diff options
| -rw-r--r-- | anytun.cpp | 31 | ||||
| -rw-r--r-- | authAlgo.cpp | 3 | ||||
| -rw-r--r-- | authAlgo.h | 9 | ||||
| -rw-r--r-- | keyDerivation.h | 6 | ||||
| -rw-r--r-- | mpi.h | 5 |
5 files changed, 29 insertions, 25 deletions
@@ -58,6 +58,9 @@ #define PAYLOAD_TYPE_TAP 0x6558 #define PAYLOAD_TYPE_TUN 0x0800 +#define SESSION_KEYLEN_AUTH 20 +#define SESSION_KEYLEN_ENCR 16 +#define SESSION_KEYLEN_SALT 14 struct Param { @@ -95,17 +98,12 @@ void encryptPacket(Packet & pack, Cypher & c, ConnectionParam & conn, void* p) { Param* param = reinterpret_cast<Param*>(p); // cypher the packet - Buffer tmp_key(16), tmp_salt(14); - //TODO fix key derivation! + Buffer session_key(SESSION_KEYLEN_ENCR), session_salt(SESSION_KEYLEN_SALT); + conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key, session_key.getLength()); + conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt, session_salt.getLength()); - conn.kd_.generate(label_satp_encryption, conn.seq_nr_, tmp_key, tmp_key.getLength()); - conn.kd_.generate(label_satp_salt, conn.seq_nr_, tmp_salt, tmp_salt.getLength()); - -// Buffer tmp_key(key, sizeof(key)); -// Buffer tmp_salt(salt, sizeof(salt)); - - c.setKey(tmp_key); - c.setSalt(tmp_salt); + c.setKey(session_key); + c.setSalt(session_salt); cLog.msg(Log::PRIO_NOTICE) << "Send Package: seq: " << conn.seq_nr_ << ", sID: " << param->opt.getSenderId(); @@ -122,15 +120,12 @@ bool decryptPacket(Packet & pack, Cypher & c, ConnectionParam & conn) pack.removeHeader(); // decypher the packet - Buffer tmp_key(16), tmp_salt(14); - conn.kd_.generate(label_satp_encryption, seq, tmp_key, tmp_key.getLength()); - conn.kd_.generate(label_satp_salt, seq, tmp_salt, tmp_salt.getLength()); - -// Buffer tmp_key(key, sizeof(key)); -// Buffer tmp_salt(salt, sizeof(salt)); + Buffer session_key(SESSION_KEYLEN_SALT), session_salt(SESSION_KEYLEN_SALT); + conn.kd_.generate(LABEL_SATP_ENCRYPTION, seq, session_key, session_key.getLength()); + conn.kd_.generate(LABEL_SATP_SALT, seq, session_salt, session_salt.getLength()); - c.setKey(tmp_key); - c.setSalt(tmp_salt); + c.setKey(session_key); + c.setSalt(session_salt); c.cypher(pack, seq, sid); cLog.msg(Log::PRIO_NOTICE) << "Received Package: seq: " << seq diff --git a/authAlgo.cpp b/authAlgo.cpp index cc345ca..0ffd76b 100644 --- a/authAlgo.cpp +++ b/authAlgo.cpp @@ -31,6 +31,7 @@ #include "authAlgo.h" #include "log.h" #include "buffer.h" +#include "authTag.h" #include "threadUtils.hpp" #include <gcrypt.h> @@ -90,7 +91,7 @@ AuthTag Sha1AuthAlgo::calc(const Buffer& buf) { Lock lock(mutex_); // gcry_error_t err; - Buffer hmac(10); // 10byte + AuthTag hmac(10); // 10byte gcry_mpi_t tmp = gcry_mpi_new(160); // 20byte gcry_md_write( ctx_, static_cast<Buffer>(buf).getBuf(), buf.getLength() ); @@ -54,12 +54,19 @@ public: }; -// HMAC_SHA1 +/** + * HMAC SHA1 Auth Tag Generator Class + */ + class Sha1AuthAlgo : public AuthAlgo { public: Sha1AuthAlgo(); ~Sha1AuthAlgo(); + + /** + * + */ void setKey(Buffer key); AuthTag calc(const Buffer& buf); protected: diff --git a/keyDerivation.h b/keyDerivation.h index d8b9017..56ca748 100644 --- a/keyDerivation.h +++ b/keyDerivation.h @@ -42,9 +42,9 @@ typedef enum { - label_satp_encryption = 0x00, - label_satp_msg_auth = 0x01, - label_satp_salt = 0x02, + LABEL_SATP_ENCRYPTION = 0x00, + LABEL_SATP_MSG_AUTH = 0x01, + LABEL_SATP_SALT = 0x02, } satp_prf_label; @@ -38,7 +38,8 @@ /** - * This class is a wrapper for the libgcrypt multi precision integer library. + * This class is a wrapper for the libgcrypt multi precision integer library [1].<br> + * [1] http://www.gnupg.org/documentation/manuals/gcrypt/MPI-library.html * */ @@ -68,7 +69,7 @@ public: /** * returns a new[] u_int8_t* buffer with the MPI value in the - * GCRYMPI_FMT_STD (2-complement stored without a length header). + * GCRYMPI_FMT_STD (2-complement stored without a length header).<br> * you have to delete it by hand with delete[]! * @param buf_len size of the new buffer that is returned * @return a byte buffer of size buf_len |