int sss_hmac_sha1(const unsigned char *key, size_t key_len, const unsigned char *in, size_t in_len, unsigned char *out) { int ret; unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE]; size_t i; HASHContext *sha1; unsigned char hash[SSS_SHA1_LENGTH]; unsigned int res_len; ret = nspr_nss_init(); if (ret != EOK) { return ret; } sha1 = HASH_Create(HASH_AlgSHA1); if (!sha1) { return ENOMEM; } if (key_len > HMAC_SHA1_BLOCKSIZE) { /* keys longer than blocksize are shortened */ HASH_Begin(sha1); HASH_Update(sha1, key, key_len); HASH_End(sha1, ikey, &res_len, SSS_SHA1_LENGTH); memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH); } else { /* keys shorter than blocksize are zero-padded */ memcpy(ikey, key, key_len); if (key_len < HMAC_SHA1_BLOCKSIZE) { memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len); } } /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */ for (i = 0; i < HMAC_SHA1_BLOCKSIZE; i++) { okey[i] = ikey[i] ^ 0x5c; ikey[i] ^= 0x36; } HASH_Begin(sha1); HASH_Update(sha1, ikey, HMAC_SHA1_BLOCKSIZE); HASH_Update(sha1, in, in_len); HASH_End(sha1, hash, &res_len, SSS_SHA1_LENGTH); HASH_Begin(sha1); HASH_Update(sha1, okey, HMAC_SHA1_BLOCKSIZE); HASH_Update(sha1, hash, SSS_SHA1_LENGTH); HASH_End(sha1, out, &res_len, SSS_SHA1_LENGTH); HASH_Destroy(sha1); return EOK; }
NS_IMETHODIMP nsCryptoHash::Finish(bool ascii, nsACString & _retval) { nsNSSShutDownPreventionLock locker; if (!mInitialized) return NS_ERROR_NOT_INITIALIZED; uint32_t hashLen = 0; unsigned char buffer[HASH_LENGTH_MAX]; unsigned char* pbuffer = buffer; HASH_End(mHashContext, pbuffer, &hashLen, HASH_LENGTH_MAX); mInitialized = false; if (ascii) { char *asciiData = BTOA_DataToAscii(buffer, hashLen); NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY); _retval.Assign(asciiData); PORT_Free(asciiData); } else { _retval.Assign((const char*)buffer, hashLen); } return NS_OK; }
int sha_response(int fd, fence_auth_type_t auth, void *key, size_t key_len, int timeout) { fd_set rfds; struct timeval tv; unsigned char challenge[MAX_HASH_LENGTH]; unsigned char hash[MAX_HASH_LENGTH]; HASHContext *h; HASH_HashType ht; unsigned int rlen; FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = timeout; tv.tv_usec = 0; if (select(fd + 1, &rfds, NULL, NULL, &tv) <= 0) { perror("select"); return 0; } if (read(fd, challenge, sizeof(challenge)) < 0) { perror("read"); return 0; } switch(auth) { case AUTH_SHA1: ht = HASH_AlgSHA1; break; case AUTH_SHA256: ht = HASH_AlgSHA256; break; case AUTH_SHA512: ht = HASH_AlgSHA512; break; default: dbg_printf(3, "%s: no-op (AUTH_NONE)\n", __FUNCTION__); return 0; } memset(hash, 0, sizeof(hash)); h = HASH_Create(ht); /* */ if (!h) return 0; HASH_Begin(h); HASH_Update(h, key, key_len); HASH_Update(h, challenge, sizeof(challenge)); HASH_End(h, hash, &rlen, sizeof(hash)); HASH_Destroy(h); if (write(fd, hash, sizeof(hash)) < sizeof(hash)) { perror("read"); return 0; } return 1; }
static int sha_verify(fence_req_t *req, void *key, size_t key_len) { unsigned char hash[SHA512_LENGTH]; unsigned char pkt_hash[SHA512_LENGTH]; HASHContext *h = NULL; HASH_HashType ht; unsigned int rlen; int ret; switch(req->hashtype) { case HASH_SHA1: ht = HASH_AlgSHA1; break; case HASH_SHA256: ht = HASH_AlgSHA256; break; case HASH_SHA512: ht = HASH_AlgSHA512; break; default: dbg_printf(3, "%s: no-op (HASH_NONE)\n", __FUNCTION__); return 0; } if (!key || !key_len) { dbg_printf(3, "%s: Hashing requested when we have no key data\n", __FUNCTION__); return 0; } memset(hash, 0, sizeof(hash)); h = HASH_Create(ht); if (!h) return 0; memcpy(pkt_hash, req->hash, sizeof(pkt_hash)); memset(req->hash, 0, sizeof(req->hash)); HASH_Begin(h); HASH_Update(h, key, key_len); HASH_Update(h, (void *)req, sizeof(*req)); HASH_End(h, hash, &rlen, sizeof(hash)); HASH_Destroy(h); memcpy(req->hash, pkt_hash, sizeof(req->hash)); ret = !memcmp(hash, pkt_hash, sizeof(hash)); if (!ret) { printf("Hash mismatch:\nPKT = "); print_hash(pkt_hash, sizeof(pkt_hash)); printf("\nEXP = "); print_hash(hash, sizeof(hash)); printf("\n"); } return ret; }
static void sha_sign(fence_req_t *req, void *key, size_t key_len) { unsigned char hash[SHA512_LENGTH]; HASHContext *h; HASH_HashType ht; unsigned int rlen; int devrand; switch(req->hashtype) { case HASH_SHA1: ht = HASH_AlgSHA1; break; case HASH_SHA256: ht = HASH_AlgSHA256; break; case HASH_SHA512: ht = HASH_AlgSHA512; break; default: return; } dbg_printf(4, "Opening /dev/urandom\n"); devrand = open("/dev/urandom", O_RDONLY); if (devrand >= 0) { if (read(devrand, req->random, sizeof(req->random)) < 0) { perror("read /dev/urandom"); } close(devrand); } memset(hash, 0, sizeof(hash)); h = HASH_Create(ht); if (!h) return; HASH_Begin(h); HASH_Update(h, key, key_len); HASH_Update(h, (void *)req, sizeof(*req)); HASH_End(h, hash, &rlen, sizeof(hash)); HASH_Destroy(h); memcpy(req->hash, hash, sizeof(req->hash)); }
std::string hash(const std::uint8_t *begin, const std::uint8_t *end) { SECOidTag hashOIDTag = SEC_OID_SHA256; std::array<std::uint8_t, 64> digest; unsigned int len; HASH_HashType hashType = HASH_GetHashTypeByOidTag(hashOIDTag); auto ctx = to_unique(HASH_Create(hashType)); HASH_Begin(ctx.get()); HASH_Update(ctx.get(), reinterpret_cast<const unsigned char *>(begin), end - begin); HASH_End(ctx.get(), reinterpret_cast<unsigned char *>(digest.data()), &len, digest.size()); return std::string(reinterpret_cast<const char *>(digest.data()), len); }
static void TransformToSha256(InspectionBuffer *buffer) { const uint8_t *input = buffer->inspect; const uint32_t input_len = buffer->inspect_len; uint8_t output[SHA256_LENGTH]; //PrintRawDataFp(stdout, input, input_len); HASHContext *sha256_ctx = HASH_Create(HASH_AlgSHA256); if (sha256_ctx) { HASH_Begin(sha256_ctx); HASH_Update(sha256_ctx, input, input_len); unsigned int len = 0; HASH_End(sha256_ctx, output, &len, sizeof(output)); HASH_Destroy(sha256_ctx); InspectionBufferCopy(buffer, output, sizeof(output)); } }
int rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii) { unsigned char * digest; unsigned int digestlen; if (ctx == NULL) return -1; digestlen = HASH_ResultLenContext(ctx->hashctx); digest = xmalloc(digestlen); DPRINTF((stderr, "*** Final(%p,%p,%p,%zd) hashctx %p digest %p\n", ctx, datap, lenp, asAscii, ctx->hashctx, digest)); /* FIX: check rc */ HASH_End(ctx->hashctx, digest, (unsigned int *) &digestlen, digestlen); /* Return final digest. */ if (!asAscii) { if (lenp) *lenp = digestlen; if (datap) { *datap = digest; digest = NULL; } } else { if (lenp) *lenp = (2*digestlen) + 1; if (datap) { const uint8_t * s = (const uint8_t *) digest; *datap = pgpHexStr(s, digestlen); } } if (digest) { memset(digest, 0, digestlen); /* In case it's sensitive */ free(digest); } HASH_Destroy(ctx->hashctx); memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ free(ctx); return 0; }
SECStatus HASH_HashBuf(HASH_HashType type, unsigned char *dest, const unsigned char *src, PRUint32 src_len) { HASHContext *cx; unsigned int part; if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) { return (SECFailure); } cx = HASH_Create(type); if (cx == NULL) { return (SECFailure); } HASH_Begin(cx); HASH_Update(cx, src, src_len); HASH_End(cx, dest, &part, HASH_ResultLenContext(cx)); HASH_Destroy(cx); return (SECSuccess); }
static int sha512_crypt_r(const char *key, const char *salt, char *buffer, size_t buflen) { unsigned char temp_result[64] __attribute__((__aligned__(ALIGN64))); unsigned char alt_result[64] __attribute__((__aligned__(ALIGN64))); size_t rounds = ROUNDS_DEFAULT; bool rounds_custom = false; HASHContext *alt_ctx = NULL; HASHContext *ctx = NULL; size_t salt_len; size_t key_len; size_t cnt; char *copied_salt = NULL; char *copied_key = NULL; char *p_bytes = NULL; char *s_bytes = NULL; int p1, p2, p3, pt, n; unsigned int part; char *cp, *tmp; int ret; /* Find beginning of salt string. The prefix should normally always be * present. Just in case it is not. */ if (strncmp(salt, sha512_salt_prefix, SALT_PREF_SIZE) == 0) { /* Skip salt prefix. */ salt += SALT_PREF_SIZE; } if (strncmp(salt, sha512_rounds_prefix, ROUNDS_SIZE) == 0) { unsigned long int srounds; const char *num; char *endp; num = salt + ROUNDS_SIZE; srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; if (srounds < ROUNDS_MIN) srounds = ROUNDS_MIN; if (srounds > ROUNDS_MAX) srounds = ROUNDS_MAX; rounds = srounds; rounds_custom = true; } } salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); key_len = strlen(key); if ((PTR_2_INT(key) % ALIGN64) != 0) { tmp = (char *)alloca(key_len + ALIGN64); key = copied_key = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, key, key_len); } if (PTR_2_INT(salt) % ALIGN64 != 0) { tmp = (char *)alloca(salt_len + ALIGN64); salt = copied_salt = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, salt, salt_len); } ret = nspr_nss_init(); if (ret != EOK) { ret = EIO; goto done; } ctx = HASH_Create(HASH_AlgSHA512); if (!ctx) { ret = EIO; goto done; } alt_ctx = HASH_Create(HASH_AlgSHA512); if (!alt_ctx) { ret = EIO; goto done; } /* Prepare for the real work. */ HASH_Begin(ctx); /* Add the key string. */ HASH_Update(ctx, (const unsigned char *)key, key_len); /* The last part is the salt string. This must be at most 16 * characters and it ends at the first `$' character (for * compatibility with existing implementations). */ HASH_Update(ctx, (const unsigned char *)salt, salt_len); /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. * The final result will be added to the first context. */ HASH_Begin(alt_ctx); /* Add key. */ HASH_Update(alt_ctx, (const unsigned char *)key, key_len); /* Add salt. */ HASH_Update(alt_ctx, (const unsigned char *)salt, salt_len); /* Add key again. */ HASH_Update(alt_ctx, (const unsigned char *)key, key_len); /* Now get result of this (64 bytes) and add it to the other context. */ HASH_End(alt_ctx, alt_result, &part, HASH_ResultLenContext(alt_ctx)); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 64; cnt -= 64) { HASH_Update(ctx, alt_result, 64); } HASH_Update(ctx, alt_result, cnt); /* Take the binary representation of the length of the key and for every * 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) { if ((cnt & 1) != 0) { HASH_Update(ctx, alt_result, 64); } else { HASH_Update(ctx, (const unsigned char *)key, key_len); } } /* Create intermediate result. */ HASH_End(ctx, alt_result, &part, HASH_ResultLenContext(ctx)); /* Start computation of P byte sequence. */ HASH_Begin(alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; cnt++) { HASH_Update(alt_ctx, (const unsigned char *)key, key_len); } /* Finish the digest. */ HASH_End(alt_ctx, temp_result, &part, HASH_ResultLenContext(alt_ctx)); /* Create byte sequence P. */ cp = p_bytes = alloca(key_len); for (cnt = key_len; cnt >= 64; cnt -= 64) { cp = mempcpy(cp, temp_result, 64); } memcpy(cp, temp_result, cnt); /* Start computation of S byte sequence. */ HASH_Begin(alt_ctx); /* For every character in the password add the entire salt. */ for (cnt = 0; cnt < 16 + alt_result[0]; cnt++) { HASH_Update(alt_ctx, (const unsigned char *)salt, salt_len); } /* Finish the digest. */ HASH_End(alt_ctx, temp_result, &part, HASH_ResultLenContext(alt_ctx)); /* Create byte sequence S. */ cp = s_bytes = alloca(salt_len); for (cnt = salt_len; cnt >= 64; cnt -= 64) { cp = mempcpy(cp, temp_result, 64); } memcpy(cp, temp_result, cnt); /* Repeatedly run the collected hash value through SHA512 to burn CPU cycles. */ for (cnt = 0; cnt < rounds; cnt++) { HASH_Begin(ctx); /* Add key or last result. */ if ((cnt & 1) != 0) { HASH_Update(ctx, (const unsigned char *)p_bytes, key_len); } else { HASH_Update(ctx, alt_result, 64); } /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) { HASH_Update(ctx, (const unsigned char *)s_bytes, salt_len); } /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) { HASH_Update(ctx, (const unsigned char *)p_bytes, key_len); } /* Add key or last result. */ if ((cnt & 1) != 0) { HASH_Update(ctx, alt_result, 64); } else { HASH_Update(ctx, (const unsigned char *)p_bytes, key_len); } /* Create intermediate result. */ HASH_End(ctx, alt_result, &part, HASH_ResultLenContext(ctx)); } /* Now we can construct the result string. * It consists of three parts. */ if (buflen <= SALT_PREF_SIZE) { ret = ERANGE; goto done; } cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); buflen -= SALT_PREF_SIZE; if (rounds_custom) { n = snprintf(cp, buflen, "%s%zu$", sha512_rounds_prefix, rounds); if (n < 0 || n >= buflen) { ret = ERANGE; goto done; } cp += n; buflen -= n; } if (buflen <= salt_len + 1) { ret = ERANGE; goto done; } cp = __stpncpy(cp, salt, salt_len); *cp++ = '$'; buflen -= salt_len + 1; /* fuzzyfill the base 64 string */ p1 = 0; p2 = 21; p3 = 42; for (n = 0; n < 21; n++) { b64_from_24bit(&cp, &buflen, 4, alt_result[p1], alt_result[p2], alt_result[p3]); if (buflen == 0) { ret = ERANGE; goto done; } pt = p1; p1 = p2 + 1; p2 = p3 + 1; p3 = pt + 1; } /* 64th and last byte */ b64_from_24bit(&cp, &buflen, 2, 0, 0, alt_result[p3]); if (buflen == 0) { ret = ERANGE; goto done; } *cp = '\0'; ret = EOK; done: /* Clear the buffer for the intermediate result so that people attaching * to processes or reading core dumps cannot get any information. We do it * in this way to clear correct_words[] inside the SHA512 implementation * as well. */ if (ctx) HASH_Destroy(ctx); if (alt_ctx) HASH_Destroy(alt_ctx); if (p_bytes) memset(p_bytes, '\0', key_len); if (s_bytes) memset(s_bytes, '\0', salt_len); if (copied_key) memset(copied_key, '\0', key_len); if (copied_salt) memset(copied_salt, '\0', salt_len); memset(temp_result, '\0', sizeof(temp_result)); return ret; }
int sha_challenge(int fd, fence_auth_type_t auth, void *key, size_t key_len, int timeout) { fd_set rfds; struct timeval tv; unsigned char hash[MAX_HASH_LENGTH]; unsigned char challenge[MAX_HASH_LENGTH]; unsigned char response[MAX_HASH_LENGTH]; int devrand; int ret; HASHContext *h; HASH_HashType ht; unsigned int rlen; devrand = open("/dev/urandom", O_RDONLY); if (devrand < 0) { perror("open /dev/urandom"); return 0; } if (read(devrand, challenge, sizeof(challenge)) < 0) { perror("read /dev/urandom"); close(devrand); return 0; } close(devrand); if (write(fd, challenge, sizeof(challenge)) < 0) { perror("write"); return 0; } switch(auth) { case HASH_SHA1: ht = HASH_AlgSHA1; break; case HASH_SHA256: ht = HASH_AlgSHA256; break; case HASH_SHA512: ht = HASH_AlgSHA512; break; default: return 0; } memset(hash, 0, sizeof(hash)); h = HASH_Create(ht); if (!h) return 0; HASH_Begin(h); HASH_Update(h, key, key_len); HASH_Update(h, challenge, sizeof(challenge)); HASH_End(h, hash, &rlen, sizeof(hash)); HASH_Destroy(h); memset(response, 0, sizeof(response)); FD_ZERO(&rfds); FD_SET(fd, &rfds); tv.tv_sec = timeout; tv.tv_usec = 0; if (select(fd + 1, &rfds, NULL, NULL, &tv) <= 0) { perror("select"); return 0; } ret = read(fd, response, sizeof(response)); if (ret < 0) { perror("read"); return 0; } else if (ret < sizeof(response)) { fprintf(stderr, "read data from socket is too short(actual: %d, expected: %lu)\n", ret, sizeof(response)); return 0; } ret = !memcmp(response, hash, sizeof(response)); if (!ret) { printf("Hash mismatch:\nC = "); print_hash(challenge, sizeof(challenge)); printf("\nH = "); print_hash(hash, sizeof(hash)); printf("\nR = "); print_hash(response, sizeof(response)); printf("\n"); } return ret; }
static string ComputeDumpHash() { #ifdef XP_LINUX // On Linux we rely on the system-provided libcurl which uses nss so we have // to also use the system-provided nss instead of the ones we have bundled. const char* libnssNames[] = { "libnss3.so", #ifndef HAVE_64BIT_BUILD // 32-bit versions on 64-bit hosts "/usr/lib32/libnss3.so", #endif }; void* lib = nullptr; for (const char* libname : libnssNames) { lib = dlopen(libname, RTLD_NOW); if (lib) { break; } } if (!lib) { return ""; } SECStatus (*NSS_Initialize)(const char*, const char*, const char*, const char*, PRUint32); HASHContext* (*HASH_Create)(HASH_HashType); void (*HASH_Destroy)(HASHContext*); void (*HASH_Begin)(HASHContext*); void (*HASH_Update)(HASHContext*, const unsigned char*, unsigned int); void (*HASH_End)(HASHContext*, unsigned char*, unsigned int*, unsigned int); *(void**) (&NSS_Initialize) = dlsym(lib, "NSS_Initialize"); *(void**) (&HASH_Create) = dlsym(lib, "HASH_Create"); *(void**) (&HASH_Destroy) = dlsym(lib, "HASH_Destroy"); *(void**) (&HASH_Begin) = dlsym(lib, "HASH_Begin"); *(void**) (&HASH_Update) = dlsym(lib, "HASH_Update"); *(void**) (&HASH_End) = dlsym(lib, "HASH_End"); if (!HASH_Create || !HASH_Destroy || !HASH_Begin || !HASH_Update || !HASH_End) { return ""; } #endif // Minimal NSS initialization so we can use the hash functions const PRUint32 kNssFlags = NSS_INIT_READONLY | NSS_INIT_NOROOTINIT | NSS_INIT_NOMODDB | NSS_INIT_NOCERTDB; if (NSS_Initialize(nullptr, "", "", "", kNssFlags) != SECSuccess) { return ""; } HASHContext* hashContext = HASH_Create(HASH_AlgSHA256); if (!hashContext) { return ""; } HASH_Begin(hashContext); ifstream* f = UIOpenRead(gReporterDumpFile, /* binary */ true); bool error = false; // Read the minidump contents if (f->is_open()) { uint8_t buff[4096]; do { f->read((char*) buff, sizeof(buff)); if (f->bad()) { error = true; break; } HASH_Update(hashContext, buff, f->gcount()); } while (!f->eof()); f->close(); } else { error = true; } delete f; // Finalize the hash computation uint8_t result[SHA256_LENGTH]; uint32_t resultLen = 0; HASH_End(hashContext, result, &resultLen, SHA256_LENGTH); if (resultLen != SHA256_LENGTH) { error = true; } HASH_Destroy(hashContext); if (!error) { ostringstream hash; for (size_t i = 0; i < SHA256_LENGTH; i++) { hash << std::setw(2) << std::setfill('0') << std::hex << static_cast<unsigned int>(result[i]); } return hash.str(); } else { return ""; // If we encountered an error, return an empty hash } }