Mercurial > hg > quicktun-tcp
view protocol.c @ 0:17cb7cdbb8be draft default tip
Working prototype
| author | Ivo Smits <Ivo@UCIS.nl> |
|---|---|
| date | Fri, 07 Feb 2014 23:28:39 +0100 |
| parents | |
| children |
line wrap: on
line source
/* Copyright 2014 Ivo Smits <Ivo@UCIS.nl>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of Ivo Smits.*/ #include <stdio.h> #include <stdbool.h> #include <unistd.h> #include <fcntl.h> #include <string.h> #include <sys/types.h> #include <sodium/crypto_box_curve25519xsalsa20poly1305.h> #include <sodium/crypto_scalarmult_curve25519.h> #include <sodium/crypto_hash_sha512.h> #include "include.h" static unsigned char workbuffer[2000]; static int devurandomfd = -1; static bool randombytes(unsigned char* buffer, int len) { if (devurandomfd == -1) devurandomfd = open("/dev/urandom", O_RDONLY); if (devurandomfd == -1) return errorexit("could not open /dev/urandom"); while (len > 0) { int got = read(devurandomfd, buffer, len); if (got < 0) return errorexitp("could not read from /dev/urandom"); buffer += got; len -= got; } return true; } static void dumphex(char* lbl, unsigned char* buffer, int len) { fprintf(stderr, "%s: ", lbl); for (; len > 0; len--, buffer++) fprintf(stderr, "%02x", *buffer); fprintf(stderr, "\n"); } static void nonceinc(unsigned char* nonce) { int i; for (i = 23; i >= 0 && (++nonce[i] == 0); i--); } static bool send_all(int socket, unsigned char* buffer, int length) { while (length) { int sent = write(socket, buffer, length); if (sent <= 0) return errorexitp("socket write failed"); buffer += sent; length -= sent; } return true; } static bool send_packet(connection_context* context, unsigned char* buffer, int length, bool controlflag) { fprintf(stderr, "Send packet (size=%d type=%d control=%d encrypt=%d)\n", length, buffer[0], controlflag, context->send_encrypted); if (context->send_encrypted) { if (length + 32 > sizeof(workbuffer)) return errorexit("packet too big for encryption buffer"); memmove(workbuffer + 32, buffer, length); memset(workbuffer, 0, 32); crypto_box_curve25519xsalsa20poly1305_afternm(workbuffer, workbuffer, length + 32, context->send_nonce, context->send_key); nonceinc(context->send_nonce); buffer = workbuffer + 16; length += 16; } if (length > 0x7FFF) return errorexit("packet too big for framing"); unsigned char lbuf[2]; length = (length & 0x7FFF) | (controlflag ? 0x8000 : 0); lbuf[0] = (length >> 8) & 0xFF; lbuf[1] = length & 0xFF; if (!send_all(context->send_socket, lbuf, 2)) return false; if (!send_all(context->send_socket, buffer, length & 0x7FFF)) return false; return true; } static bool send_command_ack(connection_context* context, unsigned char code) { workbuffer[0] = code; return send_packet(context, workbuffer, 1, true); } static bool check_tunnel_ready(connection_context* context) { if (context->local_tunnelready) return true; if (context->require_key_authentication) return true; if (context->require_password_authentication) return true; if (context->require_encryption && !context->recv_encrypted) return true; if (!send_command_ack(context, 0)) return false; context->local_tunnelready = true; return true; } static bool process_network_packet(connection_context* context, unsigned char* buffer, int pktlen, int controlflag); bool connection_read(connection_context* context) { int got = read(context->recv_socket, context->recv_buffer + context->recv_offset, sizeof(context->recv_buffer) - context->recv_offset); if (got < 0) return errorexitp("read failure on socket"); context->recv_offset += got; while (context->recv_offset >= 2) { int pktlen = ((unsigned char)context->recv_buffer[0] << 8) | (unsigned char)context->recv_buffer[1]; int controlflag = pktlen & 0x8000; pktlen &= 0x7FFF; if (pktlen > sizeof(context->recv_buffer)) return errorexit("received packet too big for buffer"); if (context->recv_offset < pktlen + 2) break; if (!process_network_packet(context, context->recv_buffer + 2, pktlen, !!controlflag)) return false; context->recv_offset -= 2 + pktlen; memmove(context->recv_buffer, context->recv_buffer + 2 + pktlen, context->recv_offset); } if (!context->local_tunnelready) if (!check_tunnel_ready(context)) return false; return true; } static bool send_start_crypt_auth(connection_context* context, const unsigned char* key) { if (!context->key_updated) return context->startcryptauthsent && !key; if (key) { memcpy(context->local_seckey_next, key, 32); } else { randombytes(context->local_seckey_next, 32); } workbuffer[0] = 1; crypto_scalarmult_curve25519_base(workbuffer + 1, context->local_seckey_next); memcpy(workbuffer + 1 + 32, context->nonce_next, 24); if (!send_packet(context, workbuffer, 1 + 32 + 24, true)) return false; crypto_box_curve25519xsalsa20poly1305_beforenm(context->send_key, context->remote_pubkey, context->local_seckey_next); memcpy(context->send_nonce + 12, context->nonce_next + 12, 12); context->send_encrypted = true; context->startcryptauthsent = true; context->key_updated = false; return true; } static bool begin_update_key(connection_context* context, char* seckey) { if (!context->key_updated) return !seckey; if (seckey) { memcpy(context->local_seckey_next, seckey, 32); } else { randombytes(context->local_seckey_next, 32); } workbuffer[0] = 3; crypto_scalarmult_curve25519_base(workbuffer + 1, context->local_seckey_next); if (!send_packet(context, workbuffer, 1 + 32, true)) return false; crypto_box_curve25519xsalsa20poly1305_beforenm(context->send_key, context->remote_pubkey, context->local_seckey_next); context->send_encrypted = true; context->key_updated = false; return true; } static bool password_hash(unsigned char* output, unsigned char* salt, int saltlength, char* password) { int pwlen = password ? strlen(password) : 0; if (saltlength + pwlen > sizeof(workbuffer)) return errorexit("password and salt too big for buffer"); if (saltlength) memmove(workbuffer, salt, saltlength); if (pwlen) memcpy(workbuffer + saltlength, password, pwlen); crypto_hash_sha512(output, workbuffer, saltlength + pwlen); return true; } static bool process_network_packet(connection_context* context, unsigned char* buffer, int pktlen, int controlflag) { if (context->recv_encrypted) { if (pktlen + 16 > sizeof(workbuffer)) return errorexit("received packet too big for decrypt buffer"); memmove(workbuffer + 16, buffer, pktlen); memset(workbuffer, 0, 16); if (crypto_box_curve25519xsalsa20poly1305_open_afternm(workbuffer, workbuffer, pktlen + 16, context->recv_nonce, context->recv_key)) return false; nonceinc(context->recv_nonce); buffer = workbuffer + 32; pktlen -= 16; } if (controlflag) { fprintf(stderr, "Received packet (size=%d type=%d control=%d encrypt=%d)\n", pktlen, buffer[0], controlflag, context->recv_encrypted); if (pktlen < 1) return errorexit("zero length control packet"); switch (buffer[0]) { case 0: fprintf(stderr, "Control: tunnel ready\n"); context->remote_tunnelready = true; break; case 1: fprintf(stderr, "Control: crypto auth req\n"); if (pktlen < 1 + 32 + 24) return errorexit("short control packet 1"); if (context->require_key_authentication) { if (memcmp(buffer + 1, context->remote_pubkey_expect, 32)) return errorexit("incorrect crypto auth key"); context->require_key_authentication = true; } if (!context->startcryptauthsent) send_start_crypt_auth(context, NULL); if (!send_command_ack(context, 2)) return false; memcpy(context->remote_pubkey, buffer + 1, 32); memcpy(context->send_nonce, buffer + 1 + 32, 12); memcpy(context->recv_nonce + 12, buffer + 1 + 32 + 12, 12); crypto_box_curve25519xsalsa20poly1305_beforenm(context->recv_key, context->remote_pubkey, context->local_seckey_current); crypto_box_curve25519xsalsa20poly1305_beforenm(context->send_key, context->remote_pubkey, context->local_seckey_next); context->recv_encrypted = context->send_encrypted = true; break; case 2: fprintf(stderr, "Control: crypto auth ack\n"); memcpy(context->local_seckey_current, context->local_seckey_next, 32); memcpy(context->recv_nonce, context->nonce_next, 12); crypto_box_curve25519xsalsa20poly1305_beforenm(context->recv_key, context->remote_pubkey, context->local_seckey_current); context->recv_encrypted = true; context->key_updated = true; begin_update_key(context, NULL); break; case 3: fprintf(stderr, "Control: key update req\n"); if (pktlen < 1 + 32) return errorexit("short control packet 3"); if (!send_command_ack(context, 4)) return false; memcpy(context->remote_pubkey, buffer + 1, 32); crypto_box_curve25519xsalsa20poly1305_beforenm(context->recv_key, context->remote_pubkey, context->local_seckey_current); crypto_box_curve25519xsalsa20poly1305_beforenm(context->send_key, context->remote_pubkey, context->local_seckey_next); context->recv_encrypted = context->send_encrypted = true; break; case 4: fprintf(stderr, "Control: key update ack\n"); memcpy(context->local_seckey_current, context->local_seckey_next, 32); crypto_box_curve25519xsalsa20poly1305_beforenm(context->recv_key, context->remote_pubkey, context->local_seckey_current); context->recv_encrypted = true; context->key_updated = true; break; case 5: fprintf(stderr, "Control: password authentication req\n"); unsigned char pwhash[64]; if (!password_hash(pwhash, buffer + 1, pktlen - 1, context->password)) return false; workbuffer[0] = 6; memcpy(workbuffer + 1, pwhash, 64); if (!send_packet(context, workbuffer, 1 + 64, true)) return false; break; case 6: fprintf(stderr, "Control: password authentication ack\n"); if (pktlen < 1 + 64) return errorexit("short control packet 6");; char pwhashcheck[64]; memcpy(pwhashcheck, buffer + 1, 64); if (!password_hash(pwhash, context->nonce_next, 12, context->password)) return false; if (memcmp(pwhash, pwhashcheck, 64)) return errorexit("incorrect password auth");; context->require_password_authentication = false; break; case 7: fprintf(stderr, "Control: disable encryption req\n"); context->recv_encrypted = context->send_encrypted = false; if (!send_command_ack(context, 8)) return false; break; case 8: fprintf(stderr, "Control: disable encryption ack\n"); context->recv_encrypted = false; break; case 9: fprintf(stderr, "Control: echo req\n"); if (pktlen > sizeof(workbuffer)) return errorexit("echo request too big");; memmove(workbuffer, buffer, pktlen); workbuffer[0] = 10; if (!send_packet(context, workbuffer, pktlen, true)) return false; break; case 10: fprintf(stderr, "Control: echo resp\n"); context->pong = true; break; case 13: if (!context->local_tunnelready || !context->remote_tunnelready) return errorexit("received data packet while tunnel not ready");; if (context->tunnel && !tunnel_write_data(context->tunnel, buffer + 1, pktlen - 1)) return false; break; case 11: case 12: case 17: case 81: break; default: fprintf(stderr, "Unknown control type %d\n", buffer[0]); break; } } else { if (!context->local_tunnelready || !context->remote_tunnelready) return errorexit("received data packet while tunnel not ready");; fprintf(stderr, "Tunnel data %d\n", pktlen); if (context->tunnel && !tunnel_write_data(context->tunnel, buffer, pktlen)) return false; } return true; } bool connection_ping(connection_context* context) { if (!context->pong) return false; context->pong = false; send_command_ack(context, 9); return true; } bool connection_init(connection_context* context) { memset(context, 0, sizeof(connection_context)); char localpubkey[32]; crypto_scalarmult_curve25519_base(context->remote_pubkey, context->local_seckey_current); randombytes(context->nonce_next, 24); context->key_updated = true; context->pong = true; return true; } bool connection_init_socket(connection_context* context, const int recvsocket, const int sendsocket) { context->recv_socket = recvsocket; context->send_socket = sendsocket; if (!send_packet(context, (unsigned char*)"QUICKTUN", 8, true)) return false; return true; } bool connection_init_encryption(connection_context* context, const unsigned char* localseckey, const unsigned char* remotepubkey) { if (remotepubkey) { memcpy(context->remote_pubkey_expect, remotepubkey, 32); context->require_key_authentication = true; } context->require_encryption = true; if (!send_start_crypt_auth(context, localseckey)) return false; return true; } bool connection_init_passwordauth(connection_context* context, char* password) { context->password = password; context->require_password_authentication = true; workbuffer[0] = 5; memcpy(workbuffer + 1, context->nonce_next, 12); if (!send_packet(context, workbuffer, 1 + 12, true)) return false; return true; } bool connection_write_data(connection_context* context, unsigned char* buffer, int len) { return send_packet(context, buffer, len, false); } bool connection_init_done(connection_context* context) { return check_tunnel_ready(context); } bool connection_update_key(connection_context* context) { return begin_update_key(context, NULL); }