fixed bug @ sync

key gets updatet @ sync
author: Christian Pointner <equinox@anytun.org> 2008-02-04 20:34:37 +0000
committer: Christian Pointner <equinox@anytun.org> 2008-02-04 20:34:37 +0000
commit: c01ff56f61b28d0a909f46b95182b5a26aaa6cd3 (patch)
tree: 0192e862cc9e71d260d64daf1f6fd2e4a379e80f
parent: sorry for not working checkin ;) (diff)
7 files changed, 100 insertions, 71 deletions
diff --git a/anytun.cpp b/anytun.cpp
index 925e5dd..0e7b01b 100644
--- a/anytun.cpp
+++ b/anytun.cpp
@@ -70,26 +70,26 @@
 #define SESSION_KEYLEN_ENCR 16
 #define SESSION_KEYLEN_SALT 14
 
-uint8_t key[] = {
- 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
- 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
- 'q', 'r', 's', 't'
-};
-
-uint8_t salt[] = {
- 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
- 'i', 'j', 'k', 'l', 'm', 'n'
-};
-
 void createConnection(const std::string & remote_host , u_int16_t remote_port, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue)
 {
+  uint8_t key[] = {
+  'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
+  'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'
+  };
+  
+  uint8_t salt[] = {
+  'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
+  'i', 'j', 'k', 'l', 'm', 'n'
+  };
 
 	SeqWindow * seq= new SeqWindow(seqSize);
 	seq_nr_t seq_nr_=0;
   KeyDerivation * kd = new KeyDerivation;
   kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
   cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port;
+
 	ConnectionParam connparam ( (*kd),  (*seq), seq_nr_, remote_host,  remote_port);
+
 	cl.addConnection(connparam,0);
 	SyncCommand sc (cl,0);
 	queue.push(sc);
@@ -282,9 +282,9 @@ void* receiver(void* p)
     c->decrypt(packet, plain_packet);
     
     // check payload_type and remove it
-   if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN) ||
-      (param->dev.getType() == TunDevice::TYPE_TAP && plain_packet.getPayloadType() != PAYLOAD_TYPE_TAP))
-     continue;
+    if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN) ||
+       (param->dev.getType() == TunDevice::TYPE_TAP && plain_packet.getPayloadType() != PAYLOAD_TYPE_TAP))
+      continue;
 
     // write it on the device
     param->dev.write(plain_packet);
@@ -292,6 +292,43 @@ void* receiver(void* p)
   pthread_exit(NULL);
 }
 
+#define MIN_GCRYPT_VERSION "1.2.3"
+#define GCRYPT_SEC_MEM 32768    // 32k secure memory
+
+void initLibGCrypt()
+{
+  gcry_error_t err;
+      // No other library has already initialized libgcrypt.
+  if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) )
+  {
+    if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
+      cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
+      return;
+    }
+    
+        // do NOT allocate a pool of secure memory!
+    // this is NOT thread safe!
+    
+    /* Allocate a pool of 16k secure memory.  This also drops priviliges
+     * on some systems. */
+    err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
+    if( err )
+    {
+      cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err );
+      return;
+    }
+
+        /* Tell Libgcrypt that initialization has completed. */
+    err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
+    if( err ) {
+      cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err );
+      return;
+    } else {
+      cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation::init: libgcrypt init finished";
+    }
+  }
+}
+
 
 // make libgcrypt thread safe
 extern "C" {
@@ -336,6 +373,7 @@ int main(int argc, char* argv[])
 
   // make libgcrypt thread safe
   gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread );
+  initLibGCrypt();
 
   pthread_t senderThread;
   pthread_create(&senderThread, NULL, sender, &p);  
diff --git a/connectionList.cpp b/connectionList.cpp
index 3b1c528..f4d9cde 100644
--- a/connectionList.cpp
+++ b/connectionList.cpp
@@ -69,12 +69,25 @@ const ConnectionMap::iterator ConnectionList::getConnection(u_int16_t mux)
 ConnectionParam & ConnectionList::getOrNewConnection(u_int16_t mux)
 {
 	Lock lock(mutex_);
+
 	ConnectionMap::iterator it = connections_.find(mux);
 	if(it!=connections_.end())
 		return it->second;
+
+  uint8_t key[] = {
+  'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
+  'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'
+  };
+  
+  uint8_t salt[] = {
+  'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
+  'i', 'j', 'k', 'l', 'm', 'n'
+  };
+
   SeqWindow * seq= new SeqWindow(0);
   seq_nr_t seq_nr_=0;
   KeyDerivation * kd = new KeyDerivation;
+  kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
   ConnectionParam conn ( (*kd),  (*seq), seq_nr_, "",  0);
 	connections_.insert(ConnectionMap::value_type(mux, conn));
 	it = connections_.find(mux);
@@ -92,3 +105,8 @@ bool ConnectionList::empty()
   Lock lock(mutex_);
 	return connections_.empty();
 }
+
+Mutex& ConnectionList::getMutex()
+{
+  return mutex_;
+}
diff --git a/connectionList.h b/connectionList.h
index 670f077..6cd24b4 100644
--- a/connectionList.h
+++ b/connectionList.h
@@ -51,6 +51,7 @@ public:
 	ConnectionParam & getOrNewConnection(u_int16_t mux);
 	bool empty();
 	void clear();
+  Mutex& getMutex();
 
 private:
   ConnectionList(const ConnectionList &s);
diff --git a/keyDerivation.cpp b/keyDerivation.cpp
index 911ea87..893825c 100644
--- a/keyDerivation.cpp
+++ b/keyDerivation.cpp
@@ -41,55 +41,37 @@
 #include <gcrypt.h>
 
 
-const char* KeyDerivation::MIN_GCRYPT_VERSION = "1.2.3";
-
 void KeyDerivation::init(Buffer key, Buffer salt)
 {
   Lock lock(mutex_);
   gcry_error_t err;
 
-  // No other library has already initialized libgcrypt.
-  if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) )
-  {
-    if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
-      cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
-      return;
-    }
-
-    // do NOT allocate a pool of secure memory!
-    // this is NOT thread safe!
-
-    /* Allocate a pool of 16k secure memory.  This also drops priviliges
-     * on some systems. */
-    err = gcry_control(GCRYCTL_INIT_SECMEM, GCRYPT_SEC_MEM, 0);
-    if( err )
-    {
-      cLog.msg(Log::PRIO_ERR) << "Failed to allocate " << GCRYPT_SEC_MEM << " bytes of secure memory: " << gpg_strerror( err );
-      return;
-    }
-
-    /* Tell Libgcrypt that initialization has completed. */
-    err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
-    if( err ) {
-      cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err );
-      return;
-    } else {
-      cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation::init: libgcrypt init finished";
-    }
-  }
-
+  // TODO: hardcoded keysize!
   err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
   if( err ) {
     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
     return;
   }
 
-  // FIXXME: hardcoded keysize!
-  err = gcry_cipher_setkey( cipher_, key.getBuf(), 16 );
+  salt_ = SyncBuffer(salt);
+  key_ = SyncBuffer(key);
+
+  updateKey();
+}
+
+void KeyDerivation::updateKey()
+{
+  gcry_error_t err;
+
+  err = gcry_cipher_setkey( cipher_, key_.getBuf(), key_.getLength() );
   if( err )
     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to set cipher key: " << gpg_strerror( err );
+}
 
-  salt_ = SyncBuffer(salt);
+KeyDerivation::~KeyDerivation()
+{
+  Lock lock(mutex_);
+  gcry_cipher_close( cipher_ );
 }
 
 void KeyDerivation::setLogKDRate(const uint8_t log_rate)
@@ -99,7 +81,6 @@ void KeyDerivation::setLogKDRate(const uint8_t log_rate)
     ld_kdr_ = log_rate;
 }
 
-
 void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, u_int32_t length) 
 {
   ////Lock lock(mutex_);
@@ -120,7 +101,7 @@ void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key,
   if( ld_kdr_ == -1 )    // means key_derivation_rate = 0
     r = 0;
   else
-    // FIXXME: kdr can be greater than 2^32 (= 2^48)
+    // TODO: kdr can be greater than 2^32 (= 2^48)
     r = static_cast<long unsigned int>(seq_nr / ( 0x01 << ld_kdr_ ));
 
   r = r.mul2exp(8);
@@ -144,15 +125,3 @@ void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key,
   if( err ) 
     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err );
 }
-
-
-void KeyDerivation::clear() 
-{
-  Lock lock(mutex_);
-  gcry_cipher_close( cipher_ );
-}
-
-u_int32_t KeyDerivation::bufferGetLength() const
-{
-	return salt_.getLength();
-}
diff --git a/keyDerivation.h b/keyDerivation.h
index 214a1a4..e313795 100644
--- a/keyDerivation.h
+++ b/keyDerivation.h
@@ -52,15 +52,15 @@ class KeyDerivation
 {
 public:
   KeyDerivation() : ld_kdr_(-1), salt_(0), cipher_(NULL) {};
-  virtual ~KeyDerivation() {};
+  virtual ~KeyDerivation();
 
   void init(Buffer key, Buffer salt);
   void setLogKDRate(const u_int8_t ld_rate);
   void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, u_int32_t length);
-  void clear();
-	u_int32_t bufferGetLength() const;
 
 private:
+  void updateKey();
+  
 	KeyDerivation(const KeyDerivation & src);
 	friend class boost::serialization::access;
 	template<class Archive>
@@ -69,13 +69,14 @@ private:
 		Lock lock(mutex_);
 	  ar & ld_kdr_;
 	  ar & salt_;
+    ar & key_;
+    updateKey();
 	}
 
 protected:
   int8_t ld_kdr_;     // ld(key_derivation_rate)
   SyncBuffer salt_;
-  static const char* MIN_GCRYPT_VERSION;
-  static const u_int32_t GCRYPT_SEC_MEM = 32768;    // 32k secure memory
+  SyncBuffer key_;
 
   gcry_cipher_hd_t cipher_;
   Mutex mutex_;
diff --git a/plainPacket.cpp b/plainPacket.cpp
index 7baef0b..50b8280 100644
--- a/plainPacket.cpp
+++ b/plainPacket.cpp
@@ -46,6 +46,7 @@ PlainPacket::~PlainPacket()
 
 PlainPacket::PlainPacket(u_int32_t max_payload_length) : Buffer(max_payload_length + sizeof(payload_type_t))
 {
+  payload_type_ = NULL;
 	splitPayload();
 }
 
@@ -73,7 +74,8 @@ payload_type_t PlainPacket::getPayloadType() const
 
 void PlainPacket::setPayloadType(payload_type_t payload_type)
 {
-  *payload_type_ = PAYLOAD_TYPE_T_HTON(payload_type);
+  if(payload_type_)
+    *payload_type_ = PAYLOAD_TYPE_T_HTON(payload_type);
 }
 
 void PlainPacket::setLength(u_int32_t length)
diff --git a/syncCommand.h b/syncCommand.h
index c556cfb..e8f66a7 100644
--- a/syncCommand.h
+++ b/syncCommand.h
@@ -22,7 +22,7 @@ private:
   template<class Archive>
   void serialize(Archive & ar, const unsigned int version)
   {
-		Lock lock(mutex_);
+		Lock lock(cl_.getMutex());
     ar & mux_;
 		ConnectionParam & conn = cl_.getOrNewConnection(mux_);
 		ar & conn;
@@ -30,4 +30,4 @@ private:
 };
 
 
-#endif // _SYNCSOCKET_H
+#endif // _SYNCCOMMAND_H
author	Christian Pointner <equinox@anytun.org>	2008-02-04 20:34:37 +0000
committer	Christian Pointner <equinox@anytun.org>	2008-02-04 20:34:37 +0000
commit	c01ff56f61b28d0a909f46b95182b5a26aaa6cd3 (patch)
tree	0192e862cc9e71d260d64daf1f6fd2e4a379e80f
parent	sorry for not working checkin ;) (diff)