diff options
Diffstat (limited to 'authAlgo.cpp')
-rw-r--r-- | authAlgo.cpp | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/authAlgo.cpp b/authAlgo.cpp deleted file mode 100644 index 6b1c9ec..0000000 --- a/authAlgo.cpp +++ /dev/null @@ -1,125 +0,0 @@ -/* - * anytun - * - * The secure anycast tunneling protocol (satp) defines a protocol used - * for communication between any combination of unicast and anycast - * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel - * mode and allows tunneling of every ETHER TYPE protocol (e.g. - * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is - * intended to deliver a generic, scaleable and secure solution for - * tunneling and relaying of packets of any protocol. - * - * - * Copyright (C) 2007 anytun.org <satp@wirdorange.org> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include "authAlgo.h" -#include "log.h" -#include "buffer.h" -#include "encryptedPacket.h" - -#include <iostream> - -#include <gcrypt.h> - -//****** NullAuthAlgo ****** -void NullAuthAlgo::generate(EncryptedPacket& packet) -{ -} - -bool NullAuthAlgo::checkTag(EncryptedPacket& packet) -{ - return true; -} - -u_int32_t NullAuthAlgo::getMaxLength() -{ - return MAX_LENGTH_; -} - -//****** Sha1AuthAlgo ****** - -Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL) -{ - gcry_error_t err = gcry_md_open( &ctx_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC ); - if( err ) - cLog.msg(Log::PRIO_CRIT) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo"; -} - -Sha1AuthAlgo::~Sha1AuthAlgo() -{ - if(ctx_) - gcry_md_close( ctx_ ); -} - -void Sha1AuthAlgo::setKey(Buffer& key) -{ - if(!ctx_) - return; - - gcry_error_t err = gcry_md_setkey( ctx_, key.getBuf(), key.getLength() ); - if( err ) - cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set cipher key: " << gpg_strerror( err ); -} - -void Sha1AuthAlgo::generate(EncryptedPacket& packet) -{ - if(!packet.getAuthTagLength()) - return; - - gcry_md_reset( ctx_ ); - - gcry_md_write( ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength() ); - gcry_md_final( ctx_ ); - - u_int8_t* tag = packet.getAuthTag(); - if(packet.getAuthTagLength() > MAX_LENGTH_) - std::memset(tag, 0, (packet.getAuthTagLength() - MAX_LENGTH_)); - - u_int8_t* hmac = gcry_md_read(ctx_, 0); - u_int32_t length = (packet.getAuthTagLength() < MAX_LENGTH_) ? packet.getAuthTagLength() : MAX_LENGTH_; - std::memcpy(&tag[packet.getAuthTagLength() - length], &hmac[MAX_LENGTH_ - length], length); -} - -bool Sha1AuthAlgo::checkTag(EncryptedPacket& packet) -{ - if(!packet.getAuthTagLength()) - return true; - - gcry_md_reset( ctx_ ); - - gcry_md_write( ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength() ); - gcry_md_final( ctx_ ); - - u_int8_t* tag = packet.getAuthTag(); - if(packet.getAuthTagLength() > MAX_LENGTH_) - for(u_int32_t i=0; i < (packet.getAuthTagLength() - MAX_LENGTH_); ++i) - if(tag[i]) return false; - - u_int8_t* hmac = gcry_md_read(ctx_, 0); - u_int32_t length = (packet.getAuthTagLength() < MAX_LENGTH_) ? packet.getAuthTagLength() : MAX_LENGTH_; - if(std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[MAX_LENGTH_ - length], length)) - return false; - - return true; -} - -u_int32_t Sha1AuthAlgo::getMaxLength() -{ - return MAX_LENGTH_; -} |