… | |
… | |
51 | |
51 | |
52 | #include "netcompat.h" |
52 | #include "netcompat.h" |
53 | |
53 | |
54 | #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic |
54 | #define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic |
55 | |
55 | |
|
|
56 | #define LZF_STATE_ARG 1 |
56 | #define ULTRA_FAST 1 |
57 | #define ULTRA_FAST 1 |
57 | #define HLOG 15 |
58 | #define HLOG 15 |
58 | #include "lzf/lzf.h" |
59 | #define INIT_HTAB 0 |
59 | #include "lzf/lzf_c.c" |
60 | #include "lzf/lzf_c.c" |
60 | #include "lzf/lzf_d.c" |
61 | #include "lzf/lzf_d.c" |
61 | |
62 | |
62 | ////////////////////////////////////////////////////////////////////////////// |
63 | ////////////////////////////////////////////////////////////////////////////// |
63 | |
64 | |
… | |
… | |
103 | |
104 | |
104 | ////////////////////////////////////////////////////////////////////////////// |
105 | ////////////////////////////////////////////////////////////////////////////// |
105 | |
106 | |
106 | struct crypto_ctx |
107 | struct crypto_ctx |
107 | { |
108 | { |
108 | EVP_CIPHER_CTX cctx; |
109 | cipher cctx; |
109 | hmac hctx; |
110 | hmac hctx; |
110 | |
111 | |
111 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
112 | crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc); |
112 | ~crypto_ctx (); |
113 | ~crypto_ctx (); |
113 | }; |
114 | }; |
… | |
… | |
139 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
140 | kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key)); |
140 | kdf.extract (s, sizeof (s)); |
141 | kdf.extract (s, sizeof (s)); |
141 | kdf.extract_done (HKDF_PRF_HASH ()); |
142 | kdf.extract_done (HKDF_PRF_HASH ()); |
142 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
143 | kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info)); |
143 | |
144 | |
144 | EVP_CIPHER_CTX_init (&cctx); |
145 | EVP_CIPHER_CTX_init (cctx); |
145 | require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc)); |
146 | require (EVP_CipherInit_ex (cctx, CIPHER (), 0, cipher_key, 0, enc)); |
146 | } |
147 | } |
147 | } |
148 | } |
148 | |
149 | |
149 | crypto_ctx::~crypto_ctx () |
150 | crypto_ctx::~crypto_ctx () |
150 | { |
151 | { |
151 | require (EVP_CIPHER_CTX_cleanup (&cctx)); |
152 | require (EVP_CIPHER_CTX_cleanup (cctx)); |
152 | } |
153 | } |
153 | |
154 | |
154 | static inline void |
155 | static inline void |
155 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
156 | auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr) |
156 | { |
157 | { |
… | |
… | |
437 | } |
438 | } |
438 | |
439 | |
439 | void |
440 | void |
440 | vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) |
441 | vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) |
441 | { |
442 | { |
442 | EVP_CIPHER_CTX *cctx = &conn->octx->cctx; |
443 | EVP_CIPHER_CTX *cctx = conn->octx->cctx; |
443 | int outl = 0, outl2; |
444 | int outl = 0, outl2; |
444 | ptype type = PT_DATA_UNCOMPRESSED; |
445 | ptype type = PT_DATA_UNCOMPRESSED; |
445 | |
446 | |
446 | #if ENABLE_COMPRESSION |
447 | #if ENABLE_COMPRESSION |
447 | u8 cdata[MAX_MTU]; |
448 | u8 cdata[MAX_MTU]; |
448 | |
449 | |
449 | if (conn->features & FEATURE_COMPRESSION) |
450 | if (conn->features & FEATURE_COMPRESSION) |
450 | { |
451 | { |
|
|
452 | static LZF_STATE lzf_state; |
451 | u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7); |
453 | u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7, lzf_state); |
452 | |
454 | |
453 | if (cl) |
455 | if (cl) |
454 | { |
456 | { |
455 | type = PT_DATA_COMPRESSED; |
457 | type = PT_DATA_COMPRESSED; |
456 | d = cdata; |
458 | d = cdata; |
… | |
… | |
483 | } |
485 | } |
484 | |
486 | |
485 | tap_packet * |
487 | tap_packet * |
486 | vpndata_packet::unpack (connection *conn, u32 &seqno) |
488 | vpndata_packet::unpack (connection *conn, u32 &seqno) |
487 | { |
489 | { |
488 | EVP_CIPHER_CTX *cctx = &conn->ictx->cctx; |
490 | EVP_CIPHER_CTX *cctx = conn->ictx->cctx; |
489 | int outl = 0, outl2; |
491 | int outl = 0, outl2; |
490 | tap_packet *p = new tap_packet; |
492 | tap_packet *p = new tap_packet; |
491 | u8 *d; |
493 | u8 *d; |
492 | |
494 | |
493 | seqno = ntohl (ctr); |
495 | seqno = ntohl (ctr); |