diff --git a/doc/crypto.dox b/doc/crypto.dox index 63158c47..b793611d 100644 --- a/doc/crypto.dox +++ b/doc/crypto.dox @@ -29,7 +29,7 @@ \li Block ciphers: AES128, AES192, AES256 \li Block cipher modes: CTR, CFB, CBC, OFB \li Stream ciphers: ChaCha -\li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b +\li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b (regular and HMAC modes) \li Public key algorithms: Curve25519 \li Random number generation: \link RNGClass RNG\endlink, TransistorNoiseSource, RingOscillatorNoiseSource diff --git a/doc/mainpage.dox b/doc/mainpage.dox index 87cbf1d7..57f6554e 100644 --- a/doc/mainpage.dox +++ b/doc/mainpage.dox @@ -93,7 +93,7 @@ realtime clock and the LCD library to implement an alarm clock. \li Block ciphers: AES128, AES192, AES256 \li Block cipher modes: CTR, CFB, CBC, OFB \li Stream ciphers: ChaCha -\li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b +\li Hash algorithms: SHA1, SHA256, SHA512, SHA3_256, SHA3_512, BLAKE2s, BLAKE2b (regular and HMAC modes) \li Public key algorithms: Curve25519 \li Random number generation: \link RNGClass RNG\endlink, TransistorNoiseSource, RingOscillatorNoiseSource diff --git a/libraries/Crypto/BLAKE2b.cpp b/libraries/Crypto/BLAKE2b.cpp index 569cb518..3c21e3c1 100644 --- a/libraries/Crypto/BLAKE2b.cpp +++ b/libraries/Crypto/BLAKE2b.cpp @@ -162,6 +162,25 @@ void BLAKE2b::clear() reset(); } +void BLAKE2b::resetHMAC(const void *key, size_t keyLen) +{ + formatHMACKey(state.m, key, keyLen, 0x36); + state.lengthLow += 128; + processChunk(0); +} + +void BLAKE2b::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[64]; + finalize(temp, sizeof(temp)); + formatHMACKey(state.m, key, keyLen, 0x5C); + state.lengthLow += 128; + processChunk(0); + update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} + // Permutation on the message input state for BLAKE2b. static const uint8_t sigma[12][16] PROGMEM = { { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, diff --git a/libraries/Crypto/BLAKE2b.h b/libraries/Crypto/BLAKE2b.h index 67d7e887..db9964a8 100644 --- a/libraries/Crypto/BLAKE2b.h +++ b/libraries/Crypto/BLAKE2b.h @@ -41,6 +41,9 @@ class BLAKE2b : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: struct { uint64_t h[8]; diff --git a/libraries/Crypto/BLAKE2s.cpp b/libraries/Crypto/BLAKE2s.cpp index a3244611..26bdd548 100644 --- a/libraries/Crypto/BLAKE2s.cpp +++ b/libraries/Crypto/BLAKE2s.cpp @@ -157,6 +157,25 @@ void BLAKE2s::clear() reset(); } +void BLAKE2s::resetHMAC(const void *key, size_t keyLen) +{ + formatHMACKey(state.m, key, keyLen, 0x36); + state.length += 64; + processChunk(0); +} + +void BLAKE2s::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[32]; + finalize(temp, sizeof(temp)); + formatHMACKey(state.m, key, keyLen, 0x5C); + state.length += 64; + processChunk(0); + update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} + // Permutation on the message input state for BLAKE2s. static const uint8_t sigma[10][16] PROGMEM = { { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, diff --git a/libraries/Crypto/BLAKE2s.h b/libraries/Crypto/BLAKE2s.h index a996fff1..baece681 100644 --- a/libraries/Crypto/BLAKE2s.h +++ b/libraries/Crypto/BLAKE2s.h @@ -41,6 +41,9 @@ class BLAKE2s : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: struct { uint32_t h[8]; diff --git a/libraries/Crypto/Hash.cpp b/libraries/Crypto/Hash.cpp index f0f3b3ab..57432a8e 100644 --- a/libraries/Crypto/Hash.cpp +++ b/libraries/Crypto/Hash.cpp @@ -21,6 +21,7 @@ */ #include "Hash.h" +#include /** * \class Hash Hash.h @@ -66,7 +67,7 @@ Hash::~Hash() * \fn void Hash::reset() * \brief Resets the hash ready for a new hashing process. * - * \sa update(), finalize() + * \sa update(), finalize(), resetHMAC() */ /** @@ -96,7 +97,7 @@ Hash::~Hash() * If finalize() is called again, then the returned \a hash value is * undefined. Call reset() first to start a new hashing process. * - * \sa reset(), update() + * \sa reset(), update(), finalizeHMAC() */ /** @@ -106,3 +107,74 @@ Hash::~Hash() * * \sa reset() */ + +/** + * \fn void Hash::resetHMAC(const void *key, size_t keyLen) + * \brief Resets the hash ready for a new HMAC hashing process. + * + * \param key Points to the HMAC key for the hashing process. + * \param keyLen Size of the HMAC \a key in bytes. + * + * The following example computes a HMAC over a series of data blocks + * with a specific key: + * + * \code + * hash.resetHMAC(key, sizeof(key)); + * hash.update(data1, sizeof(data1)); + * hash.update(data2, sizeof(data2)); + * ... + * hash.update(dataN, sizeof(dataN)); + * hash.finalizeHMAC(key, sizeof(key), hmac, sizeof(hmac)); + * \endcode + * + * The same key must be passed to both resetHMAC() and finalizeHMAC(). + * + * \sa finalizeHMAC(), reset() + */ + +/** + * \fn void Hash::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) + * \brief Finalizes the HMAC hashing process and returns the hash. + * + * \param key Points to the HMAC key for the hashing process. The contents + * of this array must be identical to the value passed to resetHMAC(). + * \param keyLen Size of the HMAC \a key in bytes. + * \param hash The buffer to return the hash value in. + * \param hashLen The length of the \a hash buffer, normally hashSize(). + * + * \sa resetHMAC(), finalize() + */ + +/** + * \brief Formats a HMAC key into a block. + * + * \param block The block to format the key into. Must be at least + * blockSize() bytes in length. + * \param key Points to the HMAC key for the hashing process. + * \param len Length of the HMAC \a key in bytes. + * \param pad Inner (0x36) or outer (0x5C) padding value to XOR with + * the formatted HMAC key. + * + * This function is intended to help subclasses implement resetHMAC() and + * finalizeHMAC() by directly formatting the HMAC key into the subclass's + * internal block buffer and resetting the hash. + */ +void Hash::formatHMACKey(void *block, const void *key, size_t len, uint8_t pad) +{ + size_t size = blockSize(); + reset(); + if (len <= size) { + memcpy(block, key, len); + } else { + update(key, len); + len = hashSize(); + finalize(block, len); + reset(); + } + memset(block + len, pad, size - len); + uint8_t *b = (uint8_t *)block; + while (len > 0) { + *b++ ^= pad; + --len; + } +} diff --git a/libraries/Crypto/Hash.h b/libraries/Crypto/Hash.h index 2d42f41c..2f7db16a 100644 --- a/libraries/Crypto/Hash.h +++ b/libraries/Crypto/Hash.h @@ -40,6 +40,12 @@ class Hash virtual void finalize(void *hash, size_t len) = 0; virtual void clear() = 0; + + virtual void resetHMAC(const void *key, size_t keyLen) = 0; + virtual void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) = 0; + +protected: + void formatHMACKey(void *block, const void *key, size_t len, uint8_t pad); }; #endif diff --git a/libraries/Crypto/KeccakCore.cpp b/libraries/Crypto/KeccakCore.cpp index 9c18f870..eeaa56ad 100644 --- a/libraries/Crypto/KeccakCore.cpp +++ b/libraries/Crypto/KeccakCore.cpp @@ -247,6 +247,41 @@ void KeccakCore::clear() clean(state); } +/** + * \brief Sets a HMAC key for a Keccak-based hash algorithm. + * + * \param key Points to the HMAC key for the hashing process. + * \param len Length of the HMAC \a key in bytes. + * \param pad Inner (0x36) or outer (0x5C) padding value to XOR with + * the formatted HMAC key. + * \param hashSize The size of the output from the hash algorithm. + * + * This function is intended to help classes implement Hash::resetHMAC() and + * Hash::finalizeHMAC() by directly formatting the HMAC key into the + * internal block buffer and resetting the hash. + */ +void KeccakCore::setHMACKey(const void *key, size_t len, uint8_t pad, size_t hashSize) +{ + uint8_t *b = (uint8_t *)state.B; + size_t size = blockSize(); + reset(); + if (len <= size) { + memcpy(b, key, len); + } else { + update(key, len); + this->pad(0x06); + extract(b, hashSize); + len = hashSize; + reset(); + } + memset(b + len, pad, size - len); + while (len > 0) { + *b++ ^= pad; + --len; + } + update(state.B, size); +} + /** * \brief Transform the state with the KECCAK-p sponge function with b = 1600. */ diff --git a/libraries/Crypto/KeccakCore.h b/libraries/Crypto/KeccakCore.h index 607447d1..d2a0464c 100644 --- a/libraries/Crypto/KeccakCore.h +++ b/libraries/Crypto/KeccakCore.h @@ -46,6 +46,8 @@ class KeccakCore void clear(); + void setHMACKey(const void *key, size_t len, uint8_t pad, size_t hashSize); + private: struct { uint64_t A[5][5]; diff --git a/libraries/Crypto/SHA1.cpp b/libraries/Crypto/SHA1.cpp index ab5ac575..9d212068 100644 --- a/libraries/Crypto/SHA1.cpp +++ b/libraries/Crypto/SHA1.cpp @@ -131,6 +131,25 @@ void SHA1::clear() reset(); } +void SHA1::resetHMAC(const void *key, size_t keyLen) +{ + formatHMACKey(state.w, key, keyLen, 0x36); + state.length += 64 * 8; + processChunk(); +} + +void SHA1::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[20]; + finalize(temp, sizeof(temp)); + formatHMACKey(state.w, key, keyLen, 0x5C); + state.length += 64 * 8; + processChunk(); + update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} + /** * \brief Processes a single 512-bit chunk with the core SHA-1 algorithm. * diff --git a/libraries/Crypto/SHA1.h b/libraries/Crypto/SHA1.h index 1a81a0cb..328ca39a 100644 --- a/libraries/Crypto/SHA1.h +++ b/libraries/Crypto/SHA1.h @@ -40,6 +40,9 @@ class SHA1 : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: struct { uint32_t h[5]; diff --git a/libraries/Crypto/SHA256.cpp b/libraries/Crypto/SHA256.cpp index 26b1b500..1c877936 100644 --- a/libraries/Crypto/SHA256.cpp +++ b/libraries/Crypto/SHA256.cpp @@ -136,6 +136,25 @@ void SHA256::clear() reset(); } +void SHA256::resetHMAC(const void *key, size_t keyLen) +{ + formatHMACKey(state.w, key, keyLen, 0x36); + state.length += 64 * 8; + processChunk(); +} + +void SHA256::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[32]; + finalize(temp, sizeof(temp)); + formatHMACKey(state.w, key, keyLen, 0x5C); + state.length += 64 * 8; + processChunk(); + update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} + /** * \brief Processes a single 512-bit chunk with the core SHA-256 algorithm. * diff --git a/libraries/Crypto/SHA256.h b/libraries/Crypto/SHA256.h index c4a2504b..246ea586 100644 --- a/libraries/Crypto/SHA256.h +++ b/libraries/Crypto/SHA256.h @@ -40,6 +40,9 @@ class SHA256 : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: struct { uint32_t h[8]; diff --git a/libraries/Crypto/SHA3.cpp b/libraries/Crypto/SHA3.cpp index 684d267f..74353c44 100644 --- a/libraries/Crypto/SHA3.cpp +++ b/libraries/Crypto/SHA3.cpp @@ -21,6 +21,7 @@ */ #include "SHA3.h" +#include "Crypto.h" /** * \class SHA3_256 SHA3.h @@ -79,6 +80,21 @@ void SHA3_256::clear() core.clear(); } +void SHA3_256::resetHMAC(const void *key, size_t keyLen) +{ + core.setHMACKey(key, keyLen, 0x36, 32); +} + +void SHA3_256::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[32]; + finalize(temp, sizeof(temp)); + core.setHMACKey(key, keyLen, 0x5C, 32); + core.update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} + /** * \class SHA3_512 SHA3.h * \brief SHA3-512 hash algorithm. @@ -135,3 +151,18 @@ void SHA3_512::clear() { core.clear(); } + +void SHA3_512::resetHMAC(const void *key, size_t keyLen) +{ + core.setHMACKey(key, keyLen, 0x36, 64); +} + +void SHA3_512::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[64]; + finalize(temp, sizeof(temp)); + core.setHMACKey(key, keyLen, 0x5C, 64); + core.update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} diff --git a/libraries/Crypto/SHA3.h b/libraries/Crypto/SHA3.h index bb19643f..76bb031c 100644 --- a/libraries/Crypto/SHA3.h +++ b/libraries/Crypto/SHA3.h @@ -41,6 +41,9 @@ class SHA3_256 : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: KeccakCore core; }; @@ -60,6 +63,9 @@ class SHA3_512 : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: KeccakCore core; }; diff --git a/libraries/Crypto/SHA512.cpp b/libraries/Crypto/SHA512.cpp index cfe8859c..1176ef96 100644 --- a/libraries/Crypto/SHA512.cpp +++ b/libraries/Crypto/SHA512.cpp @@ -139,6 +139,25 @@ void SHA512::clear() reset(); } +void SHA512::resetHMAC(const void *key, size_t keyLen) +{ + formatHMACKey(state.w, key, keyLen, 0x36); + state.lengthLow += 128 * 8; + processChunk(); +} + +void SHA512::finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen) +{ + uint8_t temp[64]; + finalize(temp, sizeof(temp)); + formatHMACKey(state.w, key, keyLen, 0x5C); + state.lengthLow += 128 * 8; + processChunk(); + update(temp, sizeof(temp)); + finalize(hash, hashLen); + clean(temp); +} + /** * \brief Processes a single 1024-bit chunk with the core SHA-512 algorithm. * diff --git a/libraries/Crypto/SHA512.h b/libraries/Crypto/SHA512.h index d394ae45..1530d548 100644 --- a/libraries/Crypto/SHA512.h +++ b/libraries/Crypto/SHA512.h @@ -40,6 +40,9 @@ class SHA512 : public Hash void clear(); + void resetHMAC(const void *key, size_t keyLen); + void finalizeHMAC(const void *key, size_t keyLen, void *hash, size_t hashLen); + private: struct { uint64_t h[8]; diff --git a/libraries/Crypto/examples/TestBLAKE2b/TestBLAKE2b.ino b/libraries/Crypto/examples/TestBLAKE2b/TestBLAKE2b.ino index e40c0a92..fa2a1bbc 100644 --- a/libraries/Crypto/examples/TestBLAKE2b/TestBLAKE2b.ino +++ b/libraries/Crypto/examples/TestBLAKE2b/TestBLAKE2b.ino @@ -29,6 +29,7 @@ This example runs tests on the BLAKE2b implementation to verify correct behaviou #include #define HASH_SIZE 64 +#define BLOCK_SIZE 128 struct TestHashVector { @@ -90,7 +91,7 @@ static TestHashVector const testVectorBLAKE2b_4 = { BLAKE2b blake2b; -byte buffer[128]; +byte buffer[BLOCK_SIZE + 2]; bool testHash_N(Hash *hash, const struct TestHashVector *test, size_t inc) { @@ -160,6 +161,69 @@ void perfHash(Hash *hash) Serial.println(" bytes per second"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + + Serial.print("HMAC-BLAKE2b keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void setup() { Serial.begin(9600); @@ -171,6 +235,12 @@ void setup() testHash(&blake2b, &testVectorBLAKE2b_2); testHash(&blake2b, &testVectorBLAKE2b_3); testHash(&blake2b, &testVectorBLAKE2b_4); + testHMAC(&blake2b, (size_t)0); + testHMAC(&blake2b, 1); + testHMAC(&blake2b, HASH_SIZE); + testHMAC(&blake2b, BLOCK_SIZE); + testHMAC(&blake2b, BLOCK_SIZE + 1); + testHMAC(&blake2b, BLOCK_SIZE + 2); Serial.println(); diff --git a/libraries/Crypto/examples/TestBLAKE2s/TestBLAKE2s.ino b/libraries/Crypto/examples/TestBLAKE2s/TestBLAKE2s.ino index 26d4c9ee..9b7098e9 100644 --- a/libraries/Crypto/examples/TestBLAKE2s/TestBLAKE2s.ino +++ b/libraries/Crypto/examples/TestBLAKE2s/TestBLAKE2s.ino @@ -29,6 +29,7 @@ This example runs tests on the BLAKE2s implementation to verify correct behaviou #include #define HASH_SIZE 32 +#define BLOCK_SIZE 64 struct TestHashVector { @@ -144,6 +145,69 @@ void perfHash(Hash *hash) Serial.println(" bytes per second"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + + Serial.print("HMAC-BLAKE2s keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void setup() { Serial.begin(9600); @@ -155,6 +219,12 @@ void setup() testHash(&blake2s, &testVectorBLAKE2s_2); testHash(&blake2s, &testVectorBLAKE2s_3); testHash(&blake2s, &testVectorBLAKE2s_4); + testHMAC(&blake2s, (size_t)0); + testHMAC(&blake2s, 1); + testHMAC(&blake2s, HASH_SIZE); + testHMAC(&blake2s, BLOCK_SIZE); + testHMAC(&blake2s, BLOCK_SIZE + 1); + testHMAC(&blake2s, sizeof(buffer)); Serial.println(); diff --git a/libraries/Crypto/examples/TestSHA1/TestSHA1.ino b/libraries/Crypto/examples/TestSHA1/TestSHA1.ino index da398f1a..36c0670d 100644 --- a/libraries/Crypto/examples/TestSHA1/TestSHA1.ino +++ b/libraries/Crypto/examples/TestSHA1/TestSHA1.ino @@ -29,16 +29,19 @@ This example runs tests on the SHA1 implementation to verify correct behaviour. #include #define HASH_SIZE 20 +#define BLOCK_SIZE 64 struct TestHashVector { const char *name; + const char *key; const char *data; uint8_t hash[HASH_SIZE]; }; static TestHashVector const testVectorSHA1_1 = { "SHA-1 #1", + 0, "abc", {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, @@ -46,11 +49,28 @@ static TestHashVector const testVectorSHA1_1 = { }; static TestHashVector const testVectorSHA1_2 = { "SHA-1 #2", + 0, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1} }; +static TestHashVector const testVectorHMAC_SHA1_1 = { + "HMAC-SHA-1 #1", + "", + "", + {0xfb, 0xdb, 0x1d, 0x1b, 0x18, 0xaa, 0x6c, 0x08, + 0x32, 0x4b, 0x7d, 0x64, 0xb7, 0x1f, 0xb7, 0x63, + 0x70, 0x69, 0x0e, 0x1d} +}; +static TestHashVector const testVectorHMAC_SHA1_2 = { + "HMAC-SHA-1 #2", + "key", + "The quick brown fox jumps over the lazy dog", + {0xde, 0x7c, 0x9b, 0x85, 0xb8, 0xb7, 0x8a, 0xa6, + 0xbc, 0x8a, 0x7a, 0x36, 0xf7, 0x0a, 0x90, 0x70, + 0x1c, 0x9d, 0xb4, 0xd9} +}; SHA1 sha1; @@ -100,6 +120,86 @@ void testHash(Hash *hash, const struct TestHashVector *test) Serial.println("Failed"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + + Serial.print("HMAC-SHA-1 keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + +void testHMAC(Hash *hash, const struct TestHashVector *test) +{ + uint8_t result[HASH_SIZE]; + + Serial.print(test->name); + Serial.print(" ... "); + + hash->resetHMAC(test->key, strlen(test->key)); + hash->update(test->data, strlen(test->data)); + hash->finalizeHMAC(test->key, strlen(test->key), result, sizeof(result)); + + if (!memcmp(result, test->hash, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void perfHash(Hash *hash) { unsigned long start; @@ -133,6 +233,14 @@ void setup() Serial.println("Test Vectors:"); testHash(&sha1, &testVectorSHA1_1); testHash(&sha1, &testVectorSHA1_2); + testHMAC(&sha1, &testVectorHMAC_SHA1_1); + testHMAC(&sha1, &testVectorHMAC_SHA1_2); + testHMAC(&sha1, (size_t)0); + testHMAC(&sha1, 1); + testHMAC(&sha1, HASH_SIZE); + testHMAC(&sha1, BLOCK_SIZE); + testHMAC(&sha1, BLOCK_SIZE + 1); + testHMAC(&sha1, sizeof(buffer)); Serial.println(); diff --git a/libraries/Crypto/examples/TestSHA256/TestSHA256.ino b/libraries/Crypto/examples/TestSHA256/TestSHA256.ino index 6117ee2b..4bec5add 100644 --- a/libraries/Crypto/examples/TestSHA256/TestSHA256.ino +++ b/libraries/Crypto/examples/TestSHA256/TestSHA256.ino @@ -29,16 +29,19 @@ This example runs tests on the SHA256 implementation to verify correct behaviour #include #define HASH_SIZE 32 +#define BLOCK_SIZE 64 struct TestHashVector { const char *name; + const char *key; const char *data; uint8_t hash[HASH_SIZE]; }; static TestHashVector const testVectorSHA256_1 = { "SHA-256 #1", + 0, "abc", {0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, @@ -47,12 +50,31 @@ static TestHashVector const testVectorSHA256_1 = { }; static TestHashVector const testVectorSHA256_2 = { "SHA-256 #2", + 0, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", {0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1} }; +static TestHashVector const testVectorHMAC_SHA256_1 = { + "HMAC-SHA-256 #1", + "", + "", + {0xb6, 0x13, 0x67, 0x9a, 0x08, 0x14, 0xd9, 0xec, + 0x77, 0x2f, 0x95, 0xd7, 0x78, 0xc3, 0x5f, 0xc5, + 0xff, 0x16, 0x97, 0xc4, 0x93, 0x71, 0x56, 0x53, + 0xc6, 0xc7, 0x12, 0x14, 0x42, 0x92, 0xc5, 0xad} +}; +static TestHashVector const testVectorHMAC_SHA256_2 = { + "HMAC-SHA-256 #2", + "key", + "The quick brown fox jumps over the lazy dog", + {0xf7, 0xbc, 0x83, 0xf4, 0x30, 0x53, 0x84, 0x24, + 0xb1, 0x32, 0x98, 0xe6, 0xaa, 0x6f, 0xb1, 0x43, + 0xef, 0x4d, 0x59, 0xa1, 0x49, 0x46, 0x17, 0x59, + 0x97, 0x47, 0x9d, 0xbc, 0x2d, 0x1a, 0x3c, 0xd8} +}; SHA256 sha256; @@ -102,6 +124,86 @@ void testHash(Hash *hash, const struct TestHashVector *test) Serial.println("Failed"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + + Serial.print("HMAC-SHA-256 keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + +void testHMAC(Hash *hash, const struct TestHashVector *test) +{ + uint8_t result[HASH_SIZE]; + + Serial.print(test->name); + Serial.print(" ... "); + + hash->resetHMAC(test->key, strlen(test->key)); + hash->update(test->data, strlen(test->data)); + hash->finalizeHMAC(test->key, strlen(test->key), result, sizeof(result)); + + if (!memcmp(result, test->hash, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void perfHash(Hash *hash) { unsigned long start; @@ -135,6 +237,14 @@ void setup() Serial.println("Test Vectors:"); testHash(&sha256, &testVectorSHA256_1); testHash(&sha256, &testVectorSHA256_2); + testHMAC(&sha256, &testVectorHMAC_SHA256_1); + testHMAC(&sha256, &testVectorHMAC_SHA256_2); + testHMAC(&sha256, (size_t)0); + testHMAC(&sha256, 1); + testHMAC(&sha256, HASH_SIZE); + testHMAC(&sha256, BLOCK_SIZE); + testHMAC(&sha256, BLOCK_SIZE + 1); + testHMAC(&sha256, sizeof(buffer)); Serial.println(); diff --git a/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino b/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino index 0619c9b6..527fe097 100644 --- a/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino +++ b/libraries/Crypto/examples/TestSHA3_256/TestSHA3_256.ino @@ -31,6 +31,7 @@ correct behaviour. #define DATA_SIZE 136 #define HASH_SIZE 32 +#define BLOCK_SIZE 136 struct TestHashVector { @@ -95,7 +96,7 @@ static TestHashVector const testVectorSHA3_256_4 = { 0xBE, 0x9B, 0x7C, 0x73, 0x6B, 0x80, 0x59, 0xAB, 0xFD, 0x67, 0x79, 0xAC, 0x35, 0xAC, 0x81, 0xB5} }; -static TestHashVector const testVectorSHA3_256_5 = { +static TestHashVector testVectorSHA3_256_5 = { "SHA3-256 #5", {0xB3, 0x2D, 0x95, 0xB0, 0xB9, 0xAA, 0xD2, 0xA8, 0x81, 0x6D, 0xE6, 0xD0, 0x6D, 0x1F, 0x86, 0x00, @@ -123,8 +124,6 @@ static TestHashVector const testVectorSHA3_256_5 = { SHA3_256 sha3_256; -byte buffer[128]; - bool testHash_N(Hash *hash, const struct TestHashVector *test, size_t inc) { size_t size = test->dataSize; @@ -176,25 +175,92 @@ void perfHash(Hash *hash) unsigned long start; unsigned long elapsed; int count; + // Reuse one of the test vectors as a large temporary buffer. + uint8_t *buffer = (uint8_t *)&testVectorSHA3_256_5; Serial.print("Hashing ... "); - for (size_t posn = 0; posn < sizeof(buffer); ++posn) + for (size_t posn = 0; posn < 128; ++posn) buffer[posn] = (uint8_t)posn; hash->reset(); start = micros(); for (count = 0; count < 500; ++count) { - hash->update(buffer, sizeof(buffer)); + hash->update(buffer, 128); } elapsed = micros() - start; - Serial.print(elapsed / (sizeof(buffer) * 500.0)); + Serial.print(elapsed / (128 * 500.0)); Serial.print("us per byte, "); - Serial.print((sizeof(buffer) * 500.0 * 1000000.0) / elapsed); + Serial.print((128 * 500.0 * 1000000.0) / elapsed); Serial.println(" bytes per second"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + // Reuse one of the test vectors as a large temporary buffer. + uint8_t *buffer = (uint8_t *)&testVectorSHA3_256_5; + + Serial.print("HMAC-SHA3-256 keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void setup() { Serial.begin(9600); @@ -207,6 +273,12 @@ void setup() testHash(&sha3_256, &testVectorSHA3_256_3); testHash(&sha3_256, &testVectorSHA3_256_4); testHash(&sha3_256, &testVectorSHA3_256_5); + testHMAC(&sha3_256, (size_t)0); + testHMAC(&sha3_256, 1); + testHMAC(&sha3_256, HASH_SIZE); + testHMAC(&sha3_256, BLOCK_SIZE); + testHMAC(&sha3_256, BLOCK_SIZE + 1); + testHMAC(&sha3_256, BLOCK_SIZE + 2); Serial.println(); diff --git a/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino b/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino index 4e18a0f3..8a6381dd 100644 --- a/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino +++ b/libraries/Crypto/examples/TestSHA3_512/TestSHA3_512.ino @@ -31,6 +31,7 @@ correct behaviour. #define DATA_SIZE 72 #define HASH_SIZE 64 +#define BLOCK_SIZE 72 struct TestHashVector { @@ -199,6 +200,69 @@ void perfHash(Hash *hash) Serial.println(" bytes per second"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + + Serial.print("HMAC-SHA3-512 keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void setup() { Serial.begin(9600); @@ -211,6 +275,12 @@ void setup() testHash(&sha3_512, &testVectorSHA3_512_3); testHash(&sha3_512, &testVectorSHA3_512_4); testHash(&sha3_512, &testVectorSHA3_512_5); + testHMAC(&sha3_512, (size_t)0); + testHMAC(&sha3_512, 1); + testHMAC(&sha3_512, HASH_SIZE); + testHMAC(&sha3_512, BLOCK_SIZE); + testHMAC(&sha3_512, BLOCK_SIZE + 1); + testHMAC(&sha3_512, sizeof(buffer)); Serial.println(); diff --git a/libraries/Crypto/examples/TestSHA512/TestSHA512.ino b/libraries/Crypto/examples/TestSHA512/TestSHA512.ino index e1876459..042598ad 100644 --- a/libraries/Crypto/examples/TestSHA512/TestSHA512.ino +++ b/libraries/Crypto/examples/TestSHA512/TestSHA512.ino @@ -29,6 +29,7 @@ This example runs tests on the SHA512 implementation to verify correct behaviour #include #define HASH_SIZE 64 +#define BLOCK_SIZE 128 struct TestHashVector { @@ -77,7 +78,7 @@ static TestHashVector const testVectorSHA512_3 = { SHA512 sha512; -byte buffer[128]; +byte buffer[BLOCK_SIZE + 2]; bool testHash_N(Hash *hash, const struct TestHashVector *test, size_t inc) { @@ -147,6 +148,69 @@ void perfHash(Hash *hash) Serial.println(" bytes per second"); } +// Very simple method for hashing a HMAC inner or outer key. +void hashKey(Hash *hash, const uint8_t *key, size_t keyLen, uint8_t pad) +{ + size_t posn; + uint8_t buf; + uint8_t result[HASH_SIZE]; + if (keyLen <= BLOCK_SIZE) { + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < keyLen) + buf = key[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } else { + hash->reset(); + hash->update(key, keyLen); + hash->finalize(result, HASH_SIZE); + hash->reset(); + for (posn = 0; posn < BLOCK_SIZE; ++posn) { + if (posn < HASH_SIZE) + buf = result[posn] ^ pad; + else + buf = pad; + hash->update(&buf, 1); + } + } +} + +void testHMAC(Hash *hash, size_t keyLen) +{ + uint8_t result[HASH_SIZE]; + + Serial.print("HMAC-SHA-512 keysize="); + Serial.print(keyLen); + Serial.print(" ... "); + + // Construct the expected result with a simple HMAC implementation. + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x36); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + hash->finalize(result, HASH_SIZE); + memset(buffer, (uint8_t)keyLen, keyLen); + hashKey(hash, buffer, keyLen, 0x5C); + hash->update(result, HASH_SIZE); + hash->finalize(result, HASH_SIZE); + + // Now use the library to compute the HMAC. + hash->resetHMAC(buffer, keyLen); + memset(buffer, 0xBA, sizeof(buffer)); + hash->update(buffer, sizeof(buffer)); + memset(buffer, (uint8_t)keyLen, keyLen); + hash->finalizeHMAC(buffer, keyLen, buffer, HASH_SIZE); + + // Check the result. + if (!memcmp(result, buffer, HASH_SIZE)) + Serial.println("Passed"); + else + Serial.println("Failed"); +} + void setup() { Serial.begin(9600); @@ -157,6 +221,12 @@ void setup() testHash(&sha512, &testVectorSHA512_1); testHash(&sha512, &testVectorSHA512_2); testHash(&sha512, &testVectorSHA512_3); + testHMAC(&sha512, (size_t)0); + testHMAC(&sha512, 1); + testHMAC(&sha512, HASH_SIZE); + testHMAC(&sha512, BLOCK_SIZE); + testHMAC(&sha512, BLOCK_SIZE + 1); + testHMAC(&sha512, BLOCK_SIZE + 2); Serial.println();