warp-vpn

point to point VPN implementation
git clone git://git.2f30.org/warp-vpn
Log | Files | Refs | README

commit 190deec3928e9323cf2ee8d7200924a17ddba4f9
parent 964ca0d06f57cdebdacd8c942f98bf2b0f527578
Author: sin <sin@2f30.org>
Date:   Thu, 31 Mar 2016 17:25:21 +0100

style changes

Diffstat:
Mstun.c | 57+++++++++++++++++++++++++++++----------------------------
1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/stun.c b/stun.c @@ -83,7 +83,7 @@ #define HDRLEN 2 #define IVLEN 12 #define TAGLEN 16 -#define MAXPKTLEN (MTU + AES_BLOCK_SIZE + HDRLEN + IVLEN + TAGLEN) +#define MAXPKTLEN (TAGLEN + IVLEN + HDRLEN + MTU + AES_BLOCK_SIZE) #define BADPKT 0x8000 enum { @@ -262,11 +262,11 @@ aesinit(EVP_CIPHER_CTX *ectx, EVP_CIPHER_CTX *dctx) } int -aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int plen, +aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int ptlen, unsigned char *key, unsigned char *iv, unsigned char *aad, int aadlen, unsigned char *tag, int taglen) { - int clen, flen; + int len, flen; if (EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1) logerr("EVP_EncryptInit_ex failed"); @@ -274,27 +274,27 @@ aesenc(EVP_CIPHER_CTX *ctx, unsigned char *ct, unsigned char *pt, int plen, if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) != 1) logerr("EVP_EncryptInit_ex failed"); - if (EVP_EncryptUpdate(ctx, NULL, &clen, aad, aadlen) != 1) + if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) logerr("EVP_EncryptUpdate failed"); - if (EVP_EncryptUpdate(ctx, ct, &clen, pt, plen) != 1) + if (EVP_EncryptUpdate(ctx, ct, &len, pt, ptlen) != 1) logerr("EVP_EncryptUpdate failed"); - if (EVP_EncryptFinal_ex(ctx, ct + clen, &flen) != 1) + if (EVP_EncryptFinal_ex(ctx, ct + len, &flen) != 1) logerr("EVP_EncryptFinal_ex failed"); if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, TAGLEN, tag) != 1) logerr("EVP_CTRL_GCM_GET_TAG failed"); - return clen + flen; + return len + flen; } int -aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int clen, +aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int ctlen, unsigned char *key, unsigned char *iv, unsigned char *aad, int aadlen, unsigned char *tag, int taglen) { - int plen, flen; + int len, flen; if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) != 1) logerr("EVP_DecryptInit_ex failed"); @@ -302,20 +302,20 @@ aesdec(EVP_CIPHER_CTX *ctx, unsigned char *pt, unsigned char *ct, int clen, if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) != 1) logerr("EVP_DecryptInit_ex failed"); - if (EVP_DecryptUpdate(ctx, NULL, &plen, aad, aadlen) != 1) + if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) != 1) logerr("EVP_DecryptUpdate failed"); - if (EVP_DecryptUpdate(ctx, pt, &plen, ct, clen) != 1) + if (EVP_DecryptUpdate(ctx, pt, &len, ct, ctlen) != 1) logerr("EVP_DecryptUpdate failed"); if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, TAGLEN, tag) != 1) logerr("EVP_CTRL_GCM_SET_TAG failed"); /* if this fails, someone has tampered with the packet in transit */ - if (EVP_DecryptFinal_ex(ctx, pt + plen, &flen) != 1) + if (EVP_DecryptFinal_ex(ctx, pt + len, &flen) != 1) return -1; - return plen + flen; + return len + flen; } #if defined(__linux__) @@ -464,27 +464,28 @@ readdev(int fd, unsigned char *buf, int len) int writenet(int fd, unsigned char *pt, int len) { - unsigned char payload[MTU + AES_BLOCK_SIZE]; + unsigned char ct[MTU + AES_BLOCK_SIZE]; unsigned char hdr[HDRLEN], iv[IVLEN], tag[TAGLEN]; unsigned char pkt[MAXPKTLEN]; + int pktlen; pack16(hdr, len); arc4random_buf(iv, IVLEN); - aesenc(&ectx, payload, pt, len, aeskey, iv, hdr, HDRLEN, tag, TAGLEN); + aesenc(&ectx, ct, pt, len, aeskey, iv, hdr, HDRLEN, tag, TAGLEN); memcpy(pkt, tag, TAGLEN); memcpy(&pkt[TAGLEN], iv, IVLEN); memcpy(&pkt[TAGLEN + IVLEN], hdr, HDRLEN); - memcpy(&pkt[TAGLEN + IVLEN + HDRLEN], payload, len); - len += TAGLEN + IVLEN + HDRLEN; - return writeall(fd, pkt, len); + memcpy(&pkt[TAGLEN + IVLEN + HDRLEN], ct, len); + pktlen = TAGLEN + IVLEN + HDRLEN + len; + return writeall(fd, pkt, pktlen); } int readnet(int fd, unsigned char *pt, int len) { - unsigned char payload[MTU + AES_BLOCK_SIZE]; + unsigned char ct[MTU + AES_BLOCK_SIZE]; unsigned char hdr[HDRLEN], iv[IVLEN], tag[TAGLEN]; - int n, payloadlen; + int n, ctlen; #define CHECKERR(n) do { \ if ((n) == 0) { \ @@ -505,18 +506,18 @@ readnet(int fd, unsigned char *pt, int len) n = readall(fd, hdr, HDRLEN); CHECKERR(n); - payloadlen = unpack16(hdr); - if (payloadlen > MTU + AES_BLOCK_SIZE) - payloadlen = MTU + AES_BLOCK_SIZE; + ctlen = unpack16(hdr); + if (ctlen > MTU + AES_BLOCK_SIZE) + ctlen = MTU + AES_BLOCK_SIZE; - n = readall(fd, payload, payloadlen); + n = readall(fd, ct, ctlen); CHECKERR(n); - payloadlen = aesdec(&dctx, pt, payload, payloadlen, aeskey, iv, - hdr, HDRLEN, tag, TAGLEN); - if (payloadlen < 0) + n = aesdec(&dctx, pt, ct, ctlen, aeskey, iv, + hdr, HDRLEN, tag, TAGLEN); + if (n < 0) return BADPKT; - return payloadlen; + return n; } int