/** @fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len) @brief Finalizes (signed) digest computation and returns digest or signature. @param soap context @param[in,out] data smdevp engine context @param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms) @param[out] buf is populated with the digest or signature @param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms) @param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value) @return SOAP_OK or SOAP_SSL_ERROR */ int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len) { unsigned int n = 0; int err = 1; if (buf) { /* finalize the digest or signature computation */ switch (data->alg & (SOAP_SMD_PASSTHRU-1)) { case SOAP_SMD_DGST_MD5: case SOAP_SMD_DGST_SHA1: case SOAP_SMD_DGST_SHA256: EVP_DigestFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n); break; case SOAP_SMD_HMAC_SHA1: HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n); break; case SOAP_SMD_SIGN_DSA_SHA1: case SOAP_SMD_SIGN_RSA_SHA1: case SOAP_SMD_SIGN_RSA_SHA256: err = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key); break; case SOAP_SMD_VRFY_DSA_SHA1: case SOAP_SMD_VRFY_RSA_SHA1: if (len) { n = (unsigned int)*len; err = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key); } else err = 0; break; } DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%d (%p) %d bytes--\n", data->alg, data->ctx, n)); DBGHEX(TEST, buf, n); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--")); /* return length of digest or signature produced */ if (len) *len = (int)n; } /* cleanup and free the HMAC or EVP_MD context */ if ((data->alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1) HMAC_CTX_cleanup((HMAC_CTX*)data->ctx); else EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx); SOAP_FREE(soap, data->ctx); data->ctx = NULL; /* check and return */ return soap_smd_check(soap, data, err, "soap_smd_final() failed"); }
/** @fn int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len) @brief Finalizes (signed) digest computation and returns digest or signature. @param soap context @param[in,out] data smdevp engine context @param[in] buf contains signature for verification (SOAP_SMD_VRFY algorithms) @param[out] buf is populated with the digest or signature @param[in] len points to length of signature to verify (SOAP_SMD_VRFY algorithms) @param[out] len points to length of stored digest or signature (pass NULL if you are not interested in this value) @return SOAP_OK or SOAP_SSL_ERROR */ int soap_smd_final(struct soap *soap, struct soap_smd_data *data, char *buf, int *len) { unsigned int n = 0; int ok = 1; if (!data->ctx) return soap_set_receiver_error(soap, "soap_smd_final() failed", "No context", SOAP_SSL_ERROR); if (buf) { /* finalize the digest or signature computation */ switch (data->alg & SOAP_SMD_ALGO) { case SOAP_SMD_HMAC: HMAC_Final((HMAC_CTX*)data->ctx, (unsigned char*)buf, &n); break; case SOAP_SMD_DGST: EVP_DigestFinal_ex((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n); break; case SOAP_SMD_SIGN: ok = EVP_SignFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, &n, (EVP_PKEY*)data->key); break; case SOAP_SMD_VRFY: if (len) { n = (unsigned int)*len; ok = EVP_VerifyFinal((EVP_MD_CTX*)data->ctx, (unsigned char*)buf, n, (EVP_PKEY*)data->key); } else ok = 0; break; } DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Final alg=%x (%p) %d bytes--\n", data->alg, data->ctx, n)); DBGHEX(TEST, buf, n); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--")); /* pass back length of digest or signature produced */ if (len) *len = (int)n; } /* cleanup */ if ((data->alg & SOAP_SMD_ALGO) == SOAP_SMD_HMAC) HMAC_CTX_cleanup((HMAC_CTX*)data->ctx); else EVP_MD_CTX_cleanup((EVP_MD_CTX*)data->ctx); SOAP_FREE(soap, data->ctx); data->ctx = NULL; /* check and return */ return soap_smd_check(soap, data, ok, "soap_smd_final() failed"); }
int md5_handler(struct soap *soap, void **context, enum md5_action action, char *buf, size_t len) { EVP_MD_CTX *ctx; unsigned char hash[EVP_MAX_MD_SIZE]; unsigned int size; switch (action) { case MD5_INIT: soap_ssl_init(); if (!*context) { *context = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX)); EVP_MD_CTX_init((EVP_MD_CTX*)*context); } ctx = (EVP_MD_CTX*)*context; DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Init %p\n", ctx)); EVP_DigestInit_ex(ctx, EVP_md5(), NULL); break; case MD5_UPDATE: ctx = (EVP_MD_CTX*)*context; DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Update %p (%lu) --\n", ctx, (unsigned long)len)); DBGMSG(TEST, buf, len); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--")); EVP_DigestUpdate(ctx, (const void*)buf, (unsigned int)len); break; case MD5_FINAL: ctx = (EVP_MD_CTX*)*context; EVP_DigestFinal_ex(ctx, (unsigned char*)hash, &size); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Final %p --\n", ctx)); DBGHEX(TEST, hash, size); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--")); soap_memcpy((void*)buf, 16, (const void*)hash, 16); break; case MD5_DELETE: ctx = (EVP_MD_CTX*)*context; DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Delete %p --\n", ctx)); if (ctx) { EVP_MD_CTX_cleanup(ctx); SOAP_FREE(soap, ctx); } *context = NULL; } return SOAP_OK; }
/** @fn int soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key) @brief Start encryption or decryption of current message. If key is non-NULL, use the symmetric triple DES key. Use soap_mec_start only after soap_mec_begin. The soap_mec_start should be followed by a soap_mec_stop call. @param soap context @param[in] alg algorithm @param[in] key secret triple DES key or NULL @return SOAP_OK or error code */ int soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key) { struct soap_mec_data *data; int ok = 1; data = (struct soap_mec_data*)soap->data[1]; if (!data) return soap->error = SOAP_USER_ERROR; DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC Start alg=%x\n", data->alg)); if (key) data->key = key; if (alg != SOAP_MEC_NONE) data->alg = alg; if (data->alg & SOAP_MEC_ENC) { unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; /* save and override the callbacks */ data->ffiltersend = soap->ffiltersend; soap->ffiltersend = soap_mec_filtersend; data->bufidx = 0; data->i = 0; data->m = 0; ivlen = EVP_CIPHER_iv_length(data->type); if (ivlen) { RAND_pseudo_bytes(iv, ivlen); soap_mec_put_base64(soap, data, (unsigned char*)iv, ivlen); } DBGLOG(TEST, SOAP_MESSAGE(fdebug, "IV = ")); DBGHEX(TEST, iv, ivlen); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n")); ok = EVP_EncryptInit_ex(data->ctx, NULL, NULL, data->key, iv); } else { size_t len; /* algorithm */ if (data->alg & SOAP_MEC_DES_CBC) data->type = EVP_des_ede3_cbc(); /* triple DES CBC */ else if (data->alg & SOAP_MEC_AES128_CBC) data->type = EVP_get_cipherbyname("AES128"); else if (data->alg & SOAP_MEC_AES192_CBC) data->type = EVP_get_cipherbyname("AES192"); else if (data->alg & SOAP_MEC_AES256_CBC) data->type = EVP_get_cipherbyname("AES256"); else if (data->alg & SOAP_MEC_AES512_CBC) data->type = EVP_get_cipherbyname("AES512"); else data->type = EVP_enc_null(); len = 2 * sizeof(soap->buf) + EVP_CIPHER_block_size(data->type); if (!data->buf || data->buflen < len) { if (data->buf) SOAP_FREE(soap, data->buf); data->buflen = len; data->buf = (char*)SOAP_MALLOC(soap, data->buflen); } data->bufidx = soap->buflen - soap->bufidx; /* copy buf[bufidx..buflen-1] to data buf */ memcpy(data->buf, soap->buf + soap->bufidx, data->bufidx); DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Alloc buf=%lu, copy %lu message bytes\n", (unsigned long)data->buflen, (unsigned long)data->bufidx)); /* trigger ffilterrecv() */ soap->bufidx = soap->buflen; /* INIT state */ data->i = 0; data->m = 0; data->state = SOAP_MEC_STATE_INIT; } return soap_mec_check(soap, data, ok, "soap_mec_start() failed"); }