summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/cipher.c2
-rw-r--r--src/key_derivation.c24
-rw-r--r--src/key_derivation.h3
3 files changed, 18 insertions, 11 deletions
diff --git a/src/cipher.c b/src/cipher.c
index bf9ac25..9afd84a 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -303,7 +303,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
return -1;
}
#elif defined(USE_NETTLE)
- aes_set_encrypt_key(&params->ctx_, c->key_length_, c->key_.buf_);
+ aes_set_encrypt_key(&params->ctx_, c->key_.length_, c->key_.buf_);
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
if(err) {
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 998c10b..75ce4a5 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -42,6 +42,7 @@
#elif defined(USE_NETTLE)
#include <nettle/sha1.h>
#include <nettle/sha2.h>
+#include <nettle/ctr.h>
#endif
#include "log.h"
@@ -165,8 +166,10 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr
#if defined(USE_SSL_CRYPTO)
SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
#elif defined(USE_NETTLE)
- // TODO: nettle
-
+ struct sha256_ctx ctx;
+ sha256_init(&ctx);
+ sha256_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase);
+ sha256_digest(&ctx, digest.length_, digest.buf_);
#else // USE_GCRYPT is the default
gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));
#endif
@@ -227,8 +230,10 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
#if defined(USE_SSL_CRYPTO)
SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
#elif defined(USE_NETTLE)
- // TODO: nettle
-
+ struct sha1_ctx ctx;
+ sha1_init(&ctx);
+ sha1_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase);
+ sha1_digest(&ctx, digest.length_, digest.buf_);
#else // USE_GCRYPT is the default
gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));
#endif
@@ -369,8 +374,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
return -1;
}
#elif defined(USE_NETTLE)
- // TODO: nettle
-
+ aes_set_encrypt_key(&params->ctx_, kd->master_key_.length_, kd->master_key_.buf_);
#else // USE_GCRYPT is the default
int algo;
switch(kd->key_length_) {
@@ -458,8 +462,12 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
memset(key, 0, len);
AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
#elif defined(USE_NETTLE)
- // TODO: nettle
-
+ if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+ log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
+ return -1;
+ }
+ memset(key, 0, len);
+ ctr_crypt(&params->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, len, key, key);
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_reset(params->handle_);
if(err) {
diff --git a/src/key_derivation.h b/src/key_derivation.h
index 01c9a26..df97765 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -109,8 +109,7 @@ struct key_derivation_aesctr_param_struct {
AES_KEY aes_key_;
u_int8_t ecount_buf_[AES_BLOCK_SIZE];
#elif defined(USE_NETTLE)
- // TODO: nettle
-
+ struct aes_ctx ctx_;
#else // USE_GCRYPT is the default
gcry_cipher_hd_t handle_;
#endif