diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | authAlgo.cpp | 19 | ||||
-rw-r--r-- | cypher.cpp | 36 | ||||
-rw-r--r-- | keyDerivation.cpp | 43 |
4 files changed, 45 insertions, 55 deletions
@@ -3,7 +3,7 @@ CFLAGS = -g -Wall C++ = g++ CCFLAGS = -g -Wall LD = g++ -LDFLAGS = -g -Wall -O2 -ldl -lpthread -lsrtp -lgcrypt +LDFLAGS = -g -Wall -O2 -ldl -lpthread -lgcrypt OPENVPNDEPS = openvpn/tun.o \ openvpn/error.o \ diff --git a/authAlgo.cpp b/authAlgo.cpp index 206d335..d19cf2d 100644 --- a/authAlgo.cpp +++ b/authAlgo.cpp @@ -31,7 +31,7 @@ #include "authAlgo.h" extern "C" { -#include <srtp/crypto_kernel.h> +#include <gcrypt.h> } @@ -44,22 +44,7 @@ auth_tag_t NullAuthAlgo::calc(const Buffer& buf) // HMAC_SHA1 auth_tag_t HmacAuthAlgo::calc(const Buffer& buf) { - extern auth_type_t hmac; - err_status_t status = err_status_ok; - auth_t *auth = NULL; - - uint8_t key[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13 - }; - - // auth_type_alloc(auth_type, auth, key_len, out_len) - status = auth_type_alloc(&hmac, &auth, 94, 4); - status = auth_init(auth, key); - - status = auth_dealloc(auth); - +// gcry_md_hash_buffer(GCRY_MD_SHA1, ht, buf.getBuf(), buf.getLength()); return 0; } @@ -72,34 +72,34 @@ bool AesIcmCypher::gcrypt_initialized_ = false; AesIcmCypher::AesIcmCypher() : salt_(Buffer(14)) { gcry_error_t err; - if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) - { - std::cerr << "Invalid Version of libgcrypt, should be >= "; - std::cerr << MIN_GCRYPT_VERSION << std::endl; - return; - } - if( !gcrypt_initialized_ ) + // No other library has already initialized libgcrypt. + if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) ) { + if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) { + std::cerr << "Invalid Version of libgcrypt, should be >= "; + std::cerr << MIN_GCRYPT_VERSION << std::endl; + return; + } + /* Allocate a pool of secure memory. This also drops priviliges on some systems. */ err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0); - if( err ) - { + if( err ) { std::cerr << "Failed to allocate " << GCRYPT_SEC_MEM << "bytes of secure memory: "; std::cerr << gpg_strerror( err ) << std::endl; return; } - gcrypt_initialized_ = true; - } - /* Tell Libgcrypt that initialization has completed. */ - err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); - if( err ) - { - std::cerr << "Failed to finish the initialization of libgcrypt"; - std::cerr << gpg_strerror( err ) << std::endl; - return; + /* Tell Libgcrypt that initialization has completed. */ + err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); + if( err ) { + std::cerr << "Failed to finish the initialization of libgcrypt"; + std::cerr << gpg_strerror( err ) << std::endl; + return; + } else { + std::cout << "AesIcmCypher::AesIcmCypher: libgcrypt init finished" << std::endl; + } } gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); diff --git a/keyDerivation.cpp b/keyDerivation.cpp index f8e3c55..a171244 100644 --- a/keyDerivation.cpp +++ b/keyDerivation.cpp @@ -44,27 +44,32 @@ const char* KeyDerivation::MIN_GCRYPT_VERSION = "1.2.3"; void KeyDerivation::init(Buffer key, Buffer salt) { gcry_error_t err; - if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) - { - std::cerr << "Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl; - return; - } - - /* Allocate a pool of 16k secure memory. This also drops priviliges - * on some systems. */ - err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); - if( err ) - { - std::cerr << "Failed to allocate 16k secure memory: " << gpg_strerror( err ) << std::endl; - return; - } - /* Tell Libgcrypt that initialization has completed. */ - err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); - if( err ) + // No other library has already initialized libgcrypt. + if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) ) { - std::cerr << "Failed to finish the initialization of libgcrypt" << gpg_strerror( err ) << std::endl; - return; + if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) { + std::cerr << "Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl; + return; + } + + /* Allocate a pool of 16k secure memory. This also drops priviliges + * on some systems. */ + err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); + if( err ) + { + std::cerr << "Failed to allocate 16k secure memory: " << gpg_strerror( err ) << std::endl; + return; + } + + /* Tell Libgcrypt that initialization has completed. */ + err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); + if( err ) { + std::cerr << "Failed to finish the initialization of libgcrypt" << gpg_strerror( err ) << std::endl; + return; + } else { + std::cout << "KeyDerivation::init: libgcrypt init finished" << std::endl; + } } err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); |