From fabe2b3558842cb34ce44fcf1fef345430e463b6 Mon Sep 17 00:00:00 2001 From: wangyu- Date: Sat, 21 Jul 2018 03:19:59 -0500 Subject: [PATCH] changed hmac_sha1 keylen to 20, implemented cfb for aesacc --- encrypt.cpp | 18 ++++----- lib/aes-common.h | 7 ++-- lib/aes_acc/aesacc.c | 87 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 91 insertions(+), 21 deletions(-) diff --git a/encrypt.cpp b/encrypt.cpp index 89b3a53..a06ecc5 100755 --- a/encrypt.cpp +++ b/encrypt.cpp @@ -19,8 +19,8 @@ static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0};//this prog ****/ char normal_key[16 + 100];//generated from key_string by md5. reserved for compatiblity -const int hmac_key_len=32; -const int cipher_key_len=32; +const int hmac_key_len=64;//generate 512bit long keys, but its necessary to use the full length +const int cipher_key_len=64; unsigned char hmac_key_encrypt[hmac_key_len + 100]; //key for hmac unsigned char hmac_key_decrypt[hmac_key_len + 100]; //key for hmac unsigned char cipher_key_encrypt[cipher_key_len + 100]; //key for aes etc. @@ -85,10 +85,10 @@ int my_init_keys(const char * user_passwd,int is_client) } print_binary_chars(normal_key,16); - print_binary_chars((char *)hmac_key_encrypt,32); - print_binary_chars((char *)hmac_key_decrypt,32); - print_binary_chars((char *)cipher_key_encrypt,32); - print_binary_chars((char *)cipher_key_decrypt,32); + print_binary_chars((char *)hmac_key_encrypt,hmac_key_len); + print_binary_chars((char *)hmac_key_decrypt,hmac_key_len); + print_binary_chars((char *)cipher_key_encrypt,cipher_key_len); + print_binary_chars((char *)cipher_key_decrypt,cipher_key_len); return 0; } @@ -160,8 +160,8 @@ int auth_hmac_sha1_cal(const char *data,char * output,int &len) { mylog(log_trace,"auth_hmac_sha1_cal() is called\n"); memcpy(output,data,len);//TODO inefficient code - sha1_hmac(hmac_key_encrypt, hmac_key_len, (const unsigned char *)data, len,(unsigned char *)(output+len)); - //md5((unsigned char *)output,len,(unsigned char *)(output+len)); + sha1_hmac(hmac_key_encrypt, 20, (const unsigned char *)data, len,(unsigned char *)(output+len)); + //use key len of 20 instead of hmac_key_len, key_len >sha1_block_size doesnt provide extra strength len+=20; return 0; } @@ -176,7 +176,7 @@ int auth_hmac_sha1_verify(const char *data,int &len) } char res[20]; - sha1_hmac(hmac_key_decrypt, hmac_key_len, (const unsigned char *)data, len-20,(unsigned char *)(res)); + sha1_hmac(hmac_key_decrypt, 20, (const unsigned char *)data, len-20,(unsigned char *)(res)); if(memcmp(res,data+len-20,20)!=0) { diff --git a/lib/aes-common.h b/lib/aes-common.h index 6d91884..cabc7d9 100755 --- a/lib/aes-common.h +++ b/lib/aes-common.h @@ -7,10 +7,9 @@ #include - -void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length); -void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length); - +//not used +//void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length); +//void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length); void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv); diff --git a/lib/aes_acc/aesacc.c b/lib/aes_acc/aesacc.c index ee87d22..90412aa 100644 --- a/lib/aes_acc/aesacc.c +++ b/lib/aes_acc/aesacc.c @@ -6,6 +6,7 @@ #include "aesarm.h" #include #include +#include #if defined(AES256) && (AES256 == 1) #define AES_KEYSIZE 256 @@ -342,10 +343,7 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co uint8_t iv_tmp[16]; static uint8_t rk[AES_RKSIZE]; - if (iv == NULL) - { - return; - } + assert(iv!=NULL); aeshw_init(); memcpy(iv_tmp, iv, 16); if(key!= NULL) @@ -358,10 +356,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co uint8_t iv_tmp[16]; static uint8_t rk[AES_RKSIZE]; - if (iv == NULL) - { - return; - } + assert(iv!=NULL); aeshw_init(); memcpy(iv_tmp, iv, 16); if(key!= NULL) @@ -371,6 +366,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co decrypt_cbc(rk, length, iv_tmp, input, output); } +/* void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output, const uint32_t length) { uint8_t rk[AES_RKSIZE]; @@ -395,4 +391,79 @@ void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, aeshw_init(); setkey_dec(rk, key); decrypt_ecb(AES_NR, rk, input, output); +}*/ + +static void encrypt_cfb( uint8_t* rk, + uint32_t length,size_t *iv_off, + uint8_t iv[16], + const uint8_t *input, + uint8_t *output ) +{ + int c; + size_t n = *iv_off; + while( length-- ) + { + if( n == 0 ) + encrypt_ecb( AES_NR, rk, iv, iv ); + + iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + + n = ( n + 1 ) & 0x0F; + } + + *iv_off = n; } + +static void decrypt_cfb( uint8_t* rk, + uint32_t length,size_t *iv_off, + uint8_t iv[16], + const uint8_t *input, + uint8_t *output ) +{ + int c; + size_t n = *iv_off; + while( length-- ) + { + if( n == 0 ) + encrypt_ecb( AES_NR, rk, iv, iv ); + + c = *input++; + *output++ = (unsigned char)( c ^ iv[n] ); + iv[n] = (unsigned char) c; + + n = ( n + 1 ) & 0x0F; + } + + *iv_off = n; +} + +void AES_CFB_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) +{ + uint8_t iv_tmp[16]; + static uint8_t rk[AES_RKSIZE]; + + assert(iv!=NULL); + aeshw_init(); + memcpy(iv_tmp, iv, 16); + if(key!= NULL) + setkey_enc(rk, key); + size_t offset=0; + encrypt_cfb(rk, length,&offset, iv_tmp, input, output); +} + +void AES_CFB_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv) +{ + uint8_t iv_tmp[16]; + static uint8_t rk[AES_RKSIZE]; + + assert(iv!=NULL); + aeshw_init(); + memcpy(iv_tmp, iv, 16); + if(key!= NULL) + { + setkey_enc(rk, key);//its enc again,not typo + } + size_t offset=0; + decrypt_cfb(rk, length,&offset, iv_tmp, input, output); +} +