From 56bc3b4f9135fde1764e15046bf7799538aff18b Mon Sep 17 00:00:00 2001 From: Erwin Nindl Date: Tue, 11 Dec 2007 12:58:31 +0000 Subject: now set really key in KD --- cypher.cpp | 96 +++++++++++++++++++++---------------------------------- keyDerivation.cpp | 27 +++++++++------- 2 files changed, 53 insertions(+), 70 deletions(-) diff --git a/cypher.cpp b/cypher.cpp index ea511ef..7bf0c3e 100644 --- a/cypher.cpp +++ b/cypher.cpp @@ -32,14 +32,14 @@ #include #include #include +#include #include "cypher.h" #include "keyDerivation.h" +#include "mpi.h" +#include "log.h" -extern "C" { -#include -} void Cypher::cypher(Buffer& buf, seq_nr_t seq_nr, sender_id_t sender_id) { @@ -78,37 +78,32 @@ AesIcmCypher::AesIcmCypher() : salt_(Buffer(14)) if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) ) { if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) { - std::cerr << "Invalid Version of libgcrypt, should be >= "; - std::cerr << MIN_GCRYPT_VERSION << std::endl; + cLog.msg(Log::PRIO_ERR) << "Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION; return; } - // do NOT allocate a pool of secure memory! - // this is NOT thread safe! - -// /* Allocate a pool of secure memory. This also drops priviliges -// on some systems. */ -// err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0); -// if( err ) { -// std::cerr << "Failed to allocate " << GCRYPT_SEC_MEM << "bytes of secure memory: "; -// std::cerr << gpg_strerror( err ) << std::endl; -// return; -// } + // do NOT allocate a pool of secure memory! + // this is NOT thread safe! + // /* Allocate a pool of secure memory. This also drops priviliges + // on some systems. */ + // err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0); + // if( err ) { + // std::cerr << "Failed to allocate " << GCRYPT_SEC_MEM << "bytes of secure memory: "; + // std::cerr << gpg_strerror( err ) << std::endl; + // return; + // } /* Tell Libgcrypt that initialization has completed. */ err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); if( err ) { - std::cerr << "Failed to finish the initialization of libgcrypt"; - std::cerr << gpg_strerror( err ) << std::endl; + cLog.msg(Log::PRIO_CRIT) << "AesIcmCypher::AesIcmCypher: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ); return; -// } else { -// std::cout << "AesIcmCypher::AesIcmCypher: libgcrypt init finished" << std::endl; + } else { + cLog.msg(Log::PRIO_NOTICE) << "AesIcmCypher::AesIcmCypher: libgcrypt init finished"; } } gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); - -// std::cout << "Keysize: " << gcry_cipher_get_algo_keylen( GCRY_CIPHER_AES128 ) << std::endl; } @@ -121,16 +116,14 @@ AesIcmCypher::~AesIcmCypher() void AesIcmCypher::setKey(Buffer key) { gcry_error_t err; + // FIXXME: hardcoded keysize err = gcry_cipher_setkey( cipher_, key.getBuf(), 16 ); if( err ) - std::cerr << "Failed to set cipher key: " << gpg_strerror( err ) << std::endl; + cLog.msg(Log::PRIO_ERR) << "AesIcmCypher::setKey: Failed to set cipher key: " << gpg_strerror( err ); } void AesIcmCypher::setSalt(Buffer salt) { -// std::cout << "AesIcmCypher::setSalt" << std::endl; -// salt.printHexDump(); -// std::cout << std::endl; salt_ = salt; } @@ -140,50 +133,35 @@ Buffer AesIcmCypher::getBitStream(u_int32_t length, seq_nr_t seq_nr, sender_id_t Buffer buf(length); -// // set IV -// // where the 128-bit integer value IV SHALL be defined by the SSRC, the -// // SRTP packet index i, and the SRTP session salting key k_s, as below. -// // -// // IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16) -// // sizeof(k_s) = 112 bit, random - - - u_int8_t iv[16]; - std::memset(iv, 0, 16); //initalize iv - - // apply salt: - std::memcpy(&iv[2], salt_.getBuf(), 14); + // // set IV + // // where the 128-bit integer value IV SHALL be defined by the SSRC, the + // // SRTP packet index i, and the SRTP session salting key k_s, as below. + // // + // // IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16) + // // sizeof(k_s) = 112 bit, random -// std::cout << "salt:" << std::endl; -// salt_.printHexDump(); -// std::cout << std::endl; + Mpi iv(128); + Mpi salt = Mpi(salt_.getBuf(), salt_.getLength()); + Mpi sid = sender_id; + Mpi seq = seq_nr; - // apply sender id: - for(u_int8_t index = 0; index < sizeof(sender_id); index++) - iv[index+8] = iv[index+8] ^ ((sender_id>>index) & 0xFF); + iv = salt.mul2exp(16) ^ sid.mul2exp(64) ^ seq.mul2exp(16); - // apply seq nr: - for(u_int8_t index = 0; index < sizeof(seq_nr); index++) - iv[index+2] = iv[index+2] ^ ((seq_nr>>index) & 0xFF); - - err = gcry_cipher_setiv( cipher_, iv, 16 ); - if( err ) - { - std::cerr << "Failed to set cipher IV: " << gpg_strerror( err ) << std::endl; + err = gcry_cipher_setiv( cipher_, iv.getBuf().getBuf(), 16 ); + if( err ) { + cLog.msg(Log::PRIO_ERR) << "AesIcmCypher: Failed to set cipher IV: " << gpg_strerror( err ); return Buffer(0); } err = gcry_cipher_reset( cipher_ ); - if( err ) - { - std::cerr << "Failed to reset cipher: " << gpg_strerror( err ) << std::endl; + if( err ) { + cLog.msg(Log::PRIO_ERR) << "AesIcmCypher: Failed to reset cipher: " << gpg_strerror( err ); return Buffer(0); } err = gcry_cipher_encrypt( cipher_, buf, buf.getLength(), 0, 0 ); - if( err ) - { - std::cerr << "Failed to generate cipher bitstream: " << gpg_strerror( err ) << std::endl; + if( err ) { + cLog.msg(Log::PRIO_ERR) << "AesIcmCypher: Failed to generate cipher bitstream: " << gpg_strerror( err ); return Buffer(0); } diff --git a/keyDerivation.cpp b/keyDerivation.cpp index 2c3d84b..c9db305 100644 --- a/keyDerivation.cpp +++ b/keyDerivation.cpp @@ -52,26 +52,26 @@ void KeyDerivation::init(Buffer key, Buffer salt) if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) ) { if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) { - cLog.msg(Log::PRIO_ERR) << "Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION; + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION; return; } // do NOT allocate a pool of secure memory! // this is NOT thread safe! -// /* Allocate a pool of 16k secure memory. This also drops priviliges -// * on some systems. */ -// err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); -// if( err ) -// { -// std::cerr << "Failed to allocate 16k secure memory: " << gpg_strerror( err ) << std::endl; -// return; -// } + // /* Allocate a pool of 16k secure memory. This also drops priviliges + // * on some systems. */ + // err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); + // if( err ) + // { + // std::cerr << "Failed to allocate 16k secure memory: " << gpg_strerror( err ) << std::endl; + // return; + // } /* Tell Libgcrypt that initialization has completed. */ err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); if( err ) { - cLog.msg(Log::PRIO_ERR) << "Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ); + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ); return; } else { cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation::init: libgcrypt init finished"; @@ -80,10 +80,15 @@ void KeyDerivation::init(Buffer key, Buffer salt) err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); if( err ) { - cLog.msg(Log::PRIO_ERR) << "Failed to open cipher: " << gpg_strerror( err ); + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err ); return; } + // FIXXME: hardcoded keysize! + err = gcry_cipher_setkey( cipher_, key.getBuf(), 16 ); + if( err ) + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to set cipher key: " << gpg_strerror( err ); + salt_ = SyncBuffer(salt); } -- cgit v1.2.3