1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
Index: connectionParam.h
===================================================================
--- connectionParam.h (Revision 535)
+++ connectionParam.h (Arbeitskopie)
@@ -44,9 +44,10 @@
{
public:
ConnectionParam(const ConnectionParam & src);
- ConnectionParam( KeyDerivation& kd, SeqWindow& seq_window, seq_nr_t seq_nr_, std::string remote_host, u_int16_t remote_port);
+ ConnectionParam( KeyDerivation& kd_send, KeyDerivation& kd_recv, SeqWindow& seq_window, seq_nr_t seq_nr_, std::string remote_host, u_int16_t remote_port);
- KeyDerivation& kd_;
+ KeyDerivation& kd_send_;
+ KeyDerivation& kd_recv_;
SeqWindow& seq_window_;
seq_nr_t seq_nr_;
std::string remote_host_;
@@ -60,7 +61,8 @@
void serialize(Archive & ar, const unsigned int version)
{
Lock lock(mutex_);
- ar & kd_;
+ ar & kd_send_;
+ ar & kd_recv_;
ar & seq_window_;
ar & seq_nr_;
ar & remote_host_;
Index: anytun.cpp
===================================================================
--- anytun.cpp (Revision 535)
+++ anytun.cpp (Arbeitskopie)
@@ -86,10 +86,14 @@
{
SeqWindow * seq= new SeqWindow(seqSize);
seq_nr_t seq_nr_=0;
- KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf());
- kd->init(gOpt.getKey(), gOpt.getSalt());
+
+ KeyDerivation * kd_send = KeyDerivationFactory::create(gOpt.getKdPrf());
+ kd_send->init(gOpt.getKey(), gOpt.getSalt());
+ KeyDerivation * kd_recv = KeyDerivationFactory::create(gOpt.getKdPrf());
+ kd_recv->init(gOpt.getKey(), gOpt.getSalt());
+
cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port;
- ConnectionParam connparam ( (*kd), (*seq), seq_nr_, remote_host, remote_port);
+ ConnectionParam connparam ( (*kd_send), (*kd_recv), (*seq), seq_nr_, remote_host, remote_port);
cl.addConnection(connparam,mux);
NetworkAddress addr(ipv4,gOpt.getIfconfigParamRemoteNetmask().c_str());
NetworkPrefix prefix(addr,32);
@@ -162,8 +166,8 @@
if(conn.remote_host_==""||!conn.remote_port_)
continue;
// generate packet-key TODO: do this only when needed
- conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key);
- conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt);
+ conn.kd_send_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key);
+ conn.kd_send_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt);
c->setKey(session_key);
c->setSalt(session_salt);
@@ -177,7 +181,7 @@
// add authentication tag
if(a->getMaxLength()) {
encrypted_packet.addAuthTag();
- conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
+ conn.kd_send_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
a->setKey(session_auth_key);
a->generate(encrypted_packet);
}
@@ -283,7 +287,7 @@
// check whether auth tag is ok or not
if(a->getMaxLength()) {
encrypted_packet.withAuthTag(true);
- conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
+ conn.kd_recv_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
a->setKey(session_auth_key);
if(!a->checkTag(encrypted_packet)) {
cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!" << std::endl;
@@ -309,8 +313,8 @@
continue;
// generate packet-key
- conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key);
- conn.kd_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt);
+ conn.kd_recv_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key);
+ conn.kd_recv_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt);
c->setKey(session_key);
c->setSalt(session_salt);
Index: connectionList.cpp
===================================================================
--- connectionList.cpp (Revision 535)
+++ connectionList.cpp (Arbeitskopie)
@@ -103,9 +103,13 @@
SeqWindow * seq= new SeqWindow(0);
seq_nr_t seq_nr_=0;
- KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf());
- kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
- ConnectionParam conn ( (*kd), (*seq), seq_nr_, "", 0);
+ KeyDerivation * kd_send = KeyDerivationFactory::create(gOpt.getKdPrf());
+ kd_send->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
+
+ KeyDerivation * kd_recv = KeyDerivationFactory::create(gOpt.getKdPrf());
+ kd_recv->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
+
+ ConnectionParam conn ( (*kd_send), (*kd_recv), (*seq), seq_nr_, "", 0);
connections_.insert(ConnectionMap::value_type(mux, conn));
it = connections_.find(mux);
return it->second;
Index: connectionParam.cpp
===================================================================
--- connectionParam.cpp (Revision 535)
+++ connectionParam.cpp (Arbeitskopie)
@@ -34,10 +34,10 @@
//{
//}
-ConnectionParam::ConnectionParam(KeyDerivation& kd, SeqWindow& seq_window,seq_nr_t seq_nr, std::string remote_host, u_int16_t remote_port) : kd_(kd),seq_window_(seq_window),seq_nr_(seq_nr),remote_host_(remote_host), remote_port_(remote_port)
+ConnectionParam::ConnectionParam(KeyDerivation& kd_send,KeyDerivation& kd_recv, SeqWindow& seq_window,seq_nr_t seq_nr, std::string remote_host, u_int16_t remote_port) : kd_send_(kd_send),kd_recv_(kd_recv),seq_window_(seq_window),seq_nr_(seq_nr),remote_host_(remote_host), remote_port_(remote_port)
{
}
-ConnectionParam::ConnectionParam(const ConnectionParam & src) : kd_(src.kd_),seq_window_(src.seq_window_),seq_nr_(src.seq_nr_),remote_host_(src.remote_host_), remote_port_(src.remote_port_),mutex_()
+ConnectionParam::ConnectionParam(const ConnectionParam & src) : kd_send_(src.kd_send_),kd_recv_(src.kd_recv_),seq_window_(src.seq_window_),seq_nr_(src.seq_nr_),remote_host_(src.remote_host_), remote_port_(src.remote_port_),mutex_()
{
}
|
