github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-10-14 09:55:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

add hmac-sha1

Browse Source
This commit is contained in:
wangyu-
2018-06-22 13:22:26 -05:00
parent 3ab2543715
commit 52a911b109
7 changed files with 214 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
encrypt.cpp
View File

@@ -1,5 +1,6 @@
#include "lib/aes.h"
#include "lib/md5.h"
#include "lib/pbkdf2-sha1.h"
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
@@ -16,19 +17,47 @@ static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0};//this prog
* https://crypto.stackexchange.com/questions/5421/using-cbc-with-a-fixed-iv-and-a-random-first-plaintext-block
****/
char key[16];//generated from key_string by md5.
//TODO key derive function
char normal_key[16];//generated from key_string by md5. reserved for compatiblity
const int hmac_key_len=16;
const int cipher_key_len=16;
unsigned char hmac_key[hmac_key_len + 100]; //key for hmac
unsigned char cipher_key[cipher_key_len + 100]; //key for aes etc.
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"}};
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"},{auth_hmac_sha1,"hmac_sha1"},};
//TODO HMAC-md5 ,HMAC-sha1
unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"}};
unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"},};
//TODO aes-gcm
auth_mode_t auth_mode=auth_md5;
cipher_mode_t cipher_mode=cipher_aes128cbc;
int is_hmac_used=0;
int my_init_keys(const char * user_passwd)
{
char tmp[1000]="";
int len=strlen(user_passwd);
strcat(tmp,user_passwd);
strcat(tmp,"key1");
md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)normal_key);
PKCS5_PBKDF2_HMAC((uint8_t*)user_passwd,len,(uint8_t*)"hmac_key",strlen("hmac_key"),1000, hmac_key_len,hmac_key);
PKCS5_PBKDF2_HMAC((uint8_t*)user_passwd,len,(uint8_t*)"cipher_key",strlen("cipher_key"),1000,cipher_key_len,cipher_key);
if(auth_mode==auth_hmac_sha1)
is_hmac_used=1;
//print_binary_chars(normal_key,16);
//print_binary_chars((char *)hmac_key,16);
//print_binary_chars((char *)cipher_key,16);
return 0;
}
/*
* this function comes from http://www.hackersdelight.org/hdcodetxt/crc.c.txt
*/
@@ -93,6 +122,35 @@ int auth_md5_cal(const char *data,char * output,int &len)
return 0;
}
int auth_hmac_sha1_cal(const char *data,char * output,int &len)
{
memcpy(output,data,len);//TODO inefficient code
sha1_hmac(hmac_key, hmac_key_len, (const unsigned char *)data, len,(unsigned char *)(output+len));
//md5((unsigned char *)output,len,(unsigned char *)(output+len));
len+=20;
return 0;
}
int auth_hmac_sha1_verify(const char *data,int &len)
{
if(len<20)
{
mylog(log_trace,"auth_hmac_sha1_verify len<20\n");
return -1;
}
char res[20];
sha1_hmac(hmac_key, hmac_key_len, (const unsigned char *)data, len-20,(unsigned char *)(res));
if(memcmp(res,data+len-20,20)!=0)
{
mylog(log_trace,"auth_hmac_sha1 check failed\n");
return -2;
}
len-=20;
return 0;
}
int auth_crc32_cal(const char *data,char * output,int &len)
{
memcpy(output,data,len);//TODO inefficient code
@@ -278,7 +336,9 @@ int auth_cal(const char *data,char * output,int &len)
case auth_md5:return auth_md5_cal(data, output, len);
case auth_simple:return auth_simple_cal(data, output, len);
case auth_none:return auth_none_cal(data, output, len);
default: return auth_md5_cal(data,output,len);//default
case auth_hmac_sha1:return auth_hmac_sha1_cal(data,output,len);
//default: return auth_md5_cal(data,output,len);//default;
default: assert(0==1);
}
}
@@ -291,7 +351,9 @@ int auth_verify(const char *data,int &len)
case auth_md5:return auth_md5_verify(data, len);
case auth_simple:return auth_simple_verify(data, len);
case auth_none:return auth_none_verify(data, len);
default: return auth_md5_verify(data,len);//default
case auth_hmac_sha1:return auth_hmac_sha1_verify(data,len);
//default: return auth_md5_verify(data,len);//default
default: assert(0==1);
}
}
@@ -320,44 +382,63 @@ int cipher_decrypt(const char *data,char *output,int &len,char * key)
}
int encrypt_AE(const char *data,char *output,int &len /*,char * key*/)
{
char buf[buf_len];
char buf2[buf_len];
memcpy(buf,data,len);
if(cipher_encrypt(buf,buf2,len,(char *)cipher_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
if(auth_cal(buf2,output,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;}
int my_encrypt(const char *data,char *output,int &len,char * key)
//printf("%d %x %x\n",len,(int)(output[0]),(int)(output[1]));
//print_binary_chars(output,len);
//use encrypt-then-MAC scheme
return 0;
}
int decrypt_AE(const char *data,char *output,int &len /*,char * key*/)
{
//printf("%d %x %x\n",len,(int)(data[0]),(int)(data[1]));
//print_binary_chars(data,len);
if(auth_verify(data,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;}
if(cipher_decrypt(data,output,len,(char *)cipher_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
return 0;
}
int my_encrypt(const char *data,char *output,int &len /*,char * key*/)
{
if(len<0) {mylog(log_trace,"len<0");return -1;}
if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;}
if(is_hmac_used)
return encrypt_AE(data,output,len);
char buf[buf_len];
char buf2[buf_len];
memcpy(buf,data,len);
if(auth_cal(buf,buf2,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;}
if(cipher_encrypt(buf2,output,len,key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
if(cipher_encrypt(buf2,output,len,normal_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
return 0;
}
int my_decrypt(const char *data,char *output,int &len,char * key)
int my_decrypt(const char *data,char *output,int &len /*,char * key*/)
{
if(len<0) return -1;
if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;}
if(cipher_decrypt(data,output,len,key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
if(is_hmac_used)
return decrypt_AE(data,output,len);
if(cipher_decrypt(data,output,len,normal_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
if(auth_verify(output,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;}
return 0;
}
int encrypt_AE(const char *data,char *output,int &len,char * key)
{
//TODO
//use encrypt-then-MAC scheme
return -1;
}
int decrypt_AE(const char *data,char *output,int &len,char * key)
{
//TODO
return -1;
}
int encrypt_AEAD(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen)
{