hi
This question may be more complicated, I hope your can help me to analyze it!
My question is that I want to the date is encrypted by own encrpytion
function in openvpn2.0, so I do something hereinafter.
(1)server-client mode, modify the server.ovpn and client.ovpn, in config
file, add the line like this "cipher none", so server and client will sent the
plaintext to each other.
(2)I read the openvpn2.0 source code and find openvpn2.0 has the encrpytion
function is "openvpn_encrypt" in crypto.c, so I modify it, but i am failed!
============================================================================
crypto.c
============================================================================
openvpn_encrypt (struct buffer *buf, struct buffer work,
const struct crypto_options *opt,
const struct frame* frame)
{
struct gc_arena gc;
gc_init (&gc);
if (buf->len > 0 && opt->key_ctx_bi)
{
........
//Encryption
.......
}
else /* No Encryption */
{
if (opt->packet_id)
{
struct packet_id_net pin;
packet_id_alloc_outgoing (&opt->packet_id->send, &pin, BOOL_CAST
(opt->flags & CO_PACKET_ID_LONG_FORM));
ASSERT (packet_id_write (&pin, buf, BOOL_CAST (opt->flags &
CO_PACKET_ID_LONG_FORM), true));
}
//================================================================
//I do something here!!!
//I want to user my encrpytion function here to encryt "buf->data"
//================================================================
printf("print buf.data, data: %s\n ",buf->data);
work = *buf;
}
/* HMAC the ciphertext (or plaintext if !cipher) */
if (ctx->hmac)
{
int hmac_len;
uint8_t *output;
HMAC_Init_ex (ctx->hmac, NULL, 0, NULL, NULL);
HMAC_Update (ctx->hmac, BPTR (&work), BLEN (&work));
output = buf_prepend (&work, HMAC_size (ctx->hmac));
ASSERT (output);
HMAC_Final (ctx->hmac, output, (unsigned int *)&hmac_len);
ASSERT (hmac_len == HMAC_size (ctx->hmac));
}
*buf = work;
}
........
}
================================================================================
(3)If I want to realize my intention, what should i do? can you give me some
adivces! how to modify source code to solve this question. I have modified
tun.c, and do work in "ReadFile" and "WriteFile" to solve this question and
alse i was failed!
In crypto.c, i add code"printf("print buf.data, data: %s\n
",buf->data);",run openvpn,the result is:
================================================================================
Sat Jul 02 16:42:35 2005 us=556567 Initialization Sequence Completed
Sat Jul 02 16:42:40 2005 us=294536 MULTI: multi_create_instance called
Sat Jul 02 16:42:40 2005 us=295030 Re-using SSL/TLS context
Sat Jul 02 16:42:40 2005 us=295669 Control Channel MTU parms [ L:1559 D:140
EF:40 EB:0 ET:0 EL:0 ]
Sat Jul 02 16:42:40 2005 us=296057 Data Channel MTU parms [ L:1559 D:1450 EF:27
EB:4 ET:32 EL:0 AF:14/27 ]
Sat Jul 02 16:42:40 2005 us=296401 Local Options String: 'V4,dev-type
tap,link-mtu 1559,tun-mtu 1532,proto TCPv4_SERVER,
cipher [null-cipher],auth SHA1,keysize 0,key-method 2,tls-server'
Sat Jul 02 16:42:40 2005 us=296759 Expected Remote Options String: 'V4,dev-type
tap,link-mtu 1559,tun-mtu 1532,proto TCP
v4_CLIENT,cipher [null-cipher],auth SHA1,keysize 0,key-method 2,tls-client'
Sat Jul 02 16:42:40 2005 us=297142 Local Options hash (VER=V4): 'b347aa25'
Sat Jul 02 16:42:40 2005 us=297389 Expected Remote Options hash (VER=V4):
'8f7d9194'
Sat Jul 02 16:42:40 2005 us=298329 TCP connection established with
25.20.186.38:1508
Sat Jul 02 16:42:40 2005 us=310904 Socket Buffers: R=[65535->65535]
S=[65535->65535]
Sat Jul 02 16:42:40 2005 us=311384 TCPv4_SERVER link local: [undef]
Sat Jul 02 16:42:40 2005 us=311635 TCPv4_SERVER link remote: 25.20.186.38:1508
Sat Jul 02 16:42:40 2005 us=327730 25.20.186.38:1508 TLS: Initial packet from
25.20.186.38:1508, sid=6c341077 118ebe0d
Sat Jul 02 16:42:40 2005 us=985028 25.20.186.38:1508 VERIFY OK: depth=1,
/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddre
ss=me@myhost.mydomain
Sat Jul 02 16:42:40 2005 us=989777 25.20.186.38:1508 VERIFY OK: depth=0,
/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/email
Address=me@myhost.mydomain
Sat Jul 02 16:42:41 2005 us=240081 25.20.186.38:1508 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC au
thentication
Sat Jul 02 16:42:41 2005 us=240687 25.20.186.38:1508 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC au
thentication
Sat Jul 02 16:42:41 2005 us=620696 25.20.186.38:1508 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024
bit RSA
Sat Jul 02 16:42:41 2005 us=621255 25.20.186.38:1508 [Test-Client] Peer
Connection Initiated with 25.20.186.38:1508
print buf.data, data: x�?
print buf.data, data: x�?
Sat Jul 02 16:42:41 2005 us=847231 Test-Client/25.20.186.38:1508 PUSH:
Received control message: 'PUSH_REQUEST'
Sat Jul 02 16:42:41 2005 us=847791 Test-Client/25.20.186.38:1508 SENT CONTROL
[Test-Client]: 'PUSH_REPLY,route-gateway 1
0.0.0.1,ping 10,ping-restart 120,ifconfig 10.0.0.111 255.255.255.0' (status=1)
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
Sat Jul 02 16:42:47 2005 us=315192 Test-Client/25.20.186.38:1508 MULTI: Learn:
00:ff:12:4d:53:49 -> Test-Client/25.20.1
86.38:1508
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data: x�?
print buf.data, data:
print buf.data, data:
print buf.data, data:
print buf.data, data:
print buf.data, data:
print buf.data, data:
print buf.data, data:
print buf.data, data:
print buf.data, data:
===============================================================================
this result is very strange, the data is empty??? Please help to analyze it,
thanks for you!
Nicholas
---------------------------------
DO YOU YAHOO!?
雅虎免费G邮箱-No.1的防毒防垃圾超大邮箱
