summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Makefile4
-rw-r--r--src/cipher.c175
-rw-r--r--src/cipher.h59
-rw-r--r--src/encrypted_packet.c5
-rw-r--r--src/encrypted_packet.h1
-rw-r--r--src/plain_packet.c5
-rw-r--r--src/plain_packet.h1
-rw-r--r--src/uanytun.c2
8 files changed, 252 insertions, 0 deletions
diff --git a/src/Makefile b/src/Makefile
index de8a6bb..5339971 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -52,6 +52,7 @@ OBJS = log.o \
udp.o \
plain_packet.o \
encrypted_packet.o \
+ cipher.o \
uanytun.o
EXECUTABLE = uanytun
@@ -85,6 +86,9 @@ plain_packet.o: plain_packet.c plain_packet.h
encrypted_packet.o: encrypted_packet.c encrypted_packet.h
$(CC) $(CCFLAGS) $< -c
+cipher.o: cipher.c cipher.h
+ $(CC) $(CCFLAGS) $< -c
+
distclean: clean
find . -name *.o -exec rm -f {} \;
find . -name "*.\~*" -exec rm -rf {} \;
diff --git a/src/cipher.c b/src/cipher.c
new file mode 100644
index 0000000..02960e4
--- /dev/null
+++ b/src/cipher.c
@@ -0,0 +1,175 @@
+/*
+ * ľAnytun
+ *
+ * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full
+ * featured implementation ľAnytun has no support for multiple connections
+ * or synchronisation. It is a small single threaded implementation intended
+ * to act as a client on small platforms.
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org>
+ *
+ * This file is part of ľAnytun.
+ *
+ * ľAnytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * ľAnytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with ľAnytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "datatypes.h"
+
+#include "plain_packet.h"
+#include "encrypted_packet.h"
+
+#include "cipher.h"
+
+#include "log.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+void cipher_init(cipher_t** c, const char* type)
+{
+ if(!c)
+ return;
+
+ *c = malloc(sizeof(cipher_t));
+ if(!*c)
+ return;
+
+ (*c)->type_ = unknown;
+ if(!strcmp(type, "null"))
+ (*c)->type_ = null;
+ else if(!strcmp(type, "aes-ctr"))
+ (*c)->type_ = aes_ctr;
+ else {
+ log_printf(ERR, "unknown cipher type");
+ }
+
+ (*c)->key_.buf_ = NULL;
+ (*c)->key_.length_ = 0;
+
+ (*c)->salt_.buf_ = NULL;
+ (*c)->salt_.length_ = 0;
+}
+
+void cipher_set_key(cipher_t* c, u_int8_t* key, u_int32_t len)
+{
+ if(!c)
+ return;
+ if(c->type_ == null)
+ return;
+
+ if(c->key_.buf_)
+ free(c->key_.buf_);
+ c->key_.buf_ = malloc(len);
+ if(!c->key_.buf_)
+ return;
+ memcpy(c->key_.buf_, key, len);
+ c->key_.length_ = len;
+}
+
+void cipher_set_salt(cipher_t* c, u_int8_t* salt, u_int32_t len)
+{
+ if(!c)
+ return;
+ if(c->type_ == null)
+ return;
+
+ if(c->salt_.buf_)
+ free(c->salt_.buf_);
+ c->salt_.buf_ = malloc(len);
+ if(!c->salt_.buf_)
+ return;
+ memcpy(c->salt_.buf_, salt, len);
+ c->salt_.length_ = len;
+}
+
+void cipher_close(cipher_t** c)
+{
+ if(!c || !(*c))
+ return;
+
+ if((*c)->key_.buf_)
+ free((*c)->key_.buf_);
+ if((*c)->salt_.buf_)
+ free((*c)->salt_.buf_);
+
+ free(*c);
+ *c = NULL;
+}
+
+void cipher_encrypt(cipher_t* c, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+{
+ if(!c)
+ return;
+
+ u_int32_t len;
+ if(c->type_ = null)
+ len = cipher_null_encrypt(plain_packet_get_packet(in), plain_packet_get_length(in),
+ encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out));
+ else if(c->type_ = aes_ctr)
+ len = cipher_aesctr_encrypt(plain_packet_get_packet(in), plain_packet_get_length(in),
+ encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out),
+ seq_nr, sender_id, mux);
+ else {
+ log_printf(ERR, "unknown cipher type");
+ return;
+ }
+
+ encrypted_packet_set_sender_id(out, sender_id);
+ encrypted_packet_set_seq_nr(out, seq_nr);
+ encrypted_packet_set_mux(out, mux);
+
+ encrypted_packet_set_payload_length(out, len);
+}
+
+void cipher_decrypt(cipher_t* c, encrypted_packet_t* in, plain_packet_t* out)
+{
+ if(!c)
+ return;
+
+ u_int32_t len;
+ if(c->type_ = null)
+ len = cipher_null_decrypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
+ plain_packet_get_packet(out), plain_packet_get_length(out));
+ else if(c->type_ = aes_ctr)
+ len = cipher_aesctr_decrypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
+ plain_packet_get_packet(out), plain_packet_get_length(out),
+ encrypted_packet_get_seq_nr(in), encrypted_packet_get_sender_id(in),
+ encrypted_packet_get_mux(in));
+ else {
+ log_printf(ERR, "unknown cipher type");
+ return;
+ }
+
+ plain_packet_set_length(out, len);
+}
+
+u_int32_t cipher_null_encrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen)
+{
+ memcpy(out, in, (ilen < olen) ? ilen : olen);
+ return (ilen < olen) ? ilen : olen;
+}
+
+u_int32_t cipher_null_decrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen)
+{
+ memcpy(out, in, (ilen < olen) ? ilen : olen);
+ return (ilen < olen) ? ilen : olen;
+}
diff --git a/src/cipher.h b/src/cipher.h
new file mode 100644
index 0000000..0bb3f5f
--- /dev/null
+++ b/src/cipher.h
@@ -0,0 +1,59 @@
+/*
+ * ľAnytun
+ *
+ * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full
+ * featured implementation ľAnytun has no support for multiple connections
+ * or synchronisation. It is a small single threaded implementation intended
+ * to act as a client on small platforms.
+ * The secure anycast tunneling protocol (satp) defines a protocol used
+ * for communication between any combination of unicast and anycast
+ * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
+ * mode and allows tunneling of every ETHER TYPE protocol (e.g.
+ * ethernet, ip, arp ...). satp directly includes cryptography and
+ * message authentication based on the methodes used by SRTP. It is
+ * intended to deliver a generic, scaleable and secure solution for
+ * tunneling and relaying of packets of any protocol.
+ *
+ *
+ * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org>
+ *
+ * This file is part of ľAnytun.
+ *
+ * ľAnytun is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * ľAnytun is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with ľAnytun. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _CIPHER_H_
+#define _CIPHER_H_
+
+enum cipher_type_enum { unknown, null, aes_ctr };
+typedef enum cipher_type_enum cipher_type_t;
+
+struct cipher_struct {
+ cipher_type_t type_;
+ buffer_t key_;
+ buffer_t salt_;
+};
+typedef struct cipher_struct cipher_t;
+
+void cipher_init(cipher_t** c, const char* type);
+void cipher_set_key(cipher_t* c, u_int8_t* key, u_int32_t len);
+void cipher_set_salt(cipher_t* c, u_int8_t* salt, u_int32_t len);
+void cipher_close(cipher_t** c);
+
+void cipher_encrypt(cipher_t* c, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+void cipher_decrypt(cipher_t* c, encrypted_packet_t* in, plain_packet_t* out);
+
+u_int32_t cipher_null_encrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
+u_int32_t cipher_null_decrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
+
+#endif
diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c
index fdbc288..0f76589 100644
--- a/src/encrypted_packet.c
+++ b/src/encrypted_packet.c
@@ -94,6 +94,11 @@ u_int32_t encrypted_packet_get_payload_length(encrypted_packet_t* packet)
return packet->payload_length_;
}
+void encrypted_packet_set_payload_length(encrypted_packet_t* packet, u_int32_t len)
+{
+
+}
+
seq_nr_t encrypted_packet_get_seq_nr(encrypted_packet_t* packet)
{
if(!packet)
diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h
index 025d32b..a77e663 100644
--- a/src/encrypted_packet.h
+++ b/src/encrypted_packet.h
@@ -66,6 +66,7 @@ void encrypted_packet_set_length(encrypted_packet_t* packet, u_int32_t len);
u_int8_t* encrypted_packet_get_payload(encrypted_packet_t* packet);
u_int32_t encrypted_packet_get_payload_length(encrypted_packet_t* packet);
+void encrypted_packet_set_payload_length(encrypted_packet_t* packet, u_int32_t len);
seq_nr_t encrypted_packet_get_seq_nr(encrypted_packet_t* packet);
void encrypted_packet_set_seq_nr(encrypted_packet_t* packet, seq_nr_t seq_nr);
diff --git a/src/plain_packet.c b/src/plain_packet.c
index e3fe4c5..9d31467 100644
--- a/src/plain_packet.c
+++ b/src/plain_packet.c
@@ -63,6 +63,11 @@ u_int32_t plain_packet_get_length(plain_packet_t* packet)
return (packet->payload_length_ + sizeof(payload_type_t));
}
+void plain_packet_set_length(plain_packet_t* packet, u_int32_t len)
+{
+
+}
+
u_int8_t* plain_packet_get_payload(plain_packet_t* packet)
{
if(!packet)
diff --git a/src/plain_packet.h b/src/plain_packet.h
index e2583f9..ed967b6 100644
--- a/src/plain_packet.h
+++ b/src/plain_packet.h
@@ -55,6 +55,7 @@ void plain_packet_init(plain_packet_t* packet);
u_int8_t* plain_packet_get_packet(plain_packet_t* packet);
u_int32_t plain_packet_get_length(plain_packet_t* packet);
+void plain_packet_set_length(plain_packet_t* packet, u_int32_t len);
u_int8_t* plain_packet_get_payload(plain_packet_t* packet);
u_int32_t plain_packet_get_payload_length(plain_packet_t* packet);
diff --git a/src/uanytun.c b/src/uanytun.c
index 7b207b6..cebfd39 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -48,6 +48,8 @@
#include "plain_packet.h"
#include "encrypted_packet.h"
+#include "cipher.h"
+
#include "daemon.h"
#include "sysexec.h"