ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
(Generate patch)

Comparing gvpe/src/protocol.C (file contents):
Revision 1.16 by pcg, Tue Mar 25 18:11:58 2003 UTC vs.
Revision 1.18 by pcg, Wed Mar 26 02:15:38 2003 UTC

58 58
59static time_t next_timecheck; 59static time_t next_timecheck;
60 60
61#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic 61#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
62 62
63static const rsachallenge & 63struct crypto_ctx
64challenge_bytes ()
65{
66 static rsachallenge challenge;
67 static tstamp challenge_ttl; // time this challenge needs to be recreated
68
69 if (NOW > challenge_ttl)
70 { 64 {
71 RAND_bytes ((unsigned char *)&challenge, sizeof (challenge)); 65 EVP_CIPHER_CTX cctx;
72 challenge_ttl = NOW + CHALLENGE_TTL; 66 HMAC_CTX hctx;
73 }
74 67
75 return challenge; 68 crypto_ctx (const rsachallenge &challenge, int enc);
76} 69 ~crypto_ctx ();
70 };
77 71
78// caching of rsa operations really helps slow computers 72crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
73{
74 EVP_CIPHER_CTX_init (&cctx);
75 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
76 HMAC_CTX_init (&hctx);
77 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
78}
79
80crypto_ctx::~crypto_ctx ()
81{
82 EVP_CIPHER_CTX_cleanup (&cctx);
83 HMAC_CTX_cleanup (&hctx);
84}
85
86static void
87rsa_hash (const rsachallenge &chg, rsaresponse &h)
88{
89 EVP_MD_CTX ctx;
90
91 EVP_MD_CTX_init (&ctx);
92 EVP_DigestInit (&ctx, RSA_HASH);
93 EVP_DigestUpdate(&ctx, &chg, sizeof chg);
94 EVP_DigestFinal (&ctx, (unsigned char *)&h, 0);
95 EVP_MD_CTX_cleanup (&ctx);
96}
97
79struct rsa_entry { 98struct rsa_entry {
80 tstamp expire; 99 tstamp expire;
100 rsaid id;
81 rsachallenge chg; 101 rsachallenge chg;
82 RSA *key; // which key
83 rsaencrdata encr;
84
85 rsa_entry ()
86 {
87 expire = NOW + CHALLENGE_TTL;
88 }
89}; 102};
90 103
91struct rsa_cache : list<rsa_entry> 104struct rsa_cache : list<rsa_entry>
92{ 105{
93 void cleaner_cb (tstamp &ts); time_watcher cleaner; 106 void cleaner_cb (tstamp &ts); time_watcher cleaner;
94 107
95 const rsaencrdata *public_encrypt (RSA *key, const rsachallenge &chg) 108 bool find (const rsaid &id, rsachallenge &chg)
96 { 109 {
97 for (iterator i = begin (); i != end (); ++i) 110 for (iterator i = begin (); i != end (); ++i)
98 { 111 {
99 if (i->key == key && !memcmp (&chg, &i->chg, sizeof chg)) 112 if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW)
100 return &i->encr; 113 {
114 memcpy (&chg, &i->chg, sizeof chg);
115
116 erase (i);
117 return true;
118 }
101 } 119 }
102 120
103 if (cleaner.at < NOW) 121 if (cleaner.at < NOW)
104 cleaner.start (NOW + CHALLENGE_TTL); 122 cleaner.start (NOW + RSA_TTL);
105 123
106 resize (size () + 1); 124 return false;
107 rsa_entry *e = &(*rbegin ()); 125 }
108 126
109 e->key = key; 127 void gen (rsaid &id, rsachallenge &chg)
128 {
129 rsa_entry e;
130
131 RAND_bytes ((unsigned char *)&id, sizeof id);
132 RAND_bytes ((unsigned char *)&chg, sizeof chg);
133
134 e.expire = NOW + RSA_TTL;
135 e.id = id;
110 memcpy (&e->chg, &chg, sizeof chg); 136 memcpy (&e.chg, &chg, sizeof chg);
111 137
112 if (0 > RSA_public_encrypt (sizeof chg, 138 push_back (e);
113 (unsigned char *)&chg, (unsigned char *)&e->encr,
114 key, RSA_PKCS1_OAEP_PADDING))
115 fatal ("RSA_public_encrypt error");
116
117 return &e->encr;
118 }
119
120 const rsachallenge *private_decrypt (RSA *key, const rsaencrdata &encr)
121 {
122 for (iterator i = begin (); i != end (); ++i)
123 if (i->key == key && !memcmp (&encr, &i->encr, sizeof encr))
124 return &i->chg;
125 139
126 if (cleaner.at < NOW) 140 if (cleaner.at < NOW)
127 cleaner.start (NOW + CHALLENGE_TTL); 141 cleaner.start (NOW + RSA_TTL);
128
129 resize (size () + 1);
130 rsa_entry *e = &(*rbegin ());
131
132 e->key = key;
133 memcpy (&e->encr, &encr, sizeof encr);
134
135 if (0 > RSA_private_decrypt (sizeof encr,
136 (unsigned char *)&encr, (unsigned char *)&e->chg,
137 key, RSA_PKCS1_OAEP_PADDING))
138 {
139 pop_back ();
140 return 0;
141 }
142
143 return &e->chg;
144 } 142 }
145 143
146 rsa_cache () 144 rsa_cache ()
147 : cleaner (this, &rsa_cache::cleaner_cb) 145 : cleaner (this, &rsa_cache::cleaner_cb)
148 { } 146 { }
153{ 151{
154 if (empty ()) 152 if (empty ())
155 ts = TSTAMP_CANCEL; 153 ts = TSTAMP_CANCEL;
156 else 154 else
157 { 155 {
158 ts = NOW + 3; 156 ts = NOW + RSA_TTL;
157
159 for (iterator i = begin (); i != end (); ) 158 for (iterator i = begin (); i != end (); )
160 {
161 if (i->expire >= NOW) 159 if (i->expire <= NOW)
162 i = erase (i); 160 i = erase (i);
163 else 161 else
164 ++i; 162 ++i;
165 }
166 } 163 }
167} 164}
168 165
169// run a script. yes, it's a template function. yes, c++ 166typedef callback<const char *, int> run_script_cb;
170// is not a functional language. yes, this suxx. 167
171template<class owner> 168// run a shell script (or actually an external program).
172static void 169static void
173run_script (owner *obj, const char *(owner::*setup)(), bool wait) 170run_script (const run_script_cb &cb, bool wait)
174{ 171{
175 int pid; 172 int pid;
176 173
177 if ((pid = fork ()) == 0) 174 if ((pid = fork ()) == 0)
178 { 175 {
179 char *filename; 176 char *filename;
180 asprintf (&filename, "%s/%s", confbase, (obj->*setup) ()); 177 asprintf (&filename, "%s/%s", confbase, cb(0));
181 execl (filename, filename, (char *) 0); 178 execl (filename, filename, (char *) 0);
182 exit (255); 179 exit (255);
183 } 180 }
184 else if (pid > 0) 181 else if (pid > 0)
185 { 182 {
187 { 184 {
188 waitpid (pid, 0, 0); 185 waitpid (pid, 0, 0);
189 /* TODO: check status */ 186 /* TODO: check status */
190 } 187 }
191 } 188 }
192}
193
194// xor the socket address into the challenge to ensure different challenges
195// per host. we could rely on the OAEP padding, but this doesn't hurt.
196void
197xor_sa (rsachallenge &k, SOCKADDR *sa)
198{
199 ((u32 *) k)[(CHG_CIPHER_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
200 ((u16 *) k)[(CHG_CIPHER_KEY + 4) / 2] ^= sa->sin_port;
201 ((u32 *) k)[(CHG_HMAC_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
202 ((u16 *) k)[(CHG_HMAC_KEY + 4) / 2] ^= sa->sin_port;
203}
204
205struct crypto_ctx
206 {
207 EVP_CIPHER_CTX cctx;
208 HMAC_CTX hctx;
209
210 crypto_ctx (const rsachallenge &challenge, int enc);
211 ~crypto_ctx ();
212 };
213
214crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
215{
216 EVP_CIPHER_CTX_init (&cctx);
217 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
218 HMAC_CTX_init (&hctx);
219 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
220}
221
222crypto_ctx::~crypto_ctx ()
223{
224 EVP_CIPHER_CTX_cleanup (&cctx);
225 HMAC_CTX_cleanup (&hctx);
226} 189}
227 190
228////////////////////////////////////////////////////////////////////////////// 191//////////////////////////////////////////////////////////////////////////////
229 192
230void pkt_queue::put (tap_packet *p) 193void pkt_queue::put (tap_packet *p)
326 bool send = ri.diff / ri.pcnt > CUTOFF; 289 bool send = ri.diff / ri.pcnt > CUTOFF;
327 290
328 if (send) 291 if (send)
329 ri.pcnt++; 292 ri.pcnt++;
330 293
331 //printf ("RATE %d %f,%f = %f > %f\n", !!send, ri.pcnt, ri.diff, ri.diff / ri.pcnt, CUTOFF);
332
333 push_front (ri); 294 push_front (ri);
334 295
335 return send; 296 return send;
336 } 297 }
337} 298}
345} 306}
346 307
347static unsigned char hmac_digest[EVP_MAX_MD_SIZE]; 308static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
348 309
349struct hmac_packet:net_packet 310struct hmac_packet:net_packet
311{
312 u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
313
314 void hmac_set (crypto_ctx * ctx);
315 bool hmac_chk (crypto_ctx * ctx);
316
317private:
318 void hmac_gen (crypto_ctx * ctx)
350 { 319 {
351 u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
352
353 void hmac_set (crypto_ctx * ctx);
354 bool hmac_chk (crypto_ctx * ctx);
355
356private:
357 void hmac_gen (crypto_ctx * ctx)
358 {
359 unsigned int xlen; 320 unsigned int xlen;
360 HMAC_CTX *hctx = &ctx->hctx; 321 HMAC_CTX *hctx = &ctx->hctx;
361 322
362 HMAC_Init_ex (hctx, 0, 0, 0, 0); 323 HMAC_Init_ex (hctx, 0, 0, 0, 0);
363 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), 324 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
364 len - sizeof (hmac_packet)); 325 len - sizeof (hmac_packet));
365 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen); 326 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen);
366 }
367 }; 327 }
328};
368 329
369void 330void
370hmac_packet::hmac_set (crypto_ctx * ctx) 331hmac_packet::hmac_set (crypto_ctx * ctx)
371{ 332{
372 hmac_gen (ctx); 333 hmac_gen (ctx);
388 { 349 {
389 PT_RESET = 0, 350 PT_RESET = 0,
390 PT_DATA_UNCOMPRESSED, 351 PT_DATA_UNCOMPRESSED,
391 PT_DATA_COMPRESSED, 352 PT_DATA_COMPRESSED,
392 PT_PING, PT_PONG, // wasting namespace space? ;) 353 PT_PING, PT_PONG, // wasting namespace space? ;)
393 PT_AUTH, // authentification 354 PT_AUTH_REQ, // authentification request
355 PT_AUTH_RES, // authentification response
394 PT_CONNECT_REQ, // want other host to contact me 356 PT_CONNECT_REQ, // want other host to contact me
395 PT_CONNECT_INFO, // request connection to some node 357 PT_CONNECT_INFO, // request connection to some node
396 PT_REKEY, // rekeying (not yet implemented)
397 PT_MAX 358 PT_MAX
398 }; 359 };
399 360
400 u8 type; 361 u8 type;
401 u8 srcdst, src1, dst1; 362 u8 srcdst, src1, dst1;
549 510
550 return p; 511 return p;
551} 512}
552 513
553struct ping_packet : vpn_packet 514struct ping_packet : vpn_packet
515{
516 void setup (int dst, ptype type)
554 { 517 {
555 void setup (int dst, ptype type)
556 {
557 set_hdr (type, dst); 518 set_hdr (type, dst);
558 len = sizeof (*this) - sizeof (net_packet); 519 len = sizeof (*this) - sizeof (net_packet);
559 }
560 }; 520 }
521};
561 522
562struct config_packet : vpn_packet 523struct config_packet : vpn_packet
524{
525 // actually, hmaclen cannot be checked because the hmac
526 // field comes before this data, so peers with other
527 // hmacs simply will not work.
528 u8 prot_major, prot_minor, randsize, hmaclen;
529 u8 flags, challengelen, pad2, pad3;
530 u32 cipher_nid, digest_nid, hmac_nid;
531
532 const u8 curflags () const
563 { 533 {
564 // actually, hmaclen cannot be checked because the hmac
565 // field comes before this data, so peers with other
566 // hmacs simply will not work.
567 u8 prot_major, prot_minor, randsize, hmaclen;
568 u8 flags, challengelen, pad2, pad3;
569 u32 cipher_nid;
570 u32 digest_nid;
571
572 const u8 curflags () const
573 {
574 return 0x80 534 return 0x80
575 | (ENABLE_COMPRESSION ? 0x01 : 0x00); 535 | (ENABLE_COMPRESSION ? 0x01 : 0x00);
576 } 536 }
577 537
578 void setup (ptype type, int dst) 538 void setup (ptype type, int dst)
579 {
580 prot_major = PROTOCOL_MAJOR;
581 prot_minor = PROTOCOL_MINOR;
582 randsize = RAND_SIZE;
583 hmaclen = HMACLENGTH;
584 flags = curflags ();
585 challengelen = sizeof (rsachallenge);
586
587 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
588 digest_nid = htonl (EVP_MD_type (DIGEST));
589
590 len = sizeof (*this) - sizeof (net_packet);
591 set_hdr (type, dst);
592 }
593
594 bool chk_config ()
595 {
596 return prot_major == PROTOCOL_MAJOR
597 && randsize == RAND_SIZE
598 && hmaclen == HMACLENGTH
599 && flags == curflags ()
600 && challengelen == sizeof (rsachallenge)
601 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
602 && digest_nid == htonl (EVP_MD_type (DIGEST));
603 }
604 };
605
606struct auth_packet : config_packet
607 { 539 {
608 char magic[8]; 540 prot_major = PROTOCOL_MAJOR;
609 u8 subtype; 541 prot_minor = PROTOCOL_MINOR;
610 u8 pad1, pad2; 542 randsize = RAND_SIZE;
611 rsaencrdata challenge; 543 hmaclen = HMACLENGTH;
544 flags = curflags ();
545 challengelen = sizeof (rsachallenge);
612 546
613 auth_packet (int dst, auth_subtype stype) 547 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
614 { 548 digest_nid = htonl (EVP_MD_type (RSA_HASH));
615 config_packet::setup (PT_AUTH, dst); 549 hmac_nid = htonl (EVP_MD_type (DIGEST));
616 subtype = stype; 550
617 len = sizeof (*this) - sizeof (net_packet); 551 len = sizeof (*this) - sizeof (net_packet);
552 set_hdr (type, dst);
553 }
554
555 bool chk_config ()
556 {
557 return prot_major == PROTOCOL_MAJOR
558 && randsize == RAND_SIZE
559 && hmaclen == HMACLENGTH
560 && flags == curflags ()
561 && challengelen == sizeof (rsachallenge)
562 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
563 && digest_nid == htonl (EVP_MD_type (RSA_HASH))
564 && hmac_nid == htonl (EVP_MD_type (DIGEST));
565 }
566};
567
568struct auth_req_packet : config_packet
569{
570 char magic[8];
571 u8 initiate; // false if this is just an automatic reply
572 u8 pad1, pad2, pad3;
573 rsaid id;
574 rsaencrdata encr;
575
576 auth_req_packet (int dst, bool initiate_)
577 {
578 config_packet::setup (PT_AUTH_REQ, dst);
579 initiate = !!initiate_;
618 strncpy (magic, MAGIC, 8); 580 strncpy (magic, MAGIC, 8);
619 } 581 len = sizeof (*this) - sizeof (net_packet);
620 }; 582 }
583};
584
585struct auth_res_packet : config_packet
586{
587 rsaid id;
588 rsaresponse response;
589
590 auth_res_packet (int dst)
591 {
592 config_packet::setup (PT_AUTH_RES, dst);
593 len = sizeof (*this) - sizeof (net_packet);
594 }
595};
621 596
622struct connect_req_packet : vpn_packet 597struct connect_req_packet : vpn_packet
598{
599 u8 id;
600 u8 pad1, pad2, pad3;
601
602 connect_req_packet (int dst, int id_)
623 { 603 {
624 u8 id; 604 id = id_;
625 u8 pad1, pad2, pad3;
626
627 connect_req_packet (int dst, int id)
628 {
629 this->id = id;
630 set_hdr (PT_CONNECT_REQ, dst); 605 set_hdr (PT_CONNECT_REQ, dst);
631 len = sizeof (*this) - sizeof (net_packet); 606 len = sizeof (*this) - sizeof (net_packet);
632 }
633 }; 607 }
608};
634 609
635struct connect_info_packet : vpn_packet 610struct connect_info_packet : vpn_packet
611{
612 u8 id;
613 u8 pad1, pad2, pad3;
614 sockinfo si;
615
616 connect_info_packet (int dst, int id_, sockinfo &si_)
636 { 617 {
637 u8 id; 618 id = id_;
638 u8 pad1, pad2, pad3; 619 si = si_;
639 sockinfo si;
640
641 connect_info_packet (int dst, int id, sockinfo &si)
642 {
643 this->id = id;
644 this->si = si;
645 set_hdr (PT_CONNECT_INFO, dst); 620 set_hdr (PT_CONNECT_INFO, dst);
646 len = sizeof (*this) - sizeof (net_packet); 621 len = sizeof (*this) - sizeof (net_packet);
647 }
648 }; 622 }
623};
649 624
650///////////////////////////////////////////////////////////////////////////// 625/////////////////////////////////////////////////////////////////////////////
651 626
652void 627void
653fill_sa (SOCKADDR *sa, conf_node *conf) 628fill_sa (SOCKADDR *sa, conf_node *conf)
700 675
701 delete pkt; 676 delete pkt;
702 } 677 }
703} 678}
704 679
705static rsachallenge *
706gen_challenge (u32 seqrand, SOCKADDR *sa)
707{
708 static rsachallenge k;
709
710 memcpy (&k, &challenge_bytes (), sizeof (k));
711 *(u32 *)&k[CHG_SEQNO] ^= seqrand;
712 xor_sa (k, sa);
713
714 return &k;
715}
716
717void 680void
718connection::send_auth (auth_subtype subtype, SOCKADDR *sa, const rsachallenge *k) 681connection::send_auth_request (SOCKADDR *sa, bool initiate)
719{ 682{
720 if (subtype == AUTH_REPLY || auth_rate_limiter.can (sa)) 683 if (auth_rate_limiter.can (sa))
721 { 684 {
722 if (!k)
723 k = gen_challenge (seqrand, sa);
724
725 auth_packet *pkt = new auth_packet (conf->id, subtype); 685 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate);
726 686
727 memcpy (pkt->challenge, rsa_cache.public_encrypt (conf->rsa_key, *k), sizeof (rsaencrdata)); 687 rsachallenge chg;
728 688
689 rsa_cache.gen (pkt->id, chg);
690
691 if (0 > RSA_public_encrypt (sizeof chg,
692 (unsigned char *)&chg, (unsigned char *)&pkt->encr,
693 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
694 fatal ("RSA_public_encrypt error");
695
729 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); 696 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)sockinfo (sa));
730 697
731 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); 698 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); // rsa is very very costly
732 699
733 delete pkt; 700 delete pkt;
734 } 701 }
735} 702}
736 703
737void 704void
705connection::send_auth_response (SOCKADDR *sa, const rsaid &id, const rsachallenge &chg)
706{
707 if (auth_rate_limiter.can (sa))
708 {
709 auth_res_packet *pkt = new auth_res_packet (conf->id);
710
711 pkt->id = id;
712 rsa_hash (chg, pkt->response);
713
714 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)sockinfo (sa));
715
716 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); // rsa is very very costly
717
718 delete pkt;
719 }
720}
721
722void
738connection::establish_connection_cb (tstamp &ts) 723connection::establish_connection_cb (tstamp &ts)
739{ 724{
740 if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER) 725 if (ictx || conf == THISNODE
726 || connectmode == conf_node::C_NEVER
727 || connectmode == conf_node::C_DISABLED)
741 ts = TSTAMP_CANCEL; 728 ts = TSTAMP_CANCEL;
742 else if (ts <= NOW) 729 else if (ts <= NOW)
743 { 730 {
744 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25; 731 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
745 732
746 if (retry_int < 3600 * 8) 733 if (retry_int < 3600 * 8)
747 retry_cnt++; 734 retry_cnt++;
748 735
749 ts = NOW + retry_int; 736 ts = NOW + retry_int;
751 if (conf->hostname) 738 if (conf->hostname)
752 { 739 {
753 reset_dstaddr (); 740 reset_dstaddr ();
754 if (sa.sin_addr.s_addr) 741 if (sa.sin_addr.s_addr)
755 if (retry_cnt < 4) 742 if (retry_cnt < 4)
756 send_auth (AUTH_INIT, &sa); 743 send_auth_request (&sa, true);
757 else if (auth_rate_limiter.can (&sa)) 744 else if (auth_rate_limiter.can (&sa))
758 send_ping (&sa, 0); 745 send_ping (&sa, 0);
759 } 746 }
760 else 747 else
761 vpn->connect_request (conf->id); 748 vpn->connect_request (conf->id);
768 if (ictx && octx) 755 if (ictx && octx)
769 { 756 {
770 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename); 757 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename);
771 758
772 if (::conf.script_node_down) 759 if (::conf.script_node_down)
773 run_script (this, &connection::script_node_down, false); 760 run_script (run_script_cb (this, &connection::script_node_down), false);
774 } 761 }
775 762
776 delete ictx; ictx = 0; 763 delete ictx; ictx = 0;
777 delete octx; octx = 0; 764 delete octx; octx = 0;
778
779 RAND_bytes ((unsigned char *)&seqrand, sizeof (u32));
780 765
781 sa.sin_port = 0; 766 sa.sin_port = 0;
782 sa.sin_addr.s_addr = 0; 767 sa.sin_addr.s_addr = 0;
783 768
784 last_activity = 0; 769 last_activity = 0;
871 case vpn_packet::PT_RESET: 856 case vpn_packet::PT_RESET:
872 { 857 {
873 reset_connection (); 858 reset_connection ();
874 859
875 config_packet *p = (config_packet *) pkt; 860 config_packet *p = (config_packet *) pkt;
861
876 if (!p->chk_config ()) 862 if (!p->chk_config ())
877 { 863 {
878 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename); 864 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename);
879 connectmode = conf_node::C_DISABLED; 865 connectmode = conf_node::C_DISABLED;
880 } 866 }
881 else if (connectmode == conf_node::C_ALWAYS) 867 else if (connectmode == conf_node::C_ALWAYS)
882 establish_connection (); 868 establish_connection ();
883 } 869 }
884 break; 870 break;
885 871
886 case vpn_packet::PT_AUTH: 872 case vpn_packet::PT_AUTH_REQ:
887 { 873 {
888 auth_packet *p = (auth_packet *) pkt; 874 auth_req_packet *p = (auth_req_packet *) pkt;
889 875
890 slog (L_TRACE, "<<%d PT_AUTH(%d)", conf->id, p->subtype); 876 slog (L_TRACE, "<<%d PT_AUTH_REQ(%d)", conf->id, p->initiate);
891 877
892 if (p->chk_config ()
893 && !strncmp (p->magic, MAGIC, 8)) 878 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8))
894 { 879 {
895 if (p->prot_minor != PROTOCOL_MINOR) 880 if (p->prot_minor != PROTOCOL_MINOR)
896 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."), 881 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
897 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 882 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
898 883
899 if (p->subtype == AUTH_INIT) 884 if (p->initiate)
900 send_auth (AUTH_INITREPLY, ssa); 885 send_auth_request (ssa, false);
901 886
902 const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge); 887 rsachallenge k;
903 888
904 if (!k) 889 if (0 > RSA_private_decrypt (sizeof (p->encr),
890 (unsigned char *)&p->encr, (unsigned char *)&k,
891 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
892 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
893 conf->nodename, (const char *)sockinfo (ssa));
894 else
905 { 895 {
906 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"), 896 retry_cnt = 0;
907 conf->nodename, (const char *)sockinfo (ssa)); 897 establish_connection.set (NOW + 8); //? ;)
898 keepalive.reset ();
908 send_reset (ssa); 899 rekey.reset ();
900
901 delete ictx;
902 ictx = 0;
903
904 delete octx;
905
906 octx = new crypto_ctx (k, 1);
907 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
908
909 send_auth_response (ssa, p->id, k);
910
909 break; 911 break;
910 } 912 }
913 }
914 }
911 915
912 retry_cnt = 0; 916 send_reset (ssa);
913 establish_connection.set (NOW + 8); //? ;) 917 break;
914 keepalive.reset ();
915 rekey.reset ();
916 918
917 switch (p->subtype) 919 case vpn_packet::PT_AUTH_RES:
920 {
921 auth_res_packet *p = (auth_res_packet *) pkt;
922
923 slog (L_TRACE, "<<%d PT_AUTH_RES", conf->id);
924
925 if (p->chk_config ())
926 {
927 if (p->prot_minor != PROTOCOL_MINOR)
928 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
929 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
930
931 rsachallenge chg;
932
933 if (!rsa_cache.find (p->id, chg))
934 slog (L_ERR, _("unrequested auth response from %s (%s)"),
935 conf->nodename, (const char *)sockinfo (ssa));
936 else
918 { 937 {
919 case AUTH_INIT: 938 rsaresponse h;
920 case AUTH_INITREPLY:
921 delete ictx;
922 ictx = 0;
923 939
924 delete octx; 940 rsa_hash (chg, h);
925 941
926 octx = new crypto_ctx (*k, 1); 942 if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h))
927 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
928
929 send_auth (AUTH_REPLY, ssa, k);
930 break;
931
932 case AUTH_REPLY:
933
934 if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge)))
935 { 943 {
936 delete ictx; 944 delete ictx;
937 945
938 ictx = new crypto_ctx (*k, 0); 946 ictx = new crypto_ctx (chg, 0);
939 iseqno.reset (ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid 947 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
940 948
941 sa = *ssa; 949 sa = *ssa;
942 950
943 rekey.set (NOW + ::conf.rekey); 951 rekey.set (NOW + ::conf.rekey);
944 keepalive.set (NOW + ::conf.keepalive); 952 keepalive.set (NOW + ::conf.keepalive);
954 962
955 slog (L_INFO, _("connection to %d (%s %s) established"), 963 slog (L_INFO, _("connection to %d (%s %s) established"),
956 conf->id, conf->nodename, (const char *)sockinfo (ssa)); 964 conf->id, conf->nodename, (const char *)sockinfo (ssa));
957 965
958 if (::conf.script_node_up) 966 if (::conf.script_node_up)
959 run_script (this, &connection::script_node_up, false); 967 run_script (run_script_cb (this, &connection::script_node_up), false);
968
969 break;
960 } 970 }
961 else 971 else
962 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"), 972 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"),
963 conf->nodename, (const char *)sockinfo (ssa)); 973 conf->nodename, (const char *)sockinfo (ssa));
964
965 break;
966 default:
967 slog (L_ERR, _("authentification illegal subtype error (%s %s)"),
968 conf->nodename, (const char *)sockinfo (ssa));
969 break;
970 } 974 }
971 } 975 }
972 else
973 send_reset (ssa);
974
975 break;
976 } 976 }
977
978 send_reset (ssa);
979 break;
977 980
978 case vpn_packet::PT_DATA_COMPRESSED: 981 case vpn_packet::PT_DATA_COMPRESSED:
979#if !ENABLE_COMPRESSION 982#if !ENABLE_COMPRESSION
980 send_reset (ssa); 983 send_reset (ssa);
981 break; 984 break;
982#endif 985#endif
986
983 case vpn_packet::PT_DATA_UNCOMPRESSED: 987 case vpn_packet::PT_DATA_UNCOMPRESSED:
984 988
985 if (ictx && octx) 989 if (ictx && octx)
986 { 990 {
987 vpndata_packet *p = (vpndata_packet *)pkt; 991 vpndata_packet *p = (vpndata_packet *)pkt;
1080 connection *c = vpn->conns[p->id - 1]; 1084 connection *c = vpn->conns[p->id - 1];
1081 1085
1082 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1086 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1083 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1087 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1084 1088
1085 c->send_auth (AUTH_INIT, p->si.sa ()); 1089 c->send_auth_request (p->si.sa (), true);
1086 } 1090 }
1091
1087 break; 1092 break;
1088 1093
1089 default: 1094 default:
1090 send_reset (ssa); 1095 send_reset (ssa);
1091 break; 1096 break;
1097
1092 } 1098 }
1093} 1099}
1094 1100
1095void connection::keepalive_cb (tstamp &ts) 1101void connection::keepalive_cb (tstamp &ts)
1096{ 1102{
1123 delete p; 1129 delete p;
1124} 1130}
1125 1131
1126void connection::script_node () 1132void connection::script_node ()
1127{ 1133{
1128 vpn->script_if_up (); 1134 vpn->script_if_up (0);
1129 1135
1130 char *env; 1136 char *env;
1131 asprintf (&env, "DESTID=%d", conf->id); 1137 asprintf (&env, "DESTID=%d", conf->id);
1132 putenv (env); 1138 putenv (env);
1133 asprintf (&env, "DESTNODE=%s", conf->nodename); 1139 asprintf (&env, "DESTNODE=%s", conf->nodename);
1136 putenv (env); 1142 putenv (env);
1137 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port)); 1143 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port));
1138 putenv (env); 1144 putenv (env);
1139} 1145}
1140 1146
1141const char *connection::script_node_up () 1147const char *connection::script_node_up (int)
1142{ 1148{
1143 script_node (); 1149 script_node ();
1144 1150
1145 putenv ("STATE=up"); 1151 putenv ("STATE=up");
1146 1152
1147 return ::conf.script_node_up ? ::conf.script_node_up : "node-up"; 1153 return ::conf.script_node_up ? ::conf.script_node_up : "node-up";
1148} 1154}
1149 1155
1150const char *connection::script_node_down () 1156const char *connection::script_node_down (int)
1151{ 1157{
1152 script_node (); 1158 script_node ();
1153 1159
1154 putenv ("STATE=down"); 1160 putenv ("STATE=down");
1155 1161
1174 shutdown (); 1180 shutdown ();
1175} 1181}
1176 1182
1177///////////////////////////////////////////////////////////////////////////// 1183/////////////////////////////////////////////////////////////////////////////
1178 1184
1179const char *vpn::script_if_up () 1185const char *vpn::script_if_up (int)
1180{ 1186{
1181 // the tunnel device mtu should be the physical mtu - overhead 1187 // the tunnel device mtu should be the physical mtu - overhead
1182 // the tricky part is rounding to the cipher key blocksize 1188 // the tricky part is rounding to the cipher key blocksize
1183 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - UDP_OVERHEAD; 1189 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - MAX_OVERHEAD;
1184 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion 1190 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion
1185 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round 1191 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round
1186 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again 1192 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again
1187 1193
1188 char *env; 1194 char *env;
1242 { 1248 {
1243 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); 1249 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1244 exit (1); 1250 exit (1);
1245 } 1251 }
1246 1252
1247 run_script (this, &vpn::script_if_up, true); 1253 run_script (run_script_cb (this, &vpn::script_if_up), true);
1248 1254
1249 vpn_ev_watcher.start (tap->fd, POLLIN); 1255 vpn_ev_watcher.start (tap->fd, POLLIN);
1250 1256
1251 reconnect_all (); 1257 reconnect_all ();
1252 1258
1466 } 1472 }
1467 1473
1468 ts = TSTAMP_CANCEL; 1474 ts = TSTAMP_CANCEL;
1469} 1475}
1470 1476
1471#include <sys/time.h>//D
1472vpn::vpn (void) 1477vpn::vpn (void)
1473: udp_ev_watcher (this, &vpn::udp_ev) 1478: udp_ev_watcher (this, &vpn::udp_ev)
1474, vpn_ev_watcher (this, &vpn::vpn_ev) 1479, vpn_ev_watcher (this, &vpn::vpn_ev)
1475, event (this, &vpn::event_cb) 1480, event (this, &vpn::event_cb)
1476{ 1481{

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines