summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--src/auth_algo.c46
-rw-r--r--src/cipher.c31
-rw-r--r--src/uanytun.c1
4 files changed, 32 insertions, 51 deletions
diff --git a/ChangeLog b/ChangeLog
index 152778f..50f9a91 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009.01.14 -- Version 0.2.1svn91
+
+* fixed bug which prevents the daemon from using the right cipher
+ key when using a key derivation rate other than 1
+
2009.01.11 -- Version 0.2svn85
* added crypto support using libgcrypt or openssl
diff --git a/src/auth_algo.c b/src/auth_algo.c
index f5aef0f..f8fc34d 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -193,33 +193,26 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_di
int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return;
- if(ret) { // a new key got generated
-#ifndef USE_SSL_CRYPTO
- gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
- if(err) {
- log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
- return;
- }
-#else
- HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
- }
- else {
- HMAC_Init_ex(&params->ctx_, NULL, 0, NULL, NULL);
-#endif
- }
#ifndef USE_SSL_CRYPTO
+ gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
+ if(err) {
+ log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
+ return;
+ }
+
gcry_md_reset(params->handle_);
gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(params->handle_);
u_int8_t* hmac = gcry_md_read(params->handle_, 0);
#else
+ HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
u_int8_t hmac[SHA1_LENGTH];
HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
HMAC_Final(&params->ctx_, hmac, NULL);
#endif
-
u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
@@ -248,28 +241,21 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_di
int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return 0;
- if(ret) { // a new key got generated
-#ifndef USE_SSL_CRYPTO
- gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
- if(err) {
- log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
- return -1;
- }
-#else
- HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
- }
- else {
- HMAC_Init_ex(&params->ctx_, NULL, 0, NULL, NULL);
-#endif
- }
-
#ifndef USE_SSL_CRYPTO
+ gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
+ if(err) {
+ log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
+ return -1;
+ }
+
gcry_md_reset(params->handle_);
gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
gcry_md_final(params->handle_);
u_int8_t* hmac = gcry_md_read(params->handle_, 0);
#else
+ HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+
u_int8_t hmac[SHA1_LENGTH];
HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
HMAC_Final(&params->ctx_, hmac, NULL);
diff --git a/src/cipher.c b/src/cipher.c
index 2066d1f..01125d4 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -293,28 +293,19 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t d
if(ret < 0)
return ret;
- if(ret) { // a new key got generated
#ifdef USE_SSL_CRYPTO
- ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, &params->aes_key_);
- if(ret) {
- log_printf(ERR, "failed to set cipher ssl aes-key (code: %d)", ret);
- return -1;
- }
+ ret = AES_set_encrypt_key(c->key_.buf_, c->key_length_, &params->aes_key_);
+ if(ret) {
+ log_printf(ERR, "failed to set cipher ssl aes-key (code: %d)", ret);
+ return -1;
+ }
#else
- gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
- if(err) {
- log_printf(ERR, "failed to set cipher key: %s", gcry_strerror(err));
- return -1;
- }
- } // no new key got generated
- else {
- gcry_error_t err = gcry_cipher_reset(params->handle_);
- if(err) {
- log_printf(ERR, "failed to reset cipher: %s", gcry_strerror(err));
- return -1;
- }
-#endif
+ gcry_error_t err = gcry_cipher_setkey(params->handle_, c->key_.buf_, c->key_.length_);
+ if(err) {
+ log_printf(ERR, "failed to set cipher key: %s", gcry_strerror(err));
+ return -1;
}
+#endif
ret = cipher_aesctr_calc_ctr(c, kd, dir, seq_nr, sender_id, mux);
if(ret < 0) {
@@ -323,7 +314,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t d
}
#ifndef USE_SSL_CRYPTO
- gcry_error_t err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH);
+ err = gcry_cipher_setctr(params->handle_, params->ctr_.buf_, C_AESCTR_CTR_LENGTH);
if(err) {
log_printf(ERR, "failed to set cipher CTR: %s", gcry_strerror(err));
return -1;
diff --git a/src/uanytun.c b/src/uanytun.c
index 6854200..27f208f 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -120,7 +120,6 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
auth_algo_close(aa);
return ret;
}
-
#endif
ret = seq_win_init(seq_win, opt->seq_window_size_);