这篇教程C++ EVP_sha1函数代码示例写得很实用,希望能帮到您。
本文整理汇总了C++中EVP_sha1函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_sha1函数的具体用法?C++ EVP_sha1怎么用?C++ EVP_sha1使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。 在下文中一共展示了EVP_sha1函数的29个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。 示例1: secdl_verify_macstatic int secdl_verify_mac(server *srv, plugin_config *config, const char* protected_path, const char* mac, size_t maclen) { UNUSED(srv); if (0 == maclen || secdl_algorithm_mac_length(config->algorithm) != maclen) return 0; switch (config->algorithm) { case SECDL_INVALID: break; case SECDL_MD5: { li_MD5_CTX Md5Ctx; HASH HA1; char hexmd5[33]; const char *ts_str; const char *rel_uri; /* legacy message: * protected_path := '/' <timestamp-hex> <rel-path> * timestamp-hex := [0-9a-f]{8} * rel-path := '/' any* * (the protected path was already verified) * message = <secret><rel-path><timestamp-hex> */ ts_str = protected_path + 1; rel_uri = ts_str + 8; li_MD5_Init(&Md5Ctx); li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(config->secret)); li_MD5_Update(&Md5Ctx, rel_uri, strlen(rel_uri)); li_MD5_Update(&Md5Ctx, ts_str, 8); li_MD5_Final(HA1, &Md5Ctx); li_tohex(hexmd5, sizeof(hexmd5), (const char *)HA1, 16); return (32 == maclen) && const_time_memeq(mac, hexmd5, 32); } case SECDL_HMAC_SHA1:#ifdef USE_OPENSSL_CRYPTO { unsigned char digest[20]; char base64_digest[27]; if (NULL == HMAC( EVP_sha1(), (unsigned char const*) CONST_BUF_LEN(config->secret), (unsigned char const*) protected_path, strlen(protected_path), digest, NULL)) { log_error_write(srv, __FILE__, __LINE__, "s", "hmac-sha1: HMAC() failed"); return 0; } li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL); return (27 == maclen) && const_time_memeq(mac, base64_digest, 27); }#endif break; case SECDL_HMAC_SHA256:#ifdef USE_OPENSSL_CRYPTO { unsigned char digest[32]; char base64_digest[43]; if (NULL == HMAC( EVP_sha256(), (unsigned char const*) CONST_BUF_LEN(config->secret), (unsigned char const*) protected_path, strlen(protected_path), digest, NULL)) { log_error_write(srv, __FILE__, __LINE__, "s", "hmac-sha256: HMAC() failed"); return 0; } li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL); return (43 == maclen) && const_time_memeq(mac, base64_digest, 43); }#endif break; } return 0;}
开发者ID:ikayzo,项目名称:lighttpd1.4,代码行数:83,
示例2: sockets//.........这里部分代码省略......... free(cipher); } else myself->incipher = EVP_bf_cbc(); if(myself->incipher) myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len; else myself->inkeylength = 1; myself->connection->outcipher = EVP_bf_ofb(); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; keyexpires = now + keylifetime; /* Check if we want to use message authentication codes... */ if(get_config_string(lookup_config(config_tree, "Digest"), &digest)) { if(!strcasecmp(digest, "none")) { myself->indigest = NULL; } else { myself->indigest = EVP_get_digestbyname(digest); if(!myself->indigest) { logger(LOG_ERR, "Unrecognized digest type!"); free(digest); return false; } } free(digest); } else myself->indigest = EVP_sha1(); myself->connection->outdigest = EVP_sha1(); if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) { if(myself->indigest) { if(myself->inmaclength > myself->indigest->md_size) { logger(LOG_ERR, "MAC length exceeds size of digest!"); return false; } else if(myself->inmaclength < 0) { logger(LOG_ERR, "Bogus MAC length!"); return false; } } } else myself->inmaclength = 4; myself->connection->outmaclength = 0; /* Compression */ if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) { if(myself->incompression < 0 || myself->incompression > 11) { logger(LOG_ERR, "Bogus compression level!"); return false; } } else myself->incompression = 0; myself->connection->outcompression = 0; /* Done */
开发者ID:dotmark,项目名称:tinc,代码行数:66,
示例3: EVP_des_ede3_cbcvoid pki_evp::encryptKey(const char *password){ int outl, keylen; EVP_PKEY *pkey1 = NULL; EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); unsigned char iv[EVP_MAX_IV_LENGTH], *punenc, *punenc1; unsigned char ckey[EVP_MAX_KEY_LENGTH]; char ownPassBuf[MAX_PASS_LENGTH]; /* This key has its own, private password */ if (ownPass == ptPrivate) { int ret; pass_info p(XCA_TITLE, tr("Please enter the password to protect the private key: '%1'"). arg(getIntName())); ret = MainWindow::passWrite(ownPassBuf, MAX_PASS_LENGTH, 0, &p); if (ret < 0) throw errorEx("Password input aborted", class_name); } else if (ownPass == ptBogus) { // BOGUS password ownPassBuf[0] = '/0'; } else { if (password) { /* use the password parameter if this is a common password */ strncpy(ownPassBuf, password, MAX_PASS_LENGTH); } else { int ret = 0; memcpy(ownPassBuf, passwd, MAX_PASS_LENGTH); pass_info p(XCA_TITLE, tr("Please enter the database password for encrypting the key")); while (md5passwd(ownPassBuf) != passHash && sha512passwd(ownPassBuf, passHash) != passHash ) { ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0,&p); if (ret < 0) throw errorEx("Password input aborted", class_name); } } } /* Prepare Encryption */ memset(iv, 0, EVP_MAX_IV_LENGTH); RAND_pseudo_bytes(iv,8); /* Generate a salt */ EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)ownPassBuf, strlen(ownPassBuf), 1, ckey, NULL); EVP_CIPHER_CTX_init (&ctx); pki_openssl_error(); /* reserve space for unencrypted and encrypted key */ keylen = i2d_PrivateKey(key, NULL); encKey.resize(keylen + EVP_MAX_KEY_LENGTH + 8); punenc1 = punenc = (unsigned char *)OPENSSL_malloc(keylen); check_oom(punenc); keylen = i2d_PrivateKey(key, &punenc1); pki_openssl_error(); memcpy(encKey.data(), iv, 8); /* store the iv */ /* * Now DER version of privkey is in punenc * and privkey is still in key */ /* do the encryption */ /* store key right after the iv */ EVP_EncryptInit(&ctx, cipher, ckey, iv); unsigned char *penc = (unsigned char *)encKey.data() +8; EVP_EncryptUpdate(&ctx, penc, &outl, punenc, keylen); int encKey_len = outl; EVP_EncryptFinal(&ctx, penc + encKey_len, &outl); encKey.resize(encKey_len + outl +8); /* Cleanup */ EVP_CIPHER_CTX_cleanup(&ctx); /* wipe out the memory */ memset(punenc, 0, keylen); OPENSSL_free(punenc); pki_openssl_error(); pkey1 = priv2pub(key); check_oom(pkey1); EVP_PKEY_free(key); key = pkey1; pki_openssl_error(); //CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); //printf("Encrypt: encKey_len=%d/n", encKey_len); return;}
开发者ID:J-Javan,项目名称:xca,代码行数:86,
示例4: pkey_rsa_ctrlstatic intpkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2){ RSA_PKEY_CTX *rctx = ctx->data; switch (type) { case EVP_PKEY_CTRL_RSA_PADDING: if (p1 >= RSA_PKCS1_PADDING && p1 <= RSA_PKCS1_PSS_PADDING) { if (!check_padding_md(rctx->md, p1)) return 0; if (p1 == RSA_PKCS1_PSS_PADDING) { if (!(ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) goto bad_pad; if (!rctx->md) rctx->md = EVP_sha1(); } if (p1 == RSA_PKCS1_OAEP_PADDING) { if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) goto bad_pad; if (!rctx->md) rctx->md = EVP_sha1(); } rctx->pad_mode = p1; return 1; }bad_pad: RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return -2; case EVP_PKEY_CTRL_GET_RSA_PADDING: *(int *)p2 = rctx->pad_mode; return 1; case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); return -2; } if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) *(int *)p2 = rctx->saltlen; else { if (p1 < -2) return -2; rctx->saltlen = p1; } return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: if (p1 < 256) { RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); return -2; } rctx->nbits = p1; return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: if (!p2) return -2; rctx->pub_exp = p2; return 1; case EVP_PKEY_CTRL_MD: if (!check_padding_md(p2, rctx->pad_mode)) return 0; rctx->md = p2; return 1; case EVP_PKEY_CTRL_RSA_MGF1_MD: case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); return -2; } if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { if (rctx->mgf1md) *(const EVP_MD **)p2 = rctx->mgf1md; else *(const EVP_MD **)p2 = rctx->md; } else rctx->mgf1md = p2; return 1; case EVP_PKEY_CTRL_DIGESTINIT: case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: case EVP_PKEY_CTRL_PKCS7_SIGN: return 1;#ifndef OPENSSL_NO_CMS case EVP_PKEY_CTRL_CMS_DECRYPT: { X509_ALGOR *alg = NULL; ASN1_OBJECT *encalg = NULL; if (p2) CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg); if (alg)//.........这里部分代码省略.........
开发者ID:Heratom,项目名称:Firefly-project,代码行数:101,
示例5: ssl_x509_forge//.........这里部分代码省略......... !X509_set_pubkey(crt, key)) goto errout; /* add standard v3 extensions; cf. RFC 2459 */ X509V3_CTX ctx; X509V3_set_ctx(&ctx, cacrt, crt, NULL, NULL, 0); if (ssl_x509_v3ext_add(&ctx, crt, "basicConstraints", "CA:FALSE") == -1 || ssl_x509_v3ext_add(&ctx, crt, "keyUsage", "digitalSignature," "keyEncipherment") == -1 || ssl_x509_v3ext_add(&ctx, crt, "extendedKeyUsage", "serverAuth") == -1 || ssl_x509_v3ext_add(&ctx, crt, "subjectKeyIdentifier", "hash") == -1 || ssl_x509_v3ext_add(&ctx, crt, "authorityKeyIdentifier", "keyid,issuer:always") == -1) goto errout; if (!extraname) { /* no extraname provided: copy original subjectAltName ext */ if (ssl_x509_v3ext_copy_by_nid(crt, origcrt, NID_subject_alt_name) == -1) goto errout; } else { names = X509_get_ext_d2i(origcrt, NID_subject_alt_name, 0, 0); if (!names) { /* no subjectAltName present: add new one */ char *cfval; if (asprintf(&cfval, "DNS:%s", extraname) < 0) goto errout; if (ssl_x509_v3ext_add(&ctx, crt, "subjectAltName", cfval) == -1) { free(cfval); goto errout; } free(cfval); } else { /* add extraname to original subjectAltName * and add it to the new certificate */ gn = GENERAL_NAME_new(); if (!gn) goto errout2; gn->type = GEN_DNS; gn->d.dNSName = M_ASN1_IA5STRING_new(); if (!gn->d.dNSName) goto errout3; ASN1_STRING_set(gn->d.dNSName, (unsigned char *)extraname, strlen(extraname)); sk_GENERAL_NAME_push(names, gn); X509_EXTENSION *ext = X509V3_EXT_i2d( NID_subject_alt_name, 0, names); if (!X509_add_ext(crt, ext, -1)) { if (ext) { X509_EXTENSION_free(ext); } goto errout3; } X509_EXTENSION_free(ext); sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); } }#ifdef DEBUG_CERTIFICATE ssl_x509_v3ext_add(&ctx, crt, "nsComment", "Generated by " PNAME);#endif /* DEBUG_CERTIFICATE */ const EVP_MD *md; switch (EVP_PKEY_type(cakey->type)) {#ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: md = EVP_sha1(); break;#endif /* !OPENSSL_NO_RSA */#ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: md = EVP_dss1(); break;#endif /* !OPENSSL_NO_DSA */#ifndef OPENSSL_NO_ECDSA case EVP_PKEY_EC: md = EVP_ecdsa(); break;#endif /* !OPENSSL_NO_ECDSA */ default: goto errout; } if (!X509_sign(crt, cakey, md)) goto errout; return crt;errout3: GENERAL_NAME_free(gn);errout2: sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);errout: X509_free(crt); return NULL;}
开发者ID:caidongyun,项目名称:backup,代码行数:101,
示例6: ssl3_prfstatic int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len, const uint8_t *secret, size_t secret_len, const char *label, size_t label_len, const uint8_t *seed1, size_t seed1_len, const uint8_t *seed2, size_t seed2_len) { EVP_MD_CTX md5; EVP_MD_CTX sha1; uint8_t buf[16], smd[SHA_DIGEST_LENGTH]; uint8_t c = 'A'; size_t i, j, k; k = 0; EVP_MD_CTX_init(&md5); EVP_MD_CTX_init(&sha1); for (i = 0; i < out_len; i += MD5_DIGEST_LENGTH) { k++; if (k > sizeof(buf)) { /* bug: 'buf' is too small for this ciphersuite */ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return 0; } for (j = 0; j < k; j++) { buf[j] = c; } c++; if (!EVP_DigestInit_ex(&sha1, EVP_sha1(), NULL)) { OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP); return 0; } EVP_DigestUpdate(&sha1, buf, k); EVP_DigestUpdate(&sha1, secret, secret_len); /* |label| is ignored for SSLv3. */ if (seed1_len) { EVP_DigestUpdate(&sha1, seed1, seed1_len); } if (seed2_len) { EVP_DigestUpdate(&sha1, seed2, seed2_len); } EVP_DigestFinal_ex(&sha1, smd, NULL); if (!EVP_DigestInit_ex(&md5, EVP_md5(), NULL)) { OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP); return 0; } EVP_DigestUpdate(&md5, secret, secret_len); EVP_DigestUpdate(&md5, smd, SHA_DIGEST_LENGTH); if (i + MD5_DIGEST_LENGTH > out_len) { EVP_DigestFinal_ex(&md5, smd, NULL); memcpy(out, smd, out_len - i); } else { EVP_DigestFinal_ex(&md5, out, NULL); } out += MD5_DIGEST_LENGTH; } OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH); EVP_MD_CTX_cleanup(&md5); EVP_MD_CTX_cleanup(&sha1); return 1;}
开发者ID:LiTianjue,项目名称:etls,代码行数:62,
示例7: EVP_sha256bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) const{ merchant.clear(); if (!IsInitialized()) return false; // One day we'll support more PKI types, but just // x509 for now: const EVP_MD* digestAlgorithm = NULL; if (paymentRequest.pki_type() == "x509+sha256") { digestAlgorithm = EVP_sha256(); } else if (paymentRequest.pki_type() == "x509+sha1") { digestAlgorithm = EVP_sha1(); } else if (paymentRequest.pki_type() == "none") { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: pki_type == none"; return false; } else { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: unknown pki_type " << QString::fromStdString(paymentRequest.pki_type()); return false; } payments::X509Certificates certChain; if (!certChain.ParseFromString(paymentRequest.pki_data())) { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: error parsing pki_data"; return false; } std::vector<X509*> certs; const QDateTime currentTime = QDateTime::currentDateTime(); for (int i = 0; i < certChain.certificate_size(); i++) { QByteArray certData(certChain.certificate(i).data(), certChain.certificate(i).size()); QSslCertificate qCert(certData, QSsl::Der); if (currentTime < qCert.effectiveDate() || currentTime > qCert.expiryDate()) { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: certificate expired or not yet active: " << qCert; return false; }#if QT_VERSION >= 0x050000 if (qCert.isBlacklisted()) { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: certificate blacklisted: " << qCert; return false; }#endif const unsigned char *data = (const unsigned char *)certChain.certificate(i).data(); X509 *cert = d2i_X509(NULL, &data, certChain.certificate(i).size()); if (cert) certs.push_back(cert); } if (certs.empty()) { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: empty certificate chain"; return false; } // The first cert is the signing cert, the rest are untrusted certs that chain // to a valid root authority. OpenSSL needs them separately. STACK_OF(X509) *chain = sk_X509_new_null(); for (int i = certs.size()-1; i > 0; i--) { sk_X509_push(chain, certs[i]); } X509 *signing_cert = certs[0]; // Now create a "store context", which is a single use object for checking, // load the signing cert into it and verify. X509_STORE_CTX *store_ctx = X509_STORE_CTX_new(); if (!store_ctx) { qDebug() << "PaymentRequestPlus::getMerchant : Payment request: error creating X509_STORE_CTX"; return false; } char *website = NULL; bool fResult = true; try { if (!X509_STORE_CTX_init(store_ctx, certStore, signing_cert, chain)) { int error = X509_STORE_CTX_get_error(store_ctx); throw SSLVerifyError(X509_verify_cert_error_string(error)); } // Now do the verification! int result = X509_verify_cert(store_ctx); if (result != 1) { int error = X509_STORE_CTX_get_error(store_ctx); throw SSLVerifyError(X509_verify_cert_error_string(error)); } X509_NAME *certname = X509_get_subject_name(signing_cert); // Valid cert; check signature: payments::PaymentRequest rcopy(paymentRequest); // Copy rcopy.set_signature(std::string("")); std::string data_to_verify; // Everything but the signature rcopy.SerializeToString(&data_to_verify); EVP_MD_CTX ctx; EVP_PKEY *pubkey = X509_get_pubkey(signing_cert); EVP_MD_CTX_init(&ctx); if (!EVP_VerifyInit_ex(&ctx, digestAlgorithm, NULL) ||//.........这里部分代码省略.........
开发者ID:corefork,项目名称:ronpaulcoincore,代码行数:101,
示例8: mainint main() { unsigned char ordinal[4] = { 0x00, 0x00, 0x00, 0x17 }; HMAC_CTX hmac; unsigned char shared_secret[20] = { 0x42, 0xAC ,0xAF, 0xF1, 0xD4 ,0x99, 0x3C, 0xCA, 0xC9, 0x00, 0x3C, 0xCA, 0xC8, 0x00, 0x3C, 0xCA, 0xC8, 0x00, 0x3C, 0xCA }; unsigned char hashDigest[20] = { 0x6F, 0x02, 0x98, 0x86, 0x25, 0x8C, 0xAF, 0x9F, 0xC2, 0x4A, 0x70, 0x6B, 0xBD, 0x44, 0xBC, 0x5E, 0x57, 0xD8, 0x32, 0xA1 }; unsigned char even[20] = { 0x76, 0xF4, 0x26, 0x85, 0xF4, 0x8E, 0x33, 0x3B, 0x9B, 0x8B, 0xBA, 0xCF, 0x8D, 0x12, 0x42, 0x39, 0x7F, 0x8A, 0xC3, 0x23 }; unsigned char odd[20] = { 0xFE, 0x26, 0x68, 0x4C, 0x27, 0xB6, 0x50, 0x2A, 0xEC, 0x90, 0x85, 0xAA, 0xD9, 0x80, 0x38, 0x13, 0x9C, 0xD6, 0xE5, 0xBF }; //unsigned char h[20] = { 0x6B, 0xB0, 0x85, 0x4C, 0xA0, 0x9C, 0xAF, 0x9C, 0x3C, 0xCC, 0xA5, 0x57, 0x30, 0x85, 0xB9, 0x5F, 0x7B, 0x85, 0xE9, 0xCB }; unsigned char new_h[20] = { 0x00 }; unsigned char new_h2[20] = { 0x00 }; unsigned char xor_key[20] = { 0x00 }; unsigned char encrypted_secret[20] = { 0x00 }; unsigned char secret_key[20] = { 0x00 }; unsigned char shared[20] = { 0x00 }; unsigned char cont = 0x00; unsigned char osapEven[20] = { 0x03 ,0xF0 ,0x02 ,0xB6, 0xA9 ,0x2C ,0x48 ,0xAE, 0x3E ,0x0E ,0xEA ,0xA1, 0x47 ,0x5C ,0x3D ,0x21, 0xE8 ,0x06 ,0x38 ,0xD6 }; unsigned char osapOdd[20] = { 0x67, 0x04, 0x00, 0x4E, 0x36, 0x0C, 0x6E, 0x4A, 0xCB, 0xDB, 0xBB, 0xE6, 0xDD, 0xE2, 0xF1, 0x46, 0x2C, 0xF0, 0x77, 0x01 }; hmac_init(secret_key, 20); hmac_update(osapEven, 20); hmac_update(osapOdd, 20); hmac_final(shared); int i; printf("ENC AUTH:/n"); for(i=0;i<20;i++) printf("%02X ", shared[i]); printf("/n"); unsigned char pcrInfoSize[4] = { 0x00, 0x00, 0x00, 0x2C }; unsigned char pcrInfo[44] = { 0x00 }; unsigned char data[20] = { 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21, 0x54, 0x68, 0x69, 0x73, 0x49, 0x73, 0x4d, 0x65, 0x0A }; unsigned char data_len[4] = { 0x00, 0x00, 0x00, 0x14 }; pcrInfo[1] = 0x02; pcrInfo[2] = 0x00; unsigned int hmac_len = 20; hash_init(); hash_update(even, 20); hash_update(shared_secret, 20); hash_final(xor_key); for(i=0;i<20;i++) encrypted_secret[i] = xor_key[i] ^ secret_key[i]; printf("ENC AUTH:/n"); for(i=0;i<20;i++) printf("%02X ", encrypted_secret[i]); printf("/n"); hash_init(); hash_update(ordinal, 4); hash_update(encrypted_secret, 20); hash_update(pcrInfoSize, 4); hash_update(pcrInfo, 44); hash_update(data_len, 4); hash_update(data, 20); hash_final(hashDigest); printf("HASH DIGEST:/n"); for(i=0;i<20;i++) printf("%02X ", hashDigest[i]); printf("/n"); HMAC_CTX_init(&hmac); HMAC_Init(&hmac, shared_secret, 20, EVP_sha1()); HMAC_Update(&hmac, hashDigest, 20); HMAC_Update(&hmac, even, 20); HMAC_Update(&hmac, odd, 20); HMAC_Update(&hmac, &cont, 1); HMAC_Final(&hmac, new_h, &hmac_len); printf("OPENSSL HMAC:/n"); for(i=0;i<20;i++) printf("%02X ", new_h[i]); printf("/n"); h_init(shared_secret, 20); h_update(hashDigest, 20); h_update(even, 20); h_update(odd, 20); h_update(&cont, 1); h_final(new_h2); printf("IAIK HMAC:/n");//.........这里部分代码省略.........
开发者ID:tkastner,项目名称:hmac_ref,代码行数:101,
示例9: main//.........这里部分代码省略......... } } if (strlen(outFile) == 0) { out = stdout; } else { if ((out = fopen(outFile, "wb")) == NULL) { fprintf(stderr, "Error: unable to open %s/n", outFile); exit(1); } } /* Obviously change this if we implement brute force methods inside vfdecrypt */ if (!kflag && !pflag) { fprintf(stderr, "Neither a passphrase nor a valid key/hmac combo were given./n"); exit(1); } if (kflag && !mflag) { fprintf(stderr, "Setting HMAC-SHA1 key to all zeros!/n"); } hdr_version = determine_header_version(in); if (verbose >= 1) { if (hdr_version > 0) { fprintf(stderr, "v%d header detected./n", hdr_version); } else { fprintf(stderr, "unknown format./n"); exit(1); } } if (hdr_version == 1) { fseek(in, (long) -sizeof(cencrypted_v1_header), SEEK_END); if (fread(&v1header, sizeof(cencrypted_v1_header), 1, in) < 1) { fprintf(stderr, "header corrupted?/n"), exit(1); } adjust_v1_header_byteorder(&v1header); if(!kflag) unwrap_v1_header(passphrase, &v1header, aes_key, hmacsha1_key); } if (hdr_version == 2) { fseek(in, 0L, SEEK_SET); if (fread(&v2header, sizeof(cencrypted_v2_pwheader), 1, in) < 1) { fprintf(stderr, "header corrupted?/n"), exit(1); } adjust_v2_header_byteorder(&v2header); if (verbose >= 1) { dump_v2_header(&v2header); } if(!kflag) unwrap_v2_header(passphrase, &v2header, aes_key, hmacsha1_key); CHUNK_SIZE = v2header.blocksize; } if (kflag) { convert_hex(aes_key_str, aes_key, 16); convert_hex(hmacsha1_key_str, hmacsha1_key, 20); } HMAC_CTX_init(&hmacsha1_ctx); HMAC_Init_ex(&hmacsha1_ctx, hmacsha1_key, sizeof(hmacsha1_key), EVP_sha1(), NULL); AES_set_decrypt_key(aes_key, CIPHER_KEY_LENGTH * 8, &aes_decrypt_key); if (verbose >= 1) { fprintf(stderr, "aeskey:/n"); print_hex(stderr, aes_key, 16); } if (verbose >= 1) { fprintf(stderr, "hmacsha1key:/n"); print_hex(stderr, hmacsha1_key, 20); } if (hdr_version == 2) { if (verbose >= 1) { fprintf(stderr, "data offset : %llu/n", v2header.dataoffset); fprintf(stderr, "data size : %llu/n", v2header.datasize); } fseek(in, v2header.dataoffset, SEEK_SET); } else { fseek(in, 0L, SEEK_SET); } chunk_no = 0; while(fread(inbuf, CHUNK_SIZE, 1, in) > 0) { decrypt_chunk(inbuf, outbuf, chunk_no); chunk_no++; // fix for last chunk if(hdr_version == 2 && (v2header.datasize-ftell(out)) < CHUNK_SIZE) { fwrite(outbuf, v2header.datasize - ftell(out), 1, out); break; } fwrite(outbuf, CHUNK_SIZE, 1, out); } if (verbose >= 1) { fprintf(stderr, "%d chunks written/n", chunk_no); } fclose(in); fclose(out); return(0);}
开发者ID:Alanaktion,项目名称:vilefault,代码行数:101,
示例10: pkey_rsa_ctrlstatic int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2){ RSA_PKEY_CTX *rctx = ctx->data; switch (type) { case EVP_PKEY_CTRL_RSA_PADDING: if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { if (!check_padding_md(rctx->md, p1)) return 0; if (p1 == RSA_PKCS1_PSS_PADDING) { if (!(ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) goto bad_pad; if (!rctx->md) rctx->md = EVP_sha1(); } if (p1 == RSA_PKCS1_OAEP_PADDING) { if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) goto bad_pad; if (!rctx->md) rctx->md = EVP_sha1(); } rctx->pad_mode = p1; return 1; } bad_pad: RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return -2; case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: if (p1 < -2) return -2; if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); return -2; } rctx->saltlen = p1; return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: if (p1 < 256) { RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); return -2; } rctx->nbits = p1; return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: if (!p2) return -2; rctx->pub_exp = p2; return 1; case EVP_PKEY_CTRL_MD: if (!check_padding_md(p2, rctx->pad_mode)) return 0; rctx->md = p2; return 1; case EVP_PKEY_CTRL_DIGESTINIT: case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: case EVP_PKEY_CTRL_PKCS7_SIGN:#ifndef OPENSSL_NO_CMS case EVP_PKEY_CTRL_CMS_ENCRYPT: case EVP_PKEY_CTRL_CMS_DECRYPT: case EVP_PKEY_CTRL_CMS_SIGN:#endif return 1; case EVP_PKEY_CTRL_PEER_KEY: RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; default: return -2; }}
开发者ID:bbidd985,项目名称:IEEE_Taggant_System,代码行数:79,
示例11: ocsp_main//.........这里部分代码省略......... case OPT_STATUS_AGE: opt_long(opt_arg(), &maxage); break; case OPT_SIGNKEY: keyfile = opt_arg(); break; case OPT_REQOUT: reqout = opt_arg(); break; case OPT_RESPOUT: respout = opt_arg(); break; case OPT_PATH: path = opt_arg(); break; case OPT_ISSUER: issuer = load_cert(opt_arg(), FORMAT_PEM, NULL, NULL, "issuer certificate"); if (issuer == NULL) goto end; if (issuers == NULL) { if ((issuers = sk_X509_new_null()) == NULL) goto end; } sk_X509_push(issuers, issuer); break; case OPT_CERT: X509_free(cert); cert = load_cert(opt_arg(), FORMAT_PEM, NULL, NULL, "certificate"); if (cert == NULL) goto end; if (cert_id_md == NULL) cert_id_md = EVP_sha1(); if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) goto end; if (!sk_OPENSSL_STRING_push(reqnames, opt_arg())) goto end; break; case OPT_SERIAL: if (cert_id_md == NULL) cert_id_md = EVP_sha1(); if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids)) goto end; if (!sk_OPENSSL_STRING_push(reqnames, opt_arg())) goto end; break; case OPT_INDEX: ridx_filename = opt_arg(); break; case OPT_CA: rca_filename = opt_arg(); break; case OPT_NMIN: opt_int(opt_arg(), &nmin); if (ndays == -1) ndays = 0; break; case OPT_REQUEST: opt_int(opt_arg(), &accept_count); break; case OPT_NDAYS: ndays = atoi(opt_arg()); break; case OPT_RSIGNER: rsignfile = opt_arg();
开发者ID:alfiesyukur,项目名称:openssl,代码行数:67,
示例12: crypto_hmac_sha1_initvoid crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE* data, UINT32 length){ HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);}
开发者ID:MoriEdan,项目名称:cameyo,代码行数:4,
示例13: HMAC_CTX_initHmacHash::HmacHash(uint32 len, uint8 *seed){ HMAC_CTX_init(&m_ctx); HMAC_Init_ex(&m_ctx, seed, len, EVP_sha1(), NULL);}
开发者ID:heros,项目名称:LasCore,代码行数:5,
示例14: rsa_item_verify/* Customised RSA item verification routine. This is called * when a signature is encountered requiring special handling. We * currently only handle PSS. */static intrsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey){ int rv = -1; int saltlen; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_PSS_PARAMS *pss; X509_ALGOR *maskHash; EVP_PKEY_CTX *pkctx; /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } /* Decode PSS parameters */ pss = rsa_pss_decode(sigalg, &maskHash); if (pss == NULL) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS); goto err; } /* Check mask and lookup mask hash algorithm */ if (pss->maskGenAlgorithm) { if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM); goto err; } if (!maskHash) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER); goto err; } mgf1md = EVP_get_digestbyobj(maskHash->algorithm); if (mgf1md == NULL) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST); goto err; } } else mgf1md = EVP_sha1(); if (pss->hashAlgorithm) { md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); if (md == NULL) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST); goto err; } } else md = EVP_sha1(); if (pss->saltLength) { saltlen = ASN1_INTEGER_get(pss->saltLength); /* Could perform more salt length sanity checks but the main * RSA routines will trap other invalid values anyway. */ if (saltlen < 0) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH); goto err; } } else saltlen = 20; /* low-level routines support only trailer field 0xbc (value 1) * and PKCS#1 says we should reject any other value anyway. */ if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER); goto err; } /* We have all parameters now set up context */ if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) goto err; if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) goto err; if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) goto err; if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; /* Carry on */ rv = 2;err: RSA_PSS_PARAMS_free(pss); if (maskHash) X509_ALGOR_free(maskHash);//.........这里部分代码省略.........
开发者ID:SylvestreG,项目名称:bitrig,代码行数:101,
示例15: HMAC_Init_exvoid HmacHash::Initialize(){ HMAC_Init_ex(&m_ctx, &m_key, SEED_KEY_SIZE, EVP_sha1(), NULL);}
开发者ID:Regolan,项目名称:mangos-tbc,代码行数:4,
示例16: ecdh_cms_encryptstatic int ecdh_cms_encrypt(CMS_RecipientInfo *ri){ EVP_PKEY_CTX *pctx; EVP_PKEY *pkey; EVP_CIPHER_CTX *ctx; int keylen; X509_ALGOR *talg, *wrap_alg = NULL; ASN1_OBJECT *aoid; ASN1_BIT_STRING *pubkey; ASN1_STRING *wrap_str; ASN1_OCTET_STRING *ukm; unsigned char *penc = NULL; int penclen; int rv = 0; int ecdh_nid, kdf_type, kdf_nid, wrap_nid; const EVP_MD *kdf_md; pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); if (!pctx) return 0; /* Get ephemeral key */ pkey = EVP_PKEY_CTX_get0_pkey(pctx); if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, NULL, NULL, NULL)) goto err; X509_ALGOR_get0(&aoid, NULL, NULL, talg); /* Is everything uninitialised? */ if (aoid == OBJ_nid2obj(NID_undef)) { EC_KEY *eckey = pkey->pkey.ec; /* Set the key */ unsigned char *p; penclen = i2o_ECPublicKey(eckey, NULL); if (penclen <= 0) goto err; penc = OPENSSL_malloc(penclen); if (penc == NULL) goto err; p = penc; penclen = i2o_ECPublicKey(eckey, &p); if (penclen <= 0) goto err; ASN1_STRING_set0(pubkey, penc, penclen); pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; penc = NULL; X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), V_ASN1_UNDEF, NULL); } /* See if custom parameters set */ kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); if (kdf_type <= 0) goto err; if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md)) goto err; ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx); if (ecdh_nid < 0) goto err; else if (ecdh_nid == 0) ecdh_nid = NID_dh_std_kdf; else if (ecdh_nid == 1) ecdh_nid = NID_dh_cofactor_kdf; if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { kdf_type = EVP_PKEY_ECDH_KDF_X9_62; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) goto err; } else /* Unknown KDF */ goto err; if (kdf_md == NULL) { /* Fixme later for better MD */ kdf_md = EVP_sha1(); if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) goto err; } if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) goto err; /* Lookup NID for KDF+cofactor+digest */ if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid)) goto err; /* Get wrap NID */ ctx = CMS_RecipientInfo_kari_get0_ctx(ri); wrap_nid = EVP_CIPHER_CTX_type(ctx); keylen = EVP_CIPHER_CTX_key_length(ctx); /* Package wrap algorithm in an AlgorithmIdentifier */ wrap_alg = X509_ALGOR_new(); if (wrap_alg == NULL) goto err; wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); wrap_alg->parameter = ASN1_TYPE_new(); if (wrap_alg->parameter == NULL) goto err;//.........这里部分代码省略.........
开发者ID:277800076,项目名称:openssl,代码行数:101,
示例17: HMAC_CTX_initvoid HMACHash::Initialize(uint32 len, uint8 *seed){ HMAC_CTX_init(&mC); HMAC_Init_ex(&mC, seed, len, EVP_sha1(), NULL);}
开发者ID:satanail,项目名称:ArcTic-d,代码行数:5,
示例18: EvpSha1extern "C" const EVP_MD* EvpSha1(){ return EVP_sha1();}
开发者ID:fuwei199006,项目名称:corefx,代码行数:4,
示例19: ldns_sign_public_bufferldns_rdf *ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key){ ldns_rdf *b64rdf = NULL; switch(ldns_key_algorithm(current_key)) { case LDNS_SIGN_DSA: case LDNS_SIGN_DSA_NSEC3: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_dss1()); break; case LDNS_SIGN_RSASHA1: case LDNS_SIGN_RSASHA1_NSEC3: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_sha1()); break;#ifdef USE_SHA2 case LDNS_SIGN_RSASHA256: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_sha256()); break; case LDNS_SIGN_RSASHA512: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_sha512()); break;#endif /* USE_SHA2 */#ifdef USE_GOST case LDNS_SIGN_ECC_GOST: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_get_digestbyname("md_gost94")); break;#endif /* USE_GOST */#ifdef USE_ECDSA case LDNS_SIGN_ECDSAP256SHA256: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_sha256()); break; case LDNS_SIGN_ECDSAP384SHA384: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_sha384()); break;#endif case LDNS_SIGN_RSAMD5: b64rdf = ldns_sign_public_evp( sign_buf, ldns_key_evp_key(current_key), EVP_md5()); break; default: /* do _you_ know this alg? */ printf("unknown algorithm, "); printf("is the one used available on this system?/n"); break; } return b64rdf;}
开发者ID:mbuij,项目名称:ldns-cga-tsig,代码行数:71,
示例20: SSL_get_error//.........这里部分代码省略......... return -1; case SSL_ERROR_ZERO_RETURN:#ifndef HEADER_OPENSSLV_H if(ssl->last_error == GNUTLS_E_INTERRUPTED || ssl->last_error == GNUTLS_E_AGAIN) return -1;#endif throw SocketException(STRING(CONNECTION_CLOSED)); default: { ssl.reset(); // @todo replace 80 with MAX_ERROR_SZ or whatever's appropriate for yaSSL in some nice way... char errbuf[80]; /* TODO: better message for SSL_ERROR_SYSCALL * If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: * If ret == 0, an EOF was observed that violates the protocol. If ret == -1, the underlying BIO reported an I/O error * (for socket I/O on Unix systems, consult errno for details). */ int error = ERR_get_error(); sprintf(errbuf, "%s %d: %s", CSTRING(SSL_ERROR), err, (error == 0) ? CSTRING(CONNECTION_CLOSED) : ERR_reason_error_string(error)); throw SSLSocketException(errbuf); } } } return ret;}int SSLSocket::wait(uint64_t millis, int waitFor) throw(SocketException) {#ifdef HEADER_OPENSSLV_H if(ssl && (waitFor & Socket::WAIT_READ)) { /** @todo Take writing into account as well if reading is possible? */ char c; if(SSL_peek(ssl, &c, 1) > 0) return WAIT_READ; }#endif return Socket::wait(millis, waitFor);}bool SSLSocket::isTrusted() throw() { if(!ssl) { return false; }#ifdef HEADER_OPENSSLV_H if(SSL_get_verify_result(ssl) != X509_V_OK) { return false; }#else if(gnutls_certificate_verify_peers(((SSL*)ssl)->gnutls_state) != 0) { return false; }#endif X509* cert = SSL_get_peer_certificate(ssl); if(!cert) { return false; } X509_free(cert); return true;}std::string SSLSocket::getCipherName() throw() { if(!ssl) return Util::emptyString; return SSL_get_cipher_name(ssl);}std::string SSLSocket::getDigest() const throw() {#ifdef HEADER_OPENSSLV_H if(!ssl) return Util::emptyString; X509* x509 = SSL_get_peer_certificate(ssl); if(!x509) return Util::emptyString; return ssl::X509_digest(x509, EVP_sha1());#else return Util::emptyString;#endif}void SSLSocket::shutdown() throw() { if(ssl) SSL_shutdown(ssl);}void SSLSocket::close() throw() { if(ssl) { ssl.reset(); } Socket::shutdown(); Socket::close();}} // namespace dcpp
开发者ID:strogo,项目名称:StrongDC,代码行数:101,
示例21: MAIN//.........这里部分代码省略......... } else badarg = 1; } else if (!strcmp(*args, "-respout")) { if (args[1]) { args++; respout = *args; } else badarg = 1; } else if (!strcmp(*args, "-path")) { if (args[1]) { args++; path = *args; } else badarg = 1; } else if (!strcmp(*args, "-issuer")) { if (args[1]) { args++; X509_free(issuer); issuer = load_cert(bio_err, *args, FORMAT_PEM, NULL, e, "issuer certificate"); if (!issuer) goto end; } else badarg = 1; } else if (!strcmp(*args, "-cert")) { if (args[1]) { args++; X509_free(cert); cert = load_cert(bio_err, *args, FORMAT_PEM, NULL, e, "certificate"); if (!cert) goto end; if (!cert_id_md) cert_id_md = EVP_sha1(); if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) goto end; if (!sk_OPENSSL_STRING_push(reqnames, *args)) goto end; } else badarg = 1; } else if (!strcmp(*args, "-serial")) { if (args[1]) { args++; if (!cert_id_md) cert_id_md = EVP_sha1(); if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) goto end; if (!sk_OPENSSL_STRING_push(reqnames, *args)) goto end; } else badarg = 1; } else if (!strcmp(*args, "-index")) { if (args[1]) { args++; ridx_filename = *args; } else badarg = 1; } else if (!strcmp(*args, "-CA")) { if (args[1]) { args++; rca_filename = *args; } else badarg = 1; } else if (!strcmp(*args, "-nmin")) { if (args[1]) { args++;
开发者ID:ajinkya93,项目名称:netbsd-src,代码行数:67,
示例22: async_client_hellobool avjackif::async_register_new_user(std::string user_name, boost::asio::yield_context yield_context){ // 先发 client_hello if( m_shared_key.empty()) async_client_hello(yield_context); auto digest = EVP_sha1(); // 先生成 RSA 密钥 _rsa.reset(RSA_generate_key(2048, 65537, 0, 0), RSA_free); // 然后生成 CSR boost::shared_ptr<X509_REQ> csr(X509_REQ_new(), X509_REQ_free); boost::shared_ptr<EVP_PKEY> pkey(EVP_PKEY_new(), EVP_PKEY_free); EVP_PKEY_set1_RSA(pkey.get(), _rsa.get()); // 添加证书申请信息 auto subj =X509_REQ_get_subject_name(csr.get());/* X509_NAME_add_entry_by_NID(subj, NID_countryName, "CN"); X509_NAME_add_entry_by_NID(subj, NID_stateOrProvinceName, "Shanghai"); X509_NAME_add_entry_by_NID(subj, NID_localityName, "Shanghai"); X509_NAME_add_entry_by_NID(subj, NID_organizationName, "avplayer"); X509_NAME_add_entry_by_NID(subj, NID_organizationalUnitName, "sales");*/ X509_NAME_add_entry_by_NID(subj, NID_commonName, user_name);// X509_NAME_add_entry_by_NID(subj, NID_pkcs9_emailAddress, "test-client"); X509_REQ_set_pubkey(csr.get(), pkey.get()); // 签出 CSR X509_REQ_sign(csr.get(), pkey.get(), digest); unsigned char * out = NULL; auto csr_out_len = i2d_X509_REQ(csr.get(), &out); std::string csrout((char*)out, csr_out_len); OPENSSL_free(out); out = NULL; auto rsa_key_out_len = i2d_RSA_PUBKEY(_rsa.get(), &out); std::string rsa_key((char*)out, rsa_key_out_len); OPENSSL_free(out); PEM_write_X509_REQ(stderr, csr.get()); // 然后发送 注册信息 proto::user_register user_register; user_register.set_user_name(user_name); user_register.set_rsa_pubkey(rsa_key); user_register.set_csr(csrout); boost::asio::async_write(*m_sock, boost::asio::buffer(av_router::encode(user_register)), yield_context); // 读取应答 std::unique_ptr<proto::user_register_result> user_register_result((proto::user_register_result*)async_read_protobuf_message(*m_sock, yield_context)); return user_register_result->result() == proto::user_register_result::REGISTER_SUCCEED;}
开发者ID:leangjia,项目名称:avim,代码行数:61,
示例23: wimax_postauth//.........这里部分代码省略......... */ mn_nai = pairfind(request->packet->vps, 1900, 0); if (!mn_nai) mn_nai = pairfind(request->reply->vps, 1900, 0); if (!mn_nai) { RDEBUG("WARNING: WiMAX-MN-NAI was not found in the request or in the reply."); RDEBUG("WARNING: We cannot calculate MN-HA keys."); } /* * WiMAX-IP-Technology */ vp = NULL; if (mn_nai) vp = pairfind(request->reply->vps, 23, VENDORPEC_WIMAX); if (!vp) { RDEBUG("WARNING: WiMAX-IP-Technology not found in reply."); RDEBUG("WARNING: Not calculating MN-HA keys"); } if (vp) switch (vp->vp_integer) { case 2: /* PMIP4 */ /* * Look for WiMAX-hHA-IP-MIP4 */ ip = pairfind(request->reply->vps, 6, VENDORPEC_WIMAX); if (!ip) { RDEBUG("WARNING: WiMAX-hHA-IP-MIP4 not found. Cannot calculate MN-HA-PMIP4 key"); break; } /* * MN-HA-PMIP4 = * H(MIP-RK, "PMIP4 MN HA" | HA-IPv4 | MN-NAI); */ HMAC_Init_ex(&hmac, mip_rk, rk_len, EVP_sha1(), NULL); HMAC_Update(&hmac, (const uint8_t *) "PMIP4 MN HA", 11); HMAC_Update(&hmac, (const uint8_t *) &ip->vp_ipaddr, 4); HMAC_Update(&hmac, (const uint8_t *) &mn_nai->vp_strvalue, mn_nai->length); HMAC_Final(&hmac, &mip_rk_1[0], &rk1_len); /* * Put MN-HA-PMIP4 into WiMAX-MN-hHA-MIP4-Key */ vp = pairfind(request->reply->vps, 10, VENDORPEC_WIMAX); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 10, VENDORPEC_WIMAX, PW_TYPE_OCTETS); } if (!vp) { RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP4-Key"); break; } memcpy(vp->vp_octets, &mip_rk_1[0], rk1_len); vp->length = rk1_len; /* * Put MN-HA-PMIP4-SPI into WiMAX-MN-hHA-MIP4-SPI */ vp = pairfind(request->reply->vps, 11, VENDORPEC_WIMAX); if (!vp) { vp = radius_paircreate(request, &request->reply->vps, 11, VENDORPEC_WIMAX, PW_TYPE_INTEGER); } if (!vp) { RDEBUG("WARNING: Failed creating WiMAX-MN-hHA-MIP4-SPI"); break;
开发者ID:dragon9k,项目名称:freeradius-server,代码行数:67,
示例24: sc_generate_keyed_hash//.........这里部分代码省略......... sc_generate_keyed_hash(const oid * authtype, size_t authtypelen, u_char * key, u_int keylen, u_char * message, u_int msglen, u_char * MAC, size_t * maclen)#if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL){ int rval = SNMPERR_SUCCESS; int properlength; u_char buf[SNMP_MAXBUF_SMALL];#if defined(USE_OPENSSL) int buf_len = sizeof(buf);#endif DEBUGTRACE;#ifdef SNMP_TESTING_CODE { int i; DEBUGMSG(("sc_generate_keyed_hash", "sc_generate_keyed_hash(): key=0x")); for (i = 0; i < keylen; i++) DEBUGMSG(("sc_generate_keyed_hash", "%02x", key[i] & 0xff)); DEBUGMSG(("sc_generate_keyed_hash", " (%d)/n", keylen)); }#endif /* SNMP_TESTING_CODE */ /* * Sanity check. */ if (!authtype || !key || !message || !MAC || !maclen || (keylen <= 0) || (msglen <= 0) || (*maclen <= 0) || (authtypelen != USM_LENGTH_OID_TRANSFORM)) { QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit); } properlength = sc_get_properlength(authtype, authtypelen); if (properlength == SNMPERR_GENERR) return properlength; if (((int) keylen < properlength)) { QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit); }#ifdef USE_OPENSSL /* * Determine transform type. */ if (ISTRANSFORM(authtype, HMACMD5Auth)) HMAC(EVP_md5(), key, keylen, message, msglen, buf, &buf_len); else if (ISTRANSFORM(authtype, HMACSHA1Auth)) HMAC(EVP_sha1(), key, keylen, message, msglen, buf, &buf_len); else { QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit); } if (buf_len != properlength) { QUITFUN(rval, sc_generate_keyed_hash_quit); } if (*maclen > buf_len) *maclen = buf_len; memcpy(MAC, buf, *maclen);#else if ((int) *maclen > properlength) *maclen = properlength; if (MDsign(message, msglen, MAC, *maclen, key, keylen)) { rval = SNMPERR_GENERR; goto sc_generate_keyed_hash_quit; }#endif /* USE_OPENSSL */#ifdef SNMP_TESTING_CODE { char *s; int len = binary_to_hex(MAC, *maclen, &s); DEBUGMSGTL(("scapi", "Full v3 message hash: %s/n", s)); SNMP_ZERO(s, len); SNMP_FREE(s); }#endif sc_generate_keyed_hash_quit: SNMP_ZERO(buf, SNMP_MAXBUF_SMALL); return rval;} /* end sc_generate_keyed_hash() */
开发者ID:tenox7,项目名称:net-snmp-v501-vms,代码行数:101,
示例25: pkey_rsa_ctrlstatic int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { RSA_PKEY_CTX *rctx = ctx->data; switch (type) { case EVP_PKEY_CTRL_RSA_PADDING: if (!is_known_padding(p1) || !check_padding_md(rctx->md, p1) || (p1 == RSA_PKCS1_PSS_PADDING && 0 == (ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) || (p1 == RSA_PKCS1_OAEP_PADDING && 0 == (ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return 0; } if ((p1 == RSA_PKCS1_PSS_PADDING || p1 == RSA_PKCS1_OAEP_PADDING) && rctx->md == NULL) { rctx->md = EVP_sha1(); } rctx->pad_mode = p1; return 1; case EVP_PKEY_CTRL_GET_RSA_PADDING: *(int *)p2 = rctx->pad_mode; return 1; case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PSS_SALTLEN); return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { *(int *)p2 = rctx->saltlen; } else { if (p1 < -2) { return 0; } rctx->saltlen = p1; } return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: if (p1 < 256) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_KEYBITS); return 0; } rctx->nbits = p1; return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: if (!p2) { return 0; } BN_free(rctx->pub_exp); rctx->pub_exp = p2; return 1; case EVP_PKEY_CTRL_RSA_OAEP_MD: case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) { *(const EVP_MD **)p2 = rctx->md; } else { rctx->md = p2; } return 1; case EVP_PKEY_CTRL_MD: if (!check_padding_md(p2, rctx->pad_mode)) { return 0; } rctx->md = p2; return 1; case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = rctx->md; return 1; case EVP_PKEY_CTRL_RSA_MGF1_MD: case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_MGF1_MD); return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { if (rctx->mgf1md) { *(const EVP_MD **)p2 = rctx->mgf1md; } else { *(const EVP_MD **)p2 = rctx->md; } } else { rctx->mgf1md = p2; } return 1; case EVP_PKEY_CTRL_RSA_OAEP_LABEL: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {//.........这里部分代码省略.........
开发者ID:randombit,项目名称:hacrypto,代码行数:101,
示例26: sc_hash _SCAPI_NOT_CONFIGURED#endif /* *//* * sc_hash(): a generic wrapper around whatever hashing package we are using. * * IN: * hashtype - oid pointer to a hash type * hashtypelen - length of oid pointer * buf - u_char buffer to be hashed * buf_len - integer length of buf data * MAC_len - length of the passed MAC buffer size. * * OUT: * MAC - pre-malloced space to store hash output. * MAC_len - length of MAC output to the MAC buffer. * * Returns: * SNMPERR_SUCCESS Success. * SNMP_SC_GENERAL_FAILURE Any error. */ int sc_hash(const oid * hashtype, size_t hashtypelen, u_char * buf, size_t buf_len, u_char * MAC, size_t * MAC_len)#if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL){ int rval = SNMPERR_SUCCESS;#ifdef USE_OPENSSL EVP_MD *hash(void); HMAC_CTX *c = NULL;#endif DEBUGTRACE; if (hashtype == NULL || hashtypelen < 0 || buf == NULL || buf_len < 0 || MAC == NULL || MAC_len == NULL || (int) (*MAC_len) < sc_get_properlength(hashtype, hashtypelen)) return (SNMPERR_GENERR);#ifdef USE_OPENSSL /* * Determine transform type. */ c = malloc(sizeof(HMAC_CTX)); if (c == NULL) return (SNMPERR_GENERR); if (ISTRANSFORM(hashtype, HMACMD5Auth)) { EVP_DigestInit(&c->md_ctx, (const EVP_MD *) EVP_md5()); } else if (ISTRANSFORM(hashtype, HMACSHA1Auth)) { EVP_DigestInit(&c->md_ctx, (const EVP_MD *) EVP_sha1()); } else { return (SNMPERR_GENERR); } EVP_DigestUpdate(&c->md_ctx, buf, buf_len); EVP_DigestFinal(&(c->md_ctx), MAC, MAC_len); free(c); return (rval);#else /* USE_INTERNAL_MD5 */ if (MDchecksum(buf, buf_len, MAC, *MAC_len)) { return SNMPERR_GENERR; } if (*MAC_len > 16) *MAC_len = 16; return SNMPERR_SUCCESS;#endif /* USE_OPENSSL */}
开发者ID:tenox7,项目名称:net-snmp-v501-vms,代码行数:99,
示例27: OpcUa_P_OpenSSL_X509_SelfSigned_Custom_Create/*============================================================================ * OpcUa_P_OpenSSL_X509_SelfSigned_Custom_Create *===========================================================================*/OpcUa_StatusCode OpcUa_P_OpenSSL_X509_SelfSigned_Custom_Create( OpcUa_CryptoProvider* a_pProvider, OpcUa_Int32 a_serialNumber, OpcUa_UInt32 a_validToInSec, OpcUa_Crypto_NameEntry* a_pNameEntries, /* will be used for issuer and subject thus it's selfigned cert */ OpcUa_UInt a_nameEntriesCount, /* will be used for issuer and subject thus it's selfigned cert */ OpcUa_Key a_pSubjectPublicKey, /* EVP_PKEY* - type defines also public key algorithm */ OpcUa_Crypto_Extension* a_pExtensions, OpcUa_UInt a_extensionsCount, OpcUa_UInt a_signatureHashAlgorithm, /* EVP_sha1(),... */ OpcUa_Key a_pIssuerPrivateKey, /* EVP_PKEY* - type defines also signature algorithm */ OpcUa_ByteString* a_pCertificate){ OpcUa_UInt i; X509_NAME* pSubj = OpcUa_Null; X509V3_CTX ctx; const EVP_MD* pDigest = OpcUa_Null; X509* pCert = OpcUa_Null; EVP_PKEY* pSubjectPublicKey = OpcUa_Null; EVP_PKEY* pIssuerPrivateKey = OpcUa_Null; OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "X509_SelfSigned_Custom_Create"); OpcUa_ReferenceParameter(a_pProvider); OpcUa_ReturnErrorIfArgumentNull(a_pNameEntries); OpcUa_ReturnErrorIfArgumentNull(a_pExtensions); OpcUa_ReturnErrorIfArgumentNull(a_pIssuerPrivateKey.Key.Data); OpcUa_ReturnErrorIfArgumentNull(a_pCertificate); if(a_pSubjectPublicKey.Type != OpcUa_Crypto_KeyType_Rsa_Public) { uStatus = OpcUa_BadInvalidArgument; OpcUa_GotoErrorIfBad(uStatus); } if(a_pIssuerPrivateKey.Type != OpcUa_Crypto_KeyType_Rsa_Private) { uStatus = OpcUa_BadInvalidArgument; OpcUa_GotoErrorIfBad(uStatus); } pSubjectPublicKey = d2i_PublicKey(EVP_PKEY_RSA,OpcUa_Null,((const unsigned char**)&(a_pSubjectPublicKey.Key.Data)),a_pSubjectPublicKey.Key.Length); if(pSubjectPublicKey == OpcUa_Null) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } pIssuerPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA,OpcUa_Null,((const unsigned char**)&(a_pIssuerPrivateKey.Key.Data)),a_pIssuerPrivateKey.Key.Length); if(pIssuerPrivateKey == OpcUa_Null) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } /* create new certificate object */ pCert = X509_new(); if(pCert == OpcUa_Null) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } /* set version of certificate (V3 since internal representation starts versioning from 0) */ if(X509_set_version(pCert, 2L) != 1) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } /* generate a unique number for a serial number if none provided. */ if(a_serialNumber == 0) { ASN1_INTEGER* pSerialNumber = X509_get_serialNumber(pCert); pSerialNumber->type = V_ASN1_INTEGER; pSerialNumber->data = OPENSSL_realloc(pSerialNumber->data, 16); pSerialNumber->length = 16; if(pSerialNumber->data == NULL || OpcUa_P_Guid_Create((OpcUa_Guid*)pSerialNumber->data) == NULL) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } } /* use the integer passed in - note the API should not be using a 32-bit integer - must fix sometime */ else if(ASN1_INTEGER_set(X509_get_serialNumber(pCert), a_serialNumber) == 0) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } /* add key to the request *///.........这里部分代码省略.........
开发者ID:biancode,项目名称:UA-AnsiC,代码行数:101,
示例28: x509_main//.........这里部分代码省略......... X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf); BIO_printf(out, " * Issuer: %s/n" " *//n", buf); len = i2d_X509(x, NULL); m = app_malloc(len, "x509 name buffer"); d = (unsigned char *)m; len = i2d_X509_NAME(X509_get_subject_name(x), &d); print_array(out, "the_subject_name", len, (unsigned char *)m); d = (unsigned char *)m; len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d); print_array(out, "the_public_key", len, (unsigned char *)m); d = (unsigned char *)m; len = i2d_X509(x, &d); print_array(out, "the_certificate", len, (unsigned char *)m); OPENSSL_free(m); } else if (text == i) { X509_print_ex(out, x, nmflag, certflag); } else if (startdate == i) { BIO_puts(out, "notBefore="); ASN1_TIME_print(out, X509_get_notBefore(x)); BIO_puts(out, "/n"); } else if (enddate == i) { BIO_puts(out, "notAfter="); ASN1_TIME_print(out, X509_get_notAfter(x)); BIO_puts(out, "/n"); } else if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD *fdig = digest; if (!fdig) fdig = EVP_sha1(); if (!X509_digest(x, fdig, md, &n)) { BIO_printf(bio_err, "out of memory/n"); goto end; } BIO_printf(out, "%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig))); for (j = 0; j < (int)n; j++) { BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '/n' : ':'); } } /* should be in the library */ else if ((sign_flag == i) && (x509req == 0)) { BIO_printf(bio_err, "Getting Private key/n"); if (Upkey == NULL) { Upkey = load_key(keyfile, keyformat, 0, passin, e, "Private key"); if (Upkey == NULL) goto end; } assert(need_rand); if (!sign(x, Upkey, days, clrext, digest, extconf, extsect)) goto end; } else if (CA_flag == i) { BIO_printf(bio_err, "Getting CA Private Key/n"); if (CAkeyfile != NULL) { CApkey = load_key(CAkeyfile, CAkeyformat, 0, passin, e, "CA Private Key"); if (CApkey == NULL)
开发者ID:ArmanIzad,项目名称:openssl,代码行数:67,
示例29: verify_cookie_callbackint MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; union { struct TINYCLR_SSL_SOCKADDR sa; struct TINYCLR_SSL_SOCKADDR_IN s4;#if OPENSSL_USE_IPV6 struct sockaddr_in6 s6;#endif } peer; /* If secret isn't initialized yet, the cookie can't be valid */ if (!cookie_initialized) return 0; /* Read peer information */ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); /* Create buffer with peer's address and port */ length = 0; switch (peer.sa.sa_family) { case AF_INET: length += sizeof(struct in_addr); length += sizeof(peer.s4.sin_port); break;#if OPENSSL_USE_IPV6 case AF_INET6: length += sizeof(struct in6_addr); length += sizeof(peer.s6.sin6_port); break;#endif default: TINYCLR_SSL_ASSERT(0); break; } buffer = (unsigned char*)OPENSSL_malloc(length); if (buffer == NULL) { BIO_printf(bio_err,"out of memory/n"); return 0; } switch (peer.sa.sa_family) { case AF_INET: TINYCLR_SSL_MEMCPY(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); TINYCLR_SSL_MEMCPY(buffer + sizeof(peer.s4.sin_port), &peer.s4.sin_addr, sizeof(struct in_addr)); break;#if OPENSSL_USE_IPV6 case AF_INET6: TINYCLR_SSL_MEMCPY(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); TINYCLR_SSL_MEMCPY(buffer + sizeof(peer.s6.sin6_port), &peer.s6.sin6_addr, sizeof(struct in6_addr)); break;#endif default: TINYCLR_SSL_ASSERT(0); break; } /* Calculate HMAC of buffer using the secret */ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, result, &resultlength); OPENSSL_free(buffer); if (cookie_len == resultlength && TINYCLR_SSL_MEMCMP(result, cookie, resultlength) == 0) return 1; return 0; }
开发者ID:EddieGarmon,项目名称:netduino-netmf,代码行数:80,
注:本文中的EVP_sha1函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。
C++ EVP_sha256函数代码示例
C++ EVP_rc4函数代码示例 |
