Example #1
0
int state_key_generate(state *s)
{
	unsigned char entropy_pool[1024]; /* 160 + 8032 bits */

	const int real_random = 20;
	const int pseudo_random = sizeof(entropy_pool) - real_random;

	const int salt = s->flags & FLAG_SALTED;

	/* TODO: It's almost certain that it's better To read whole
	 * key from dev/random instead of this weird splitting.
	 */

	/* Gather entropy from random + urandom to speed things up... */
	if (crypto_file_rng("/dev/random", NULL,
		    entropy_pool, real_random) != 0)
	{
		print_perror(PRINT_ERROR, "Unable to open /dev/random");
		return 1;
	}

	if (crypto_file_rng("/dev/urandom", NULL,
		    entropy_pool+real_random, pseudo_random) != 0)
	{
		print_perror(PRINT_ERROR, "Unable to open /dev/random");
		return 1;
	}

	if (salt == 0) {
		crypto_sha256(entropy_pool, sizeof(entropy_pool), s->sequence_key);
		memset(entropy_pool, 0, sizeof(entropy_pool));

		s->counter = num_i(0);
		s->latest_card = num_i(0);

		s->flags &= ~(FLAG_SALTED); 
	} else {
		unsigned char cnt_bin[32] = {'\0'};

		/* Use half of entropy to generate key */
		crypto_sha256(entropy_pool, sizeof(entropy_pool)/2, s->sequence_key);

		/* And half to initialize counter */
		crypto_sha256(entropy_pool + sizeof(entropy_pool)/2, sizeof(entropy_pool)/2, cnt_bin);
		num_import(&s->counter, (char *)cnt_bin, NUM_FORMAT_BIN);
		s->counter = num_and(s->counter, s->salt_mask);
		s->latest_card = num_i(0);

		memset(entropy_pool, 0, sizeof(entropy_pool));
		memset(cnt_bin, 0, sizeof(cnt_bin));

		s->flags |= FLAG_SALTED;
	}

	s->new_key = 1;
	return 0;
}
Example #2
0
void
hash_find(unsigned char *addr, unsigned int size, unsigned char *digest,
	  unsigned char auth_alg)
{
	crypto_result_type ret_val = CRYPTO_SHA_ERR_NONE;
	crypto_engine_type platform_ce_type = board_ce_type();

	if (auth_alg == CRYPTO_AUTH_ALG_SHA1) {
		if(platform_ce_type == CRYPTO_ENGINE_TYPE_SW)
			/* Hardware CE is not present , use software hashing */
			digest = SHA1(addr, size, digest);
		else if (platform_ce_type == CRYPTO_ENGINE_TYPE_HW)
			ret_val = crypto_sha1(addr, size, digest);
		else
			ret_val = CRYPTO_SHA_ERR_FAIL;
	} else if (auth_alg == CRYPTO_AUTH_ALG_SHA256) {
		if(platform_ce_type == CRYPTO_ENGINE_TYPE_SW)
			/* Hardware CE is not present , use software hashing */
			digest = SHA256(addr, size, digest);
		else if (platform_ce_type == CRYPTO_ENGINE_TYPE_HW)
			ret_val = crypto_sha256(addr, size, digest);
		else
		ret_val = CRYPTO_SHA_ERR_FAIL;
	}
	else
		ret_val = CRYPTO_SHA_ERR_FAIL;

	if (ret_val != CRYPTO_SHA_ERR_NONE) {
		dprintf(CRITICAL, "crypto_sha256 returns error %d\n", ret_val);
	}
}
Example #3
0
void
hash_find(unsigned char *addr, unsigned int size, unsigned char *digest,
	  unsigned char auth_alg)
{
	crypto_result_type ret_val = CRYPTO_SHA_ERR_NONE;

	if (auth_alg == 1) {
#ifdef NO_CRYPTO_ENG
		/* Hardware CE is not present , use software hashing */
		digest = SHA1(addr, size, digest);
#else
		ret_val = crypto_sha1(addr, size, digest);
#endif
	} else if (auth_alg == 2) {
#ifdef NO_CRYPTO_ENG
		/* Hardware CE is not present , use software hashing */
		digest = SHA256(addr, size, digest);
#else
		ret_val = crypto_sha256(addr, size, digest);
#endif
	}

	if (ret_val != CRYPTO_SHA_ERR_NONE) {
		dprintf(CRITICAL, "crypto_sha256 returns error %d\n", ret_val);
	}
}
Example #4
0
/* Generate a ping_id and put it in ping_id */
static void generate_ping_id(const Onion_Announce *onion_a, uint64_t time, const uint8_t *public_key,
                             IP_Port ret_ip_port, uint8_t *ping_id)
{
    time /= PING_ID_TIMEOUT;
    uint8_t data[CRYPTO_SYMMETRIC_KEY_SIZE + sizeof(time) + CRYPTO_PUBLIC_KEY_SIZE + sizeof(ret_ip_port)];
    memcpy(data, onion_a->secret_bytes, CRYPTO_SYMMETRIC_KEY_SIZE);
    memcpy(data + CRYPTO_SYMMETRIC_KEY_SIZE, &time, sizeof(time));
    memcpy(data + CRYPTO_SYMMETRIC_KEY_SIZE + sizeof(time), public_key, CRYPTO_PUBLIC_KEY_SIZE);
    memcpy(data + CRYPTO_SYMMETRIC_KEY_SIZE + sizeof(time) + CRYPTO_PUBLIC_KEY_SIZE, &ret_ip_port, sizeof(ret_ip_port));
    crypto_sha256(ping_id, data, sizeof(data));
}