ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.h
(Generate patch)

Comparing gvpe/src/connection.h (file contents):
Revision 1.32 by pcg, Thu Aug 7 17:54:26 2008 UTC vs.
Revision 1.39 by root, Fri Jul 19 18:18:27 2013 UTC

1/* 1/*
2 connection.h -- header for connection.C 2 connection.h -- header for connection.C
3 Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> 3 Copyright (C) 2003-2008,2013 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE. 5 This file is part of GVPE.
6 6
7 GVPE is free software; you can redistribute it and/or modify it 7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the 8 under the terms of the GNU General Public License as published by the
37#include "global.h" 37#include "global.h"
38#include "conf.h" 38#include "conf.h"
39#include "sockinfo.h" 39#include "sockinfo.h"
40#include "util.h" 40#include "util.h"
41#include "device.h" 41#include "device.h"
42#include "curve25519.h"
43#include "iv_gen.h"
42 44
43struct vpn; 45struct vpn;
44 46
45// called after HUP etc. to (re-)initialize global data structures 47// called after HUP etc. to (re-)initialize global data structures
46void connection_init (); 48void connection_init ();
47 49
50typedef curve25519_key ecdh_key;
51
48struct rsaid 52struct rsa_data
49{ 53{
50 u8 id[RSA_IDLEN]; // the challenge id 54 u32 seqno; // (ictx) initial sequence nr (31 bits)
55 u8 mac_key[MAC_IKMSIZE]; // (ictx) used to generate hmac key
56 u8 cipher_key[CIPHER_IKMSIZE]; // (ictx) used to generate cipher key
57 u8 hkdf_salt[HKDF_SALT]; // (octx) used as hkdf salt
58 u8 extra_auth[ // (ictx) additional auth randomness
59 (RSABITS >> 3)
60 - RSA_OAEP_SIZE
61 - sizeof (u32) // seqno
62 - MAC_IKMSIZE
63 - CIPHER_IKMSIZE
64 - HKDF_SALT
65 - 3 // struct alignment...
66 ];
51}; 67};
52 68
53typedef rsaclear rsachallenge; // challenge data; 69struct auth_data
54typedef rsacrypt rsaencrdata; // encrypted challenge 70{
55typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash 71 rsa_data rsa;
72 ecdh_key ecdh;
73};
74
75typedef u8 rsa_crypt[RSA_KEYLEN]; // encrypted challenge
76
77struct auth_encr
78{
79 rsa_crypt rsa;
80 ecdh_key ecdh;
81};
82
83typedef u8 auth_mac[AUTH_SIZE];
84
85struct auth_response
86{
87 auth_mac mac;
88 ecdh_key ecdh;
89};
56 90
57//////////////////////////////////////////////////////////////////////////////////////// 91////////////////////////////////////////////////////////////////////////////////////////
58 92
59struct crypto_ctx; 93struct crypto_ctx;
60 94
64 98
65 void hmac_set (crypto_ctx * ctx); 99 void hmac_set (crypto_ctx * ctx);
66 bool hmac_chk (crypto_ctx * ctx); 100 bool hmac_chk (crypto_ctx * ctx);
67 101
68private: 102private:
69 static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
70
71 void hmac_gen (crypto_ctx * ctx); 103 void hmac_gen (crypto_ctx * ctx, u8 *hmac_digest);
72}; 104};
73 105
74struct vpn_packet : hmac_packet 106struct vpn_packet : hmac_packet
75{ 107{
76 enum ptype 108 enum ptype
152 184
153 sockinfo si; // the current(!) destination ip to send packets to 185 sockinfo si; // the current(!) destination ip to send packets to
154 int retry_cnt; 186 int retry_cnt;
155 187
156 tstamp last_activity; // time of last packet received 188 tstamp last_activity; // time of last packet received
157 tstamp last_establish_attempt; 189 tstamp last_establish_attempt;
190 //tstamp last_si_change; // time we last changed the socket address
158 191
159 u32 oseqno; 192 u32 oseqno;
160 sliding_window iseqno; 193 sliding_window iseqno;
161 194
162 u8 protocol; 195 u8 protocol;
163 u8 features; 196 u8 features;
197 bool is_direct; // current connection (si) is direct?
164 198
165 pkt_queue data_queue, vpn_queue; 199 pkt_queue data_queue, vpn_queue;
166 200
167 crypto_ctx *octx, *ictx; 201 crypto_ctx *octx, *ictx;
202 iv_gen oiv; // generator for random byte prefix
203
204 void generate_auth_data ();
205
206 ev_tstamp auth_expire; // when the snd_* and *_ecdh values expire
207
208 // send auth data - used for octx
209 auth_data snd_auth;
210 ecdh_key snd_ecdh_a; // the secret ecdh key we used for our request
211 ecdh_key snd_ecdh_b; // the public ecdh key we received in the response
212 bool have_snd_auth; // received response for our req
213
214 // receive auth data - used for ictx
215 auth_data rcv_auth;
216 ecdh_key rcv_ecdh_a; // the secret ecdh key we used for our response
217 ecdh_key rcv_ecdh_b; // the public ecdh key we sent in our response
218 bool have_rcv_auth; // received auth from other side
168 219
169#if ENABLE_DNS 220#if ENABLE_DNS
170 struct dns_connection *dns; 221 struct dns_connection *dns;
171
172 void dnsv4_reset_connection ();
173#endif 222#endif
174 223
175 enum conf_node::connectmode connectmode; 224 enum conf_node::connectmode connectmode;
176 u8 prot_minor; // minor number of other side 225 u8 prot_minor; // minor number of other side
177 226
178 void reset_si (); 227 void reset_si ();
179 const sockinfo &forward_si (const sockinfo &si) const; 228 const sockinfo &forward_si (const sockinfo &si) const;
180 229
181 void shutdown (); 230 void shutdown ();
182 void connection_established (); 231 void connection_established (const sockinfo &rsi);
183 void reset_connection (); 232 void reset_connection ();
184 233
185 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection; 234 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
186 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing) 235 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
187 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe 236 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
188 237
189 void send_connect_request (int id); 238 void send_connect_request (int id);
190 void send_auth_request (const sockinfo &si, bool initiate); 239 void send_auth_request (const sockinfo &si, bool initiate);
191 void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg); 240 void send_auth_response (const sockinfo &si);
192 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols); 241 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
193 void send_reset (const sockinfo &dsi); 242 void send_reset (const sockinfo &dsi);
194 void send_ping (const sockinfo &dsi, u8 pong = 0); 243 void send_ping (const sockinfo &dsi, u8 pong = 0);
195 void send_data_packet (tap_packet *pkt); 244 void send_data_packet (tap_packet *pkt);
196 245
202 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0); 251 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
203 252
204 void script_init_env (const char *ext); 253 void script_init_env (const char *ext);
205 void script_init_connect_env (); 254 void script_init_connect_env ();
206 const char *script_node_up (); 255 const char *script_node_up ();
256 const char *script_node_change ();
207 const char *script_node_down (); 257 const char *script_node_down ();
208 258
209 void dump_status (); 259 void dump_status ();
210 260
211 connection (struct vpn *vpn, conf_node *conf); 261 connection (struct vpn *vpn, conf_node *conf);

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines