示例#1
0
void
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
		    unsigned int len)
{
#ifdef HMAC_RETURN_INT
	RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
				(int) len, EVP_sha384()) == 1);
#else
	HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
#endif
}
示例#2
0
文件: rsassa.c 项目: latchset/jose
static EVP_MD_CTX *
setup(jose_cfg_t *cfg, const json_t *jwk, const json_t *sig, const char *alg,
      init_t *func)
{
    openssl_auto(EVP_PKEY) *key = NULL;
    EVP_PKEY_CTX *epc = NULL;
    const EVP_MD *md = NULL;
    EVP_MD_CTX *emc = NULL;
    const RSA *rsa = NULL;
    int slen = 0;
    int pad = 0;

    switch (str2enum(alg, NAMES, NULL)) {
    case 0: md = EVP_sha256(); pad = RSA_PKCS1_PADDING; break;
    case 1: md = EVP_sha384(); pad = RSA_PKCS1_PADDING; break;
    case 2: md = EVP_sha512(); pad = RSA_PKCS1_PADDING; break;
    case 3: md = EVP_sha256(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break;
    case 4: md = EVP_sha384(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break;
    case 5: md = EVP_sha512(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break;
    default: return NULL;
    }

    key = jose_openssl_jwk_to_EVP_PKEY(cfg, jwk);
    if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_RSA)
        return NULL;

    /* Don't use small keys. RFC 7518 3.3 */
    rsa = EVP_PKEY_get0_RSA(key);
    if (!rsa)
        return NULL;
    if (RSA_size(rsa) < 2048 / 8)
        return NULL;

    emc = EVP_MD_CTX_new();
    if (!emc)
        return NULL;

    if (func(emc, &epc, md, NULL, key) <= 0)
        goto error;

    if (EVP_PKEY_CTX_set_rsa_padding(epc, pad) <= 0)
        goto error;

    if (slen != 0) {
        if (EVP_PKEY_CTX_set_rsa_pss_saltlen(epc, slen) <= 0)
            goto error;
    }

    return emc;

error:
    EVP_MD_CTX_free(emc);
    return NULL;
}
示例#3
0
文件: hash.c 项目: latchset/jose
static jose_io_t *
hsh(const jose_hook_alg_t *alg, jose_cfg_t *cfg, jose_io_t *next)
{
    jose_io_auto_t *io = NULL;
    const EVP_MD *md = NULL;
    io_t *i = NULL;

    switch (str2enum(alg->name, "S512", "S384", "S256", "S224", "S1", NULL)) {
    case 0: md = EVP_sha512(); break;
    case 1: md = EVP_sha384(); break;
    case 2: md = EVP_sha256(); break;
    case 3: md = EVP_sha224(); break;
    case 4: md = EVP_sha1();   break;
    }

    i = calloc(1, sizeof(*i));
    if (!i)
        return NULL;

    io = jose_io_incref(&i->io);
    io->feed = hsh_feed;
    io->done = hsh_done;
    io->free = hsh_free;

    i->next = jose_io_incref(next);
    i->emc = EVP_MD_CTX_new();
    if (!i->next || !i->emc)
        return NULL;

    if (EVP_DigestInit(i->emc, md) <= 0)
        return NULL;

    return jose_io_incref(io);
}
示例#4
0
void makeecreq384(char* commonname)
{
	EC_KEY *key;
	EVP_PKEY *pkey;
	X509_REQ *req;
	FILE *out;

	key = EC_KEY_new_by_curve_name(NID_secp384r1);
	EC_KEY_generate_key(key);
	EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
	pkey = EVP_PKEY_new();
	EVP_PKEY_set1_EC_KEY(pkey, key);

	req = makereq(pkey, commonname, EVP_sha384());

	out = fopen("ec384_req.pem", "w");
	if (out == NULL)
		exit(-1);
	PEM_write_X509_REQ(out, req);
	fclose(out);
	out = fopen("ec384_req_key.pem", "w");
	if (out == NULL)
		exit(-1);
	PEM_write_ECPrivateKey(out, key, NULL, NULL, 0, NULL, NULL);
	fclose(out);
}
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
	EVP_MD_CTX *evp_md_ctx;
	const EVP_MD *type = NULL;

	UNUSED(key);
	REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
		dctx->key->key_alg == DST_ALG_ECDSA384);

	evp_md_ctx = EVP_MD_CTX_create();
	if (evp_md_ctx == NULL)
		return (ISC_R_NOMEMORY);
	if (dctx->key->key_alg == DST_ALG_ECDSA256)
		type = EVP_sha256();
	else
		type = EVP_sha384();

	if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
		EVP_MD_CTX_destroy(evp_md_ctx);
		return (dst__openssl_toresult3(dctx->category,
					       "EVP_DigestInit_ex",
					       ISC_R_FAILURE));
	}

	dctx->ctxdata.evp_md_ctx = evp_md_ctx;

	return (ISC_R_SUCCESS);
}
示例#6
0
const EVP_MD *
tsig_get_EVP_MD(u8 algorithm)
{
    switch(algorithm)
    {
#ifndef OPENSSL_NO_MD5
        case HMAC_MD5:
            return EVP_md5();
#endif
#ifndef OPENSSL_NO_SHA
        case HMAC_SHA1:
            return EVP_sha1();
#endif
#ifndef OPENSSL_NO_SHA256
        case HMAC_SHA224:
            return EVP_sha224();
        case HMAC_SHA256:
            return EVP_sha256();
#endif
#ifndef OPENSSL_NO_SHA512
        case HMAC_SHA384:
            return EVP_sha384();
        case HMAC_SHA512:
            return EVP_sha512();
#endif
        default:
            return EVP_md_null();
    }
}
示例#7
0
文件: c_all.c 项目: flrl/openbsd
void
OpenSSL_add_all_digests(void)
{
#ifndef OPENSSL_NO_MD4
	EVP_add_digest(EVP_md4());
#endif

#ifndef OPENSSL_NO_MD5
	EVP_add_digest(EVP_md5());
	EVP_add_digest_alias(SN_md5, "ssl2-md5");
	EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif

#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
	EVP_add_digest(EVP_sha());
#ifndef OPENSSL_NO_DSA
	EVP_add_digest(EVP_dss());
#endif
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
	EVP_add_digest(EVP_sha1());
	EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
	EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#ifndef OPENSSL_NO_DSA
	EVP_add_digest(EVP_dss1());
	EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
	EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
	EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
	EVP_add_digest(EVP_ecdsa());
#endif
#endif

#ifndef OPENSSL_NO_GOST
	EVP_add_digest(EVP_gostr341194());
	EVP_add_digest(EVP_gost2814789imit());
	EVP_add_digest(EVP_streebog256());
	EVP_add_digest(EVP_streebog512());
#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
	EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RIPEMD
	EVP_add_digest(EVP_ripemd160());
	EVP_add_digest_alias(SN_ripemd160, "ripemd");
	EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
#ifndef OPENSSL_NO_SHA256
	EVP_add_digest(EVP_sha224());
	EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
	EVP_add_digest(EVP_sha384());
	EVP_add_digest(EVP_sha512());
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
	EVP_add_digest(EVP_whirlpool());
#endif
}
CryptoBuffer::CryptoBuffer(const char *pass)
  : d(new Private())
{
  d->password = pass;
  d->cipher = EVP_aes_256_cbc();
  d->digest = EVP_sha384();
}
示例#9
0
文件: s2n_prf.c 项目: alexw91/s2n
static int s2n_evp_hmac_p_hash_init(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, struct s2n_blob *secret)
{
    /* Initialize the message digest */
    switch (alg) {
    case S2N_HMAC_SSLv3_MD5:
    case S2N_HMAC_MD5:
        ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_md5();
        break;
    case S2N_HMAC_SSLv3_SHA1:
    case S2N_HMAC_SHA1:
        ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha1();
        break;
    case S2N_HMAC_SHA224:
        ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha224();
        break;
    case S2N_HMAC_SHA256:
        ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha256();
        break;
    case S2N_HMAC_SHA384:
        ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha384();
        break;
    case S2N_HMAC_SHA512:
        ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha512();
        break;
    default:
        S2N_ERROR(S2N_ERR_P_HASH_INVALID_ALGORITHM);
    }

    /* Initialize the mac key using the provided secret */
    notnull_check(ws->tls.p_hash.evp_hmac.mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret->data, secret->size));

    /* Initialize the message digest context with the above message digest and mac key */
    return s2n_evp_hmac_p_hash_digest_init(ws);
}
示例#10
0
int
lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type)
{
	ctx->type = type;
	ctx->mdctx = EVP_MD_CTX_create();
	if (!ctx->mdctx)
		return 1;

	switch (ctx->type) {
	case LWS_GENHASH_TYPE_SHA1:
		ctx->evp_type = EVP_sha1();
		break;
	case LWS_GENHASH_TYPE_SHA256:
		ctx->evp_type = EVP_sha256();
		break;
	case LWS_GENHASH_TYPE_SHA384:
		ctx->evp_type = EVP_sha384();
		break;
	case LWS_GENHASH_TYPE_SHA512:
		ctx->evp_type = EVP_sha512();
		break;
	default:
		return 1;
	}

	if (EVP_DigestInit_ex(ctx->mdctx, ctx->evp_type, NULL) != 1) {
		EVP_MD_CTX_destroy(ctx->mdctx);

		return 1;
	}

	return 0;
}
示例#11
0
/* HMAC-SHA384: generate hash of known digest value and compare to known
   precomputed correct hash
*/
static int FIPS_hmac_sha384_test()
{
    unsigned char key[] = "etaonrishd";
    unsigned char iv[] = "Sample text";
    unsigned char kaval[EVP_MAX_MD_SIZE] =
    {   0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08,
        0x26, 0x99, 0xef, 0x3b, 0x10,
        0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b,
        0xac, 0xb0, 0x07, 0x39, 0x08,
        0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3,
        0xf3, 0xb8, 0x9b, 0x88, 0x1c
    };

    unsigned char out[EVP_MAX_MD_SIZE];
    unsigned int outlen;

    ERR_clear_error();
    if (!HMAC
            (EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
             &outlen))
        return 0;
    if (memcmp(out, kaval, outlen))
        return 0;
    return 1;
}
bool OpensslManager::HMACString(Openssl_Hash algorithm, char *key, int key_len, unsigned char *input, int input_len, unsigned char *output, unsigned int *outlength)
{
	switch(algorithm)
	{
		case Openssl_Hash_MD5:
			HMAC(EVP_md5(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_MD4:
			HMAC(EVP_md4(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_SHA:
			HMAC(EVP_sha(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_SHA1:
			HMAC(EVP_sha1(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_SHA224:
			HMAC(EVP_sha224(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_SHA256:
			HMAC(EVP_sha256(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_SHA384:
			HMAC(EVP_sha384(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_SHA512:
			HMAC(EVP_sha512(), key, key_len, input, input_len, output, outlength);
			return true;
		case Openssl_Hash_RIPEMD160:
			HMAC(EVP_ripemd160(), key, key_len, input, input_len, output, outlength);
			return true;
	}
	return false;
}
示例#13
0
int FIPS_selftest_dsa()
	{
	DSA *dsa=NULL;
	EVP_PKEY pk;
	int ret = 0;

	dsa = FIPS_dsa_new();

	if(dsa == NULL)
		goto err;

	fips_load_key_component(dsa, p, dsa_test_2048);
	fips_load_key_component(dsa, q, dsa_test_2048);
	fips_load_key_component(dsa, g, dsa_test_2048);
	fips_load_key_component(dsa, pub_key, dsa_test_2048);
	fips_load_key_component(dsa, priv_key, dsa_test_2048);

	pk.type = EVP_PKEY_DSA;
	pk.pkey.dsa = dsa;

	if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
					NULL, 0, EVP_sha384(), 0,
					"DSA SHA384"))
		goto err;
	ret = 1;

	err:
	if (dsa)
		FIPS_dsa_free(dsa);
	return ret;
	}
示例#14
0
const EVP_MD *get_hash(enum enum_hash hash, const unsigned char **oid, size_t *oid_len) {
  switch(hash) {
    case hash_arg_SHA1:
      if(oid) {
        *oid = sha1oid;
        *oid_len = sizeof(sha1oid);
      }
      return EVP_sha1();
    case hash_arg_SHA256:
      if(oid) {
        *oid = sha256oid;
        *oid_len = sizeof(sha256oid);
      }
      return EVP_sha256();
    case hash_arg_SHA384:
      if(oid) {
        *oid = sha384oid;
        *oid_len = sizeof(sha384oid);
      }
      return EVP_sha384();
    case hash_arg_SHA512:
      if(oid) {
        *oid = sha512oid;
        *oid_len = sizeof(sha512oid);
      }
      return EVP_sha512();
    case hash__NULL:
    default:
      return NULL;
  }
}
示例#15
0
void openssl_add_all_digests_internal(void)
{
#ifndef OPENSSL_NO_MD4
    EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
    EVP_add_digest(EVP_md5());
    EVP_add_digest_alias(SN_md5, "ssl3-md5");
    EVP_add_digest(EVP_md5_sha1());
#endif
    EVP_add_digest(EVP_sha1());
    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
    EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RMD160
    EVP_add_digest(EVP_ripemd160());
    EVP_add_digest_alias(SN_ripemd160, "ripemd");
    EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
    EVP_add_digest(EVP_sha224());
    EVP_add_digest(EVP_sha256());
    EVP_add_digest(EVP_sha384());
    EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_WHIRLPOOL
    EVP_add_digest(EVP_whirlpool());
#endif
}
示例#16
0
const EVP_MD *
tls12_get_hash(unsigned char hash_alg)
{
	switch (hash_alg) {
	case TLSEXT_hash_sha1:
		return EVP_sha1();
	case TLSEXT_hash_sha224:
		return EVP_sha224();
	case TLSEXT_hash_sha256:
		return EVP_sha256();
	case TLSEXT_hash_sha384:
		return EVP_sha384();
	case TLSEXT_hash_sha512:
		return EVP_sha512();
#ifndef OPENSSL_NO_GOST
	case TLSEXT_hash_gost94:
		return EVP_gostr341194();
	case TLSEXT_hash_streebog_256:
		return EVP_streebog256();
	case TLSEXT_hash_streebog_512:
		return EVP_streebog512();
#endif
	default:
		return NULL;
	}
}
示例#17
0
int jwt_sign_sha_hmac(jwt_t *jwt, char **out, unsigned int *len,
		      const char *str)
{
	const EVP_MD *alg;

	switch (jwt->alg) {
        /* HMAC */
	case JWT_ALG_HS256:
		alg = EVP_sha256();
		break;
	case JWT_ALG_HS384:
		alg = EVP_sha384();
		break;
	case JWT_ALG_HS512:
		alg = EVP_sha512();
		break;
	default:
		return EINVAL;
	}

	*out = malloc(EVP_MAX_MD_SIZE);
	if (*out == NULL)
		return ENOMEM;

	HMAC(alg, jwt->key, jwt->key_len,
	     (const unsigned char *)str, strlen(str), (unsigned char *)*out,
	     len);

	return 0;
}
示例#18
0
KDF_FUNC KDF_get_x9_63(const EVP_MD *md)
{
	if (md == EVP_md5()) {
		return x963_md5kdf;

	} else if (md == EVP_ripemd160()) {
		return x963_rmd160kdf;

	} else if (md == EVP_sha1()) {
		return x963_sha1kdf;

	} else if (md == EVP_sha224()) {
		return x963_sha224kdf;

	} else if (md == EVP_sha256()) {
		return x963_sha256kdf;

	} else if (md == EVP_sha384()) {
		return x963_sha384kdf;

	} else if (md == EVP_sha512()) {
		return x963_sha512kdf;

	} else if (md == EVP_whirlpool()) {
		return x963_whirlpoolkdf;

	} else if (md == EVP_sm3()) {
		return x963_sm3kdf;
	}

	return NULL;
}
示例#19
0
static int aead_aes_256_cbc_sha384_tls_init(EVP_AEAD_CTX *ctx,
                                            const uint8_t *key, size_t key_len,
                                            size_t tag_len,
                                            enum evp_aead_direction_t dir) {
  return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(),
                       EVP_sha384(), 0);
}
示例#20
0
static const EVP_MD *getEVPMD(int hashalgo)
{
    switch (hashalgo) {

    case PGPHASHALGO_MD5:
        return EVP_md5();

    case PGPHASHALGO_SHA1:
        return EVP_sha1();

    case PGPHASHALGO_SHA256:
        return EVP_sha256();

    case PGPHASHALGO_SHA384:
        return EVP_sha384();

    case PGPHASHALGO_SHA512:
        return EVP_sha512();

    case PGPHASHALGO_SHA224:
        return EVP_sha224();

    default:
        return EVP_md_null();
    }
}
示例#21
0
void HMACSHA384(sLONG_PTR *pResult, PackagePtr pParams)
{
	C_BLOB Param1;
	C_BLOB Param2;
	C_LONGINT Param3;
	C_TEXT returnValue;
	
	Param1.fromParamAtIndex(pParams, 1);
	Param2.fromParamAtIndex(pParams, 2);
	Param3.fromParamAtIndex(pParams, 3);
	
	uint8_t *buf = (uint8_t *)calloc(48, sizeof(uint8_t)); 
	uint32_t mdlen = 48;
	
	HMAC(EVP_sha384(), (const void *)Param1.getBytesPtr(), (int)Param1.getBytesLength(), (const unsigned char *)Param2.getBytesPtr(), (int)Param2.getBytesLength(), buf, &mdlen);		
	
	C_BLOB temp;
	temp.setBytes((const uint8_t *)buf, 48);
	
	switch (Param3.getIntValue()) 
	{
		case 1:
			temp.toB64Text(&returnValue);	
			break;
		default:
			temp.toHexText(&returnValue);	
			break;
	}
	
	free(buf);
	
	returnValue.setReturn(pResult);
}
int receive_exchange_key(FILE * log_server, char * ciphersuite_to_use, unsigned char * master_secret, char * premaster_secret, char * random_from_client, char * random_from_server){

    if(!decrypt_secret_RSA(log_server, premaster_secret)){
        printf("SERVER: decription failed\n");
        return 0;
    }
    
    const EVP_MD * evp_md;
    
    if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){
        evp_md = EVP_sha224();
    }
    else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){
        evp_md = EVP_sha256();
    }
    else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){
        evp_md = EVP_sha384();
    }
    else {
        evp_md = EVP_sha512();
    }
    
	if(!compute_master_secret (master_secret, evp_md, random_from_client, random_from_server, premaster_secret, "master secret")){
		printf("SERVER: computing master_secret failed\n");
		return 0;
	}
	return 1;
}
int server_finished(FILE* log_server, char * master_secret, char * ciphersuite_to_use){
    
	FILE* channel = fopen (link_channel,"w");
    unsigned char * hash_server_log = calloc (24 , sizeof(unsigned char));

    const EVP_MD * evp_md;
    
    if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){
        evp_md = EVP_sha224();
    }
    else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){
        evp_md = EVP_sha256();
    }
    else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){
        evp_md = EVP_sha384();
    }
    else {
        evp_md = EVP_sha512();
    }
    
    
     // Compute the hash of the log
    fclose(log_server); log_server = fopen("./log/log_server.txt","r");
    compute_hash_log(log_server, evp_md, (unsigned char *) master_secret, 48, hash_server_log);
    fclose(log_server); log_server = fopen("./log/log_server.txt","a");
	// Send finish
	send_message (channel, 4, TLS_VERSION, TLS_HANDSHAKE , TLS_FINISHED , hash_server_log);
	send_message (log_server, 5, sending, TLS_VERSION, TLS_HANDSHAKE , TLS_FINISHED , hash_server_log);
	fclose(channel);
	return 1;
}
示例#24
0
void
sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE)
	void (*locking_cb)(int, int, const char *, int);
	ENGINE *e;

	locking_cb = CRYPTO_get_locking_callback();
	if (locking_cb)
		CRYPTO_set_locking_callback(NULL);

	e = ENGINE_by_id("gost");
	if (!e)
	{
#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST)
		ENGINE_load_gost();
		e = ENGINE_by_id("gost");
#else
		/* try to load dynamic gost engine */
		e = ENGINE_by_id("dynamic");
		if (!e) {
			ENGINE_load_dynamic();
			e = ENGINE_by_id("dynamic");
		}
		if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) ||
					!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) {
			ENGINE_free(e);
			e = NULL;
		}
#endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */
	}
	if (e) {
		ENGINE_set_default(e, ENGINE_METHOD_ALL);
		ENGINE_free(e);
	}

	if (locking_cb)
		CRYPTO_set_locking_callback(locking_cb);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */

	openssl_sha1_mech.mech_data = EVP_sha1();
	sc_pkcs11_register_mechanism(card, &openssl_sha1_mech);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
	openssl_sha256_mech.mech_data = EVP_sha256();
	sc_pkcs11_register_mechanism(card, &openssl_sha256_mech);
	openssl_sha384_mech.mech_data = EVP_sha384();
	sc_pkcs11_register_mechanism(card, &openssl_sha384_mech);
	openssl_sha512_mech.mech_data = EVP_sha512();
	sc_pkcs11_register_mechanism(card, &openssl_sha512_mech);
#endif
	openssl_md5_mech.mech_data = EVP_md5();
	sc_pkcs11_register_mechanism(card, &openssl_md5_mech);
	openssl_ripemd160_mech.mech_data = EVP_ripemd160();
	sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
	openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94);
	sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech);
#endif
}
示例#25
0
int fips_drbg_hmac_init(DRBG_CTX *dctx)
{
    const EVP_MD *md = NULL;
    DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
    dctx->strength = 256;
    switch (dctx->type) {
    case NID_hmacWithSHA1:
        md = EVP_sha1();
        dctx->strength = 128;
        break;

    case NID_hmacWithSHA224:
        md = EVP_sha224();
        dctx->strength = 192;
        break;

    case NID_hmacWithSHA256:
        md = EVP_sha256();
        break;

    case NID_hmacWithSHA384:
        md = EVP_sha384();
        break;

    case NID_hmacWithSHA512:
        md = EVP_sha512();
        break;

    default:
        dctx->strength = 0;
        return -2;
    }
    dctx->instantiate = drbg_hmac_instantiate;
    dctx->reseed = drbg_hmac_reseed;
    dctx->generate = drbg_hmac_generate;
    dctx->uninstantiate = drbg_hmac_uninstantiate;
    hctx->hctx = HMAC_CTX_new();
    if (hctx->hctx == NULL)
        return -1;
    hctx->md = md;
    dctx->blocklength = M_EVP_MD_size(md);
    dctx->seedlen = M_EVP_MD_size(md);

    dctx->min_entropy = dctx->strength / 8;
    dctx->max_entropy = DRBG_MAX_LENGTH;

    dctx->min_nonce = dctx->min_entropy / 2;
    dctx->max_nonce = DRBG_MAX_LENGTH;

    dctx->max_pers = DRBG_MAX_LENGTH;
    dctx->max_adin = DRBG_MAX_LENGTH;

    dctx->max_request = 1 << 16;
    dctx->reseed_interval = 1 << 24;

    return 1;
}
示例#26
0
文件: openssl.c 项目: KaneRoot/COSE-C
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr)
{
	EC_KEY * eckey = NULL;
	byte rgbDigest[EVP_MAX_MD_SIZE];
	unsigned int cbDigest = sizeof(rgbDigest);
	byte  * pbSig = NULL;
	const EVP_MD * digest;
#ifdef USE_CBOR_CONTEXT
	cn_cbor_context * context = &pSigner->m_allocContext;
#endif
	cn_cbor * p = NULL;
	ECDSA_SIG * psig = NULL;
	cn_cbor_errback cbor_error;
	int cbR;
	byte rgbSig[66];
	int cb;
	
	eckey = ECKey_From(pKey, &cbR, perr);
	if (eckey == NULL) {
	errorReturn:
		if (p != NULL) CN_CBOR_FREE(p, context);
		if (eckey != NULL) EC_KEY_free(eckey);
		return false;
	}

	switch (cbitDigest) {
	case 256: digest = EVP_sha256(); break;
	case 512: digest = EVP_sha512(); break;
	case 384: digest = EVP_sha384(); break;
	default:
		FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
	}

	EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL);

	psig = ECDSA_do_sign(rgbDigest, cbDigest, eckey);
	CHECK_CONDITION(psig != NULL, COSE_ERR_CRYPTO_FAIL);

	pbSig = COSE_CALLOC(cbR, 2, context);
	CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY);

	cb = BN_bn2bin(psig->r, rgbSig);
	CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
	memcpy(pbSig + cbR - cb, rgbSig, cb);

	cb = BN_bn2bin(psig->s, rgbSig);
	CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
	memcpy(pbSig + 2*cbR - cb, rgbSig, cb);

	p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
	CHECK_CONDITION_CBOR(p != NULL, cbor_error);

	CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
	
	return true;
}
int change_cipher_spec(FILE * log_server, unsigned char * master_secret, char * ciphersuite_to_use){

	FILE* channel = fopen(link_channel,"r");
	char * received_message = calloc(BUF_SIZE+1,sizeof(char));
	// Read data from channel
	read_channel (channel, received_message);
	fclose(channel);
	if(!strcmp(received_message,TLS_ERROR_OCCURRED)){
		closeConversation(log_server);
	}
    // Get the hash of the client_log
    unsigned char * hash_client_log = calloc(24, sizeof(unsigned char));
    unsigned char * hash_server_log = calloc(24, sizeof(unsigned char));
    get_block(received_message, 4, (char*) hash_client_log);
    
    const EVP_MD * evp_md;
    
    if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){
        evp_md = EVP_sha224();
    }
    else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){
        evp_md = EVP_sha256();
    }
    else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){
        evp_md = EVP_sha384();
    }
    else {
        evp_md = EVP_sha512();
    }
    
    fclose(log_server); log_server = fopen("./log/log_server.txt","r");
    // Compute the hash of the log
    compute_hash_log(log_server, evp_md, (unsigned char *) master_secret, 48, hash_server_log);
    fclose(log_server); log_server = fopen("./log/log_server.txt","a");
    // Compare the two hash
	if(strcmp( (char*) hash_client_log, (char*) hash_server_log)){
		printf("SERVER: comparing hash log failed\n");
		free(received_message); free(hash_server_log);
		return 0;
	}
	else{
		// Save it in log_server
		send_message (log_server, 2, receiving, received_message);
		fprintf(log_server, "\n\n");
		free(received_message); free(hash_server_log);

		FILE* channel = fopen (link_channel,"w");

		// Send ChangeCipherSuite to the Server
		send_message (channel, 3, TLS_VERSION, TLS_HANDSHAKE, TLS_CHANGECIPHERSPEC);
		send_message (log_server, 4, sending , TLS_VERSION, TLS_HANDSHAKE, TLS_CHANGECIPHERSPEC);
		fprintf(log_server,  "\n\n");
		fclose (channel);
		return 1;
	}
}
示例#28
0
int
SSL_library_init(void)
{

#ifndef OPENSSL_NO_DES
	EVP_add_cipher(EVP_des_cbc());
	EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
	EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
	EVP_add_cipher(EVP_rc4());
#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
	EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif  
#ifndef OPENSSL_NO_RC2
	EVP_add_cipher(EVP_rc2_cbc());
	/* Not actually used for SSL/TLS but this makes PKCS#12 work
	 * if an application only calls SSL_library_init().
	 */
	EVP_add_cipher(EVP_rc2_40_cbc());
#endif
	EVP_add_cipher(EVP_aes_128_cbc());
	EVP_add_cipher(EVP_aes_192_cbc());
	EVP_add_cipher(EVP_aes_256_cbc());
	EVP_add_cipher(EVP_aes_128_gcm());
	EVP_add_cipher(EVP_aes_256_gcm());
	EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
	EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
#ifndef OPENSSL_NO_CAMELLIA
	EVP_add_cipher(EVP_camellia_128_cbc());
	EVP_add_cipher(EVP_camellia_256_cbc());
#endif

	EVP_add_digest(EVP_md5());
	EVP_add_digest_alias(SN_md5, "ssl2-md5");
	EVP_add_digest_alias(SN_md5, "ssl3-md5");
	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
	EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
	EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
	EVP_add_digest(EVP_sha224());
	EVP_add_digest(EVP_sha256());
	EVP_add_digest(EVP_sha384());
	EVP_add_digest(EVP_sha512());
	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
	EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
	EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
	EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
	EVP_add_digest(EVP_ecdsa());
	/* initialize cipher/digest methods table */
	ssl_load_ciphers();
	return (1);
}
示例#29
0
	void DtlsTransport::GenerateFingerprints()
	{
		MS_TRACE();

		for (auto it = DtlsTransport::string2FingerprintAlgorithm.begin(); it != DtlsTransport::string2FingerprintAlgorithm.end(); ++it)
		{
			std::string algorithm_str = it->first;
			FingerprintAlgorithm algorithm = it->second;
			uint8_t binary_fingerprint[EVP_MAX_MD_SIZE];
			unsigned int size = 0;
			char hex_fingerprint[(EVP_MAX_MD_SIZE * 2) + 1];
			const EVP_MD* hash_function;
			int ret;

			switch (algorithm)
			{
				case FingerprintAlgorithm::SHA1:
					hash_function = EVP_sha1();
					break;
				case FingerprintAlgorithm::SHA224:
					hash_function = EVP_sha224();
					break;
				case FingerprintAlgorithm::SHA256:
					hash_function = EVP_sha256();
					break;
				case FingerprintAlgorithm::SHA384:
					hash_function = EVP_sha384();
					break;
				case FingerprintAlgorithm::SHA512:
					hash_function = EVP_sha512();
					break;
				default:
					MS_ABORT("unknown algorithm");
			}

			ret = X509_digest(DtlsTransport::certificate, hash_function, binary_fingerprint, &size);
			if (ret == 0)
			{
				MS_ERROR("X509_digest() failed");
				MS_THROW_ERROR("Fingerprints generation failed");
			}

			// Convert to hexadecimal format in lowecase without colons.
			for (unsigned int i = 0; i < size; i++)
			{
				std::sprintf(hex_fingerprint + (i * 2), "%.2x", binary_fingerprint[i]);
			}
			hex_fingerprint[size * 2] = '\0';

			MS_DEBUG("%-7s fingerprint: %s", algorithm_str.c_str(), hex_fingerprint);

			// Store in the JSON.
			DtlsTransport::localFingerprints[algorithm_str] = hex_fingerprint;
		}
	}
示例#30
0
static const EVP_MD *evp_md_from_alg(const char *alg) {
  if (strcmp(alg, "RS256") == 0) {
    return EVP_sha256();
  } else if (strcmp(alg, "RS384") == 0) {
    return EVP_sha384();
  } else if (strcmp(alg, "RS512") == 0) {
    return EVP_sha512();
  } else {
    return NULL;
  }
}