diff options
-rw-r--r-- | src/authAlgo.cpp | 48 | ||||
-rw-r--r-- | src/authAlgo.h | 10 | ||||
-rw-r--r-- | src/authAlgoFactory.cpp | 9 | ||||
-rw-r--r-- | src/cipher.cpp | 2 | ||||
-rw-r--r-- | src/cipher.h | 2 | ||||
-rw-r--r-- | src/keyDerivation.cpp | 6 |
6 files changed, 61 insertions, 16 deletions
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp index f0e3303..561b0b6 100644 --- a/src/authAlgo.cpp +++ b/src/authAlgo.cpp @@ -68,23 +68,51 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH) { #if defined(USE_SSL_CRYPTO) - HMAC_CTX_init(&ctx_); - HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL); + ctx_ = NULL; +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default + handle_ = 0; +#endif +} + +bool Sha1AuthAlgo::Init() +{ +#if defined(USE_SSL_CRYPTO) +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + if ((ctx_ = HMAC_CTX_new()) == NULL) { + return false; + } +# else + if ((ctx_ = (HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) == NULL) { + return false; + } + HMAC_CTX_init(ctx_); +# endif + HMAC_Init_ex(ctx_, NULL, 0, EVP_sha1(), NULL); #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo"; - return; + return false; } #endif + return true; } Sha1AuthAlgo::~Sha1AuthAlgo() { #if defined(USE_SSL_CRYPTO) - HMAC_CTX_cleanup(&ctx_); + if(ctx_) { +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(ctx_); +# else + HMAC_CTX_cleanup(ctx_); + free(ctx_); +# endif + } #elif defined(USE_NETTLE) // nothing here #else // USE_GCRYPT is the default @@ -109,11 +137,11 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_); #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); + HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); uint8_t hmac[DIGEST_LENGTH]; - HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); - HMAC_Final(&ctx_, hmac, NULL); + HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); + HMAC_Final(ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf()); @@ -158,11 +186,11 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_); #if defined(USE_SSL_CRYPTO) - HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); + HMAC_Init_ex(ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); uint8_t hmac[DIGEST_LENGTH]; - HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); - HMAC_Final(&ctx_, hmac, NULL); + HMAC_Update(ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); + HMAC_Final(ctx_, hmac, NULL); #elif defined(USE_NETTLE) hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf()); diff --git a/src/authAlgo.h b/src/authAlgo.h index a1fcea4..758e754 100644 --- a/src/authAlgo.h +++ b/src/authAlgo.h @@ -101,10 +101,13 @@ public: //****** Sha1AuthAlgo ****** //* HMAC SHA1 Auth Tag Generator Class +class AuthAlgoFactory; + class Sha1AuthAlgo : public AuthAlgo { + friend class AuthAlgoFactory; + public: - Sha1AuthAlgo(kd_dir_t d); ~Sha1AuthAlgo(); void generate(KeyDerivation& kd, EncryptedPacket& packet); @@ -113,8 +116,11 @@ public: static const uint32_t DIGEST_LENGTH = 20; private: + Sha1AuthAlgo(kd_dir_t d); + bool Init(); + #if defined(USE_SSL_CRYPTO) - HMAC_CTX ctx_; + HMAC_CTX *ctx_; #elif defined(USE_NETTLE) struct hmac_sha1_ctx ctx_; #else // USE_GCRYPT is the default diff --git a/src/authAlgoFactory.cpp b/src/authAlgoFactory.cpp index b859f33..e30a4b4 100644 --- a/src/authAlgoFactory.cpp +++ b/src/authAlgoFactory.cpp @@ -48,6 +48,7 @@ #include "authAlgoFactory.h" #include "authAlgo.h" +#include "anytunError.h" AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir) @@ -57,7 +58,13 @@ AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir) } #ifndef NO_CRYPT else if(type == "sha1") { - return new Sha1AuthAlgo(dir); + Sha1AuthAlgo* a = new Sha1AuthAlgo(dir); + if(!a || !(a->Init())) { + if(a) + delete a; + AnytunError::throwErr() << "failed to initialize SHA1 auth algo"; + } + return a; } #endif else { diff --git a/src/cipher.cpp b/src/cipher.cpp index 52a2543..f3b2ed1 100644 --- a/src/cipher.cpp +++ b/src/cipher.cpp @@ -207,7 +207,7 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* } unsigned int num = 0; std::memset(ecount_buf_, 0, AES_BLOCK_SIZE); - AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num); + CRYPTO_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(CTR_LENGTH != AES_BLOCK_SIZE) { cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit"; diff --git a/src/cipher.h b/src/cipher.h index 6408ffd..e47dab9 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -55,7 +55,9 @@ #ifndef NO_CRYPT #if defined(USE_SSL_CRYPTO) +#include <openssl/crypto.h> #include <openssl/aes.h> +#include <openssl/modes.h> #elif defined(USE_NETTLE) #include <nettle/aes.h> #else // USE_GCRYPT is the default diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index 780a51c..812dc44 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -61,7 +61,9 @@ #ifndef NO_PASSPHRASE #if defined(USE_SSL_CRYPTO) +#include <openssl/crypto.h> #include <openssl/sha.h> +#include <openssl/modes.h> #elif defined(USE_NETTLE) #include <nettle/sha1.h> #include <nettle/sha2.h> @@ -363,9 +365,9 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_ return false; } unsigned int num = 0; - std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE); std::memset(key.getBuf(), 0, key.getLength()); - AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num); + std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE); + CRYPTO_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num, (block128_f)AES_encrypt); #elif defined(USE_NETTLE) if(CTR_LENGTH != AES_BLOCK_SIZE) { cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit"; |