* Encrypting tunnel for userv-ipif tunnels, actual implementation
*
* usage:
- * udptunnel-forwarder <public-local-fd> <private-in-fd> <private-out-fd>
+ * udptunnel-forwarder <optchars>
+ * <public-local-fd> <private-in-fd> <private-out-fd>
+ * <encdec-keys-fd>
* <mtu> <keepalive> <timeout>
* <public-remote-addr> [<public-remote-port>]
- * <encdec-keys-fd> <encdec-keys-write>
* <mech1> [<mech1-params> ...]
* <mech2> [<mech2-params> ...]
* ''
* whereever we get a good packet from first, in which case port
* should not be specified.
*
- * <enc-keys-write> is '' to mean read, anything else to mean write.
+ * <optchars> is zero or more of
+ * w means generate and write encdec keys, rather than reading them
+ * D means do crypto debug (use with care!)
*
* Every must be numeric. There is very little argument checking.
*
static size_t buffer_size;
+static const char *opt_chars;
static int public_local_fd, private_in_fd, private_out_fd;
static int mtu2, keepalive, timeout;
static int public_remote_specd;
static struct sockaddr_in public_remote;
-static int encdec_keys_fd, encdec_keys_write;
+static int encdec_keys_fd, encdec_keys_write, crypto_debug;
static int n_mechs;
static const struct mechanism *mechs[MAXMECHS];
static time_t nextsendka;
+static void cdebug(int mechno /*or -1*/, const char *msg) {
+ if (!crypto_debug) return;
+ printf("%s: CRYPTO: %-20s encrypt setup\n",
+ programid,
+ mechno >= 0 ? mechs[i]->name : "",
+ msg);
+}
+
+static void cdebughex(int mechno /*or -1*/, const char *msg,
+ size_t skipbefore, const void *ptr, size_t sz, size_t skipafter) {
+ const unsigned char *p;
+
+ if (!crypto_debug) return;
+ printf("%s: CRYPTO: %-20s %s",
+ programid,
+ mechno >= 0 ? mechs[i]->name : "",
+ msg);
+ for (i=0; i<skipbefore) fputs(" ..",stdout);
+ for (i=0, p=ptr; i<sz; i++, p++) fprintf(" %02x",*p);
+ for (i=0; i<skipafter) fputs(" ..",stdout);
+ fputc('\n',stdout);
+}
+
+void get_random(void *ptr, size_t sz) {
+ static FILE *randfile;
+
+ size_t r;
+
+ if (!randfile) {
+ randfile= fopen("/dev/urandom","rb");
+ if (!randfile && errno==ENOENT) randfile= fopen("/dev/random","rb");
+ if (!randfile) sysfail("open random number generator");
+ }
+
+ r= fread(ptr,1,sz,randfile);
+ if (r == sz) return;
+ (ferror(randfile) ? sysfail : fail)("cannot read random number generator");
+
+ cdebughex(-1, "get_random", ptr, sz, 0,0);
+}
void random_key(void *ptr, size_t sz) {
if (encdec_keys_write) {
if (uname(&uname_result)) { perror(PROGRAM ": uname failed"); exit(16); }
sprintf(programid, PROGRAM ": %.*s", SYS_NMLN, uname_result.nodename);
-
+
+ opt_chars= getarg_string();
+ encdec_keys_write= !!strchr(opt_chars,"w");
+ crypto_debug= !!strchr(opt_chars,"D");
+
public_local_fd= getarg_ulong();
private_in_fd= getarg_ulong();
private_out_fd= getarg_ulong();
+ encdec_keys_fd= getarg_ulong();
+
mtu2= getarg_ulong() * 2;
keepalive= getarg_ulong();
timeout= getarg_ulong();
public_remote.sin_port= htons(getarg_ulong());
}
- encdec_keys_fd= getarg_ulong();
- encdec_keys_write= !!*getarg_string();
+ if (crypto_debug) {
+ diag("crypto debugging enabled!");
+ setvbuf(stdout,0,_IOLBF,0);
+ }
maxprefix= 0;
- for (i=0; i<n_mechs; i++) mechs[i]= getarg_mech();
- for (i=0; i<n_mechs; i++) mechs[i]->encsetup(&md_in[i], &maxprefix, &maxsuffix);
- for (i=0; i<n_mechs; i++) mechs[i]->decsetup(&md_out[i]);
+ for (i=0; i<n_mechs; i++) {
+ mechs[i]= getarg_mech();
+ }
+ for (i=0; i<n_mechs; i++) {
+ cdebug(i,"encrypt setup");
+ mechs[i]->encsetup(&md_in[i], &maxprefix, &maxsuffix);
+ }
+ for (i=0; i<n_mechs; i++) {
+ cdebug(i,"decrypt setup");
+ mechs[i]->decsetup(&md_out[i]);
+ }
if (maxprefix<1) maxprefix= 1;
if (maxsuffix<1) maxsuffix= 1;
# | -m (`masquerade support': subcommand gets `Wait' instead of our addr/port)
# | -d (`dump keys': when no subcmd, spew keys rather than reading them;
# we always send keys to our subcmd if there is one)
+# | -Dcrypto (debug crypto - use with care, prints keys, packets &c on screen!)
# | -f<path-to-udptunnel-forwarder>
# ...
# ]
$masq= 0;
$dump= 0;
$fcmd= 'udptunnel-forwarder';
+$xfwdopts= '';
while ($ARGV[0] =~ m/^-/) {
$_= shift @ARGV;
$masq= 1;
} elsif (s/^-d/-/) {
$dump= 1;
+ } elsif (s/^-Dcrypto$/-/) {
+ $xfwdopts.= 'K';
} else {
quit("unknown option \`$_'");
}
close UW;
close DR;
-@fcmd= ($fcmd,
- fileno(L), fileno(DW), fileno(UR),
+$xfwdopts.= 'w' if $dump;
+
+@fcmd= ($fcmd, $xfwdopts,
+ fileno(L), fileno(DW), fileno(UR), fileno(DUMPKEYS),
$mtu, $keepalive, $timeout,
@rapf,
- fileno(DUMPKEYS), $dump ? 'y' : '',
@encryption);
debug("forwarding command @fcmd.");
~ian / userv-utils.git / commitdiff