJECT_free(merkle_hash_tree_oid);
merkle_path_digest = EVP_sha256();
/* DER-encoded in the digest_info's digest ASN.1 octet string is the Merkle path info */
merkle_path_info = d2i_MP_info(NULL, (const unsigned char **)&(digest_info->digest->data), digest_info->digest->length);
#ifdef DEBUG
int node = ASN1_INTEGER_get(merkle_path_info->node);
int hash_count = merkle_path_info->hashes->num;
ASN1_OCTET_STRING *hash;
fprintf(stderr, "A witness is present with an MHT OID\n");
fprintf(stderr, "This is node %d, with %d hashes\n", node, hash_count);
for (h = 0; h < hash_count; h++) {
hash = (ASN1_OCTET_STRING *)merkle_path_info->hashes->data[h];
fprintf(stderr, " hashes[%d] len = %d data = ", h, hash->length);
for (x = 0; x < hash->length; x++) {
fprintf(stderr, "%02x", hash->data[x]);
}
fprintf(stderr, "\n");
}
#endif
/* In the MHT signature case, we signed/verify the root hash */
root_hash_size = EVP_MD_size(merkle_path_digest);
root_hash = calloc(1, root_hash_size);
res = ccn_merkle_root_hash(msg, size, co, merkle_path_digest, merkle_path_info, root_hash, root_hash_size);
res = EVP_VerifyUpdate(ver_ctx, root_hash, root_hash_size);
res = EVP_VerifyFinal(ver_ctx, signature_bits, signature_bits_size, pkey);
EVP_MD_CTX_cleanup(ver_ctx);
} else {
/*
* In the simple signature case, we signed/verify from the name through
* the end of the content.
*/
size_t signed_size = co->offset[CCN_PCO_E_Content] - co->offset[CCN_PCO_B_Name];
res = EVP_VerifyUpdate(ver_ctx, msg + co->offset[CCN_PCO_B_Name], signed_size);
res = EVP_VerifyFinal(ver_ctx, signature_bits, signature_bits_size, pkey);
EVP_MD_CTX_cleanup(ver_ctx);
}
if (res == 1)
return (1);
else
return (0);
}
