diff options
author | Christian Pointner <equinox@anytun.org> | 2014-06-22 23:09:15 +0000 |
---|---|---|
committer | Christian Pointner <equinox@anytun.org> | 2014-06-22 23:09:15 +0000 |
commit | fac90fc49e667b18522b442ff15edd3bb8eb804b (patch) | |
tree | 7530b98b4b7c50f0512184e9a2369a0b196306a7 /src/authAlgo.cpp | |
parent | fixed typo in license header (diff) | |
parent | implemented key derivation using libnettle (diff) |
merged nettle featuer branch to trunk
Diffstat (limited to 'src/authAlgo.cpp')
-rw-r--r-- | src/authAlgo.cpp | 70 |
1 files changed, 43 insertions, 27 deletions
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp index b583d6f..abc38c4 100644 --- a/src/authAlgo.cpp +++ b/src/authAlgo.cpp @@ -54,32 +54,36 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_CTX_init(&ctx_); + HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo"; return; } -#else - HMAC_CTX_init(&ctx_); - HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL); #endif } Sha1AuthAlgo::~Sha1AuthAlgo() { -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_CTX_cleanup(&ctx_); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default if(handle_) { gcry_md_close(handle_); } -#else - HMAC_CTX_cleanup(&ctx_); #endif } void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_GCRYPT) if(!handle_) { return; } @@ -91,7 +95,19 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) } kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_); -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); + + uint8_t hmac[DIGEST_LENGTH]; + HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); + HMAC_Final(&ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf()); + + uint8_t hmac[DIGEST_LENGTH]; + hmac_sha1_update(&ctx_, packet.getAuthenticatedPortionLength(), packet.getAuthenticatedPortion()); + hmac_sha1_digest(&ctx_, DIGEST_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err); @@ -102,12 +118,6 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); gcry_md_final(handle_); uint8_t* hmac = gcry_md_read(handle_, 0); -#else - HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); - - uint8_t hmac[DIGEST_LENGTH]; - HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); - HMAC_Final(&ctx_, hmac, NULL); #endif uint8_t* tag = packet.getAuthTag(); @@ -122,7 +132,7 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) { -#ifndef USE_SSL_CRYPTO +#if defined(USE_GCRYPT) if(!handle_) { return false; } @@ -134,7 +144,19 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) } kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_); -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); + + uint8_t hmac[DIGEST_LENGTH]; + HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); + HMAC_Final(&ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf()); + + uint8_t hmac[DIGEST_LENGTH]; + hmac_sha1_update(&ctx_, packet.getAuthenticatedPortionLength(), packet.getAuthenticatedPortion()); + hmac_sha1_digest(&ctx_, DIGEST_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err); @@ -145,12 +167,6 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); gcry_md_final(handle_); uint8_t* hmac = gcry_md_read(handle_, 0); -#else - HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); - - uint8_t hmac[DIGEST_LENGTH]; - HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); - HMAC_Final(&ctx_, hmac, NULL); #endif uint8_t* tag = packet.getAuthTag(); @@ -163,10 +179,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length); packet.removeAuthTag(); - if(ret) {
- return false;
- }
-
+ if(ret) { + return false; + } + return true; } |