4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License version 3 as
21 * published by the Free Software Foundation.
23 * Anytun is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with anytun. If not, see <http://www.gnu.org/licenses/>.
34 #include "anytunError.h"
36 #include "encryptedPacket.h"
41 //****** NullAuthAlgo ******
42 void NullAuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
46 bool NullAuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
52 //****** Sha1AuthAlgo ******
54 Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
56 #ifndef USE_SSL_CRYPTO
57 gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
59 cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
64 HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
68 Sha1AuthAlgo::~Sha1AuthAlgo()
70 #ifndef USE_SSL_CRYPTO
72 gcry_md_close(handle_);
74 HMAC_CTX_cleanup(&ctx_);
78 void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
80 #ifndef USE_SSL_CRYPTO
86 if(!packet.getAuthTagLength())
89 kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
90 #ifndef USE_SSL_CRYPTO
91 gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
93 cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
97 gcry_md_reset(handle_);
98 gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
99 gcry_md_final(handle_);
100 u_int8_t* hmac = gcry_md_read(handle_, 0);
102 HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
104 u_int8_t hmac[DIGEST_LENGTH];
105 HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
106 HMAC_Final(&ctx_, hmac, NULL);
109 u_int8_t* tag = packet.getAuthTag();
110 u_int32_t length = (packet.getAuthTagLength() < DIGEST_LENGTH) ? packet.getAuthTagLength() : DIGEST_LENGTH;
112 if(length > DIGEST_LENGTH)
113 std::memset(tag, 0, packet.getAuthTagLength());
115 std::memcpy(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length);
118 bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
120 #ifndef USE_SSL_CRYPTO
125 packet.withAuthTag(true);
126 if(!packet.getAuthTagLength())
129 kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_);
130 #ifndef USE_SSL_CRYPTO
131 gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
133 cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err);
137 gcry_md_reset(handle_);
138 gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
139 gcry_md_final(handle_);
140 u_int8_t* hmac = gcry_md_read(handle_, 0);
142 HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL);
144 u_int8_t hmac[DIGEST_LENGTH];
145 HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
146 HMAC_Final(&ctx_, hmac, NULL);
149 u_int8_t* tag = packet.getAuthTag();
150 u_int32_t length = (packet.getAuthTagLength() < DIGEST_LENGTH) ? packet.getAuthTagLength() : DIGEST_LENGTH;
152 if(length > DIGEST_LENGTH)
153 for(u_int32_t i=0; i < (packet.getAuthTagLength() - DIGEST_LENGTH); ++i)
154 if(tag[i]) return false;
156 int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length);
157 packet.removeAuthTag();