diff options
| author | Christian Pointner <equinox@anytun.org> | 2009-01-05 14:05:09 +0000 |
|---|---|---|
| committer | Christian Pointner <equinox@anytun.org> | 2009-01-05 14:05:09 +0000 |
| commit | 4f47c1aef9ab67cd8c2626983847950f89ffaaeb (patch) | |
| tree | 211f7990d9001b49dfbf2e8bf53ba0730c3db143 | |
| parent | removed silly anytun 02 compat handling (diff) | |
added libssl crypto based auth algo HMAC-Sha1
| -rw-r--r-- | src/auth_algo.c | 43 | ||||
| -rw-r--r-- | src/auth_algo.h | 8 | ||||
| -rw-r--r-- | src/uanytun.c | 4 |
3 files changed, 52 insertions, 3 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c index e1077d5..1476ad0 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -140,11 +140,16 @@ int auth_algo_sha1_init(auth_algo_t* aa) auth_algo_sha1_param_t* params = aa->params_; +#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; } +#else + HMAC_CTX_init(¶ms->ctx_); + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#endif return 0; } @@ -157,8 +162,12 @@ void auth_algo_sha1_close(auth_algo_t* aa) if(aa->params_) { auth_algo_sha1_param_t* params = aa->params_; +#ifndef USE_SSL_CRYPTO if(params->handle_) gcry_md_close(params->handle_); +#else + HMAC_CTX_cleanup(¶ms->ctx_); +#endif free(aa->params_); } @@ -181,21 +190,35 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa if(ret < 0) return; if(ret) { // a new key got generated +#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err)); return; } +#else + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + } + else { + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#endif } encrypted_packet_add_auth_tag(packet); +#ifndef USE_SSL_CRYPTO gcry_md_reset(params->handle_); gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); + u_int8_t* hmac = gcry_md_read(params->handle_, 0); +#else + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#endif + u_int8_t* tag = encrypted_packet_get_auth_tag(packet); - u_int8_t* hmac = gcry_md_read(params->handle_, 0); u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH; if(length > SHA1_LENGTH) @@ -221,19 +244,33 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa if(ret < 0) return 0; if(ret) { // a new key got generated +#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err)); return; - } + } +#else + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); } + else { + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#endif + } + +#ifndef USE_SSL_CRYPTO gcry_md_reset(params->handle_); gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); + u_int8_t* hmac = gcry_md_read(params->handle_, 0); +#else + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); - u_int8_t* hmac = gcry_md_read(params->handle_, 0); u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH; if(length > SHA1_LENGTH) { diff --git a/src/auth_algo.h b/src/auth_algo.h index f77ae75..3c00dd6 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -35,7 +35,11 @@ #ifndef _AUTH_ALGO_H_ #define _AUTH_ALGO_H_ +#ifndef USE_SSL_CRYPTO #include <gcrypt.h> +#else +#include <openssl/hmac.h> +#endif #include "key_derivation.h" enum auth_algo_type_enum { aa_unknown, aa_null, aa_sha1 }; @@ -58,7 +62,11 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_ #define SHA1_LENGTH 20 struct auth_algo_sha1_param_struct { +#ifndef USE_SSL_CRYPTO gcry_md_hd_t handle_; +#else + HMAC_CTX ctx_; +#endif }; typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t; diff --git a/src/uanytun.c b/src/uanytun.c index 1181689..b33ff43 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -64,6 +64,7 @@ #include "sysexec.h" #ifndef NO_CRYPT +#ifndef USE_SSL_CRYPTO #define MIN_GCRYPT_VERSION "1.2.0" @@ -90,6 +91,7 @@ int init_libgcrypt() return 0; } #endif +#endif int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) { @@ -292,6 +294,7 @@ int main(int argc, char* argv[]) log_printf(NOTICE, "just started..."); #ifndef NO_CRYPT +#ifndef USE_SSL_CRYPTO ret = init_libgcrypt(); if(ret) { log_printf(ERR, "error on libgcrpyt initialization, exitting"); @@ -299,6 +302,7 @@ int main(int argc, char* argv[]) exit(ret); } #endif +#endif tun_device_t dev; |