8e79f2ee9c
Based on Nekogram. Key additions: - Rebrand to FoxiGram (app name, APK name, applicationId com.foxigram.app) - Embedded Xray (VLESS+Reality) proxy client via JNI libxray.so - Bundled hidden one-tap proxies (LTE + WiFi), read-only in UI - Auto-restore proxy on restart, rebind to active network (LTE/WiFi) - Server credentials externalized to git-ignored XrayServers.java (+ template) - libxray Go source included; compiled .so, keystore, google-services.json ignored
236 lines
6.9 KiB
C++
236 lines
6.9 KiB
C++
// Copyright 2022 The BoringSSL Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/bytestring.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/hkdf.h>
|
|
#include <openssl/kdf.h>
|
|
#include <openssl/mem.h>
|
|
|
|
#include "../internal.h"
|
|
#include "internal.h"
|
|
|
|
|
|
typedef struct {
|
|
int mode;
|
|
const EVP_MD *md;
|
|
uint8_t *key;
|
|
size_t key_len;
|
|
uint8_t *salt;
|
|
size_t salt_len;
|
|
CBB info;
|
|
} HKDF_PKEY_CTX;
|
|
|
|
static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) {
|
|
HKDF_PKEY_CTX *hctx =
|
|
reinterpret_cast<HKDF_PKEY_CTX *>(OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX)));
|
|
if (hctx == NULL) {
|
|
return 0;
|
|
}
|
|
|
|
if (!CBB_init(&hctx->info, 0)) {
|
|
OPENSSL_free(hctx);
|
|
return 0;
|
|
}
|
|
|
|
ctx->data = hctx;
|
|
return 1;
|
|
}
|
|
|
|
static int pkey_hkdf_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) {
|
|
if (!pkey_hkdf_init(dst)) {
|
|
return 0;
|
|
}
|
|
|
|
HKDF_PKEY_CTX *hctx_dst = reinterpret_cast<HKDF_PKEY_CTX *>(dst->data);
|
|
const HKDF_PKEY_CTX *hctx_src =
|
|
reinterpret_cast<const HKDF_PKEY_CTX *>(src->data);
|
|
hctx_dst->mode = hctx_src->mode;
|
|
hctx_dst->md = hctx_src->md;
|
|
|
|
if (hctx_src->key_len != 0) {
|
|
hctx_dst->key = reinterpret_cast<uint8_t *>(
|
|
OPENSSL_memdup(hctx_src->key, hctx_src->key_len));
|
|
if (hctx_dst->key == NULL) {
|
|
return 0;
|
|
}
|
|
hctx_dst->key_len = hctx_src->key_len;
|
|
}
|
|
|
|
if (hctx_src->salt_len != 0) {
|
|
hctx_dst->salt = reinterpret_cast<uint8_t *>(
|
|
OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len));
|
|
if (hctx_dst->salt == NULL) {
|
|
return 0;
|
|
}
|
|
hctx_dst->salt_len = hctx_src->salt_len;
|
|
}
|
|
|
|
if (!CBB_add_bytes(&hctx_dst->info, CBB_data(&hctx_src->info),
|
|
CBB_len(&hctx_src->info))) {
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) {
|
|
HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data);
|
|
if (hctx != NULL) {
|
|
OPENSSL_free(hctx->key);
|
|
OPENSSL_free(hctx->salt);
|
|
CBB_cleanup(&hctx->info);
|
|
OPENSSL_free(hctx);
|
|
ctx->data = NULL;
|
|
}
|
|
}
|
|
|
|
static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) {
|
|
HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data);
|
|
if (hctx->md == NULL) {
|
|
OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
|
|
return 0;
|
|
}
|
|
if (hctx->key_len == 0) {
|
|
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
|
|
return 0;
|
|
}
|
|
|
|
if (out == NULL) {
|
|
if (hctx->mode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
|
|
*out_len = EVP_MD_size(hctx->md);
|
|
}
|
|
// HKDF-Expand is variable-length and returns |*out_len| bytes. "Output" the
|
|
// input length by leaving it alone.
|
|
return 1;
|
|
}
|
|
|
|
switch (hctx->mode) {
|
|
case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
|
|
return HKDF(out, *out_len, hctx->md, hctx->key, hctx->key_len, hctx->salt,
|
|
hctx->salt_len, CBB_data(&hctx->info), CBB_len(&hctx->info));
|
|
|
|
case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
|
|
if (*out_len < EVP_MD_size(hctx->md)) {
|
|
OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
|
|
return 0;
|
|
}
|
|
return HKDF_extract(out, out_len, hctx->md, hctx->key, hctx->key_len,
|
|
hctx->salt, hctx->salt_len);
|
|
|
|
case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
|
|
return HKDF_expand(out, *out_len, hctx->md, hctx->key, hctx->key_len,
|
|
CBB_data(&hctx->info), CBB_len(&hctx->info));
|
|
}
|
|
OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
|
|
return 0;
|
|
}
|
|
|
|
static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
|
|
HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data);
|
|
switch (type) {
|
|
case EVP_PKEY_CTRL_HKDF_MODE:
|
|
if (p1 != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
|
|
p1 != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
|
|
p1 != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
|
|
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_OPERATION);
|
|
return 0;
|
|
}
|
|
hctx->mode = p1;
|
|
return 1;
|
|
case EVP_PKEY_CTRL_HKDF_MD:
|
|
hctx->md = reinterpret_cast<const EVP_MD *>(p2);
|
|
return 1;
|
|
case EVP_PKEY_CTRL_HKDF_KEY: {
|
|
const CBS *key = reinterpret_cast<const CBS *>(p2);
|
|
if (!CBS_stow(key, &hctx->key, &hctx->key_len)) {
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
case EVP_PKEY_CTRL_HKDF_SALT: {
|
|
const CBS *salt = reinterpret_cast<const CBS *>(p2);
|
|
if (!CBS_stow(salt, &hctx->salt, &hctx->salt_len)) {
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
case EVP_PKEY_CTRL_HKDF_INFO: {
|
|
const CBS *info = reinterpret_cast<const CBS *>(p2);
|
|
// |EVP_PKEY_CTX_add1_hkdf_info| appends to the info string, rather than
|
|
// replacing it.
|
|
if (!CBB_add_bytes(&hctx->info, CBS_data(info), CBS_len(info))) {
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
default:
|
|
OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
const EVP_PKEY_METHOD hkdf_pkey_meth = {
|
|
/*pkey_id=*/EVP_PKEY_HKDF,
|
|
pkey_hkdf_init,
|
|
pkey_hkdf_copy,
|
|
pkey_hkdf_cleanup,
|
|
/*keygen=*/NULL,
|
|
/*sign=*/NULL,
|
|
/*sign_message=*/NULL,
|
|
/*verify=*/NULL,
|
|
/*verify_message=*/NULL,
|
|
/*verify_recover=*/NULL,
|
|
/*encrypt=*/NULL,
|
|
/*decrypt=*/NULL,
|
|
pkey_hkdf_derive,
|
|
/*paramgen=*/NULL,
|
|
pkey_hkdf_ctrl,
|
|
};
|
|
|
|
int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) {
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HKDF, EVP_PKEY_OP_DERIVE,
|
|
EVP_PKEY_CTRL_HKDF_MODE, mode, NULL);
|
|
}
|
|
|
|
int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HKDF, EVP_PKEY_OP_DERIVE,
|
|
EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md);
|
|
}
|
|
|
|
int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, const uint8_t *key,
|
|
size_t key_len) {
|
|
CBS cbs;
|
|
CBS_init(&cbs, key, key_len);
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HKDF, EVP_PKEY_OP_DERIVE,
|
|
EVP_PKEY_CTRL_HKDF_KEY, 0, &cbs);
|
|
}
|
|
|
|
int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx, const uint8_t *salt,
|
|
size_t salt_len) {
|
|
CBS cbs;
|
|
CBS_init(&cbs, salt, salt_len);
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HKDF, EVP_PKEY_OP_DERIVE,
|
|
EVP_PKEY_CTRL_HKDF_SALT, 0, &cbs);
|
|
}
|
|
|
|
int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, const uint8_t *info,
|
|
size_t info_len) {
|
|
CBS cbs;
|
|
CBS_init(&cbs, info, info_len);
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_HKDF, EVP_PKEY_OP_DERIVE,
|
|
EVP_PKEY_CTRL_HKDF_INFO, 0, &cbs);
|
|
}
|