* tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
* mode and allows tunneling of every ETHER TYPE protocol (e.g.
* ethernet, ip, arp ...). satp directly includes cryptography and
- * message authentication based on the methodes used by SRTP. It is
+ * message authentication based on the methods used by SRTP. It is
* intended to deliver a generic, scaleable and secure solution for
* tunneling and relaying of packets of any protocol.
*
*
- * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
+ * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl,
* Christian Pointner <satp@wirdorange.org>
*
* This file is part of Anytun.
*
* Anytun is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3 as
- * published by the Free Software Foundation.
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
*
* Anytun is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with anytun. If not, see <http://www.gnu.org/licenses/>.
+ * along with Anytun. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
*/
-#ifndef _KEYDERIVATION_H_
-#define _KEYDERIVATION_H_
+#ifndef ANYTUN_keyDerivation_h_INCLUDED
+#define ANYTUN_keyDerivation_h_INCLUDED
#include "datatypes.h"
#include "buffer.h"
#include "options.h"
#ifndef NO_CRYPT
-#ifndef USE_SSL_CRYPTO
-#include <gcrypt.h>
-#else
+
+#if defined(USE_SSL_CRYPTO)
#include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
+#else // USE_GCRYPT is the default
+#include <gcrypt.h>
#endif
+
#endif
#include <boost/archive/text_oarchive.hpp>
#include <boost/archive/text_iarchive.hpp>
+#include <boost/version.hpp>
#define LABEL_ENC 0
#define LABEL_AUTH 1
{
public:
KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), key_length_(0), master_salt_(0), master_key_(0) {};
- KeyDerivation(u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {};
+ KeyDerivation(uint16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {};
virtual ~KeyDerivation() {};
void setRole(const role_t role);
virtual std::string printType() { return "GenericKeyDerivation"; };
- satp_prf_label_t convertLabel(kd_dir_t dir, satp_prf_label_t label);
+ satp_prf_label_t convertLabel(kd_dir_t dir, satp_prf_label_t label);
protected:
virtual void updateMasterKey() = 0;
-
+
#ifndef NO_PASSPHRASE
- void calcMasterKey(std::string passphrase, u_int16_t length);
- void calcMasterSalt(std::string passphrase, u_int16_t length);
+ void calcMasterKey(std::string passphrase, uint16_t length);
+ void calcMasterSalt(std::string passphrase, uint16_t length);
#endif
- KeyDerivation(const KeyDerivation & src);
- friend class boost::serialization::access;
- template<class Archive>
- void serialize(Archive & ar, const unsigned int version)
- {
- WritersLock lock(mutex_);
- ar & role_;
- ar & key_length_;
- ar & master_salt_;
- ar & master_key_;
+ KeyDerivation(const KeyDerivation& src);
+ friend class boost::serialization::access;
+ template<class Archive>
+ void serialize(Archive& ar, const unsigned int version) {
+ WritersLock lock(mutex_);
+ ar& role_;
+ ar& key_length_;
+ ar& master_salt_;
+ ar& master_key_;
updateMasterKey();
- }
+ }
bool is_initialized_;
role_t role_;
- u_int16_t key_length_;
+ uint16_t key_length_;
SyncBuffer master_salt_;
SyncBuffer master_key_;
SharedMutex mutex_;
};
-#if BOOST_VERSION <= 103500
+#if BOOST_VERSION <= 103500
BOOST_IS_ABSTRACT(KeyDerivation);
#else
BOOST_SERIALIZATION_ASSUME_ABSTRACT(KeyDerivation);
private:
void updateMasterKey() {};
- friend class boost::serialization::access;
- template<class Archive>
- void serialize(Archive & ar, const unsigned int version)
- {
- ar & boost::serialization::base_object<KeyDerivation>(*this);
- }
+ friend class boost::serialization::access;
+ template<class Archive>
+ void serialize(Archive& ar, const unsigned int version) {
+ ar& boost::serialization::base_object<KeyDerivation>(*this);
+ }
};
{
public:
AesIcmKeyDerivation();
- AesIcmKeyDerivation(u_int16_t key_length);
+ AesIcmKeyDerivation(uint16_t key_length);
~AesIcmKeyDerivation();
- static const u_int16_t DEFAULT_KEY_LENGTH = 128;
- static const u_int16_t CTR_LENGTH = 16;
- static const u_int16_t SALT_LENGTH = 14;
-
+ static const uint16_t DEFAULT_KEY_LENGTH = 128;
+ static const uint16_t CTR_LENGTH = 16;
+ static const uint16_t SALT_LENGTH = 14;
+
void init(Buffer key, Buffer salt, std::string passphrase = "");
bool generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key);
bool calcCtr(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr);
- friend class boost::serialization::access;
- template<class Archive>
- void serialize(Archive & ar, const unsigned int version)
- {
- ar & boost::serialization::base_object<KeyDerivation>(*this);
- }
+ friend class boost::serialization::access;
+ template<class Archive>
+ void serialize(Archive& ar, const unsigned int version) {
+ ar& boost::serialization::base_object<KeyDerivation>(*this);
+ }
-#ifndef USE_SSL_CRYPTO
- gcry_cipher_hd_t handle_[2];
-#else
+#if defined(USE_SSL_CRYPTO)
AES_KEY aes_key_[2];
- u_int8_t ecount_buf_[2][AES_BLOCK_SIZE];
+ uint8_t ecount_buf_[2][AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+ struct aes_ctx ctx_[2];
+#else // USE_GCRYPT is the default
+ gcry_cipher_hd_t handle_[2];
#endif
#ifdef _MSC_VER
- #pragma pack(push, 1)
-#endif
+#pragma pack(push, 1)
+#endif
union ATTR_PACKED key_derivation_aesctr_ctr_union {
- u_int8_t buf_[CTR_LENGTH];
+ uint8_t buf_[CTR_LENGTH];
struct ATTR_PACKED {
- u_int8_t buf_[SALT_LENGTH];
- u_int16_t zero_;
+ uint8_t buf_[SALT_LENGTH];
+ uint16_t zero_;
} salt_;
struct ATTR_PACKED {
- u_int8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)];
+ uint8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)];
satp_prf_label_t label_;
seq_nr_t seq_;
- u_int16_t zero_;
+ uint16_t zero_;
} params_;
} ctr_[2];
-#ifdef _MSC_VER
- #pragma pack(pop)
+#ifdef _MSC_VER
+#pragma pack(pop)
#endif
};
#endif
#endif
-