From acbead59d307a10952cee41792e9397a2334f0da Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 9 Apr 2008 21:22:30 +0000 Subject: cipher added mux to senderid for crypto fixed payload type with ipv6 fixed lua script options: device defaults to tun --- anytun.cpp | 9 ++++++--- cipher.cpp | 30 +++++++++++++++++------------- cipher.h | 16 ++++++++-------- options.cpp | 6 +++--- plainPacket.cpp | 17 ++++++++++++++--- plainPacket.h | 3 ++- wireshark-lua/satp.lua | 4 ++-- 7 files changed, 52 insertions(+), 33 deletions(-) diff --git a/anytun.cpp b/anytun.cpp index 4c7b2b6..a115ff6 100644 --- a/anytun.cpp +++ b/anytun.cpp @@ -157,7 +157,7 @@ void* sender(void* p) c->setSalt(session_salt); // encrypt packet - c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId()); + c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId(), mux); encrypted_packet.setHeader(conn.seq_nr_, gOpt.getSenderId(), mux); conn.seq_nr_++; @@ -291,7 +291,8 @@ void* receiver(void* p) c->decrypt(encrypted_packet, plain_packet); // check payload_type - if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN) || + if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN4 && + plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN6) || (param->dev.getType() == TunDevice::TYPE_TAP && plain_packet.getPayloadType() != PAYLOAD_TYPE_TAP)) continue; @@ -374,7 +375,9 @@ int main(int argc, char* argv[]) SignalController sig; sig.init(); std::string dev_type(gOpt.getDevType()); - TunDevice dev(gOpt.getDevName().c_str(), dev_type=="" ? NULL : dev_type.c_str(), gOpt.getIfconfigParamLocal().c_str(), gOpt.getIfconfigParamRemoteNetmask().c_str()); + TunDevice dev(gOpt.getDevName().c_str(), dev_type=="" ? NULL : dev_type.c_str(), + gOpt.getIfconfigParamLocal() =="" ? NULL : gOpt.getIfconfigParamLocal().c_str(), + gOpt.getIfconfigParamRemoteNetmask() =="" ? NULL : gOpt.getIfconfigParamRemoteNetmask().c_str()); PacketSource* src; if(gOpt.getLocalAddr() == "") diff --git a/cipher.cpp b/cipher.cpp index b36df1a..e98bc3b 100644 --- a/cipher.cpp +++ b/cipher.cpp @@ -40,31 +40,32 @@ // TODO: in should be const but does not work with getBuf() :( -void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id) +void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id); + u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux); out.setSenderId(sender_id); out.setSeqNr(seq_nr); + out.setMux(mux); out.setPayloadLength(len); } // TODO: in should be const but does not work with getBuf() :( void Cipher::decrypt(EncryptedPacket & in, PlainPacket & out) { - u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId()); + u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux()); out.setLength(len); } //******* NullCipher ******* -u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) +u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { std::memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; } -u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) +u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { std::memcpy(out, in, (ilen < olen) ? ilen : olen); return (ilen < olen) ? ilen : olen; @@ -105,19 +106,19 @@ void AesIcmCipher::setSalt(Buffer& salt) salt_[u_int32_t(0)] = 1; // TODO: this is a outstandingly ugly workaround } -u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) +u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - calc(in, ilen, out, olen, seq_nr, sender_id); + calc(in, ilen, out, olen, seq_nr, sender_id, mux); return (ilen < olen) ? ilen : olen; } -u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) +u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { - calc(in, ilen, out, olen, seq_nr, sender_id); + calc(in, ilen, out, olen, seq_nr, sender_id, mux); return (ilen < olen) ? ilen : olen; } -void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) +void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { if(!cipher_) return; @@ -138,12 +139,15 @@ void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t o Mpi ctr(128); // TODO: hardcoded size Mpi salt(salt_.getBuf(), salt_.getLength()); - Mpi sid(32); // TODO: Q@OTTI add mux to sender_id???? - sid = sender_id; + Mpi sid_mux(32); + sid_mux = sender_id; + Mpi mux_mpi(32); + mux_mpi = mux; + sid_mux = sid_mux ^ mux_mpi.mul2exp(16); Mpi seq(32); seq = seq_nr; - ctr = salt.mul2exp(16) ^ sid.mul2exp(64) ^ seq.mul2exp(16); // TODO: hardcoded size + ctr = salt.mul2exp(16) ^ sid_mux.mul2exp(64) ^ seq.mul2exp(16); // TODO: hardcoded size size_t written; u_int8_t *ctr_buf = ctr.getNewBuf(&written); // TODO: hardcoded size diff --git a/cipher.h b/cipher.h index f899966..4acd601 100644 --- a/cipher.h +++ b/cipher.h @@ -45,15 +45,15 @@ public: virtual ~Cipher() {}; // TODO: in should be const but does not work with getBuf() :( - void encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id); + void encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); void decrypt(EncryptedPacket & in, PlainPacket & out); virtual void setKey(Buffer& key) = 0; virtual void setSalt(Buffer& salt) = 0; protected: - virtual u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) = 0; - virtual u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id) = 0; + virtual u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; + virtual u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; }; //****** NullCipher ****** @@ -65,8 +65,8 @@ public: void setSalt(Buffer& salt) {}; protected: - u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id); - u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id); + u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); }; //****** AesIcmCipher ****** @@ -80,11 +80,11 @@ public: void setSalt(Buffer& salt); protected: - u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id); - u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id); + u_int32_t cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); + u_int32_t decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); private: - void calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id); + void calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); gcry_cipher_hd_t cipher_; Buffer salt_; diff --git a/options.cpp b/options.cpp index 4aedd43..53589cb 100644 --- a/options.cpp +++ b/options.cpp @@ -62,10 +62,10 @@ Options::Options() : key_(u_int32_t(0)), salt_(u_int32_t(0)) remote_sync_addr_ = ""; remote_addr_ = ""; remote_port_ = 4444; - dev_name_ = "tap"; + dev_name_ = "tun"; dev_type_ = ""; - ifconfig_param_local_ = "192.168.200.1"; - ifconfig_param_remote_netmask_ = "255.255.255.0"; + ifconfig_param_local_ = ""; + ifconfig_param_remote_netmask_ = ""; seq_window_size_ = 100; cipher_ = "aes-ctr"; kd_prf_ = "aes-ctr"; diff --git a/plainPacket.cpp b/plainPacket.cpp index c1fd99a..c3aa089 100644 --- a/plainPacket.cpp +++ b/plainPacket.cpp @@ -55,7 +55,18 @@ payload_type_t PlainPacket::getPayloadType() const void PlainPacket::setPayloadType(payload_type_t payload_type) { - if(payload_type_) + if(!payload_type_) + return; + + if(payload_type == PAYLOAD_TYPE_TUN) + { + struct ip* hdr = reinterpret_cast(payload_); + if(hdr->ip_v == 4) + *payload_type_ = PAYLOAD_TYPE_T_HTON(PAYLOAD_TYPE_TUN4); + else if(hdr->ip_v == 6) + *payload_type_ = PAYLOAD_TYPE_T_HTON(PAYLOAD_TYPE_TUN6); + } + else *payload_type_ = PAYLOAD_TYPE_T_HTON(payload_type); } @@ -106,7 +117,7 @@ NetworkAddress PlainPacket::getSrcAddr() const // TODO return NetworkAddress(); } - else if(type == PAYLOAD_TYPE_TUN) // IPv4 + else if(type == PAYLOAD_TYPE_TUN4) // IPv4 { if(length_ < (sizeof(payload_type_t)+sizeof(struct ip))) return NetworkAddress(); @@ -135,7 +146,7 @@ NetworkAddress PlainPacket::getDstAddr() const // TODO return NetworkAddress(); } - else if(type == PAYLOAD_TYPE_TUN) // IPv4 + else if(type == PAYLOAD_TYPE_TUN4) // IPv4 { if(length_ < (sizeof(payload_type_t)+sizeof(struct ip))) return NetworkAddress(); diff --git a/plainPacket.h b/plainPacket.h index 03ae507..5348fe0 100644 --- a/plainPacket.h +++ b/plainPacket.h @@ -43,7 +43,8 @@ class Cipher; */ #define PAYLOAD_TYPE_TAP 0x6558 -#define PAYLOAD_TYPE_TUN 0x0800 +#define PAYLOAD_TYPE_TUN 0x0000 +#define PAYLOAD_TYPE_TUN4 0x0800 #define PAYLOAD_TYPE_TUN6 0x86DD class PlainPacket : public Buffer diff --git a/wireshark-lua/satp.lua b/wireshark-lua/satp.lua index 1d6985e..be88557 100644 --- a/wireshark-lua/satp.lua +++ b/wireshark-lua/satp.lua @@ -7,13 +7,13 @@ do local payload_types = { [0x0800] = "IPv4", [0x6558] = "Ethernet", - [0x56DD] = "IPv6" + [0x86DD] = "IPv6" } local payload_dissector = { [0x0800] = "ip", [0x6558] = "ethernet", - [0x56DD] = "ipv6" + [0x86DD] = "ipv6" } local field_seq = ProtoField.uint32("satp.seq","Sequence Number",base.DEC) -- cgit v1.2.3