diff options
-rw-r--r-- | src/Makefile | 4 | ||||
-rw-r--r-- | src/cipher.c | 175 | ||||
-rw-r--r-- | src/cipher.h | 59 | ||||
-rw-r--r-- | src/encrypted_packet.c | 5 | ||||
-rw-r--r-- | src/encrypted_packet.h | 1 | ||||
-rw-r--r-- | src/plain_packet.c | 5 | ||||
-rw-r--r-- | src/plain_packet.h | 1 | ||||
-rw-r--r-- | src/uanytun.c | 2 |
8 files changed, 252 insertions, 0 deletions
diff --git a/src/Makefile b/src/Makefile index de8a6bb..5339971 100644 --- a/src/Makefile +++ b/src/Makefile @@ -52,6 +52,7 @@ OBJS = log.o \ udp.o \ plain_packet.o \ encrypted_packet.o \ + cipher.o \ uanytun.o EXECUTABLE = uanytun @@ -85,6 +86,9 @@ plain_packet.o: plain_packet.c plain_packet.h encrypted_packet.o: encrypted_packet.c encrypted_packet.h $(CC) $(CCFLAGS) $< -c +cipher.o: cipher.c cipher.h + $(CC) $(CCFLAGS) $< -c + distclean: clean find . -name *.o -exec rm -f {} \; find . -name "*.\~*" -exec rm -rf {} \; diff --git a/src/cipher.c b/src/cipher.c new file mode 100644 index 0000000..02960e4 --- /dev/null +++ b/src/cipher.c @@ -0,0 +1,175 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org> + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "datatypes.h" + +#include "plain_packet.h" +#include "encrypted_packet.h" + +#include "cipher.h" + +#include "log.h" + +#include <stdlib.h> +#include <string.h> + +void cipher_init(cipher_t** c, const char* type) +{ + if(!c) + return; + + *c = malloc(sizeof(cipher_t)); + if(!*c) + return; + + (*c)->type_ = unknown; + if(!strcmp(type, "null")) + (*c)->type_ = null; + else if(!strcmp(type, "aes-ctr")) + (*c)->type_ = aes_ctr; + else { + log_printf(ERR, "unknown cipher type"); + } + + (*c)->key_.buf_ = NULL; + (*c)->key_.length_ = 0; + + (*c)->salt_.buf_ = NULL; + (*c)->salt_.length_ = 0; +} + +void cipher_set_key(cipher_t* c, u_int8_t* key, u_int32_t len) +{ + if(!c) + return; + if(c->type_ == null) + return; + + if(c->key_.buf_) + free(c->key_.buf_); + c->key_.buf_ = malloc(len); + if(!c->key_.buf_) + return; + memcpy(c->key_.buf_, key, len); + c->key_.length_ = len; +} + +void cipher_set_salt(cipher_t* c, u_int8_t* salt, u_int32_t len) +{ + if(!c) + return; + if(c->type_ == null) + return; + + if(c->salt_.buf_) + free(c->salt_.buf_); + c->salt_.buf_ = malloc(len); + if(!c->salt_.buf_) + return; + memcpy(c->salt_.buf_, salt, len); + c->salt_.length_ = len; +} + +void cipher_close(cipher_t** c) +{ + if(!c || !(*c)) + return; + + if((*c)->key_.buf_) + free((*c)->key_.buf_); + if((*c)->salt_.buf_) + free((*c)->salt_.buf_); + + free(*c); + *c = NULL; +} + +void cipher_encrypt(cipher_t* c, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +{ + if(!c) + return; + + u_int32_t len; + if(c->type_ = null) + len = cipher_null_encrypt(plain_packet_get_packet(in), plain_packet_get_length(in), + encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out)); + else if(c->type_ = aes_ctr) + len = cipher_aesctr_encrypt(plain_packet_get_packet(in), plain_packet_get_length(in), + encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out), + seq_nr, sender_id, mux); + else { + log_printf(ERR, "unknown cipher type"); + return; + } + + encrypted_packet_set_sender_id(out, sender_id); + encrypted_packet_set_seq_nr(out, seq_nr); + encrypted_packet_set_mux(out, mux); + + encrypted_packet_set_payload_length(out, len); +} + +void cipher_decrypt(cipher_t* c, encrypted_packet_t* in, plain_packet_t* out) +{ + if(!c) + return; + + u_int32_t len; + if(c->type_ = null) + len = cipher_null_decrypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in), + plain_packet_get_packet(out), plain_packet_get_length(out)); + else if(c->type_ = aes_ctr) + len = cipher_aesctr_decrypt(encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in), + plain_packet_get_packet(out), plain_packet_get_length(out), + encrypted_packet_get_seq_nr(in), encrypted_packet_get_sender_id(in), + encrypted_packet_get_mux(in)); + else { + log_printf(ERR, "unknown cipher type"); + return; + } + + plain_packet_set_length(out, len); +} + +u_int32_t cipher_null_encrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen) +{ + memcpy(out, in, (ilen < olen) ? ilen : olen); + return (ilen < olen) ? ilen : olen; +} + +u_int32_t cipher_null_decrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen) +{ + memcpy(out, in, (ilen < olen) ? ilen : olen); + return (ilen < olen) ? ilen : olen; +} diff --git a/src/cipher.h b/src/cipher.h new file mode 100644 index 0000000..0bb3f5f --- /dev/null +++ b/src/cipher.h @@ -0,0 +1,59 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org> + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _CIPHER_H_ +#define _CIPHER_H_ + +enum cipher_type_enum { unknown, null, aes_ctr }; +typedef enum cipher_type_enum cipher_type_t; + +struct cipher_struct { + cipher_type_t type_; + buffer_t key_; + buffer_t salt_; +}; +typedef struct cipher_struct cipher_t; + +void cipher_init(cipher_t** c, const char* type); +void cipher_set_key(cipher_t* c, u_int8_t* key, u_int32_t len); +void cipher_set_salt(cipher_t* c, u_int8_t* salt, u_int32_t len); +void cipher_close(cipher_t** c); + +void cipher_encrypt(cipher_t* c, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); +void cipher_decrypt(cipher_t* c, encrypted_packet_t* in, plain_packet_t* out); + +u_int32_t cipher_null_encrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen); +u_int32_t cipher_null_decrypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen); + +#endif diff --git a/src/encrypted_packet.c b/src/encrypted_packet.c index fdbc288..0f76589 100644 --- a/src/encrypted_packet.c +++ b/src/encrypted_packet.c @@ -94,6 +94,11 @@ u_int32_t encrypted_packet_get_payload_length(encrypted_packet_t* packet) return packet->payload_length_; } +void encrypted_packet_set_payload_length(encrypted_packet_t* packet, u_int32_t len) +{ + +} + seq_nr_t encrypted_packet_get_seq_nr(encrypted_packet_t* packet) { if(!packet) diff --git a/src/encrypted_packet.h b/src/encrypted_packet.h index 025d32b..a77e663 100644 --- a/src/encrypted_packet.h +++ b/src/encrypted_packet.h @@ -66,6 +66,7 @@ void encrypted_packet_set_length(encrypted_packet_t* packet, u_int32_t len); u_int8_t* encrypted_packet_get_payload(encrypted_packet_t* packet); u_int32_t encrypted_packet_get_payload_length(encrypted_packet_t* packet); +void encrypted_packet_set_payload_length(encrypted_packet_t* packet, u_int32_t len); seq_nr_t encrypted_packet_get_seq_nr(encrypted_packet_t* packet); void encrypted_packet_set_seq_nr(encrypted_packet_t* packet, seq_nr_t seq_nr); diff --git a/src/plain_packet.c b/src/plain_packet.c index e3fe4c5..9d31467 100644 --- a/src/plain_packet.c +++ b/src/plain_packet.c @@ -63,6 +63,11 @@ u_int32_t plain_packet_get_length(plain_packet_t* packet) return (packet->payload_length_ + sizeof(payload_type_t)); } +void plain_packet_set_length(plain_packet_t* packet, u_int32_t len) +{ + +} + u_int8_t* plain_packet_get_payload(plain_packet_t* packet) { if(!packet) diff --git a/src/plain_packet.h b/src/plain_packet.h index e2583f9..ed967b6 100644 --- a/src/plain_packet.h +++ b/src/plain_packet.h @@ -55,6 +55,7 @@ void plain_packet_init(plain_packet_t* packet); u_int8_t* plain_packet_get_packet(plain_packet_t* packet); u_int32_t plain_packet_get_length(plain_packet_t* packet); +void plain_packet_set_length(plain_packet_t* packet, u_int32_t len); u_int8_t* plain_packet_get_payload(plain_packet_t* packet); u_int32_t plain_packet_get_payload_length(plain_packet_t* packet); diff --git a/src/uanytun.c b/src/uanytun.c index 7b207b6..cebfd39 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -48,6 +48,8 @@ #include "plain_packet.h" #include "encrypted_packet.h" +#include "cipher.h" + #include "daemon.h" #include "sysexec.h" |