summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Makefile3
-rw-r--r--src/keyDerivation.cpp82
-rw-r--r--src/keyDerivation.h8
3 files changed, 50 insertions, 43 deletions
diff --git a/src/Makefile b/src/Makefile
index 64dd5b8..e4bb487 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -32,9 +32,10 @@ TARGET=$(shell uname -s)
CC = gcc
CFLAGS = -g
CXX = g++
-CXXFLAGS = -g -Wall -O2
+CXXFLAGS = -g -Wall -O2 #-DUSE_SSL_CRYPTO
LD = g++
LDFLAGS = -g -Wall -O2 -lboost_thread -lgcrypt -lgpg-error -lboost_serialization -lboost_system
+#LDFLAGS = -g -Wall -O2 -lboost_thread -lcrypto -lboost_serialization -lboost_system
ifeq ($(TARGET),Linux)
CFLAGS += -D_XOPEN_SOURCE=600
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 459d6c9..46c1568 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -63,14 +63,16 @@ bool NullKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t seq_
AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH)
{
#ifndef USE_SSL_CRYPTO
- handle_ = NULL;
+ for(int i=0; i<2; i++)
+ handle_[i] = NULL;
#endif
}
AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(key_length)
{
#ifndef USE_SSL_CRYPTO
- handle_ = NULL;
+ for(int i=0; i<2; i++)
+ handle_[i] = NULL;
#endif
}
@@ -78,8 +80,9 @@ AesIcmKeyDerivation::~AesIcmKeyDerivation()
{
WritersLock lock(mutex_);
#ifndef USE_SSL_CRYPTO
- if(handle_)
- gcry_cipher_close(handle_);
+ for(int i=0; i<2; i++)
+ if(handle_[i])
+ gcry_cipher_close(handle_[i]);
#endif
}
@@ -123,31 +126,35 @@ void AesIcmKeyDerivation::updateMasterKey()
}
}
- if(handle_)
- gcry_cipher_close(handle_);
-
- gcry_error_t err = gcry_cipher_open(&handle_, algo, GCRY_CIPHER_MODE_CTR, 0);
- if(err) {
- char buf[STERROR_TEXT_MAX];
- buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to open cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
- return;
- }
-
- err = gcry_cipher_setkey(handle_, master_key_.getBuf(), master_key_.getLength());
- if(err) {
- char buf[STERROR_TEXT_MAX];
- buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
- return;
+ for(int i=0; i<2; i++) {
+ if(handle_[i])
+ gcry_cipher_close(handle_[i]);
+
+ gcry_error_t err = gcry_cipher_open(&handle_[i], algo, GCRY_CIPHER_MODE_CTR, 0);
+ if(err) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to open cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ return;
+ }
+
+ err = gcry_cipher_setkey(handle_[i], master_key_.getBuf(), master_key_.getLength());
+ if(err) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
+ return;
+ }
}
#else
- int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_);
- if(ret) {
- char buf[STERROR_TEXT_MAX];
- buf[0] = 0;
- cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")";
- return;
+ for(int i=0; i<2; i++) {
+ int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]);
+ if(ret) {
+ char buf[STERROR_TEXT_MAX];
+ buf[0] = 0;
+ cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")";
+ return;
+ }
}
#endif
}
@@ -179,18 +186,17 @@ bool AesIcmKeyDerivation::calcCtr(kd_dir dir, seq_nr_t* r, satp_prf_label label,
cLog.msg(Log::PRIO_CRIT) << "KeyDerivation::calcCtr: salt lengths don't match";
return false;
}
- memcpy(ctr_.salt_.buf_, master_salt_.getBuf(), SALT_LENGTH);
- ctr_.salt_.zero_ = 0;
- ctr_.params_.label_ ^= label;
- ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r);
+ memcpy(ctr_[dir].salt_.buf_, master_salt_.getBuf(), SALT_LENGTH);
+ ctr_[dir].salt_.zero_ = 0;
+ ctr_[dir].params_.label_ ^= label;
+ ctr_[dir].params_.r_ ^= SEQ_NR_T_HTON(*r);
return true;
}
bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
{
-// ReadersLock lock(mutex_);
- WritersLock lock(mutex_);
+ ReadersLock lock(mutex_);
seq_nr_t r;
calcCtr(dir, &r, label, seq_nr);
@@ -208,14 +214,14 @@ bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t se
#ifndef USE_SSL_CRYPTO
- gcry_error_t err = gcry_cipher_reset(handle_);
+ gcry_error_t err = gcry_cipher_reset(handle_[dir]);
if(err) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
}
- err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
+ err = gcry_cipher_setctr(handle_[dir], ctr_[dir].buf_, CTR_LENGTH);
if(err) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
@@ -224,7 +230,7 @@ bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t se
}
std::memset(key.getBuf(), 0, key.getLength());
- err = gcry_cipher_encrypt(handle_, key, key.getLength(), NULL, 0);
+ err = gcry_cipher_encrypt(handle_[dir], key, key.getLength(), NULL, 0);
if(err) {
char buf[STERROR_TEXT_MAX];
buf[0] = 0;
@@ -239,9 +245,9 @@ bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t se
return false;
}
u_int32_t num = 0;
- std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
+ std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
std::memset(key.getBuf(), 0, key.getLength());
- AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_, ctr_.buf_, ecount_buf_, &num);
+ AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
#endif
// TODO: store key if key derivation rate is != 0
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index 6b20983..621bb36 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -156,10 +156,10 @@ private:
}
#ifndef USE_SSL_CRYPTO
- gcry_cipher_hd_t handle_;
+ gcry_cipher_hd_t handle_[2];
#else
- AES_KEY aes_key_;
- u_int8_t ecount_buf_[AES_BLOCK_SIZE];
+ AES_KEY aes_key_[2];
+ u_int8_t ecount_buf_[2][AES_BLOCK_SIZE];
#endif
union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
@@ -184,7 +184,7 @@ private:
u_int16_t zero_;
} params_;
#endif
- } ctr_;
+ } ctr_[2];
};
#endif