/**
* proto_crypt_dh_generate(yh_l, x, dhmac_l, nofps):
* Using the MAC key ${dhmac_l}, generate the MACed diffie-hellman handshake
* parameter ${yh_l}. Store the diffie-hellman private value in ${x}. If
* ${nofps} is non-zero, skip diffie-hellman generation and use y = 1.
*/
int
proto_crypt_dh_generate(uint8_t yh_l[PCRYPT_YH_LEN], uint8_t x[PCRYPT_X_LEN],
const uint8_t dhmac_l[PCRYPT_DHMAC_LEN], int nofps)
{
/* Are we skipping the diffie-hellman generation? */
if (nofps) {
/* Set y_l to a big-endian 1. */
memset(yh_l, 0, CRYPTO_DH_PUBLEN - 1);
yh_l[CRYPTO_DH_PUBLEN - 1] = 1;
} else {
/* Generate diffie-hellman parameters x and y. */
if (crypto_dh_generate(yh_l, x))
goto err0;
}
/* Append an HMAC. */
HMAC_SHA256_Buf(dhmac_l, PCRYPT_DHMAC_LEN, yh_l, CRYPTO_DH_PUBLEN,
&yh_l[CRYPTO_DH_PUBLEN]);
/* Success! */
return (0);
err0:
/* Failure! */
return (-1);
}
/**
* proto_crypt_dh_validate(yh_r, dhmac_r, requirefps):
* Return non-zero if the value ${yh_r} received from the remote party is not
* correctly MACed using the diffie-hellman parameter MAC key ${dhmac_r}, or
* if the included y value is >= the diffie-hellman group modulus, or if
* ${requirefps} is non-zero and the included y value is 1.
*/
int
proto_crypt_dh_validate(const uint8_t yh_r[PCRYPT_YH_LEN],
const uint8_t dhmac_r[PCRYPT_DHMAC_LEN], int requirefps)
{
uint8_t hbuf[32];
/* Compute HMAC. */
HMAC_SHA256_Buf(dhmac_r, PCRYPT_DHMAC_LEN, yh_r, CRYPTO_DH_PUBLEN,
hbuf);
/* Check that the MAC matches. */
if (crypto_verify_bytes(&yh_r[CRYPTO_DH_PUBLEN], hbuf, 32))
return (1);
/* Sanity-check the diffie-hellman value. */
if (crypto_dh_sanitycheck(&yh_r[0]))
return (1);
/* If necessary, enforce that the diffie-hellman value is != 1. */
if (requirefps) {
if (! is_not_one(&yh_r[0], CRYPTO_DH_PUBLEN))
return (1);
}
/* Everything is good. */
return (0);
}
uint8_t const *mpw_hmac_sha256(const uint8_t *key, const size_t keySize, const uint8_t *salt, const size_t saltSize) {
uint8_t *const buffer = malloc( 32 );
if (!buffer)
return NULL;
HMAC_SHA256_Buf( key, keySize, salt, saltSize, buffer );
return buffer;
}
TEST(UtilitiesTest, testHMAC01) {
//This test case is an official one from an RFC.
uint8_t key[64];
convertFromHex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", key, 20);
uint8_t data[64];
convertFromHex("4869205468657265", data, 8);
uint8_t digest[32];
HMAC_SHA256_Buf(key, 20, data, 8, digest);
EXPECT_EQ(std::string("b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"), std::string(Hex(digest, 32)));
}
const char *mpw_identicon(const char *fullName, const char *masterPassword) {
const char *leftArm[] = { "╔", "╚", "╰", "═" };
const char *rightArm[] = { "╗", "╝", "╯", "═" };
const char *body[] = { "█", "░", "▒", "▓", "☺", "☻" };
const char *accessory[] = {
"◈", "◎", "◐", "◑", "◒", "◓", "☀", "☁", "☂", "☃", "☄", "★", "☆", "☎", "☏", "⎈", "⌂", "☘", "☢", "☣",
"☕", "⌚", "⌛", "⏰", "⚡", "⛄", "⛅", "☔", "♔", "♕", "♖", "♗", "♘", "♙", "♚", "♛", "♜", "♝", "♞", "♟",
"♨", "♩", "♪", "♫", "⚐", "⚑", "⚔", "⚖", "⚙", "⚠", "⌘", "⏎", "✄", "✆", "✈", "✉", "✌"
};
uint8_t identiconSeed[32];
HMAC_SHA256_Buf( masterPassword, strlen( masterPassword ), fullName, strlen( fullName ), identiconSeed );
char *colorString, *resetString;
#ifdef COLOR
if (isatty( STDERR_FILENO )) {
uint8_t colorIdentifier = (uint8_t)(identiconSeed[4] % 7 + 1);
initputvar();
tputs(tparm(tgetstr("AF", NULL), colorIdentifier), 1, putvar);
colorString = calloc(strlen(putvarc) + 1, sizeof(char));
strcpy(colorString, putvarc);
tputs(tgetstr("me", NULL), 1, putvar);
resetString = calloc(strlen(putvarc) + 1, sizeof(char));
strcpy(resetString, putvarc);
} else
#endif
{
colorString = calloc( 1, sizeof( char ) );
resetString = calloc( 1, sizeof( char ) );
}
char *identicon = (char *)calloc( 256, sizeof( char ) );
snprintf( identicon, 256, "%s%s%s%s%s%s",
colorString,
leftArm[identiconSeed[0] % (sizeof( leftArm ) / sizeof( leftArm[0] ))],
body[identiconSeed[1] % (sizeof( body ) / sizeof( body[0] ))],
rightArm[identiconSeed[2] % (sizeof( rightArm ) / sizeof( rightArm[0] ))],
accessory[identiconSeed[3] % (sizeof( accessory ) / sizeof( accessory[0] ))],
resetString );
free( colorString );
free( resetString );
return identicon;
}
