diff options
author | Othmar Gsenger <otti@anytun.org> | 2015-03-02 18:28:09 +0000 |
---|---|---|
committer | Othmar Gsenger <otti@anytun.org> | 2015-03-02 18:28:09 +0000 |
commit | 559d6b4a6e398ccb0c5c8f54f642cdc95b068f5c (patch) | |
tree | 4cf69b2ec43a4f2de27d01ff6b53cb904eb5aa7e /src | |
parent | added unit test for new crypt implementation (diff) |
newcrypt added passphrase support
Diffstat (limited to 'src')
-rw-r--r-- | src/crypto/openssl.cpp | 23 | ||||
-rw-r--r-- | src/unittest.cpp | 10 |
2 files changed, 31 insertions, 2 deletions
diff --git a/src/crypto/openssl.cpp b/src/crypto/openssl.cpp index 20dcff7..6e0b703 100644 --- a/src/crypto/openssl.cpp +++ b/src/crypto/openssl.cpp @@ -46,6 +46,7 @@ #include "openssl.h" #include "../log.h" #include <openssl/aes.h> +#include <openssl/sha.h> #include "../anytunError.h" namespace crypto { @@ -58,7 +59,29 @@ Openssl::~Openssl() void Openssl::calcMasterKeySalt(std::string passphrase, uint16_t length, Buffer& masterkey , Buffer& mastersalt) { + cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation: calculating master key from passphrase"; + if(!length) { + cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: bad master key length"; + return; + } + + if(length > SHA256_DIGEST_LENGTH) { + cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm"; + return; + } + Buffer digest(uint32_t(SHA256_DIGEST_LENGTH)); + SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf()); + masterkey.setLength(length); + + std::memcpy(masterkey.getBuf(), &digest.getBuf()[digest.getLength() - masterkey.getLength()], masterkey.getLength()); + + cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation: calculating master salt from passphrase"; + + Buffer digestsalt(uint32_t(SHA_DIGEST_LENGTH)); + SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digestsalt.getBuf()); + mastersalt.setLength(SALT_LENGTH); + std::memcpy(mastersalt.getBuf(), &digestsalt.getBuf()[digestsalt.getLength() - mastersalt.getLength()], mastersalt.getLength()); } uint32_t Openssl::cipher(uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, const Buffer& masterkey, const Buffer& mastersalt, role_t role, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) diff --git a/src/unittest.cpp b/src/unittest.cpp index 1358ad4..a5862d3 100644 --- a/src/unittest.cpp +++ b/src/unittest.cpp @@ -138,6 +138,9 @@ void testCrypt() kd->setRole(ROLE_RIGHT); c->decrypt(*kd, encrypted_packet, plain_packet); +// std::cout << "Master Key:" << kd->master_key_.getHexDump() << std::endl; +// std::cout << "Master Salt:" << kd->master_salt_.getHexDump() << std::endl; + if (!memcmp(plain_packet.getPayload(), test, sizeof(test))) { std::cerr << "role test error" << std::endl; exit(-1); @@ -166,9 +169,11 @@ void testCrypt() memset(plain_packet.getPayload(), 0, sizeof(test)); std::auto_ptr<crypto::Interface> cnew(new crypto::Openssl()); - Buffer masterkey(crypto::SALT_LENGTH, false); + Buffer masterkey(uint32_t(crypto::DEFAULT_KEY_LENGTH/8) , false); Buffer mastersalt(crypto::SALT_LENGTH, false); - cnew->calcMasterKeySalt("abc", crypto::SALT_LENGTH, masterkey , mastersalt); + cnew->calcMasterKeySalt("abc", uint32_t(crypto::DEFAULT_KEY_LENGTH/8), masterkey , mastersalt); + std::cout << "Master Key:" << masterkey.getHexDump() << std::endl; + std::cout << "Master Salt:" << mastersalt.getHexDump() << std::endl; cnew->decrypt(encrypted_packet, plain_packet, masterkey, mastersalt, ROLE_RIGHT ); if (memcmp(plain_packet.getPayload(), test, sizeof(test))) { std::cerr << "crypto test failed" << std::endl; @@ -184,6 +189,7 @@ void testCrypt() int main(int argc, char* argv[]) { + cLog.addTarget("stdout:5"); try { testCrypt(); } catch (std::exception& e) { |