summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-04 23:58:43 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-04 23:58:43 +0000
commit78ffdffce74c10faf0c23bc5256486c6bda795c4 (patch)
tree3d7f6bb6986fba5ff4de077aa4844733cb412b87
parentremoved useless gcry_strsource output (diff)
cleaned up auth algo
-rw-r--r--src/auth_algo.c50
-rw-r--r--src/auth_algo.h9
2 files changed, 41 insertions, 18 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index 19422e0..e1077d5 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -58,7 +58,7 @@ int auth_algo_init(auth_algo_t* aa, const char* type)
return -1;
}
- aa->handle_ = 0;
+ aa->params_ = NULL;
aa->key_.buf_ = NULL;
aa->key_.length_ = 0;
@@ -132,7 +132,15 @@ int auth_algo_sha1_init(auth_algo_t* aa)
if(!aa->key_.buf_)
return -2;
- gcry_error_t err = gcry_md_open(&aa->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+ if(aa->params_)
+ free(aa->params_);
+ aa->params_ = malloc(sizeof(auth_algo_sha1_param_t));
+ if(!aa->params_)
+ return -2;
+
+ auth_algo_sha1_param_t* params = aa->params_;
+
+ gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
log_printf(ERR, "failed to open message digest algo: %s", gcry_strerror(err));
return -1;
@@ -146,14 +154,20 @@ void auth_algo_sha1_close(auth_algo_t* aa)
if(!aa)
return;
- if(aa->handle_)
- gcry_md_close(aa->handle_);
-}
+ if(aa->params_) {
+ auth_algo_sha1_param_t* params = aa->params_;
+ if(params->handle_)
+ gcry_md_close(params->handle_);
+
+ free(aa->params_);
+ }
+
+}
void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet)
{
- if(!aa) {
+ if(!aa || !aa->params_) {
log_printf(ERR, "auth algo not initialized");
return;
}
@@ -161,12 +175,13 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
log_printf(ERR, "no key derivation supplied");
return;
}
+ auth_algo_sha1_param_t* params = aa->params_;
int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return;
if(ret) { // a new key got generated
- gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_);
+ gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
if(err) {
log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
return;
@@ -175,12 +190,12 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
encrypted_packet_add_auth_tag(packet);
- gcry_md_reset(aa->handle_);
- gcry_md_write(aa->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
- gcry_md_final(aa->handle_);
+ gcry_md_reset(params->handle_);
+ gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ gcry_md_final(params->handle_);
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
- u_int8_t* hmac = gcry_md_read(aa->handle_, 0);
+ u_int8_t* hmac = gcry_md_read(params->handle_, 0);
u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
if(length > SHA1_LENGTH)
@@ -192,7 +207,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet)
{
- if(!aa) {
+ if(!aa || !aa->params_) {
log_printf(ERR, "auth algo not initialized");
return 0;
}
@@ -200,24 +215,25 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
log_printf(ERR, "no key derivation supplied");
return 0;
}
+ auth_algo_sha1_param_t* params = aa->params_;
int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return 0;
if(ret) { // a new key got generated
- gcry_error_t err = gcry_md_setkey(aa->handle_, aa->key_.buf_, aa->key_.length_);
+ gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
if(err) {
log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
return;
}
}
- gcry_md_reset(aa->handle_);
- gcry_md_write(aa->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
- gcry_md_final(aa->handle_);
+ gcry_md_reset(params->handle_);
+ gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+ gcry_md_final(params->handle_);
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
- u_int8_t* hmac = gcry_md_read(aa->handle_, 0);
+ u_int8_t* hmac = gcry_md_read(params->handle_, 0);
u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
if(length > SHA1_LENGTH) {
diff --git a/src/auth_algo.h b/src/auth_algo.h
index b22ea46..f77ae75 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -44,7 +44,7 @@ typedef enum auth_algo_type_enum auth_algo_type_t;
struct auth_algo_struct {
auth_algo_type_t type_;
buffer_t key_;
- gcry_md_hd_t handle_;
+ void* params_;
};
typedef struct auth_algo_struct auth_algo_t;
@@ -54,7 +54,14 @@ void auth_algo_close(auth_algo_t* aa);
void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);
int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);
+
#define SHA1_LENGTH 20
+
+struct auth_algo_sha1_param_struct {
+ gcry_md_hd_t handle_;
+};
+typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
+
int auth_algo_sha1_init(auth_algo_t* aa);
void auth_algo_sha1_close(auth_algo_t* aa);
void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);