summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-04 11:39:22 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-04 11:39:22 +0000
commit602ed60d0b4019377634fb95e922f2dd246c1e2a (patch)
tree0050e969b3f9823a5d4d9f2e8f41234d38448b12
parentsome cleanup @ cipher, auth_algo and key derivation (diff)
added NO_LIBGMP and NO_CRYPT to build a daemon without cryptosupport
NOTE: with NO_LIBGMP the cipher and the keyderivation don't work until now
-rw-r--r--src/Makefile9
-rw-r--r--src/cipher.c35
-rw-r--r--src/cipher.h9
-rw-r--r--src/key_derivation.c19
-rw-r--r--src/options.c14
-rw-r--r--src/options.h2
-rw-r--r--src/uanytun.c25
7 files changed, 90 insertions, 23 deletions
diff --git a/src/Makefile b/src/Makefile
index 1431568..29de57a 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -34,7 +34,7 @@
TARGET=$(shell uname -s)
CC = gcc
-CCFLAGS = -g -O2 #-DANYTUN_02_COMPAT
+CCFLAGS = -g -O2 #-DNO_LIBGMP #-DNO_CRYPT #-DANYTUN_02_COMPAT
LD = gcc
LDFLAGS = -g -Wall -O2 -lgcrypt -lgpg-error -lgmp
@@ -46,6 +46,9 @@ ifeq ($(TARGET),OpenBSD)
LDFLAGS += -L/usr/local/lib
endif
+CRYPT_OBJS = key_derivation.o \
+ auth_algo.o
+
OBJS = log.o \
signal.o \
options.o \
@@ -54,11 +57,11 @@ OBJS = log.o \
plain_packet.o \
encrypted_packet.o \
seq_window.o \
- key_derivation.o \
cipher.o \
- auth_algo.o \
uanytun.o
+OBJS += $(CRYPT_OBJS)
+
EXECUTABLE = uanytun
all: $(EXECUTABLE)
diff --git a/src/cipher.c b/src/cipher.c
index f1a4bf4..07c9f32 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -44,7 +44,9 @@
#include <stdlib.h>
#include <string.h>
+#ifndef NO_LIBGMP
#include <gmp.h>
+#endif
int cipher_init(cipher_t* c, const char* type)
{
@@ -56,6 +58,7 @@ int cipher_init(cipher_t* c, const char* type)
c->type_ = c_unknown;
if(!strcmp(type, "null"))
c->type_ = c_null;
+#ifndef NO_CRYPT
else if(!strncmp(type, "aes-ctr", 7)) {
c->type_ = c_aes_ctr;
if(type[7] == 0) {
@@ -68,12 +71,15 @@ int cipher_init(cipher_t* c, const char* type)
c->key_length_ = atoi(tmp);
}
}
+#endif
else {
log_printf(ERR, "unknown cipher type");
return -1;
}
+#ifndef NO_CRYPT
c->handle_ = 0;
+#endif
c->key_.buf_ = NULL;
c->key_.length_ = 0;
@@ -82,8 +88,10 @@ int cipher_init(cipher_t* c, const char* type)
c->salt_.length_ = 0;
int ret = 0;
+#ifndef NO_CRYPT
if(c->type_ == c_aes_ctr)
ret = cipher_aesctr_init(c);
+#endif
if(ret)
cipher_close(c);
@@ -96,8 +104,10 @@ void cipher_close(cipher_t* c)
if(!c)
return;
+#ifndef NO_CRYPT
if(c->type_ == c_aes_ctr)
cipher_aesctr_close(c);
+#endif
if(c->key_.buf_)
free(c->key_.buf_);
@@ -115,10 +125,12 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encryp
if(c->type_ == c_null)
len = cipher_null_crypt(plain_packet_get_packet(in), plain_packet_get_length(in),
encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out));
+#ifndef NO_CRYPT
else if(c->type_ == c_aes_ctr)
len = cipher_aesctr_crypt(c, kd, plain_packet_get_packet(in), plain_packet_get_length(in),
encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out),
seq_nr, sender_id, mux);
+#endif
else {
log_printf(ERR, "unknown cipher type");
return -1;
@@ -145,11 +157,13 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, pl
if(c->type_ == c_null)
len = cipher_null_crypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
plain_packet_get_packet(out), plain_packet_get_length(out));
+#ifndef NO_CRYPT
else if(c->type_ == c_aes_ctr)
len = cipher_aesctr_crypt(c, kd, encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
plain_packet_get_packet(out), plain_packet_get_length(out),
encrypted_packet_get_seq_nr(in), encrypted_packet_get_sender_id(in),
encrypted_packet_get_mux(in));
+#endif
else {
log_printf(ERR, "unknown cipher type");
return -1;
@@ -171,6 +185,7 @@ int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t
return (ilen < olen) ? ilen : olen;
}
+#ifndef NO_CRYPT
/* ---------------- AES-Ctr Cipher ---------------- */
int cipher_aesctr_init(cipher_t* c)
@@ -236,17 +251,18 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_
if(ret < 0)
return result;
- mpz_t ctr, sid_mux, seq;
- mpz_init2(ctr, 128);
- mpz_init2(sid_mux, 128);
- mpz_init2(seq, 128);
-
int faked_msb = 0;
if(!c->salt_.buf_[0]) {
c->salt_.buf_[0] = 1;
faked_msb = 1;
}
+#ifndef NO_LIBGMP
+ mpz_t ctr, sid_mux, seq;
+ mpz_init2(ctr, 128);
+ mpz_init2(sid_mux, 128);
+ mpz_init2(seq, 128);
+
mpz_import(ctr, c->salt_.length_, 1, 1, 0, 0, c->salt_.buf_);
mpz_set_ui(sid_mux, mux);
@@ -262,6 +278,10 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_
mpz_mul_2exp(ctr, ctr, 16);
result.buf_ = mpz_export(NULL, (size_t*)&result.length_, 1, 1, 0, 0, ctr);
+ mpz_clear(ctr);
+ mpz_clear(sid_mux);
+ mpz_clear(seq);
+#endif
#ifndef ANYTUN_02_COMPAT
if(faked_msb) {
@@ -270,10 +290,6 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_
}
#endif
- mpz_clear(ctr);
- mpz_clear(sid_mux);
- mpz_clear(seq);
-
return result;
}
@@ -328,3 +344,4 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_i
return (ilen < olen) ? ilen : olen;
}
+#endif
diff --git a/src/cipher.h b/src/cipher.h
index 5b750b9..036eb72 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -35,8 +35,12 @@
#ifndef _CIPHER_H_
#define _CIPHER_H_
+#ifndef NO_CRYPT
#include <gcrypt.h>
#include "key_derivation.h"
+#else
+typedef u_int8_t* key_derivation_t;
+#endif
enum cipher_type_enum { c_unknown, c_null, c_aes_ctr };
typedef enum cipher_type_enum cipher_type_t;
@@ -46,7 +50,9 @@ struct cipher_struct {
u_int16_t key_length_;
buffer_t key_;
buffer_t salt_;
+#ifndef NO_CRYPT
gcry_cipher_hd_t handle_;
+#endif
};
typedef struct cipher_struct cipher_t;
@@ -58,9 +64,12 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, pl
int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
+
+#ifndef NO_CRYPT
int cipher_aesctr_init(cipher_t* c);
void cipher_aesctr_close(cipher_t* c);
buffer_t cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+#endif
#endif
diff --git a/src/key_derivation.c b/src/key_derivation.c
index dbbd1d2..2911272 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -41,8 +41,9 @@
#include <stdlib.h>
#include <string.h>
+#ifndef NO_LIBGMP
#include <gmp.h>
-
+#endif
int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
{
@@ -217,15 +218,17 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_t* result, sa
}
result->r_ = r;
- mpz_t ctr, key_id;
- mpz_init2(ctr, 128);
- mpz_init2(key_id, 128);
-
int faked_msb = 0;
if(!kd->master_salt_.buf_[0]) {
kd->master_salt_.buf_[0] = 1;
faked_msb = 1;
}
+
+#ifndef NO_LIBGMP
+ mpz_t ctr, key_id;
+ mpz_init2(ctr, 128);
+ mpz_init2(key_id, 128);
+
mpz_import(ctr, kd->master_salt_.length_, 1, 1, 0, 0, kd->master_salt_.buf_);
mpz_set_ui(key_id, label);
@@ -242,6 +245,9 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_t* result, sa
if(result->key_.buf_)
free(result->key_.buf_);
result->key_.buf_ = mpz_export(NULL, (size_t*)&(result->key_.length_), 1, 1, 0, 0, ctr);
+ mpz_clear(ctr);
+ mpz_clear(key_id);
+#endif
#ifndef ANYTUN_02_COMPAT
if(faked_msb) {
@@ -250,9 +256,6 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_t* result, sa
}
#endif
- mpz_clear(ctr);
- mpz_clear(key_id);
-
return 1;
}
diff --git a/src/options.c b/src/options.c
index b430eba..ae5d264 100644
--- a/src/options.c
+++ b/src/options.c
@@ -175,15 +175,18 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_INT_PARAM("-m","--mux", opt->mux_)
PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
+#ifndef NO_CRYPT
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
+#endif
else
return i;
}
+#ifndef NO_CRYPT
if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null")) {
if(opt->kd_prf_) free(opt->kd_prf_);
opt->kd_prf_ = strdup("null");
@@ -193,6 +196,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
if(opt->kd_prf_) free(opt->kd_prf_);
opt->kd_prf_ = strdup("aes-ctr");
}
+#endif
if(!(opt->dev_name_) && !(opt->dev_type_))
opt->dev_type_ = strdup("tun");
@@ -222,10 +226,14 @@ void options_default(options_t* opt)
opt->ifconfig_param_remote_netmask_ = NULL;
opt->post_up_script_ = NULL;
opt->seq_window_size_ = 100;
+#ifndef NO_CRYPT
opt->cipher_ = strdup("aes-ctr");
opt->kd_prf_ = strdup("aes-ctr");
opt->ld_kdr_ = 0;
opt->auth_algo_ = strdup("sha1");
+#else
+ opt->cipher_ = strdup("null");
+#endif
opt->mux_ = 0;
opt->key_.buf_ = NULL;
opt->key_.length_ = 0;
@@ -266,10 +274,12 @@ void options_clear(options_t* opt)
free(opt->post_up_script_);
if(opt->cipher_)
free(opt->cipher_);
+#ifndef NO_CRYPT
if(opt->kd_prf_)
free(opt->kd_prf_);
if(opt->auth_algo_)
free(opt->auth_algo_);
+#endif
if(opt->key_.buf_)
free(opt->key_.buf_);
if(opt->salt_.buf_)
@@ -299,11 +309,13 @@ void options_print_usage()
printf(" [-w|--window-size] <window size> seqence number window size\n");
printf(" [-m|--mux] <mux-id> the multiplex id to use\n");
printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
+#ifndef NO_CRYPT
printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
// printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
printf(" [-K|--key] <master key> master key to use for encryption\n");
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
+#endif
}
void options_print(options_t* opt)
@@ -327,9 +339,11 @@ void options_print(options_t* opt)
printf("mux: %d\n", opt->mux_);
printf("seq_window_size: %d\n", opt->seq_window_size_);
printf("cipher: '%s'\n", opt->cipher_);
+#ifndef NO_CRYPT
printf("auth_algo: '%s'\n", opt->auth_algo_);
printf("kd_prf: '%s'\n", opt->kd_prf_);
printf("ld_kdr: %d\n", opt->ld_kdr_);
+#endif
u_int32_t i;
printf("key_[%d]: '", opt->key_.length_);
diff --git a/src/options.h b/src/options.h
index 93836b5..8808e63 100644
--- a/src/options.h
+++ b/src/options.h
@@ -54,9 +54,11 @@ struct options_struct {
char* post_up_script_;
window_size_t seq_window_size_;
char* cipher_;
+#ifndef NO_CRYPT
char* kd_prf_;
int ld_kdr_;
char* auth_algo_;
+#endif
mux_t mux_;
buffer_t key_;
buffer_t salt_;
diff --git a/src/uanytun.c b/src/uanytun.c
index 55a73a2..14e0ab5 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -50,14 +50,20 @@
#include "encrypted_packet.h"
#include "seq_window.h"
-#include "key_derivation.h"
+
#include "cipher.h"
+#ifndef NO_CRYPT
+#include "key_derivation.h"
#include "auth_algo.h"
+#include <gcrypt.h>
+#endif
+
+
#include "daemon.h"
#include "sysexec.h"
-#include <gcrypt.h>
+#ifndef NO_CRYPT
#define MIN_GCRYPT_VERSION "1.2.0"
@@ -83,6 +89,7 @@ int init_libgcrypt()
log_printf(NOTICE, "libgcrypt init finished");
return 0;
}
+#endif
int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
{
@@ -105,6 +112,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
return_value = ret;
}
+#ifndef NO_CRYPT
auth_algo_t aa;
ret = auth_algo_init(&aa, opt->auth_algo_);
if(ret) {
@@ -125,6 +133,9 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
log_printf(ERR, "could not initialize outbound key derivation of type %s", opt->kd_prf_);
return_value = ret;
}
+#else
+ key_derivation_t kd_in, kd_out;
+#endif
seq_win_t seq_win;
ret = seq_win_init(&seq_win, opt->seq_window_size_);
@@ -175,7 +186,9 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
cipher_encrypt(&c, &kd_out, &plain_packet, &encrypted_packet, seq_nr, opt->sender_id_, opt->mux_);
seq_nr++;
+#ifndef NO_CRYPT
auth_algo_generate(&aa, &kd_out, &encrypted_packet);
+#endif
len = udp_write(sock, encrypted_packet_get_packet(&encrypted_packet), encrypted_packet_get_length(&encrypted_packet));
if(len == -1)
@@ -190,11 +203,13 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
}
encrypted_packet_set_length(&encrypted_packet, len);
-
+
+#ifndef NO_CRYPT
if(!auth_algo_check_tag(&aa, &kd_out, &encrypted_packet)) {
log_printf(WARNING, "wrong authentication tag, discarding packet");
continue;
}
+#endif
if(encrypted_packet_get_mux(&encrypted_packet) != opt->mux_)
continue;
@@ -227,9 +242,11 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
}
cipher_close(&c);
+#ifndef NO_CRYPT
auth_algo_close(&aa);
key_derivation_close(&kd_out);
key_derivation_close(&kd_in);
+#endif
seq_win_clear(&seq_win);
return return_value;
@@ -274,12 +291,14 @@ int main(int argc, char* argv[])
log_printf(NOTICE, "just started...");
+#ifndef NO_CRYPT
ret = init_libgcrypt();
if(ret) {
log_printf(ERR, "error on libgcrpyt initialization, exitting");
options_clear(&opt);
exit(ret);
}
+#endif
tun_device_t dev;