4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007 anytun.org <satp@wirdorange.org>
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2
18 * as published by the Free Software Foundation.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program (see the file COPYING included with this
27 * distribution); if not, write to the Free Software Foundation, Inc.,
28 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
34 #include "encryptedPacket.h"
40 //****** NullAuthAlgo ******
41 void NullAuthAlgo::generate(EncryptedPacket
& packet
)
45 bool NullAuthAlgo::checkTag(EncryptedPacket
& packet
)
50 u_int32_t
NullAuthAlgo::getMaxLength()
55 //****** Sha1AuthAlgo ******
57 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL
)
59 gcry_error_t err
= gcry_md_open( &ctx_
, GCRY_MD_SHA1
, GCRY_MD_FLAG_HMAC
);
61 cLog
.msg(Log::PRIO_CRIT
) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
64 Sha1AuthAlgo::~Sha1AuthAlgo()
67 gcry_md_close( ctx_
);
70 void Sha1AuthAlgo::setKey(Buffer
& key
)
75 gcry_error_t err
= gcry_md_setkey( ctx_
, key
.getBuf(), key
.getLength() );
78 cLog
.msg(Log::PRIO_ERR
) << "Sha1AuthAlgo::setKey: Failed to set cipher key: " << gpg_strerror_r(err
, buf
, NL_TEXTMAX
);
82 void Sha1AuthAlgo::generate(EncryptedPacket
& packet
)
84 if(!packet
.getAuthTagLength())
87 gcry_md_reset( ctx_
);
89 gcry_md_write( ctx_
, packet
.getAuthenticatedPortion(), packet
.getAuthenticatedPortionLength() );
90 gcry_md_final( ctx_
);
92 u_int8_t
* tag
= packet
.getAuthTag();
93 if(packet
.getAuthTagLength() > MAX_LENGTH_
)
94 std::memset(tag
, 0, (packet
.getAuthTagLength() - MAX_LENGTH_
));
96 u_int8_t
* hmac
= gcry_md_read(ctx_
, 0);
97 u_int32_t length
= (packet
.getAuthTagLength() < MAX_LENGTH_
) ? packet
.getAuthTagLength() : MAX_LENGTH_
;
98 std::memcpy(&tag
[packet
.getAuthTagLength() - length
], &hmac
[MAX_LENGTH_
- length
], length
);
101 bool Sha1AuthAlgo::checkTag(EncryptedPacket
& packet
)
103 if(!packet
.getAuthTagLength())
106 gcry_md_reset( ctx_
);
108 gcry_md_write( ctx_
, packet
.getAuthenticatedPortion(), packet
.getAuthenticatedPortionLength() );
109 gcry_md_final( ctx_
);
111 u_int8_t
* tag
= packet
.getAuthTag();
112 if(packet
.getAuthTagLength() > MAX_LENGTH_
)
113 for(u_int32_t i
=0; i
< (packet
.getAuthTagLength() - MAX_LENGTH_
); ++i
)
114 if(tag
[i
]) return false;
116 u_int8_t
* hmac
= gcry_md_read(ctx_
, 0);
117 u_int32_t length
= (packet
.getAuthTagLength() < MAX_LENGTH_
) ? packet
.getAuthTagLength() : MAX_LENGTH_
;
118 if(std::memcmp(&tag
[packet
.getAuthTagLength() - length
], &hmac
[MAX_LENGTH_
- length
], length
))
124 u_int32_t
Sha1AuthAlgo::getMaxLength()