| … | |
… | |
| 22 | # include "lzf/lzf.h" |
22 | # include "lzf/lzf.h" |
| 23 | } |
23 | } |
| 24 | |
24 | |
| 25 | #include <list> |
25 | #include <list> |
| 26 | |
26 | |
|
|
27 | #include <openssl/rand.h> |
|
|
28 | #include <openssl/evp.h> |
|
|
29 | #include <openssl/rsa.h> |
|
|
30 | #include <openssl/err.h> |
|
|
31 | |
| 27 | #include "gettext.h" |
32 | #include "gettext.h" |
| 28 | |
33 | |
| 29 | #include "conf.h" |
34 | #include "conf.h" |
| 30 | #include "slog.h" |
35 | #include "slog.h" |
| 31 | #include "device.h" |
36 | #include "device.h" |
| 32 | #include "protocol.h" |
37 | #include "vpn.h" |
| 33 | #include "connection.h" |
38 | #include "connection.h" |
| 34 | |
39 | |
| 35 | #if !HAVE_RAND_PSEUDO_BYTES |
40 | #if !HAVE_RAND_PSEUDO_BYTES |
| 36 | # define RAND_pseudo_bytes RAND_bytes |
41 | # define RAND_pseudo_bytes RAND_bytes |
| 37 | #endif |
42 | #endif |
| … | |
… | |
| 578 | { |
583 | { |
| 579 | auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); |
584 | auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); |
| 580 | |
585 | |
| 581 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
586 | protocol = best_protocol (THISNODE->protocols & conf->protocols); |
| 582 | |
587 | |
|
|
588 | // mask out protocols we cannot establish |
|
|
589 | if (!conf->udp_port) protocol &= ~PROT_UDPv4; |
|
|
590 | if (!conf->tcp_port) protocol &= ~PROT_TCPv4; |
|
|
591 | |
|
|
592 | if (protocol) |
|
|
593 | { |
| 583 | rsachallenge chg; |
594 | rsachallenge chg; |
| 584 | |
595 | |
| 585 | rsa_cache.gen (pkt->id, chg); |
596 | rsa_cache.gen (pkt->id, chg); |
| 586 | |
597 | |
| 587 | if (0 > RSA_public_encrypt (sizeof chg, |
598 | if (0 > RSA_public_encrypt (sizeof chg, |
| 588 | (unsigned char *)&chg, (unsigned char *)&pkt->encr, |
599 | (unsigned char *)&chg, (unsigned char *)&pkt->encr, |
| 589 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
600 | conf->rsa_key, RSA_PKCS1_OAEP_PADDING)) |
| 590 | fatal ("RSA_public_encrypt error"); |
601 | fatal ("RSA_public_encrypt error"); |
| 591 | |
602 | |
| 592 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
603 | slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)si); |
| 593 | |
604 | |
| 594 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly |
605 | send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly |
| 595 | |
606 | |
| 596 | delete pkt; |
607 | delete pkt; |
|
|
608 | } |
|
|
609 | else |
|
|
610 | ; // silently fail |
| 597 | } |
611 | } |
| 598 | |
612 | |
| 599 | void |
613 | void |
| 600 | connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) |
614 | connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) |
| 601 | { |
615 | { |
