summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-03 09:43:52 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-03 09:43:52 +0000
commit21da0480588007dc30ae5d19dba8dcfc1c22c20e (patch)
tree541841f2afe65028db987d0f2bc31463ef8353b8
parentupdated manpage (diff)
some cleanup @ cipher, auth_algo and key derivation
-rw-r--r--src/auth_algo.c53
-rw-r--r--src/cipher.c103
-rw-r--r--src/cipher.h8
-rw-r--r--src/key_derivation.c20
-rw-r--r--src/key_derivation.h2
5 files changed, 96 insertions, 90 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index 4f91338..31a92bf 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -124,6 +124,14 @@ int auth_algo_sha1_init(auth_algo_t* aa)
if(!aa)
return -1;
+ if(aa->key_.buf_)
+ free(aa->key_.buf_);
+
+ aa->key_.length_ = SHA1_LENGTH;
+ aa->key_.buf_ = malloc(aa->key_.length_);
+ if(!aa->key_.buf_)
+ return -2;
+
gcry_error_t err = gcry_md_open(&aa->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
log_printf(ERR, "failed to open message digest algo: %s/%s", gcry_strerror(err), gcry_strsource(err));
@@ -154,29 +162,20 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
return;
}
-
- if(!aa->key_.buf_) {
- aa->key_.length_ = SHA1_LENGTH;
- aa->key_.buf_ = malloc(aa->key_.length_);
- if(!aa->key_.buf_) {
- log_printf(ERR, "memory error at auth algo generate");
- return;
- }
- }
-
int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return;
- gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_);
- if(err) {
- log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err));
- return;
- }
+ if(ret) { // a new key got generated
+ gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_);
+ if(err) {
+ log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err));
+ return;
+ }
+ }
encrypted_packet_add_auth_tag(packet);
gcry_md_reset(aa->handle_);
-
gcry_md_write(aa->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(aa->handle_);
@@ -202,26 +201,18 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
return 0;
}
- if(!aa->key_.buf_) {
- aa->key_.length_ = SHA1_LENGTH;
- aa->key_.buf_ = malloc(aa->key_.length_);
- if(!aa->key_.buf_) {
- log_printf(ERR, "memory error at auth algo check tag");
- return;
- }
- }
-
int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return 0;
- gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_);
- if(err) {
- log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err));
- return;
- }
+ if(ret) { // a new key got generated
+ gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_);
+ if(err) {
+ log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err));
+ return;
+ }
+ }
gcry_md_reset(aa->handle_);
-
gcry_md_write(aa->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(aa->handle_);
diff --git a/src/cipher.c b/src/cipher.c
index f640d6d..f1a4bf4 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -106,12 +106,12 @@ void cipher_close(cipher_t* c)
}
-void cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c)
- return;
+ return -1;
- u_int32_t len;
+ int32_t len;
if(c->type_ == c_null)
len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in),
encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out));
@@ -121,22 +121,27 @@ void cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encry
seq_nr, sender_id, mux);
else {
log_printf(ERR, "unknown cipher type");
- return;
+ return -1;
}
+ if(len < 0)
+ return 0;
+
encrypted_packet_set_sender_id(out, sender_id);
encrypted_packet_set_seq_nr(out, seq_nr);
encrypted_packet_set_mux(out, mux);
encrypted_packet_set_payload_length(out, len);
+
+ return 0;
}
-void cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out)
+int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out)
{
if(!c)
- return;
+ return -1;
- u_int32_t len;
+ int32_t len;
if(c->type_ == c_null)
len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
plain_packet_get_packet(out), plain_packet_get_length(out));
@@ -147,15 +152,20 @@ void cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, p
encrypted_packet_get_mux(in));
else {
log_printf(ERR, "unknown cipher type");
- return;
+ return -1;
}
+ if(len < 0)
+ return 0;
+
plain_packet_set_length(out, len);
+
+ return 0;
}
/* ---------------- NULL Cipher ---------------- */
-u_int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen)
+int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen)
{
memcpy(out, in, (ilen < olen) ? ilen : olen);
return (ilen < olen) ? ilen : olen;
@@ -168,6 +178,22 @@ int cipher_aesctr_init(cipher_t* c)
if(!c)
return -1;
+ if(c->key_.buf_)
+ free(c->key_.buf_);
+
+ c->key_.length_ = c->key_length_/8;
+ c->key_.buf_ = malloc(c->key_.length_);
+ if(!c->key_.buf_)
+ return -2;
+
+ if(c->salt_.buf_)
+ free(c->salt_.buf_);
+
+ c->salt_.length_ = 14;
+ c->salt_.buf_ = malloc(c->salt_.length_);
+ if(!c->salt_.buf_)
+ return -2;
+
int algo;
switch(c->key_length_) {
case 128: algo = GCRY_CIPHER_AES128; break;
@@ -179,7 +205,7 @@ int cipher_aesctr_init(cipher_t* c)
}
}
- gcry_error_t err = gcry_cipher_open( &c->handle_, algo, GCRY_CIPHER_MODE_CTR, 0 );
+ gcry_error_t err = gcry_cipher_open(&c->handle_, algo, GCRY_CIPHER_MODE_CTR, 0);
if(err) {
log_printf(ERR, "failed to open cipher: %s/%s", gcry_strerror(err), gcry_strsource(err));
return -1;
@@ -206,14 +232,6 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_
if(!c)
return result;
- if(!c->salt_.buf_) {
- c->salt_.length_ = 14;
- c->salt_.buf_ = malloc(c->salt_.length_);
- if(!c->salt_.buf_) {
- log_printf(ERR, "memory error aes-ctr calc ctr");
- return result;
- }
- }
int ret = key_derivation_generate(kd, LABEL_SATP_SALT, seq_nr, c->salt_.buf_, c->salt_.length_);
if(ret < 0)
return result;
@@ -259,54 +277,53 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_
return result;
}
-u_int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
- if(!c) {
- log_printf(ERR, "cipher not initialized");
- return 0;
- }
+ if(!c)
+ return -1;
+
if(!kd) {
log_printf(ERR, "no key derivation supplied");
- return 0;
- }
-
-
- if(!c->key_.buf_) {
- c->key_.length_ = c->key_length_/8;
- c->key_.buf_ = malloc(c->key_.length_);
- if(!c->key_.buf_) {
- log_printf(ERR, "memory error aes-ctr crypt");
- return 0;
- }
+ return -1;
}
int ret = key_derivation_generate(kd, LABEL_SATP_ENCRYPTION, seq_nr, c->key_.buf_, c->key_.length_);
if(ret < 0)
- return 0;
+ return ret;
- gcry_error_t err = gcry_cipher_setkey(c->handle_, c->key_.buf_, c->key_.length_);
- if(err) {
- log_printf(ERR, "failed to set cipher key: %s/%s", gcry_strerror(err), gcry_strsource(err));
- return 0;
+ gcry_error_t err;
+ if(ret) { // a new key got generated
+ err = gcry_cipher_setkey(c->handle_, c->key_.buf_, c->key_.length_);
+ if(err) {
+ log_printf(ERR, "failed to set cipher key: %s/%s", gcry_strerror(err), gcry_strsource(err));
+ return -1;
+ }
+ } // no new key got generated
+ else {
+ err = gcry_cipher_reset(c->handle_);
+ if(err) {
+ log_printf(ERR, "failed to reset cipher: %s/%s", gcry_strerror(err), gcry_strsource(err));
+ return -1;
+ }
}
buffer_t ctr = cipher_aesctr_calc_ctr(c, kd, seq_nr, sender_id, mux);
if(!ctr.buf_) {
log_printf(ERR, "failed to calculate cipher CTR");
- return 0;
+ return -1;
}
err = gcry_cipher_setctr(c->handle_, ctr.buf_, ctr.length_);
free(ctr.buf_);
if(err) {
log_printf(ERR, "failed to set cipher CTR: %s/%s", gcry_strerror(err), gcry_strsource(err));
- return 0;
+ return -1;
}
err = gcry_cipher_encrypt(c->handle_, out, olen, in, ilen);
if(err) {
- log_printf(ERR, "failed to generate cipher bitstream: %s/%s", gcry_strerror(err), gcry_strsource(err));
- return 0;
+ log_printf(ERR, "failed to de/encrypt packet: %s/%s", gcry_strerror(err), gcry_strsource(err));
+ return -1;
}
return (ilen < olen) ? ilen : olen;
diff --git a/src/cipher.h b/src/cipher.h
index 9406761..5b750b9 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -53,14 +53,14 @@ typedef struct cipher_struct cipher_t;
int cipher_init(cipher_t* c, const char* type);
void cipher_close(cipher_t* c);
-void cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-void cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out);
+int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out);
-u_int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
+int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
int cipher_aesctr_init(cipher_t* c);
void cipher_aesctr_close(cipher_t* c);
buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-u_int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
#endif
diff --git a/src/key_derivation.c b/src/key_derivation.c
index c14db40..dbbd1d2 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -102,7 +102,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u
int ret = 0;
if(kd->type_ == kd_aes_ctr)
- ret = key_derivation_aesctr_init(kd, kd->key_length_);
+ ret = key_derivation_aesctr_init(kd);
if(ret)
key_derivation_close(kd);
@@ -157,23 +157,23 @@ int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr
int key_derivation_null_generate(u_int8_t* key, u_int32_t len)
{
memset(key, 0, len);
- return 0;
+ return 1;
}
/* ---------------- AES-Ctr Key Derivation ---------------- */
-int key_derivation_aesctr_init(key_derivation_t* kd, u_int16_t key_length)
+int key_derivation_aesctr_init(key_derivation_t* kd)
{
if(!kd)
return -1;
int algo;
- switch(key_length) {
+ switch(kd->key_length_) {
case 128: algo = GCRY_CIPHER_AES128; break;
case 192: algo = GCRY_CIPHER_AES192; break;
case 256: algo = GCRY_CIPHER_AES256; break;
default: {
- log_printf(ERR, "key derivation key length of %d Bits is not supported", key_length);
+ log_printf(ERR, "key derivation key length of %d Bits is not supported", kd->key_length_);
return -1;
}
}
@@ -309,18 +309,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label,
if(!kd->key_store_[label].key_.buf_) {
kd->key_store_[label].key_.length_ = 0;
kd->key_store_[label].key_.buf_ = malloc(len);
- if(!kd->key_store_[label].key_.buf_) {
- log_printf(ERR, "memory error at key derivation");
+ if(!kd->key_store_[label].key_.buf_)
return -2;
- }
+
kd->key_store_[label].key_.length_ = len;
}
else if(kd->key_store_[label].key_.length_ < len) {
u_int8_t* tmp = realloc(kd->key_store_[label].key_.buf_, len);
- if(!tmp) {
- log_printf(ERR, "memory error at key derivation");
+ if(!tmp)
return -2;
- }
+
kd->key_store_[label].key_.buf_ = tmp;
kd->key_store_[label].key_.length_ = len;
}
diff --git a/src/key_derivation.h b/src/key_derivation.h
index d8f49c6..f21cd9e 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -71,7 +71,7 @@ int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr
int key_derivation_null_generate(u_int8_t* key, u_int32_t len);
-int key_derivation_aesctr_init(key_derivation_t* kd, u_int16_t key_length);
+int key_derivation_aesctr_init(key_derivation_t* kd);
void key_derivation_aesctr_close(key_derivation_t* kd);
int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_t* result, satp_prf_label_t label, seq_nr_t seq_nr);
int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);