X-Git-Url: https://git.distorted.org.uk/~mdw/userv-utils/blobdiff_plain/9d4e63db418172c744c7bc98a7bc21c1c876f1ef..09966b4959fa31ea3f6746b6b6583907744484e1:/ipif/forwarder.c

diff --git a/ipif/forwarder.c b/ipif/forwarder.c
index a9e43e0..015afbd 100644
--- a/ipif/forwarder.c
+++ b/ipif/forwarder.c
@@ -2,10 +2,11 @@
  * Encrypting tunnel for userv-ipif tunnels, actual implementation
  *
  * usage:
- *  udptunnel-forwarder <public-local-fd> <private-in-fd> <private-out-fd>
+ *  udptunnel-forwarder <optchars>
+ *                      <public-local-fd> <private-in-fd> <private-out-fd>
+ *                      <encdec-keys-fd>
  *                      <mtu> <keepalive> <timeout>
  *                      <public-remote-addr> [<public-remote-port>]
- *                      <encdec-keys-fd> <encdec-keys-write>
  *                      <mech1> [<mech1-params> ...]
  *                      <mech2> [<mech2-params> ...]
  *                      ''
@@ -14,7 +15,9 @@
  * whereever we get a good packet from first, in which case port
  * should not be specified.
  *
- * <enc-keys-write> is '' to mean read, anything else to mean write.
+ * <optchars> is zero or more of
+ *    w   means generate and write encdec keys, rather than reading them
+ *    D   means do crypto debug (use with care!)
  *
  * Every must be numeric.  There is very little argument checking.
  *
@@ -47,11 +50,12 @@
 
 static size_t buffer_size;
 
+static const char *opt_chars;
 static int public_local_fd, private_in_fd, private_out_fd;
 static int mtu2, keepalive, timeout;
 static int public_remote_specd;
 static struct sockaddr_in public_remote;
-static int encdec_keys_fd, encdec_keys_write;
+static int encdec_keys_fd, encdec_keys_write, crypto_debug;
 static int n_mechs;
 static const struct mechanism *mechs[MAXMECHS];
 
@@ -64,6 +68,46 @@ static size_t accum_used, accum_avail;
 
 static time_t nextsendka;
 
+static void cdebug(int mechno /*or -1*/, const char *msg) {
+  if (!crypto_debug) return;
+  printf("%s: CRYPTO: %-20s encrypt setup\n",
+	 programid,
+	 mechno >= 0 ? mechs[i]->name : "",
+	 msg);
+}
+
+static void cdebughex(int mechno /*or -1*/, const char *msg,
+		      size_t skipbefore, const void *ptr, size_t sz, size_t skipafter) {
+  const unsigned char *p;
+  
+  if (!crypto_debug) return;
+  printf("%s: CRYPTO: %-20s %s",
+	 programid,
+	 mechno >= 0 ? mechs[i]->name : "",
+	 msg);
+  for (i=0; i<skipbefore) fputs(" ..",stdout);
+  for (i=0, p=ptr; i<sz; i++, p++) fprintf(" %02x",*p);
+  for (i=0; i<skipafter) fputs(" ..",stdout);
+  fputc('\n',stdout);
+}
+
+void get_random(void *ptr, size_t sz) {
+  static FILE *randfile;
+
+  size_t r;
+
+  if (!randfile) {
+    randfile= fopen("/dev/urandom","rb");
+    if (!randfile && errno==ENOENT) randfile= fopen("/dev/random","rb");
+    if (!randfile) sysfail("open random number generator");
+  }
+
+  r= fread(ptr,1,sz,randfile);
+  if (r == sz) return;
+  (ferror(randfile) ? sysfail : fail)("cannot read random number generator");
+
+  cdebughex(-1, "get_random", ptr, sz, 0,0);
+}
 
 void random_key(void *ptr, size_t sz) {
   if (encdec_keys_write) {
@@ -245,10 +289,16 @@ int main(int argc, const char *const *const argv_in) {
 
   if (uname(&uname_result)) { perror(PROGRAM ": uname failed"); exit(16); }
   sprintf(programid, PROGRAM ": %.*s", SYS_NMLN, uname_result.nodename);
-  
+
+  opt_chars= getarg_string();
+  encdec_keys_write= !!strchr(opt_chars,"w");
+  crypto_debug= !!strchr(opt_chars,"D");
+
   public_local_fd= getarg_ulong();
   private_in_fd= getarg_ulong();
   private_out_fd= getarg_ulong();
+  encdec_keys_fd= getarg_ulong();
+
   mtu2= getarg_ulong() * 2;
   keepalive= getarg_ulong();
   timeout= getarg_ulong();
@@ -261,13 +311,23 @@ int main(int argc, const char *const *const argv_in) {
     public_remote.sin_port= htons(getarg_ulong());
   }
 
-  encdec_keys_fd= getarg_ulong();
-  encdec_keys_write= !!*getarg_string();
+  if (crypto_debug) {
+    diag("crypto debugging enabled!");
+    setvbuf(stdout,0,_IOLBF,0);
+  }
 
   maxprefix= 0;
-  for (i=0; i<n_mechs; i++) mechs[i]= getarg_mech();
-  for (i=0; i<n_mechs; i++) mechs[i]->encsetup(&md_in[i], &maxprefix, &maxsuffix);
-  for (i=0; i<n_mechs; i++) mechs[i]->decsetup(&md_out[i]);
+  for (i=0; i<n_mechs; i++) {
+    mechs[i]= getarg_mech();
+  }
+  for (i=0; i<n_mechs; i++) {
+    cdebug(i,"encrypt setup");
+    mechs[i]->encsetup(&md_in[i], &maxprefix, &maxsuffix);
+  }
+  for (i=0; i<n_mechs; i++) {
+    cdebug(i,"decrypt setup");
+    mechs[i]->decsetup(&md_out[i]);
+  }
 
   if (maxprefix<1) maxprefix= 1;
   if (maxsuffix<1) maxsuffix= 1;