… | |
… | |
103 | |
103 | |
104 | ////////////////////////////////////////////////////////////////////////////// |
104 | ////////////////////////////////////////////////////////////////////////////// |
105 | |
105 | |
106 | struct crypto_ctx |
106 | struct crypto_ctx |
107 | { |
107 | { |
108 | EVP_CIPHER_CTX cctx; |
108 | cipher cctx; |
109 | hmac hctx; |
109 | hmac hctx; |
110 | |
110 | |
111 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
111 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
112 | ~crypto_ctx (); |
112 | ~crypto_ctx (); |
113 | }; |
113 | }; |
… | |
… | |
139 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
139 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
140 | kdf.extract (s, sizeof (s)); |
140 | kdf.extract (s, sizeof (s)); |
141 | kdf.extract_done (HKDF_PRF_HASH ()); |
141 | kdf.extract_done (HKDF_PRF_HASH ()); |
142 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
142 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
143 | |
143 | |
144 | EVP_CIPHER_CTX_init (&cctx); |
144 | EVP_CIPHER_CTX_init (cctx); |
145 | require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc)); |
145 | require (EVP_CipherInit_ex (cctx, CIPHER (), 0, cipher_key, 0, enc)); |
146 | } |
146 | } |
147 | } |
147 | } |
148 | |
148 | |
149 | crypto_ctx::~crypto_ctx () |
149 | crypto_ctx::~crypto_ctx () |
150 | { |
150 | { |
151 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
151 | require (EVP_CIPHER_CTX_cleanup (cctx)); |
152 | } |
152 | } |
153 | |
153 | |
154 | static inline void |
154 | static inline void |
155 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
155 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
156 | { |
156 | { |
… | |
… | |
437 | } |
437 | } |
438 | |
438 | |
439 | void |
439 | void |
440 | vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) |
440 | vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) |
441 | { |
441 | { |
442 | EVP_CIPHER_CTX *cctx = &conn->octx->cctx; |
442 | EVP_CIPHER_CTX *cctx = conn->octx->cctx; |
443 | int outl = 0, outl2; |
443 | int outl = 0, outl2; |
444 | ptype type = PT_DATA_UNCOMPRESSED; |
444 | ptype type = PT_DATA_UNCOMPRESSED; |
445 | |
445 | |
446 | #if ENABLE_COMPRESSION |
446 | #if ENABLE_COMPRESSION |
447 | u8 cdata[MAX_MTU]; |
447 | u8 cdata[MAX_MTU]; |
… | |
… | |
483 | } |
483 | } |
484 | |
484 | |
485 | tap_packet * |
485 | tap_packet * |
486 | vpndata_packet::unpack (connection *conn, u32 &seqno) |
486 | vpndata_packet::unpack (connection *conn, u32 &seqno) |
487 | { |
487 | { |
488 | EVP_CIPHER_CTX *cctx = &conn->ictx->cctx; |
488 | EVP_CIPHER_CTX *cctx = conn->ictx->cctx; |
489 | int outl = 0, outl2; |
489 | int outl = 0, outl2; |
490 | tap_packet *p = new tap_packet; |
490 | tap_packet *p = new tap_packet; |
491 | u8 *d; |
491 | u8 *d; |
492 | |
492 | |
493 | seqno = ntohl (ctr); |
493 | seqno = ntohl (ctr); |