X-Git-Url: https://git.syn-net.org/debian/?a=blobdiff_plain;f=src%2Fcipher.h;h=e47dab947d1ce380390ae7399d9d3f47762a0dfc;hb=ad05e83616ca7c348db398c0fd6d5c4acce49fae;hp=3d922c050886e9fa16a73cb51a4024d474dfa3ed;hpb=058ae090a970436caec3b3059e9e18b310dd6b0d;p=anytun.git diff --git a/src/cipher.h b/src/cipher.h index 3d922c0..e47dab9 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -6,19 +6,20 @@ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel * mode and allows tunneling of every ETHER TYPE protocol (e.g. * ethernet, ip, arp ...). satp directly includes cryptography and - * message authentication based on the methodes used by SRTP. It is + * message authentication based on the methods used by SRTP. It is * intended to deliver a generic, scaleable and secure solution for * tunneling and relaying of packets of any protocol. * * - * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl, + * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. * * Anytun is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 3 as - * published by the Free Software Foundation. + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. * * Anytun is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -26,11 +27,24 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with anytun. If not, see . + * along with Anytun. If not, see . + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. */ -#ifndef _CIPHER_H_ -#define _CIPHER_H_ +#ifndef ANYTUN_cipher_h_INCLUDED +#define ANYTUN_cipher_h_INCLUDED #include "datatypes.h" #include "buffer.h" @@ -39,11 +53,17 @@ #include "keyDerivation.h" #ifndef NO_CRYPT -#ifndef USE_SSL_CRYPTO -#include -#else + +#if defined(USE_SSL_CRYPTO) +#include #include +#include +#elif defined(USE_NETTLE) +#include +#else // USE_GCRYPT is the default +#include #endif + #endif class Cipher @@ -53,12 +73,12 @@ public: Cipher(kd_dir_t d) : dir_(d) {}; virtual ~Cipher() {}; - void encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - void decrypt(KeyDerivation& kd, EncryptedPacket & in, PlainPacket & out); - + void encrypt(KeyDerivation& kd, PlainPacket& in, EncryptedPacket& out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + void decrypt(KeyDerivation& kd, EncryptedPacket& in, PlainPacket& out); + protected: - virtual u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; - virtual u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; + virtual uint32_t cipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; + virtual uint32_t decipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; kd_dir_t dir_; }; @@ -68,8 +88,8 @@ protected: class NullCipher : public Cipher { protected: - u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + uint32_t cipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + uint32_t decipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); }; #ifndef NO_CRYPT @@ -79,52 +99,55 @@ class AesIcmCipher : public Cipher { public: AesIcmCipher(kd_dir_t d); - AesIcmCipher(kd_dir_t d, u_int16_t key_length); + AesIcmCipher(kd_dir_t d, uint16_t key_length); ~AesIcmCipher(); - - static const u_int16_t DEFAULT_KEY_LENGTH = 128; - static const u_int16_t CTR_LENGTH = 16; - static const u_int16_t SALT_LENGTH = 14; + + static const uint16_t DEFAULT_KEY_LENGTH = 128; + static const uint16_t CTR_LENGTH = 16; + static const uint16_t SALT_LENGTH = 14; protected: - u_int32_t cipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + uint32_t cipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + uint32_t decipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); private: - void init(u_int16_t key_length = DEFAULT_KEY_LENGTH); + void init(uint16_t key_length = DEFAULT_KEY_LENGTH); void calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); - void calc(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + void calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); -#ifndef USE_SSL_CRYPTO - gcry_cipher_hd_t handle_; -#else +#if defined(USE_SSL_CRYPTO) AES_KEY aes_key_; - u_int8_t ecount_buf_[AES_BLOCK_SIZE]; + uint8_t ecount_buf_[AES_BLOCK_SIZE]; +#elif defined(USE_NETTLE) + struct aes_ctx ctx_; +#else // USE_GCRYPT is the default + gcry_cipher_hd_t handle_; #endif + Buffer key_; Buffer salt_; #ifdef _MSC_VER - #pragma pack(push, 1) +#pragma pack(push, 1) #endif union ATTR_PACKED cipher_aesctr_ctr_union { - u_int8_t buf_[CTR_LENGTH]; + uint8_t buf_[CTR_LENGTH]; struct ATTR_PACKED { - u_int8_t buf_[SALT_LENGTH]; - u_int16_t zero_; + uint8_t buf_[SALT_LENGTH]; + uint16_t zero_; } salt_; - struct ATTR_PACKED { - u_int8_t fill_[SALT_LENGTH - sizeof(mux_t) - sizeof(sender_id_t) - 2*sizeof(u_int8_t) - sizeof(seq_nr_t)]; + struct ATTR_PACKED { + uint8_t fill_[SALT_LENGTH - sizeof(mux_t) - sizeof(sender_id_t) - 2*sizeof(uint8_t) - sizeof(seq_nr_t)]; mux_t mux_; sender_id_t sender_id_; - u_int8_t empty_[2]; + uint8_t empty_[2]; seq_nr_t seq_nr_; - u_int16_t zero_; + uint16_t zero_; } params_; } ctr_; #ifdef _MSC_VER - #pragma pack(pop) +#pragma pack(pop) #endif }; #endif