merged nettle featuer branch to trunk

author: Christian Pointner <equinox@anytun.org> 2014-06-22 23:09:15 +0000
committer: Christian Pointner <equinox@anytun.org> 2014-06-22 23:09:15 +0000
commit: fac90fc49e667b18522b442ff15edd3bb8eb804b (patch)
tree: 7530b98b4b7c50f0512184e9a2369a0b196306a7
parent: fixed typo in license header (diff)
parent: implemented key derivation using libnettle (diff)
11 files changed, 257 insertions, 133 deletions
diff --git a/README b/README
index 2ba23a5..66a8e12 100644
--- a/README
+++ b/README
@@ -1,8 +1,8 @@
 Dependencies
 ============
 
-Anytun can be built by using either libgcrypt or the openssl-crypto library. 
-The latter is more performant in most cases but there are some license 
+Anytun can be built by using either libgcrypt, libnettle or the openssl-crypto
+library. The latter is more performant in most cases but there are some license
 issues when using this library.
 
 Linux
@@ -12,15 +12,18 @@ Linux
 using libgcrypt:
   libgcrypt11-dev
 
-using ssl crypto lib:
+using ssl crypto library:
   libssl-dev
 
+using nettle crypto library:
+  nettle-dev
+
 common:
   build-essential
-  libboost-serialization1.35-dev
-  libboost-thread1.35-dev
-  libboost-system1.35-dev
-  libboost-regex1.35-dev
+  libboost-serialization-dev
+  libboost-thread-dev
+  libboost-system-dev
+  libboost-regex-dev
 
 if you want to rebuild the manpage:
   asciidoc
@@ -44,33 +47,33 @@ if you want to rebuild the manpage:
  textproc/libxslt
  textproc/docbook-xsl
  sysutils/readlink
- misc/getopt 
+ misc/getopt
 
 
 
 Windows
 -------
 OpenSSL
- Developer: 
- 	http://www.slproweb.com/download/Win32OpenSSL-0_9_8j.exe
+ Developer:
+  http://www.slproweb.com/download/Win32OpenSSL-0_9_8j.exe
 
- Runtime Only: 
- 	http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8j.exe
-  
-Boost 1.35: 
-	http://www.boostpro.com/download/boost_1_35_0_setup.exe
+ Runtime Only:
+  http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8j.exe
 
-  As it can take some time to install everything from boost here is a 
+Boost 1.35:
+  http://www.boostpro.com/download/boost_1_35_0_setup.exe
+
+  As it can take some time to install everything from boost here is a
   complete list of libraries which have to be installed in order to build anytun:
-   
+
    * Serialization
-   * Thread 
+   * Thread
    * date_time
    * System
    * regex
 
 Microsoft Visual C++ 2008 Redistributable Package (x86):
-	http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
+  http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
 
 
 
@@ -98,7 +101,7 @@ using ssl crypto library:
  # make
 
 
-Notes: 
+Notes:
   - try './configure --help' for further information
   - if using openssl pre 0.9.8 you have to disable passphrase
     because openssl had no SHA256 implementation prior to this
@@ -132,26 +135,26 @@ Usage:
 init.d script
 -------------
 
-The init.d script can be used to start anytun at boot time. It searches for 
+The init.d script can be used to start anytun at boot time. It searches for
 configuration files which reside at $CONFIG_DIR. For each instance of anytun
 which should be started there must be a directory containing at least a file
 named config. This file must contain all command line parameter which should
 be used when starting the daemon. One line for each parameter. Empty lines and
 lines starting with # are ignored. Besides the config file there may be a script
-named post-up.sh which will be called when the tun/tap device comes up. 
-Furthermore there may be a directory called conf.d containing config files for 
-anytun-config. The syntax of this files is quite the same as those for anytun. 
-These files are used to configure a multi connection setup using anytun-config 
+named post-up.sh which will be called when the tun/tap device comes up.
+Furthermore there may be a directory called conf.d containing config files for
+anytun-config. The syntax of this files is quite the same as those for anytun.
+These files are used to configure a multi connection setup using anytun-config
 and anytun-controld
 This is an example of how the script can be used to start anytun:
 
 # /etc/init.d/anytun start client1 p2p-a
 
 In this case the script will start 2 instances of anytun using the config files
-$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config. 
+$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config.
 If no instance name is specified the script will use the file $CONFIG_DIR/autostart
-to determine which instances to start or stop. This file must contain a list 
-of instance names which should be used when no names are specified at the command 
+to determine which instances to start or stop. This file must contain a list
+of instance names which should be used when no names are specified at the command
 line. One line for each name. Empty lines and lines starting with # are ignored.
 
 
diff --git a/src/anytunError.cpp b/src/anytunError.cpp
index d0cd451..58d8fd7 100644
--- a/src/anytunError.cpp
+++ b/src/anytunError.cpp
@@ -36,7 +36,8 @@
 #include <boost/system/system_error.hpp>
 
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_GCRYPT)
 std::ostream& operator<<(std::ostream& stream, AnytunGpgError const& value)
 {
   char buf[STERROR_TEXT_MAX];
@@ -45,6 +46,7 @@ std::ostream& operator<<(std::ostream& stream, AnytunGpgError const& value)
   return stream << buf;
 }
 #endif
+
 #endif
 
 std::ostream& operator<<(std::ostream& stream, AnytunErrno const& value)
diff --git a/src/anytunError.h b/src/anytunError.h
index b1077cd..b8ad49e 100644
--- a/src/anytunError.h
+++ b/src/anytunError.h
@@ -40,7 +40,8 @@
 #define STERROR_TEXT_MAX 200
 
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_GCRYPT)
 #include <gcrypt.h>
 
 class AnytunGpgError
@@ -51,6 +52,7 @@ public:
 };
 std::ostream& operator<<(std::ostream& stream, AnytunGpgError const& value);
 #endif
+
 #endif
 
 class AnytunErrno
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index b583d6f..abc38c4 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -54,32 +54,36 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
 
 Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  HMAC_CTX_init(&ctx_);
+  HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+#elif defined(USE_NETTLE)
+  // nothing here
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
     return;
   }
-#else
-  HMAC_CTX_init(&ctx_);
-  HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
 #endif
 }
 
 Sha1AuthAlgo::~Sha1AuthAlgo()
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  HMAC_CTX_cleanup(&ctx_);
+#elif defined(USE_NETTLE)
+  // nothing here
+#else  // USE_GCRYPT is the default
   if(handle_) {
     gcry_md_close(handle_);
   }
-#else
-  HMAC_CTX_cleanup(&ctx_);
 #endif
 }
 
 void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
   if(!handle_) {
     return;
   }
@@ -91,7 +95,19 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
   }
 
   kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+
+  uint8_t hmac[DIGEST_LENGTH];
+  HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+  HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+  hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
+
+  uint8_t hmac[DIGEST_LENGTH];
+  hmac_sha1_update(&ctx_, packet.getAuthenticatedPortionLength(), packet.getAuthenticatedPortion());
+  hmac_sha1_digest(&ctx_, DIGEST_LENGTH, hmac);
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
@@ -102,12 +118,6 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
   gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
   gcry_md_final(handle_);
   uint8_t* hmac = gcry_md_read(handle_, 0);
-#else
-  HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
-
-  uint8_t hmac[DIGEST_LENGTH];
-  HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
-  HMAC_Final(&ctx_, hmac, NULL);
 #endif
 
   uint8_t* tag = packet.getAuthTag();
@@ -122,7 +132,7 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
 
 bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
   if(!handle_) {
     return false;
   }
@@ -134,7 +144,19 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
   }
 
   kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+
+  uint8_t hmac[DIGEST_LENGTH];
+  HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+  HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+  hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
+
+  uint8_t hmac[DIGEST_LENGTH];
+  hmac_sha1_update(&ctx_, packet.getAuthenticatedPortionLength(), packet.getAuthenticatedPortion());
+  hmac_sha1_digest(&ctx_, DIGEST_LENGTH, hmac);
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
@@ -145,12 +167,6 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
   gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
   gcry_md_final(handle_);
   uint8_t* hmac = gcry_md_read(handle_, 0);
-#else
-  HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
-
-  uint8_t hmac[DIGEST_LENGTH];
-  HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
-  HMAC_Final(&ctx_, hmac, NULL);
 #endif
 
   uint8_t* tag = packet.getAuthTag();
@@ -163,10 +179,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
   int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length);
   packet.removeAuthTag();
 
-  if(ret) {
-    return false;
-  }
-
+  if(ret) {
+    return false;
+  }
+
   return true;
 }
 
diff --git a/src/authAlgo.h b/src/authAlgo.h
index 3074014..1e86407 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -37,11 +37,15 @@
 #include "encryptedPacket.h"
 
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
 #include <openssl/hmac.h>
+#elif defined(USE_NETTLE)
+#include <nettle/hmac.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>
 #endif
+
 #endif
 #include "keyDerivation.h"
 
@@ -95,10 +99,12 @@ public:
   static const uint32_t DIGEST_LENGTH = 20;
 
 private:
-#ifndef USE_SSL_CRYPTO
-  gcry_md_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)
   HMAC_CTX ctx_;
+#elif defined(USE_NETTLE)
+  struct hmac_sha1_ctx ctx_;
+#else  // USE_GCRYPT is the default
+  gcry_md_hd_t handle_;
 #endif
 
   Buffer key_;
diff --git a/src/cipher.cpp b/src/cipher.cpp
index abc583f..c5d015a 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -39,6 +39,10 @@
 #include "endian.h"
 
 #include "cipher.h"
+#if defined(USE_NETTLE)
+#include <nettle/ctr.h>
+#endif
+
 #include "log.h"
 #include "anytunError.h"
 
@@ -87,7 +91,11 @@ AesIcmCipher::AesIcmCipher(kd_dir_t d, uint16_t key_length) : Cipher(d), key_(ui
 
 void AesIcmCipher::init(uint16_t key_length)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+    // nothing here
+#elif defined(USE_NETTLE)
+    // nothing here
+#else  // USE_GCRYPT is the default
   handle_ = NULL;
   int algo;
   switch(key_length) {
@@ -116,7 +124,11 @@ void AesIcmCipher::init(uint16_t key_length)
 
 AesIcmCipher::~AesIcmCipher()
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+    // nothing here
+#elif defined(USE_NETTLE)
+    // nothing here
+#else  // USE_GCRYPT is the default
   if(handle_) {
     gcry_cipher_close(handle_);
   }
@@ -150,20 +162,22 @@ void AesIcmCipher::calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sende
 
 void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
   if(!handle_) {
     return;
   }
 #endif
 
   kd.generate(dir_, LABEL_ENC, seq_nr, key_);
-#ifdef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
   int ret = AES_set_encrypt_key(key_.getBuf(), key_.getLength()*8, &aes_key_);
   if(ret) {
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")";
     return;
   }
-#else
+#elif defined(USE_NETTLE)
+  aes_set_encrypt_key(&ctx_, key_.getLength(), key_.getBuf());
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength());
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher key: " << AnytunGpgError(err);
@@ -173,7 +187,21 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
 
   calcCtr(kd, seq_nr, sender_id, mux);
 
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  if(CTR_LENGTH != AES_BLOCK_SIZE) {
+    cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
+    return;
+  }
+  unsigned int num = 0;
+  std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
+  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+#elif defined(USE_NETTLE)
+  if(CTR_LENGTH != AES_BLOCK_SIZE) {
+    cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
+    return;
+  }
+  ctr_crypt(&ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, ctr_.buf_, (ilen < olen) ? ilen : olen, out, in);
+#else  // USE_GCRYPT is the default
   err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: " << AnytunGpgError(err);
@@ -185,14 +213,6 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to de/encrypt packet: " << AnytunGpgError(err);
     return;
   }
-#else
-  if(CTR_LENGTH != AES_BLOCK_SIZE) {
-    cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
-    return;
-  }
-  unsigned int num = 0;
-  std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
-  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
 #endif
 }
 #endif
diff --git a/src/cipher.h b/src/cipher.h
index 9de463a..0eca1b5 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -39,11 +39,15 @@
 #include "keyDerivation.h"
 
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
 #include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>
 #endif
+
 #endif
 
 class Cipher
@@ -96,12 +100,15 @@ private:
   void calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
   void calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
 
-#ifndef USE_SSL_CRYPTO
-  gcry_cipher_hd_t handle_;
-#else
+#if defined(USE_SSL_CRYPTO)
   AES_KEY aes_key_;
   uint8_t ecount_buf_[AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+  struct aes_ctx ctx_;
+#else  // USE_GCRYPT is the default
+  gcry_cipher_hd_t handle_;
 #endif
+
   Buffer key_;
   Buffer salt_;
 
diff --git a/src/configure b/src/configure
index c01da8f..a8fe6b1 100755
--- a/src/configure
+++ b/src/configure
@@ -54,6 +54,7 @@ INSTALLEXAMPLES=1
 
 BOOST_PREFIX=''
 GCRYPT_PREFIX=''
+NETTLE_PREFIX=''
 OPENSSL_PREFIX=''
 
 print_usage() {
@@ -67,7 +68,9 @@ print_usage() {
   echo "          --no-manpage              dont't install manpages"
   echo "          --examplesdir=<DIR>       the path to the examples files (default: $PREFIX/share/examples)"
   echo "          --no-examples             dont't install example files"
-  echo "          --use-ssl-crypto          use ssl crypto library instead of libgcrypt"
+  echo "          --use-gcrypt              use libgcrypt (this is the default)"
+  echo "          --use-nettle              use libnettle instead of libgcrypt"
+  echo "          --use-ssl-crypto          use openssl crypto library instead of libgcrypt"
   echo "          --no-crypto               disable crypto at all (only NULL cipher)"
   echo "          --disable-passphrase      disable master key and salt passphrase"
   echo "          --enable-passphrase       enable master key and salt passphrase"
@@ -76,6 +79,7 @@ print_usage() {
   echo "          --cross-prefix=<PREFIX>   add PREFIX to compiler calls"
   echo "          --with-boost=<PREFIX>     don't use systemwide boost"
   echo "          --with-gcrypt=<PREFIX>    don't use systemwide gcrypt"
+  echo "          --with-nettle=<PREFIX>    don't use systemwide nettle"
   echo "          --with-openssl=<PREFIX>   don't use systemwide openssl"
 }
 
@@ -109,6 +113,12 @@ do
   --no-examples)
     INSTALLEXAMPLES=0
   ;;
+  --use-gcrypt)
+    CRYPTO_LIB='gcrypt'
+  ;;
+  --use-nettle)
+    CRYPTO_LIB='nettle'
+  ;;
   --use-ssl-crypto)
     CRYPTO_LIB='ssl'
   ;;
@@ -139,6 +149,9 @@ do
   --with-gcrypt=*)
     GCRYPT_PREFIX=${arg#--with-gcrypt=}
   ;;
+  --with-nettle=*)
+    NETTLE_PREFIX=${arg#--with-nettle=}
+  ;;
   --with-openssl=*)
     OPENSSL_PREFIX=${arg#--with-openssl=}
   ;;
@@ -218,12 +231,22 @@ fi
 
 case $CRYPTO_LIB in
   gcrypt)
+    CXXFLAGS=$CXXFLAGS' -DUSE_GCRYPT'
     LDFLAGS=$LDFLAGS' -lgcrypt -lgpg-error'
     if [ -n "$GCRYPT_PREFIX" ]; then
       CXXFLAGS="$CXXFLAGS -I\"$GCRYPT_PREFIX/include\""
       LDFLAGS="$LDFLAGS -L\"$GCRYPT_PREFIX/lib\""
     fi
-    echo "using libgcrypt library"
+    echo "using gcrypt library"
+  ;;
+  nettle)
+    CXXFLAGS=$CXXFLAGS' -DUSE_NETTLE'
+    LDFLAGS=$LDFLAGS' -lnettle'
+    if [ -n "$NETTLE_PREFIX" ]; then
+      CXXFLAGS="$CXXFLAGS -I\"$NETTLE_PREFIX/include\""
+      LDFLAGS="$LDFLAGS -L\"$NETTLE_PREFIX/lib\""
+    fi
+    echo "using nettle library"
   ;;
   ssl)
     CXXFLAGS=$CXXFLAGS' -DUSE_SSL_CRYPTO'
@@ -232,7 +255,7 @@ case $CRYPTO_LIB in
       CXXFLAGS="$CXXFLAGS -I\"$OPENSSL_PREFIX/include\""
       LDFLAGS="$LDFLAGS -L\"$OPENSSL_PREFIX/lib\""
     fi
-    echo "using ssl crypto library"
+    echo "using openssl crypto library"
   ;;
   none)
     CXXFLAGS=$CXXFLAGS' -DNO_CRYPT'
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
index 9f9c5a5..d57f19e 100644
--- a/src/cryptinit.hpp
+++ b/src/cryptinit.hpp
@@ -34,7 +34,8 @@
 #define ANYTUN_cryptinit_hpp_INCLUDED
 
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
+
+#if defined(USE_GCRYPT)
 #include <gcrypt.h>
 
 // boost thread callbacks for libgcrypt
@@ -104,16 +105,21 @@ bool initLibGCrypt()
   return true;
 }
 #endif
+
 #endif
 
 bool initCrypto()
 {
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-  return initLibGCrypt();
-#else
+
+#if defined(USE_SSL_CRYPTO)
+  return true;
+#elif defined(USE_NETTLE)
   return true;
+#else  // USE_GCRYPT is the default
+  return initLibGCrypt();
 #endif
+
 #else
   return true;
 #endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 3b6f17c..bbe9972 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -46,9 +46,15 @@
 
 #ifndef NO_CRYPT
 #ifndef NO_PASSPHRASE
-#ifdef USE_SSL_CRYPTO
+
+#if defined(USE_SSL_CRYPTO)
 #include <openssl/sha.h>
+#elif defined(USE_NETTLE)
+#include <nettle/sha1.h>
+#include <nettle/sha2.h>
+#include <nettle/ctr.h>
 #endif
+
 #endif
 #endif
 
@@ -69,21 +75,29 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length)
     return;
   }
 
-#ifndef USE_SSL_CRYPTO
-  if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) {
-#else
+#if defined(USE_SSL_CRYPTO)
   if(length > SHA256_DIGEST_LENGTH) {
+#elif defined(USE_NETTLE)
+  if(length > SHA256_DIGEST_SIZE) {
+#else  // USE_GCRYPT is the default
+  if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) {
 #endif
     cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm";
     return;
   }
 
-#ifndef USE_SSL_CRYPTO
-  Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
-  gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
-#else
+#if defined(USE_SSL_CRYPTO)
   Buffer digest(uint32_t(SHA256_DIGEST_LENGTH));
   SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#elif defined(USE_NETTLE)
+  Buffer digest(uint32_t(SHA256_DIGEST_SIZE));
+  struct sha256_ctx ctx;
+  sha256_init(&ctx);
+  sha256_update(&ctx, passphrase.length(), reinterpret_cast<const unsigned char*>(passphrase.c_str()));
+  sha256_digest(&ctx, digest.getLength(), digest.getBuf());
+#else  // USE_GCRYPT is the default
+  Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
+  gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
 #endif
   master_key_.setLength(length);
 
@@ -98,21 +112,29 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length)
     return;
   }
 
-#ifndef USE_SSL_CRYPTO
-  if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) {
-#else
+#if defined(USE_SSL_CRYPTO)
   if(length > SHA_DIGEST_LENGTH) {
+#elif defined(USE_NETTLE)
+  if(length > SHA1_DIGEST_SIZE) {
+#else  // USE_GCRYPT is the default
+  if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) {
 #endif
     cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm";
     return;
   }
 
-#ifndef USE_SSL_CRYPTO
-  Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
-  gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
-#else
+#if defined(USE_SSL_CRYPTO)
   Buffer digest(uint32_t(SHA_DIGEST_LENGTH));
   SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#elif defined(USE_NETTLE)
+  Buffer digest(uint32_t(SHA1_DIGEST_SIZE));
+  struct sha1_ctx ctx;
+  sha1_init(&ctx);
+  sha1_update(&ctx, passphrase.length(), reinterpret_cast<const unsigned char*>(passphrase.c_str()));
+  sha1_digest(&ctx, digest.getLength(), digest.getBuf());
+#else  // USE_GCRYPT is the default
+  Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
+  gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
 #endif
   master_salt_.setLength(length);
 
@@ -172,7 +194,7 @@ bool NullKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t
 
 AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
   for(int i=0; i<2; i++) {
     handle_[i] = NULL;
   }
@@ -181,7 +203,7 @@ AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH)
 
 AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(key_length)
 {
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
   for(int i=0; i<2; i++) {
     handle_[i] = NULL;
   }
@@ -191,7 +213,7 @@ AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(ke
 AesIcmKeyDerivation::~AesIcmKeyDerivation()
 {
   WritersLock lock(mutex_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
   for(int i=0; i<2; i++)
     if(handle_[i]) {
       gcry_cipher_close(handle_[i]);
@@ -236,7 +258,19 @@ void AesIcmKeyDerivation::updateMasterKey()
     return;
   }
 
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  for(int i=0; i<2; i++) {
+    int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]);
+    if(ret) {
+      cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")";
+      return;
+    }
+  }
+#elif defined(USE_NETTLE)
+  for(int i=0; i<2; i++) {
+    aes_set_encrypt_key(&(ctx_[i]), master_key_.getLength(), master_key_.getBuf());
+  }
+#else  // USE_GCRYPT is the default
   int algo;
   switch(key_length_) {
   case 128:
@@ -271,14 +305,6 @@ void AesIcmKeyDerivation::updateMasterKey()
       return;
     }
   }
-#else
-  for(int i=0; i<2; i++) {
-    int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]);
-    if(ret) {
-      cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")";
-      return;
-    }
-  }
 #endif
   is_initialized_ = true;
 }
@@ -318,7 +344,23 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
     return false;
   }
 
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+  if(CTR_LENGTH != AES_BLOCK_SIZE) {
+    cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
+    return false;
+  }
+  unsigned int num = 0;
+  std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
+  std::memset(key.getBuf(), 0, key.getLength());
+  AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+#elif defined(USE_NETTLE)
+  if(CTR_LENGTH != AES_BLOCK_SIZE) {
+    cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
+    return false;
+  }
+  std::memset(key.getBuf(), 0, key.getLength());
+  ctr_crypt(&(ctx_[dir]), (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, ctr_[dir].buf_, key.getLength(), key.getBuf(), key.getBuf());
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_cipher_reset(handle_[dir]);
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::generate: Failed to reset cipher: " << AnytunGpgError(err);
@@ -335,15 +377,6 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
   if(err) {
     cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << AnytunGpgError(err);
   }
-#else
-  if(CTR_LENGTH != AES_BLOCK_SIZE) {
-    cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
-    return false;
-  }
-  unsigned int num = 0;
-  std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
-  std::memset(key.getBuf(), 0, key.getLength());
-  AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
 #endif
 
   return true;
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index accb501..96904d1 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -40,11 +40,15 @@
 #include "options.h"
 
 #ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
 #include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>
 #endif
+
 #endif
 #include <boost/archive/text_oarchive.hpp>
 #include <boost/archive/text_iarchive.hpp>
@@ -168,11 +172,13 @@ private:
     ar& boost::serialization::base_object<KeyDerivation>(*this);
   }
 
-#ifndef USE_SSL_CRYPTO
-  gcry_cipher_hd_t handle_[2];
-#else
+#if defined(USE_SSL_CRYPTO)
   AES_KEY aes_key_[2];
   uint8_t ecount_buf_[2][AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+  struct aes_ctx ctx_[2];
+#else  // USE_GCRYPT is the default
+  gcry_cipher_hd_t handle_[2];
 #endif
 
 #ifdef _MSC_VER
author	Christian Pointner <equinox@anytun.org>	2014-06-22 23:09:15 +0000
committer	Christian Pointner <equinox@anytun.org>	2014-06-22 23:09:15 +0000
commit	fac90fc49e667b18522b442ff15edd3bb8eb804b (patch)
tree	7530b98b4b7c50f0512184e9a2369a0b196306a7
parent	fixed typo in license header (diff)
parent	implemented key derivation using libnettle (diff)