diff options
-rw-r--r-- | src/anytun.cpp | 3 | ||||
-rw-r--r-- | src/authAlgo.cpp | 56 | ||||
-rw-r--r-- | src/cryptinit.hpp | 2 |
3 files changed, 23 insertions, 38 deletions
diff --git a/src/anytun.cpp b/src/anytun.cpp index c0cb03b..3949187 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -34,9 +34,6 @@ #include <boost/bind.hpp> -#ifndef NOCRYPT -#include <gcrypt.h> -#endif #include <cerrno> // for ENOMEM #include "datatypes.h" diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp index a0b9193..3088c72 100644 --- a/src/authAlgo.cpp +++ b/src/authAlgo.cpp @@ -80,30 +80,23 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, kd_dir dir, EncryptedPacket& pack if(!packet.getAuthTagLength()) return; - bool result = kd.generate(dir, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); - if(result) { // a new key got generated + kd.generate(dir, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); #ifndef USE_SSL_CRYPTO - gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); - if(err) { - char buf[STERROR_TEXT_MAX]; - buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); - return; - } -#else - HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); - } - else { - HMAC_Init_ex(&ctx_, NULL, 0, NULL, NULL); -#endif - } + gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); + if(err) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return; + } -#ifndef USE_SSL_CRYPTO gcry_md_reset(handle_); gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); gcry_md_final(handle_); u_int8_t* hmac = gcry_md_read(handle_, 0); #else + HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); + u_int8_t hmac[DIGEST_LENGTH]; HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); HMAC_Final(&ctx_, hmac, NULL); @@ -124,30 +117,23 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, kd_dir dir, EncryptedPacket& pack if(!packet.getAuthTagLength()) return true; - bool result = kd.generate(dir, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); - if(result) { // a new key got generated -#ifndef USE_SSL_CRYPTO - gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); - if(err) { - char buf[STERROR_TEXT_MAX]; - buf[0] = 0; - cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); - return false; - } -#else - HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); - } - else { - HMAC_Init_ex(&ctx_, NULL, 0, NULL, NULL); -#endif - } - + kd.generate(dir, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); #ifndef USE_SSL_CRYPTO + gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); + if(err) { + char buf[STERROR_TEXT_MAX]; + buf[0] = 0; + cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX); + return false; + } + gcry_md_reset(handle_); gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); gcry_md_final(handle_); u_int8_t* hmac = gcry_md_read(handle_, 0); #else + HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); + u_int8_t hmac[DIGEST_LENGTH]; HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); HMAC_Final(&ctx_, hmac, NULL); diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp index dd878cd..80f4e14 100644 --- a/src/cryptinit.hpp +++ b/src/cryptinit.hpp @@ -34,6 +34,8 @@ #ifndef NOCRYPT #ifndef USE_SSL_CRYPTO +#include <gcrypt.h> + // boost thread callbacks for libgcrypt #if defined(BOOST_HAS_PTHREADS) |