summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--anytun.cpp31
-rw-r--r--authAlgo.cpp3
-rw-r--r--authAlgo.h9
-rw-r--r--keyDerivation.h6
-rw-r--r--mpi.h5
5 files changed, 29 insertions, 25 deletions
diff --git a/anytun.cpp b/anytun.cpp
index d9c7b1e..394a42b 100644
--- a/anytun.cpp
+++ b/anytun.cpp
@@ -58,6 +58,9 @@
#define PAYLOAD_TYPE_TAP 0x6558
#define PAYLOAD_TYPE_TUN 0x0800
+#define SESSION_KEYLEN_AUTH 20
+#define SESSION_KEYLEN_ENCR 16
+#define SESSION_KEYLEN_SALT 14
struct Param
{
@@ -95,17 +98,12 @@ void encryptPacket(Packet & pack, Cypher & c, ConnectionParam & conn, void* p)
{
Param* param = reinterpret_cast<Param*>(p);
// cypher the packet
- Buffer tmp_key(16), tmp_salt(14);
- //TODO fix key derivation!
+ Buffer session_key(SESSION_KEYLEN_ENCR), session_salt(SESSION_KEYLEN_SALT);
+ conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key, session_key.getLength());
+ conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt, session_salt.getLength());
- conn.kd_.generate(label_satp_encryption, conn.seq_nr_, tmp_key, tmp_key.getLength());
- conn.kd_.generate(label_satp_salt, conn.seq_nr_, tmp_salt, tmp_salt.getLength());
-
-// Buffer tmp_key(key, sizeof(key));
-// Buffer tmp_salt(salt, sizeof(salt));
-
- c.setKey(tmp_key);
- c.setSalt(tmp_salt);
+ c.setKey(session_key);
+ c.setSalt(session_salt);
cLog.msg(Log::PRIO_NOTICE) << "Send Package: seq: " << conn.seq_nr_
<< ", sID: " << param->opt.getSenderId();
@@ -122,15 +120,12 @@ bool decryptPacket(Packet & pack, Cypher & c, ConnectionParam & conn)
pack.removeHeader();
// decypher the packet
- Buffer tmp_key(16), tmp_salt(14);
- conn.kd_.generate(label_satp_encryption, seq, tmp_key, tmp_key.getLength());
- conn.kd_.generate(label_satp_salt, seq, tmp_salt, tmp_salt.getLength());
-
-// Buffer tmp_key(key, sizeof(key));
-// Buffer tmp_salt(salt, sizeof(salt));
+ Buffer session_key(SESSION_KEYLEN_SALT), session_salt(SESSION_KEYLEN_SALT);
+ conn.kd_.generate(LABEL_SATP_ENCRYPTION, seq, session_key, session_key.getLength());
+ conn.kd_.generate(LABEL_SATP_SALT, seq, session_salt, session_salt.getLength());
- c.setKey(tmp_key);
- c.setSalt(tmp_salt);
+ c.setKey(session_key);
+ c.setSalt(session_salt);
c.cypher(pack, seq, sid);
cLog.msg(Log::PRIO_NOTICE) << "Received Package: seq: " << seq
diff --git a/authAlgo.cpp b/authAlgo.cpp
index cc345ca..0ffd76b 100644
--- a/authAlgo.cpp
+++ b/authAlgo.cpp
@@ -31,6 +31,7 @@
#include "authAlgo.h"
#include "log.h"
#include "buffer.h"
+#include "authTag.h"
#include "threadUtils.hpp"
#include <gcrypt.h>
@@ -90,7 +91,7 @@ AuthTag Sha1AuthAlgo::calc(const Buffer& buf)
{
Lock lock(mutex_);
// gcry_error_t err;
- Buffer hmac(10); // 10byte
+ AuthTag hmac(10); // 10byte
gcry_mpi_t tmp = gcry_mpi_new(160); // 20byte
gcry_md_write( ctx_, static_cast<Buffer>(buf).getBuf(), buf.getLength() );
diff --git a/authAlgo.h b/authAlgo.h
index 45e2fc4..de813e6 100644
--- a/authAlgo.h
+++ b/authAlgo.h
@@ -54,12 +54,19 @@ public:
};
-// HMAC_SHA1
+/**
+ * HMAC SHA1 Auth Tag Generator Class
+ */
+
class Sha1AuthAlgo : public AuthAlgo
{
public:
Sha1AuthAlgo();
~Sha1AuthAlgo();
+
+ /**
+ *
+ */
void setKey(Buffer key);
AuthTag calc(const Buffer& buf);
protected:
diff --git a/keyDerivation.h b/keyDerivation.h
index d8b9017..56ca748 100644
--- a/keyDerivation.h
+++ b/keyDerivation.h
@@ -42,9 +42,9 @@
typedef enum {
- label_satp_encryption = 0x00,
- label_satp_msg_auth = 0x01,
- label_satp_salt = 0x02,
+ LABEL_SATP_ENCRYPTION = 0x00,
+ LABEL_SATP_MSG_AUTH = 0x01,
+ LABEL_SATP_SALT = 0x02,
} satp_prf_label;
diff --git a/mpi.h b/mpi.h
index 2638e1d..3561742 100644
--- a/mpi.h
+++ b/mpi.h
@@ -38,7 +38,8 @@
/**
- * This class is a wrapper for the libgcrypt multi precision integer library.
+ * This class is a wrapper for the libgcrypt multi precision integer library [1].<br>
+ * [1] http://www.gnupg.org/documentation/manuals/gcrypt/MPI-library.html
*
*/
@@ -68,7 +69,7 @@ public:
/**
* returns a new[] u_int8_t* buffer with the MPI value in the
- * GCRYMPI_FMT_STD (2-complement stored without a length header).
+ * GCRYMPI_FMT_STD (2-complement stored without a length header).<br>
* you have to delete it by hand with delete[]!
* @param buf_len size of the new buffer that is returned
* @return a byte buffer of size buf_len