From f463e79addfe63297d4e44f9da49a30cc56b68c3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 22 Jun 2014 22:11:20 +0000 Subject: added compile switches for libnettle --- src/authAlgo.cpp | 14 ++++++++++++++ src/authAlgo.h | 5 +++++ src/cipher.cpp | 6 ++++++ src/cipher.h | 5 +++++ src/configure | 28 +++++++++++++++++++++++++--- src/cryptinit.hpp | 2 ++ src/keyDerivation.cpp | 21 +++++++++++++++++++++ src/keyDerivation.h | 5 +++++ 8 files changed, 83 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp index 24bb423..0fa4a47 100644 --- a/src/authAlgo.cpp +++ b/src/authAlgo.cpp @@ -57,6 +57,9 @@ Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH) #if defined(USE_SSL_CRYPTO) HMAC_CTX_init(&ctx_); HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { @@ -70,6 +73,9 @@ Sha1AuthAlgo::~Sha1AuthAlgo() { #if defined(USE_SSL_CRYPTO) HMAC_CTX_cleanup(&ctx_); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default if(handle_) { gcry_md_close(handle_); @@ -97,6 +103,10 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) uint8_t hmac[DIGEST_LENGTH]; HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); HMAC_Final(&ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + // TODO: nettle + uint8_t hmac[DIGEST_LENGTH]; + #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { @@ -140,6 +150,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) uint8_t hmac[DIGEST_LENGTH]; HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); HMAC_Final(&ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + // TODO: nettle + uint8_t hmac[DIGEST_LENGTH]; + #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { diff --git a/src/authAlgo.h b/src/authAlgo.h index a9b8051..d58646f 100644 --- a/src/authAlgo.h +++ b/src/authAlgo.h @@ -40,6 +40,8 @@ #if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include #else // USE_GCRYPT is the default #include #endif @@ -99,6 +101,9 @@ public: private: #if defined(USE_SSL_CRYPTO) HMAC_CTX ctx_; +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_md_hd_t handle_; #endif diff --git a/src/cipher.cpp b/src/cipher.cpp index d7cbb5f..c05f249 100644 --- a/src/cipher.cpp +++ b/src/cipher.cpp @@ -163,6 +163,9 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")"; return; } +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { @@ -181,6 +184,9 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* unsigned int num = 0; std::memset(ecount_buf_, 0, AES_BLOCK_SIZE); AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH); if(err) { diff --git a/src/cipher.h b/src/cipher.h index c39f9cb..a9ce59b 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -42,6 +42,8 @@ #if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include #else // USE_GCRYPT is the default #include #endif @@ -101,6 +103,9 @@ private: #if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; uint8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_; #endif diff --git a/src/configure b/src/configure index 27c4890..a8fe6b1 100755 --- a/src/configure +++ b/src/configure @@ -54,6 +54,7 @@ INSTALLEXAMPLES=1 BOOST_PREFIX='' GCRYPT_PREFIX='' +NETTLE_PREFIX='' OPENSSL_PREFIX='' print_usage() { @@ -67,7 +68,9 @@ print_usage() { echo " --no-manpage dont't install manpages" echo " --examplesdir= the path to the examples files (default: $PREFIX/share/examples)" echo " --no-examples dont't install example files" - echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt" + echo " --use-gcrypt use libgcrypt (this is the default)" + echo " --use-nettle use libnettle instead of libgcrypt" + echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" echo " --no-crypto disable crypto at all (only NULL cipher)" echo " --disable-passphrase disable master key and salt passphrase" echo " --enable-passphrase enable master key and salt passphrase" @@ -76,6 +79,7 @@ print_usage() { echo " --cross-prefix= add PREFIX to compiler calls" echo " --with-boost= don't use systemwide boost" echo " --with-gcrypt= don't use systemwide gcrypt" + echo " --with-nettle= don't use systemwide nettle" echo " --with-openssl= don't use systemwide openssl" } @@ -109,6 +113,12 @@ do --no-examples) INSTALLEXAMPLES=0 ;; + --use-gcrypt) + CRYPTO_LIB='gcrypt' + ;; + --use-nettle) + CRYPTO_LIB='nettle' + ;; --use-ssl-crypto) CRYPTO_LIB='ssl' ;; @@ -139,6 +149,9 @@ do --with-gcrypt=*) GCRYPT_PREFIX=${arg#--with-gcrypt=} ;; + --with-nettle=*) + NETTLE_PREFIX=${arg#--with-nettle=} + ;; --with-openssl=*) OPENSSL_PREFIX=${arg#--with-openssl=} ;; @@ -224,7 +237,16 @@ case $CRYPTO_LIB in CXXFLAGS="$CXXFLAGS -I\"$GCRYPT_PREFIX/include\"" LDFLAGS="$LDFLAGS -L\"$GCRYPT_PREFIX/lib\"" fi - echo "using libgcrypt library" + echo "using gcrypt library" + ;; + nettle) + CXXFLAGS=$CXXFLAGS' -DUSE_NETTLE' + LDFLAGS=$LDFLAGS' -lnettle' + if [ -n "$NETTLE_PREFIX" ]; then + CXXFLAGS="$CXXFLAGS -I\"$NETTLE_PREFIX/include\"" + LDFLAGS="$LDFLAGS -L\"$NETTLE_PREFIX/lib\"" + fi + echo "using nettle library" ;; ssl) CXXFLAGS=$CXXFLAGS' -DUSE_SSL_CRYPTO' @@ -233,7 +255,7 @@ case $CRYPTO_LIB in CXXFLAGS="$CXXFLAGS -I\"$OPENSSL_PREFIX/include\"" LDFLAGS="$LDFLAGS -L\"$OPENSSL_PREFIX/lib\"" fi - echo "using ssl crypto library" + echo "using openssl crypto library" ;; none) CXXFLAGS=$CXXFLAGS' -DNO_CRYPT' diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp index e684a13..d57f19e 100644 --- a/src/cryptinit.hpp +++ b/src/cryptinit.hpp @@ -114,6 +114,8 @@ bool initCrypto() #if defined(USE_SSL_CRYPTO) return true; +#elif defined(USE_NETTLE) + return true; #else // USE_GCRYPT is the default return initLibGCrypt(); #endif diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index d462515..8359d79 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -49,6 +49,9 @@ #if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#include #endif #endif @@ -73,6 +76,8 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length) #if defined(USE_SSL_CRYPTO) if(length > SHA256_DIGEST_LENGTH) { +#elif defined(USE_NETTLE) + if(length > SHA256_DIGEST_SIZE) { #else // USE_GCRYPT is the default if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) { #endif @@ -83,6 +88,10 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length) #if defined(USE_SSL_CRYPTO) Buffer digest(uint32_t(SHA256_DIGEST_LENGTH)); SHA256(reinterpret_cast(passphrase.c_str()), passphrase.length(), digest.getBuf()); +#elif defined(USE_NETTLE) + // TODO: nettle + Buffer digest(uint32_t(SHA256_DIGEST_SIZE)); + #else // USE_GCRYPT is the default Buffer digest(static_cast(gcry_md_get_algo_dlen(GCRY_MD_SHA256))); gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length()); @@ -102,6 +111,8 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length) #if defined(USE_SSL_CRYPTO) if(length > SHA_DIGEST_LENGTH) { +#elif defined(USE_NETTLE) + if(length > SHA1_DIGEST_SIZE) { #else // USE_GCRYPT is the default if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) { #endif @@ -112,6 +123,10 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length) #if defined(USE_SSL_CRYPTO) Buffer digest(uint32_t(SHA_DIGEST_LENGTH)); SHA1(reinterpret_cast(passphrase.c_str()), passphrase.length(), digest.getBuf()); +#elif defined(USE_NETTLE) + // TODO: nettle + Buffer digest(uint32_t(SHA1_DIGEST_SIZE)); + #else // USE_GCRYPT is the default Buffer digest(static_cast(gcry_md_get_algo_dlen(GCRY_MD_SHA1))); gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length()); @@ -246,6 +261,9 @@ void AesIcmKeyDerivation::updateMasterKey() return; } } +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default int algo; switch(key_length_) { @@ -329,6 +347,9 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_ std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE); std::memset(key.getBuf(), 0, key.getLength()); AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(handle_[dir]); if(err) { diff --git a/src/keyDerivation.h b/src/keyDerivation.h index 7f0c137..3acd475 100644 --- a/src/keyDerivation.h +++ b/src/keyDerivation.h @@ -43,6 +43,8 @@ #if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include #else // USE_GCRYPT is the default #include #endif @@ -173,6 +175,9 @@ private: #if defined(USE_SSL_CRYPTO) AES_KEY aes_key_[2]; uint8_t ecount_buf_[2][AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_[2]; #endif -- cgit v1.2.3