summaryrefslogtreecommitdiff
path: root/src/authAlgo.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/authAlgo.cpp')
-rw-r--r--src/authAlgo.cpp70
1 files changed, 43 insertions, 27 deletions
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index b583d6f..abc38c4 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -54,32 +54,36 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_CTX_init(&ctx_);
+ HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+#elif defined(USE_NETTLE)
+ // nothing here
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
return;
}
-#else
- HMAC_CTX_init(&ctx_);
- HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
#endif
}
Sha1AuthAlgo::~Sha1AuthAlgo()
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_CTX_cleanup(&ctx_);
+#elif defined(USE_NETTLE)
+ // nothing here
+#else // USE_GCRYPT is the default
if(handle_) {
gcry_md_close(handle_);
}
-#else
- HMAC_CTX_cleanup(&ctx_);
#endif
}
void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
if(!handle_) {
return;
}
@@ -91,7 +95,19 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
}
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+
+ uint8_t hmac[DIGEST_LENGTH];
+ HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+ hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
+
+ uint8_t hmac[DIGEST_LENGTH];
+ hmac_sha1_update(&ctx_, packet.getAuthenticatedPortionLength(), packet.getAuthenticatedPortion());
+ hmac_sha1_digest(&ctx_, DIGEST_LENGTH, hmac);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
@@ -102,12 +118,6 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
gcry_md_final(handle_);
uint8_t* hmac = gcry_md_read(handle_, 0);
-#else
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
-
- uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
#endif
uint8_t* tag = packet.getAuthTag();
@@ -122,7 +132,7 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
{
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_GCRYPT)
if(!handle_) {
return false;
}
@@ -134,7 +144,19 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
}
kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
-#ifndef USE_SSL_CRYPTO
+#if defined(USE_SSL_CRYPTO)
+ HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
+
+ uint8_t hmac[DIGEST_LENGTH];
+ HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
+ HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+ hmac_sha1_set_key(&ctx_, key_.getLength(), key_.getBuf());
+
+ uint8_t hmac[DIGEST_LENGTH];
+ hmac_sha1_update(&ctx_, packet.getAuthenticatedPortionLength(), packet.getAuthenticatedPortion());
+ hmac_sha1_digest(&ctx_, DIGEST_LENGTH, hmac);
+#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
@@ -145,12 +167,6 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
gcry_md_final(handle_);
uint8_t* hmac = gcry_md_read(handle_, 0);
-#else
- HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
-
- uint8_t hmac[DIGEST_LENGTH];
- HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
- HMAC_Final(&ctx_, hmac, NULL);
#endif
uint8_t* tag = packet.getAuthTag();
@@ -163,10 +179,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length);
packet.removeAuthTag();
- if(ret) {
- return false;
- }
-
+ if(ret) {
+ return false;
+ }
+
return true;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 15:00:48 +0000