SHA512_HMAC
#1
Good day !

I am attempting to write a module where I derive a key from 2048 SHA512_HMAC iterations, however I cannot seem to get the hash correct after the initial hash.

This is what I am trying
Code:
  sha512_hmac_ctx_t ctx0;
  sha512_hmac_init_swap(&ctx0, &pw, pwl);
  sha512_hmac_update_swap(&ctx0, &salt, 12);
  sha512_hmac_final(&ctx0);

  print_u64_array_hex(&ctx0.opad.h, 8);
 
  memcpy(&seed, &ctx0.opad.h, 64);
  //xor_seed_with_round(&seed, &ctx0.opad.h);
 
  u64 U[16] = {0};
  memcpy(&U, &ctx0.opad.h, 64);

  for(int x=1;x<2048;x++){
    sha512_hmac_ctx_t ctx;
    sha512_hmac_init_swap(&ctx, &pw, pwl);
    sha512_hmac_update_swap(&ctx, U, 64);
    sha512_hmac_final(&ctx);

    if (x == 1) { print_u64_array_hex(&ctx.opad.h, 8); }

    memcpy(&U, &ctx.opad.h, 64);

    xor_seed_with_round(&seed, &U);
  }


As I mentioned, the initial hash at ctx0 is correct, however just after one iteration in the loop, the hash is wrong. I know the hash is wrong because I have a working implementation in Golang.

The same issue I have with normal sha512 as well, where I can get the first hash as expected, but then it just works unexpectedly.

Would appreciate any help
Thanks !
Reply
#2
Found the issue

seems like byte order is different for the output

my quick'n'dirty solution was to convert to uchar array after every iteration

Code:
for (int i=0; i<8; i++) {
    U[i*8]   = (ctx0.opad.h[i] & 0xFF00000000000000) >> 56;
    U[i*8+1] = (ctx0.opad.h[i] & 0x00FF000000000000) >> 48;
    U[i*8+2] = (ctx0.opad.h[i] & 0x0000FF0000000000) >> 40;
    U[i*8+3] = (ctx0.opad.h[i] & 0x000000FF00000000) >> 32;
    U[i*8+4] = (ctx0.opad.h[i] & 0x00000000FF000000) >> 24;
    U[i*8+5] = (ctx0.opad.h[i] & 0x0000000000FF0000) >> 16;
    U[i*8+6] = (ctx0.opad.h[i] & 0x000000000000FF00) >> 8;
    U[i*8+7] =  ctx0.opad.h[i] & 0x00000000000000FF;
  }

would still be interested to know if am mis-using the API, and if there are better fixes.
Reply