mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 20:13:05 +02:00
Code

Core change: Fix key-direction directive to work like 2.x branch

Browse Source 
where default = bidirectional.
This commit is contained in:
James Yonan 2013-01-19 02:37:15 +00:00
parent 01cce04d14
commit 6b10d81783
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
openvpn/ssl/proto.hpp
View File

@ -205,7 +205,7 @@ namespace openvpn {
pid_time_backtrack = 0; pid_time_backtrack = 0;
pid_debug_level = 0; pid_debug_level = 0;
autologin = false; autologin = false;
key_direction = -1; key_direction = -1; // bidirectional
} }
// master SSL context // master SSL context
@ -243,7 +243,7 @@ namespace openvpn {
// tls_auth parms // tls_auth parms
OpenVPNStaticKey tls_auth_key; // leave this undefined to disable tls_auth OpenVPNStaticKey tls_auth_key; // leave this undefined to disable tls_auth
typename CRYPTO_API::Digest tls_auth_digest; typename CRYPTO_API::Digest tls_auth_digest;
int key_direction; // -1 if undefined int key_direction; // 0, 1, or -1 for bidirectional
// reliability layer parms // reliability layer parms
reliable::id_t reliable_window; reliable::id_t reliable_window;
@ -280,7 +280,7 @@ namespace openvpn {
comp_ctx = CompressContext(CompressContext::NONE, false); comp_ctx = CompressContext(CompressContext::NONE, false);
protocol = Protocol(); protocol = Protocol();
pid_mode = PacketIDReceive::UDP_MODE; pid_mode = PacketIDReceive::UDP_MODE;
key_direction = -1; key_direction = -1; // bidirectional
// load parameters that can be present in both config file or pushed options // load parameters that can be present in both config file or pushed options
load_common(opt, pco); load_common(opt, pco);
@ -511,10 +511,8 @@ namespace openvpn {
out << ',' << compstr; out << ',' << compstr;
} }
if (server) if (key_direction >= 0)
out << ",keydir 0"; out << ",keydir " << key_direction;
else
out << ",keydir 1";
out << ",cipher " << cipher.name(); out << ",cipher " << cipher.name();
out << ",auth " << digest.name(); out << ",auth " << digest.name();
@ -1831,9 +1829,19 @@ namespace openvpn {
if (use_tls_auth) if (use_tls_auth)
{ {
// init tls_auth hmac // init tls_auth hmac
const unsigned int key_dir = (c.key_direction >= 0 ? !c.key_direction : is_server()) ? OpenVPNStaticKey::NORMAL : OpenVPNStaticKey::INVERSE; if (c.key_direction >= 0)
ta_hmac_send.init(c.tls_auth_digest, c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir)); {
ta_hmac_recv.init(c.tls_auth_digest, c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir)); // key-direction is 0 or 1
const unsigned int key_dir = c.key_direction ? OpenVPNStaticKey::INVERSE : OpenVPNStaticKey::NORMAL;
ta_hmac_send.init(c.tls_auth_digest, c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir));
ta_hmac_recv.init(c.tls_auth_digest, c.tls_auth_key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir));
}
else
{
// key-direction bidirectional mode
ta_hmac_send.init(c.tls_auth_digest, c.tls_auth_key.slice(OpenVPNStaticKey::HMAC));
ta_hmac_recv.init(c.tls_auth_digest, c.tls_auth_key.slice(OpenVPNStaticKey::HMAC));
}
// init tls_auth packet ID // init tls_auth packet ID
ta_pid_send.init(PacketID::LONG_FORM); ta_pid_send.init(PacketID::LONG_FORM);