src/authAlgo.h

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
  15  *                          Christian Pointner <satp@wirdorange.org>
  16  *
  17  *  This file is part of Anytun.
  18  *
  19  *  Anytun is free software: you can redistribute it and/or modify
  20  *  it under the terms of the GNU General Public License version 3 as
  21  *  published by the Free Software Foundation.
  22  *
  23  *  Anytun is distributed in the hope that it will be useful,
  24  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  25  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  26  *  GNU General Public License for more details.
  27  *
  28  *  You should have received a copy of the GNU General Public License
  29  *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
  30  */
  31
  32 #ifndef _AUTHALGO_H_
  33 #define _AUTHALGO_H_
  34
  35 #include "datatypes.h"
  36 #include "buffer.h"
  37 #include "encryptedPacket.h"
  38
  39 #ifndef NOCRYPT
  40 #ifndef USE_SSL_CRYPTO
  41 #include <gcrypt.h>
  42 #else
  43 #include <openssl/hmac.h>
  44 #endif
  45 #endif
  46 #include "keyDerivation.h"
  47
  48 class AuthAlgo
  49 {
  50 public:
  51   AuthAlgo() : dir_(KD_INBOUND) {};
  52   AuthAlgo(kd_dir_t d) : dir_(d) {};
  53   virtual ~AuthAlgo() {};
  54
  55   /**
  56    * generate the mac
  57    * @param packet the packet to be authenticated
  58    */
  59   virtual void generate(KeyDerivation& kd, EncryptedPacket& packet) = 0;
  60
  61   /**
  62    * check the mac
  63    * @param packet the packet to be authenticated
  64    */
  65   virtual bool checkTag(KeyDerivation& kd, EncryptedPacket& packet) = 0;
  66
  67 protected:
  68   kd_dir_t dir_;
  69 };
  70
  71 //****** NullAuthAlgo ******
  72
  73 class NullAuthAlgo : public AuthAlgo
  74 {
  75 public:
  76   void generate(KeyDerivation& kd, EncryptedPacket& packet);
  77   bool checkTag(KeyDerivation& kd, EncryptedPacket& packet);
  78 };
  79
  80 #ifndef NOCRYPT
  81 //****** Sha1AuthAlgo ******
  82 //* HMAC SHA1 Auth Tag Generator Class
  83
  84 class Sha1AuthAlgo : public AuthAlgo
  85 {
  86 public:
  87   Sha1AuthAlgo(kd_dir_t d);
  88   ~Sha1AuthAlgo();
  89
  90   void generate(KeyDerivation& kd, EncryptedPacket& packet);
  91   bool checkTag(KeyDerivation& kd, EncryptedPacket& packet);
  92
  93   static const u_int32_t DIGEST_LENGTH = 20;
  94
  95 private:
  96 #ifndef USE_SSL_CRYPTO
  97   gcry_md_hd_t handle_;
  98 #else
  99   HMAC_CTX ctx_;
 100 #endif
 101
 102   Buffer key_;
 103 };
 104 #endif
 105
 106 #endif