From 21da0480588007dc30ae5d19dba8dcfc1c22c20e Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 3 Jan 2009 09:43:52 +0000 Subject: some cleanup @ cipher, auth_algo and key derivation --- src/auth_algo.c | 53 +++++++++++--------------- src/cipher.c | 103 ++++++++++++++++++++++++++++++--------------------- src/cipher.h | 8 ++-- src/key_derivation.c | 20 +++++----- src/key_derivation.h | 2 +- 5 files changed, 96 insertions(+), 90 deletions(-) (limited to 'src') diff --git a/src/auth_algo.c b/src/auth_algo.c index 4f91338..31a92bf 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -124,6 +124,14 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(!aa) return -1; + if(aa->key_.buf_) + free(aa->key_.buf_); + + aa->key_.length_ = SHA1_LENGTH; + aa->key_.buf_ = malloc(aa->key_.length_); + if(!aa->key_.buf_) + return -2; + gcry_error_t err = gcry_md_open(&aa->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERR, "failed to open message digest algo: %s/%s", gcry_strerror(err), gcry_strsource(err)); @@ -154,29 +162,20 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa return; } - - if(!aa->key_.buf_) { - aa->key_.length_ = SHA1_LENGTH; - aa->key_.buf_ = malloc(aa->key_.length_); - if(!aa->key_.buf_) { - log_printf(ERR, "memory error at auth algo generate"); - return; - } - } - int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_); if(ret < 0) return; - gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_); - if(err) { - log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err)); - return; - } + if(ret) { // a new key got generated + gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_); + if(err) { + log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return; + } + } encrypted_packet_add_auth_tag(packet); gcry_md_reset(aa->handle_); - gcry_md_write(aa->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(aa->handle_); @@ -202,26 +201,18 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa return 0; } - if(!aa->key_.buf_) { - aa->key_.length_ = SHA1_LENGTH; - aa->key_.buf_ = malloc(aa->key_.length_); - if(!aa->key_.buf_) { - log_printf(ERR, "memory error at auth algo check tag"); - return; - } - } - int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_); if(ret < 0) return 0; - gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_); - if(err) { - log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err)); - return; - } + if(ret) { // a new key got generated + gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_); + if(err) { + log_printf(ERR, "failed to set hmac key: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return; + } + } gcry_md_reset(aa->handle_); - gcry_md_write(aa->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(aa->handle_); diff --git a/src/cipher.c b/src/cipher.c index f640d6d..f1a4bf4 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -106,12 +106,12 @@ void cipher_close(cipher_t* c) } -void cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { if(!c) - return; + return -1; - u_int32_t len; + int32_t len; if(c->type_ == c_null) len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in), encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out)); @@ -121,22 +121,27 @@ void cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encry seq_nr, sender_id, mux); else { log_printf(ERR, "unknown cipher type"); - return; + return -1; } + if(len < 0) + return 0; + encrypted_packet_set_sender_id(out, sender_id); encrypted_packet_set_seq_nr(out, seq_nr); encrypted_packet_set_mux(out, mux); encrypted_packet_set_payload_length(out, len); + + return 0; } -void cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out) +int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out) { if(!c) - return; + return -1; - u_int32_t len; + int32_t len; if(c->type_ == c_null) len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in), plain_packet_get_packet(out), plain_packet_get_length(out)); @@ -147,15 +152,20 @@ void cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, p encrypted_packet_get_mux(in)); else { log_printf(ERR, "unknown cipher type"); - return; + return -1; } + if(len < 0) + return 0; + plain_packet_set_length(out, len); + + return 0; } /* ---------------- NULL Cipher ---------------- */ -u_int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen) +int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen) { memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; @@ -168,6 +178,22 @@ int cipher_aesctr_init(cipher_t* c) if(!c) return -1; + if(c->key_.buf_) + free(c->key_.buf_); + + c->key_.length_ = c->key_length_/8; + c->key_.buf_ = malloc(c->key_.length_); + if(!c->key_.buf_) + return -2; + + if(c->salt_.buf_) + free(c->salt_.buf_); + + c->salt_.length_ = 14; + c->salt_.buf_ = malloc(c->salt_.length_); + if(!c->salt_.buf_) + return -2; + int algo; switch(c->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -179,7 +205,7 @@ int cipher_aesctr_init(cipher_t* c) } } - gcry_error_t err = gcry_cipher_open( &c->handle_, algo, GCRY_CIPHER_MODE_CTR, 0 ); + gcry_error_t err = gcry_cipher_open(&c->handle_, algo, GCRY_CIPHER_MODE_CTR, 0); if(err) { log_printf(ERR, "failed to open cipher: %s/%s", gcry_strerror(err), gcry_strsource(err)); return -1; @@ -206,14 +232,6 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_ if(!c) return result; - if(!c->salt_.buf_) { - c->salt_.length_ = 14; - c->salt_.buf_ = malloc(c->salt_.length_); - if(!c->salt_.buf_) { - log_printf(ERR, "memory error aes-ctr calc ctr"); - return result; - } - } int ret = key_derivation_generate(kd, LABEL_SATP_SALT, seq_nr, c->salt_.buf_, c->salt_.length_); if(ret < 0) return result; @@ -259,54 +277,53 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_ return result; } -u_int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - if(!c) { - log_printf(ERR, "cipher not initialized"); - return 0; - } + if(!c) + return -1; + if(!kd) { log_printf(ERR, "no key derivation supplied"); - return 0; - } - - - if(!c->key_.buf_) { - c->key_.length_ = c->key_length_/8; - c->key_.buf_ = malloc(c->key_.length_); - if(!c->key_.buf_) { - log_printf(ERR, "memory error aes-ctr crypt"); - return 0; - } + return -1; } int ret = key_derivation_generate(kd, LABEL_SATP_ENCRYPTION, seq_nr, c->key_.buf_, c->key_.length_); if(ret < 0) - return 0; + return ret; - gcry_error_t err = gcry_cipher_setkey(c->handle_, c->key_.buf_, c->key_.length_); - if(err) { - log_printf(ERR, "failed to set cipher key: %s/%s", gcry_strerror(err), gcry_strsource(err)); - return 0; + gcry_error_t err; + if(ret) { // a new key got generated + err = gcry_cipher_setkey(c->handle_, c->key_.buf_, c->key_.length_); + if(err) { + log_printf(ERR, "failed to set cipher key: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return -1; + } + } // no new key got generated + else { + err = gcry_cipher_reset(c->handle_); + if(err) { + log_printf(ERR, "failed to reset cipher: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return -1; + } } buffer_t ctr = cipher_aesctr_calc_ctr(c, kd, seq_nr, sender_id, mux); if(!ctr.buf_) { log_printf(ERR, "failed to calculate cipher CTR"); - return 0; + return -1; } err = gcry_cipher_setctr(c->handle_, ctr.buf_, ctr.length_); free(ctr.buf_); if(err) { log_printf(ERR, "failed to set cipher CTR: %s/%s", gcry_strerror(err), gcry_strsource(err)); - return 0; + return -1; } err = gcry_cipher_encrypt(c->handle_, out, olen, in, ilen); if(err) { - log_printf(ERR, "failed to generate cipher bitstream: %s/%s", gcry_strerror(err), gcry_strsource(err)); - return 0; + log_printf(ERR, "failed to de/encrypt packet: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return -1; } return (ilen < olen) ? ilen : olen; diff --git a/src/cipher.h b/src/cipher.h index 9406761..5b750b9 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -53,14 +53,14 @@ typedef struct cipher_struct cipher_t; int cipher_init(cipher_t* c, const char* type); void cipher_close(cipher_t* c); -void cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); -void cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out); +int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); +int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out); -u_int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen); +int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen); int cipher_aesctr_init(cipher_t* c); void cipher_aesctr_close(cipher_t* c); buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); -u_int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); +int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); #endif diff --git a/src/key_derivation.c b/src/key_derivation.c index c14db40..dbbd1d2 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -102,7 +102,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u int ret = 0; if(kd->type_ == kd_aes_ctr) - ret = key_derivation_aesctr_init(kd, kd->key_length_); + ret = key_derivation_aesctr_init(kd); if(ret) key_derivation_close(kd); @@ -157,23 +157,23 @@ int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr int key_derivation_null_generate(u_int8_t* key, u_int32_t len) { memset(key, 0, len); - return 0; + return 1; } /* ---------------- AES-Ctr Key Derivation ---------------- */ -int key_derivation_aesctr_init(key_derivation_t* kd, u_int16_t key_length) +int key_derivation_aesctr_init(key_derivation_t* kd) { if(!kd) return -1; int algo; - switch(key_length) { + switch(kd->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; case 192: algo = GCRY_CIPHER_AES192; break; case 256: algo = GCRY_CIPHER_AES256; break; default: { - log_printf(ERR, "key derivation key length of %d Bits is not supported", key_length); + log_printf(ERR, "key derivation key length of %d Bits is not supported", kd->key_length_); return -1; } } @@ -309,18 +309,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, if(!kd->key_store_[label].key_.buf_) { kd->key_store_[label].key_.length_ = 0; kd->key_store_[label].key_.buf_ = malloc(len); - if(!kd->key_store_[label].key_.buf_) { - log_printf(ERR, "memory error at key derivation"); + if(!kd->key_store_[label].key_.buf_) return -2; - } + kd->key_store_[label].key_.length_ = len; } else if(kd->key_store_[label].key_.length_ < len) { u_int8_t* tmp = realloc(kd->key_store_[label].key_.buf_, len); - if(!tmp) { - log_printf(ERR, "memory error at key derivation"); + if(!tmp) return -2; - } + kd->key_store_[label].key_.buf_ = tmp; kd->key_store_[label].key_.length_ = len; } diff --git a/src/key_derivation.h b/src/key_derivation.h index d8f49c6..f21cd9e 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -71,7 +71,7 @@ int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr int key_derivation_null_generate(u_int8_t* key, u_int32_t len); -int key_derivation_aesctr_init(key_derivation_t* kd, u_int16_t key_length); +int key_derivation_aesctr_init(key_derivation_t* kd); void key_derivation_aesctr_close(key_derivation_t* kd); int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_t* result, satp_prf_label_t label, seq_nr_t seq_nr); int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); -- cgit v1.2.3