void Integrity::add_hmac(Packet &pkt, uint64_t k_nas_int) { uint8_t *hmac; hmac = g_utils.allocate_uint8_mem(hmac_len); get_hmac(pkt.data, pkt.len, hmac, k_nas_int); pkt.prepend_item(hmac, hmac_len); free(hmac); }
bool Integrity::hmac_check(Packet &pkt, uint64_t k_nas_int) { uint8_t *hmac_res; uint8_t *hmac_xres; bool res; hmac_res = g_utils.allocate_uint8_mem(hmac_len); hmac_xres = g_utils.allocate_uint8_mem(hmac_len); rem_hmac(pkt, hmac_xres); get_hmac(pkt.data, pkt.len, hmac_res, k_nas_int); res = cmp_hmacs(hmac_res, hmac_xres); free(hmac_res); free(hmac_xres); return res; }
/* * HMAC strcmp * - finished in about 1.3 second for any string inputs */ int hmac_strcmp(void *msg1, void *msg2, int *result, int loop) { unsigned char hval1[64]; unsigned char hval2[64]; unsigned int len1; unsigned int len2; int cnt; int rc = 0; len1 = get_len(msg1); len2 = get_len(msg2); cnt=0; while (cnt++ < loop) { rc |= get_hmac(msg1, len1, hval1, &len1); msg1 = hval1; rc |= get_hmac(msg2, len2, hval2, &len2); msg2 = hval2; dprint(hval1, len1); dprint(hval2, len2); } *result = strncmp((const char*)hval1, (const char*)hval2, 64); return rc; }
char * aes_decrypt(char *encBuffer,char * key,size_t txtLength,char *hmac){ gcry_cipher_hd_t h; gcry_error_t err; int status_decrypt; char *hmac_gen; // printf("string length :%lu\n",txtLength); char * outBuffer = malloc(txtLength); // init output to be of same length as input // open cipher handle err = gcry_cipher_open(&h, ENCRYPT_ALGO, ENCRYPT_MODE, GCRY_CIPHER_SECURE); if(err != GPG_ERR_NO_ERROR){ printf ("Error at open: %s\n",gcry_strerror(err)); exit(-1); } // set the same key as encryption err = gcry_cipher_setkey(h, key, KEYLENGTH_SHA); if(err != GPG_ERR_NO_ERROR){ printf ("Error at setting key: %s\n",gcry_strerror(err)); exit(-1); } // set the same IV as encryption err = gcry_cipher_setiv(h, &IV, 16); if(err != GPG_ERR_NO_ERROR){ printf ("Error at setting IV: %s\n",gcry_strerror(err)); exit(-1); } // decrypt the content status_decrypt = gcry_cipher_decrypt(h, outBuffer, txtLength, encBuffer, txtLength); if(status_decrypt != 0){ printf ("Error at decrypting:%s %s\n",gcry_strerror(status_decrypt),gcry_strerror(status_decrypt)); } hmac_gen = get_hmac(encBuffer,key,txtLength); // generate the hmac of the encrypted content at server // check with the extracted hmac from file or network int j; for(j=0;j<64;j++){ if (hmac_gen[j] != hmac[j]){ printf ("HMAC verification failed\n"); exit(62); } } printf("HMAC Verified\n"); FILE * f; if( access( filename, F_OK ) != -1 ) { printf ("File already present\n"); exit(33); // Check for file exists and exit with code 33 } f = fopen(filename,"w+b"); // hardcoded file name change it - Done // Since we added trailing zeroes at original file to make length a proper multiple of 16 // we get the same content after decryption but with the trailing zeroes // Since we dont need them i am checcking for the last non zero element in the last row and writing till there // print_buf(outBuffer,txtLength); // debug purposes if (f){ fwrite(outBuffer, txtLength -16, 1, f); int index,j; char * last_row = (outBuffer + txtLength -16); for(j=16;j>0;j--){ // printf("%d %02X\n",j-1, last_row[j - 1]); if(last_row[j-1] != 0){ index = j;//last non zero element // printf("Last index is %d %02X\n",index,last_row[j-1]); j = -1; } } fwrite(outBuffer+(txtLength -16),index+1, 1, f); // ignoring last 0 chars when printing + 1 is for trainling char fclose(f); } else{ printf ("Error at opening file to write\n"); exit(33); // this can be moved further to save time. } return outBuffer; }