added auth tag support to refactored crypto implementation

author: Othmar Gsenger <otti@anytun.org> 2015-03-04 19:33:35 +0000
committer: Othmar Gsenger <otti@anytun.org> 2015-03-04 19:33:35 +0000
commit: 44c94befcb9871450f574dfe0e7c8ca098efdaa9 (patch)
tree: 958d97d6bb540b6e40f49a0563fd93e05bea8bbf /src/crypto/interface.cpp
parent: new crypt openssl crypt working (auth tag support to be done) (diff)
1 files changed, 55 insertions, 0 deletions
diff --git a/src/crypto/interface.cpp b/src/crypto/interface.cpp
index 2ae9c16..c11e382 100644
--- a/src/crypto/interface.cpp
+++ b/src/crypto/interface.cpp
@@ -68,6 +68,61 @@ void Interface::decrypt(EncryptedPacket& in, PlainPacket& out, const Buffer& mas
   out.setLength(len);
 }
 
+bool Interface::checkAndRemoveAuthTag(EncryptedPacket& packet, const Buffer& masterkey, const Buffer& mastersalt, role_t role)
+{
+  uint32_t digest_length = getDigestLength();
+  packet.withAuthTag(true);
+  if(!packet.getAuthTagLength()) {
+    return true;
+  }
+
+  Buffer digest(digest_length);
+  //Buffer key(masterkey.getLength(), false);
+  Buffer key(digest_length, false);
+  deriveKey(KD_INBOUND, LABEL_AUTH, role, packet.getSeqNr(), packet.getSeqNr(), packet.getMux(), masterkey, mastersalt, key);
+  //std::cout << "Interface::checkAndRemoveAuthTag: " << key.getHexDump() << std::endl;
+  calcAuthKey(key, digest,  packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength() );
+
+  uint8_t* tag = packet.getAuthTag();
+  uint32_t length = (packet.getAuthTagLength() < digest_length) ? packet.getAuthTagLength() : digest_length;
+
+  if(length > digest_length)
+    for(uint32_t i=0; i < (packet.getAuthTagLength() - digest_length); ++i)
+      if(tag[i]) { return false; }
+
+  int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], digest.getBuf() + digest_length - length, length);
+  packet.removeAuthTag();
+
+  if(ret) {
+    return false;
+  }
+
+  return true;
+}
+
+void Interface::addAuthTag(EncryptedPacket& packet, const Buffer& masterkey, const Buffer& mastersalt, role_t role)
+{
+  uint32_t digest_length = getDigestLength();
+  packet.addAuthTag();
+  if(!packet.getAuthTagLength()) {
+    return;
+  }
+  Buffer digest(digest_length);
+  //Buffer key(masterkey.getLength(), false);
+  Buffer key(digest_length, false);
+  deriveKey(KD_OUTBOUND, LABEL_AUTH, role, packet.getSeqNr(), packet.getSeqNr(), packet.getMux(), masterkey, mastersalt, key);
+  //std::cout << "Interface::addAuthTag: " << key.getHexDump() << std::endl;
+  calcAuthKey(key, digest,  packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength() );
+  uint8_t* tag = packet.getAuthTag();
+  uint32_t length = (packet.getAuthTagLength() < digest_length) ? packet.getAuthTagLength() : digest_length;
+
+  if(length > digest_length) {
+    std::memset(tag, 0, packet.getAuthTagLength());
+  }
+
+  std::memcpy(&tag[packet.getAuthTagLength() - length], digest.getBuf() + digest_length - length, length);
+
+}
 
 satp_prf_label_t Interface::convertLabel(kd_dir_t dir, role_t role, satp_prf_label_t label)
 {
author	Othmar Gsenger <otti@anytun.org>	2015-03-04 19:33:35 +0000
committer	Othmar Gsenger <otti@anytun.org>	2015-03-04 19:33:35 +0000
commit	44c94befcb9871450f574dfe0e7c8ca098efdaa9 (patch)
tree	958d97d6bb540b6e40f49a0563fd93e05bea8bbf /src/crypto/interface.cpp
parent	new crypt openssl crypt working (auth tag support to be done) (diff)