bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod) { if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE) return false; int i = 0; if (nDerivationMethod == 0) i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0], (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV); if (i != (int)WALLET_CRYPTO_KEY_SIZE) { OPENSSL_cleanse(chKey, sizeof(chKey)); OPENSSL_cleanse(chIV, sizeof(chIV)); return false; } fKeySet = true; return true; }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD2 else if( p == EVP_md2() ) n = HB_EVP_MD_MD2; #endif #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #if ! defined( HB_OPENSSL_OLD_OSX_ ) else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_MDC2 else if( p == EVP_mdc2() ) n = HB_EVP_MD_MDC2; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
static int hb_EVP_MD_ptr_to_id( const EVP_MD * p ) { int n; if( p == EVP_md_null() ) n = HB_EVP_MD_MD_NULL; #ifndef OPENSSL_NO_MD4 else if( p == EVP_md4() ) n = HB_EVP_MD_MD4; #endif #ifndef OPENSSL_NO_MD5 else if( p == EVP_md5() ) n = HB_EVP_MD_MD5; #endif #ifndef OPENSSL_NO_SHA #if OPENSSL_VERSION_NUMBER < 0x10100000L && \ ! defined( LIBRESSL_VERSION_NUMBER ) else if( p == EVP_sha() ) n = HB_EVP_MD_SHA; #endif else if( p == EVP_sha1() ) n = HB_EVP_MD_SHA1; #if OPENSSL_VERSION_NUMBER < 0x10100000L else if( p == EVP_dss() ) n = HB_EVP_MD_DSS; else if( p == EVP_dss1() ) n = HB_EVP_MD_DSS1; #endif #if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ OPENSSL_VERSION_NUMBER < 0x10100000L else if( p == EVP_ecdsa() ) n = HB_EVP_MD_ECDSA; #endif #endif #ifndef OPENSSL_NO_SHA256 else if( p == EVP_sha224() ) n = HB_EVP_MD_SHA224; else if( p == EVP_sha256() ) n = HB_EVP_MD_SHA256; #endif #ifndef OPENSSL_NO_SHA512 else if( p == EVP_sha384() ) n = HB_EVP_MD_SHA384; else if( p == EVP_sha512() ) n = HB_EVP_MD_SHA512; #endif #ifndef OPENSSL_NO_RIPEMD else if( p == EVP_ripemd160() ) n = HB_EVP_MD_RIPEMD160; #endif else n = HB_EVP_MD_UNSUPPORTED; return n; }
void openssl_add_all_digests_int(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); EVP_add_digest(EVP_md5_sha1()); #endif EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RMD160 EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif #ifndef OPENSSL_NO_BLAKE2 EVP_add_digest(EVP_blake2b512()); EVP_add_digest(EVP_blake2s256()); #endif EVP_add_digest(EVP_sha3_224()); EVP_add_digest(EVP_sha3_256()); EVP_add_digest(EVP_sha3_384()); EVP_add_digest(EVP_sha3_512()); #if 0 EVP_add_digest(EVP_shake128()); EVP_add_digest(EVP_shake256()); #endif }
/* TODO(davidben): Forbid RSA-PKCS1 in TLS 1.3. For now we allow it because NSS * has yet to start doing RSA-PSS, so enforcing it would complicate interop * testing. */ static int is_rsa_pkcs1(const EVP_MD **out_md, uint16_t sigalg) { switch (sigalg) { case SSL_SIGN_RSA_PKCS1_MD5_SHA1: *out_md = EVP_md5_sha1(); return 1; case SSL_SIGN_RSA_PKCS1_SHA1: *out_md = EVP_sha1(); return 1; case SSL_SIGN_RSA_PKCS1_SHA256: *out_md = EVP_sha256(); return 1; case SSL_SIGN_RSA_PKCS1_SHA384: *out_md = EVP_sha384(); return 1; case SSL_SIGN_RSA_PKCS1_SHA512: *out_md = EVP_sha512(); return 1; default: return 0; } }
KDF_FUNC KDF_get_x9_63(const EVP_MD *md) { if (md == EVP_md5()) return x963_md5kdf; else if (md == EVP_ripemd160()) return x963_rmd160kdf; else if (md == EVP_sha1()) return x963_sha1kdf; else if (md == EVP_sha224()) return x963_sha224kdf; else if (md == EVP_sha256()) return x963_sha256kdf; else if (md == EVP_sha384()) return x963_sha384kdf; else if (md == EVP_sha512()) return x963_sha512kdf; else if (md == EVP_sm3()) return x963_sm3kdf; return NULL; }
static inline const EVP_MD * digest_decide_md(const unsigned int alg) { switch (alg) { case DIGALG_MD5: return EVP_md5(); case DIGALG_SHA1: return EVP_sha1(); case DIGALG_SHA2_256: return EVP_sha256(); case DIGALG_SHA2_512: return EVP_sha512(); } (void) slog(LG_ERROR, "%s: called with unknown/unimplemented alg '%u' (BUG)", __func__, alg); return NULL; }
bool crypto_rsa_verify_signature(struct string *databuffer, struct string *signature, const char *pubkey) { int err; bool retval; EVP_MD_CTX md_ctx; EVP_PKEY *pkey; /* load public key into openssl structure */ pkey = crypto_load_key(pubkey, false); if (pkey == NULL) { log_err("crypto_verify_signature: key loading failed\n"); return false; } /* Verify the signature */ if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) { log_err("crypto_verify_signature: libcrypto verify init failed\n"); EVP_PKEY_free(pkey); return false; } EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer)); err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey); EVP_PKEY_free(pkey); if (err != 1) { log_err("crypto_verify_signature: signature verify failed, received bogus data from backend.\n"); ERR_print_errors_fp(stderr); retval = false; goto bailout_ctx_cleanup; } retval = true; bailout_ctx_cleanup: EVP_MD_CTX_cleanup(&md_ctx); //log_info("Signature Verified Ok.\n"); return retval; }
static void _md_init_subsystem (void) { int i; for (i = 0; i < MUNGE_MAC_LAST_ITEM; i++) { _md_map [i] = NULL; } _md_map [MUNGE_MAC_MD5] = EVP_md5 (); _md_map [MUNGE_MAC_SHA1] = EVP_sha1 (); _md_map [MUNGE_MAC_RIPEMD160] = EVP_ripemd160 (); #if HAVE_EVP_SHA256 _md_map [MUNGE_MAC_SHA256] = EVP_sha256 (); #endif /* HAVE_EVP_SHA256 */ #if HAVE_EVP_SHA512 _md_map [MUNGE_MAC_SHA512] = EVP_sha512 (); #endif /* HAVE_EVP_SHA512 */ return; }
/* This function signs the buffer passed as argument, returns the length of the signature * else -1 on error * It leaves the sign in **sign_buf (which is allocated) */ int sign_hello(unsigned char* hello_buf,unsigned int hello_len,unsigned char** sign_buf){ EVP_MD_CTX* ctx = NULL; unsigned int sign_len; EVP_PKEY* evp = EVP_PKEY_new(); FILE* fp; *sign_buf = NULL; ctx = (EVP_MD_CTX*)calloc(1,sizeof(EVP_MD_CTX)); EVP_MD_CTX_init(ctx); OpenSSL_add_all_algorithms(); if((fp=fopen(PRIV_KEY,"r"))==NULL){ goto fail; } if((evp=PEM_read_PrivateKey(fp,NULL,NULL,NULL))==NULL){ goto fail; } *sign_buf = (unsigned char*)calloc(1,EVP_PKEY_size(evp)); if(EVP_SignInit(ctx,EVP_sha512())==0){ goto fail; } if(EVP_SignUpdate(ctx,hello_buf,hello_len)==0){ goto fail; } if(EVP_SignFinal(ctx,*sign_buf,&sign_len,evp)==0){ goto fail; } EVP_MD_CTX_cleanup(ctx); free(ctx); EVP_PKEY_free(evp); return sign_len; fail: EVP_MD_CTX_cleanup(ctx); free(ctx); if (*sign_buf != NULL) { free(*sign_buf); } return -1; }
static int is_ecdsa(int *out_curve, const EVP_MD **out_md, uint16_t sigalg) { switch (sigalg) { case SSL_SIGN_ECDSA_SHA1: *out_curve = NID_undef; *out_md = EVP_sha1(); return 1; case SSL_SIGN_ECDSA_SECP256R1_SHA256: *out_curve = NID_X9_62_prime256v1; *out_md = EVP_sha256(); return 1; case SSL_SIGN_ECDSA_SECP384R1_SHA384: *out_curve = NID_secp384r1; *out_md = EVP_sha384(); return 1; case SSL_SIGN_ECDSA_SECP521R1_SHA512: *out_curve = NID_secp521r1; *out_md = EVP_sha512(); return 1; default: return 0; } }
int lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type, const uint8_t *key, size_t key_len) { EVP_PKEY *pkey; ctx->type = type; switch (type) { case LWS_GENHMAC_TYPE_SHA256: ctx->evp_type = EVP_sha256(); break; case LWS_GENHMAC_TYPE_SHA384: ctx->evp_type = EVP_sha384(); break; case LWS_GENHMAC_TYPE_SHA512: ctx->evp_type = EVP_sha512(); break; default: lwsl_err("%s: unknown HMAC type %d\n", __func__, type); return -1; } ctx->ctx = EVP_MD_CTX_create(); if (!ctx->ctx) return -1; if (EVP_DigestInit_ex(ctx->ctx, ctx->evp_type, NULL) != 1) return -1; pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, (int)key_len); if (EVP_DigestSignInit(ctx->ctx, NULL, ctx->evp_type, NULL, pkey) != 1) return -1; EVP_PKEY_free(pkey); return 0; }
const EVP_MD *FIPS_get_digestbynid(int nid) { switch (nid) { case NID_sha1: return EVP_sha1(); case NID_sha224: return EVP_sha224(); case NID_sha256: return EVP_sha256(); case NID_sha384: return EVP_sha384(); case NID_sha512: return EVP_sha512(); default: return NULL; } }
static int get_hash_via_env_var(char *hash) { int fd; char *ob_key; struct stat stat_info; char *p; if (NULL == (ob_key = (char *) getenv("gtm_obfuscation_key"))) return 1; fd = open(ob_key, O_RDONLY); if (fd == -1) return 1; if (fstat(fd, &stat_info) == -1) return 1; if (!S_ISREG(stat_info.st_mode)) return 1; p = mmap(0, stat_info.st_size, PROT_READ, MAP_SHARED, fd, 0); if (MAP_FAILED == p) return 1; if (-1 == close(fd)) return 1; # ifdef USE_OPENSSL EVP_Digest(p, stat_info.st_size, (unsigned char *)hash, NULL, EVP_sha512(), NULL); # elif defined USE_GCRYPT gcry_md_hash_buffer(GCRY_MD_SHA512, hash, p, stat_info.st_size ); # endif /* Since we have what we want no need to check the status of the munmap */ munmap(p, stat_info.st_size); return 0; }
PARCSymmetricKeySigner * parcSymmetricKeySigner_Create(PARCSymmetricKeyStore *keyStore, PARCCryptoHashType hmacHashType) { PARCSymmetricKeySigner *result = parcObject_CreateInstance(PARCSymmetricKeySigner); if (result != NULL) { result->hashType = hmacHashType; switch (hmacHashType) { case PARC_HASH_SHA256: result->hashLength = SHA256_DIGEST_LENGTH; result->opensslMd = EVP_sha256(); break; case PARC_HASH_SHA512: result->hashLength = SHA512_DIGEST_LENGTH; result->opensslMd = EVP_sha512(); break; default: parcObject_Release((void **) &result); trapIllegalValue(hmacHashType, "Unknown HMAC hash type: %d", hmacHashType); } // the signer key digest is SHA256, independent of the HMAC digest result->secretKeyHash = parcSymmetricKeyStore_GetVerifierKeyDigest(keyStore); result->keyStore = parcSymmetricKeyStore_Acquire(keyStore); result->generalKeyStore = parcKeyStore_Create(result->keyStore, PARCSymmetricKeyStoreAsKeyStore); // create the functor from the template then specialize it to this keystore. // This depends on keystore->secret_key being set. It will cause a callback // into hmac_setup() result->hasherFunctor = functor_hmac; result->hasherFunctor.functor_env = result; result->hasher = parcCryptoHasher_CustomHasher(hmacHashType, result->hasherFunctor); } return result; }
bool HMAC_Create(COSE_MacMessage * pcose, int HSize, int TSize, const byte * pbKey, size_t cbKey, const byte * pbAuthData, size_t cbAuthData, cose_errback * perr) { HMAC_CTX ctx; const EVP_MD * pmd = NULL; byte * rgbOut = NULL; unsigned int cbOut; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif HMAC_CTX_init(&ctx); if (0) { errorReturn: COSE_FREE(rgbOut, context); HMAC_cleanup(&ctx); return false; } switch (HSize) { case 256: pmd = EVP_sha256(); break; case 384: pmd = EVP_sha384(); break; case 512: pmd = EVP_sha512(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(EVP_MAX_MD_SIZE, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(HMAC_Init(&ctx, pbKey, (int) cbKey, pmd), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Update(&ctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(HMAC_Final(&ctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(_COSE_array_replace(&pcose->m_message, cn_cbor_data_create(rgbOut, TSize / 8, CBOR_CONTEXT_PARAM_COMMA NULL), INDEX_MAC_TAG, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR); HMAC_cleanup(&ctx); return true; }
char* CryptoHandler::hmac_sha512(char* datain, char* keyin, const bool& base64) { unsigned char* key = (unsigned char*) keyin; unsigned char* data = (unsigned char*) datain; unsigned char* result; unsigned int result_len = 64; HMAC_CTX ctx; result = (unsigned char*) malloc(sizeof(char) * result_len); ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, strlen(keyin), EVP_sha512(), NULL); HMAC_Update(&ctx, data, strlen(datain)); HMAC_Final(&ctx, result, &result_len); HMAC_CTX_cleanup(&ctx); if(base64) return base64encode(result,result_len); return (char*)result; }
static int sqlcipher_openssl_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) { int rc = SQLITE_OK; switch(algorithm) { case SQLCIPHER_HMAC_SHA1: if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha1(), key_sz, key)) goto error; break; case SQLCIPHER_HMAC_SHA256: if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha256(), key_sz, key)) goto error; break; case SQLCIPHER_HMAC_SHA512: if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha512(), key_sz, key)) goto error; break; default: return SQLITE_ERROR; } goto cleanup; error: rc = SQLITE_ERROR; cleanup: return rc; }
/*! * \brief Get message digest type for a given algorithm. * * \param algorithm Algorithm number. * * \return Pointer to digest type specification, NULL if not implemented. */ static const EVP_MD *get_digest_type(knot_dnssec_algorithm_t algorithm) { // EVP_<digest>() functions should not fail (return NULL) switch (algorithm) { case KNOT_DNSSEC_ALG_RSASHA1: case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1: case KNOT_DNSSEC_ALG_DSA: case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1: return EVP_sha1(); case KNOT_DNSSEC_ALG_RSAMD5: return EVP_md5(); case KNOT_DNSSEC_ALG_RSASHA256: case KNOT_DNSSEC_ALG_ECDSAP256SHA256: return EVP_sha256(); case KNOT_DNSSEC_ALG_ECDSAP384SHA384: return EVP_sha384(); case KNOT_DNSSEC_ALG_RSASHA512: return EVP_sha512(); default: return NULL; } }
/* SHA512: generate hash of known digest value and compare to known precomputed correct hash */ static int FIPS_sha512_test() { unsigned char digest[SHA512_DIGEST_LENGTH] = { 0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca, 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a, 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22, 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3 }; unsigned char str[] = "etaonrishd"; unsigned char md[SHA512_DIGEST_LENGTH]; ERR_clear_error(); if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha512(), NULL)) return 0; if (memcmp(md, digest, sizeof(md))) return 0; return 1; }
static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { unsigned int outlen; int rc = SQLITE_OK; HMAC_CTX* hctx = NULL; if(in == NULL) goto error; hctx = HMAC_CTX_new(); if(hctx == NULL) goto error; switch(algorithm) { case SQLCIPHER_HMAC_SHA1: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error; break; case SQLCIPHER_HMAC_SHA256: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error; break; case SQLCIPHER_HMAC_SHA512: if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error; break; default: goto error; } if(!HMAC_Update(hctx, in, in_sz)) goto error; if(in2 != NULL) { if(!HMAC_Update(hctx, in2, in2_sz)) goto error; } if(!HMAC_Final(hctx, out, &outlen)) goto error; goto cleanup; error: rc = SQLITE_ERROR; cleanup: if(hctx) HMAC_CTX_free(hctx); return rc; }
extern "C" K qHMAC512(K data, K key) { unsigned int SHA512_DIGEST_LENGTH=64; unsigned char md[SHA512_DIGEST_LENGTH]; unsigned char result[SHA512_DIGEST_LENGTH]; unsigned int len=0; K ret = ktn(KG,SHA512_DIGEST_LENGTH); HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key->s, strlen(key->s), EVP_sha512(), NULL); HMAC_Update(&ctx, (unsigned char*)(data->s), strlen(data->s)); HMAC_Final(&ctx, result, &len); HMAC_CTX_cleanup(&ctx); for(int i=0; i < len ; i++) kG(ret)[i]=result[i]; return (ret); }
const EVP_MD * eac_oid2md(int protocol) { if ( protocol == NID_id_TA_ECDSA_SHA_1 || protocol == NID_id_TA_RSA_v1_5_SHA_1 || protocol == NID_id_TA_RSA_PSS_SHA_1) { return EVP_sha1(); } else if (protocol == NID_id_TA_ECDSA_SHA_224) { return EVP_sha224(); } else if (protocol == NID_id_TA_ECDSA_SHA_256 || protocol == NID_id_TA_RSA_v1_5_SHA_256 || protocol == NID_id_TA_RSA_PSS_SHA_256) { return EVP_sha256(); } else if (protocol == NID_id_TA_ECDSA_SHA_384) { return EVP_sha384(); } else if (protocol == NID_id_TA_ECDSA_SHA_512 || protocol == NID_id_TA_RSA_v1_5_SHA_512 || protocol == NID_id_TA_RSA_PSS_SHA_512) { return EVP_sha512(); } else { log_err("Unknown protocol"); return NULL; } }
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) { HMACCTX ctx = NULL; ctx = HMAC_CTX_new(); if (ctx == NULL) { return NULL; } #ifndef OLD_CRYPTO HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it. #endif switch(type) { case SSH_HMAC_SHA1: HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL); break; case SSH_HMAC_SHA256: HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL); break; case SSH_HMAC_SHA384: HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL); break; case SSH_HMAC_SHA512: HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL); break; case SSH_HMAC_MD5: HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL); break; default: HMAC_CTX_free(ctx); SAFE_FREE(ctx); ctx = NULL; } return ctx; }
void isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, unsigned int len) { HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha512()); }
/** * Setup key and digest for verification. Adjust sig if necessary. * * @param algo: key algorithm * @param evp_key: EVP PKEY public key to create. * @param digest_type: digest type to use * @param key: key to setup for. * @param keylen: length of key. * @return false on failure. */ static int setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, unsigned char* key, size_t keylen) { #if defined(USE_DSA) && defined(USE_SHA1) DSA* dsa; #endif RSA* rsa; switch(algo) { #if defined(USE_DSA) && defined(USE_SHA1) case LDNS_DSA: case LDNS_DSA_NSEC3: *evp_key = EVP_PKEY_new(); if(!*evp_key) { log_err("verify: malloc failure in crypto"); return 0; } dsa = sldns_key_buf2dsa_raw(key, keylen); if(!dsa) { verbose(VERB_QUERY, "verify: " "sldns_key_buf2dsa_raw failed"); return 0; } if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) { verbose(VERB_QUERY, "verify: " "EVP_PKEY_assign_DSA failed"); return 0; } #ifdef HAVE_EVP_DSS1 *digest_type = EVP_dss1(); #else *digest_type = EVP_sha1(); #endif break; #endif /* USE_DSA && USE_SHA1 */ #if defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) #ifdef USE_SHA1 case LDNS_RSASHA1: case LDNS_RSASHA1_NSEC3: #endif #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) case LDNS_RSASHA256: #endif #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) case LDNS_RSASHA512: #endif *evp_key = EVP_PKEY_new(); if(!*evp_key) { log_err("verify: malloc failure in crypto"); return 0; } rsa = sldns_key_buf2rsa_raw(key, keylen); if(!rsa) { verbose(VERB_QUERY, "verify: " "sldns_key_buf2rsa_raw SHA failed"); return 0; } if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { verbose(VERB_QUERY, "verify: " "EVP_PKEY_assign_RSA SHA failed"); return 0; } /* select SHA version */ #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) if(algo == LDNS_RSASHA256) *digest_type = EVP_sha256(); else #endif #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) if(algo == LDNS_RSASHA512) *digest_type = EVP_sha512(); else #endif #ifdef USE_SHA1 *digest_type = EVP_sha1(); #else { verbose(VERB_QUERY, "no digest available"); return 0; } #endif break; #endif /* defined(USE_SHA1) || (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) */ case LDNS_RSAMD5: *evp_key = EVP_PKEY_new(); if(!*evp_key) { log_err("verify: malloc failure in crypto"); return 0; } rsa = sldns_key_buf2rsa_raw(key, keylen); if(!rsa) { verbose(VERB_QUERY, "verify: " "sldns_key_buf2rsa_raw MD5 failed"); return 0; } if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { verbose(VERB_QUERY, "verify: " "EVP_PKEY_assign_RSA MD5 failed"); return 0; } *digest_type = EVP_md5(); break; #ifdef USE_GOST case LDNS_ECC_GOST: *evp_key = sldns_gost2pkey_raw(key, keylen); if(!*evp_key) { verbose(VERB_QUERY, "verify: " "sldns_gost2pkey_raw failed"); return 0; } *digest_type = EVP_get_digestbyname("md_gost94"); if(!*digest_type) { verbose(VERB_QUERY, "verify: " "EVP_getdigest md_gost94 failed"); return 0; } break; #endif #ifdef USE_ECDSA case LDNS_ECDSAP256SHA256: *evp_key = sldns_ecdsa2pkey_raw(key, keylen, LDNS_ECDSAP256SHA256); if(!*evp_key) { verbose(VERB_QUERY, "verify: " "sldns_ecdsa2pkey_raw failed"); return 0; } #ifdef USE_ECDSA_EVP_WORKAROUND *digest_type = &ecdsa_evp_256_md; #else *digest_type = EVP_sha256(); #endif break; case LDNS_ECDSAP384SHA384: *evp_key = sldns_ecdsa2pkey_raw(key, keylen, LDNS_ECDSAP384SHA384); if(!*evp_key) { verbose(VERB_QUERY, "verify: " "sldns_ecdsa2pkey_raw failed"); return 0; } #ifdef USE_ECDSA_EVP_WORKAROUND *digest_type = &ecdsa_evp_384_md; #else *digest_type = EVP_sha384(); #endif break; #endif /* USE_ECDSA */ #ifdef USE_ED25519 case LDNS_ED25519: *evp_key = sldns_ed255192pkey_raw(key, keylen); if(!*evp_key) { verbose(VERB_QUERY, "verify: " "sldns_ed255192pkey_raw failed"); return 0; } *digest_type = NULL; break; #endif /* USE_ED25519 */ default: verbose(VERB_QUERY, "verify: unknown algorithm %d", algo); return 0; } return 1; }
static unsigned int sha_512_func(unsigned char *o, X509 *x) { const EVP_MD *md; md = EVP_sha512(); return generic_func(o, x, md); }
int HDW_generate_master_node(uint8_t *seed, size_t seed_len, HDW_XKEY_NET net, HDW_xkey_t *key) { int res; HMAC_CTX hmac_ctx; res = HMAC_Init(&hmac_ctx, BIP32_SPEC_DEFAULT_KEY, (int) strlen(BIP32_SPEC_DEFAULT_KEY), EVP_sha512()); if (!res) { fprintf(stderr, "Could not HMAC_Init\n"); return res; } res = HMAC_Update(&hmac_ctx, seed, seed_len); if (!res) { fprintf(stderr, "Could not HMAC_Update\n"); goto cleanup_hmac_context; } uint8_t master_digest[SHA512_DIGEST_LENGTH]; uint32_t digest_len; res = HMAC_Final(&hmac_ctx, master_digest, &digest_len); if (digest_len != SHA512_DIGEST_LENGTH) { // Oh ho, we might have smashed the stack :( . Abort everything! // This should not happen at all. fprintf(stderr, "Big problem at %s%d\n", __FILE__, __LINE__); exit(-1); } if (!res) { fprintf(stderr, "Could not HMAC_Final\n"); goto cleanup_hmac_context; } size_t half_hash_len = SHA512_DIGEST_LENGTH / 2; memcpy(key->version, KEY_VERSIONS_VALUES[net | HDW_XKEY_TYPE_PRIVATE], sizeof(key->version)); // Copy the L and R part into the key. key->key_data[0] = 0; memcpy(key->key_data + 1, master_digest, half_hash_len); memcpy(key->chain_code, master_digest + half_hash_len, half_hash_len); // Set the rest of the data as master key. key->depth = (uint8_t) 0; memset(key->parent_fingerprint, 0, sizeof(key->parent_fingerprint)); memset(key->child_number, 0, sizeof(key->child_number)); cleanup_hmac_context: HMAC_CTX_cleanup(&hmac_ctx); return res; }
static void *x963_sha512kdf(const void *in, size_t inlen, void *out, size_t *outlen) { return x963_kdf(EVP_sha512(), in, inlen, out, outlen); }
static inline int get_pass(str *_username, str *_secret, str *_password) { unsigned int hmac_len = SHA_DIGEST_LENGTH; unsigned char hmac_sha1[512]; switch(autheph_sha_alg) { case AUTHEPH_SHA1: hmac_len = SHA_DIGEST_LENGTH; if (HMAC(EVP_sha1(), _secret->s, _secret->len, (unsigned char *) _username->s, _username->len, hmac_sha1, &hmac_len) == NULL) { LM_ERR("HMAC-SHA1 failed\n"); return -1; } break; case AUTHEPH_SHA256: hmac_len = SHA256_DIGEST_LENGTH; if (HMAC(EVP_sha256(), _secret->s, _secret->len, (unsigned char *) _username->s, _username->len, hmac_sha1, &hmac_len) == NULL) { LM_ERR("HMAC-SHA256 failed\n"); return -1; } break; case AUTHEPH_SHA384: hmac_len = SHA384_DIGEST_LENGTH; if (HMAC(EVP_sha256(), _secret->s, _secret->len, (unsigned char *) _username->s, _username->len, hmac_sha1, &hmac_len) == NULL) { LM_ERR("HMAC-SHA256 failed\n"); return -1; } break; case AUTHEPH_SHA512: hmac_len = SHA512_DIGEST_LENGTH; if (HMAC(EVP_sha512(), _secret->s, _secret->len, (unsigned char *) _username->s, _username->len, hmac_sha1, &hmac_len) == NULL) { LM_ERR("HMAC-SHA512 failed\n"); return -1; } break; default: LM_ERR("Inavlid SHA Algorithm\n"); return -1; } LM_DBG("HMAC-Len (%i)\n", hmac_len); _password->len = base64_enc(hmac_sha1, hmac_len, (unsigned char *) _password->s, base64_enc_len(hmac_len)); LM_DBG("calculated password: %.*s (%i)\n", _password->len, _password->s, _password->len); return 0; }