1 | /* |
1 | /* |
2 | connection.C -- manage a single connection |
2 | connection.C -- manage a single connection |
3 | Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011,2013,2016 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
… | |
… | |
39 | #include <openssl/rand.h> |
39 | #include <openssl/rand.h> |
40 | #include <openssl/evp.h> |
40 | #include <openssl/evp.h> |
41 | #include <openssl/rsa.h> |
41 | #include <openssl/rsa.h> |
42 | #include <openssl/err.h> |
42 | #include <openssl/err.h> |
43 | |
43 | |
44 | // openssl 0.9.8 compatibility |
|
|
45 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
46 | #define require101(exp) exp |
|
|
47 | #else |
|
|
48 | #define require101(exp) require (exp) |
|
|
49 | #endif |
|
|
50 | |
|
|
51 | #include "conf.h" |
44 | #include "conf.h" |
52 | #include "slog.h" |
45 | #include "slog.h" |
|
|
46 | #include "crypto.h" |
53 | #include "device.h" |
47 | #include "device.h" |
54 | #include "vpn.h" |
48 | #include "vpn.h" |
55 | #include "connection.h" |
49 | #include "connection.h" |
56 | #include "hkdf.h" |
50 | #include "hkdf.h" |
57 | |
51 | |
… | |
… | |
109 | |
103 | |
110 | ////////////////////////////////////////////////////////////////////////////// |
104 | ////////////////////////////////////////////////////////////////////////////// |
111 | |
105 | |
112 | struct crypto_ctx |
106 | struct crypto_ctx |
113 | { |
107 | { |
114 | EVP_CIPHER_CTX cctx; |
108 | cipher cctx; |
115 | HMAC_CTX hctx; |
109 | hmac hctx; |
116 | |
110 | |
117 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
111 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
118 | ~crypto_ctx (); |
112 | ~crypto_ctx (); |
119 | }; |
113 | }; |
120 | |
114 | |
… | |
… | |
132 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
126 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
133 | kdf.extract (s, sizeof (s)); |
127 | kdf.extract (s, sizeof (s)); |
134 | kdf.extract_done (HKDF_PRF_HASH ()); |
128 | kdf.extract_done (HKDF_PRF_HASH ()); |
135 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
129 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
136 | |
130 | |
137 | HMAC_CTX_init (&hctx); |
131 | hctx.init (mac_key, MAC_KEYSIZE, MAC_DIGEST ()); |
138 | require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
|
|
139 | } |
132 | } |
140 | |
133 | |
141 | { |
134 | { |
142 | u8 cipher_key[CIPHER_KEYSIZE]; |
135 | u8 cipher_key[CIPHER_KEYSIZE]; |
143 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
136 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
… | |
… | |
146 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
139 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
147 | kdf.extract (s, sizeof (s)); |
140 | kdf.extract (s, sizeof (s)); |
148 | kdf.extract_done (HKDF_PRF_HASH ()); |
141 | kdf.extract_done (HKDF_PRF_HASH ()); |
149 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
142 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
150 | |
143 | |
151 | EVP_CIPHER_CTX_init (&cctx); |
144 | EVP_CIPHER_CTX_init (cctx); |
152 | require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc)); |
145 | require (EVP_CipherInit_ex (cctx, CIPHER (), 0, cipher_key, 0, enc)); |
153 | } |
146 | } |
154 | } |
147 | } |
155 | |
148 | |
156 | crypto_ctx::~crypto_ctx () |
149 | crypto_ctx::~crypto_ctx () |
157 | { |
150 | { |
158 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
151 | require (EVP_CIPHER_CTX_cleanup (cctx)); |
159 | HMAC_CTX_cleanup (&hctx); |
|
|
160 | } |
152 | } |
161 | |
153 | |
162 | static inline void |
154 | static inline void |
163 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
155 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
164 | { |
156 | { |
… | |
… | |
369 | ///////////////////////////////////////////////////////////////////////////// |
361 | ///////////////////////////////////////////////////////////////////////////// |
370 | |
362 | |
371 | void |
363 | void |
372 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
364 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
373 | { |
365 | { |
374 | HMAC_CTX *hctx = &ctx->hctx; |
366 | ctx->hctx.init (); |
375 | |
|
|
376 | require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0)); |
|
|
377 | require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet))); |
367 | ctx->hctx.add (((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)); |
378 | require101 (HMAC_Final (hctx, hmac_digest, 0)); |
368 | ctx->hctx.digest (hmac_digest); |
379 | } |
369 | } |
380 | |
370 | |
381 | void |
371 | void |
382 | hmac_packet::hmac_set (crypto_ctx *ctx) |
372 | hmac_packet::hmac_set (crypto_ctx *ctx) |
383 | { |
373 | { |
… | |
… | |
447 | } |
437 | } |
448 | |
438 | |
449 | void |
439 | void |
450 | vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) |
440 | vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) |
451 | { |
441 | { |
452 | EVP_CIPHER_CTX *cctx = &conn->octx->cctx; |
442 | EVP_CIPHER_CTX *cctx = conn->octx->cctx; |
453 | int outl = 0, outl2; |
443 | int outl = 0, outl2; |
454 | ptype type = PT_DATA_UNCOMPRESSED; |
444 | ptype type = PT_DATA_UNCOMPRESSED; |
455 | |
445 | |
456 | #if ENABLE_COMPRESSION |
446 | #if ENABLE_COMPRESSION |
457 | u8 cdata[MAX_MTU]; |
447 | u8 cdata[MAX_MTU]; |
… | |
… | |
493 | } |
483 | } |
494 | |
484 | |
495 | tap_packet * |
485 | tap_packet * |
496 | vpndata_packet::unpack (connection *conn, u32 &seqno) |
486 | vpndata_packet::unpack (connection *conn, u32 &seqno) |
497 | { |
487 | { |
498 | EVP_CIPHER_CTX *cctx = &conn->ictx->cctx; |
488 | EVP_CIPHER_CTX *cctx = conn->ictx->cctx; |
499 | int outl = 0, outl2; |
489 | int outl = 0, outl2; |
500 | tap_packet *p = new tap_packet; |
490 | tap_packet *p = new tap_packet; |
501 | u8 *d; |
491 | u8 *d; |
502 | |
492 | |
503 | seqno = ntohl (ctr); |
493 | seqno = ntohl (ctr); |