void challenge_37()
{
gmp_randstate_t *state = gmp_rand();
unsigned char salt[16];
char password[] = "hunter2";
size_t slen = 16, plen = 7;
// Agree on N, g, k, I (email), P (password).
mpz_t N, g, k;
srp_params(N, g, k);
// Server initialization. Generates M (salt), v.
mpz_t v;
srp_init_server(N, g, salt, slen, password, plen, v);
// Client sends I, A = 0, N, 2*N, etc. This ensures K
// can be calculated without knowing the password.
mpz_t a, A;
//mpz_init_set_ui(A, 0);
mpz_init_set(A, N);
mpz_mul_ui(A, A, 2);
// Server sends M, B = kv + g^b mod N.
mpz_t b, B;
srp_server_send(state, N, g, k, v, b, B);
// Both calculate u.
mpz_t u;
srp_compute_u(A, B, u);
// Client calculates HMAC-SHA256(K, M), using knowledge
// that A = 0, N, etc. Therefore, S = 0.
unsigned char K[32];
unsigned char client_hmac[32];
mpz_init_set_ui(a, 0);
size_t countp;
unsigned char *rop = mpz_export(NULL, &countp, 1, 1, 1, 0, a);
sha256(rop, countp, K);
sha256_hmac(K, 32, salt, 16, client_hmac);
// Server finishes, calculates the same. For K, it
// uses K = SHA256((A * v^u)^b % N).
unsigned char server_hmac[32];
srp_server_finish(salt, slen, N, v, b, A, u, server_hmac);
// Verify.
printf("Client:\n");
print_hex(client_hmac, 32);
printf("Server:\n");
print_hex(server_hmac, 32);
srp_cleanup(state, N, g, k, v, a, A, b, B, u);
}
SEC_RESULT auth_sha256(uchar* in,const size_t inlen,uchar* key,size_t keylen,uchar* hash, size_t hashlen){
uchar* datahash = (uchar*)malloc(SHA256_SIZE);
if(!datahash) return SEC_ERROR;
int ret = sha256_hmac(in,inlen,key,keylen,datahash);
if(ret){
free(datahash);
return SEC_ERROR;
}
int ret_cmp = memcmp(datahash,hash,hashlen);
free(datahash);
if(ret_cmp) return SEC_ERROR;
return SEC_SUCCESS;
}
uint8_t MAC_RSP(uint8_t* host_fix,uint8_t* host_rn,uint8_t*buffer){
uint8_t ret = ATCA_SUCCESS;
uint8_t randomized_param[RANDOM_NUM_SIZE];
memcpy(randomized_param,rn,RANDOM_NUM_SIZE);
delay_ms(100);
printf("\r\n");
printf("the fixed challenge is: \r\n");
print_mem(host_fix, RANDOM_NUM_SIZE, 16);
delay_ms(100);
printf("the random number is: \r\n");
print_mem(host_rn, RANDOM_NUM_SIZE, 16);
ret=cademo_mac_fixed_chal_randomized(AUTH_KEY_ID,host_fix,randomized_param,tempkey);
delay_ms(100);
printf("the temperate key is: \r\n");
print_mem(tempkey, sizeof(tempkey), 16);
delay_ms(100);
sha256_hmac( tempkey, MAC_CHALLENGE_SIZE,host_rn, RANDOM_NUM_SIZE,buffer, 0 );
printf("the MAC is: \r\n");
print_mem(buffer,MAC_CHALLENGE_SIZE, 16);
return ret;
}
static void sha256_hmac_wrap( const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output )
{
sha256_hmac( key, keylen, input, ilen, output, 0 );
}
int protect_buffer(unsigned char **output, int *output_len,
unsigned char *input, int input_len,
char *password,
unsigned char *salt, int salt_len,
unsigned int iterations)
{
int ret;
int i;
unsigned char k_m[32];
unsigned char k_c[32];
unsigned char k_i[32];
unsigned char tmp_1[36];
int pad_len;
unsigned char *input_padd;
unsigned char *cipher;
aes_context aes_ctx;
unsigned char iv_[16];
/* *** Initialisation *** */
input_padd = NULL;
cipher = NULL;
memset(iv_, 0x00, 16);
/* *** Check des arguments *** */
if((output == NULL) || (output_len == NULL) || (input == NULL)
|| (input_len <= 0) || (password == NULL) || (salt == NULL))
{
goto cleanup;
}
/* *** Deriv password to MasterKey *** */
ret = deriv_passwd(k_m, password, salt, salt_len, iterations);
if(ret != 0)
{
fprintf(stderr, "error: deriv_passwd\n");
return 1;
}
/* *** Deriv MasterKey to CipherKey / IntegrityKey *** */
i = 0;
memcpy(tmp_1, k_m, 32);
memcpy(tmp_1+32, &i, sizeof(int));
sha256(tmp_1, 36, k_c, 0);
i ++;
memcpy(tmp_1, k_m, 32);
memcpy(tmp_1+32, &i, sizeof(int));
sha256(tmp_1, 36, k_i, 0);
/* *** Padding ?! *** */
pad_len = 16 - (input_len % 16);
input_padd = (unsigned char *)malloc((input_len + pad_len)*sizeof(char));
if(input_padd == NULL)
goto cleanup;
cipher = (unsigned char *)malloc((input_len + pad_len + 32)*sizeof(char));
if(cipher == NULL)
goto cleanup;
memcpy(input_padd, input, input_len);
memcpy(input_padd+input_len, padding, pad_len);
/* *** Chiffrement *** */
ret = aes_setkey_enc(&aes_ctx, k_c, 256);
if(ret != 0)
goto cleanup;
ret = aes_crypt_cbc(&aes_ctx, AES_ENCRYPT,
input_len+pad_len, iv_, input_padd,
cipher);
if(ret != 0)
goto cleanup;
/* *** Ajout du controle d'integrite *** */
sha256_hmac(k_i, 32, cipher, input_len+pad_len, cipher+input_len+pad_len, 0);
*output = cipher;
*output_len = input_len + pad_len + 32;
ret = 0;
cleanup:
if(input_padd != NULL)
free(input_padd);
if(cipher != NULL)
free(cipher);
memset(&aes_ctx, 0x00, sizeof(aes_context));
memset(k_m, 0x00, 32);
memset(k_c, 0x00, 32);
memset(k_i, 0x00, 32);
memset(tmp_1, 0x00, 36);
return ret;
}
void hmac_256(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[32])
{
sha256_hmac(key, keylen, input, ilen, output, 0);
}
