Merge pull request #4679 from BytesGalore/add_hmac_sha256

hashes/sha256: initial commit for hmac-sha256 computation
2024-12-29 04:50:03 +01:00 · 2016-02-06 12:36:02 +01:00 · 2016-02-06 12:36:02 +01:00 · b377491d7c
commit b377491d7c
parent 0e40350d81 b1537bc17c
3 changed files with 179 additions and 0 deletions
--- a/sys/hashes/sha256.c
+++ b/sys/hashes/sha256.c
@ -259,3 +259,62 @@ unsigned char *sha256(const unsigned char *d, size_t n, unsigned char *md)

    return md;
 }
+
+const unsigned char *hmac_sha256(const unsigned char *key,
+                                 size_t key_length,
+                                 const unsigned *message,
+                                 size_t message_length,
+                                 unsigned char *result)
+{
+    unsigned char k[SHA256_INTERNAL_BLOCK_SIZE];
+    memset((void *)k, 0x00, SHA256_INTERNAL_BLOCK_SIZE);
+
+    if (key_length > SHA256_INTERNAL_BLOCK_SIZE) {
+        sha256(key, key_length, k);
+    }
+    else {
+        memcpy((void*)k, key, key_length);
+    }
+
+    /*
+     * create the inner and outer keypads
+     * rising hamming distance enforcing i_* and o_* are distinct
+     * in at least one bit
+     */
+    unsigned char o_key_pad[SHA256_INTERNAL_BLOCK_SIZE];
+    unsigned char i_key_pad[SHA256_INTERNAL_BLOCK_SIZE];
+
+    for (size_t i = 0; i < SHA256_INTERNAL_BLOCK_SIZE; ++i) {
+        o_key_pad[i] = 0x5c^k[i];
+        i_key_pad[i] = 0x36^k[i];
+    }
+
+    /*
+     * Create the inner hash
+     * tmp = hash(i_key_pad CONCAT message)
+     */
+    sha256_context_t c;
+    unsigned char tmp[SHA256_DIGEST_LENGTH];
+
+    sha256_init(&c);
+    sha256_update(&c, i_key_pad, SHA256_INTERNAL_BLOCK_SIZE);
+    sha256_update(&c, message, message_length);
+    sha256_final(tmp, &c);
+
+    static unsigned char m[SHA256_DIGEST_LENGTH];
+
+    if (result == NULL) {
+        result = m;
+    }
+
+    /*
+     * Create the outer hash
+     * result = hash(o_key_pad CONCAT tmp)
+     */
+    sha256_init(&c);
+    sha256_update(&c, o_key_pad, SHA256_INTERNAL_BLOCK_SIZE);
+    sha256_update(&c, tmp, SHA256_DIGEST_LENGTH);
+    sha256_final(result, &c);
+
+    return result;
+}
--- a/sys/include/hashes/sha256.h
+++ b/sys/include/hashes/sha256.h
@ -51,6 +51,11 @@ extern "C" {

 #define SHA256_DIGEST_LENGTH 32

+/**
+ * @brief 512 Bit (64 Byte) internally used block size for sha256
+ */
+#define SHA256_INTERNAL_BLOCK_SIZE (64)
+
 /**
 * @brief Context for ciper operatins based on sha256
 */
@ -100,6 +105,25 @@ void sha256_final(unsigned char digest[32], sha256_context_t *ctx);
 */
 unsigned char *sha256(const unsigned char *d, size_t n, unsigned char *md);

+/**
+ * @brief function to compute a hmac-sha256 from a given message
+ *
+ * @param[in] key key used in the hmac-sha256 computation
+ * @param[in] key_length the size in bytes of the key
+ * @param[in] message pointer to the message to generate the hmac-sha256
+ * @param[in] message_length the length of the message in bytes
+ * @param[out] result the computed hmac-sha256,
+ *             length MUST be SHA256_DIGEST_LENGTH
+ *             if result == NULL, a static buffer is used
+ * @returns pointer to the resulting digest.
+ *          if result == NULL the pointer points to the static buffer
+ */
+const unsigned char *hmac_sha256(const unsigned char *key,
+                                 size_t key_length,
+                                 const unsigned *message,
+                                 size_t message_length,
+                                 unsigned char *result);
+
 #ifdef __cplusplus
 }
 #endif
--- a/tests/unittests/tests-hashes/tests-hashes-sha256.c
+++ b/tests/unittests/tests-hashes/tests-hashes-sha256.c
@ -81,10 +81,106 @@ static void test_hashes_sha256_hash_sequence(void)
                                      "c19d3bf8588897076873f1a0a106ba840ca46bd1179d592953acecc4df59593c"));
 }

+
+static void test_hashes_hmac_sha256_hash_sequence(void)
+{
+    unsigned char key[64];
+    /* prepare an empty key */
+    memset((void*)key, 0x0, 64);
+    static unsigned char hmac[SHA256_DIGEST_LENGTH];
+
+    /* use an empty message */
+    const unsigned *m = NULL;
+    hmac_sha256(key, 64, m, 0, hmac);
+
+    TEST_ASSERT(compare_str_vs_digest(
+                 "b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad", hmac));
+
+    /* use a real message */
+    const char str[] = "The quick brown fox jumps over the lazy dog";
+    key[0] = 'k';
+    key[1] = 'e';
+    key[2] = 'y';
+
+    hmac_sha256(key, 3, (unsigned*)str, strlen(str), hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8", hmac));
+
+    /*
+        The followig testcases are taken from:
+        https://tools.ietf.org/html/rfc4868#section-2.7.1
+    */
+
+    /* Test Case PRF-1: */
+    const char strPRF1[] = "Hi There";
+    memset(key, 0x0b, 20);
+
+    hmac_sha256(key, 20, (unsigned*)strPRF1, strlen(strPRF1), hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7", hmac));
+
+    /* Test Case PRF-2: */
+    const char strPRF2[] = "what do ya want for nothing?";
+    /* clear the key (we used 20 bytes so we clear only 20) */
+    memset(key, 0x0, 20);
+    key[0] = 'J';
+    key[1] = 'e';
+    key[2] = 'f';
+    key[3] = 'e';
+
+    hmac_sha256(key, 4, (unsigned*)strPRF2, strlen(strPRF2), hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843", hmac));
+
+    /* Test Case PRF-3: */
+    char strPRF3[50];
+    memset(strPRF3, 0xdd, 50);
+    memset(key, 0xaa, 20);
+
+    hmac_sha256(key, 20, (unsigned*)strPRF3, 50, hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", hmac));
+
+    /* Test Case PRF-4: */
+    char strPRF4[50];
+    memset(strPRF4, 0xcd, 50);
+    /* clear the key (we used 20 bytes so we clear only 20) */
+    memset(key, 0x0, 20);
+    /*
+    * set key to: 0102030405060708090a0b0c0d0e0f10111213141516171819
+    */
+    for (size_t i = 0; i < 25; ++i) {
+        key[i] = i+1;
+    }
+
+    hmac_sha256(key, 25, (unsigned*)strPRF4, 50, hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b", hmac));
+
+    /* Test Case PRF-5: */
+    const char strPRF5[] = "Test Using Larger Than Block-Size Key - Hash Key First";
+    unsigned char longKey[131];
+    memset(longKey, 0xaa, 131);
+
+    hmac_sha256(longKey, 131, (unsigned*)strPRF5, strlen(strPRF5), hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54", hmac));
+
+    /* Test Case PRF-6: */
+    const char strPRF6[] = "This is a test using a larger than block-size key and a "
+                           "larger than block-size data. The key needs to be hashed "
+                           "before being used by the HMAC algorithm.";
+    /* the same key is used as above: 131 x 0xa */
+    hmac_sha256(longKey, 131, (unsigned*)strPRF6, strlen(strPRF6), hmac);
+    TEST_ASSERT(compare_str_vs_digest(
+                 "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2", hmac));
+}
+
 Test *tests_hashes_sha256_tests(void)
 {
    EMB_UNIT_TESTFIXTURES(fixtures) {
        new_TestFixture(test_hashes_sha256_hash_sequence),
+        new_TestFixture(test_hashes_hmac_sha256_hash_sequence),
    };

    EMB_UNIT_TESTCALLER(hashes_sha256_tests, NULL, NULL,