diff options
| -rw-r--r-- | CMakeLists.txt | 10 | ||||
| -rw-r--r-- | FindNaCl.cmake | 16 | ||||
| -rw-r--r-- | config.h.in | 33 | ||||
| -rw-r--r-- | src/CMakeLists.txt | 16 | ||||
| -rw-r--r-- | src/fastd.c | 6 | ||||
| -rw-r--r-- | src/method_curve25519_fhmqvc_xsalsa20_poly1305.c | 102 | ||||
| -rw-r--r-- | src/method_null.c | 1 |
7 files changed, 180 insertions, 4 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index ba584e6..f536086 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,6 +3,14 @@ project(FASTD C) set(CMAKE_MODULE_PATH ${FASTD_SOURCE_DIR}) -#configure_file(${FAST_SOURCE_DIR}/config.h.in ${FAST_BINARY_DIR}/config.h) +find_package(NaCl) + +set(WITH_CFXP ${NACL_FOUND} CACHE BOOL "Include curve25519-fhmqvc-xsalsa20-poly1305 method") + +if(WITH_CFXP AND NOT NACL_FOUND) + MESSAGE(FATAL_ERROR "NaCl: Networking and Cryptography library is required for the curve25519-fhmqvc-xsalsa20-poly1305 method") +endif(WITH_CFXP AND NOT NACL_FOUND) + +configure_file(${FASTD_SOURCE_DIR}/config.h.in ${FASTD_BINARY_DIR}/config.h) add_subdirectory(src) diff --git a/FindNaCl.cmake b/FindNaCl.cmake new file mode 100644 index 0000000..0d453b0 --- /dev/null +++ b/FindNaCl.cmake @@ -0,0 +1,16 @@ +FIND_PATH(NACL_INCLUDE_DIR crypto_secretbox_xsalsa20poly1305.h PATH_SUFFIXES nacl) +FIND_LIBRARY(NACL_LIBRARY NAMES nacl) + +IF (NACL_INCLUDE_DIR AND NACL_LIBRARY) + SET(NACL_FOUND TRUE) +ENDIF (NACL_INCLUDE_DIR AND NACL_LIBRARY) + +IF (NACL_FOUND) + IF (NOT NaCl_FIND_QUIETLY) + MESSAGE(STATUS "Found NaCl: Networking and Cryptography library: ${NACL_LIBRARY}; include path: ${NACL_INCLUDE_DIR}") + ENDIF (NOT NaCl_FIND_QUIETLY) +ELSE (NACL_FOUND) + IF (NaCl_FIND_REQUIRED) + MESSAGE(FATAL_ERROR "Could not find NaCl: Networking and Cryptography library") + ENDIF (NaCl_FIND_REQUIRED) +ENDIF (NACL_FOUND) diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..926e49a --- /dev/null +++ b/config.h.in @@ -0,0 +1,33 @@ +/* + Copyright (c) 2012, Matthias Schiffer <mschiffer@universe-factory.net> + Partly based on QuickTun Copyright (c) 2010, Ivo Smits <Ivo@UCIS.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + + +#ifndef _FASTD_CONFIG_H_ +#define _FASTD_CONFIG_H_ + +#cmakedefine WITH_CFXP + +#endif /* _FASTD_CONFIG_H_ */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 044ec80..ca32e30 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,2 +1,14 @@ -add_executable(fastd fastd.c handshake.c method_null.c peer.c printf.c queue.c task.c) -target_link_libraries(fastd rt) +set(METHODS method_null.c) +set(FASTD_INCLUDES ${FASTD_BINARY_DIR}) +set(FASTD_LIBS "") + +if(WITH_CFXP) + set(METHODS ${METHODS} method_curve25519_fhmqvc_xsalsa20_poly1305.c) + set(FASTD_INCLUDES ${FASTD_INCLUDES} ${NACL_INCLUDE_DIR}) + set(FASTD_LIBS ${FASTD_LIBS} ${NACL_LIBRARY}) +endif(WITH_CFXP) + +include_directories(${FASTD_INCLUDES}) + +add_executable(fastd fastd.c handshake.c peer.c printf.c queue.c task.c ${METHODS}) +target_link_libraries(fastd rt ${FASTD_LIBS}) diff --git a/src/fastd.c b/src/fastd.c index dd6d2fa..5dcec14 100644 --- a/src/fastd.c +++ b/src/fastd.c @@ -30,6 +30,8 @@ #include "peer.h" #include "task.h" +#include <config.h> + #include <arpa/inet.h> #include <fcntl.h> #include <getopt.h> @@ -45,6 +47,10 @@ extern fastd_method fastd_method_null; +#ifdef WITH_CFXP +extern fastd_method fastd_method_curve25519_fhmqvc_xsalsa20_poly1305; +#endif + static void init_tuntap(fastd_context *ctx) { struct ifreq ifr; diff --git a/src/method_curve25519_fhmqvc_xsalsa20_poly1305.c b/src/method_curve25519_fhmqvc_xsalsa20_poly1305.c new file mode 100644 index 0000000..9551ad9 --- /dev/null +++ b/src/method_curve25519_fhmqvc_xsalsa20_poly1305.c @@ -0,0 +1,102 @@ +/* + Copyright (c) 2012, Matthias Schiffer <mschiffer@universe-factory.net> + Partly based on QuickTun Copyright (c) 2010, Ivo Smits <Ivo@UCIS.nl>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + + +#define _GNU_SOURCE + +#include "fastd.h" +#include "peer.h" + +#include <arpa/inet.h> + +#include <crypto_secretbox_xsalsa20poly1305.h> + + +static bool method_check_config(fastd_context *ctx, const fastd_config *conf) { + return true; +} + +static size_t method_max_packet_size(fastd_context *ctx) { + return (fastd_max_packet_size(ctx) - crypto_secretbox_xsalsa20poly1305_NONCEBYTES); +} + +static char* method_peer_str(const fastd_context *ctx, const fastd_peer *peer) { + char addr_buf[INET6_ADDRSTRLEN] = ""; + char *ret; + + const char *temp = fastd_peer_is_temporary(peer) ? " (temporary)" : ""; + + switch (peer->address.sa.sa_family) { + case AF_UNSPEC: + if (asprintf(&ret, "<floating>%s", temp) > 0) + return ret; + break; + + case AF_INET: + if (inet_ntop(AF_INET, &peer->address.in.sin_addr, addr_buf, sizeof(addr_buf))) { + if (asprintf(&ret, "%s:%u%s", addr_buf, ntohs(peer->address.in.sin_port), temp) > 0) + return ret; + } + break; + + case AF_INET6: + if (inet_ntop(AF_INET6, &peer->address.in6.sin6_addr, addr_buf, sizeof(addr_buf))) { + if (asprintf(&ret, "[%s]:%u%s", addr_buf, ntohs(peer->address.in6.sin6_port), temp) > 0) + return ret; + } + break; + + default: + exit_bug(ctx, "unsupported address family"); + } + + return NULL; +} + +static void method_init(fastd_context *ctx, fastd_peer *peer) { +} + +static void method_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buffer buffer) { + fastd_buffer_free(buffer); +} + +static void method_send(fastd_context *ctx, fastd_peer *peer, fastd_buffer buffer) { + fastd_buffer_free(buffer); +} + +const fastd_method fastd_method_curve25519_fhmqvc_xsalsa20_poly1305 = { + .name = "curve25519-fhmqvc-xsalsa20-poly1305", + + .check_config = method_check_config, + + .max_packet_size = method_max_packet_size, + + .peer_str = method_peer_str, + + .init = method_init, + .handle_recv = method_handle_recv, + .send = method_send, +}; diff --git a/src/method_null.c b/src/method_null.c index eb9ff64..e8d8f58 100644 --- a/src/method_null.c +++ b/src/method_null.c @@ -34,7 +34,6 @@ #include <arpa/inet.h> - static bool method_check_config(fastd_context *ctx, const fastd_config *conf) { if (conf->n_floating > 1) { pr_error(ctx, "with method `null' use can't define more than one floating peer"); |