diff options
author | Christian Pointner <equinox@anytun.org> | 2014-06-21 19:46:49 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2014-06-21 19:46:49 +0000 |
commit | 49b279e8d329a21cbc120186dd25852f302c02a3 (patch) | |
tree | 6b26bf687a2e6fb22f57db12b7b14ea70a91a210 | |
parent | implemented auth tag with nettle (not tested yet) (diff) |
implemented key derivation in nettle
fixed key length for cipher
-rw-r--r-- | src/cipher.c | 2 | ||||
-rw-r--r-- | src/key_derivation.c | 24 | ||||
-rw-r--r-- | src/key_derivation.h | 3 |
3 files changed, 18 insertions, 11 deletions
diff --git a/src/cipher.c b/src/cipher.c index bf9ac25..9afd84a 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -303,7 +303,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return -1; } #elif defined(USE_NETTLE) - aes_set_encrypt_key(¶ms->ctx_, c->key_length_, c->key_.buf_); + aes_set_encrypt_key(¶ms->ctx_, c->key_.length_, c->key_.buf_); #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { diff --git a/src/key_derivation.c b/src/key_derivation.c index 998c10b..75ce4a5 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -42,6 +42,7 @@ #elif defined(USE_NETTLE) #include <nettle/sha1.h> #include <nettle/sha2.h> +#include <nettle/ctr.h> #endif #include "log.h" @@ -165,8 +166,10 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr #if defined(USE_SSL_CRYPTO) SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); #elif defined(USE_NETTLE) - // TODO: nettle - + struct sha256_ctx ctx; + sha256_init(&ctx); + sha256_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha256_digest(&ctx, digest.length_, digest.buf_); #else // USE_GCRYPT is the default gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif @@ -227,8 +230,10 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph #if defined(USE_SSL_CRYPTO) SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); #elif defined(USE_NETTLE) - // TODO: nettle - + struct sha1_ctx ctx; + sha1_init(&ctx); + sha1_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha1_digest(&ctx, digest.length_, digest.buf_); #else // USE_GCRYPT is the default gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif @@ -369,8 +374,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) return -1; } #elif defined(USE_NETTLE) - // TODO: nettle - + aes_set_encrypt_key(¶ms->ctx_, kd->master_key_.length_, kd->master_key_.buf_); #else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { @@ -458,8 +462,12 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di memset(key, 0, len); AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #elif defined(USE_NETTLE) - // TODO: nettle - + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + memset(key, 0, len); + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, len, key, key); #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { diff --git a/src/key_derivation.h b/src/key_derivation.h index 01c9a26..df97765 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -109,8 +109,7 @@ struct key_derivation_aesctr_param_struct { AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; #elif defined(USE_NETTLE) - // TODO: nettle - + struct aes_ctx ctx_; #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_; #endif |