/** * proto_crypt_dh_generate(yh_l, x, dhmac_l, nofps): * Using the MAC key ${dhmac_l}, generate the MACed diffie-hellman handshake * parameter ${yh_l}. Store the diffie-hellman private value in ${x}. If * ${nofps} is non-zero, skip diffie-hellman generation and use y = 1. */ int proto_crypt_dh_generate(uint8_t yh_l[PCRYPT_YH_LEN], uint8_t x[PCRYPT_X_LEN], const uint8_t dhmac_l[PCRYPT_DHMAC_LEN], int nofps) { /* Are we skipping the diffie-hellman generation? */ if (nofps) { /* Set y_l to a big-endian 1. */ memset(yh_l, 0, CRYPTO_DH_PUBLEN - 1); yh_l[CRYPTO_DH_PUBLEN - 1] = 1; } else { /* Generate diffie-hellman parameters x and y. */ if (crypto_dh_generate(yh_l, x)) goto err0; } /* Append an HMAC. */ HMAC_SHA256_Buf(dhmac_l, PCRYPT_DHMAC_LEN, yh_l, CRYPTO_DH_PUBLEN, &yh_l[CRYPTO_DH_PUBLEN]); /* Success! */ return (0); err0: /* Failure! */ return (-1); }
/** * proto_crypt_dh_validate(yh_r, dhmac_r, requirefps): * Return non-zero if the value ${yh_r} received from the remote party is not * correctly MACed using the diffie-hellman parameter MAC key ${dhmac_r}, or * if the included y value is >= the diffie-hellman group modulus, or if * ${requirefps} is non-zero and the included y value is 1. */ int proto_crypt_dh_validate(const uint8_t yh_r[PCRYPT_YH_LEN], const uint8_t dhmac_r[PCRYPT_DHMAC_LEN], int requirefps) { uint8_t hbuf[32]; /* Compute HMAC. */ HMAC_SHA256_Buf(dhmac_r, PCRYPT_DHMAC_LEN, yh_r, CRYPTO_DH_PUBLEN, hbuf); /* Check that the MAC matches. */ if (crypto_verify_bytes(&yh_r[CRYPTO_DH_PUBLEN], hbuf, 32)) return (1); /* Sanity-check the diffie-hellman value. */ if (crypto_dh_sanitycheck(&yh_r[0])) return (1); /* If necessary, enforce that the diffie-hellman value is != 1. */ if (requirefps) { if (! is_not_one(&yh_r[0], CRYPTO_DH_PUBLEN)) return (1); } /* Everything is good. */ return (0); }
uint8_t const *mpw_hmac_sha256(const uint8_t *key, const size_t keySize, const uint8_t *salt, const size_t saltSize) { uint8_t *const buffer = malloc( 32 ); if (!buffer) return NULL; HMAC_SHA256_Buf( key, keySize, salt, saltSize, buffer ); return buffer; }
TEST(UtilitiesTest, testHMAC01) { //This test case is an official one from an RFC. uint8_t key[64]; convertFromHex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", key, 20); uint8_t data[64]; convertFromHex("4869205468657265", data, 8); uint8_t digest[32]; HMAC_SHA256_Buf(key, 20, data, 8, digest); EXPECT_EQ(std::string("b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7"), std::string(Hex(digest, 32))); }
const char *mpw_identicon(const char *fullName, const char *masterPassword) { const char *leftArm[] = { "╔", "╚", "╰", "═" }; const char *rightArm[] = { "╗", "╝", "╯", "═" }; const char *body[] = { "█", "░", "▒", "▓", "☺", "☻" }; const char *accessory[] = { "◈", "◎", "◐", "◑", "◒", "◓", "☀", "☁", "☂", "☃", "☄", "★", "☆", "☎", "☏", "⎈", "⌂", "☘", "☢", "☣", "☕", "⌚", "⌛", "⏰", "⚡", "⛄", "⛅", "☔", "♔", "♕", "♖", "♗", "♘", "♙", "♚", "♛", "♜", "♝", "♞", "♟", "♨", "♩", "♪", "♫", "⚐", "⚑", "⚔", "⚖", "⚙", "⚠", "⌘", "⏎", "✄", "✆", "✈", "✉", "✌" }; uint8_t identiconSeed[32]; HMAC_SHA256_Buf( masterPassword, strlen( masterPassword ), fullName, strlen( fullName ), identiconSeed ); char *colorString, *resetString; #ifdef COLOR if (isatty( STDERR_FILENO )) { uint8_t colorIdentifier = (uint8_t)(identiconSeed[4] % 7 + 1); initputvar(); tputs(tparm(tgetstr("AF", NULL), colorIdentifier), 1, putvar); colorString = calloc(strlen(putvarc) + 1, sizeof(char)); strcpy(colorString, putvarc); tputs(tgetstr("me", NULL), 1, putvar); resetString = calloc(strlen(putvarc) + 1, sizeof(char)); strcpy(resetString, putvarc); } else #endif { colorString = calloc( 1, sizeof( char ) ); resetString = calloc( 1, sizeof( char ) ); } char *identicon = (char *)calloc( 256, sizeof( char ) ); snprintf( identicon, 256, "%s%s%s%s%s%s", colorString, leftArm[identiconSeed[0] % (sizeof( leftArm ) / sizeof( leftArm[0] ))], body[identiconSeed[1] % (sizeof( body ) / sizeof( body[0] ))], rightArm[identiconSeed[2] % (sizeof( rightArm ) / sizeof( rightArm[0] ))], accessory[identiconSeed[3] % (sizeof( accessory ) / sizeof( accessory[0] ))], resetString ); free( colorString ); free( resetString ); return identicon; }