fixed typo
[anytun.git] / authAlgo.cpp
blob6b1c9ecb8b51c93d1ab74520ac431db056736cbc
1 /*
2 * anytun
4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007 anytun.org <satp@wirdorange.org>
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2
18 * as published by the Free Software Foundation.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program (see the file COPYING included with this
27 * distribution); if not, write to the Free Software Foundation, Inc.,
28 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31 #include "authAlgo.h"
32 #include "log.h"
33 #include "buffer.h"
34 #include "encryptedPacket.h"
36 #include <iostream>
38 #include <gcrypt.h>
40 //****** NullAuthAlgo ******
41 void NullAuthAlgo::generate(EncryptedPacket& packet)
45 bool NullAuthAlgo::checkTag(EncryptedPacket& packet)
47 return true;
50 u_int32_t NullAuthAlgo::getMaxLength()
52 return MAX_LENGTH_;
55 //****** Sha1AuthAlgo ******
57 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
59 gcry_error_t err = gcry_md_open( &ctx_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC );
60 if( err )
61 cLog.msg(Log::PRIO_CRIT) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
64 Sha1AuthAlgo::~Sha1AuthAlgo()
66 if(ctx_)
67 gcry_md_close( ctx_ );
70 void Sha1AuthAlgo::setKey(Buffer& key)
72 if(!ctx_)
73 return;
75 gcry_error_t err = gcry_md_setkey( ctx_, key.getBuf(), key.getLength() );
76 if( err )
77 cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set cipher key: " << gpg_strerror( err );
80 void Sha1AuthAlgo::generate(EncryptedPacket& packet)
82 if(!packet.getAuthTagLength())
83 return;
85 gcry_md_reset( ctx_ );
87 gcry_md_write( ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength() );
88 gcry_md_final( ctx_ );
90 u_int8_t* tag = packet.getAuthTag();
91 if(packet.getAuthTagLength() > MAX_LENGTH_)
92 std::memset(tag, 0, (packet.getAuthTagLength() - MAX_LENGTH_));
94 u_int8_t* hmac = gcry_md_read(ctx_, 0);
95 u_int32_t length = (packet.getAuthTagLength() < MAX_LENGTH_) ? packet.getAuthTagLength() : MAX_LENGTH_;
96 std::memcpy(&tag[packet.getAuthTagLength() - length], &hmac[MAX_LENGTH_ - length], length);
99 bool Sha1AuthAlgo::checkTag(EncryptedPacket& packet)
101 if(!packet.getAuthTagLength())
102 return true;
104 gcry_md_reset( ctx_ );
106 gcry_md_write( ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength() );
107 gcry_md_final( ctx_ );
109 u_int8_t* tag = packet.getAuthTag();
110 if(packet.getAuthTagLength() > MAX_LENGTH_)
111 for(u_int32_t i=0; i < (packet.getAuthTagLength() - MAX_LENGTH_); ++i)
112 if(tag[i]) return false;
114 u_int8_t* hmac = gcry_md_read(ctx_, 0);
115 u_int32_t length = (packet.getAuthTagLength() < MAX_LENGTH_) ? packet.getAuthTagLength() : MAX_LENGTH_;
116 if(std::memcmp(&tag[packet.getAuthTagLength() - length], &hmac[MAX_LENGTH_ - length], length))
117 return false;
119 return true;
122 u_int32_t Sha1AuthAlgo::getMaxLength()
124 return MAX_LENGTH_;