diff options
Diffstat (limited to 'src/keyDerivation.cpp')
-rw-r--r-- | src/keyDerivation.cpp | 76 |
1 files changed, 39 insertions, 37 deletions
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index 3b6f17c..d462515 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -46,9 +46,11 @@ #ifndef NO_CRYPT #ifndef NO_PASSPHRASE -#ifdef USE_SSL_CRYPTO + +#if defined(USE_SSL_CRYPTO) #include <openssl/sha.h> #endif + #endif #endif @@ -69,21 +71,21 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length) return; } -#ifndef USE_SSL_CRYPTO - if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) { -#else +#if defined(USE_SSL_CRYPTO) if(length > SHA256_DIGEST_LENGTH) { +#else // USE_GCRYPT is the default + if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) { #endif cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm"; return; } -#ifndef USE_SSL_CRYPTO - Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256))); - gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length()); -#else +#if defined(USE_SSL_CRYPTO) Buffer digest(uint32_t(SHA256_DIGEST_LENGTH)); SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf()); +#else // USE_GCRYPT is the default + Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256))); + gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length()); #endif master_key_.setLength(length); @@ -98,21 +100,21 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length) return; } -#ifndef USE_SSL_CRYPTO - if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) { -#else +#if defined(USE_SSL_CRYPTO) if(length > SHA_DIGEST_LENGTH) { +#else // USE_GCRYPT is the default + if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) { #endif cLog.msg(Log::PRIO_ERROR) << "KeyDerivation: master key too long for passphrase algorithm"; return; } -#ifndef USE_SSL_CRYPTO - Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1))); - gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length()); -#else +#if defined(USE_SSL_CRYPTO) Buffer digest(uint32_t(SHA_DIGEST_LENGTH)); SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf()); +#else // USE_GCRYPT is the default + Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1))); + gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length()); #endif master_salt_.setLength(length); @@ -172,7 +174,7 @@ bool NullKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_GCRYPT) for(int i=0; i<2; i++) { handle_[i] = NULL; } @@ -181,7 +183,7 @@ AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH) AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(key_length) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_GCRYPT) for(int i=0; i<2; i++) { handle_[i] = NULL; } @@ -191,7 +193,7 @@ AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(ke AesIcmKeyDerivation::~AesIcmKeyDerivation() { WritersLock lock(mutex_); -#ifndef USE_SSL_CRYPTO +#if defined(USE_GCRYPT) for(int i=0; i<2; i++) if(handle_[i]) { gcry_cipher_close(handle_[i]); @@ -236,7 +238,15 @@ void AesIcmKeyDerivation::updateMasterKey() return; } -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + for(int i=0; i<2; i++) { + int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]); + if(ret) { + cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")"; + return; + } + } +#else // USE_GCRYPT is the default int algo; switch(key_length_) { case 128: @@ -271,14 +281,6 @@ void AesIcmKeyDerivation::updateMasterKey() return; } } -#else - for(int i=0; i<2; i++) { - int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]); - if(ret) { - cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")"; - return; - } - } #endif is_initialized_ = true; } @@ -318,7 +320,16 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_ return false; } -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + if(CTR_LENGTH != AES_BLOCK_SIZE) { + cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits"; + return false; + } + unsigned int num = 0; + std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE); + std::memset(key.getBuf(), 0, key.getLength()); + AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(handle_[dir]); if(err) { cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::generate: Failed to reset cipher: " << AnytunGpgError(err); @@ -335,15 +346,6 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_ if(err) { cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << AnytunGpgError(err); } -#else - if(CTR_LENGTH != AES_BLOCK_SIZE) { - cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits"; - return false; - } - unsigned int num = 0; - std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE); - std::memset(key.getBuf(), 0, key.getLength()); - AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num); #endif return true; |