… | |
… | |
118 | |
118 | |
119 | { |
119 | { |
120 | u8 mac_key[MAC_KEYSIZE]; |
120 | u8 mac_key[MAC_KEYSIZE]; |
121 | static const unsigned char mac_info[] = "gvpe mac key"; |
121 | static const unsigned char mac_info[] = "gvpe mac key"; |
122 | |
122 | |
123 | hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt)); |
123 | hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ()); |
124 | kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm)); |
124 | kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm)); |
125 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
125 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
126 | kdf.extract (s, sizeof (s)); |
126 | kdf.extract (s, sizeof (s)); |
127 | kdf.extract_done (); |
127 | kdf.extract_done (HKDF_PRF_HASH ()); |
128 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
128 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
129 | |
129 | |
130 | HMAC_CTX_init (&hctx); |
130 | HMAC_CTX_init (&hctx); |
131 | require (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
131 | require (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
132 | } |
132 | } |
133 | |
133 | |
134 | { |
134 | { |
135 | u8 cipher_key[CIPHER_KEYSIZE]; |
135 | u8 cipher_key[CIPHER_KEYSIZE]; |
136 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
136 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
137 | |
137 | |
138 | hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt)); |
138 | hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ()); |
139 | kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm)); |
139 | kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm)); |
140 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
140 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
141 | kdf.extract (s, sizeof (s)); |
141 | kdf.extract (s, sizeof (s)); |
142 | kdf.extract_done (); |
142 | kdf.extract_done (HKDF_PRF_HASH ()); |
143 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
143 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
144 | |
144 | |
145 | EVP_CIPHER_CTX_init (&cctx); |
145 | EVP_CIPHER_CTX_init (&cctx); |
146 | require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc)); |
146 | require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc)); |
147 | } |
147 | } |
… | |
… | |
193 | connection::generate_auth_data () |
193 | connection::generate_auth_data () |
194 | { |
194 | { |
195 | if (auth_expire < ev_now ()) |
195 | if (auth_expire < ev_now ()) |
196 | { |
196 | { |
197 | // request data |
197 | // request data |
198 | RAND_pseudo_bytes ((unsigned char *)&snd_auth.rsa, sizeof snd_auth.rsa); |
198 | RAND_bytes ((unsigned char *)&snd_auth.rsa, sizeof snd_auth.rsa); |
199 | curve25519_generate (snd_ecdh_a, snd_auth.ecdh); |
199 | curve25519_generate (snd_ecdh_a, snd_auth.ecdh); |
200 | auth_hash (snd_auth, snd_auth_mac); |
200 | auth_hash (snd_auth, snd_auth_mac); |
201 | |
201 | |
202 | // eventual response data |
202 | // eventual response data |
203 | curve25519_generate (rcv_ecdh_a, rcv_ecdh_b); |
203 | curve25519_generate (rcv_ecdh_a, rcv_ecdh_b); |
… | |
… | |
458 | u32 seqno; |
458 | u32 seqno; |
459 | } datahdr; |
459 | } datahdr; |
460 | |
460 | |
461 | datahdr.seqno = ntohl (seqno); |
461 | datahdr.seqno = ntohl (seqno); |
462 | #if RAND_SIZE |
462 | #if RAND_SIZE |
463 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
463 | RAND_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
464 | #endif |
464 | #endif |
465 | |
465 | |
466 | require (EVP_EncryptUpdate (cctx, |
466 | require (EVP_EncryptUpdate (cctx, |
467 | (unsigned char *) data + outl, &outl2, |
467 | (unsigned char *) data + outl, &outl2, |
468 | (unsigned char *) &datahdr, DATAHDR)); |
468 | (unsigned char *) &datahdr, DATAHDR)); |