From 0b7b9d4be886f28440ac2a192fe278267e69e072 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 14 Jan 2009 15:58:35 +0000 Subject: ported cipher from uanytun to anytun --- src/anytun.cpp | 23 +------ src/cipher.cpp | 181 ++++++++++++++++++++++++++++++-------------------- src/cipher.h | 65 ++++++++++++------ src/keyDerivation.cpp | 9 ++- src/keyDerivation.h | 6 +- 5 files changed, 164 insertions(+), 120 deletions(-) (limited to 'src') diff --git a/src/anytun.cpp b/src/anytun.cpp index a5f2218..1e54378 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -81,8 +81,6 @@ #include "sysexec.hpp" #define SESSION_KEYLEN_AUTH 20 // TODO: hardcoded size -#define SESSION_KEYLEN_ENCR 16 // TODO: hardcoded size -#define SESSION_KEYLEN_SALT 14 // TODO: hardcoded size void createConnection(const PacketSourceEndpoint & remote_end, window_size_t seqSize, mux_t mux) { @@ -124,8 +122,6 @@ void sender(void* p) PlainPacket plain_packet(MAX_PACKET_LENGTH); EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH); - Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR)); // TODO: hardcoded size - Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT)); // TODO: hardcoded size Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH)); // TODO: hardcoded size //TODO replace mux @@ -177,15 +173,8 @@ void sender(void* p) continue; } - // generate packet-key TODO: do this only when needed - conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key); - conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt); - - c->setKey(session_key); - c->setSalt(session_salt); - // encrypt packet - c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId(), mux); + c->encrypt(conn.kd_, plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId(), mux); encrypted_packet.setHeader(conn.seq_nr_, gOpt.getSenderId(), mux); conn.seq_nr_++; @@ -270,8 +259,6 @@ void receiver(void* p) EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH); PlainPacket plain_packet(MAX_PACKET_LENGTH); - Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR)); // TODO: hardcoded size - Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT)); // TODO: hardcoded size Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH)); // TODO: hardcoded size while(1) @@ -331,14 +318,8 @@ void receiver(void* p) continue; } - // generate packet-key - conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key); - conn.kd_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt); - c->setKey(session_key); - c->setSalt(session_salt); - // decrypt packet - c->decrypt(encrypted_packet, plain_packet); + c->decrypt(conn.kd_, encrypted_packet, plain_packet); // check payload_type if((param->dev.getType() == TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN4 && diff --git a/src/cipher.cpp b/src/cipher.cpp index edfc760..8db6256 100644 --- a/src/cipher.cpp +++ b/src/cipher.cpp @@ -34,42 +34,37 @@ #include #include #include -#ifndef NOCRYPT -#include -#include "mpi.h" -#endif + +#include "endian.h" #include "cipher.h" #include "log.h" - - // TODO: in should be const but does not work with getBuf() :( -void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +void Cipher::encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux); + u_int32_t len = cipher(kd, in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux); out.setSenderId(sender_id); out.setSeqNr(seq_nr); out.setMux(mux); out.setPayloadLength(len); } - // TODO: in should be const but does not work with getBuf() :( -void Cipher::decrypt(EncryptedPacket & in, PlainPacket & out) +void Cipher::decrypt(KeyDerivation& kd, EncryptedPacket & in, PlainPacket & out) { - u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux()); + u_int32_t len = decipher(kd, in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux()); out.setLength(len); } //******* NullCipher ******* -u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +u_int32_t NullCipher::cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { std::memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; } -u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +u_int32_t NullCipher::decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { std::memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; @@ -78,107 +73,147 @@ u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_in #ifndef NOCRYPT //****** AesIcmCipher ****** -AesIcmCipher::AesIcmCipher() : cipher_(NULL) +AesIcmCipher::AesIcmCipher() : key_(u_int32_t(DEFAULT_KEY_LENGTH/8)), salt_(u_int32_t(SALT_LENGTH)) { - // TODO: hardcoded keysize - gcry_error_t err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); - if( err ) { - char buf[STERROR_TEXT_MAX]; - buf[0] = 0; - cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: Failed to open cipher" << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); - } + init(); } - -AesIcmCipher::~AesIcmCipher() +AesIcmCipher::AesIcmCipher(u_int16_t key_length) : key_(u_int32_t(key_length/8)), salt_(u_int32_t(SALT_LENGTH)) { - if(cipher_) - gcry_cipher_close( cipher_ ); + init(key_length); } -void AesIcmCipher::setKey(Buffer& key) +void AesIcmCipher::init(u_int16_t key_length) { - if(!cipher_) +#ifndef USE_SSL_CRYPTO + handle_ = NULL; + int algo; + switch(key_length) { + case 128: algo = GCRY_CIPHER_AES128; break; + case 192: algo = GCRY_CIPHER_AES192; break; + case 256: algo = GCRY_CIPHER_AES256; break; + default: { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: cipher key length of " << key_length << " Bits is not supported"; return; + } + } - gcry_error_t err = gcry_cipher_setkey( cipher_, key.getBuf(), key.getLength() ); + gcry_error_t err = gcry_cipher_open(&handle_, algo, GCRY_CIPHER_MODE_CTR, 0); if( err ) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "AesIcmCipher::setKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); - } + cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: Failed to open cipher" << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + } +#endif } -void AesIcmCipher::setSalt(Buffer& salt) + +AesIcmCipher::~AesIcmCipher() { - salt_ = salt; - if(!salt_[u_int32_t(0)]) - salt_[u_int32_t(0)] = 1; // TODO: this is a outstandingly ugly workaround +#ifndef USE_SSL_CRYPTO + if(handle_) + gcry_cipher_close(handle_); +#endif } -u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +u_int32_t AesIcmCipher::cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - calc(in, ilen, out, olen, seq_nr, sender_id, mux); + calc(kd, in, ilen, out, olen, seq_nr, sender_id, mux); return (ilen < olen) ? ilen : olen; } -u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +u_int32_t AesIcmCipher::decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - calc(in, ilen, out, olen, seq_nr, sender_id, mux); + calc(kd, in, ilen, out, olen, seq_nr, sender_id, mux); return (ilen < olen) ? ilen : olen; } -void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +void AesIcmCipher::calc_ctr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +{ + kd.generate(LABEL_SATP_SALT, seq_nr, salt_); + +#ifdef ANYTUN_02_COMPAT + if(!salt_[int32_t(0)]) + salt_[int32_t(0)] = 1; +#endif + + std::memcpy(ctr_.salt_.buf_, salt_.getBuf(), SALT_LENGTH); + ctr_.salt_.zero_ = 0; + ctr_.params_.mux_ ^= MUX_T_HTON(mux); + ctr_.params_.sender_id_ ^= SENDER_ID_T_HTON(sender_id); + ctr_.params_.seq_nr_ ^= SEQ_NR_T_HTON(seq_nr); + + return; +} + +void AesIcmCipher::calc(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - if(!cipher_) +#ifndef USE_SSL_CRYPTO + if(!handle_) return; +#endif - gcry_error_t err = gcry_cipher_reset( cipher_ ); - if( err ) { + bool result = kd.generate(LABEL_SATP_ENCRYPTION, seq_nr, key_); + if(result) { // a new key got generated +#ifdef USE_SSL_CRYPTO + int ret = AES_set_encrypt_key(key_.getBuf(), key_.getLength()*8, &aes_key_); + if(ret) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")"; + return; + } +#else + gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength()); + if(err) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return; + } + } // no new key got generated + else { + gcry_error_t err = gcry_cipher_reset(handle_); + if(err) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return; + } +#endif + } + + calc_ctr(kd, seq_nr, sender_id, mux); + +#ifndef USE_SSL_CRYPTO + gcry_error_t err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH); + if(err) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); return; } - // set the IV ( = CTR) - //========================================================================== - // // where the 128-bit integer value IV SHALL be defined by the SSRC, the - // // SRTP packet index i, and the SRTP session salting key k_s, as below. - // // - // // IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16) - // // sizeof(k_s) = 112 bit, random - - Mpi ctr(128); // TODO: hardcoded size - Mpi salt(salt_.getBuf(), salt_.getLength()); - Mpi sid_mux(32); - sid_mux = sender_id; - Mpi mux_mpi(32); - mux_mpi = mux; - sid_mux = sid_mux ^ mux_mpi.mul2exp(16); - Mpi seq(32); - seq = seq_nr; - - ctr = salt.mul2exp(16) ^ sid_mux.mul2exp(64) ^ seq.mul2exp(16); // TODO: hardcoded size - - size_t written; - u_int8_t *ctr_buf = ctr.getNewBuf(&written); // TODO: hardcoded size - err = gcry_cipher_setctr( cipher_, ctr_buf, written ); // TODO: hardcoded size - delete[] ctr_buf; - if( err ) { + err = gcry_cipher_encrypt(handle_, out, olen, in, ilen); + if(err) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to de/encrypt packet: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); return; } - - err = gcry_cipher_encrypt( cipher_, out, olen, in, ilen ); - if( err ) { +#else + if(CTR_LENGTH != AES_BLOCK_SIZE) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: size don't fits"; return; } + u_int32_t num = 0; + std::memset(ecount_buf_, 0, AES_BLOCK_SIZE); + AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num); +#endif } #endif diff --git a/src/cipher.h b/src/cipher.h index c49b3fc..f930bc4 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -36,9 +36,14 @@ #include "buffer.h" #include "encryptedPacket.h" #include "plainPacket.h" +#include "keyDerivation.h" #ifndef NOCRYPT +#ifndef USE_SSL_CRYPTO #include +#else +#include +#endif #endif class Cipher @@ -46,29 +51,21 @@ class Cipher public: virtual ~Cipher() {}; - // TODO: in should be const but does not work with getBuf() :( - void encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - void decrypt(EncryptedPacket & in, PlainPacket & out); + void encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + void decrypt(KeyDerivation& kd, EncryptedPacket & in, PlainPacket & out); - virtual void setKey(Buffer& key) = 0; - virtual void setSalt(Buffer& salt) = 0; - protected: - virtual u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; - virtual u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; + virtual u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; + virtual u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; }; //****** NullCipher ****** class NullCipher : public Cipher { -public: - void setKey(Buffer& key) {}; - void setSalt(Buffer& salt) {}; - protected: - u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); }; #ifndef NOCRYPT @@ -78,19 +75,47 @@ class AesIcmCipher : public Cipher { public: AesIcmCipher(); + AesIcmCipher(u_int16_t key_length); ~AesIcmCipher(); - void setKey(Buffer& key); - void setSalt(Buffer& salt); + + static const u_int16_t DEFAULT_KEY_LENGTH = 128; + static const u_int16_t CTR_LENGTH = 16; + static const u_int16_t SALT_LENGTH = 14; protected: - u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); private: - void calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + void init(u_int16_t key_length = DEFAULT_KEY_LENGTH); + + void calc_ctr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + void calc(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - gcry_cipher_hd_t cipher_; +#ifndef USE_SSL_CRYPTO + gcry_cipher_hd_t handle_; +#else + AES_KEY aes_key_; + u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#endif + Buffer key_; Buffer salt_; + + union __attribute__((__packed__)) cipher_aesctr_ctr_union { + u_int8_t buf_[CTR_LENGTH]; + struct __attribute__ ((__packed__)) { + u_int8_t buf_[SALT_LENGTH]; + u_int16_t zero_; + } salt_; + struct __attribute__((__packed__)) { + u_int8_t fill_[SALT_LENGTH - sizeof(mux_t) - sizeof(sender_id_t) - 2 - sizeof(seq_nr_t)]; + mux_t mux_; + sender_id_t sender_id_; + u_int8_t empty_[2]; + seq_nr_t seq_nr_; + u_int16_t zero_; + } params_; + } ctr_; }; #endif diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index ed29fca..0bf74a7 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -53,9 +53,10 @@ void KeyDerivation::setLogKDRate(const u_int8_t log_rate) //****** NullKeyDerivation ****** -void NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) +bool NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) { for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0; + return true; } #ifndef NOCRYPT @@ -102,13 +103,13 @@ void AesIcmKeyDerivation::init(Buffer key, Buffer salt) updateMasterKey(); } -void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) +bool AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) { Lock lock(mutex_); if(!cipher_) { cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: cipher not opened"; - return; + return false; } gcry_error_t err = gcry_cipher_reset( cipher_ ); @@ -158,6 +159,7 @@ void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer char buf[STERROR_TEXT_MAX]; buf[0] = 0; cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to set CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return false; } for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0; @@ -167,6 +169,7 @@ void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer buf[0] = 0; cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); } + return true; } #endif diff --git a/src/keyDerivation.h b/src/keyDerivation.h index 9e8c7b5..6dd8080 100644 --- a/src/keyDerivation.h +++ b/src/keyDerivation.h @@ -60,7 +60,7 @@ public: void setLogKDRate(const u_int8_t ld_rate); virtual void init(Buffer key, Buffer salt) = 0; - virtual void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) = 0; + virtual bool generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) = 0; virtual std::string printType() { return "KeyDerivation"; }; @@ -97,7 +97,7 @@ public: ~NullKeyDerivation() {}; void init(Buffer key, Buffer salt) {}; - void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); + bool generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); std::string printType() { return "NullKeyDerivation"; }; @@ -123,7 +123,7 @@ public: ~AesIcmKeyDerivation(); void init(Buffer key, Buffer salt); - void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); + bool generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); std::string printType() { return "AesIcmKeyDerivation"; }; -- cgit v1.2.3