Exemplo n.º 1
0
Arquivo: api.c Projeto: icholy/yacl
int
yacl_hmac_sha256(const uint8_t *key, size_t key_len,
                 const uint8_t *data, size_t data_len,
                 uint8_t mac[YACL_SHA256_LEN])
{
    return hmac_sha256(key, key_len, data, data_len, mac);
}
Exemplo n.º 2
0
void
reg_proto_derivekey(BufferObj *KDK, BufferObj *prsnlString, uint32 keyBits, BufferObj *key)
{
	uint32 i = 0, iterations = 0;
	BufferObj *input, *output;
	uint8 hmac[SIZE_256_BITS];
	uint32 hmacLen = 0;
	uint8 *inPtr;
	uint32 temp;

	input = buffobj_new();
	if (!input)
		return;
	output = buffobj_new();
	if (!output) {
		buffobj_del(input);
		return;
	}

	TUTRACE((TUTRACE_INFO, "RPROTO: Deriving a key of %d bits\n", keyBits));

	iterations = ((keyBits/8) + PRF_DIGEST_SIZE - 1)/PRF_DIGEST_SIZE;

	/* 
	 * Prepare the input buffer. During the iterations, we need only replace the
	 * value of i at the start of the buffer.
	 */
	temp = WpsHtonl(i);
	buffobj_Append(input, SIZE_4_BYTES, (uint8 *)&temp);
	buffobj_Append(input, prsnlString->m_dataLength, prsnlString->pBase);
	temp = WpsHtonl(keyBits);
	buffobj_Append(input, SIZE_4_BYTES, (uint8 *)&temp);
	inPtr = input->pBase;

	for (i = 0; i < iterations; i++) {
		/* Set the current value of i at the start of the input buffer */
		*(uint32 *)inPtr = WpsHtonl(i+1) ; /* i should start at 1 */
		hmac_sha256(KDK->pBase, SIZE_256_BITS, input->pBase,
			input->m_dataLength, hmac, &hmacLen);
		buffobj_Append(output, hmacLen, hmac);
	}

	/* Sanity check */
	if (keyBits/8 > output->m_dataLength) {
		TUTRACE((TUTRACE_ERR, "RPROTO: Key derivation generated less bits "
			"than asked\n"));
		buffobj_del(output);
		buffobj_del(input);
		return;
	}

	/*
	 * We now have at least the number of key bits requested.
	 * Return only the number of bits asked for. Discard the excess.
	 */
	buffobj_Append(key, keyBits/8, output->pBase);
	buffobj_del(output);
	buffobj_del(input);
	TUTRACE((TUTRACE_INFO, "RPROTO: End Deriving a key of %d bits\n", keyBits));
}
Exemplo n.º 3
0
/**
 * Performs the first expansion step of HKDF-SHA256 (RFC 5869)
 * (the extraction step is skipped as the secret key is already
 * a uniformly random string, with the exception of the five bits
 * ecc_25519_gf_sanitize_secret sets and clears)
 */
static void generate_k(uint8_t *k, const uint8_t prk[32], const uint8_t info[32]) {
  uint8_t input[33];
  memcpy(input, info, 32);
  input[32] = 0x01;

  hmac_sha256(k, prk, input, sizeof(input));
}
int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg,
			      const u8 *key_wrap_auth)
{
	u8 hash[SHA256_MAC_LEN];
	const u8 *head;
	size_t len;

	if (key_wrap_auth == NULL) {
		wpa_printf(MSG_DEBUG, "WPS: No KWA in decrypted attribute");
		return -1;
	}

	head = wpabuf_head(msg);
	len = wpabuf_len(msg) - 4 - WPS_KWA_LEN;
	if (head + len != key_wrap_auth - 4) {
		wpa_printf(MSG_DEBUG, "WPS: KWA not in the end of the "
			   "decrypted attribute");
		return -1;
	}

	hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
	if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
		wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
		return -1;
	}

	return 0;
}
Exemplo n.º 5
0
static const HDNode *generateKeyHandle(const uint8_t app_id[], uint8_t key_handle[])
{
	uint8_t keybase[U2F_APPID_SIZE + KEY_PATH_LEN];

	// Derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r'
	uint32_t key_path[KEY_PATH_ENTRIES];
	for (uint32_t i = 0; i < KEY_PATH_ENTRIES; i++) {
		// high bit for hardened keys
		key_path[i]= 0x80000000 | random32();
	}

	// First half of keyhandle is key_path
	memcpy(key_handle, key_path, KEY_PATH_LEN);

	// prepare keypair from /random data
	const HDNode *node = getDerivedNode(key_path, KEY_PATH_ENTRIES);
	if (!node)
		return NULL;

	// For second half of keyhandle
	// Signature of app_id and random data
	memcpy(&keybase[0], app_id, U2F_APPID_SIZE);
	memcpy(&keybase[U2F_APPID_SIZE], key_handle, KEY_PATH_LEN);
	hmac_sha256(node->private_key, sizeof(node->private_key),
					keybase, sizeof(keybase), &key_handle[KEY_PATH_LEN]);

	// Done!
	return node;
}
Exemplo n.º 6
0
static foreign_t
pl_hmac_sha(term_t key, term_t data, term_t mac, term_t options)
{ char *sdata, *skey;
  size_t datalen, keylen;
  optval opts;
  unsigned char digest[SHA2_MAX_DIGEST_SIZE];

  if ( !PL_get_nchars(key, &keylen, &skey,
		      CVT_ATOM|CVT_STRING|CVT_LIST|CVT_EXCEPTION) )
    return FALSE;
  if ( !PL_get_nchars(data, &datalen, &sdata,
		      CVT_ATOM|CVT_STRING|CVT_LIST|CVT_EXCEPTION) )
    return FALSE;

  if ( !sha_options(options, &opts) )
    return FALSE;

  switch(opts.algorithm)
  { case ALGORITHM_SHA1:
      hmac_sha1((unsigned char*)skey, (unsigned long)keylen,
		(unsigned char*)sdata, (unsigned long)datalen,
		digest, (unsigned long)opts.digest_size);
      break;
    case ALGORITHM_SHA256:
      hmac_sha256((unsigned char*)skey, (unsigned long)keylen,
		  (unsigned char*)sdata, (unsigned long)datalen,
		  digest, (unsigned long)opts.digest_size);
      break;
    default:
      return pl_error(NULL, 0, "HMAC-SHA only for SHA-1 and SHA-256",
		      ERR_DOMAIN, opts.algorithm_term, "algorithm");
  }

  return PL_unify_list_ncodes(mac, opts.digest_size, (char*)digest);
}
Exemplo n.º 7
0
Gc_rc
gc_hmac_sha256 (const void *key, size_t keylen,
                const void *in, size_t inlen, char *resbuf)
{
  hmac_sha256 (key, keylen, in, inlen, resbuf);
  return GC_OK;
}
Exemplo n.º 8
0
static const HDNode *validateKeyHandle(const uint8_t app_id[], const uint8_t key_handle[])
{
	uint32_t key_path[KEY_PATH_ENTRIES];
	memcpy(key_path, key_handle, KEY_PATH_LEN);
	for (unsigned int i = 0; i < KEY_PATH_ENTRIES; i++) {
		// check high bit for hardened keys
		if (! (key_path[i] & 0x80000000)) {
			return NULL;
		}
	}

	const HDNode *node = getDerivedNode(key_path, KEY_PATH_ENTRIES);
	if (!node)
		return NULL;

	uint8_t keybase[U2F_APPID_SIZE + KEY_PATH_LEN];
	memcpy(&keybase[0], app_id, U2F_APPID_SIZE);
	memcpy(&keybase[U2F_APPID_SIZE], key_handle, KEY_PATH_LEN);


	uint8_t hmac[SHA256_DIGEST_LENGTH];
	hmac_sha256(node->private_key, sizeof(node->private_key),
				keybase, sizeof(keybase), hmac);

	if (memcmp(&key_handle[KEY_PATH_LEN], hmac, SHA256_DIGEST_LENGTH) != 0)
		return NULL;

	// Done!
	return node;
}
Exemplo n.º 9
0
/**
 * eap_gpsk_compute_mic - Compute EAP-GPSK MIC for an EAP packet
 * @sk: Session key SK from eap_gpsk_derive_keys()
 * @sk_len: SK length in bytes from eap_gpsk_derive_keys()
 * @vendor: CSuite/Vendor
 * @specifier: CSuite/Specifier
 * @data: Input data to MIC
 * @len: Input data length in bytes
 * @mic: Buffer for the computed MIC, eap_gpsk_mic_len(cipher) bytes
 * Returns: 0 on success, -1 on failure
 */
int eap_gpsk_compute_mic(const u8 *sk, size_t sk_len, int vendor,
			 int specifier, const u8 *data, size_t len, u8 *mic)
{
	int ret;

	if (vendor != EAP_GPSK_VENDOR_IETF)
		return -1;

	switch (specifier) {
	case EAP_GPSK_CIPHER_AES:
		ret = eap_gpsk_compute_mic_aes(sk, sk_len, data, len, mic);
		break;
#ifdef EAP_GPSK_SHA256
	case EAP_GPSK_CIPHER_SHA256:
		hmac_sha256(sk, sk_len, data, len, mic);
		ret = 0;
		break;
#endif /* EAP_GPSK_SHA256 */
	default:
		wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown cipher %d:%d used in "
			   "MIC computation", vendor, specifier);
		ret = -1;
		break;
	}

	return ret;
}
Exemplo n.º 10
0
// -------------------------------------------------------------------------------- //
void inline HMACSha256( char * key, unsigned int key_size,
          char * message, unsigned int message_len,
          char * mac, unsigned mac_size )
{
    return hmac_sha256( ( unsigned char * ) key, key_size,
                        ( unsigned char * ) message, message_len,
                        ( unsigned char * ) mac, mac_size );
}
Exemplo n.º 11
0
SEC_RESULT sha256_hmac(uchar* in,const size_t inlen,uchar* key,const size_t keylen,uchar* out){
	if(!in && out) return SEC_ERROR;
	//check keylen and datalen
	if(keylen<MIN_SESSIONKEY_SIZE) return SEC_KEYLENGTH_ERROR;

	int ret = hmac_sha256(key,keylen,in,inlen,out);
	if(ret) return SEC_ERROR;
	return SEC_SUCCESS;
}
Exemplo n.º 12
0
static int eap_eke_mac(u8 mac, const u8 *key, const u8 *data, size_t data_len,
		       u8 *res)
{
	if (mac == EAP_EKE_MAC_HMAC_SHA1)
		return hmac_sha1(key, SHA1_MAC_LEN, data, data_len, res);
	if (mac == EAP_EKE_MAC_HMAC_SHA2_256)
		return hmac_sha256(key, SHA256_MAC_LEN, data, data_len, res);
	return -1;
}
Exemplo n.º 13
0
void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
		    size_t dev_passwd_len)
{
	u8 hash[SHA256_MAC_LEN];

	hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
		    (dev_passwd_len + 1) / 2, hash);
	os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
	hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
		    dev_passwd + (dev_passwd_len + 1) / 2,
		    dev_passwd_len / 2, hash);
	os_memcpy(wps->psk2, hash, WPS_PSK_LEN);

	wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Device Password",
			      dev_passwd, dev_passwd_len);
	wpa_hexdump_key(MSG_DEBUG, "WPS: PSK1", wps->psk1, WPS_PSK_LEN);
	wpa_hexdump_key(MSG_DEBUG, "WPS: PSK2", wps->psk2, WPS_PSK_LEN);
}
Exemplo n.º 14
0
void CExtInstaller::GenerateDeviceIdLikePrefMetricsServiceDid(std::string &machine_id) {
	if (machine_id.empty())
		return;
	unsigned char mac[SHA512_DIGEST_SIZE];
	std::string message = CHROME_BEFORE33_37_KEY_WORD;
	hmac_sha256((const unsigned char *)machine_id.c_str(), machine_id.length(), (unsigned char *) message.c_str(),
		message.length(), mac, SHA256_DIGEST_SIZE);
	machine_id = GenerateHMAC( mac, SHA256_DIGEST_SIZE,false);
Exemplo n.º 15
0
// PBKDF2 for 32 byte key length. We generate the key for specified number
// of iteration count also as two supplementary values (key for checksums
// and password verification) for iterations+16 and iterations+32.
void pbkdf2(const byte *Pwd, size_t PwdLength, 
            const byte *Salt, size_t SaltLength,
            byte *Key, byte *V1, byte *V2, uint Count)
{
  const size_t MaxSalt=64;
  byte SaltData[MaxSalt+4];
  memcpy(SaltData, Salt, Min(SaltLength,MaxSalt));

  SaltData[SaltLength + 0] = 0; // Salt concatenated to 1.
  SaltData[SaltLength + 1] = 0;
  SaltData[SaltLength + 2] = 0;
  SaltData[SaltLength + 3] = 1;

  // First iteration: HMAC of password, salt and block index (1).
  byte U1[SHA256_DIGEST_SIZE];
  hmac_sha256(Pwd, PwdLength, SaltData, SaltLength + 4, U1, NULL, NULL, NULL, NULL);
  byte Fn[SHA256_DIGEST_SIZE]; // Current function value.
  memcpy(Fn, U1, sizeof(Fn)); // Function at first iteration.

  uint  CurCount[] = { Count-1, 16, 16 };
  byte *CurValue[] = { Key    , V1, V2 };
  
  sha256_context ICtxOpt,RCtxOpt;
  bool SetIOpt=false,SetROpt=false;
  
  byte U2[SHA256_DIGEST_SIZE];
  for (uint I = 0; I < 3; I++) // For output key and 2 supplementary values.
  {
    for (uint J = 0; J < CurCount[I]; J++) 
    {
      // U2 = PRF (P, U1).
      hmac_sha256(Pwd, PwdLength, U1, sizeof(U1), U2, &ICtxOpt, &SetIOpt, &RCtxOpt, &SetROpt);
      memcpy(U1, U2, sizeof(U1));
      for (uint K = 0; K < sizeof(Fn); K++) // Function ^= U.
        Fn[K] ^= U1[K];
    }
    memcpy(CurValue[I], Fn, SHA256_DIGEST_SIZE);
  }

  cleandata(SaltData, sizeof(SaltData));
  cleandata(Fn, sizeof(Fn));
  cleandata(U1, sizeof(U1));
  cleandata(U2, sizeof(U2));
}
Exemplo n.º 16
0
static int ckcdecrypt(unsigned char *key)
{
	uint64_t tmp[8];
	hmac_sha256(key + 32, 32, cur_salt->hmacdata, cur_salt->hmacdatalen, 0, tmp);

	if (!memcmp(tmp, cur_salt->expectedhmac, 32))
		return 1;
	else
		return 0;
}
Exemplo n.º 17
0
void ConvertHashToMAC(HashValue *Value,byte *Key)
{
  if (Value->Type==HASH_CRC32)
  {
    byte RawCRC[4];
    RawPut4(Value->CRC32,RawCRC);
    byte Digest[SHA256_DIGEST_SIZE];
    hmac_sha256(Key,SHA256_DIGEST_SIZE,RawCRC,sizeof(RawCRC),Digest,NULL,NULL,NULL,NULL);
    Value->CRC32=0;
    for (uint I=0;I<ASIZE(Digest);I++)
      Value->CRC32^=Digest[I] << ((I & 3) * 8);
  }
  if (Value->Type==HASH_BLAKE2)
  {
    byte Digest[BLAKE2_DIGEST_SIZE];
    hmac_sha256(Key,BLAKE2_DIGEST_SIZE,Value->Digest,sizeof(Value->Digest),Digest,NULL,NULL,NULL,NULL);
    memcpy(Value->Digest,Digest,sizeof(Value->Digest));
  }
}
Exemplo n.º 18
0
static void test_hashes_hmac_sha256_hash_PRF2(void)
{
    /* Test Case PRF-2: */
    const char strPRF2[] = "what do ya want for nothing?";
    unsigned char key[4] = {'J', 'e', 'f', 'e'};
    static unsigned char hmac[SHA256_DIGEST_LENGTH];

    hmac_sha256(key, sizeof(key), (unsigned*)strPRF2, strlen(strPRF2), hmac);
    TEST_ASSERT(compare_str_vs_digest(
                 "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843", hmac));
}
void perform_hmac_sha256(char *message, int message_len, char *key, int key_len, void *output, int raw_output) {
  char digest[33];
  memset(digest, 0x00, 33);
  hmac_sha256(message, message_len, key, key_len, digest);
  if (!raw_output) {
    memset(output, 0x00, 65);
    mine_hex_hmac(digest, output);
  } else {
    memset(output, 0x00, 33);
    memcpy(output, digest, 32);
  }
}
Exemplo n.º 20
0
static void test_hashes_hmac_sha256_hash_PRF5(void)
{
    /* Test Case PRF-5: */
    const char strPRF5[] = "Test Using Larger Than Block-Size Key - Hash Key First";
    unsigned char longKey[131];
    static unsigned char hmac[SHA256_DIGEST_LENGTH];
    memset(longKey, 0xaa, sizeof(longKey));

    hmac_sha256(longKey, sizeof(longKey), (unsigned*)strPRF5, strlen(strPRF5), hmac);
    TEST_ASSERT(compare_str_vs_digest(
                 "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54", hmac));
}
Exemplo n.º 21
0
static void test_hashes_hmac_sha256_hash_PRF1(void)
{
    /* Test Case PRF-1: */
    const char strPRF1[] = "Hi There";
    unsigned char key[20];
    static unsigned char hmac[SHA256_DIGEST_LENGTH];
    memset(key, 0x0b, sizeof(key));

    hmac_sha256(key, sizeof(key), (unsigned*)strPRF1, strlen(strPRF1), hmac);
    TEST_ASSERT(compare_str_vs_digest(
                 "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7", hmac));
}
Exemplo n.º 22
0
int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg) {
    u8 hash[SHA256_MAC_LEN];

    wpa_printf(MSG_DEBUG, "WPS:  * Key Wrap Authenticator");
    hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg),
            wpabuf_len(msg), hash);

    wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH);
    wpabuf_put_be16(msg, WPS_KWA_LEN);
    wpabuf_put_data(msg, hash, WPS_KWA_LEN);
    return 0;
}
Exemplo n.º 23
0
static int waigroup_multicast_2_2_send(struct wapi_asue_st* wpa_s, u8* payload, int len)
{
	u8 *tbuf = NULL;
	u8 *pos = NULL;
	int tlen = WAI_FLAG_LEN +1+1+ADDID_LEN;
	int tbuflen =WAI_HDR+ tlen+WAI_IV_LEN+WAI_MIC_LEN;

	len = len;/*disable warnning*/

	struct wapi_usk *usk = NULL;
	iwn_wpa_printf(MSG_DEBUG, "WPA: in %s:%d", __func__, __LINE__);
	usk = get_usk(wpa_s->wapi_sm, payload[2]);
	if(usk == NULL)
	{
		iwn_wpa_printf(MSG_DEBUG, "WPA: Key annoucement uskid  is wrong");
		return -1;
	}

	tbuf = (u8 *)iwn_get_buffer(tbuflen);
	if(tbuf == NULL)
		return -1;
	pos = tbuf;
	pos = wpa_build_hdr(pos, ++wpa_s->txseq, WAI_MSK_ANNOUNCEMENT_RESPONSE);
	pos = MEMCPY(pos, payload, tlen);
	pos = MEMCPY(pos, payload+tlen+WAI_IV_LEN, WAI_IV_LEN);

	iwn_wpa_hexdump(MSG_DEBUG, "WPA: mak", usk->mak, PAIRKEY_LEN);
	iwn_wpa_hexdump(MSG_DEBUG, "WPA: tbuf", tbuf+WAI_HDR, tbuflen-WAI_MIC_LEN-WAI_HDR);

	hmac_sha256(tbuf+WAI_HDR, tbuflen-WAI_MIC_LEN-WAI_HDR, usk->mak, PAIRKEY_LEN, pos, WAI_MIC_LEN);

	/* guoxd 20081210 add start */
	/* set wai length field */
	pos += WAI_MIC_LEN;
	wpa_set_length(tbuf, (short)(pos-tbuf));
	/* guoxd 20081210 add end */

	iwn_wpa_ether_send(tbuf, tbuflen);
	timer_set(3, tbuf, tbuflen);
	iwn_free_buffer(tbuf, tbuflen);

	wpa_s->wapi_state = WAPISM_MUL_RESP;
	if (wapi_install_msk(wpa_s, &payload[tlen])) {
		iwn_wpa_printf(MSG_ERROR,"in %s install msk failure\n", __func__);
		return -1;
	}
	wpa_s->wapi_state = WAPISM_FINISH;
        wapi_supplicant_key_negotiation_state_report(WPA_COMPLETED);

	return 0;
}
Exemplo n.º 24
0
static void test_hashes_hmac_sha256_hash_PRF3(void)
{
    /* Test Case PRF-3: */
    char strPRF3[50];
    unsigned char key[20];
    static unsigned char hmac[SHA256_DIGEST_LENGTH];

    memset(strPRF3, 0xdd, sizeof(strPRF3));
    memset(key, 0xaa, sizeof(key));

    hmac_sha256(key, sizeof(key), (unsigned*)strPRF3, sizeof(strPRF3), hmac);
    TEST_ASSERT(compare_str_vs_digest(
                 "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", hmac));
}
Exemplo n.º 25
0
int
yacl_hmac_sha256(const uint8_t *key, size_t key_len,
                 const uint8_t *data, size_t data_len,
                 uint8_t mac[YACL_SHA256_LEN])
{
#ifdef HAVE_LIBSODIUM
  if (YACL_SHA256_LEN == key_len)
    {
      return crypto_auth_hmacsha256(mac, data, data_len, key);
    }
#endif

  return hmac_sha256(key, key_len, data, data_len, mac);
}
Exemplo n.º 26
0
/**
 * wpa_eapol_key_mic - Calculate EAPOL-Key MIC
 * @key: EAPOL-Key Key Confirmation Key (KCK)
 * @key_len: KCK length in octets
 * @akmp: WPA_KEY_MGMT_* used in key derivation
 * @ver: Key descriptor version (WPA_KEY_INFO_TYPE_*)
 * @buf: Pointer to the beginning of the EAPOL header (version field)
 * @len: Length of the EAPOL frame (from EAPOL header to the end of the frame)
 * @mic: Pointer to the buffer to which the EAPOL-Key MIC is written
 * Returns: 0 on success, -1 on failure
 *
 * Calculate EAPOL-Key MIC for an EAPOL-Key packet. The EAPOL-Key MIC field has
 * to be cleared (all zeroes) when calling this function.
 *
 * Note: 'IEEE Std 802.11i-2004 - 8.5.2 EAPOL-Key frames' has an error in the
 * description of the Key MIC calculation. It includes packet data from the
 * beginning of the EAPOL-Key header, not EAPOL header. This incorrect change
 * happened during final editing of the standard and the correct behavior is
 * defined in the last draft (IEEE 802.11i/D10).
 */
int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver,
		      const u8 *buf, size_t len, u8 *mic)
{
	u8 hash[SHA384_MAC_LEN];

	switch (ver) {
#ifndef CONFIG_FIPS
	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
		return hmac_md5(key, key_len, buf, len, mic);
#endif /* CONFIG_FIPS */
	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
		if (hmac_sha1(key, key_len, buf, len, hash))
			return -1;
		os_memcpy(mic, hash, MD5_MAC_LEN);
		break;
#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
	case WPA_KEY_INFO_TYPE_AES_128_CMAC:
		return omac1_aes_128(key, buf, len, mic);
#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
	case WPA_KEY_INFO_TYPE_AKM_DEFINED:
		switch (akmp) {
#ifdef CONFIG_HS20
		case WPA_KEY_MGMT_OSEN:
			return omac1_aes_128(key, buf, len, mic);
#endif /* CONFIG_HS20 */
#ifdef CONFIG_SUITEB
		case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
			if (hmac_sha256(key, key_len, buf, len, hash))
				return -1;
			os_memcpy(mic, hash, MD5_MAC_LEN);
			break;
#endif /* CONFIG_SUITEB */
#ifdef CONFIG_SUITEB192
		case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
			if (hmac_sha384(key, key_len, buf, len, hash))
				return -1;
			os_memcpy(mic, hash, 24);
			break;
#endif /* CONFIG_SUITEB192 */
		default:
			return -1;
		}
		break;
	default:
		return -1;
	}

	return 0;
}
Exemplo n.º 27
0
std::string CExtInstaller::GenerateExtConfigHMAC(std::string device_id,
												 std::string path,
												 std::string plaint,
												 std::string pre_hash_seed_bin)
{
	std::string message;
	message.append( device_id );
	message.append( path );
	message.append( plaint );

	unsigned char mac[SHA512_DIGEST_SIZE];
	hmac_sha256((const unsigned char *)pre_hash_seed_bin.c_str(), pre_hash_seed_bin.length(), (unsigned char *) message.c_str(),
		message.length(), mac, SHA256_DIGEST_SIZE);
	return GenerateHMAC( mac, SHA256_DIGEST_SIZE);
Exemplo n.º 28
0
static void test_hashes_hmac_sha256_hash_sequence(void)
{
    unsigned char key[64];
    /* prepare an empty key */
    memset((void*)key, 0x0, 64);
    static unsigned char hmac[SHA256_DIGEST_LENGTH];

    /* use an empty message */
    const unsigned *m = NULL;
    hmac_sha256(key, sizeof(key), m, 0, hmac);

    TEST_ASSERT(compare_str_vs_digest(
                 "b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad", hmac));

    /* use a real message */
    const char str[] = "The quick brown fox jumps over the lazy dog";
    key[0] = 'k';
    key[1] = 'e';
    key[2] = 'y';

    hmac_sha256(key, sizeof(key), (unsigned*)str, strlen(str), hmac);
    TEST_ASSERT(compare_str_vs_digest(
                 "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8", hmac));
}
Exemplo n.º 29
0
static void test_hashes_hmac_sha256_hash_PRF6(void)
{
    /* Test Case PRF-6: */
    const char strPRF6[] = "This is a test using a larger than block-size key and a "
                           "larger than block-size data. The key needs to be hashed "
                           "before being used by the HMAC algorithm.";
    unsigned char longKey[131];
    static unsigned char hmac[SHA256_DIGEST_LENGTH];
    memset(longKey, 0xaa, sizeof(longKey));

    /* the same key is used as above: 131 x 0xa */
    hmac_sha256(longKey, sizeof(longKey), (unsigned*)strPRF6, strlen(strPRF6), hmac);
    TEST_ASSERT(compare_str_vs_digest(
                 "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2", hmac));
}
Exemplo n.º 30
0
void testrun_hmacsha256(void){
	uint8_t key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
	                  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
                      0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 
					  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
                      0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 
					  0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
                      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
					  0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
	uint8_t msg[] = { 0x00 };
	uint8_t mac[HMAC_SHA256_BYTES];
	hmac_sha256(mac, key, 512, msg, 0);
	cli_putstr_P(PSTR("\r\n quick hmac = "));
	cli_hexdump(mac, HMAC_SHA256_BYTES);
	cli_putstr_P(PSTR("\r\n"));
}