forked from wangyu-/udp2raw
-
Notifications
You must be signed in to change notification settings - Fork 0
/
encrypt.cpp
588 lines (522 loc) · 18.6 KB
/
encrypt.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
#include "lib/aes-common.h"
#include "lib/md5.h"
#include "lib/pbkdf2-sha1.h"
#include "lib/pbkdf2-sha256.h"
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include "encrypt.h"
#include "common.h"
#include "log.h"
// static uint64_t seq=1;
static int8_t zero_iv[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; // this prog use zero iv,you should make sure first block of data contains a random/nonce data
/****
* security of zero_iv + nonce first data block
* https://crypto.stackexchange.com/questions/5421/using-cbc-with-a-fixed-iv-and-a-random-first-plaintext-block
****/
char normal_key[16 + 100]; // generated from key_string by md5. reserved for compatiblity
const int hmac_key_len = 64; // generate 512bit long keys, use first n chars when needed
const int cipher_key_len = 64;
unsigned char hmac_key_encrypt[hmac_key_len + 100]; // key for hmac
unsigned char hmac_key_decrypt[hmac_key_len + 100]; // key for hmac
unsigned char cipher_key_encrypt[cipher_key_len + 100]; // key for aes etc.
unsigned char cipher_key_decrypt[cipher_key_len + 100]; // key for aes etc.
char gro_xor[256 + 100]; // dirty fix for gro
unordered_map<int, const char *> auth_mode_tostring = {
{auth_none, "none"},
{auth_md5, "md5"},
{auth_crc32, "crc32"},
{auth_simple, "simple"},
{auth_hmac_sha1, "hmac_sha1"},
};
unordered_map<int, const char *> cipher_mode_tostring = {
{cipher_none, "none"},
{cipher_aes128cfb, "aes128cfb"},
{cipher_aes128cbc, "aes128cbc"},
{cipher_xor, "xor"},
};
// TODO aes-gcm
auth_mode_t auth_mode = auth_md5;
cipher_mode_t cipher_mode = cipher_aes128cbc;
int is_hmac_used = 0;
int aes128cfb_old = 0;
// TODO key negotiation and forward secrecy
int my_init_keys(const char *user_passwd, int is_client) {
char tmp[1000] = "";
int len = strlen(user_passwd);
strcat(tmp, user_passwd);
strcat(tmp, "key1");
md5((uint8_t *)tmp, strlen(tmp), (uint8_t *)normal_key);
if (auth_mode == auth_hmac_sha1)
is_hmac_used = 1;
if (is_hmac_used || g_fix_gro || 1) {
unsigned char salt[400] = "";
char salt_text[400] = "udp2raw_salt1";
md5((uint8_t *)(salt_text), strlen(salt_text), salt); // TODO different salt per session
unsigned char pbkdf2_output1[400] = "";
PKCS5_PBKDF2_HMAC_SHA256((uint8_t *)user_passwd, len, salt, 16, 10000, 32, pbkdf2_output1); // TODO argon2 ?
// unsigned char pbkdf2_output2[400]="";
// PKCS5_PBKDF2_HMAC_SHA256(pbkdf2_output1,32,0,0,1, hmac_key_len*2+cipher_key_len*2,pbkdf2_output2); //stretch it
const char *info_hmac_encrypt = "hmac_key server-->client";
const char *info_hmac_decrypt = "hmac_key client-->server";
const char *info_cipher_encrypt = "cipher_key server-->client";
const char *info_cipher_decrypt = "cipher_key client-->server";
if (is_client) {
const char *tmp;
tmp = info_hmac_encrypt;
info_hmac_encrypt = info_hmac_decrypt;
info_hmac_decrypt = tmp;
tmp = info_cipher_encrypt;
info_cipher_encrypt = info_cipher_decrypt;
info_cipher_decrypt = tmp;
} else {
// nop
}
assert(hkdf_sha256_expand(pbkdf2_output1, 32, (unsigned char *)info_cipher_encrypt, strlen(info_cipher_encrypt), cipher_key_encrypt, cipher_key_len) == 0);
assert(hkdf_sha256_expand(pbkdf2_output1, 32, (unsigned char *)info_cipher_decrypt, strlen(info_cipher_decrypt), cipher_key_decrypt, cipher_key_len) == 0);
assert(hkdf_sha256_expand(pbkdf2_output1, 32, (unsigned char *)info_hmac_encrypt, strlen(info_hmac_encrypt), hmac_key_encrypt, hmac_key_len) == 0);
assert(hkdf_sha256_expand(pbkdf2_output1, 32, (unsigned char *)info_hmac_decrypt, strlen(info_hmac_decrypt), hmac_key_decrypt, hmac_key_len) == 0);
const char *gro_info = "gro";
assert(hkdf_sha256_expand(pbkdf2_output1, 32, (unsigned char *)gro_info, strlen(gro_info), (unsigned char *)gro_xor, 256) == 0);
}
print_binary_chars(normal_key, 16);
print_binary_chars((char *)hmac_key_encrypt, hmac_key_len);
print_binary_chars((char *)hmac_key_decrypt, hmac_key_len);
print_binary_chars((char *)cipher_key_encrypt, cipher_key_len);
print_binary_chars((char *)cipher_key_decrypt, cipher_key_len);
return 0;
}
/*
* this function comes from http://www.hackersdelight.org/hdcodetxt/crc.c.txt
*/
unsigned int crc32h(unsigned char *message, int len) {
int i, crc;
unsigned int byte, c;
const unsigned int g0 = 0xEDB88320, g1 = g0 >> 1,
g2 = g0 >> 2, g3 = g0 >> 3, g4 = g0 >> 4, g5 = g0 >> 5,
g6 = (g0 >> 6) ^ g0, g7 = ((g0 >> 6) ^ g0) >> 1;
i = 0;
crc = 0xFFFFFFFF;
while (i != len) { // Get next byte.
byte = message[i];
crc = crc ^ byte;
c = ((crc << 31 >> 31) & g7) ^ ((crc << 30 >> 31) & g6) ^
((crc << 29 >> 31) & g5) ^ ((crc << 28 >> 31) & g4) ^
((crc << 27 >> 31) & g3) ^ ((crc << 26 >> 31) & g2) ^
((crc << 25 >> 31) & g1) ^ ((crc << 24 >> 31) & g0);
crc = ((unsigned)crc >> 8) ^ c;
i = i + 1;
}
return ~crc;
}
/*
void sum(const unsigned char *data,int len,unsigned char* res) {
memset(res,0,sizeof(int));
for(int i=0,j=0;i<len;i++,j++)
{
if(j==4) j=0;
res[j]+=data[i];
}
return ;
}*/
void simple_hash(unsigned char *str, int len, unsigned char res[8]) // djb2+ sdbm
{
u32_t hash = 5381;
u32_t hash2 = 0;
int c;
int i = 0;
while (c = *str++, i++ != len) {
// hash = ((hash << 5) + hash) + c; /* hash * 33 + c */
hash = ((hash << 5) + hash) ^ c; /* (hash * 33) ^ c */
hash2 = c + (hash2 << 6) + (hash2 << 16) - hash2;
}
hash = htonl(hash);
hash2 = htonl(hash2);
memcpy(res, &hash, sizeof(hash));
memcpy(res + sizeof(hash), &hash2, sizeof(hash2));
}
int auth_md5_cal(const char *data, char *output, int &len) {
memcpy(output, data, len); // TODO inefficient code
md5((unsigned char *)output, len, (unsigned char *)(output + len));
len += 16;
return 0;
}
int auth_hmac_sha1_cal(const char *data, char *output, int &len) {
mylog(log_trace, "auth_hmac_sha1_cal() is called\n");
memcpy(output, data, len); // TODO inefficient code
sha1_hmac(hmac_key_encrypt, 20, (const unsigned char *)data, len, (unsigned char *)(output + len));
// use key len of 20 instead of hmac_key_len, "extra length would not significantly increase the function strength" (rfc2104)
len += 20;
return 0;
}
int auth_hmac_sha1_verify(const char *data, int &len) {
mylog(log_trace, "auth_hmac_sha1_verify() is called\n");
if (len < 20) {
mylog(log_trace, "auth_hmac_sha1_verify len<20\n");
return -1;
}
char res[20];
sha1_hmac(hmac_key_decrypt, 20, (const unsigned char *)data, len - 20, (unsigned char *)(res));
if (memcmp(res, data + len - 20, 20) != 0) {
mylog(log_trace, "auth_hmac_sha1 check failed\n");
return -2;
}
len -= 20;
return 0;
}
int auth_crc32_cal(const char *data, char *output, int &len) {
memcpy(output, data, len); // TODO inefficient code
unsigned int ret = crc32h((unsigned char *)output, len);
unsigned int ret_n = htonl(ret);
memcpy(output + len, &ret_n, sizeof(unsigned int));
len += sizeof(unsigned int);
return 0;
}
int auth_simple_cal(const char *data, char *output, int &len) {
// char res[4];
memcpy(output, data, len); // TODO inefficient code
simple_hash((unsigned char *)output, len, (unsigned char *)(output + len));
len += 8;
return 0;
}
int auth_simple_verify(const char *data, int &len) {
if (len < 8) return -1;
unsigned char res[8];
len -= 8;
simple_hash((unsigned char *)data, len, res);
if (memcmp(res, data + len, 8) != 0)
return -1;
return 0;
}
int auth_none_cal(const char *data, char *output, int &len) {
memcpy(output, data, len);
return 0;
}
int auth_md5_verify(const char *data, int &len) {
if (len < 16) {
mylog(log_trace, "auth_md5_verify len<16\n");
return -1;
}
char md5_res[16];
md5((unsigned char *)data, len - 16, (unsigned char *)md5_res);
if (memcmp(md5_res, data + len - 16, 16) != 0) {
mylog(log_trace, "auth_md5_verify md5 check failed\n");
return -2;
}
len -= 16;
return 0;
}
int auth_none_verify(const char *data, int &len) {
return 0;
}
int cipher_xor_encrypt(const char *data, char *output, int &len, char *key) {
int i, j;
for (i = 0, j = 0; i < len; i++, j++) {
if (j == 16) j = 0;
output[i] = data[i] ^ key[j];
}
return 0;
}
int cipher_xor_decrypt(const char *data, char *output, int &len, char *key) {
int i, j;
// char tmp[buf_len];
// len=len/16*16+1;
// AES128_CBC_decrypt_buffer((uint8_t *)tmp, (uint8_t *)input, len, (uint8_t *)key, (uint8_t *)iv);
// for(i=0;i<len;i++)
// input[i]=tmp[i];
for (i = 0, j = 0; i < len; i++, j++) {
if (j == 16) j = 0;
output[i] = data[i] ^ key[j];
}
return 0;
}
int padding(char *data, int &data_len, int padding_num) {
int old_len = data_len;
data_len += 1;
if (data_len % padding_num != 0) {
data_len = (data_len / padding_num) * padding_num + padding_num;
}
unsigned char *p = (unsigned char *)&data[data_len - 1];
*p = (data_len - old_len);
return 0;
}
int de_padding(const char *data, int &data_len, int padding_num) {
if (data_len == 0) return -1;
if ((uint8_t)data[data_len - 1] > padding_num) return -1;
data_len -= (uint8_t)data[data_len - 1];
if (data_len < 0) {
return -1;
}
return 0;
}
void aes_ecb_encrypt(const char *data, char *output) {
static int first_time = 1;
char *key = (char *)cipher_key_encrypt;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
}
AES_ECB_encrypt_buffer((uint8_t *)data, (uint8_t *)key, (uint8_t *)output);
}
void aes_ecb_encrypt1(char *data) {
char buf[16];
memcpy(buf, data, 16);
aes_ecb_encrypt(buf, data);
}
void aes_ecb_decrypt(const char *data, char *output) {
static int first_time = 1;
char *key = (char *)cipher_key_decrypt;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
}
AES_ECB_decrypt_buffer((uint8_t *)data, (uint8_t *)key, (uint8_t *)output);
}
void aes_ecb_decrypt1(char *data) {
char buf[16];
memcpy(buf, data, 16);
aes_ecb_decrypt(buf, data);
}
int cipher_aes128cbc_encrypt(const char *data, char *output, int &len, char *key) {
static int first_time = 1;
char buf[buf_len];
memcpy(buf, data, len); // TODO inefficient code
if (padding(buf, len, 16) < 0) return -1;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
}
AES_CBC_encrypt_buffer((unsigned char *)output, (unsigned char *)buf, len, (unsigned char *)key, (unsigned char *)zero_iv);
return 0;
}
int cipher_aes128cfb_encrypt(const char *data, char *output, int &len, char *key) {
static int first_time = 1;
assert(len >= 16);
char buf[buf_len];
memcpy(buf, data, len); // TODO inefficient code
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
}
if (!aes128cfb_old) {
aes_ecb_encrypt(data, buf); // encrypt the first block
}
AES_CFB_encrypt_buffer((unsigned char *)output, (unsigned char *)buf, len, (unsigned char *)key, (unsigned char *)zero_iv);
return 0;
}
int auth_crc32_verify(const char *data, int &len) {
if (len < int(sizeof(unsigned int))) {
mylog(log_debug, "auth_crc32_verify len<%d\n", int(sizeof(unsigned int)));
return -1;
}
unsigned int ret = crc32h((unsigned char *)data, len - sizeof(unsigned int));
unsigned int ret_n = htonl(ret);
if (memcmp(data + len - sizeof(unsigned int), &ret_n, sizeof(unsigned int)) != 0) {
mylog(log_debug, "auth_crc32_verify memcmp fail\n");
return -1;
}
len -= sizeof(unsigned int);
return 0;
}
int cipher_none_encrypt(const char *data, char *output, int &len, char *key) {
memcpy(output, data, len);
return 0;
}
int cipher_aes128cbc_decrypt(const char *data, char *output, int &len, char *key) {
static int first_time = 1;
if (len % 16 != 0) {
mylog(log_debug, "len%%16!=0\n");
return -1;
}
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
}
AES_CBC_decrypt_buffer((unsigned char *)output, (unsigned char *)data, len, (unsigned char *)key, (unsigned char *)zero_iv);
if (de_padding(output, len, 16) < 0) return -1;
return 0;
}
int cipher_aes128cfb_decrypt(const char *data, char *output, int &len, char *key) {
static int first_time = 1;
if (len < 16) return -1;
if (aes_key_optimize) {
if (first_time == 0)
key = 0;
else
first_time = 0;
}
AES_CFB_decrypt_buffer((unsigned char *)output, (unsigned char *)data, len, (unsigned char *)key, (unsigned char *)zero_iv);
if (!aes128cfb_old)
aes_ecb_decrypt1(output); // decrypt the first block
// if(de_padding(output,len,16)<0) return -1;
return 0;
}
int cipher_none_decrypt(const char *data, char *output, int &len, char *key) {
memcpy(output, data, len);
return 0;
}
int auth_cal(const char *data, char *output, int &len) {
mylog(log_trace, "auth:%d\n", auth_mode);
switch (auth_mode) {
case auth_crc32:
return auth_crc32_cal(data, output, len);
case auth_md5:
return auth_md5_cal(data, output, len);
case auth_simple:
return auth_simple_cal(data, output, len);
case auth_none:
return auth_none_cal(data, output, len);
case auth_hmac_sha1:
return auth_hmac_sha1_cal(data, output, len);
// default: return auth_md5_cal(data,output,len);//default;
default:
assert(0 == 1);
}
return -1;
}
int auth_verify(const char *data, int &len) {
mylog(log_trace, "auth:%d\n", auth_mode);
switch (auth_mode) {
case auth_crc32:
return auth_crc32_verify(data, len);
case auth_md5:
return auth_md5_verify(data, len);
case auth_simple:
return auth_simple_verify(data, len);
case auth_none:
return auth_none_verify(data, len);
case auth_hmac_sha1:
return auth_hmac_sha1_verify(data, len);
// default: return auth_md5_verify(data,len);//default
default:
assert(0 == 1);
}
return -1;
}
int cipher_encrypt(const char *data, char *output, int &len, char *key) {
mylog(log_trace, "cipher:%d\n", cipher_mode);
switch (cipher_mode) {
case cipher_aes128cbc:
return cipher_aes128cbc_encrypt(data, output, len, key);
case cipher_aes128cfb:
return cipher_aes128cfb_encrypt(data, output, len, key);
case cipher_xor:
return cipher_xor_encrypt(data, output, len, key);
case cipher_none:
return cipher_none_encrypt(data, output, len, key);
// default:return cipher_aes128cbc_encrypt(data,output,len, key);
default:
assert(0 == 1);
}
return -1;
}
int cipher_decrypt(const char *data, char *output, int &len, char *key) {
mylog(log_trace, "cipher:%d\n", cipher_mode);
switch (cipher_mode) {
case cipher_aes128cbc:
return cipher_aes128cbc_decrypt(data, output, len, key);
case cipher_aes128cfb:
return cipher_aes128cfb_decrypt(data, output, len, key);
case cipher_xor:
return cipher_xor_decrypt(data, output, len, key);
case cipher_none:
return cipher_none_decrypt(data, output, len, key);
// default: return cipher_aes128cbc_decrypt(data,output,len,key);
default:
assert(0 == 1);
}
return -1;
}
int encrypt_AE(const char *data, char *output, int &len /*,char * key*/) {
mylog(log_trace, "encrypt_AE is called\n");
char buf[buf_len];
char buf2[buf_len];
memcpy(buf, data, len);
if (cipher_encrypt(buf, buf2, len, (char *)cipher_key_encrypt) != 0) {
mylog(log_debug, "cipher_encrypt failed ");
return -1;
}
if (auth_cal(buf2, output, len) != 0) {
mylog(log_debug, "auth_cal failed ");
return -1;
}
// printf("%d %x %x\n",len,(int)(output[0]),(int)(output[1]));
// print_binary_chars(output,len);
// use encrypt-then-MAC scheme
return 0;
}
int decrypt_AE(const char *data, char *output, int &len /*,char * key*/) {
mylog(log_trace, "decrypt_AE is called\n");
// printf("%d %x %x\n",len,(int)(data[0]),(int)(data[1]));
// print_binary_chars(data,len);
if (auth_verify(data, len) != 0) {
mylog(log_debug, "auth_verify failed\n");
return -1;
}
if (cipher_decrypt(data, output, len, (char *)cipher_key_decrypt) != 0) {
mylog(log_debug, "cipher_decrypt failed \n");
return -1;
}
return 0;
}
int my_encrypt(const char *data, char *output, int &len /*,char * key*/) {
if (len < 0) {
mylog(log_trace, "len<0");
return -1;
}
if (len > max_data_len) {
mylog(log_warn, "len>max_data_len");
return -1;
}
if (is_hmac_used)
return encrypt_AE(data, output, len);
char buf[buf_len];
char buf2[buf_len];
memcpy(buf, data, len);
if (auth_cal(buf, buf2, len) != 0) {
mylog(log_debug, "auth_cal failed ");
return -1;
}
if (cipher_encrypt(buf2, output, len, normal_key) != 0) {
mylog(log_debug, "cipher_encrypt failed ");
return -1;
}
return 0;
}
int my_decrypt(const char *data, char *output, int &len /*,char * key*/) {
if (len < 0) return -1;
if (len > max_data_len) {
mylog(log_warn, "len>max_data_len");
return -1;
}
if (is_hmac_used)
return decrypt_AE(data, output, len);
if (cipher_decrypt(data, output, len, normal_key) != 0) {
mylog(log_debug, "cipher_decrypt failed \n");
return -1;
}
if (auth_verify(output, len) != 0) {
mylog(log_debug, "auth_verify failed\n");
return -1;
}
return 0;
}
int encrypt_AEAD(uint8_t *data, uint8_t *output, int &len, uint8_t *key, uint8_t *header, int hlen) {
// TODO
return -1;
}
int decrypt_AEAD(uint8_t *data, uint8_t *output, int &len, uint8_t *key, uint8_t *header, int hlen) {
// TODO
return -1;
}