| 1 | /* |
1 | /* |
| 2 | global.h -- global variables and constants |
2 | global.h -- global variables and constants |
| 3 | Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 34 | |
34 | |
| 35 | #include "config.h" |
35 | #include "config.h" |
| 36 | |
36 | |
| 37 | #include <time.h> |
37 | #include <time.h> |
| 38 | |
38 | |
|
|
39 | #define HASH_BITS(hash) hashbits_ ## hash |
|
|
40 | #define HASH_SIZE(hash) (HASH_BITS (hash) >> 3) |
|
|
41 | #define hashbits_EVP_ripemd160 160 |
|
|
42 | #define hashbits_EVP_sha1 160 |
|
|
43 | #define hashbits_EVP_sha224 224 |
|
|
44 | #define hashbits_EVP_sha256 256 |
|
|
45 | #define hashbits_EVP_sha384 384 |
|
|
46 | #define hashbits_EVP_sha512 512 |
|
|
47 | #define hashbits_EVP_whirlpool 512 |
|
|
48 | |
|
|
49 | #define KEY_BITS(cipher) keybits_ ## cipher |
|
|
50 | #define KEY_SIZE(cipher) (KEY_BITS (cipher) >> 3) |
|
|
51 | //#define keybits_EVP_bf_ctr 128 // actually 32-448 |
|
|
52 | #define keybits_EVP_aes_128_ctr 128 |
|
|
53 | #define keybits_EVP_aes_192_ctr 192 |
|
|
54 | #define keybits_EVP_aes_256_ctr 256 |
|
|
55 | |
|
|
56 | #define BLOCK_BITS(cipher) blockbits_ ## cipher |
|
|
57 | #define BLOCK_SIZE(cipher) (BLOCK_BITS (cipher) >> 3) |
|
|
58 | //#define blockbits_EVP_bf_ctr 64 |
|
|
59 | #define blockbits_EVP_aes_128_ctr 8 |
|
|
60 | #define blockbits_EVP_aes_192_ctr 8 |
|
|
61 | #define blockbits_EVP_aes_256_ctr 8 |
|
|
62 | |
|
|
63 | #define IV_BITS(cipher) ivbits_ ## cipher |
|
|
64 | #define IV_SIZE(cipher) (IV_BITS (cipher) >> 3) |
|
|
65 | //#define ivbits_EVP_bf_ctr 64 |
|
|
66 | #define ivbits_EVP_aes_128_ctr 128 |
|
|
67 | #define ivbits_EVP_aes_192_ctr 128 |
|
|
68 | #define ivbits_EVP_aes_256_ctr 128 |
|
|
69 | |
| 39 | /* Protocol version. Different major versions are incompatible, |
70 | /* Protocol version. Different major versions are incompatible, |
| 40 | * different minor versions probably are compatible ;) |
71 | * different minor versions probably are compatible ;) |
| 41 | */ |
72 | */ |
| 42 | |
73 | |
| 43 | #define PROTOCOL_MAJOR 0 |
74 | #define PROTOCOL_MAJOR 1 |
| 44 | #define PROTOCOL_MINOR 1 |
75 | #define PROTOCOL_MINOR 0 |
| 45 | |
76 | |
| 46 | #define RSA_KEYBITS 1280 // must be >= 1280 and divisible by 8 |
77 | #define SERIAL_SIZE 16 |
| 47 | #define RSA_KEYLEN ((RSA_KEYBITS) >> 3) |
|
|
| 48 | #define RSA_OVERHEAD (41 + 1) // well, no define for OAEP in openssl |
|
|
| 49 | |
78 | |
| 50 | #define RSA_HASH EVP_ripemd160 ()// speed don't matter, boy, safety does.. I need sha256 :( |
79 | #define SEED_SIZE 64 // how many octets to seed rng with |
| 51 | #define RSA_HASHLEN (160 >> 3) |
|
|
| 52 | #define RSA_RESLEN RSA_HASHLEN |
|
|
| 53 | |
80 | |
| 54 | #define RSA_IDLEN 16 // how many bytes are used to identify the challenge |
81 | #define RSA_OAEP_SIZE 41 |
| 55 | #define RSA_TTL 120 // challenge bytes timeout after n seconds |
|
|
| 56 | |
82 | |
| 57 | #define CIPHER ENABLE_CIPHER () |
83 | #define HKDF_XTR_HASH EVP_sha512 |
| 58 | #define CIPHER_KEYLEN (EVP_CIPHER_key_length (CIPHER)) |
84 | #define HKDF_PRF_HASH EVP_sha256 |
| 59 | #define DIGEST ENABLE_DIGEST () |
|
|
| 60 | #define HMAC_KEYLEN (256 >> 3) // number of bits used for the HMAC key (also change CHG_HMAC_KEY) |
|
|
| 61 | |
85 | |
|
|
86 | #define HKDF_SALT 24 // how many bytes for the hkdf salt |
|
|
87 | |
|
|
88 | #define RSA_KEYLEN (RSABITS >> 3) |
|
|
89 | |
|
|
90 | #define AUTH_DIGEST ENABLE_AUTH |
|
|
91 | #define AUTH_SIZE (HASH_SIZE (AUTH_DIGEST)) |
|
|
92 | #define AUTH_TTL 12 // challenge bytes timeout after n seconds of non-use |
|
|
93 | |
|
|
94 | #define CIPHER ENABLE_CIPHER |
|
|
95 | #define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) |
|
|
96 | #define CIPHER_IKMSIZE (CIPHER_KEYSIZE * 3 / 2) // randomness in rsa challenge |
|
|
97 | |
|
|
98 | #define MAC_DIGEST ENABLE_HMAC |
|
|
99 | #define MAC_KEYSIZE HASH_SIZE (ENABLE_HMAC) // number of bits used for the HMAC key |
|
|
100 | #define MAC_IKMSIZE (MAC_KEYSIZE * 3 / 2) // randomness in rsa challenge |
|
|
101 | |
| 62 | #define WINDOWSIZE 512 // sliding window size |
102 | #define WINDOWSIZE 65536 // sliding window size |
| 63 | #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) |
103 | #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) |
| 64 | |
104 | |
| 65 | #define CHG_SEQNO 0 // where the seqno starts within the rsa challenge |
|
|
| 66 | #define CHG_CIPHER_KEY 4 // where the key starts within the rsa challenge |
|
|
| 67 | #define CHG_HMAC_KEY 86 // where the key starts within the rsa challenge (256 bits at the end!) |
|
|
| 68 | |
|
|
| 69 | // hdr seq len hmac MAC MAC |
105 | // hdr seq len hmac MAC MAC |
| 70 | #define VPE_OVERHEAD (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6) |
106 | #define VPE_OVERHEAD (4 + 4 + 4 + HMACLENGTH - 6 - 6) |
| 71 | #define IP_OVERHEAD 20 // size of a (normal) ip header |
107 | #define IP_OVERHEAD 20 // size of a (normal) ip header |
| 72 | #define GRE_OVERHEAD (IP_OVERHEAD + 4) |
108 | #define GRE_OVERHEAD (IP_OVERHEAD + 4) |
| 73 | #define ICMP_OVERHEAD (IP_OVERHEAD + 4) |
109 | #define ICMP_OVERHEAD (IP_OVERHEAD + 4) |
| 74 | #define UDP_OVERHEAD (IP_OVERHEAD + 20) // size of a (normal) ip + udp header (wrong, but don't care) |
110 | #define UDP_OVERHEAD (IP_OVERHEAD + 20) // size of a (normal) ip + udp header (wrong, but don't care) |
| 75 | #define TCP_OVERHEAD (IP_OVERHEAD + 22) // size of a (normal) ip + tcp header + packetlength |
111 | #define TCP_OVERHEAD (IP_OVERHEAD + 22) // size of a (normal) ip + tcp header + packetlength |
| 76 | #define MAX_OVERHEAD UDP_OVERHEAD // the max. overhead of any protocol (ok, tcp doesn't count) |
112 | #define MAX_OVERHEAD UDP_OVERHEAD // the max. overhead of any protocol (ok, tcp doesn't count) |
| 77 | #define ETH_OVERHEAD 14 // the size of an ethernet header |
113 | #define ETH_OVERHEAD 14 // the size of an ethernet header |
| 78 | #define MAXSIZE (MAX_MTU + VPE_OVERHEAD) // slightly too large, but who cares |
114 | #define MAXSIZE (MAX_MTU + IP_OVERHEAD) // slightly too large, but who cares |
| 79 | |
115 | |
| 80 | #define PKTCACHESIZE 16 // the size of the memory pool for packets |
116 | #define PKTCACHESIZE 128 // the size of the memory pool for packets |
| 81 | |
117 | |
| 82 | extern char *confbase; // directory in which all config files are |
118 | extern char *confbase; // directory in which all config files are |
| 83 | extern char *thisnode; // config for current node (TODO: remove) |
119 | extern char *thisnode; // config for current node (TODO: remove) |
| 84 | |
120 | |
|
|
121 | template<typename T, typename U> static inline T min (T a, U b) { return a < (T)b ? a : (T)b; } |
|
|
122 | template<typename T, typename U> static inline void min_it (T &a, U b) { a = a < (T)b ? a : (T)b; } |
|
|
123 | template<typename T, typename U> static inline T max (T a, U b) { return a > (T)b ? a : (T)b; } |
|
|
124 | template<typename T, typename U> static inline void max_it (T &a, U b) { a = a > (T)b ? a : (T)b; } |
|
|
125 | |
|
|
126 | template<typename T, typename U, typename V> static inline T clamp (T v, U a, V b) { return v < (T)a ? a : v >(T)b ? b : v; } |
|
|
127 | |
|
|
128 | template<typename T, typename U> static inline void swap (T& a, U& b) { T t=a; a=(T)b; b=(U)t; } |
|
|
129 | |
| 85 | #endif |
130 | #endif |
| 86 | |
131 | |
