search

spaniakos / Cryptosuite

Cryptographic suite for Arduino & RPi (SHA, HMAC-SHA)
http://spaniakos.github.io/Cryptosuite/
GNU Affero General Public License v3.0
23 stars 11 forks source link

HMAC-SHA-256 failed #12

Closed pasko-zh closed 6 years ago

pasko-zh commented 7 years ago

I cannot get the correct HMAC-SHA-256 with your library. I am using the following code, i.e. a smaller version from the examples: 

#include "sha256.h"

void printHash(uint8_t* hash) {
    int i;
    for (i = 0; i<32; i++) {
        Serial.print("0123456789abcdef"[hash[i] >> 4]);
        Serial.print("0123456789abcdef"[hash[i] & 0xf]);
    }
    Serial.println();
}

uint8_t check_the_HMAC() {  
    Sha256.initHmac((uint8_t*)"Jefe", 4);
    Sha256.print("what do ya want for nothing?");
    printHash(Sha256.resultHmac());
}

void setup() {
    Serial.begin(115200);
    delay(1000);
}

void loop() {
    check_the_HMAC();
    Serial.println();
    delay(5000);
}

Which then results into

Opening port
Port open
e9944f329a91b02b95301218f7404cdb7f1db8abcef5737fae38af0283241a9d

However the expected result should be: 5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843

Since I am on the esp8266, I followed what @markrad said in his comment. I also tried with the fork of @TyIsI, however the result was the same.

I am using Arduino IDE, 1.8.2 and ESP8266 Arduino Core 2.3.0. (I've also tried with older versions of both, but it didn't change anything)

Any help/hints are very welcome, thanks paško

PS: I also tried with a completely different crytpo lib, but it has a similar issue :-(

markrad commented 7 years ago

Hi @pasko-zh,

I've had issues with a HMAC SHA256 hashing on the Arduino too. Though the suggested fix appeared to work for the most part, something went awry later as I added more code to my project. In the end I gave up with the various libraries I tested and adapted a piece of code written in straight C to do this for me. I only hash short strings so I've never hashed anything more than approximately 100 bytes but, for what it's worth, the code is here: https://github.com/markrad/Azure-IoT-ESP8266. The piece you will need is sha256.c and sha256.h. The rest is likely not relevant to you other than to serve as an example of usage. I've tested this code extensively and it has proven to be 100% accurate.

M.

pasko-zh commented 7 years ago

@markrad : Thanks a lot for your comment! I will have a look at it!

Meanwhile I was able to compile and use wolfssl/wolfcrypt, after my small issue was fixed there. The only downside is that wolfcrypt uses quite a lot of RAM, so with a simple AES-256 and HMAC-256 sketch it leaves free heap of around 37208 bytes :-o

(didn't try the WOLFSSL_SMALL_STACK yet)

spaniakos commented 7 years ago

can you output the results of the test algorithm? just to see if all of the outputs are not as expected. sadly i do now own yet an esp8266

pasko-zh commented 7 years ago

@spaniakos : You mean this test algorithm, right?

spaniakos commented 7 years ago

yes,

i need to verify if there is a problem with the print function call on esp8266.

pasko-zh commented 7 years ago

It didn't compile with the printf.h, I had to exclude it and also printf_begin().

Here are the results:

Test: RFC4231 4.2
Expect:b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7
Result:7fe373a1f8602a54463c53f01c678268733f06858204f5b0edf25cdc6a051261
 Hash took : 4269 micros

Test: RFC4231 4.3
Expect:5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843
Result:0c5e8b976f9c95f4d5359eeac5b0fab4b3131510d3ea795b2824e5eb8dc9e161
 Hash took : 6854 micros

Test: RFC4231 4.4
Expect:773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe
Result:faa72e41d08cdf20c92a5d3ef3c8c8fc3e5991b99ac054485a6020c1521e5965
 Hash took : 6853 micros

Test: RFC4231 4.5
Expect:82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b
Result:b67677e72ad264797f1fe2417386dbfb436d8c0b8d516d7bb353717def53db5b
 Hash took : 6855 micros

Test: RFC4231 4.6
Expect:a3b6167473100ee06e0c796c2955552b-------------------------------
Result:296ceef9f613131cf394d59e4cc3199d91f3033bae6d09670f2705b3a804ef3d
 Hash took : 6853 micros

Test: RFC4231 4.7
Expect:60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54
Result:09ebe5164a080a7bc763819103ecc682e6d2567edaf9b2f410cf0e6913d21837
 Hash took : 6853 micros

Test: RFC4231 4.8
Expect:9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2
Result:cf134ca95a18b475998dd80c76010534e6588122a65b1d5486ed573106637f2c
 Hash took : 6854 micros
spaniakos commented 7 years ago

hm , i think i know where the problem is.

the print function does not seem to work as intended. i need to find a see the print.h (not printf.h) of the esp8266

if you change the Sha256.print("Hi There") with int size = 8; char buffer[size] = {"H", "i", " ", "T", "h", "e", "r", "e"}; while (size--){ Sha256.write(*buffer++); } does it have good results?

(i am not with my equipment, i don`t know if the above code will work)( i wrritten it without a compiler.)