1 | /* |
1 | /* |
2 | global.h -- global variables and constants |
2 | global.h -- global variables and constants |
3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
4 | |
4 | |
5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
6 | |
6 | |
7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
… | |
… | |
34 | |
34 | |
35 | #include "config.h" |
35 | #include "config.h" |
36 | |
36 | |
37 | #include <time.h> |
37 | #include <time.h> |
38 | |
38 | |
|
|
39 | #define HASH_BITS(hash) hashbits_ ## hash |
|
|
40 | #define HASH_SIZE(hash) (HASH_BITS (hash) >> 3) |
|
|
41 | #define hashbits_EVP_ripemd160 160 |
|
|
42 | #define hashbits_EVP_sha1 160 |
|
|
43 | #define hashbits_EVP_sha224 224 |
|
|
44 | #define hashbits_EVP_sha256 256 |
|
|
45 | #define hashbits_EVP_sha384 384 |
|
|
46 | #define hashbits_EVP_sha512 512 |
|
|
47 | #define hashbits_EVP_whirlpool 512 |
|
|
48 | |
|
|
49 | #define KEY_BITS(cipher) keybits_ ## cipher |
|
|
50 | #define KEY_SIZE(cipher) (KEY_BITS (cipher) >> 3) |
|
|
51 | #define keybits_EVP_bf_cbc 128 // actually 32-448 |
|
|
52 | #define keybits_EVP_aes_128_cbc 128 |
|
|
53 | #define keybits_EVP_aes_192_cbc 192 |
|
|
54 | #define keybits_EVP_aes_256_cbc 256 |
|
|
55 | |
|
|
56 | #define BLOCK_BITS(cipher) blockbits_ ## cipher |
|
|
57 | #define BLOCK_SIZE(cipher) (BLOCK_BITS (cipher) >> 3) |
|
|
58 | #define blockbits_EVP_bf_cbc 64 |
|
|
59 | #define blockbits_EVP_aes_128_cbc 128 |
|
|
60 | #define blockbits_EVP_aes_192_cbc 128 |
|
|
61 | #define blockbits_EVP_aes_256_cbc 128 |
|
|
62 | |
39 | /* Protocol version. Different major versions are incompatible, |
63 | /* Protocol version. Different major versions are incompatible, |
40 | * different minor versions probably are compatible ;) |
64 | * different minor versions probably are compatible ;) |
41 | */ |
65 | */ |
42 | |
66 | |
43 | #define PROTOCOL_MAJOR 0 |
67 | #define PROTOCOL_MAJOR 1 |
44 | #define PROTOCOL_MINOR 1 |
68 | #define PROTOCOL_MINOR 0 |
45 | |
69 | |
46 | #define RSA_KEYBITS 1280 // must be >= 1280 and divisible by 8 |
70 | #define SERIAL_SIZE 16 |
47 | #define RSA_KEYLEN ((RSA_KEYBITS) >> 3) |
|
|
48 | #define RSA_OVERHEAD (41 + 1) // well, no define for OAEP in openssl |
|
|
49 | |
71 | |
50 | #define RSA_HASH EVP_ripemd160 ()// speed don't matter, boy, safety does.. I need sha256 :( |
72 | #define SEED_SIZE 64 // how many octets to seed rng with |
51 | #define RSA_HASHLEN (160 >> 3) |
|
|
52 | #define RSA_RESLEN RSA_HASHLEN |
|
|
53 | |
73 | |
54 | #define RSA_IDLEN 16 // how many bytes are used to identify the challenge |
74 | #define HKDF_XTR_HASH EVP_sha512 |
55 | #define RSA_TTL 120 // challenge bytes timeout after n seconds |
75 | #define HKDF_PRF_HASH EVP_sha256 |
56 | |
76 | |
|
|
77 | #define HKDF_SALT 32 |
|
|
78 | |
|
|
79 | #define RSA_KEYLEN (RSABITS >> 3) |
|
|
80 | |
|
|
81 | #define AUTH_DIGEST ENABLE_AUTH |
|
|
82 | #define AUTH_SIZE (HASH_SIZE (AUTH_DIGEST)) |
|
|
83 | #define AUTH_TTL 12 // challenge bytes timeout after n seconds of non-use |
|
|
84 | |
57 | #define CIPHER ENABLE_CIPHER () |
85 | #define CIPHER ENABLE_CIPHER |
58 | #define CIPHER_KEYLEN (EVP_CIPHER_key_length (CIPHER)) |
86 | #define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) |
59 | #define DIGEST ENABLE_DIGEST () |
87 | |
60 | #define HMAC_KEYLEN (256 >> 3) // number of bits used for the HMAC key (also change CHG_HMAC_KEY) |
88 | #define MAC_DIGEST ENABLE_HMAC |
|
|
89 | #define MAC_KEYSIZE HASH_SIZE (ENABLE_HMAC) // number of bits used for the HMAC key |
61 | |
90 | |
62 | #define WINDOWSIZE 512 // sliding window size |
91 | #define WINDOWSIZE 512 // sliding window size |
63 | #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) |
92 | #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) |
64 | |
|
|
65 | #define CHG_SEQNO 0 // where the seqno starts within the rsa challenge |
|
|
66 | #define CHG_CIPHER_KEY 4 // where the key starts within the rsa challenge |
|
|
67 | #define CHG_HMAC_KEY 86 // where the key starts within the rsa challenge (256 bits at the end!) |
|
|
68 | |
93 | |
69 | // hdr seq len hmac MAC MAC |
94 | // hdr seq len hmac MAC MAC |
70 | #define VPE_OVERHEAD (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6) |
95 | #define VPE_OVERHEAD (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6) |
71 | #define IP_OVERHEAD 20 // size of a (normal) ip header |
96 | #define IP_OVERHEAD 20 // size of a (normal) ip header |
72 | #define GRE_OVERHEAD (IP_OVERHEAD + 4) |
97 | #define GRE_OVERHEAD (IP_OVERHEAD + 4) |