Use a new random secret key without keyfile

Accept lower-case in fromhex()
Do not call ip_get_version() again and again
2015-12-15 09:07:44 +01:00 · 2015-12-15 08:28:10 +01:00 · 2015-12-14 18:37:50 +01:00 · 2015-12-13 11:26:58 +01:00 · 2015-12-13 11:07:55 +01:00 · 2015-12-12 13:30:27 +01:00
8 changed files with 246 additions and 120 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,3 +18,15 @@ before_script:
 script:
    - ./configure --disable-dependency-tracking && make distcheck
 deploy:
    provider: releases
    api_key:
        secure: Ira1jd3j+17QVFbJ7KlkytTNp0oMZLTqCWPQLxNHLEt32PVY/IPs/16BcvTbFpKrY+Ma7E3KCihfufTVG8T+jRlZ5hFO7HNpoQMgi7L7yZZAGScYO5pnMQvsr8O9hf7jzSi1DjFXgFHznbPJJ3lOSwegcqzSrbZflokiCR50GTLLWewHoPpfs+1gJ5XbtVyRhZlmXhMPC0NEH2sh33X2WdUiKUJUMOnlYC0atPBL+4n12qxnugF9YA9wPK5NHJSLiPHue7I2rHlSrOLX5NkN3vqnEvusiuIFQX1y0NuKtkpOscFD9n1CLHThGLuzMvPlwpdQfzRMVxwjYFGu6Ma5alf64ksFnMKl8Oo0yCXEA7WvHXz+qUai/a1gzYZLTGuasHtjrHN/mgKxM4QRSiHo8t5hj3CczUW+OFglytawZQyGjyUUiKdwx2kvlO96RVDIYEhUD4DeHzHR8rhvDLmlMlGAWqUPXq7d4D+bExqKmqWCCSkhrbubq5B1kChRmgw7/gly4SryqGy+R0xsC4oq9jUUxd7Sl801BIKcYDb5r5gFSw+hEhOzBb+uE2xJYFNO2KZ+eG69lkFeG3oNJMTy8afs8fRRUXq0poQJ39wFWerps3Md7h8Sxs61YLIAKHvLJJMfoMI+AORTcjnnpqujMhgWGWt8wLhJZdxaSycoQkU=
    skip_cleanup: true
    file_glob: true
    file: glorytun-*.tar.gz
    on:
        tags: true
        repo: angt/glorytun
        condition: "${TRAVIS_OS_NAME}-${CC} == linux-gcc"
--- a/README.md
+++ b/README.md
@@ -18,5 +18,5 @@ To build and install the latest version:
 To create and use a new secret key:
-    $ dd if=/dev/urandom of=glorytun.key bs=32 count=1
+    $ hexdump -n 32 /dev/urandom -e '"%X"' > glorytun.key
    # glorytun keyfile glorytun.key [...]
--- a/src/common-static.h
+++ b/src/common-static.h
@@ -43,6 +43,7 @@ static inline size_t str_cpy (char *restrict dst, const char *restrict src, size
    return i;
 }
 _pure_
 static inline int str_cmp (const char *restrict sa, const char *restrict sb)
 {
    if (!sa || !sb)
@@ -55,6 +56,7 @@ static inline int str_cmp (const char *restrict sa, const char *restrict sb)
    return 1;
 }
 _pure_
 static inline size_t str_len (const char *restrict str)
 {
    if (!str)
@@ -111,16 +113,19 @@ static inline void buffer_format (buffer_t *buffer)
    buffer->read  = buffer->data;
 }
 _pure_
 static inline size_t buffer_size (buffer_t *buffer)
 {
    return buffer->end-buffer->data;
 }
 _pure_
 static inline size_t buffer_write_size (buffer_t *buffer)
 {
    return buffer->end-buffer->write;
 }
 _pure_
 static inline size_t buffer_read_size (buffer_t *buffer)
 {
    return buffer->write-buffer->read;
--- a/src/common.c
+++ b/src/common.c
@@ -38,3 +38,59 @@ void gt_na (const char *name)
 {
    gt_log("%s is not available on your platform!\n", name);
 }
 int gt_tohex (char *dst, size_t dst_size, const uint8_t *src, size_t src_size)
 {
    if _0_(!dst_size)
        return -1;
    if _0_(((dst_size-1)/2)<src_size)
        return -1;
    static const char tbl[] = "0123456789ABCDEF";
    for (size_t i=0; i<src_size; i++) {
        *dst++ = tbl[0xF&(src[i]>>4)];
        *dst++ = tbl[0xF&(src[i])];
    }
    *dst = 0;
    return 0;
 }
 _const_
 static inline int fromhex (const char c)
 {
    if (c>='0' && c<='9')
        return c-'0';
    if (c>='A' && c<='F')
        return c-'A'+10;
    if (c>='a' && c<='f')
        return c-'a'+10;
    return -1;
 }
 int gt_fromhex (uint8_t *dst, size_t dst_size, const char *src, size_t src_size)
 {
    if _0_(src_size&1)
        return -1;
    if _0_(dst_size<(src_size/2))
        return -1;
    for (size_t i=0; i<src_size; i+=2) {
        const int a = fromhex(src[i]);
        const int b = fromhex(src[i+1]);
        if _0_(a==-1 || b==-1)
            return -1;
        *dst++ = (a<<4)|b;
    }
    return 0;
 }
--- a/src/common.h
+++ b/src/common.h
@@ -20,6 +20,8 @@
 #define _printf_(A,B)  __attribute__((format(printf,A,B)))
 #define _noreturn_     __attribute__((noreturn))
 #define _unused_       __attribute__((unused))
 #define _pure_         __attribute__((pure))
 #define _const_        __attribute__((const))
 #define _align_(...)   __attribute__((aligned(__VA_ARGS__)))
 typedef struct buffer buffer_t;
@@ -35,3 +37,6 @@ int  gt_print (const char *, ...) _printf_(1,2);
 void gt_log   (const char *, ...) _printf_(1,2);
 void gt_fatal (const char *, ...) _printf_(1,2) _noreturn_;
 void gt_na    (const char *);
 int gt_tohex   (char *, size_t, const uint8_t *, size_t);
 int gt_fromhex (uint8_t *, size_t, const char *, size_t);
--- a/src/ip-static.h
+++ b/src/ip-static.h
@@ -2,6 +2,7 @@
 #include <stdint.h>
 _pure_
 static inline int ip_get_version (const uint8_t *data, size_t size)
 {
    if (size<20)   // XXX
@@ -10,17 +11,14 @@ static inline int ip_get_version (const uint8_t *data, size_t size)
    return data[0]>>4;
 }
-static inline void ip_set_size (uint8_t *data, size_t size)
+_pure_
 static inline ssize_t ip_get_size (const int ip_version, const uint8_t *data, size_t size)
 {
-    data[2] = 0xFF&(size>>8);
+    switch (ip_version) {
    data[3] = 0xFF&(size);
 }
 static inline ssize_t ip_get_size (const uint8_t *data, size_t size)
 {
    switch (ip_get_version(data, size)) {
    case 4:
-        return (data[2]<<8)|data[3];
+        return ((data[2]<<8)|data[3]);
    case 6:
        return ((data[4]<<8)|data[5])+40;
    case -1:
        return -1;
    }
@@ -28,11 +26,31 @@ static inline ssize_t ip_get_size (const uint8_t *data, size_t size)
    return 0;
 }
-static inline int ip_get_dscp (const uint8_t *data, size_t size)
+_pure_
 static inline ssize_t ip_get_proto (const int ip_version, const uint8_t *data, size_t size)
 {
-    switch (ip_get_version(data, size)) {
+    switch (ip_version) {
    case 4:
-        return data[1]>>2;
+        return data[9];
    case 6:
        return data[6];
    case -1:
        return -1;
    }
    return 0;
 }
 _pure_
 static inline ssize_t ip_get_hdr_size (const int ip_version, const uint8_t *data, size_t size)
 {
    switch (ip_version) {
    case 4:
        return (data[0]&0xF)<<2;
    case 6:
        return 40;
    case -1:
        return -1;
    }
    return 0;
--- a/src/main.c
+++ b/src/main.c
@@ -5,8 +5,15 @@
 #include <poll.h>
 #include <sys/time.h>
 #include <sys/fcntl.h>
-#include <sys/socket.h>
+
 #ifndef __FAVOR_BSD
 #define __FAVOR_BSD 1
 #endif
 #include <netinet/in.h>
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 #include <arpa/inet.h>
 #include <netdb.h>
@@ -50,6 +57,7 @@ struct crypto_ctx {
 volatile sig_atomic_t gt_close = 0;
 volatile sig_atomic_t gt_info = 0;
 _pure_
 static int64_t dt_ms (struct timeval *ta, struct timeval *tb)
 {
    const int64_t s = ta->tv_sec-tb->tv_sec;
@@ -245,38 +253,6 @@ static char *sk_get_name (int fd)
    return str_cat(strs, COUNT(strs));
 }
 #ifdef TCP_INFO
 static socklen_t sk_get_info (int fd, struct tcp_info *ti)
 {
    socklen_t len = sizeof(struct tcp_info);
    if (getsockopt(fd, SOL_TCP, TCP_INFO, ti, &len)==-1) {
        perror("getsockopt TCP_INFO");
        return 0;
    }
    return len;
 }
 static void print_tcp_info (const char *name, struct tcp_info *ti)
 {
    gt_log("%s: tcpinfo"
            " rto:%"     PRIu32 " ato:%"          PRIu32 " snd_mss:%"  PRIu32
            " rcv_mss:%" PRIu32 " unacked:%"      PRIu32 " sacked:%"   PRIu32
            " lost:%"    PRIu32 " retrans:%"      PRIu32 " fackets:%"  PRIu32
            " pmtu:%"    PRIu32 " rcv_ssthresh:%" PRIu32 " rtt:%"      PRIu32
            " rttvar:%"  PRIu32 " snd_ssthresh:%" PRIu32 " snd_cwnd:%" PRIu32
            " advmss:%"  PRIu32 " reordering:%"   PRIu32 "\n",
            name,
            ti->tcpi_rto,       ti->tcpi_ato,            ti->tcpi_snd_mss,
            ti->tcpi_rcv_mss,   ti->tcpi_unacked,        ti->tcpi_sacked,
            ti->tcpi_lost,      ti->tcpi_retrans,        ti->tcpi_fackets,
            ti->tcpi_pmtu,      ti->tcpi_rcv_ssthresh,   ti->tcpi_rtt,
            ti->tcpi_rttvar,    ti->tcpi_snd_ssthresh,   ti->tcpi_snd_cwnd,
            ti->tcpi_advmss,    ti->tcpi_reordering);
 }
 #endif
 static struct addrinfo *ai_create (const char *host, const char *port, int listener)
 {
    if (!port || !port[0]) {
@@ -380,6 +356,9 @@ static ssize_t fd_write (int fd, const void *data, size_t size)
        if (errno==EAGAIN || errno==EINTR)
            return -1;
        if (errno==EPIPE || errno==ECONNRESET)
            return 0;
        if (errno)
            perror("write");
@@ -389,15 +368,10 @@ static ssize_t fd_write (int fd, const void *data, size_t size)
    return ret;
 }
-static ssize_t fd_read_all (int fd, void *data, size_t size)
+static size_t fd_read_all (int fd, void *data, size_t size)
 {
    size_t done = 0;
    struct pollfd pollfd = {
        .fd = fd,
        .events = POLLIN,
    };
    while (done<size) {
        ssize_t ret = fd_read(fd, (uint8_t *)data+done, size-done);
@@ -405,8 +379,14 @@ static ssize_t fd_read_all (int fd, void *data, size_t size)
            break;
        if (ret<0) {
            struct pollfd pollfd = {
                .fd = fd,
                .events = POLLIN,
            };
            if (!poll(&pollfd, 1, GT_TIMEOUT))
                break;
            continue;
        }
@@ -416,15 +396,10 @@ static ssize_t fd_read_all (int fd, void *data, size_t size)
    return done;
 }
-static ssize_t fd_write_all (int fd, const void *data, size_t size)
+static size_t fd_write_all (int fd, const void *data, size_t size)
 {
    size_t done = 0;
    struct pollfd pollfd = {
        .fd = fd,
        .events = POLLOUT,
    };
    while (done<size) {
        ssize_t ret = fd_write(fd, (const uint8_t *)data+done, size-done);
@@ -432,8 +407,14 @@ static ssize_t fd_write_all (int fd, const void *data, size_t size)
            break;
        if (ret<0) {
            struct pollfd pollfd = {
                .fd = fd,
                .events = POLLOUT,
            };
            if (!poll(&pollfd, 1, GT_TIMEOUT))
                break;
            continue;
        }
@@ -510,32 +491,79 @@ static int gt_decrypt (struct crypto_ctx *ctx, buffer_t *dst, buffer_t *src)
    return 0;
 }
-static void dump_ip_header (uint8_t *data, size_t size)
+static void gt_print_hdr (const int ip_version, uint8_t *data, size_t ip_size, const char *sockname)
 {
-    if (size<20)
+    const ssize_t ip_proto = ip_get_proto(ip_version, data, ip_size);
-        return;
+    const ssize_t ip_hdr_size = ip_get_hdr_size(ip_version, data, ip_size);
-    const char tbl[] = "0123456789ABCDEF";
+    char ip_src[33];
-    char hex[41];
+    char ip_dst[33];
-    for (size_t i=0; i<20; i++) {
+    switch (ip_version) {
-        hex[(i<<1)+0] = tbl[0xF&(data[i]>>4)];
+        case 4:
-        hex[(i<<1)+1] = tbl[0xF&(data[i])];
+            gt_tohex(ip_src, sizeof(ip_src), &data[12], 4);
            gt_tohex(ip_dst, sizeof(ip_dst), &data[16], 4);
            break;
        case 6:
            gt_tohex(ip_src, sizeof(ip_src), &data[9], 16);
            gt_tohex(ip_dst, sizeof(ip_dst), &data[25], 16);
            break;
    }
-    hex[40] = 0;
+    gt_log("%s: version=%i size=%zi proto=%zi src=%s dst=%s\n", sockname, ip_version, ip_size, ip_proto, ip_src, ip_dst);
-    gt_log("DUMP(%zu): %s\n", size, hex);
+    if (ip_hdr_size<=0)
        return;
    if (ip_proto==6) {
        struct tcphdr tcp;
        byte_cpy(&tcp, &data[ip_hdr_size], sizeof(tcp));
        tcp.th_sport = ntohs(tcp.th_sport);
        tcp.th_dport = ntohs(tcp.th_dport);
        tcp.th_seq = ntohl(tcp.th_seq);
        tcp.th_ack = ntohl(tcp.th_ack);
        tcp.th_win = ntohs(tcp.th_win);
        gt_log("%s: tcp src=%u dst=%u seq=%u ack=%u win=%u %c%c%c%c%c%c\n",
                sockname, tcp.th_sport, tcp.th_dport, tcp.th_seq, tcp.th_ack, tcp.th_win,
                (tcp.th_flags&TH_FIN) ?'F':'.',
                (tcp.th_flags&TH_SYN) ?'S':'.',
                (tcp.th_flags&TH_RST) ?'R':'.',
                (tcp.th_flags&TH_PUSH)?'P':'.',
                (tcp.th_flags&TH_ACK) ?'A':'.',
                (tcp.th_flags&TH_URG) ?'U':'.');
    }
    if (ip_proto==17) {
        struct udphdr udp;
        byte_cpy(&udp, &data[ip_hdr_size], sizeof(udp));
        udp.uh_sport = ntohs(udp.uh_sport);
        udp.uh_dport = ntohs(udp.uh_dport);
        udp.uh_ulen = ntohs(udp.uh_ulen);
        gt_log("%s: udp src=%u dst=%u len=%u\n",
                sockname, udp.uh_sport, udp.uh_dport, udp.uh_ulen);
    }
 }
 static int gt_setup_secretkey (struct crypto_ctx *ctx, char *keyfile)
 {
    const size_t size = sizeof(ctx->skey);
-    byte_set(ctx->skey, 1, size);
+    if (!keyfile) {
        char buf[2*size+1];
        randombytes_buf(ctx->skey, size);
        gt_tohex(buf, sizeof(buf), ctx->skey, size);
        gt_print("new secret key: %s\n", buf);
    if (!keyfile)
        return 0;
    }
    int fd;
@@ -548,13 +576,20 @@ static int gt_setup_secretkey (struct crypto_ctx *ctx, char *keyfile)
        return -1;
    }
-    if (fd_read_all(fd, ctx->skey, size)!=size) {
+    char key[2*size];
-        gt_log("unable to read secret key in `%s'\n", keyfile);
+    size_t r = fd_read_all(fd, key, sizeof(key));
    close(fd);
    if (r!=sizeof(key)) {
        gt_log("unable to read secret key\n");
        return -1;
    }
-    close(fd);
+    if (gt_fromhex(ctx->skey, size, key, sizeof(key))) {
        gt_log("secret key is not valid\n");
        return -1;
    }
    return 0;
 }
@@ -656,8 +691,8 @@ int main (int argc, char **argv)
    long ka_idle = -1;
    long ka_interval = -1;
-    long retry_count = 0;
+    long retry_count = -1;
-    long retry_slope = 1000;
+    long retry_slope = 0;
    long retry_const = 0;
    long retry_limit = 1000000;
@@ -690,6 +725,7 @@ int main (int argc, char **argv)
        { "noquickack",  NULL,         option_option },
        { "retry",       &retry_opts,  option_option },
        { "daemon",      NULL,         option_option },
        { "debug",       NULL,         option_option },
        { "version",     NULL,         option_option },
        { NULL },
    };
@@ -706,12 +742,16 @@ int main (int argc, char **argv)
    const int delay = option_is_set(opts, "delay");
    const int keepalive = option_is_set(opts, "keepalive");
    const int noquickack = option_is_set(opts, "noquickack");
    const int debug = option_is_set(opts, "debug");
    if (buffer_size < 2048) {
        buffer_size = 2048;
        gt_log("buffer size must be greater than 2048!\n");
    }
    if (!listener && !option_is_set(opts, "retry"))
        retry_count = 0;
    if (sodium_init()==-1) {
        gt_log("libsodium initialization has failed!\n");
        return 1;
@@ -722,11 +762,6 @@ int main (int argc, char **argv)
        return 1;
    }
    struct crypto_ctx ctx;
    if (gt_setup_secretkey(&ctx, keyfile))
        return 1;
    struct addrinfo *ai = ai_create(host, port, listener);
    if (!ai)
@@ -765,6 +800,11 @@ int main (int argc, char **argv)
            return 1;
    }
    struct crypto_ctx ctx;
    if (gt_setup_secretkey(&ctx, keyfile))
        return 1;
    if (option_is_set(opts, "daemon")) {
        switch (fork()) {
        case -1:
@@ -784,33 +824,30 @@ int main (int argc, char **argv)
    long retry = 0;
    while (!gt_close) {
-        sock.fd = listener?sk_accept(fd):sk_create(ai, sk_connect);
+        if (retry_count>=0 && retry>=retry_count+1) {
-
+            gt_log("couldn't %s (%d attempt%s)\n", listener?"listen":"connect",
        if (sock.fd==-1) {
            if (retry<LONG_MAX)
                retry++;
            long usec = retry*retry_slope+retry_const;
            if (retry_count>=0 && retry>=retry_count) {
                gt_log("couldn't %s (%d attempt%s)\n",
                        listener?"listen":"connect",
                   (int)retry, (retry>1)?"s":"");
            break;
        }
        if (retry_slope || retry_const) {
            long usec = retry*retry_slope+retry_const;
            if (usec>retry_limit)
                usec = retry_limit;
-            if (usec<=0)
+            if (usec>0 && usleep(usec)==-1 && errno==EINVAL)
                usec = 0;
            if (usleep(usec)==-1 && errno==EINVAL)
                sleep(usec/1000000);
            continue;
        }
        if (retry<LONG_MAX)
            retry++;
        sock.fd = listener?sk_accept(fd):sk_create(ai, sk_connect);
        if (sock.fd==-1)
            continue;
        char *sockname = sk_get_name(sock.fd);
        if (!sockname) {
@@ -901,17 +938,6 @@ int main (int argc, char **argv)
         // struct timeval now;
         // gettimeofday(&now, NULL);
 #ifdef TCP_INFO
            if _0_(gt_info) {
                struct tcp_info ti;
                if (sk_get_info(sock.fd, &ti))
                    print_tcp_info(sockname, &ti);
                gt_info = 0;
            }
 #endif
            if (FD_ISSET(tun.fd, &rfds)) {
                while (!blks[blk_write].size) {
                    uint8_t *data = blks[blk_write].data;
@@ -922,20 +948,22 @@ int main (int argc, char **argv)
                        break;
                    }
-                    const ssize_t ip_size = ip_get_size(data, GT_MTU_MAX);
+                    const int ip_version = ip_get_version(data, GT_MTU_MAX);
                    const ssize_t ip_size = ip_get_size(ip_version, data, GT_MTU_MAX);
                    if _0_(ip_size<=0)
                        continue;
                    if _0_(ip_size!=r) {
-                        dump_ip_header(data, r);
+                        char tmp[2*GT_MTU_MAX+1];
-
+                        gt_tohex(tmp, sizeof(tmp), data, r);
-                        if (r>ip_size)
+                        gt_log("%s: DUMP %zi %s\n", sockname, r, tmp);
                        continue;
                        ip_set_size(data, r);
                    }
                    if _0_(debug)
                        gt_print_hdr(ip_version, data, ip_size, sockname);
                    blks[blk_write++].size = r;
                    blk_count++;
                }
@@ -1009,7 +1037,9 @@ int main (int argc, char **argv)
                }
                size_t size = buffer_read_size(&tun.write);
-                ssize_t ip_size = ip_get_size(tun.write.read, size);
+
                const int ip_version = ip_get_version(tun.write.read, size);
                ssize_t ip_size = ip_get_size(ip_version, tun.write.read, size);
                if _0_(!ip_size) {
                    gt_log("%s: bad packet!\n", sockname);
--- a/version.sh
+++ b/version.sh
@@ -6,4 +6,4 @@
 [ -z "${VERSION}" ] && VERSION=`basename \`pwd\`` \
                    && VERSION=${VERSION#*-}
-echo -n ${VERSION}
+printf ${VERSION}
Author	SHA1	Message	Date
angt	ddae22a3d9	Use a new random secret key without keyfile	2015-12-15 09:07:44 +01:00
angt	893de45272	Accept lower-case in fromhex()	2015-12-15 08:28:10 +01:00
angt	78ba4c9a59	Do not call ip_get_version() again and again	2015-12-14 18:37:50 +01:00
angt	ffa549e444	Fix and cleanup gt_{from,to}hex	2015-12-13 11:26:58 +01:00
angt	6040f17e1c	Code cleanup	2015-12-13 11:07:55 +01:00
angt	da30c9110a	Do not ask too much to macosx	2015-12-12 13:30:27 +01:00
angt	05de7b8109	Show udp hdr too in debug mode	2015-12-12 13:18:56 +01:00
angt	7cc6d08d7a	Use __FAVOR_BSD...	2015-12-12 13:07:51 +01:00
angt	d526a3cfa5	Fix retry when kx fails	2015-12-12 12:19:09 +01:00
angt	0e319b068d	Listener should retry accept() by default	2015-12-12 11:05:58 +01:00
angt	c82026cfd7	Update README.md	2015-12-11 17:44:16 +01:00
angt	109f70c208	Secret key must be stored in upper-case hex now	2015-12-11 17:33:35 +01:00
angt	23cdc37ea8	Add gt_tohex() and gt_fromhex()	2015-12-11 16:33:45 +01:00
angt	7688209093	Show tcp hdr in debug	2015-12-11 11:32:22 +01:00
angt	52a3a4b853	Add debug option to show ip_proto	2015-12-10 15:28:45 +01:00
angt	4cf0e7bc68	Function dt_ms() is pure too	2015-12-10 13:19:24 +01:00
angt	f36fde5054	Add ip_get_proto()	2015-12-10 13:17:27 +01:00
angt	e08eb73f98	Remove TCP_INFO	2015-12-10 12:33:54 +01:00
angt	f3143eff83	Do not print error for EPIPE or ECONNRESET on write()	2015-12-09 20:38:49 +01:00
angt	ea1fa120eb	Allow IPv6	2015-12-09 20:27:40 +01:00
angt	be29a12842	Deploy only on linux-gcc	2015-12-09 11:25:51 +01:00
angt	113f1ae58d	Use file_glob in travis	2015-12-08 18:27:59 +01:00
angt	73fff34bfe	Try to deploy with travis	2015-12-08 18:10:39 +01:00
angt	84ae6dae32	Use printf instead of echo -n	2015-12-08 15:16:22 +01:00