diff --git a/common.h b/common.h index cbe78a5..f6b52ae 100644 --- a/common.h +++ b/common.h @@ -142,4 +142,13 @@ int hex_to_u32(const string & a,u32_t &output); int create_fifo(char * file); +inline void print_binary_chars(const char * a,int len) +{ + for(int i=0;i",(int)b); + } + printf("\n"); +} #endif /* COMMON_H_ */ diff --git a/connection.cpp b/connection.cpp index 8ebdf57..a4f55cf 100644 --- a/connection.cpp +++ b/connection.cpp @@ -504,7 +504,7 @@ int send_bare(raw_info_t &raw_info,const char* data,int len)//send function with memcpy(send_data_buf+sizeof(iv)+sizeof(padding)+1,data,len); int new_len=len+sizeof(iv)+sizeof(padding)+1; - if(my_encrypt(send_data_buf,send_data_buf2,new_len,key)!=0) + if(my_encrypt(send_data_buf,send_data_buf2,new_len)!=0) { return -1; } @@ -520,7 +520,7 @@ int reserved_parse_bare(const char *input,int input_len,char* & data,int & len) mylog(log_debug,"input_len <0\n"); return -1; } - if(my_decrypt(input,recv_data_buf,input_len,key)!=0) + if(my_decrypt(input,recv_data_buf,input_len)!=0) { mylog(log_debug,"decrypt_fail in recv bare\n"); return -1; @@ -620,7 +620,7 @@ int send_safer(conn_info_t &conn_info,char type,const char* data,int len) //saf int new_len=len+sizeof(n_seq)+sizeof(n_tmp_id)*2+2; - if(my_encrypt(send_data_buf,send_data_buf2,new_len,key)!=0) + if(my_encrypt(send_data_buf,send_data_buf2,new_len)!=0) { return -1; } @@ -652,7 +652,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len static char recv_data_buf[buf_len]; // char *recv_data_buf=recv_data_buf0; //fix strict alias warning - if(my_decrypt(input,recv_data_buf,input_len,key)!=0) + if(my_decrypt(input,recv_data_buf,input_len)!=0) { //printf("decrypt fail\n"); return -1; diff --git a/encrypt.cpp b/encrypt.cpp index f92098b..3950fdb 100755 --- a/encrypt.cpp +++ b/encrypt.cpp @@ -1,5 +1,6 @@ #include "lib/aes.h" #include "lib/md5.h" +#include "lib/pbkdf2-sha1.h" #include #include #include @@ -16,19 +17,47 @@ static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0};//this prog * https://crypto.stackexchange.com/questions/5421/using-cbc-with-a-fixed-iv-and-a-random-first-plaintext-block ****/ -char key[16];//generated from key_string by md5. -//TODO key derive function +char normal_key[16];//generated from key_string by md5. reserved for compatiblity +const int hmac_key_len=16; +const int cipher_key_len=16; +unsigned char hmac_key[hmac_key_len + 100]; //key for hmac +unsigned char cipher_key[cipher_key_len + 100]; //key for aes etc. -unordered_map auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"}}; +unordered_map auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"},{auth_hmac_sha1,"hmac_sha1"},}; //TODO HMAC-md5 ,HMAC-sha1 -unordered_map cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"}}; +unordered_map cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"},}; //TODO aes-gcm auth_mode_t auth_mode=auth_md5; cipher_mode_t cipher_mode=cipher_aes128cbc; +int is_hmac_used=0; +int my_init_keys(const char * user_passwd) +{ + char tmp[1000]=""; + int len=strlen(user_passwd); + + strcat(tmp,user_passwd); + + strcat(tmp,"key1"); + + md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)normal_key); + + PKCS5_PBKDF2_HMAC((uint8_t*)user_passwd,len,(uint8_t*)"hmac_key",strlen("hmac_key"),1000, hmac_key_len,hmac_key); + + PKCS5_PBKDF2_HMAC((uint8_t*)user_passwd,len,(uint8_t*)"cipher_key",strlen("cipher_key"),1000,cipher_key_len,cipher_key); + + if(auth_mode==auth_hmac_sha1) + is_hmac_used=1; + + //print_binary_chars(normal_key,16); + //print_binary_chars((char *)hmac_key,16); + //print_binary_chars((char *)cipher_key,16); + + return 0; +} /* * this function comes from http://www.hackersdelight.org/hdcodetxt/crc.c.txt */ @@ -93,6 +122,35 @@ int auth_md5_cal(const char *data,char * output,int &len) return 0; } +int auth_hmac_sha1_cal(const char *data,char * output,int &len) +{ + memcpy(output,data,len);//TODO inefficient code + sha1_hmac(hmac_key, hmac_key_len, (const unsigned char *)data, len,(unsigned char *)(output+len)); + //md5((unsigned char *)output,len,(unsigned char *)(output+len)); + len+=20; + return 0; +} + +int auth_hmac_sha1_verify(const char *data,int &len) +{ + if(len<20) + { + mylog(log_trace,"auth_hmac_sha1_verify len<20\n"); + return -1; + } + char res[20]; + + sha1_hmac(hmac_key, hmac_key_len, (const unsigned char *)data, len-20,(unsigned char *)(res)); + + if(memcmp(res,data+len-20,20)!=0) + { + mylog(log_trace,"auth_hmac_sha1 check failed\n"); + return -2; + } + len-=20; + return 0; +} + int auth_crc32_cal(const char *data,char * output,int &len) { memcpy(output,data,len);//TODO inefficient code @@ -278,7 +336,9 @@ int auth_cal(const char *data,char * output,int &len) case auth_md5:return auth_md5_cal(data, output, len); case auth_simple:return auth_simple_cal(data, output, len); case auth_none:return auth_none_cal(data, output, len); - default: return auth_md5_cal(data,output,len);//default + case auth_hmac_sha1:return auth_hmac_sha1_cal(data,output,len); + //default: return auth_md5_cal(data,output,len);//default; + default: assert(0==1); } } @@ -291,7 +351,9 @@ int auth_verify(const char *data,int &len) case auth_md5:return auth_md5_verify(data, len); case auth_simple:return auth_simple_verify(data, len); case auth_none:return auth_none_verify(data, len); - default: return auth_md5_verify(data,len);//default + case auth_hmac_sha1:return auth_hmac_sha1_verify(data,len); + //default: return auth_md5_verify(data,len);//default + default: assert(0==1); } } @@ -320,44 +382,63 @@ int cipher_decrypt(const char *data,char *output,int &len,char * key) } +int encrypt_AE(const char *data,char *output,int &len /*,char * key*/) +{ + char buf[buf_len]; + char buf2[buf_len]; + memcpy(buf,data,len); + if(cipher_encrypt(buf,buf2,len,(char *)cipher_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;} + if(auth_cal(buf2,output,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;} -int my_encrypt(const char *data,char *output,int &len,char * key) + //printf("%d %x %x\n",len,(int)(output[0]),(int)(output[1])); + //print_binary_chars(output,len); + + //use encrypt-then-MAC scheme + return 0; +} + +int decrypt_AE(const char *data,char *output,int &len /*,char * key*/) +{ + //printf("%d %x %x\n",len,(int)(data[0]),(int)(data[1])); + //print_binary_chars(data,len); + + if(auth_verify(data,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;} + if(cipher_decrypt(data,output,len,(char *)cipher_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;} + return 0; +} + +int my_encrypt(const char *data,char *output,int &len /*,char * key*/) { if(len<0) {mylog(log_trace,"len<0");return -1;} if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;} + if(is_hmac_used) + return encrypt_AE(data,output,len); + + char buf[buf_len]; char buf2[buf_len]; memcpy(buf,data,len); if(auth_cal(buf,buf2,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;} - if(cipher_encrypt(buf2,output,len,key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;} + if(cipher_encrypt(buf2,output,len,normal_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;} return 0; } -int my_decrypt(const char *data,char *output,int &len,char * key) +int my_decrypt(const char *data,char *output,int &len /*,char * key*/) { if(len<0) return -1; if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;} - if(cipher_decrypt(data,output,len,key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;} + if(is_hmac_used) + return decrypt_AE(data,output,len); + + if(cipher_decrypt(data,output,len,normal_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;} if(auth_verify(output,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;} return 0; } -int encrypt_AE(const char *data,char *output,int &len,char * key) -{ - //TODO - //use encrypt-then-MAC scheme - return -1; -} - -int decrypt_AE(const char *data,char *output,int &len,char * key) -{ - //TODO - return -1; -} int encrypt_AEAD(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen) { diff --git a/encrypt.h b/encrypt.h index 47a1f74..12f1a28 100755 --- a/encrypt.h +++ b/encrypt.h @@ -9,19 +9,20 @@ //using namespace std; - +//extern char key[16]; const int aes_key_optimize=1; //if enabled,once you used a key for aes,you cant change it anymore -extern char key[16]; -int my_encrypt(const char *data,char *output,int &len,char * key); -int my_decrypt(const char *data,char *output,int &len,char * key); +int my_init_keys(const char *); + +int my_encrypt(const char *data,char *output,int &len); +int my_decrypt(const char *data,char *output,int &len); unsigned short csum(const unsigned short *ptr,int nbytes) ; -enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_simple,auth_end}; +enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_simple,auth_hmac_sha1,auth_end}; enum cipher_mode_t {cipher_none=0,cipher_aes128cbc,cipher_xor,cipher_end}; diff --git a/lib/md5.c b/lib/md5.c index 0f6ddd3..b06235d 100755 --- a/lib/md5.c +++ b/lib/md5.c @@ -38,6 +38,9 @@ typedef struct uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[4]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ + + unsigned char ipad[64]; /*!< HMAC: inner padding */ + unsigned char opad[64]; /*!< HMAC: outer padding */ } md5_context; @@ -302,15 +305,99 @@ void md5_finish( md5_context *ctx, unsigned char output[16] ) */ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - static md5_context ctx; + /*static md5_context ctx; static int done=0; if(done==0) { md5_init( &ctx ); done=1; - } + }*/ + md5_context ctx; + md5_init( &ctx ); md5_starts( &ctx ); md5_update( &ctx, input, ilen ); md5_finish( &ctx, output ); - //md5_free( &ctx ); + md5_free( &ctx ); +} + + +/* + * MD5 HMAC context setup + */ +void md5_hmac_starts( md5_context *ctx, const unsigned char *key, + size_t keylen ) +{ + size_t i; + unsigned char sum[16]; + + if( keylen > 64 ) + { + md5( key, keylen, sum ); + keylen = 16; + key = sum; + } + + memset( ctx->ipad, 0x36, 64 ); + memset( ctx->opad, 0x5C, 64 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + md5_starts( ctx ); + md5_update( ctx, ctx->ipad, 64 ); + + polarssl_zeroize( sum, sizeof( sum ) ); +} + +/* + * MD5 HMAC process buffer + */ +void md5_hmac_update( md5_context *ctx, const unsigned char *input, + size_t ilen ) +{ + md5_update( ctx, input, ilen ); +} + +/* + * MD5 HMAC final digest + */ +void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ) +{ + unsigned char tmpbuf[16]; + + md5_finish( ctx, tmpbuf ); + md5_starts( ctx ); + md5_update( ctx, ctx->opad, 64 ); + md5_update( ctx, tmpbuf, 16 ); + md5_finish( ctx, output ); + + polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) ); +} + +/* + * MD5 HMAC context reset + */ +void md5_hmac_reset( md5_context *ctx ) +{ + md5_starts( ctx ); + md5_update( ctx, ctx->ipad, 64 ); +} + +/* + * output = HMAC-MD5( hmac key, input buffer ) + */ +void md5_hmac( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char output[16] ) +{ + md5_context ctx; + + md5_init( &ctx ); + md5_hmac_starts( &ctx, key, keylen ); + md5_hmac_update( &ctx, input, ilen ); + md5_hmac_finish( &ctx, output ); + md5_free( &ctx ); } diff --git a/main.cpp b/main.cpp index 5a67b2e..c1e54ce 100755 --- a/main.cpp +++ b/main.cpp @@ -1801,22 +1801,7 @@ int main(int argc, char *argv[]) mylog(log_info,"const_id:%x\n",const_id); - char tmp[1000]=""; - - strcat(tmp,key_string); - - strcat(tmp,"key1"); - - md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)key); - - /* - tmp[0]=0; - - strcat(tmp,key_string); - - strcat(tmp,"key2"); - - md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)key2);*/ + my_init_keys(key_string); iptables_rule(); init_raw_socket(); diff --git a/makefile b/makefile index 54e2ac2..61578b7 100755 --- a/makefile +++ b/makefile @@ -10,7 +10,7 @@ cc_arm= /toolchains/arm-2014.05/bin/arm-none-linux-gnueabi-g++ #cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++ FLAGS= -std=c++11 -Wall -Wextra -Wno-unused-variable -Wno-unused-parameter -Wno-missing-field-initializers ${OPT} -COMMON=main.cpp lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp connection.cpp misc.cpp fd_manager.cpp -lpthread +COMMON=main.cpp lib/md5.c lib/pbkdf2-sha1.c encrypt.cpp log.cpp network.cpp common.cpp connection.cpp misc.cpp fd_manager.cpp -lpthread SOURCES= $(COMMON) lib/aes_faster_c/aes.c lib/aes_faster_c/wrapper.c SOURCES_TINY_AES= $(COMMON) lib/aes.c SOURCES_AES_ACC=$(COMMON) $(wildcard lib/aes_acc/aes*.c)