| … | |
… | |
| 451 | struct { |
451 | struct { |
| 452 | u8 rnd[RAND_SIZE]; |
452 | u8 rnd[RAND_SIZE]; |
| 453 | u32 seqno; |
453 | u32 seqno; |
| 454 | } datahdr; |
454 | } datahdr; |
| 455 | |
455 | |
| 456 | datahdr.seqno = seqno; |
456 | datahdr.seqno = ntohl (seqno); |
| 457 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
457 | RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); |
| 458 | |
458 | |
| 459 | EVP_EncryptUpdate (cctx, |
459 | EVP_EncryptUpdate (cctx, |
| 460 | (unsigned char *) data + outl, &outl2, |
460 | (unsigned char *) data + outl, &outl2, |
| 461 | (unsigned char *) &datahdr, DATAHDR); |
461 | (unsigned char *) &datahdr, DATAHDR); |
| … | |
… | |
| 509 | outl += outl2; |
509 | outl += outl2; |
| 510 | |
510 | |
| 511 | EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2); |
511 | EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2); |
| 512 | outl += outl2; |
512 | outl += outl2; |
| 513 | |
513 | |
| 514 | seqno = *(u32 *)(d + RAND_SIZE); |
514 | seqno = ntohl (*(u32 *)(d + RAND_SIZE)); |
| 515 | |
515 | |
| 516 | id2mac (dst () ? dst() : THISNODE->id, p->dst); |
516 | id2mac (dst () ? dst() : THISNODE->id, p->dst); |
| 517 | id2mac (src (), p->src); |
517 | id2mac (src (), p->src); |
| 518 | |
518 | |
| 519 | #if ENABLE_COMPRESSION |
519 | #if ENABLE_COMPRESSION |
| … | |
… | |
| 891 | |
891 | |
| 892 | const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge); |
892 | const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge); |
| 893 | |
893 | |
| 894 | if (!k) |
894 | if (!k) |
| 895 | { |
895 | { |
| 896 | slog (L_ERR, _("challenge from %s (%s) illegal or corrupted, disabling node"), |
896 | slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"), |
| 897 | conf->nodename, (const char *)sockinfo (ssa)); |
897 | conf->nodename, (const char *)sockinfo (ssa)); |
| 898 | connectmode = conf_node::C_DISABLED; |
|
|
| 899 | break; |
898 | break; |
| 900 | } |
899 | } |
| 901 | |
900 | |
| 902 | retry_cnt = 0; |
901 | retry_cnt = 0; |
| 903 | establish_connection.set (NOW + 8); //? ;) |
902 | establish_connection.set (NOW + 8); //? ;) |
| … | |
… | |
| 912 | ictx = 0; |
911 | ictx = 0; |
| 913 | |
912 | |
| 914 | delete octx; |
913 | delete octx; |
| 915 | |
914 | |
| 916 | octx = new crypto_ctx (*k, 1); |
915 | octx = new crypto_ctx (*k, 1); |
| 917 | oseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff; |
916 | oseqno = ntohl (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); |
| 918 | |
917 | |
| 919 | send_auth (AUTH_REPLY, ssa, k); |
918 | send_auth (AUTH_REPLY, ssa, k); |
| 920 | break; |
919 | break; |
| 921 | |
920 | |
| 922 | case AUTH_REPLY: |
921 | case AUTH_REPLY: |
| … | |
… | |
| 924 | if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge))) |
923 | if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge))) |
| 925 | { |
924 | { |
| 926 | delete ictx; |
925 | delete ictx; |
| 927 | |
926 | |
| 928 | ictx = new crypto_ctx (*k, 0); |
927 | ictx = new crypto_ctx (*k, 0); |
| 929 | iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid |
928 | iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff)); // at least 2**31 sequence numbers are valid |
| 930 | |
929 | |
| 931 | sa = *ssa; |
930 | sa = *ssa; |
| 932 | |
931 | |
| 933 | rekey.set (NOW + ::conf.rekey); |
932 | rekey.set (NOW + ::conf.rekey); |
| 934 | keepalive.set (NOW + ::conf.keepalive); |
933 | keepalive.set (NOW + ::conf.keepalive); |
