changed hmac_sha1 keylen to 20, implemented cfb for aesacc

encrypt.cpp

@@ -19,8 +19,8 @@ static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,   0,0,0,0};//this prog
 ****/
 
 char normal_key[16 + 100];//generated from key_string by md5. reserved for compatiblity
-const int hmac_key_len=32;
-const int cipher_key_len=32;
+const int hmac_key_len=64;//generate 512bit long keys, but its necessary to use the full length
+const int cipher_key_len=64;
 unsigned char hmac_key_encrypt[hmac_key_len + 100];  //key for hmac
 unsigned char hmac_key_decrypt[hmac_key_len + 100];  //key for hmac
 unsigned char cipher_key_encrypt[cipher_key_len + 100];  //key for aes etc.
@@ -85,10 +85,10 @@ int my_init_keys(const char * user_passwd,int is_client)
 	}
 
 	print_binary_chars(normal_key,16);
-	print_binary_chars((char *)hmac_key_encrypt,32);
-	print_binary_chars((char *)hmac_key_decrypt,32);
-	print_binary_chars((char *)cipher_key_encrypt,32);
-	print_binary_chars((char *)cipher_key_decrypt,32);
+	print_binary_chars((char *)hmac_key_encrypt,hmac_key_len);
+	print_binary_chars((char *)hmac_key_decrypt,hmac_key_len);
+	print_binary_chars((char *)cipher_key_encrypt,cipher_key_len);
+	print_binary_chars((char *)cipher_key_decrypt,cipher_key_len);
 
 	return 0;
 }
@@ -160,8 +160,8 @@ int auth_hmac_sha1_cal(const char *data,char * output,int &len)
 {
 	mylog(log_trace,"auth_hmac_sha1_cal() is called\n");
 	memcpy(output,data,len);//TODO inefficient code
-	sha1_hmac(hmac_key_encrypt, hmac_key_len, (const unsigned char *)data, len,(unsigned char *)(output+len));
-	//md5((unsigned char *)output,len,(unsigned char *)(output+len));
+	sha1_hmac(hmac_key_encrypt, 20, (const unsigned char *)data, len,(unsigned char *)(output+len));
+	//use key len of 20 instead of hmac_key_len, key_len >sha1_block_size doesnt provide extra strength
 	len+=20;
 	return 0;
 }
@@ -176,7 +176,7 @@ int auth_hmac_sha1_verify(const char *data,int &len)
 	}
 	char res[20];
 
-	sha1_hmac(hmac_key_decrypt, hmac_key_len, (const unsigned char *)data, len-20,(unsigned char *)(res));
+	sha1_hmac(hmac_key_decrypt, 20, (const unsigned char *)data, len-20,(unsigned char *)(res));
 
 	if(memcmp(res,data+len-20,20)!=0)
 	{

lib/aes-common.h

@@ -7,10 +7,9 @@
 #include <stdint.h>
 
 
-
-void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length);
-void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length);
-
+//not used
+//void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length);
+//void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length);
 
 void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv);
 void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv);

lib/aes_acc/aesacc.c

@@ -6,6 +6,7 @@
 #include "aesarm.h"
 #include <stdint.h>
 #include <string.h>
+#include <assert.h>
 
 #if defined(AES256) && (AES256 == 1)
 #define AES_KEYSIZE 256
@@ -342,10 +343,7 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
   uint8_t iv_tmp[16];
   static uint8_t rk[AES_RKSIZE];
 
-  if (iv == NULL)
-  {
-    return;
-  }
+  assert(iv!=NULL);
   aeshw_init();
   memcpy(iv_tmp, iv, 16);
   if(key!= NULL)
@@ -358,10 +356,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
   uint8_t iv_tmp[16];
   static uint8_t rk[AES_RKSIZE];
 
-  if (iv == NULL)
-  {
-    return;
-  }
+  assert(iv!=NULL);
   aeshw_init();
   memcpy(iv_tmp, iv, 16);
   if(key!= NULL)
@@ -371,6 +366,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
   decrypt_cbc(rk, length, iv_tmp, input, output);
 }
 
+/*
 void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output, const uint32_t length)
 {
   uint8_t rk[AES_RKSIZE];
@@ -395,4 +391,79 @@ void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output,
   aeshw_init();
   setkey_dec(rk, key);
   decrypt_ecb(AES_NR, rk, input, output);
+}*/
+
+static void encrypt_cfb( uint8_t* rk,
+                         uint32_t length,size_t *iv_off,
+                         uint8_t iv[16],
+                         const uint8_t *input,
+                         uint8_t *output )
+{
+    int c;
+    size_t n = *iv_off;
+    while( length-- )
+    {
+        if( n == 0 )
+        	encrypt_ecb( AES_NR, rk, iv, iv );
+
+        iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *iv_off = n;
+}
+
+static void decrypt_cfb( uint8_t* rk,
+                         uint32_t length,size_t *iv_off,
+                         uint8_t iv[16],
+                         const uint8_t *input,
+                         uint8_t *output )
+{
+    int c;
+    size_t n = *iv_off;
+    while( length-- )
+    {
+        if( n == 0 )
+        	encrypt_ecb( AES_NR, rk, iv, iv );
+
+        c = *input++;
+        *output++ = (unsigned char)( c ^ iv[n] );
+        iv[n] = (unsigned char) c;
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *iv_off = n;
+}
+
+void AES_CFB_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
+{
+  uint8_t iv_tmp[16];
+  static uint8_t rk[AES_RKSIZE];
+
+  assert(iv!=NULL);
+  aeshw_init();
+  memcpy(iv_tmp, iv, 16);
+  if(key!= NULL)
+	  setkey_enc(rk, key);
+  size_t offset=0;
+  encrypt_cfb(rk, length,&offset, iv_tmp, input, output);
 }
+
+void AES_CFB_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
+{
+  uint8_t iv_tmp[16];
+  static uint8_t rk[AES_RKSIZE];
+
+  assert(iv!=NULL);
+  aeshw_init();
+  memcpy(iv_tmp, iv, 16);
+  if(key!= NULL)
+  {
+	  setkey_enc(rk, key);//its enc again,not typo
+  }
+  size_t offset=0;
+  decrypt_cfb(rk, length,&offset, iv_tmp, input, output);
+}
+