| 1 | /* |
1 | /* |
| 2 | util.h -- process management and other utility functions |
2 | util.h -- process management and other utility functions |
| 3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
| 4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
| 5 | 2003-2008 Marc Lehmann <gvpe@schmorp.de> |
5 | 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
| 6 | |
6 | |
| 7 | This file is part of GVPE. |
7 | This file is part of GVPE. |
| 8 | |
8 | |
| 9 | GVPE is free software; you can redistribute it and/or modify it |
9 | GVPE is free software; you can redistribute it and/or modify it |
| 10 | under the terms of the GNU General Public License as published by the |
10 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 42 | #include "gettext.h" |
42 | #include "gettext.h" |
| 43 | |
43 | |
| 44 | #include "slog.h" |
44 | #include "slog.h" |
| 45 | #include "ev_cpp.h" |
45 | #include "ev_cpp.h" |
| 46 | #include "callback.h" |
46 | #include "callback.h" |
|
|
47 | #include "global.h" |
| 47 | |
48 | |
| 48 | typedef ev_tstamp tstamp; |
49 | typedef ev_tstamp tstamp; |
| 49 | |
50 | |
| 50 | /* |
51 | /* |
| 51 | * check for an existing gvpe for this net, and write pid to pidfile |
52 | * check for an existing gvpe for this net, and write pid to pidfile |
| … | |
… | |
| 84 | { |
85 | { |
| 85 | memset (v, -1, sizeof v); |
86 | memset (v, -1, sizeof v); |
| 86 | seq = seqno; |
87 | seq = seqno; |
| 87 | } |
88 | } |
| 88 | |
89 | |
| 89 | bool recv_ok (u32 seqno) |
90 | // 0 == ok, 1 == far history, 2 == duplicate in-window, 3 == far future |
|
|
91 | int seqno_classify (u32 seqno) |
| 90 | { |
92 | { |
| 91 | if (seqno <= seq - WINDOWSIZE) |
93 | if (seqno <= seq - WINDOWSIZE) |
| 92 | slog (L_ERR, _("received duplicate or outdated packet (received %08lx, expected %08lx)\n" |
94 | return 1; |
| 93 | "possible replay attack, or just massive packet reordering"), seqno, seq + 1); |
|
|
| 94 | else if (seqno > seq + WINDOWSIZE * 4) |
95 | else if (seqno > seq + WINDOWSIZE * 16) |
| 95 | slog (L_ERR, _("received duplicate or out-of-sync packet (received %08lx, expected %08lx)\n" |
96 | return 3; |
| 96 | "possible replay attack, or just massive packet loss"), seqno, seq + 1); |
|
|
| 97 | else |
97 | else |
| 98 | { |
98 | { |
| 99 | while (seqno > seq) |
99 | while (seqno > seq) |
| 100 | { |
100 | { |
| 101 | seq++; |
101 | seq++; |
| … | |
… | |
| 110 | u32 s = seqno % WINDOWSIZE; |
110 | u32 s = seqno % WINDOWSIZE; |
| 111 | u32 *cell = v + (s >> 5); |
111 | u32 *cell = v + (s >> 5); |
| 112 | u32 mask = 1 << (s & 31); |
112 | u32 mask = 1 << (s & 31); |
| 113 | |
113 | |
| 114 | if (*cell & mask) |
114 | if (*cell & mask) |
| 115 | slog (L_ERR, _("received duplicate packet (received %08lx, expected %08lx)\n" |
115 | return 2; |
| 116 | "possible replay attack, or just packet duplication"), seqno, seq + 1); |
|
|
| 117 | else |
116 | else |
| 118 | { |
117 | { |
| 119 | *cell |= mask; |
118 | *cell |= mask; |
| 120 | return true; |
119 | return 0; |
| 121 | } |
120 | } |
| 122 | } |
121 | } |
| 123 | |
|
|
| 124 | return false; |
|
|
| 125 | } |
122 | } |
| 126 | }; |
123 | }; |
| 127 | |
124 | |
| 128 | typedef callback<const char * ()> run_script_cb; |
125 | typedef callback<const char *()> run_script_cb; |
| 129 | |
126 | |
| 130 | // run a shell script (or actually an external program). |
127 | // run a shell script (or actually an external program). |
| 131 | pid_t run_script (const run_script_cb &cb, bool wait); |
128 | pid_t run_script (const run_script_cb &cb, bool wait); |
| 132 | |
129 | |
| 133 | #if ENABLE_HTTP_PROXY |
130 | #if ENABLE_HTTP_PROXY |
| 134 | u8 *base64_encode (const u8 *data, unsigned int len); |
131 | u8 *base64_encode (const u8 *data, unsigned int len); |
| 135 | #endif |
132 | #endif |
| 136 | |
133 | |
| 137 | /*****************************************************************************/ |
134 | /*****************************************************************************/ |
| 138 | |
135 | |
| 139 | typedef u8 rsaclear[RSA_KEYLEN - RSA_OVERHEAD]; // challenge data; |
136 | // run work_cb in another thread, call done_cb in main thread when finished |
| 140 | typedef u8 rsacrypt[RSA_KEYLEN]; // encrypted challenge |
137 | // only one work_cb will execute at any one time. |
| 141 | |
138 | void async (callback<void ()> work_cb, callback<void ()> done_cb); |
| 142 | static inline void |
|
|
| 143 | rsa_encrypt (RSA *key, const rsaclear &chg, rsacrypt &encr) |
|
|
| 144 | { |
|
|
| 145 | if (RSA_public_encrypt (sizeof chg, |
|
|
| 146 | (unsigned char *)&chg, (unsigned char *)&encr, |
|
|
| 147 | key, RSA_PKCS1_OAEP_PADDING) < 0) |
|
|
| 148 | fatal ("RSA_public_encrypt error"); |
|
|
| 149 | } |
|
|
| 150 | |
|
|
| 151 | static inline bool |
|
|
| 152 | rsa_decrypt (RSA *key, const rsacrypt &encr, rsaclear &chg) |
|
|
| 153 | { |
|
|
| 154 | return RSA_private_decrypt (sizeof encr, |
|
|
| 155 | (unsigned char *)&encr, (unsigned char *)&chg, |
|
|
| 156 | key, RSA_PKCS1_OAEP_PADDING) > 0; |
|
|
| 157 | } |
|
|
| 158 | |
139 | |
| 159 | #endif |
140 | #endif |
| 160 | |
141 | |
