From dfcaa991d38e5a513b6c56aa497891e788390b60 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 15 Jan 2009 01:45:45 +0000 Subject: add multi kd support --- src/Makefile | 3 +- src/keyDerivation.cpp | 82 +++++++++++++++++++++++++++------------------------ src/keyDerivation.h | 8 ++--- 3 files changed, 50 insertions(+), 43 deletions(-) (limited to 'src') diff --git a/src/Makefile b/src/Makefile index 64dd5b8..e4bb487 100644 --- a/src/Makefile +++ b/src/Makefile @@ -32,9 +32,10 @@ TARGET=$(shell uname -s) CC = gcc CFLAGS = -g CXX = g++ -CXXFLAGS = -g -Wall -O2 +CXXFLAGS = -g -Wall -O2 #-DUSE_SSL_CRYPTO LD = g++ LDFLAGS = -g -Wall -O2 -lboost_thread -lgcrypt -lgpg-error -lboost_serialization -lboost_system +#LDFLAGS = -g -Wall -O2 -lboost_thread -lcrypto -lboost_serialization -lboost_system ifeq ($(TARGET),Linux) CFLAGS += -D_XOPEN_SOURCE=600 diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index 459d6c9..46c1568 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -63,14 +63,16 @@ bool NullKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t seq_ AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH) { #ifndef USE_SSL_CRYPTO - handle_ = NULL; + for(int i=0; i<2; i++) + handle_[i] = NULL; #endif } AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(key_length) { #ifndef USE_SSL_CRYPTO - handle_ = NULL; + for(int i=0; i<2; i++) + handle_[i] = NULL; #endif } @@ -78,8 +80,9 @@ AesIcmKeyDerivation::~AesIcmKeyDerivation() { WritersLock lock(mutex_); #ifndef USE_SSL_CRYPTO - if(handle_) - gcry_cipher_close(handle_); + for(int i=0; i<2; i++) + if(handle_[i]) + gcry_cipher_close(handle_[i]); #endif } @@ -123,31 +126,35 @@ void AesIcmKeyDerivation::updateMasterKey() } } - if(handle_) - gcry_cipher_close(handle_); - - gcry_error_t err = gcry_cipher_open(&handle_, algo, GCRY_CIPHER_MODE_CTR, 0); - if(err) { - char buf[STERROR_TEXT_MAX]; - buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to open cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); - return; - } - - err = gcry_cipher_setkey(handle_, master_key_.getBuf(), master_key_.getLength()); - if(err) { - char buf[STERROR_TEXT_MAX]; - buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); - return; + for(int i=0; i<2; i++) { + if(handle_[i]) + gcry_cipher_close(handle_[i]); + + gcry_error_t err = gcry_cipher_open(&handle_[i], algo, GCRY_CIPHER_MODE_CTR, 0); + if(err) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to open cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return; + } + + err = gcry_cipher_setkey(handle_[i], master_key_.getBuf(), master_key_.getLength()); + if(err) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return; + } } #else - int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_); - if(ret) { - char buf[STERROR_TEXT_MAX]; - buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")"; - return; + for(int i=0; i<2; i++) { + int ret = AES_set_encrypt_key(master_key_.getBuf(), master_key_.getLength()*8, &aes_key_[i]); + if(ret) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set ssl key (code: " << ret << ")"; + return; + } } #endif } @@ -179,18 +186,17 @@ bool AesIcmKeyDerivation::calcCtr(kd_dir dir, seq_nr_t* r, satp_prf_label label, cLog.msg(Log::PRIO_CRIT) << "KeyDerivation::calcCtr: salt lengths don't match"; return false; } - memcpy(ctr_.salt_.buf_, master_salt_.getBuf(), SALT_LENGTH); - ctr_.salt_.zero_ = 0; - ctr_.params_.label_ ^= label; - ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r); + memcpy(ctr_[dir].salt_.buf_, master_salt_.getBuf(), SALT_LENGTH); + ctr_[dir].salt_.zero_ = 0; + ctr_[dir].params_.label_ ^= label; + ctr_[dir].params_.r_ ^= SEQ_NR_T_HTON(*r); return true; } bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t seq_nr, Buffer& key) { -// ReadersLock lock(mutex_); - WritersLock lock(mutex_); + ReadersLock lock(mutex_); seq_nr_t r; calcCtr(dir, &r, label, seq_nr); @@ -208,14 +214,14 @@ bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t se #ifndef USE_SSL_CRYPTO - gcry_error_t err = gcry_cipher_reset(handle_); + gcry_error_t err = gcry_cipher_reset(handle_[dir]); if(err) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); } - err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH); + err = gcry_cipher_setctr(handle_[dir], ctr_[dir].buf_, CTR_LENGTH); if(err) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; @@ -224,7 +230,7 @@ bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t se } std::memset(key.getBuf(), 0, key.getLength()); - err = gcry_cipher_encrypt(handle_, key, key.getLength(), NULL, 0); + err = gcry_cipher_encrypt(handle_[dir], key, key.getLength(), NULL, 0); if(err) { char buf[STERROR_TEXT_MAX]; buf[0] = 0; @@ -239,9 +245,9 @@ bool AesIcmKeyDerivation::generate(kd_dir dir, satp_prf_label label, seq_nr_t se return false; } u_int32_t num = 0; - std::memset(ecount_buf_, 0, AES_BLOCK_SIZE); + std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE); std::memset(key.getBuf(), 0, key.getLength()); - AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_, ctr_.buf_, ecount_buf_, &num); + AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num); #endif // TODO: store key if key derivation rate is != 0 diff --git a/src/keyDerivation.h b/src/keyDerivation.h index 6b20983..621bb36 100644 --- a/src/keyDerivation.h +++ b/src/keyDerivation.h @@ -156,10 +156,10 @@ private: } #ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; + gcry_cipher_hd_t handle_[2]; #else - AES_KEY aes_key_; - u_int8_t ecount_buf_[AES_BLOCK_SIZE]; + AES_KEY aes_key_[2]; + u_int8_t ecount_buf_[2][AES_BLOCK_SIZE]; #endif union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { @@ -184,7 +184,7 @@ private: u_int16_t zero_; } params_; #endif - } ctr_; + } ctr_[2]; }; #endif -- cgit v1.2.3