RFC6979_HMAC_SHA256::RFC6979_HMAC_SHA256(const unsigned char* key, size_t keylen, const unsigned char* msg, size_t msglen) : retry(false) { memset(V, 0x01, sizeof(V)); memset(K, 0x00, sizeof(K)); CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(zero, sizeof(zero)).Write(key, keylen).Write(msg, msglen).Finalize(K); CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V); CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(one, sizeof(one)).Write(key, keylen).Write(msg, msglen).Finalize(K); CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V); }
void RFC6979_HMAC_SHA256::Generate(unsigned char* output, size_t outputlen) { if (retry) { CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Write(zero, sizeof(zero)).Finalize(K); CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V); } while (outputlen > 0) { CHMAC_SHA256(K, sizeof(K)).Write(V, sizeof(V)).Finalize(V); size_t len = std::min(outputlen, sizeof(V)); memcpy(output, V, len); output += len; outputlen -= len; } retry = true; }
//This function checks username and password against -rpcauth //entries from config file. static bool multiUserAuthorized(std::string strUserPass) { if (strUserPass.find(":") == std::string::npos) { return false; } std::string strUser = strUserPass.substr(0, strUserPass.find(":")); std::string strPass = strUserPass.substr(strUserPass.find(":") + 1); if (gArgs.IsArgSet("-rpcauth")) { //Search for multi-user login/pass "rpcauth" from config for (std::string strRPCAuth : gArgs.GetArgs("-rpcauth")) { std::vector<std::string> vFields; boost::split(vFields, strRPCAuth, boost::is_any_of(":$")); if (vFields.size() != 3) { //Incorrect formatting in config file continue; } std::string strName = vFields[0]; if (!TimingResistantEqual(strName, strUser)) { continue; } std::string strSalt = vFields[1]; std::string strHash = vFields[2]; static const unsigned int KEY_SIZE = 32; unsigned char out[KEY_SIZE]; CHMAC_SHA256(reinterpret_cast<const unsigned char*>(strSalt.c_str()), strSalt.size()).Write(reinterpret_cast<const unsigned char*>(strPass.c_str()), strPass.size()).Finalize(out); std::vector<unsigned char> hexvec(out, out+KEY_SIZE); std::string strHashFromPass = HexStr(hexvec); if (TimingResistantEqual(strHashFromPass, strHash)) { return true; } } } return false; }
void TestHMACSHA256(const std::string &hexkey, const std::string &hexin, const std::string &hexout) { std::vector<unsigned char> key = ParseHex(hexkey); TestVector(CHMAC_SHA256(&key[0], key.size()), ParseHex(hexin), ParseHex(hexout)); }