/****************************************************************************** * Function: SHA256Hash * Description: * SHA256. * * * Called By: * identify * * Input: * dataAddr: 输入数据的地址 * dataAddr: 输入数据的长度(字节数) * * Output: * hash: 指向输入数据进行SHA256计算后的哈希值的指针(哈希值的长度为32Byte) * * Return: * OK: the function successful returned. * !OK: the function encounter OSAL_ERROR while running. * ********************************************************************************/ int SHA256Hash(UINT32 dataAddr, UINT32 dataLen, UINT32* hash) { UINT32 length = 0; UINT32 hmacKey[SHA256_HASH_SIZE]; memset((void*)hmacKey, 0, sizeof(hmacKey)); memset((void*)hash, 0, sizeof(hmacKey)); #ifdef CIPHER return bsp_calc_hash((UINT32*)dataAddr, dataLen, hmacKey, hash, &length); #else while (dataLen >= 512) { memcpy(hmacKey, hash, sizeof(hmacKey)); sha2_hmac((unsigned char*)hmacKey, sizeof(hmacKey), (unsigned char*)dataAddr, 512, (unsigned char *)hash, 0); dataLen -= 512; dataAddr += 512; } if (dataLen) { memcpy(hmacKey, hash, sizeof(hmacKey)); sha2_hmac((unsigned char*)hmacKey, sizeof(hmacKey), (unsigned char*)dataAddr, dataLen, (unsigned char *)hash, 0); } return OK; #endif }
uint ShaHmac::GetDigest(void* digest,const void* data,uint len,const void* key,uint klen,SHA_BITS bits){ if(bits==sha_160){ sha1_hmac((byte*)key,klen,(byte*)data,len,(byte*)digest); }else if(bits==sha_224){ sha2_hmac((byte*)key,klen,(byte*)data,len,(byte*)digest,1); }else if(bits==sha_256){ sha2_hmac((byte*)key,klen,(byte*)data,len,(byte*)digest,0); }else if(bits==sha_384){ sha4_hmac((byte*)key,klen,(byte*)data,len,(byte*)digest,1); }else if(bits==sha_512){ sha4_hmac((byte*)key,klen,(byte*)data,len,(byte*)digest,0); }else{ _ASSERT(0); return 0; } return bits; }
/** * @brief HMAC-SHA256 wrapper * @param[in] key HMAC secret key * @param[in] keyLength HMAC key length in bytes * @param[in] input Input data buffer * @param[in] inputLength Input data length in bytes * @param[in] hmacLength Length of output required in bytes, HMAC output is truncated to the hmacLength left bytes. 32 bytes maximum * @param[out] output Output data buffer. * */ void bctbx_hmacSha256(const uint8_t *key, size_t keyLength, const uint8_t *input, size_t inputLength, uint8_t hmacLength, uint8_t *output) { uint8_t hmacOutput[32]; sha2_hmac(key, keyLength, input, inputLength, hmacOutput, 0); /* last param to zero to select SHA256 and not SHA224 */ /* check output length, can't be>32 */ if (hmacLength>32) { memcpy(output, hmacOutput, 32); } else { memcpy(output, hmacOutput, hmacLength); } }
int protect_buffer(unsigned char **output, int *output_len, unsigned char *input, int input_len, char *password, unsigned char *salt, int salt_len, unsigned int iterations) { int i, pad_len, ret; unsigned char k_m[32]; unsigned char k_c[32]; unsigned char k_i[32]; unsigned char tmp_1[36]; unsigned char *input_padd; unsigned char *cipher; aes_context aes_ctx; /* *** Init *** */ i = 0; pad_len = 0; ret = 1; input_padd = NULL; cipher = NULL; /* *** Deriv password to MasterKey *** */ ret = deriv_passwd(k_m, password, salt, salt_len, iterations); if(ret != 0) { fprintf(stderr, "error: deriv_passwd failed\n"); return 1; } /* *** Deriv MasterKey to CipherKey / IntegrityKey *** */ i = 0; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha2(tmp_1, 36, k_c, 0); i ++; memcpy(tmp_1, k_m, 32); memcpy(tmp_1+32, &i, sizeof(int)); sha2(tmp_1, 36, k_i, 0); /* *** Padding *** */ pad_len = 16 - (input_len % 16); input_padd = (unsigned char *) malloc((input_len + pad_len) * sizeof(char)); if(input_padd == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } cipher = (unsigned char *)malloc((input_len + pad_len + 32) * sizeof(char)); if(cipher == NULL) { fprintf(stderr, "error : memory allocation failed\n"); ret = 1; goto cleanup; } memcpy(input_padd, input, input_len); memcpy(input_padd+input_len, padding, pad_len); /* *** Chiffrement *** */ ret = aes_setkey_enc(&aes_ctx, k_c, 256); if(ret != 0) { fprintf(stderr, "error : aes_setkey_enc failed\n"); ret = 1; goto cleanup; } ret = aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, (size_t) (input_len + pad_len), iv, input_padd, cipher); if(ret != 0) { fprintf(stderr, "error : aes_crypt_cbc failed\n"); ret = 1; goto cleanup; } /* *** Ajout du controle d'integrite *** */ sha2_hmac(k_i, 32, cipher, input_len + pad_len, cipher + input_len + pad_len, 0); *output = cipher; *output_len = input_len + pad_len + 32; ret = 0; cleanup: if(input_padd != NULL) { memset(input_padd, 0x00, input_len + pad_len); free(input_padd); } memset(&aes_ctx, 0x00, sizeof(aes_context)); memset(k_m, 0x00, 32); memset(k_c, 0x00, 32); memset(k_i, 0x00, 32); memset(tmp_1, 0x00, 36); pad_len = 0; i = 0; return ret; }
void sha256_hmac_wrap( const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output ) { sha2_hmac( key, keylen, input, ilen, output, 0 ); }
int sign(unsigned char *output,unsigned char *input, int input_len, char *pri_key_file) { unsigned char * cipher = NULL; unsigned char * k_c = NULL; unsigned char sign[128]; int ret; FILE *fkey; rsa_context rsa_ctx; havege_state prng_ctx; cipher = (unsigned char *)malloc((32)*sizeof(char)); /* ********************** HASH controle integrite *********************** */ k_c = (unsigned char *)malloc(2*KEY_LENGTH*sizeof(unsigned char)); memset(k_c, 0, 2*KEY_LENGTH); //generation de la clef symetrique de KEY_LENGTH bits gen_key(k_c, KEY_LENGTH); sha2_hmac(k_c, KEY_LENGTH, input, input_len, cipher, 0); print_hex(k_c, KEY_LENGTH, "cle secrete utilisée pour le hash : "); /* *** Read the private asymetric key in the file*** */ if( ( fkey = fopen( pri_key_file, "rb" ) ) == NULL ) { ret = 1; printf( " failed\n ! Could not open %s\n" \ " ! Please run rsa_genkey first\n\n",pri_key_file ); goto cleanup; } rsa_init( &rsa_ctx, RSA_PKCS_V15, 0 ); if( ( ret = mpi_read_file( &rsa_ctx.N , 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.E , 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.D , 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.P , 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.Q , 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.DP, 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.DQ, 16, fkey ) ) != 0 || ( ret = mpi_read_file( &rsa_ctx.QP, 16, fkey ) ) != 0 ) { printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); goto cleanup; } rsa_ctx.len = ( mpi_msb( &rsa_ctx.N ) + 7 ) >> 3; fclose( fkey ); /* *** SYM_K(key) : chiffrement RSA de la clé de chiffrement key (16) => rsa-1024 bits = 128 octets en sortie *** */ /* *** cipher = ASYM_Kpriv (Hash) *** */ havege_init(&prng_ctx); memset(sign, 0, 128); if( ( ret = rsa_pkcs1_encrypt( &rsa_ctx, havege_random, &prng_ctx, RSA_PRIVATE, KEY_LENGTH, cipher, sign ) ) != 0 ) { printf( " failed\n ! rsa_pkcs1_encrypt returned %d\n\n", ret ); goto cleanup; } print_hex(sign, sizeof(sign), "Hash chiffrée avec RSA : "); /* *** ASYM_Kpub (K) *** */ output = (unsigned char *) malloc( 128 * sizeof(unsigned char)); memcpy(output, sign, 128); cleanup: if(cipher != NULL) { memset(cipher, 0, 32); free(cipher); } if(k_c != NULL) { memset(k_c, 0, 2*KEY_LENGTH); free(k_c); } memset(&prng_ctx,0x00, sizeof(havege_state)); memset(&rsa_ctx, 0x00, sizeof(rsa_ctx)); memset(sign, 0, 128); return ret; }