mirror of
https://github.com/wangyu-/udp2raw.git
synced 2024-06-16 03:59:13 +00:00
add hmac-sha1
This commit is contained in:
wangyu-
parent
3ab2543715
commit
52a911b109
9
common.h
9
common.h
@ -142,4 +142,13 @@ int hex_to_u32(const string & a,u32_t &output);
|
||||
|
||||
int create_fifo(char * file);
|
||||
|
||||
inline void print_binary_chars(const char * a,int len)
|
||||
{
|
||||
for(int i=0;i<len;i++)
|
||||
{
|
||||
unsigned char b=a[i];
|
||||
printf("<%x>",(int)b);
|
||||
}
|
||||
printf("\n");
|
||||
}
|
||||
#endif /* COMMON_H_ */
|
||||
|
||||
@ -504,7 +504,7 @@ int send_bare(raw_info_t &raw_info,const char* data,int len)//send function with
|
||||
memcpy(send_data_buf+sizeof(iv)+sizeof(padding)+1,data,len);
|
||||
int new_len=len+sizeof(iv)+sizeof(padding)+1;
|
||||
|
||||
if(my_encrypt(send_data_buf,send_data_buf2,new_len,key)!=0)
|
||||
if(my_encrypt(send_data_buf,send_data_buf2,new_len)!=0)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
@ -520,7 +520,7 @@ int reserved_parse_bare(const char *input,int input_len,char* & data,int & len)
|
||||
mylog(log_debug,"input_len <0\n");
|
||||
return -1;
|
||||
}
|
||||
if(my_decrypt(input,recv_data_buf,input_len,key)!=0)
|
||||
if(my_decrypt(input,recv_data_buf,input_len)!=0)
|
||||
{
|
||||
mylog(log_debug,"decrypt_fail in recv bare\n");
|
||||
return -1;
|
||||
@ -620,7 +620,7 @@ int send_safer(conn_info_t &conn_info,char type,const char* data,int len) //saf
|
||||
|
||||
int new_len=len+sizeof(n_seq)+sizeof(n_tmp_id)*2+2;
|
||||
|
||||
if(my_encrypt(send_data_buf,send_data_buf2,new_len,key)!=0)
|
||||
if(my_encrypt(send_data_buf,send_data_buf2,new_len)!=0)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
@ -652,7 +652,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len
|
||||
static char recv_data_buf[buf_len];
|
||||
|
||||
// char *recv_data_buf=recv_data_buf0; //fix strict alias warning
|
||||
if(my_decrypt(input,recv_data_buf,input_len,key)!=0)
|
||||
if(my_decrypt(input,recv_data_buf,input_len)!=0)
|
||||
{
|
||||
//printf("decrypt fail\n");
|
||||
return -1;
|
||||
|
||||
125
encrypt.cpp
125
encrypt.cpp
@ -1,5 +1,6 @@
|
||||
#include "lib/aes.h"
|
||||
#include "lib/md5.h"
|
||||
#include "lib/pbkdf2-sha1.h"
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
@ -16,19 +17,47 @@ static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0};//this prog
|
||||
* https://crypto.stackexchange.com/questions/5421/using-cbc-with-a-fixed-iv-and-a-random-first-plaintext-block
|
||||
****/
|
||||
|
||||
char key[16];//generated from key_string by md5.
|
||||
//TODO key derive function
|
||||
char normal_key[16];//generated from key_string by md5. reserved for compatiblity
|
||||
const int hmac_key_len=16;
|
||||
const int cipher_key_len=16;
|
||||
unsigned char hmac_key[hmac_key_len + 100]; //key for hmac
|
||||
unsigned char cipher_key[cipher_key_len + 100]; //key for aes etc.
|
||||
|
||||
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"}};
|
||||
unordered_map<int, const char *> auth_mode_tostring = {{auth_none, "none"}, {auth_md5, "md5"}, {auth_crc32, "crc32"},{auth_simple,"simple"},{auth_hmac_sha1,"hmac_sha1"},};
|
||||
//TODO HMAC-md5 ,HMAC-sha1
|
||||
|
||||
unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"}};
|
||||
unordered_map<int, const char *> cipher_mode_tostring={{cipher_none,"none"},{cipher_aes128cbc,"aes128cbc"},{cipher_xor,"xor"},};
|
||||
//TODO aes-gcm
|
||||
|
||||
auth_mode_t auth_mode=auth_md5;
|
||||
cipher_mode_t cipher_mode=cipher_aes128cbc;
|
||||
|
||||
int is_hmac_used=0;
|
||||
|
||||
int my_init_keys(const char * user_passwd)
|
||||
{
|
||||
char tmp[1000]="";
|
||||
int len=strlen(user_passwd);
|
||||
|
||||
strcat(tmp,user_passwd);
|
||||
|
||||
strcat(tmp,"key1");
|
||||
|
||||
md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)normal_key);
|
||||
|
||||
PKCS5_PBKDF2_HMAC((uint8_t*)user_passwd,len,(uint8_t*)"hmac_key",strlen("hmac_key"),1000, hmac_key_len,hmac_key);
|
||||
|
||||
PKCS5_PBKDF2_HMAC((uint8_t*)user_passwd,len,(uint8_t*)"cipher_key",strlen("cipher_key"),1000,cipher_key_len,cipher_key);
|
||||
|
||||
if(auth_mode==auth_hmac_sha1)
|
||||
is_hmac_used=1;
|
||||
|
||||
//print_binary_chars(normal_key,16);
|
||||
//print_binary_chars((char *)hmac_key,16);
|
||||
//print_binary_chars((char *)cipher_key,16);
|
||||
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* this function comes from http://www.hackersdelight.org/hdcodetxt/crc.c.txt
|
||||
*/
|
||||
@ -93,6 +122,35 @@ int auth_md5_cal(const char *data,char * output,int &len)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int auth_hmac_sha1_cal(const char *data,char * output,int &len)
|
||||
{
|
||||
memcpy(output,data,len);//TODO inefficient code
|
||||
sha1_hmac(hmac_key, hmac_key_len, (const unsigned char *)data, len,(unsigned char *)(output+len));
|
||||
//md5((unsigned char *)output,len,(unsigned char *)(output+len));
|
||||
len+=20;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int auth_hmac_sha1_verify(const char *data,int &len)
|
||||
{
|
||||
if(len<20)
|
||||
{
|
||||
mylog(log_trace,"auth_hmac_sha1_verify len<20\n");
|
||||
return -1;
|
||||
}
|
||||
char res[20];
|
||||
|
||||
sha1_hmac(hmac_key, hmac_key_len, (const unsigned char *)data, len-20,(unsigned char *)(res));
|
||||
|
||||
if(memcmp(res,data+len-20,20)!=0)
|
||||
{
|
||||
mylog(log_trace,"auth_hmac_sha1 check failed\n");
|
||||
return -2;
|
||||
}
|
||||
len-=20;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int auth_crc32_cal(const char *data,char * output,int &len)
|
||||
{
|
||||
memcpy(output,data,len);//TODO inefficient code
|
||||
@ -278,7 +336,9 @@ int auth_cal(const char *data,char * output,int &len)
|
||||
case auth_md5:return auth_md5_cal(data, output, len);
|
||||
case auth_simple:return auth_simple_cal(data, output, len);
|
||||
case auth_none:return auth_none_cal(data, output, len);
|
||||
default: return auth_md5_cal(data,output,len);//default
|
||||
case auth_hmac_sha1:return auth_hmac_sha1_cal(data,output,len);
|
||||
//default: return auth_md5_cal(data,output,len);//default;
|
||||
default: assert(0==1);
|
||||
}
|
||||
|
||||
}
|
||||
@ -291,7 +351,9 @@ int auth_verify(const char *data,int &len)
|
||||
case auth_md5:return auth_md5_verify(data, len);
|
||||
case auth_simple:return auth_simple_verify(data, len);
|
||||
case auth_none:return auth_none_verify(data, len);
|
||||
default: return auth_md5_verify(data,len);//default
|
||||
case auth_hmac_sha1:return auth_hmac_sha1_verify(data,len);
|
||||
//default: return auth_md5_verify(data,len);//default
|
||||
default: assert(0==1);
|
||||
}
|
||||
|
||||
}
|
||||
@ -320,44 +382,63 @@ int cipher_decrypt(const char *data,char *output,int &len,char * key)
|
||||
|
||||
}
|
||||
|
||||
int encrypt_AE(const char *data,char *output,int &len /*,char * key*/)
|
||||
{
|
||||
char buf[buf_len];
|
||||
char buf2[buf_len];
|
||||
memcpy(buf,data,len);
|
||||
if(cipher_encrypt(buf,buf2,len,(char *)cipher_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
|
||||
if(auth_cal(buf2,output,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;}
|
||||
|
||||
int my_encrypt(const char *data,char *output,int &len,char * key)
|
||||
//printf("%d %x %x\n",len,(int)(output[0]),(int)(output[1]));
|
||||
//print_binary_chars(output,len);
|
||||
|
||||
//use encrypt-then-MAC scheme
|
||||
return 0;
|
||||
}
|
||||
|
||||
int decrypt_AE(const char *data,char *output,int &len /*,char * key*/)
|
||||
{
|
||||
//printf("%d %x %x\n",len,(int)(data[0]),(int)(data[1]));
|
||||
//print_binary_chars(data,len);
|
||||
|
||||
if(auth_verify(data,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;}
|
||||
if(cipher_decrypt(data,output,len,(char *)cipher_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int my_encrypt(const char *data,char *output,int &len /*,char * key*/)
|
||||
{
|
||||
if(len<0) {mylog(log_trace,"len<0");return -1;}
|
||||
if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;}
|
||||
|
||||
if(is_hmac_used)
|
||||
return encrypt_AE(data,output,len);
|
||||
|
||||
|
||||
char buf[buf_len];
|
||||
char buf2[buf_len];
|
||||
memcpy(buf,data,len);
|
||||
if(auth_cal(buf,buf2,len)!=0) {mylog(log_debug,"auth_cal failed ");return -1;}
|
||||
if(cipher_encrypt(buf2,output,len,key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
|
||||
if(cipher_encrypt(buf2,output,len,normal_key) !=0) {mylog(log_debug,"cipher_encrypt failed ");return -1;}
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
int my_decrypt(const char *data,char *output,int &len,char * key)
|
||||
int my_decrypt(const char *data,char *output,int &len /*,char * key*/)
|
||||
{
|
||||
if(len<0) return -1;
|
||||
if(len>max_data_len) {mylog(log_warn,"len>max_data_len");return -1;}
|
||||
|
||||
if(cipher_decrypt(data,output,len,key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
|
||||
if(is_hmac_used)
|
||||
return decrypt_AE(data,output,len);
|
||||
|
||||
if(cipher_decrypt(data,output,len,normal_key) !=0) {mylog(log_debug,"cipher_decrypt failed \n"); return -1;}
|
||||
if(auth_verify(output,len)!=0) {mylog(log_debug,"auth_verify failed\n");return -1;}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int encrypt_AE(const char *data,char *output,int &len,char * key)
|
||||
{
|
||||
//TODO
|
||||
//use encrypt-then-MAC scheme
|
||||
return -1;
|
||||
}
|
||||
|
||||
int decrypt_AE(const char *data,char *output,int &len,char * key)
|
||||
{
|
||||
//TODO
|
||||
return -1;
|
||||
}
|
||||
|
||||
int encrypt_AEAD(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen)
|
||||
{
|
||||
|
||||
11
encrypt.h
11
encrypt.h
@ -9,19 +9,20 @@
|
||||
|
||||
|
||||
//using namespace std;
|
||||
|
||||
//extern char key[16];
|
||||
|
||||
const int aes_key_optimize=1; //if enabled,once you used a key for aes,you cant change it anymore
|
||||
extern char key[16];
|
||||
|
||||
int my_encrypt(const char *data,char *output,int &len,char * key);
|
||||
int my_decrypt(const char *data,char *output,int &len,char * key);
|
||||
int my_init_keys(const char *);
|
||||
|
||||
int my_encrypt(const char *data,char *output,int &len);
|
||||
int my_decrypt(const char *data,char *output,int &len);
|
||||
|
||||
|
||||
unsigned short csum(const unsigned short *ptr,int nbytes) ;
|
||||
|
||||
|
||||
enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_simple,auth_end};
|
||||
enum auth_mode_t {auth_none=0,auth_md5,auth_crc32,auth_simple,auth_hmac_sha1,auth_end};
|
||||
|
||||
|
||||
enum cipher_mode_t {cipher_none=0,cipher_aes128cbc,cipher_xor,cipher_end};
|
||||
|
||||
93
lib/md5.c
93
lib/md5.c
@ -38,6 +38,9 @@ typedef struct
|
||||
uint32_t total[2]; /*!< number of bytes processed */
|
||||
uint32_t state[4]; /*!< intermediate digest state */
|
||||
unsigned char buffer[64]; /*!< data block being processed */
|
||||
|
||||
unsigned char ipad[64]; /*!< HMAC: inner padding */
|
||||
unsigned char opad[64]; /*!< HMAC: outer padding */
|
||||
}
|
||||
md5_context;
|
||||
|
||||
@ -302,15 +305,99 @@ void md5_finish( md5_context *ctx, unsigned char output[16] )
|
||||
*/
|
||||
void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
|
||||
{
|
||||
static md5_context ctx;
|
||||
/*static md5_context ctx;
|
||||
static int done=0;
|
||||
if(done==0)
|
||||
{
|
||||
md5_init( &ctx );
|
||||
done=1;
|
||||
}
|
||||
}*/
|
||||
md5_context ctx;
|
||||
md5_init( &ctx );
|
||||
md5_starts( &ctx );
|
||||
md5_update( &ctx, input, ilen );
|
||||
md5_finish( &ctx, output );
|
||||
//md5_free( &ctx );
|
||||
md5_free( &ctx );
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* MD5 HMAC context setup
|
||||
*/
|
||||
void md5_hmac_starts( md5_context *ctx, const unsigned char *key,
|
||||
size_t keylen )
|
||||
{
|
||||
size_t i;
|
||||
unsigned char sum[16];
|
||||
|
||||
if( keylen > 64 )
|
||||
{
|
||||
md5( key, keylen, sum );
|
||||
keylen = 16;
|
||||
key = sum;
|
||||
}
|
||||
|
||||
memset( ctx->ipad, 0x36, 64 );
|
||||
memset( ctx->opad, 0x5C, 64 );
|
||||
|
||||
for( i = 0; i < keylen; i++ )
|
||||
{
|
||||
ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
|
||||
ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
|
||||
}
|
||||
|
||||
md5_starts( ctx );
|
||||
md5_update( ctx, ctx->ipad, 64 );
|
||||
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* MD5 HMAC process buffer
|
||||
*/
|
||||
void md5_hmac_update( md5_context *ctx, const unsigned char *input,
|
||||
size_t ilen )
|
||||
{
|
||||
md5_update( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/*
|
||||
* MD5 HMAC final digest
|
||||
*/
|
||||
void md5_hmac_finish( md5_context *ctx, unsigned char output[16] )
|
||||
{
|
||||
unsigned char tmpbuf[16];
|
||||
|
||||
md5_finish( ctx, tmpbuf );
|
||||
md5_starts( ctx );
|
||||
md5_update( ctx, ctx->opad, 64 );
|
||||
md5_update( ctx, tmpbuf, 16 );
|
||||
md5_finish( ctx, output );
|
||||
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* MD5 HMAC context reset
|
||||
*/
|
||||
void md5_hmac_reset( md5_context *ctx )
|
||||
{
|
||||
md5_starts( ctx );
|
||||
md5_update( ctx, ctx->ipad, 64 );
|
||||
}
|
||||
|
||||
/*
|
||||
* output = HMAC-MD5( hmac key, input buffer )
|
||||
*/
|
||||
void md5_hmac( const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char output[16] )
|
||||
{
|
||||
md5_context ctx;
|
||||
|
||||
md5_init( &ctx );
|
||||
md5_hmac_starts( &ctx, key, keylen );
|
||||
md5_hmac_update( &ctx, input, ilen );
|
||||
md5_hmac_finish( &ctx, output );
|
||||
md5_free( &ctx );
|
||||
}
|
||||
|
||||
17
main.cpp
17
main.cpp
@ -1801,22 +1801,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
mylog(log_info,"const_id:%x\n",const_id);
|
||||
|
||||
char tmp[1000]="";
|
||||
|
||||
strcat(tmp,key_string);
|
||||
|
||||
strcat(tmp,"key1");
|
||||
|
||||
md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)key);
|
||||
|
||||
/*
|
||||
tmp[0]=0;
|
||||
|
||||
strcat(tmp,key_string);
|
||||
|
||||
strcat(tmp,"key2");
|
||||
|
||||
md5((uint8_t*)tmp,strlen(tmp),(uint8_t*)key2);*/
|
||||
my_init_keys(key_string);
|
||||
|
||||
iptables_rule();
|
||||
init_raw_socket();
|
||||
|
||||
2
makefile
2
makefile
@ -10,7 +10,7 @@ cc_arm= /toolchains/arm-2014.05/bin/arm-none-linux-gnueabi-g++
|
||||
#cc_bcm2708=/home/wangyu/raspberry/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-g++
|
||||
FLAGS= -std=c++11 -Wall -Wextra -Wno-unused-variable -Wno-unused-parameter -Wno-missing-field-initializers ${OPT}
|
||||
|
||||
COMMON=main.cpp lib/md5.c encrypt.cpp log.cpp network.cpp common.cpp connection.cpp misc.cpp fd_manager.cpp -lpthread
|
||||
COMMON=main.cpp lib/md5.c lib/pbkdf2-sha1.c encrypt.cpp log.cpp network.cpp common.cpp connection.cpp misc.cpp fd_manager.cpp -lpthread
|
||||
SOURCES= $(COMMON) lib/aes_faster_c/aes.c lib/aes_faster_c/wrapper.c
|
||||
SOURCES_TINY_AES= $(COMMON) lib/aes.c
|
||||
SOURCES_AES_ACC=$(COMMON) $(wildcard lib/aes_acc/aes*.c)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user