summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-14 15:58:35 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-14 15:58:35 +0000
commit0b7b9d4be886f28440ac2a192fe278267e69e072 (patch)
tree6e2a47eab27cc78788cf19f37188468c9c91ad72 /src
parentported uAnytun sequence window to anytun (diff)
ported cipher from uanytun to anytun
Diffstat (limited to 'src')
-rw-r--r--src/anytun.cpp23
-rw-r--r--src/cipher.cpp181
-rw-r--r--src/cipher.h65
-rw-r--r--src/keyDerivation.cpp9
-rw-r--r--src/keyDerivation.h6
5 files changed, 164 insertions, 120 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp
index a5f2218..1e54378 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -81,8 +81,6 @@
#include "sysexec.hpp"
#define SESSION_KEYLEN_AUTH 20 // TODO: hardcoded size
-#define SESSION_KEYLEN_ENCR 16 // TODO: hardcoded size
-#define SESSION_KEYLEN_SALT 14 // TODO: hardcoded size
void createConnection(const PacketSourceEndpoint & remote_end, window_size_t seqSize, mux_t mux)
{
@@ -124,8 +122,6 @@ void sender(void* p)
PlainPacket plain_packet(MAX_PACKET_LENGTH);
EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH);
- Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR)); // TODO: hardcoded size
- Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT)); // TODO: hardcoded size
Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH)); // TODO: hardcoded size
//TODO replace mux
@@ -177,15 +173,8 @@ void sender(void* p)
continue;
}
- // generate packet-key TODO: do this only when needed
- conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key);
- conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt);
-
- c->setKey(session_key);
- c->setSalt(session_salt);
-
// encrypt packet
- c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId(), mux);
+ c->encrypt(conn.kd_, plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId(), mux);
encrypted_packet.setHeader(conn.seq_nr_, gOpt.getSenderId(), mux);
conn.seq_nr_++;
@@ -270,8 +259,6 @@ void receiver(void* p)
EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH);
PlainPacket plain_packet(MAX_PACKET_LENGTH);
- Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR)); // TODO: hardcoded size
- Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT)); // TODO: hardcoded size
Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH)); // TODO: hardcoded size
while(1)
@@ -331,14 +318,8 @@ void receiver(void* p)
continue;
}
- // generate packet-key
- conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key);
- conn.kd_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt);
- c->setKey(session_key);
- c->setSalt(session_salt);
-
// decrypt packet
- c->decrypt(encrypted_packet, plain_packet);
+ c->decrypt(conn.kd_, encrypted_packet, plain_packet);
// check payload_type
if((param->dev.getType() == TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN4 &&
diff --git a/src/cipher.cpp b/src/cipher.cpp
index edfc760..8db6256 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -34,42 +34,37 @@
#include <string>
#include <cstdio>
#include <cstring>
-#ifndef NOCRYPT
-#include <gcrypt.h>
-#include "mpi.h"
-#endif
+
+#include "endian.h"
#include "cipher.h"
#include "log.h"
-
- // TODO: in should be const but does not work with getBuf() :(
-void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+void Cipher::encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
- u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux);
+ u_int32_t len = cipher(kd, in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux);
out.setSenderId(sender_id);
out.setSeqNr(seq_nr);
out.setMux(mux);
out.setPayloadLength(len);
}
- // TODO: in should be const but does not work with getBuf() :(
-void Cipher::decrypt(EncryptedPacket & in, PlainPacket & out)
+void Cipher::decrypt(KeyDerivation& kd, EncryptedPacket & in, PlainPacket & out)
{
- u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux());
+ u_int32_t len = decipher(kd, in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux());
out.setLength(len);
}
//******* NullCipher *******
-u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+u_int32_t NullCipher::cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
std::memcpy(out, in, (ilen < olen) ? ilen : olen);
return (ilen < olen) ? ilen : olen;
}
-u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+u_int32_t NullCipher::decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
std::memcpy(out, in, (ilen < olen) ? ilen : olen);
return (ilen < olen) ? ilen : olen;
@@ -78,107 +73,147 @@ u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_in
#ifndef NOCRYPT
//****** AesIcmCipher ******
-AesIcmCipher::AesIcmCipher() : cipher_(NULL)
+AesIcmCipher::AesIcmCipher() : key_(u_int32_t(DEFAULT_KEY_LENGTH/8)), salt_(u_int32_t(SALT_LENGTH))
{
- // TODO: hardcoded keysize
- gcry_error_t err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
- if( err ) {
- char buf[STERROR_TEXT_MAX];
- buf[0] = 0;
- cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: Failed to open cipher" << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
- }
+ init();
}
-
-AesIcmCipher::~AesIcmCipher()
+AesIcmCipher::AesIcmCipher(u_int16_t key_length) : key_(u_int32_t(key_length/8)), salt_(u_int32_t(SALT_LENGTH))
{
- if(cipher_)
- gcry_cipher_close( cipher_ );
+ init(key_length);
}
-void AesIcmCipher::setKey(Buffer& key)
+void AesIcmCipher::init(u_int16_t key_length)
{
- if(!cipher_)
+#ifndef USE_SSL_CRYPTO
+ handle_ = NULL;
+ int algo;
+ switch(key_length) {
+ case 128: algo = GCRY_CIPHER_AES128; break;
+ case 192: algo = GCRY_CIPHER_AES192; break;
+ case 256: algo = GCRY_CIPHER_AES256; break;
+ default: {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: cipher key length of " << key_length << " Bits is not supported";
return;
+ }
+ }
- gcry_error_t err = gcry_cipher_setkey( cipher_, key.getBuf(), key.getLength() );
+ gcry_error_t err = gcry_cipher_open(&handle_, algo, GCRY_CIPHER_MODE_CTR, 0);
if( err ) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "AesIcmCipher::setKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
- }
+ cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: Failed to open cipher" << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ }
+#endif
}
-void AesIcmCipher::setSalt(Buffer& salt)
+
+AesIcmCipher::~AesIcmCipher()
{
- salt_ = salt;
- if(!salt_[u_int32_t(0)])
- salt_[u_int32_t(0)] = 1; // TODO: this is a outstandingly ugly workaround
+#ifndef USE_SSL_CRYPTO
+ if(handle_)
+ gcry_cipher_close(handle_);
+#endif
}
-u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+u_int32_t AesIcmCipher::cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
- calc(in, ilen, out, olen, seq_nr, sender_id, mux);
+ calc(kd, in, ilen, out, olen, seq_nr, sender_id, mux);
return (ilen < olen) ? ilen : olen;
}
-u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+u_int32_t AesIcmCipher::decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
- calc(in, ilen, out, olen, seq_nr, sender_id, mux);
+ calc(kd, in, ilen, out, olen, seq_nr, sender_id, mux);
return (ilen < olen) ? ilen : olen;
}
-void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+void AesIcmCipher::calc_ctr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+{
+ kd.generate(LABEL_SATP_SALT, seq_nr, salt_);
+
+#ifdef ANYTUN_02_COMPAT
+ if(!salt_[int32_t(0)])
+ salt_[int32_t(0)] = 1;
+#endif
+
+ std::memcpy(ctr_.salt_.buf_, salt_.getBuf(), SALT_LENGTH);
+ ctr_.salt_.zero_ = 0;
+ ctr_.params_.mux_ ^= MUX_T_HTON(mux);
+ ctr_.params_.sender_id_ ^= SENDER_ID_T_HTON(sender_id);
+ ctr_.params_.seq_nr_ ^= SEQ_NR_T_HTON(seq_nr);
+
+ return;
+}
+
+void AesIcmCipher::calc(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
- if(!cipher_)
+#ifndef USE_SSL_CRYPTO
+ if(!handle_)
return;
+#endif
- gcry_error_t err = gcry_cipher_reset( cipher_ );
- if( err ) {
+ bool result = kd.generate(LABEL_SATP_ENCRYPTION, seq_nr, key_);
+ if(result) { // a new key got generated
+#ifdef USE_SSL_CRYPTO
+ int ret = AES_set_encrypt_key(key_.getBuf(), key_.getLength()*8, &aes_key_);
+ if(ret) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")";
+ return;
+ }
+#else
+ gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength());
+ if(err) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ return;
+ }
+ } // no new key got generated
+ else {
+ gcry_error_t err = gcry_cipher_reset(handle_);
+ if(err) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ return;
+ }
+#endif
+ }
+
+ calc_ctr(kd, seq_nr, sender_id, mux);
+
+#ifndef USE_SSL_CRYPTO
+ gcry_error_t err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
+ if(err) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
return;
}
- // set the IV ( = CTR)
- //==========================================================================
- // // where the 128-bit integer value IV SHALL be defined by the SSRC, the
- // // SRTP packet index i, and the SRTP session salting key k_s, as below.
- // //
- // // IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16)
- // // sizeof(k_s) = 112 bit, random
-
- Mpi ctr(128); // TODO: hardcoded size
- Mpi salt(salt_.getBuf(), salt_.getLength());
- Mpi sid_mux(32);
- sid_mux = sender_id;
- Mpi mux_mpi(32);
- mux_mpi = mux;
- sid_mux = sid_mux ^ mux_mpi.mul2exp(16);
- Mpi seq(32);
- seq = seq_nr;
-
- ctr = salt.mul2exp(16) ^ sid_mux.mul2exp(64) ^ seq.mul2exp(16); // TODO: hardcoded size
-
- size_t written;
- u_int8_t *ctr_buf = ctr.getNewBuf(&written); // TODO: hardcoded size
- err = gcry_cipher_setctr( cipher_, ctr_buf, written ); // TODO: hardcoded size
- delete[] ctr_buf;
- if( err ) {
+ err = gcry_cipher_encrypt(handle_, out, olen, in, ilen);
+ if(err) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to de/encrypt packet: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
return;
}
-
- err = gcry_cipher_encrypt( cipher_, out, olen, in, ilen );
- if( err ) {
+#else
+ if(CTR_LENGTH != AES_BLOCK_SIZE) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits";
return;
}
+ u_int32_t num = 0;
+ std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
+ AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+#endif
}
#endif
diff --git a/src/cipher.h b/src/cipher.h
index c49b3fc..f930bc4 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -36,9 +36,14 @@
#include "buffer.h"
#include "encryptedPacket.h"
#include "plainPacket.h"
+#include "keyDerivation.h"
#ifndef NOCRYPT
+#ifndef USE_SSL_CRYPTO
#include <gcrypt.h>
+#else
+#include <openssl/aes.h>
+#endif
#endif
class Cipher
@@ -46,29 +51,21 @@ class Cipher
public:
virtual ~Cipher() {};
- // TODO: in should be const but does not work with getBuf() :(
- void encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
- void decrypt(EncryptedPacket & in, PlainPacket & out);
+ void encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ void decrypt(KeyDerivation& kd, EncryptedPacket & in, PlainPacket & out);
- virtual void setKey(Buffer& key) = 0;
- virtual void setSalt(Buffer& salt) = 0;
-
protected:
- virtual u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0;
- virtual u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0;
+ virtual u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0;
+ virtual u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0;
};
//****** NullCipher ******
class NullCipher : public Cipher
{
-public:
- void setKey(Buffer& key) {};
- void setSalt(Buffer& salt) {};
-
protected:
- u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
- u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
};
#ifndef NOCRYPT
@@ -78,19 +75,47 @@ class AesIcmCipher : public Cipher
{
public:
AesIcmCipher();
+ AesIcmCipher(u_int16_t key_length);
~AesIcmCipher();
- void setKey(Buffer& key);
- void setSalt(Buffer& salt);
+
+ static const u_int16_t DEFAULT_KEY_LENGTH = 128;
+ static const u_int16_t CTR_LENGTH = 16;
+ static const u_int16_t SALT_LENGTH = 14;
protected:
- u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
- u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
private:
- void calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ void init(u_int16_t key_length = DEFAULT_KEY_LENGTH);
+
+ void calc_ctr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+ void calc(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
- gcry_cipher_hd_t cipher_;
+#ifndef USE_SSL_CRYPTO
+ gcry_cipher_hd_t handle_;
+#else
+ AES_KEY aes_key_;
+ u_int8_t ecount_buf_[AES_BLOCK_SIZE];
+#endif
+ Buffer key_;
Buffer salt_;
+
+ union __attribute__((__packed__)) cipher_aesctr_ctr_union {
+ u_int8_t buf_[CTR_LENGTH];
+ struct __attribute__ ((__packed__)) {
+ u_int8_t buf_[SALT_LENGTH];
+ u_int16_t zero_;
+ } salt_;
+ struct __attribute__((__packed__)) {
+ u_int8_t fill_[SALT_LENGTH - sizeof(mux_t) - sizeof(sender_id_t) - 2 - sizeof(seq_nr_t)];
+ mux_t mux_;
+ sender_id_t sender_id_;
+ u_int8_t empty_[2];
+ seq_nr_t seq_nr_;
+ u_int16_t zero_;
+ } params_;
+ } ctr_;
};
#endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index ed29fca..0bf74a7 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -53,9 +53,10 @@ void KeyDerivation::setLogKDRate(const u_int8_t log_rate)
//****** NullKeyDerivation ******
-void NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
+bool NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
{
for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0;
+ return true;
}
#ifndef NOCRYPT
@@ -102,13 +103,13 @@ void AesIcmKeyDerivation::init(Buffer key, Buffer salt)
updateMasterKey();
}
-void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
+bool AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
{
Lock lock(mutex_);
if(!cipher_)
{
cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: cipher not opened";
- return;
+ return false;
}
gcry_error_t err = gcry_cipher_reset( cipher_ );
@@ -158,6 +159,7 @@ void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to set CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ return false;
}
for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0;
@@ -167,6 +169,7 @@ void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer
buf[0] = 0;
cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
}
+ return true;
}
#endif
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index 9e8c7b5..6dd8080 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -60,7 +60,7 @@ public:
void setLogKDRate(const u_int8_t ld_rate);
virtual void init(Buffer key, Buffer salt) = 0;
- virtual void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) = 0;
+ virtual bool generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) = 0;
virtual std::string printType() { return "KeyDerivation"; };
@@ -97,7 +97,7 @@ public:
~NullKeyDerivation() {};
void init(Buffer key, Buffer salt) {};
- void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
+ bool generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
std::string printType() { return "NullKeyDerivation"; };
@@ -123,7 +123,7 @@ public:
~AesIcmKeyDerivation();
void init(Buffer key, Buffer salt);
- void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
+ bool generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
std::string printType() { return "AesIcmKeyDerivation"; };