2 * netsniff-ng - the packet sniffing beast
3 * By Daniel Borkmann <daniel@netsniff-ng.org>
4 * Copyright 2011 Daniel Borkmann.
5 * Subject to the GPL, version 2.
16 #include <arpa/inet.h>
27 #include "crypto_verify_32.h"
28 #include "crypto_hash_sha512.h"
29 #include "crypto_box_curve25519xsalsa20poly1305.h"
30 #include "crypto_auth_hmacsha512256.h"
32 #define crypto_box_pub_key_size crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
34 /* Config line format: username;pubkey\n */
38 unsigned char publickey
[crypto_box_pub_key_size
];
39 struct curve25519_proto proto_inf
;
40 struct user_store
*next
;
43 struct sock_map_entry
{
45 struct curve25519_proto
*proto
;
46 struct sock_map_entry
*next
;
49 struct sockaddr_map_entry
{
50 struct sockaddr_storage
*sa
;
52 struct curve25519_proto
*proto
;
53 struct sockaddr_map_entry
*next
;
56 static struct user_store
*store
= NULL
;
57 static struct rwlock store_lock
;
59 static struct hash_table sock_mapper
;
60 static struct rwlock sock_map_lock
;
62 static struct hash_table sockaddr_mapper
;
63 static struct rwlock sockaddr_map_lock
;
65 static unsigned char token
[crypto_auth_hmacsha512256_KEYBYTES
];
67 static void init_sock_mapper(void)
69 rwlock_init(&sock_map_lock
);
70 rwlock_wr_lock(&sock_map_lock
);
71 memset(&sock_mapper
, 0, sizeof(sock_mapper
));
72 init_hash(&sock_mapper
);
73 rwlock_unlock(&sock_map_lock
);
76 static void init_sockaddr_mapper(void)
78 rwlock_init(&sockaddr_map_lock
);
79 rwlock_wr_lock(&sockaddr_map_lock
);
80 memset(&sockaddr_mapper
, 0, sizeof(sockaddr_mapper
));
81 init_hash(&sockaddr_mapper
);
82 rwlock_unlock(&sockaddr_map_lock
);
85 static int cleanup_batch_sock_mapper(void *ptr
)
87 struct sock_map_entry
*next
;
88 struct sock_map_entry
*e
= ptr
;
92 while ((next
= e
->next
)) {
101 static void destroy_sock_mapper(void)
103 rwlock_wr_lock(&sock_map_lock
);
104 for_each_hash(&sock_mapper
, cleanup_batch_sock_mapper
);
105 free_hash(&sock_mapper
);
106 rwlock_unlock(&sock_map_lock
);
107 rwlock_destroy(&sock_map_lock
);
110 static int cleanup_batch_sockaddr_mapper(void *ptr
)
112 struct sockaddr_map_entry
*next
;
113 struct sockaddr_map_entry
*e
= ptr
;
117 while ((next
= e
->next
)) {
126 static void destroy_sockaddr_mapper(void)
128 rwlock_wr_lock(&sockaddr_map_lock
);
129 for_each_hash(&sockaddr_mapper
, cleanup_batch_sockaddr_mapper
);
130 free_hash(&sockaddr_mapper
);
131 rwlock_unlock(&sockaddr_map_lock
);
132 rwlock_destroy(&sockaddr_map_lock
);
135 static struct user_store
*user_store_alloc(void)
137 return xzmalloc(sizeof(struct user_store
));
140 static void user_store_free(struct user_store
*us
)
144 memset(us
, 0, sizeof(struct user_store
));
148 /* already in lock */
149 static int __check_duplicate_username(char *username
, size_t len
)
152 struct user_store
*elem
= store
;
154 if (!memcmp(elem
->username
, username
,
155 strlen(elem
->username
) + 1)) {
164 /* already in lock */
165 static int __check_duplicate_pubkey(unsigned char *pubkey
, size_t len
)
168 struct user_store
*elem
= store
;
170 if (!memcmp(elem
->publickey
, pubkey
,
171 sizeof(elem
->publickey
))) {
180 void parse_userfile_and_generate_user_store_or_die(char *homedir
)
183 char path
[PATH_MAX
], buff
[512], *username
, *key
;
184 unsigned char pkey
[crypto_box_pub_key_size
];
185 int line
= 1, ret
, fd
;
186 struct user_store
*elem
;
188 memset(path
, 0, sizeof(path
));
189 slprintf(path
, sizeof(path
), "%s/%s", homedir
, FILE_CLIENTS
);
191 rwlock_init(&store_lock
);
192 rwlock_wr_lock(&store_lock
);
194 fp
= fopen(path
, "r");
196 panic("Cannot open client file!\n");
197 memset(buff
, 0, sizeof(buff
));
199 while (fgets(buff
, sizeof(buff
), fp
) != NULL
) {
200 buff
[sizeof(buff
) - 1] = 0;
201 /* A comment. Skip this line */
202 if (buff
[0] == '#' || buff
[0] == '\n') {
203 memset(buff
, 0, sizeof(buff
));
207 username
= skips(buff
);
209 while (*key
!= ';' &&
215 panic("Parse error! No key found in l.%d!\n", line
);
219 panic("Parse error! No key found in l.%d!\n", line
);
220 key
= strtrim_right(key
, '\n');
221 memset(pkey
, 0, sizeof(pkey
));
222 if (!curve25519_pubkey_hexparse_32(pkey
, sizeof(pkey
),
224 panic("Parse error! No key found in l.%d!\n", line
);
225 if (strlen(username
) + 1 > sizeof(elem
->username
))
226 panic("Username too long in l.%d!\n", line
);
227 if (__check_duplicate_username(username
, strlen(username
) + 1))
228 panic("Duplicate username in l.%d!\n", line
);
229 if (__check_duplicate_pubkey(pkey
, sizeof(pkey
)))
230 panic("Duplicate publickey in l.%d!\n", line
);
231 if (strstr(username
, " "))
232 panic("Username consists of whitespace in l.%d!\n", line
);
233 if (strstr(username
, "\t"))
234 panic("Username consists of whitespace in l.%d!\n", line
);
235 elem
= user_store_alloc();
237 strlcpy(elem
->username
, username
, sizeof(elem
->username
));
238 memcpy(elem
->publickey
, pkey
, sizeof(elem
->publickey
));
239 ret
= curve25519_proto_init(&elem
->proto_inf
,
241 sizeof(elem
->publickey
),
244 panic("Cannot init curve25519 proto on user!\n");
246 memset(buff
, 0, sizeof(buff
));
252 panic("No registered clients found!\n");
253 rwlock_unlock(&store_lock
);
256 init_sockaddr_mapper();
259 * Pubkey is also used as a hmac of the initial packet to check
260 * the integrity of the packet, so that we know if it's just random
261 * garbage or a 'valid' packet. Again, just for the integrity!
264 memset(path
, 0, sizeof(path
));
265 slprintf(path
, sizeof(path
), "%s/%s", homedir
, FILE_PUBKEY
);
267 fd
= open_or_die(path
, O_RDONLY
);
268 ret
= read(fd
, token
, sizeof(token
));
269 if (ret
!= crypto_auth_hmacsha512256_KEYBYTES
)
270 panic("Cannot read public key!\n");
274 void dump_user_store(void)
277 struct user_store
*elem
;
279 rwlock_rd_lock(&store_lock
);
282 printf("%s -> ", elem
->username
);
283 for (i
= 0; i
< sizeof(elem
->publickey
); ++i
)
284 if (i
== (sizeof(elem
->publickey
) - 1))
285 printf("%02x\n", (unsigned char)
288 printf("%02x:", (unsigned char)
292 rwlock_unlock(&store_lock
);
295 void destroy_user_store(void)
297 struct user_store
*elem
, *nelem
= NULL
;
299 rwlock_wr_lock(&store_lock
);
304 user_store_free(elem
);
307 rwlock_unlock(&store_lock
);
308 rwlock_destroy(&store_lock
);
310 destroy_sock_mapper();
311 destroy_sockaddr_mapper();
314 int username_msg(char *username
, size_t len
, char *dst
, size_t dlen
)
319 unsigned char h
[crypto_hash_sha512_BYTES
];
320 struct username_struct
*us
= (struct username_struct
*) dst
;
324 if (dlen
< sizeof(struct username_struct
))
328 uname
= xzmalloc(uname_len
);
330 fd
= open_or_die("/dev/random", O_RDONLY
);
331 ret
= read_exact(fd
, &salt
, sizeof(salt
), 0);
332 if (ret
!= sizeof(salt
))
333 panic("Cannot read from /dev/random!\n");
336 slprintf(uname
, uname_len
, "%s%u", username
, salt
);
337 crypto_hash_sha512(h
, (unsigned char *) uname
, strlen(uname
));
339 us
->salt
= htonl(salt
);
340 memcpy(us
->hash
, h
, sizeof(us
->hash
));
346 enum is_user_enum
username_msg_is_user(char *src
, size_t slen
, char *username
,
352 struct username_struct
*us
= (struct username_struct
*) src
;
353 unsigned char h
[crypto_hash_sha512_BYTES
];
355 if (slen
< sizeof(struct username_struct
)) {
357 return USERNAMES_ERR
;
361 uname
= xzmalloc(uname_len
);
363 salt
= ntohl(us
->salt
);
365 slprintf(uname
, uname_len
, "%s%u", username
, salt
);
366 crypto_hash_sha512(h
, (unsigned char *) uname
, strlen(uname
));
369 if (!crypto_verify_32(&h
[0], &us
->hash
[0]) &&
370 !crypto_verify_32(&h
[32], &us
->hash
[32]))
376 static int register_user_by_socket(int fd
, struct curve25519_proto
*proto
)
379 struct sock_map_entry
*entry
;
381 rwlock_wr_lock(&sock_map_lock
);
382 entry
= xzmalloc(sizeof(*entry
));
384 entry
->proto
= proto
;
385 pos
= insert_hash(entry
->fd
, entry
, &sock_mapper
);
387 entry
->next
= (*pos
);
390 rwlock_unlock(&sock_map_lock
);
395 static int register_user_by_sockaddr(struct sockaddr_storage
*sa
,
397 struct curve25519_proto
*proto
)
400 struct sockaddr_map_entry
*entry
;
401 unsigned int hash
= hash_name((char *) sa
, sa_len
);
403 rwlock_wr_lock(&sockaddr_map_lock
);
404 entry
= xzmalloc(sizeof(*entry
));
405 entry
->sa
= xmemdupz(sa
, sa_len
);
406 entry
->sa_len
= sa_len
;
407 entry
->proto
= proto
;
408 pos
= insert_hash(hash
, entry
, &sockaddr_mapper
);
410 entry
->next
= (*pos
);
413 rwlock_unlock(&sockaddr_map_lock
);
418 int try_register_user_by_socket(struct curve25519_struct
*c
,
419 char *src
, size_t slen
, int sock
, int log
)
423 size_t real_len
= 132;
425 struct user_store
*elem
;
426 enum is_user_enum err
;
427 unsigned char auth
[crypto_auth_hmacsha512256_BYTES
];
428 struct taia arrival_taia
;
430 /* assert(132 == clen + sizeof(auth)); */
432 * Check hmac first, if malicious, drop immediately before we
433 * investigate more efforts.
438 taia_now(&arrival_taia
);
439 memcpy(auth
, src
, sizeof(auth
));
441 real_len
-= sizeof(auth
);
442 if (crypto_auth_hmacsha512256_verify(auth
, (unsigned char *) src
,
444 syslog(LOG_ERR
, "Bad packet hmac for id %d! Dropping!\n", sock
);
448 syslog(LOG_INFO
, "Good packet hmac for id %d!\n", sock
);
451 rwlock_rd_lock(&store_lock
);
454 clen
= curve25519_decode(c
, &elem
->proto_inf
,
455 (unsigned char *) src
, real_len
,
456 (unsigned char **) &cbuff
,
463 cbuff
+= crypto_box_zerobytes
;
464 clen
-= crypto_box_zerobytes
;
467 syslog(LOG_INFO
, "Packet decoded sucessfully for id %d!\n", sock
);
469 err
= username_msg_is_user(cbuff
, clen
, elem
->username
,
470 strlen(elem
->username
) + 1);
471 if (err
== USERNAMES_OK
) {
473 syslog(LOG_INFO
, "Found user %s for id %d! Registering ...\n",
474 elem
->username
, sock
);
475 ret
= register_user_by_socket(sock
, &elem
->proto_inf
);
480 rwlock_unlock(&store_lock
);
483 syslog(LOG_ERR
, "User not found! Dropping connection!\n");
487 int try_register_user_by_sockaddr(struct curve25519_struct
*c
,
488 char *src
, size_t slen
,
489 struct sockaddr_storage
*sa
,
490 size_t sa_len
, int log
)
494 struct user_store
*elem
;
496 size_t real_len
= 132;
497 enum is_user_enum err
;
498 unsigned char auth
[crypto_auth_hmacsha512256_BYTES
];
499 struct taia arrival_taia
;
501 /* assert(132 == clen + sizeof(auth)); */
503 * Check hmac first, if malicious, drop immediately before we
504 * investigate more efforts.
509 taia_now(&arrival_taia
);
510 memcpy(auth
, src
, sizeof(auth
));
512 real_len
-= sizeof(auth
);
513 if (crypto_auth_hmacsha512256_verify(auth
, (unsigned char *) src
,
515 syslog(LOG_ERR
, "Got bad packet hmac! Dropping!\n");
519 syslog(LOG_INFO
, "Got good packet hmac!\n");
522 rwlock_rd_lock(&store_lock
);
525 clen
= curve25519_decode(c
, &elem
->proto_inf
,
526 (unsigned char *) src
, real_len
,
527 (unsigned char **) &cbuff
,
534 cbuff
+= crypto_box_zerobytes
;
535 clen
-= crypto_box_zerobytes
;
538 syslog(LOG_INFO
, "Packet decoded sucessfully!\n");
540 err
= username_msg_is_user(cbuff
, clen
, elem
->username
,
541 strlen(elem
->username
) + 1);
542 if (err
== USERNAMES_OK
) {
544 syslog(LOG_INFO
, "Found user %s! Registering ...\n",
546 ret
= register_user_by_sockaddr(sa
, sa_len
,
552 rwlock_unlock(&store_lock
);
555 syslog(LOG_ERR
, "User not found! Dropping connection!\n");
559 int get_user_by_socket(int fd
, struct curve25519_proto
**proto
)
562 struct sock_map_entry
*entry
;
565 rwlock_rd_lock(&sock_map_lock
);
566 entry
= lookup_hash(fd
, &sock_mapper
);
567 while (entry
&& fd
!= entry
->fd
)
569 if (entry
&& fd
== entry
->fd
) {
570 (*proto
) = entry
->proto
;
576 rwlock_unlock(&sock_map_lock
);
581 int get_user_by_sockaddr(struct sockaddr_storage
*sa
, size_t sa_len
,
582 struct curve25519_proto
**proto
)
585 struct sockaddr_map_entry
*entry
;
586 unsigned int hash
= hash_name((char *) sa
, sa_len
);
589 rwlock_rd_lock(&sockaddr_map_lock
);
590 entry
= lookup_hash(hash
, &sockaddr_mapper
);
591 while (entry
&& entry
->sa_len
== sa_len
&&
592 memcmp(sa
, entry
->sa
, entry
->sa_len
))
594 if (entry
&& entry
->sa_len
== sa_len
&&
595 !memcmp(sa
, entry
->sa
, entry
->sa_len
)) {
596 (*proto
) = entry
->proto
;
602 rwlock_unlock(&sockaddr_map_lock
);
607 static struct sock_map_entry
*socket_to_sock_map_entry(int fd
)
609 struct sock_map_entry
*entry
, *ret
= NULL
;
612 rwlock_rd_lock(&sock_map_lock
);
613 entry
= lookup_hash(fd
, &sock_mapper
);
614 while (entry
&& fd
!= entry
->fd
)
616 if (entry
&& fd
== entry
->fd
)
620 rwlock_unlock(&sock_map_lock
);
625 void remove_user_by_socket(int fd
)
627 struct sock_map_entry
*pos
;
628 struct sock_map_entry
*entry
= socket_to_sock_map_entry(fd
);
631 rwlock_wr_lock(&sock_map_lock
);
632 pos
= remove_hash(entry
->fd
, entry
, entry
->next
, &sock_mapper
);
633 while (pos
&& pos
->next
&& pos
->next
!= entry
)
635 if (pos
&& pos
->next
&& pos
->next
== entry
)
636 pos
->next
= entry
->next
;
637 memset(entry
->proto
->enonce
, 0, sizeof(entry
->proto
->enonce
));
638 memset(entry
->proto
->dnonce
, 0, sizeof(entry
->proto
->dnonce
));
642 rwlock_unlock(&sock_map_lock
);
645 static struct sockaddr_map_entry
*
646 sockaddr_to_sockaddr_map_entry(struct sockaddr_storage
*sa
, size_t sa_len
)
648 struct sockaddr_map_entry
*entry
, *ret
= NULL
;
649 unsigned int hash
= hash_name((char *) sa
, sa_len
);
652 rwlock_rd_lock(&sockaddr_map_lock
);
653 entry
= lookup_hash(hash
, &sockaddr_mapper
);
654 while (entry
&& entry
->sa_len
== sa_len
&&
655 memcmp(sa
, entry
->sa
, entry
->sa_len
))
657 if (entry
&& entry
->sa_len
== sa_len
&&
658 !memcmp(sa
, entry
->sa
, entry
->sa_len
))
662 rwlock_unlock(&sockaddr_map_lock
);
667 void remove_user_by_sockaddr(struct sockaddr_storage
*sa
, size_t sa_len
)
669 struct sockaddr_map_entry
*pos
;
670 struct sockaddr_map_entry
*entry
;
671 unsigned int hash
= hash_name((char *) sa
, sa_len
);
672 entry
= sockaddr_to_sockaddr_map_entry(sa
, sa_len
);
675 rwlock_wr_lock(&sockaddr_map_lock
);
676 pos
= remove_hash(hash
, entry
, entry
->next
, &sockaddr_mapper
);
677 while (pos
&& pos
->next
&& pos
->next
!= entry
)
679 if (pos
&& pos
->next
&& pos
->next
== entry
)
680 pos
->next
= entry
->next
;
681 memset(entry
->proto
->enonce
, 0, sizeof(entry
->proto
->enonce
));
682 memset(entry
->proto
->dnonce
, 0, sizeof(entry
->proto
->dnonce
));
687 rwlock_unlock(&sockaddr_map_lock
);