Пример #1
0
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
  HMACCTX c = NULL;

  switch(type) {
    case SSH_HMAC_SHA1:
      gcry_md_open(&c, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
      break;
    case SSH_HMAC_SHA256:
      gcry_md_open(&c, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
      break;
    case SSH_HMAC_SHA384:
      gcry_md_open(&c, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
      break;
    case SSH_HMAC_SHA512:
      gcry_md_open(&c, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
      break;
    case SSH_HMAC_MD5:
      gcry_md_open(&c, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
      break;
    default:
      c = NULL;
  }

  gcry_md_setkey(c, key, len);

  return c;
}
Пример #2
0
ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type){
  ssh_mac_ctx ctx = malloc(sizeof(struct ssh_mac_ctx_struct));
  if (ctx == NULL) {
    return NULL;
  }

  ctx->mac_type=type;
  switch(type){
    case SSH_MAC_SHA1:
      gcry_md_open(&ctx->ctx, GCRY_MD_SHA1, 0);
      break;
    case SSH_MAC_SHA256:
      gcry_md_open(&ctx->ctx, GCRY_MD_SHA256, 0);
      break;
    case SSH_MAC_SHA384:
      gcry_md_open(&ctx->ctx, GCRY_MD_SHA384, 0);
      break;
    case SSH_MAC_SHA512:
      gcry_md_open(&ctx->ctx, GCRY_MD_SHA512, 0);
      break;
    default:
      SAFE_FREE(ctx);
      return NULL;
  }
  return ctx;
}
Пример #3
0
int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
		    const void *buffer, size_t length)
{
	struct crypt_hmac *h;
	unsigned int flags = GCRY_MD_FLAG_HMAC;

	assert(crypto_backend_initialised);

	h = malloc(sizeof(*h));
	if (!h)
		return -ENOMEM;

	h->hash_id = gcry_md_map_name(crypt_hash_compat_name(name, &flags));
	if (!h->hash_id) {
		free(h);
		return -EINVAL;
	}

	if (gcry_md_open(&h->hd, h->hash_id, flags)) {
		free(h);
		return -EINVAL;
	}

	if (gcry_md_setkey(h->hd, buffer, length)) {
		gcry_md_close(h->hd);
		free(h);
		return -EINVAL;
	}

	h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
	*ctx = h;
	return 0;
}
Пример #4
0
uint64_t mageec::hash_data(const void *data, unsigned long size)
{
  gcry_md_hd_t handle = NULL;
  gcry_error_t err = 0;
  unsigned char *hash = NULL;
  uint64_t finalhash;

  err = gcry_md_open (&handle, GCRY_MD_SHA256, 0);
  if (err != 0)
    return 0;
  
  gcry_md_write(handle, data, size);
  hash = gcry_md_read(handle, GCRY_MD_SHA256);
  if (hash == NULL)
    return 0;

  /* XOR each 64-bit block to generate 64-bit hash */
  finalhash  = static_cast<uint64_t>(hash[0] ^ hash[8] ^ hash[16] ^ hash[24]) << 56;
  finalhash |= static_cast<uint64_t>(hash[1] ^ hash[9] ^ hash[17] ^ hash[25]) << 48;
  finalhash |= static_cast<uint64_t>(hash[2] ^ hash[10] ^ hash[18] ^ hash[26]) << 40;
  finalhash |= static_cast<uint64_t>(hash[3] ^ hash[11] ^ hash[19] ^ hash[27]) << 32;
  finalhash |= static_cast<uint64_t>(hash[4] ^ hash[12] ^ hash[20] ^ hash[28]) << 24;
  finalhash |= static_cast<uint64_t>(hash[5] ^ hash[13] ^ hash[21] ^ hash[29]) << 16;
  finalhash |= static_cast<uint64_t>(hash[6] ^ hash[14] ^ hash[22] ^ hash[30]) << 8;
  finalhash |= static_cast<uint64_t>(hash[7] ^ hash[15] ^ hash[23] ^ hash[31]);

  return finalhash;
}
Пример #5
0
char * get_hmac(char * cipher, char * key, size_t length){
	/* Generating hmac from the encrypted content
	GCRY_MD_SHA512 - Algo
	flags or of GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC 
	indicating that its secure mode and we need HMAC
	*/
	gcry_error_t err;
	gcry_md_hd_t hm;
	err = gcry_md_open(&hm, GCRY_MD_SHA512, GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC);
	if(err != GPG_ERR_NO_ERROR){
		printf ("Error at opening handle for hmac: %s\n",gcry_strerror(err));
		exit(-1);
	}
	err = gcry_md_enable(hm,GCRY_MD_SHA512);
	err = gcry_md_setkey(hm, key,KEYLENGTH_SHA );
	if(err != GPG_ERR_NO_ERROR){
		printf ("Error at setting key: %s\n",gcry_strerror(err));
		exit(-1);
	}
	// generating the HMAC using the cipher text
  	gcry_md_write(hm,cipher,length);
  	gcry_md_final(hm);
  	// printf("\nlength: %lu\n",length);

	char * hmac;
	hmac = gcry_md_read(hm , GCRY_MD_SHA512 );
	if(hmac == NULL ){
		printf ("hmac null ?\n");
		// exit(-1);
	}
	// print_buf(hmac,64); // debug
	// printf("hmac length : %lu\n",strlen(hmac)); // debug to check hmac length should be 64
	return hmac;
}
Пример #6
0
int
rasqal_digest_buffer(rasqal_digest_type type, unsigned char *output,
                     const unsigned char * const input, size_t len)
{
  gcry_md_hd_t hash;
  enum gcry_md_algos algo;
  unsigned int output_len;
  
  if(type > RASQAL_DIGEST_LAST)
    return -1;
  
  algo = rasqal_digest_to_gcry_md_algos[type];
  if(algo == GCRY_MD_NONE)
    return -1;
  
  output_len = gcry_md_get_algo_dlen(algo);
  if(!input)
    return output_len;

  if(gcry_md_open(&hash, algo, 0))
    return -1;
  gcry_md_write(hash, input, len);
  gcry_md_final(hash);
  memcpy(output, gcry_md_read(hash, algo), output_len);
  gcry_md_close(hash);
  
  return output_len;
}
Пример #7
0
/* Implementation of SHA1-HMAC.  We're rolling our own just to
 * double-check that the calls libotr makes to libgcrypt are in fact
 * doing the right thing. */
void sha1hmac(unsigned char digest[20], unsigned char key[20],
	unsigned char *data, size_t datalen)
{
    unsigned char ipad[64], opad[64];
    size_t i;
    gcry_md_hd_t sha1;
    gcry_error_t err;
    unsigned char hash[20];

    memset(ipad, 0, 64);
    memset(opad, 0, 64);
    memmove(ipad, key, 20);
    memmove(opad, key, 20);
    for(i=0;i<64;++i) {
	ipad[i] ^= 0x36;
	opad[i] ^= 0x5c;
    }

    err = gcry_md_open(&sha1, GCRY_MD_SHA1, 0);
    if (err) {
	fprintf(stderr, "Error: %s\n", gcry_strerror(err));
	exit(1);
    }
    gcry_md_write(sha1, ipad, 64);
    gcry_md_write(sha1, data, datalen);
    memmove(hash, gcry_md_read(sha1, 0), 20);
    gcry_md_reset(sha1);
    gcry_md_write(sha1, opad, 64);
    gcry_md_write(sha1, hash, 20);
    memmove(digest, gcry_md_read(sha1, 0), 20);
    gcry_md_close(sha1);
}
Пример #8
0
/**
 * cdk_pk_get_fingerprint:
 * @pk: the public key
 * @fpr: the buffer to hold the fingerprint
 * 
 * Return the fingerprint of the given public key.
 * The buffer must be at least 20 octets.
 * This function should be considered deprecated and
 * the new cdk_pk_to_fingerprint() should be used whenever
 * possible to avoid overflows.
 **/
cdk_error_t
cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte *fpr)
{
  gcry_md_hd_t hd;
  int md_algo;
  int dlen = 0;
  gcry_error_t err;

  if (!pk || !fpr)
    return CDK_Inv_Value;
  
  if (pk->version < 4 && is_RSA (pk->pubkey_algo))
    md_algo = GCRY_MD_MD5; /* special */
  else
    md_algo = GCRY_MD_SHA1;
  dlen = gcry_md_get_algo_dlen (md_algo);
  err = gcry_md_open (&hd, md_algo, 0);
  if (err)
    return map_gcry_error (err);
  _cdk_hash_pubkey (pk, hd, 1);
  gcry_md_final (hd);
  memcpy (fpr, gcry_md_read (hd, md_algo), dlen);
  gcry_md_close (hd);
  if (dlen == 16)
    memset (fpr + 16, 0, 4);
  return 0;
}
Пример #9
0
int hmac     (char* key, int keyLength, char* outFile, long fileLength,
	      char** mac, int* macLength ){
    DPRINT("\nin hmac.\n");
    gcry_error_t err;
    gcry_md_hd_t shahd;

    DPRINT("opening hash\n");
    err = gcry_md_open(&shahd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
    if(err){ return MD_OPEN_ERROR;}

    DPRINT("setting key\n");
    err = gcry_md_setkey(shahd, key, keyLength);
    if(err){ return MD_SETKEY_ERROR;}

    DPRINT("actually hashing\n");
    DPRINT("%ld\n",fileLength);
    gcry_md_write(shahd, outFile, fileLength);

    DPRINT("done hashing\n");
    *macLength = 32;

    char* temp;
    temp = gcry_md_read(shahd, GCRY_MD_SHA256);

    DPRINT("preparing to read hash\n");
    /*copy it over since closing shahd would free the mac.*/
    *mac = (char*)(malloc(*macLength * sizeof(char)));
    memcpy(*mac, temp, *macLength);

    gcry_md_close(shahd);
    return NONE;
}
Пример #10
0
/* Return an allocated buffer with the formatted fingerprint as one
   large hexnumber.  This version inserts the usual colons. */
char *
get_fingerprint_hexstring_colon (ksba_cert_t cert)
{
  unsigned char digest[20];
  gcry_md_hd_t md;
  int rc;
  char *buf;
  int i;

  rc = gcry_md_open (&md, GCRY_MD_SHA1, 0);
  if (rc)
    log_fatal (_("gcry_md_open failed: %s\n"), gpg_strerror (rc));

  rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
  if (rc)
    {
      log_error (_("oops: ksba_cert_hash failed: %s\n"), gpg_strerror (rc));
      memset (digest, 0xff, 20); /* Use a dummy value. */
    }
  else
    {
      gcry_md_final (md);
      memcpy (digest, gcry_md_read (md, GCRY_MD_SHA1), 20);
    }
  gcry_md_close (md);
  buf = xmalloc (61);
  *buf = 0;
  for (i=0; i < 20; i++ )
    sprintf (buf+strlen(buf), "%02X:", digest[i]);
  buf[strlen(buf)-1] = 0; /* Remove railing colon. */
  return buf;
}
Пример #11
0
int crypt_hash_init(struct crypt_hash **ctx, const char *name)
{
	struct crypt_hash *h;
	unsigned int flags = 0;

	assert(crypto_backend_initialised);

	h = malloc(sizeof(*h));
	if (!h)
		return -ENOMEM;

	h->hash_id = gcry_md_map_name(crypt_hash_compat_name(name, &flags));
	if (!h->hash_id) {
		free(h);
		return -EINVAL;
	}

	if (gcry_md_open(&h->hd, h->hash_id, flags)) {
		free(h);
		return -EINVAL;
	}

	h->hash_len = gcry_md_get_algo_dlen(h->hash_id);
	*ctx = h;
	return 0;
}
Пример #12
0
Gc_rc
gc_sha1 (const void *in, size_t inlen, void *resbuf)
{
    size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
    gcry_md_hd_t hd;
    gpg_error_t err;
    unsigned char *p;

    assert (outlen == GC_SHA1_DIGEST_SIZE);

    err = gcry_md_open (&hd, GCRY_MD_SHA1, 0);
    if (err != GPG_ERR_NO_ERROR)
        return GC_INVALID_HASH;

    gcry_md_write (hd, in, inlen);

    p = gcry_md_read (hd, GCRY_MD_SHA1);
    if (p == NULL)
    {
        gcry_md_close (hd);
        return GC_INVALID_HASH;
    }

    memcpy (resbuf, p, outlen);

    gcry_md_close (hd);

    return GC_OK;
}
Пример #13
0
/* deterministically generate from seed/idx a string of buflen pseudorandom bytes */
static void det_randomize(void *buf, size_t buflen, const void *seed, size_t seedlen, uint32_t idx) {
        gcry_md_hd_t hd, hd2;
        size_t olen, cpylen;
        uint32_t ctr;

        olen = gcry_md_get_algo_dlen(RND_HASH);
        gcry_md_open(&hd, RND_HASH, 0);
        gcry_md_write(hd, seed, seedlen);
        gcry_md_putc(hd, (idx >> 24) & 0xff);
        gcry_md_putc(hd, (idx >> 16) & 0xff);
        gcry_md_putc(hd, (idx >>  8) & 0xff);
        gcry_md_putc(hd, (idx >>  0) & 0xff);

        for (ctr = 0; buflen; ctr++) {
                gcry_md_copy(&hd2, hd);
                gcry_md_putc(hd2, (ctr >> 24) & 0xff);
                gcry_md_putc(hd2, (ctr >> 16) & 0xff);
                gcry_md_putc(hd2, (ctr >>  8) & 0xff);
                gcry_md_putc(hd2, (ctr >>  0) & 0xff);
                gcry_md_final(hd2);
                cpylen = (buflen < olen) ? buflen : olen;
                memcpy(buf, gcry_md_read(hd2, RND_HASH), cpylen);
                gcry_md_close(hd2);
                buf += cpylen;
                buflen -= cpylen;
        }
        gcry_md_close(hd);
}
Пример #14
0
int init_decrypt_ctx(struct decrypt_ctx *ctx, struct psafe3_pro *pro,
		     struct safe_sec *sec)
{
	gcry_error_t gerr;

	assert(ctx != NULL);
	assert(pro != NULL);
	assert(sec != NULL);

	gerr = gcry_cipher_open(&ctx->cipher, GCRY_CIPHER_TWOFISH,
				GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE);
	if (gerr != GPG_ERR_NO_ERROR) goto err_cipher;

	ctx->gerr = gcry_cipher_setkey(ctx->cipher, sec->rand_k, 32);
	if (gerr != GPG_ERR_NO_ERROR) goto err_cipher;

	ctx->gerr = gcry_cipher_setiv(ctx->cipher, pro->iv, 16);
	if (gerr != GPG_ERR_NO_ERROR) goto err_cipher;

	gerr = gcry_md_open(&ctx->hmac, GCRY_MD_SHA256,
			    GCRY_MD_FLAG_SECURE|GCRY_MD_FLAG_HMAC);
	if (gerr != GPG_ERR_NO_ERROR) goto err_hmac;

	gerr = gcry_md_setkey(ctx->hmac, sec->rand_l, 32);
	if (gerr != GPG_ERR_NO_ERROR) goto err_hmac;

	return 0;

err_hmac:
	gcry_cipher_close(ctx->cipher);
err_cipher:
	ctx->gerr = gerr;
	return -1;
}
Пример #15
0
std::vector<unsigned char> User::generateWHIRLPOOL(const std::string& password, std::vector<unsigned char>& salt)
{
	std::vector<char> passwordBytes;
	passwordBytes.insert(passwordBytes.begin(), password.begin(), password.end());
	if(salt.empty())
	{
		std::random_device rd;
		std::default_random_engine generator(rd());
		std::uniform_int_distribution<unsigned char> distribution(0, 255);
		auto randByte = std::bind(distribution, generator);
		for(uint32_t i = 0; i < 16; ++i) salt.push_back(randByte());
	}
	passwordBytes.insert(passwordBytes.end(), salt.begin(), salt.end());

	gcry_error_t result;
	gcry_md_hd_t stribogHandle = nullptr;
	if((result = gcry_md_open(&stribogHandle, GCRY_MD_WHIRLPOOL, 0)) != GPG_ERR_NO_ERROR)
	{
		GD::out.printError("Could not initialize WHIRLPOOL handle: " + GD::bl->hf.getGCRYPTError(result));
		return std::vector<unsigned char>();
	}
	gcry_md_write(stribogHandle, &passwordBytes.at(0), passwordBytes.size());
	gcry_md_final(stribogHandle);
	uint8_t* digest = gcry_md_read(stribogHandle, GCRY_MD_WHIRLPOOL);
	if(!digest)
	{
		GD::out.printError("Could not generate WHIRLPOOL of password: " + GD::bl->hf.getGCRYPTError(result));
		gcry_md_close(stribogHandle);
		return std::vector<unsigned char>();
	}
	std::vector<unsigned char> keyBytes(digest, digest + gcry_md_get_algo_dlen(GCRY_MD_WHIRLPOOL));
	gcry_md_close(stribogHandle);
	return keyBytes;
}
Пример #16
0
/* iTunes - Remote pairing hash */
static char *
itunes_pairing_hash(char *paircode, char *pin)
{
  char hash[33];
  char ebuf[64];
  uint8_t *hash_bytes;
  size_t hashlen;
  gcry_md_hd_t hd;
  gpg_error_t gc_err;
  int i;

  if (strlen(paircode) != 16)
    {
      DPRINTF(E_LOG, L_REMOTE, "Paircode length != 16, cannot compute pairing hash\n");
      return NULL;
    }

  if (strlen(pin) != 4)
    {
      DPRINTF(E_LOG, L_REMOTE, "Pin length != 4, cannot compute pairing hash\n");
      return NULL;
    }

  gc_err = gcry_md_open(&hd, GCRY_MD_MD5, 0);
  if (gc_err != GPG_ERR_NO_ERROR)
    {
      gpg_strerror_r(gc_err, ebuf, sizeof(ebuf));
      DPRINTF(E_LOG, L_REMOTE, "Could not open MD5: %s\n", ebuf);

      return NULL;
    }

  gcry_md_write(hd, paircode, 16);
  /* Add pin code characters on 16 bits - remember Mac OS X is
   * all UTF-16 (wchar_t).
   */
  for (i = 0; i < 4; i++)
    {
      gcry_md_write(hd, pin + i, 1);
      gcry_md_write(hd, "\0", 1);
    }

  hash_bytes = gcry_md_read(hd, GCRY_MD_MD5);
  if (!hash_bytes)
    {
      DPRINTF(E_LOG, L_REMOTE, "Could not read MD5 hash\n");

      return NULL;
    }

  hashlen = gcry_md_get_algo_dlen(GCRY_MD_MD5);

  for (i = 0; i < hashlen; i++)
    sprintf(hash + (2 * i), "%02X", hash_bytes[i]);

  gcry_md_close(hd);

  return strdup(hash);
}
Пример #17
0
/*********************************************************************
 *
 * DES KW implementation
 *
 *********************************************************************/
static int
xmlSecGCryptKWDes3Sha1(void * context,
                       const xmlSecByte * in, xmlSecSize inSize,
                       xmlSecByte * out, xmlSecSize outSize) {
    xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
    gcry_md_hd_t digestCtx;
    unsigned char * res;
    unsigned int len;
    gcry_error_t err;

    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(in != NULL, -1);
    xmlSecAssert2(inSize > 0, -1);
    xmlSecAssert2(out != NULL, -1);
    xmlSecAssert2(outSize > 0, -1);

    len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
    xmlSecAssert2(outSize >= len, -1);

    err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
    if(err != GPG_ERR_NO_ERROR) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "gcry_md_open(GCRY_MD_SHA1)",
                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
                    XMLSEC_GCRYPT_REPORT_ERROR(err));
        return(-1);
    }

    gcry_md_write(digestCtx, in, inSize);

    err = gcry_md_final(digestCtx);
    if(err != GPG_ERR_NO_ERROR) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "gcry_md_final",
                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
                    XMLSEC_GCRYPT_REPORT_ERROR(err));
        gcry_md_close(digestCtx);
        return(-1);
    }

    res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
    if(res == NULL) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "gcry_md_read(GCRY_MD_SHA1)",
                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
                    XMLSEC_ERRORS_NO_MESSAGE);
        gcry_md_close(digestCtx);
        return(-1);
    }

    /* done */
    xmlSecAssert2(outSize >= len, -1);
    memcpy(out, res, len);
    gcry_md_close(digestCtx);
    return(len);
}
Пример #18
0
static void
check_one_md (int algo, char *data, int len, char *expect)
{
  gcry_md_hd_t hd, hd2;
  unsigned char *p;
  int mdlen;
  int i;
  gcry_error_t err = 0;

  err = gcry_md_open (&hd, algo, 0);
  if (err)
    {
      fail ("algo %d, grcy_md_open failed: %s\n", algo, gpg_strerror (err));
      return;
    }

  mdlen = gcry_md_get_algo_dlen (algo);
  if (mdlen < 1 || mdlen > 500)
    {
      fail ("algo %d, grcy_md_get_algo_dlen failed: %d\n", algo, mdlen);
      return;
    }

  if (*data == '!' && !data[1])
    {				/* hash one million times a "a" */
      char aaa[1000];

      memset (aaa, 'a', 1000);
      for (i = 0; i < 1000; i++)
	gcry_md_write (hd, aaa, 1000);
    }
  else
    gcry_md_write (hd, data, len);

  err = gcry_md_copy (&hd2, hd);
  if (err)
    {
      fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err));
    }

  gcry_md_close (hd);

  p = gcry_md_read (hd2, algo);

  if (memcmp (p, expect, mdlen))
    {
      printf ("computed: ");
      for (i = 0; i < mdlen; i++)
	printf ("%02x ", p[i] & 0xFF);
      printf ("\nexpected: ");
      for (i = 0; i < mdlen; i++)
	printf ("%02x ", expect[i] & 0xFF);
      printf ("\n");

      fail ("algo %d, digest mismatch\n", algo);
    }

  gcry_md_close (hd2);
}
Пример #19
0
extern void io_encryption_checksum_init(IO_HANDLE ptr, enum gcry_md_algos h)
{
	io_private_t *io_ptr = ptr;
	if (!io_ptr || io_ptr->fd < 0)
		return errno = EBADF , (void)NULL;
	io_ptr->hash_init ? gcry_md_reset(io_ptr->hash_handle) : gcry_md_open(&io_ptr->hash_handle, h, GCRY_MD_FLAG_SECURE);
	io_ptr->hash_init = true;
	return;
}
Пример #20
0
HMACCTX hmac_init(const void *key, int len, int type) {
  HMACCTX c = NULL;

  switch(type) {
    case HMAC_SHA1:
      gcry_md_open(&c, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
      break;
    case HMAC_MD5:
      gcry_md_open(&c, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
      break;
    default:
      c = NULL;
  }

  gcry_md_setkey(c, key, len);

  return c;
}
Пример #21
0
/* Return the fingerprint of the certificate (we can't put this into
   libksba because we need libgcrypt support).  The caller must
   provide an array of sufficient length or NULL so that the function
   allocates the array.  If r_len is not NULL, the length of the
   digest is returned; well, this can also be done by using
   gcry_md_get_algo_dlen().  If algo is 0, a SHA-1 will be used.

   If there is a problem , the function does never return NULL but a
   digest of all 0xff.
 */
unsigned char *
gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
                       unsigned char *array, int *r_len)
{
  gcry_md_hd_t md;
  int rc, len;

  if (!algo)
    algo = GCRY_MD_SHA1;

  len = gcry_md_get_algo_dlen (algo);
  assert (len);
  if (!array)
    array = xmalloc (len);

  if (r_len)
    *r_len = len;

  /* Fist check whether we have cached the fingerprint.  */
  if (algo == GCRY_MD_SHA1)
    {
      size_t buflen;

      assert (len >= 20);
      if (!ksba_cert_get_user_data (cert, "sha1-fingerprint",
                                    array, len, &buflen)
          && buflen == 20)
        return array;
    }

  /* No, need to compute it.  */
  rc = gcry_md_open (&md, algo, 0);
  if (rc)
    {
      log_error ("md_open failed: %s\n", gpg_strerror (rc));
      memset (array, 0xff, len); /* better return an invalid fpr than NULL */
      return array;
    }

  rc = ksba_cert_hash (cert, 0, HASH_FNC, md);
  if (rc)
    {
      log_error ("ksba_cert_hash failed: %s\n", gpg_strerror (rc));
      gcry_md_close (md);
      memset (array, 0xff, len); /* better return an invalid fpr than NULL */
      return array;
    }
  gcry_md_final (md);
  memcpy (array, gcry_md_read(md, algo), len );
  gcry_md_close (md);

  /* Cache an SHA-1 fingerprint.  */
  if ( algo == GCRY_MD_SHA1 )
    ksba_cert_set_user_data (cert, "sha1-fingerprint", array, 20);

  return array;
}
Пример #22
0
/**
 * cdk_pk_from_secret_key:
 * @sk: the secret key
 * @ret_pk: the new public key
 *
 * Create a new public key from a secret key.
 **/
cdk_error_t
cdk_pk_from_secret_key (cdk_pkt_seckey_t sk, cdk_pubkey_t *ret_pk)
{
  if (!sk)
    return CDK_Inv_Value;
  return _cdk_copy_pubkey (ret_pk, sk->pk);
}


#if 0 /* FIXME: Code is not finished yet. */
cdk_error_t
cdk_pk_revoke_cert_create (cdk_pkt_seckey_t sk, int code, const char *inf,
			   char **ret_revcert)
{
  gcry_md_hd_t md;
  cdk_subpkt_t node;
  cdk_pkt_signature_t sig;
  char *p = NULL, *dat;
  gcry_error_t err;
  cdk_error_t rc = 0;
  size_t n;
  
  if (!sk || !ret_revcert)
    return CDK_Inv_Value;
  if(code < 0 || code > 3)
    return CDK_Inv_Value;
  
  sig = cdk_calloc (1, sizeof *sig);
  if (!sig)
    return CDK_Out_Of_Core;
  _cdk_sig_create (sk->pk, sig);
  n = 1;
  if (inf) 
    {
      n += strlen (p);
      p = cdk_utf8_encode (inf);
    }
  dat = cdk_calloc (1, n+1);
  if (!dat)
    {
      _cdk_free_signature (sig);
      return CDK_Out_Of_Core;
    }
  dat[0] = code;
  if (inf)
    memcpy (dat+1, p, strlen (p));
  cdk_free (p);
  
  node = cdk_subpkt_new (n);
  if (node)
    {
      cdk_subpkt_init (node, CDK_SIGSUBPKT_REVOC_REASON, dat, n);
      cdk_subpkt_add (sig->hashed, node);
    }
  cdk_free (dat);
  
  err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
  if (err)
    rc = map_gcry_error (err);
  else
    _cdk_hash_pubkey (sk->pk, md, 0);
  _cdk_free_signature (sig);
  
  return rc;
}
Пример #23
0
int
P_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret, int sslen,
       unsigned char *seed, int slen)
{
    unsigned char hmac[48];
    uint32_t hlen;
    gcry_md_hd_t md;
    uint32_t tmpslen;
    unsigned char tmpseed[slen];
    unsigned char *out = dest;
    int pending = dlen;
    int algo = gcry_md_map_name(digest);
    int algolen = gcry_md_get_algo_dlen(algo);

    // Copy initial seed
    memcpy(tmpseed, seed, slen);
    tmpslen = slen;

    // Calculate enough data to fill destination
    while (pending > 0) {
        gcry_md_open(&md, algo, GCRY_MD_FLAG_HMAC);
        gcry_md_setkey(md, secret, sslen);
        gcry_md_write(md, tmpseed, tmpslen);
        memcpy(tmpseed, gcry_md_read(md, algo), algolen);
        tmpslen = algolen;
        gcry_md_close(md);

        gcry_md_open(&md, algo, GCRY_MD_FLAG_HMAC);
        gcry_md_setkey(md, secret, sslen);
        gcry_md_write(md, tmpseed, tmpslen);
        gcry_md_write(md, seed, slen);
        memcpy(hmac, gcry_md_read(md, algo), algolen);
        hlen = algolen;

        hlen = (hlen > pending) ? pending : hlen;
        memcpy(out, hmac, hlen);
        out += hlen;
        pending -= hlen;
    }

    return hlen;
}
Пример #24
0
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
{
    gcry_md_hd_t c;
    int i;

    gcry_md_open(&c, GCRY_MD_SHA1, 0);
    for (i = 0; i < iovcnt; i++)
	gcry_md_write(c, iov[i].iov_base, iov[i].iov_len);
    gcry_md_final(c);
    memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1));
}
Пример #25
0
gchar *
xfce_mailwatch_cram_md5(const gchar *username,
                        const gchar *password,
                        const gchar *challenge_base64)
{
#ifdef HAVE_SSL_SUPPORT
    gchar challenge[2048];
    gsize len, username_len;
    gcry_md_hd_t hmac_md5;
    gchar *response, *response_base64 = NULL;
    
    g_return_val_if_fail(username && *username && password && *password
                         && challenge_base64 && *challenge_base64, NULL);

    len = xfce_mailwatch_base64_decode(challenge_base64, (guchar *)challenge,
                                       sizeof(challenge) - 1);
    if(len <= 0)
        return NULL;
    challenge[len] = 0;
    DBG("challenge is \"%s\"\n", challenge);

    if(gcry_md_open(&hmac_md5, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR)
        return NULL;
    gcry_md_setkey(hmac_md5, password, strlen(password));
    gcry_md_write(hmac_md5, challenge, len);
    gcry_md_final(hmac_md5);

    username_len = strlen(username);
    /* username + a space + MD5 in hex + null */
    response = g_malloc0(username_len + 1
                         + gcry_md_get_algo_dlen(GCRY_MD_MD5)*2 + 1);
    strcpy(response, username);
    response[username_len] = ' ';
    bin2hex(response + username_len + 1, gcry_md_read(hmac_md5, GCRY_MD_MD5),
            gcry_md_get_algo_dlen(GCRY_MD_MD5));

    gcry_md_close(hmac_md5);

    DBG("response before base64: %s\n", response);
    if(xfce_mailwatch_base64_encode((guchar *)response, strlen(response),
                                    &response_base64) <= 0)
    {
        g_free(response_base64);
        response_base64 = NULL;
    }

    g_free(response);

    return response_base64;
#else
    g_warning("CRAM-MD5 computation unavailable: libmailwatch was not compiled with gnutls support.");
    return NULL;
#endif
}
Пример #26
0
void z_digest_hash_open(void **hdl) /* z_proto, z_func z_digest_hash_open */
{
#ifdef HAVE_GCRYPT_H
  gcry_md_hd_t *gcry_hdl;
  
  gcry_hdl = z_alloc(1, sizeof(gcry_md_hd_t));

  gcry_md_open(gcry_hdl, z_digest_hash_gcrypt_algo, 0);

  *hdl = gcry_hdl;
#endif
}
Пример #27
0
int hmacsha256_init(gcry_md_hd_t *mh, const char *key, int len)
{
  gcry_error_t err;

  err = gcry_md_open(mh, GCRY_MD_SHA256, 
		     GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE);
  if (gcry_err_code(err))
    return 0;
  
  err = gcry_md_setkey(*mh, key, len);
  return ! gcry_err_code(err);
}
Пример #28
0
void sha256_block32(const uint8_t *in, uint8_t *out)
{
	gcry_md_hd_t hd;
	gcry_error_t gerr;
	gerr = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_SECURE);
	if (gerr != GPG_ERR_NO_ERROR)
		gcrypt_fatal(gerr);
	gcry_md_write(hd, in, 32);
	gcry_md_final(hd);
	memmove(out, gcry_md_read(hd, 0), 32);
	gcry_md_close(hd);
}
Пример #29
0
	hasher::hasher()
	{
#ifdef TORRENT_USE_GCRYPT
		gcry_md_open(&m_context, GCRY_MD_SHA1, 0);
#elif TORRENT_USE_COMMONCRYPTO
		CC_SHA1_Init(&m_context);
#elif defined TORRENT_USE_OPENSSL
		SHA1_Init(&m_context);
#else
		SHA1_init(&m_context);
#endif
	}
Пример #30
0
static void
check_one_mac (int algo,
               const void *key, size_t keylen,
               const void *data, size_t datalen,
               const char *expect)
{
  gcry_md_hd_t hd;
  unsigned char *p;
  int mdlen;
  int i;
  gcry_error_t err = 0;

  err = gcry_md_open (&hd, algo, GCRY_MD_FLAG_HMAC);
  if (err)
    {
      fail ("algo %d, grcy_md_open failed: %s\n", algo, gpg_strerror (err));
      return;
    }

  mdlen = gcry_md_get_algo_dlen (algo);
  if (mdlen < 1 || mdlen > 500)
    {
      fail ("algo %d, grcy_md_get_algo_dlen failed: %d\n", algo, mdlen);
      return;
    }

  err = gcry_md_setkey (hd, key, keylen);
  if (err)
    {
      fail ("algo %d, grcy_md_setkey failed: %s\n", algo, gpg_strerror (err));
      return;
    }

  gcry_md_write (hd, data, datalen);

  p = gcry_md_read (hd, 0);

  if (memcmp (p, expect, mdlen))
    {
      printf ("computed: ");
      for (i = 0; i < mdlen; i++)
	printf ("%02x ", p[i] & 0xFF);
      printf ("\nexpected: ");
      for (i = 0; i < mdlen; i++)
	printf ("%02x ", expect[i] & 0xFF);
      printf ("\n");

      fail ("algo %d, MAC does not match\n", algo);
    }

  gcry_md_close (hd);
}