From c01ff56f61b28d0a909f46b95182b5a26aaa6cd3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 4 Feb 2008 20:34:37 +0000 Subject: fixed bug @ sync key gets updatet @ sync --- keyDerivation.cpp | 67 +++++++++++++++---------------------------------------- 1 file changed, 18 insertions(+), 49 deletions(-) (limited to 'keyDerivation.cpp') diff --git a/keyDerivation.cpp b/keyDerivation.cpp index 911ea87..893825c 100644 --- a/keyDerivation.cpp +++ b/keyDerivation.cpp @@ -41,55 +41,37 @@ #include -const char* KeyDerivation::MIN_GCRYPT_VERSION = "1.2.3"; - void KeyDerivation::init(Buffer key, Buffer salt) { Lock lock(mutex_); gcry_error_t err; - // No other library has already initialized libgcrypt. - if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) ) - { - if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) { - cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION; - return; - } - - // do NOT allocate a pool of secure memory! - // this is NOT thread safe! - - /* Allocate a pool of 16k secure memory. This also drops priviliges - * on some systems. */ - err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0); - if( err ) - { - cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err ); - return; - } - - /* Tell Libgcrypt that initialization has completed. */ - err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); - if( err ) { - cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ); - return; - } else { - cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation::init: libgcrypt init finished"; - } - } - + // TODO: hardcoded keysize! err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); if( err ) { cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err ); return; } - // FIXXME: hardcoded keysize! - err = gcry_cipher_setkey( cipher_, key.getBuf(), 16 ); + salt_ = SyncBuffer(salt); + key_ = SyncBuffer(key); + + updateKey(); +} + +void KeyDerivation::updateKey() +{ + gcry_error_t err; + + err = gcry_cipher_setkey( cipher_, key_.getBuf(), key_.getLength() ); if( err ) cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to set cipher key: " << gpg_strerror( err ); +} - salt_ = SyncBuffer(salt); +KeyDerivation::~KeyDerivation() +{ + Lock lock(mutex_); + gcry_cipher_close( cipher_ ); } void KeyDerivation::setLogKDRate(const uint8_t log_rate) @@ -99,7 +81,6 @@ void KeyDerivation::setLogKDRate(const uint8_t log_rate) ld_kdr_ = log_rate; } - void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, u_int32_t length) { ////Lock lock(mutex_); @@ -120,7 +101,7 @@ void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, if( ld_kdr_ == -1 ) // means key_derivation_rate = 0 r = 0; else - // FIXXME: kdr can be greater than 2^32 (= 2^48) + // TODO: kdr can be greater than 2^32 (= 2^48) r = static_cast(seq_nr / ( 0x01 << ld_kdr_ )); r = r.mul2exp(8); @@ -144,15 +125,3 @@ void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, if( err ) cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err ); } - - -void KeyDerivation::clear() -{ - Lock lock(mutex_); - gcry_cipher_close( cipher_ ); -} - -u_int32_t KeyDerivation::bufferGetLength() const -{ - return salt_.getLength(); -} -- cgit v1.2.3