void Integrity::add_hmac(Packet &pkt, uint64_t k_nas_int) {
uint8_t *hmac;
hmac = g_utils.allocate_uint8_mem(hmac_len);
get_hmac(pkt.data, pkt.len, hmac, k_nas_int);
pkt.prepend_item(hmac, hmac_len);
free(hmac);
}
bool Integrity::hmac_check(Packet &pkt, uint64_t k_nas_int) {
uint8_t *hmac_res;
uint8_t *hmac_xres;
bool res;
hmac_res = g_utils.allocate_uint8_mem(hmac_len);
hmac_xres = g_utils.allocate_uint8_mem(hmac_len);
rem_hmac(pkt, hmac_xres);
get_hmac(pkt.data, pkt.len, hmac_res, k_nas_int);
res = cmp_hmacs(hmac_res, hmac_xres);
free(hmac_res);
free(hmac_xres);
return res;
}
/*
* HMAC strcmp
* - finished in about 1.3 second for any string inputs
*/
int hmac_strcmp(void *msg1, void *msg2, int *result, int loop)
{
unsigned char hval1[64];
unsigned char hval2[64];
unsigned int len1;
unsigned int len2;
int cnt;
int rc = 0;
len1 = get_len(msg1);
len2 = get_len(msg2);
cnt=0;
while (cnt++ < loop) {
rc |= get_hmac(msg1, len1, hval1, &len1);
msg1 = hval1;
rc |= get_hmac(msg2, len2, hval2, &len2);
msg2 = hval2;
dprint(hval1, len1);
dprint(hval2, len2);
}
*result = strncmp((const char*)hval1, (const char*)hval2, 64);
return rc;
}
char * aes_decrypt(char *encBuffer,char * key,size_t txtLength,char *hmac){
gcry_cipher_hd_t h;
gcry_error_t err;
int status_decrypt;
char *hmac_gen;
// printf("string length :%lu\n",txtLength);
char * outBuffer = malloc(txtLength);
// init output to be of same length as input
// open cipher handle
err = gcry_cipher_open(&h, ENCRYPT_ALGO, ENCRYPT_MODE, GCRY_CIPHER_SECURE);
if(err != GPG_ERR_NO_ERROR){
printf ("Error at open: %s\n",gcry_strerror(err));
exit(-1);
}
// set the same key as encryption
err = gcry_cipher_setkey(h, key, KEYLENGTH_SHA);
if(err != GPG_ERR_NO_ERROR){
printf ("Error at setting key: %s\n",gcry_strerror(err));
exit(-1);
}
// set the same IV as encryption
err = gcry_cipher_setiv(h, &IV, 16);
if(err != GPG_ERR_NO_ERROR){
printf ("Error at setting IV: %s\n",gcry_strerror(err));
exit(-1);
}
// decrypt the content
status_decrypt = gcry_cipher_decrypt(h, outBuffer, txtLength, encBuffer, txtLength);
if(status_decrypt != 0){
printf ("Error at decrypting:%s %s\n",gcry_strerror(status_decrypt),gcry_strerror(status_decrypt));
}
hmac_gen = get_hmac(encBuffer,key,txtLength);
// generate the hmac of the encrypted content at server
// check with the extracted hmac from file or network
int j;
for(j=0;j<64;j++){
if (hmac_gen[j] != hmac[j]){
printf ("HMAC verification failed\n");
exit(62);
}
}
printf("HMAC Verified\n");
FILE * f;
if( access( filename, F_OK ) != -1 ) {
printf ("File already present\n");
exit(33);
// Check for file exists and exit with code 33
}
f = fopen(filename,"w+b");
// hardcoded file name change it - Done
// Since we added trailing zeroes at original file to make length a proper multiple of 16
// we get the same content after decryption but with the trailing zeroes
// Since we dont need them i am checcking for the last non zero element in the last row and writing till there
// print_buf(outBuffer,txtLength); // debug purposes
if (f){
fwrite(outBuffer, txtLength -16, 1, f);
int index,j;
char * last_row = (outBuffer + txtLength -16);
for(j=16;j>0;j--){
// printf("%d %02X\n",j-1, last_row[j - 1]);
if(last_row[j-1] != 0){
index = j;//last non zero element
// printf("Last index is %d %02X\n",index,last_row[j-1]);
j = -1;
}
}
fwrite(outBuffer+(txtLength -16),index+1, 1, f);
// ignoring last 0 chars when printing + 1 is for trainling char
fclose(f);
}
else{
printf ("Error at opening file to write\n");
exit(33);
// this can be moved further to save time.
}
return outBuffer;
}
