Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ad0d205ff3 | ||
|
|
030087cb27 | ||
|
|
eefa7722c5 |
178
src/main.c
178
src/main.c
@@ -40,12 +40,21 @@
|
||||
#define O_CLOEXEC 0
|
||||
#endif
|
||||
|
||||
#define GT_TIMEOUT (5000)
|
||||
#define GT_MTU_MAX (1500)
|
||||
#define GT_PKT_MAX (32*1024)
|
||||
#define GT_TUNR_SIZE (GT_PKT_MAX-16-2)
|
||||
#define GT_TUNW_SIZE (GT_PKT_MAX)
|
||||
|
||||
#define GT_ABYTES (16)
|
||||
#define GT_KEYBYTES (32)
|
||||
|
||||
#define MPTCP_ENABLED (26)
|
||||
|
||||
static struct {
|
||||
long timeout;
|
||||
int mptcp;
|
||||
} gt;
|
||||
|
||||
struct fdbuf {
|
||||
int fd;
|
||||
buffer_t read;
|
||||
@@ -54,10 +63,11 @@ struct fdbuf {
|
||||
|
||||
struct crypto_ctx {
|
||||
struct {
|
||||
crypto_aead_aes256gcm_state state;
|
||||
uint8_t nonce[crypto_aead_aes256gcm_NPUBBYTES];
|
||||
uint8_t key[512] _align_(16);
|
||||
uint8_t nonce[16];
|
||||
} write, read;
|
||||
uint8_t skey[crypto_generichash_KEYBYTES];
|
||||
int chacha;
|
||||
};
|
||||
|
||||
volatile sig_atomic_t gt_close = 0;
|
||||
@@ -101,6 +111,7 @@ enum sk_opt {
|
||||
sk_acceptfilter,
|
||||
sk_quickack,
|
||||
sk_user_timeout,
|
||||
sk_mptcp,
|
||||
};
|
||||
|
||||
static void sk_set (int fd, enum sk_opt opt, const void *val, socklen_t len)
|
||||
@@ -155,6 +166,11 @@ static void sk_set (int fd, enum sk_opt opt, const void *val, socklen_t len)
|
||||
[sk_user_timeout] = { "TCP_USER_TIMEOUT",
|
||||
#ifdef TCP_USER_TIMEOUT
|
||||
1, IPPROTO_TCP, TCP_USER_TIMEOUT,
|
||||
#endif
|
||||
},
|
||||
[sk_mptcp] = { "MPTCP_ENABLED",
|
||||
#ifdef MPTCP_ENABLED
|
||||
1, IPPROTO_TCP, MPTCP_ENABLED,
|
||||
#endif
|
||||
},
|
||||
};
|
||||
@@ -177,6 +193,9 @@ static int sk_listen (int fd, struct addrinfo *ai)
|
||||
{
|
||||
sk_set_int(fd, sk_reuseaddr, 1);
|
||||
|
||||
if (gt.mptcp)
|
||||
sk_set_int(fd, sk_mptcp, 1);
|
||||
|
||||
if (bind(fd, ai->ai_addr, ai->ai_addrlen)==-1) {
|
||||
perror("bind");
|
||||
return -1;
|
||||
@@ -188,7 +207,7 @@ static int sk_listen (int fd, struct addrinfo *ai)
|
||||
}
|
||||
|
||||
#ifdef __linux__
|
||||
sk_set_int(fd, sk_defer_accept, GT_TIMEOUT/1000);
|
||||
sk_set_int(fd, sk_defer_accept, gt.timeout/1000);
|
||||
#else
|
||||
char data[256] = "dataready";
|
||||
sk_set(fd, sk_acceptfilter, &data, sizeof(data));
|
||||
@@ -199,11 +218,38 @@ static int sk_listen (int fd, struct addrinfo *ai)
|
||||
|
||||
static int sk_connect (int fd, struct addrinfo *ai)
|
||||
{
|
||||
fd_set_nonblock(fd);
|
||||
|
||||
if (gt.mptcp)
|
||||
sk_set_int(fd, sk_mptcp, 1);
|
||||
|
||||
int ret = connect(fd, ai->ai_addr, ai->ai_addrlen);
|
||||
|
||||
if (ret==-1 && errno==EINTR)
|
||||
if (ret==-1) {
|
||||
if (errno==EINTR)
|
||||
return 0;
|
||||
|
||||
if (errno==EINPROGRESS) {
|
||||
struct pollfd pollfd = {
|
||||
.fd = fd,
|
||||
.events = POLLOUT,
|
||||
};
|
||||
|
||||
if (!poll(&pollfd, 1, gt.timeout))
|
||||
return -1;
|
||||
|
||||
int opt = 0;
|
||||
socklen_t optlen = sizeof(opt);
|
||||
|
||||
getsockopt(fd, SOL_SOCKET, SO_ERROR, &opt, &optlen);
|
||||
|
||||
if (!opt)
|
||||
return 0;
|
||||
|
||||
errno = opt;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -234,6 +280,8 @@ static int sk_accept (int fd)
|
||||
if (ret==-1 && errno!=EINTR)
|
||||
perror("accept");
|
||||
|
||||
fd_set_nonblock(ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -403,7 +451,7 @@ static size_t fd_read_all (int fd, void *data, size_t size)
|
||||
.events = POLLIN,
|
||||
};
|
||||
|
||||
if (!poll(&pollfd, 1, GT_TIMEOUT))
|
||||
if (!poll(&pollfd, 1, gt.timeout))
|
||||
break;
|
||||
|
||||
continue;
|
||||
@@ -431,7 +479,7 @@ static size_t fd_write_all (int fd, const void *data, size_t size)
|
||||
.events = POLLOUT,
|
||||
};
|
||||
|
||||
if (!poll(&pollfd, 1, GT_TIMEOUT))
|
||||
if (!poll(&pollfd, 1, gt.timeout))
|
||||
break;
|
||||
|
||||
continue;
|
||||
@@ -451,7 +499,7 @@ static int gt_encrypt (struct crypto_ctx *ctx, buffer_t *dst, buffer_t *src)
|
||||
if (!rs || !ws)
|
||||
return 0;
|
||||
|
||||
const size_t size = rs+crypto_aead_aes256gcm_ABYTES;
|
||||
const size_t size = rs+GT_ABYTES;
|
||||
|
||||
if (size+2>ws)
|
||||
return 0;
|
||||
@@ -459,14 +507,25 @@ static int gt_encrypt (struct crypto_ctx *ctx, buffer_t *dst, buffer_t *src)
|
||||
dst->write[0] = 0xFF&(size>>8);
|
||||
dst->write[1] = 0xFF&(size);
|
||||
|
||||
if (ctx->chacha) {
|
||||
crypto_aead_chacha20poly1305_encrypt(
|
||||
dst->write+2, NULL,
|
||||
src->read, rs,
|
||||
dst->write, 2,
|
||||
NULL, ctx->write.nonce,
|
||||
ctx->write.key);
|
||||
|
||||
sodium_increment(ctx->write.nonce, crypto_aead_chacha20poly1305_NPUBBYTES);
|
||||
} else {
|
||||
crypto_aead_aes256gcm_encrypt_afternm(
|
||||
dst->write+2, NULL,
|
||||
src->read, rs,
|
||||
dst->write, 2,
|
||||
NULL, ctx->write.nonce,
|
||||
(const crypto_aead_aes256gcm_state *)&ctx->write.state);
|
||||
(const crypto_aead_aes256gcm_state *)ctx->write.key);
|
||||
|
||||
sodium_increment(ctx->write.nonce, crypto_aead_aes256gcm_NPUBBYTES);
|
||||
}
|
||||
|
||||
src->read += rs;
|
||||
dst->write += size+2;
|
||||
@@ -482,30 +541,43 @@ static int gt_decrypt (struct crypto_ctx *ctx, buffer_t *dst, buffer_t *src)
|
||||
if (!rs || !ws)
|
||||
return 0;
|
||||
|
||||
if (rs<=2+crypto_aead_aes256gcm_ABYTES)
|
||||
if (rs<=2+GT_ABYTES)
|
||||
return 0;
|
||||
|
||||
const size_t size = (src->read[0]<<8)|src->read[1];
|
||||
|
||||
if (size-crypto_aead_aes256gcm_ABYTES>ws)
|
||||
if (size-GT_ABYTES>ws)
|
||||
return 0;
|
||||
|
||||
if (size+2>rs)
|
||||
return 0;
|
||||
|
||||
if (ctx->chacha) {
|
||||
if (crypto_aead_chacha20poly1305_decrypt(
|
||||
dst->write, NULL,
|
||||
NULL,
|
||||
src->read+2, size,
|
||||
src->read, 2,
|
||||
ctx->read.nonce,
|
||||
ctx->read.key))
|
||||
return -1;
|
||||
|
||||
sodium_increment(ctx->read.nonce, crypto_aead_chacha20poly1305_NPUBBYTES);
|
||||
} else {
|
||||
if (crypto_aead_aes256gcm_decrypt_afternm(
|
||||
dst->write, NULL,
|
||||
NULL,
|
||||
src->read+2, size,
|
||||
src->read, 2,
|
||||
ctx->read.nonce,
|
||||
(const crypto_aead_aes256gcm_state *)&ctx->read.state))
|
||||
(const crypto_aead_aes256gcm_state *)ctx->read.key))
|
||||
return -1;
|
||||
|
||||
sodium_increment(ctx->read.nonce, crypto_aead_aes256gcm_NPUBBYTES);
|
||||
}
|
||||
|
||||
src->read += size+2;
|
||||
dst->write += size-crypto_aead_aes256gcm_ABYTES;
|
||||
dst->write += size-GT_ABYTES;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -743,10 +815,11 @@ static void gt_print_entry (struct tcp_entry *te)
|
||||
uint8_t *key = &te->key[1];
|
||||
size_t size = te->key[0];
|
||||
|
||||
char ip0[INET6_ADDRSTRLEN];
|
||||
char ip1[INET6_ADDRSTRLEN];
|
||||
char ip0[INET6_ADDRSTRLEN] = {0};
|
||||
char ip1[INET6_ADDRSTRLEN] = {0};
|
||||
|
||||
uint16_t port0, port1;
|
||||
uint16_t port0 = 0;
|
||||
uint16_t port1 = 0;
|
||||
|
||||
switch (size) {
|
||||
case 8+4:
|
||||
@@ -958,17 +1031,16 @@ static int gt_setup_secretkey (struct crypto_ctx *ctx, char *keyfile)
|
||||
|
||||
static int gt_setup_crypto (struct crypto_ctx *ctx, int fd, int listener)
|
||||
{
|
||||
const uint8_t gt[] = {'G', 'T', VERSION_MAJOR, 0 };
|
||||
const uint8_t proto[] = {'G', 'T', VERSION_MAJOR, (uint8_t)ctx->chacha };
|
||||
|
||||
const size_t size = 96;
|
||||
const size_t hash_size = 32;
|
||||
|
||||
const size_t nonce_size = crypto_aead_aes256gcm_NPUBBYTES;
|
||||
const size_t public_size = crypto_scalarmult_SCALARBYTES;
|
||||
|
||||
uint8_t secret[crypto_scalarmult_SCALARBYTES];
|
||||
uint8_t shared[crypto_scalarmult_BYTES];
|
||||
uint8_t key[crypto_aead_aes256gcm_KEYBYTES];
|
||||
|
||||
uint8_t key_r[GT_KEYBYTES];
|
||||
uint8_t key_w[GT_KEYBYTES];
|
||||
|
||||
uint8_t data_r[size], data_w[size];
|
||||
uint8_t auth_r[hash_size], auth_w[hash_size];
|
||||
@@ -977,12 +1049,11 @@ static int gt_setup_crypto (struct crypto_ctx *ctx, int fd, int listener)
|
||||
crypto_generichash_state state;
|
||||
|
||||
memset(data_w, 0, size);
|
||||
randombytes_buf(data_w, nonce_size);
|
||||
|
||||
randombytes_buf(secret, sizeof(secret));
|
||||
crypto_scalarmult_base(&data_w[nonce_size], secret);
|
||||
crypto_scalarmult_base(data_w, secret);
|
||||
|
||||
memcpy(&data_w[size-hash_size-sizeof(gt)], gt, sizeof(gt));
|
||||
memcpy(&data_w[size-hash_size-sizeof(proto)], proto, sizeof(proto));
|
||||
|
||||
crypto_generichash(&data_w[size-hash_size], hash_size,
|
||||
data_w, size-hash_size, ctx->skey, sizeof(ctx->skey));
|
||||
@@ -993,9 +1064,12 @@ static int gt_setup_crypto (struct crypto_ctx *ctx, int fd, int listener)
|
||||
if (fd_read_all(fd, data_r, size)!=size)
|
||||
return -1;
|
||||
|
||||
if (memcmp(&data_r[size-hash_size-sizeof(gt)], gt, sizeof(gt)))
|
||||
if (memcmp(&data_r[size-hash_size-sizeof(proto)], proto, 3))
|
||||
return -2;
|
||||
|
||||
if (data_r[size-hash_size-sizeof(proto)+3])
|
||||
ctx->chacha = 1;
|
||||
|
||||
crypto_generichash(hash, hash_size,
|
||||
data_r, size-hash_size, ctx->skey, sizeof(ctx->skey));
|
||||
|
||||
@@ -1020,29 +1094,36 @@ static int gt_setup_crypto (struct crypto_ctx *ctx, int fd, int listener)
|
||||
if (sodium_memcmp(auth_r, hash, hash_size))
|
||||
return -2;
|
||||
|
||||
if (crypto_scalarmult(shared, secret, &data_r[nonce_size]))
|
||||
if (crypto_scalarmult(shared, secret, data_r))
|
||||
return -2;
|
||||
|
||||
crypto_generichash_init(&state, ctx->skey, sizeof(ctx->skey), sizeof(key));
|
||||
crypto_generichash_init(&state, ctx->skey, sizeof(ctx->skey), sizeof(key_r));
|
||||
crypto_generichash_update(&state, shared, sizeof(shared));
|
||||
crypto_generichash_update(&state, data_r, size);
|
||||
crypto_generichash_update(&state, data_w, size);
|
||||
crypto_generichash_final(&state, key, sizeof(key));
|
||||
crypto_aead_aes256gcm_beforenm(&ctx->read.state, key);
|
||||
crypto_generichash_final(&state, key_r, sizeof(key_r));
|
||||
|
||||
crypto_generichash_init(&state, ctx->skey, sizeof(ctx->skey), sizeof(key));
|
||||
crypto_generichash_init(&state, ctx->skey, sizeof(ctx->skey), sizeof(key_w));
|
||||
crypto_generichash_update(&state, shared, sizeof(shared));
|
||||
crypto_generichash_update(&state, data_w, size);
|
||||
crypto_generichash_update(&state, data_r, size);
|
||||
crypto_generichash_final(&state, key, sizeof(key));
|
||||
crypto_aead_aes256gcm_beforenm(&ctx->write.state, key);
|
||||
crypto_generichash_final(&state, key_w, sizeof(key_w));
|
||||
|
||||
if (ctx->chacha) {
|
||||
memcpy(ctx->read.key, key_r, sizeof(key_r));
|
||||
memcpy(ctx->write.key, key_w, sizeof(key_w));
|
||||
} else {
|
||||
crypto_aead_aes256gcm_beforenm(&ctx->read.key, key_r);
|
||||
crypto_aead_aes256gcm_beforenm(&ctx->write.key, key_w);
|
||||
}
|
||||
|
||||
sodium_memzero(secret, sizeof(secret));
|
||||
sodium_memzero(shared, sizeof(shared));
|
||||
sodium_memzero(key, sizeof(key));
|
||||
sodium_memzero(key_r, sizeof(key_r));
|
||||
sodium_memzero(key_w, sizeof(key_w));
|
||||
|
||||
memcpy(ctx->read.nonce, data_r, nonce_size);
|
||||
memcpy(ctx->write.nonce, data_w, nonce_size);
|
||||
memset(ctx->read.nonce, 0, sizeof(ctx->read.nonce));
|
||||
memset(ctx->write.nonce, 0, sizeof(ctx->write.nonce));
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1069,7 +1150,7 @@ int main (int argc, char **argv)
|
||||
long retry_const = 0;
|
||||
long retry_limit = 1000000;
|
||||
|
||||
long user_timeout = 0;
|
||||
gt.timeout = 5000;
|
||||
|
||||
struct option ka_opts[] = {
|
||||
{ "count", &ka_count, option_long },
|
||||
@@ -1100,7 +1181,9 @@ int main (int argc, char **argv)
|
||||
{ "noquickack", NULL, option_option },
|
||||
{ "retry", &retry_opts, option_option },
|
||||
{ "statefile", &statefile, option_str },
|
||||
{ "timeout", &user_timeout, option_long },
|
||||
{ "timeout", >.timeout, option_long },
|
||||
{ "chacha20", NULL, option_option },
|
||||
{ "mptcp", NULL, option_option },
|
||||
{ "debug", NULL, option_option },
|
||||
{ "version", NULL, option_option },
|
||||
{ NULL },
|
||||
@@ -1120,6 +1203,10 @@ int main (int argc, char **argv)
|
||||
const int noquickack = option_is_set(opts, "noquickack");
|
||||
const int debug = option_is_set(opts, "debug");
|
||||
|
||||
int chacha = option_is_set(opts, "chacha20");
|
||||
|
||||
gt.mptcp = option_is_set(opts, "mptcp");
|
||||
|
||||
if (buffer_size < GT_PKT_MAX) {
|
||||
buffer_size = GT_PKT_MAX;
|
||||
gt_log("buffer size must be greater than or equal to %li\n", buffer_size);
|
||||
@@ -1135,14 +1222,19 @@ int main (int argc, char **argv)
|
||||
retry_count = 0;
|
||||
}
|
||||
|
||||
if (gt.timeout<=0 || gt.timeout>INT_MAX) {
|
||||
gt_log("bad timeout\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (sodium_init()==-1) {
|
||||
gt_log("libsodium initialization has failed\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!crypto_aead_aes256gcm_is_available()) {
|
||||
if (!chacha && !crypto_aead_aes256gcm_is_available()) {
|
||||
gt_na("AES-256-GCM");
|
||||
return 1;
|
||||
chacha = 1;
|
||||
}
|
||||
|
||||
struct addrinfo *ai = ai_create(host, port, listener);
|
||||
@@ -1226,8 +1318,6 @@ int main (int argc, char **argv)
|
||||
|
||||
gt_log("%s: connected\n", sockname);
|
||||
|
||||
fd_set_nonblock(sock.fd);
|
||||
|
||||
sk_set_int(sock.fd, sk_nodelay, !delay);
|
||||
sk_set_int(sock.fd, sk_keepalive, keepalive);
|
||||
|
||||
@@ -1242,11 +1332,11 @@ int main (int argc, char **argv)
|
||||
sk_set_int(sock.fd, sk_keepintvl, ka_interval);
|
||||
}
|
||||
|
||||
if (user_timeout>0 && user_timeout<=INT_MAX)
|
||||
sk_set_int(sock.fd, sk_user_timeout, user_timeout);
|
||||
|
||||
sk_set_int(sock.fd, sk_user_timeout, gt.timeout);
|
||||
sk_set(sock.fd, sk_congestion, congestion, str_len(congestion));
|
||||
|
||||
ctx.chacha = chacha;
|
||||
|
||||
switch (gt_setup_crypto(&ctx, sock.fd, listener)) {
|
||||
case -2:
|
||||
gt_log("%s: key exchange could not be verified!\n", sockname);
|
||||
|
||||
Reference in New Issue
Block a user