4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License version 3 as
21 * published by the Free Software Foundation.
23 * Anytun is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with anytun. If not, see <http://www.gnu.org/licenses/>.
35 #include "encryptedPacket.h"
41 //****** NullAuthAlgo ******
42 void NullAuthAlgo::generate(EncryptedPacket
& packet
)
46 bool NullAuthAlgo::checkTag(EncryptedPacket
& packet
)
51 u_int32_t
NullAuthAlgo::getMaxLength()
56 //****** Sha1AuthAlgo ******
58 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL
)
60 gcry_error_t err
= gcry_md_open( &ctx_
, GCRY_MD_SHA1
, GCRY_MD_FLAG_HMAC
);
62 cLog
.msg(Log::PRIO_CRIT
) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
65 Sha1AuthAlgo::~Sha1AuthAlgo()
68 gcry_md_close( ctx_
);
71 void Sha1AuthAlgo::setKey(Buffer
& key
)
76 gcry_error_t err
= gcry_md_setkey( ctx_
, key
.getBuf(), key
.getLength() );
78 char buf
[STERROR_TEXT_MAX
];
80 cLog
.msg(Log::PRIO_ERR
) << "Sha1AuthAlgo::setKey: Failed to set cipher key: " << gpg_strerror_r(err
, buf
, STERROR_TEXT_MAX
);
84 void Sha1AuthAlgo::generate(EncryptedPacket
& packet
)
86 if(!packet
.getAuthTagLength())
89 gcry_md_reset( ctx_
);
91 gcry_md_write( ctx_
, packet
.getAuthenticatedPortion(), packet
.getAuthenticatedPortionLength() );
92 gcry_md_final( ctx_
);
94 u_int8_t
* tag
= packet
.getAuthTag();
95 if(packet
.getAuthTagLength() > MAX_LENGTH_
)
96 std::memset(tag
, 0, (packet
.getAuthTagLength() - MAX_LENGTH_
));
98 u_int8_t
* hmac
= gcry_md_read(ctx_
, 0);
99 u_int32_t length
= (packet
.getAuthTagLength() < MAX_LENGTH_
) ? packet
.getAuthTagLength() : MAX_LENGTH_
;
100 std::memcpy(&tag
[packet
.getAuthTagLength() - length
], &hmac
[MAX_LENGTH_
- length
], length
);
103 bool Sha1AuthAlgo::checkTag(EncryptedPacket
& packet
)
105 if(!packet
.getAuthTagLength())
108 gcry_md_reset( ctx_
);
110 gcry_md_write( ctx_
, packet
.getAuthenticatedPortion(), packet
.getAuthenticatedPortionLength() );
111 gcry_md_final( ctx_
);
113 u_int8_t
* tag
= packet
.getAuthTag();
114 if(packet
.getAuthTagLength() > MAX_LENGTH_
)
115 for(u_int32_t i
=0; i
< (packet
.getAuthTagLength() - MAX_LENGTH_
); ++i
)
116 if(tag
[i
]) return false;
118 u_int8_t
* hmac
= gcry_md_read(ctx_
, 0);
119 u_int32_t length
= (packet
.getAuthTagLength() < MAX_LENGTH_
) ? packet
.getAuthTagLength() : MAX_LENGTH_
;
120 if(std::memcmp(&tag
[packet
.getAuthTagLength() - length
], &hmac
[MAX_LENGTH_
- length
], length
))
126 u_int32_t
Sha1AuthAlgo::getMaxLength()