Hello, Since the issue with the OpenSSL license seems to have reached a dead-end because the crc_chop_tbl table is copyrighted as GPL and the author is impossible to contact [1]... I have translated the OpenSSL functions used on Aircrack-ng to the GnuTLS counterparts. I did this using macro definitions. Therefore there was not needed any change on the actual code of Aircrack-ng apart from a few lines to include the wrapper header and also to make GnuTLS thread-safe on aircrack-ng, airodump-ng and airbase-ng. I am attaching here the patch (is on top of r2153) I hope you will find it OK to be included on Aircrack-ng. All tests that I did were successful. However further tests should be done. Anyway, if you accept the patch, this will be the default on Debian (Aircrack-ng built with GnuTLS), so I guess that Debian users will take care of testing this in deep. About speed, for example, breaking a WPA key, with OpenSSL I get ~ 2700 k/s and with GnuTLS ~ 2400 k/s. So, seems that OpenSSL performs better than GnuTLS, but don't seems to be a big deal (+12%). Best regards! ------------- [1] http://trac.aircrack-ng.org/ticket/953 -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Carlos Alberto Lopez Perez http://neutrino.es Igalia - Free Software Engineering http://www.igalia.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From 150cd9bdf3eed81ac601d17662cc2835834d79d5 Mon Sep 17 00:00:00 2001
From: Carlos Alberto Lopez Perez <clopez@igalia.com>
Date: Tue, 1 May 2012 06:24:59 +0200
Subject: [PATCH] Add support for GnuTLS
* It adds a wrapper that translates the OpenSSL primitives to the
GnuTLS counterparts using macro definitions.
* Compile with:
make gnutls=true
* The following tests done with this patch were successful:
* Cracking WEP key with Koreak attack
* Cracking WEP key with PTW attack
* Cracking WPA key (using a dictionary)
* Aireplay-ng attacks: -1, -3, -4 (chopchop), -5
* Packetforge ARP generation and injection (based on xor file
obtained with aireplay-ng chopchop attack)
* This patch is on top of r2153
---
INSTALLING | 7 +++-
src/Makefile | 8 +++-
src/airbase-ng.c | 9 +++++
src/aircrack-ng.c | 9 +++++
src/airodump-ng.c | 9 +++++
src/crypto.h | 4 ++
src/gnutls-openssl-wrapper.h | 76 ++++++++++++++++++++++++++++++++++++++++++
7 files changed, 119 insertions(+), 3 deletions(-)
create mode 100644 src/gnutls-openssl-wrapper.h
diff --git a/INSTALLING b/INSTALLING
index 5186dda..1440030 100644
--- a/INSTALLING
+++ b/INSTALLING
@@ -1,6 +1,6 @@
=== Requirements ===
- * OpenSSL development package
+ * OpenSSL development package or GnuTLS development package
* If you want to use airolib-ng and '-r' option in aircrack-ng,
SQLite development package >= 3.3.17 (3.6.X version or better is recommended):
- libsqlite3-devel
@@ -43,11 +43,16 @@ to compile and install the suite:
Note: Experimental. Each script has its own dependences.
Note: It's only required in install phase.
+* gnutls: Use GnuTLS crypto library instead of the default OpenSSL.
+
Example:
* Compiling:
make sqlite=true unstable=true
+ * Compiling with GnuTLS
+ make gnutls=true
+
* Installing:
make sqlite=true unstable=true install
diff --git a/src/Makefile b/src/Makefile
index 9bd87de..984debc 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -104,8 +104,12 @@ ifeq ($(OSNAME), cygwin)
LIBS += -liphlpapi -lsetupapi -luuid
endif
LIBOSD = $(OSD)/lib$(OSD).a
-
-LIBSSL = -lssl -lcrypto
+ifeq ($(gnutls), true)
+ LIBSSL = -lgnutls -lgcrypt
+ CFLAGS += -DUSE_GNUTLS
+else
+ LIBSSL = -lssl -lcrypto
+endif
LIBSQL =
ifeq ($(SQLITE), true)
LIBSQL = -L/usr/local/lib -lsqlite3
diff --git a/src/airbase-ng.c b/src/airbase-ng.c
index 8bbb73e..2470fe9 100644
--- a/src/airbase-ng.c
+++ b/src/airbase-ng.c
@@ -68,6 +68,10 @@
#include "osdep/osdep.h"
#include "osdep/common.h"
+#ifdef USE_GNUTLS
+ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
static struct wif *_wi_in, *_wi_out;
#define CRYPT_NONE 0
@@ -3880,6 +3884,11 @@ int main( int argc, char *argv[] )
rCF = (pCF_t) malloc(sizeof(struct CF_packet));
memset(rCF, 0, sizeof(struct CF_packet));
+#ifdef USE_GNUTLS
+ // Register callback functions to ensure proper locking in the sensitive parts of libgcrypt.
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ gnutls_global_init();
+#endif
pthread_mutex_init( &mx_cf, NULL );
pthread_mutex_init( &mx_cap, NULL );
diff --git a/src/aircrack-ng.c b/src/aircrack-ng.c
index b06af6d..6c33224 100644
--- a/src/aircrack-ng.c
+++ b/src/aircrack-ng.c
@@ -76,6 +76,10 @@
sqlite3 *db;
#endif
+#ifdef USE_GNUTLS
+ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
extern int get_nb_cpus();
static uchar ZERO[32] =
@@ -4890,6 +4894,11 @@ int main( int argc, char *argv[] )
char *sql;
#endif
+#ifdef USE_GNUTLS
+ // Register callback functions to ensure proper locking in the sensitive parts of libgcrypt.
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ gnutls_global_init();
+#endif
ret = FAILURE;
showhelp = 0;
diff --git a/src/airodump-ng.c b/src/airodump-ng.c
index 3ee0c8a..97a8fe0 100644
--- a/src/airodump-ng.c
+++ b/src/airodump-ng.c
@@ -69,6 +69,10 @@
#include "osdep/common.h"
#include "common.h"
+#ifdef USE_GNUTLS
+ GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
void dump_sort( void );
void dump_print( int ws_row, int ws_col, int if_num );
@@ -5264,6 +5268,11 @@ int main( int argc, char *argv[] )
};
+#ifdef USE_GNUTLS
+ // Register callback functions to ensure proper locking in the sensitive parts of libgcrypt.
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ gnutls_global_init();
+#endif
pthread_mutex_init( &(G.mx_print), NULL );
pthread_mutex_init( &(G.mx_sort), NULL );
diff --git a/src/crypto.h b/src/crypto.h
index 596a569..13bfd33 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -43,11 +43,15 @@
#define uint32 unsigned long int
#endif
+#ifdef USE_GNUTLS
+#include "gnutls-openssl-wrapper.h"
+#else
#include <openssl/hmac.h>
#include <openssl/sha.h>
// We don't use EVP. Bite me
#include <openssl/rc4.h>
#include <openssl/aes.h>
+#endif
#define S_LLC_SNAP "\xAA\xAA\x03\x00\x00\x00"
#define S_LLC_SNAP_ARP (S_LLC_SNAP "\x08\x06")
diff --git a/src/gnutls-openssl-wrapper.h b/src/gnutls-openssl-wrapper.h
new file mode 100644
index 0000000..a808b9e
--- /dev/null
+++ b/src/gnutls-openssl-wrapper.h
@@ -0,0 +1,76 @@
+#ifndef _GNUTLS_OPENSSL_WRAPPERS_H
+#define _GNUTLS_OPENSSL_WRAPPERS_H
+/*
+ *
+ * gnutls-openssl-wrapper.h
+ *
+ * Copyright (C) 2012 Carlos Alberto Lopez Perez <clopez@igalia.com>
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301, USA.
+ *
+ */
+#include <gcrypt.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+// RC4_*
+#define RC4_KEY gcry_cipher_hd_t
+#define RC4_set_key(h, l, k) gcry_cipher_setkey((void *)h, k, l)
+#define RC4(h, l, s, d) gcry_cipher_encrypt((void *)h, (void *)d, l, (void *)s, l)
+// SHA_*
+#define SHA_CTX gcry_md_hd_t
+#define SHA1_Init(c) gnutls_hash_init((gnutls_hash_hd_t *)c, GNUTLS_DIG_SHA1)
+#define SHA1_Update(c,b,l) gnutls_hash((gnutls_hash_hd_t )c, b, l)
+#define SHA1_Final(b,c) gnutls_hash_deinit((gnutls_hash_hd_t )b, c)
+// EVP_*
+#define EVP_md5() GCRY_MD_MD5
+#define EVP_sha1() GCRY_MD_SHA1
+// AES_*
+#define AES_KEY gcry_cipher_hd_t
+#define AES_encrypt(ctx, plain, crypt) gcry_cipher_encrypt((gcry_cipher_hd_t )ctx, crypt, 16, plain, 16)
+#define AES_set_encrypt_key(key, len, trash) do { \
+ gcry_cipher_hd_t hd; \
+ gcry_cipher_open(&hd, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 0); \
+ gcry_cipher_setkey(hd, &key, len); \
+ } while (0)
+// HMAC_*
+#define HMAC_CTX gcry_md_hd_t
+#define HMAC_CTX_cleanup(c) gcry_md_close((gcry_md_hd_t )c)
+#define HMAC_CTX_init(c) ; // noop
+#define HMAC_Init_ex(ctx, key, len, md, engine) HMAC_Init(ctx, key, len, md)
+#define HMAC_Init(ctx, key, len, md) do { \
+ gcry_md_open(ctx, md, GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC); \
+ gcry_md_setkey(*ctx, key, len); \
+ } while (0)
+#define HMAC_Update(ctx, data, len) gcry_md_write(*ctx, data, len)
+#define HMAC_Final(ctx, md, len) do { \
+ int algo; algo = gcry_md_get_algo(*ctx); \
+ memcpy( md, \
+ gcry_md_read((gcry_md_hd_t )*ctx, algo), \
+ gcry_md_get_algo_dlen(algo) \
+ ); \
+ } while (0)
+#define HMAC(algo, key, klen, data, dlen, res, rlen) do { \
+ gcry_md_hd_t mdh; \
+ gcry_md_open(&mdh, algo, GCRY_MD_FLAG_HMAC); \
+ gcry_md_setkey(mdh, key, klen); \
+ gcry_md_write(mdh, data, dlen); \
+ memcpy(res, gcry_md_read(mdh, algo), \
+ gcry_md_get_algo_dlen (algo)); \
+ gcry_md_close(mdh); \
+ } while (0)
+// http://tumblr.spantz.org/post/214737529/the-use-of-do-while-0-in-c-macros
+#endif // _GNUTLS_OPENSSL_WRAPPERS_H
--
1.7.9.1
Attachment:
signature.asc
Description: OpenPGP digital signature