-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathlfd_encrypt.c
177 lines (152 loc) · 5.12 KB
/
lfd_encrypt.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#include "config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
#include <unistd.h>
#include "vtun.h"
#include "linkfd.h"
#ifdef HAVE_SODIUM
#include <sodium.h>
#define crypto_aead_NPUBBYTES crypto_aead_aes256gcm_NPUBBYTES
#define crypto_aead_ABYTES crypto_aead_aes256gcm_ABYTES
#define crypto_aead_KEYBYTES crypto_aead_aes256gcm_KEYBYTES
#define MESSAGE_MAX_SIZE VTUN_FRAME_SIZE
#define CIPHERTEXT_ABYTES (crypto_aead_ABYTES + crypto_aead_NPUBBYTES)
#define CIPHERTEXT_MAX_SIZE MESSAGE_MAX_SIZE
#define CIPHERTEXT_MAX_TOTAL_SIZE (CIPHERTEXT_MAX_SIZE + CIPHERTEXT_ABYTES)
#define MINIMUM_DATE 1444341043UL
#define SLEEP_WHEN_CLOCK_IS_OFF 10
typedef struct CryptoCtx {
crypto_aead_aes256gcm_state *state;
unsigned char *ciphertext;
unsigned char *message;
unsigned char *nonce;
unsigned char *previous_decrypted_nonce;
} CryptoCtx;
static CryptoCtx ctx;
static int
init_nonce(unsigned char *nonce, size_t nonce_size)
{
time_t now;
if (nonce_size < 5) {
return -1;
}
time(&now);
if (now < MINIMUM_DATE) {
sleep(SLEEP_WHEN_CLOCK_IS_OFF);
randombytes_buf(nonce, nonce_size);
} else {
randombytes_buf(nonce, nonce_size - 3);
nonce[nonce_size - 1] = (unsigned char) (now >> 22);
nonce[nonce_size - 2] = (unsigned char) (now >> 14);
nonce[nonce_size - 3] = (unsigned char) (now >> 6);
nonce[nonce_size - 4] =
(unsigned char) (now << 2) ^ (nonce[nonce_size - 4] & 0x3);
}
if (vtun.svr != 0) {
nonce[nonce_size - 1] |= 0x80;
} else {
nonce[nonce_size - 1] &= ~0x80;
}
return 0;
}
static int
alloc_encrypt(struct vtun_host *host)
{
ctx.state = sodium_malloc(sizeof *ctx.state);
ctx.message = sodium_malloc(MESSAGE_MAX_SIZE);
ctx.ciphertext = sodium_malloc(CIPHERTEXT_MAX_TOTAL_SIZE);
ctx.nonce = sodium_malloc(crypto_aead_NPUBBYTES);
ctx.previous_decrypted_nonce = sodium_malloc(crypto_aead_NPUBBYTES);
if (host->key == NULL || ctx.state == NULL || ctx.message == NULL ||
ctx.ciphertext == NULL || ctx.ciphertext == NULL || ctx.nonce == NULL ||
ctx.previous_decrypted_nonce == NULL) {
abort();
}
if (init_nonce(ctx.nonce, crypto_aead_NPUBBYTES) != 0) {
return -1;
}
memset(ctx.previous_decrypted_nonce, 0, crypto_aead_NPUBBYTES);
crypto_aead_aes256gcm_beforenm(ctx.state, host->key);
sodium_free(host->key);
host->key = NULL;
return 0;
}
static int
free_encrypt(void)
{
sodium_free(ctx.message);
sodium_free(ctx.ciphertext);
sodium_free(ctx.nonce);
sodium_free(ctx.previous_decrypted_nonce);
return 0;
}
static int
encrypt_buf(int message_len_, char *message_, char ** const ciphertext_p)
{
const unsigned char *message = (const unsigned char *) message_;
const size_t message_len = (size_t) message_len_;
unsigned long long ciphertext_len;
if (message_len_ < 0 || message_len > MESSAGE_MAX_SIZE) {
return -1;
}
crypto_aead_aes256gcm_encrypt_afternm(ctx.ciphertext, &ciphertext_len,
message, message_len,
NULL, 0ULL,
NULL, ctx.nonce,
(const crypto_aead_aes256gcm_state *) ctx.state);
memcpy(ctx.ciphertext + message_len + crypto_aead_ABYTES,
ctx.nonce, crypto_aead_NPUBBYTES);
sodium_increment(ctx.nonce, crypto_aead_NPUBBYTES);
*ciphertext_p = (char *) ctx.ciphertext;
return (int) ciphertext_len + crypto_aead_NPUBBYTES;
}
static int
decrypt_buf(int ciphertext_len_, char *ciphertext_, char ** const message_p)
{
const unsigned char *ciphertext = (const unsigned char *) ciphertext_;
const unsigned char *nonce;
size_t ciphertext_len = (size_t) ciphertext_len_;
unsigned long long message_len;
if (ciphertext_len_ < CIPHERTEXT_ABYTES ||
ciphertext_len > CIPHERTEXT_MAX_SIZE) {
return -1;
}
ciphertext_len -= crypto_aead_NPUBBYTES;
nonce = ciphertext + ciphertext_len;
if (sodium_compare(nonce, ctx.previous_decrypted_nonce, crypto_aead_NPUBBYTES) <= 0 ||
crypto_aead_aes256gcm_decrypt_afternm(ctx.message, &message_len, NULL,
ciphertext, ciphertext_len,
NULL, 0ULL, nonce,
(const crypto_aead_aes256gcm_state *) ctx.state) != 0) {
return -1;
}
memcpy(ctx.previous_decrypted_nonce, nonce, crypto_aead_NPUBBYTES);
*message_p = (char *) ctx.message;
return (int) message_len;
}
struct lfd_mod lfd_encrypt = {
"Encryptor",
alloc_encrypt,
encrypt_buf,
NULL,
decrypt_buf,
NULL,
free_encrypt,
NULL,
NULL
};
#else /* HAVE_SODIUM */
static int
no_encrypt(struct vtun_host *host)
{
vtun_syslog(LOG_INFO, "Encryption is not supported");
return -1;
}
struct lfd_mod lfd_encrypt = {
"Encryptor",
no_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif