From 58b13392f4f59e41ca130b5ad1013787915a0d46 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 5 Jan 2009 11:35:09 +0000 Subject: added alternative implementation of key derivation using ssl crypto library --- src/Makefile | 4 ++-- src/key_derivation.c | 37 +++++++++++++++++++++++++++++-------- src/key_derivation.h | 9 +++++++++ 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/src/Makefile b/src/Makefile index 1090fc0..4892ce4 100644 --- a/src/Makefile +++ b/src/Makefile @@ -34,9 +34,9 @@ TARGET=$(shell uname -s) CC = gcc -CCFLAGS = -g -O2 -DANYTUN_02_COMPAT #-DNO_CRYPT +CCFLAGS = -pg -g -O2 -DANYTUN_02_COMPAT #-DUSE_SSL_CRYPTO #-DNO_CRYPT LD = gcc -LDFLAGS = -g -Wall -O2 -lgcrypt -lgpg-error +LDFLAGS = -pg -g -Wall -O2 -lgcrypt -lgpg-error #-lcrypto ifeq ($(TARGET),Linux) LDFLAGS += -ldl diff --git a/src/key_derivation.c b/src/key_derivation.c index 51431dd..84abdae 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -164,6 +164,15 @@ int key_derivation_aesctr_init(key_derivation_t* kd) if(!kd) return -1; + if(kd->params_) + free(kd->params_); + kd->params_ = malloc(sizeof(key_derivation_aesctr_param_t)); + if(!kd->params_) + return -2; + + key_derivation_aesctr_param_t* params = kd->params_; + +#ifndef USE_SSL_CRYPTO int algo; switch(kd->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -174,14 +183,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd) return -1; } } - - if(kd->params_) - free(kd->params_); - kd->params_ = malloc(sizeof(key_derivation_aesctr_param_t)); - if(!kd->params_) - return -2; - - key_derivation_aesctr_param_t* params = kd->params_; gcry_error_t err = gcry_cipher_open(¶ms->handle_, algo, GCRY_CIPHER_MODE_CTR, 0); if(err) { @@ -194,6 +195,13 @@ int key_derivation_aesctr_init(key_derivation_t* kd) log_printf(ERR, "failed to set key derivation key: %s", gcry_strerror(err)); return -1; } +#else + int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); + if(ret) { + log_printf(ERR, "failed to set key derivation ssl aes-key (code: %d)", ret); + return -1; + } +#endif return 0; } @@ -206,8 +214,10 @@ void key_derivation_aesctr_close(key_derivation_t* kd) if(kd->params_) { key_derivation_aesctr_param_t* params = kd->params_; +#ifndef USE_SSL_CRYPTO if(params->handle_) gcry_cipher_close(params->handle_); +#endif free(kd->params_); } @@ -279,6 +289,7 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, return 0; } +#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { log_printf(ERR, "failed to reset key derivation cipher: %s", gcry_strerror(err)); @@ -298,6 +309,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, log_printf(ERR, "failed to generate key derivation bitstream: %s", gcry_strerror(err)); return -1; } +#else + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERR, "failed to set key derivation CTR: size don't fits"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf, 0, AES_BLOCK_SIZE); + memset(key, 0, len); + AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf, &num); +#endif if(!kd->ld_kdr_) return 1; diff --git a/src/key_derivation.h b/src/key_derivation.h index e95c276..2f1bfb5 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -35,7 +35,11 @@ #ifndef _KEY_DERIVATION_H_ #define _KEY_DERIVATION_H_ +#ifndef USE_SSL_CRYPTO #include +#else +#include +#endif #define KD_LABEL_COUNT 3 enum satp_prf_label_enum { @@ -101,7 +105,12 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t; struct key_derivation_aesctr_param_struct { +#ifndef USE_SSL_CRYPTO gcry_cipher_hd_t handle_; +#else + AES_KEY aes_key_; + u_int8_t ecount_buf[AES_BLOCK_SIZE]; +#endif key_derivation_aesctr_ctr_t ctr_; }; typedef struct key_derivation_aesctr_param_struct key_derivation_aesctr_param_t; -- cgit v1.2.3