Crypto library for Arduino

BitSeeker · February 20, 2020, 4:18pm

I am working on a project that requires generating a SHA256 hash (or similar static strong hash). Doing this with sha1 was easy using the hash.h library. However, there seems to be no supplied equivalent library for sha256. I did find the Crypto.h library by Rhys Wetherley in the Library Manager which seems to be the de-facto library, as well as others online, but as yet am unable to find any real world usage examples online so am a bit stuck on how to proceed.

A search of this forum showed a few links to Crypto chip, but not to any specific crypto library?

Can anyone point me to any tutorials or usage examples for the Rhys Wetherby library, or indeed any other library that is considered by the experts to be exhaustively tested and safe? Or is the Arduino simply considered to be unsuitable for strong cryptography?

jremington · February 20, 2020, 4:30pm

The Arduino is a toy and a learning tool. If you really need "strong cryptography", look elsewhere.

anon57585045 · February 20, 2020, 4:38pm

It is because the processors on devices like the UNO are not fast enough for strong cryptography.

pert · February 20, 2020, 4:59pm

After you install the Crypto library, you'll find a large selection of example sketches under the File > Examples > Crypto menu, including one named "TestSHA256".

BitSeeker · February 20, 2020, 5:22pm

pert:
After you install the Crypto library, you'll find a large selection of example sketches under the File > Examples > Crypto menu, including one named "TestSHA256".

Pert, thanks. I did find that script in my searches but it appears to be designed to test the library math. It does not appear to be a practical working example of how the library might be employed in a user sketch?

aarg:
It is because the processors on devices like the UNO are not fast enough for strong cryptography.

Aarg, I suspected as much, although I will be using this on the ESP8266 and ESP32. Not tested on the ESP32 yet, but I got the SSL stuff working on the ESP8266 the other day and initial page loading has got a bit slow on there so I don’t know what adding sha256 will do to it, but sha1 is deemed inadequate these days so what is one to do?

I have spent several hours today researching crypto and specifically sha256 and still haven't really got a clue where to start! With sha1 it was so easy.

arduarn · February 20, 2020, 7:05pm

BitSeeker:
... It does not appear to be a practical working example of how the library might be employed in a user sketch?

I think you are being blinded by the big byte tables. It is an example of library use; here is a hacked version for clarity:

#include <Hash.h>
#include <SHA256.h>

#define HASH_SIZE 32

char *data = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
const uint8_t expectedHash[HASH_SIZE] = {
  0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
  0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
  0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
  0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
};

SHA256 sha256;
Hash *hash = &sha256;

void setup() {
  uint8_t value[HASH_SIZE];

  Serial.begin(115200);

  // do the hash
  hash->reset();
  hash->update(data, strlen(data));
  hash->finalize(value, sizeof(value));

  // check the result against pre-calculated hash
  if (memcmp(value, expectedHash, sizeof(value)) == 0) {
    Serial.println("hash match");
  } else {
    Serial.println("hash mismatch");
  }

  // modify data
  data[7] = 'z';

  // do the hash
  hash->reset();
  hash->update(data, strlen(data));
  hash->finalize(value, sizeof(value));

  // check the result against pre-calculated hash
  if (memcmp(value, expectedHash, sizeof(value)) == 0) {
    Serial.println("hash match");
  } else {
    Serial.println("hash mismatch");
  }
}

void loop() { }

HTH.

BitSeeker · February 20, 2020, 8:34pm

arduarn:
I think you are being blinded by the big byte tables. It is an example of library use; here is a hacked version for clarity:

I think you were pretty much spot on with that observation, that and fatigue! After a couple of hours break from the screen things are starting to make sense! It would seem that the sha256 library makes things a little more complex than the simple one liner for sha1:

String sha = sha1("mystring");

but I get the idea. Thank you for sharing your simplified version of the sketch. Thanks to that I have now made some progress and been able to set up my own working test example.

I am still getting warnings though, in both your sketch and mine:

/home/john/Arduino/libraries/Crypto/src/AES128.cpp:235:6: warning: unused parameter 'output' [-Wunused-parameter]
void AESTiny128::decryptBlock(uint8_t *output, const uint8_t *input)
   ^
/home/john/Arduino/libraries/Crypto/src/AES128.cpp:235:6: warning: unused parameter 'input' [-Wunused-parameter]
/home/john/Arduino/libraries/Crypto/src/AES256.cpp:272:6: warning: unused parameter 'output' [-Wunused-parameter]
void AESTiny256::decryptBlock(uint8_t *output, const uint8_t *input)
   ^
/home/john/Arduino/libraries/Crypto/src/AES256.cpp:272:6: warning: unused parameter 'input' [-Wunused-parameter]

BTW I changed this:

char *data = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";

for this:

char data[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";

which got rid of the "deprecated conversion from string constant to 'char*' [-Wwrite-strings]" warning. Not really sure what the issue is for the unused parameter warnings as they seem intermittent (sometimes appear and sometimes not), but I will save that for another day!

arduarn · February 20, 2020, 10:29pm

BitSeeker:
BTW I changed this:
char *data = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
for this:
char data[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
which got rid of the "deprecated conversion from string constant to 'char*' [-Wwrite-strings]" warning. Not really sure what the issue is for the unused parameter warnings as they seem intermittent (sometimes appear and sometimes not), but I will save that for another day!

Yes, that's an error - shouldn't try to modify a string constant, even though it worked in this case. Only spent a few minutes cut&pasting it together so mistakes made. The main thing is you got the idea.
The other warnings are in the library, so just look the other way.

BitSeeker · February 21, 2020, 2:23pm

Sorry if that came across as being a bit critical of your work. Please be assured that I really appreciate your taking the time and trouble in putting this together. It was just one of those weird things one encounters when trying to compile C++ code sometimes.

arduarn:
The other warnings are in the library, so just look the other way.

Yes, I had suspected as much. Will look the other way as advised

Topic		Replies	Views
HMAC SHA-256 Networking, Protocols, and Devices	6	3250	May 6, 2021
SHA256 lib that works? Programming	3	2733	May 5, 2021
Crypto library SHA256 Networking, Protocols, and Devices	2	686	May 6, 2021
Help Encryption Development	3	2009	May 6, 2021
SHA256 and HMAC-SHA256 General Guidance	2	682	May 5, 2021

Crypto library for Arduino

Related topics