mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
Merge pull request #357 from Logan007/tfKeyHandling
simplified twofish's key handling
This commit is contained in:
commit
074004a650
|
@ -62,7 +62,6 @@ typedef uint8_t uint8_t;
|
||||||
|
|
||||||
/* Constants */
|
/* Constants */
|
||||||
|
|
||||||
#define TwoFish_DEFAULT_PW "SnortHas2FishEncryptionRoutines!" /* default password (not more than 32 chars) */
|
|
||||||
#define TwoFish_DEFAULT_PW_LEN 32
|
#define TwoFish_DEFAULT_PW_LEN 32
|
||||||
#define TwoFish_MAGIC "TwoFish" /* to indentify a successful decryption */
|
#define TwoFish_MAGIC "TwoFish" /* to indentify a successful decryption */
|
||||||
|
|
||||||
|
@ -134,12 +133,12 @@ typedef struct
|
||||||
* initializes important values (such as subkeys, sBoxes), generates subkeys
|
* initializes important values (such as subkeys, sBoxes), generates subkeys
|
||||||
* and precomputes the MDS matrix if not already done.
|
* and precomputes the MDS matrix if not already done.
|
||||||
*
|
*
|
||||||
* Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!')
|
* Input: User supplied key of correct length (TwoFish_KEY_LENGTH, 256 bits = 32 bytes by default)
|
||||||
*
|
*
|
||||||
* Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
|
* Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
|
||||||
* This pointer is used with all other crypt functions.
|
* This pointer is used with all other crypt functions.
|
||||||
*/
|
*/
|
||||||
TWOFISH *TwoFishInit(const uint8_t *userkey, uint32_t keysize );
|
TWOFISH *TwoFishInit(const uint8_t *userkey);
|
||||||
|
|
||||||
|
|
||||||
/* TwoFish Destroy
|
/* TwoFish Destroy
|
||||||
|
|
|
@ -180,6 +180,7 @@ int n2n_transop_twofish_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
|
||||||
transop_tf_t *priv;
|
transop_tf_t *priv;
|
||||||
const u_char *encrypt_key = (const u_char *)conf->encrypt_key;
|
const u_char *encrypt_key = (const u_char *)conf->encrypt_key;
|
||||||
size_t encrypt_key_len = strlen(conf->encrypt_key);
|
size_t encrypt_key_len = strlen(conf->encrypt_key);
|
||||||
|
uint8_t key_hash[32];
|
||||||
|
|
||||||
memset(ttt, 0, sizeof(*ttt));
|
memset(ttt, 0, sizeof(*ttt));
|
||||||
ttt->transform_id = N2N_TRANSFORM_ID_TWOFISH;
|
ttt->transform_id = N2N_TRANSFORM_ID_TWOFISH;
|
||||||
|
@ -197,8 +198,9 @@ int n2n_transop_twofish_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
|
||||||
ttt->priv = priv;
|
ttt->priv = priv;
|
||||||
|
|
||||||
/* This is a preshared key setup. Both Tx and Rx are using the same security association. */
|
/* This is a preshared key setup. Both Tx and Rx are using the same security association. */
|
||||||
priv->enc_tf = TwoFishInit(encrypt_key, encrypt_key_len);
|
pearson_hash_256 (key_hash, encrypt_key, encrypt_key_len);
|
||||||
priv->dec_tf = TwoFishInit(encrypt_key, encrypt_key_len);
|
priv->enc_tf = TwoFishInit(key_hash);
|
||||||
|
priv->dec_tf = TwoFishInit(key_hash);
|
||||||
|
|
||||||
if((!priv->enc_tf) || (!priv->dec_tf)) {
|
if((!priv->enc_tf) || (!priv->dec_tf)) {
|
||||||
if(priv->enc_tf) TwoFishDestroy(priv->enc_tf);
|
if(priv->enc_tf) TwoFishDestroy(priv->enc_tf);
|
||||||
|
|
|
@ -123,39 +123,19 @@ uint8_t TwoFish__b(uint32_t x,int n)
|
||||||
* initializes important values (such as subkeys, sBoxes), generates subkeys
|
* initializes important values (such as subkeys, sBoxes), generates subkeys
|
||||||
* and precomputes the MDS matrix if not already done.
|
* and precomputes the MDS matrix if not already done.
|
||||||
*
|
*
|
||||||
* Input: User supplied password (will be appended by default password of 'SnortHas2FishEncryptionRoutines!')
|
* Input: User supplied key of correct length (TwoFish_KEY_LENGTH, 256 bits = 32 bytes by default)
|
||||||
*
|
*
|
||||||
* Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
|
* Output: Pointer to TWOFISH structure. This data structure contains key dependent data.
|
||||||
* This pointer is used with all other crypt functions.
|
* This pointer is used with all other crypt functions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
TWOFISH *TwoFishInit(const uint8_t *userkey, uint32_t keysize)
|
TWOFISH *TwoFishInit(const uint8_t *userkey)
|
||||||
{ TWOFISH *tfdata;
|
{ TWOFISH *tfdata;
|
||||||
int i,x,m;
|
|
||||||
uint8_t tkey[TwoFish_KEY_LENGTH+40];
|
|
||||||
|
|
||||||
memset( tkey, 0, TwoFish_KEY_LENGTH+40 );
|
|
||||||
tfdata=(TWOFISH *)malloc(sizeof(TWOFISH)); /* allocate the TwoFish structure */
|
tfdata=(TWOFISH *)malloc(sizeof(TWOFISH)); /* allocate the TwoFish structure */
|
||||||
if(tfdata!=NULL)
|
if(tfdata!=NULL)
|
||||||
{
|
{
|
||||||
|
memcpy(tfdata->key, userkey, TwoFish_KEY_LENGTH);
|
||||||
/* Changes here prevented a dangerous random key segment for keys of length < TwoFish_KEY_LENGTH */
|
|
||||||
if(keysize > 0)
|
|
||||||
{
|
|
||||||
memcpy( tkey, userkey, keysize ); /* The rest will be zeros */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
memcpy( tkey, TwoFish_DEFAULT_PW, TwoFish_DEFAULT_PW_LEN ); /* if no key defined, use default password */
|
|
||||||
}
|
|
||||||
|
|
||||||
/* This loop is awful - surely a loop on memcpy() would be clearer and more efficient */
|
|
||||||
for(i=0,x=0,m=keysize;i<TwoFish_KEY_LENGTH;i++) /* copy into data structure */
|
|
||||||
{
|
|
||||||
tfdata->key[i]=tkey[x++]; /* fill the whole keyspace with repeating key. */
|
|
||||||
if(x==m)
|
|
||||||
x=0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!TwoFish_MDSready)
|
if(!TwoFish_MDSready)
|
||||||
_TwoFish_PrecomputeMDSmatrix(); /* "Wake Up, Neo" */
|
_TwoFish_PrecomputeMDSmatrix(); /* "Wake Up, Neo" */
|
||||||
|
@ -966,9 +946,16 @@ int main(int argc, char* argv[])
|
||||||
char outbuf[4096];
|
char outbuf[4096];
|
||||||
char * outp = outbuf;
|
char * outp = outbuf;
|
||||||
|
|
||||||
uint8_t key[] = { 0xfc, 0x77, 0x1a, 0xda, 0xaa };
|
uint8_t key[] = { 0xfc, 0x77, 0x1a, 0xda, 0xaa,
|
||||||
TWOFISH *tfa = TwoFishInit( key, 5 );
|
0xfc, 0x77, 0x1a, 0xda, 0xaa,
|
||||||
TWOFISH *tfb = TwoFishInit( key, 5 );
|
0xfc, 0x77, 0x1a, 0xda, 0xaa,
|
||||||
|
0xfc, 0x77, 0x1a, 0xda, 0xaa,
|
||||||
|
0xfc, 0x77, 0x1a, 0xda, 0xaa,
|
||||||
|
0xfc, 0x77, 0x1a, 0xda, 0xaa,
|
||||||
|
0xfc, 0x77 };
|
||||||
|
|
||||||
|
TWOFISH *tfa = TwoFishInit( key );
|
||||||
|
TWOFISH *tfb = TwoFishInit( key );
|
||||||
|
|
||||||
uint8_t out[2048], out2[2048];
|
uint8_t out[2048], out2[2048];
|
||||||
uint8_t in[TEST_DATA_SIZE];
|
uint8_t in[TEST_DATA_SIZE];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user