refactored crypto lib selection

author: Christian Pointner <equinox@anytun.org> 2014-06-21 16:48:26 +0000
committer: Christian Pointner <equinox@anytun.org> 2014-06-21 16:48:26 +0000
commit: e8c117aa01ac48fa2cf022810543bd97a0e44e57 (patch)
tree: 2512d1d438fe4639ce51a3e867c54926fe9fcb29
parent: added branch for new crypto library (diff)
8 files changed, 98 insertions, 97 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index e9b6d0f..8ee3f49 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -154,15 +154,15 @@ int auth_algo_sha1_init(auth_algo_t* aa)
 
   auth_algo_sha1_param_t* params = aa->params_;
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+  HMAC_CTX_init(&params->ctx_);
+  HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
     log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err));
     return -1;
   }
-#else
-  HMAC_CTX_init(&params->ctx_);
-  HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
 #endif
 
   return 0;
@@ -176,11 +176,11 @@ void auth_algo_sha1_close(auth_algo_t* aa)
   if(aa->params_) {
     auth_algo_sha1_param_t* params = aa->params_;
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+    HMAC_CTX_cleanup(&params->ctx_);
+#else  // USE_GCRYPT is the default
     if(params->handle_)
       gcry_md_close(params->handle_);
-#else
-    HMAC_CTX_cleanup(&params->ctx_);
 #endif
 
     free(aa->params_);
@@ -207,7 +207,13 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   if(ret < 0)
     return;
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
+  u_int8_t hmac[SHA1_LENGTH];
+  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+  HMAC_Final(&params->ctx_, hmac, NULL);
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
@@ -218,12 +224,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
   u_int8_t* hmac = gcry_md_read(params->handle_, 0);
-#else
-  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
-
-  u_int8_t hmac[SHA1_LENGTH];
-  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
-  HMAC_Final(&params->ctx_, hmac, NULL);
 #endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
@@ -255,7 +255,13 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   if(ret < 0)
     return 0;
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
+  u_int8_t hmac[SHA1_LENGTH];
+  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+  HMAC_Final(&params->ctx_, hmac, NULL);
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
@@ -266,12 +272,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
   u_int8_t* hmac = gcry_md_read(params->handle_, 0);
-#else
-  HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
-
-  u_int8_t hmac[SHA1_LENGTH];
-  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
-  HMAC_Final(&params->ctx_, hmac, NULL);
 #endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
diff --git a/src/auth_algo.h b/src/auth_algo.h
index c3caaa6..2c20410 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -36,10 +36,10 @@
 #ifndef UANYTUN_auth_algo_h_INCLUDED
 #define UANYTUN_auth_algo_h_INCLUDED
 
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#ifdef USE_SSL_CRYPTO
 #include <openssl/hmac.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>
 #endif
 #include "key_derivation.h"
 #include "encrypted_packet.h"
@@ -66,10 +66,10 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di
 #define SHA1_LENGTH 20
 
 struct auth_algo_sha1_param_struct {
-#ifndef USE_SSL_CRYPTO
-  gcry_md_hd_t handle_;
-#else
+#ifdef USE_SSL_CRYPTO
   HMAC_CTX ctx_;
+#else  // USE_GCRYPT is the default
+  gcry_md_hd_t handle_;
 #endif
 };
 typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
diff --git a/src/cipher.c b/src/cipher.c
index 6f08eef..03449a0 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -210,7 +210,7 @@ int cipher_aesctr_init(cipher_t* c)
   if(!c->params_)
     return -2;
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
   int algo;
   switch(c->key_length_) {
   case 128: algo = GCRY_CIPHER_AES128; break;
@@ -239,7 +239,7 @@ void cipher_aesctr_close(cipher_t* c)
     return;
 
   if(c->params_) {
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
     cipher_aesctr_param_t* params = c->params_;
     gcry_cipher_close(params->handle_);
 #endif
@@ -288,10 +288,10 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
 #ifdef USE_SSL_CRYPTO
   ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, &params->aes_key_);
   if(ret) {
-    log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret);
+    log_printf(ERROR, "failed to set cipher key (code: %d)", ret);
     return -1;
   }
-#else
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
   if(err) {
     log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err));
@@ -305,7 +305,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
     return ret;
   }
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+  if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+    log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
+    return -1;
+  }
+  u_int32_t num = 0;
+  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+#else  // USE_GCRYPT is the default
   err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH);
   if(err) {
     log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err));
@@ -317,14 +325,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
     log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err));
     return -1;
   }
-#else
-  if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
-    log_printf(ERROR, "failed to set cipher CTR: size don't fits");
-    return -1;
-  }
-  u_int32_t num = 0;
-  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
-  AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
 #endif
 
   return (ilen < olen) ? ilen : olen;
diff --git a/src/cipher.h b/src/cipher.h
index 5758fde..d4506d4 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -38,9 +38,9 @@
 
 #ifndef NO_CRYPT
 #ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
 #include <openssl/aes.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>
 #endif
 #include "key_derivation.h"
 #else
@@ -94,11 +94,11 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union {
 typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t;
 
 struct cipher_aesctr_param_struct {
-#ifndef USE_SSL_CRYPTO
-  gcry_cipher_hd_t handle_;
-#else
+#ifdef USE_SSL_CRYPTO
   AES_KEY aes_key_;
   u_int8_t ecount_buf_[AES_BLOCK_SIZE];
+#else  // USE_GCRYPT is the default
+  gcry_cipher_hd_t handle_;
 #endif
   cipher_aesctr_ctr_t ctr_;
 };
diff --git a/src/configure b/src/configure
index 2d753eb..f764f89 100755
--- a/src/configure
+++ b/src/configure
@@ -169,6 +169,7 @@ esac
 
 case $CRYPTO_LIB in
   gcrypt)
+    CFLAGS=$CFLAGS' -DUSE_GCRYPT'
     LDFLAGS=$LDFLAGS' -lgcrypt'
     echo "using libgcrypt library"
   ;;
diff --git a/src/init_crypt.h b/src/init_crypt.h
index 314ebc5..47688c7 100644
--- a/src/init_crypt.h
+++ b/src/init_crypt.h
@@ -48,7 +48,15 @@ int init_crypt()
 #else
 
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+
+int init_crypt()
+{
+// nothing here
+  return 0;
+}
+
+#else  // USE_GCRYPT is the default
 
 #include <gcrypt.h>
 
@@ -77,14 +85,6 @@ int init_crypt()
   return 0;
 }
 
-#else
-
-int init_crypt()
-{
-// nothing here
-  return 0;
-}
-
 #endif
 
 
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 3ba0656..7bd4d6e 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -135,30 +135,30 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr
     return -1;
   }
 
-#ifndef USE_SSL_CRYPTO
-  if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) {
-#else
+#ifdef USE_SSL_CRYPTO
   if(key_length > (SHA256_DIGEST_LENGTH * 8)) {
+#else  // USE_GCRYPT is the default
+  if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) {
 #endif
     log_printf(ERROR, "master key too long for passphrase algorithm");
     return -1;
   }
 
   buffer_t digest;
-#ifndef USE_SSL_CRYPTO
-  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
-#else
+#ifdef USE_SSL_CRYPTO
   digest.length_ = SHA256_DIGEST_LENGTH;
+#else  // USE_GCRYPT is the default
+  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
 #endif
   digest.buf_ = malloc(digest.length_);
   if(!digest.buf_)
     return -2;
 
 
-#ifndef USE_SSL_CRYPTO
-  gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));
-#else
+#ifdef USE_SSL_CRYPTO
   SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
+#else  // USE_GCRYPT is the default
+  gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));
 #endif
 
   kd->master_key_.length_ = key_length/8;
@@ -191,29 +191,29 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
     return -1;
   }
 
-#ifndef USE_SSL_CRYPTO
-  if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) {
-#else
+#ifdef USE_SSL_CRYPTO
   if(salt_length > (SHA_DIGEST_LENGTH * 8)) {
+#else  // USE_GCRYPT is the default
+  if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) {
 #endif
     log_printf(ERROR, "master salt too long for passphrase algorithm");
     return -1;
   }
 
   buffer_t digest;
-#ifndef USE_SSL_CRYPTO
-  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
-#else
+#ifdef USE_SSL_CRYPTO
   digest.length_ = SHA_DIGEST_LENGTH;
+#else  // USE_GCRYPT is the default
+  digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
 #endif
   digest.buf_ = malloc(digest.length_);
   if(!digest.buf_)
     return -2;
 
-#ifndef USE_SSL_CRYPTO
-  gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));
-#else
+#ifdef USE_SSL_CRYPTO
   SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
+#else  // USE_GCRYPT is the default
+  gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));
 #endif
 
   kd->master_salt_.length_ = salt_length/8;
@@ -330,7 +330,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
     return -2;
 
   key_derivation_aesctr_param_t* params = kd->params_;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
   params->handle_ = 0;
 #endif
 
@@ -345,7 +345,13 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
   }
 #endif
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+  int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, &params->aes_key_);
+  if(ret) {
+    log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret);
+    return -1;
+  }
+#else  // USE_GCRYPT is the default
   int algo;
   switch(kd->key_length_) {
   case 128: algo = GCRY_CIPHER_AES128; break;
@@ -368,12 +374,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
     log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err));
     return -1;
   }
-#else
-  int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, &params->aes_key_);
-  if(ret) {
-    log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret);
-    return -1;
-  }
 #endif
 
   return 0;
@@ -385,7 +385,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd)
     return;
 
   if(kd->params_) {
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
     key_derivation_aesctr_param_t* params = kd->params_;
     if(params->handle_)
       gcry_cipher_close(params->handle_);
@@ -428,7 +428,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
     return -1;
   }
 
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+  if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+    log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
+    return -1;
+  }
+  u_int32_t num = 0;
+  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+  memset(key, 0, len);
+  AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+#else  // USE_GCRYPT is the default
   gcry_error_t err = gcry_cipher_reset(params->handle_);
   if(err) {
     log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err));
@@ -447,15 +456,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
     log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err));
     return -1;
   }
-#else
-  if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
-    log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
-    return -1;
-  }
-  u_int32_t num = 0;
-  memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
-  memset(key, 0, len);
-  AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
 #endif
 
   return 0;
diff --git a/src/key_derivation.h b/src/key_derivation.h
index 19fd88b..0d3c93f 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -36,10 +36,10 @@
 #ifndef UANYTUN_key_derivation_h_INCLUDED
 #define UANYTUN_key_derivation_h_INCLUDED
 
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#ifdef USE_SSL_CRYPTO
 #include <openssl/aes.h>
+#else  // USE_GCRYPT is the default
+#include <gcrypt.h>
 #endif
 
 #include "options.h"
@@ -103,11 +103,11 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
 typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
 
 struct key_derivation_aesctr_param_struct {
-#ifndef USE_SSL_CRYPTO
-  gcry_cipher_hd_t handle_;
-#else
+#ifdef USE_SSL_CRYPTO
   AES_KEY aes_key_;
   u_int8_t ecount_buf_[AES_BLOCK_SIZE];
+#else  // USE_GCRYPT is the default
+  gcry_cipher_hd_t handle_;
 #endif
   key_derivation_aesctr_ctr_t ctr_;
 };
author	Christian Pointner <equinox@anytun.org>	2014-06-21 16:48:26 +0000
committer	Christian Pointner <equinox@anytun.org>	2014-06-21 16:48:26 +0000
commit	e8c117aa01ac48fa2cf022810543bd97a0e44e57 (patch)
tree	2512d1d438fe4639ce51a3e867c54926fe9fcb29
parent	added branch for new crypto library (diff)