From: miha-q <> Date: Tue, 8 Aug 2023 00:57:47 +0000 (-0400) Subject: Mon Aug 7 08:57:47 PM EDT 2023 X-Git-Url: http://www.foleosoft.com/?a=commitdiff_plain;h=fa5d7fa68d9f53d6c3d718fd246b098e00b31d78;p=CryptoFoleo.git Mon Aug 7 08:57:47 PM EDT 2023 --- diff --git a/bin/Main.hi b/bin/Main.hi new file mode 100644 index 0000000..0d85271 Binary files /dev/null and b/bin/Main.hi differ diff --git a/bin/Main.hs b/bin/Main.hs new file mode 100644 index 0000000..bae2276 --- /dev/null +++ b/bin/Main.hs @@ -0,0 +1,37 @@ +import System.IO +import Foreign +import Foreign.C.Types +import Data.ByteString +import Data.ByteString.Internal +import Data.Word +import Data.ByteString.Unsafe +import Control.DeepSeq + +foreign import ccall unsafe "prigen" + c_prigen :: CUShort -> IO (Ptr CChar) + + +prigen :: Word16 -> IO ByteString +prigen lengthInBytes = do + ptr <- c_prigen (fromIntegral lengthInBytes) + q <- unsafePackCStringLen (ptr, fromIntegral lengthInBytes) + let out = copy q + out `deepseq` free ptr + return out + + +main :: IO() +main = do + g <- prigen 256 + print $ byteStringToInteger g + +byteStringToInteger :: ByteString -> Integer +byteStringToInteger = foldl' (\acc byte -> acc * 256 + fromIntegral byte) 0 + +--```haskell +--import Data.ByteString (ByteString) +--import qualified Data.ByteString as BS +-- +--byteStringToInteger :: ByteString -> Integer +--byteStringToInteger = BS.foldl' (\acc byte -> acc * 256 + fromIntegral byte) 0 +-- \ No newline at end of file diff --git a/bin/Main.o b/bin/Main.o new file mode 100644 index 0000000..528aa67 Binary files /dev/null and b/bin/Main.o differ diff --git a/bin/libCryptoFoleo.so b/bin/libCryptoFoleo.so index 22000db..ed3cbce 100755 Binary files a/bin/libCryptoFoleo.so and b/bin/libCryptoFoleo.so differ diff --git a/bin/main b/bin/main new file mode 100755 index 0000000..8afaf66 Binary files /dev/null and b/bin/main differ diff --git a/bin/test b/bin/test new file mode 100755 index 0000000..97110b4 Binary files /dev/null and b/bin/test differ diff --git a/build.sh b/build.sh index abe23b5..505f9ed 100644 --- a/build.sh +++ b/build.sh @@ -1,2 +1,7 @@ -gcc -shared -fPIC src/all.c -o bin/libCryptoFoleo.so -lgmp -DDEVICE='"/dev/random"' -cp src/headers.h bin/CryptoFoleo.h +if [ "$1" == "test" ] +then + gcc tests/test.c -o bin/test -lgmp -DDEVICE='"/dev/random"' +else + gcc -shared -fPIC src/all.c -o bin/libCryptoFoleo.so -lgmp -DDEVICE='"/dev/random"' + cp src/headers.h bin/CryptoFoleo.h +fi diff --git a/src/all.c b/src/all.c index e53019f..1155cc5 100644 --- a/src/all.c +++ b/src/all.c @@ -1,6 +1,7 @@ #include "headers.h" #include "chacha20.c" #include "dhke.c" +#include "hmac.c" #include "poly1305.c" #include "prigen.c" #include "rsa.c" diff --git a/src/chacha20.c b/src/chacha20.c index 348ab9f..8475524 100644 --- a/src/chacha20.c +++ b/src/chacha20.c @@ -1,35 +1,35 @@ -#ifndef __CHACHA20__ -#define __CHACHA20__ +#ifndef __FOLEO_CHACHA20__ +#define __FOLEO_CHACHA20__ #include #include #include "poly1305.c" -static uint32_t chacha20_lr(uint32_t a, uint8_t b) +static uint32_t foleo_chacha20_lr(uint32_t a, uint8_t b) { return (a << b) | (a >> (32 - b)); } -static void chacha20_QR(uint32_t *cc, uint8_t a, uint8_t b, uint8_t c, uint8_t d) +static void foleo_chacha20_QR(uint32_t *cc, uint8_t a, uint8_t b, uint8_t c, uint8_t d) { - cc[a] += cc[b]; cc[d] ^= cc[a]; cc[d] = chacha20_lr(cc[d], 16); - cc[c] += cc[d]; cc[b] ^= cc[c]; cc[b] = chacha20_lr(cc[b], 12); - cc[a] += cc[b]; cc[d] ^= cc[a]; cc[d] = chacha20_lr(cc[d], 8); - cc[c] += cc[d]; cc[b] ^= cc[c]; cc[b] = chacha20_lr(cc[b], 7); + cc[a] += cc[b]; cc[d] ^= cc[a]; cc[d] = foleo_chacha20_lr(cc[d], 16); + cc[c] += cc[d]; cc[b] ^= cc[c]; cc[b] = foleo_chacha20_lr(cc[b], 12); + cc[a] += cc[b]; cc[d] ^= cc[a]; cc[d] = foleo_chacha20_lr(cc[d], 8); + cc[c] += cc[d]; cc[b] ^= cc[c]; cc[b] = foleo_chacha20_lr(cc[b], 7); } -static void chacha20_DR(uint32_t *cc) +static void foleo_chacha20_DR(uint32_t *cc) { - chacha20_QR(cc, 0, 4, 8, 12); - chacha20_QR(cc, 1, 5, 9, 13); - chacha20_QR(cc, 2, 6, 10, 14); - chacha20_QR(cc, 3, 7, 11, 15); - chacha20_QR(cc, 0, 5, 10, 15); - chacha20_QR(cc, 1, 6, 11, 12); - chacha20_QR(cc, 2, 7, 8, 13); - chacha20_QR(cc, 3, 4, 9, 14); + foleo_chacha20_QR(cc, 0, 4, 8, 12); + foleo_chacha20_QR(cc, 1, 5, 9, 13); + foleo_chacha20_QR(cc, 2, 6, 10, 14); + foleo_chacha20_QR(cc, 3, 7, 11, 15); + foleo_chacha20_QR(cc, 0, 5, 10, 15); + foleo_chacha20_QR(cc, 1, 6, 11, 12); + foleo_chacha20_QR(cc, 2, 7, 8, 13); + foleo_chacha20_QR(cc, 3, 4, 9, 14); } -static void chacha20_CB(uint32_t *cc) +static void foleo_chacha20_CB(uint32_t *cc) { uint8_t i; uint32_t x[16]; @@ -39,7 +39,7 @@ static void chacha20_CB(uint32_t *cc) } for (i = 0; i < 10; i++) { - chacha20_DR(cc); + foleo_chacha20_DR(cc); } for (i = 0; i < 16; i++) { @@ -47,7 +47,7 @@ static void chacha20_CB(uint32_t *cc) } } -static void chacha20_S(uint32_t *cc, uint8_t *cs) +static void foleo_chacha20_S(uint32_t *cc, uint8_t *cs) { for (uint8_t i = 0; i < 16; i++) { @@ -58,7 +58,7 @@ static void chacha20_S(uint32_t *cc, uint8_t *cs) } } -static void chacha20_block(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint8_t out[64]) +static void foleo_chacha20_block(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint8_t out[64]) { uint32_t cc[] = { @@ -81,12 +81,12 @@ static void chacha20_block(uint8_t key[32], uint8_t nonce[12], uint32_t block, u nonce[8] | (nonce[9] << 8) | (nonce[10] << 16) | (nonce[11] << 24) }; - chacha20_CB(cc); - chacha20_S(cc, out); + foleo_chacha20_CB(cc); + foleo_chacha20_S(cc, out); } /*Don't use block #0 if you are using this in conjunction with poly1305*/ -uint8_t* chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint64_t count) +uint8_t* foleo_chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint64_t count) { if (count > (274877906944 - block * 64)) return NULL; uint8_t* ret = malloc(0); @@ -95,7 +95,7 @@ uint8_t* chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint64_t c while (count > 64) { ret = realloc(ret, size + 64); - chacha20_block(key, nonce, block++, ccblock); + foleo_chacha20_block(key, nonce, block++, ccblock); for (uint8_t i = 0; i < 64; i++) ret[size + i] = ccblock[i]; size += 64; count -= 64; @@ -103,16 +103,16 @@ uint8_t* chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, uint64_t c if (count > 0) { ret = realloc(ret, size + count); - chacha20_block(key, nonce, block, ccblock); + foleo_chacha20_block(key, nonce, block, ccblock); for (uint8_t i = 0; i < count; i++) ret[size + i] = ccblock[i]; } return ret; } //Calculates poly1305 for ciphertext encrypted with chacha20 -uint8_t* chacha20_poly1305(uint8_t key[32], uint8_t nonce[12], uint8_t* cipherText, uint64_t lengthInBytes) +uint8_t* foleo_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12], uint8_t* cipherText, uint64_t lengthInBytes) { - uint8_t* keydata = chacha20(key, nonce, 0, 32); + uint8_t* keydata = foleo_chacha20(key, nonce, 0, 32); uint8_t r[16]; uint8_t s[16]; for (uint8_t i = 0; i < 16; i++) @@ -121,7 +121,7 @@ uint8_t* chacha20_poly1305(uint8_t key[32], uint8_t nonce[12], uint8_t* cipherTe s[i] = keydata[i + 16]; } free(keydata); - return poly1305(r, s, cipherText, lengthInBytes); + return foleo_poly1305(r, s, cipherText, lengthInBytes); } #endif \ No newline at end of file diff --git a/src/dhke.c b/src/dhke.c index 579ac4e..ced6f0b 100644 --- a/src/dhke.c +++ b/src/dhke.c @@ -1,10 +1,9 @@ -#ifndef __DHKE__ -#define __DHKE__ +#ifndef __FOLEO_DHKE__ +#define __FOLEO_DHKE__ #include #include #include #include -#include "sha256.c" /* dhke(private, public) @@ -18,7 +17,7 @@ be shared. If you pass in your private value as the private parameter and the public value you acquired from the other person as the public parameter, it will return the shared secret. -dhke_prf(desiredBytes, secret, secretS, label, labelS, seed, seedS) +foleo_dhke_prf(desiredBytes, secret, secretS, label, labelS, seed, seedS) Because the key is 4096 bits long which may either be too much or too little depending on your purposes, this library also offers as a way to convert the @@ -130,7 +129,7 @@ static uint8_t RFC3526ID16[] = 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; -static void dhke_store(mpz_t n, uint8_t* b, uint32_t s) +static void foleo_dhke_store(mpz_t n, uint8_t* b, uint32_t s) { for (uint32_t i = 0; i < s; i++) { @@ -139,7 +138,7 @@ static void dhke_store(mpz_t n, uint8_t* b, uint32_t s) } } -static void dhke_load(mpz_t n, uint8_t* b, uint32_t s) +static void foleo_dhke_load(mpz_t n, uint8_t* b, uint32_t s) { mpz_set_ui(n, 0); for (uint32_t i = 0; i < s; i++) @@ -156,14 +155,14 @@ static void dhke_load(mpz_t n, uint8_t* b, uint32_t s) pass in the private value and the public received to compute the final key */ -uint8_t* dhke(uint8_t* private, uint8_t* public) +uint8_t* foleo_dhke(uint8_t* private, uint8_t* public) { mpz_t n, g, p; mpz_init(n); mpz_init(g); mpz_init(p); mpz_set_ui(g, 2); - dhke_load(p, RFC3526ID16, 512); + foleo_dhke_load(p, RFC3526ID16, 512); uint8_t* out = malloc(512); if (private == NULL && public == NULL) @@ -175,18 +174,18 @@ uint8_t* dhke(uint8_t* private, uint8_t* public) } else if (private != NULL && public == NULL) { - dhke_load(n, private, 512); + foleo_dhke_load(n, private, 512); mpz_powm(n, g, n, p); - dhke_store(n, out, 512); + foleo_dhke_store(n, out, 512); } else { mpz_t m; mpz_init(m); - dhke_load(m, private, 512); - dhke_load(n, public, 512); + foleo_dhke_load(m, private, 512); + foleo_dhke_load(n, public, 512); mpz_powm(n, n, m, p); - dhke_store(n, out, 512); + foleo_dhke_store(n, out, 512); mpz_clear(m); } @@ -196,156 +195,4 @@ uint8_t* dhke(uint8_t* private, uint8_t* public) return out; } -//HMAC(K, m) = H((K' xor opad) || H((K' xor ipad) || m)) -static uint8_t* dhke_hmac -( - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs, //hash size - uint32_t Bs, //block size - uint8_t* K, - uint32_t Ks, //K size - uint8_t* M, - uint32_t Ms //M size -) -{ - uint8_t* tmp1; - uint8_t* Kp; //K prime - - if (Ks <= Bs) - { - Kp = malloc(Bs); - for (uint32_t i = 0; i < Bs; i++) - { - Kp[i] = i < Ks ? K[i] : 0; - } - } - else - { - tmp1 = hash_func(K, Ks); - Kp = malloc(Bs); - for (uint32_t i = 0; i < Bs; i++) - { - Kp[i] = i < Hs ? tmp1[i] : 0; - } - free(tmp1); - } - - //opad and ipad - uint8_t opad[Bs]; - uint8_t ipad[Bs]; - for (uint32_t i = 0; i < Bs; i++) - { - opad[i] = 0x5C; - ipad[i] = 0x36; - } - tmp1 = malloc(Bs + Ms); - for (uint32_t i = 0; i < Bs + Ms; i++) - { - tmp1[i] = i < Bs ? Kp[i] ^ ipad[i] : M[i - Bs]; - } - uint8_t* tmp2 = hash_func(tmp1, Bs + Ms); - free(tmp1); - - tmp1 = malloc(Bs + Hs); - for (uint32_t i = 0; i < Bs + Hs; i++) - { - tmp1[i] = i < Bs ? Kp[i] ^ opad[i] : tmp2[i - Bs]; - } - free(tmp2); - free(Kp); - - tmp2 = hash_func(tmp1, Bs + Hs); - free(tmp1); - return tmp2; - -} - -//A(0) = seed -//A(i) = HMAC_hash(secret, A(i-1)) -static uint8_t* dhke_hmac_A -( - uint8_t iter, //iteration - uint8_t* (hash_func)(uint8_t*, uint32_t), - uint32_t Hs, //hash size - uint32_t Bs, //block size - uint8_t* secret, - uint32_t secretS, //secret size - uint8_t* seed, - uint32_t seedS, //seed size - uint32_t* returnSize -) -{ - uint8_t* out; - if (iter == 0) - { - out = malloc(seedS); - for (uint32_t i = 0; i < seedS; i++) - { - out[i] = seed[i]; - } - *returnSize = seedS; - return out; - } - uint32_t retSize; - uint8_t* tmp = dhke_hmac_A(iter - 1, hash_func, Hs, Bs, secret, secretS, seed, seedS, &retSize); - out = dhke_hmac(hash_func, Hs, Bs, secret, secretS, tmp, retSize); - free(tmp); - *returnSize = Hs; - return out; -} - -//PRF(secret, label, seed) = P_(secret, label + seed) -// = HMAC_hash(secret, A(i) + seed) -//We are using sha256, but this is coded in such a way -// that we could extend it to other algorithms in the -// future. -uint8_t* dhke_prf -( - uint32_t desiredBytes, - uint8_t* secret, - uint32_t secretS, - uint8_t* label, - uint32_t labelS, - uint8_t* seed, - uint32_t seedS -) -{ - uint32_t Hs = 32; - uint32_t Bs = 64; - uint32_t iter = 1; - uint8_t* keystream = malloc(0); - uint8_t* labelSeed = malloc(labelS + seedS); - - for (uint32_t i = 0; i < labelS + seedS; i++) - labelSeed[i] = i < labelS ? label[i] : seed[i - labelS]; - - while (desiredBytes != 0) - { - uint32_t tmp1S; - uint8_t* tmp1 = dhke_hmac_A(iter, sha256, Hs, Bs, secret, secretS, labelSeed, labelS + seedS, &tmp1S); - tmp1 = realloc(tmp1, tmp1S + labelS + seedS); - for (uint32_t i = 0; i < labelS + seedS; i++) - tmp1[i + tmp1S] = labelSeed[i]; - uint8_t* tmp2 = dhke_hmac(sha256, Hs, Bs, secret, secretS, tmp1, tmp1S + labelS + seedS); - free(tmp1); - if (desiredBytes >= Bs) - { - keystream = realloc(keystream, iter * Bs); - for (uint32_t i = 0; i < Bs; i++) - keystream[i + (iter - 1) * Bs] = tmp2[i]; - desiredBytes -= Bs; - } - else - { - keystream = realloc(keystream, (iter - 1) * Bs + desiredBytes); - for (uint32_t i = 0; i < desiredBytes; i++) - keystream[i + (iter - 1) * Bs] = tmp2[i]; - desiredBytes = 0; - } - free(tmp2); - iter++; - } - free(labelSeed); - return keystream; -} #endif diff --git a/src/headers.h b/src/headers.h index 9575e5e..03d65e7 100644 --- a/src/headers.h +++ b/src/headers.h @@ -1,27 +1,28 @@ #include #include -uint8_t* chacha20(uint8_t[32], uint8_t[12], uint32_t, uint64_t); -uint8_t* chacha20_poly1305(uint8_t[32], uint8_t[12], uint8_t*, uint64_t); -uint8_t* dhke(uint8_t*, uint8_t*); -uint8_t* dhke_prf(uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t); -uint8_t* poly1305(uint8_t*, uint8_t*, uint8_t*, uint64_t); -uint8_t* prigen(uint16_t); -#define RSA_NONE 99 -#define RSA_ENCRYPTION 1 -#define RSA_SIGNATURE 2 -#define RSA_OAEP 3 -#define RSA_PSS 4 +uint8_t* foleo_chacha20(uint8_t[32], uint8_t[12], uint32_t, uint64_t); +uint8_t* foleo_chacha20_poly1305(uint8_t[32], uint8_t[12], uint8_t*, uint64_t); +uint8_t* foleo_dhke(uint8_t*, uint8_t*); +uint8_t* foleo_dhke_prf(uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t, uint8_t*, uint32_t); +uint8_t* foleo_poly1305(uint8_t*, uint8_t*, uint8_t*, uint64_t); +uint8_t* foleo_prigen(uint16_t); +#define FOLEO_RSA_NONE 99 +#define FOLEO_RSA_ENCRYPTION 1 +#define FOLEO_RSA_SIGNATURE 2 +#define FOLEO_RSA_OAEP 3 +#define FOLEO_RSA_PSS 4 typedef struct { mpz_t n, k; uint16_t bitWidth; } rsakey_t; -rsakey_t rsa_public(uint8_t*, uint16_t, uint8_t*, uint16_t, uint8_t*, uint16_t); -rsakey_t rsa_private(uint8_t*, uint16_t, uint8_t*, uint16_t, uint8_t*, uint16_t); -rsakey_t rsa_import(uint8_t*, uint16_t, uint8_t*, uint16_t); -uint8_t* rsa_export(rsakey_t, uint8_t, uint16_t*); -void rsa_free(rsakey_t); -uint8_t* rsa_encrypt(rsakey_t, uint8_t, uint8_t*, uint16_t); -uint8_t* rsa_decrypt(rsakey_t, uint8_t, uint8_t*, uint16_t*); -uint8_t* sha256(uint8_t*, uint32_t); +rsakey_t foleo_rsa_public(uint8_t*, uint16_t, uint8_t*, uint16_t, uint8_t*, uint16_t); +rsakey_t foleo_rsa_private(uint8_t*, uint16_t, uint8_t*, uint16_t, uint8_t*, uint16_t); +rsakey_t foleo_rsa_import(uint8_t*, uint16_t, uint8_t*, uint16_t); +uint8_t* foleo_rsa_export(rsakey_t, uint8_t, uint16_t*); +void foleo_rsa_free(rsakey_t); +uint8_t* foleo_rsa_encrypt(rsakey_t, uint8_t, uint8_t*, uint16_t); +uint8_t* foleo_rsa_decrypt(rsakey_t, uint8_t, uint8_t*, uint16_t*); +uint8_t* foleo_sha256(uint8_t*, uint32_t); +#define FOLEO_SHA256_PARAMETERS foleo_sha256, 32, 64 diff --git a/src/hmac.c b/src/hmac.c new file mode 100644 index 0000000..477569b --- /dev/null +++ b/src/hmac.c @@ -0,0 +1,243 @@ +#ifndef __FOLEO_HMAC__ +#define __FOLEO_HMAC__ +#include +#include +#include + +//FOLEO_HMAC(K, m) = H((K' xor opad) || H((K' xor ipad) || m)) +static uint8_t* foleo_hmac +( + uint8_t* (hash_func)(uint8_t*, uint32_t), + uint32_t Hs, //hash size + uint32_t Bs, //block size + uint8_t* K, + uint32_t Ks, //K size + uint8_t* M, + uint32_t Ms //M size +) +{ + uint8_t* tmp1; + uint8_t* Kp; //K prime + + if (Ks <= Bs) + { + Kp = malloc(Bs); + for (uint32_t i = 0; i < Bs; i++) + { + Kp[i] = i < Ks ? K[i] : 0; + } + } + else + { + tmp1 = hash_func(K, Ks); + Kp = malloc(Bs); + for (uint32_t i = 0; i < Bs; i++) + { + Kp[i] = i < Hs ? tmp1[i] : 0; + } + free(tmp1); + } + + //opad and ipad + uint8_t opad[Bs]; + uint8_t ipad[Bs]; + for (uint32_t i = 0; i < Bs; i++) + { + opad[i] = 0x5C; + ipad[i] = 0x36; + } + tmp1 = malloc(Bs + Ms); + for (uint32_t i = 0; i < Bs + Ms; i++) + { + tmp1[i] = i < Bs ? Kp[i] ^ ipad[i] : M[i - Bs]; + } + uint8_t* tmp2 = hash_func(tmp1, Bs + Ms); + free(tmp1); + + tmp1 = malloc(Bs + Hs); + for (uint32_t i = 0; i < Bs + Hs; i++) + { + tmp1[i] = i < Bs ? Kp[i] ^ opad[i] : tmp2[i - Bs]; + } + free(tmp2); + free(Kp); + + tmp2 = hash_func(tmp1, Bs + Hs); + free(tmp1); + return tmp2; + +} + +//A(0) = seed +//A(i) = FOLEO_HMAC_hash(secret, A(i-1)) +static uint8_t* foleo_hmac_A +( + uint8_t iter, //iteration + uint8_t* (hash_func)(uint8_t*, uint32_t), + uint32_t Hs, //hash size + uint32_t Bs, //block size + uint8_t* secret, + uint32_t secretS, //secret size + uint8_t* seed, + uint32_t seedS, //seed size + uint32_t* returnSize +) +{ + uint8_t* out; + if (iter == 0) + { + out = malloc(seedS); + for (uint32_t i = 0; i < seedS; i++) + { + out[i] = seed[i]; + } + *returnSize = seedS; + return out; + } + uint32_t retSize; + uint8_t* tmp = foleo_hmac_A(iter - 1, hash_func, Hs, Bs, secret, secretS, seed, seedS, &retSize); + out = foleo_hmac(hash_func, Hs, Bs, secret, secretS, tmp, retSize); + free(tmp); + *returnSize = Hs; + return out; +} + +//PRF(secret, label, seed) = P_(secret, label + seed) +// = FOLEO_HMAC_hash(secret, A(i) + seed) +//We are using sha256, but this is coded in such a way +// that we could extend it to other algorithms in the +// future. +uint8_t* foleo_hmac_prf +( + uint8_t* (hash_func)(uint8_t*, uint32_t), + uint32_t Hs,// = 32, + uint32_t Bs,// = 64, + uint32_t desiredBytes, + uint8_t* secret, + uint32_t secretS, + uint8_t* label, + uint32_t labelS, + uint8_t* seed, + uint32_t seedS +) +{ + uint32_t iter = 1; + uint8_t* keystream = malloc(0); + uint8_t* labelSeed = malloc(labelS + seedS); + + for (uint32_t i = 0; i < labelS + seedS; i++) + labelSeed[i] = i < labelS ? label[i] : seed[i - labelS]; + + while (desiredBytes != 0) + { + uint32_t tmp1S; + uint8_t* tmp1 = foleo_hmac_A(iter, hash_func, Hs, Bs, secret, secretS, labelSeed, labelS + seedS, &tmp1S); + tmp1 = realloc(tmp1, tmp1S + labelS + seedS); + for (uint32_t i = 0; i < labelS + seedS; i++) + tmp1[i + tmp1S] = labelSeed[i]; + uint8_t* tmp2 = foleo_hmac(hash_func, Hs, Bs, secret, secretS, tmp1, tmp1S + labelS + seedS); + free(tmp1); + if (desiredBytes >= Bs) + { + keystream = realloc(keystream, iter * Bs); + for (uint32_t i = 0; i < Bs; i++) + keystream[i + (iter - 1) * Bs] = tmp2[i]; + desiredBytes -= Bs; + } + else + { + keystream = realloc(keystream, (iter - 1) * Bs + desiredBytes); + for (uint32_t i = 0; i < desiredBytes; i++) + keystream[i + (iter - 1) * Bs] = tmp2[i]; + desiredBytes = 0; + } + free(tmp2); + iter++; + } + free(labelSeed); + return keystream; +} + +static uint8_t* foleo_hmac_T +( + uint8_t iter, + uint8_t* (hash_func)(uint8_t*, uint32_t), + uint32_t Hs, //hash size + uint32_t Bs, //block size + uint8_t* prk, + uint32_t prkS, + uint8_t* info, + uint32_t infoS, + uint32_t* returnSize +) +{ + uint8_t* out; + uint8_t* tmp; + if (iter == 0) + { + out = malloc(0); + *returnSize = 0; + return out; + } + uint32_t tmpS; + tmp = foleo_hmac_T(iter - 1, hash_func, Hs, Bs, prk, prkS, info, infoS, &tmpS); + tmp = realloc(tmp, tmpS + infoS + 1); + for (uint32_t i = 0; i < infoS; i++) tmp[tmpS + i] = info[i]; + tmp[tmpS + infoS] = iter; + out = foleo_hmac(hash_func, Hs, Bs, prk, prkS, tmp, tmpS + infoS + 1); + free(tmp); + *returnSize = Hs; + return out; +} + +uint8_t* foleo_hmac_hkdf +( + uint8_t* (hash_func)(uint8_t*, uint32_t), + uint32_t Hs, //hash size + uint32_t Bs, //block size + uint32_t desiredBytes, + uint8_t* ikm, + uint32_t ikmS, + uint8_t* salt, + uint32_t saltS, + uint8_t* info, + uint32_t infoS +) +{ + uint8_t* tmp; + uint32_t tmpS; + uint8_t* out = malloc(0); + uint32_t outS = 0; + uint8_t* prk = foleo_hmac(hash_func, Hs, Bs, salt, saltS, ikm, ikmS); + uint32_t iter = 1; + while (desiredBytes != 0) + { + tmp = foleo_hmac_T(iter++, hash_func, Hs, Bs, prk, Hs, info, infoS, &tmpS); + if (desiredBytes > Hs) + { + out = realloc(out, outS + tmpS); + for (uint32_t i = 0; i < tmpS; i++) + { + out[outS + i] = tmp[i]; + } + free(tmp); + outS += tmpS; + desiredBytes -= Hs; + } + else + { + out = realloc(out, outS + desiredBytes); + for (uint32_t i = 0; i < desiredBytes; i++) + { + out[outS + i] = tmp[i]; + } + free(tmp); + outS += desiredBytes; + desiredBytes = 0; + } + } + free(prk); + return out; +} + +#endif \ No newline at end of file diff --git a/src/poly1305.c b/src/poly1305.c index 587ad06..c4a7585 100644 --- a/src/poly1305.c +++ b/src/poly1305.c @@ -1,11 +1,11 @@ -#ifndef __POLY1305__ -#define __POLY1305__ +#ifndef __FOLEO_POLY1305__ +#define __FOLEO_POLY1305__ #include #include #include #include -static void poly1305_clamp(uint8_t* r) +static void foleo_poly1305_clamp(uint8_t* r) { r[3] &= 15; r[7] &= 15; @@ -16,7 +16,7 @@ static void poly1305_clamp(uint8_t* r) r[12] &= 252; } -static void poly1305_b2n_le(mpz_t n, uint8_t *b, uint8_t s, uint8_t init) +static void foleo_poly1305_b2n_le(mpz_t n, uint8_t *b, uint8_t s, uint8_t init) { mpz_set_ui(n, init); for (int8_t i = s - 1; i >= 0; i--) @@ -26,7 +26,7 @@ static void poly1305_b2n_le(mpz_t n, uint8_t *b, uint8_t s, uint8_t init) } } -static void poly1305_dump(char *p, mpz_t n) +static void foleo_poly1305_dump(char *p, mpz_t n) { char *nh = mpz_get_str(NULL, 16, n); printf("%s = %s\n", p, nh); @@ -35,7 +35,7 @@ static void poly1305_dump(char *p, mpz_t n) //bS and bR are read little-endian and 16-bytes //return value must be freed -uint8_t* poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, uint64_t bMs) +uint8_t* foleo_poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, uint64_t bMs) { uint8_t bP[] = { @@ -46,7 +46,7 @@ uint8_t* poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, uint64_t bMs) 0x03 }; - poly1305_clamp(bR); + foleo_poly1305_clamp(bR); mpz_t P, r, s, Acc, b; mpz_init(P); @@ -55,14 +55,14 @@ uint8_t* poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, uint64_t bMs) mpz_init(s); mpz_init(Acc); mpz_set_ui(Acc, 0); - poly1305_b2n_le(P, bP, 17, 0); - poly1305_b2n_le(s, bS, 16, 0); - poly1305_b2n_le(r, bR, 16, 0); + foleo_poly1305_b2n_le(P, bP, 17, 0); + foleo_poly1305_b2n_le(s, bS, 16, 0); + foleo_poly1305_b2n_le(r, bR, 16, 0); for (uint64_t i = 0;; i++) { uint64_t bytesLeft = bMs - (i * 16); - poly1305_b2n_le(b, bM + i * 16, bytesLeft < 16 ? bytesLeft : 16, 1); + foleo_poly1305_b2n_le(b, bM + i * 16, bytesLeft < 16 ? bytesLeft : 16, 1); mpz_add(Acc, Acc, b); mpz_mul(Acc, Acc, r); mpz_mod(Acc, Acc, P); diff --git a/src/prigen.c b/src/prigen.c index 2458f6d..31ac240 100644 --- a/src/prigen.c +++ b/src/prigen.c @@ -112,7 +112,7 @@ static void PRIGEN_GeneratePrime(mpz_t n, int bytes) } /* Generate prime of X bytes */ -uint8_t* prigen(uint16_t bytes) +uint8_t* foleo_prigen(uint16_t bytes) { uint8_t* buffer = malloc(bytes); FILE *f = fopen(DEVICE, "r"); diff --git a/src/rsa.c b/src/rsa.c index 14bd93c..497c918 100644 --- a/src/rsa.c +++ b/src/rsa.c @@ -1,5 +1,5 @@ -#ifndef __RSA__ -#define __RSA__ +#ifndef __FOLEO_RSA__ +#define __FOLEO_RSA__ #include #include #include @@ -13,7 +13,7 @@ } rsakey_t;*/ -static void rsa_store(mpz_t n, uint8_t* b, uint32_t s) +static void foleo_rsa_store(mpz_t n, uint8_t* b, uint32_t s) { for (uint32_t i = 0; i < s; i++) { @@ -22,7 +22,7 @@ static void rsa_store(mpz_t n, uint8_t* b, uint32_t s) } } -static void rsa_load(mpz_t n, uint8_t* b, uint32_t s) +static void foleo_rsa_load(mpz_t n, uint8_t* b, uint32_t s) { mpz_set_ui(n, 0); for (uint32_t i = 0; i < s; i++) @@ -33,7 +33,7 @@ static void rsa_load(mpz_t n, uint8_t* b, uint32_t s) } //Keys and their sizes in terms of BYTES -rsakey_t rsa_public(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* e, uint16_t eS) +rsakey_t foleo_rsa_public(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* e, uint16_t eS) { mpz_t np, nq, ne; mpz_init(np); @@ -43,9 +43,9 @@ rsakey_t rsa_public(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* e mpz_set_ui(nq, 0); mpz_set_ui(ne, 0); - rsa_load(np, p, pS); - rsa_load(nq, q, qS); - rsa_load(ne, q, qS); + foleo_rsa_load(np, p, pS); + foleo_rsa_load(nq, q, qS); + foleo_rsa_load(ne, q, qS); rsakey_t ret; ret.bitWidth = (pS + qS) * 8; @@ -60,7 +60,7 @@ rsakey_t rsa_public(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* e return ret; } -rsakey_t rsa_private(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* e, uint16_t eS) +rsakey_t foleo_rsa_private(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* e, uint16_t eS) { mpz_t np, nq, ne; mpz_init(np); @@ -70,9 +70,9 @@ rsakey_t rsa_private(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* mpz_set_ui(nq, 0); mpz_set_ui(ne, 0); - rsa_load(np, p, pS); - rsa_load(nq, q, qS); - rsa_load(ne, q, qS); + foleo_rsa_load(np, p, pS); + foleo_rsa_load(nq, q, qS); + foleo_rsa_load(ne, q, qS); rsakey_t ret; ret.bitWidth = (pS + qS) * 8; @@ -92,7 +92,7 @@ rsakey_t rsa_private(uint8_t* p, uint16_t pS, uint8_t* q, uint16_t qS, uint8_t* return ret; } -uint8_t* rsa_export(rsakey_t key, uint8_t whichone, uint16_t* newsize) +uint8_t* foleo_rsa_export(rsakey_t key, uint8_t whichone, uint16_t* newsize) { uint8_t* ret = malloc(key.bitWidth / 8); switch (whichone) @@ -101,12 +101,12 @@ uint8_t* rsa_export(rsakey_t key, uint8_t whichone, uint16_t* newsize) case 'D': case 'e': case 'E': - rsa_store(key.k, ret, key.bitWidth / 8); + foleo_rsa_store(key.k, ret, key.bitWidth / 8); *newsize = key.bitWidth / 8; return ret; case 'n': case 'N': - rsa_store(key.n, ret, key.bitWidth / 8); + foleo_rsa_store(key.n, ret, key.bitWidth / 8); *newsize = key.bitWidth / 8; return ret; } @@ -115,7 +115,7 @@ uint8_t* rsa_export(rsakey_t key, uint8_t whichone, uint16_t* newsize) return NULL; } -rsakey_t rsa_import(uint8_t* bufferK, uint16_t byteSizeK, uint8_t* bufferN, uint16_t byteSizeN) +rsakey_t foleo_rsa_import(uint8_t* bufferK, uint16_t byteSizeK, uint8_t* bufferN, uint16_t byteSizeN) { rsakey_t ret; ret.bitWidth = byteSizeN * 8; @@ -124,13 +124,13 @@ rsakey_t rsa_import(uint8_t* bufferK, uint16_t byteSizeK, uint8_t* bufferN, uint mpz_set_ui(ret.k, 0); mpz_set_ui(ret.n, 0); - rsa_load(ret.k, bufferK, byteSizeK); - rsa_load(ret.n, bufferN, byteSizeN); + foleo_rsa_load(ret.k, bufferK, byteSizeK); + foleo_rsa_load(ret.n, bufferN, byteSizeN); return ret; } -void rsa_free(rsakey_t key) +void foleo_rsa_free(rsakey_t key) { key.bitWidth = -1; mpz_clear(key.n); @@ -140,7 +140,7 @@ void rsa_free(rsakey_t key) //convert to PKCS#1 v1.5 encryption block // note this is considered insecure and OAEP should be used instead // OAEP is handled by a separate library in this framework -static uint8_t* RSA_Pad(uint16_t size, uint8_t* buffer, uint16_t bufferSizeInBytes) +static uint8_t* FOLEO_RSA_Pad(uint16_t size, uint8_t* buffer, uint16_t bufferSizeInBytes) { size /= 8; if (bufferSizeInBytes - 11 > size) @@ -178,7 +178,7 @@ static uint8_t* RSA_Pad(uint16_t size, uint8_t* buffer, uint16_t bufferSizeInByt } //Removes the PKCS#1 v1.5 padding scheme -static uint8_t* RSA_DePad(uint16_t size, uint8_t* block, uint16_t* bufferSizeInBytes) +static uint8_t* FOLEO_RSA_DePad(uint16_t size, uint8_t* block, uint16_t* bufferSizeInBytes) { uint16_t i = 2; if (block[0] != 0x00 || (block[1] != 0x01 && block[1] != 0x02)) @@ -212,7 +212,7 @@ static uint8_t* RSA_DePad(uint16_t size, uint8_t* block, uint16_t* bufferSizeInB //convert to PKCS#1 v1.5 signature block // note this is NOT considered insecure but PSS is often used instead // PSS is handled by a separate library in this framework -static uint8_t* RSA_PadSig(uint16_t size, uint8_t* buffer, uint16_t bufferSizeInBytes) +static uint8_t* FOLEO_RSA_PadSig(uint16_t size, uint8_t* buffer, uint16_t bufferSizeInBytes) { size /= 8; if (bufferSizeInBytes - 11 > size) @@ -239,22 +239,22 @@ static uint8_t* RSA_PadSig(uint16_t size, uint8_t* buffer, uint16_t bufferSizeIn return block; } -static uint8_t* RSA_Apply(rsakey_t key, uint8_t* block) +static uint8_t* FOLEO_RSA_Apply(rsakey_t key, uint8_t* block) { uint8_t* newblock = malloc(key.bitWidth / 8); mpz_t n; mpz_init(n); mpz_set_ui(n, 0); - rsa_load(n, block, key.bitWidth / 8); + foleo_rsa_load(n, block, key.bitWidth / 8); mpz_powm(n, n, key.k, key.n); - rsa_store(n, newblock, key.bitWidth / 8); + foleo_rsa_store(n, newblock, key.bitWidth / 8); mpz_clear(n); return newblock; } -static uint8_t* RSA_MGF1(uint8_t* (hashfunc)(uint8_t*, uint32_t), uint32_t hashsize, uint8_t* seed, uint32_t seedsize, uint32_t totalsize) +static uint8_t* FOLEO_RSA_MGF1(uint8_t* (hashfunc)(uint8_t*, uint32_t), uint32_t hashsize, uint8_t* seed, uint32_t seedsize, uint32_t totalsize) { uint8_t* premask = malloc(seedsize + sizeof(uint32_t)); for (uint32_t i = 0; i < seedsize; i++) premask[i] = seed[i]; @@ -280,7 +280,7 @@ static uint8_t* RSA_MGF1(uint8_t* (hashfunc)(uint8_t*, uint32_t), uint32_t hashs } /*this uses sha-256*/ -static uint8_t* RSA_PadOAEP(uint16_t size, uint8_t* buffer, uint16_t mLen) +static uint8_t* FOLEO_RSA_PadOAEP(uint16_t size, uint8_t* buffer, uint16_t mLen) { uint32_t kLen = size / 8; //length of RSA modulus uint32_t hLen = 32; //length of hash output @@ -299,7 +299,7 @@ static uint8_t* RSA_PadOAEP(uint16_t size, uint8_t* buffer, uint16_t mLen) fclose(f); //Build DB - uint8_t* HashL = sha256(NULL, 0); + uint8_t* HashL = foleo_sha256(NULL, 0); uint8_t DB[dbLen]; uint32_t pos = 0; for (uint32_t i = 0; i < hLen; i++) DB[pos++] = HashL[i]; @@ -309,12 +309,12 @@ static uint8_t* RSA_PadOAEP(uint16_t size, uint8_t* buffer, uint16_t mLen) for (uint32_t i = 0; i < mLen; i++) DB[pos++] = buffer[i]; //Mask DB - uint8_t* DBMask = RSA_MGF1(sha256, hLen, Seed, hLen, dbLen); + uint8_t* DBMask = FOLEO_RSA_MGF1(foleo_sha256, hLen, Seed, hLen, dbLen); for (uint32_t i = 0; i < dbLen; i++) DB[i] ^= DBMask[i]; free(DBMask); //Mask Seed - uint8_t* SeedMask = RSA_MGF1(sha256, hLen, DB, dbLen, hLen); + uint8_t* SeedMask = FOLEO_RSA_MGF1(foleo_sha256, hLen, DB, dbLen, hLen); for (uint32_t i = 0; i < hLen; i++) Seed[i] ^= SeedMask[i]; free(SeedMask); @@ -328,7 +328,7 @@ static uint8_t* RSA_PadOAEP(uint16_t size, uint8_t* buffer, uint16_t mLen) } //Removes the OAEP padding scheme -static uint8_t* RSA_DeOAEP(uint16_t size, uint8_t* block, uint16_t* bufferSizeInBytes) +static uint8_t* FOLEO_RSA_DeOAEP(uint16_t size, uint8_t* block, uint16_t* bufferSizeInBytes) { if (block[0] != 0x00) return NULL; uint32_t kLen = size / 8; //length of RSA modulus @@ -342,11 +342,11 @@ static uint8_t* RSA_DeOAEP(uint16_t size, uint8_t* block, uint16_t* bufferSizeIn for (uint32_t i = 0; i < dbLen; i++) MaskedDB[i] = block[i + 1 + hLen]; //Recover the original Seed - uint8_t* Seed = RSA_MGF1(sha256, hLen, MaskedDB, dbLen, hLen); + uint8_t* Seed = FOLEO_RSA_MGF1(foleo_sha256, hLen, MaskedDB, dbLen, hLen); for (uint32_t i = 0; i < hLen; i++) Seed[i] ^= MaskedSeed[i]; //Recover the original DB - uint8_t* SeedMask = RSA_MGF1(sha256, hLen, Seed, hLen, dbLen); + uint8_t* SeedMask = FOLEO_RSA_MGF1(foleo_sha256, hLen, Seed, hLen, dbLen); for (uint32_t i = 0; i < dbLen; i++) MaskedDB[i] ^= SeedMask[i]; free(Seed); free(SeedMask); @@ -370,54 +370,54 @@ static uint8_t* RSA_DeOAEP(uint16_t size, uint8_t* block, uint16_t* bufferSizeIn return out; } -uint8_t* rsa_encrypt(rsakey_t key, uint8_t padding, uint8_t* buffer, uint16_t bufferSize) +uint8_t* foleo_rsa_encrypt(rsakey_t key, uint8_t padding, uint8_t* buffer, uint16_t bufferSize) { uint8_t* block; uint8_t* eblock; - if (padding == RSA_ENCRYPTION) + if (padding == FOLEO_RSA_ENCRYPTION) { - block = RSA_Pad(key.bitWidth, buffer, bufferSize); - eblock = RSA_Apply(key, block); + block = FOLEO_RSA_Pad(key.bitWidth, buffer, bufferSize); + eblock = FOLEO_RSA_Apply(key, block); free(block); } - else if (padding == RSA_SIGNATURE) + else if (padding == FOLEO_RSA_SIGNATURE) { - block = RSA_PadSig(key.bitWidth, buffer, bufferSize); - eblock = RSA_Apply(key, block); + block = FOLEO_RSA_PadSig(key.bitWidth, buffer, bufferSize); + eblock = FOLEO_RSA_Apply(key, block); free(block); } - else if (padding == RSA_OAEP) + else if (padding == FOLEO_RSA_OAEP) { - block = RSA_PadOAEP(key.bitWidth, buffer, bufferSize); - eblock = RSA_Apply(key, block); + block = FOLEO_RSA_PadOAEP(key.bitWidth, buffer, bufferSize); + eblock = FOLEO_RSA_Apply(key, block); free(block); } else { - eblock = RSA_Apply(key, buffer); + eblock = FOLEO_RSA_Apply(key, buffer); } return eblock; } -uint8_t* rsa_decrypt(rsakey_t key, uint8_t padding, uint8_t* eblock, uint16_t* bufferSize) +uint8_t* foleo_rsa_decrypt(rsakey_t key, uint8_t padding, uint8_t* eblock, uint16_t* bufferSize) { uint8_t* block; uint8_t* buffer; - if (padding == RSA_ENCRYPTION || padding == RSA_SIGNATURE) + if (padding == FOLEO_RSA_ENCRYPTION || padding == FOLEO_RSA_SIGNATURE) { - block = RSA_Apply(key, eblock); - buffer = RSA_DePad(key.bitWidth, block, bufferSize); + block = FOLEO_RSA_Apply(key, eblock); + buffer = FOLEO_RSA_DePad(key.bitWidth, block, bufferSize); free(block); } - else if (padding == RSA_OAEP) + else if (padding == FOLEO_RSA_OAEP) { - block = RSA_Apply(key, eblock); - buffer = RSA_DeOAEP(key.bitWidth, block, bufferSize); + block = FOLEO_RSA_Apply(key, eblock); + buffer = FOLEO_RSA_DeOAEP(key.bitWidth, block, bufferSize); free(block); } else { - buffer = RSA_Apply(key, eblock); + buffer = FOLEO_RSA_Apply(key, eblock); } return buffer; } diff --git a/src/sha256.c b/src/sha256.c index c81b7e6..0e7cb55 100644 --- a/src/sha256.c +++ b/src/sha256.c @@ -1,15 +1,15 @@ -#ifndef __SHA256__ -#define __SHA256__ +#ifndef __FOLEO_SHA256__ +#define __FOLEO_SHA256__ #include #include #include -static uint32_t sha256_rr(uint32_t a, uint32_t b) +static uint32_t foleo_sha256_rr(uint32_t a, uint32_t b) { return (a >> b) | (a << (32 - b)); } -static uint32_t sha256_init[] = +static uint32_t foleo_sha256_init[] = { 0x6a09e667, 0xbb67ae85, @@ -21,7 +21,7 @@ static uint32_t sha256_init[] = 0x5be0cd19 }; -static uint32_t sha256_h[] = +static uint32_t foleo_sha256_h[] = { 0x6a09e667, 0xbb67ae85, @@ -33,7 +33,7 @@ static uint32_t sha256_h[] = 0x5be0cd19 }; -static uint32_t sha256_k[] = +static uint32_t foleo_sha256_k[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, @@ -45,7 +45,7 @@ static uint32_t sha256_k[] = 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; -static void sha256_process_block(uint32_t *p) +static void foleo_sha256_process_block(uint32_t *p) { uint8_t i; @@ -57,28 +57,28 @@ static void sha256_process_block(uint32_t *p) uint32_t s0, s1, t1, t2, ch, maj; for (i = 16; i < 64; i++) { - s0 = sha256_rr(w[i - 15], 7) ^ sha256_rr(w[i - 15], 18) ^ (w[i - 15] >> 3); - s1 = sha256_rr(w[i - 2], 17) ^ sha256_rr(w[i - 2], 19) ^ (w[i - 2] >> 10); + s0 = foleo_sha256_rr(w[i - 15], 7) ^ foleo_sha256_rr(w[i - 15], 18) ^ (w[i - 15] >> 3); + s1 = foleo_sha256_rr(w[i - 2], 17) ^ foleo_sha256_rr(w[i - 2], 19) ^ (w[i - 2] >> 10); w[i] = w[i - 16] + s0 + w[i - 7] + s1; } i = 0; - A = sha256_h[0]; - B = sha256_h[1]; - C = sha256_h[2]; - D = sha256_h[3]; - E = sha256_h[4]; - F = sha256_h[5]; - G = sha256_h[6]; - H = sha256_h[7]; + A = foleo_sha256_h[0]; + B = foleo_sha256_h[1]; + C = foleo_sha256_h[2]; + D = foleo_sha256_h[3]; + E = foleo_sha256_h[4]; + F = foleo_sha256_h[5]; + G = foleo_sha256_h[6]; + H = foleo_sha256_h[7]; for (i = 0; i < 64; i++) { - s1 = sha256_rr(E, 6) ^ sha256_rr(E, 11) ^ sha256_rr(E, 25); + s1 = foleo_sha256_rr(E, 6) ^ foleo_sha256_rr(E, 11) ^ foleo_sha256_rr(E, 25); ch = (E & F) ^ ((~E) & G); - t1 = H + s1 + ch + sha256_k[i] + w[i]; - s0 = sha256_rr(A, 2) ^ sha256_rr(A, 13) ^ sha256_rr(A, 22); + t1 = H + s1 + ch + foleo_sha256_k[i] + w[i]; + s0 = foleo_sha256_rr(A, 2) ^ foleo_sha256_rr(A, 13) ^ foleo_sha256_rr(A, 22); maj = (A & B) ^ (A & C) ^ (B & C); t2 = s0 + maj; @@ -92,18 +92,18 @@ static void sha256_process_block(uint32_t *p) A = t1 + t2; } - sha256_h[0] += A; - sha256_h[1] += B; - sha256_h[2] += C; - sha256_h[3] += D; - sha256_h[4] += E; - sha256_h[5] += F; - sha256_h[6] += G; - sha256_h[7] += H; + foleo_sha256_h[0] += A; + foleo_sha256_h[1] += B; + foleo_sha256_h[2] += C; + foleo_sha256_h[3] += D; + foleo_sha256_h[4] += E; + foleo_sha256_h[5] += F; + foleo_sha256_h[6] += G; + foleo_sha256_h[7] += H; } -static uint32_t* sha256_pad(uint8_t* msg, uint32_t size, uint32_t* newsize) +static uint32_t* foleo_sha256_pad(uint8_t* msg, uint32_t size, uint32_t* newsize) { uint64_t osize = size * 8; uint8_t *msg_padded = malloc(size); @@ -149,35 +149,35 @@ static uint32_t* sha256_pad(uint8_t* msg, uint32_t size, uint32_t* newsize) return output; } -uint8_t* sha256(uint8_t* msg, uint32_t size) +uint8_t* foleo_sha256(uint8_t* msg, uint32_t size) { //set initial state - for (uint8_t i = 0; i < sizeof(sha256_h) / sizeof(uint32_t); i++) + for (uint8_t i = 0; i < sizeof(foleo_sha256_h) / sizeof(uint32_t); i++) { - sha256_h[i] = sha256_init[i]; + foleo_sha256_h[i] = foleo_sha256_init[i]; } //pad the message uint32_t newsize; - uint32_t* padded = sha256_pad(msg, size, &newsize); + uint32_t* padded = foleo_sha256_pad(msg, size, &newsize); //run the algorithm for (uint32_t i = 0; i < newsize / 16; i++) { - sha256_process_block(padded + (i * 16)); + foleo_sha256_process_block(padded + (i * 16)); } //done free(padded); //breakout - uint8_t* out = malloc(sizeof(sha256_h) * sizeof(uint32_t)); - for (uint32_t i = 0; i < sizeof(sha256_h); i++) + uint8_t* out = malloc(sizeof(foleo_sha256_h) * sizeof(uint32_t)); + for (uint32_t i = 0; i < sizeof(foleo_sha256_h); i++) { - out[i * sizeof(uint32_t) + 0] = sha256_h[i] >> 24; - out[i * sizeof(uint32_t) + 1] = sha256_h[i] >> 16; - out[i * sizeof(uint32_t) + 2] = sha256_h[i] >> 8; - out[i * sizeof(uint32_t) + 3] = sha256_h[i]; + out[i * sizeof(uint32_t) + 0] = foleo_sha256_h[i] >> 24; + out[i * sizeof(uint32_t) + 1] = foleo_sha256_h[i] >> 16; + out[i * sizeof(uint32_t) + 2] = foleo_sha256_h[i] >> 8; + out[i * sizeof(uint32_t) + 3] = foleo_sha256_h[i]; } return out; } diff --git a/tests/HMAC_SHA256.pdf b/tests/HMAC_SHA256.pdf new file mode 100644 index 0000000..9cc725f Binary files /dev/null and b/tests/HMAC_SHA256.pdf differ diff --git a/tests/cases.c b/tests/cases.c new file mode 100644 index 0000000..00dc570 --- /dev/null +++ b/tests/cases.c @@ -0,0 +1,385 @@ +uint8_t NIST_HMAC_key1[] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F +}; +uint8_t NIST_HMAC_data1[] = +{ + 0x53, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x6D, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x66, + 0x6F, 0x72, 0x20, 0x6B, 0x65, 0x79, 0x6C, 0x65, + 0x6E, 0x3D, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x6C, + 0x65, 0x6E +}; +uint8_t NIST_HMAC_result1[] = +{ + 0x8B, 0xB9, 0xA1, 0xDB, 0x98, 0x06, 0xF2, 0x0D, + 0xF7, 0xF7, 0x7B, 0x82, 0x13, 0x8C, 0x79, 0x14, + 0xD1, 0x74, 0xD5, 0x9E, 0x13, 0xDC, 0x4D, 0x01, + 0x69, 0xC9, 0x05, 0x7B, 0x13, 0x3E, 0x1D, 0x62 +}; +uint8_t NIST_HMAC_key2[] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F +}; +uint8_t NIST_HMAC_data2[] = +{ + 0x53, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x6D, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x66, + 0x6F, 0x72, 0x20, 0x6B, 0x65, 0x79, 0x6C, 0x65, + 0x6E, 0x3C, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x6C, + 0x65, 0x6E +}; +uint8_t NIST_HMAC_result2[] = +{ + 0xA2, 0x8C, 0xF4, 0x31, 0x30, 0xEE, 0x69, 0x6A, + 0x98, 0xF1, 0x4A, 0x37, 0x67, 0x8B, 0x56, 0xBC, + 0xFC, 0xBD, 0xD9, 0xE5, 0xCF, 0x69, 0x71, 0x7F, + 0xEC, 0xF5, 0x48, 0x0F, 0x0E, 0xBD, 0xF7, 0x90 +}; +uint8_t NIST_HMAC_key3[] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, + 0x60, 0x61, 0x62, 0x63 +}; +uint8_t NIST_HMAC_data3[] = +{ + 0x53, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x6D, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x66, + 0x6F, 0x72, 0x20, 0x6B, 0x65, 0x79, 0x6C, 0x65, + 0x6E, 0x3D, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x6C, + 0x65, 0x6E +}; +uint8_t NIST_HMAC_result3[] = +{ + 0xBD, 0xCC, 0xB6, 0xC7, 0x2D, 0xDE, 0xAD, 0xB5, + 0x00, 0xAE, 0x76, 0x83, 0x86, 0xCB, 0x38, 0xCC, + 0x41, 0xC6, 0x3D, 0xBB, 0x08, 0x78, 0xDD, 0xB9, + 0xC7, 0xA3, 0x8A, 0x43, 0x1B, 0x78, 0x37, 0x8D +}; +uint8_t NIST_HMAC_key4[] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, + 0x30 +}; +uint8_t NIST_HMAC_data4[] = +{ + 0x53, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x6D, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, 0x66, + 0x6F, 0x72, 0x20, 0x6B, 0x65, 0x79, 0x6C, 0x65, + 0x6E, 0x3C, 0x62, 0x6C, 0x6F, 0x63, 0x6B, 0x6C, + 0x65, 0x6E, 0x2C, 0x20, 0x77, 0x69, 0x74, 0x68, + 0x20, 0x74, 0x72, 0x75, 0x6E, 0x63, 0x61, 0x74, + 0x65, 0x64, 0x20, 0x74, 0x61, 0x67 +}; +uint8_t NIST_HMAC_result4[] = +{ + 0x27, 0xA8, 0xB1, 0x57, 0x83, 0x9E, 0xFE, 0xAC, + 0x98, 0xDF, 0x07, 0x0B, 0x33, 0x1D, 0x59, 0x36 +}; +uint8_t RFC4231_HMAC_key1[] = +{ + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b +}; +uint8_t RFC4231_HMAC_data1[] = +{ + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 +}; +uint8_t RFC4231_HMAC_result1[] = +{ + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 +}; +uint8_t RFC4231_HMAC_key2[] = +{ + 0x4a, 0x65, 0x66, 0x65 +}; +uint8_t RFC4231_HMAC_data2[] = +{ + 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f +}; +uint8_t RFC4231_HMAC_result2[] = +{ + 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, + 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, + 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, + 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 +}; +uint8_t RFC4231_HMAC_key3[] = +{ + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa +}; +uint8_t RFC4231_HMAC_data3[] = +{ + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd +}; +uint8_t RFC4231_HMAC_result3[] = +{ + 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46, + 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7, + 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22, + 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe +}; +uint8_t RFC4231_HMAC_key4[] = +{ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19 +}; +uint8_t RFC4231_HMAC_data4[] = +{ + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd +}; +uint8_t RFC4231_HMAC_result4[] = +{ + 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, + 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, + 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, + 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b +}; +uint8_t RFC4231_HMAC_key5[] = +{ + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, + 0x0c, 0x0c, 0x0c, 0x0c +}; +uint8_t RFC4231_HMAC_data5[] = +{ + 0x54, 0x65, 0x73, 0x74, 0x20, + 0x57, 0x69, 0x74, 0x68, 0x20, + 0x54, 0x72, 0x75, 0x6e, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e +}; +uint8_t RFC4231_HMAC_result5[] = +{ + 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, + 0xe0, 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, + 0x55, 0x2b +}; +uint8_t RFC4231_HMAC_key6[] = +{ + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa +}; +uint8_t RFC4231_HMAC_data6[] = +{ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69, + 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, + 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42, + 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a, + 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20, + 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79, + 0x20, 0x46, 0x69, 0x72, 0x73, 0x74 +}; +uint8_t RFC4231_HMAC_result6[] = +{ + 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f, + 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f, + 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14, + 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 +}; +uint8_t RFC4231_HMAC_key7[] = +{ + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa +}; +uint8_t RFC4231_HMAC_data7[] = +{ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75, + 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c, + 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68, + 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, + 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65, + 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20, + 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, + 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, + 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64, + 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65, + 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65, + 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65, + 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20, + 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62, + 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65, + 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c, + 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e +}; +uint8_t RFC4231_HMAC_result7[] = +{ + 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb, + 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44, + 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93, + 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 +}; + +uint8_t RFC5869_HKDF_ikm1[] = +{ + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b +}; +uint8_t RFC5869_HKDF_salt1[] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c +}; +uint8_t RFC5869_HKDF_info1[] = +{ + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 +}; +uint8_t RFC5869_HKDF_result1[] = +{ + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, + 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, + 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, + 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 +}; +uint8_t RFC5869_HKDF_ikm2[] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f +}; +uint8_t RFC5869_HKDF_salt2[] = +{ + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf +}; +uint8_t RFC5869_HKDF_info2[] = +{ + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff +}; +uint8_t RFC5869_HKDF_result2[] = +{ + 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, + 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, + 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, + 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, + 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, + 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, + 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, + 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, + 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, + 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, + 0x1d, 0x87 +}; +uint8_t RFC5869_HKDF_ikm3[] = +{ + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b +}; +uint8_t RFC5869_HKDF_salt3[] = {}; +uint8_t RFC5869_HKDF_info3[] = {}; +uint8_t RFC5869_HKDF_result3[] = +{ + 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, + 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, + 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, + 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, + 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, + 0x96, 0xc8 +}; \ No newline at end of file diff --git a/tests/test.c b/tests/test.c new file mode 100644 index 0000000..753b811 --- /dev/null +++ b/tests/test.c @@ -0,0 +1,66 @@ +#include "../src/all.c" +#include "cases.c" + +void test_pbuf(char* p, uint8_t* b, uint32_t s) +{ + printf("%s = { ", p); + for (uint32_t i = 0; i < s; i++) + { + printf("%02X ", b[i]); + } + printf("}\n"); +} + +void test_hmac(uint8_t grp, uint16_t id, uint8_t key[], uint16_t keyS, uint8_t data[], uint16_t dataS, uint8_t result[], uint16_t resultS) +{ + uint8_t lbl1[] = " NIST"; + uint8_t lbl2[] = "RCF#4231"; + uint8_t* out = foleo_hmac(foleo_sha256, 32, 64, key, keyS, data, dataS); + for (uint16_t i = 0; i < resultS; i++) + { + if (out[i] != result[i]) + { + printf("%s HMAC-SHA256 #%i: FAILED\n", grp == 1 ? lbl1 : lbl2, id); + free(out); + return; + } + } + free(out); + printf("%s HMAC-SHA256 #%i: PASS\n", grp == 1 ? lbl1 : lbl2, id); +} + +void test_hkdf(uint16_t id, uint8_t* ikm, uint32_t ikmS, uint8_t* salt, uint32_t saltS, uint8_t* info, uint32_t infoS, uint8_t* result, uint32_t resultS) +{ + uint8_t* out = foleo_hmac_hkdf(FOLEO_SHA256_PARAMETERS, resultS, ikm, ikmS, salt, saltS, info, infoS); + for (uint16_t i = 0; i < resultS; i++) + { + if (out[i] != result[i]) + { + printf("RFC#5869 HKDF-SHA256 #%i: FAILED\n", id); + free(out); + return; + } + } + free(out); + printf("RFC#5869 HKDF-SHA256 #%i: PASS\n", id); +} + +void main() +{ + test_hmac(1, 1, NIST_HMAC_key1, sizeof(NIST_HMAC_key1), NIST_HMAC_data1, sizeof(NIST_HMAC_data1), NIST_HMAC_result1, sizeof(NIST_HMAC_result1)); + test_hmac(1, 2, NIST_HMAC_key2, sizeof(NIST_HMAC_key2), NIST_HMAC_data2, sizeof(NIST_HMAC_data2), NIST_HMAC_result2, sizeof(NIST_HMAC_result2)); + test_hmac(1, 3, NIST_HMAC_key3, sizeof(NIST_HMAC_key3), NIST_HMAC_data3, sizeof(NIST_HMAC_data3), NIST_HMAC_result3, sizeof(NIST_HMAC_result3)); + test_hmac(1, 4, NIST_HMAC_key4, sizeof(NIST_HMAC_key4), NIST_HMAC_data4, sizeof(NIST_HMAC_data4), NIST_HMAC_result4, sizeof(NIST_HMAC_result4)); + test_hmac(2, 1, RFC4231_HMAC_key1, sizeof(RFC4231_HMAC_key1), RFC4231_HMAC_data1, sizeof(RFC4231_HMAC_data1), RFC4231_HMAC_result1, sizeof(RFC4231_HMAC_result1)); + test_hmac(2, 2, RFC4231_HMAC_key2, sizeof(RFC4231_HMAC_key2), RFC4231_HMAC_data2, sizeof(RFC4231_HMAC_data2), RFC4231_HMAC_result2, sizeof(RFC4231_HMAC_result2)); + test_hmac(2, 3, RFC4231_HMAC_key3, sizeof(RFC4231_HMAC_key3), RFC4231_HMAC_data3, sizeof(RFC4231_HMAC_data3), RFC4231_HMAC_result3, sizeof(RFC4231_HMAC_result3)); + test_hmac(2, 4, RFC4231_HMAC_key4, sizeof(RFC4231_HMAC_key4), RFC4231_HMAC_data4, sizeof(RFC4231_HMAC_data4), RFC4231_HMAC_result4, sizeof(RFC4231_HMAC_result4)); + test_hmac(2, 5, RFC4231_HMAC_key5, sizeof(RFC4231_HMAC_key5), RFC4231_HMAC_data5, sizeof(RFC4231_HMAC_data5), RFC4231_HMAC_result5, sizeof(RFC4231_HMAC_result5)); + test_hmac(2, 6, RFC4231_HMAC_key6, sizeof(RFC4231_HMAC_key6), RFC4231_HMAC_data6, sizeof(RFC4231_HMAC_data6), RFC4231_HMAC_result6, sizeof(RFC4231_HMAC_result6)); + test_hmac(2, 7, RFC4231_HMAC_key7, sizeof(RFC4231_HMAC_key7), RFC4231_HMAC_data7, sizeof(RFC4231_HMAC_data7), RFC4231_HMAC_result7, sizeof(RFC4231_HMAC_result7)); + + test_hkdf(1, RFC5869_HKDF_ikm1, sizeof(RFC5869_HKDF_ikm1), RFC5869_HKDF_salt1, sizeof(RFC5869_HKDF_salt1), RFC5869_HKDF_info1, sizeof(RFC5869_HKDF_info1), RFC5869_HKDF_result1, sizeof(RFC5869_HKDF_result1)); + test_hkdf(2, RFC5869_HKDF_ikm2, sizeof(RFC5869_HKDF_ikm2), RFC5869_HKDF_salt2, sizeof(RFC5869_HKDF_salt2), RFC5869_HKDF_info2, sizeof(RFC5869_HKDF_info2), RFC5869_HKDF_result2, sizeof(RFC5869_HKDF_result2)); + test_hkdf(3, RFC5869_HKDF_ikm3, sizeof(RFC5869_HKDF_ikm3), RFC5869_HKDF_salt3, sizeof(RFC5869_HKDF_salt3), RFC5869_HKDF_info3, sizeof(RFC5869_HKDF_info3), RFC5869_HKDF_result3, sizeof(RFC5869_HKDF_result3)); + +}