| 1 | /* |
1 | /* |
| 2 | connection.C -- manage a single connection |
2 | connection.C -- manage a single connection |
| 3 | Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011,2013,2016 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 39 | #include <openssl/rand.h> |
39 | #include <openssl/rand.h> |
| 40 | #include <openssl/evp.h> |
40 | #include <openssl/evp.h> |
| 41 | #include <openssl/rsa.h> |
41 | #include <openssl/rsa.h> |
| 42 | #include <openssl/err.h> |
42 | #include <openssl/err.h> |
| 43 | |
43 | |
| 44 | // openssl 0.9.8 compatibility |
|
|
| 45 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
| 46 | #define require101(exp) exp |
|
|
| 47 | #else |
|
|
| 48 | #define require101(exp) require (exp) |
|
|
| 49 | #endif |
|
|
| 50 | |
|
|
| 51 | #include "conf.h" |
44 | #include "conf.h" |
| 52 | #include "slog.h" |
45 | #include "slog.h" |
|
|
46 | #include "crypto.h" |
| 53 | #include "device.h" |
47 | #include "device.h" |
| 54 | #include "vpn.h" |
48 | #include "vpn.h" |
| 55 | #include "connection.h" |
49 | #include "connection.h" |
| 56 | #include "hkdf.h" |
50 | #include "hkdf.h" |
| 57 | |
51 | |
| … | |
… | |
| 110 | ////////////////////////////////////////////////////////////////////////////// |
104 | ////////////////////////////////////////////////////////////////////////////// |
| 111 | |
105 | |
| 112 | struct crypto_ctx |
106 | struct crypto_ctx |
| 113 | { |
107 | { |
| 114 | EVP_CIPHER_CTX cctx; |
108 | EVP_CIPHER_CTX cctx; |
| 115 | HMAC_CTX hctx; |
109 | hmac hctx; |
| 116 | |
110 | |
| 117 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
111 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
| 118 | ~crypto_ctx (); |
112 | ~crypto_ctx (); |
| 119 | }; |
113 | }; |
| 120 | |
114 | |
| … | |
… | |
| 132 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
126 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
| 133 | kdf.extract (s, sizeof (s)); |
127 | kdf.extract (s, sizeof (s)); |
| 134 | kdf.extract_done (HKDF_PRF_HASH ()); |
128 | kdf.extract_done (HKDF_PRF_HASH ()); |
| 135 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
129 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
| 136 | |
130 | |
| 137 | HMAC_CTX_init (&hctx); |
131 | hctx.init (mac_key, MAC_KEYSIZE, MAC_DIGEST ()); |
| 138 | require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
|
|
| 139 | } |
132 | } |
| 140 | |
133 | |
| 141 | { |
134 | { |
| 142 | u8 cipher_key[CIPHER_KEYSIZE]; |
135 | u8 cipher_key[CIPHER_KEYSIZE]; |
| 143 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
136 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
| … | |
… | |
| 154 | } |
147 | } |
| 155 | |
148 | |
| 156 | crypto_ctx::~crypto_ctx () |
149 | crypto_ctx::~crypto_ctx () |
| 157 | { |
150 | { |
| 158 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
151 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
| 159 | HMAC_CTX_cleanup (&hctx); |
|
|
| 160 | } |
152 | } |
| 161 | |
153 | |
| 162 | static inline void |
154 | static inline void |
| 163 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
155 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
| 164 | { |
156 | { |
| … | |
… | |
| 369 | ///////////////////////////////////////////////////////////////////////////// |
361 | ///////////////////////////////////////////////////////////////////////////// |
| 370 | |
362 | |
| 371 | void |
363 | void |
| 372 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
364 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
| 373 | { |
365 | { |
| 374 | HMAC_CTX *hctx = &ctx->hctx; |
366 | ctx->hctx.init (); |
| 375 | |
|
|
| 376 | require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0)); |
|
|
| 377 | require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet))); |
367 | ctx->hctx.add (((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)); |
| 378 | require101 (HMAC_Final (hctx, hmac_digest, 0)); |
368 | ctx->hctx.digest (hmac_digest); |
| 379 | } |
369 | } |
| 380 | |
370 | |
| 381 | void |
371 | void |
| 382 | hmac_packet::hmac_set (crypto_ctx *ctx) |
372 | hmac_packet::hmac_set (crypto_ctx *ctx) |
| 383 | { |
373 | { |
