X-Git-Url: https://git.syn-net.org/debian/?a=blobdiff_plain;ds=sidebyside;f=src%2FkeyDerivation.h;h=3290b3e763c78a8556ec00fca168387720aa9c43;hb=9cfd2667ea33ecc2590aca729726992b9af1729d;hp=12d370ca46b8011b56e56366b304e859ae41f824;hpb=058ae090a970436caec3b3059e9e18b310dd6b0d;p=anytun.git diff --git a/src/keyDerivation.h b/src/keyDerivation.h index 12d370c..3290b3e 100644 --- a/src/keyDerivation.h +++ b/src/keyDerivation.h @@ -6,19 +6,20 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * * - * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl, + * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. * * Anytun is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 3 as - * published by the Free Software Foundation. + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. * * Anytun is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -26,11 +27,24 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with anytun. If not, see . + * along with Anytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ -#ifndef _KEYDERIVATION_H_ -#define _KEYDERIVATION_H_ +#ifndef ANYTUN_keyDerivation_h_INCLUDED +#define ANYTUN_keyDerivation_h_INCLUDED #include "datatypes.h" #include "buffer.h" @@ -39,14 +53,19 @@ #include "options.h" #ifndef NO_CRYPT -#ifndef USE_SSL_CRYPTO -#include -#else + +#if defined(USE_SSL_CRYPTO) #include +#elif defined(USE_NETTLE) +#include +#else // USE_GCRYPT is the default +#include #endif + #endif #include #include +#include #define LABEL_ENC 0 #define LABEL_AUTH 1 @@ -65,7 +84,7 @@ class KeyDerivation { public: KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), key_length_(0), master_salt_(0), master_key_(0) {}; - KeyDerivation(u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {}; + KeyDerivation(uint16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {}; virtual ~KeyDerivation() {}; void setRole(const role_t role); @@ -75,39 +94,38 @@ public: virtual std::string printType() { return "GenericKeyDerivation"; }; - satp_prf_label_t convertLabel(kd_dir_t dir, satp_prf_label_t label); + satp_prf_label_t convertLabel(kd_dir_t dir, satp_prf_label_t label); protected: virtual void updateMasterKey() = 0; - + #ifndef NO_PASSPHRASE - void calcMasterKey(std::string passphrase, u_int16_t length); - void calcMasterSalt(std::string passphrase, u_int16_t length); + void calcMasterKey(std::string passphrase, uint16_t length); + void calcMasterSalt(std::string passphrase, uint16_t length); #endif - KeyDerivation(const KeyDerivation & src); - friend class boost::serialization::access; - template - void serialize(Archive & ar, const unsigned int version) - { - WritersLock lock(mutex_); - ar & role_; - ar & key_length_; - ar & master_salt_; - ar & master_key_; + KeyDerivation(const KeyDerivation& src); + friend class boost::serialization::access; + template + void serialize(Archive& ar, const unsigned int version) { + WritersLock lock(mutex_); + ar& role_; + ar& key_length_; + ar& master_salt_; + ar& master_key_; updateMasterKey(); - } + } bool is_initialized_; role_t role_; - u_int16_t key_length_; + uint16_t key_length_; SyncBuffer master_salt_; SyncBuffer master_key_; SharedMutex mutex_; }; -#if BOOST_VERSION <= 103500 +#if BOOST_VERSION <= 103500 BOOST_IS_ABSTRACT(KeyDerivation); #else BOOST_SERIALIZATION_ASSUME_ABSTRACT(KeyDerivation); @@ -129,12 +147,11 @@ public: private: void updateMasterKey() {}; - friend class boost::serialization::access; - template - void serialize(Archive & ar, const unsigned int version) - { - ar & boost::serialization::base_object(*this); - } + friend class boost::serialization::access; + template + void serialize(Archive& ar, const unsigned int version) { + ar& boost::serialization::base_object(*this); + } }; @@ -145,13 +162,13 @@ class AesIcmKeyDerivation : public KeyDerivation { public: AesIcmKeyDerivation(); - AesIcmKeyDerivation(u_int16_t key_length); + AesIcmKeyDerivation(uint16_t key_length); ~AesIcmKeyDerivation(); - static const u_int16_t DEFAULT_KEY_LENGTH = 128; - static const u_int16_t CTR_LENGTH = 16; - static const u_int16_t SALT_LENGTH = 14; - + static const uint16_t DEFAULT_KEY_LENGTH = 128; + static const uint16_t CTR_LENGTH = 16; + static const uint16_t SALT_LENGTH = 14; + void init(Buffer key, Buffer salt, std::string passphrase = ""); bool generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key); @@ -162,42 +179,42 @@ private: bool calcCtr(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr); - friend class boost::serialization::access; - template - void serialize(Archive & ar, const unsigned int version) - { - ar & boost::serialization::base_object(*this); - } + friend class boost::serialization::access; + template + void serialize(Archive& ar, const unsigned int version) { + ar& boost::serialization::base_object(*this); + } -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_[2]; -#else +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_[2]; - u_int8_t ecount_buf_[2][AES_BLOCK_SIZE]; + uint8_t ecount_buf_[2][AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + struct aes_ctx ctx_[2]; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_[2]; #endif #ifdef _MSC_VER - #pragma pack(push, 1) -#endif +#pragma pack(push, 1) +#endif union ATTR_PACKED key_derivation_aesctr_ctr_union { - u_int8_t buf_[CTR_LENGTH]; + uint8_t buf_[CTR_LENGTH]; struct ATTR_PACKED { - u_int8_t buf_[SALT_LENGTH]; - u_int16_t zero_; + uint8_t buf_[SALT_LENGTH]; + uint16_t zero_; } salt_; struct ATTR_PACKED { - u_int8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)]; + uint8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)]; satp_prf_label_t label_; seq_nr_t seq_; - u_int16_t zero_; + uint16_t zero_; } params_; } ctr_[2]; -#ifdef _MSC_VER - #pragma pack(pop) +#ifdef _MSC_VER +#pragma pack(pop) #endif }; #endif #endif -