X-Git-Url: https://git.syn-net.org/debian/?p=anytun.git;a=blobdiff_plain;f=src%2FkeyDerivation.cpp;h=17d2a7cd51c8a07ae9190cbd80e982bb9a410098;hp=25b7cf0b478309f0f5c71d80045dbe9b073cebd1;hb=ef0cacf2508418915d3f64b04003be3c13fed3cc;hpb=ece844834d2cecc028ce81ca283f5d441088580e diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index 25b7cf0..17d2a7c 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -11,7 +11,7 @@ * tunneling and relaying of packets of any protocol. * * - * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, + * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. @@ -61,7 +61,7 @@ void KeyDerivation::setRole(const role_t role) #ifndef NO_CRYPT #ifndef NO_PASSPHRASE -void KeyDerivation::calcMasterKey(std::string passphrase, u_int16_t length) +void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length) { cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation: calculating master key from passphrase"; if(!length) { @@ -79,10 +79,10 @@ void KeyDerivation::calcMasterKey(std::string passphrase, u_int16_t length) } #ifndef USE_SSL_CRYPTO - Buffer digest(static_cast(gcry_md_get_algo_dlen(GCRY_MD_SHA256))); + Buffer digest(static_cast(gcry_md_get_algo_dlen(GCRY_MD_SHA256))); gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length()); #else - Buffer digest(u_int32_t(SHA256_DIGEST_LENGTH)); + Buffer digest(uint32_t(SHA256_DIGEST_LENGTH)); SHA256(reinterpret_cast(passphrase.c_str()), passphrase.length(), digest.getBuf()); #endif master_key_.setLength(length); @@ -90,7 +90,7 @@ void KeyDerivation::calcMasterKey(std::string passphrase, u_int16_t length) std::memcpy(master_key_.getBuf(), &digest.getBuf()[digest.getLength() - master_key_.getLength()], master_key_.getLength()); } -void KeyDerivation::calcMasterSalt(std::string passphrase, u_int16_t length) +void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length) { cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation: calculating master salt from passphrase"; if(!length) { @@ -108,10 +108,10 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, u_int16_t length) } #ifndef USE_SSL_CRYPTO - Buffer digest(static_cast(gcry_md_get_algo_dlen(GCRY_MD_SHA1))); + Buffer digest(static_cast(gcry_md_get_algo_dlen(GCRY_MD_SHA1))); gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length()); #else - Buffer digest(u_int32_t(SHA_DIGEST_LENGTH)); + Buffer digest(uint32_t(SHA_DIGEST_LENGTH)); SHA1(reinterpret_cast(passphrase.c_str()), passphrase.length(), digest.getBuf()); #endif master_salt_.setLength(length); @@ -126,34 +126,31 @@ satp_prf_label_t KeyDerivation::convertLabel(kd_dir_t dir, satp_prf_label_t labe switch(label) { case LABEL_ENC: { if(dir == KD_OUTBOUND) { - if(role_ == ROLE_LEFT) return LABEL_LEFT_ENC; - if(role_ == ROLE_RIGHT) return LABEL_RIGHT_ENC; - } - else { - if(role_ == ROLE_LEFT) return LABEL_RIGHT_ENC; - if(role_ == ROLE_RIGHT) return LABEL_LEFT_ENC; + if(role_ == ROLE_LEFT) { return LABEL_LEFT_ENC; } + if(role_ == ROLE_RIGHT) { return LABEL_RIGHT_ENC; } + } else { + if(role_ == ROLE_LEFT) { return LABEL_RIGHT_ENC; } + if(role_ == ROLE_RIGHT) { return LABEL_LEFT_ENC; } } break; } case LABEL_SALT: { if(dir == KD_OUTBOUND) { - if(role_ == ROLE_LEFT) return LABEL_LEFT_SALT; - if(role_ == ROLE_RIGHT) return LABEL_RIGHT_SALT; - } - else { - if(role_ == ROLE_LEFT) return LABEL_RIGHT_SALT; - if(role_ == ROLE_RIGHT) return LABEL_LEFT_SALT; + if(role_ == ROLE_LEFT) { return LABEL_LEFT_SALT; } + if(role_ == ROLE_RIGHT) { return LABEL_RIGHT_SALT; } + } else { + if(role_ == ROLE_LEFT) { return LABEL_RIGHT_SALT; } + if(role_ == ROLE_RIGHT) { return LABEL_LEFT_SALT; } } break; } case LABEL_AUTH: { if(dir == KD_OUTBOUND) { - if(role_ == ROLE_LEFT) return LABEL_LEFT_AUTH; - if(role_ == ROLE_RIGHT) return LABEL_RIGHT_AUTH; - } - else { - if(role_ == ROLE_LEFT) return LABEL_RIGHT_AUTH; - if(role_ == ROLE_RIGHT) return LABEL_LEFT_AUTH; + if(role_ == ROLE_LEFT) { return LABEL_LEFT_AUTH; } + if(role_ == ROLE_RIGHT) { return LABEL_RIGHT_AUTH; } + } else { + if(role_ == ROLE_LEFT) { return LABEL_RIGHT_AUTH; } + if(role_ == ROLE_RIGHT) { return LABEL_LEFT_AUTH; } } break; } @@ -173,19 +170,21 @@ bool NullKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t #ifndef NO_CRYPT //****** AesIcmKeyDerivation ****** -AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH) +AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH) { #ifndef USE_SSL_CRYPTO - for(int i=0; i<2; i++) + for(int i=0; i<2; i++) { handle_[i] = NULL; + } #endif } -AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(key_length) +AesIcmKeyDerivation::AesIcmKeyDerivation(uint16_t key_length) : KeyDerivation(key_length) { #ifndef USE_SSL_CRYPTO - for(int i=0; i<2; i++) + for(int i=0; i<2; i++) { handle_[i] = NULL; + } #endif } @@ -194,8 +193,9 @@ AesIcmKeyDerivation::~AesIcmKeyDerivation() WritersLock lock(mutex_); #ifndef USE_SSL_CRYPTO for(int i=0; i<2; i++) - if(handle_[i]) + if(handle_[i]) { gcry_cipher_close(handle_[i]); + } #endif } @@ -205,15 +205,17 @@ void AesIcmKeyDerivation::init(Buffer key, Buffer salt, std::string passphrase) is_initialized_ = false; #ifndef NO_PASSPHRASE - if(passphrase != "" && !key.getLength()) + if(passphrase != "" && !key.getLength()) { calcMasterKey(passphrase, key_length_/8); - else + } else { master_key_ = SyncBuffer(key); - - if(passphrase != "" && !salt.getLength()) + } + + if(passphrase != "" && !salt.getLength()) { calcMasterSalt(passphrase, SALT_LENGTH); - else + } else { master_salt_ = SyncBuffer(salt); + } #else master_key_ = SyncBuffer(key); master_salt_ = SyncBuffer(salt); @@ -237,9 +239,15 @@ void AesIcmKeyDerivation::updateMasterKey() #ifndef USE_SSL_CRYPTO int algo; switch(key_length_) { - case 128: algo = GCRY_CIPHER_AES128; break; - case 192: algo = GCRY_CIPHER_AES192; break; - case 256: algo = GCRY_CIPHER_AES256; break; + case 128: + algo = GCRY_CIPHER_AES128; + break; + case 192: + algo = GCRY_CIPHER_AES192; + break; + case 256: + algo = GCRY_CIPHER_AES256; + break; default: { cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: cipher key length of " << key_length_ << " Bits is not supported"; return; @@ -247,15 +255,16 @@ void AesIcmKeyDerivation::updateMasterKey() } for(int i=0; i<2; i++) { - if(handle_[i]) + if(handle_[i]) { gcry_cipher_close(handle_[i]); - + } + gcry_error_t err = gcry_cipher_open(&handle_[i], algo, GCRY_CIPHER_MODE_CTR, 0); if(err) { cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to open cipher: " << AnytunGpgError(err); return; - } - + } + err = gcry_cipher_setkey(handle_[i], master_key_.getBuf(), master_key_.getLength()); if(err) { cLog.msg(Log::PRIO_ERROR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << AnytunGpgError(err); @@ -274,7 +283,7 @@ void AesIcmKeyDerivation::updateMasterKey() is_initialized_ = true; } -std::string AesIcmKeyDerivation::printType() +std::string AesIcmKeyDerivation::printType() { ReadersLock lock(mutex_); @@ -297,17 +306,18 @@ bool AesIcmKeyDerivation::calcCtr(kd_dir_t dir, satp_prf_label_t label, seq_nr_t return true; } -bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key) +bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key) { ReadersLock lock(mutex_); - if(!is_initialized_) + if(!is_initialized_) { return false; + } if(!calcCtr(dir, label, seq_nr)) { return false; } - + #ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_cipher_reset(handle_[dir]); if(err) { @@ -335,7 +345,7 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_ std::memset(key.getBuf(), 0, key.getLength()); AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num); #endif - + return true; } #endif