… | |
… | |
22 | # include "lzf/lzf.h" |
22 | # include "lzf/lzf.h" |
23 | } |
23 | } |
24 | |
24 | |
25 | #include <list> |
25 | #include <list> |
26 | |
26 | |
|
|
27 | #include <openssl/rand.h> |
|
|
28 | #include <openssl/evp.h> |
|
|
29 | #include <openssl/rsa.h> |
|
|
30 | #include <openssl/err.h> |
|
|
31 | |
27 | #include "gettext.h" |
32 | #include "gettext.h" |
28 | |
33 | |
29 | #include "conf.h" |
34 | #include "conf.h" |
30 | #include "slog.h" |
35 | #include "slog.h" |
31 | #include "device.h" |
36 | #include "device.h" |
32 | #include "protocol.h" |
37 | #include "vpn.h" |
33 | #include "connection.h" |
38 | #include "connection.h" |
34 | |
39 | |
35 | #if !HAVE_RAND_PSEUDO_BYTES |
40 | #if !HAVE_RAND_PSEUDO_BYTES |
36 | # define RAND_pseudo_bytes RAND_bytes |
41 | # define RAND_pseudo_bytes RAND_bytes |
37 | #endif |
42 | #endif |
… | |
… | |
578 | { |
583 | { |
579 | auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); |
584 | auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); |
580 | |
585 | |
581 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
586 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
582 | |
587 | |
|
|
588 | // mask out protocols we cannot establish |
|
|
589 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
|
|
590 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
|
|
591 | |
|
|
592 | if (protocol) |
|
|
593 | { |
583 | rsachallenge chg; |
594 | rsachallenge chg; |
584 | |
595 | |
585 | rsa_cache.gen (pkt->id, chg); |
596 | rsa_cache.gen (pkt->id, chg); |
586 | |
597 | |
587 | if (0 > RSA_public_encrypt (sizeof chg, |
598 | if (0 > RSA_public_encrypt (sizeof chg, |
588 | (unsigned char *)&chg, (unsigned char *)&pkt->encr, |
599 | (unsigned char *)&chg, (unsigned char *)&pkt->encr, |
589 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
600 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
590 | fatal ("RSA_public_encrypt error"); |
601 | fatal ("RSA_public_encrypt error"); |
591 | |
602 | |
592 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
603 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
593 | |
604 | |
594 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly |
605 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly |
595 | |
606 | |
596 | delete pkt; |
607 | delete pkt; |
|
|
608 | } |
|
|
609 | else |
|
|
610 | ; // silently fail |
597 | } |
611 | } |
598 | |
612 | |
599 | void |
613 | void |
600 | connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) |
614 | connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) |
601 | { |
615 | { |