ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.h
Revision: 1.39
Committed: Fri Jul 19 18:18:27 2013 UTC (10 years, 10 months ago) by root
Content type: text/plain
Branch: MAIN
Changes since 1.38: +9 -14 lines
Log Message: 
*** empty log message ***

File Contents

# Content
1 /*
2 connection.h -- header for connection.C
3 Copyright (C) 2003-2008,2013 Marc Lehmann <gvpe@schmorp.de>
4
5 This file is part of GVPE.
6
7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 3 of the License, or (at your
10 option) any later version.
11
12 This program is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
15 Public License for more details.
16
17 You should have received a copy of the GNU General Public License along
18 with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 Additional permission under GNU GPL version 3 section 7
21
22 If you modify this Program, or any covered work, by linking or
23 combining it with the OpenSSL project's OpenSSL library (or a modified
24 version of that library), containing parts covered by the terms of the
25 OpenSSL or SSLeay licenses, the licensors of this Program grant you
26 additional permission to convey the resulting work. Corresponding
27 Source for a non-source form of such a combination shall include the
28 source code for the parts of OpenSSL used as well as that of the
29 covered work.
30 */
31
32 #ifndef GVPE_CONNECTION_H__
33 #define GVPE_CONNECTION_H__
34
35 #include <openssl/hmac.h>
36
37 #include "global.h"
38 #include "conf.h"
39 #include "sockinfo.h"
40 #include "util.h"
41 #include "device.h"
42 #include "curve25519.h"
43 #include "iv_gen.h"
44
45 struct vpn;
46
47 // called after HUP etc. to (re-)initialize global data structures
48 void connection_init ();
49
50 typedef curve25519_key ecdh_key;
51
52 struct rsa_data
53 {
54 u32 seqno; // (ictx) initial sequence nr (31 bits)
55 u8 mac_key[MAC_IKMSIZE]; // (ictx) used to generate hmac key
56 u8 cipher_key[CIPHER_IKMSIZE]; // (ictx) used to generate cipher key
57 u8 hkdf_salt[HKDF_SALT]; // (octx) used as hkdf salt
58 u8 extra_auth[ // (ictx) additional auth randomness
59 (RSABITS >> 3)
60 - RSA_OAEP_SIZE
61 - sizeof (u32) // seqno
62 - MAC_IKMSIZE
63 - CIPHER_IKMSIZE
64 - HKDF_SALT
65 - 3 // struct alignment...
66 ];
67 };
68
69 struct auth_data
70 {
71 rsa_data rsa;
72 ecdh_key ecdh;
73 };
74
75 typedef u8 rsa_crypt[RSA_KEYLEN]; // encrypted challenge
76
77 struct auth_encr
78 {
79 rsa_crypt rsa;
80 ecdh_key ecdh;
81 };
82
83 typedef u8 auth_mac[AUTH_SIZE];
84
85 struct auth_response
86 {
87 auth_mac mac;
88 ecdh_key ecdh;
89 };
90
91 ////////////////////////////////////////////////////////////////////////////////////////
92
93 struct crypto_ctx;
94
95 struct hmac_packet : net_packet
96 {
97 u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
98
99 void hmac_set (crypto_ctx * ctx);
100 bool hmac_chk (crypto_ctx * ctx);
101
102 private:
103 void hmac_gen (crypto_ctx * ctx, u8 *hmac_digest);
104 };
105
106 struct vpn_packet : hmac_packet
107 {
108 enum ptype
109 {
110 PT_RESET = 0,
111 PT_DATA_UNCOMPRESSED,
112 PT_DATA_COMPRESSED,
113 PT_PING, PT_PONG, // wasting namespace space? ;)
114 PT_AUTH_REQ, // authentification request
115 PT_AUTH_RES, // authentification response
116 PT_CONNECT_REQ, // want other node to contact me
117 PT_CONNECT_INFO, // request connection to some node
118 PT_DATA_BRIDGED, // uncompressed packet with foreign mac pot. larger than path mtu (NYI)
119 PT_MAX
120 };
121
122 u8 type;
123 u8 srcdst, src1, dst1;
124
125 void set_hdr (ptype type_, unsigned int dst);
126
127 unsigned int src () const
128 {
129 return src1 | ((srcdst >> 4) << 8);
130 }
131
132 unsigned int dst () const
133 {
134 return dst1 | ((srcdst & 0xf) << 8);
135 }
136
137 ptype typ () const
138 {
139 return (ptype) type;
140 }
141 };
142
143 ////////////////////////////////////////////////////////////////////////////////////////
144
145 // a very simple fifo pkt-queue
146 class pkt_queue
147 {
148 int i, j;
149 int max_queue;
150 double max_ttl;
151
152 struct pkt {
153 ev_tstamp tstamp;
154 net_packet *pkt;
155 } *queue;
156
157 void expire_cb (ev::timer &w, int revents); ev::timer expire;
158
159 public:
160
161 void put (net_packet *p);
162 net_packet *get ();
163
164 bool empty ()
165 {
166 return i == j;
167 }
168
169 pkt_queue (double max_ttl, int max_queue);
170 ~pkt_queue ();
171 };
172
173 enum
174 {
175 FEATURE_COMPRESSION = 0x01,
176 FEATURE_ROHC = 0x02,
177 FEATURE_BRIDGING = 0x04,
178 };
179
180 struct connection
181 {
182 conf_node *conf;
183 struct vpn *vpn;
184
185 sockinfo si; // the current(!) destination ip to send packets to
186 int retry_cnt;
187
188 tstamp last_activity; // time of last packet received
189 tstamp last_establish_attempt;
190 //tstamp last_si_change; // time we last changed the socket address
191
192 u32 oseqno;
193 sliding_window iseqno;
194
195 u8 protocol;
196 u8 features;
197 bool is_direct; // current connection (si) is direct?
198
199 pkt_queue data_queue, vpn_queue;
200
201 crypto_ctx *octx, *ictx;
202 iv_gen oiv; // generator for random byte prefix
203
204 void generate_auth_data ();
205
206 ev_tstamp auth_expire; // when the snd_* and *_ecdh values expire
207
208 // send auth data - used for octx
209 auth_data snd_auth;
210 ecdh_key snd_ecdh_a; // the secret ecdh key we used for our request
211 ecdh_key snd_ecdh_b; // the public ecdh key we received in the response
212 bool have_snd_auth; // received response for our req
213
214 // receive auth data - used for ictx
215 auth_data rcv_auth;
216 ecdh_key rcv_ecdh_a; // the secret ecdh key we used for our response
217 ecdh_key rcv_ecdh_b; // the public ecdh key we sent in our response
218 bool have_rcv_auth; // received auth from other side
219
220 #if ENABLE_DNS
221 struct dns_connection *dns;
222 #endif
223
224 enum conf_node::connectmode connectmode;
225 u8 prot_minor; // minor number of other side
226
227 void reset_si ();
228 const sockinfo &forward_si (const sockinfo &si) const;
229
230 void shutdown ();
231 void connection_established (const sockinfo &rsi);
232 void reset_connection ();
233
234 void establish_connection_cb (ev::timer &w, int revents); ev::timer establish_connection;
235 void rekey_cb (ev::timer &w, int revents); ev::timer rekey; // next rekying (actually current reset + reestablishing)
236 void keepalive_cb (ev::timer &w, int revents); ev::timer keepalive; // next keepalive probe
237
238 void send_connect_request (int id);
239 void send_auth_request (const sockinfo &si, bool initiate);
240 void send_auth_response (const sockinfo &si);
241 void send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols);
242 void send_reset (const sockinfo &dsi);
243 void send_ping (const sockinfo &dsi, u8 pong = 0);
244 void send_data_packet (tap_packet *pkt);
245
246 void post_inject_queue ();
247 void inject_data_packet (tap_packet *pkt);
248 void inject_vpn_packet (vpn_packet *pkt, int tos = 0); // for forwarding
249
250 void recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi);
251 void send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos = 0);
252
253 void script_init_env (const char *ext);
254 void script_init_connect_env ();
255 const char *script_node_up ();
256 const char *script_node_change ();
257 const char *script_node_down ();
258
259 void dump_status ();
260
261 connection (struct vpn *vpn, conf_node *conf);
262 ~connection ();
263 };
264
265 #endif
266