X-Git-Url: https://git.syn-net.org/debian/?p=anytun.git;a=blobdiff_plain;f=src%2FauthAlgo.cpp;h=8317e9ec4294056f860132439e32485398ce94c4;hp=f9228c6f2d285dd278ed08f8526559d8f2e9ca88;hb=ef0cacf2508418915d3f64b04003be3c13fed3cc;hpb=ece844834d2cecc028ce81ca283f5d441088580e diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp index f9228c6..8317e9e 100644 --- a/src/authAlgo.cpp +++ b/src/authAlgo.cpp @@ -11,7 +11,7 @@ * tunneling and relaying of packets of any protocol. * * - * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, + * Copyright (C) 2007-2009 Othmar Gsenger, Erwin Nindl, * Christian Pointner * * This file is part of Anytun. @@ -59,7 +59,7 @@ Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH) if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo"; return; - } + } #else HMAC_CTX_init(&ctx_); HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL); @@ -69,49 +69,53 @@ Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH) Sha1AuthAlgo::~Sha1AuthAlgo() { #ifndef USE_SSL_CRYPTO - if(handle_) + if(handle_) { gcry_md_close(handle_); + } #else HMAC_CTX_cleanup(&ctx_); -#endif +#endif } void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) { #ifndef USE_SSL_CRYPTO - if(!handle_) + if(!handle_) { return; + } #endif packet.addAuthTag(); - if(!packet.getAuthTagLength()) + if(!packet.getAuthTagLength()) { return; - + } + kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_); #ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength()); if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err); return; - } + } gcry_md_reset(handle_); gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); gcry_md_final(handle_); - u_int8_t* hmac = gcry_md_read(handle_, 0); + uint8_t* hmac = gcry_md_read(handle_, 0); #else HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); - u_int8_t hmac[DIGEST_LENGTH]; + uint8_t hmac[DIGEST_LENGTH]; HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); HMAC_Final(&ctx_, hmac, NULL); #endif - u_int8_t* tag = packet.getAuthTag(); - u_int32_t length = (packet.getAuthTagLength() < DIGEST_LENGTH) ? packet.getAuthTagLength() : DIGEST_LENGTH; + uint8_t* tag = packet.getAuthTag(); + uint32_t length = (packet.getAuthTagLength() < DIGEST_LENGTH) ? packet.getAuthTagLength() : DIGEST_LENGTH; - if(length > DIGEST_LENGTH) + if(length > DIGEST_LENGTH) { std::memset(tag, 0, packet.getAuthTagLength()); + } std::memcpy(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length); } @@ -119,13 +123,15 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet) bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) { #ifndef USE_SSL_CRYPTO - if(!handle_) + if(!handle_) { return false; + } #endif packet.withAuthTag(true); - if(!packet.getAuthTagLength()) + if(!packet.getAuthTagLength()) { return true; + } kd.generate(dir_, LABEL_AUTH, packet.getSeqNr(), key_); #ifndef USE_SSL_CRYPTO @@ -133,36 +139,35 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet) if(err) { cLog.msg(Log::PRIO_ERROR) << "Sha1AuthAlgo::setKey: Failed to set hmac key: " << AnytunGpgError(err); return false; - } - + } + gcry_md_reset(handle_); gcry_md_write(handle_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); gcry_md_final(handle_); - u_int8_t* hmac = gcry_md_read(handle_, 0); + uint8_t* hmac = gcry_md_read(handle_, 0); #else HMAC_Init_ex(&ctx_, key_.getBuf(), key_.getLength(), EVP_sha1(), NULL); - - u_int8_t hmac[DIGEST_LENGTH]; + + uint8_t hmac[DIGEST_LENGTH]; HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength()); HMAC_Final(&ctx_, hmac, NULL); #endif - u_int8_t* tag = packet.getAuthTag(); - u_int32_t length = (packet.getAuthTagLength() < DIGEST_LENGTH) ? packet.getAuthTagLength() : DIGEST_LENGTH; + uint8_t* tag = packet.getAuthTag(); + uint32_t length = (packet.getAuthTagLength() < DIGEST_LENGTH) ? packet.getAuthTagLength() : DIGEST_LENGTH; if(length > DIGEST_LENGTH) - for(u_int32_t i=0; i < (packet.getAuthTagLength() - DIGEST_LENGTH); ++i) - if(tag[i]) return false; + for(uint32_t i=0; i < (packet.getAuthTagLength() - DIGEST_LENGTH); ++i) + if(tag[i]) { return false; } int ret = std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[DIGEST_LENGTH - length], length); packet.removeAuthTag(); - - if(ret) - return false; + if(ret) { + return false; + } + return true; - } #endif -