… | |
… | |
33 | |
33 | |
34 | #include <list> |
34 | #include <list> |
35 | #include <queue> |
35 | #include <queue> |
36 | #include <utility> |
36 | #include <utility> |
37 | |
37 | |
|
|
38 | #include <openssl/opensslv.h> |
38 | #include <openssl/rand.h> |
39 | #include <openssl/rand.h> |
39 | #include <openssl/evp.h> |
40 | #include <openssl/evp.h> |
40 | #include <openssl/rsa.h> |
41 | #include <openssl/rsa.h> |
41 | #include <openssl/err.h> |
42 | #include <openssl/err.h> |
|
|
43 | |
|
|
44 | // openssl 0.9.8 compatibility |
|
|
45 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
46 | #define require101(exp) exp |
|
|
47 | #else |
|
|
48 | #define require101(exp) equire (exp) |
|
|
49 | #endif |
42 | |
50 | |
43 | #include "conf.h" |
51 | #include "conf.h" |
44 | #include "slog.h" |
52 | #include "slog.h" |
45 | #include "device.h" |
53 | #include "device.h" |
46 | #include "vpn.h" |
54 | #include "vpn.h" |
… | |
… | |
126 | kdf.extract (s, sizeof (s)); |
134 | kdf.extract (s, sizeof (s)); |
127 | kdf.extract_done (HKDF_PRF_HASH ()); |
135 | kdf.extract_done (HKDF_PRF_HASH ()); |
128 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
136 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
129 | |
137 | |
130 | HMAC_CTX_init (&hctx); |
138 | HMAC_CTX_init (&hctx); |
131 | require (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
139 | require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
132 | } |
140 | } |
133 | |
141 | |
134 | { |
142 | { |
135 | u8 cipher_key[CIPHER_KEYSIZE]; |
143 | u8 cipher_key[CIPHER_KEYSIZE]; |
136 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
144 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
… | |
… | |
364 | void |
372 | void |
365 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
373 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
366 | { |
374 | { |
367 | HMAC_CTX *hctx = &ctx->hctx; |
375 | HMAC_CTX *hctx = &ctx->hctx; |
368 | |
376 | |
369 | require (HMAC_Init_ex (hctx, 0, 0, 0, 0)); |
377 | require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0)); |
370 | require (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet))); |
378 | require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet))); |
371 | require (HMAC_Final (hctx, hmac_digest, 0)); |
379 | require101 (HMAC_Final (hctx, hmac_digest, 0)); |
372 | } |
380 | } |
373 | |
381 | |
374 | void |
382 | void |
375 | hmac_packet::hmac_set (crypto_ctx *ctx) |
383 | hmac_packet::hmac_set (crypto_ctx *ctx) |
376 | { |
384 | { |