Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

At a point where I just removed the t_mgf1 in favor of OpenSSL SHA256…

… as keys.
  • Loading branch information...
commit 5c52b28cf722f2e00fbcffd4cd9aaea7c8581252 1 parent c32613d
Unknown authored
View
2  Makefile
@@ -124,7 +124,7 @@ AUTOMAKE = automake-1.11
AWK = gawk
CC = gcc
CCDEPMODE = depmode=none
-CFLAGS = -O
+CFLAGS = -O -g
CPP = gcc -E
CPPFLAGS =
CYGPATH_W = echo
View
2  config.h
@@ -14,7 +14,7 @@
/* #undef CRYPTOLIB */
-#define OPENSSL_ENGINE 1
+/* #undef OPENSSL_ENGINE */
/* #undef ENABLE_YP */
View
5 config.status
@@ -438,7 +438,7 @@ $config_commands
Report bugs to the package provider."
-ac_cs_config="'--with-engine'"
+ac_cs_config=""
ac_cs_version="\
config.status
configured by ./configure, generated by GNU Autoconf 2.65,
@@ -524,7 +524,7 @@ if $ac_cs_silent; then
fi
if $ac_cs_recheck; then
- set X '/bin/bash' './configure' '--with-engine' $ac_configure_extra_args --no-create --no-recursion
+ set X '/bin/bash' './configure' $ac_configure_extra_args --no-create --no-recursion
shift
$as_echo "running CONFIG_SHELL=/bin/bash $*" >&6
CONFIG_SHELL='/bin/bash'
@@ -782,7 +782,6 @@ D["HAVE_MEMCPY"]=" 1"
D["RETSIGTYPE"]=" void"
D["POSIX_TERMIOS"]=" 1"
D["OPENSSL"]=" 1"
-D["OPENSSL_ENGINE"]=" 1"
D["HIGHFIRST"]=" 1"
D["SHA1HANDSOFF"]=" 1"
for (key in D) D_is_set[key] = 1
View
4 simple_test.c
@@ -1,4 +1,5 @@
#include "srp_simple.h"
+#include "dbg.h"
FILE *LOG_FILE = NULL;
@@ -31,16 +32,19 @@ void main(int argc, char *argv[])
// STEP 1: setup the server's public key for the client using params, hashed password, and username from client
cstr *server_pub = ssrp_server_start(server, MODULUS, GENERATOR, salt, password, user);
check(server_pub != NULL, "Failed to get server public key.");
+ debug("SERVER PUB LEN: %d", server_pub->length);
// S->C: modulus, generator, salt, server_pub
// STEP 2: client calcs public key based on params and username
cstr *client_pub = ssrp_client_start(client, MODULUS, GENERATOR, salt, user);
check(client_pub != NULL, "Failed to get client public key.");
+ debug("CLIENT PUB LEN: %d", client_pub->length);
// STEP 3: client uses server_pub key and locally known real user pass to generate its proof
cstr *client_proof = ssrp_client_respond(client, server_pub, user_pass);
check(client_proof != NULL, "Failed to make client proof.");
+ debug("CLIENT PROOF LEN: %d", client_proof->length);
// C->S: client_proof, client_pub
View
4 srp.h
@@ -157,8 +157,8 @@ _TYPE( SRP_RESULT ) SRP_free P((SRP * srp));
/* RFC2945-style SRP authentication */
-#define RFC2945_KEY_LEN 40 /* length of session key (bytes) */
-#define RFC2945_RESP_LEN 20 /* length of proof hashes (bytes) */
+#define RFC2945_KEY_LEN SHA_DIGESTSIZE /* length of session key (bytes) */
+#define RFC2945_RESP_LEN SHA_DIGESTSIZE /* length of proof hashes (bytes) */
/*
* SRP-6 and SRP-6a authentication methods.
View
5 srp6_client.c
@@ -268,8 +268,11 @@ srp6_client_key_ex(SRP * srp, cstr ** result,
BigIntegerClearFree(gb);
/* convert srp->key into a session key, update hash states */
+ SHA1_CTX sctx;
BigIntegerToCstr(srp->key, s);
- t_mgf1(CLIENT_CTXP(srp)->k, RFC2945_KEY_LEN, s->data, s->length); /* Interleaved hash */
+ SHA1Init(&sctx);
+ SHA1Update(&sctx, s->data, s->length);
+ SHA1Final(CLIENT_CTXP(srp)->k, &sctx);
cstr_clear_free(s);
/* hash: (H(N) xor H(g)) | H(U) | s | A | B | K */
View
5 srp6_server.c
@@ -331,8 +331,11 @@ srp6_server_key(SRP * srp, cstr ** result,
BigIntegerClearFree(t3);
/* convert srp->key into session key, update hashes */
+ SHA1_CTX sctx;
BigIntegerToCstr(srp->key, s);
- t_mgf1(SERVER_CTXP(srp)->k, RFC2945_KEY_LEN, s->data, s->length); /* Interleaved hash */
+ SHA1Init(&sctx);
+ SHA1Update(&sctx, s->data, s->length);
+ SHA1Final(SERVER_CTXP(srp)->k, &sctx);
cstr_clear_free(s);
/* ckhash: (H(N) xor H(g)) | H(U) | s | A | B | K */
View
1  srp_simple.c
@@ -1,4 +1,5 @@
#include "srp_simple.h"
+#include "dbg.h"
struct t_confent CONFIG;
View
1  srp_simple.h
@@ -4,7 +4,6 @@
#include <t_pwd.h>
#include <srp.h>
#include <assert.h>
-#include "dbg.h"
#define PREPARAM_1024 4
#define PREPARAM_2048 8
View
4 t_misc.c
@@ -184,7 +184,7 @@ static struct {
short ppid;
unsigned char envh[SHA_DIGESTSIZE];
unsigned char fsh[SHA_DIGESTSIZE];
- unsigned char devrand[20];
+ unsigned char devrand[SHA_DIGESTSIZE];
unsigned int trand2;
} preseed;
@@ -314,7 +314,7 @@ t_stronginitrand()
* A[i] = SHA-1(S[i])
*
* where the A[i] are the output blocks starting with i=0.
- * Each cycle generates 20 bytes of new output.
+ * Each cycle generates SHA_DIGESTSIZE bytes of new output.
*/
_TYPE( void )
t_random(data, size)
View
9 t_pw.c
@@ -77,6 +77,7 @@ t_makepwent(tpw, user, pass, salt, confent)
BigInteger x, v, n, g;
unsigned char dig[SHA_DIGESTSIZE];
SHA1_CTX ctxt;
+ int i = 0;
tpw->pebuf.name = tpw->userbuf;
tpw->pebuf.salt.data = tpw->saltbuf;
@@ -108,11 +109,19 @@ t_makepwent(tpw, user, pass, salt, confent)
SHA1Update(&ctxt, pass, strlen(pass));
SHA1Final(dig, &ctxt);
+ printf("USER: %s, PASS: %s, FIRST: ", user, pass);
+ for(i = 0; i < SHA_DIGESTSIZE; i++) printf("%x", dig[i]);
+ printf("\n");
+
SHA1Init(&ctxt);
SHA1Update(&ctxt, tpw->pebuf.salt.data, tpw->pebuf.salt.len);
SHA1Update(&ctxt, dig, sizeof(dig));
SHA1Final(dig, &ctxt);
+ printf("SALT: %d,%x AFTER: ", tpw->pebuf.salt.len, tpw->pebuf.salt.data);
+ for(i = 0; i < SHA_DIGESTSIZE; i++) printf("%x", dig[i]);
+ printf("\n");
+
/* x = H(s, H(u, ':', p)) */
x = BigIntegerFromBytes(dig, sizeof(dig));
View
209 t_sha.c
@@ -1,212 +1,3 @@
#include "t_defines.h"
#include "t_sha.h"
-#ifdef CRYPTOLIB_SHA
-
-/* A wrapper around CryptoLib's shsFinal that delivers output in octets */
-void
-shsFinalBytes(unsigned char digest[20], SHS_CTX* context)
-{
- int i;
- unsigned long r;
- unsigned char *p = digest;
-
- shsFinal(context);
- for(i = 0; i < 5; ++i) {
- r = context->h[i];
- *p++ = (unsigned char)((r >> 24) & 0xff);
- *p++ = (unsigned char)((r >> 16) & 0xff);
- *p++ = (unsigned char)((r >> 8) & 0xff);
- *p++ = (unsigned char)(r & 0xff);
- }
-}
-
-#elif defined(GCRYPT_SHA)
-/* Wrappers for gcrypt's md interface */
-
-void
-SHA1Init_gcry(SHA1_CTX * ctx)
-{
- gcry_md_open(ctx, GCRY_MD_SHA1, 0);
-}
-
-void
-SHA1Update_gcry(SHA1_CTX * ctx, const unsigned char * data, unsigned int len)
-{
- gcry_md_write(*ctx, data, len);
-}
-
-void
-SHA1Final_gcry(unsigned char digest[20], SHA1_CTX * ctx)
-{
- memcpy(digest, gcry_md_read(*ctx, GCRY_MD_SHA1), 20);
- gcry_md_close(*ctx);
-}
-
-#elif !defined(OPENSSL_SHA) && !defined(TOMCRYPT_SHA)
-/* Use the free SHA1 if the library doesn't have it */
-
-/*
-SHA-1 in C
-By Steve Reid <steve@edmweb.com>
-100% Public Domain
-
-Test Vectors (from FIPS PUB 180-1)
-"abc"
- A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
-"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
-A million repetitions of "a"
- 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
-*/
-
-/* #define LITTLE_ENDIAN * This should be #define'd if true. */
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
-
-#include <stdio.h>
-#include <string.h>
-
-static void SHA1Transform(uint32 state[5], const unsigned char buffer[64]);
-
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-/* blk0() and blk() perform the initial expand. */
-/* I got the idea of expanding during the round function from SSLeay */
-#ifndef WORDS_BIGENDIAN
-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
- |(rol(block->l[i],8)&0x00FF00FF))
-#else
-#define blk0(i) block->l[i]
-#endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
- ^block->l[(i+2)&15]^block->l[i&15],1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
-
-/* Hash a single 512-bit block. This is the core of the algorithm. */
-
-static void SHA1Transform(uint32 state[5], const unsigned char buffer[64])
-{
-uint32 a, b, c, d, e;
-typedef union {
- unsigned char c[64];
- uint32 l[16];
-} CHAR64LONG16;
-CHAR64LONG16* block;
-#ifdef SHA1HANDSOFF
-static unsigned char workspace[64];
- block = (CHAR64LONG16*)workspace;
- memcpy(block, buffer, 64);
-#else
- block = (CHAR64LONG16*)buffer;
-#endif
- /* Copy context->state[] to working vars */
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
- /* 4 rounds of 20 operations each. Loop unrolled. */
- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
- /* Add the working vars back into context.state[] */
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
- state[4] += e;
- /* Wipe variables */
- a = b = c = d = e = 0;
-}
-
-
-/* SHA1Init - Initialize new context */
-
-void SHA1Init(SHA1_CTX* context)
-{
- /* SHA1 initialization constants */
- context->state[0] = 0x67452301;
- context->state[1] = 0xEFCDAB89;
- context->state[2] = 0x98BADCFE;
- context->state[3] = 0x10325476;
- context->state[4] = 0xC3D2E1F0;
- context->count[0] = context->count[1] = 0;
-}
-
-
-/* Run your data through this. */
-
-void SHA1Update(SHA1_CTX* context, const unsigned char* data, unsigned int len)
-{
-unsigned int i, j;
-
- j = (context->count[0] >> 3) & 63;
- if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
- context->count[1] += (len >> 29);
- if ((j + len) > 63) {
- memcpy(&context->buffer[j], data, (i = 64-j));
- SHA1Transform(context->state, context->buffer);
- for ( ; i + 63 < len; i += 64) {
- SHA1Transform(context->state, &data[i]);
- }
- j = 0;
- }
- else i = 0;
- memcpy(&context->buffer[j], &data[i], len - i);
-}
-
-
-/* Add padding and return the message digest. */
-
-void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
-{
-uint32 i, j;
-unsigned char finalcount[8];
-
- for (i = 0; i < 8; i++) {
- finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
- }
- SHA1Update(context, (unsigned char *)"\200", 1);
- while ((context->count[0] & 504) != 448) {
- SHA1Update(context, (unsigned char *)"\0", 1);
- }
- SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
- for (i = 0; i < 20; i++) {
- digest[i] = (unsigned char)
- ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
- }
- /* Wipe variables */
- i = j = 0;
- memset(context->buffer, 0, 64);
- memset(context->state, 0, 20);
- memset(context->count, 0, 8);
- memset(&finalcount, 0, 8);
-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
- SHA1Transform(context->state, context->buffer);
-#endif
-}
-#endif /* OPENSSL */
View
20 t_sha.h
@@ -9,16 +9,16 @@
#endif
#endif
-#define SHA_DIGESTSIZE 20
+#define SHA_DIGESTSIZE (256 / 8)
#ifdef OPENSSL
-#define OPENSSL_SHA 1
+#define OPENSSL_SHA 256
#endif
#ifdef TOMCRYPT
# include <tomcrypt.h>
# ifdef SHA1
-# define TOMCRYPT_SHA 1
+# define TOMCRYPT_SHA 256
# endif
#endif
@@ -30,16 +30,16 @@
#endif
#ifdef GCRYPT
-# define GCRYPT_SHA 1
+# define GCRYPT_SHA 256
#endif
#ifdef OPENSSL_SHA
#include <openssl/sha.h>
-typedef SHA_CTX SHA1_CTX;
-#define SHA1Init SHA1_Init
-#define SHA1Update SHA1_Update
-#define SHA1Final SHA1_Final
+typedef SHA256_CTX SHA1_CTX;
+#define SHA1Init SHA256_Init
+#define SHA1Update SHA256_Update
+#define SHA1Final SHA256_Final
#elif defined(TOMCRYPT_SHA)
/* mycrypt.h already included above */
@@ -61,7 +61,7 @@ typedef SHS_CTX SHA1_CTX;
#define SHA1Update shsUpdate
#define SHA1Final shsFinalBytes
-void shsFinalBytes P((unsigned char digest[20], SHS_CTX* context));
+void shsFinalBytes P((unsigned char digest[SHA_DIGESTSIZE], SHS_CTX* context));
#else
typedef unsigned int uint32;
@@ -73,7 +73,7 @@ typedef struct {
void SHA1Init P((SHA1_CTX* context));
void SHA1Update P((SHA1_CTX* context, const unsigned char* data, unsigned int len));
-void SHA1Final P((unsigned char digest[20], SHA1_CTX* context));
+void SHA1Final P((unsigned char digest[SHA_DIGESTSIZE], SHA1_CTX* context));
#endif /* !OPENSSL && !CRYPTOLIB */
#endif /* T_SHA_H */
Please sign in to comment.
Something went wrong with that request. Please try again.