diff options
Diffstat (limited to 'src/uanytun.c')
-rw-r--r-- | src/uanytun.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/uanytun.c b/src/uanytun.c index 8ad6ed7..55a73a2 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -50,15 +50,15 @@ #include "encrypted_packet.h" #include "seq_window.h" -#include "cipher.h" #include "key_derivation.h" +#include "cipher.h" +#include "auth_algo.h" #include "daemon.h" #include "sysexec.h" #include <gcrypt.h> - #define MIN_GCRYPT_VERSION "1.2.0" int init_libgcrypt() @@ -104,6 +104,13 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) log_printf(ERR, "could not initialize cipher of type %s", opt->cipher_); return_value = ret; } + + auth_algo_t aa; + ret = auth_algo_init(&aa, opt->auth_algo_); + if(ret) { + log_printf(ERR, "could not initialize auth algo of type %s", opt->auth_algo_); + return_value = ret; + } key_derivation_t kd_in; ret = key_derivation_init(&kd_in, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_); @@ -168,7 +175,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) cipher_encrypt(&c, &kd_out, &plain_packet, &encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); seq_nr++; - // TODO: add auth-tag + auth_algo_generate(&aa, &kd_out, &encrypted_packet); len = udp_write(sock, encrypted_packet_get_packet(&encrypted_packet), encrypted_packet_get_length(&encrypted_packet)); if(len == -1) @@ -184,7 +191,10 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) encrypted_packet_set_length(&encrypted_packet, len); - // TODO: check auth-tag + if(!auth_algo_check_tag(&aa, &kd_out, &encrypted_packet)) { + log_printf(WARNING, "wrong authentication tag, discarding packet"); + continue; + } if(encrypted_packet_get_mux(&encrypted_packet) != opt->mux_) continue; @@ -217,6 +227,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) } cipher_close(&c); + auth_algo_close(&aa); key_derivation_close(&kd_out); key_derivation_close(&kd_in); seq_win_clear(&seq_win); |