diff options
Diffstat (limited to 'src/auth_algo.c')
| -rw-r--r-- | src/auth_algo.c | 62 |
1 files changed, 39 insertions, 23 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c index e9b6d0f..e1f5de5 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -152,17 +152,19 @@ int auth_algo_sha1_init(auth_algo_t* aa) if(!aa->params_) return -2; +#if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; + HMAC_CTX_init(¶ms->ctx_); + HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default auth_algo_sha1_param_t* params = aa->params_; - -#ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_open(¶ms->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); if(err) { log_printf(ERROR, "failed to open message digest algo: %s", gcry_strerror(err)); return -1; } -#else - HMAC_CTX_init(¶ms->ctx_); - HMAC_Init_ex(¶ms->ctx_, NULL, 0, EVP_sha1(), NULL); #endif return 0; @@ -174,13 +176,15 @@ void auth_algo_sha1_close(auth_algo_t* aa) return; if(aa->params_) { +#if defined(USE_SSL_CRYPTO) + auth_algo_sha1_param_t* params = aa->params_; + HMAC_CTX_cleanup(¶ms->ctx_); +#elif defined(USE_NETTLE) + // nothing here +#else // USE_GCRYPT is the default auth_algo_sha1_param_t* params = aa->params_; - -#ifndef USE_SSL_CRYPTO if(params->handle_) gcry_md_close(params->handle_); -#else - HMAC_CTX_cleanup(¶ms->ctx_); #endif free(aa->params_); @@ -207,7 +211,19 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -218,12 +234,6 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); @@ -255,7 +265,19 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati if(ret < 0) return 0; -#ifndef USE_SSL_CRYPTO +#if defined(USE_SSL_CRYPTO) + HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); + + u_int8_t hmac[SHA1_LENGTH]; + HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); + HMAC_Final(¶ms->ctx_, hmac, NULL); +#elif defined(USE_NETTLE) + hmac_sha1_set_key(¶ms->ctx_, aa->key_.length_, aa->key_.buf_); + + u_int8_t hmac[SHA1_LENGTH]; + hmac_sha1_update(¶ms->ctx_, encrypted_packet_get_auth_portion_length(packet), encrypted_packet_get_auth_portion(packet)); + hmac_sha1_digest(¶ms->ctx_, SHA1_LENGTH, hmac); +#else // USE_GCRYPT is the default gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_); if(err) { log_printf(ERROR, "failed to set hmac key: %s", gcry_strerror(err)); @@ -266,12 +288,6 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivati gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); gcry_md_final(params->handle_); u_int8_t* hmac = gcry_md_read(params->handle_, 0); -#else - HMAC_Init_ex(¶ms->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL); - - u_int8_t hmac[SHA1_LENGTH]; - HMAC_Update(¶ms->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet)); - HMAC_Final(¶ms->ctx_, hmac, NULL); #endif u_int8_t* tag = encrypted_packet_get_auth_tag(packet); |