summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/auth_algo.c42
-rw-r--r--src/auth_algo.h12
-rw-r--r--src/cipher.c26
-rw-r--r--src/cipher.h10
-rwxr-xr-xsrc/configure1
-rw-r--r--src/init_crypt.h18
-rw-r--r--src/key_derivation.c74
-rw-r--r--src/key_derivation.h12
8 files changed, 98 insertions, 97 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index e9b6d0f..8ee3f49 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -154,15 +154,15 @@ int auth_algo_sha1_init(auth_algo_t* aa)
auth_algo_sha1_param_t* params = aa->params_;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ HMAC_CTX_init(&params->ctx_);
+ HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err));
return -1;
}
-#else
- HMAC_CTX_init(&params->ctx_);
- HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
#endif
return 0;
@@ -176,11 +176,11 @@ void auth_algo_sha1_close(auth_algo_t* aa)
if(aa->params_) {
auth_algo_sha1_param_t* params = aa->params_;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ HMAC_CTX_cleanup(&params->ctx_);
+#else // USE_GCRYPT is the default
if(params->handle_)
gcry_md_close(params->handle_);
-#else
- HMAC_CTX_cleanup(&params->ctx_);
#endif
free(aa->params_);
@@ -207,7 +207,13 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati
if(ret < 0)
return;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
+ u_int8_t hmac[SHA1_LENGTH];
+ HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ HMAC_Final(&params->ctx_, hmac, NULL);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
if(err) {
log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
@@ -218,12 +224,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati
gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(params->handle_);
u_int8_t* hmac = gcry_md_read(params->handle_, 0);
-#else
- HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
-
- u_int8_t hmac[SHA1_LENGTH];
- HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
- HMAC_Final(&params->ctx_, hmac, NULL);
#endif
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
@@ -255,7 +255,13 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati
if(ret < 0)
return 0;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
+ u_int8_t hmac[SHA1_LENGTH];
+ HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ HMAC_Final(&params->ctx_, hmac, NULL);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
if(err) {
log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err));
@@ -266,12 +272,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati
gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(params->handle_);
u_int8_t* hmac = gcry_md_read(params->handle_, 0);
-#else
- HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
-
- u_int8_t hmac[SHA1_LENGTH];
- HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
- HMAC_Final(&params->ctx_, hmac, NULL);
#endif
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
diff --git a/src/auth_algo.h b/src/auth_algo.h
index c3caaa6..2c20410 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -36,10 +36,10 @@
#ifndef UANYTUN_auth_algo_h_INCLUDED
#define UANYTUN_auth_algo_h_INCLUDED
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#ifdef USE_SSL_CRYPTO
#include <openssl/hmac.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
#include "key_derivation.h"
#include "encrypted_packet.h"
@@ -66,10 +66,10 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di
#define SHA1_LENGTH 20
struct auth_algo_sha1_param_struct {
-#ifndef USE_SSL_CRYPTO
- gcry_md_hd_t handle_;
-#else
+#ifdef USE_SSL_CRYPTO
HMAC_CTX ctx_;
+#else // USE_GCRYPT is the default
+ gcry_md_hd_t handle_;
#endif
};
typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
diff --git a/src/cipher.c b/src/cipher.c
index 6f08eef..03449a0 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -210,7 +210,7 @@ int cipher_aesctr_init(cipher_t* c)
if(!c->params_)
return -2;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
int algo;
switch(c->key_length_) {
case 128: algo = GCRY_CIPHER_AES128; break;
@@ -239,7 +239,7 @@ void cipher_aesctr_close(cipher_t* c)
return;
if(c->params_) {
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
cipher_aesctr_param_t* params = c->params_;
gcry_cipher_close(params->handle_);
#endif
@@ -288,10 +288,10 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
#ifdef USE_SSL_CRYPTO
ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, &params->aes_key_);
if(ret) {
- log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret);
+ log_printf(ERROR, "failed to set cipher key (code: %d)", ret);
return -1;
}
-#else
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
if(err) {
log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err));
@@ -305,7 +305,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
return ret;
}
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+ log_printf(ERROR, "failed to set cipher CTR: size doesn't fit");
+ return -1;
+ }
+ u_int32_t num = 0;
+ memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+ AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+#else // USE_GCRYPT is the default
err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH);
if(err) {
log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err));
@@ -317,14 +325,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di
log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err));
return -1;
}
-#else
- if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
- log_printf(ERROR, "failed to set cipher CTR: size don't fits");
- return -1;
- }
- u_int32_t num = 0;
- memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
- AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
#endif
return (ilen < olen) ? ilen : olen;
diff --git a/src/cipher.h b/src/cipher.h
index 5758fde..d4506d4 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -38,9 +38,9 @@
#ifndef NO_CRYPT
#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
#include <openssl/aes.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
#include "key_derivation.h"
#else
@@ -94,11 +94,11 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union {
typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t;
struct cipher_aesctr_param_struct {
-#ifndef USE_SSL_CRYPTO
- gcry_cipher_hd_t handle_;
-#else
+#ifdef USE_SSL_CRYPTO
AES_KEY aes_key_;
u_int8_t ecount_buf_[AES_BLOCK_SIZE];
+#else // USE_GCRYPT is the default
+ gcry_cipher_hd_t handle_;
#endif
cipher_aesctr_ctr_t ctr_;
};
diff --git a/src/configure b/src/configure
index 2d753eb..f764f89 100755
--- a/src/configure
+++ b/src/configure
@@ -169,6 +169,7 @@ esac
case $CRYPTO_LIB in
gcrypt)
+ CFLAGS=$CFLAGS' -DUSE_GCRYPT'
LDFLAGS=$LDFLAGS' -lgcrypt'
echo "using libgcrypt library"
;;
diff --git a/src/init_crypt.h b/src/init_crypt.h
index 314ebc5..47688c7 100644
--- a/src/init_crypt.h
+++ b/src/init_crypt.h
@@ -48,7 +48,15 @@ int init_crypt()
#else
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+
+int init_crypt()
+{
+// nothing here
+ return 0;
+}
+
+#else // USE_GCRYPT is the default
#include <gcrypt.h>
@@ -77,14 +85,6 @@ int init_crypt()
return 0;
}
-#else
-
-int init_crypt()
-{
-// nothing here
- return 0;
-}
-
#endif
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 3ba0656..7bd4d6e 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -135,30 +135,30 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr
return -1;
}
-#ifndef USE_SSL_CRYPTO
- if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) {
-#else
+#ifdef USE_SSL_CRYPTO
if(key_length > (SHA256_DIGEST_LENGTH * 8)) {
+#else // USE_GCRYPT is the default
+ if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) {
#endif
log_printf(ERROR, "master key too long for passphrase algorithm");
return -1;
}
buffer_t digest;
-#ifndef USE_SSL_CRYPTO
- digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
-#else
+#ifdef USE_SSL_CRYPTO
digest.length_ = SHA256_DIGEST_LENGTH;
+#else // USE_GCRYPT is the default
+ digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
#endif
digest.buf_ = malloc(digest.length_);
if(!digest.buf_)
return -2;
-#ifndef USE_SSL_CRYPTO
- gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));
-#else
+#ifdef USE_SSL_CRYPTO
SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
+#else // USE_GCRYPT is the default
+ gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase));
#endif
kd->master_key_.length_ = key_length/8;
@@ -191,29 +191,29 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
return -1;
}
-#ifndef USE_SSL_CRYPTO
- if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) {
-#else
+#ifdef USE_SSL_CRYPTO
if(salt_length > (SHA_DIGEST_LENGTH * 8)) {
+#else // USE_GCRYPT is the default
+ if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) {
#endif
log_printf(ERROR, "master salt too long for passphrase algorithm");
return -1;
}
buffer_t digest;
-#ifndef USE_SSL_CRYPTO
- digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
-#else
+#ifdef USE_SSL_CRYPTO
digest.length_ = SHA_DIGEST_LENGTH;
+#else // USE_GCRYPT is the default
+ digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
#endif
digest.buf_ = malloc(digest.length_);
if(!digest.buf_)
return -2;
-#ifndef USE_SSL_CRYPTO
- gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));
-#else
+#ifdef USE_SSL_CRYPTO
SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_);
+#else // USE_GCRYPT is the default
+ gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase));
#endif
kd->master_salt_.length_ = salt_length/8;
@@ -330,7 +330,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
return -2;
key_derivation_aesctr_param_t* params = kd->params_;
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
params->handle_ = 0;
#endif
@@ -345,7 +345,13 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
}
#endif
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, &params->aes_key_);
+ if(ret) {
+ log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret);
+ return -1;
+ }
+#else // USE_GCRYPT is the default
int algo;
switch(kd->key_length_) {
case 128: algo = GCRY_CIPHER_AES128; break;
@@ -368,12 +374,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err));
return -1;
}
-#else
- int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, &params->aes_key_);
- if(ret) {
- log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret);
- return -1;
- }
#endif
return 0;
@@ -385,7 +385,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd)
return;
if(kd->params_) {
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_GCRYPT
key_derivation_aesctr_param_t* params = kd->params_;
if(params->handle_)
gcry_cipher_close(params->handle_);
@@ -428,7 +428,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
return -1;
}
-#ifndef USE_SSL_CRYPTO
+#ifdef USE_SSL_CRYPTO
+ if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
+ log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
+ return -1;
+ }
+ u_int32_t num = 0;
+ memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
+ memset(key, 0, len);
+ AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_reset(params->handle_);
if(err) {
log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err));
@@ -447,15 +456,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di
log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err));
return -1;
}
-#else
- if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) {
- log_printf(ERROR, "failed to set key derivation CTR: size don't fits");
- return -1;
- }
- u_int32_t num = 0;
- memset(params->ecount_buf_, 0, AES_BLOCK_SIZE);
- memset(key, 0, len);
- AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
#endif
return 0;
diff --git a/src/key_derivation.h b/src/key_derivation.h
index 19fd88b..0d3c93f 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -36,10 +36,10 @@
#ifndef UANYTUN_key_derivation_h_INCLUDED
#define UANYTUN_key_derivation_h_INCLUDED
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+#ifdef USE_SSL_CRYPTO
#include <openssl/aes.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
#include "options.h"
@@ -103,11 +103,11 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
struct key_derivation_aesctr_param_struct {
-#ifndef USE_SSL_CRYPTO
- gcry_cipher_hd_t handle_;
-#else
+#ifdef USE_SSL_CRYPTO
AES_KEY aes_key_;
u_int8_t ecount_buf_[AES_BLOCK_SIZE];
+#else // USE_GCRYPT is the default
+ gcry_cipher_hd_t handle_;
#endif
key_derivation_aesctr_ctr_t ctr_;
};