1 | /* |
1 | /* |
2 | connection.C -- manage a single connection |
2 | connection.C -- manage a single connection |
3 | Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2008,2010,2011,2013,2016 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
… | |
… | |
39 | #include <openssl/rand.h> |
39 | #include <openssl/rand.h> |
40 | #include <openssl/evp.h> |
40 | #include <openssl/evp.h> |
41 | #include <openssl/rsa.h> |
41 | #include <openssl/rsa.h> |
42 | #include <openssl/err.h> |
42 | #include <openssl/err.h> |
43 | |
43 | |
44 | // openssl 0.9.8 compatibility |
|
|
45 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
46 | #define require101(exp) exp |
|
|
47 | #else |
|
|
48 | #define require101(exp) require (exp) |
|
|
49 | #endif |
|
|
50 | |
|
|
51 | #include "conf.h" |
44 | #include "conf.h" |
52 | #include "slog.h" |
45 | #include "slog.h" |
|
|
46 | #include "crypto.h" |
53 | #include "device.h" |
47 | #include "device.h" |
54 | #include "vpn.h" |
48 | #include "vpn.h" |
55 | #include "connection.h" |
49 | #include "connection.h" |
56 | #include "hkdf.h" |
50 | #include "hkdf.h" |
57 | |
51 | |
… | |
… | |
110 | ////////////////////////////////////////////////////////////////////////////// |
104 | ////////////////////////////////////////////////////////////////////////////// |
111 | |
105 | |
112 | struct crypto_ctx |
106 | struct crypto_ctx |
113 | { |
107 | { |
114 | EVP_CIPHER_CTX cctx; |
108 | EVP_CIPHER_CTX cctx; |
115 | HMAC_CTX hctx; |
109 | hmac hctx; |
116 | |
110 | |
117 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
111 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
118 | ~crypto_ctx (); |
112 | ~crypto_ctx (); |
119 | }; |
113 | }; |
120 | |
114 | |
… | |
… | |
132 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
126 | kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key)); |
133 | kdf.extract (s, sizeof (s)); |
127 | kdf.extract (s, sizeof (s)); |
134 | kdf.extract_done (HKDF_PRF_HASH ()); |
128 | kdf.extract_done (HKDF_PRF_HASH ()); |
135 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
129 | kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info)); |
136 | |
130 | |
137 | HMAC_CTX_init (&hctx); |
131 | hctx.init (mac_key, MAC_KEYSIZE, MAC_DIGEST ()); |
138 | require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0)); |
|
|
139 | } |
132 | } |
140 | |
133 | |
141 | { |
134 | { |
142 | u8 cipher_key[CIPHER_KEYSIZE]; |
135 | u8 cipher_key[CIPHER_KEYSIZE]; |
143 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
136 | static const unsigned char cipher_info[] = "gvpe cipher key"; |
… | |
… | |
154 | } |
147 | } |
155 | |
148 | |
156 | crypto_ctx::~crypto_ctx () |
149 | crypto_ctx::~crypto_ctx () |
157 | { |
150 | { |
158 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
151 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
159 | HMAC_CTX_cleanup (&hctx); |
|
|
160 | } |
152 | } |
161 | |
153 | |
162 | static inline void |
154 | static inline void |
163 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
155 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
164 | { |
156 | { |
… | |
… | |
369 | ///////////////////////////////////////////////////////////////////////////// |
361 | ///////////////////////////////////////////////////////////////////////////// |
370 | |
362 | |
371 | void |
363 | void |
372 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
364 | hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest) |
373 | { |
365 | { |
374 | HMAC_CTX *hctx = &ctx->hctx; |
366 | ctx->hctx.init (); |
375 | |
|
|
376 | require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0)); |
|
|
377 | require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet))); |
367 | ctx->hctx.add (((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)); |
378 | require101 (HMAC_Final (hctx, hmac_digest, 0)); |
368 | ctx->hctx.digest (hmac_digest); |
379 | } |
369 | } |
380 | |
370 | |
381 | void |
371 | void |
382 | hmac_packet::hmac_set (crypto_ctx *ctx) |
372 | hmac_packet::hmac_set (crypto_ctx *ctx) |
383 | { |
373 | { |