summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README59
-rw-r--r--src/authAlgo.cpp14
-rw-r--r--src/authAlgo.h5
-rw-r--r--src/cipher.cpp6
-rw-r--r--src/cipher.h5
-rwxr-xr-xsrc/configure28
-rw-r--r--src/cryptinit.hpp2
-rw-r--r--src/keyDerivation.cpp21
-rw-r--r--src/keyDerivation.h5
9 files changed, 114 insertions, 31 deletions
diff --git a/README b/README
index 2ba23a5..66a8e12 100644
--- a/README
+++ b/README
@@ -1,8 +1,8 @@
Dependencies
============
-Anytun can be built by using either libgcrypt or the openssl-crypto library.
-The latter is more performant in most cases but there are some license
+Anytun can be built by using either libgcrypt, libnettle or the openssl-crypto
+library. The latter is more performant in most cases but there are some license
issues when using this library.
Linux
@@ -12,15 +12,18 @@ Linux
using libgcrypt:
libgcrypt11-dev
-using ssl crypto lib:
+using ssl crypto library:
libssl-dev
+using nettle crypto library:
+ nettle-dev
+
common:
build-essential
- libboost-serialization1.35-dev
- libboost-thread1.35-dev
- libboost-system1.35-dev
- libboost-regex1.35-dev
+ libboost-serialization-dev
+ libboost-thread-dev
+ libboost-system-dev
+ libboost-regex-dev
if you want to rebuild the manpage:
asciidoc
@@ -44,33 +47,33 @@ if you want to rebuild the manpage:
textproc/libxslt
textproc/docbook-xsl
sysutils/readlink
- misc/getopt
+ misc/getopt
Windows
-------
OpenSSL
- Developer:
- http://www.slproweb.com/download/Win32OpenSSL-0_9_8j.exe
+ Developer:
+ http://www.slproweb.com/download/Win32OpenSSL-0_9_8j.exe
- Runtime Only:
- http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8j.exe
-
-Boost 1.35:
- http://www.boostpro.com/download/boost_1_35_0_setup.exe
+ Runtime Only:
+ http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8j.exe
- As it can take some time to install everything from boost here is a
+Boost 1.35:
+ http://www.boostpro.com/download/boost_1_35_0_setup.exe
+
+ As it can take some time to install everything from boost here is a
complete list of libraries which have to be installed in order to build anytun:
-
+
* Serialization
- * Thread
+ * Thread
* date_time
* System
* regex
Microsoft Visual C++ 2008 Redistributable Package (x86):
- http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
+ http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF
@@ -98,7 +101,7 @@ using ssl crypto library:
# make
-Notes:
+Notes:
- try './configure --help' for further information
- if using openssl pre 0.9.8 you have to disable passphrase
because openssl had no SHA256 implementation prior to this
@@ -132,26 +135,26 @@ Usage:
init.d script
-------------
-The init.d script can be used to start anytun at boot time. It searches for
+The init.d script can be used to start anytun at boot time. It searches for
configuration files which reside at $CONFIG_DIR. For each instance of anytun
which should be started there must be a directory containing at least a file
named config. This file must contain all command line parameter which should
be used when starting the daemon. One line for each parameter. Empty lines and
lines starting with # are ignored. Besides the config file there may be a script
-named post-up.sh which will be called when the tun/tap device comes up.
-Furthermore there may be a directory called conf.d containing config files for
-anytun-config. The syntax of this files is quite the same as those for anytun.
-These files are used to configure a multi connection setup using anytun-config
+named post-up.sh which will be called when the tun/tap device comes up.
+Furthermore there may be a directory called conf.d containing config files for
+anytun-config. The syntax of this files is quite the same as those for anytun.
+These files are used to configure a multi connection setup using anytun-config
and anytun-controld
This is an example of how the script can be used to start anytun:
# /etc/init.d/anytun start client1 p2p-a
In this case the script will start 2 instances of anytun using the config files
-$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config.
+$CONFIG_DIR/client1/config and $CONFIG_DIR/p2p-a/config.
If no instance name is specified the script will use the file $CONFIG_DIR/autostart
-to determine which instances to start or stop. This file must contain a list
-of instance names which should be used when no names are specified at the command
+to determine which instances to start or stop. This file must contain a list
+of instance names which should be used when no names are specified at the command
line. One line for each name. Empty lines and lines starting with # are ignored.
diff --git a/src/authAlgo.cpp b/src/authAlgo.cpp
index 24bb423..0fa4a47 100644
--- a/src/authAlgo.cpp
+++ b/src/authAlgo.cpp
@@ -57,6 +57,9 @@ Sha1AuthAlgo::Sha1AuthAlgo(kd_dir_t d) : AuthAlgo(d), key_(DIGEST_LENGTH)
#if defined(USE_SSL_CRYPTO)
HMAC_CTX_init(&ctx_);
HMAC_Init_ex(&ctx_, NULL, 0, EVP_sha1(), NULL);
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_open(&handle_, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
if(err) {
@@ -70,6 +73,9 @@ Sha1AuthAlgo::~Sha1AuthAlgo()
{
#if defined(USE_SSL_CRYPTO)
HMAC_CTX_cleanup(&ctx_);
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
if(handle_) {
gcry_md_close(handle_);
@@ -97,6 +103,10 @@ void Sha1AuthAlgo::generate(KeyDerivation& kd, EncryptedPacket& packet)
uint8_t hmac[DIGEST_LENGTH];
HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+ uint8_t hmac[DIGEST_LENGTH];
+
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
@@ -140,6 +150,10 @@ bool Sha1AuthAlgo::checkTag(KeyDerivation& kd, EncryptedPacket& packet)
uint8_t hmac[DIGEST_LENGTH];
HMAC_Update(&ctx_, packet.getAuthenticatedPortion(), packet.getAuthenticatedPortionLength());
HMAC_Final(&ctx_, hmac, NULL);
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+ uint8_t hmac[DIGEST_LENGTH];
+
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_md_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
diff --git a/src/authAlgo.h b/src/authAlgo.h
index a9b8051..d58646f 100644
--- a/src/authAlgo.h
+++ b/src/authAlgo.h
@@ -40,6 +40,8 @@
#if defined(USE_SSL_CRYPTO)
#include <openssl/hmac.h>
+#elif defined(USE_NETTLE)
+#include <nettle/hmac.h>
#else // USE_GCRYPT is the default
#include <gcrypt.h>
#endif
@@ -99,6 +101,9 @@ public:
private:
#if defined(USE_SSL_CRYPTO)
HMAC_CTX ctx_;
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
gcry_md_hd_t handle_;
#endif
diff --git a/src/cipher.cpp b/src/cipher.cpp
index d7cbb5f..c05f249 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -163,6 +163,9 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")";
return;
}
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength());
if(err) {
@@ -181,6 +184,9 @@ void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t*
unsigned int num = 0;
std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
if(err) {
diff --git a/src/cipher.h b/src/cipher.h
index c39f9cb..a9ce59b 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -42,6 +42,8 @@
#if defined(USE_SSL_CRYPTO)
#include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <nettle/aes.h>
#else // USE_GCRYPT is the default
#include <gcrypt.h>
#endif
@@ -101,6 +103,9 @@ private:
#if defined(USE_SSL_CRYPTO)
AES_KEY aes_key_;
uint8_t ecount_buf_[AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
gcry_cipher_hd_t handle_;
#endif
diff --git a/src/configure b/src/configure
index 27c4890..a8fe6b1 100755
--- a/src/configure
+++ b/src/configure
@@ -54,6 +54,7 @@ INSTALLEXAMPLES=1
BOOST_PREFIX=''
GCRYPT_PREFIX=''
+NETTLE_PREFIX=''
OPENSSL_PREFIX=''
print_usage() {
@@ -67,7 +68,9 @@ print_usage() {
echo " --no-manpage dont't install manpages"
echo " --examplesdir=<DIR> the path to the examples files (default: $PREFIX/share/examples)"
echo " --no-examples dont't install example files"
- echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt"
+ echo " --use-gcrypt use libgcrypt (this is the default)"
+ echo " --use-nettle use libnettle instead of libgcrypt"
+ echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt"
echo " --no-crypto disable crypto at all (only NULL cipher)"
echo " --disable-passphrase disable master key and salt passphrase"
echo " --enable-passphrase enable master key and salt passphrase"
@@ -76,6 +79,7 @@ print_usage() {
echo " --cross-prefix=<PREFIX> add PREFIX to compiler calls"
echo " --with-boost=<PREFIX> don't use systemwide boost"
echo " --with-gcrypt=<PREFIX> don't use systemwide gcrypt"
+ echo " --with-nettle=<PREFIX> don't use systemwide nettle"
echo " --with-openssl=<PREFIX> don't use systemwide openssl"
}
@@ -109,6 +113,12 @@ do
--no-examples)
INSTALLEXAMPLES=0
;;
+ --use-gcrypt)
+ CRYPTO_LIB='gcrypt'
+ ;;
+ --use-nettle)
+ CRYPTO_LIB='nettle'
+ ;;
--use-ssl-crypto)
CRYPTO_LIB='ssl'
;;
@@ -139,6 +149,9 @@ do
--with-gcrypt=*)
GCRYPT_PREFIX=${arg#--with-gcrypt=}
;;
+ --with-nettle=*)
+ NETTLE_PREFIX=${arg#--with-nettle=}
+ ;;
--with-openssl=*)
OPENSSL_PREFIX=${arg#--with-openssl=}
;;
@@ -224,7 +237,16 @@ case $CRYPTO_LIB in
CXXFLAGS="$CXXFLAGS -I\"$GCRYPT_PREFIX/include\""
LDFLAGS="$LDFLAGS -L\"$GCRYPT_PREFIX/lib\""
fi
- echo "using libgcrypt library"
+ echo "using gcrypt library"
+ ;;
+ nettle)
+ CXXFLAGS=$CXXFLAGS' -DUSE_NETTLE'
+ LDFLAGS=$LDFLAGS' -lnettle'
+ if [ -n "$NETTLE_PREFIX" ]; then
+ CXXFLAGS="$CXXFLAGS -I\"$NETTLE_PREFIX/include\""
+ LDFLAGS="$LDFLAGS -L\"$NETTLE_PREFIX/lib\""
+ fi
+ echo "using nettle library"
;;
ssl)
CXXFLAGS=$CXXFLAGS' -DUSE_SSL_CRYPTO'
@@ -233,7 +255,7 @@ case $CRYPTO_LIB in
CXXFLAGS="$CXXFLAGS -I\"$OPENSSL_PREFIX/include\""
LDFLAGS="$LDFLAGS -L\"$OPENSSL_PREFIX/lib\""
fi
- echo "using ssl crypto library"
+ echo "using openssl crypto library"
;;
none)
CXXFLAGS=$CXXFLAGS' -DNO_CRYPT'
diff --git a/src/cryptinit.hpp b/src/cryptinit.hpp
index e684a13..d57f19e 100644
--- a/src/cryptinit.hpp
+++ b/src/cryptinit.hpp
@@ -114,6 +114,8 @@ bool initCrypto()
#if defined(USE_SSL_CRYPTO)
return true;
+#elif defined(USE_NETTLE)
+ return true;
#else // USE_GCRYPT is the default
return initLibGCrypt();
#endif
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index d462515..8359d79 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -49,6 +49,9 @@
#if defined(USE_SSL_CRYPTO)
#include <openssl/sha.h>
+#elif defined(USE_NETTLE)
+#include <nettle/sha1.h>
+#include <nettle/sha2.h>
#endif
#endif
@@ -73,6 +76,8 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length)
#if defined(USE_SSL_CRYPTO)
if(length > SHA256_DIGEST_LENGTH) {
+#elif defined(USE_NETTLE)
+ if(length > SHA256_DIGEST_SIZE) {
#else // USE_GCRYPT is the default
if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA256)) {
#endif
@@ -83,6 +88,10 @@ void KeyDerivation::calcMasterKey(std::string passphrase, uint16_t length)
#if defined(USE_SSL_CRYPTO)
Buffer digest(uint32_t(SHA256_DIGEST_LENGTH));
SHA256(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+ Buffer digest(uint32_t(SHA256_DIGEST_SIZE));
+
#else // USE_GCRYPT is the default
Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA256)));
gcry_md_hash_buffer(GCRY_MD_SHA256, digest.getBuf(), passphrase.c_str(), passphrase.length());
@@ -102,6 +111,8 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length)
#if defined(USE_SSL_CRYPTO)
if(length > SHA_DIGEST_LENGTH) {
+#elif defined(USE_NETTLE)
+ if(length > SHA1_DIGEST_SIZE) {
#else // USE_GCRYPT is the default
if(length > gcry_md_get_algo_dlen(GCRY_MD_SHA1)) {
#endif
@@ -112,6 +123,10 @@ void KeyDerivation::calcMasterSalt(std::string passphrase, uint16_t length)
#if defined(USE_SSL_CRYPTO)
Buffer digest(uint32_t(SHA_DIGEST_LENGTH));
SHA1(reinterpret_cast<const unsigned char*>(passphrase.c_str()), passphrase.length(), digest.getBuf());
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+ Buffer digest(uint32_t(SHA1_DIGEST_SIZE));
+
#else // USE_GCRYPT is the default
Buffer digest(static_cast<uint32_t>(gcry_md_get_algo_dlen(GCRY_MD_SHA1)));
gcry_md_hash_buffer(GCRY_MD_SHA1, digest.getBuf(), passphrase.c_str(), passphrase.length());
@@ -246,6 +261,9 @@ void AesIcmKeyDerivation::updateMasterKey()
return;
}
}
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
int algo;
switch(key_length_) {
@@ -329,6 +347,9 @@ bool AesIcmKeyDerivation::generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_
std::memset(ecount_buf_[dir], 0, AES_BLOCK_SIZE);
std::memset(key.getBuf(), 0, key.getLength());
AES_ctr128_encrypt(key.getBuf(), key.getBuf(), key.getLength(), &aes_key_[dir], ctr_[dir].buf_, ecount_buf_[dir], &num);
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
gcry_error_t err = gcry_cipher_reset(handle_[dir]);
if(err) {
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index 7f0c137..3acd475 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -43,6 +43,8 @@
#if defined(USE_SSL_CRYPTO)
#include <openssl/aes.h>
+#elif defined(USE_NETTLE)
+#include <openssl/aes.h>
#else // USE_GCRYPT is the default
#include <gcrypt.h>
#endif
@@ -173,6 +175,9 @@ private:
#if defined(USE_SSL_CRYPTO)
AES_KEY aes_key_[2];
uint8_t ecount_buf_[2][AES_BLOCK_SIZE];
+#elif defined(USE_NETTLE)
+ // TODO: nettle
+
#else // USE_GCRYPT is the default
gcry_cipher_hd_t handle_[2];
#endif