-- cgit v1.2.3 From e8c117aa01ac48fa2cf022810543bd97a0e44e57 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Jun 2014 16:48:26 +0000 Subject: refactored crypto lib selection --- src/auth_algo.c | 42 ++++++++++++++--------------- src/auth_algo.h | 12 ++++----- src/cipher.c | 26 +++++++++--------- src/cipher.h | 10 +++---- src/configure | 1 + src/init_crypt.h | 18 ++++++------- src/key_derivation.c | 74 ++++++++++++++++++++++++++-------------------------- src/key_derivation.h | 12 ++++----- 8 files changed, 98 insertions(+), 97 deletions(-) diff --git a/src/auth_algo.c b/src/auth_algo.c index e9b6d0f..8ee3f49 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -154,15 +154,15 @@ int auth_algo_sha1_init(auth_algo_t* aa) auth_algo_sha1_param_t* params = aa->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_CTX_init(¶ms->ctx_); + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; } -#else - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); #endif return 0; @@ -176,11 +176,11 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { auth_algo_sha1_param_t* params = aa->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_CTX_cleanup(¶ms->ctx_); +#else // USE_GCRYPT is the default if(params->handle_) gcry_md_close(params->handle_); -#else - HMAC_CTX_cleanup(¶ms->ctx_); #endif free(aa->params_); @@ -207,7 +207,13 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -218,12 +224,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); @@ -255,7 +255,13 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return 0; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -266,12 +272,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); diff --git a/src/auth_algo.h b/src/auth_algo.h index c3caaa6..2c20410 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -36,10 +36,10 @@ #ifndef UANYTUN_auth_algo_h_INCLUDED #define UANYTUN_auth_algo_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include -#else +#ifdef USE_SSL_CRYPTO #include +#else // USE_GCRYPT is the default +#include #endif #include "key_derivation.h" #include "encrypted_packet.h" @@ -66,10 +66,10 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di #define SHA1_LENGTH 20 struct auth_algo_sha1_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_md_hd_t handle_; -#else +#ifdef USE_SSL_CRYPTO HMAC_CTX ctx_; +#else // USE_GCRYPT is the default + gcry_md_hd_t handle_; #endif }; typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t; diff --git a/src/cipher.c b/src/cipher.c index 6f08eef..03449a0 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -210,7 +210,7 @@ int cipher_aesctr_init(cipher_t* c) if(!c->params_) return -2; -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT int algo; switch(c->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -239,7 +239,7 @@ void cipher_aesctr_close(cipher_t* c) return; if(c->params_) { -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT cipher_aesctr_param_t* params = c->params_; gcry_cipher_close(params->handle_); #endif @@ -288,10 +288,10 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di #ifdef USE_SSL_CRYPTO ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { - log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret); + log_printf(ERROR, "failed to set cipher key (code: %d)", ret); return -1; } -#else +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err)); @@ -305,7 +305,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return ret; } -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#else // USE_GCRYPT is the default err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err)); @@ -317,14 +325,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err)); return -1; } -#else - if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set cipher CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return (ilen < olen) ? ilen : olen; diff --git a/src/cipher.h b/src/cipher.h index 5758fde..d4506d4 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -38,9 +38,9 @@ #ifndef NO_CRYPT #ifndef USE_SSL_CRYPTO -#include -#else #include +#else // USE_GCRYPT is the default +#include #endif #include "key_derivation.h" #else @@ -94,11 +94,11 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union { typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t; struct cipher_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#ifdef USE_SSL_CRYPTO AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif cipher_aesctr_ctr_t ctr_; }; diff --git a/src/configure b/src/configure index 2d753eb..f764f89 100755 --- a/src/configure +++ b/src/configure @@ -169,6 +169,7 @@ esac case $CRYPTO_LIB in gcrypt) + CFLAGS=$CFLAGS' -DUSE_GCRYPT' LDFLAGS=$LDFLAGS' -lgcrypt' echo "using libgcrypt library" ;; diff --git a/src/init_crypt.h b/src/init_crypt.h index 314ebc5..47688c7 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -48,7 +48,15 @@ int init_crypt() #else -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + +int init_crypt() +{ +// nothing here + return 0; +} + +#else // USE_GCRYPT is the default #include @@ -77,14 +85,6 @@ int init_crypt() return 0; } -#else - -int init_crypt() -{ -// nothing here - return 0; -} - #endif diff --git a/src/key_derivation.c b/src/key_derivation.c index 3ba0656..7bd4d6e 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -135,30 +135,30 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -1; } -#ifndef USE_SSL_CRYPTO - if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { -#else +#ifdef USE_SSL_CRYPTO if(key_length > (SHA256_DIGEST_LENGTH * 8)) { +#else // USE_GCRYPT is the default + if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { #endif log_printf(ERROR, "master key too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); -#else +#ifdef USE_SSL_CRYPTO digest.length_ = SHA256_DIGEST_LENGTH; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); -#else +#ifdef USE_SSL_CRYPTO SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_key_.length_ = key_length/8; @@ -191,29 +191,29 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph return -1; } -#ifndef USE_SSL_CRYPTO - if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { -#else +#ifdef USE_SSL_CRYPTO if(salt_length > (SHA_DIGEST_LENGTH * 8)) { +#else // USE_GCRYPT is the default + if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { #endif log_printf(ERROR, "master salt too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); -#else +#ifdef USE_SSL_CRYPTO digest.length_ = SHA_DIGEST_LENGTH; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); -#else +#ifdef USE_SSL_CRYPTO SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_salt_.length_ = salt_length/8; @@ -330,7 +330,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) return -2; key_derivation_aesctr_param_t* params = kd->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT params->handle_ = 0; #endif @@ -345,7 +345,13 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) } #endif -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); + if(ret) { + log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); + return -1; + } +#else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -368,12 +374,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err)); return -1; } -#else - int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); - if(ret) { - log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); - return -1; - } #endif return 0; @@ -385,7 +385,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd) return; if(kd->params_) { -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT key_derivation_aesctr_param_t* params = kd->params_; if(params->handle_) gcry_cipher_close(params->handle_); @@ -428,7 +428,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di return -1; } -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + memset(key, 0, len); + AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err)); @@ -447,15 +456,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err)); return -1; } -#else - if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return 0; diff --git a/src/key_derivation.h b/src/key_derivation.h index 19fd88b..0d3c93f 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -36,10 +36,10 @@ #ifndef UANYTUN_key_derivation_h_INCLUDED #define UANYTUN_key_derivation_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include -#else +#ifdef USE_SSL_CRYPTO #include +#else // USE_GCRYPT is the default +#include #endif #include "options.h" @@ -103,11 +103,11 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t; struct key_derivation_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#ifdef USE_SSL_CRYPTO AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif key_derivation_aesctr_ctr_t ctr_; }; -- cgit v1.2.3 From 01ef67da5564e1dcb380adead3e7f869fa3be2c8 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Jun 2014 18:26:51 +0000 Subject: added defines for nettle as crypto lib further improved selection of crypto lib --- README | 10 ++++++++-- src/auth_algo.c | 22 ++++++++++++++++++---- src/auth_algo.h | 9 +++++++-- src/cipher.c | 24 ++++++++++++++++++++---- src/cipher.h | 9 +++++++-- src/configure | 13 +++++++++++-- src/init_crypt.h | 10 +++++++++- src/key_derivation.c | 41 ++++++++++++++++++++++++++++++++--------- src/key_derivation.h | 9 +++++++-- 9 files changed, 119 insertions(+), 28 deletions(-) diff --git a/README b/README index 10c3b10..dc07a11 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ Dependencies ============ -uAnytun can be built by using either libgcrypt or the openssl-crypto library. -The latter is more performant in most cases but there are some license +uAnytun can be built by using either libgcrypt, libnettle or the openssl-crypto +library. The latter is more performant in most cases but there are some license issues when using this library. It also needs more space when installed. @@ -20,7 +20,13 @@ using ssl crypto library: build-essential libssl-dev +using nettle crypto library: + + build-essential + nettle-dev + if you want clang as compiler + clang if you want to rebuild the manpage: diff --git a/src/auth_algo.c b/src/auth_algo.c index 8ee3f49..87ea472 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -154,9 +154,12 @@ int auth_algo_sha1_init(auth_algo_t* aa) auth_algo_sha1_param_t* params = aa->params_; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) HMAC_CTX_init(¶ms->ctx_); HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { @@ -176,8 +179,11 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { auth_algo_sha1_param_t* params = aa->params_; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) HMAC_CTX_cleanup(¶ms->ctx_); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default if(params->handle_) gcry_md_close(params->handle_); @@ -207,12 +213,16 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + // TODO: nettle + u_int8_t hmac[SHA1_LENGTH]; + #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { @@ -255,12 +265,16 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return 0; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); u_int8_t hmac[SHA1_LENGTH]; HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + // TODO: nettle + u_int8_t hmac[SHA1_LENGTH]; + #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { diff --git a/src/auth_algo.h b/src/auth_algo.h index 2c20410..e800c8e 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -36,8 +36,10 @@ #ifndef UANYTUN_auth_algo_h_INCLUDED #define UANYTUN_auth_algo_h_INCLUDED -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include #else // USE_GCRYPT is the default #include #endif @@ -66,8 +68,11 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di #define SHA1_LENGTH 20 struct auth_algo_sha1_param_struct { -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) HMAC_CTX ctx_; +#elif defined(USE_NETTLE) + // TOOD: nettle + #else // USE_GCRYPT is the default gcry_md_hd_t handle_; #endif diff --git a/src/cipher.c b/src/cipher.c index 03449a0..a2e7f5e 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -210,7 +210,12 @@ int cipher_aesctr_init(cipher_t* c) if(!c->params_) return -2; -#ifdef USE_GCRYPT +#if defined(USE_SSL_CRYPTO) + // nothing here +#elif defined(USE_NETTLE) + // TODO: nettle + +#else // USE_GCRYPT is the default int algo; switch(c->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -239,7 +244,12 @@ void cipher_aesctr_close(cipher_t* c) return; if(c->params_) { -#ifdef USE_GCRYPT +#if defined(USE_SSL_CRYPTO) + // nothing here +#elif defined(USE_NETTLE) + // TODO: nettle + +#else // USE_GCRYPT is the default cipher_aesctr_param_t* params = c->params_; gcry_cipher_close(params->handle_); #endif @@ -285,12 +295,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di if(ret < 0) return ret; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { log_printf(ERROR, "failed to set cipher key (code: %d)", ret); return -1; } +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { @@ -305,7 +318,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return ret; } -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); return -1; @@ -313,6 +326,9 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di u_int32_t num = 0; memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { diff --git a/src/cipher.h b/src/cipher.h index d4506d4..8221a3c 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -37,8 +37,10 @@ #define UANYTUN_cipher_h_INCLUDED #ifndef NO_CRYPT -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include #else // USE_GCRYPT is the default #include #endif @@ -94,9 +96,12 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union { typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t; struct cipher_aesctr_param_struct { -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_; #endif diff --git a/src/configure b/src/configure index f764f89..04d5ac2 100755 --- a/src/configure +++ b/src/configure @@ -61,7 +61,8 @@ print_usage() { echo " --examplesdir= the path to the examples files (default: $PREFIX/share/examples)" echo " --no-examples dont't install example files" echo " --use-gcrypt use libgcrypt (this is the default)" - echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt" + echo " --use-nettle use libnettle instead of libgcrypt" + echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt" echo " --no-crypto disable crypto at all (only NULL cipher)" echo " --disable-passphrase disable master key and salt passphrase" echo " --enable-passphrase enable master key and salt passphrase" @@ -101,6 +102,9 @@ do --use-gcrypt) CRYPTO_LIB='gcrypt' ;; + --use-nettle) + CRYPTO_LIB='nettle' + ;; --use-ssl-crypto) CRYPTO_LIB='ssl' ;; @@ -171,7 +175,12 @@ case $CRYPTO_LIB in gcrypt) CFLAGS=$CFLAGS' -DUSE_GCRYPT' LDFLAGS=$LDFLAGS' -lgcrypt' - echo "using libgcrypt library" + echo "using gcrypt library" + ;; + nettle) + CFLAGS=$CFLAGS' -DUSE_NETTLE' + LDFLAGS=$LDFLAGS' -lnettle' + echo "using nettle library" ;; ssl) CFLAGS=$CFLAGS' -DUSE_SSL_CRYPTO' diff --git a/src/init_crypt.h b/src/init_crypt.h index 47688c7..9a8849e 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -48,7 +48,15 @@ int init_crypt() #else -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + +int init_crypt() +{ +// nothing here + return 0; +} + +#elif defined(USE_NETTLE) int init_crypt() { diff --git a/src/key_derivation.c b/src/key_derivation.c index 7bd4d6e..998c10b 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -37,8 +37,11 @@ #include "key_derivation.h" -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#include #endif #include "log.h" @@ -135,8 +138,10 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -1; } -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) if(key_length > (SHA256_DIGEST_LENGTH * 8)) { +#elif defined(USE_NETTLE) + if(key_length > (SHA256_DIGEST_SIZE * 8)) { #else // USE_GCRYPT is the default if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { #endif @@ -145,8 +150,10 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr } buffer_t digest; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) digest.length_ = SHA256_DIGEST_LENGTH; +#elif defined(USE_NETTLE) + digest.length_ = SHA256_DIGEST_SIZE; #else // USE_GCRYPT is the default digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); #endif @@ -155,8 +162,11 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -2; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif @@ -191,8 +201,10 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph return -1; } -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) if(salt_length > (SHA_DIGEST_LENGTH * 8)) { +#elif defined(USE_NETTLE) + if(salt_length > (SHA1_DIGEST_SIZE * 8)) { #else // USE_GCRYPT is the default if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { #endif @@ -201,8 +213,10 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph } buffer_t digest; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) digest.length_ = SHA_DIGEST_LENGTH; +#elif defined(USE_NETTLE) + digest.length_ = SHA1_DIGEST_SIZE; #else // USE_GCRYPT is the default digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); #endif @@ -210,8 +224,11 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph if(!digest.buf_) return -2; -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif @@ -345,12 +362,15 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) } #endif -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); if(ret) { log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); return -1; } +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { @@ -428,7 +448,7 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di return -1; } -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); return -1; @@ -437,6 +457,9 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); memset(key, 0, len); AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { diff --git a/src/key_derivation.h b/src/key_derivation.h index 0d3c93f..01c9a26 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -36,8 +36,10 @@ #ifndef UANYTUN_key_derivation_h_INCLUDED #define UANYTUN_key_derivation_h_INCLUDED -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include #else // USE_GCRYPT is the default #include #endif @@ -103,9 +105,12 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t; struct key_derivation_aesctr_param_struct { -#ifdef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + // TODO: nettle + #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_; #endif -- cgit v1.2.3 From eb89126a5a21fcf56ca239c31e46a725c319e9f7 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Jun 2014 18:59:34 +0000 Subject: implemented cipher with nettle (not tested yet) --- src/cipher.c | 19 +++++++++++-------- src/cipher.h | 3 +-- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/cipher.c b/src/cipher.c index a2e7f5e..bf9ac25 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -39,6 +39,9 @@ #include "encrypted_packet.h" #include "cipher.h" +#if defined(USE_NETTLE) +#include +#endif #include "log.h" @@ -213,8 +216,7 @@ int cipher_aesctr_init(cipher_t* c) #if defined(USE_SSL_CRYPTO) // nothing here #elif defined(USE_NETTLE) - // TODO: nettle - + // nothing here #else // USE_GCRYPT is the default int algo; switch(c->key_length_) { @@ -247,8 +249,7 @@ void cipher_aesctr_close(cipher_t* c) #if defined(USE_SSL_CRYPTO) // nothing here #elif defined(USE_NETTLE) - // TODO: nettle - + // nothing here #else // USE_GCRYPT is the default cipher_aesctr_param_t* params = c->params_; gcry_cipher_close(params->handle_); @@ -302,8 +303,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return -1; } #elif defined(USE_NETTLE) - // TODO: nettle - + aes_set_encrypt_key(¶ms->ctx_, c->key_length_, c->key_.buf_); #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { @@ -327,8 +327,11 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #elif defined(USE_NETTLE) - // TODO: nettle - + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, (ilen < olen) ? ilen : olen, out, in); #else // USE_GCRYPT is the default err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { diff --git a/src/cipher.h b/src/cipher.h index 8221a3c..e5976b0 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -100,8 +100,7 @@ struct cipher_aesctr_param_struct { AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; #elif defined(USE_NETTLE) - // TODO: nettle - + struct aes_ctx ctx_; #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_; #endif -- cgit v1.2.3 From 7e12caca626bdbee7a351ab1fb3244b8c99224f3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Jun 2014 19:16:11 +0000 Subject: implemented auth tag with nettle (not tested yet) --- src/auth_algo.c | 26 ++++++++++++++------------ src/auth_algo.h | 3 +-- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/auth_algo.c b/src/auth_algo.c index 87ea472..e1f5de5 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -152,15 +152,14 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(!aa->params_) return -2; - auth_algo_sha1_param_t* params = aa->params_; - #if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; HMAC_CTX_init(¶ms->ctx_); HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); #elif defined(USE_NETTLE) - // TODO: nettle - + // nothing here #else // USE_GCRYPT is the default + auth_algo_sha1_param_t* params = aa->params_; gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); @@ -177,14 +176,13 @@ void auth_algo_sha1_close(auth_algo_t* aa) return; if(aa->params_) { - auth_algo_sha1_param_t* params = aa->params_; - #if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; HMAC_CTX_cleanup(¶ms->ctx_); #elif defined(USE_NETTLE) - // TODO: nettle - + // nothing here #else // USE_GCRYPT is the default + auth_algo_sha1_param_t* params = aa->params_; if(params->handle_) gcry_md_close(params->handle_); #endif @@ -220,9 +218,11 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); HMAC_Final(¶ms->ctx_, hmac, NULL); #elif defined(USE_NETTLE) - // TODO: nettle - u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { @@ -272,9 +272,11 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); HMAC_Final(¶ms->ctx_, hmac, NULL); #elif defined(USE_NETTLE) - // TODO: nettle - u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { diff --git a/src/auth_algo.h b/src/auth_algo.h index e800c8e..b8a20b8 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -71,8 +71,7 @@ struct auth_algo_sha1_param_struct { #if defined(USE_SSL_CRYPTO) HMAC_CTX ctx_; #elif defined(USE_NETTLE) - // TOOD: nettle - + struct hmac_sha1_ctx ctx_; #else // USE_GCRYPT is the default gcry_md_hd_t handle_; #endif -- cgit v1.2.3 From 49b279e8d329a21cbc120186dd25852f302c02a3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Jun 2014 19:46:49 +0000 Subject: implemented key derivation in nettle fixed key length for cipher --- src/cipher.c | 2 +- src/key_derivation.c | 24 ++++++++++++++++-------- src/key_derivation.h | 3 +-- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/src/cipher.c b/src/cipher.c index bf9ac25..9afd84a 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -303,7 +303,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return -1; } #elif defined(USE_NETTLE) - aes_set_encrypt_key(¶ms->ctx_, c->key_length_, c->key_.buf_); + aes_set_encrypt_key(¶ms->ctx_, c->key_.length_, c->key_.buf_); #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { diff --git a/src/key_derivation.c b/src/key_derivation.c index 998c10b..75ce4a5 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -42,6 +42,7 @@ #elif defined(USE_NETTLE) #include #include +#include #endif #include "log.h" @@ -165,8 +166,10 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr #if defined(USE_SSL_CRYPTO) SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); #elif defined(USE_NETTLE) - // TODO: nettle - + struct sha256_ctx ctx; + sha256_init(&ctx); + sha256_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha256_digest(&ctx, digest.length_, digest.buf_); #else // USE_GCRYPT is the default gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif @@ -227,8 +230,10 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph #if defined(USE_SSL_CRYPTO) SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); #elif defined(USE_NETTLE) - // TODO: nettle - + struct sha1_ctx ctx; + sha1_init(&ctx); + sha1_update(&ctx, strlen(passphrase), (const u_int8_t*)passphrase); + sha1_digest(&ctx, digest.length_, digest.buf_); #else // USE_GCRYPT is the default gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif @@ -369,8 +374,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) return -1; } #elif defined(USE_NETTLE) - // TODO: nettle - + aes_set_encrypt_key(¶ms->ctx_, kd->master_key_.length_, kd->master_key_.buf_); #else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { @@ -458,8 +462,12 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di memset(key, 0, len); AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #elif defined(USE_NETTLE) - // TODO: nettle - + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + memset(key, 0, len); + ctr_crypt(¶ms->ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, params->ctr_.buf_, len, key, key); #else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { diff --git a/src/key_derivation.h b/src/key_derivation.h index 01c9a26..df97765 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -109,8 +109,7 @@ struct key_derivation_aesctr_param_struct { AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; #elif defined(USE_NETTLE) - // TODO: nettle - + struct aes_ctx ctx_; #else // USE_GCRYPT is the default gcry_cipher_hd_t handle_; #endif -- cgit v1.2.3