static void sha256_init(EVP_MD_CTX *ctx) { CHECK(SHA256_Init(ctx->md_data)); }
static char *make_dirname(const char *pi_name, char **logtext) { char *name, *parentdirname, *dirname, *err; /* * First, create the top-level directory for all shared PuTTY * connections owned by this user. */ parentdirname = make_parentdir_name(); if ((err = make_dir_and_check_ours(parentdirname)) != NULL) { *logtext = err; sfree(parentdirname); return NULL; } /* * Transform the platform-independent version of the connection * identifier into the name we'll actually use for the directory * containing the Unix socket. * * We do this by hashing the identifier with some user-specific * secret information, to avoid the privacy leak of having * "user@host" strings show up in 'netstat -x'. (Irritatingly, the * full pathname of a Unix-domain socket _does_ show up in the * 'netstat -x' output, at least on Linux, even if that socket is * in a directory not readable to the user running netstat. You'd * think putting things inside an 0700 directory would hide their * names from other users, but no.) * * The secret information we use to salt the hash lives in a file * inside the top-level directory we just created, so we must * first create that file (with some fresh random data in it) if * it's not already been done by a previous PuTTY. */ { unsigned char saltbuf[SALT_SIZE]; char *saltname; int saltfd, i, ret; saltname = dupprintf("%s/%s", parentdirname, SALT_FILENAME); saltfd = open(saltname, O_RDONLY); if (saltfd < 0) { char *tmpname; int pid; if (errno != ENOENT) { *logtext = dupprintf("%s: open: %s", saltname, strerror(errno)); sfree(saltname); sfree(parentdirname); return NULL; } /* * The salt file doesn't already exist, so try to create * it. Another process may be attempting the same thing * simultaneously, so we must do this carefully: we write * a salt file under a different name, then hard-link it * into place, which guarantees that we won't change the * contents of an existing salt file. */ pid = getpid(); for (i = 0;; i++) { tmpname = dupprintf("%s/%s.tmp.%d.%d", parentdirname, SALT_FILENAME, pid, i); saltfd = open(tmpname, O_WRONLY | O_EXCL | O_CREAT, 0400); if (saltfd >= 0) break; if (errno != EEXIST) { *logtext = dupprintf("%s: open: %s", tmpname, strerror(errno)); sfree(tmpname); sfree(saltname); sfree(parentdirname); return NULL; } sfree(tmpname); /* go round and try again with i+1 */ } /* * Invent some random data. */ for (i = 0; i < SALT_SIZE; i++) { saltbuf[i] = random_byte(); } ret = write(saltfd, saltbuf, SALT_SIZE); /* POSIX atomicity guarantee: because we wrote less than * PIPE_BUF bytes, the write either completed in full or * failed. */ assert(SALT_SIZE < PIPE_BUF); assert(ret < 0 || ret == SALT_SIZE); if (ret < 0) { close(saltfd); *logtext = dupprintf("%s: write: %s", tmpname, strerror(errno)); sfree(tmpname); sfree(saltname); sfree(parentdirname); return NULL; } if (close(saltfd) < 0) { *logtext = dupprintf("%s: close: %s", tmpname, strerror(errno)); sfree(tmpname); sfree(saltname); sfree(parentdirname); return NULL; } /* * Now attempt to hard-link our temp file into place. We * tolerate EEXIST as an outcome, because that just means * another PuTTY got their attempt in before we did (and * we only care that there is a valid salt file we can * agree on, no matter who created it). */ if (link(tmpname, saltname) < 0 && errno != EEXIST) { *logtext = dupprintf("%s: link: %s", saltname, strerror(errno)); sfree(tmpname); sfree(saltname); sfree(parentdirname); return NULL; } /* * Whether that succeeded or not, get rid of our temp file. */ if (unlink(tmpname) < 0) { *logtext = dupprintf("%s: unlink: %s", tmpname, strerror(errno)); sfree(tmpname); sfree(saltname); sfree(parentdirname); return NULL; } /* * And now we've arranged for there to be a salt file, so * we can try to open it for reading again and this time * expect it to work. */ sfree(tmpname); saltfd = open(saltname, O_RDONLY); if (saltfd < 0) { *logtext = dupprintf("%s: open: %s", saltname, strerror(errno)); sfree(saltname); sfree(parentdirname); return NULL; } } for (i = 0; i < SALT_SIZE; i++) { ret = read(saltfd, saltbuf, SALT_SIZE); if (ret <= 0) { close(saltfd); *logtext = dupprintf("%s: read: %s", saltname, ret == 0 ? "unexpected EOF" : strerror(errno)); sfree(saltname); sfree(parentdirname); return NULL; } assert(0 < ret && ret <= SALT_SIZE - i); i += ret; } close(saltfd); sfree(saltname); /* * Now we've got our salt, hash it with the connection * identifier to produce our actual socket name. */ { SHA256_State sha; unsigned len; unsigned char lenbuf[4]; unsigned char digest[32]; char retbuf[65]; SHA256_Init(&sha); PUT_32BIT(lenbuf, SALT_SIZE); SHA256_Bytes(&sha, lenbuf, 4); SHA256_Bytes(&sha, saltbuf, SALT_SIZE); len = strlen(pi_name); PUT_32BIT(lenbuf, len); SHA256_Bytes(&sha, lenbuf, 4); SHA256_Bytes(&sha, pi_name, len); SHA256_Final(&sha, digest); /* * And make it printable. */ for (i = 0; i < 32; i++) { sprintf(retbuf + 2*i, "%02x", digest[i]); /* the last of those will also write the trailing NUL */ } name = dupstr(retbuf); } smemclr(saltbuf, sizeof(saltbuf)); } dirname = dupprintf("%s/%s", parentdirname, name); sfree(parentdirname); sfree(name); return dirname; }
static int __archive_libmd_sha256init(archive_sha256_ctx *ctx) { SHA256_Init(ctx); return (ARCHIVE_OK); }
int main(void) { SHA256_CTX ctx; uint8_t sum[32]; int result = 0; int i, cnt; for (cnt = 0; cnt < (int)ntests; ++cnt) { SHA256_Init(&ctx); SHA256_Update(&ctx, tests[cnt].input, strlen(tests[cnt].input)); SHA256_Final(sum, &ctx); if (memcmp(tests[cnt].result, sum, 32) != 0) { for (i = 0; i < 32; i++) printf("%02X", tests[cnt].result[i]); printf("\n"); for (i = 0; i < 32; i++) printf("%02X", sum[i]); printf("\n"); printf("test %d run %d failed\n", cnt, 1); result = 1; } SHA256_Init(&ctx); for (i = 0; tests[cnt].input[i] != '\0'; ++i) SHA256_Update(&ctx, &tests[cnt].input[i], 1); SHA256_Final(sum, &ctx); if (memcmp(tests[cnt].result, sum, 32) != 0) { for (i = 0; i < 32; i++) printf("%02X", tests[cnt].result[i]); printf("\n"); for (i = 0; i < 32; i++) printf("%02X", sum[i]); printf("\n"); printf("test %d run %d failed\n", cnt, 2); result = 1; } } /* Test vector from FIPS 180-2: appendix B.3. */ char buf[1000]; memset(buf, 'a', sizeof(buf)); SHA256_Init(&ctx); for (i = 0; i < 1000; ++i) SHA256_Update(&ctx, buf, sizeof(buf)); SHA256_Final(sum, &ctx); static const char expected[32] = "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0"; if (memcmp(expected, sum, 32) != 0) { printf("test %d failed\n", cnt); result = 1; } for (cnt = 0; cnt < ntests2; ++cnt) { char *cp = crypt_sha256(tests2[cnt].input, tests2[cnt].salt); if (strcmp(cp, tests2[cnt].expected) != 0) { printf("test %d: expected \"%s\", got \"%s\"\n", cnt, tests2[cnt].expected, cp); result = 1; } } if (result == 0) puts("all tests OK"); return result; }
static void md_init(mdCtx *ctx) { SHA256_Init(ctx); }
static void md_init(MD_CTX * ctx) { SHA256_Init(ctx); }
static int cnt_recv(const struct worker *wrk, struct req *req) { unsigned recv_handling; struct SHA256Context sha256ctx; CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); CHECK_OBJ_NOTNULL(req, REQ_MAGIC); CHECK_OBJ_NOTNULL(req->vcl, VCL_CONF_MAGIC); AZ(req->obj); AZ(req->busyobj); VSLb(req->vsl, SLT_ReqStart, "%s %s", req->sp->addr, req->sp->port); if (req->err_code) { req->req_step = R_STP_ERROR; return (0); } /* By default we use the first backend */ AZ(req->director); req->director = req->vcl->director[0]; AN(req->director); EXP_Clr(&req->exp); req->disable_esi = 0; req->hash_always_miss = 0; req->hash_ignore_busy = 0; req->client_identity = NULL; http_CollectHdr(req->http, H_Cache_Control); VCL_recv_method(req); recv_handling = req->handling; if (cache_param->http_gzip_support && (recv_handling != VCL_RET_PIPE) && (recv_handling != VCL_RET_PASS)) { if (RFC2616_Req_Gzip(req->http)) { http_Unset(req->http, H_Accept_Encoding); http_SetHeader(req->http, "Accept-Encoding: gzip"); } else { http_Unset(req->http, H_Accept_Encoding); } } req->sha256ctx = &sha256ctx; /* so HSH_AddString() can find it */ SHA256_Init(req->sha256ctx); VCL_hash_method(req); assert(req->handling == VCL_RET_HASH); SHA256_Final(req->digest, req->sha256ctx); req->sha256ctx = NULL; if (!strcmp(req->http->hd[HTTP_HDR_REQ].b, "HEAD")) req->wantbody = 0; else req->wantbody = 1; switch(recv_handling) { case VCL_RET_LOOKUP: req->req_step = R_STP_LOOKUP; return (0); case VCL_RET_PIPE: if (req->esi_level > 0) { /* XXX: VSL something */ INCOMPL(); return (1); } req->req_step = R_STP_PIPE; return (0); case VCL_RET_PASS: req->req_step = R_STP_PASS; return (0); case VCL_RET_ERROR: req->req_step = R_STP_ERROR; return (0); default: WRONG("Illegal action in vcl_recv{}"); } }
void init_hashtable_values() { printf("Pre-computing dcrypt internal hash values.\n"); SHA256_CTX hash; SHA256_Init(&hash); unsigned char md[32]; if(tmp_array_1 && hash_1) { for(int x1 = 0; x1 < 16; x1++) { unsigned int offset_1 = x1; uint8_t * ta1 = &tmp_array_1[item_size*x1]; memset(ta1, 0xff, SHA256_LEN); ta1[SHA256_LEN] = hex_digits[x1]; sha256_to_str(ta1, SHA256_LEN + 1, ta1,md); SHA256_CTX *current_hash = &hash_1[x1]; memcpy(current_hash,&hash,sizeof(SHA256_CTX)); SHA256_Update(current_hash,ta1,SHA256_LEN); if(tmp_array_2 && hash_2) { for(int x2 = 0; x2 < 16; x2++) { unsigned int offset_2 = offset_1*16+x2; uint8_t * ta2 = &tmp_array_2[item_size*offset_2]; memcpy(ta2,ta1,SHA256_LEN); ta2[SHA256_LEN] = hex_digits[x2]; sha256_to_str(ta2, SHA256_LEN + 1, ta2,md); memcpy(&hash_2[offset_2],&hash_1[offset_1],sizeof(SHA256_CTX)); SHA256_Update(&hash_2[offset_2],ta2,SHA256_LEN); if(tmp_array_3 && hash_3) { for(int x3 = 0; x3 < 16; x3++) { unsigned int offset_3 = offset_2*16+x3; uint8_t * ta3 = &tmp_array_3[item_size*offset_3]; memcpy(ta3,ta2,SHA256_LEN); ta3[SHA256_LEN] = hex_digits[x3]; sha256_to_str(ta3, SHA256_LEN + 1, ta3,md); memcpy(&hash_3[offset_3],&hash_2[offset_2],sizeof(SHA256_CTX)); SHA256_Update(&hash_3[offset_3],ta3,SHA256_LEN); if(tmp_array_4 && hash_4) { for(int x4 = 0; x4 < 16; x4++) { unsigned int offset_4 = offset_3*16+x4; uint8_t * ta4 = &tmp_array_4[item_size*offset_4]; memcpy(ta4,ta3,SHA256_LEN); ta4[SHA256_LEN] = hex_digits[x4]; sha256_to_str(ta4, SHA256_LEN + 1, ta4,md); memcpy(&hash_4[offset_4],&hash_3[offset_3],sizeof(SHA256_CTX)); SHA256_Update(&hash_4[offset_4],ta4,SHA256_LEN); if(tmp_array_5 && hash_5) { for(int x5 = 0; x5 < 16; x5++) { unsigned int offset_5 = offset_4*16+x5; uint8_t * ta5 = &tmp_array_5[item_size*offset_5]; memcpy(ta5,ta4,SHA256_LEN); ta5[SHA256_LEN] = hex_digits[x5]; sha256_to_str(ta5, SHA256_LEN + 1, ta5,md); memcpy(&hash_5[offset_5],&hash_4[offset_4],sizeof(SHA256_CTX)); SHA256_Update(&hash_5[offset_5],ta5,SHA256_LEN); } } } } } } } } } } printf("Ready to rumble.\n"); }
bool dcrypt_fast(u8int *data, size_t data_sz,uint32_t*md) { #define MAX_INC 16 unsigned char hash_buffer[SHA256_LEN*MAX_INC+SHA256_LEN*4+80+1]; unsigned char index_buffer[SHA256_LEN+1]; unsigned char *tmp_array = hash_buffer; unsigned int index = 0; unsigned char tmp_val; SHA256_CTX hash; SHA256_Init(&hash); digest_to_skiplist((u8int *)md,index_buffer); int steps = 0,index_test=index; while(1) { index_test += index_buffer[index_test]+1; if(index_test >= SHA256_LEN) return 0; if(index_test == SHA256_LEN - 1) break; steps++; } if(steps >= MAX_INC) return 0;/**/ memset(tmp_array, 0xff, SHA256_LEN); //set the first hash length in the temp array to all 0xff' memset(tmp_array + SHA256_LEN, 0x00, 2); //set the last bytes to \000 int count = 0; if(tmp_array_1 && hash_1) // copy pre-calulated internal hashes { index += index_buffer[index]+1; unsigned int offset_1 = index_buffer[index]; if(tmp_array_2 && hash_2) // depth 2 { index += index_buffer[index]+1; unsigned int offset_2 = offset_1*16+index_buffer[index]; if(tmp_array_3 && hash_3) // depth 3 { index += index_buffer[index]+1; unsigned int offset_3 = offset_2*16+index_buffer[index]; if(tmp_array_4 && hash_4) // depth 4 { index += index_buffer[index]+1; unsigned int offset_4 = offset_3*16+index_buffer[index]; if(tmp_array_5 && hash_5) // depth 5 { index += index_buffer[index]+1; unsigned int offset_5 = offset_4*16+index_buffer[index]; // depth 6? memcpy(tmp_array,&tmp_array_5[item_size*offset_5],SHA256_LEN); memcpy(&hash,&hash_5[offset_5],sizeof(SHA256_CTX)); } else { memcpy(tmp_array,&tmp_array_4[item_size*offset_4],SHA256_LEN); memcpy(&hash,&hash_4[offset_4],sizeof(SHA256_CTX)); } } else { memcpy(tmp_array,&tmp_array_3[item_size*offset_3],SHA256_LEN); memcpy(&hash,&hash_3[offset_3],sizeof(SHA256_CTX)); } } else { memcpy(tmp_array,&tmp_array_2[item_size*offset_2],SHA256_LEN); memcpy(&hash,&hash_2[offset_2],sizeof(SHA256_CTX)); } } else { memcpy(tmp_array,&tmp_array_1[item_size*offset_1],SHA256_LEN); memcpy(&hash,&hash_1[offset_1],sizeof(SHA256_CTX)); } } do { index += index_buffer[index]+1; if(index >= SHA256_LEN) return 0; tmp_val = hex_digits[index_buffer[index]]; tmp_array[SHA256_LEN] = tmp_val; //set end of tmp_array to tmp_val sha256_to_str(tmp_array, SHA256_LEN + 1, tmp_array+SHA256_LEN,(u8int *)md); count++; tmp_array += SHA256_LEN; } while ((index != SHA256_LEN - 1) || (tmp_val != tmp_array[SHA256_LEN - 1] )); SHA256_Update(&hash,hash_buffer+SHA256_LEN,SHA256_LEN*count); SHA256_Update(&hash,data,data_sz); SHA256_Final((u8int *)md, &hash); return 1; }
int main(int argc, char **argv) { char tarpath[PATH_MAX]; char origtarpath[PATH_MAX]; char selfpath[PATH_MAX]; char *entrydata; struct archive *a; struct archive_entry *entry; int r; int64_t asize; //char *exclude_pattern = ".*/\\.svn/.*"; //char buf[block]; SHA256_CTX c; unsigned char md[SHA256_DIGEST_LENGTH]; regex_t preg; int ch, i; verbosity verb; char *modeline; int modelinesize; uint64_t (*modefunctions[11])( struct archive_entry *entry) = { archive_entry_mode, archive_entry_dev, archive_entry_devmajor, archive_entry_devminor, archive_entry_ino, archive_entry_nlink, archive_entry_rdevmajor, archive_entry_rdevminor, archive_entry_uid, archive_entry_gid, archive_entry_size }; /* * 16 characters should be enougth for all possible modefields */ char modes[(int)(sizeof(modefunctions)/sizeof(modefunctions[0]))][16]; (void)realpath(argv[0], selfpath); // "$." -- empty match for any not-multiline input string if (regcomp(&preg, "$.", REG_EXTENDED) != 0) { fprintf(stderr, "Bad pattern\n"); exit(1); } while ((ch = getopt(argc, argv, "r:")) != -1) { switch (ch) { case 'r': if (regcomp(&preg, optarg, REG_EXTENDED) != 0) { fprintf(stderr, "Bad pattern\n"); exit(1); }; break; case '?': default: usage(selfpath); } } argc -= optind; argv += optind; a = archive_read_new(); archive_read_support_compression_all(a); archive_read_support_format_all(a); if (argc == 0) { strncpy(tarpath, "stdin", sizeof("stdin")); r = archive_read_open_filename(a, NULL, ARCHIVE_DEFAULT_BYTES_PER_BLOCK); verb = Quiet; } else { (void)realpath(argv[0], tarpath); strcpy(origtarpath, argv[0]); if ((r = archive_read_open_filename(a, tarpath, ARCHIVE_DEFAULT_BYTES_PER_BLOCK)) == ARCHIVE_OK){ verb = Noquiet; } else { printf("%s\n", archive_error_string(a)); exit(1); } } int counter=0; SHA256_Init(&c); while ((r = archive_read_next_header(a, &entry)) == ARCHIVE_OK) { modelinesize = 0; if ((++counter % 100) == 0) { printf ("%09d ", counter); printf("%s\n",archive_entry_pathname(entry)); } if (regexec(&preg, archive_entry_pathname(entry), 0, NULL, 0) !=0) { SHA256_Update(&c, archive_entry_pathname(entry), sizeof(archive_entry_pathname(entry))); //printf("%s\n",archive_entry_pathname(entry)); for (i=0; i < sizeof(modefunctions)/sizeof(modefunctions[0]); i++){ sprintf(modes[i], "%ld", modefunctions[i](entry)); modelinesize += sizeof(modes[i]); } modeline = malloc(modelinesize); for (i=0; i < sizeof(modefunctions)/sizeof(modefunctions[0]); i++){ if (i == 0){ strlcpy(modeline, modes[i], sizeof(modes[i])); } else { strlcat(modeline, modes[i], sizeof(modes[i])); } //free(modes[i]); } SHA256_Update(&c, modeline, modelinesize); free(modeline); if (archive_entry_filetype(entry) == AE_IFLNK){ SHA256_Update(&c, archive_entry_symlink(entry), sizeof(archive_entry_symlink(entry))); } if (archive_entry_filetype(entry) == AE_IFREG ) { asize = archive_entry_size(entry); entrydata = malloc(asize); archive_read_data(a, entrydata, asize); SHA256_Update(&c, entrydata, asize); //SHA256_Update(&lc, entrydata, asize); //SHA256_Final(&(md[0]),&lc); //pt(md); free(entrydata); } } else { archive_read_data_skip(a); } } if ( r == ARCHIVE_EOF ) { if (verb != Quiet) printf("%s (%s) = ", toUpper(basename(selfpath)), origtarpath); SHA256_Final(&(md[0]),&c); pt(md); } else { //fprintf(stderr, "%s: %s\n", tarpath, "Can't operate with archive"); fprintf(stderr, "%s: %s\n", tarpath, archive_error_string(a)); exit(1); } archive_read_close(a); archive_read_free(a); regfree(&preg); }
static int sign_with_p12_key(const struct http_io_conf *const config, char *key_file, const char *pwd, char *plain_text, char *signed_buf, size_t buflen) { unsigned char hash[SHA256_DIGEST_LENGTH]; unsigned char sign[256]; unsigned int sign_len = 0; FILE *fp = NULL; PKCS12 *p12 = NULL; EVP_PKEY *pkey = NULL; X509 *x509 = NULL; EVP_MD_CTX *ctx = NULL; RSA *prikey = NULL; SHA256_CTX sha256; const char *c; int ret; memset(hash, 0, SHA256_DIGEST_LENGTH); memset(sign, 0, 256); if (!(fp = fopen(key_file, "rb"))){ (*config->log)(LOG_ERR, "Error opening cert file %s: %s", key_file, strerror(errno)); return 1; } p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); if (!p12) { (*config->log)(LOG_ERR, "Error reading PKCS#12 file: %s", strerror(errno)); return 1; } STACK_OF(X509) *ca = NULL; ret = PKCS12_parse(p12, pwd, &pkey, &x509, &ca); PKCS12_free(p12); if (ret == 0) { (*config->log)(LOG_ERR, "Error parsing PKCS#12 file: %s", strerror(errno)); return 1; } sign_len = EVP_PKEY_size(pkey); ctx = EVP_MD_CTX_create(); EVP_MD_CTX_init(ctx); prikey = EVP_PKEY_get1_RSA(pkey); SHA256_Init(&sha256); c = plain_text; SHA256_Update(&sha256, c, strlen(c)); SHA256_Final(hash, &sha256); ret = RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, sign, &sign_len, prikey); EVP_MD_CTX_destroy(ctx); RSA_free(prikey); EVP_PKEY_free(pkey); X509_free(x509); if (ret == 0) { (*config->log)(LOG_ERR, "Signing p12 key with RSA Signature failed "); return 1; } memset(signed_buf, 0, buflen); http_io_base64_encode_safe(signed_buf, buflen, sign, sign_len); return 0; }
void HMAC_Init(HMAC_CTX *ctx, unsigned char *key, int len) //final parameter fixed to SHA256, so omitted EVP_MD *md; { int i,j,reset=0; unsigned char pad[HMAC_MAX_MD_CBLOCK]; unsigned char aux; //temporary, for the initialization loops //unsigned int ctx_key_length; unsigned char ctx_key[HMAC_MAX_MD_CBLOCK]; /* if (md != NULL) { reset=1; ctx->md=md; } else md=ctx->md; */ if (key != NULL) { reset=1; //j=EVP_MD_block_size(md); j= HMAC_MAX_MD_CBLOCK; if (j < len) { //apply sha to key get a 32byte-key, then pad to 64 //EVP_DigestInit(&ctx->md_ctx,md); //EVP_DigestUpdate(&ctx->md_ctx,key,len); //EVP_DigestFinal(&(ctx->md_ctx),ctx->key, &ctx->key_length); SHA256_Init(&ctx->md_ctx); SHA256_Update(&ctx->md_ctx,key,len); SHA256_Final(ctx_key,&(ctx->md_ctx)); memset(&(ctx_key[32]),0,32); //ctx_key_length=32; //in analogy to what's 6 lines below } else { memcpy(ctx_key,key,len); memset(&(ctx_key[len]),0,sizeof(ctx_key)-len); //ctx_key_length=len; } } if (reset) { for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) { aux = ctx_key[i]; aux = 0x36^aux; pad[i]=aux; } //Initialize inner SHA structure, and hash ipad //EVP_DigestInit(&ctx->i_ctx,md); //EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); SHA256_Init(&ctx->i_ctx); SHA256_Update(&ctx->i_ctx,pad,HMAC_MAX_MD_CBLOCK); for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) { aux = ctx_key[i]; pad[i]=0x5c^aux; } //Initialize outer SHA structure, and hash opad //EVP_DigestInit(&ctx->o_ctx,md); //EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); SHA256_Init(&ctx->o_ctx); SHA256_Update(&ctx->o_ctx,pad,HMAC_MAX_MD_CBLOCK); } //copy inner sha structure to "current" sha structure memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx)); }
void sha256::encoder::reset() { SHA256_Init( &my->ctx); }
int main( int argc, char *argv[] ) { int nRetVal = EXIT_SUCCESS; DH *pMine = NULL, *pTheirs = NULL; int nSharedKey = 0; char* pSharedKey = NULL; char pFoldedKey[ SHA256_DIGEST_LENGTH ] = { 0 }; ARGS sArgs = { 0 }; int fdSock = 0; if( !parseArgs( &sArgs, argc, argv ) ) { printf( "usage:\n%s\n" "\t-client <ip>:<port>\n" "\t-server <port>\n", argv[0] ); nRetVal = EXIT_FAILURE; } // bind/connect if( EXIT_SUCCESS == nRetVal ) { fdSock = getNetworkConnection( &sArgs ); if( -1 == fdSock ) { nRetVal = EXIT_FAILURE; } else { #ifdef DEBUG_OUTPUT printf( "[i]\tgot a connection\n" ); #endif } } // create diffie structures if( EXIT_SUCCESS == nRetVal ) { pMine = DH_new(); pTheirs = DH_new(); if( pMine && pTheirs ) { BN_hex2bn( &(pMine->p), "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" "83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" "60C980DD98EDD3DFFFFFFFFFFFFFFFFF" ); BN_hex2bn( &(pMine->g), "2" ); // "they're" going to use the same pTheirs->p = BN_dup( pMine->p ); pTheirs->g = BN_dup( pMine->g ); } // check we have everything we should if( NULL == pMine || NULL == pMine->p || NULL == pMine->g || NULL == pTheirs || NULL == pTheirs->p || NULL == pTheirs->g ) { nRetVal = EXIT_FAILURE; } } // pMine has p & g if( EXIT_SUCCESS == nRetVal && pMine ) { #ifdef DEBUG_OUTPUT fprintf( stdout, "[i]\tgenerating key....." ); fflush( stdout ); #endif if( DH_generate_key( pMine ) ) { #ifdef DEBUG_OUTPUT fprintf( stdout, "done.\n" ); #endif } else { #ifdef DEBUG_OUTPUT fprintf( stdout, "failed.\n" ); #endif nRetVal = EXIT_FAILURE; } } // // we now have public and private keys // // // now push our public key // if( EXIT_SUCCESS == nRetVal ) { pSharedKey = BN_bn2hex( pMine->pub_key ); // ( just reusing the var ) if( pSharedKey ) { nSharedKey = strlen( pSharedKey ); #ifdef DEBUG_OUTPUT printf( "[i]\tsending public key (%d)\n", nSharedKey ); #endif write( fdSock, pSharedKey, nSharedKey ); } else { nRetVal = EXIT_FAILURE; } } // // read in pTheirs public key // (reusing pShareKey's buffer - its the same size after all) // if( EXIT_SUCCESS == nRetVal && pSharedKey ) { bzero( pSharedKey, nSharedKey ); if( nSharedKey == read( fdSock, pSharedKey, nSharedKey ) ) { // looks good } else { // incompleate read - should really re-try nRetVal = EXIT_FAILURE; } } // // parse in the public key // if( EXIT_SUCCESS == nRetVal && pSharedKey ) { BN_hex2bn( &(pTheirs->pub_key), pSharedKey ); } // // free that temp buffer // if( pSharedKey ) { OPENSSL_free( pSharedKey ); pSharedKey = NULL; nSharedKey = 0; } // // calculate shared key // if( EXIT_SUCCESS == nRetVal ) { nSharedKey = DH_size( pMine ); pSharedKey = OPENSSL_malloc( nSharedKey ); if( pSharedKey ) { DH_compute_key( pSharedKey, pTheirs->pub_key, pMine ); } else { // malloc failed nRetVal = EXIT_FAILURE; } } if( EXIT_SUCCESS == nRetVal && nSharedKey && pSharedKey ) { // key is too big - needs folding SHA256_CTX ctx = { 0 }; SHA256_Init( &ctx ); SHA256_Update( &ctx, pSharedKey, nSharedKey ); SHA256_Final( pFoldedKey, &ctx ); #ifdef DEBUG_OUTPUT fprintf( stdout, "[i]\tsuccesfully key-exchanged.\n" ); { BIGNUM *pOutput = BN_bin2bn( pFoldedKey, sizeof( pFoldedKey ), NULL ); char *pTextOut= BN_bn2hex( pOutput ); fprintf( stdout, "[i]\tshared key:\n%s\n", pTextOut ); OPENSSL_free( pTextOut ); BN_free( pOutput ); } #endif nRetVal = copyLoop( fdSock, pFoldedKey, sizeof( pFoldedKey ) ); // // close the socket connection // close( fdSock ); } if( pSharedKey ) { OPENSSL_free( pSharedKey ); pSharedKey = NULL; nSharedKey = 0; } if( pMine ) { DH_free( pMine ); pMine = NULL; } if( pTheirs ) { DH_free( pTheirs ); pTheirs = NULL; } return nRetVal; }
error SHA256Strategy::init( boost::any& _context ) const { _context = SHA256_CTX(); SHA256_Init( boost::any_cast<SHA256_CTX>( &_context ) ); return SUCCESS(); }
int scanhash_dcrypt(int thr_id, uint32_t *pdata, unsigned char *digest, const uint32_t *ptarget, uint32_t max_nonce, unsigned long *hashes_done, int num_iter,unsigned long *hashes_skipped) { uint32_t block[20], hash[8]; uint32_t nNonce = pdata[19] - 1; const uint32_t Htarg = ptarget[7]; //the last element in the target is the first 32 bits of the target int i; bool completed; *hashes_skipped = 0; //copy the block (first 80 bytes of pdata) into block memcpy(block, pdata, 80); SHA256_CTX halfstate,fullstate; SHA256_Init(&halfstate); SHA256_Update(&halfstate,&block,sizeof(uint32_t)*19); do { //increment nNonce block[19] = ++nNonce; //completed = dcrypt((u8int*)block, 80, digest, hash, num_iter); memcpy(&fullstate,&halfstate,sizeof(SHA256_CTX)); SHA256_Update(&fullstate,&block[19],sizeof(uint32_t)); SHA256_Final((u8int *)hash, &fullstate); completed = dcrypt_fast((u8int*)block, 80,hash);/**/ if (!completed) { *hashes_skipped += 1; continue; } /* // check optimized hash against previous hash function uint32_t hash2[8]; int c2 = dcrypt((u8int*)block, 80, digest, hash2, num_iter); for(int i = 0; i < 8 ; i++) { if(hash[i] != hash2[i]) { char s1[65],s2[65]; digest_to_string((u8int*)hash, s1); digest_to_string((u8int*)hash2, s2); printf("Fail!!!\n%s %d\n%s %d\n",s1,completed,s2,c2); exit(0); } }/**/ //hash[7] <= Htarg just compares the first 32 bits of the hash with the target // full_test fully compares the entire hash with the entire target if(hash[7] <= Htarg && fulltest(hash, ptarget)) { *hashes_done = nNonce - pdata[19] + 1 - *hashes_skipped; pdata[19] = block[19]; char s[65]; digest_to_string((u8int*)hash, s); applog(LOG_INFO, "hash found: %s", s); // check uint32_t hash2[8]; int c2 = dcrypt((u8int*)block, 80, digest, hash2, num_iter); for(int i = 0; i < 8 ; i++) { if(hash[i] != hash2[i]) { char s1[65],s2[65]; digest_to_string((u8int*)hash, s1); digest_to_string((u8int*)hash2, s2); printf("Error invalid hash found.\n%s %d\n%s %d\n",s1,completed,s2,c2); exit(0); } } //printf("hash verified.\n"); //found a hash! return 1; } }while(nNonce < max_nonce && !work_restart[thr_id].restart); *hashes_done = nNonce - pdata[19] + 1 - *hashes_skipped; pdata[19] = nNonce; //No luck yet return 0; }
int main(int argc, char **argv) { int kl, l, fd, ac; int quiet = 0, hash = 0; char *av, *file = (char*)0; FILE *IN = (FILE*)0; SHA256_CTX ctx256; SHA384_CTX ctx384; SHA512_CTX ctx512; unsigned char buf[BUFLEN]; SHA256_Init(&ctx256); SHA384_Init(&ctx384); SHA512_Init(&ctx512); /* Read data from STDIN by default */ fd = fileno(stdin); ac = 1; while (ac < argc) { if (*argv[ac] == '-') { av = argv[ac] + 1; if (!strcmp(av, "q")) { quiet = 1; } else if (!strcmp(av, "256")) { hash |= 1; } else if (!strcmp(av, "384")) { hash |= 2; } else if (!strcmp(av, "512")) { hash |= 4; } else if (!strcmp(av, "ALL")) { hash = 7; } else { usage(argv[0], "Invalid option."); } ac++; } else { file = argv[ac++]; if (ac != argc) { usage(argv[0], "Too many arguments."); } if ((IN = fopen(file, "r")) == NULL) { perror(argv[0]); exit(-1); } fd = fileno(IN); } } if (hash == 0) hash = 7; /* Default to ALL */ kl = 0; while ((l = read(fd,buf,BUFLEN)) > 0) { kl += l; SHA256_Update(&ctx256, (unsigned char*)buf, l); SHA384_Update(&ctx384, (unsigned char*)buf, l); SHA512_Update(&ctx512, (unsigned char*)buf, l); } if (file) { fclose(IN); } if (hash & 1) { SHA256_End(&ctx256, buf); if (!quiet) printf("SHA-256 (%s) = ", file); printf("%s\n", buf); } if (hash & 2) { SHA384_End(&ctx384, buf); if (!quiet) printf("SHA-384 (%s) = ", file); printf("%s\n", buf); } if (hash & 4) { SHA512_End(&ctx512, buf); if (!quiet) printf("SHA-512 (%s) = ", file); printf("%s\n", buf); } return 1; }
ULONG AnscCryptoHmacSha256Digest ( PVOID buffer, ULONG size, PANSC_CRYPTO_HASH hash, PANSC_CRYPTO_KEY key ) { ULONG i = 0; UCHAR innerPadding[ANSC_SHA256_BLOCK_SIZE] = {0}; UCHAR outerPadding[ANSC_SHA256_BLOCK_SIZE] = {0}; UCHAR HMACKey[ANSC_SHA256_BLOCK_SIZE] = {0}; UCHAR tempBuffer[ANSC_SHA256_OUTPUT_SIZE] = {0}; SHA256_CTX context; AnscTraceFlow (( "%s -- size = %d, buffer = %s, key = %02X.%02X.%02X.%02X.%02X.%02X..., hash length = %d, key length = %d, block size %d, output size %d\n", __FUNCTION__, size, (char*)buffer, key->Value[0][0], key->Value[0][1], key->Value[0][2], key->Value[0][3], key->Value[0][4], key->Value[0][5], hash->Length, key->Length, ANSC_SHA256_BLOCK_SIZE, ANSC_SHA256_OUTPUT_SIZE )); /* * if the key is longer than the block size of hash function, we have to reset it to the output size; * otherwise, we have to pad zeros to the end of the key */ if ( key->Length > ANSC_SHA256_BLOCK_SIZE ) { SHA256_Init (&context); SHA256_Update(&context, key->Value[0], key->Length); SHA256_Final (HMACKey, &context); } else { for ( i = 0; i < key->Length; i++ ) { HMACKey[i] = key->Value[0][i]; } } /* * perform the XOR operation between key and paddings */ AnscCopyMemory(innerPadding, HMACKey, ANSC_SHA256_BLOCK_SIZE); AnscCopyMemory(outerPadding, HMACKey, ANSC_SHA256_BLOCK_SIZE); for ( i = 0; i < ANSC_SHA256_BLOCK_SIZE; i++ ) { innerPadding[i] ^= ANSC_HMAC_INNER_PADDING_UNIT; outerPadding[i] ^= ANSC_HMAC_OUTER_PADDING_UNIT; } /* * perform inner SHA */ SHA256_Init (&context); SHA256_Update(&context, innerPadding, ANSC_SHA256_BLOCK_SIZE); SHA256_Update(&context, (PUCHAR)buffer, size); SHA256_Final (tempBuffer, &context); /* * perform outer SHA */ SHA256_Init (&context); SHA256_Update(&context, outerPadding, ANSC_SHA256_BLOCK_SIZE); SHA256_Update(&context, tempBuffer, ANSC_SHA256_OUTPUT_SIZE); SHA256_Final (hash->Value, &context); /* * let's make sure our output size is bigger than the requirement; otherwise, we should pad zeros to the end * of the hash result data */ if ( ANSC_SHA256_OUTPUT_SIZE < hash->Length ) { AnscZeroMemory(&hash->Value[ANSC_SHA256_OUTPUT_SIZE], hash->Length - ANSC_SHA256_OUTPUT_SIZE); } /* * return control to caller */ return hash->Length; }
TACK_RETVAL tackOpenSSLVerifyFunc(uint8_t publicKey[TACK_PUBKEY_LENGTH], uint8_t signature[TACK_SIG_LENGTH], uint8_t* data, uint32_t dataLen) { uint8_t pubKeyBuf[TACK_PUBKEY_LENGTH + 1]; uint8_t hashBuf[TACK_HASH_LENGTH]; EC_KEY* ec_key = 0; EC_GROUP* ec_group = 0; EC_POINT* ec_point = 0; ECDSA_SIG* ecdsa_sig = 0; SHA256_CTX sha256_ctx; TACK_RETVAL retval = TACK_ERR_CRYPTO_FUNC; int ret = 0; /* Prepare the public key to be passed into OpenSSL */ pubKeyBuf[0] = 0x04; memcpy(pubKeyBuf+1, publicKey, TACK_PUBKEY_LENGTH); /* Create EC_KEY from raw bytes */ if ((ec_key = EC_KEY_new_by_curve_name(OBJ_txt2nid("prime256v1"))) == 0) goto end; if ((ec_group = EC_GROUP_new_by_curve_name(OBJ_txt2nid("prime256v1"))) == 0) goto end; if ((ec_point = EC_POINT_new(ec_group)) == 0) goto end; if (EC_POINT_oct2point(ec_group, ec_point, pubKeyBuf, 65, 0) == 0) { retval = TACK_ERR_BAD_PUBKEY; goto end; } if (EC_KEY_set_public_key(ec_key, ec_point) == 0) goto end; /* Create ECDSA_SIG from raw bytes */ if ((ecdsa_sig = ECDSA_SIG_new()) == 0) goto end; if (BN_bin2bn(signature, TACK_SIG_LENGTH/2, ecdsa_sig->r) == 0) goto end; if (BN_bin2bn(signature + TACK_SIG_LENGTH/2, TACK_SIG_LENGTH/2, ecdsa_sig->s) == 0) goto end; /* Hash the input data */ SHA256_Init(&sha256_ctx); SHA256_Update(&sha256_ctx, data, dataLen); SHA256_Final(hashBuf, &sha256_ctx); /* Verify the signature */ ret = ECDSA_do_verify(hashBuf, TACK_HASH_LENGTH, ecdsa_sig, ec_key); if (ret == 1) retval = TACK_OK; else if (ret == 0) retval = TACK_ERR_BAD_SIGNATURE; else if (ret == -1) retval = TACK_ERR_CRYPTO_FUNC; end: if (ec_key) EC_KEY_free(ec_key); if (ec_group) EC_GROUP_free(ec_group); if (ec_point) EC_POINT_free(ec_point); if (ecdsa_sig) ECDSA_SIG_free(ecdsa_sig); return(retval); }
/* initialise the hash */ void yarrow_hash_init(struct yarrowhash *context) { SHA256_Init(&context->sha); }
void* initializeSha256Context(void* ctx) { SHA256_CTX* hd = (SHA256_CTX*)ctx; SHA256_Init(hd); return (void*)hd; }
RTDECL(void) RTSha256Init(PRTSHA256CONTEXT pCtx) { SHA256_Init(&pCtx->Private); }
static char * crypt_sha256_r(const char *key, const char *salt, char *buffer, int buflen) { u_long srounds; int n; uint8_t alt_result[32], temp_result[32]; SHA256_CTX ctx, alt_ctx; size_t salt_len, key_len, cnt, rounds; char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp; const char *num; bool rounds_custom; copied_key = NULL; copied_salt = NULL; /* Default number of rounds. */ rounds = ROUNDS_DEFAULT; rounds_custom = false; /* Find beginning of salt string. The prefix should normally always * be present. Just in case it is not. */ if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1) == 0) /* Skip salt prefix. */ salt += sizeof(sha256_salt_prefix) - 1; if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) - 1) == 0) { num = salt + sizeof(sha256_rounds_prefix) - 1; srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; rounds = MAX(ROUNDS_MIN, MIN(srounds, ROUNDS_MAX)); rounds_custom = true; } } salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); key_len = strlen(key); /* Prepare for the real work. */ SHA256_Init(&ctx); /* Add the key string. */ SHA256_Update(&ctx, key, key_len); /* The last part is the salt string. This must be at most 8 * characters and it ends at the first `$' character (for * compatibility with existing implementations). */ SHA256_Update(&ctx, salt, salt_len); /* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The * final result will be added to the first context. */ SHA256_Init(&alt_ctx); /* Add key. */ SHA256_Update(&alt_ctx, key, key_len); /* Add salt. */ SHA256_Update(&alt_ctx, salt, salt_len); /* Add key again. */ SHA256_Update(&alt_ctx, key, key_len); /* Now get result of this (32 bytes) and add it to the other context. */ SHA256_Final(alt_result, &alt_ctx); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 32; cnt -= 32) SHA256_Update(&ctx, alt_result, 32); SHA256_Update(&ctx, alt_result, cnt); /* Take the binary representation of the length of the key and for * every 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) if ((cnt & 1) != 0) SHA256_Update(&ctx, alt_result, 32); else SHA256_Update(&ctx, key, key_len); /* Create intermediate result. */ SHA256_Final(alt_result, &ctx); /* Start computation of P byte sequence. */ SHA256_Init(&alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; ++cnt) SHA256_Update(&alt_ctx, key, key_len); /* Finish the digest. */ SHA256_Final(temp_result, &alt_ctx); /* Create byte sequence P. */ cp = p_bytes = alloca(key_len); for (cnt = key_len; cnt >= 32; cnt -= 32) { memcpy(cp, temp_result, 32); cp += 32; } memcpy(cp, temp_result, cnt); /* Start computation of S byte sequence. */ SHA256_Init(&alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) SHA256_Update(&alt_ctx, salt, salt_len); /* Finish the digest. */ SHA256_Final(temp_result, &alt_ctx); /* Create byte sequence S. */ cp = s_bytes = alloca(salt_len); for (cnt = salt_len; cnt >= 32; cnt -= 32) { memcpy(cp, temp_result, 32); cp += 32; } memcpy(cp, temp_result, cnt); /* Repeatedly run the collected hash value through SHA256 to burn CPU * cycles. */ for (cnt = 0; cnt < rounds; ++cnt) { /* New context. */ SHA256_Init(&ctx); /* Add key or last result. */ if ((cnt & 1) != 0) SHA256_Update(&ctx, p_bytes, key_len); else SHA256_Update(&ctx, alt_result, 32); /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) SHA256_Update(&ctx, s_bytes, salt_len); /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) SHA256_Update(&ctx, p_bytes, key_len); /* Add key or last result. */ if ((cnt & 1) != 0) SHA256_Update(&ctx, alt_result, 32); else SHA256_Update(&ctx, p_bytes, key_len); /* Create intermediate result. */ SHA256_Final(alt_result, &ctx); } /* Now we can construct the result string. It consists of three * parts. */ cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen)); buflen -= sizeof(sha256_salt_prefix) - 1; if (rounds_custom) { n = snprintf(cp, MAX(0, buflen), "%s%zu$", sha256_rounds_prefix, rounds); cp += n; buflen -= n; } cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); buflen -= MIN((size_t)MAX(0, buflen), salt_len); if (buflen > 0) { *cp++ = '$'; --buflen; } b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4, &buflen, &cp); b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4, &buflen, &cp); b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4, &buflen, &cp); b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4, &buflen, &cp); b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4, &buflen, &cp); b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4, &buflen, &cp); b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4, &buflen, &cp); b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4, &buflen, &cp); b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4, &buflen, &cp); b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4, &buflen, &cp); b64_from_24bit(0, alt_result[31], alt_result[30], 3, &buflen, &cp); if (buflen <= 0) { errno = ERANGE; buffer = NULL; } else *cp = '\0'; /* Terminate the string. */ /* Clear the buffer for the intermediate result so that people * attaching to processes or reading core dumps cannot get any * information. We do it in this way to clear correct_words[] inside * the SHA256 implementation as well. */ SHA256_Init(&ctx); SHA256_Final(alt_result, &ctx); memset(temp_result, '\0', sizeof(temp_result)); memset(p_bytes, '\0', key_len); memset(s_bytes, '\0', salt_len); memset(&ctx, '\0', sizeof(ctx)); memset(&alt_ctx, '\0', sizeof(alt_ctx)); if (copied_key != NULL) memset(copied_key, '\0', key_len); if (copied_salt != NULL) memset(copied_salt, '\0', salt_len); return buffer; }
AnsiString HashCreator::_GetHashRaw(const unsigned char *input, int inputLength, HashCreator::RequestedEncoding encoding) { int digestLength = 0; switch (_hashType) { case SHA1: digestLength = SHA_DIGEST_LENGTH; break; case SHA256: digestLength = SHA256_DIGEST_LENGTH; break; case MD5: digestLength = MD5_DIGEST_LENGTH; break; } unsigned char *results = new unsigned char[digestLength]; switch (_hashType) { case SHA1: { SHA_CTX context; SHA1_Init(&context); SHA1_Update(&context, input, inputLength); SHA1_Final(results, &context); break; } case MD5: { MD5_CTX context; MD5_Init(&context); MD5_Update(&context, input, inputLength); MD5_Final(results, &context); break; } case SHA256: { SHA256_CTX context; SHA256_Init(&context); SHA256_Update(&context, input, inputLength); SHA256_Final(results, &context); break; } } HM::String retVal; if (encoding == hex) { char *s = new char[digestLength*2+1]; for (int i=0; i<digestLength; i++) sprintf(s+i*2, "%02x", results[i]); s[digestLength*2]='\0'; retVal = s; delete [] s; } else if (encoding == base64) { MimeCodeBase64 encoder; encoder.SetInput((const char*) results, digestLength, true); AnsiString sEncodedValue; encoder.GetOutput(sEncodedValue); retVal = sEncodedValue; retVal = retVal.Mid(0, retVal.GetLength()-2); } delete [] results; return retVal; }
void HashSHA256::Begin() { SHA256_Init(m_state); }
static enum req_fsm_nxt cnt_recv(struct worker *wrk, struct req *req) { unsigned recv_handling; struct SHA256Context sha256ctx; char *xff; CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); CHECK_OBJ_NOTNULL(req, REQ_MAGIC); CHECK_OBJ_NOTNULL(req->vcl, VCL_CONF_MAGIC); AZ(req->objcore); AZ(req->obj); AZ(req->objcore); AZ(isnan(req->t_first)); AZ(isnan(req->t_prev)); AZ(isnan(req->t_req)); VSLb(req->vsl, SLT_ReqStart, "%s %s", req->sp->client_addr_str, req->sp->client_port_str); http_VSL_log(req->http); if (req->err_code) { req->req_step = R_STP_SYNTH; return (REQ_FSM_MORE); } /* By default we use the first backend */ AZ(req->director_hint); req->director_hint = req->vcl->director[0]; AN(req->director_hint); req->d_ttl = -1; req->disable_esi = 0; req->hash_always_miss = 0; req->hash_ignore_busy = 0; req->client_identity = NULL; if (req->restarts == 0) { if (http_GetHdr(req->http, H_X_Forwarded_For, &xff)) { http_Unset(req->http, H_X_Forwarded_For); http_PrintfHeader(req->http, "X-Forwarded-For: %s, %s", xff, req->sp->client_addr_str); } else { http_PrintfHeader(req->http, "X-Forwarded-For: %s", req->sp->client_addr_str); } } http_CollectHdr(req->http, H_Cache_Control); VCL_recv_method(req->vcl, wrk, req, NULL, req->http->ws); /* Attempts to cache req.body may fail */ if (req->req_body_status == REQ_BODY_FAIL) { return (REQ_FSM_DONE); } recv_handling = wrk->handling; /* We wash the A-E header here for the sake of VRY */ if (cache_param->http_gzip_support && (recv_handling != VCL_RET_PIPE) && (recv_handling != VCL_RET_PASS)) { if (RFC2616_Req_Gzip(req->http)) { http_ForceHeader(req->http, H_Accept_Encoding, "gzip"); } else { http_Unset(req->http, H_Accept_Encoding); } } req->sha256ctx = &sha256ctx; /* so HSH_AddString() can find it */ SHA256_Init(req->sha256ctx); VCL_hash_method(req->vcl, wrk, req, NULL, req->http->ws); assert(wrk->handling == VCL_RET_LOOKUP); SHA256_Final(req->digest, req->sha256ctx); req->sha256ctx = NULL; if (!strcmp(req->http->hd[HTTP_HDR_METHOD].b, "HEAD")) req->wantbody = 0; else req->wantbody = 1; switch(recv_handling) { case VCL_RET_PURGE: req->req_step = R_STP_PURGE; return (REQ_FSM_MORE); case VCL_RET_HASH: req->req_step = R_STP_LOOKUP; return (REQ_FSM_MORE); case VCL_RET_PIPE: if (req->esi_level == 0) { req->req_step = R_STP_PIPE; return (REQ_FSM_MORE); } VSLb(req->vsl, SLT_VCL_Error, "vcl_recv{} returns pipe for ESI included object." " Doing pass."); req->req_step = R_STP_PASS; return (REQ_FSM_DONE); case VCL_RET_PASS: req->req_step = R_STP_PASS; return (REQ_FSM_MORE); case VCL_RET_SYNTH: req->req_step = R_STP_SYNTH; return (REQ_FSM_MORE); default: WRONG("Illegal return from vcl_recv{}"); } }
//-------------------------------------------------- // Calculates files SHA1 digest // szFileName - file name // nDigestType - digest type. Supports only SHA1 (0) // pDigestBuf - buffer to store the digest // nDigestLen - buffer size, must be at least 20 // will be updated by actual digest length // lFileLen - pointer to a buffer where to store the file length // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileDigest(const char* szFileName, int nDigestType, byte* pDigestBuf, int* nDigestLen, long* lFileLen) { int err = ERR_OK; byte buf[FILE_BUFSIZE]; int i; FILE *f = NULL; RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(pDigestBuf); RETURN_IF_NULL_PARAM(nDigestLen); RETURN_IF_NULL_PARAM(lFileLen); memset(pDigestBuf, 0, *nDigestLen); if(nDigestType == DIGEST_SHA1) { if(*nDigestLen >= SHA_DIGEST_LENGTH) { SHA_CTX ctx; *nDigestLen = SHA_DIGEST_LENGTH; if((f = fopen(szFileName,"rb")) != NULL) { //byte *data,*temp_data; SHA1_Init(&ctx); *lFileLen = 0; for (;;) { i = fread(buf, sizeof(char), FILE_BUFSIZE, f); if (i <= 0) break; *lFileLen += i; SHA1_Update(&ctx, buf, (unsigned long)i); } SHA1_Final(pDigestBuf,&ctx); fclose(f); } // if - fopen else err = ERR_FILE_READ; } else err = ERR_DIGEST_LEN; } //AM 22.04.08 else if(nDigestType == DIGEST_SHA256) { if(*nDigestLen >= SHA_DIGEST_LENGTH) { SHA256_CTX ctx; *nDigestLen = SHA256_DIGEST_LENGTH; if((f = fopen(szFileName,"rb")) != NULL) { //byte *data,*temp_data; SHA256_Init(&ctx); *lFileLen = 0; for (;;) { i = fread(buf, sizeof(char), FILE_BUFSIZE, f); if (i <= 0) break; *lFileLen += i; SHA256_Update(&ctx, buf, (unsigned long)i); } SHA256_Final(pDigestBuf,&ctx); fclose(f); } // if - fopen else err = ERR_FILE_READ; } else err = ERR_DIGEST_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
void init_skein_ctx() { sph_skein512_init(&skein_ctx.skein); SHA256_Init(&skein_ctx.sha256); }
/* Initialise the hash */ void randomdev_hash_init(struct randomdev_hash *context) { SHA256_Init(&context->sha); }
int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out, size_t *md_out_size, const uint8_t header[13], const uint8_t *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, const uint8_t *mac_secret, unsigned mac_secret_length) { HASH_CTX md_state; void (*md_final_raw)(HASH_CTX *ctx, uint8_t *md_out); void (*md_transform)(HASH_CTX *ctx, const uint8_t *block); unsigned md_size, md_block_size = 64; // md_length_size is the number of bytes in the length field that terminates // the hash. unsigned md_length_size = 8; // Bound the acceptable input so we can forget about many possible overflows // later in this function. This is redundant with the record size limits in // TLS. if (data_plus_mac_plus_padding_size >= 1024 * 1024) { assert(0); return 0; } switch (EVP_MD_type(md)) { case NID_sha1: SHA1_Init(&md_state.sha1); md_final_raw = tls1_sha1_final_raw; md_transform = tls1_sha1_transform; md_size = SHA_DIGEST_LENGTH; break; case NID_sha256: SHA256_Init(&md_state.sha256); md_final_raw = tls1_sha256_final_raw; md_transform = tls1_sha256_transform; md_size = SHA256_DIGEST_LENGTH; break; case NID_sha384: SHA384_Init(&md_state.sha512); md_final_raw = tls1_sha512_final_raw; md_transform = tls1_sha512_transform; md_size = SHA384_DIGEST_LENGTH; md_block_size = 128; md_length_size = 16; break; default: // EVP_tls_cbc_record_digest_supported should have been called first to // check that the hash function is supported. assert(0); *md_out_size = 0; return 0; } assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); assert(md_block_size <= MAX_HASH_BLOCK_SIZE); assert(md_size <= EVP_MAX_MD_SIZE); static const size_t kHeaderLength = 13; // kVarianceBlocks is the number of blocks of the hash that we have to // calculate in constant time because they could be altered by the // padding value. // // TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not // required to be minimal. Therefore we say that the final six blocks // can vary based on the padding. static const size_t kVarianceBlocks = 6; // From now on we're dealing with the MAC, which conceptually has 13 // bytes of `header' before the start of the data. size_t len = data_plus_mac_plus_padding_size + kHeaderLength; // max_mac_bytes contains the maximum bytes of bytes in the MAC, including // |header|, assuming that there's no padding. size_t max_mac_bytes = len - md_size - 1; // num_blocks is the maximum number of hash blocks. size_t num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; // In order to calculate the MAC in constant time we have to handle // the final blocks specially because the padding value could cause the // end to appear somewhere in the final |kVarianceBlocks| blocks and we // can't leak where. However, |num_starting_blocks| worth of data can // be hashed right away because no padding value can affect whether // they are plaintext. size_t num_starting_blocks = 0; // k is the starting byte offset into the conceptual header||data where // we start processing. size_t k = 0; // mac_end_offset is the index just past the end of the data to be // MACed. size_t mac_end_offset = data_plus_mac_size + kHeaderLength - md_size; // c is the index of the 0x80 byte in the final hash block that // contains application data. size_t c = mac_end_offset % md_block_size; // index_a is the hash block number that contains the 0x80 terminating // value. size_t index_a = mac_end_offset / md_block_size; // index_b is the hash block number that contains the 64-bit hash // length, in bits. size_t index_b = (mac_end_offset + md_length_size) / md_block_size; if (num_blocks > kVarianceBlocks) { num_starting_blocks = num_blocks - kVarianceBlocks; k = md_block_size * num_starting_blocks; } // bits is the hash-length in bits. It includes the additional hash // block for the masked HMAC key. size_t bits = 8 * mac_end_offset; // at most 18 bits to represent // Compute the initial HMAC block. bits += 8 * md_block_size; // hmac_pad is the masked HMAC key. uint8_t hmac_pad[MAX_HASH_BLOCK_SIZE]; OPENSSL_memset(hmac_pad, 0, md_block_size); assert(mac_secret_length <= sizeof(hmac_pad)); OPENSSL_memcpy(hmac_pad, mac_secret, mac_secret_length); for (size_t i = 0; i < md_block_size; i++) { hmac_pad[i] ^= 0x36; } md_transform(&md_state, hmac_pad); // The length check means |bits| fits in four bytes. uint8_t length_bytes[MAX_HASH_BIT_COUNT_BYTES]; OPENSSL_memset(length_bytes, 0, md_length_size - 4); length_bytes[md_length_size - 4] = (uint8_t)(bits >> 24); length_bytes[md_length_size - 3] = (uint8_t)(bits >> 16); length_bytes[md_length_size - 2] = (uint8_t)(bits >> 8); length_bytes[md_length_size - 1] = (uint8_t)bits; if (k > 0) { // k is a multiple of md_block_size. uint8_t first_block[MAX_HASH_BLOCK_SIZE]; OPENSSL_memcpy(first_block, header, 13); OPENSSL_memcpy(first_block + 13, data, md_block_size - 13); md_transform(&md_state, first_block); for (size_t i = 1; i < k / md_block_size; i++) { md_transform(&md_state, data + md_block_size * i - 13); } } uint8_t mac_out[EVP_MAX_MD_SIZE]; OPENSSL_memset(mac_out, 0, sizeof(mac_out)); // We now process the final hash blocks. For each block, we construct // it in constant time. If the |i==index_a| then we'll include the 0x80 // bytes and zero pad etc. For each block we selectively copy it, in // constant time, to |mac_out|. for (size_t i = num_starting_blocks; i <= num_starting_blocks + kVarianceBlocks; i++) { uint8_t block[MAX_HASH_BLOCK_SIZE]; uint8_t is_block_a = constant_time_eq_8(i, index_a); uint8_t is_block_b = constant_time_eq_8(i, index_b); for (size_t j = 0; j < md_block_size; j++) { uint8_t b = 0; if (k < kHeaderLength) { b = header[k]; } else if (k < data_plus_mac_plus_padding_size + kHeaderLength) { b = data[k - kHeaderLength]; } k++; uint8_t is_past_c = is_block_a & constant_time_ge_8(j, c); uint8_t is_past_cp1 = is_block_a & constant_time_ge_8(j, c + 1); // If this is the block containing the end of the // application data, and we are at the offset for the // 0x80 value, then overwrite b with 0x80. b = constant_time_select_8(is_past_c, 0x80, b); // If this the the block containing the end of the // application data and we're past the 0x80 value then // just write zero. b = b & ~is_past_cp1; // If this is index_b (the final block), but not // index_a (the end of the data), then the 64-bit // length didn't fit into index_a and we're having to // add an extra block of zeros. b &= ~is_block_b | is_block_a; // The final bytes of one of the blocks contains the // length. if (j >= md_block_size - md_length_size) { // If this is index_b, write a length byte. b = constant_time_select_8( is_block_b, length_bytes[j - (md_block_size - md_length_size)], b); } block[j] = b; } md_transform(&md_state, block); md_final_raw(&md_state, block); // If this is index_b, copy the hash value to |mac_out|. for (size_t j = 0; j < md_size; j++) { mac_out[j] |= block[j] & is_block_b; } } EVP_MD_CTX md_ctx; EVP_MD_CTX_init(&md_ctx); if (!EVP_DigestInit_ex(&md_ctx, md, NULL /* engine */)) { EVP_MD_CTX_cleanup(&md_ctx); return 0; } // Complete the HMAC in the standard manner. for (size_t i = 0; i < md_block_size; i++) { hmac_pad[i] ^= 0x6a; } EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); EVP_DigestUpdate(&md_ctx, mac_out, md_size); unsigned md_out_size_u; EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); *md_out_size = md_out_size_u; EVP_MD_CTX_cleanup(&md_ctx); return 1; }