github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-10-14 09:55:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

implement hkdf

Browse Source
This commit is contained in:
wangyu-
2018-06-24 07:58:19 -05:00
parent e51c236c20
commit d3cbbe8085
9 changed files with 293 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
encrypt.cpp
View File

@@ -37,6 +37,8 @@ int is_hmac_used=0;
//TODO key negotiation and forward secrecy
int my_init_keys(const char * user_passwd,int is_client)
{
char tmp[1000]="";
@@ -57,28 +59,35 @@ int my_init_keys(const char * user_passwd,int is_client)
md5((uint8_t*)(salt_text),strlen(salt_text),salt); //TODO different salt per session
unsigned char pbkdf2_output1[400]="";
PKCS5_PBKDF2_HMAC_SHA256((uint8_t*)user_passwd,len,salt,16,10000, 32,pbkdf2_output1); //TODO HKDF, argon2 ?
PKCS5_PBKDF2_HMAC_SHA256((uint8_t*)user_passwd,len,salt,16,10000, 32,pbkdf2_output1); //TODO argon2 ?
unsigned char pbkdf2_output2[400]="";
PKCS5_PBKDF2_HMAC_SHA256(pbkdf2_output1,32,0,0,1, hmac_key_len*2+cipher_key_len*2,pbkdf2_output2); //stretch it
//unsigned char pbkdf2_output2[400]="";
//PKCS5_PBKDF2_HMAC_SHA256(pbkdf2_output1,32,0,0,1, hmac_key_len*2+cipher_key_len*2,pbkdf2_output2); //stretch it
const char *info_hmac_encrypt="server-->client hmac";
const char *info_hmac_decrypt="client-->server hmac";
const char *info_cipher_encrypt="server-->client cipher";
const char *info_cipher_decrypt="client-->server cipher";
if(is_client)
{
memcpy(cipher_key_encrypt,pbkdf2_output2,cipher_key_len);
memcpy(cipher_key_decrypt,pbkdf2_output2+cipher_key_len,cipher_key_len);
memcpy(hmac_key_encrypt,pbkdf2_output2+cipher_key_len*2,hmac_key_len);
memcpy(hmac_key_decrypt,pbkdf2_output2+cipher_key_len*2+hmac_key_len,hmac_key_len);
const char *tmp;
tmp=info_hmac_encrypt; info_hmac_encrypt=info_hmac_decrypt;info_hmac_decrypt=tmp;
tmp=info_cipher_encrypt; info_cipher_encrypt=info_cipher_decrypt;info_cipher_decrypt=tmp;
}
else
{
memcpy(cipher_key_decrypt,pbkdf2_output2,cipher_key_len);
memcpy(cipher_key_encrypt,pbkdf2_output2+cipher_key_len,cipher_key_len);
memcpy(hmac_key_decrypt,pbkdf2_output2+cipher_key_len*2,hmac_key_len);
memcpy(hmac_key_encrypt,pbkdf2_output2+cipher_key_len*2+hmac_key_len,hmac_key_len);
//nop
}
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_cipher_encrypt,strlen(info_cipher_encrypt), cipher_key_encrypt, cipher_key_len ) ==0);
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_cipher_decrypt,strlen(info_cipher_decrypt), cipher_key_decrypt, cipher_key_len ) ==0);
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_hmac_encrypt,strlen(info_hmac_encrypt), hmac_key_encrypt, hmac_key_len ) ==0);
assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_hmac_decrypt,strlen(info_hmac_decrypt), hmac_key_decrypt, hmac_key_len ) ==0);
}
print_binary_chars(normal_key,16);