7 files changed, 113 insertions, 45 deletions

diff --git a/Makefile b/Makefile
index 4552c17..7cd8d5b 100644
--- a/Makefile
+++ b/Makefile
@@ -59,6 +59,7 @@ OBJS = anytun.o \
 			 mpi.o \
 			 cipherFactory.o \
 			 authAlgoFactory.o \
+			 keyDerivationFactory.o \
 			 connectionList.o \
 			 connectionParam.o \
 			 networkAddress.o \
@@ -123,6 +124,9 @@ cipherFactory.o: cipherFactory.cpp cipherFactory.h cipher.h
 authAlgoFactory.o: authAlgoFactory.cpp authAlgoFactory.h authAlgo.h
 	$(C++) $(CCFLAGS) $< -c
 
+keyDerivationFactory.o: keyDerivationFactory.cpp keyDerivationFactory.h keyDerivation.h
+	$(C++) $(CCFLAGS) $< -c
+
 routingTable.o: routingTable.cpp routingTable.h
 	$(C++) $(CCFLAGS) $< -c
 
diff --git a/anytun.cpp b/anytun.cpp
index 69ea165..f560428 100644
--- a/anytun.cpp
+++ b/anytun.cpp
@@ -46,6 +46,7 @@
 #include "authTag.h"
 #include "cipherFactory.h"
 #include "authAlgoFactory.h"
+#include "keyDerivationFactory.h"
 #include "signalController.h"
 #include "packetSource.h"
 #include "tunDevice.h"
@@ -53,9 +54,6 @@
 #include "seqWindow.h"
 #include "connectionList.h"
 
-#include "mpi.h"  // TODO: remove after debug
-
-
 #include "syncQueue.h"
 #include "syncSocketHandler.h"
 #include "syncListenSocket.h"
@@ -77,6 +75,7 @@
 
 void createConnection(const std::string & remote_host, u_int16_t remote_port, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue)
 {
+      // TODO: use key exchange for master key/salt
   uint8_t key[] = {
   'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
   'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'
@@ -89,7 +88,7 @@ void createConnection(const std::string & remote_host, u_int16_t remote_port, Co
 
 	SeqWindow * seq= new SeqWindow(seqSize);
 	seq_nr_t seq_nr_=0;
-  KeyDerivation * kd = new KeyDerivation;
+  KeyDerivation * kd = KeyDerivationFactory::create("aes-ctr"); // TODO: get value from options
   kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
   cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port;
 	ConnectionParam connparam ( (*kd),  (*seq), seq_nr_, remote_host,  remote_port);
@@ -312,7 +311,6 @@ void* receiver(void* p)
 }
 
 #define MIN_GCRYPT_VERSION "1.2.3"
-//#define GCRYPT_SEC_MEM 32768    // 32k secure memory
 // make libgcrypt thread safe
 extern "C" {
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
@@ -341,7 +339,7 @@ bool initLibGCrypt()
   cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
   return true;
 }
-
+ 
 int main(int argc, char* argv[])
 {
   std::cout << "anytun - secure anycast tunneling protocol" << std::endl;
diff --git a/cipher.cpp b/cipher.cpp
index 07a9117..579d96c 100644
--- a/cipher.cpp
+++ b/cipher.cpp
@@ -70,6 +70,7 @@ u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_in
   return (ilen < olen) ? ilen : olen;
 }
 
+
 //****** AesIcmCipher ****** 
 
 AesIcmCipher::AesIcmCipher()
diff --git a/connectionList.cpp b/connectionList.cpp
index 93a23b9..713009b 100644
--- a/connectionList.cpp
+++ b/connectionList.cpp
@@ -30,6 +30,7 @@
 
 #include "threadUtils.hpp"
 #include "datatypes.h"
+#include "keyDerivationFactory.h"
 
 #include "connectionList.h"
 
@@ -91,7 +92,7 @@ ConnectionParam & ConnectionList::getOrNewConnectionUnlocked(u_int16_t mux)
 
   SeqWindow * seq= new SeqWindow(0);
   seq_nr_t seq_nr_=0;
-  KeyDerivation * kd = new KeyDerivation;
+  KeyDerivation * kd = KeyDerivationFactory::create("aes-ctr"); // TODO: get value from options
   kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
   ConnectionParam conn ( (*kd),  (*seq), seq_nr_, "",  0);
 	connections_.insert(ConnectionMap::value_type(mux, conn));
diff --git a/keyDerivation.cpp b/keyDerivation.cpp
index cfd70d4..79086b2 100644
--- a/keyDerivation.cpp
+++ b/keyDerivation.cpp
@@ -41,49 +41,66 @@
 #include <gcrypt.h>
 
 
-void KeyDerivation::init(Buffer key, Buffer salt)
+void KeyDerivation::setLogKDRate(const uint8_t log_rate)
 {
   Lock lock(mutex_);
-  gcry_error_t err;
+  if( log_rate < 49 )
+    ld_kdr_ = log_rate;
+}
 
-  // TODO: hardcoded cipher-type and keysize??
-  err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
-  if( err ) {
-    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
-    return;
-  }
+//****** NullKeyDerivation ******
 
-  master_salt_ = SyncBuffer(salt);
-  master_key_ = SyncBuffer(key);
+void NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
+{
+  for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0;
+}
 
-  updateMasterKey();
+//****** AesIcmKeyDerivation ******
+
+AesIcmKeyDerivation::~AesIcmKeyDerivation()
+{
+  Lock lock(mutex_);
+  if(cipher_)
+    gcry_cipher_close( cipher_ );
 }
 
-void KeyDerivation::updateMasterKey()
+void AesIcmKeyDerivation::updateMasterKey()
 {
-  gcry_error_t err;
+  if(!cipher_)
+    return;
 
-  err = gcry_cipher_setkey( cipher_, master_key_.getBuf(), master_key_.getLength() );
+  gcry_error_t err = gcry_cipher_setkey( cipher_, master_key_.getBuf(), master_key_.getLength() );
   if( err )
     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror( err );
 }
 
-KeyDerivation::~KeyDerivation()
+void AesIcmKeyDerivation::init(Buffer key, Buffer salt)
 {
   Lock lock(mutex_);
-  gcry_cipher_close( cipher_ );
-}
+  if(cipher_)
+    gcry_cipher_close( cipher_ );
 
-void KeyDerivation::setLogKDRate(const uint8_t log_rate)
-{
-  Lock lock(mutex_);
-  if( log_rate < 49 )
-    ld_kdr_ = log_rate;
+  // TODO: hardcoded cipher-type and keysize??
+  gcry_error_t err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
+  if( err ) {
+    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
+    return;
+  }
+  
+  master_salt_ = SyncBuffer(salt);
+  master_key_ = SyncBuffer(key);
+
+  updateMasterKey();
 }
 
-void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) 
+void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) 
 {
   Lock lock(mutex_);
+  if(!cipher_)
+  {
+    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: cipher not opened";
+    return;
+  }
 
   gcry_error_t err = gcry_cipher_reset( cipher_ );
   if( err )
@@ -133,3 +150,4 @@ void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
   if( err ) 
     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err );
 }
+
diff --git a/keyDerivation.h b/keyDerivation.h
index 6f52099..9057a6a 100644
--- a/keyDerivation.h
+++ b/keyDerivation.h
@@ -51,46 +51,89 @@ typedef enum {
 class KeyDerivation
 {
 public:
-  KeyDerivation() : ld_kdr_(0), master_salt_(0), master_key_(0), cipher_(NULL) {};
-  virtual ~KeyDerivation();
+  KeyDerivation() : ld_kdr_(0), master_salt_(0), master_key_(0) {};
+  virtual ~KeyDerivation() {};
 
-  void init(Buffer key, Buffer salt);
   void setLogKDRate(const u_int8_t ld_rate);
-  void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
 
-private:
-  void updateMasterKey();
+  virtual void init(Buffer key, Buffer salt) = 0;
+  virtual void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) = 0;
+
+  virtual std::string printType() { return "KeyDerivation"; };
+
+protected:
+  virtual void updateMasterKey() = 0;
   
 	KeyDerivation(const KeyDerivation & src);
 	friend class boost::serialization::access;
 	template<class Archive>
 	void serialize(Archive & ar, const unsigned int version)
 	{
-		Lock lock(mutex_);
-	  ar & ld_kdr_;
-	  ar & master_salt_;
+ 		Lock lock(mutex_);
+    ar & ld_kdr_;
+    ar & master_salt_;
     ar & master_key_;
     updateMasterKey();
 	}
 
-protected:
-  int8_t ld_kdr_;     // ld(key_derivation_rate)
+  int8_t ld_kdr_;             // ld(key_derivation_rate)
   SyncBuffer master_salt_;
   SyncBuffer master_key_;
 
-  gcry_cipher_hd_t cipher_;
   Mutex mutex_;
 };
 
+BOOST_IS_ABSTRACT(KeyDerivation)
+
+//****** NullKeyDerivation ******
 
-class NullKeyDerivation
+class NullKeyDerivation : public KeyDerivation
 {
+public:
+  NullKeyDerivation() {};
+  ~NullKeyDerivation() {};
+
+  void init(Buffer key, Buffer salt) {};
+  void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
+
+  std::string printType() { return "NullKeyDerivation"; };
+
+private:
+  void updateMasterKey() {};
+
+	friend class boost::serialization::access;
+	template<class Archive>
+	void serialize(Archive & ar, const unsigned int version)
+	{
+    ar & boost::serialization::base_object<KeyDerivation>(*this);
+	}
 
 };
 
-class AesIcmKeyDerivation
+//****** AesIcmKeyDerivation ******
+
+class AesIcmKeyDerivation : public KeyDerivation
 {
+public:
+  AesIcmKeyDerivation() : cipher_(NULL) {};
+  ~AesIcmKeyDerivation();
   
+  void init(Buffer key, Buffer salt);
+  void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key);
+
+  std::string printType() { return "AesIcmKeyDerivation"; };
+
+private:
+  void updateMasterKey();
+
+	friend class boost::serialization::access;
+	template<class Archive>
+	void serialize(Archive & ar, const unsigned int version)
+	{
+    ar & boost::serialization::base_object<KeyDerivation>(*this);
+	}
+
+  gcry_cipher_hd_t cipher_;
 };
 
 #endif
diff --git a/plainPacket.cpp b/plainPacket.cpp
index 0906fa2..d6f2e5f 100644
--- a/plainPacket.cpp
+++ b/plainPacket.cpp
@@ -45,7 +45,10 @@ PlainPacket::PlainPacket(u_int32_t payload_length, bool allow_realloc) : Buffer(
 
 payload_type_t PlainPacket::getPayloadType() const
 {
-  return PAYLOAD_TYPE_T_NTOH(*payload_type_);
+  if(payload_type_)
+    return PAYLOAD_TYPE_T_NTOH(*payload_type_);
+
+  return 0;
 }
 
 void PlainPacket::setPayloadType(payload_type_t payload_type)