# HG changeset patch
# User Ivo Smits <Ivo@UCIS.nl>
# Date 1298842947 -3600
# Node ID 3400045a57b855bb5cdd69b11ac490212a7b1a7b
# Parent  c9fba5007577bf2555cfc3c4a0ca3843ad87b789
Version 2.1.6, changed sourcecode archive generation, use NaCl version 20110221, do not duplicate NaCl sourcecode, support iproute2 for persistent tunnel creation on Debian, support running as root on Debian, removed autogenerated header files

diff -r c9fba5007577 -r 3400045a57b8 build.sh
--- a/build.sh	Sun Feb 27 20:55:05 2011 +0100
+++ b/build.sh	Sun Feb 27 22:42:27 2011 +0100
@@ -17,54 +17,48 @@
 
 mkdir -p out
 echo Creating source archive...
-$tar --transform "s,^\.,quicktun-`cat version`," -czf "out/quicktun-`cat version`.tgz" . --exclude "./out" --exclude "./lib" --exclude "./debian/data" --exclude "./dist.sh"
+$tar --transform "s,^,quicktun-`cat version`/," -czf "out/quicktun-`cat version`.tgz" build.sh clean.sh debian src version --exclude "debian/data"
 
-mkdir -p obj tmp lib
+mkdir -p obj tmp lib include
 
 echo Checking for NaCl library...
-if [ ! -e lib/libnacl.a ]; then
-	echo building...
+if [ -e lib/libnacl.a -a -e include/crypto_box.h -a -e include/crypto_box_curve25519xsalsa20poly1305.h -a -e include/crypto_scalarmult_curve25519.h ]; then
+	echo Found.
+else
+	echo Not found, building...
 	mkdir tmp/nacl
 	cd tmp/nacl
-	wget -q -O- http://hyperelliptic.org/nacl/nacl-20090405.tar.bz2 | bunzip2 | $tar -xf - --strip-components 1
+	wget -q -O- http://hyperelliptic.org/nacl/nacl-20110221.tar.bz2 | bunzip2 | $tar -xf - --strip-components 1
 	./do
 	cd ../../
 	cp tmp/nacl/build/*/lib/*/libnacl.a lib/
 	cp tmp/nacl/build/*/include/*/crypto_box.h include/
-	cp tmp/nacl/build/*/include/*/crypto_box_curve25519salsa20hmacsha512.h include/
 	cp tmp/nacl/build/*/include/*/crypto_box_curve25519xsalsa20poly1305.h include/
+	cp tmp/nacl/build/*/include/*/crypto_scalarmult_curve25519.h include/
+	echo Done.
 fi
-echo Done.
 
 export CPATH=./include/
 export LIBRARY_PATH=/usr/local/lib/:./lib/
 
 echo Building combined binary...
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/proto.raw.c		-o obj/proto.raw.o
-gcc $CFLAGS -c -DCOMBINED_BINARY	src/crypto_scalarmult_curve25519.c	-o obj/crypto_scalarmult_curve25519.o
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/proto.nacl0.c	-o obj/proto.nacl0.o
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/proto.nacltai.c	-o obj/proto.nacltai.o
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/run.combined.c	-o obj/run.combined.o
 gcc $CFLAGS -c 				src/common.c		-o obj/common.o
-gcc $CFLAGS -o out/quicktun.combined obj/common.o obj/run.combined.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o obj/crypto_scalarmult_curve25519.o -lnacl $LDFLAGS
+gcc $CFLAGS -o out/quicktun.combined obj/common.o obj/run.combined.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o -lnacl $LDFLAGS
 
 echo Building single protocol binaries...
-gcc $CFLAGS -o out/quicktun.raw		src/proto.raw.c $LDFLAGS
-gcc $CFLAGS -o out/quicktun.nacl0	src/proto.nacl0.c	-lnacl $LDFLAGS
-gcc $CFLAGS -o out/quicktun.nacltai	src/proto.nacltai.c src/crypto_scalarmult_curve25519.c	-lnacl $LDFLAGS
-gcc $CFLAGS -o out/quicktun.keypair	src/keypair.c		-lnacl $LDFLAGS
-
-echo Building shared libraries...
-gcc $CFLAGS -fPIC -shared -Wl,-soname,quicktun.raw -o out/libquicktun.raw src/proto.raw.c
-##gcc $CFLAGS -fPIC -shared -Wl,-soname,quicktun.nacl0 -o out/libquicktun.nacl0 src/proto.nacl0.c -lnacl $LDFLAGS
-
-##echo Building frontends...
-##gcc $CFLAGS -o out/quicktun.debian	src/run.debian.c -ldl
+gcc $CFLAGS -o out/quicktun.raw		src/proto.raw.c 		$LDFLAGS
+gcc $CFLAGS -o out/quicktun.nacl0	src/proto.nacl0.c	-lnacl	$LDFLAGS
+gcc $CFLAGS -o out/quicktun.nacltai	src/proto.nacltai.c	-lnacl	$LDFLAGS
+gcc $CFLAGS -o out/quicktun.keypair	src/keypair.c		-lnacl	$LDFLAGS
 
 if [ -f /etc/network/interfaces ]; then
 	echo Building debian binary...
 	gcc $CFLAGS -c -DCOMBINED_BINARY -DDEBIAN_BINARY src/run.combined.c -o obj/run.debian.o
-	gcc $CFLAGS -o out/quicktun.debian obj/common.o obj/run.debian.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o obj/crypto_scalarmult_curve25519.o -lnacl $LDFLAGS
+	gcc $CFLAGS -o out/quicktun.debian obj/common.o obj/run.debian.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o -lnacl $LDFLAGS
 	if [ -x /usr/bin/dpkg-deb -a -x /usr/bin/fakeroot ]; then
 		echo -n Building debian package...
 		cd debian
diff -r c9fba5007577 -r 3400045a57b8 debian/static/DEBIAN/control
--- a/debian/static/DEBIAN/control	Sun Feb 27 20:55:05 2011 +0100
+++ b/debian/static/DEBIAN/control	Sun Feb 27 22:42:27 2011 +0100
@@ -3,6 +3,6 @@
 Section: net
 Priority: optional
 Architecture: %ARCHITECTURE%
-Depends: bash, daemon, openvpn, passwd, coreutils
+Depends: bash, daemon, iproute2 (>= 20100519-3) | openvpn, passwd, coreutils
 Maintainer: Ivo Smits <ivo@ucis.nl>
 Description: Very simple, yet secure VPN software
diff -r c9fba5007577 -r 3400045a57b8 debian/static/etc/network/if-down.d/quicktun
--- a/debian/static/etc/network/if-down.d/quicktun	Sun Feb 27 20:55:05 2011 +0100
+++ b/debian/static/etc/network/if-down.d/quicktun	Sun Feb 27 22:42:27 2011 +0100
@@ -1,3 +1,8 @@
 #!/bin/sh
 test -n "${IF_QT_REMOTE_ADDRESS}" || exit 0
-daemon -n "quicktun.${IFACE}" -u quicktun --stop
+if [ -z "${IF_QT_NO_PRECREATE}" ]; then
+        RUNUSER="quicktun"
+else
+        RUNUSER="root"
+fi
+daemon -n "quicktun.${IFACE}" -u "${RUNUSER}" --stop
diff -r c9fba5007577 -r 3400045a57b8 debian/static/etc/network/if-post-down.d/quicktun
--- a/debian/static/etc/network/if-post-down.d/quicktun	Sun Feb 27 20:55:05 2011 +0100
+++ b/debian/static/etc/network/if-post-down.d/quicktun	Sun Feb 27 22:42:27 2011 +0100
@@ -1,3 +1,8 @@
 #!/bin/sh
 test -n "${IF_QT_REMOTE_ADDRESS}" || exit 0
-/usr/sbin/openvpn --rmtun --dev "${IFACE}"
+test -z "${IF_QT_NO_PRECREATE}" || exit 0
+if [ -x /usr/sbin/openvpn ]; then
+	/usr/sbin/openvpn --rmtun --dev "${IFACE}"
+elif [ -x /sbin/ip ]; then
+	/sbin/ip tuntap del dev "${IFACE}"
+fi
diff -r c9fba5007577 -r 3400045a57b8 debian/static/etc/network/if-pre-up.d/quicktun
--- a/debian/static/etc/network/if-pre-up.d/quicktun	Sun Feb 27 20:55:05 2011 +0100
+++ b/debian/static/etc/network/if-pre-up.d/quicktun	Sun Feb 27 22:42:27 2011 +0100
@@ -1,3 +1,15 @@
 #!/bin/sh
 test -n "${IF_QT_REMOTE_ADDRESS}" || exit 0
-/usr/sbin/openvpn --mktun --dev "${IFACE}" --user quicktun
+test -z "${IF_QT_NO_PRECREATE}" || exit 0
+if [ -n "${IF_QT_TUN_MODE}" ]; then
+	DEVTYPE="tun"
+else
+	DEVTYPE="tap"
+fi
+if [ -x /usr/sbin/openvpn ]; then
+	/usr/sbin/openvpn --mktun --dev "${IFACE}" --dev-type "${DEVTYPE}" --user quicktun
+elif [ -x /sbin/ip ]; then
+	/sbin/ip tuntap add dev "${IFACE}" mode "${DEVTYPE}" user quicktun
+else
+	echo "Unable to pre-create tun/tap interface. Run QuickTun as root."
+fi
diff -r c9fba5007577 -r 3400045a57b8 debian/static/etc/network/if-up.d/quicktun
--- a/debian/static/etc/network/if-up.d/quicktun	Sun Feb 27 20:55:05 2011 +0100
+++ b/debian/static/etc/network/if-up.d/quicktun	Sun Feb 27 22:42:27 2011 +0100
@@ -1,3 +1,8 @@
 #!/bin/sh
 test -n "${IF_QT_REMOTE_ADDRESS}" || exit 0
-/usr/bin/daemon -n "quicktun.${IFACE}" -u quicktun -i -l daemon.err -b daemon.debug -o daemon.debug /usr/sbin/quicktun.debian
+if [ -z "${IF_QT_NO_PRECREATE}" ]; then
+	RUNUSER="quicktun"
+else
+	RUNUSER="root"
+fi
+/usr/bin/daemon -n "quicktun.${IFACE}" -u "${RUNUSER}" -i -l daemon.err -b daemon.debug -o daemon.debug /usr/sbin/quicktun.debian
diff -r c9fba5007577 -r 3400045a57b8 include/crypto_box.h
--- a/include/crypto_box.h	Sun Feb 27 20:55:05 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-#ifndef crypto_box_H
-#define crypto_box_H
-
-#include "crypto_box_curve25519xsalsa20poly1305.h"
-
-#define crypto_box crypto_box_curve25519xsalsa20poly1305
-#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
-#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
-#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
-#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
-#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
-#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
-#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
-#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
-#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
-#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
-#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
-#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
-#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION
-#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION
-
-#endif
diff -r c9fba5007577 -r 3400045a57b8 include/crypto_box_curve25519xsalsa20poly1305.h
--- a/include/crypto_box_curve25519xsalsa20poly1305.h	Sun Feb 27 20:55:05 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,41 +0,0 @@
-#ifndef crypto_box_curve25519xsalsa20poly1305_H
-#define crypto_box_curve25519xsalsa20poly1305_H
-
-#define crypto_box_curve25519xsalsa20poly1305_ref_PUBLICKEYBYTES 32
-#define crypto_box_curve25519xsalsa20poly1305_ref_SECRETKEYBYTES 32
-#define crypto_box_curve25519xsalsa20poly1305_ref_BEFORENMBYTES 32
-#define crypto_box_curve25519xsalsa20poly1305_ref_NONCEBYTES 24
-#define crypto_box_curve25519xsalsa20poly1305_ref_ZEROBYTES 32
-#define crypto_box_curve25519xsalsa20poly1305_ref_BOXZEROBYTES 16
-#ifdef __cplusplus
-extern "C" {
-#endif
-extern int crypto_box_curve25519xsalsa20poly1305_ref(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
-extern int crypto_box_curve25519xsalsa20poly1305_ref_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
-extern int crypto_box_curve25519xsalsa20poly1305_ref_keypair(unsigned char *,unsigned char *);
-extern int crypto_box_curve25519xsalsa20poly1305_ref_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
-extern int crypto_box_curve25519xsalsa20poly1305_ref_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
-extern int crypto_box_curve25519xsalsa20poly1305_ref_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
-#ifdef __cplusplus
-}
-#endif
-
-#define crypto_box_curve25519xsalsa20poly1305 crypto_box_curve25519xsalsa20poly1305_ref
-#define crypto_box_curve25519xsalsa20poly1305_open crypto_box_curve25519xsalsa20poly1305_ref_open
-#define crypto_box_curve25519xsalsa20poly1305_keypair crypto_box_curve25519xsalsa20poly1305_ref_keypair
-#define crypto_box_curve25519xsalsa20poly1305_beforenm crypto_box_curve25519xsalsa20poly1305_ref_beforenm
-#define crypto_box_curve25519xsalsa20poly1305_afternm crypto_box_curve25519xsalsa20poly1305_ref_afternm
-#define crypto_box_curve25519xsalsa20poly1305_open_afternm crypto_box_curve25519xsalsa20poly1305_ref_open_afternm
-#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_ref_PUBLICKEYBYTES
-#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_ref_SECRETKEYBYTES
-#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_ref_BEFORENMBYTES
-#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_ref_NONCEBYTES
-#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ref_ZEROBYTES
-#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_ref_BOXZEROBYTES
-#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/ref"
-#ifndef crypto_box_curve25519xsalsa20poly1305_ref_VERSION
-#define crypto_box_curve25519xsalsa20poly1305_ref_VERSION "-"
-#endif
-#define crypto_box_curve25519xsalsa20poly1305_VERSION crypto_box_curve25519xsalsa20poly1305_ref_VERSION
-
-#endif
diff -r c9fba5007577 -r 3400045a57b8 src/proto.nacltai.c
--- a/src/proto.nacltai.c	Sun Feb 27 20:55:05 2011 +0100
+++ b/src/proto.nacltai.c	Sun Feb 27 22:42:27 2011 +0100
@@ -25,6 +25,7 @@
 
 #include "common.c"
 #include "crypto_box.h"
+#include "crypto_scalarmult_curve25519.h"
 #include <sys/types.h>
 #include <sys/time.h>
 
@@ -116,8 +117,6 @@
   t->atto = 0;
 }
 
-extern crypto_scalarmult_curve25519_base(unsigned char *pk, unsigned char *sk);
-
 static int encode(struct qtsession* sess, char* raw, char* enc, int len) {
 //	fprintf(stderr, "Encoding packet of %d bytes from %d to %d\n", len, raw, enc);
 	struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data;
@@ -172,8 +171,7 @@
 	memset(d->cenonce, 0, crypto_box_NONCEBYTES);
 	memset(d->cdnonce, 0, crypto_box_NONCEBYTES);
 
-	const unsigned char base[32] = {9};
-	crypto_scalarmult(cownpublickey, csecretkey, base);
+	crypto_scalarmult_curve25519_base(cownpublickey, csecretkey);
 
 	if (envval = getenv("TIME_WINDOW")) {
 		taia_now(&d->cdtaip);
diff -r c9fba5007577 -r 3400045a57b8 version
--- a/version	Sun Feb 27 20:55:05 2011 +0100
+++ b/version	Sun Feb 27 22:42:27 2011 +0100
@@ -1,1 +1,1 @@
-2.1.5
+2.1.6