mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Merge branch 'add-sha2' into openvpn-extend-ciphers
This commit is contained in:
commit
86383d1f60
@ -2558,7 +2558,7 @@ IKE_ENGINE *NewIkeEngine()
|
|||||||
{
|
{
|
||||||
IKE_ENGINE *e = ZeroMalloc(sizeof(IKE_ENGINE));
|
IKE_ENGINE *e = ZeroMalloc(sizeof(IKE_ENGINE));
|
||||||
IKE_CRYPTO *des, *des3, *aes;
|
IKE_CRYPTO *des, *des3, *aes;
|
||||||
IKE_HASH *sha1, *md5;
|
IKE_HASH *sha1, *md5, *sha2_256, *sha2_384, *sha2_512;
|
||||||
IKE_DH *dh1, *dh2, *dh5;
|
IKE_DH *dh1, *dh2, *dh5;
|
||||||
UINT des_key_sizes[] =
|
UINT des_key_sizes[] =
|
||||||
{
|
{
|
||||||
@ -2594,6 +2594,14 @@ IKE_ENGINE *NewIkeEngine()
|
|||||||
// SHA-1
|
// SHA-1
|
||||||
sha1 = NewIkeHash(e, IKE_HASH_SHA1_ID, IKE_HASH_SHA1_STRING, 20);
|
sha1 = NewIkeHash(e, IKE_HASH_SHA1_ID, IKE_HASH_SHA1_STRING, 20);
|
||||||
|
|
||||||
|
// SHA-2
|
||||||
|
// sha2-256
|
||||||
|
sha2_256 = NewIkeHash(e, IKE_HASH_SHA2_256_ID, IKE_HASH_SHA2_256_STRING, 32);
|
||||||
|
// sha2-384
|
||||||
|
sha2_384 = NewIkeHash(e, IKE_HASH_SHA2_384_ID, IKE_HASH_SHA2_384_STRING, 48);
|
||||||
|
// sha2-512
|
||||||
|
sha2_512 = NewIkeHash(e, IKE_HASH_SHA2_512_ID, IKE_HASH_SHA2_512_STRING, 64);
|
||||||
|
|
||||||
// MD5
|
// MD5
|
||||||
md5 = NewIkeHash(e, IKE_HASH_MD5_ID, IKE_HASH_MD5_STRING, 16);
|
md5 = NewIkeHash(e, IKE_HASH_MD5_ID, IKE_HASH_MD5_STRING, 16);
|
||||||
|
|
||||||
@ -2608,6 +2616,10 @@ IKE_ENGINE *NewIkeEngine()
|
|||||||
e->IkeCryptos[IKE_P1_CRYPTO_AES_CBC] = aes;
|
e->IkeCryptos[IKE_P1_CRYPTO_AES_CBC] = aes;
|
||||||
e->IkeHashes[IKE_P1_HASH_MD5] = md5;
|
e->IkeHashes[IKE_P1_HASH_MD5] = md5;
|
||||||
e->IkeHashes[IKE_P1_HASH_SHA1] = sha1;
|
e->IkeHashes[IKE_P1_HASH_SHA1] = sha1;
|
||||||
|
e->IkeHashes[IKE_P1_HASH_SHA2_256] = sha2_256;
|
||||||
|
e->IkeHashes[IKE_P1_HASH_SHA2_384] = sha2_384;
|
||||||
|
e->IkeHashes[IKE_P1_HASH_SHA2_512] = sha2_512;
|
||||||
|
|
||||||
|
|
||||||
// Definition of ESP algorithm
|
// Definition of ESP algorithm
|
||||||
e->EspCryptos[IKE_TRANSFORM_ID_P2_ESP_DES] = des;
|
e->EspCryptos[IKE_TRANSFORM_ID_P2_ESP_DES] = des;
|
||||||
@ -2925,6 +2937,15 @@ void IkeHash(IKE_HASH *h, void *dst, void *src, UINT size)
|
|||||||
// SHA-1
|
// SHA-1
|
||||||
Sha1(dst, src, size);
|
Sha1(dst, src, size);
|
||||||
break;
|
break;
|
||||||
|
case IKE_HASH_SHA2_256_ID:
|
||||||
|
Sha2_256(dst, src, size);
|
||||||
|
break;
|
||||||
|
case IKE_HASH_SHA2_384_ID:
|
||||||
|
Sha2_384(dst, src, size);
|
||||||
|
break;
|
||||||
|
case IKE_HASH_SHA2_512_ID:
|
||||||
|
Sha2_512(dst, src, size);
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
// Unknown
|
// Unknown
|
||||||
@ -2936,11 +2957,26 @@ void IkeHash(IKE_HASH *h, void *dst, void *src, UINT size)
|
|||||||
// Calculation of HMAC
|
// Calculation of HMAC
|
||||||
void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
||||||
{
|
{
|
||||||
UCHAR k[HMAC_BLOCK_SIZE];
|
UINT hmac_block_size;
|
||||||
|
if (h == NULL) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
switch (h->HashId) {
|
||||||
|
case IKE_HASH_SHA1_ID:
|
||||||
|
case IKE_HASH_SHA2_256_ID:
|
||||||
|
hmac_block_size = HMAC_BLOCK_SIZE;
|
||||||
|
break;
|
||||||
|
case IKE_HASH_SHA2_384_ID:
|
||||||
|
case IKE_HASH_SHA2_512_ID:
|
||||||
|
hmac_block_size = HMAC_BLOCK_SIZE_1024;
|
||||||
|
break;
|
||||||
|
default: return;
|
||||||
|
}
|
||||||
|
UCHAR k[hmac_block_size];
|
||||||
UCHAR *data1;
|
UCHAR *data1;
|
||||||
UCHAR hash1[IKE_MAX_HASH_SIZE];
|
UCHAR hash1[IKE_MAX_HASH_SIZE];
|
||||||
UINT data1_size;
|
UINT data1_size;
|
||||||
UCHAR data2[IKE_MAX_HASH_SIZE + HMAC_BLOCK_SIZE];
|
UCHAR data2[IKE_MAX_HASH_SIZE + hmac_block_size];
|
||||||
UINT data2_size;
|
UINT data2_size;
|
||||||
UCHAR tmp1600[1600];
|
UCHAR tmp1600[1600];
|
||||||
bool no_free = false;
|
bool no_free = false;
|
||||||
@ -2957,6 +2993,21 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
|
|||||||
HMacSha1(dst, key, key_size, data, data_size);
|
HMacSha1(dst, key, key_size, data, data_size);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
else if (h->HashId == IKE_HASH_SHA2_256_ID)
|
||||||
|
{
|
||||||
|
HMacSha2_256(dst, key, key_size, data, data_size);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else if (h->HashId == IKE_HASH_SHA2_384_ID)
|
||||||
|
{
|
||||||
|
HMacSha2_384(dst, key, key_size, data, data_size);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else if (h->HashId == IKE_HASH_SHA2_512_ID)
|
||||||
|
{
|
||||||
|
HMacSha2_512(dst, key, key_size, data, data_size);
|
||||||
|
return;
|
||||||
|
}
|
||||||
else if (h->HashId == IKE_HASH_MD5_ID)
|
else if (h->HashId == IKE_HASH_MD5_ID)
|
||||||
{
|
{
|
||||||
// Use the special function (fast) in the case of MD5
|
// Use the special function (fast) in the case of MD5
|
||||||
@ -2966,7 +3017,7 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
|
|||||||
|
|
||||||
// Creating a K
|
// Creating a K
|
||||||
Zero(k, sizeof(k));
|
Zero(k, sizeof(k));
|
||||||
if (key_size <= HMAC_BLOCK_SIZE)
|
if (key_size <= hmac_block_size)
|
||||||
{
|
{
|
||||||
Copy(k, key, key_size);
|
Copy(k, key, key_size);
|
||||||
}
|
}
|
||||||
@ -2976,7 +3027,7 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Generation of data 1
|
// Generation of data 1
|
||||||
data1_size = data_size + HMAC_BLOCK_SIZE;
|
data1_size = data_size + hmac_block_size;
|
||||||
|
|
||||||
if (data1_size > sizeof(tmp1600))
|
if (data1_size > sizeof(tmp1600))
|
||||||
{
|
{
|
||||||
@ -2988,12 +3039,12 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
|
|||||||
no_free = true;
|
no_free = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0;i < HMAC_BLOCK_SIZE;i++)
|
for (i = 0;i < hmac_block_size;i++)
|
||||||
{
|
{
|
||||||
data1[i] = k[i] ^ 0x36;
|
data1[i] = k[i] ^ 0x36;
|
||||||
}
|
}
|
||||||
|
|
||||||
Copy(data1 + HMAC_BLOCK_SIZE, data, data_size);
|
Copy(data1 + hmac_block_size, data, data_size);
|
||||||
|
|
||||||
// Calculate the hash value
|
// Calculate the hash value
|
||||||
IkeHash(h, hash1, data1, data1_size);
|
IkeHash(h, hash1, data1, data1_size);
|
||||||
@ -3004,14 +3055,14 @@ void IkeHMac(IKE_HASH *h, void *dst, void *key, UINT key_size, void *data, UINT
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Generation of data 2
|
// Generation of data 2
|
||||||
data2_size = h->HashSize + HMAC_BLOCK_SIZE;
|
data2_size = h->HashSize + hmac_block_size;
|
||||||
|
|
||||||
for (i = 0;i < HMAC_BLOCK_SIZE;i++)
|
for (i = 0;i < HMAC_BLOCK_SIZE;i++)
|
||||||
{
|
{
|
||||||
data2[i] = k[i] ^ 0x5c;
|
data2[i] = k[i] ^ 0x5c;
|
||||||
}
|
}
|
||||||
|
|
||||||
Copy(data2 + HMAC_BLOCK_SIZE, hash1, h->HashSize);
|
Copy(data2 + hmac_block_size, hash1, h->HashSize);
|
||||||
|
|
||||||
// Calculate the hash value
|
// Calculate the hash value
|
||||||
IkeHash(h, dst, data2, data2_size);
|
IkeHash(h, dst, data2, data2_size);
|
||||||
|
@ -120,7 +120,7 @@
|
|||||||
#endif // OS_WIN32
|
#endif // OS_WIN32
|
||||||
|
|
||||||
// Maximum hash size
|
// Maximum hash size
|
||||||
#define IKE_MAX_HASH_SIZE 20 // Size of SHA-1 is the maximum for now
|
#define IKE_MAX_HASH_SIZE 64 // Size of SHA-2-512 is the maximum for now
|
||||||
|
|
||||||
// Maximum block size
|
// Maximum block size
|
||||||
#define IKE_MAX_BLOCK_SIZE 16 // Size of AES is maximum at the moment
|
#define IKE_MAX_BLOCK_SIZE 16 // Size of AES is maximum at the moment
|
||||||
@ -250,6 +250,9 @@ struct IKE_TRANSFORM_VALUE
|
|||||||
// Phase 1: The hash algorithm in IKE transform value
|
// Phase 1: The hash algorithm in IKE transform value
|
||||||
#define IKE_P1_HASH_MD5 1
|
#define IKE_P1_HASH_MD5 1
|
||||||
#define IKE_P1_HASH_SHA1 2
|
#define IKE_P1_HASH_SHA1 2
|
||||||
|
#define IKE_P1_HASH_SHA2_256 4
|
||||||
|
#define IKE_P1_HASH_SHA2_384 5
|
||||||
|
#define IKE_P1_HASH_SHA2_512 6
|
||||||
|
|
||||||
// Phase 1: The authentication method in the IKE transform value
|
// Phase 1: The authentication method in the IKE transform value
|
||||||
#define IKE_P1_AUTH_METHOD_PRESHAREDKEY 1
|
#define IKE_P1_AUTH_METHOD_PRESHAREDKEY 1
|
||||||
@ -530,6 +533,15 @@ struct IKE_P1_KEYSET
|
|||||||
#define IKE_HASH_SHA1_ID 1
|
#define IKE_HASH_SHA1_ID 1
|
||||||
#define IKE_HASH_SHA1_STRING "SHA-1"
|
#define IKE_HASH_SHA1_STRING "SHA-1"
|
||||||
|
|
||||||
|
#define IKE_HASH_SHA2_256_ID 2
|
||||||
|
#define IKE_HASH_SHA2_256_STRING "SHA-2-256"
|
||||||
|
|
||||||
|
#define IKE_HASH_SHA2_384_ID 3
|
||||||
|
#define IKE_HASH_SHA2_384_STRING "SHA-2-384"
|
||||||
|
|
||||||
|
#define IKE_HASH_SHA2_512_ID 4
|
||||||
|
#define IKE_HASH_SHA2_512_STRING "SHA-2-512"
|
||||||
|
|
||||||
// Number and name of DH algorithm for IKE
|
// Number and name of DH algorithm for IKE
|
||||||
#define IKE_DH_1_ID 0
|
#define IKE_DH_1_ID 0
|
||||||
#define IKE_DH_1_STRING "MODP 768 (Group 1)"
|
#define IKE_DH_1_STRING "MODP 768 (Group 1)"
|
||||||
|
@ -155,7 +155,7 @@
|
|||||||
#define OPENVPN_CIPHER_LIST "[NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC RC2-40-CBC RC2-64-CBC RC2-CBC"
|
#define OPENVPN_CIPHER_LIST "[NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC RC2-40-CBC RC2-64-CBC RC2-CBC"
|
||||||
|
|
||||||
// List of the supported hash algorithm
|
// List of the supported hash algorithm
|
||||||
#define OPENVPN_MD_LIST "SHA SHA1 MD5 MD4 RMD160"
|
#define OPENVPN_MD_LIST "SHA SHA1 SHA256 SHA384 SHA512 MD5 MD4 RMD160"
|
||||||
|
|
||||||
// MTU
|
// MTU
|
||||||
#define OPENVPN_MTU_LINK 1514 // Ethernet MTU
|
#define OPENVPN_MTU_LINK 1514 // Ethernet MTU
|
||||||
|
@ -378,14 +378,50 @@ void HMacMd5(void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
|||||||
MD5_Final(dst, &md5_ctx1);
|
MD5_Final(dst, &md5_ctx1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
|
||||||
|
HMacSha(SHA1_160, dst, key, key_size, data, data_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
void HMacSha2_256(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
|
||||||
|
HMacSha(SHA2_256, dst, key, key_size, data, data_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
void HMacSha2_384(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
|
||||||
|
HMacSha(SHA2_384, dst, key, key_size, data, data_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
void HMacSha2_512(void *dst, void *key, UINT key_size, void *data, UINT data_size) {
|
||||||
|
HMacSha(SHA2_512, dst, key, key_size, data, data_size);
|
||||||
|
}
|
||||||
|
|
||||||
// Calculation of HMAC (SHA-1)
|
// Calculation of HMAC (SHA-1)
|
||||||
void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
void HMacSha(UINT sha_type, void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
||||||
{
|
{
|
||||||
UCHAR k[HMAC_BLOCK_SIZE];
|
UINT hmac_block_size;
|
||||||
UCHAR hash1[SHA1_SIZE];
|
void* sha_ctx1;
|
||||||
UCHAR data2[HMAC_BLOCK_SIZE];
|
switch(sha_type) {
|
||||||
SHA_CTX sha_ctx1;
|
case SHA1_160:
|
||||||
UCHAR pad1[HMAC_BLOCK_SIZE];
|
sha_ctx1 = ZeroMalloc(sizeof(SHA_CTX));
|
||||||
|
hmac_block_size = HMAC_BLOCK_SIZE;
|
||||||
|
break;
|
||||||
|
case SHA2_256:
|
||||||
|
sha_ctx1 = ZeroMalloc(sizeof(SHA256_CTX));
|
||||||
|
hmac_block_size = HMAC_BLOCK_SIZE;
|
||||||
|
break;
|
||||||
|
case SHA2_384:
|
||||||
|
case SHA2_512:
|
||||||
|
sha_ctx1 = ZeroMalloc(sizeof(SHA512_CTX));
|
||||||
|
hmac_block_size = HMAC_BLOCK_SIZE_1024;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
UCHAR k[hmac_block_size];
|
||||||
|
UCHAR hash1[hmac_block_size];
|
||||||
|
UCHAR data2[hmac_block_size];
|
||||||
|
//SHA_CTX sha_ctx1;
|
||||||
|
UCHAR pad1[hmac_block_size];
|
||||||
UINT i;
|
UINT i;
|
||||||
// Validate arguments
|
// Validate arguments
|
||||||
if (dst == NULL || (key == NULL && key_size != 0) || (data == NULL && data_size != 0))
|
if (dst == NULL || (key == NULL && key_size != 0) || (data == NULL && data_size != 0))
|
||||||
@ -393,14 +429,15 @@ void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Creating a K
|
// Creating a K
|
||||||
if (key_size <= HMAC_BLOCK_SIZE)
|
if (key_size <= hmac_block_size)
|
||||||
{
|
{
|
||||||
for (i = 0;i < key_size;i++)
|
for (i = 0;i < key_size;i++)
|
||||||
{
|
{
|
||||||
pad1[i] = ((UCHAR *)key)[i] ^ 0x36;
|
pad1[i] = ((UCHAR *)key)[i] ^ 0x36;
|
||||||
}
|
}
|
||||||
for (i = key_size;i < HMAC_BLOCK_SIZE;i++)
|
for (i = key_size;i < hmac_block_size;i++)
|
||||||
{
|
{
|
||||||
pad1[i] = 0 ^ 0x36;
|
pad1[i] = 0 ^ 0x36;
|
||||||
}
|
}
|
||||||
@ -410,41 +447,89 @@ void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size)
|
|||||||
Zero(k, sizeof(k));
|
Zero(k, sizeof(k));
|
||||||
HashSha1(k, key, key_size);
|
HashSha1(k, key, key_size);
|
||||||
|
|
||||||
for (i = 0;i < HMAC_BLOCK_SIZE;i++)
|
for (i = 0;i < hmac_block_size;i++)
|
||||||
{
|
{
|
||||||
pad1[i] = k[i] ^ 0x36;
|
pad1[i] = k[i] ^ 0x36;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
SHA1_Init(&sha_ctx1);
|
switch(sha_type) {
|
||||||
SHA1_Update(&sha_ctx1, pad1, sizeof(pad1));
|
case SHA1_160:
|
||||||
SHA1_Update(&sha_ctx1, data, data_size);
|
SHA1_Init((SHA_CTX *)sha_ctx1);
|
||||||
SHA1_Final(hash1, &sha_ctx1);
|
SHA1_Update((SHA_CTX *)sha_ctx1, pad1, sizeof(pad1));
|
||||||
|
SHA1_Update((SHA_CTX *)sha_ctx1, data, data_size);
|
||||||
|
SHA1_Final(hash1, (SHA_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
case SHA2_256:
|
||||||
|
SHA256_Init((SHA256_CTX *)sha_ctx1);
|
||||||
|
SHA256_Update((SHA256_CTX *)sha_ctx1, pad1, sizeof(pad1));
|
||||||
|
SHA256_Update((SHA256_CTX *)sha_ctx1, data, data_size);
|
||||||
|
SHA256_Final(hash1, (SHA256_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
case SHA2_384:
|
||||||
|
SHA384_Init((SHA512_CTX *)sha_ctx1);
|
||||||
|
SHA384_Update((SHA512_CTX *)sha_ctx1, pad1, sizeof(pad1));
|
||||||
|
SHA384_Update((SHA512_CTX *)sha_ctx1, data, data_size);
|
||||||
|
SHA384_Final(hash1, (SHA512_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
case SHA2_512:
|
||||||
|
SHA512_Init((SHA512_CTX *)sha_ctx1);
|
||||||
|
SHA512_Update((SHA512_CTX *)sha_ctx1, pad1, sizeof(pad1));
|
||||||
|
SHA512_Update((SHA512_CTX *)sha_ctx1, data, data_size);
|
||||||
|
SHA512_Final(hash1, (SHA512_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// Generation of data 2
|
// Generation of data 2
|
||||||
if (key_size <= HMAC_BLOCK_SIZE)
|
if (key_size <= hmac_block_size)
|
||||||
{
|
{
|
||||||
for (i = 0;i < key_size;i++)
|
for (i = 0;i < key_size;i++)
|
||||||
{
|
{
|
||||||
data2[i] = ((UCHAR *)key)[i] ^ 0x5c;
|
data2[i] = ((UCHAR *)key)[i] ^ 0x5c;
|
||||||
}
|
}
|
||||||
for (i = key_size;i < HMAC_BLOCK_SIZE;i++)
|
for (i = key_size;i < hmac_block_size;i++)
|
||||||
{
|
{
|
||||||
data2[i] = 0 ^ 0x5c;
|
data2[i] = 0 ^ 0x5c;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
for (i = 0;i < HMAC_BLOCK_SIZE;i++)
|
for (i = 0;i < hmac_block_size;i++)
|
||||||
{
|
{
|
||||||
data2[i] = k[i] ^ 0x5c;
|
data2[i] = k[i] ^ 0x5c;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
SHA1_Init(&sha_ctx1);
|
switch(sha_type) {
|
||||||
SHA1_Update(&sha_ctx1, data2, HMAC_BLOCK_SIZE);
|
case SHA1_160:
|
||||||
SHA1_Update(&sha_ctx1, hash1, SHA1_SIZE);
|
SHA1_Init((SHA_CTX *)sha_ctx1);
|
||||||
SHA1_Final(dst, &sha_ctx1);
|
SHA1_Update((SHA_CTX *)sha_ctx1, data2, hmac_block_size);
|
||||||
|
SHA1_Update((SHA_CTX *)sha_ctx1, hash1, SHA1_SIZE);
|
||||||
|
SHA1_Final(dst, (SHA_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
case SHA2_256:
|
||||||
|
SHA256_Init((SHA256_CTX *)sha_ctx1);
|
||||||
|
SHA256_Update((SHA256_CTX *)sha_ctx1, data2, hmac_block_size);
|
||||||
|
SHA256_Update((SHA256_CTX *)sha_ctx1, hash1, SHA256_SIZE);
|
||||||
|
SHA256_Final(dst, (SHA256_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
case SHA2_384:
|
||||||
|
SHA384_Init((SHA512_CTX *)sha_ctx1);
|
||||||
|
SHA384_Update((SHA512_CTX *)sha_ctx1, data2, hmac_block_size);
|
||||||
|
SHA384_Update((SHA512_CTX *)sha_ctx1, hash1, SHA384_SIZE);
|
||||||
|
SHA384_Final(dst, (SHA512_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SHA2_512:
|
||||||
|
SHA512_Init((SHA512_CTX *)sha_ctx1);
|
||||||
|
SHA512_Update((SHA512_CTX *)sha_ctx1, data2, hmac_block_size);
|
||||||
|
SHA512_Update((SHA512_CTX *)sha_ctx1, hash1, SHA512_SIZE);
|
||||||
|
SHA512_Final(dst, (SHA512_CTX *)sha_ctx1);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
Free(sha_ctx1);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Calculate the HMAC
|
// Calculate the HMAC
|
||||||
@ -4358,7 +4443,7 @@ void Encrypt(CRYPT *c, void *dst, void *src, UINT size)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// SHA-1 hash
|
// SHA-1 hash
|
||||||
void Sha1(void *dst, void *src, UINT size)
|
void Sha(UINT sha_type, void *dst, void *src, UINT size)
|
||||||
{
|
{
|
||||||
// Validate arguments
|
// Validate arguments
|
||||||
if (dst == NULL || src == NULL)
|
if (dst == NULL || src == NULL)
|
||||||
@ -4366,7 +4451,35 @@ void Sha1(void *dst, void *src, UINT size)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
switch(sha_type) {
|
||||||
|
case SHA1_160:
|
||||||
SHA1(src, size, dst);
|
SHA1(src, size, dst);
|
||||||
|
break;
|
||||||
|
case SHA2_256:
|
||||||
|
SHA256(src, size, dst);
|
||||||
|
break;
|
||||||
|
case SHA2_384:
|
||||||
|
SHA384(src, size, dst);
|
||||||
|
break;
|
||||||
|
case SHA2_512:
|
||||||
|
SHA512(src, size, dst);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
void Sha1(void *dst, void *src, UINT size) {
|
||||||
|
Sha(SHA1_160, dst, src, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
void Sha2_256(void *dst, void *src, UINT size) {
|
||||||
|
Sha(SHA2_256, dst, src, size);
|
||||||
|
}
|
||||||
|
void Sha2_384(void *dst, void *src, UINT size) {
|
||||||
|
Sha(SHA2_384, dst, src, size);
|
||||||
|
}
|
||||||
|
void Sha2_512(void *dst, void *src, UINT size) {
|
||||||
|
Sha(SHA2_512, dst, src, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
// MD5 hash
|
// MD5 hash
|
||||||
|
@ -141,8 +141,16 @@ void RAND_Free_For_SoftEther();
|
|||||||
#define AES_IV_SIZE 16 // AES IV size
|
#define AES_IV_SIZE 16 // AES IV size
|
||||||
#define AES_MAX_KEY_SIZE 32 // Maximum AES key size
|
#define AES_MAX_KEY_SIZE 32 // Maximum AES key size
|
||||||
|
|
||||||
|
// IANA definitions taken from IKEv1 Phase 1
|
||||||
|
#define SHA1_160 2
|
||||||
|
#define SHA2_256 4
|
||||||
|
#define SHA2_384 5
|
||||||
|
#define SHA2_512 6
|
||||||
|
|
||||||
// HMAC block size
|
// HMAC block size
|
||||||
#define HMAC_BLOCK_SIZE 64
|
#define HMAC_BLOCK_SIZE 64
|
||||||
|
// The block size for sha-384 and sha-512 as defined by rfc4868
|
||||||
|
#define HMAC_BLOCK_SIZE_1024 128
|
||||||
|
|
||||||
#define DH_GROUP1_PRIME_768 \
|
#define DH_GROUP1_PRIME_768 \
|
||||||
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
|
||||||
@ -294,6 +302,8 @@ struct X_CRL
|
|||||||
#define MD5_SIZE 16
|
#define MD5_SIZE 16
|
||||||
#define SHA1_SIZE 20
|
#define SHA1_SIZE 20
|
||||||
#define SHA256_SIZE 32
|
#define SHA256_SIZE 32
|
||||||
|
#define SHA384_SIZE 48
|
||||||
|
#define SHA512_SIZE 64
|
||||||
|
|
||||||
// Key element of DES
|
// Key element of DES
|
||||||
struct DES_KEY_VALUE
|
struct DES_KEY_VALUE
|
||||||
@ -508,7 +518,12 @@ void Des3Encrypt(void *dest, void *src, UINT size, DES_KEY *key, void *ivec);
|
|||||||
void Des3Encrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec);
|
void Des3Encrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec);
|
||||||
void Des3Decrypt(void *dest, void *src, UINT size, DES_KEY *key, void *ivec);
|
void Des3Decrypt(void *dest, void *src, UINT size, DES_KEY *key, void *ivec);
|
||||||
void Des3Decrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec);
|
void Des3Decrypt2(void *dest, void *src, UINT size, DES_KEY_VALUE *k1, DES_KEY_VALUE *k2, DES_KEY_VALUE *k3, void *ivec);
|
||||||
|
void Sha(UINT sha_type, void *dst, void *src, UINT size);
|
||||||
void Sha1(void *dst, void *src, UINT size);
|
void Sha1(void *dst, void *src, UINT size);
|
||||||
|
void Sha2_256(void *dst, void *src, UINT size);
|
||||||
|
void Sha2_384(void *dst, void *src, UINT size);
|
||||||
|
void Sha2_512(void *dst, void *src, UINT size);
|
||||||
|
|
||||||
void Md5(void *dst, void *src, UINT size);
|
void Md5(void *dst, void *src, UINT size);
|
||||||
void MacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
void MacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
void MacSha196(void *dst, void *key, void *data, UINT data_size);
|
void MacSha196(void *dst, void *key, void *data, UINT data_size);
|
||||||
@ -559,7 +574,11 @@ void MdProcess(MD *md, void *dest, void *src, UINT size);
|
|||||||
void Enc_tls1_PRF(unsigned char *label, int label_len, const unsigned char *sec,
|
void Enc_tls1_PRF(unsigned char *label, int label_len, const unsigned char *sec,
|
||||||
int slen, unsigned char *out1, int olen);
|
int slen, unsigned char *out1, int olen);
|
||||||
|
|
||||||
|
void HMacSha(UINT sha_type, void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
void HMacSha1(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
|
void HMacSha2_256(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
|
void HMacSha2_384(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
|
void HMacSha2_512(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
void HMacMd5(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
void HMacMd5(void *dst, void *key, UINT key_size, void *data, UINT data_size);
|
||||||
|
|
||||||
BUF *EasyEncrypt(BUF *src_buf);
|
BUF *EasyEncrypt(BUF *src_buf);
|
||||||
|
@ -83,7 +83,7 @@ $TAG_BEFORE_REMOTE$remote $TAG_HOSTNAME$ $TAG_PORT$
|
|||||||
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
|
# cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
|
||||||
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
|
# CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
|
||||||
# RC2-40-CBC RC2-64-CBC RC2-CBC
|
# RC2-40-CBC RC2-64-CBC RC2-CBC
|
||||||
# auth: SHA SHA1 MD5 MD4 RMD160
|
# auth: SHA SHA1 SHA256 SHA384 SHA512 MD5 MD4 RMD160
|
||||||
|
|
||||||
cipher AES-128-CBC
|
cipher AES-128-CBC
|
||||||
auth SHA1
|
auth SHA1
|
||||||
|
Loading…
Reference in New Issue
Block a user