From e8c117aa01ac48fa2cf022810543bd97a0e44e57 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Jun 2014 16:48:26 +0000 Subject: refactored crypto lib selection --- src/auth_algo.c | 42 ++++++++++++++--------------- src/auth_algo.h | 12 ++++----- src/cipher.c | 26 +++++++++--------- src/cipher.h | 10 +++---- src/configure | 1 + src/init_crypt.h | 18 ++++++------- src/key_derivation.c | 74 ++++++++++++++++++++++++++-------------------------- src/key_derivation.h | 12 ++++----- 8 files changed, 98 insertions(+), 97 deletions(-) (limited to 'src') diff --git a/src/auth_algo.c b/src/auth_algo.c index e9b6d0f..8ee3f49 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -154,15 +154,15 @@ int auth_algo_sha1_init(auth_algo_t* aa) auth_algo_sha1_param_t* params = aa->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_CTX_init(¶ms->ctx_); + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; } -#else - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); #endif return 0; @@ -176,11 +176,11 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { auth_algo_sha1_param_t* params = aa->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_CTX_cleanup(¶ms->ctx_); +#else // USE_GCRYPT is the default if(params->handle_) gcry_md_close(params->handle_); -#else - HMAC_CTX_cleanup(¶ms->ctx_); #endif free(aa->params_); @@ -207,7 +207,13 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -218,12 +224,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); @@ -255,7 +255,13 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return 0; -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -266,12 +272,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); diff --git a/src/auth_algo.h b/src/auth_algo.h index c3caaa6..2c20410 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -36,10 +36,10 @@ #ifndef UANYTUN_auth_algo_h_INCLUDED #define UANYTUN_auth_algo_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include -#else +#ifdef USE_SSL_CRYPTO #include +#else // USE_GCRYPT is the default +#include #endif #include "key_derivation.h" #include "encrypted_packet.h" @@ -66,10 +66,10 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_di #define SHA1_LENGTH 20 struct auth_algo_sha1_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_md_hd_t handle_; -#else +#ifdef USE_SSL_CRYPTO HMAC_CTX ctx_; +#else // USE_GCRYPT is the default + gcry_md_hd_t handle_; #endif }; typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t; diff --git a/src/cipher.c b/src/cipher.c index 6f08eef..03449a0 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -210,7 +210,7 @@ int cipher_aesctr_init(cipher_t* c) if(!c->params_) return -2; -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT int algo; switch(c->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -239,7 +239,7 @@ void cipher_aesctr_close(cipher_t* c) return; if(c->params_) { -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT cipher_aesctr_param_t* params = c->params_; gcry_cipher_close(params->handle_); #endif @@ -288,10 +288,10 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di #ifdef USE_SSL_CRYPTO ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, ¶ms->aes_key_); if(ret) { - log_printf(ERROR, "failed to set cipher ssl aes-key (code: %d)", ret); + log_printf(ERROR, "failed to set cipher key (code: %d)", ret); return -1; } -#else +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_); if(err) { log_printf(ERROR, "failed to set cipher key: %s", gcry_strerror(err)); @@ -305,7 +305,15 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di return ret; } -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set cipher CTR: size doesn't fit"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#else // USE_GCRYPT is the default err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH); if(err) { log_printf(ERROR, "failed to set cipher CTR: %s", gcry_strerror(err)); @@ -317,14 +325,6 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_di log_printf(ERROR, "failed to de/encrypt packet: %s", gcry_strerror(err)); return -1; } -#else - if(C_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set cipher CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return (ilen < olen) ? ilen : olen; diff --git a/src/cipher.h b/src/cipher.h index 5758fde..d4506d4 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -38,9 +38,9 @@ #ifndef NO_CRYPT #ifndef USE_SSL_CRYPTO -#include -#else #include +#else // USE_GCRYPT is the default +#include #endif #include "key_derivation.h" #else @@ -94,11 +94,11 @@ union __attribute__((__packed__)) cipher_aesctr_ctr_union { typedef union cipher_aesctr_ctr_union cipher_aesctr_ctr_t; struct cipher_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#ifdef USE_SSL_CRYPTO AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif cipher_aesctr_ctr_t ctr_; }; diff --git a/src/configure b/src/configure index 2d753eb..f764f89 100755 --- a/src/configure +++ b/src/configure @@ -169,6 +169,7 @@ esac case $CRYPTO_LIB in gcrypt) + CFLAGS=$CFLAGS' -DUSE_GCRYPT' LDFLAGS=$LDFLAGS' -lgcrypt' echo "using libgcrypt library" ;; diff --git a/src/init_crypt.h b/src/init_crypt.h index 314ebc5..47688c7 100644 --- a/src/init_crypt.h +++ b/src/init_crypt.h @@ -48,7 +48,15 @@ int init_crypt() #else -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + +int init_crypt() +{ +// nothing here + return 0; +} + +#else // USE_GCRYPT is the default #include @@ -77,14 +85,6 @@ int init_crypt() return 0; } -#else - -int init_crypt() -{ -// nothing here - return 0; -} - #endif diff --git a/src/key_derivation.c b/src/key_derivation.c index 3ba0656..7bd4d6e 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -135,30 +135,30 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -1; } -#ifndef USE_SSL_CRYPTO - if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { -#else +#ifdef USE_SSL_CRYPTO if(key_length > (SHA256_DIGEST_LENGTH * 8)) { +#else // USE_GCRYPT is the default + if(key_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA256) * 8)) { #endif log_printf(ERROR, "master key too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); -#else +#ifdef USE_SSL_CRYPTO digest.length_ = SHA256_DIGEST_LENGTH; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); -#else +#ifdef USE_SSL_CRYPTO SHA256((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA256, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_key_.length_ = key_length/8; @@ -191,29 +191,29 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph return -1; } -#ifndef USE_SSL_CRYPTO - if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { -#else +#ifdef USE_SSL_CRYPTO if(salt_length > (SHA_DIGEST_LENGTH * 8)) { +#else // USE_GCRYPT is the default + if(salt_length > (gcry_md_get_algo_dlen(GCRY_MD_SHA1) * 8)) { #endif log_printf(ERROR, "master salt too long for passphrase algorithm"); return -1; } buffer_t digest; -#ifndef USE_SSL_CRYPTO - digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); -#else +#ifdef USE_SSL_CRYPTO digest.length_ = SHA_DIGEST_LENGTH; +#else // USE_GCRYPT is the default + digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); #endif digest.buf_ = malloc(digest.length_); if(!digest.buf_) return -2; -#ifndef USE_SSL_CRYPTO - gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); -#else +#ifdef USE_SSL_CRYPTO SHA1((const u_int8_t*)passphrase, strlen(passphrase), digest.buf_); +#else // USE_GCRYPT is the default + gcry_md_hash_buffer(GCRY_MD_SHA1, digest.buf_, passphrase, strlen(passphrase)); #endif kd->master_salt_.length_ = salt_length/8; @@ -330,7 +330,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) return -2; key_derivation_aesctr_param_t* params = kd->params_; -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT params->handle_ = 0; #endif @@ -345,7 +345,13 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) } #endif -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); + if(ret) { + log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); + return -1; + } +#else // USE_GCRYPT is the default int algo; switch(kd->key_length_) { case 128: algo = GCRY_CIPHER_AES128; break; @@ -368,12 +374,6 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase) log_printf(ERROR, "failed to set key derivation key: %s", gcry_strerror(err)); return -1; } -#else - int ret = AES_set_encrypt_key(kd->master_key_.buf_, kd->master_key_.length_*8, ¶ms->aes_key_); - if(ret) { - log_printf(ERROR, "failed to set key derivation ssl aes-key (code: %d)", ret); - return -1; - } #endif return 0; @@ -385,7 +385,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd) return; if(kd->params_) { -#ifndef USE_SSL_CRYPTO +#ifdef USE_GCRYPT key_derivation_aesctr_param_t* params = kd->params_; if(params->handle_) gcry_cipher_close(params->handle_); @@ -428,7 +428,16 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di return -1; } -#ifndef USE_SSL_CRYPTO +#ifdef USE_SSL_CRYPTO + if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { + log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); + return -1; + } + u_int32_t num = 0; + memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); + memset(key, 0, len); + AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_cipher_reset(params->handle_); if(err) { log_printf(ERROR, "failed to reset key derivation cipher: %s", gcry_strerror(err)); @@ -447,15 +456,6 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t di log_printf(ERROR, "failed to generate key derivation bitstream: %s", gcry_strerror(err)); return -1; } -#else - if(KD_AESCTR_CTR_LENGTH != AES_BLOCK_SIZE) { - log_printf(ERROR, "failed to set key derivation CTR: size don't fits"); - return -1; - } - u_int32_t num = 0; - memset(params->ecount_buf_, 0, AES_BLOCK_SIZE); - memset(key, 0, len); - AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif return 0; diff --git a/src/key_derivation.h b/src/key_derivation.h index 19fd88b..0d3c93f 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -36,10 +36,10 @@ #ifndef UANYTUN_key_derivation_h_INCLUDED #define UANYTUN_key_derivation_h_INCLUDED -#ifndef USE_SSL_CRYPTO -#include -#else +#ifdef USE_SSL_CRYPTO #include +#else // USE_GCRYPT is the default +#include #endif #include "options.h" @@ -103,11 +103,11 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t; struct key_derivation_aesctr_param_struct { -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#ifdef USE_SSL_CRYPTO AES_KEY aes_key_; u_int8_t ecount_buf_[AES_BLOCK_SIZE]; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif key_derivation_aesctr_ctr_t ctr_; }; -- cgit v1.2.3