void
isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
unsigned int len)
{
#ifdef HMAC_RETURN_INT
RUNTIME_CHECK(HMAC_Init(ctx, (const void *) key,
(int) len, EVP_sha384()) == 1);
#else
HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha384());
#endif
}
static EVP_MD_CTX *
setup(jose_cfg_t *cfg, const json_t *jwk, const json_t *sig, const char *alg,
init_t *func)
{
openssl_auto(EVP_PKEY) *key = NULL;
EVP_PKEY_CTX *epc = NULL;
const EVP_MD *md = NULL;
EVP_MD_CTX *emc = NULL;
const RSA *rsa = NULL;
int slen = 0;
int pad = 0;
switch (str2enum(alg, NAMES, NULL)) {
case 0: md = EVP_sha256(); pad = RSA_PKCS1_PADDING; break;
case 1: md = EVP_sha384(); pad = RSA_PKCS1_PADDING; break;
case 2: md = EVP_sha512(); pad = RSA_PKCS1_PADDING; break;
case 3: md = EVP_sha256(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break;
case 4: md = EVP_sha384(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break;
case 5: md = EVP_sha512(); pad = RSA_PKCS1_PSS_PADDING; slen = -1; break;
default: return NULL;
}
key = jose_openssl_jwk_to_EVP_PKEY(cfg, jwk);
if (!key || EVP_PKEY_base_id(key) != EVP_PKEY_RSA)
return NULL;
/* Don't use small keys. RFC 7518 3.3 */
rsa = EVP_PKEY_get0_RSA(key);
if (!rsa)
return NULL;
if (RSA_size(rsa) < 2048 / 8)
return NULL;
emc = EVP_MD_CTX_new();
if (!emc)
return NULL;
if (func(emc, &epc, md, NULL, key) <= 0)
goto error;
if (EVP_PKEY_CTX_set_rsa_padding(epc, pad) <= 0)
goto error;
if (slen != 0) {
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(epc, slen) <= 0)
goto error;
}
return emc;
error:
EVP_MD_CTX_free(emc);
return NULL;
}
static jose_io_t *
hsh(const jose_hook_alg_t *alg, jose_cfg_t *cfg, jose_io_t *next)
{
jose_io_auto_t *io = NULL;
const EVP_MD *md = NULL;
io_t *i = NULL;
switch (str2enum(alg->name, "S512", "S384", "S256", "S224", "S1", NULL)) {
case 0: md = EVP_sha512(); break;
case 1: md = EVP_sha384(); break;
case 2: md = EVP_sha256(); break;
case 3: md = EVP_sha224(); break;
case 4: md = EVP_sha1(); break;
}
i = calloc(1, sizeof(*i));
if (!i)
return NULL;
io = jose_io_incref(&i->io);
io->feed = hsh_feed;
io->done = hsh_done;
io->free = hsh_free;
i->next = jose_io_incref(next);
i->emc = EVP_MD_CTX_new();
if (!i->next || !i->emc)
return NULL;
if (EVP_DigestInit(i->emc, md) <= 0)
return NULL;
return jose_io_incref(io);
}
void makeecreq384(char* commonname)
{
EC_KEY *key;
EVP_PKEY *pkey;
X509_REQ *req;
FILE *out;
key = EC_KEY_new_by_curve_name(NID_secp384r1);
EC_KEY_generate_key(key);
EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
pkey = EVP_PKEY_new();
EVP_PKEY_set1_EC_KEY(pkey, key);
req = makereq(pkey, commonname, EVP_sha384());
out = fopen("ec384_req.pem", "w");
if (out == NULL)
exit(-1);
PEM_write_X509_REQ(out, req);
fclose(out);
out = fopen("ec384_req_key.pem", "w");
if (out == NULL)
exit(-1);
PEM_write_ECPrivateKey(out, key, NULL, NULL, 0, NULL, NULL);
fclose(out);
}
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
dctx->key->key_alg == DST_ALG_ECDSA384);
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL)
return (ISC_R_NOMEMORY);
if (dctx->key->key_alg == DST_ALG_ECDSA256)
type = EVP_sha256();
else
type = EVP_sha384();
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
return (dst__openssl_toresult3(dctx->category,
"EVP_DigestInit_ex",
ISC_R_FAILURE));
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
return (ISC_R_SUCCESS);
}
const EVP_MD *
tsig_get_EVP_MD(u8 algorithm)
{
switch(algorithm)
{
#ifndef OPENSSL_NO_MD5
case HMAC_MD5:
return EVP_md5();
#endif
#ifndef OPENSSL_NO_SHA
case HMAC_SHA1:
return EVP_sha1();
#endif
#ifndef OPENSSL_NO_SHA256
case HMAC_SHA224:
return EVP_sha224();
case HMAC_SHA256:
return EVP_sha256();
#endif
#ifndef OPENSSL_NO_SHA512
case HMAC_SHA384:
return EVP_sha384();
case HMAC_SHA512:
return EVP_sha512();
#endif
default:
return EVP_md_null();
}
}
void
OpenSSL_add_all_digests(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
EVP_add_digest(EVP_sha());
#ifndef OPENSSL_NO_DSA
EVP_add_digest(EVP_dss());
#endif
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#ifndef OPENSSL_NO_DSA
EVP_add_digest(EVP_dss1());
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
#endif
#ifndef OPENSSL_NO_GOST
EVP_add_digest(EVP_gostr341194());
EVP_add_digest(EVP_gost2814789imit());
EVP_add_digest(EVP_streebog256());
EVP_add_digest(EVP_streebog512());
#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RIPEMD
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
}
CryptoBuffer::CryptoBuffer(const char *pass)
: d(new Private())
{
d->password = pass;
d->cipher = EVP_aes_256_cbc();
d->digest = EVP_sha384();
}
static int s2n_evp_hmac_p_hash_init(struct s2n_prf_working_space *ws, s2n_hmac_algorithm alg, struct s2n_blob *secret)
{
/* Initialize the message digest */
switch (alg) {
case S2N_HMAC_SSLv3_MD5:
case S2N_HMAC_MD5:
ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_md5();
break;
case S2N_HMAC_SSLv3_SHA1:
case S2N_HMAC_SHA1:
ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha1();
break;
case S2N_HMAC_SHA224:
ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha224();
break;
case S2N_HMAC_SHA256:
ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha256();
break;
case S2N_HMAC_SHA384:
ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha384();
break;
case S2N_HMAC_SHA512:
ws->tls.p_hash.evp_hmac.evp_digest.md = EVP_sha512();
break;
default:
S2N_ERROR(S2N_ERR_P_HASH_INVALID_ALGORITHM);
}
/* Initialize the mac key using the provided secret */
notnull_check(ws->tls.p_hash.evp_hmac.mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret->data, secret->size));
/* Initialize the message digest context with the above message digest and mac key */
return s2n_evp_hmac_p_hash_digest_init(ws);
}
int
lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type)
{
ctx->type = type;
ctx->mdctx = EVP_MD_CTX_create();
if (!ctx->mdctx)
return 1;
switch (ctx->type) {
case LWS_GENHASH_TYPE_SHA1:
ctx->evp_type = EVP_sha1();
break;
case LWS_GENHASH_TYPE_SHA256:
ctx->evp_type = EVP_sha256();
break;
case LWS_GENHASH_TYPE_SHA384:
ctx->evp_type = EVP_sha384();
break;
case LWS_GENHASH_TYPE_SHA512:
ctx->evp_type = EVP_sha512();
break;
default:
return 1;
}
if (EVP_DigestInit_ex(ctx->mdctx, ctx->evp_type, NULL) != 1) {
EVP_MD_CTX_destroy(ctx->mdctx);
return 1;
}
return 0;
}
/* HMAC-SHA384: generate hash of known digest value and compare to known
precomputed correct hash
*/
static int FIPS_hmac_sha384_test()
{
unsigned char key[] = "etaonrishd";
unsigned char iv[] = "Sample text";
unsigned char kaval[EVP_MAX_MD_SIZE] =
{ 0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08,
0x26, 0x99, 0xef, 0x3b, 0x10,
0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b,
0xac, 0xb0, 0x07, 0x39, 0x08,
0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3,
0xf3, 0xb8, 0x9b, 0x88, 0x1c
};
unsigned char out[EVP_MAX_MD_SIZE];
unsigned int outlen;
ERR_clear_error();
if (!HMAC
(EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
&outlen))
return 0;
if (memcmp(out, kaval, outlen))
return 0;
return 1;
}
bool OpensslManager::HMACString(Openssl_Hash algorithm, char *key, int key_len, unsigned char *input, int input_len, unsigned char *output, unsigned int *outlength)
{
switch(algorithm)
{
case Openssl_Hash_MD5:
HMAC(EVP_md5(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_MD4:
HMAC(EVP_md4(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_SHA:
HMAC(EVP_sha(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_SHA1:
HMAC(EVP_sha1(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_SHA224:
HMAC(EVP_sha224(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_SHA256:
HMAC(EVP_sha256(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_SHA384:
HMAC(EVP_sha384(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_SHA512:
HMAC(EVP_sha512(), key, key_len, input, input_len, output, outlength);
return true;
case Openssl_Hash_RIPEMD160:
HMAC(EVP_ripemd160(), key, key_len, input, input_len, output, outlength);
return true;
}
return false;
}
int FIPS_selftest_dsa()
{
DSA *dsa=NULL;
EVP_PKEY pk;
int ret = 0;
dsa = FIPS_dsa_new();
if(dsa == NULL)
goto err;
fips_load_key_component(dsa, p, dsa_test_2048);
fips_load_key_component(dsa, q, dsa_test_2048);
fips_load_key_component(dsa, g, dsa_test_2048);
fips_load_key_component(dsa, pub_key, dsa_test_2048);
fips_load_key_component(dsa, priv_key, dsa_test_2048);
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
NULL, 0, EVP_sha384(), 0,
"DSA SHA384"))
goto err;
ret = 1;
err:
if (dsa)
FIPS_dsa_free(dsa);
return ret;
}
const EVP_MD *get_hash(enum enum_hash hash, const unsigned char **oid, size_t *oid_len) {
switch(hash) {
case hash_arg_SHA1:
if(oid) {
*oid = sha1oid;
*oid_len = sizeof(sha1oid);
}
return EVP_sha1();
case hash_arg_SHA256:
if(oid) {
*oid = sha256oid;
*oid_len = sizeof(sha256oid);
}
return EVP_sha256();
case hash_arg_SHA384:
if(oid) {
*oid = sha384oid;
*oid_len = sizeof(sha384oid);
}
return EVP_sha384();
case hash_arg_SHA512:
if(oid) {
*oid = sha512oid;
*oid_len = sizeof(sha512oid);
}
return EVP_sha512();
case hash__NULL:
default:
return NULL;
}
}
void openssl_add_all_digests_internal(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
EVP_add_digest(EVP_md5_sha1());
#endif
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RMD160
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
}
const EVP_MD *
tls12_get_hash(unsigned char hash_alg)
{
switch (hash_alg) {
case TLSEXT_hash_sha1:
return EVP_sha1();
case TLSEXT_hash_sha224:
return EVP_sha224();
case TLSEXT_hash_sha256:
return EVP_sha256();
case TLSEXT_hash_sha384:
return EVP_sha384();
case TLSEXT_hash_sha512:
return EVP_sha512();
#ifndef OPENSSL_NO_GOST
case TLSEXT_hash_gost94:
return EVP_gostr341194();
case TLSEXT_hash_streebog_256:
return EVP_streebog256();
case TLSEXT_hash_streebog_512:
return EVP_streebog512();
#endif
default:
return NULL;
}
}
int jwt_sign_sha_hmac(jwt_t *jwt, char **out, unsigned int *len,
const char *str)
{
const EVP_MD *alg;
switch (jwt->alg) {
/* HMAC */
case JWT_ALG_HS256:
alg = EVP_sha256();
break;
case JWT_ALG_HS384:
alg = EVP_sha384();
break;
case JWT_ALG_HS512:
alg = EVP_sha512();
break;
default:
return EINVAL;
}
*out = malloc(EVP_MAX_MD_SIZE);
if (*out == NULL)
return ENOMEM;
HMAC(alg, jwt->key, jwt->key_len,
(const unsigned char *)str, strlen(str), (unsigned char *)*out,
len);
return 0;
}
KDF_FUNC KDF_get_x9_63(const EVP_MD *md)
{
if (md == EVP_md5()) {
return x963_md5kdf;
} else if (md == EVP_ripemd160()) {
return x963_rmd160kdf;
} else if (md == EVP_sha1()) {
return x963_sha1kdf;
} else if (md == EVP_sha224()) {
return x963_sha224kdf;
} else if (md == EVP_sha256()) {
return x963_sha256kdf;
} else if (md == EVP_sha384()) {
return x963_sha384kdf;
} else if (md == EVP_sha512()) {
return x963_sha512kdf;
} else if (md == EVP_whirlpool()) {
return x963_whirlpoolkdf;
} else if (md == EVP_sm3()) {
return x963_sm3kdf;
}
return NULL;
}
static int aead_aes_256_cbc_sha384_tls_init(EVP_AEAD_CTX *ctx,
const uint8_t *key, size_t key_len,
size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(),
EVP_sha384(), 0);
}
static const EVP_MD *getEVPMD(int hashalgo)
{
switch (hashalgo) {
case PGPHASHALGO_MD5:
return EVP_md5();
case PGPHASHALGO_SHA1:
return EVP_sha1();
case PGPHASHALGO_SHA256:
return EVP_sha256();
case PGPHASHALGO_SHA384:
return EVP_sha384();
case PGPHASHALGO_SHA512:
return EVP_sha512();
case PGPHASHALGO_SHA224:
return EVP_sha224();
default:
return EVP_md_null();
}
}
void HMACSHA384(sLONG_PTR *pResult, PackagePtr pParams)
{
C_BLOB Param1;
C_BLOB Param2;
C_LONGINT Param3;
C_TEXT returnValue;
Param1.fromParamAtIndex(pParams, 1);
Param2.fromParamAtIndex(pParams, 2);
Param3.fromParamAtIndex(pParams, 3);
uint8_t *buf = (uint8_t *)calloc(48, sizeof(uint8_t));
uint32_t mdlen = 48;
HMAC(EVP_sha384(), (const void *)Param1.getBytesPtr(), (int)Param1.getBytesLength(), (const unsigned char *)Param2.getBytesPtr(), (int)Param2.getBytesLength(), buf, &mdlen);
C_BLOB temp;
temp.setBytes((const uint8_t *)buf, 48);
switch (Param3.getIntValue())
{
case 1:
temp.toB64Text(&returnValue);
break;
default:
temp.toHexText(&returnValue);
break;
}
free(buf);
returnValue.setReturn(pResult);
}
int receive_exchange_key(FILE * log_server, char * ciphersuite_to_use, unsigned char * master_secret, char * premaster_secret, char * random_from_client, char * random_from_server){
if(!decrypt_secret_RSA(log_server, premaster_secret)){
printf("SERVER: decription failed\n");
return 0;
}
const EVP_MD * evp_md;
if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){
evp_md = EVP_sha224();
}
else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){
evp_md = EVP_sha256();
}
else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){
evp_md = EVP_sha384();
}
else {
evp_md = EVP_sha512();
}
if(!compute_master_secret (master_secret, evp_md, random_from_client, random_from_server, premaster_secret, "master secret")){
printf("SERVER: computing master_secret failed\n");
return 0;
}
return 1;
}
int server_finished(FILE* log_server, char * master_secret, char * ciphersuite_to_use){
FILE* channel = fopen (link_channel,"w");
unsigned char * hash_server_log = calloc (24 , sizeof(unsigned char));
const EVP_MD * evp_md;
if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){
evp_md = EVP_sha224();
}
else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){
evp_md = EVP_sha256();
}
else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){
evp_md = EVP_sha384();
}
else {
evp_md = EVP_sha512();
}
// Compute the hash of the log
fclose(log_server); log_server = fopen("./log/log_server.txt","r");
compute_hash_log(log_server, evp_md, (unsigned char *) master_secret, 48, hash_server_log);
fclose(log_server); log_server = fopen("./log/log_server.txt","a");
// Send finish
send_message (channel, 4, TLS_VERSION, TLS_HANDSHAKE , TLS_FINISHED , hash_server_log);
send_message (log_server, 5, sending, TLS_VERSION, TLS_HANDSHAKE , TLS_FINISHED , hash_server_log);
fclose(channel);
return 1;
}
void
sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE)
void (*locking_cb)(int, int, const char *, int);
ENGINE *e;
locking_cb = CRYPTO_get_locking_callback();
if (locking_cb)
CRYPTO_set_locking_callback(NULL);
e = ENGINE_by_id("gost");
if (!e)
{
#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST)
ENGINE_load_gost();
e = ENGINE_by_id("gost");
#else
/* try to load dynamic gost engine */
e = ENGINE_by_id("dynamic");
if (!e) {
ENGINE_load_dynamic();
e = ENGINE_by_id("dynamic");
}
if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) ||
!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) {
ENGINE_free(e);
e = NULL;
}
#endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */
}
if (e) {
ENGINE_set_default(e, ENGINE_METHOD_ALL);
ENGINE_free(e);
}
if (locking_cb)
CRYPTO_set_locking_callback(locking_cb);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */
openssl_sha1_mech.mech_data = EVP_sha1();
sc_pkcs11_register_mechanism(card, &openssl_sha1_mech);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
openssl_sha256_mech.mech_data = EVP_sha256();
sc_pkcs11_register_mechanism(card, &openssl_sha256_mech);
openssl_sha384_mech.mech_data = EVP_sha384();
sc_pkcs11_register_mechanism(card, &openssl_sha384_mech);
openssl_sha512_mech.mech_data = EVP_sha512();
sc_pkcs11_register_mechanism(card, &openssl_sha512_mech);
#endif
openssl_md5_mech.mech_data = EVP_md5();
sc_pkcs11_register_mechanism(card, &openssl_md5_mech);
openssl_ripemd160_mech.mech_data = EVP_ripemd160();
sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94);
sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech);
#endif
}
int fips_drbg_hmac_init(DRBG_CTX *dctx)
{
const EVP_MD *md = NULL;
DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
dctx->strength = 256;
switch (dctx->type) {
case NID_hmacWithSHA1:
md = EVP_sha1();
dctx->strength = 128;
break;
case NID_hmacWithSHA224:
md = EVP_sha224();
dctx->strength = 192;
break;
case NID_hmacWithSHA256:
md = EVP_sha256();
break;
case NID_hmacWithSHA384:
md = EVP_sha384();
break;
case NID_hmacWithSHA512:
md = EVP_sha512();
break;
default:
dctx->strength = 0;
return -2;
}
dctx->instantiate = drbg_hmac_instantiate;
dctx->reseed = drbg_hmac_reseed;
dctx->generate = drbg_hmac_generate;
dctx->uninstantiate = drbg_hmac_uninstantiate;
hctx->hctx = HMAC_CTX_new();
if (hctx->hctx == NULL)
return -1;
hctx->md = md;
dctx->blocklength = M_EVP_MD_size(md);
dctx->seedlen = M_EVP_MD_size(md);
dctx->min_entropy = dctx->strength / 8;
dctx->max_entropy = DRBG_MAX_LENGTH;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_LENGTH;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
dctx->max_request = 1 << 16;
dctx->reseed_interval = 1 << 24;
return 1;
}
bool ECDSA_Sign(COSE * pSigner, int index, const cn_cbor * pKey, int cbitDigest, const byte * rgbToSign, size_t cbToSign, cose_errback * perr)
{
EC_KEY * eckey = NULL;
byte rgbDigest[EVP_MAX_MD_SIZE];
unsigned int cbDigest = sizeof(rgbDigest);
byte * pbSig = NULL;
const EVP_MD * digest;
#ifdef USE_CBOR_CONTEXT
cn_cbor_context * context = &pSigner->m_allocContext;
#endif
cn_cbor * p = NULL;
ECDSA_SIG * psig = NULL;
cn_cbor_errback cbor_error;
int cbR;
byte rgbSig[66];
int cb;
eckey = ECKey_From(pKey, &cbR, perr);
if (eckey == NULL) {
errorReturn:
if (p != NULL) CN_CBOR_FREE(p, context);
if (eckey != NULL) EC_KEY_free(eckey);
return false;
}
switch (cbitDigest) {
case 256: digest = EVP_sha256(); break;
case 512: digest = EVP_sha512(); break;
case 384: digest = EVP_sha384(); break;
default:
FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER);
}
EVP_Digest(rgbToSign, cbToSign, rgbDigest, &cbDigest, digest, NULL);
psig = ECDSA_do_sign(rgbDigest, cbDigest, eckey);
CHECK_CONDITION(psig != NULL, COSE_ERR_CRYPTO_FAIL);
pbSig = COSE_CALLOC(cbR, 2, context);
CHECK_CONDITION(pbSig != NULL, COSE_ERR_OUT_OF_MEMORY);
cb = BN_bn2bin(psig->r, rgbSig);
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + cbR - cb, rgbSig, cb);
cb = BN_bn2bin(psig->s, rgbSig);
CHECK_CONDITION(cb <= cbR, COSE_ERR_INVALID_PARAMETER);
memcpy(pbSig + 2*cbR - cb, rgbSig, cb);
p = cn_cbor_data_create(pbSig, cbR*2, CBOR_CONTEXT_PARAM_COMMA &cbor_error);
CHECK_CONDITION_CBOR(p != NULL, cbor_error);
CHECK_CONDITION(_COSE_array_replace(pSigner, p, index, CBOR_CONTEXT_PARAM_COMMA NULL), COSE_ERR_CBOR);
return true;
}
int change_cipher_spec(FILE * log_server, unsigned char * master_secret, char * ciphersuite_to_use){
FILE* channel = fopen(link_channel,"r");
char * received_message = calloc(BUF_SIZE+1,sizeof(char));
// Read data from channel
read_channel (channel, received_message);
fclose(channel);
if(!strcmp(received_message,TLS_ERROR_OCCURRED)){
closeConversation(log_server);
}
// Get the hash of the client_log
unsigned char * hash_client_log = calloc(24, sizeof(unsigned char));
unsigned char * hash_server_log = calloc(24, sizeof(unsigned char));
get_block(received_message, 4, (char*) hash_client_log);
const EVP_MD * evp_md;
if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA224) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA224)){
evp_md = EVP_sha224();
}
else if(atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA256) || atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA256)){
evp_md = EVP_sha256();
}
else if(atoi(ciphersuite_to_use) == atoi(TLS_DHE_RSA_WITH_SHA384) || atoi(ciphersuite_to_use) == atoi(TLS_RSA_WITH_SHA384)){
evp_md = EVP_sha384();
}
else {
evp_md = EVP_sha512();
}
fclose(log_server); log_server = fopen("./log/log_server.txt","r");
// Compute the hash of the log
compute_hash_log(log_server, evp_md, (unsigned char *) master_secret, 48, hash_server_log);
fclose(log_server); log_server = fopen("./log/log_server.txt","a");
// Compare the two hash
if(strcmp( (char*) hash_client_log, (char*) hash_server_log)){
printf("SERVER: comparing hash log failed\n");
free(received_message); free(hash_server_log);
return 0;
}
else{
// Save it in log_server
send_message (log_server, 2, receiving, received_message);
fprintf(log_server, "\n\n");
free(received_message); free(hash_server_log);
FILE* channel = fopen (link_channel,"w");
// Send ChangeCipherSuite to the Server
send_message (channel, 3, TLS_VERSION, TLS_HANDSHAKE, TLS_CHANGECIPHERSPEC);
send_message (log_server, 4, sending , TLS_VERSION, TLS_HANDSHAKE, TLS_CHANGECIPHERSPEC);
fprintf(log_server, "\n\n");
fclose (channel);
return 1;
}
}
int
SSL_library_init(void)
{
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
#ifndef OPENSSL_NO_IDEA
EVP_add_cipher(EVP_idea_cbc());
#endif
#ifndef OPENSSL_NO_RC4
EVP_add_cipher(EVP_rc4());
#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
EVP_add_cipher(EVP_rc4_hmac_md5());
#endif
#endif
#ifndef OPENSSL_NO_RC2
EVP_add_cipher(EVP_rc2_cbc());
/* Not actually used for SSL/TLS but this makes PKCS#12 work
* if an application only calls SSL_library_init().
*/
EVP_add_cipher(EVP_rc2_40_cbc());
#endif
EVP_add_cipher(EVP_aes_128_cbc());
EVP_add_cipher(EVP_aes_192_cbc());
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
EVP_add_cipher(EVP_camellia_256_cbc());
#endif
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
EVP_add_digest(EVP_ecdsa());
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return (1);
}
void DtlsTransport::GenerateFingerprints()
{
MS_TRACE();
for (auto it = DtlsTransport::string2FingerprintAlgorithm.begin(); it != DtlsTransport::string2FingerprintAlgorithm.end(); ++it)
{
std::string algorithm_str = it->first;
FingerprintAlgorithm algorithm = it->second;
uint8_t binary_fingerprint[EVP_MAX_MD_SIZE];
unsigned int size = 0;
char hex_fingerprint[(EVP_MAX_MD_SIZE * 2) + 1];
const EVP_MD* hash_function;
int ret;
switch (algorithm)
{
case FingerprintAlgorithm::SHA1:
hash_function = EVP_sha1();
break;
case FingerprintAlgorithm::SHA224:
hash_function = EVP_sha224();
break;
case FingerprintAlgorithm::SHA256:
hash_function = EVP_sha256();
break;
case FingerprintAlgorithm::SHA384:
hash_function = EVP_sha384();
break;
case FingerprintAlgorithm::SHA512:
hash_function = EVP_sha512();
break;
default:
MS_ABORT("unknown algorithm");
}
ret = X509_digest(DtlsTransport::certificate, hash_function, binary_fingerprint, &size);
if (ret == 0)
{
MS_ERROR("X509_digest() failed");
MS_THROW_ERROR("Fingerprints generation failed");
}
// Convert to hexadecimal format in lowecase without colons.
for (unsigned int i = 0; i < size; i++)
{
std::sprintf(hex_fingerprint + (i * 2), "%.2x", binary_fingerprint[i]);
}
hex_fingerprint[size * 2] = '\0';
MS_DEBUG("%-7s fingerprint: %s", algorithm_str.c_str(), hex_fingerprint);
// Store in the JSON.
DtlsTransport::localFingerprints[algorithm_str] = hex_fingerprint;
}
}
static const EVP_MD *evp_md_from_alg(const char *alg) {
if (strcmp(alg, "RS256") == 0) {
return EVP_sha256();
} else if (strcmp(alg, "RS384") == 0) {
return EVP_sha384();
} else if (strcmp(alg, "RS512") == 0) {
return EVP_sha512();
} else {
return NULL;
}
}
