• Replies 3 replies
  • Subscribers 14 subscribers
  • Views 417 views
  • Users 0 members are here
Options
Related

Toybox.Cryptography not implemented in D2 Charlie (CIQ Simulator 3.0.6) ?

CedricD.
over 6 years ago
Hello,

I've been playing with the Toybox.Cryptography module to achieve a "native" implementation of TOTP (RFC 6238) using our devices' internal cryptographic resources.

[working with SDK 3.0.6 toolchain/simulator] When compiling with "d2charlie" (CIQ 3.0.0) as target, Toybox.Cryptography symbols such as HASH_SHA1 or HashBasedMessageAuthenticationCode lead to SymbolNotFound exceptions. Switching to "fenix5x" as target works. Running the code on an actual D2 Charlie also works. SDK bug ?

Also, do you have plan to allow the entire range of SHA hash functions in HashBasedMessageAuthenticationCode, instead of only SHA-256 (most TOTP implementations - e.g. Google's, GitHub's, etc. - use SHA-1) ?

And just out-of-curiosity: are (some) Toybox.Cryptography primitives hardware-backed/accelerated ?

Best
  • over 6 years ago
    SDK 3.0.8 simulator still does not allow the D2 Charlie to call Toybox.Cryptography resources (Symbol Not Found) while working flawlessly on actual device.

    (workaround: use Fenix 5X simulated device)
  • over 6 years ago
    I've filed an issue for the problem you've reported. Normally, the features available on the device and in the simulator are controlled by a single configuration file. For some reason that configuration file has no entry for cryptography with the d2charlie, which explains why the simulator thinks the feature is not available. We will need to investigate to find out how the device firmware is being built with the option on.

    That said, I think it is safe to assume that the simulator should match the device.

    do you have plan to allow the entire range of SHA hash functions in HashBasedMessageAuthenticationCode?

    I've not heard anything about adding additional HMAC implementations, but that doesn't mean it isn't planned.

    are (some) Toybox.Cryptography primitives hardware-backed/accelerated ?

    I'm fairly certain that some devices leverage hardware acceleration.


  • over 6 years ago
    Thanks for the feedback and looking into this.

    I've not heard anything about adding additional HMAC implementations, but that doesn't mean it isn't planned.


    My question spawned from the fact that both SHA1 and SHA256 hashing algorithms are available for Toybox.Cryptography.Hash() but strangely, only SHA256 is supported by Toybox.Cryptography.HashBasedMessageAuthenticationCode(). It's really surprising, given the HMAC algorithm (RFC2104) is orthogonal from the HASH algorithm (meaning SHA1 - or any other hash algorithm - can readily be implemented if SHA256 already is).

    I'm fairly certain that some devices leverage hardware acceleration.


    I now also strongly suspect this (at least on the D2 Charlie). My TOTP implementation - relying on Toybox.Cryptography.Hash() - feels much faster (objectively, I think) than other software (SHA) implementation one can find on the Store.