From 9cb202abbdaa937b52f754c88207a715b05c3f16 Mon Sep 17 00:00:00 2001
From: equinox <equinox@2edecd69-f0ce-4815-94af-351a89d40aaa>
Date: Tue, 19 Feb 2008 21:37:22 +0000
Subject: [PATCH] further cleanups

git-svn-id: https://anytun.org/svn/anytun@289 2edecd69-f0ce-4815-94af-351a89d40aaa
---
 anytun.cpp        | 67 ++++++++++++++++++++++++++-----------------------------
 authAlgo.cpp      | 37 ++++++------------------------
 authAlgo.h        | 35 ++++++++++++++---------------
 cipher.cpp        |  9 +++-----
 cipher.h          | 18 ++++++++-------
 connectionParam.h |  6 +++--
 6 files changed, 73 insertions(+), 99 deletions(-)

diff --git a/anytun.cpp b/anytun.cpp
index 2e03be3..2b661ff 100644
--- a/anytun.cpp
+++ b/anytun.cpp
@@ -207,11 +207,11 @@ void* syncListener(void* p )
 
 	if (l.Bind(param->opt.getLocalSyncPort()))
 		pthread_exit(NULL);
+
 	Utility::ResolveLocal(); // resolve local hostname
 	h.Add(&l);
 	h.Select(1,0);
-	while (1)
-	{
+	while (1) {
 		h.Select(1,0);
 	}
 }
@@ -296,7 +296,7 @@ void* receiver(void* p)
 }
 
 #define MIN_GCRYPT_VERSION "1.2.3"
-#define GCRYPT_SEC_MEM 32768    // 32k secure memory
+//#define GCRYPT_SEC_MEM 32768    // 32k secure memory
 // make libgcrypt thread safe
 extern "C" {
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
@@ -304,42 +304,38 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
 
 bool initLibGCrypt()
 {
-  // make libgcrypt thread safe
+  // make libgcrypt thread safe 
+  // this must be called before any other libgcrypt call
   gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread );
 
-  gcry_error_t err;
-      // No other library has already initialized libgcrypt.
-  if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) )
-  {
-    if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
-      cLog.msg(Log::PRIO_ERR) << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
-      std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
-      return false;
-    }
-    
-    // do NOT allocate a pool uof secure memory!   Q@NINE?
-    // this is NOT thread safe! ??????????????????????????????????   why secure memory????????
-    
-    /* Allocate a pool of 16k secure memory.  This also drops priviliges
-     * on some systems. */
-    err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
-    if( err )
-    {
-      cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err );
-      std::cout << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err ) << std::endl;
-      return false;
-    }
-
-        /* Tell Libgcrypt that initialization has completed. */
-    err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
-    if( err ) {
-      cLog.msg(Log::PRIO_ERR) << "initLibGCrypt: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err );
-      std::cout << "initLibGCrypt: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ) << std::endl;
-      return false;
-    }
+  // this must be called right after the GCRYCTL_SET_THREAD_CBS command
+  // no other function must be called till now
+  if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
+    std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
+    return false;
+  }
+  
+  // do NOT allocate a pool uof secure memory!   Q@NINE?
+  // this is NOT thread safe! ??????????????????????????????????   why secure memory????????
+  
+  /* Allocate a pool of 16k secure memory.  This also drops priviliges
+   * on some systems. */
+//   err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
+//   if( err )
+//   {
+//     cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err );
+//     std::cout << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err ) << std::endl;
+//     return false;
+//   }
+  
+  // Tell Libgcrypt that initialization has completed.
+  gcry_error_t err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
+  if( err ) {
+    std::cout << "initLibGCrypt: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ) << std::endl;
+    return false;
   }
-  cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
 
+  cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
   return true;
 }
 
@@ -378,6 +374,7 @@ int main(int argc, char* argv[])
   cLog.msg(Log::PRIO_NOTICE) << "dev opened - actual name is '" << p.dev.getActualName() << "'";
   cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << p.dev.getTypeString() << "'";
 
+  // this must be called before any other libgcrypt call
   if(!initLibGCrypt())
     return -1;
 
diff --git a/authAlgo.cpp b/authAlgo.cpp
index 4b5515e..3b1967e 100644
--- a/authAlgo.cpp
+++ b/authAlgo.cpp
@@ -36,45 +36,20 @@
 
 #include <gcrypt.h>
 
+//****** NullAuthAlgo ******
 
 AuthTag NullAuthAlgo::calc(const Buffer& buf)
 {
   return AuthTag(0);
 }
 
-const char* Sha1AuthAlgo::MIN_GCRYPT_VERSION = "1.2.3";
+//****** Sha1AuthAlgo ******
 
-// HMAC_SHA1
 Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
 {
   Lock lock(mutex_);
-  gcry_error_t err;
-  // No other library has already initialized libgcrypt.
-  if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) )
-  {
-    if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
-      cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::Sha1AuthAlgo: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
-      return;
-    }
-
-    /* Allocate a pool of secure memory.  
-     * This also drops priviliges on some systems. */
-    err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
-    if( err ) {
-      cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << "bytes of secure memory: " << gpg_strerror( err );
-      return;
-    }
-        
-    /* Tell Libgcrypt that initialization has completed. */
-    err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
-    if( err ) {
-      cLog.msg(Log::PRIO_CRIT) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err );
-      return;
-    } else {
-      cLog.msg(Log::PRIO_DEBUG) << "Sha1AuthAlgo::Sha1AuthAlgo: libgcrypt init finished";
-    }
-  }
-  err = gcry_md_open( &ctx_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC );
+
+  gcry_error_t err = gcry_md_open( &ctx_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC );
   if( err )
     cLog.msg(Log::PRIO_CRIT) << "Sha1AuthAlgo::Sha1AuthAlgo: Failed to open message digest algo";
 }
@@ -82,6 +57,7 @@ Sha1AuthAlgo::Sha1AuthAlgo() : ctx_(NULL)
 Sha1AuthAlgo::~Sha1AuthAlgo()
 {
   Lock lock(mutex_);
+
   gcry_md_close( ctx_ );
   cLog.msg(Log::PRIO_DEBUG) << "Sha1AuthAlgo::~Sha1AuthAlgo: closed hmac handler";
 }
@@ -89,16 +65,17 @@ Sha1AuthAlgo::~Sha1AuthAlgo()
 void Sha1AuthAlgo::setKey(Buffer key)
 {
   Lock lock(mutex_);
+
   gcry_error_t err;
   err = gcry_md_setkey( ctx_, key.getBuf(), key.getLength() );
   if( err )
     cLog.msg(Log::PRIO_ERR) << "Sha1AuthAlgo::setKey: Failed to set cipher key: " << gpg_strerror( err );
 }
 
-
 AuthTag Sha1AuthAlgo::calc(const Buffer& buf)
 {
   Lock lock(mutex_);
+
   // gcry_error_t err;
   AuthTag hmac(10);      // 10byte
   gcry_mpi_t tmp = gcry_mpi_new(160);   // 20byte
diff --git a/authAlgo.h b/authAlgo.h
index e3a81be..bf72e32 100644
--- a/authAlgo.h
+++ b/authAlgo.h
@@ -44,22 +44,32 @@ public:
   AuthAlgo() {};
   virtual ~AuthAlgo() {};
 
-  virtual AuthTag calc(const Buffer& buf) { return AuthTag(0); };
-  virtual void setKey(Buffer key) {};
+  /**
+   * set the key for the auth algo
+   * @param key key for hmac calculation
+   */
+  virtual void setKey(Buffer key) = 0;
+
+  /**
+   * calculate the sha1 hmac
+   * @param buf buffer for message digest
+   * @return sha1 hmac
+   */
+  virtual AuthTag calc(const Buffer& buf) = 0;
 };
 
+//****** NullAuthAlgo ******
+
 class NullAuthAlgo : public AuthAlgo
 {
 public:
-  NullAuthAlgo() {};
   AuthTag calc(const Buffer& buf);
   void setKey(Buffer key) {};
 };
 
 
-/**
- * HMAC SHA1 Auth Tag Generator Class
- */
+//****** Sha1AuthAlgo ******
+//* HMAC SHA1 Auth Tag Generator Class
 
 class Sha1AuthAlgo : public AuthAlgo
 {
@@ -67,21 +77,10 @@ public:
   Sha1AuthAlgo();
   ~Sha1AuthAlgo();
 
-  /**
-   * set the key for the auth algo
-   * @param key key for hmac calculation
-   */
   void setKey(Buffer key);
-
-  /**
-   * calculate the sha1 hmac
-   * @param buf buffer for message digest
-   * @return sha1 hmac
-   */
   AuthTag calc(const Buffer& buf);
+
 protected:
-  static const char* MIN_GCRYPT_VERSION;
-  static const u_int32_t GCRYPT_SEC_MEM = 32768;    // 32k secure memory
   gcry_md_hd_t ctx_;
   Mutex mutex_;
 };
diff --git a/cipher.cpp b/cipher.cpp
index d68204c..2441080 100644
--- a/cipher.cpp
+++ b/cipher.cpp
@@ -38,6 +38,7 @@
 #include "mpi.h"
 #include "log.h"
 
+
 void Cipher::encrypt(const PlainPacket & in,EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id)
 {
 	cipher(out.payload_, in.complete_payload_ , in.complete_payload_length_, seq_nr, sender_id);
@@ -53,8 +54,7 @@ void Cipher::decrypt(const EncryptedPacket & in,PlainPacket & out)
 }
 
 
-
-//****** NullCipher ******
+//******* NullCipher *******
 
 void NullCipher::cipher(u_int8_t * out, u_int8_t * in, u_int32_t length, seq_nr_t seq_nr, sender_id_t sender_id)
 {
@@ -62,15 +62,12 @@ void NullCipher::cipher(u_int8_t * out, u_int8_t * in, u_int32_t length, seq_nr_
 }
 
 
-
 //****** AesIcmCipher ****** 
 
 AesIcmCipher::AesIcmCipher() : salt_(Buffer(14))   // Q@NINE 14??????
 {
-  gcry_error_t err;
-
       // TODO: hardcoded keysize!!!!!
-  err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
+  gcry_error_t err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
   if( err )
     cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: Failed to open cipher";
 }
diff --git a/cipher.h b/cipher.h
index 7ff9e01..cabb076 100644
--- a/cipher.h
+++ b/cipher.h
@@ -42,15 +42,16 @@
 class Cipher
 {
 public:
-  Cipher() {};
   virtual ~Cipher() {};
- 
-  void setKey(Buffer key) {};
-  void setSalt(Buffer salt) {};
+
 	void encrypt(const PlainPacket & in,EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id);
 	void decrypt(const EncryptedPacket & in,PlainPacket & out);
-private:
-  virtual void cipher(u_int8_t * in, u_int8_t * out, u_int32_t length, seq_nr_t seq_nr, sender_id_t sender_id) {};
+
+  virtual void setKey(Buffer key) = 0;
+  virtual void setSalt(Buffer salt) = 0;
+
+protected:
+  virtual void cipher(u_int8_t * in, u_int8_t * out, u_int32_t length, seq_nr_t seq_nr, sender_id_t sender_id) = 0;
 };
 
 //****** NullCipher ******
@@ -58,8 +59,9 @@ private:
 class NullCipher : public Cipher
 {
 public:
-  NullCipher() {};
-  ~NullCipher() {};
+  void setKey(Buffer key) {};
+  void setSalt(Buffer salt) {};
+
 protected:
   void cipher(u_int8_t * in, u_int8_t * out, u_int32_t length, seq_nr_t seq_nr, sender_id_t sender_id);
 };
diff --git a/connectionParam.h b/connectionParam.h
index 0861a6c..af89935 100644
--- a/connectionParam.h
+++ b/connectionParam.h
@@ -44,15 +44,17 @@
 class ConnectionParam
 {
 public:
+	ConnectionParam(const ConnectionParam & src);
 	ConnectionParam( KeyDerivation& kd, SeqWindow& seq_window, seq_nr_t seq_nr_, std::string remote_host, u_int16_t remote_port);
+
   KeyDerivation& kd_;
   SeqWindow& seq_window_;
 	seq_nr_t seq_nr_;
   std::string remote_host_;
   u_int16_t remote_port_;
-	ConnectionParam(const ConnectionParam & src);
+
 private:
-//TODO check if this is ok
+  //TODO: check if this is ok
 	Mutex mutex_;
   friend class boost::serialization::access;
   template<class Archive>
-- 
2.11.4.GIT