AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 17:39:53 +03:00
Code Releases Activity

Add DhParamBits configuration to set Diffie-Hellman parameters

Browse Source
This commit is contained in:
NV 2015-01-27 03:23:36 +09:00
parent 75f9836ce5
commit ad58da4179
9 changed files with 155 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Cedar/Cedar.c
View File

@ -1726,6 +1726,8 @@ CEDAR *NewCedar(X *server_x, K *server_k)
c->UdpPortList = NewIntList(false); c->UdpPortList = NewIntList(false);
c->DhParamBits = DH_PARAM_BITS_DEFAULT;
InitNetSvcList(c); InitNetSvcList(c);
InitLocalBridgeList(c); InitLocalBridgeList(c);

2
src/Cedar/Cedar.h
View File

@ -308,6 +308,7 @@
#define FARM_BASE_POINT 100000 // Reference value of the cluster score #define FARM_BASE_POINT 100000 // Reference value of the cluster score
#define FARM_DEFAULT_WEIGHT 100 // Standard performance ratio #define FARM_DEFAULT_WEIGHT 100 // Standard performance ratio
#define DH_PARAM_BITS_DEFAULT 2048 // Bits of Diffie-Hellman Parameters
#define SE_UDP_SIGN "SE2P" // Not used (only old UDP mode) #define SE_UDP_SIGN "SE2P" // Not used (only old UDP mode)
@ -1052,6 +1053,7 @@ typedef struct CEDAR
LOCK *FifoBudgetLock; // Fifo budget lock LOCK *FifoBudgetLock; // Fifo budget lock
UINT FifoBudget; // Fifo budget UINT FifoBudget; // Fifo budget
bool AcceptOnlyTls; // Accept only TLS (Disable SSL) bool AcceptOnlyTls; // Accept only TLS (Disable SSL)
UINT DhParamBits; // Bits of Diffie-Hellman parameters
char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String char OpenVPNDefaultClientOption[MAX_SIZE]; // OpenVPN Default Client Option String
} CEDAR; } CEDAR;

17
src/Cedar/Interop_OpenVPN.c
View File

@ -2595,7 +2595,7 @@ OPENVPN_SERVER *NewOpenVpnServer(CEDAR *cedar, INTERRUPT_MANAGER *interrupt, SOC
OvsLog(s, NULL, NULL, "LO_START"); OvsLog(s, NULL, NULL, "LO_START");
s->Dh = DhNewGroup2(); s->Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT);
return s; return s;
} }
@ -2703,6 +2703,21 @@ OPENVPN_SERVER_UDP *NewOpenVpnServerUdp(CEDAR *cedar)
return u; return u;
} }
void OpenVpnServerUdpSetDhParam(OPENVPN_SERVER_UDP *u, DH_CTX *dh)
{
// Validate arguments
if (u == NULL) {
return;
}
if (u->OpenVpnServer->Dh)
{
DhFree(u->OpenVpnServer->Dh);
}
u->OpenVpnServer->Dh = dh;
}
// Apply the port list to the OpenVPN server // Apply the port list to the OpenVPN server
void OvsApplyUdpPortList(OPENVPN_SERVER_UDP *u, char *port_list) void OvsApplyUdpPortList(OPENVPN_SERVER_UDP *u, char *port_list)
{ {

2
src/Cedar/Interop_OpenVPN.h
View File

@ -384,6 +384,8 @@ bool OvsGetNoOpenVpnTcp();
void OvsSetNoOpenVpnUdp(bool b); void OvsSetNoOpenVpnUdp(bool b);
void OpenVpnServerUdpSetDhParam(OPENVPN_SERVER_UDP *u, DH_CTX *dh);
#endif // INTEROP_OPENVPN_H #endif // INTEROP_OPENVPN_H

15
src/Cedar/Server.c
View File

@ -6140,6 +6140,19 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// AcceptOnlyTls // AcceptOnlyTls
c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls"); c->AcceptOnlyTls = CfgGetBool(f, "AcceptOnlyTls");
// Bits of Diffie-Hellman parameters
c->DhParamBits = CfgGetInt(f, "DhParamBits");
if (c->DhParamBits == 0)
{
c->DhParamBits = DH_PARAM_BITS_DEFAULT;
}
SetDhParam(DhNewFromBits(c->DhParamBits));
if (s->OpenVpnServerUdp)
{
OpenVpnServerUdpSetDhParam(s->OpenVpnServerUdp, DhNewFromBits(c->DhParamBits));
}
} }
Unlock(c->lock); Unlock(c->lock);
@ -6450,6 +6463,8 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls); CfgAddBool(f, "AcceptOnlyTls", c->AcceptOnlyTls);
CfgAddInt(f, "DhParamBits", c->DhParamBits);
// Disable session reconnect // Disable session reconnect
CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT)); CfgAddBool(f, "DisableSessionReconnect", GetGlobalServerFlag(GSF_DISABLE_SESSION_RECONNECT));
} }

41
src/Mayaqua/Encrypt.c
View File

@ -4827,12 +4827,53 @@ DH_CTX *DhNewGroup5()
return DhNew(DH_GROUP5_PRIME_1536, 2); return DhNew(DH_GROUP5_PRIME_1536, 2);
} }
// Creating a DH GROUP14
DH_CTX *DhNewGroup14()
{
return DhNew(DH_GROUP14_PRIME_2048, 2);
}
// Creating a DH GROUP15
DH_CTX *DhNewGroup15()
{
return DhNew(DH_GROUP15_PRIME_3072, 2);
}
// Creating a DH GROUP16
DH_CTX *DhNewGroup16()
{
return DhNew(DH_GROUP16_PRIME_4096, 2);
}
// Creating a DH SIMPLE 160bits // Creating a DH SIMPLE 160bits
DH_CTX *DhNewSimple160() DH_CTX *DhNewSimple160()
{ {
return DhNew(DH_SIMPLE_160, 2); return DhNew(DH_SIMPLE_160, 2);
} }
DH_CTX *DhNewFromBits(UINT bits)
{
switch (bits)
{
case 160:
return DhNewSimple160();
case 768:
return DhNewGroup1();
case 1024:
return DhNewGroup2();
case 1536:
return DhNewGroup5();
case 2048:
return DhNewGroup14();
case 3072:
return DhNewGroup15();
case 4096:
return DhNewGroup16();
default:
return DhNewGroup14();
}
}
// Convert the DH parameters to file // Convert the DH parameters to file
BUF *DhToBuf(DH_CTX *dh) BUF *DhToBuf(DH_CTX *dh)
{ {

59
src/Mayaqua/Encrypt.h
View File

@ -168,6 +168,61 @@ void RAND_Free_For_SoftEther();
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
#define DH_GROUP14_PRIME_2048 \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AACAA68FFFFFFFFFFFFFFFF"
#define DH_GROUP15_PRIME_3072 \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
#define DH_GROUP16_PRIME_4096 \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \
"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \
"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \
"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \
"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \
"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \
"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \
"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \
"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \
"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \
"FFFFFFFFFFFFFFFF"
#define DH_SIMPLE_160 "AEE7561459353C95DDA966AE1FD25D95CD46E935" #define DH_SIMPLE_160 "AEE7561459353C95DDA966AE1FD25D95CD46E935"
// Macro // Macro
@ -464,7 +519,11 @@ bool DhCompute(DH_CTX *dh, void *dst_priv_key, void *src_pub_key, UINT key_size)
DH_CTX *DhNewGroup1(); DH_CTX *DhNewGroup1();
DH_CTX *DhNewGroup2(); DH_CTX *DhNewGroup2();
DH_CTX *DhNewGroup5(); DH_CTX *DhNewGroup5();
DH_CTX *DhNewGroup14();
DH_CTX *DhNewGroup15();
DH_CTX *DhNewGroup16();
DH_CTX *DhNewSimple160(); DH_CTX *DhNewSimple160();
DH_CTX *DhNewFromBits(UINT bits);
DH_CTX *DhNew(char *prime, UINT g); DH_CTX *DhNew(char *prime, UINT g);
void DhFree(DH_CTX *dh); void DhFree(DH_CTX *dh);
BUF *DhToBuf(DH_CTX *dh); BUF *DhToBuf(DH_CTX *dh);

24
src/Mayaqua/Network.c
View File

@ -245,7 +245,7 @@ static UINT rand_port_numbers[256] = {0};
static bool g_use_privateip_file = false; static bool g_use_privateip_file = false;
static bool g_source_ip_validation_force_disable = false; static bool g_source_ip_validation_force_disable = false;
static DH_CTX *dh_1024 = NULL; static DH_CTX *dh_param = NULL;
typedef struct PRIVATE_IP_SUBNET typedef struct PRIVATE_IP_SUBNET
{ {
@ -17577,9 +17577,9 @@ DH *TmpDhCallback(SSL *ssl, int is_export, int keylength)
{ {
DH *ret = NULL; DH *ret = NULL;
if (dh_1024 != NULL) if (dh_param != NULL)
{ {
ret = dh_1024->dh; ret = dh_param->dh;
} }
return ret; return ret;
@ -17696,8 +17696,6 @@ void InitNetwork()
disable_cache = false; disable_cache = false;
dh_1024 = DhNewGroup2();
Zero(rand_port_numbers, sizeof(rand_port_numbers)); Zero(rand_port_numbers, sizeof(rand_port_numbers));
SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM); SetGetIpThreadMaxNum(DEFAULT_GETIP_THREAD_MAX_NUM);
@ -18103,10 +18101,10 @@ void SetCurrentGlobalIP(IP *ip, bool ipv6)
void FreeNetwork() void FreeNetwork()
{ {
if (dh_1024 != NULL) if (dh_param != NULL)
{ {
DhFree(dh_1024); DhFree(dh_param);
dh_1024 = NULL; dh_param = NULL;
} }
// Release of thread-related // Release of thread-related
@ -22650,6 +22648,16 @@ bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UIN
return ret; return ret;
} }
void SetDhParam(DH_CTX *dh)
{
if (dh_param)
{
DhFree(dh_param);
}
dh_param = dh;
}
// Developed by SoftEther VPN Project at University of Tsukuba in Japan. // Developed by SoftEther VPN Project at University of Tsukuba in Japan.
// Department of Computer Science has dozens of overly-enthusiastic geeks. // Department of Computer Science has dozens of overly-enthusiastic geeks.
// Join us: http://www.tsukuba.ac.jp/english/admission/ // Join us: http://www.tsukuba.ac.jp/english/admission/

2
src/Mayaqua/Network.h
View File

@ -1010,6 +1010,8 @@ int GetCurrentTimezone();
bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UINT sni_size); bool GetSniNameFromSslPacket(UCHAR *packet_buf, UINT packet_size, char *sni, UINT sni_size);
bool GetSniNameFromPreSslConnection(SOCK *s, char *sni, UINT sni_size); bool GetSniNameFromPreSslConnection(SOCK *s, char *sni, UINT sni_size);
void SetDhParam(DH_CTX *dh);
bool IsUseDnsProxy(); bool IsUseDnsProxy();
bool IsUseAlternativeHostname(); bool IsUseAlternativeHostname();