From 4f47c1aef9ab67cd8c2626983847950f89ffaaeb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@anytun.org>
Date: Mon, 5 Jan 2009 14:05:09 +0000
Subject: added libssl crypto based auth algo HMAC-Sha1

---
 src/auth_algo.c | 43 ++++++++++++++++++++++++++++++++++++++++---
 src/auth_algo.h |  8 ++++++++
 src/uanytun.c   |  4 ++++
 3 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/src/auth_algo.c b/src/auth_algo.c
index e1077d5..1476ad0 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -140,11 +140,16 @@ int auth_algo_sha1_init(auth_algo_t* aa)
 
   auth_algo_sha1_param_t* params = aa->params_;
 
+#ifndef USE_SSL_CRYPTO
   gcry_error_t err = gcry_md_open(&params->handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
   if(err) {
     log_printf(ERR, "failed to open message digest algo: %s", gcry_strerror(err));
     return -1;
   } 
+#else
+  HMAC_CTX_init(&params->ctx_);
+  HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#endif
 
   return 0;
 }
@@ -157,8 +162,12 @@ void auth_algo_sha1_close(auth_algo_t* aa)
   if(aa->params_) {
     auth_algo_sha1_param_t* params = aa->params_;
 
+#ifndef USE_SSL_CRYPTO
     if(params->handle_)
       gcry_md_close(params->handle_);
+#else
+    HMAC_CTX_cleanup(&params->ctx_);
+#endif    
 
     free(aa->params_);
   }
@@ -181,21 +190,35 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
   if(ret < 0)
     return;
   if(ret) { // a new key got generated
+#ifndef USE_SSL_CRYPTO
     gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
     if(err) {
       log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
       return;
     } 
+#else 
+    HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
+  }
+  else {
+    HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#endif
   }
 
   encrypted_packet_add_auth_tag(packet);
 
+#ifndef USE_SSL_CRYPTO
   gcry_md_reset(params->handle_);
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
+  u_int8_t* hmac = gcry_md_read(params->handle_, 0);
+#else
+  u_int8_t hmac[SHA1_LENGTH];
+  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+  HMAC_Final(&params->ctx_, hmac, NULL);
+#endif
+
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
-  u_int8_t* hmac = gcry_md_read(params->handle_, 0);
   u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
 
   if(length > SHA1_LENGTH)
@@ -221,19 +244,33 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
   if(ret < 0)
     return 0;
   if(ret) { // a new key got generated
+#ifndef USE_SSL_CRYPTO
     gcry_error_t err = gcry_md_setkey(params->handle_, aa->key_.buf_, aa->key_.length_);
     if(err) {
       log_printf(ERR, "failed to set hmac key: %s", gcry_strerror(err));
       return;
-    }
+    } 
+#else 
+    HMAC_Init_ex(&params->ctx_, aa->key_.buf_, aa->key_.length_, EVP_sha1(), NULL);
   }
+  else {
+    HMAC_Init_ex(&params->ctx_, NULL, 0, EVP_sha1(), NULL);
+#endif
+  }
+
 
+#ifndef USE_SSL_CRYPTO
   gcry_md_reset(params->handle_);
   gcry_md_write(params->handle_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
   gcry_md_final(params->handle_);
+  u_int8_t* hmac = gcry_md_read(params->handle_, 0);
+#else
+  u_int8_t hmac[SHA1_LENGTH];
+  HMAC_Update(&params->ctx_, encrypted_packet_get_auth_portion(packet), encrypted_packet_get_auth_portion_length(packet));
+  HMAC_Final(&params->ctx_, hmac, NULL);
+#endif
 
   u_int8_t* tag = encrypted_packet_get_auth_tag(packet);
-  u_int8_t* hmac = gcry_md_read(params->handle_, 0);
   u_int32_t length = (encrypted_packet_get_auth_tag_length(packet) < SHA1_LENGTH) ? encrypted_packet_get_auth_tag_length(packet) : SHA1_LENGTH;
 
   if(length > SHA1_LENGTH) {
diff --git a/src/auth_algo.h b/src/auth_algo.h
index f77ae75..3c00dd6 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -35,7 +35,11 @@
 #ifndef _AUTH_ALGO_H_
 #define _AUTH_ALGO_H_
 
+#ifndef USE_SSL_CRYPTO
 #include <gcrypt.h>
+#else
+#include <openssl/hmac.h>
+#endif
 #include "key_derivation.h"
 
 enum auth_algo_type_enum { aa_unknown, aa_null, aa_sha1 };
@@ -58,7 +62,11 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_
 #define SHA1_LENGTH 20
 
 struct auth_algo_sha1_param_struct {
+#ifndef USE_SSL_CRYPTO
   gcry_md_hd_t handle_;
+#else
+  HMAC_CTX ctx_;
+#endif
 };
 typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
 
diff --git a/src/uanytun.c b/src/uanytun.c
index 1181689..b33ff43 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -64,6 +64,7 @@
 #include "sysexec.h"
 
 #ifndef NO_CRYPT
+#ifndef USE_SSL_CRYPTO
 
 #define MIN_GCRYPT_VERSION "1.2.0"
 
@@ -90,6 +91,7 @@ int init_libgcrypt()
   return 0;
 }
 #endif
+#endif
 
 int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
 {
@@ -292,6 +294,7 @@ int main(int argc, char* argv[])
   log_printf(NOTICE, "just started...");
 
 #ifndef NO_CRYPT
+#ifndef USE_SSL_CRYPTO
   ret = init_libgcrypt();
   if(ret) {
     log_printf(ERR, "error on libgcrpyt initialization, exitting");
@@ -299,6 +302,7 @@ int main(int argc, char* argv[])
     exit(ret);
   }
 #endif
+#endif
 
 
   tun_device_t dev;
-- 
cgit v1.2.3