diff options
-rw-r--r-- | anytun.cpp | 150 | ||||
-rw-r--r-- | connectionParam.cpp | 5 | ||||
-rw-r--r-- | connectionParam.h | 5 |
3 files changed, 101 insertions, 59 deletions
@@ -74,14 +74,88 @@ void createConnection(const std::string & remote_host , u_int16_t remote_port, C 'i', 'j', 'k', 'l', 'm', 'n' }; - + seq_nr_t seq_nr_=0; KeyDerivation kd; //kd.init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port; - ConnectionParam connparam ( kd, seq, remote_host, remote_port); + ConnectionParam connparam ( kd, seq, seq_nr_, remote_host, remote_port); cl.addConnection(connparam,std::string("default")); } + +void encryptPacket(Packet & pack, Cypher & c, ConnectionParam & conn) +{ + // cypher the packet +/* Buffer tmp_key(16), tmp_salt(14); + //TODO fix key derivation! + //conn.kd_.generate(label_satp_encryption, seq, tmp_key, tmp_key.getLength()); + //conn.kd_.generate(label_satp_salt, seq, tmp_salt, tmp_salt.getLength()); + c.setKey(tmp_key); + c.setSalt(tmp_salt); + + //cLog.msg(Log::PRIO_NOTICE) << "Send Package: seq: " << seq; + //cLog.msg(Log::PRIO_NOTICE) << "sID: " << param->opt.getSenderId(); + //cLog.msg(Log::PRIO_NOTICE) << "Package dump: " << pack.getBuf(); + + c.cypher(pack, seq, param->opt.getSenderId()); + +*/ // add header to packet + +} + +bool decryptPacket(Packet & pack, Cypher & c, ConnectionParam & conn) +{ + u_int16_t sid = pack.getSenderId(); + u_int16_t seq = pack.getSeqNr(); +/* + // decypher the packet + Buffer tmp_key(16), tmp_salt(14); + //conn.kd_.generate(label_satp_encryption, seq, tmp_key, tmp_key.getLength()); + //conn.kd_.generate(label_satp_salt, seq, tmp_salt, tmp_salt.getLength()); + c.setKey(tmp_key); + c.setSalt(tmp_salt); + c.cypher(pack, seq, sid); + + //cLog.msg(Log::PRIO_NOTICE) << "Received Package: seq: " << seq; + //cLog.msg(Log::PRIO_NOTICE) << "sID: " << sid; + //cLog.msg(Log::PRIO_NOTICE) << "Package dump: " << pack.getBuf(); +*/ + return true; +} + +void addPacketAuthTag(Packet & pack, Cypher & c, ConnectionParam & conn) +{ + +// // calc auth_tag and add it to the packet +// AuthTag at = a.calc(pack); +// if(at != AuthTag(0)) { +// //auth_tag_t at = a.calc(pack); +// pack.addAuthTag(at); +// } +// + // send it out to remote host +} + +bool checkPacketAuthTag(Packet & pack, Cypher & c, ConnectionParam & conn) +{ +// // check auth_tag and remove it +// AuthTag at = pack.getAuthTag(); + pack.removeAuthTag(); + //return at == a.calc(pack); + return true; +} + +bool checkPacketSeqNr(Packet & pack,ConnectionParam & conn) +{ + u_int16_t sid = pack.getSenderId(); + u_int16_t seq = pack.getSeqNr(); + // compare sender_id and seq with window + if(conn.seq_window_.hasSeqNr(pack.getSenderId(), pack.getSeqNr())) + return false; + conn.seq_window_.addSeqNr(pack.getSenderId(), pack.getSeqNr()); + return true; +} + void* sender(void* p) { Param* param = reinterpret_cast<Param*>(p); @@ -90,13 +164,14 @@ void* sender(void* p) // AesIcmCypher c; // NullAuthAlgo a; - seq_nr_t seq = 0; while(1) { + //TODO make pack global, reduce dynamic memory! Packet pack(1600); // fix me... mtu size - + // read packet from device int len = param->dev.read(pack); + //TODO remove, no dynamic memory resizing pack.resizeBack(len); if( param->cl.empty()) @@ -110,32 +185,12 @@ void* sender(void* p) else pack.addPayloadType(0); - // cypher the packet -/* Buffer tmp_key(16), tmp_salt(14); - //TODO fix key derivation! - //conn.kd_.generate(label_satp_encryption, seq, tmp_key, tmp_key.getLength()); - //conn.kd_.generate(label_satp_salt, seq, tmp_salt, tmp_salt.getLength()); - c.setKey(tmp_key); - c.setSalt(tmp_salt); - - //cLog.msg(Log::PRIO_NOTICE) << "Send Package: seq: " << seq; - //cLog.msg(Log::PRIO_NOTICE) << "sID: " << param->opt.getSenderId(); - //cLog.msg(Log::PRIO_NOTICE) << "Package dump: " << pack.getBuf(); + encryptPacket(pack, c, conn); - c.cypher(pack, seq, param->opt.getSenderId()); + pack.addHeader(conn.seq_nr_, param->opt.getSenderId()); + conn.seq_nr_++; -*/ // add header to packet - pack.addHeader(seq, param->opt.getSenderId()); - seq++; - -// // calc auth_tag and add it to the packet -// AuthTag at = a.calc(pack); -// if(at != AuthTag(0)) { -// //auth_tag_t at = a.calc(pack); -// pack.addAuthTag(at); -// } -// - // send it out to remote host + addPacketAuthTag(pack, c, conn); param->src.send(pack, conn.remote_host_, conn.remote_port_); } pthread_exit(NULL); @@ -170,42 +225,27 @@ void* receiver(void* p) // pack.withPayloadType(true).withHeader(true).withAuthTag(true); pack.withPayloadType(true).withHeader(true).withAuthTag(false); -// // check auth_tag and remove it -// AuthTag at = pack.getAuthTag(); - pack.removeAuthTag(); -// if(at != a.calc(pack)) -// continue; // autodetect peer // TODO fixme, IP might change!!! + // TODO check auth tag first if(param->opt.getRemoteAddr() == "" && param->cl.empty()) { createConnection(remote_host, remote_port, param->cl,param->opt.getSeqWindowSize()); cLog.msg(Log::PRIO_NOTICE) << "autodetected remote host " << remote_host << ":" << remote_port; } -/* ConnectionParam conn = param->cl.getConnection(); - sid = pack.getSenderId(); - seq = pack.getSeqNr(); - // compare sender_id and seq with window - if(conn.seq_.hasSeqNr(pack.getSenderId(), pack.getSeqNr())) - continue; - conn.seq_.addSeqNr(pack.getSenderId(), pack.getSeqNr()); -*/ - pack.removeHeader(); -/* - // decypher the packet - Buffer tmp_key(16), tmp_salt(14); - //conn.kd_.generate(label_satp_encryption, seq, tmp_key, tmp_key.getLength()); - //conn.kd_.generate(label_satp_salt, seq, tmp_salt, tmp_salt.getLength()); - c.setKey(tmp_key); - c.setSalt(tmp_salt); - c.cypher(pack, seq, sid); - - //cLog.msg(Log::PRIO_NOTICE) << "Received Package: seq: " << seq; - //cLog.msg(Log::PRIO_NOTICE) << "sID: " << sid; - //cLog.msg(Log::PRIO_NOTICE) << "Package dump: " << pack.getBuf(); -*/ + ConnectionParam conn = param->cl.getConnection(); + + if (!checkPacketAuthTag(pack, c, conn)) + continue; + + if (!checkPacketSeqNr(pack,conn)) + continue; + pack.removeHeader(); + + if (!decryptPacket(pack, c, conn)) + continue; // check payload_type and remove it if((param->dev.getType() == TunDevice::TYPE_TUN && pack.getPayloadType() != PAYLOAD_TYPE_TUN) || (param->dev.getType() == TunDevice::TYPE_TAP && pack.getPayloadType() != PAYLOAD_TYPE_TAP)) diff --git a/connectionParam.cpp b/connectionParam.cpp index 4c1175a..13c0737 100644 --- a/connectionParam.cpp +++ b/connectionParam.cpp @@ -32,7 +32,7 @@ #include <boost/archive/text_oarchive.hpp> #include <boost/archive/text_iarchive.hpp> -ConnectionParam::ConnectionParam(KeyDerivation& kd, SeqWindow& seq, std::string remote_host, u_int16_t remote_port) : kd_(kd),seq_(seq),remote_host_(remote_host), remote_port_(remote_port) +ConnectionParam::ConnectionParam(KeyDerivation& kd, SeqWindow& seq_window,seq_nr_t seq_nr, std::string remote_host, u_int16_t remote_port) : kd_(kd),seq_window_(seq_window),seq_nr_(seq_nr),remote_host_(remote_host), remote_port_(remote_port) { } @@ -40,7 +40,8 @@ template<class Archive> void ConnectionParam::serialize(Archive & ar, const unsigned int version) { ar & kd_; - ar & seq_; + ar & seq_window_; + ar & seq_nr_; ar & remote_host_; ar & remote_port_; } diff --git a/connectionParam.h b/connectionParam.h index c786db9..770c3bd 100644 --- a/connectionParam.h +++ b/connectionParam.h @@ -46,9 +46,10 @@ namespace boost { class ConnectionParam { public: - ConnectionParam( KeyDerivation& kd, SeqWindow& seq, std::string remote_host, u_int16_t remote_port); + ConnectionParam( KeyDerivation& kd, SeqWindow& seq_window,seq_nr_t seq_nr_, std::string remote_host, u_int16_t remote_port); KeyDerivation& kd_; - SeqWindow& seq_; + SeqWindow& seq_window_; + seq_nr_t seq_nr_; std::string remote_host_; u_int16_t remote_port_; private: |