1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/*
* anytun
*
* The secure anycast tunneling protocol (satp) defines a protocol used
* for communication between any combination of unicast and anycast
* tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
* mode and allows tunneling of every ETHER TYPE protocol (e.g.
* ethernet, ip, arp ...). satp directly includes cryptography and
* message authentication based on the methods used by SRTP. It is
* intended to deliver a generic, scaleable and secure solution for
* tunneling and relaying of packets of any protocol.
*
*
* Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl,
* Christian Pointner <satp@wirdorange.org>
*
* This file is part of Anytun.
*
* Anytun is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* any later version.
*
* Anytun is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with anytun. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef ANYTUN_authAlgo_h_INCLUDED
#define ANYTUN_authAlgo_h_INCLUDED
#include "datatypes.h"
#include "buffer.h"
#include "encryptedPacket.h"
#ifndef NO_CRYPT
#if defined(USE_SSL_CRYPTO)
#include <openssl/hmac.h>
#elif defined(USE_NETTLE)
#include <nettle/hmac.h>
#else // USE_GCRYPT is the default
#include <gcrypt.h>
#endif
#endif
#include "keyDerivation.h"
class AuthAlgo
{
public:
AuthAlgo() : dir_(KD_INBOUND) {};
AuthAlgo(kd_dir_t d) : dir_(d) {};
virtual ~AuthAlgo() {};
/**
* generate the mac
* @param packet the packet to be authenticated
*/
virtual void generate(KeyDerivation& kd, EncryptedPacket& packet) = 0;
/**
* check the mac
* @param packet the packet to be authenticated
*/
virtual bool checkTag(KeyDerivation& kd, EncryptedPacket& packet) = 0;
protected:
kd_dir_t dir_;
};
//****** NullAuthAlgo ******
class NullAuthAlgo : public AuthAlgo
{
public:
void generate(KeyDerivation& kd, EncryptedPacket& packet);
bool checkTag(KeyDerivation& kd, EncryptedPacket& packet);
static const uint32_t DIGEST_LENGTH = 0;
};
#ifndef NO_CRYPT
//****** Sha1AuthAlgo ******
//* HMAC SHA1 Auth Tag Generator Class
class Sha1AuthAlgo : public AuthAlgo
{
public:
Sha1AuthAlgo(kd_dir_t d);
~Sha1AuthAlgo();
void generate(KeyDerivation& kd, EncryptedPacket& packet);
bool checkTag(KeyDerivation& kd, EncryptedPacket& packet);
static const uint32_t DIGEST_LENGTH = 20;
private:
#if defined(USE_SSL_CRYPTO)
HMAC_CTX ctx_;
#elif defined(USE_NETTLE)
struct hmac_sha1_ctx ctx_;
#else // USE_GCRYPT is the default
gcry_md_hd_t handle_;
#endif
Buffer key_;
};
#endif
#endif
|