void challenge_37() { gmp_randstate_t *state = gmp_rand(); unsigned char salt[16]; char password[] = "hunter2"; size_t slen = 16, plen = 7; // Agree on N, g, k, I (email), P (password). mpz_t N, g, k; srp_params(N, g, k); // Server initialization. Generates M (salt), v. mpz_t v; srp_init_server(N, g, salt, slen, password, plen, v); // Client sends I, A = 0, N, 2*N, etc. This ensures K // can be calculated without knowing the password. mpz_t a, A; //mpz_init_set_ui(A, 0); mpz_init_set(A, N); mpz_mul_ui(A, A, 2); // Server sends M, B = kv + g^b mod N. mpz_t b, B; srp_server_send(state, N, g, k, v, b, B); // Both calculate u. mpz_t u; srp_compute_u(A, B, u); // Client calculates HMAC-SHA256(K, M), using knowledge // that A = 0, N, etc. Therefore, S = 0. unsigned char K[32]; unsigned char client_hmac[32]; mpz_init_set_ui(a, 0); size_t countp; unsigned char *rop = mpz_export(NULL, &countp, 1, 1, 1, 0, a); sha256(rop, countp, K); sha256_hmac(K, 32, salt, 16, client_hmac); // Server finishes, calculates the same. For K, it // uses K = SHA256((A * v^u)^b % N). unsigned char server_hmac[32]; srp_server_finish(salt, slen, N, v, b, A, u, server_hmac); // Verify. printf("Client:\n"); print_hex(client_hmac, 32); printf("Server:\n"); print_hex(server_hmac, 32); srp_cleanup(state, N, g, k, v, a, A, b, B, u); }
SEC_RESULT auth_sha256(uchar* in,const size_t inlen,uchar* key,size_t keylen,uchar* hash, size_t hashlen){ uchar* datahash = (uchar*)malloc(SHA256_SIZE); if(!datahash) return SEC_ERROR; int ret = sha256_hmac(in,inlen,key,keylen,datahash); if(ret){ free(datahash); return SEC_ERROR; } int ret_cmp = memcmp(datahash,hash,hashlen); free(datahash); if(ret_cmp) return SEC_ERROR; return SEC_SUCCESS; }
uint8_t MAC_RSP(uint8_t* host_fix,uint8_t* host_rn,uint8_t*buffer){ uint8_t ret = ATCA_SUCCESS; uint8_t randomized_param[RANDOM_NUM_SIZE]; memcpy(randomized_param,rn,RANDOM_NUM_SIZE); delay_ms(100); printf("\r\n"); printf("the fixed challenge is: \r\n"); print_mem(host_fix, RANDOM_NUM_SIZE, 16); delay_ms(100); printf("the random number is: \r\n"); print_mem(host_rn, RANDOM_NUM_SIZE, 16); ret=cademo_mac_fixed_chal_randomized(AUTH_KEY_ID,host_fix,randomized_param,tempkey); delay_ms(100); printf("the temperate key is: \r\n"); print_mem(tempkey, sizeof(tempkey), 16); delay_ms(100); sha256_hmac( tempkey, MAC_CHALLENGE_SIZE,host_rn, RANDOM_NUM_SIZE,buffer, 0 ); printf("the MAC is: \r\n"); print_mem(buffer,MAC_CHALLENGE_SIZE, 16); return ret; }
static void sha256_hmac_wrap( const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output ) { sha256_hmac( key, keylen, input, ilen, output, 0 ); }
int protect_buffer(unsigned char **output, int *output_len, unsigned char *input, int input_len, char *password, unsigned char *salt, int salt_len, unsigned int iterations) { int ret; int i; unsigned char k_m[32]; unsigned char k_c[32]; unsigned char k_i[32]; unsigned char tmp_1[36]; int pad_len; unsigned char *input_padd; unsigned char *cipher; aes_context aes_ctx; unsigned char iv_[16]; /* *** Initialisation *** */ input_padd = NULL; cipher = NULL; memset(iv_, 0x00, 16); /* *** Check des arguments *** */ if((output == NULL) || (output_len == NULL) || (input == NULL) || (input_len <= 0) || (password == NULL) || (salt == NULL)) { goto cleanup; } /* *** Deriv password to MasterKey *** */ ret = deriv_passwd(k_m, password, salt, salt_len, iterations); if(ret != 0) { fprintf(stderr, "error: deriv_passwd\n"); return 1; } /* *** Deriv MasterKey to CipherKey / IntegrityKey *** */ i = 0; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha256(tmp_1, 36, k_c, 0); i ++; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha256(tmp_1, 36, k_i, 0); /* *** Padding ?! *** */ pad_len = 16 - (input_len % 16); input_padd = (unsigned char *)malloc((input_len + pad_len)*sizeof(char)); if(input_padd == NULL) goto cleanup; cipher = (unsigned char *)malloc((input_len + pad_len + 32)*sizeof(char)); if(cipher == NULL) goto cleanup; memcpy(input_padd, input, input_len); memcpy(input_padd+input_len, padding, pad_len); /* *** Chiffrement *** */ ret = aes_setkey_enc(&aes_ctx, k_c, 256); if(ret != 0) goto cleanup; ret = aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, input_len+pad_len, iv_, input_padd, cipher); if(ret != 0) goto cleanup; /* *** Ajout du controle d'integrite *** */ sha256_hmac(k_i, 32, cipher, input_len+pad_len, cipher+input_len+pad_len, 0); *output = cipher; *output_len = input_len + pad_len + 32; ret = 0; cleanup: if(input_padd != NULL) free(input_padd); if(cipher != NULL) free(cipher); memset(&aes_ctx, 0x00, sizeof(aes_context)); memset(k_m, 0x00, 32); memset(k_c, 0x00, 32); memset(k_i, 0x00, 32); memset(tmp_1, 0x00, 36); return ret; }
void hmac_256(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[32]) { sha256_hmac(key, keylen, input, ilen, output, 0); }