diff options
-rw-r--r-- | crypto.c | 47 | ||||
-rw-r--r-- | crypto.h | 4 | ||||
-rw-r--r-- | crypto_backend.h | 60 | ||||
-rw-r--r-- | crypto_openssl.c | 52 | ||||
-rw-r--r-- | httpdigest.c | 77 | ||||
-rw-r--r-- | misc.c | 15 | ||||
-rw-r--r-- | ntlm.c | 8 |
7 files changed, 190 insertions, 73 deletions
@@ -1088,7 +1088,7 @@ read_passphrase_hash (const char *passphrase_file, ASSERT (len >= md_kt_size(digest)); memset (output, 0, len); - EVP_DigestInit (&md, digest); + md_ctx_init(&md, digest); /* read passphrase file */ { @@ -1108,7 +1108,7 @@ read_passphrase_hash (const char *passphrase_file, if (size == -1) msg (M_ERR, "Read error on passphrase file: '%s'", passphrase_file); - EVP_DigestUpdate (&md, buf, size); + md_ctx_update(&md, buf, size); total_size += size; } close (fd); @@ -1120,10 +1120,9 @@ read_passphrase_hash (const char *passphrase_file, "Passphrase file '%s' is too small (must have at least %d characters)", passphrase_file, min_passphrase_size); } - - EVP_DigestFinal (&md, output, &outlen); - EVP_MD_CTX_cleanup (&md); - return outlen; + md_ctx_final(&md, output); + md_ctx_cleanup(&md); + return md_kt_size(digest); } /* @@ -1403,17 +1402,13 @@ prng_bytes (uint8_t *output, int len) { if (nonce_md) { - EVP_MD_CTX ctx; + md_ctx_t ctx; const int md_size = md_kt_size (nonce_md); while (len > 0) { unsigned int outlen = 0; const int blen = min_int (len, md_size); - EVP_DigestInit (&ctx, nonce_md); - EVP_DigestUpdate (&ctx, nonce_data, md_size + nonce_secret_len); - EVP_DigestFinal (&ctx, nonce_data, &outlen); - ASSERT (outlen == md_size); - EVP_MD_CTX_cleanup (&ctx); + md_full(nonce_md, nonce_data, md_size + nonce_secret_len, nonce_data); memcpy (output, nonce_data, blen); output += blen; len -= blen; @@ -1434,14 +1429,6 @@ get_random() return l; } -const char * -md5sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc) -{ - uint8_t digest[MD5_DIGEST_LENGTH]; - MD5 (buf, len, digest); - return format_hex (digest, MD5_DIGEST_LENGTH, n_print_chars, gc); -} - #ifndef USE_SSL void @@ -1466,22 +1453,36 @@ free_ssl_lib (void) * md5 functions */ +const char * +md5sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc) +{ + uint8_t digest[MD5_DIGEST_LENGTH]; + const md_kt_t *md5_kt = md_kt_get("MD5"); + + md_full(md5_kt, buf, len, digest); + + return format_hex (digest, MD5_DIGEST_LENGTH, n_print_chars, gc); +} + void md5_state_init (struct md5_state *s) { - MD5_Init (&s->ctx); + const md_kt_t *md5_kt = md_kt_get("MD5"); + + md_ctx_init(&s->ctx, md5_kt); } void md5_state_update (struct md5_state *s, void *data, size_t len) { - MD5_Update (&s->ctx, data, len); + md_ctx_update(&s->ctx, data, len); } void md5_state_final (struct md5_state *s, struct md5_digest *out) { - MD5_Final (out->digest, &s->ctx); + md_ctx_final(&s->ctx, out->digest); + md_ctx_cleanup(&s->ctx); } void @@ -419,7 +419,6 @@ void prng_uninit (); void test_crypto (const struct crypto_options *co, struct frame* f); -const char *md5sum(uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc); /* key direction functions */ @@ -470,13 +469,14 @@ key_ctx_bi_defined(const struct key_ctx_bi* key) */ struct md5_state { - MD5_CTX ctx; + md_ctx_t ctx; }; struct md5_digest { uint8_t digest [MD5_DIGEST_LENGTH]; }; +const char *md5sum(uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc); void md5_state_init (struct md5_state *s); void md5_state_update (struct md5_state *s, void *data, size_t len); void md5_state_final (struct md5_state *s, struct md5_digest *out); diff --git a/crypto_backend.h b/crypto_backend.h index 527f6b6..b6fd996 100644 --- a/crypto_backend.h +++ b/crypto_backend.h @@ -204,4 +204,64 @@ const char * md_kt_name (const md_kt_t *kt); int md_kt_size (const md_kt_t *kt); +/* + * + * Generic message digest functions + * + */ + +/* + * Calculates the message digest for the given buffer. + * + * @param kt Static message digest parameters + * @param src Buffer to digest. May not be NULL. + * @param src_len The length of the incoming buffer. + * @param dst Buffer to write the message digest to. May not be NULL. + * + * @return \c 1 on success, \c 0 on failure + */ +int md_full (const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst); + +/* + * Initialises the given message digest context. + * + * @param ctx Message digest context + * @param kt Static message digest parameters + */ +void md_ctx_init (md_ctx_t *ctx, const md_kt_t *kt); + +/* + * Free the given message digest context. + * + * @param ctx Message digest context + */ +void md_ctx_cleanup(md_ctx_t *ctx); + +/* + * Returns the size of the message digest output by the given context + * + * @param ctx Message digest context. + * + * @return Size of the message digest, or \0 if ctx is NULL. + */ +int md_ctx_size (const md_ctx_t *ctx); + +/* + * Process the given data for use in the message digest. + * + * @param ctx Message digest context. May not be NULL. + * @param src Buffer to digest. May not be NULL. + * @param src_len The length of the incoming buffer. + */ +void md_ctx_update (md_ctx_t *ctx, const uint8_t *src, int src_len); + +/* + * Output the message digest to the given buffer. + * + * @param ctx Message digest context. May not be NULL. + * @param dst Buffer to write the message digest to. May not be NULL. + */ +void md_ctx_final (md_ctx_t *ctx, uint8_t *dst); + + #endif /* CRYPTO_BACKEND_H_ */ diff --git a/crypto_openssl.c b/crypto_openssl.c index 9c65757..12c4392 100644 --- a/crypto_openssl.c +++ b/crypto_openssl.c @@ -499,3 +499,55 @@ md_kt_size (const EVP_MD *kt) { return EVP_MD_size(kt); } + + +/* + * + * Generic message digest functions + * + */ + +int +md_full (const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst) +{ + unsigned int in_md_len = 0; + + return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL); +} + +void +md_ctx_init (EVP_MD_CTX *ctx, const EVP_MD *kt) +{ + ASSERT(NULL != ctx && NULL != kt); + + CLEAR (*ctx); + + EVP_MD_CTX_init (ctx); + EVP_DigestInit(ctx, kt); +} + +void +md_ctx_cleanup(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_cleanup(ctx); +} + +int +md_ctx_size (const EVP_MD_CTX *ctx) +{ + return EVP_MD_CTX_size(ctx); +} + +void +md_ctx_update (EVP_MD_CTX *ctx, const uint8_t *src, int src_len) +{ + EVP_DigestUpdate(ctx, src, src_len); +} + +void +md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) +{ + unsigned int in_md_len = 0; + + EVP_DigestFinal(ctx, dst, &in_md_len); +} diff --git a/httpdigest.c b/httpdigest.c index 90abc6a..5907637 100644 --- a/httpdigest.c +++ b/httpdigest.c @@ -65,26 +65,28 @@ DigestCalcHA1( OUT HASHHEX SessionKey ) { - MD5_CTX Md5Ctx; HASH HA1; + md_ctx_t md5_ctx; + const md_kt_t *md5_kt = md_kt_get("MD5"); - MD5_Init(&Md5Ctx); - MD5_Update(&Md5Ctx, pszUserName, strlen(pszUserName)); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszRealm, strlen(pszRealm)); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszPassword, strlen(pszPassword)); - MD5_Final(HA1, &Md5Ctx); + md_ctx_init(&md5_ctx, md5_kt); + md_ctx_update(&md5_ctx, pszUserName, strlen(pszUserName)); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszRealm, strlen(pszRealm)); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszPassword, strlen(pszPassword)); + md_ctx_final(&md5_ctx, HA1); if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0) { - MD5_Init(&Md5Ctx); - MD5_Update(&Md5Ctx, HA1, HASHLEN); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszNonce, strlen(pszNonce)); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); - MD5_Final(HA1, &Md5Ctx); + md_ctx_init(&md5_ctx, md5_kt); + md_ctx_update(&md5_ctx, HA1, HASHLEN); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce)); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce)); + md_ctx_final(&md5_ctx, HA1); }; + md_ctx_cleanup(&md5_ctx); CvtHex(HA1, SessionKey); } @@ -102,41 +104,44 @@ DigestCalcResponse( OUT HASHHEX Response /* request-digest or response-digest */ ) { - MD5_CTX Md5Ctx; HASH HA2; HASH RespHash; HASHHEX HA2Hex; + md_ctx_t md5_ctx; + const md_kt_t *md5_kt = md_kt_get("MD5"); + // calculate H(A2) - MD5_Init(&Md5Ctx); - MD5_Update(&Md5Ctx, pszMethod, strlen(pszMethod)); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri)); + md_ctx_init(&md5_ctx, md5_kt); + md_ctx_update(&md5_ctx, pszMethod, strlen(pszMethod)); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszDigestUri, strlen(pszDigestUri)); if (strcasecmp(pszQop, "auth-int") == 0) { - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, HEntity, HASHHEXLEN); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN); }; - MD5_Final(HA2, &Md5Ctx); + md_ctx_final(&md5_ctx, HA2); CvtHex(HA2, HA2Hex); // calculate response - MD5_Init(&Md5Ctx); - MD5_Update(&Md5Ctx, HA1, HASHHEXLEN); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszNonce, strlen(pszNonce)); - MD5_Update(&Md5Ctx, ":", 1); + md_ctx_init(&md5_ctx, md5_kt); + md_ctx_update(&md5_ctx, HA1, HASHHEXLEN); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszNonce, strlen(pszNonce)); + md_ctx_update(&md5_ctx, ":", 1); if (*pszQop) { - MD5_Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount)); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszCNonce, strlen(pszCNonce)); - MD5_Update(&Md5Ctx, ":", 1); - MD5_Update(&Md5Ctx, pszQop, strlen(pszQop)); - MD5_Update(&Md5Ctx, ":", 1); + md_ctx_update(&md5_ctx, pszNonceCount, strlen(pszNonceCount)); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszCNonce, strlen(pszCNonce)); + md_ctx_update(&md5_ctx, ":", 1); + md_ctx_update(&md5_ctx, pszQop, strlen(pszQop)); + md_ctx_update(&md5_ctx, ":", 1); }; - MD5_Update(&Md5Ctx, HA2Hex, HASHHEXLEN); - MD5_Final(RespHash, &Md5Ctx); + md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN); + md_ctx_final(&md5_ctx, RespHash); + md_ctx_cleanup(&md5_ctx); CvtHex(RespHash, Response); } @@ -1658,23 +1658,26 @@ void get_user_pass_auto_userid (struct user_pass *up, const char *tag) { struct gc_arena gc = gc_new (); - MD5_CTX ctx; struct buffer buf; uint8_t macaddr[6]; static uint8_t digest [MD5_DIGEST_LENGTH]; static const uint8_t hashprefix[] = "AUTO_USERID_DIGEST"; + const md_kt_t *md5_kt = md_kt_get("MD5"); + md_ctx_t ctx; + CLEAR (*up); buf_set_write (&buf, (uint8_t*)up->username, USER_PASS_LEN); buf_printf (&buf, "%s", get_platform_prefix ()); if (get_default_gateway_mac_addr (macaddr)) { dmsg (D_AUTO_USERID, "GUPAU: macaddr=%s", format_hex_ex (macaddr, sizeof (macaddr), 0, 1, ":", &gc)); - MD5_Init (&ctx); - MD5_Update (&ctx, hashprefix, sizeof (hashprefix) - 1); - MD5_Update (&ctx, macaddr, sizeof (macaddr)); - MD5_Final (digest, &ctx); - buf_printf (&buf, "%s", format_hex_ex (digest, sizeof (digest), 0, 256, " ", &gc)); + md_ctx_init(&ctx, md5_kt); + md_ctx_update(&ctx, hashprefix, sizeof (hashprefix) - 1); + md_ctx_update(&ctx, macaddr, sizeof (macaddr)); + md_ctx_final(&ctx, digest); + md_ctx_cleanup(&ctx) + buf_printf(&buf, "%s", format_hex_ex (digest, sizeof (digest), 0, 256, " ", &gc)); } else { @@ -70,14 +70,10 @@ static void gen_md4_hash (const char* data, int data_len, char *result) { /* result is 16 byte md4 hash */ - - MD4_CTX c; + const md_kt_t *md4_kt = md_kt_get("MD4"); char md[16]; - MD4_Init (&c); - MD4_Update (&c, data, data_len); - MD4_Final ((unsigned char *)md, &c); - + md_full(md4_kt, data, data_len, md); memcpy (result, md, 16); } |