ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.h
(Generate patch)

Comparing gvpe/src/connection.h (file contents):
Revision 1.36 by root, Sun Mar 6 19:40:28 2011 UTC vs.
Revision 1.37 by root, Tue Jul 16 16:44:36 2013 UTC

1/* 1/*
2 connection.h -- header for connection.C 2 connection.h -- header for connection.C
3 Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> 3 Copyright (C) 2003-2008,2013 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE. 5 This file is part of GVPE.
6 6
7 GVPE is free software; you can redistribute it and/or modify it 7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the 8 under the terms of the GNU General Public License as published by the
37#include "global.h" 37#include "global.h"
38#include "conf.h" 38#include "conf.h"
39#include "sockinfo.h" 39#include "sockinfo.h"
40#include "util.h" 40#include "util.h"
41#include "device.h" 41#include "device.h"
42#include "curve25519.h"
42 43
43struct vpn; 44struct vpn;
44 45
45// called after HUP etc. to (re-)initialize global data structures 46// called after HUP etc. to (re-)initialize global data structures
46void connection_init (); 47void connection_init ();
47 48
49typedef curve25519_key ecdh_key;
50
48struct rsaid 51struct rsa_data
49{ 52{
50 u8 id[RSA_IDLEN]; // the challenge id 53 u32 seqno;
54 u8 auth_key[AUTH_SIZE];
55 u8 mac_key[MAC_KEYSIZE]; // used to generate hmac key
56 u8 cipher_key[CIPHER_KEYSIZE]; // used to generate cipher key
57 u8 hkdf_salt[HKDF_SALT]; // used as hkdf salt
58 u8 ikm[IKM_SIZE]; // used as additional keying material for both sides
59 u8 pad[
60 (RSABITS >> 3)
61 - 41 // OAEP
62 - sizeof (u32) // seqno
63 - AUTH_SIZE
64 - MAC_KEYSIZE
65 - CIPHER_KEYSIZE
66 - HKDF_SALT
67 - IKM_SIZE
68 - 3 // struct alignment...
69 ];
51}; 70};
52 71
53typedef rsaclear rsachallenge; // challenge data; 72struct auth_data
54typedef rsacrypt rsaencrdata; // encrypted challenge 73{
55typedef u8 rsaresponse[RSA_RESLEN]; // the encrypted ripemd160 hash 74 rsa_data rsa;
75 ecdh_key ecdh;
76};
77
78typedef u8 rsa_crypt[RSA_KEYLEN]; // encrypted challenge
79
80struct auth_encr
81{
82 rsa_crypt rsa;
83 ecdh_key ecdh;
84};
85
86typedef u8 auth_mac[AUTH_SIZE];
87
88struct auth_response
89{
90 auth_mac mac;
91 ecdh_key ecdh;
92};
56 93
57//////////////////////////////////////////////////////////////////////////////////////// 94////////////////////////////////////////////////////////////////////////////////////////
58 95
59struct crypto_ctx; 96struct crypto_ctx;
60 97
166 203
167 pkt_queue data_queue, vpn_queue; 204 pkt_queue data_queue, vpn_queue;
168 205
169 crypto_ctx *octx, *ictx; 206 crypto_ctx *octx, *ictx;
170 207
208 void generate_auth_data ();
209
210 ev_tstamp auth_expire; // when the snd_* and *_ecdh values expire
211
212 // send auth data - used for octx
213 auth_data snd_auth;
214 auth_mac snd_auth_mac; // expected response mac
215 ecdh_key snd_ecdh_a; // the secret ecdh key we used for our request
216 ecdh_key snd_ecdh_b; // the public ecdh key we received in the response
217 bool have_snd_auth; // received response for our req
218
219 // receive auth data - used for ictx
220 auth_data rcv_auth;
221 ecdh_key rcv_ecdh_a; // the secret ecdh key we used for our response
222 ecdh_key rcv_ecdh_b; // the public ecdh key we sent in our response
223 bool have_rcv_auth; // received auth from other side
224
171#if ENABLE_DNS 225#if ENABLE_DNS
172 struct dns_connection *dns; 226 struct dns_connection *dns;
173#endif 227#endif
174 228
175 enum conf_node::connectmode connectmode; 229 enum conf_node::connectmode connectmode;
177 231
178 void reset_si (); 232 void reset_si ();
179 const sockinfo &forward_si (const sockinfo &si) const; 233 const sockinfo &forward_si (const sockinfo &si) const;
180 234
181 void shutdown (); 235 void shutdown ();
182 void connection_established (); 236 void connection_established (const sockinfo &rsi);
183 void reset_connection (); 237 void reset_connection ();
184 238
185 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection; 239 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
186 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing) 240 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
187 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe 241 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
188 242
189 void send_connect_request (int id); 243 void send_connect_request (int id);
190 void send_auth_request (const sockinfo &si, bool initiate); 244 void send_auth_request (const sockinfo &si, bool initiate);
191 void send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg); 245 void send_auth_response (const sockinfo &si);
192 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols); 246 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
193 void send_reset (const sockinfo &dsi); 247 void send_reset (const sockinfo &dsi);
194 void send_ping (const sockinfo &dsi, u8 pong = 0); 248 void send_ping (const sockinfo &dsi, u8 pong = 0);
195 void send_data_packet (tap_packet *pkt); 249 void send_data_packet (tap_packet *pkt);
196 250

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines