summaryrefslogtreecommitdiff
path: root/src/uanytun.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/uanytun.c')
-rw-r--r--src/uanytun.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/src/uanytun.c b/src/uanytun.c
index 8ad6ed7..55a73a2 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -50,15 +50,15 @@
#include "encrypted_packet.h"
#include "seq_window.h"
-#include "cipher.h"
#include "key_derivation.h"
+#include "cipher.h"
+#include "auth_algo.h"
#include "daemon.h"
#include "sysexec.h"
#include <gcrypt.h>
-
#define MIN_GCRYPT_VERSION "1.2.0"
int init_libgcrypt()
@@ -104,6 +104,13 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
log_printf(ERR, "could not initialize cipher of type %s", opt->cipher_);
return_value = ret;
}
+
+ auth_algo_t aa;
+ ret = auth_algo_init(&aa, opt->auth_algo_);
+ if(ret) {
+ log_printf(ERR, "could not initialize auth algo of type %s", opt->auth_algo_);
+ return_value = ret;
+ }
key_derivation_t kd_in;
ret = key_derivation_init(&kd_in, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
@@ -168,7 +175,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
cipher_encrypt(&c, &kd_out, &plain_packet, &encrypted_packet, seq_nr, opt->sender_id_, opt->mux_);
seq_nr++;
- // TODO: add auth-tag
+ auth_algo_generate(&aa, &kd_out, &encrypted_packet);
len = udp_write(sock, encrypted_packet_get_packet(&encrypted_packet), encrypted_packet_get_length(&encrypted_packet));
if(len == -1)
@@ -184,7 +191,10 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
encrypted_packet_set_length(&encrypted_packet, len);
- // TODO: check auth-tag
+ if(!auth_algo_check_tag(&aa, &kd_out, &encrypted_packet)) {
+ log_printf(WARNING, "wrong authentication tag, discarding packet");
+ continue;
+ }
if(encrypted_packet_get_mux(&encrypted_packet) != opt->mux_)
continue;
@@ -217,6 +227,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
}
cipher_close(&c);
+ auth_algo_close(&aa);
key_derivation_close(&kd_out);
key_derivation_close(&kd_in);
seq_win_clear(&seq_win);