ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
(Generate patch)

Comparing gvpe/src/protocol.C (file contents):
Revision 1.16 by pcg, Tue Mar 25 18:11:58 2003 UTC vs.
Revision 1.17 by pcg, Wed Mar 26 01:58:46 2003 UTC

58 58
59static time_t next_timecheck; 59static time_t next_timecheck;
60 60
61#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic 61#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
62 62
63static const rsachallenge & 63struct crypto_ctx
64challenge_bytes ()
65{
66 static rsachallenge challenge;
67 static tstamp challenge_ttl; // time this challenge needs to be recreated
68
69 if (NOW > challenge_ttl)
70 { 64 {
71 RAND_bytes ((unsigned char *)&challenge, sizeof (challenge)); 65 EVP_CIPHER_CTX cctx;
72 challenge_ttl = NOW + CHALLENGE_TTL; 66 HMAC_CTX hctx;
73 }
74 67
75 return challenge; 68 crypto_ctx (const rsachallenge &challenge, int enc);
76} 69 ~crypto_ctx ();
70 };
77 71
78// caching of rsa operations really helps slow computers 72crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
73{
74 EVP_CIPHER_CTX_init (&cctx);
75 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
76 HMAC_CTX_init (&hctx);
77 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
78}
79
80crypto_ctx::~crypto_ctx ()
81{
82 EVP_CIPHER_CTX_cleanup (&cctx);
83 HMAC_CTX_cleanup (&hctx);
84}
85
86static void
87rsa_hash (const rsachallenge &chg, rsaresponse &h)
88{
89 EVP_MD_CTX ctx;
90
91 EVP_MD_CTX_init (&ctx);
92 EVP_DigestInit (&ctx, RSA_HASH);
93 EVP_DigestUpdate(&ctx, &chg, sizeof chg);
94 EVP_DigestFinal (&ctx, (unsigned char *)&h, 0);
95 EVP_MD_CTX_cleanup (&ctx);
96}
97
79struct rsa_entry { 98struct rsa_entry {
80 tstamp expire; 99 tstamp expire;
100 rsaid id;
81 rsachallenge chg; 101 rsachallenge chg;
82 RSA *key; // which key
83 rsaencrdata encr;
84
85 rsa_entry ()
86 {
87 expire = NOW + CHALLENGE_TTL;
88 }
89}; 102};
90 103
91struct rsa_cache : list<rsa_entry> 104struct rsa_cache : list<rsa_entry>
92{ 105{
93 void cleaner_cb (tstamp &ts); time_watcher cleaner; 106 void cleaner_cb (tstamp &ts); time_watcher cleaner;
94 107
95 const rsaencrdata *public_encrypt (RSA *key, const rsachallenge &chg) 108 bool find (const rsaid &id, rsachallenge &chg)
96 { 109 {
97 for (iterator i = begin (); i != end (); ++i) 110 for (iterator i = begin (); i != end (); ++i)
98 { 111 {
99 if (i->key == key && !memcmp (&chg, &i->chg, sizeof chg)) 112 if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW)
100 return &i->encr; 113 {
114 memcpy (&chg, &i->chg, sizeof chg);
115
116 erase (i);
117 return true;
118 }
101 } 119 }
102 120
103 if (cleaner.at < NOW) 121 if (cleaner.at < NOW)
104 cleaner.start (NOW + CHALLENGE_TTL); 122 cleaner.start (NOW + RSA_TTL);
105 123
106 resize (size () + 1); 124 return false;
107 rsa_entry *e = &(*rbegin ()); 125 }
108 126
109 e->key = key; 127 void gen (rsaid &id, rsachallenge &chg)
128 {
129 rsa_entry e;
130
131 RAND_bytes ((unsigned char *)&id, sizeof id);
132 RAND_bytes ((unsigned char *)&chg, sizeof chg);
133
134 e.expire = NOW + RSA_TTL;
135 e.id = id;
110 memcpy (&e->chg, &chg, sizeof chg); 136 memcpy (&e.chg, &chg, sizeof chg);
111 137
112 if (0 > RSA_public_encrypt (sizeof chg, 138 push_back (e);
113 (unsigned char *)&chg, (unsigned char *)&e->encr,
114 key, RSA_PKCS1_OAEP_PADDING))
115 fatal ("RSA_public_encrypt error");
116
117 return &e->encr;
118 }
119
120 const rsachallenge *private_decrypt (RSA *key, const rsaencrdata &encr)
121 {
122 for (iterator i = begin (); i != end (); ++i)
123 if (i->key == key && !memcmp (&encr, &i->encr, sizeof encr))
124 return &i->chg;
125 139
126 if (cleaner.at < NOW) 140 if (cleaner.at < NOW)
127 cleaner.start (NOW + CHALLENGE_TTL); 141 cleaner.start (NOW + RSA_TTL);
128
129 resize (size () + 1);
130 rsa_entry *e = &(*rbegin ());
131
132 e->key = key;
133 memcpy (&e->encr, &encr, sizeof encr);
134
135 if (0 > RSA_private_decrypt (sizeof encr,
136 (unsigned char *)&encr, (unsigned char *)&e->chg,
137 key, RSA_PKCS1_OAEP_PADDING))
138 {
139 pop_back ();
140 return 0;
141 }
142
143 return &e->chg;
144 } 142 }
145 143
146 rsa_cache () 144 rsa_cache ()
147 : cleaner (this, &rsa_cache::cleaner_cb) 145 : cleaner (this, &rsa_cache::cleaner_cb)
148 { } 146 { }
153{ 151{
154 if (empty ()) 152 if (empty ())
155 ts = TSTAMP_CANCEL; 153 ts = TSTAMP_CANCEL;
156 else 154 else
157 { 155 {
158 ts = NOW + 3; 156 ts = NOW + RSA_TTL;
157
159 for (iterator i = begin (); i != end (); ) 158 for (iterator i = begin (); i != end (); )
160 {
161 if (i->expire >= NOW) 159 if (i->expire <= NOW)
162 i = erase (i); 160 i = erase (i);
163 else 161 else
164 ++i; 162 ++i;
165 }
166 } 163 }
167} 164}
168 165
169// run a script. yes, it's a template function. yes, c++ 166typedef callback<const char *, int> run_script_cb;
170// is not a functional language. yes, this suxx. 167
171template<class owner> 168// run a shell script (or actually an external program).
172static void 169static void
173run_script (owner *obj, const char *(owner::*setup)(), bool wait) 170run_script (const run_script_cb &cb, bool wait)
174{ 171{
175 int pid; 172 int pid;
176 173
177 if ((pid = fork ()) == 0) 174 if ((pid = fork ()) == 0)
178 { 175 {
179 char *filename; 176 char *filename;
180 asprintf (&filename, "%s/%s", confbase, (obj->*setup) ()); 177 asprintf (&filename, "%s/%s", confbase, cb(0));
181 execl (filename, filename, (char *) 0); 178 execl (filename, filename, (char *) 0);
182 exit (255); 179 exit (255);
183 } 180 }
184 else if (pid > 0) 181 else if (pid > 0)
185 { 182 {
187 { 184 {
188 waitpid (pid, 0, 0); 185 waitpid (pid, 0, 0);
189 /* TODO: check status */ 186 /* TODO: check status */
190 } 187 }
191 } 188 }
192}
193
194// xor the socket address into the challenge to ensure different challenges
195// per host. we could rely on the OAEP padding, but this doesn't hurt.
196void
197xor_sa (rsachallenge &k, SOCKADDR *sa)
198{
199 ((u32 *) k)[(CHG_CIPHER_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
200 ((u16 *) k)[(CHG_CIPHER_KEY + 4) / 2] ^= sa->sin_port;
201 ((u32 *) k)[(CHG_HMAC_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
202 ((u16 *) k)[(CHG_HMAC_KEY + 4) / 2] ^= sa->sin_port;
203}
204
205struct crypto_ctx
206 {
207 EVP_CIPHER_CTX cctx;
208 HMAC_CTX hctx;
209
210 crypto_ctx (const rsachallenge &challenge, int enc);
211 ~crypto_ctx ();
212 };
213
214crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
215{
216 EVP_CIPHER_CTX_init (&cctx);
217 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
218 HMAC_CTX_init (&hctx);
219 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
220}
221
222crypto_ctx::~crypto_ctx ()
223{
224 EVP_CIPHER_CTX_cleanup (&cctx);
225 HMAC_CTX_cleanup (&hctx);
226} 189}
227 190
228////////////////////////////////////////////////////////////////////////////// 191//////////////////////////////////////////////////////////////////////////////
229 192
230void pkt_queue::put (tap_packet *p) 193void pkt_queue::put (tap_packet *p)
388 { 351 {
389 PT_RESET = 0, 352 PT_RESET = 0,
390 PT_DATA_UNCOMPRESSED, 353 PT_DATA_UNCOMPRESSED,
391 PT_DATA_COMPRESSED, 354 PT_DATA_COMPRESSED,
392 PT_PING, PT_PONG, // wasting namespace space? ;) 355 PT_PING, PT_PONG, // wasting namespace space? ;)
393 PT_AUTH, // authentification 356 PT_AUTH_REQ, // authentification request
357 PT_AUTH_RES, // authentification response
394 PT_CONNECT_REQ, // want other host to contact me 358 PT_CONNECT_REQ, // want other host to contact me
395 PT_CONNECT_INFO, // request connection to some node 359 PT_CONNECT_INFO, // request connection to some node
396 PT_REKEY, // rekeying (not yet implemented)
397 PT_MAX 360 PT_MAX
398 }; 361 };
399 362
400 u8 type; 363 u8 type;
401 u8 srcdst, src1, dst1; 364 u8 srcdst, src1, dst1;
549 512
550 return p; 513 return p;
551} 514}
552 515
553struct ping_packet : vpn_packet 516struct ping_packet : vpn_packet
517{
518 void setup (int dst, ptype type)
554 { 519 {
555 void setup (int dst, ptype type)
556 {
557 set_hdr (type, dst); 520 set_hdr (type, dst);
558 len = sizeof (*this) - sizeof (net_packet); 521 len = sizeof (*this) - sizeof (net_packet);
559 }
560 }; 522 }
523};
561 524
562struct config_packet : vpn_packet 525struct config_packet : vpn_packet
526{
527 // actually, hmaclen cannot be checked because the hmac
528 // field comes before this data, so peers with other
529 // hmacs simply will not work.
530 u8 prot_major, prot_minor, randsize, hmaclen;
531 u8 flags, challengelen, pad2, pad3;
532 u32 cipher_nid, digest_nid, hmac_nid;
533
534 const u8 curflags () const
563 { 535 {
564 // actually, hmaclen cannot be checked because the hmac
565 // field comes before this data, so peers with other
566 // hmacs simply will not work.
567 u8 prot_major, prot_minor, randsize, hmaclen;
568 u8 flags, challengelen, pad2, pad3;
569 u32 cipher_nid;
570 u32 digest_nid;
571
572 const u8 curflags () const
573 {
574 return 0x80 536 return 0x80
575 | (ENABLE_COMPRESSION ? 0x01 : 0x00); 537 | (ENABLE_COMPRESSION ? 0x01 : 0x00);
576 } 538 }
577 539
578 void setup (ptype type, int dst) 540 void setup (ptype type, int dst)
579 {
580 prot_major = PROTOCOL_MAJOR;
581 prot_minor = PROTOCOL_MINOR;
582 randsize = RAND_SIZE;
583 hmaclen = HMACLENGTH;
584 flags = curflags ();
585 challengelen = sizeof (rsachallenge);
586
587 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
588 digest_nid = htonl (EVP_MD_type (DIGEST));
589
590 len = sizeof (*this) - sizeof (net_packet);
591 set_hdr (type, dst);
592 }
593
594 bool chk_config ()
595 {
596 return prot_major == PROTOCOL_MAJOR
597 && randsize == RAND_SIZE
598 && hmaclen == HMACLENGTH
599 && flags == curflags ()
600 && challengelen == sizeof (rsachallenge)
601 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
602 && digest_nid == htonl (EVP_MD_type (DIGEST));
603 }
604 };
605
606struct auth_packet : config_packet
607 { 541 {
608 char magic[8]; 542 prot_major = PROTOCOL_MAJOR;
609 u8 subtype; 543 prot_minor = PROTOCOL_MINOR;
610 u8 pad1, pad2; 544 randsize = RAND_SIZE;
611 rsaencrdata challenge; 545 hmaclen = HMACLENGTH;
546 flags = curflags ();
547 challengelen = sizeof (rsachallenge);
612 548
613 auth_packet (int dst, auth_subtype stype) 549 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
614 { 550 digest_nid = htonl (EVP_MD_type (RSA_HASH));
615 config_packet::setup (PT_AUTH, dst); 551 hmac_nid = htonl (EVP_MD_type (DIGEST));
616 subtype = stype; 552
617 len = sizeof (*this) - sizeof (net_packet); 553 len = sizeof (*this) - sizeof (net_packet);
554 set_hdr (type, dst);
555 }
556
557 bool chk_config ()
558 {
559 return prot_major == PROTOCOL_MAJOR
560 && randsize == RAND_SIZE
561 && hmaclen == HMACLENGTH
562 && flags == curflags ()
563 && challengelen == sizeof (rsachallenge)
564 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
565 && digest_nid == htonl (EVP_MD_type (RSA_HASH))
566 && hmac_nid == htonl (EVP_MD_type (DIGEST));
567 }
568};
569
570struct auth_req_packet : config_packet
571{
572 char magic[8];
573 u8 initiate; // false if this is just an automatic reply
574 u8 pad1, pad2, pad3;
575 rsaid id;
576 rsaencrdata encr;
577
578 auth_req_packet (int dst, bool initiate_)
579 {
580 config_packet::setup (PT_AUTH_REQ, dst);
581 initiate = !!initiate_;
618 strncpy (magic, MAGIC, 8); 582 strncpy (magic, MAGIC, 8);
619 } 583 len = sizeof (*this) - sizeof (net_packet);
620 }; 584 }
585};
586
587struct auth_res_packet : config_packet
588{
589 rsaid id;
590 rsaresponse response;
591
592 auth_res_packet (int dst)
593 {
594 config_packet::setup (PT_AUTH_RES, dst);
595 len = sizeof (*this) - sizeof (net_packet);
596 }
597};
621 598
622struct connect_req_packet : vpn_packet 599struct connect_req_packet : vpn_packet
600{
601 u8 id;
602 u8 pad1, pad2, pad3;
603
604 connect_req_packet (int dst, int id_)
623 { 605 {
624 u8 id; 606 id = id_;
625 u8 pad1, pad2, pad3;
626
627 connect_req_packet (int dst, int id)
628 {
629 this->id = id;
630 set_hdr (PT_CONNECT_REQ, dst); 607 set_hdr (PT_CONNECT_REQ, dst);
631 len = sizeof (*this) - sizeof (net_packet); 608 len = sizeof (*this) - sizeof (net_packet);
632 }
633 }; 609 }
610};
634 611
635struct connect_info_packet : vpn_packet 612struct connect_info_packet : vpn_packet
613{
614 u8 id;
615 u8 pad1, pad2, pad3;
616 sockinfo si;
617
618 connect_info_packet (int dst, int id_, sockinfo &si_)
636 { 619 {
637 u8 id; 620 id = id_;
638 u8 pad1, pad2, pad3; 621 si = si_;
639 sockinfo si;
640
641 connect_info_packet (int dst, int id, sockinfo &si)
642 {
643 this->id = id;
644 this->si = si;
645 set_hdr (PT_CONNECT_INFO, dst); 622 set_hdr (PT_CONNECT_INFO, dst);
646 len = sizeof (*this) - sizeof (net_packet); 623 len = sizeof (*this) - sizeof (net_packet);
647 }
648 }; 624 }
625};
649 626
650///////////////////////////////////////////////////////////////////////////// 627/////////////////////////////////////////////////////////////////////////////
651 628
652void 629void
653fill_sa (SOCKADDR *sa, conf_node *conf) 630fill_sa (SOCKADDR *sa, conf_node *conf)
700 677
701 delete pkt; 678 delete pkt;
702 } 679 }
703} 680}
704 681
705static rsachallenge *
706gen_challenge (u32 seqrand, SOCKADDR *sa)
707{
708 static rsachallenge k;
709
710 memcpy (&k, &challenge_bytes (), sizeof (k));
711 *(u32 *)&k[CHG_SEQNO] ^= seqrand;
712 xor_sa (k, sa);
713
714 return &k;
715}
716
717void 682void
718connection::send_auth (auth_subtype subtype, SOCKADDR *sa, const rsachallenge *k) 683connection::send_auth_request (SOCKADDR *sa, bool initiate)
719{ 684{
720 if (subtype == AUTH_REPLY || auth_rate_limiter.can (sa)) 685 if (auth_rate_limiter.can (sa))
721 { 686 {
722 if (!k)
723 k = gen_challenge (seqrand, sa);
724
725 auth_packet *pkt = new auth_packet (conf->id, subtype); 687 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate);
726 688
727 memcpy (pkt->challenge, rsa_cache.public_encrypt (conf->rsa_key, *k), sizeof (rsaencrdata)); 689 rsachallenge chg;
728 690
691 rsa_cache.gen (pkt->id, chg);
692
693 if (0 > RSA_public_encrypt (sizeof chg,
694 (unsigned char *)&chg, (unsigned char *)&pkt->encr,
695 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
696 fatal ("RSA_public_encrypt error");
697
729 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); 698 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)sockinfo (sa));
730 699
731 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); 700 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); // rsa is very very costly
701
702 delete pkt;
703 }
704}
705
706void
707connection::send_auth_response (SOCKADDR *sa, const rsaid &id, const rsachallenge &chg)
708{
709 if (auth_rate_limiter.can (sa))
710 {
711 auth_res_packet *pkt = new auth_res_packet (conf->id);
712
713 pkt->id = id;
714 rsa_hash (chg, pkt->response);
715
716 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)sockinfo (sa));
717
718 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); // rsa is very very costly
732 719
733 delete pkt; 720 delete pkt;
734 } 721 }
735} 722}
736 723
739{ 726{
740 if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER) 727 if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER)
741 ts = TSTAMP_CANCEL; 728 ts = TSTAMP_CANCEL;
742 else if (ts <= NOW) 729 else if (ts <= NOW)
743 { 730 {
744 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25; 731 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
745 732
746 if (retry_int < 3600 * 8) 733 if (retry_int < 3600 * 8)
747 retry_cnt++; 734 retry_cnt++;
748 735
749 ts = NOW + retry_int; 736 ts = NOW + retry_int;
751 if (conf->hostname) 738 if (conf->hostname)
752 { 739 {
753 reset_dstaddr (); 740 reset_dstaddr ();
754 if (sa.sin_addr.s_addr) 741 if (sa.sin_addr.s_addr)
755 if (retry_cnt < 4) 742 if (retry_cnt < 4)
756 send_auth (AUTH_INIT, &sa); 743 send_auth_request (&sa, true);
757 else if (auth_rate_limiter.can (&sa)) 744 else if (auth_rate_limiter.can (&sa))
758 send_ping (&sa, 0); 745 send_ping (&sa, 0);
759 } 746 }
760 else 747 else
761 vpn->connect_request (conf->id); 748 vpn->connect_request (conf->id);
768 if (ictx && octx) 755 if (ictx && octx)
769 { 756 {
770 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename); 757 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename);
771 758
772 if (::conf.script_node_down) 759 if (::conf.script_node_down)
773 run_script (this, &connection::script_node_down, false); 760 run_script (run_script_cb (this, &connection::script_node_down), false);
774 } 761 }
775 762
776 delete ictx; ictx = 0; 763 delete ictx; ictx = 0;
777 delete octx; octx = 0; 764 delete octx; octx = 0;
778
779 RAND_bytes ((unsigned char *)&seqrand, sizeof (u32));
780 765
781 sa.sin_port = 0; 766 sa.sin_port = 0;
782 sa.sin_addr.s_addr = 0; 767 sa.sin_addr.s_addr = 0;
783 768
784 last_activity = 0; 769 last_activity = 0;
871 case vpn_packet::PT_RESET: 856 case vpn_packet::PT_RESET:
872 { 857 {
873 reset_connection (); 858 reset_connection ();
874 859
875 config_packet *p = (config_packet *) pkt; 860 config_packet *p = (config_packet *) pkt;
861
876 if (!p->chk_config ()) 862 if (!p->chk_config ())
877 { 863 {
878 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename); 864 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename);
879 connectmode = conf_node::C_DISABLED; 865 connectmode = conf_node::C_DISABLED;
880 } 866 }
881 else if (connectmode == conf_node::C_ALWAYS) 867 else if (connectmode == conf_node::C_ALWAYS)
882 establish_connection (); 868 establish_connection ();
883 } 869 }
884 break; 870 break;
885 871
886 case vpn_packet::PT_AUTH: 872 case vpn_packet::PT_AUTH_REQ:
887 { 873 {
888 auth_packet *p = (auth_packet *) pkt; 874 auth_req_packet *p = (auth_req_packet *) pkt;
889 875
890 slog (L_TRACE, "<<%d PT_AUTH(%d)", conf->id, p->subtype); 876 slog (L_TRACE, "<<%d PT_AUTH_REQ(%d)", conf->id, p->initiate);
891 877
892 if (p->chk_config ()
893 && !strncmp (p->magic, MAGIC, 8)) 878 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8))
894 { 879 {
895 if (p->prot_minor != PROTOCOL_MINOR) 880 if (p->prot_minor != PROTOCOL_MINOR)
896 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."), 881 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
897 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 882 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
898 883
899 if (p->subtype == AUTH_INIT) 884 if (p->initiate)
900 send_auth (AUTH_INITREPLY, ssa); 885 send_auth_request (ssa, false);
901 886
902 const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge); 887 rsachallenge k;
903 888
904 if (!k) 889 if (0 > RSA_private_decrypt (sizeof (p->encr),
890 (unsigned char *)&p->encr, (unsigned char *)&k,
891 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
892 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
893 conf->nodename, (const char *)sockinfo (ssa));
894 else
905 { 895 {
906 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"), 896 retry_cnt = 0;
907 conf->nodename, (const char *)sockinfo (ssa)); 897 establish_connection.set (NOW + 8); //? ;)
898 keepalive.reset ();
908 send_reset (ssa); 899 rekey.reset ();
900
901 delete ictx;
902 ictx = 0;
903
904 delete octx;
905
906 octx = new crypto_ctx (k, 1);
907 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
908
909 send_auth_response (ssa, p->id, k);
910
909 break; 911 break;
910 } 912 }
913 }
911 914
912 retry_cnt = 0;
913 establish_connection.set (NOW + 8); //? ;)
914 keepalive.reset ();
915 rekey.reset ();
916 915
917 switch (p->subtype) 916 }
917
918 send_reset (ssa);
919 break;
920
921 case vpn_packet::PT_AUTH_RES:
922 {
923 auth_res_packet *p = (auth_res_packet *) pkt;
924
925 slog (L_TRACE, "<<%d PT_AUTH_RES", conf->id);
926
927 if (p->chk_config ())
928 {
929 if (p->prot_minor != PROTOCOL_MINOR)
930 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
931 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
932
933 rsachallenge chg;
934
935 if (!rsa_cache.find (p->id, chg))
936 slog (L_ERR, _("unrequested auth response from %s (%s)"),
937 conf->nodename, (const char *)sockinfo (ssa));
938 else
918 { 939 {
919 case AUTH_INIT: 940 rsaresponse h;
920 case AUTH_INITREPLY:
921 delete ictx;
922 ictx = 0;
923 941
924 delete octx; 942 rsa_hash (chg, h);
925 943
926 octx = new crypto_ctx (*k, 1); 944 if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h))
927 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
928
929 send_auth (AUTH_REPLY, ssa, k);
930 break;
931
932 case AUTH_REPLY:
933
934 if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge)))
935 { 945 {
936 delete ictx; 946 delete ictx;
937 947
938 ictx = new crypto_ctx (*k, 0); 948 ictx = new crypto_ctx (chg, 0);
939 iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 949 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
940 950
941 sa = *ssa; 951 sa = *ssa;
942 952
943 rekey.set (NOW + ::conf.rekey); 953 rekey.set (NOW + ::conf.rekey);
944 keepalive.set (NOW + ::conf.keepalive); 954 keepalive.set (NOW + ::conf.keepalive);
954 964
955 slog (L_INFO, _("connection to %d (%s %s) established"), 965 slog (L_INFO, _("connection to %d (%s %s) established"),
956 conf->id, conf->nodename, (const char *)sockinfo (ssa)); 966 conf->id, conf->nodename, (const char *)sockinfo (ssa));
957 967
958 if (::conf.script_node_up) 968 if (::conf.script_node_up)
959 run_script (this, &connection::script_node_up, false); 969 run_script (run_script_cb (this, &connection::script_node_up), false);
970
971 break;
960 } 972 }
961 else 973 else
962 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"), 974 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"),
963 conf->nodename, (const char *)sockinfo (ssa)); 975 conf->nodename, (const char *)sockinfo (ssa));
964
965 break;
966 default:
967 slog (L_ERR, _("authentification illegal subtype error (%s %s)"),
968 conf->nodename, (const char *)sockinfo (ssa));
969 break;
970 } 976 }
971 } 977 }
972 else
973 send_reset (ssa);
974
975 break;
976 } 978 }
979
980 send_reset (ssa);
981 break;
977 982
978 case vpn_packet::PT_DATA_COMPRESSED: 983 case vpn_packet::PT_DATA_COMPRESSED:
979#if !ENABLE_COMPRESSION 984#if !ENABLE_COMPRESSION
980 send_reset (ssa); 985 send_reset (ssa);
981 break; 986 break;
982#endif 987#endif
988
983 case vpn_packet::PT_DATA_UNCOMPRESSED: 989 case vpn_packet::PT_DATA_UNCOMPRESSED:
984 990
985 if (ictx && octx) 991 if (ictx && octx)
986 { 992 {
987 vpndata_packet *p = (vpndata_packet *)pkt; 993 vpndata_packet *p = (vpndata_packet *)pkt;
1080 connection *c = vpn->conns[p->id - 1]; 1086 connection *c = vpn->conns[p->id - 1];
1081 1087
1082 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1088 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1083 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1089 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1084 1090
1085 c->send_auth (AUTH_INIT, p->si.sa ()); 1091 c->send_auth_request (p->si.sa (), true);
1086 } 1092 }
1093
1087 break; 1094 break;
1088 1095
1089 default: 1096 default:
1090 send_reset (ssa); 1097 send_reset (ssa);
1091 break; 1098 break;
1099
1092 } 1100 }
1093} 1101}
1094 1102
1095void connection::keepalive_cb (tstamp &ts) 1103void connection::keepalive_cb (tstamp &ts)
1096{ 1104{
1123 delete p; 1131 delete p;
1124} 1132}
1125 1133
1126void connection::script_node () 1134void connection::script_node ()
1127{ 1135{
1128 vpn->script_if_up (); 1136 vpn->script_if_up (0);
1129 1137
1130 char *env; 1138 char *env;
1131 asprintf (&env, "DESTID=%d", conf->id); 1139 asprintf (&env, "DESTID=%d", conf->id);
1132 putenv (env); 1140 putenv (env);
1133 asprintf (&env, "DESTNODE=%s", conf->nodename); 1141 asprintf (&env, "DESTNODE=%s", conf->nodename);
1136 putenv (env); 1144 putenv (env);
1137 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port)); 1145 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port));
1138 putenv (env); 1146 putenv (env);
1139} 1147}
1140 1148
1141const char *connection::script_node_up () 1149const char *connection::script_node_up (int)
1142{ 1150{
1143 script_node (); 1151 script_node ();
1144 1152
1145 putenv ("STATE=up"); 1153 putenv ("STATE=up");
1146 1154
1147 return ::conf.script_node_up ? ::conf.script_node_up : "node-up"; 1155 return ::conf.script_node_up ? ::conf.script_node_up : "node-up";
1148} 1156}
1149 1157
1150const char *connection::script_node_down () 1158const char *connection::script_node_down (int)
1151{ 1159{
1152 script_node (); 1160 script_node ();
1153 1161
1154 putenv ("STATE=down"); 1162 putenv ("STATE=down");
1155 1163
1174 shutdown (); 1182 shutdown ();
1175} 1183}
1176 1184
1177///////////////////////////////////////////////////////////////////////////// 1185/////////////////////////////////////////////////////////////////////////////
1178 1186
1179const char *vpn::script_if_up () 1187const char *vpn::script_if_up (int)
1180{ 1188{
1181 // the tunnel device mtu should be the physical mtu - overhead 1189 // the tunnel device mtu should be the physical mtu - overhead
1182 // the tricky part is rounding to the cipher key blocksize 1190 // the tricky part is rounding to the cipher key blocksize
1183 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - UDP_OVERHEAD; 1191 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - MAX_OVERHEAD;
1184 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion 1192 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion
1185 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round 1193 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round
1186 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again 1194 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again
1187 1195
1188 char *env; 1196 char *env;
1242 { 1250 {
1243 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); 1251 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1244 exit (1); 1252 exit (1);
1245 } 1253 }
1246 1254
1247 run_script (this, &vpn::script_if_up, true); 1255 run_script (run_script_cb (this, &vpn::script_if_up), true);
1248 1256
1249 vpn_ev_watcher.start (tap->fd, POLLIN); 1257 vpn_ev_watcher.start (tap->fd, POLLIN);
1250 1258
1251 reconnect_all (); 1259 reconnect_all ();
1252 1260
1466 } 1474 }
1467 1475
1468 ts = TSTAMP_CANCEL; 1476 ts = TSTAMP_CANCEL;
1469} 1477}
1470 1478
1471#include <sys/time.h>//D
1472vpn::vpn (void) 1479vpn::vpn (void)
1473: udp_ev_watcher (this, &vpn::udp_ev) 1480: udp_ev_watcher (this, &vpn::udp_ev)
1474, vpn_ev_watcher (this, &vpn::vpn_ev) 1481, vpn_ev_watcher (this, &vpn::vpn_ev)
1475, event (this, &vpn::event_cb) 1482, event (this, &vpn::event_cb)
1476{ 1483{

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines