func TestKeccak(t *testing.T) {
for i := range tests {
var h hash.Hash
switch tests[i].length {
case 28:
h = New224()
case 32:
h = New256()
case 48:
h = New384()
case 64:
h = New512()
default:
panic("invalid testcase")
}
h.Write(tests[i].input)
d := h.Sum(nil)
if !bytes.Equal(d, tests[i].output) {
t.Errorf("testcase %d: expected %x got %x", i, tests[i].output, d)
}
}
}
// Iterated writes to out the result of computing the Iterated and Salted S2K
// function (RFC 4880, section 3.7.1.3) using the given hash, input passphrase,
// salt and iteration count.
func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) {
combined := make([]byte, len(in)+len(salt))
copy(combined, salt)
copy(combined[len(salt):], in)
if count < len(combined) {
count = len(combined)
}
done := 0
var digest []byte
for i := 0; done < len(out); i++ {
h.Reset()
for j := 0; j < i; j++ {
h.Write(zero[:])
}
written := 0
for written < count {
if written+len(combined) > count {
todo := count - written
h.Write(combined[:todo])
written = count
} else {
h.Write(combined)
written += len(combined)
}
}
digest = h.Sum(digest[:0])
n := copy(out[done:], digest)
done += n
}
}
// RefFromHash returns a blobref representing the given hash.
// It panics if the hash isn't of a known type.
func RefFromHash(h hash.Hash) Ref {
meta, ok := metaFromType[reflect.TypeOf(h)]
if !ok {
panic(fmt.Sprintf("Currently-unsupported hash type %T", h))
}
return Ref{meta.ctor(h.Sum(nil))}
}
// finishedSum30 calculates the contents of the verify_data member of a SSLv3
// Finished message given the MD5 and SHA1 hashes of a set of handshake
// messages.
func finishedSum30(md5, sha1 hash.Hash, masterSecret []byte, magic []byte) []byte {
md5.Write(magic)
md5.Write(masterSecret)
md5.Write(ssl30Pad1[:])
md5Digest := md5.Sum(nil)
md5.Reset()
md5.Write(masterSecret)
md5.Write(ssl30Pad2[:])
md5.Write(md5Digest)
md5Digest = md5.Sum(nil)
sha1.Write(magic)
sha1.Write(masterSecret)
sha1.Write(ssl30Pad1[:40])
sha1Digest := sha1.Sum(nil)
sha1.Reset()
sha1.Write(masterSecret)
sha1.Write(ssl30Pad2[:40])
sha1.Write(sha1Digest)
sha1Digest = sha1.Sum(nil)
ret := make([]byte, len(md5Digest)+len(sha1Digest))
copy(ret, md5Digest)
copy(ret[len(md5Digest):], sha1Digest)
return ret
}
// hashCopyN - Calculates Md5sum and SHA256sum for upto partSize amount of bytes.
func (c Client) hashCopyN(writer io.ReadWriter, reader io.Reader, partSize int64) (md5Sum, sha256Sum []byte, size int64, err error) {
// MD5 and SHA256 hasher.
var hashMD5, hashSHA256 hash.Hash
// MD5 and SHA256 hasher.
hashMD5 = md5.New()
hashWriter := io.MultiWriter(writer, hashMD5)
if c.signature.isV4() {
hashSHA256 = sha256.New()
hashWriter = io.MultiWriter(writer, hashMD5, hashSHA256)
}
// Copies to input at writer.
size, err = io.CopyN(hashWriter, reader, partSize)
if err != nil {
// If not EOF return error right here.
if err != io.EOF {
return nil, nil, 0, err
}
}
// Finalize md5shum and sha256 sum.
md5Sum = hashMD5.Sum(nil)
if c.signature.isV4() {
sha256Sum = hashSHA256.Sum(nil)
}
return md5Sum, sha256Sum, size, err
}
// Returns true if the provided message is unsigned or has a valid signature
// from one of the provided signers.
func authenticateMessage(signers map[string]Signer, header *Header, msg []byte) bool {
digest := header.GetHmac()
if digest != nil {
var key string
signer := fmt.Sprintf("%s_%d", header.GetHmacSigner(),
header.GetHmacKeyVersion())
if s, ok := signers[signer]; ok {
key = s.HmacKey
} else {
return false
}
var hm hash.Hash
switch header.GetHmacHashFunction() {
case Header_MD5:
hm = hmac.New(md5.New, []byte(key))
case Header_SHA1:
hm = hmac.New(sha1.New, []byte(key))
}
hm.Write(msg)
expectedDigest := hm.Sum(nil)
if subtle.ConstantTimeCompare(digest, expectedDigest) != 1 {
return false
}
}
return true
}
func authenticateMessage(signers map[string]Signer, header *Header,
pack *PipelinePack) bool {
digest := header.GetHmac()
if digest != nil {
var key string
signer := fmt.Sprintf("%s_%d", header.GetHmacSigner(),
header.GetHmacKeyVersion())
if s, ok := signers[signer]; ok {
key = s.HmacKey
} else {
return false
}
var hm hash.Hash
switch header.GetHmacHashFunction() {
case Header_MD5:
hm = hmac.New(md5.New, []byte(key))
case Header_SHA1:
hm = hmac.New(sha1.New, []byte(key))
}
hm.Write(pack.MsgBytes)
expectedDigest := hm.Sum(nil)
if bytes.Compare(digest, expectedDigest) != 0 {
return false
}
pack.Signer = header.GetHmacSigner()
}
return true
}
func (c *Client) PutObject(key, bucket string, md5 hash.Hash, size int64, body io.Reader) error {
req := newReq(c.keyURL(bucket, key))
req.Method = "PUT"
req.ContentLength = size
if md5 != nil {
b64 := new(bytes.Buffer)
encoder := base64.NewEncoder(base64.StdEncoding, b64)
encoder.Write(md5.Sum(nil))
encoder.Close()
req.Header.Set("Content-MD5", b64.String())
}
c.Auth.SignRequest(req)
req.Body = ioutil.NopCloser(body)
res, err := c.transport().RoundTrip(req)
if res != nil && res.Body != nil {
defer httputil.CloseBody(res.Body)
}
if err != nil {
return err
}
if res.StatusCode != http.StatusOK {
// res.Write(os.Stderr)
return fmt.Errorf("Got response code %d from s3", res.StatusCode)
}
return nil
}
// MakeSignature returns a auth_v4 signature from the `string to sign` variable.
// May be useful for creating v4 requests for services other than DynamoDB.
func MakeSignature(string2sign, zone, service, secret string) string {
kCredentials, _ := cacheable_hmacs(zone, service, secret)
var kSigning_hmac_sha256 hash.Hash = hmac.New(sha256.New, kCredentials)
kSigning_hmac_sha256.Write([]byte(string2sign))
kSigning := kSigning_hmac_sha256.Sum(nil)
return hex.EncodeToString(kSigning)
}
// Verifies the image package integrity after it is downloaded
func (img *Image) verify() error {
// Makes sure the file cursor is positioned at the beginning of the file
_, err := img.file.Seek(0, 0)
if err != nil {
return err
}
log.Printf("[DEBUG] Verifying image checksum...")
var hasher hash.Hash
switch img.ChecksumType {
case "md5":
hasher = md5.New()
case "sha1":
hasher = sha1.New()
case "sha256":
hasher = sha256.New()
case "sha512":
hasher = sha512.New()
default:
return fmt.Errorf("[ERROR] Crypto algorithm no supported: %s", img.ChecksumType)
}
_, err = io.Copy(hasher, img.file)
if err != nil {
return err
}
result := fmt.Sprintf("%x", hasher.Sum(nil))
if result != img.Checksum {
return fmt.Errorf("[ERROR] Checksum does not match\n Result: %s\n Expected: %s", result, img.Checksum)
}
return nil
}
// DeriveConcatKDF implements NIST SP 800-56A Concatenation Key Derivation Function. Derives
// key material of keydatalen bits size given Z (sharedSecret), OtherInfo (AlgorithmID |
// PartyUInfo | PartyVInfo | SuppPubInfo | SuppPrivInfo) and hash function
func DeriveConcatKDF(keydatalen int, sharedSecret, algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo []byte, h hash.Hash) []byte {
otherInfo := arrays.Concat(algId, partyUInfo, partyVInfo, suppPubInfo, suppPrivInfo)
keyLenBytes := keydatalen >> 3
reps := int(math.Ceil(float64(keyLenBytes) / float64(h.Size())))
if reps > MaxInt {
panic("kdf.DeriveConcatKDF: too much iterations (more than 2^32-1).")
}
dk := make([]byte, 0, keyLenBytes)
for counter := 1; counter <= reps; counter++ {
h.Reset()
counterBytes := arrays.UInt32ToBytes(uint32(counter))
h.Write(counterBytes)
h.Write(sharedSecret)
h.Write(otherInfo)
dk = h.Sum(dk)
}
return dk[:keyLenBytes]
}
func (c *Client) PutObject(name, bucket string, md5 hash.Hash, size int64, body io.Reader) error {
req := newReq("http://" + bucket + "." + c.hostname() + "/" + name)
req.Method = "PUT"
req.ContentLength = size
if md5 != nil {
b64 := new(bytes.Buffer)
encoder := base64.NewEncoder(base64.StdEncoding, b64)
encoder.Write(md5.Sum(nil))
encoder.Close()
req.Header.Set("Content-MD5", b64.String())
}
if c.DefaultACL != "" {
req.Header.Set("x-amz-acl", c.DefaultACL)
}
contentType := mime.TypeByExtension(path.Ext(name))
if contentType == "" {
contentType = "application/octet-stream"
}
req.Header.Set("Content-Type", contentType)
c.Auth.SignRequest(req)
req.Body = ioutil.NopCloser(body)
res, err := c.httpClient().Do(req)
if res != nil && res.Body != nil {
defer httputil.CloseBody(res.Body)
}
if err != nil {
return err
}
if res.StatusCode != http.StatusOK {
res.Write(os.Stderr)
return fmt.Errorf("Got response code %d from s3", res.StatusCode)
}
return nil
}
// HashPasswordWithSalt scrambles the password with the provided parameters.
func HashPasswordWithSalt(password, tweak, salt []byte, g, g0 int64, H hash.Hash) ([]byte, error) {
if g < g0 {
return nil, ErrInvalidGarlic
}
x := make([]byte, len(tweak)+len(password)|len(salt))
copy(x, tweak)
copy(x[len(tweak):], password)
copy(x[len(tweak)+len(password):], salt)
var err error
for i := g0; i <= g; i++ {
c := bigPadded(big.NewInt(i), cPad)
twoCp1 := new(big.Int).Exp(big.NewInt(2), big.NewInt(i), nil)
twoCp1 = twoCp1.Add(twoCp1, big.NewInt(1))
x, err = sbrh(c, x, H)
if err != nil {
H.Reset()
return nil, err
}
H.Write(c)
H.Write(bigPadded(twoCp1, cPad))
H.Write(x)
x = H.Sum(nil)
H.Reset()
}
return x, nil
}
// Tweak generates a new tweak from the mode, hash, salt length (in
// bytes), and any additional data. It provides additional information
// that will complicate an attacker's efforts, and allows a system to
// differentiate between different uses of the Catena function's output.
func Tweak(mode byte, H hash.Hash, saltLen int, ad []byte) ([]byte, error) {
if mode != ModePassHash && mode != ModeKeyDerivation {
return nil, ErrInvalidTweakMode
}
hashLen := H.Size()
tweakLen := 5 + hashLen
var t = make([]byte, 1, tweakLen)
t[0] = mode
var tmp uint16 = uint16(H.Size() * 8)
high := byte(tmp >> 8)
low := byte(tmp << 8 >> 8)
t = append(t, high)
t = append(t, low)
tmp = uint16(saltLen * 8)
high = byte(tmp >> 8)
low = byte(tmp << 8 >> 8)
t = append(t, high)
t = append(t, low)
H.Reset()
H.Write(ad)
t = append(t, H.Sum(nil)...)
H.Reset()
return t, nil
}
func finishEAX(tag []byte, cmac hash.Hash) {
// Finish CMAC #2 and xor into tag.
sum := cmac.Sum()
for i := range tag {
tag[i] ^= sum[i]
}
}
// VerifySignature returns nil iff sig is a valid signature, made by this
// public key, of the data hashed into signed. signed is mutated by this call.
func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err os.Error) {
if !pk.CanSign() {
return error.InvalidArgumentError("public key cannot generate signatures")
}
signed.Write(sig.HashSuffix)
hashBytes := signed.Sum()
if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {
return error.SignatureError("hash tag doesn't match")
}
if pk.PubKeyAlgo != sig.PubKeyAlgo {
return error.InvalidArgumentError("public key and signature use different algorithms")
}
switch pk.PubKeyAlgo {
case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey)
err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature)
if err != nil {
return error.SignatureError("RSA verification failure")
}
return nil
case PubKeyAlgoDSA:
dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey)
if !dsa.Verify(dsaPublicKey, hashBytes, sig.DSASigR, sig.DSASigS) {
return error.SignatureError("DSA verification failure")
}
return nil
default:
panic("shouldn't happen")
}
panic("unreachable")
}
// Checksum returns the checksum of some data, using a specified algorithm.
// It only returns an error when an invalid algorithm is used. The valid ones
// are MD5, SHA1, SHA224, SHA256, SHA384, SHA512, SHA3224, SHA3256, SHA3384,
// and SHA3512.
func Checksum(algorithm string, data []byte) (checksum string, err error) {
// default
var hasher hash.Hash
switch strings.ToUpper(algorithm) {
case "MD5":
hasher = md5.New()
case "SHA1":
hasher = sha1.New()
case "SHA224":
hasher = sha256.New224()
case "SHA256":
hasher = sha256.New()
case "SHA384":
hasher = sha512.New384()
case "SHA512":
hasher = sha512.New()
case "SHA3224":
hasher = sha3.New224()
case "SHA3256":
hasher = sha3.New256()
case "SHA3384":
hasher = sha3.New384()
case "SHA3512":
hasher = sha3.New512()
default:
msg := "Invalid algorithm parameter passed go Checksum: %s"
return checksum, fmt.Errorf(msg, algorithm)
}
hasher.Write(data)
str := hex.EncodeToString(hasher.Sum(nil))
return str, nil
}
func generateChecksum(h hash.Hash, b *[]byte) string {
_, err := h.Write(*b)
if err != nil {
return ""
}
return fmt.Sprintf("%x", h.Sum(nil))
}
func Encode(k int, h hash.Hash, value []byte, output int) (enc []byte, s [][]byte) {
s0 := make([]byte, h.Size())
n := len(value)
blockcount := n / k
s = make([][]byte, blockcount)
for i := 0; i < blockcount; i++ {
h.Reset()
if i == 0 {
h.Write(s0)
} else {
h.Write(s[i-1])
}
h.Write(value[i*k : (i+1)*k])
s[i] = h.Sum(make([]byte, 0, h.Size()))
}
rng := make([](*RNG), len(s))
for i := 0; i < len(s); i++ {
rng[i] = NewRNG(h, s[i])
}
enc = make([]byte, output)
for i := 0; i < output; i++ {
enc[i] = rng[i%blockcount].Next()
}
return
}
func (s *descbc) Decrypt(salt []byte, algo, usage int, data []byte) ([]byte, error) {
var h hash.Hash
switch algo {
case cryptDesCbcMd5:
h = md5.New()
case cryptDesCbcMd4:
h = md4.New()
default:
return nil, ErrProtocol
}
if (len(data) & 7) != 0 {
return nil, ErrProtocol
}
iv := [8]byte{}
b, _ := des.NewCipher(s.key)
c := cipher.NewCBCDecrypter(b, iv[:])
c.CryptBlocks(data, data)
chk := make([]byte, h.Size())
h.Write(data[:8])
h.Write(chk) // Just need h.Size() zero bytes instead of the checksum
h.Write(data[8+len(chk):])
h.Sum(chk[:0])
if subtle.ConstantTimeCompare(chk, data[8:8+len(chk)]) != 1 {
return nil, ErrProtocol
}
return data[8+len(chk):], nil
}
func LoadPost(ctx *web.Context, val string) {
username := ctx.Params["username"]
password := ctx.Params["password"]
salt := strconv.Itoa64(time.Nanoseconds()) + username
var h hash.Hash = sha256.New()
h.Write([]byte(password + salt))
s, _err := conn.Prepare("INSERT INTO users VALUES(NULL, ?, ?, ?)")
utils.ReportErr(_err)
s.Exec(username, string(h.Sum()), salt)
s.Finalize()
conn.Close()
sidebar := utils.Loadmustache("admin.mustache", &map[string]string{})
//TESTING, REMOVE LATER
script := "<script type=\"text/javascript\" src=\"../inc/adminref.js\"></script>"
content := "Welcome to the admin panel, use the control box on your right to control the site content"
//ENDTESTING
mapping := map[string]string{"css": "../inc/site.css",
"title": "Proggin: Admin panel",
"sidebar": sidebar,
"content": content,
"script": script}
output := utils.Loadmustache("frame.mustache", &mapping)
ctx.WriteString(output)
}
//TODO: test and add to tests
//RIPEMD-160 operation for bitcoin address hashing
func Ripemd(b []byte) []byte {
//ripemd hashing of the sha hash
var h hash.Hash = ripemd160.New()
h.Write(b)
return h.Sum(nil) //return
}
// computeHash - Calculates MD5 and SHA256 for an input read Seeker.
func (c Client) computeHash(reader io.ReadSeeker) (md5Sum, sha256Sum []byte, size int64, err error) {
// MD5 and SHA256 hasher.
var hashMD5, hashSHA256 hash.Hash
// MD5 and SHA256 hasher.
hashMD5 = md5.New()
hashWriter := io.MultiWriter(hashMD5)
if c.signature.isV4() {
hashSHA256 = sha256.New()
hashWriter = io.MultiWriter(hashMD5, hashSHA256)
}
size, err = io.Copy(hashWriter, reader)
if err != nil {
return nil, nil, 0, err
}
// Seek back reader to the beginning location.
if _, err := reader.Seek(0, 0); err != nil {
return nil, nil, 0, err
}
// Finalize md5shum and sha256 sum.
md5Sum = hashMD5.Sum(nil)
if c.signature.isV4() {
sha256Sum = hashSHA256.Sum(nil)
}
return md5Sum, sha256Sum, size, nil
}
func SHA1(s string) (r string) {
var h hash.Hash
h = sha1.New()
io.WriteString(h, s)
r = hex.EncodeToString(h.Sum(nil))
return
}
// TsigVerify verifies the TSIG on a message.
// If the signature does not validate err contains the
// error, otherwise it is nil.
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
rawsecret, err := packBase64([]byte(secret))
if err != nil {
return err
}
// Srtip the TSIG from the incoming msg
stripped, tsig, err := stripTsig(msg)
if err != nil {
return err
}
buf := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
ti := uint64(time.Now().Unix()) - tsig.TimeSigned
if uint64(tsig.Fudge) < ti {
return ErrTime
}
var h hash.Hash
switch tsig.Algorithm {
case HmacMD5:
h = hmac.New(md5.New, []byte(rawsecret))
case HmacSHA1:
h = hmac.New(sha1.New, []byte(rawsecret))
case HmacSHA256:
h = hmac.New(sha256.New, []byte(rawsecret))
default:
return ErrKeyAlg
}
io.WriteString(h, string(buf))
if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
return ErrSig
}
return nil
}
func (c *Client) PutObject(name, bucket string, md5 hash.Hash, size int64, body io.Reader) error {
req := newReq("http://" + bucket + ".s3.amazonaws.com/" + name)
req.Method = "PUT"
req.ContentLength = size
if md5 != nil {
b64 := new(bytes.Buffer)
encoder := base64.NewEncoder(base64.StdEncoding, b64)
encoder.Write(md5.Sum(nil))
encoder.Close()
req.Header.Set("Content-MD5", b64.String())
}
c.Auth.SignRequest(req)
req.Body = ioutil.NopCloser(body)
res, err := c.httpClient().Do(req)
if res != nil && res.Body != nil {
defer res.Body.Close()
}
if err != nil {
return err
}
if res.StatusCode != 200 {
res.Write(os.Stderr)
return fmt.Errorf("Got response code %d from s3", res.StatusCode)
}
return nil
}
func passwordToKey(proto AuthProtocol, password string, engineId []byte) []byte {
var h hash.Hash
switch proto {
case Md5:
h = md5.New()
case Sha:
h = sha1.New()
}
pass := []byte(password)
plen := len(pass)
for i := mega / plen; i > 0; i-- {
h.Write(pass)
}
remain := mega % plen
if remain > 0 {
h.Write(pass[:remain])
}
ku := h.Sum(nil)
h.Reset()
h.Write(ku)
h.Write(engineId)
h.Write(ku)
return h.Sum(nil)
}
func (s *S) TestSendMessageWithAttributes(c *C) {
testServer.PrepareResponse(200, nil, TestSendMessageXmlOK)
q := &Queue{s.sqs, testServer.URL + "/123456789012/testQueue/"}
attrs := map[string]string{
"test_attribute_name_1": "test_attribute_value_1",
}
resp, err := q.SendMessageWithAttributes("This is a test message", attrs)
req := testServer.WaitRequest()
c.Assert(req.Method, Equals, "GET")
c.Assert(req.URL.Path, Equals, "/123456789012/testQueue/")
c.Assert(req.Header["Date"], Not(Equals), "")
var attrsHash = md5.New()
attrsHash.Write(encodeMessageAttribute("test_attribute_name_1"))
attrsHash.Write(encodeMessageAttribute("String"))
attrsHash.Write([]byte{1})
attrsHash.Write(encodeMessageAttribute("test_attribute_value_1"))
c.Assert(resp.MD5OfMessageAttributes, Equals, fmt.Sprintf("%x", attrsHash.Sum(nil)))
msg := "This is a test message"
var h hash.Hash = md5.New()
h.Write([]byte(msg))
c.Assert(resp.MD5, Equals, fmt.Sprintf("%x", h.Sum(nil)))
c.Assert(resp.Id, Equals, "5fea7756-0ea4-451a-a703-a558b933e274")
c.Assert(err, IsNil)
}
// VerifySignatureV3 returns nil iff sig is a valid signature, made by this
// public key, of the data hashed into signed. signed is mutated by this call.
func (pk *PublicKeyV3) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err error) {
if !pk.CanSign() {
return errors.InvalidArgumentError("public key cannot generate signatures")
}
suffix := make([]byte, 5)
suffix[0] = byte(sig.SigType)
binary.BigEndian.PutUint32(suffix[1:], uint32(sig.CreationTime.Unix()))
signed.Write(suffix)
hashBytes := signed.Sum(nil)
if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {
return errors.SignatureError("hash tag doesn't match")
}
if pk.PubKeyAlgo != sig.PubKeyAlgo {
return errors.InvalidArgumentError("public key and signature use different algorithms")
}
switch pk.PubKeyAlgo {
case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
if err = rsa.VerifyPKCS1v15(pk.PublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil {
return errors.SignatureError("RSA verification failure")
}
return
default:
// V3 public keys only support RSA.
panic("shouldn't happen")
}
panic("unreachable")
}
func calculateRef(h hash.Hash, data []byte) *Ref {
var tmp [RefLen]byte
h.Reset()
h.Write(data)
mac := h.Sum(tmp[:0])
return RefFromBytes(mac)
}