security.c

包括ＥＰＡ协议栈

#include "tcpip.h"
#include "epa.h"
#include "variable.h"
#include <string.h>
#include "nsmib.h"
#include "aes.h"
#include "acctrl.h"
#include "md5.h"
#include "ptimer.h"
#include "security.h"

void NSInit() {
	ACCtrlInit();
}

uint8 NSVerify(PSock psock) {
	uint8  sec_type;
	uint16 ori_len;
	
	if(SECinmd(psock)) {
		return EPA_PKTVERIFY_ERR;
	}
	SECdecrypt(psock);
	sec_type = psock->payload[0];
	n2h16(psock->payload + 2, &ori_len);
	ShiftSock(psock, PROTOCOL_EPA_NSFB, PROTOCOL_EPA_FB);
	psock->length = ori_len;
	return EPA_NO_ERR;
}


void SECencrypt(PSock psock)
{
	uint16 orilen;  //original len
	uint16 padlen;  //经过填充之后的长度;
	uint8 i;
	Time   timestamp;
	
	orilen = psock->length;
	h2n16(orilen, psock->payload + 2);//将原来报文长度保存在安全头里面;
	
	Getime(&timestamp);
	h2n32(timestamp.secs, psock->payload + 4);
	h2n32(timestamp.nasecs, psock->payload + 8);
	
	//长度不是16的倍数,需要填充;
	if(orilen < 16)              //比16小的情况;
	{
		for(i = 0; i < (16 - orilen % 16); i++)
			psock->payload[orilen + i] = 9;
		padlen = orilen + 16 - orilen%16;
	}
	else
	{
		if(orilen % 16 != 0)     //比16大的情况;
		{			
			for(i = 0; i < (16 - orilen % 16); i++)
				psock->payload[orilen + i] = 9;
				padlen = orilen + 16 - orilen%16;
		}
		else
			padlen = orilen;    //不需要填充的情况
	}
	
	epa_encryption(psock->payload + 16, padlen, timestamp);
	psock->length = padlen;
}

void SECdecrypt(PSock psock)
{
	Time timestamp;
	
	n2h32(psock->payload + 2, &(timestamp.secs));
	n2h32(psock->payload + 8, (uint32*)&(timestamp.nasecs));

	epa_decryption(psock->payload + 16, psock->length, timestamp);
	n2h16(psock->payload + 2, &(psock->length));//将原来长度弄出来;
}

/////////////////////////////////单独的校验过程///////////////////////////////////////

void SECoutmd(PSock psock)
{
	uint32 digestvalue;
	Time timestamp;
	
	n2h32(psock->payload + 2, &(timestamp.secs));
	n2h32(psock->payload + 8, (uint32*)&(timestamp.nasecs));	

	digestvalue = EPAmd5_digest(psock->payload + 16, psock->length, timestamp);
	h2n32(digestvalue, psock->payload + 8);
}

uint8 SECinmd(PSock psock)
{
	uint32 catdigest;    //caculate_digest;
	uint32 digestvalue;
	Time timestamp;
	
	n2h32(psock->payload + 2, &(timestamp.secs));
	n2h32(psock->payload + 8, (uint32*)&(timestamp.nasecs));
	
	catdigest = EPAmd5_digest(psock->payload + 16, psock->length, timestamp);
	n2h32(psock->payload + 8, &digestvalue);
	if(catdigest == digestvalue)
		return EPA_NO_ERR;//正确;发送出去;
	else
		return EPA_PKTVERIFY_ERR;
}