along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: connlist.h,v 1.1.2.7 2000/10/29 01:27:23 guus Exp $
+ $Id: connlist.h,v 1.1.2.8 2000/10/29 22:10:41 guus Exp $
*/
#ifndef __TINC_CONNLIST_H__
EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */
EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */
- EVP_CIPHER_CTX *cipher_pktctx; /* Context of encrypted vpn packets that will be sent to him */
EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */
- char *cipher_pktkey; /* Cipher key */
+ char *cipher_pktkey; /* Cipher key and iv */
+ int cipher_pktkeylength; /* Cipher key and iv length*/
char *buffer; /* metadata input buffer */
int buflen; /* bytes read into buffer */
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net.c,v 1.35.4.54 2000/10/29 10:39:06 guus Exp $
+ $Id: net.c,v 1.35.4.55 2000/10/29 22:10:42 guus Exp $
*/
#include "config.h"
cp
outpkt.len = inpkt->len;
- EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey);
+ /* Encrypt the packet */
+
+ EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len);
EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad);
outlen += outpad + 2;
EVP_CIPHER_CTX ctx;
cp
outpkt.len = inpkt->len;
- EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL);
- EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len);
+
+ /* Decrypt the packet */
+
+ EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len);
+ EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8);
EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad);
outlen += outpad;
memcpy(&outpkt, inpkt, outlen);
*/
+ if(debug_lvl >= DEBUG_TRAFFIC)
+ syslog(LOG_ERR, _("Writing packet of %d (%d) bytes to tap device"),
+ outpkt.len, outlen);
+
/* Fix mac address */
memcpy(outpkt.data, mymac.net.mac.address.x, 6);
/* Generate packet encryption key */
- myself->cipher_pkttype = EVP_bf_cbc();
+ myself->cipher_pkttype = EVP_bf_cfb();
+
+ myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len;
- myself->cipher_pktkey = (char *)xmalloc(64);
- RAND_bytes(myself->cipher_pktkey, 64);
+ myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength);
+ RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
if(!(cfg = get_config_val(config, keyexpire)))
keylifetime = 3600;
vpn_packet_t pkt;
int x, l = sizeof(x);
struct sockaddr from;
+ int lenin;
socklen_t fromlen = sizeof(from);
cp
if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0)
return -1;
}
- if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0)
+ if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0)
{
syslog(LOG_ERR, _("Receiving packet failed: %m"));
return -1;
}
-/*
+
if(debug_lvl >= DEBUG_TRAFFIC)
{
- syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len,
- from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]);
+ syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin);
}
-*/
+
cp
return xrecv(&pkt);
}
if(debug_lvl >= DEBUG_STATUS)
syslog(LOG_INFO, _("Regenerating symmetric key"));
- RAND_bytes(myself->cipher_pktkey, 64);
+ RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength);
send_key_changed(myself, NULL);
keyexpires = time(NULL) + keylifetime;
}
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.51 2000/10/29 10:39:08 guus Exp $
+ $Id: protocol.c,v 1.28.4.52 2000/10/29 22:10:43 guus Exp $
*/
#include "config.h"
cl->allow_request = ALL;
cl->status.active = 1;
cl->nexthop = cl;
- cl->cipher_pkttype = EVP_bf_cbc();
+ cl->cipher_pkttype = EVP_bf_cfb();
+ cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len;
if(debug_lvl >= DEBUG_CONNECTIONS)
syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname);
if(!strcmp(to_id, myself->name))
{
- bin2hex(myself->cipher_pktkey, pktkey, 64);
- pktkey[128] = 0;
+ bin2hex(myself->cipher_pktkey, pktkey, myself->cipher_pktkeylength);
+ pktkey[myself->cipher_pktkeylength*2] = '\0';
send_ans_key(myself, from, pktkey);
}
else
free(from_id); free(to_id);
return -1;
}
- send_req_key(from, to);
+
+ if(to->status.validkey) /* Proxy keys */
+ {
+ bin2hex(to->cipher_pktkey, pktkey, to->cipher_pktkeylength);
+ pktkey[to->cipher_pktkeylength*2] = '\0';
+ send_ans_key(to, from, pktkey);
+ }
+ else
+ send_req_key(from, to);
}
free(from_id); free(to_id);
keylength = strlen(pktkey);
- if((keylength%2)!=0 || (keylength <= 0))
+ if(keylength != from->cipher_pktkeylength*2)
{
- syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"),
+ syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key length"),
cl->name, cl->hostname, from->name);
free(from_id); free(to_id); free(pktkey);
return -1;
projects / oweals / tinc.git / commitdiff