added compile switches for libnettle

author: Christian Pointner <equinox@anytun.org> 2014-06-22 22:11:20 +0000
committer: Christian Pointner <equinox@anytun.org> 2014-06-22 22:11:20 +0000
commit: f463e79addfe63297d4e44f9da49a30cc56b68c3 (patch)
tree: c1160efa35a3145715ef95e33d2cd0c76285f830 /src
parent: improved selection of crypto lib (diff)
8 files changed, 83 insertions, 3 deletions
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index 24bb423..0fa4a47 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -57,6 +57,9 @@ Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
 #if defined(USE_SSL_CRYPTO)
   HMAC_CTX_init(&ctx_);
   HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
@@ -70,6 +73,9 @@ Sha1AuthAlgo::~Sha1AuthAlgo()
 {
 #if defined(USE_SSL_CRYPTO)
   HMAC_CTX_cleanup(&ctx_);
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   if(handle_) {
     gcry_md_close(handle_);
@@ -97,6 +103,10 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
   uint8_t hmac[DIGEST_LENGTH];
   HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
   HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+  uint8_t hmac[DIGEST_LENGTH];
+
 #else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
   if(err) {
@@ -140,6 +150,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
   uint8_t hmac[DIGEST_LENGTH];
   HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
   HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+  uint8_t hmac[DIGEST_LENGTH];
+
 #else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
   if(err) {
diff --git a/src/authAlgo.h b/src/authAlgo.h
index a9b8051..d58646f 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -40,6 +40,8 @@
 
 #if defined(USE_SSL_CRYPTO)
 #include <openssl/hmac.h>
+#elif defined(USE_NETTLE)
+#include <nettle/hmac.h>
 #else  // USE_GCRYPT is the default
 #include <gcrypt.h>
 #endif
@@ -99,6 +101,9 @@ public:
 private:
 #if defined(USE_SSL_CRYPTO)
   HMAC_CTX ctx_;
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   gcry_md_hd_t handle_;
 #endif
diff --git a/src/cipher.cpp b/src/cipher.cpp
index d7cbb5f..c05f249 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -163,6 +163,9 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
     cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")";
     return;
   }
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength());
   if(err) {
@@ -181,6 +184,9 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
   unsigned int num = 0;
   std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
   AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
   if(err) {
diff --git a/src/cipher.h b/src/cipher.h
index c39f9cb..a9ce59b 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -42,6 +42,8 @@
 
 #if defined(USE_SSL_CRYPTO)
 #include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
 #else  // USE_GCRYPT is the default
 #include <gcrypt.h>
 #endif
@@ -101,6 +103,9 @@ private:
 #if defined(USE_SSL_CRYPTO)
   AES_KEY aes_key_;
   uint8_t ecount_buf_[AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   gcry_cipher_hd_t handle_;
 #endif
diff --git a/src/configure b/src/configure
index 27c4890..a8fe6b1 100755
--- a/src/configure
+++ b/src/configure
@@ -54,6 +54,7 @@ INSTALLEXAMPLES=1
 
 BOOST_PREFIX=''
 GCRYPT_PREFIX=''
+NETTLE_PREFIX=''
 OPENSSL_PREFIX=''
 
 print_usage() {
@@ -67,7 +68,9 @@ print_usage() {
   echo "          --no-manpage              dont't install manpages"
   echo "          --examplesdir=<DIR>       the path to the examples files (default: $PREFIX/share/examples)"
   echo "          --no-examples             dont't install example files"
-  echo "          --use-ssl-crypto          use ssl crypto library instead of libgcrypt"
+  echo "          --use-gcrypt              use libgcrypt (this is the default)"
+  echo "          --use-nettle              use libnettle instead of libgcrypt"
+  echo "          --use-ssl-crypto          use openssl crypto library instead of libgcrypt"
   echo "          --no-crypto               disable crypto at all (only NULL cipher)"
   echo "          --disable-passphrase      disable master key and salt passphrase"
   echo "          --enable-passphrase       enable master key and salt passphrase"
@@ -76,6 +79,7 @@ print_usage() {
   echo "          --cross-prefix=<PREFIX>   add PREFIX to compiler calls"
   echo "          --with-boost=<PREFIX>     don't use systemwide boost"
   echo "          --with-gcrypt=<PREFIX>    don't use systemwide gcrypt"
+  echo "          --with-nettle=<PREFIX>    don't use systemwide nettle"
   echo "          --with-openssl=<PREFIX>   don't use systemwide openssl"
 }
 
@@ -109,6 +113,12 @@ do
   --no-examples)
     INSTALLEXAMPLES=0
   ;;
+  --use-gcrypt)
+    CRYPTO_LIB='gcrypt'
+  ;;
+  --use-nettle)
+    CRYPTO_LIB='nettle'
+  ;;
   --use-ssl-crypto)
     CRYPTO_LIB='ssl'
   ;;
@@ -139,6 +149,9 @@ do
   --with-gcrypt=*)
     GCRYPT_PREFIX=${arg#--with-gcrypt=}
   ;;
+  --with-nettle=*)
+    NETTLE_PREFIX=${arg#--with-nettle=}
+  ;;
   --with-openssl=*)
     OPENSSL_PREFIX=${arg#--with-openssl=}
   ;;
@@ -224,7 +237,16 @@ case $CRYPTO_LIB in
       CXXFLAGS="$CXXFLAGS -I\"$GCRYPT_PREFIX/include\""
       LDFLAGS="$LDFLAGS -L\"$GCRYPT_PREFIX/lib\""
     fi
-    echo "using libgcrypt library"
+    echo "using gcrypt library"
+  ;;
+  nettle)
+    CXXFLAGS=$CXXFLAGS' -DUSE_NETTLE'
+    LDFLAGS=$LDFLAGS' -lnettle'
+    if [ -n "$NETTLE_PREFIX" ]; then
+      CXXFLAGS="$CXXFLAGS -I\"$NETTLE_PREFIX/include\""
+      LDFLAGS="$LDFLAGS -L\"$NETTLE_PREFIX/lib\""
+    fi
+    echo "using nettle library"
   ;;
   ssl)
     CXXFLAGS=$CXXFLAGS' -DUSE_SSL_CRYPTO'
@@ -233,7 +255,7 @@ case $CRYPTO_LIB in
       CXXFLAGS="$CXXFLAGS -I\"$OPENSSL_PREFIX/include\""
       LDFLAGS="$LDFLAGS -L\"$OPENSSL_PREFIX/lib\""
     fi
-    echo "using ssl crypto library"
+    echo "using openssl crypto library"
   ;;
   none)
     CXXFLAGS=$CXXFLAGS' -DNO_CRYPT'
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
index e684a13..d57f19e 100644
--- a/src/cryptinit.hpp
+++ b/src/cryptinit.hpp
@@ -114,6 +114,8 @@ bool initCrypto()
 
 #if defined(USE_SSL_CRYPTO)
   return true;
+#elif defined(USE_NETTLE)
+  return true;
 #else  // USE_GCRYPT is the default
   return initLibGCrypt();
 #endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index d462515..8359d79 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -49,6 +49,9 @@
 
 #if defined(USE_SSL_CRYPTO)
 #include <openssl/sha.h>
+#elif defined(USE_NETTLE)
+#include <nettle/sha1.h>
+#include <nettle/sha2.h>
 #endif
 
 #endif
@@ -73,6 +76,8 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length)
 
 #if defined(USE_SSL_CRYPTO)
   if(length > SHA256_DIGEST_LENGTH) {
+#elif defined(USE_NETTLE)
+  if(length > SHA256_DIGEST_SIZE) {
 #else  // USE_GCRYPT is the default
   if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) {
 #endif
@@ -83,6 +88,10 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length)
 #if defined(USE_SSL_CRYPTO)
   Buffer digest(uint32_t(SHA256_DIGEST_LENGTH));
   SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#elif defined(USE_NETTLE)
+        // TODO: nettle
+  Buffer digest(uint32_t(SHA256_DIGEST_SIZE));
+
 #else  // USE_GCRYPT is the default
   Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
   gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
@@ -102,6 +111,8 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length)
 
 #if defined(USE_SSL_CRYPTO)
   if(length > SHA_DIGEST_LENGTH) {
+#elif defined(USE_NETTLE)
+  if(length > SHA1_DIGEST_SIZE) {
 #else  // USE_GCRYPT is the default
   if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) {
 #endif
@@ -112,6 +123,10 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length)
 #if defined(USE_SSL_CRYPTO)
   Buffer digest(uint32_t(SHA_DIGEST_LENGTH));
   SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#elif defined(USE_NETTLE)
+        // TODO: nettle
+  Buffer digest(uint32_t(SHA1_DIGEST_SIZE));
+
 #else  // USE_GCRYPT is the default
   Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
   gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
@@ -246,6 +261,9 @@ void AesIcmKeyDerivation::updateMasterKey()
       return;
     }
   }
+#elif defined(USE_NETTLE)
+        // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   int algo;
   switch(key_length_) {
@@ -329,6 +347,9 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
   std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
   std::memset(key.getBuf(), 0, key.getLength());
   AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+#elif defined(USE_NETTLE)
+        // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_cipher_reset(handle_[dir]);
   if(err) {
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index 7f0c137..3acd475 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -43,6 +43,8 @@
 
 #if defined(USE_SSL_CRYPTO)
 #include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <openssl/aes.h>
 #else  // USE_GCRYPT is the default
 #include <gcrypt.h>
 #endif
@@ -173,6 +175,9 @@ private:
 #if defined(USE_SSL_CRYPTO)
   AES_KEY aes_key_[2];
   uint8_t ecount_buf_[2][AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+      // TODO: nettle
+
 #else  // USE_GCRYPT is the default
   gcry_cipher_hd_t handle_[2];
 #endif
author	Christian Pointner <equinox@anytun.org>	2014-06-22 22:11:20 +0000
committer	Christian Pointner <equinox@anytun.org>	2014-06-22 22:11:20 +0000
commit	f463e79addfe63297d4e44f9da49a30cc56b68c3 (patch)
tree	c1160efa35a3145715ef95e33d2cd0c76285f830 /src
parent	improved selection of crypto lib (diff)