From: Guus Sliepen Date: Mon, 11 Apr 2016 13:27:08 +0000 (+0200) Subject: Remove elliptic curve stubs from gcrypt/, add PRF implementation. X-Git-Tag: release-1.1pre12~42 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=9ba3e95a9a559240d16de71ca1513c7bfa98a70c;p=tinc Remove elliptic curve stubs from gcrypt/, add PRF implementation. --- diff --git a/src/gcrypt/ecdh.c b/src/gcrypt/ecdh.c deleted file mode 100644 index 4e30733f..00000000 --- a/src/gcrypt/ecdh.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - ecdh.c -- Diffie-Hellman key exchange handling - Copyright (C) 2011-2013 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ - -#include "../system.h" - -#include "../ecdh.h" -#include "../logger.h" -#include "../utils.h" -#include "../xalloc.h" - -ecdh_t *ecdh_generate_public(void *pubkey) { - logger(DEBUG_ALWAYS, LOG_ERR, "EC support using libgcrypt not implemented"); - return NULL; -} - -bool ecdh_compute_shared(ecdh_t *ecdh, const void *pubkey, void *shared) { - return false -} - -void ecdh_free(ecdh_t *ecdh) { -} diff --git a/src/gcrypt/ecdsa.c b/src/gcrypt/ecdsa.c deleted file mode 100644 index ee19aec3..00000000 --- a/src/gcrypt/ecdsa.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - ecdsa.c -- ECDSA key handling - Copyright (C) 2011-2013 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ - -#include "../system.h" - -#include "../logger.h" -#include "../ecdsa.h" -#include "../utils.h" -#include "../xalloc.h" - -// Get and set ECDSA keys -// -ecdsa_t *ecdsa_set_base64_public_key(const char *p) { - logger(DEBUG_ALWAYS, LOG_ERR, "EC support using libgcrypt not implemented"); - return NULL; -} - -char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) { - return NULL; -} - -// Read PEM ECDSA keys - -ecdsa_t *ecdsa_read_pem_public_key(FILE *fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "EC support using libgcrypt not implemented"); - return NULL; -} - -ecdsa_t *ecdsa_read_pem_private_key(FILE *fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "EC support using libgcrypt not implemented"); - return NULL; -} - -size_t ecdsa_size(ecdsa_t *ecdsa) { - return 0; -} - -bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) { - return false; -} - -bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) { - return false; -} - -bool ecdsa_active(ecdsa_t *ecdsa) { - return false; -} - -void ecdsa_free(ecdsa_t *ecdsa) { -} diff --git a/src/gcrypt/ecdsagen.c b/src/gcrypt/ecdsagen.c deleted file mode 100644 index 2d4912d5..00000000 --- a/src/gcrypt/ecdsagen.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - ecdsagen.c -- ECDSA key generation and export - Copyright (C) 2011-2013 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -*/ - -#include "../system.h" - -#include "../ecdsagen.h" -#include "../utils.h" -#include "../xalloc.h" - -// Generate ECDSA key - -ecdsa_t *ecdsa_generate(void) { - logger(DEBUG_ALWAYS, LOG_ERR, "EC support using libgcrypt not implemented"); - return NULL; -} - -// Write PEM ECDSA keys - -bool ecdsa_write_pem_public_key(ecdsa_t *ecdsa, FILE *fp) { - return false; -} - -bool ecdsa_write_pem_private_key(ecdsa_t *ecdsa, FILE *fp) { - return false; -} diff --git a/src/gcrypt/prf.c b/src/gcrypt/prf.c index f9a21121..55c9923d 100644 --- a/src/gcrypt/prf.c +++ b/src/gcrypt/prf.c @@ -19,11 +19,88 @@ #include "../system.h" -#include "digest.h" -#include "../digest.h" #include "../prf.h" +#include "../ed25519/sha512.h" + +static void memxor(char *buf, char c, size_t len) { + for(size_t i = 0; i < len; i++) + buf[i] ^= c; +} + +static const size_t mdlen = 64; +static const size_t blklen = 128; + +static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) { + char tmp[blklen + mdlen]; + sha512_context md; + + if(keylen <= blklen) { + memcpy(tmp, key, keylen); + memset(tmp + keylen, 0, blklen - keylen); + } else { + if(sha512(key, keylen, tmp) != 0) + return false; + memset(tmp + mdlen, 0, blklen - mdlen); + } + + if(sha512_init(&md) != 0) + return false; + + // ipad + memxor(tmp, 0x36, blklen); + if(sha512_update(&md, tmp, blklen) != 0) + return false; + + // message + if(sha512_update(&md, msg, msglen) != 0) + return false; + + if(sha512_final(&md, tmp + blklen) != 0) + return false; + + // opad + memxor(tmp, 0x36 ^ 0x5c, blklen); + if(sha512(tmp, sizeof tmp, out) != 0) + return false; + + return true; +} + + +/* Generate key material from a master secret and a seed, based on RFC 4346 section 5. + We use SHA512 instead of MD5 and SHA1. + */ bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) { - logger(DEBUG_ALWAYS, LOG_ERR, "PRF support using libgcrypt not implemented"); - return false; + /* Data is what the "inner" HMAC function processes. + It consists of the previous HMAC result plus the seed. + */ + + char data[mdlen + seedlen]; + memset(data, 0, mdlen); + memcpy(data + mdlen, seed, seedlen); + + char hash[mdlen]; + + while(outlen > 0) { + /* Inner HMAC */ + if(!hmac_sha512(secret, secretlen, data, sizeof data, data)) + return false; + + /* Outer HMAC */ + if(outlen >= mdlen) { + if(!hmac_sha512(secret, secretlen, data, sizeof data, out)) + return false; + out += mdlen; + outlen -= mdlen; + } else { + if(!hmac_sha512(secret, secretlen, data, sizeof data, hash)) + return false; + memcpy(out, hash, outlen); + out += outlen; + outlen = 0; + } + } + + return true; }