changeset 52:3115f8af98bb V2.2.2

Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
author Ivo Smits <Ivo@UCIS.nl>
date Sun, 27 Oct 2013 23:10:43 +0100
parents d83d6bb647a2
children 15d651dec8e9
files build.sh debian/build.sh src/common.c src/proto.nacltai.c src/proto.salty.c version
diffstat 6 files changed, 58 insertions(+), 24 deletions(-) [+]
line wrap: on
line diff
--- a/build.sh	Mon Jun 03 01:01:22 2013 +0200
+++ b/build.sh	Sun Oct 27 23:10:43 2013 +0100
@@ -24,10 +24,25 @@
 echo Creating source archive...
 $tar --transform "s,^,quicktun-`cat version`/," -czf "out/quicktun-`cat version`.tgz" build.sh clean.sh debian src version --exclude "debian/data"
 
-mkdir -p obj tmp
+mkdir -p obj tmp tmp/include
 
 export LIBRARY_PATH="/usr/local/lib/:${LIBRARY_PATH}"
-if [ -z "${NACL_SHARED}" ]; then
+
+echo '#include <sodium/crypto_box_curve25519xsalsa20poly1305.h>' > tmp/libtest1.c
+echo '#include <nacl/crypto_box_curve25519xsalsa20poly1305.h>' > tmp/libtest2.c
+if gcc -shared -lsodium tmp/libtest1.c -o tmp/libtest 2>/dev/null; then
+	echo Using shared libsodium.
+	echo '#include <sodium/crypto_box_curve25519xsalsa20poly1305.h>' > tmp/include/crypto_box_curve25519xsalsa20poly1305.h
+	echo '#include <sodium/crypto_scalarmult_curve25519.h>' > tmp/include/crypto_scalarmult_curve25519.h
+	export CPATH="./tmp/include/:${CPATH}"
+	export CRYPTLIB="sodium"
+elif gcc -shared -lnacl tmp/libtest2.c -o tmp/libtest 2>/dev/null; then
+	echo Using shared libnacl.
+	echo '#include <nacl/crypto_box_curve25519xsalsa20poly1305.h>' > tmp/include/crypto_box_curve25519xsalsa20poly1305.h
+	echo '#include <nacl/crypto_scalarmult_curve25519.h>' > tmp/include/crypto_scalarmult_curve25519.h
+	export CPATH="./tmp/include/:${CPATH}"
+	export CRYPTLIB="nacl"
+else
 	mkdir -p lib include
 	echo Checking for NaCl library...
 	if [ -e lib/libnacl.a -a -e include/crypto_box_curve25519xsalsa20poly1305.h -a -e include/crypto_scalarmult_curve25519.h ]; then
@@ -49,9 +64,7 @@
 	fi
 	export CPATH="./include/:${CPATH}"
 	export LIBRARY_PATH="./lib/:${LIBRARY_PATH}"
-else
-	echo Using shared NaCl library.
-	export CPATH="/usr/include/nacl/:${CPATH}"
+	export CRYPTLIB="nacl"
 fi
 
 CFLAGS="$CFLAGS -DQT_VERSION=\"`cat version`\""
@@ -62,21 +75,21 @@
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/proto.nacltai.c	-o obj/proto.nacltai.o
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/proto.salty.c	-o obj/proto.salty.o
 gcc $CFLAGS -c -DCOMBINED_BINARY	src/run.combined.c	-o obj/run.combined.o
-gcc $CFLAGS -c 				src/common.c		-o obj/common.o
-gcc $CFLAGS -o out/quicktun.combined obj/common.o obj/run.combined.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o obj/proto.salty.o -lnacl $LDFLAGS
+gcc $CFLAGS -c				src/common.c		-o obj/common.o
+gcc $CFLAGS -o out/quicktun.combined obj/common.o obj/run.combined.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o obj/proto.salty.o -l$CRYPTLIB $LDFLAGS
 ln out/quicktun.combined out/quicktun
 
 echo Building single protocol binaries...
-gcc $CFLAGS -o out/quicktun.raw		src/proto.raw.c 		$LDFLAGS
-gcc $CFLAGS -o out/quicktun.nacl0	src/proto.nacl0.c	-lnacl	$LDFLAGS
-gcc $CFLAGS -o out/quicktun.nacltai	src/proto.nacltai.c	-lnacl	$LDFLAGS
-gcc $CFLAGS -o out/quicktun.salty	src/proto.salty.c	-lnacl	$LDFLAGS
-gcc $CFLAGS -o out/quicktun.keypair	src/keypair.c		-lnacl	$LDFLAGS
+gcc $CFLAGS -o out/quicktun.raw		src/proto.raw.c				$LDFLAGS
+gcc $CFLAGS -o out/quicktun.nacl0	src/proto.nacl0.c	-l$CRYPTLIB	$LDFLAGS
+gcc $CFLAGS -o out/quicktun.nacltai	src/proto.nacltai.c	-l$CRYPTLIB	$LDFLAGS
+gcc $CFLAGS -o out/quicktun.salty	src/proto.salty.c	-l$CRYPTLIB	$LDFLAGS
+gcc $CFLAGS -o out/quicktun.keypair	src/keypair.c		-l$CRYPTLIB	$LDFLAGS
 
 if [ -f /etc/network/interfaces ]; then
 	echo Building debian binary...
 	gcc $CFLAGS -c -DCOMBINED_BINARY -DDEBIAN_BINARY src/run.combined.c -o obj/run.debian.o
-	gcc $CFLAGS -o out/quicktun.debian obj/common.o obj/run.debian.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o obj/proto.salty.o -lnacl $LDFLAGS
+	gcc $CFLAGS -o out/quicktun.debian obj/common.o obj/run.debian.o obj/proto.raw.o obj/proto.nacl0.o obj/proto.nacltai.o obj/proto.salty.o -l$CRYPTLIB $LDFLAGS
 	if [ -x /usr/bin/dpkg-deb -a -x /usr/bin/fakeroot ]; then
 		echo -n Building debian package...
 		cd debian
--- a/debian/build.sh	Mon Jun 03 01:01:22 2013 +0200
+++ b/debian/build.sh	Sun Oct 27 23:10:43 2013 +0100
@@ -2,7 +2,7 @@
 set -e
 VERSION=`cat ../version`-0
 ARCH=`dpkg --print-architecture`
-rm -r data 2>/dev/null
+rm -r data 2>/dev/null || true
 cp -r static data
 mkdir -p data/usr data/usr/sbin data/DEBIAN
 sed "s/%ARCHITECTURE%/${ARCH}/" -i data/DEBIAN/control
--- a/src/common.c	Mon Jun 03 01:01:22 2013 +0200
+++ b/src/common.c	Sun Oct 27 23:10:43 2013 +0100
@@ -100,6 +100,10 @@
 	fprintf(stderr, "%s\n", text);
 	return -1;
 }
+int errorexit2(const char* text, const char* error) {
+	fprintf(stderr, "%s: %s\n", text, error);
+	return -1;
+}
 int errorexitp(const char* text) {
 	perror(text);
 	return -1;
@@ -156,14 +160,15 @@
 	fprintf(stderr, "Initializing UDP socket...\n");
 	struct addrinfo *ai_local = NULL, *ai_remote = NULL;
 	unsigned short af = 0;
+	int ret;
 	if (envval = getconf("LOCAL_ADDRESS")) {
-		if (getaddrinfo(envval, NULL, NULL, &ai_local)) return errorexitp("getaddrinfo(LOCAL_ADDRESS)");
+		if (ret = getaddrinfo(envval, NULL, NULL, &ai_local)) return errorexit2("getaddrinfo(LOCAL_ADDRESS)", gai_strerror(ret));
 		if (!ai_local) return errorexit("LOCAL_ADDRESS lookup failed");
 		if (ai_local->ai_addrlen > sizeof(sockaddr_any)) return errorexit("Resolved LOCAL_ADDRESS is too big");
 		af = ai_local->ai_family;
 	}
 	if (envval = getconf("REMOTE_ADDRESS")) {
-		if (getaddrinfo(envval, NULL, NULL, &ai_remote)) return errorexitp("getaddrinfo(REMOTE_ADDRESS)");
+		if (ret = getaddrinfo(envval, NULL, NULL, &ai_remote)) return errorexit2("getaddrinfo(REMOTE_ADDRESS)", gai_strerror(ret));
 		if (!ai_remote) return errorexit("REMOTE_ADDRESS lookup failed");
 		if (ai_remote->ai_addrlen > sizeof(sockaddr_any)) return errorexit("Resolved REMOTE_ADDRESS is too big");
 		if (af && af != ai_remote->ai_family) return errorexit("Address families do not match");
@@ -379,7 +384,7 @@
 					if (ipver == 4) pihdr = htonl(AF_INET);
 					else if (ipver == 6) pihdr = htonl(AF_INET6);
 #endif
-					*(int*)(buffer_raw + p->offset_raw) = ipver;
+					*(int*)(buffer_raw + p->offset_raw) = pihdr;
 				}
 				if (len > 0) write(ttfd, buffer_raw + p->offset_raw, len + pi_length);
 			}
--- a/src/proto.nacltai.c	Mon Jun 03 01:01:22 2013 +0200
+++ b/src/proto.nacltai.c	Sun Oct 27 23:10:43 2013 +0100
@@ -29,10 +29,14 @@
 #include <sys/types.h>
 #include <sys/time.h>
 
+struct packedtaia {
+	unsigned char buffer[16];
+};
+
 struct qt_proto_data_nacltai {
 	unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES];
 	unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
-	unsigned char cdtaipp[16];
+	struct packedtaia cdtailog[5];
 };
 
 #define noncelength 16
@@ -82,7 +86,17 @@
 		return -1;
 	}
 	len -= overhead;
-	if (memcmp(enc, d->cdtaipp, 16) <= 0) {
+	struct packedtaia* tailog = &d->cdtailog[0];
+	struct packedtaia* taiold = tailog;
+	for (i = 0; i < 5; i++) {
+		if (memcmp(enc, tailog, 16) == 0) {
+			fprintf(stderr, "Duplicate timestamp received\n");
+			return -1;
+		}
+		if (memcmp(tailog, taiold, 16) < 0) taiold = tailog;
+		tailog++;
+	}
+	if (memcmp(enc, taiold, 16) <= 0) {
 		fprintf(stderr, "Timestamp going back, ignoring packet\n");
 		return -1;
 	}
@@ -92,7 +106,7 @@
 		fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i);
 		return -1;
 	}
-	memcpy(d->cdtaipp, d->cdnonce + nonceoffset, 16);
+	memcpy(taiold, d->cdnonce + nonceoffset, 16);
 	if (debug) fprintf(stderr, "Decoded packet of %d bytes from %p to %p\n", len, enc, raw);
 	return len;
 }
@@ -128,12 +142,14 @@
 
 	memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES);
 	memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES);
-	memset(d->cdtaipp, 0, 16);
+	memset(d->cdtailog, 0, 5 * 16);
 
 	crypto_scalarmult_curve25519_base(cownpublickey, csecretkey);
 
 	if (envval = getconf("TIME_WINDOW")) {
-		taia_now_packed(d->cdtaipp, -atol(envval));
+		struct packedtaia* tailog = d->cdtailog;
+		taia_now_packed((unsigned char*)&tailog[0], -atol(envval));
+		tailog[4] = tailog[3] = tailog[2] = tailog[1] = tailog[0];
 	} else {
 		fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n");
 	}
--- a/src/proto.salty.c	Mon Jun 03 01:01:22 2013 +0200
+++ b/src/proto.salty.c	Sun Oct 27 23:10:43 2013 +0100
@@ -377,7 +377,7 @@
 		dec->nonce[22] = enc[14];
 		dec->nonce[23] = enc[15];
 		memset(enc, 0, 16);
-	if (debug) dumphex("DECODE KEY", dec->sharedkey, 32);
+		if (debug) dumphex("DECODE KEY", dec->sharedkey, 32);
 		if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len - 4 + 16, dec->nonce, dec->sharedkey)) {
 			fprintf(stderr, "Decryption of data packet failed len=%d\n", len);
 			return -1;
--- a/version	Mon Jun 03 01:01:22 2013 +0200
+++ b/version	Sun Oct 27 23:10:43 2013 +0100
@@ -1,1 +1,1 @@
-2.2.0
+2.2.2