| … | |
… | |
| 445 | } |
445 | } |
| 446 | #endif |
446 | #endif |
| 447 | |
447 | |
| 448 | EVP_EncryptInit_ex (cctx, 0, 0, 0, 0); |
448 | EVP_EncryptInit_ex (cctx, 0, 0, 0, 0); |
| 449 | |
449 | |
|
|
450 | struct { |
| 450 | #if RAND_SIZE |
451 | #if RAND_SIZE |
| 451 | struct { |
|
|
| 452 | u8 rnd[RAND_SIZE]; |
452 | u8 rnd[RAND_SIZE]; |
|
|
453 | #endif |
| 453 | u32 seqno; |
454 | u32 seqno; |
| 454 | } datahdr; |
455 | } datahdr; |
| 455 | |
456 | |
| 456 | datahdr.seqno = seqno; |
457 | datahdr.seqno = ntohl (seqno); |
|
|
458 | #if RAND_SIZE |
| 457 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
459 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
|
|
460 | #endif |
| 458 | |
461 | |
| 459 | EVP_EncryptUpdate (cctx, |
462 | EVP_EncryptUpdate (cctx, |
| 460 | (unsigned char *) data + outl, &outl2, |
463 | (unsigned char *) data + outl, &outl2, |
| 461 | (unsigned char *) &datahdr, DATAHDR); |
464 | (unsigned char *) &datahdr, DATAHDR); |
| 462 | outl += outl2; |
465 | outl += outl2; |
| 463 | #else |
|
|
| 464 | EVP_EncryptUpdate (cctx, |
|
|
| 465 | (unsigned char *) data + outl, &outl2, |
|
|
| 466 | (unsigned char *) &seqno, DATAHDR); |
|
|
| 467 | outl += outl2; |
|
|
| 468 | #endif |
|
|
| 469 | |
466 | |
| 470 | EVP_EncryptUpdate (cctx, |
467 | EVP_EncryptUpdate (cctx, |
| 471 | (unsigned char *) data + outl, &outl2, |
468 | (unsigned char *) data + outl, &outl2, |
| 472 | (unsigned char *) d, l); |
469 | (unsigned char *) d, l); |
| 473 | outl += outl2; |
470 | outl += outl2; |
| … | |
… | |
| 509 | outl += outl2; |
506 | outl += outl2; |
| 510 | |
507 | |
| 511 | EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2); |
508 | EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2); |
| 512 | outl += outl2; |
509 | outl += outl2; |
| 513 | |
510 | |
| 514 | seqno = *(u32 *)(d + RAND_SIZE); |
511 | seqno = ntohl (*(u32 *)(d + RAND_SIZE)); |
| 515 | |
512 | |
| 516 | id2mac (dst () ? dst() : THISNODE->id, p->dst); |
513 | id2mac (dst () ? dst() : THISNODE->id, p->dst); |
| 517 | id2mac (src (), p->src); |
514 | id2mac (src (), p->src); |
| 518 | |
515 | |
| 519 | #if ENABLE_COMPRESSION |
516 | #if ENABLE_COMPRESSION |
| … | |
… | |
| 549 | u32 digest_nid; |
546 | u32 digest_nid; |
| 550 | |
547 | |
| 551 | const u8 curflags () const |
548 | const u8 curflags () const |
| 552 | { |
549 | { |
| 553 | return 0x80 |
550 | return 0x80 |
| 554 | | 0x02 |
|
|
| 555 | #if PROTOCOL_MAJOR != 2 |
|
|
| 556 | #error hi |
|
|
| 557 | #endif |
|
|
| 558 | | (ENABLE_COMPRESSION ? 0x01 : 0x00); |
551 | | (ENABLE_COMPRESSION ? 0x01 : 0x00); |
| 559 | } |
552 | } |
| 560 | |
553 | |
| 561 | void setup (ptype type, int dst) |
554 | void setup (ptype type, int dst) |
| 562 | { |
555 | { |
| … | |
… | |
| 731 | double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25; |
724 | double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25; |
| 732 | |
725 | |
| 733 | if (retry_int < 3600 * 8) |
726 | if (retry_int < 3600 * 8) |
| 734 | retry_cnt++; |
727 | retry_cnt++; |
| 735 | |
728 | |
| 736 | if (connectmode == conf_node::C_ONDEMAND |
|
|
| 737 | && retry_int > ::conf.keepalive) |
|
|
| 738 | retry_int = ::conf.keepalive; |
|
|
| 739 | |
|
|
| 740 | ts = NOW + retry_int; |
729 | ts = NOW + retry_int; |
| 741 | |
730 | |
| 742 | if (conf->hostname) |
731 | if (conf->hostname) |
| 743 | { |
732 | { |
| 744 | reset_dstaddr (); |
733 | reset_dstaddr (); |
| … | |
… | |
| 911 | ictx = 0; |
900 | ictx = 0; |
| 912 | |
901 | |
| 913 | delete octx; |
902 | delete octx; |
| 914 | |
903 | |
| 915 | octx = new crypto_ctx (*k, 1); |
904 | octx = new crypto_ctx (*k, 1); |
| 916 | oseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff; |
905 | oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; |
| 917 | |
906 | |
| 918 | send_auth (AUTH_REPLY, ssa, k); |
907 | send_auth (AUTH_REPLY, ssa, k); |
| 919 | break; |
908 | break; |
| 920 | |
909 | |
| 921 | case AUTH_REPLY: |
910 | case AUTH_REPLY: |
| … | |
… | |
| 923 | if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge))) |
912 | if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge))) |
| 924 | { |
913 | { |
| 925 | delete ictx; |
914 | delete ictx; |
| 926 | |
915 | |
| 927 | ictx = new crypto_ctx (*k, 0); |
916 | ictx = new crypto_ctx (*k, 0); |
| 928 | iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid |
917 | iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid |
| 929 | |
918 | |
| 930 | sa = *ssa; |
919 | sa = *ssa; |
| 931 | |
920 | |
| 932 | rekey.set (NOW + ::conf.rekey); |
921 | rekey.set (NOW + ::conf.rekey); |
| 933 | keepalive.set (NOW + ::conf.keepalive); |
922 | keepalive.set (NOW + ::conf.keepalive); |
