From 3ae9918192308c7d8ff691ca6a09b54aa14f68ff Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 15 Jan 2009 13:44:22 +0000 Subject: auth algo now stores direction as well --- src/anytun.cpp | 8 ++++---- src/authAlgo.cpp | 14 +++++++------- src/authAlgo.h | 20 ++++++++++++-------- src/authAlgoFactory.cpp | 4 ++-- src/authAlgoFactory.h | 2 +- 5 files changed, 26 insertions(+), 22 deletions(-) (limited to 'src') diff --git a/src/anytun.cpp b/src/anytun.cpp index c94a260..c4339dc 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -153,7 +153,7 @@ void sender(void* p) ThreadParam* param = reinterpret_cast(p); std::auto_ptr c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND)); - std::auto_ptr a(AuthAlgoFactory::create(gOpt.getAuthAlgo()) ); + std::auto_ptr a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND) ); PlainPacket plain_packet(MAX_PACKET_LENGTH); EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH); @@ -213,7 +213,7 @@ void sender(void* p) conn.seq_nr_++; // add authentication tag - a->generate(conn.kd_, KD_OUTBOUND, encrypted_packet); + a->generate(conn.kd_, encrypted_packet); try { @@ -242,7 +242,7 @@ void receiver(void* p) ThreadParam* param = reinterpret_cast(p); std::auto_ptr c( CipherFactory::create(gOpt.getCipher(), KD_INBOUND) ); - std::auto_ptr a( AuthAlgoFactory::create(gOpt.getAuthAlgo()) ); + std::auto_ptr a( AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND) ); EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH); PlainPacket plain_packet(MAX_PACKET_LENGTH); @@ -273,7 +273,7 @@ void receiver(void* p) ConnectionParam & conn = cit->second; // check whether auth tag is ok or not - if(!a->checkTag(conn.kd_, KD_INBOUND, encrypted_packet)) { + if(!a->checkTag(conn.kd_, encrypted_packet)) { cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!" << std::endl; continue; } diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp index f18378f..6a4c20b 100644 --- a/src/authAlgo.cpp +++ b/src/authAlgo.cpp @@ -38,11 +38,11 @@ #include //****** NullAuthAlgo ****** -void NullAuthAlgo::generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet) +void NullAuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) { } -bool NullAuthAlgo::checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet) +bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) { return true; } @@ -50,7 +50,7 @@ bool NullAuthAlgo::checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& pa #ifndef NOCRYPT //****** Sha1AuthAlgo ****** -Sha1AuthAlgo::Sha1AuthAlgo() : key_(DIGEST_LENGTH) +Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH) { #ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); @@ -74,7 +74,7 @@ Sha1AuthAlgo::~Sha1AuthAlgo() #endif } -void Sha1AuthAlgo::generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet) +void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) { #ifndef USE_SSL_CRYPTO if(!handle_) @@ -85,7 +85,7 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& pa if(!packet.getAuthTagLength()) return; - kd.generate(dir, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); + kd.generate(dir_, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); #ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { @@ -116,7 +116,7 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& pa std::memcpy(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length); } -bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet) +bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) { #ifndef USE_SSL_CRYPTO if(!handle_) @@ -127,7 +127,7 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& pa if(!packet.getAuthTagLength()) return true; - kd.generate(dir, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); + kd.generate(dir_, LABEL_SATP_MSG_AUTH, packet.getSeqNr(), key_); #ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { diff --git a/src/authAlgo.h b/src/authAlgo.h index 3361ccf..809880d 100644 --- a/src/authAlgo.h +++ b/src/authAlgo.h @@ -48,20 +48,24 @@ class AuthAlgo { public: - AuthAlgo() {}; + AuthAlgo() : dir_(KD_INBOUND) {}; + AuthAlgo(kd_dir_t d) : dir_(d) {}; virtual ~AuthAlgo() {}; /** * generate the mac * @param packet the packet to be authenticated */ - virtual void generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet) = 0; + virtual void generate(KeyDerivation& kd, EncryptedPacket& packet) = 0; /** * check the mac * @param packet the packet to be authenticated */ - virtual bool checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet) = 0; + virtual bool checkTag(KeyDerivation& kd, EncryptedPacket& packet) = 0; + +protected: + kd_dir_t dir_; }; //****** NullAuthAlgo ****** @@ -69,8 +73,8 @@ public: class NullAuthAlgo : public AuthAlgo { public: - void generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet); - bool checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet); + void generate(KeyDerivation& kd, EncryptedPacket& packet); + bool checkTag(KeyDerivation& kd, EncryptedPacket& packet); }; #ifndef NOCRYPT @@ -80,11 +84,11 @@ public: class Sha1AuthAlgo : public AuthAlgo { public: - Sha1AuthAlgo(); + Sha1AuthAlgo(kd_dir_t d); ~Sha1AuthAlgo(); - void generate(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet); - bool checkTag(KeyDerivation& kd, kd_dir_t dir, EncryptedPacket& packet); + void generate(KeyDerivation& kd, EncryptedPacket& packet); + bool checkTag(KeyDerivation& kd, EncryptedPacket& packet); static const u_int32_t DIGEST_LENGTH = 20; diff --git a/src/authAlgoFactory.cpp b/src/authAlgoFactory.cpp index 333c47c..648d6f8 100644 --- a/src/authAlgoFactory.cpp +++ b/src/authAlgoFactory.cpp @@ -36,13 +36,13 @@ #include "authAlgo.h" -AuthAlgo* AuthAlgoFactory::create(std::string const& type) +AuthAlgo* AuthAlgoFactory::create(std::string const& type, kd_dir_t dir) { if( type == "null" ) return new NullAuthAlgo(); #ifndef NOCRYPT else if( type == "sha1" ) - return new Sha1AuthAlgo(); + return new Sha1AuthAlgo(dir); #endif else throw std::invalid_argument("auth algo not available"); diff --git a/src/authAlgoFactory.h b/src/authAlgoFactory.h index 2d445d0..ee38248 100644 --- a/src/authAlgoFactory.h +++ b/src/authAlgoFactory.h @@ -40,7 +40,7 @@ class AuthAlgoFactory { public: - static AuthAlgo* create(std::string const& type); + static AuthAlgo* create(std::string const& type, kd_dir_t dir); private: AuthAlgoFactory(); -- cgit v1.2.3