Esempio n. 1
0
// Calculates the key and iv for AES decryption given a password and salt.
func calcAes30Params(pass []uint16, salt []byte) (key, iv []byte) {
	p := make([]byte, 0, len(pass)*2+len(salt))
	for _, v := range pass {
		p = append(p, byte(v), byte(v>>8))
	}
	p = append(p, salt...)

	hash := sha1.New()
	iv = make([]byte, 16)
	s := make([]byte, 0, hash.Size())
	for i := 0; i < hashRounds; i++ {
		hash.Write(p)
		hash.Write([]byte{byte(i), byte(i >> 8), byte(i >> 16)})
		if i%(hashRounds/16) == 0 {
			s = hash.Sum(s[:0])
			iv[i/(hashRounds/16)] = s[4*4+3]
		}
	}
	key = hash.Sum(s[:0])
	key = key[:16]

	for k := key; len(k) >= 4; k = k[4:] {
		k[0], k[1], k[2], k[3] = k[3], k[2], k[1], k[0]
	}
	return key, iv
}
Esempio n. 2
0
// An implementation of PBKDF2 (Password-Based Key Derivation Function 2) as
// specified in PKCS #5 v2.0 from RSA Laboratorie and in `RFC 2898
// <http://www.ietf.org/rfc/rfc2898.txt>`.
func PBKDF2(hashfunc func([]byte) hash.Hash, password, salt []byte, iterations, keylen int) (key []byte) {

	var (
		digest          []byte
		i, j, k, length int
	)

	key = make([]byte, keylen)
	slice := key

	hash := hashfunc(password)
	hashlen := hash.Size()
	scratch := make([]byte, 4)

	for keylen > 0 {

		if hashlen > keylen {
			length = keylen
		} else {
			length = hashlen
		}

		i += 1

		scratch[0] = byte(i >> 24)
		scratch[1] = byte(i >> 16)
		scratch[2] = byte(i >> 8)
		scratch[3] = byte(i)

		hash.Write(salt)
		hash.Write(scratch)

		digest = hash.Sum()
		hash.Reset()

		for j = 0; j < length; j++ {
			slice[j] = digest[j]
		}

		for k = 1; k < iterations; k++ {
			hash.Write(digest)
			digest = hash.Sum()
			for j = 0; j < length; j++ {
				slice[j] ^= digest[j]
			}
			hash.Reset()
		}

		keylen -= length
		slice = slice[length:]

	}

	return

}
Esempio n. 3
0
// Encode encodes the given byte slice and returns a token.
func (tok *T) Encode(data []byte) (token []byte, err error) {
	if data == nil {
		data = []byte{}
	}
	body := make([]byte, 4+len(data))
	now := uint32(time.Now().UTC().Unix())
	binary.BigEndian.PutUint32(body, now)
	copy(body[4:], data)
	body, err = pkcs7Pad(body, aes.BlockSize)
	if err != nil {
		return nil, err
	}
	iv := NewKey(aes.BlockSize)
	mode := cipher.NewCBCEncrypter(tok.aes, iv)
	mode.CryptBlocks(body, body)
	hash := tok.hmac()
	// size = len(iv + aesblocks + signature)
	token = make([]byte, len(iv)+len(body)+hash.Size())
	copy(token, iv)
	offset := len(iv)
	copy(token[offset:], body)
	offset += len(body)
	hash.Write(token[:offset])
	copy(token[offset:], hash.Sum(nil))
	b := make([]byte, base64.RawURLEncoding.EncodedLen(len(token)))
	base64.RawURLEncoding.Encode(b, token)
	return b, nil
}
Esempio n. 4
0
func Hash(fileName string, newHash func() hash.Hash) ([]byte, error) {
	hash := newHash()

	file, err := os.Open(fileName)
	if err != nil {
		return nil, common.TraceError(err)
	}
	defer file.Close()

	temp := make([]byte, 4096)

	for {
		nn, err := file.Read(temp)
		if err == io.EOF {
			break
		}
		if err != nil {
			return nil, common.TraceError(err)
		}

		hash.Write(temp[0:nn])
	}

	return hash.Sum(nil), nil
}
Esempio n. 5
0
// ObjectPut creates or updates the path in the container from
// contents.  contents should be an open io.Reader which will have all
// its contents read.
//
// This is a low level interface.
//
// If checkHash is True then it will calculate the MD5 Hash of the
// file as it is being uploaded and check it against that returned
// from the server.  If it is wrong then it will return
// ObjectCorrupted.
//
// If you know the MD5 hash of the object ahead of time then set the
// Hash parameter and it will be sent to the server (as an Etag
// header) and the server will check the MD5 itself after the upload,
// and this will return ObjectCorrupted if it is incorrect.
//
// If you don't want any error protection (not recommended) then set
// checkHash to false and Hash to "".
//
// If contentType is set it will be used, otherwise one will be
// guessed from objectName using mime.TypeByExtension
func (c *Connection) ObjectPut(container string, objectName string, contents io.Reader, checkHash bool, Hash string, contentType string, h Headers) (headers Headers, err error) {
	extraHeaders := objectPutHeaders(objectName, &checkHash, Hash, contentType, h)
	hash := md5.New()
	var body io.Reader = contents
	if checkHash {
		body = io.TeeReader(contents, hash)
	}
	_, headers, err = c.storage(RequestOpts{
		Container:  container,
		ObjectName: objectName,
		Operation:  "PUT",
		Headers:    extraHeaders,
		Body:       body,
		NoResponse: true,
		ErrorMap:   objectErrorMap,
	})
	if err != nil {
		return
	}
	if checkHash {
		receivedMd5 := strings.ToLower(headers["Etag"])
		calculatedMd5 := fmt.Sprintf("%x", hash.Sum(nil))
		if receivedMd5 != calculatedMd5 {
			err = ObjectCorrupted
			return
		}
	}
	return
}
Esempio n. 6
0
func calculateHashes(filename string, pkg *types.Package) {
	var (
		writers []io.Writer
		hashes  []hash.Hash
	)

	push := func(h hash.Hash) {
		writers = append(writers, h)
		hashes = append(hashes, h)
	}

	push(sha256.New())
	push(sha1.New())

	in, err := os.Open(filename)
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

	io.Copy(io.MultiWriter(writers...), in)

	formatHash := func(hash hash.Hash) string {
		return base64.StdEncoding.EncodeToString(hash.Sum(nil))
	}

	pkg.Sha256Sum = formatHash(hashes[0])
	pkg.Sha1Sum = formatHash(hashes[1])
}
Esempio n. 7
0
func calculateHash(values url.Values, path string) string {
	hash := sha1.New()
	hash.Write([]byte(path))
	hash.Write([]byte{0x00})
	if len(values) > 0 {
		if len(values) == 1 {
			for key, value := range values {
				hash.Write([]byte(key))
				hash.Write([]byte{0x00})
				addSortedKeys(value, hash)
			}
		} else {
			urlValues := make(UrlValueSlice, 0, len(values))
			for key, value := range values {
				urlValue := new(UrlValue)
				urlValue.Key = key
				urlValue.Values = value
				urlValues = append(urlValues, urlValue)
			}
			sort.Sort(urlValues)
			for _, sortedUrlValue := range urlValues {
				hash.Write([]byte(sortedUrlValue.Key))
				hash.Write([]byte{0x00})
				addSortedKeys(sortedUrlValue.Values, hash)
			}
		}
	}
	return string(hash.Sum([]byte{0x00}))
}
Esempio n. 8
0
// Md5sum calculates the Md5sum of a file returning a lowercase hex string
func (o *FsObjectLocal) Md5sum() (string, error) {
	if o.md5sum != "" {
		return o.md5sum, nil
	}
	in, err := os.Open(o.path)
	if err != nil {
		fs.Stats.Error()
		fs.ErrorLog(o, "Failed to open: %s", err)
		return "", err
	}
	hash := md5.New()
	_, err = io.Copy(hash, in)
	closeErr := in.Close()
	if err != nil {
		fs.Stats.Error()
		fs.ErrorLog(o, "Failed to read: %s", err)
		return "", err
	}
	if closeErr != nil {
		fs.Stats.Error()
		fs.ErrorLog(o, "Failed to close: %s", closeErr)
		return "", closeErr
	}
	o.md5sum = hex.EncodeToString(hash.Sum(nil))
	return o.md5sum, nil
}
Esempio n. 9
0
File: s3.go Progetto: ibmendoza/dgtk
func signPayload(payload, secret string, hashFunc func() hash.Hash) string {
	hash := hmac.New(hashFunc, []byte(secret))
	hash.Write([]byte(payload))
	signature := make([]byte, b64.EncodedLen(hash.Size()))
	b64.Encode(signature, hash.Sum(nil))
	return string(signature)
}
Esempio n. 10
0
File: digest.go Progetto: emk/cstore
// Compute an SHA256 digest for a string.
func Digest(data string) string {
	hash := crypto.SHA256.New()
	if _, err := hash.Write([]byte(data)); err != nil {
		panic("Writing to a hash should never fail")
	}
	return hex.EncodeToString(hash.Sum())
}
Esempio n. 11
0
func (cri *checksummedReaderImpl) Verify() (bool, error) {
	originalOffset, err := cri.delegate.Seek(0, 1)
	if err != nil {
		return false, err
	}
	if cri.checksumOffset > 0 {
		_, err = cri.delegate.Seek(-int64(cri.checksumOffset), 1)
		if err != nil {
			return false, err
		}
	}
	block := make([]byte, cri.checksumInterval+4)
	checksum := block[cri.checksumInterval:]
	_, err = io.ReadFull(cri.delegate, block)
	if err != nil {
		return false, err
	}
	block = block[:cri.checksumInterval]
	hash := cri.newHash()
	hash.Write(block)
	verified := bytes.Equal(checksum, hash.Sum(cri.checksum[:0]))
	_, err = cri.delegate.Seek(originalOffset, 0)
	if err != nil {
		return verified, err
	}
	return verified, nil
}
Esempio n. 12
0
// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash
// id suitable for signing by a TLS client certificate.
func (h finishedHash) hashForClientCertificate(signatureAndHash signatureAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) {
	if (h.version == VersionSSL30 || h.version >= VersionTLS12) && h.buffer == nil {
		panic("a handshake hash for a client-certificate was requested after discarding the handshake buffer")
	}

	if h.version == VersionSSL30 {
		if signatureAndHash.signature != signatureRSA {
			return nil, 0, errors.New("ssltvd: unsupported signature type for client certificate")
		}

		md5Hash := md5.New()
		md5Hash.Write(h.buffer)
		sha1Hash := sha1.New()
		sha1Hash.Write(h.buffer)
		return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil
	}
	if h.version >= VersionTLS12 {
		hashAlg, err := lookupTLSHash(signatureAndHash.hash)
		if err != nil {
			return nil, 0, err
		}
		hash := hashAlg.New()
		hash.Write(h.buffer)
		return hash.Sum(nil), hashAlg, nil
	}

	if signatureAndHash.signature == signatureECDSA {
		return h.server.Sum(nil), crypto.SHA1, nil
	}

	return h.Sum(), crypto.MD5SHA1, nil
}
Esempio n. 13
0
// Update the object from in with modTime and size
func (o *FsObjectLocal) Update(in io.Reader, modTime time.Time, size int64) error {
	dir := path.Dir(o.path)
	err := os.MkdirAll(dir, 0777)
	if err != nil {
		return err
	}

	out, err := os.Create(o.path)
	if err != nil {
		return err
	}

	// Calculate the md5sum of the object we are reading as we go along
	hash := md5.New()
	in = io.TeeReader(in, hash)

	_, err = io.Copy(out, in)
	outErr := out.Close()
	if err != nil {
		return err
	}
	if outErr != nil {
		return outErr
	}

	// All successful so update the md5sum
	o.md5sum = hex.EncodeToString(hash.Sum(nil))

	// Set the mtime
	o.SetModTime(modTime)

	// ReRead info now that we have finished
	return o.lstat()
}
Esempio n. 14
0
// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash
// id suitable for signing by a TLS client certificate.
func (h finishedHash) hashForClientCertificate(signatureAndHash signatureAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) {
	if h.version == VersionSSL30 {
		if signatureAndHash.signature != signatureRSA {
			return nil, 0, errors.New("tls: unsupported signature type for client certificate")
		}

		md5Hash := md5.New()
		md5Hash.Write(h.buffer)
		sha1Hash := sha1.New()
		sha1Hash.Write(h.buffer)
		return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil
	}
	if h.version >= VersionTLS12 {
		hashAlg, err := lookupTLSHash(signatureAndHash.hash)
		if err != nil {
			return nil, 0, err
		}
		hash := hashAlg.New()
		hash.Write(h.buffer)
		return hash.Sum(nil), hashAlg, nil
	}
	if signatureAndHash.signature == signatureECDSA {
		return h.server.Sum(nil), crypto.SHA1, nil
	}

	return h.Sum(), crypto.MD5SHA1, nil
}
Esempio n. 15
0
func GetIronValue(name, value string, key []byte, timestamped bool) (val string, ok bool) {
	split := strings.SplitN(value, ":", 2)
	if len(split) != 2 {
		return
	}
	expected, value := []byte(split[0]), split[1]
	message := fmt.Sprintf("%s|%s", strings.Replace(name, "|", `\|`, -1), value)
	hash := hmac.New(ironHMAC, key)
	hash.Write([]byte(message))
	digest := hash.Sum(nil)
	mac := make([]byte, base64.URLEncoding.EncodedLen(len(digest)))
	base64.URLEncoding.Encode(mac, digest)
	if subtle.ConstantTimeCompare(mac, expected) != 1 {
		return
	}
	if timestamped {
		split = strings.SplitN(value, ":", 2)
		if len(split) != 2 {
			return
		}
		timestring, value := split[0], split[1]
		timestamp, err := strconv.ParseInt(timestring, 10, 64)
		if err != nil {
			return
		}
		if time.Now().UnixNano() > timestamp {
			return
		}
		return value, true
	}
	return value, true
}
Esempio n. 16
0
// Decode decodes the given token and return its data
// and creation time in UTC.
func (tok *T) Decode(token []byte) (data []byte, creation time.Time, err error) {
	raw := make([]byte, base64.RawURLEncoding.DecodedLen(len(token)))
	n, err := base64.RawURLEncoding.Decode(raw, token)
	if err != nil {
		return nil, time.Time{}, err
	}
	raw = raw[:n]
	hash := tok.hmac()
	if len(raw) < aes.BlockSize*2+hash.Size() {
		return nil, time.Time{}, ErrInvalidToken
	}
	soff := len(raw) - hash.Size() // signature offset
	hash.Write(raw[:soff])
	want := hash.Sum(nil)
	have := raw[soff:]
	if !hmac.Equal(want, have) {
		return nil, time.Time{}, ErrInvalidTokenSignature
	}
	iv := raw[:aes.BlockSize]
	body := raw[aes.BlockSize:soff]
	if len(body)%aes.BlockSize != 0 {
		return nil, time.Time{}, ErrInvalidToken
	}
	mode := cipher.NewCBCDecrypter(tok.aes, iv)
	mode.CryptBlocks(body, body)
	ts := time.Unix(int64(binary.BigEndian.Uint32(body)), 0)
	body, err = pkcs7Unpad(body, aes.BlockSize)
	if err != nil {
		return nil, time.Time{}, err
	}
	return body[4:], ts.UTC(), nil
}
Esempio n. 17
0
// Generates an ID for the node
func (vn *Vnode) genId(idx uint16, conf *Config) {
	hash := conf.HashFunc()
	hash.Write([]byte(conf.Hostname))
	binary.Write(hash, binary.BigEndian, idx)

	// Use the hash as the ID
	vn.Id = hash.Sum(nil)
}
Esempio n. 18
0
// Computes a cryptographic fingerprint of this identity
func (this *PublicIdentity) Fingerprint() (fingerprint *Digest) {
	hash := sha256.New224()
	data, err := x509.MarshalPKIXPublicKey(this.key)
	if err != nil {
		panic(err)
	}
	hash.Write(data)
	return &Digest{impl: hash.Sum(nil)}
}
Esempio n. 19
0
// Called by the server to initiate a new client connection.
func (server *Server) handleIncomingClient(conn net.Conn) (err error) {
	client := new(Client)
	addr := conn.RemoteAddr()
	if addr == nil {
		err = errors.New("Unable to extract address for client.")
		return
	}

	client.lf = &clientLogForwarder{client, server.Logger}
	client.Logger = log.New(client.lf, "", 0)

	client.session = server.pool.Get()
	client.Printf("New connection: %v (%v)", conn.RemoteAddr(), client.Session())

	client.tcpaddr = addr.(*net.TCPAddr)
	client.server = server
	client.conn = conn
	client.reader = bufio.NewReader(client.conn)

	client.state = StateClientConnected

	client.udprecv = make(chan []byte)
	client.voiceTargets = make(map[uint32]*VoiceTarget)

	client.user = nil

	// Extract user's cert hash
	tlsconn := client.conn.(*tls.Conn)
	err = tlsconn.Handshake()
	if err != nil {
		client.Printf("TLS handshake failed: %v", err)
		client.Disconnect()
		return
	}

	state := tlsconn.ConnectionState()
	if len(state.PeerCertificates) > 0 {
		hash := sha1.New()
		hash.Write(state.PeerCertificates[0].Raw)
		sum := hash.Sum(nil)
		client.certHash = hex.EncodeToString(sum)
	}

	// Check whether the client's cert hash is banned
	if server.IsCertHashBanned(client.CertHash()) {
		client.Printf("Certificate hash is banned")
		client.Disconnect()
		return
	}

	// Launch network readers
	go client.tlsRecvLoop()
	go client.udpRecvLoop()

	return
}
Esempio n. 20
0
// IronString returns "tamper-resistant" strings.
func IronString(name, value string, key []byte, duration int64) string {
	if duration > 0 {
		value = fmt.Sprintf("%d:%s", time.Now().UnixNano()+duration, value)
	}
	message := fmt.Sprintf("%s|%s", strings.Replace(name, "|", `\|`, -1), value)
	hash := hmac.New(ironHMAC, key)
	hash.Write([]byte(message))
	mac := base64.URLEncoding.EncodeToString(hash.Sum(nil))
	return fmt.Sprintf("%s:%s", mac, value)
}
Esempio n. 21
0
// hashForChannelID returns the hash to be signed for TLS Channel
// ID. If a resumption, resumeHash has the previous handshake
// hash. Otherwise, it is nil.
func (h finishedHash) hashForChannelID(resumeHash []byte) []byte {
	hash := sha256.New()
	hash.Write(channelIDLabel)
	if resumeHash != nil {
		hash.Write(channelIDResumeLabel)
		hash.Write(resumeHash)
	}
	hash.Write(h.server.Sum(nil))
	return hash.Sum(nil)
}
Esempio n. 22
0
func HashFile(filepath string, ht hashtype, digestlen int) string {
	if f, e := os.Open(filepath); e == nil {
		defer f.Close()
		hash := ht()
		if _, e := io.Copy(hash, f); e == nil {
			digest := make([]byte, 0, digestlen)
			return hex.EncodeToString(hash.Sum(digest))
		}
	}
	return ""
}
Esempio n. 23
0
func hashFiles(fileCsv string) hash.Hash {
	files := strings.Split(fileCsv, ",")
	hash := md5.New()
	for _, f := range files {
		file, err := os.Open(f)
		handleErr(err)
		_, err = io.Copy(hash, file)
		handleErr(err)
	}
	log.Printf("Ended up with: %x", hash.Sum(nil))
	return hash
}
Esempio n. 24
0
func main() {
	image := parseFlags()
	hash, err := image.build(tarStream, mountFlagsStream)
	if err != nil {
		fmt.Fprintf(os.Stderr, "%s\n", err)
		os.Exit(-1)
	}
	if err := image.writeMetadata(metadataStream, hash.Sum(nil)); err != nil {
		fmt.Fprintf(os.Stderr, "%s\n", err)
		os.Exit(-1)
	}
}
Esempio n. 25
0
// | signature | deadline | str
func (c *Cipher) encrypt(deadline uint64, b []byte) []byte {
	result := make([]byte, c.hdrLen+len(b))
	binary.BigEndian.PutUint64(result[c.sigLen:c.hdrLen], deadline)
	copy(result[c.hdrLen:], b)

	hash := hmac.New(c.hash, c.signKey)
	hash.Write(b)
	hash.Write(result[c.sigLen:c.hdrLen])
	copy(result, hash.Sum(nil)[:c.sigLen])

	return result
}
Esempio n. 26
0
func generateSalt(secret []byte) ([]byte, error) {
	buf := make([]byte, saltSize, saltSize+sha1.Size)
	_, err := io.ReadFull(rand.Reader, buf)
	if err != nil {
		return nil, err
	}

	hash := sha1.New()
	hash.Write(buf)
	hash.Write(secret)

	return hash.Sum(buf), nil
}
Esempio n. 27
0
// Sha1sum is an utility function that obtains the SHA1 hash of a file (as
// referenced to by the filename parameter).
func Sha1sum(filename string) ([]byte, error) {
	hash := sha1.New()
	fd, err := os.Open(filename)
	if err != nil {
		return nil, err
	}
	defer fd.Close()

	if _, err := io.Copy(hash, fd); err != nil {
		return nil, err
	}

	return hash.Sum(nil), nil
}
Esempio n. 28
0
func main() {
	// Create the output file.
	outFile, err := os.Create("/tmp/bottles.crypt")
	if err != nil {
		log.Fatal(err)
	}
	defer outFile.Close()

	hash, err := generate(outFile)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("checksum of encrypted data: %x\n", hash.Sum(nil))
}
Esempio n. 29
0
func (self *FileNode) Signature() ([]byte, error) {
	if self.sig != nil {
		return self.sig, nil
	}
	hash := fnv.New64a()
	err := HashFile(self.Name(), hash)
	if err != nil {
		return nil, err
	}

	signature := make([]byte, 0, hash.Size())
	signature = hash.Sum(signature)
	self.sig = signature
	return signature, nil
}
Esempio n. 30
0
File: hash.go Progetto: schmich/hash
func addHashCommand(app *cli.Cli, command string, description string, hashFactory func() hash.Hash) {
	app.Command(command, description, func(cmd *cli.Cmd) {
		cmd.Spec = "[FILE]"

		file := cmd.StringArg("FILE", "", "File to hash.")

		cmd.Action = func() {
			printHash(*file, func(input io.Reader) []byte {
				hash := hashFactory()
				io.Copy(hash, input)
				return hash.Sum(nil)
			})
		}
	})
}