// Verify the given payload func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { var hash crypto.Hash switch alg { case RS256, PS256: hash = crypto.SHA256 case RS384, PS384: hash = crypto.SHA384 case RS512, PS512: hash = crypto.SHA512 default: return ErrUnsupportedAlgorithm } hasher := hash.New() // According to documentation, Write() on hash never fails _, _ = hasher.Write(payload) hashed := hasher.Sum(nil) switch alg { case RS256, RS384, RS512: return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature) case PS256, PS384, PS512: return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil) } return ErrUnsupportedAlgorithm }
func generate_digest2(hash crypto.Hash, key, src []byte) ([]byte, error) { key1 := make([]byte, SNMP_EXTENDED_KEY_SIZ) key2 := make([]byte, SNMP_EXTENDED_KEY_SIZ) extkey := make([]byte, SNMP_EXTENDED_KEY_SIZ) copy(extkey, key) for i := 0; i < SNMP_EXTENDED_KEY_SIZ; i++ { key1[i] = extkey[i] ^ 0x36 key2[i] = extkey[i] ^ 0x5c } calc := hash.New() _, err := calc.Write(key1) if nil != err { return nil, err } _, err = calc.Write(src) if nil != err { return nil, err } internal := calc.Sum(nil) calc = hash.New() _, err = calc.Write(key2) if nil != err { return nil, err } _, err = calc.Write(internal) if nil != err { return nil, err } return calc.Sum(nil)[0:SNMP_USM_AUTH_SIZE], nil }
// kexDH performs Diffie-Hellman key agreement on a ServerConnection. func (s *ServerConn) kexDH(group *dhGroup, hashFunc crypto.Hash, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { packet, err := s.readPacket() if err != nil { return } var kexDHInit kexDHInitMsg if err = unmarshal(&kexDHInit, packet, msgKexDHInit); err != nil { return } y, err := rand.Int(s.config.rand(), group.p) if err != nil { return } Y := new(big.Int).Exp(group.g, y, group.p) kInt, err := group.diffieHellman(kexDHInit.X, y) if err != nil { return nil, err } hostKeyBytes := MarshalPublicKey(priv.PublicKey()) h := hashFunc.New() writeString(h, magics.clientVersion) writeString(h, magics.serverVersion) writeString(h, magics.clientKexInit) writeString(h, magics.serverKexInit) writeString(h, hostKeyBytes) writeInt(h, kexDHInit.X) writeInt(h, Y) K := make([]byte, intLength(kInt)) marshalInt(K, kInt) h.Write(K) H := h.Sum(nil) // H is already a hash, but the hostkey signing will apply its // own key specific hash algorithm. sig, err := signAndMarshal(priv, s.config.rand(), H) if err != nil { return nil, err } kexDHReply := kexDHReplyMsg{ HostKey: hostKeyBytes, Y: Y, Signature: sig, } packet = marshal(msgKexDHReply, kexDHReply) err = s.writePacket(packet) return &kexResult{ H: H, K: K, HostKey: hostKeyBytes, Hash: hashFunc, }, nil }
// Thumbprint returns the JWK thumbprint using the indicated // hashing algorithm, according to RFC 7638 func (k EcdsaPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error) { const tmpl = `{"crv":"%s","kty":"EC","x":"%s","y":"%s"}` csize := k.Curve.Size() // We need to truncate the buffer at curve size xbuf := k.X.Bytes() if len(xbuf) > csize { xbuf = xbuf[:csize] } ybuf := k.Y.Bytes() if len(ybuf) > csize { ybuf = ybuf[:csize] } enc := base64.RawURLEncoding x64 := make([]byte, enc.EncodedLen(len(xbuf))) enc.Encode(x64, xbuf) y64 := make([]byte, enc.EncodedLen(len(ybuf))) enc.Encode(y64, ybuf) v := fmt.Sprintf(tmpl, k.Curve.String(), x64, y64) h := hash.New() h.Write([]byte(v)) return h.Sum(nil), nil }
func (s *Su3File) Sign(privkey *rsa.PrivateKey) error { var hashType crypto.Hash switch s.SignatureType { case SIGTYPE_DSA: hashType = crypto.SHA1 case SIGTYPE_ECDSA_SHA256, SIGTYPE_RSA_SHA256: hashType = crypto.SHA256 case SIGTYPE_ECDSA_SHA384, SIGTYPE_RSA_SHA384: hashType = crypto.SHA384 case SIGTYPE_ECDSA_SHA512, SIGTYPE_RSA_SHA512: hashType = crypto.SHA512 default: return fmt.Errorf("Unknown signature type.") } h := hashType.New() h.Write(s.BodyBytes()) digest := h.Sum(nil) sig, err := rsa.SignPKCS1v15(rand.Reader, privkey, 0, digest) if nil != err { return err } s.Signature = sig return nil }
// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as // described in RFC 4253, section 6.4. direction should either be serverKeys // (to setup server->client keys) or clientKeys (for client->server keys). func (c *common) setupKeys(d direction, K, H, sessionId []byte, hashFunc crypto.Hash) error { cipherMode := cipherModes[c.cipherAlgo] macKeySize := 20 iv := make([]byte, cipherMode.ivSize) key := make([]byte, cipherMode.keySize) macKey := make([]byte, macKeySize) h := hashFunc.New() generateKeyMaterial(iv, d.ivTag, K, H, sessionId, h) generateKeyMaterial(key, d.keyTag, K, H, sessionId, h) generateKeyMaterial(macKey, d.macKeyTag, K, H, sessionId, h) c.mac = truncatingMAC{12, hmac.NewSHA1(macKey)} cipher, err := cipherMode.createCipher(key, iv) if err != nil { return err } c.cipher = cipher return nil }
func verifyDetachedSignature(key *packet.PublicKey, contentf, sigf io.Reader) error { var hashFunc crypto.Hash packets := packet.NewReader(sigf) p, err := packets.Next() if err != nil { return err } switch sig := p.(type) { case *packet.Signature: hashFunc = sig.Hash case *packet.SignatureV3: hashFunc = sig.Hash default: return errors.UnsupportedError("unrecognized signature") } h := hashFunc.New() if _, err := io.Copy(h, contentf); err != nil && err != io.EOF { return err } switch sig := p.(type) { case *packet.Signature: err = key.VerifySignature(h, sig) case *packet.SignatureV3: err = key.VerifySignatureV3(h, sig) default: panic("unreachable") } return err }
func generateHash(algo HashAlgorithm, data []byte) ([]byte, crypto.Hash, error) { var hashType crypto.Hash switch algo { case MD5: hashType = crypto.MD5 case SHA1: hashType = crypto.SHA1 case SHA224: hashType = crypto.SHA224 case SHA256: hashType = crypto.SHA256 case SHA384: hashType = crypto.SHA384 case SHA512: hashType = crypto.SHA512 default: return nil, hashType, fmt.Errorf("unsupported Algorithm.Hash in signature: %v", algo) } hasher := hashType.New() if _, err := hasher.Write(data); err != nil { return nil, hashType, fmt.Errorf("failed to write to hasher: %v", err) } return hasher.Sum([]byte{}), hashType, nil }
func RsaOpensslSign(pub *rsa.PrivateKey, h crypto.Hash, msg []byte) (s []byte, err error) { h1 := h.New() h1.Write(msg) digest := h1.Sum(nil) s, err = rsa.SignPKCS1v15(nil, pub, h, digest) return }
// sigSerializeUserAttribute calculates the user attribute packet hash // TODO: clean up & contribute this to go.crypto/openpgp func (pubkey *Pubkey) sigSerializeUserAttribute(uat *UserAttribute, hashFunc crypto.Hash) (h hash.Hash, err error) { if !hashFunc.Available() { return nil, errors.UnsupportedError("hash function") } h = hashFunc.New() // Get user attribute opaque packet var uatOpaque *packet.OpaquePacket if uatOpaque, err = uat.GetOpaquePacket(); err != nil { return } // Get public key opaque packet. var pkOpaque *packet.OpaquePacket if pkOpaque, err = pubkey.GetOpaquePacket(); err != nil { return } // RFC 4880, section 5.2.4 // Write the signature prefix and public key contents to hash pubkey.PublicKey.SerializeSignaturePrefix(h) h.Write(pkOpaque.Contents) // V4 certification hash var buf [5]byte // User attribute constant buf[0] = 0xd1 // Big-endian length of user attribute contents l := len(uatOpaque.Contents) buf[1] = byte(l >> 24) buf[2] = byte(l >> 16) buf[3] = byte(l >> 8) buf[4] = byte(l) h.Write(buf[:]) // User attribute contents h.Write(uatOpaque.Contents) return }
//这个接口应该和php版的openssl_verify在使用rsa公钥的时候有完全相同的输入输出,加密的坑简直太多了.. //msg是需要验证签名的消息,sig是签名之后生成的 func RsaOpensslVerify(pub *rsa.PublicKey, h crypto.Hash, msg []byte, sig []byte) (err error) { h1 := h.New() h1.Write(msg) digest := h1.Sum(nil) err = rsa.VerifyPKCS1v15(pub, h, digest, sig) return }
func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) { h := hashFunc.New() if _, err := h.Write(msg); err != nil { return nil, err } return h, nil }
func (s *wrappedSigner) Sign(rand io.Reader, data []byte) (*Signature, error) { var hashFunc crypto.Hash switch key := s.pubKey.(type) { case *rsaPublicKey, *dsaPublicKey: hashFunc = crypto.SHA1 case *ecdsaPublicKey: hashFunc = ecHash(key.Curve) case ed25519PublicKey: default: return nil, fmt.Errorf("ssh: unsupported key type %T", key) } var digest []byte if hashFunc != 0 { h := hashFunc.New() h.Write(data) digest = h.Sum(nil) } else { digest = data } signature, err := s.signer.Sign(rand, digest, hashFunc) if err != nil { return nil, err } // crypto.Signer.Sign is expected to return an ASN.1-encoded signature // for ECDSA and DSA, but that's not the encoding expected by SSH, so // re-encode. switch s.pubKey.(type) { case *ecdsaPublicKey, *dsaPublicKey: type asn1Signature struct { R, S *big.Int } asn1Sig := new(asn1Signature) _, err := asn1.Unmarshal(signature, asn1Sig) if err != nil { return nil, err } switch s.pubKey.(type) { case *ecdsaPublicKey: signature = Marshal(asn1Sig) case *dsaPublicKey: signature = make([]byte, 40) r := asn1Sig.R.Bytes() s := asn1Sig.S.Bytes() copy(signature[20-len(r):20], r) copy(signature[40-len(s):40], s) } } return &Signature{ Format: s.pubKey.Type(), Blob: signature, }, nil }
// the core function of the Signer, generates the raw hmac of he bytes. func (p *signer) SignBytes(h crypto.Hash, buf []byte) (signature []byte, err os.Error) { hasher := hmac.New(func() hash.Hash { return h.New() }, p.secretAccessKey) _, err = hasher.Write(buf) if err == nil { signature = hasher.Sum() } return }
func checksumFor(h crypto.Hash, payload []byte) ([]byte, error) { if !h.Available() { return nil, errors.New("requested hash function not available") } hash := h.New() hash.Write(payload) // guaranteed not to error return hash.Sum([]byte{}), nil }
// ToDS converts a DNSKEY record to a DS record. func (k *DNSKEY) ToDS(h uint8) *DS { if k == nil { return nil } ds := new(DS) ds.Hdr.Name = k.Hdr.Name ds.Hdr.Class = k.Hdr.Class ds.Hdr.Rrtype = TypeDS ds.Hdr.Ttl = k.Hdr.Ttl ds.Algorithm = k.Algorithm ds.DigestType = h ds.KeyTag = k.KeyTag() keywire := new(dnskeyWireFmt) keywire.Flags = k.Flags keywire.Protocol = k.Protocol keywire.Algorithm = k.Algorithm keywire.PublicKey = k.PublicKey wire := make([]byte, DefaultMsgSize) n, err := PackStruct(keywire, wire, 0) if err != nil { return nil } wire = wire[:n] owner := make([]byte, 255) off, err1 := PackDomainName(strings.ToLower(k.Hdr.Name), owner, 0, nil, false) if err1 != nil { return nil } owner = owner[:off] // RFC4034: // digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); // "|" denotes concatenation // DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. // digest buffer digest := append(owner, wire...) // another copy var hash crypto.Hash switch h { case SHA1: hash = crypto.SHA1 case SHA256: hash = crypto.SHA256 case SHA384: hash = crypto.SHA384 case SHA512: hash = crypto.SHA512 default: return nil } s := hash.New() s.Write(digest) ds.Digest = hex.EncodeToString(s.Sum(nil)) return ds }
// the core function of the Signer, generates the raw hmac of he bytes. func (self *Signer) SignBytes(h crypto.Hash, buff []byte) (sig []byte, err error) { hh := hmac.New(func() hash.Hash { return h.New() }, self.secretAccessKey) _, err = hh.Write(buff) if err == nil { sig = hh.Sum(nil) } return }
func (pkcs1v15 *pkcs1v15Sign) Sign(src []byte, hash crypto.Hash, prk *rsa.PrivateKey) ([]byte, error) { if !hash.Available() { return nil, errors.New("unsupport hash type") } h := hash.New() h.Write(src) hashed := h.Sum(nil) return rsa.SignPKCS1v15(rand.Reader, prk, hash, hashed) }
// keySignatureHash returns a Hash of the message that needs to be signed for // pk to assert a subkey relationship to signed. func keySignatureHash(pk, signed signingKey, hashFunc crypto.Hash) (h hash.Hash, err error) { if !hashFunc.Available() { return nil, errors.UnsupportedError("hash function") } h = hashFunc.New() updateKeySignatureHash(pk, signed, h) return }
// userIdSignatureHash returns a Hash of the message that needs to be signed // to assert that pk is a valid key for id. func userIdSignatureHash(id string, pk *PublicKey, hashFunc crypto.Hash) (h hash.Hash, err error) { if !hashFunc.Available() { return nil, errors.UnsupportedError("hash function") } h = hashFunc.New() updateUserIdSignatureHash(id, pk, h) return }
// Sign the given payload func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { var expectedBitSize int var hash crypto.Hash switch alg { case ES256: expectedBitSize = 256 hash = crypto.SHA256 case ES384: expectedBitSize = 384 hash = crypto.SHA384 case ES512: expectedBitSize = 521 hash = crypto.SHA512 } curveBits := ctx.privateKey.Curve.Params().BitSize if expectedBitSize != curveBits { return Signature{}, fmt.Errorf("square/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits) } hasher := hash.New() // According to documentation, Write() on hash never fails _, _ = hasher.Write(payload) hashed := hasher.Sum(nil) r, s, err := ecdsa.Sign(randReader, ctx.privateKey, hashed) if err != nil { return Signature{}, err } keyBytes := curveBits / 8 if curveBits%8 > 0 { keyBytes += 1 } // We serialize the outpus (r and s) into big-endian byte arrays and pad // them with zeros on the left to make sure the sizes work out. Both arrays // must be keyBytes long, and the output must be 2*keyBytes long. rBytes := r.Bytes() rBytesPadded := make([]byte, keyBytes) copy(rBytesPadded[keyBytes-len(rBytes):], rBytes) sBytes := s.Bytes() sBytesPadded := make([]byte, keyBytes) copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) out := append(rBytesPadded, sBytesPadded...) return Signature{ Signature: out, protected: &rawHeader{}, }, nil }
func checkSignature(c *x509.Certificate, algo x509.SignatureAlgorithm, signed, signature []byte) (err error) { var hashType crypto.Hash switch algo { case x509.SHA1WithRSA, x509.DSAWithSHA1, x509.ECDSAWithSHA1: hashType = crypto.SHA1 case x509.SHA256WithRSA, x509.DSAWithSHA256, x509.ECDSAWithSHA256: hashType = crypto.SHA256 case x509.SHA384WithRSA, x509.ECDSAWithSHA384: hashType = crypto.SHA384 case x509.SHA512WithRSA, x509.ECDSAWithSHA512: hashType = crypto.SHA512 default: return x509.ErrUnsupportedAlgorithm } if !hashType.Available() { return x509.ErrUnsupportedAlgorithm } h := hashType.New() h.Write(signed) digest := h.Sum(nil) switch pub := c.PublicKey.(type) { case *rsa.PublicKey: // the digest is already hashed, so we force a 0 here return rsa.VerifyPKCS1v15(pub, 0, digest, signature) case *dsa.PublicKey: dsaSig := new(dsaSignature) if _, err := asn1.Unmarshal(signature, dsaSig); err != nil { return err } if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 { return errors.New("x509: DSA signature contained zero or negative values") } if !dsa.Verify(pub, digest, dsaSig.R, dsaSig.S) { return errors.New("x509: DSA verification failure") } return case *ecdsa.PublicKey: ecdsaSig := new(ecdsaSignature) if _, err := asn1.Unmarshal(signature, ecdsaSig); err != nil { return err } if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { return errors.New("x509: ECDSA signature contained zero or negative values") } if !ecdsa.Verify(pub, digest, ecdsaSig.R, ecdsaSig.S) { return errors.New("x509: ECDSA verification failure") } return } return x509.ErrUnsupportedAlgorithm }
func (pkcs1v15 *pkcs1v15Sign) Verify(src []byte, sign []byte, hash crypto.Hash, puk *rsa.PublicKey) error { if !hash.Available() { return errors.New("unsupport hash type") } h := hash.New() h.Write(src) hashed := h.Sum(nil) return rsa.VerifyPKCS1v15(puk, hash, hashed, sign) }
func NewHashWriter(dir string, hashfunc crypto.Hash) *HashWriter { me := &HashWriter{} tmp, err := ioutil.TempFile(dir, ".md5temp") if err != nil { panic(err) log.Fatal(err) } me.dest = tmp me.hasher = hashfunc.New() return me }
func NewHashRender(w Responser, hasher crypto.Hash) Render { if !hasher.Available() { panic(ErrHash.Error()) } render := &HashRender{ response: w, hash: hasher.New(), } return render }
func keyRevocationHash(pk signingKey, hashFunc crypto.Hash) (h hash.Hash, err error) { if !hashFunc.Available() { return nil, errors.UnsupportedError("hash function") } h = hashFunc.New() // RFC 4880, section 5.2.4 pk.SerializeSignaturePrefix(h) pk.serializeWithoutHeaders(h) return }
func token(data string, hash crypto.Hash) string { var tokenKey [keySize]byte n, err := rand.Read(tokenKey[:]) for n < keySize || err != nil { n, err = rand.Read(tokenKey[:]) } h := hash.New() h.Write([]byte(data)) h.Write(tokenKey[:]) h.Write([]byte(time.Now().Format(time.RFC3339Nano))) return fmt.Sprintf("%x", h.Sum(nil)) }
// Thumbprint returns the JWK thumbprint using the indicated // hashing algorithm, according to RFC 7638 func (s SymmetricKey) Thumbprint(hash crypto.Hash) ([]byte, error) { const tmpl = `{"k":"%s","kty":"oct"}` k64, err := s.Key.Base64Encode() if err != nil { return nil, err } v := fmt.Sprintf(tmpl, k64) h := hash.New() h.Write([]byte(v)) return h.Sum(nil), nil }
// FileDigest computes a hash digest of the file using the given hash. // It also returns the file size. func FileDigest(filename string, hash crypto.Hash) ([]byte, uint64, error) { f, err := os.Open(filename) if err != nil { return nil, 0, err } defer f.Close() h := hash.New() size, err := io.CopyBuffer(h, f, make([]byte, hashDigestBufSize)) if err != nil { return nil, 0, err } return h.Sum(nil), uint64(size), nil }
// userIdSignatureV3Hash returns a Hash of the message that needs to be signed // to assert that pk is a valid key for id. func userIdSignatureV3Hash(id string, pk signingKey, hfn crypto.Hash) (h hash.Hash, err error) { if h = hfn.New(); h == nil { return nil, errors.UnsupportedError("hash function") } // RFC 4880, section 5.2.4 pk.SerializeSignaturePrefix(h) pk.serializeWithoutHeaders(h) h.Write([]byte(id)) return }