cipher added mux to senderid for crypto

fixed payload type with ipv6 fixed lua script options: device defaults to tun
author: Christian Pointner <equinox@anytun.org> 2008-04-09 21:22:30 +0000
committer: Christian Pointner <equinox@anytun.org> 2008-04-09 21:22:30 +0000
commit: acbead59d307a10952cee41792e9397a2334f0da (patch)
tree: 400c76c6a2f2999f1b23270882709affaf7fd13c
parent: removed old documentation (diff)
7 files changed, 52 insertions, 33 deletions
diff --git a/anytun.cpp b/anytun.cpp
index 4c7b2b6..a115ff6 100644
--- a/anytun.cpp
+++ b/anytun.cpp
@@ -157,7 +157,7 @@ void* sender(void* p)
     c->setSalt(session_salt);
 
     // encrypt packet
-    c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId());
+    c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId(), mux);
 
     encrypted_packet.setHeader(conn.seq_nr_, gOpt.getSenderId(), mux);
     conn.seq_nr_++;
@@ -291,7 +291,8 @@ void* receiver(void* p)
     c->decrypt(encrypted_packet, plain_packet);
     
     // check payload_type
-    if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN) ||
+    if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN4 && 
+                                                       plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN6) ||
        (param->dev.getType() == TunDevice::TYPE_TAP && plain_packet.getPayloadType() != PAYLOAD_TYPE_TAP))
       continue;
 
@@ -374,7 +375,9 @@ int main(int argc, char* argv[])
   SignalController sig;
   sig.init();
   std::string dev_type(gOpt.getDevType()); 
-  TunDevice dev(gOpt.getDevName().c_str(), dev_type=="" ? NULL : dev_type.c_str(), gOpt.getIfconfigParamLocal().c_str(), gOpt.getIfconfigParamRemoteNetmask().c_str());
+  TunDevice dev(gOpt.getDevName().c_str(), dev_type=="" ? NULL : dev_type.c_str(), 
+                gOpt.getIfconfigParamLocal() =="" ? NULL : gOpt.getIfconfigParamLocal().c_str(), 
+                gOpt.getIfconfigParamRemoteNetmask() =="" ? NULL : gOpt.getIfconfigParamRemoteNetmask().c_str());
 
   PacketSource* src;
   if(gOpt.getLocalAddr() == "")
diff --git a/cipher.cpp b/cipher.cpp
index b36df1a..e98bc3b 100644
--- a/cipher.cpp
+++ b/cipher.cpp
@@ -40,31 +40,32 @@
 
 
       // TODO: in should be const but does not work with getBuf() :(
-void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id)
+void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
-	u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id);
+	u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux);
 	out.setSenderId(sender_id);
 	out.setSeqNr(seq_nr);
+  out.setMux(mux);
 	out.setPayloadLength(len);
 }
 
       // TODO: in should be const but does not work with getBuf() :(
 void Cipher::decrypt(EncryptedPacket & in, PlainPacket & out)
 {
-	u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId());
+	u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux());
 	out.setLength(len);
 }
 
 
 //******* NullCipher *******
 
-u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id)
+u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
 	std::memcpy(out, in, (ilen < olen) ? ilen : olen);
   return (ilen < olen) ? ilen : olen;
 }
 
-u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id)
+u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
 	std::memcpy(out, in, (ilen < olen) ? ilen : olen);
   return (ilen < olen) ? ilen : olen;
@@ -105,19 +106,19 @@ void AesIcmCipher::setSalt(Buffer& salt)
     salt_[u_int32_t(0)] = 1; // TODO: this is a outstandingly ugly workaround
 }
 
-u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id)
+u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
-  calc(in, ilen, out, olen, seq_nr, sender_id);
+  calc(in, ilen, out, olen, seq_nr, sender_id, mux);
   return (ilen < olen) ? ilen : olen;
 }
 
-u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id)
+u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
-  calc(in, ilen, out, olen, seq_nr, sender_id);
+  calc(in, ilen, out, olen, seq_nr, sender_id, mux);
   return (ilen < olen) ? ilen : olen;
 }
 
-void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id)
+void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 {
   if(!cipher_)
     return;
@@ -138,12 +139,15 @@ void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t o
 
   Mpi ctr(128);                                                // TODO: hardcoded size
   Mpi salt(salt_.getBuf(), salt_.getLength());
-  Mpi sid(32);                                                 // TODO: Q@OTTI add mux to sender_id????
-  sid = sender_id;
+  Mpi sid_mux(32);
+  sid_mux = sender_id;
+  Mpi mux_mpi(32);
+  mux_mpi = mux;
+  sid_mux = sid_mux ^ mux_mpi.mul2exp(16);
   Mpi seq(32);
   seq = seq_nr;
 
-  ctr = salt.mul2exp(16) ^ sid.mul2exp(64) ^ seq.mul2exp(16);  // TODO: hardcoded size
+  ctr = salt.mul2exp(16) ^ sid_mux.mul2exp(64) ^ seq.mul2exp(16);  // TODO: hardcoded size
 
   size_t written;
   u_int8_t *ctr_buf = ctr.getNewBuf(&written);             // TODO: hardcoded size
diff --git a/cipher.h b/cipher.h
index f899966..4acd601 100644
--- a/cipher.h
+++ b/cipher.h
@@ -45,15 +45,15 @@ public:
   virtual ~Cipher() {};
 
       // TODO: in should be const but does not work with getBuf() :(
-	void encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id);
+	void encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
 	void decrypt(EncryptedPacket & in, PlainPacket & out);
   
   virtual void setKey(Buffer& key) = 0;
   virtual void setSalt(Buffer& salt) = 0;
 
 protected:
-  virtual u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) = 0;
-  virtual u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) = 0; 
+  virtual u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0;
+  virtual u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; 
 };
 
 //****** NullCipher ******
@@ -65,8 +65,8 @@ public:
   void setSalt(Buffer& salt) {};
 
 protected:
-  u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id);
-  u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id);
+  u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+  u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
 };
 
 //****** AesIcmCipher ******
@@ -80,11 +80,11 @@ public:
   void setSalt(Buffer& salt);
 
 protected:
-  u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id);
-  u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id);
+  u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+  u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
 
 private:
-  void calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id);
+  void calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
 
   gcry_cipher_hd_t cipher_;
   Buffer salt_;
diff --git a/options.cpp b/options.cpp
index 4aedd43..53589cb 100644
--- a/options.cpp
+++ b/options.cpp
@@ -62,10 +62,10 @@ Options::Options() : key_(u_int32_t(0)), salt_(u_int32_t(0))
   remote_sync_addr_ = "";
   remote_addr_ = "";
   remote_port_ = 4444;
-  dev_name_ = "tap";
+  dev_name_ = "tun";
   dev_type_ = "";
-  ifconfig_param_local_ = "192.168.200.1";
-  ifconfig_param_remote_netmask_ = "255.255.255.0";
+  ifconfig_param_local_ = "";
+  ifconfig_param_remote_netmask_ = "";
   seq_window_size_ = 100;
   cipher_ = "aes-ctr";
   kd_prf_ = "aes-ctr";
diff --git a/plainPacket.cpp b/plainPacket.cpp
index c1fd99a..c3aa089 100644
--- a/plainPacket.cpp
+++ b/plainPacket.cpp
@@ -55,7 +55,18 @@ payload_type_t PlainPacket::getPayloadType() const
 
 void PlainPacket::setPayloadType(payload_type_t payload_type)
 {
-  if(payload_type_)
+  if(!payload_type_)
+    return;
+  
+  if(payload_type == PAYLOAD_TYPE_TUN)
+  {
+    struct ip* hdr = reinterpret_cast<struct ip*>(payload_);
+    if(hdr->ip_v == 4)
+      *payload_type_ = PAYLOAD_TYPE_T_HTON(PAYLOAD_TYPE_TUN4);
+    else if(hdr->ip_v == 6)
+      *payload_type_ = PAYLOAD_TYPE_T_HTON(PAYLOAD_TYPE_TUN6);
+  }
+  else
     *payload_type_ = PAYLOAD_TYPE_T_HTON(payload_type);
 }
 
@@ -106,7 +117,7 @@ NetworkAddress PlainPacket::getSrcAddr() const
         // TODO
     return NetworkAddress();
   }
-  else if(type == PAYLOAD_TYPE_TUN) // IPv4
+  else if(type == PAYLOAD_TYPE_TUN4) // IPv4
   {
     if(length_ < (sizeof(payload_type_t)+sizeof(struct ip)))
       return NetworkAddress();
@@ -135,7 +146,7 @@ NetworkAddress PlainPacket::getDstAddr() const
         // TODO
     return NetworkAddress();
   }
-  else if(type == PAYLOAD_TYPE_TUN) // IPv4
+  else if(type == PAYLOAD_TYPE_TUN4) // IPv4
   {
     if(length_ < (sizeof(payload_type_t)+sizeof(struct ip)))
       return NetworkAddress();
diff --git a/plainPacket.h b/plainPacket.h
index 03ae507..5348fe0 100644
--- a/plainPacket.h
+++ b/plainPacket.h
@@ -43,7 +43,8 @@ class Cipher;
  */
 
 #define PAYLOAD_TYPE_TAP 0x6558
-#define PAYLOAD_TYPE_TUN 0x0800
+#define PAYLOAD_TYPE_TUN 0x0000
+#define PAYLOAD_TYPE_TUN4 0x0800
 #define PAYLOAD_TYPE_TUN6 0x86DD 
 
 class PlainPacket : public Buffer
diff --git a/wireshark-lua/satp.lua b/wireshark-lua/satp.lua
index 1d6985e..be88557 100644
--- a/wireshark-lua/satp.lua
+++ b/wireshark-lua/satp.lua
@@ -7,13 +7,13 @@ do
  local payload_types = {
        [0x0800] = "IPv4",
        [0x6558] = "Ethernet",
-       [0x56DD] = "IPv6"
+       [0x86DD] = "IPv6"
  }
 
  local payload_dissector = {
        [0x0800] = "ip",
        [0x6558] = "ethernet",
-       [0x56DD] = "ipv6"
+       [0x86DD] = "ipv6"
  }
 
  local field_seq = ProtoField.uint32("satp.seq","Sequence Number",base.DEC)
author	Christian Pointner <equinox@anytun.org>	2008-04-09 21:22:30 +0000
committer	Christian Pointner <equinox@anytun.org>	2008-04-09 21:22:30 +0000
commit	acbead59d307a10952cee41792e9397a2334f0da (patch)
tree	400c76c6a2f2999f1b23270882709affaf7fd13c
parent	removed old documentation (diff)