/*
* keylength in bits!
* message length in bits!
*/
void hmac_sha256(void* dest, void* key, uint16_t keylength_b, void* msg, uint64_t msglength_b){ /* a one-shot*/
sha256_ctx_t s;
uint8_t i;
uint8_t buffer[SHA256_HASH_BYTES];
memset(buffer, 0, SHA256_HASH_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > SHA256_BLOCK_BITS){
sha256((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA256_HASH_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha256_init(&s);
sha256_nextBlock(&s, buffer);
while (msglength_b >= SHA256_BLOCK_BITS){
sha256_nextBlock(&s, msg);
msg = (uint8_t*)msg + SHA256_HASH_BYTES;
msglength_b -= SHA256_BLOCK_BITS;
}
sha256_lastBlock(&s, msg, msglength_b);
/* since buffer still contains key xor ipad we can do ... */
for (i=0; i<SHA256_HASH_BYTES; ++i){
buffer[i] ^= IPAD ^ OPAD;
}
sha256_ctx2hash(dest, &s); /* save inner hash temporary to dest */
sha256_init(&s);
sha256_nextBlock(&s, buffer);
sha256_lastBlock(&s, dest, SHA256_HASH_BITS);
sha256_ctx2hash(dest, &s);
}
void hmac_sha256_final(hmac_sha256_ctx_t *s, void* key, uint16_t keylength_b){
uint8_t buffer[SHA256_HASH_BYTES];
uint8_t i;
sha256_ctx_t a;
memset(buffer, 0, SHA256_HASH_BYTES);
if (keylength_b > SHA256_BLOCK_BITS){
sha256((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA256_HASH_BYTES; ++i){
buffer[i] ^= OPAD;
}
sha256_init(&a);
sha256_nextBlock(&a, buffer); /* hash key ^ opad */
sha256_ctx2hash((void*)buffer, s); /* copy hash(key ^ ipad, msg) to buffer */
sha256_lastBlock(&a, buffer, SHA256_HASH_BITS);
memcpy(s, &a, sizeof(sha256_ctx_t));
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, SHA256_HASH_BYTES);
memset(a.h, 0, 8*4);
#endif
}
void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b){
/* while(length_b>=SHA256_BLOCK_BITS){
sha256_nextBlock(&(s->a), block);
block = (uint8_t*)block + SHA256_BLOCK_BYTES;
length_b -= SHA256_BLOCK_BITS;
}
*/ sha256_lastBlock(&(s->a), block, length_b);
}
void entropium_getRandomBlock(void *b){
sha256_ctx_t s;
uint8_t offset=8;
sha256_init(&s);
sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
memcpy(b, s.h, 32); /* back up first hash in b */
((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */
sha256_init(&s);
sha256_lastBlock(&s, b, 256);
memcpy(b, s.h, 32);
}
/*
* length in bits!
*/
void sha256(void* dest, const void* msg, uint32_t length_b){ /* length could be choosen longer but this is for µC */
sha256_ctx_t s;
sha256_init(&s);
while(length_b >= SHA256_BLOCK_BITS){
sha256_nextBlock(&s, msg);
msg = (uint8_t*)msg + SHA256_BLOCK_BITS/8;
length_b -= SHA256_BLOCK_BITS;
}
sha256_lastBlock(&s, msg, length_b);
sha256_ctx2hash(dest,&s);
}
/* idea is: hash the message and add it via xor to rndCore
*
* length in bits
*
* we simply first "hash" rndCore, then entropy.
*/
void entropium_addEntropy(unsigned length_b, const void* data){
sha256_ctx_t s;
static uint8_t offset=0; /* selects if higher or lower half gets updated */
sha256_init(&s);
sha256_nextBlock(&s, rndCore);
while (length_b>=512){
sha256_nextBlock(&s, data);
data = (uint8_t*)data+ 512/8;
length_b -= 512;
}
sha256_lastBlock(&s, data, length_b);
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
}
void testrun_performance_sha256(void){
uint64_t t;
char str[16];
uint8_t data[32];
sha256_ctx_t ctx;
calibrateTimer();
print_overhead();
memset(data, 0, 32);
startTimer(1);
sha256_init(&ctx);
t = stopTimer();
uart_putstr_P(PSTR("\r\n\tctx-gen time: "));
ultoa((unsigned long)t, str, 10);
uart_putstr(str);
startTimer(1);
sha256_nextBlock(&ctx, data);
t = stopTimer();
uart_putstr_P(PSTR("\r\n\tone-block time: "));
ultoa((unsigned long)t, str, 10);
uart_putstr(str);
startTimer(1);
sha256_lastBlock(&ctx, data, 0);
t = stopTimer();
uart_putstr_P(PSTR("\r\n\tlast block time: "));
ultoa((unsigned long)t, str, 10);
uart_putstr(str);
uart_putstr_P(PSTR("\r\n"));
}
void sha256_last_dummy(void* buffer, uint16_t size_b, void* ctx){
sha256_lastBlock(ctx, buffer, size_b);
}
void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s){
sha256_ctx2hash((sha256_hash_t*)dest, &(s->a));
sha256_lastBlock(&(s->b), dest, SHA256_HASH_BITS);
sha256_ctx2hash((sha256_hash_t*)dest, &(s->b));
}
