newcrypt added passphrase support

2 files changed, 31 insertions, 2 deletions

diff --git a/src/crypto/openssl.cpp b/src/crypto/openssl.cpp
index 20dcff7..6e0b703 100644
--- a/src/crypto/openssl.cpp
+++ b/src/crypto/openssl.cpp
@@ -46,6 +46,7 @@
 #include "openssl.h"
 #include "../log.h"
 #include <openssl/aes.h>
+#include <openssl/sha.h>
 #include "../anytunError.h"
 
 namespace crypto {
@@ -58,7 +59,29 @@ Openssl::~Openssl()
 
 void Openssl::calcMasterKeySalt(std::string passphrase, uint16_t length, Buffer& masterkey , Buffer& mastersalt)
 {
+  cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation: calculating master key from passphrase";
+  if(!length) {
+    cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: bad master key length";
+    return;
+  }
+
+  if(length > SHA256_DIGEST_LENGTH) {
+    cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm";
+    return;
+  }
+  Buffer digest(uint32_t(SHA256_DIGEST_LENGTH));
+  SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+  masterkey.setLength(length);
+
+  std::memcpy(masterkey.getBuf(), &digest.getBuf()[digest.getLength() - masterkey.getLength()], masterkey.getLength());
+
+  cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation: calculating master salt from passphrase";
+
+  Buffer digestsalt(uint32_t(SHA_DIGEST_LENGTH));
+  SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digestsalt.getBuf());
+  mastersalt.setLength(SALT_LENGTH);
 
+  std::memcpy(mastersalt.getBuf(), &digestsalt.getBuf()[digestsalt.getLength() - mastersalt.getLength()], mastersalt.getLength());
 }
 
 uint32_t Openssl::cipher(uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, const Buffer& masterkey, const Buffer& mastersalt, role_t role, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
diff --git a/src/unittest.cpp b/src/unittest.cpp
index 1358ad4..a5862d3 100644
--- a/src/unittest.cpp
+++ b/src/unittest.cpp
@@ -138,6 +138,9 @@ void testCrypt()
     kd->setRole(ROLE_RIGHT);
 
     c->decrypt(*kd, encrypted_packet, plain_packet);
+//    std::cout << "Master Key:" << kd->master_key_.getHexDump() << std::endl;
+//    std::cout << "Master Salt:" << kd->master_salt_.getHexDump() << std::endl;
+
     if (!memcmp(plain_packet.getPayload(), test, sizeof(test))) {
       std::cerr << "role test error" << std::endl;
       exit(-1);
@@ -166,9 +169,11 @@ void testCrypt()
 
     memset(plain_packet.getPayload(), 0, sizeof(test));
     std::auto_ptr<crypto::Interface> cnew(new crypto::Openssl());
-    Buffer masterkey(crypto::SALT_LENGTH, false);
+    Buffer masterkey(uint32_t(crypto::DEFAULT_KEY_LENGTH/8) , false);
     Buffer mastersalt(crypto::SALT_LENGTH, false);
-    cnew->calcMasterKeySalt("abc", crypto::SALT_LENGTH, masterkey , mastersalt);
+    cnew->calcMasterKeySalt("abc", uint32_t(crypto::DEFAULT_KEY_LENGTH/8), masterkey , mastersalt);
+    std::cout << "Master Key:" << masterkey.getHexDump() << std::endl;
+    std::cout << "Master Salt:" << mastersalt.getHexDump() << std::endl;
     cnew->decrypt(encrypted_packet, plain_packet, masterkey, mastersalt, ROLE_RIGHT );
     if (memcmp(plain_packet.getPayload(), test, sizeof(test))) {
       std::cerr << "crypto test failed" << std::endl;
@@ -184,6 +189,7 @@ void testCrypt()
 
 int main(int argc, char* argv[])
 { 
+  cLog.addTarget("stdout:5");
   try {
     testCrypt();
   } catch (std::exception& e) {