Add HMAC SHA2 to IKE

2024-11-22 17:39:53 +03:00 · 2017-01-23 00:50:48 +01:00 · 2017-01-23 00:50:48 +01:00 · 29234b7f9a
commit 29234b7f9a
parent 342d602f5d
4 changed files with 129 additions and 33 deletions
--- a/src/Cedar/IPsec_IkePacket.c
+++ b/src/Cedar/IPsec_IkePacket.c
@ -2558,7 +2558,7 @@ IKE_ENGINE *NewIkeEngine()
 {
 	IKE_ENGINE *e = ZeroMalloc(sizeof(IKE_ENGINE));
 	IKE_CRYPTO *des, *des3, *aes;
-	IKE_HASH *sha1, *md5;
+	IKE_HASH *sha1, *md5, *sha2_256, *sha2_384, *sha2_512;
 	IKE_DH *dh1, *dh2, *dh5;
 	UINT des_key_sizes[] =
 	{
@ -2594,6 +2594,14 @@ IKE_ENGINE *NewIkeEngine()
 	// SHA-1
 	sha1 = NewIkeHash(e, IKE_HASH_SHA1_ID, IKE_HASH_SHA1_STRING, 20);
 	// SHA-2
 	// sha2-256
 	sha2_256 = NewIkeHash(e, IKE_HASH_SHA2_256_ID, IKE_HASH_SHA2_256_STRING, 32);
 	// sha2-384
 	sha2_384 = NewIkeHash(e, IKE_HASH_SHA2_384_ID, IKE_HASH_SHA2_384_STRING, 48);
 	// sha2-512
 	sha2_512 = NewIkeHash(e, IKE_HASH_SHA2_512_ID, IKE_HASH_SHA2_512_STRING, 64);
 	// MD5
 	md5 = NewIkeHash(e, IKE_HASH_MD5_ID, IKE_HASH_MD5_STRING, 16);
@ -2608,6 +2616,10 @@ IKE_ENGINE *NewIkeEngine()
 	e->IkeCryptos[IKE_P1_CRYPTO_AES_CBC] = aes;
 	e->IkeHashes[IKE_P1_HASH_MD5] = md5;
 	e->IkeHashes[IKE_P1_HASH_SHA1] = sha1;
 	//e->IkeHashes[IKE_P1_HASH_SHA2_256] = sha2_256;
 	//e->IkeHashes[IKE_P1_HASH_SHA2_384] = sha2_384;
 	//e->IkeHashes[IKE_P1_HASH_SHA2_512] = sha2_512;
 	// Definition of ESP algorithm
 	e->EspCryptos[IKE_TRANSFORM_ID_P2_ESP_DES] = des;
@ -2925,6 +2937,15 @@ void IkeHash(IKE_HASH *h, void *dst, void *src, UINT size)
 		// SHA-1
 		Sha1(dst, src, size);
 		break;
 	case IKE_HASH_SHA2_256_ID:
 		Sha2_256(dst, src, size);
 		break;
 	case IKE_HASH_SHA2_384_ID:
 		Sha2_384(dst, src, size);
 		break;
 	case IKE_HASH_SHA2_512_ID:
 		Sha2_512(dst, src, size);
 		break;
 	default:
 		// Unknown
@ -2936,11 +2957,26 @@ void IkeHash(IKE_HASH *h, void *dst, void *src, UINT size)
 // Calculation of HMAC
 void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT data_size)
 {
-	UCHAR k[HMAC_BLOCK_SIZE];
+	UINT hmac_block_size;
 	if (h == NULL) {
 		return;
 	}
 	switch (h->HashId) {
 		case IKE_HASH_SHA1_ID:
 		case IKE_HASH_SHA2_256_ID:
 			hmac_block_size = HMAC_BLOCK_SIZE;
 			break;
 		case IKE_HASH_SHA2_384_ID:
 		case IKE_HASH_SHA2_512_ID:
 			hmac_block_size = HMAC_BLOCK_SIZE_1024;
 			break;
 		default: return;
 	}
 	UCHAR k[hmac_block_size];
 	UCHAR *data1;
 	UCHAR hash1[IKE_MAX_HASH_SIZE];
 	UINT data1_size;
-	UCHAR data2[IKE_MAX_HASH_SIZE + HMAC_BLOCK_SIZE];
+	UCHAR data2[IKE_MAX_HASH_SIZE + hmac_block_size];
 	UINT data2_size;
 	UCHAR tmp1600[1600];
 	bool no_free = false;
@ -2957,6 +2993,21 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
 		HMacSha1(dst, key, key_size, data, data_size);
 		return;
 	}
 	else if (h->HashId == IKE_HASH_SHA2_256_ID)
 	{
 		HMacSha2_256(dst, key, key_size, data, data_size);
 		return;
 	}
 	else if (h->HashId == IKE_HASH_SHA2_384_ID)
 	{
 		HMacSha2_384(dst, key, key_size, data, data_size);
 		return;
 	}
 	else if (h->HashId == IKE_HASH_SHA2_512_ID)
 	{
 		HMacSha2_512(dst, key, key_size, data, data_size);
 		return;
 	}
 	else if (h->HashId == IKE_HASH_MD5_ID)
 	{
 		// Use the special function (fast) in the case of MD5
@ -2966,7 +3017,7 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
 	// Creating a K
 	Zero(k, sizeof(k));
-	if (key_size <= HMAC_BLOCK_SIZE)
+	if (key_size <= hmac_block_size)
 	{
 		Copy(k, key, key_size);
 	}
@ -2976,7 +3027,7 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
 	}
 	// Generation of data 1
-	data1_size = data_size + HMAC_BLOCK_SIZE;
+	data1_size = data_size + hmac_block_size;
 	if (data1_size > sizeof(tmp1600))
 	{
@ -2988,12 +3039,12 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
 		no_free = true;
 	}
-	for (i = 0;i < HMAC_BLOCK_SIZE;i++)
+	for (i = 0;i < hmac_block_size;i++)
 	{
 		data1[i] = k[i] ^ 0x36;
 	}
-	Copy(data1 + HMAC_BLOCK_SIZE, data, data_size);
+	Copy(data1 + hmac_block_size, data, data_size);
 	// Calculate the hash value
 	IkeHash(h, hash1, data1, data1_size);
@ -3004,14 +3055,14 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
 	}
 	// Generation of data 2
-	data2_size = h->HashSize + HMAC_BLOCK_SIZE;
+	data2_size = h->HashSize + hmac_block_size;
 	for (i = 0;i < HMAC_BLOCK_SIZE;i++)
 	{
 		data2[i] = k[i] ^ 0x5c;
 	}
-	Copy(data2 + HMAC_BLOCK_SIZE, hash1, h->HashSize);
+	Copy(data2 + hmac_block_size, hash1, h->HashSize);
 	// Calculate the hash value
 	IkeHash(h, dst, data2, data2_size);
--- a/src/Cedar/IPsec_IkePacket.h
+++ b/src/Cedar/IPsec_IkePacket.h
@ -120,7 +120,7 @@
 #endif	// OS_WIN32
 // Maximum hash size
-#define	IKE_MAX_HASH_SIZE				20		// Size of SHA-1 is the maximum for now
+#define	IKE_MAX_HASH_SIZE				64		// Size of SHA-2-512 is the maximum for now
 // Maximum block size
 #define	IKE_MAX_BLOCK_SIZE				16		// Size of AES is maximum at the moment
@ -250,6 +250,9 @@ struct IKE_TRANSFORM_VALUE
 // Phase 1: The hash algorithm in IKE transform value
 #define	IKE_P1_HASH_MD5						1
 #define IKE_P1_HASH_SHA1					2
 #define IKE_P1_HASH_SHA2_256				4
 #define IKE_P1_HASH_SHA2_384				5
 #define IKE_P1_HASH_SHA2_512				6
 // Phase 1: The authentication method in the IKE transform value
 #define IKE_P1_AUTH_METHOD_PRESHAREDKEY		1
@ -530,6 +533,15 @@ struct IKE_P1_KEYSET
 #define	IKE_HASH_SHA1_ID						1
 #define	IKE_HASH_SHA1_STRING					"SHA-1"
 #define	IKE_HASH_SHA2_256_ID					2
 #define	IKE_HASH_SHA2_256_STRING				"SHA-2-256"
 #define	IKE_HASH_SHA2_384_ID					3
 #define	IKE_HASH_SHA2_384_STRING				"SHA-2-384"
 #define	IKE_HASH_SHA2_512_ID					4
 #define	IKE_HASH_SHA2_512_STRING				"SHA-2-512"
 // Number and name of DH algorithm for IKE
 #define	IKE_DH_1_ID								0
 #define	IKE_DH_1_STRING							"MODP 768 (Group 1)"
--- a/src/Mayaqua/Encrypt.c
+++ b/src/Mayaqua/Encrypt.c
@ -379,19 +379,19 @@ void HMacMd5(void *dst, void *key, UINT key_size, void *data, UINT data_size)
 }
 void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
-	HMacSha(_SHA1_160, dst, key, key_size, data, data_size);
+	HMacSha(SHA1_160, dst, key, key_size, data, data_size);
 }
 void HMacSha2_256(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
-	HMacSha(_SHA2_256, dst, key, key_size, data, data_size);
+	HMacSha(SHA2_256, dst, key, key_size, data, data_size);
 }
 void HMacSha2_384(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
-	HMacSha(_SHA2_384, dst, key, key_size, data, data_size);
+	HMacSha(SHA2_384, dst, key, key_size, data, data_size);
 }
 void HMacSha2_512(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
-	HMacSha(_SHA2_512, dst, key, key_size, data, data_size);
+	HMacSha(SHA2_512, dst, key, key_size, data, data_size);
 }
 // Calculation of HMAC (SHA-1)
@ -399,12 +399,12 @@ void HMacSha(UINT sha_type, void *dst, void *key, UINT key_size, void *data, UIN
 {
 	UINT hmac_block_size;
 	switch(sha_type) {
-		case _SHA1_160:
+		case SHA1_160:
-		case _SHA2_256:
+		case SHA2_256:
 			hmac_block_size = HMAC_BLOCK_SIZE;
 			break;
-		case _SHA2_384:
+		case SHA2_384:
-		case _SHA2_512:
+		case SHA2_512:
 			hmac_block_size = HMAC_BLOCK_SIZE_1024;
 			break;
 		default:
@ -448,25 +448,25 @@ void HMacSha(UINT sha_type, void *dst, void *key, UINT key_size, void *data, UIN
 	}
 	switch(sha_type) {
-		case _SHA1_160:
+		case SHA1_160:
 			SHA1_Init(&sha_ctx1);
 			SHA1_Update(&sha_ctx1, pad1, sizeof(pad1));
 			SHA1_Update(&sha_ctx1, data, data_size);
 			SHA1_Final(hash1, &sha_ctx1);
 			break;
-		case _SHA2_256:
+		case SHA2_256:
 			SHA256_Init(&sha_ctx1);
 			SHA256_Update(&sha_ctx1, pad1, sizeof(pad1));
 			SHA256_Update(&sha_ctx1, data, data_size);
 			SHA256_Final(hash1, &sha_ctx1);
 			break;
-		case _SHA2_384:
+		case SHA2_384:
 			SHA384_Init(&sha_ctx1);
 			SHA384_Update(&sha_ctx1, pad1, sizeof(pad1));
 			SHA384_Update(&sha_ctx1, data, data_size);
 			SHA384_Final(hash1, &sha_ctx1);
 			break;
-		case _SHA2_512:
+		case SHA2_512:
 			SHA512_Init(&sha_ctx1);
 			SHA512_Update(&sha_ctx1, pad1, sizeof(pad1));
 			SHA512_Update(&sha_ctx1, data, data_size);
@ -496,26 +496,26 @@ void HMacSha(UINT sha_type, void *dst, void *key, UINT key_size, void *data, UIN
 	}
 	switch(sha_type) {
-	case _SHA1_160:
+	case SHA1_160:
 		SHA1_Init(&sha_ctx1);
 		SHA1_Update(&sha_ctx1, data2, hmac_block_size);
 		SHA1_Update(&sha_ctx1, hash1, SHA1_SIZE);
 		SHA1_Final(dst, &sha_ctx1);
 		break;
-	case _SHA2_256:
+	case SHA2_256:
 		SHA256_Init(&sha_ctx1);
 		SHA256_Update(&sha_ctx1, data2, hmac_block_size);
 		SHA256_Update(&sha_ctx1, hash1, SHA256_SIZE);
 		SHA256_Final(dst, &sha_ctx1);
 		break;
-	case _SHA2_384:
+	case SHA2_384:
 		SHA384_Init(&sha_ctx1);
 		SHA384_Update(&sha_ctx1, data2, hmac_block_size);
 		SHA384_Update(&sha_ctx1, hash1, SHA384_SIZE);
 		SHA384_Final(dst, &sha_ctx1);
 		break;
-	case _SHA2_512:
+	case SHA2_512:
 		SHA384_Init(&sha_ctx1);
 		SHA384_Update(&sha_ctx1, data2, hmac_block_size);
 		SHA1_Update(&sha_ctx1, hash1, SHA512_SIZE);
@ -4437,7 +4437,7 @@ void Encrypt(CRYPT *c, void *dst, void *src, UINT size)
 }
 // SHA-1 hash
-void Sha1(void *dst, void *src, UINT size)
+void Sha(UINT sha_type, void *dst, void *src, UINT size)
 {
 	// Validate arguments
 	if (dst == NULL || src == NULL)
@ -4445,7 +4445,35 @@ void Sha1(void *dst, void *src, UINT size)
 		return;
 	}
-	SHA1(src, size, dst);
+	switch(sha_type) {
 	case SHA1_160:
 		SHA1(src, size, dst);
 		break;
 	case SHA2_256:
 		SHA256(src, size, dst);
 		break;
 	case SHA2_384:
 		SHA384(src, size, dst);
 		break;
 	case SHA2_512:
 		SHA512(src, size, dst);
 		break;
 	}
 }
 void Sha1(void *dst, void *src, UINT size) {
 	Sha(SHA1_160, dst, src, size);
 }
 void Sha2_256(void *dst, void *src, UINT size) {
 	Sha(SHA2_256, dst, src, size);
 }
 void Sha2_384(void *dst, void *src, UINT size) {
 	Sha(SHA2_384, dst, src, size);
 }
 void Sha2_512(void *dst, void *src, UINT size) {
 	Sha(SHA2_512, dst, src, size);
 }
 // MD5 hash
--- a/src/Mayaqua/Encrypt.h
+++ b/src/Mayaqua/Encrypt.h
@ -141,11 +141,11 @@ void RAND_Free_For_SoftEther();
 #define	AES_IV_SIZE					16			// AES IV size
 #define	AES_MAX_KEY_SIZE			32			// Maximum AES key size
-// IANA definitions taken from IKEv1 Phase 1. For internal use only
+// IANA definitions taken from IKEv1 Phase 1
-#define _SHA1_160						2
+#define SHA1_160						2
-#define _SHA2_256						4
+#define SHA2_256						4
-#define _SHA2_384						5
+#define SHA2_384						5
-#define _SHA2_512						6
+#define SHA2_512						6
 // HMAC block size
 #define	HMAC_BLOCK_SIZE					64
@ -518,7 +518,12 @@ void Des3Encrypt(void *dest, void *src, UINT size, DES_KEY *key, void *ivec);
 void Des3Encrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec);
 void Des3Decrypt(void *dest, void *src, UINT size, DES_KEY *key, void *ivec);
 void Des3Decrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec);
 void Sha(UINT sha_type, void *dst, void *src, UINT size);
 void Sha1(void *dst, void *src, UINT size);
 void Sha2_256(void *dst, void *src, UINT size);
 void Sha2_384(void *dst, void *src, UINT size);
 void Sha2_512(void *dst, void *src, UINT size);
 void Md5(void *dst, void *src, UINT size);
 void MacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size);
 void MacSha196(void *dst, void *key, void *data, UINT data_size);