00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "stdinc.h"
00022
00023 #ifdef HAVE_LIBCRYPTO
00024 #include <openssl/evp.h>
00025 #include <openssl/err.h>
00026 #endif
00027 #ifdef HAVE_LIBZ
00028 #include <zlib.h>
00029 #endif
00030
00031 #include "servlink.h"
00032 #include "io.h"
00033 #include "control.h"
00034
00035 static cmd_handler cmd_set_zip_out_level;
00036 static cmd_handler cmd_start_zip_out;
00037 static cmd_handler cmd_start_zip_in;
00038 static cmd_handler cmd_set_crypt_in_cipher;
00039 static cmd_handler cmd_set_crypt_in_key;
00040 static cmd_handler cmd_start_crypt_in;
00041 static cmd_handler cmd_set_crypt_out_cipher;
00042 static cmd_handler cmd_set_crypt_out_key;
00043 static cmd_handler cmd_start_crypt_out;
00044 static cmd_handler cmd_init;
00045
00046 struct command_def command_table[] =
00047 {
00048 { CMD_SET_ZIP_OUT_LEVEL, cmd_set_zip_out_level, COMMAND_FLAG_DATA },
00049 { CMD_START_ZIP_OUT, cmd_start_zip_out, 0 },
00050 { CMD_START_ZIP_IN, cmd_start_zip_in, 0 },
00051 { CMD_SET_CRYPT_IN_CIPHER, cmd_set_crypt_in_cipher, COMMAND_FLAG_DATA },
00052 { CMD_SET_CRYPT_IN_KEY, cmd_set_crypt_in_key, COMMAND_FLAG_DATA },
00053 { CMD_START_CRYPT_IN, cmd_start_crypt_in, 0 },
00054 { CMD_SET_CRYPT_OUT_CIPHER, cmd_set_crypt_out_cipher, COMMAND_FLAG_DATA },
00055 { CMD_SET_CRYPT_OUT_KEY, cmd_set_crypt_out_key, COMMAND_FLAG_DATA },
00056 { CMD_START_CRYPT_OUT, cmd_start_crypt_out, 0 },
00057 { CMD_INJECT_RECVQ, process_recvq, COMMAND_FLAG_DATA },
00058 { CMD_INJECT_SENDQ, process_sendq, COMMAND_FLAG_DATA },
00059 { CMD_INIT, cmd_init, 0 },
00060 { CMD_ZIPSTATS, send_zipstats, 0 },
00061 { 0, 0, 0 }
00062 };
00063
00064 void
00065 cmd_set_zip_out_level(struct ctrl_command *cmd)
00066 {
00067 #ifdef HAVE_LIBZ
00068 out_state.zip_state.level = *cmd->data;
00069 if ((out_state.zip_state.level < -1) ||
00070 (out_state.zip_state.level > 9))
00071 send_error("invalid compression level %d",
00072 out_state.zip_state.level);
00073 #else
00074 send_error("can't set compression level - no libz support!");
00075 #endif
00076 }
00077
00078 void
00079 cmd_start_zip_out(struct ctrl_command *cmd)
00080 {
00081 #ifdef HAVE_LIBZ
00082 int ret;
00083
00084 if (out_state.zip)
00085 send_error("can't start compression - already started!");
00086
00087 out_state.zip_state.stream.total_in = 0;
00088 out_state.zip_state.stream.total_out = 0;
00089 out_state.zip_state.stream.zalloc = (alloc_func)0;
00090 out_state.zip_state.stream.zfree = (free_func)0;
00091 out_state.zip_state.stream.data_type = Z_ASCII;
00092
00093 if (out_state.zip_state.level <= 0)
00094 out_state.zip_state.level = Z_DEFAULT_COMPRESSION;
00095
00096 if ((ret = deflateInit(&out_state.zip_state.stream,
00097 out_state.zip_state.level)) != Z_OK)
00098 send_error("deflateInit failed: %d (%s)", ret, zError(ret));
00099
00100 out_state.zip = 1;
00101 #else
00102 send_error("can't start compression - no libz support!");
00103 #endif
00104 }
00105
00106 void
00107 cmd_start_zip_in(struct ctrl_command *cmd)
00108 {
00109 #ifdef HAVE_LIBZ
00110 int ret;
00111
00112 if (in_state.zip)
00113 send_error("can't start decompression - already started!");
00114
00115 in_state.zip_state.stream.total_in = 0;
00116 in_state.zip_state.stream.total_out = 0;
00117 in_state.zip_state.stream.zalloc = (alloc_func)0;
00118 in_state.zip_state.stream.zfree = (free_func)0;
00119 in_state.zip_state.stream.data_type = Z_ASCII;
00120 if ((ret = inflateInit(&in_state.zip_state.stream)) != Z_OK)
00121 send_error("inflateInit failed: %d (%s)", ret, zError(ret));
00122 in_state.zip = 1;
00123 #else
00124 send_error("can't start decompression - no libz support!");
00125 #endif
00126 }
00127
00128 void
00129 cmd_set_crypt_in_cipher(struct ctrl_command *cmd)
00130 {
00131 #ifdef HAVE_LIBCRYPTO
00132 unsigned int cipher = *cmd->data;
00133
00134 if (in_state.crypt_state.cipher)
00135 send_error("can't set decryption cipher - already set!");
00136
00137 switch (cipher)
00138 {
00139 #ifdef HAVE_EVP_BF_CFB
00140 case CIPHER_BF:
00141 in_state.crypt_state.cipher = EVP_bf_cfb();
00142 break;
00143 #endif
00144 #ifdef HAVE_EVP_CAST5_CFB
00145 case CIPHER_CAST:
00146 in_state.crypt_state.cipher = EVP_cast5_cfb();
00147 break;
00148 #endif
00149 #ifdef HAVE_EVP_DES_CFB
00150 case CIPHER_DES:
00151 in_state.crypt_state.cipher = EVP_des_cfb();
00152 break;
00153 #endif
00154 #ifdef HAVE_EVP_DES_EDE3_CFB
00155 case CIPHER_3DES:
00156 in_state.crypt_state.cipher = EVP_des_ede3_cfb();
00157 break;
00158 #endif
00159 #ifdef HAVE_EVP_IDEA_CFB
00160 case CIPHER_IDEA:
00161 in_state.crypt_state.cipher = EVP_idea_cfb();
00162 break;
00163 #endif
00164 #ifdef HAVE_EVP_RC5_32_12_16_CFB
00165 case CIPHER_RC5_8:
00166 in_state.crypt_state.cipher = EVP_rc5_32_12_16_cfb();
00167 in_state.crypt_state.rounds = 8;
00168 break;
00169 case CIPHER_RC5_12:
00170 in_state.crypt_state.cipher = EVP_rc5_32_12_16_cfb();
00171 in_state.crypt_state.rounds = 12;
00172 break;
00173 case CIPHER_RC5_16:
00174 in_state.crypt_state.cipher = EVP_rc5_32_12_16_cfb();
00175 in_state.crypt_state.rounds = 16;
00176 break;
00177 #endif
00178 default:
00179 send_error("can't set decryption cipher - invalid cipher: %d!",
00180 cipher);
00181 break;
00182 }
00183 #else
00184 send_error("can't set decryption cipher - no OpenSSL support!");
00185 #endif
00186 }
00187
00188 void
00189 cmd_set_crypt_in_key(struct ctrl_command *cmd)
00190 {
00191 #ifdef HAVE_LIBCRYPTO
00192 if (in_state.crypt_state.key)
00193 send_error("can't set decryption key - already set!");
00194
00195 in_state.crypt_state.keylen = cmd->datalen;
00196 in_state.crypt_state.key = malloc(cmd->datalen);
00197
00198 memcpy(in_state.crypt_state.key, cmd->data, cmd->datalen);
00199 #else
00200 send_error("can't set decryption key - no OpenSSL support!");
00201 #endif
00202 }
00203
00204 void
00205 cmd_start_crypt_in(struct ctrl_command *cmd)
00206 {
00207 #ifdef HAVE_LIBCRYPTO
00208 if (in_state.crypt)
00209 send_error("can't start decryption - already started!");
00210
00211 if (!in_state.crypt_state.cipher)
00212 send_error("can't start decryption - no cipher set!");
00213
00214 if (!in_state.crypt_state.key)
00215 send_error("can't start decryption - no key set!");
00216
00217 in_state.crypt = 1;
00218 if (!EVP_DecryptInit(&in_state.crypt_state.ctx,
00219 in_state.crypt_state.cipher, NULL, NULL))
00220 send_error("can't start decryption - DecryptInit (1) failed: %s!",
00221 ERR_error_string(ERR_get_error(), NULL));
00222
00223 if (!EVP_CIPHER_CTX_set_key_length(&in_state.crypt_state.ctx,
00224 in_state.crypt_state.keylen))
00225 send_error("can't start decryption - set_key_length failed: %s!",
00226 ERR_error_string(ERR_get_error(), NULL));
00227
00228 in_state.crypt_state.ivlen =
00229 EVP_CIPHER_CTX_iv_length(&in_state.crypt_state.ctx);
00230
00231 if (in_state.crypt_state.ivlen)
00232 in_state.crypt_state.iv = calloc(in_state.crypt_state.ivlen, 1);
00233
00234 if (in_state.crypt_state.rounds)
00235 {
00236 if (!EVP_CIPHER_CTX_ctrl(&in_state.crypt_state.ctx,
00237 EVP_CTRL_SET_RC5_ROUNDS,
00238 in_state.crypt_state.rounds,
00239 NULL))
00240 send_error("can't start decryption - SET_RC5_ROUNDS failed: %s!",
00241 ERR_error_string(ERR_get_error(), NULL));
00242 }
00243
00244 if (!EVP_DecryptInit(&in_state.crypt_state.ctx,
00245 NULL,
00246 in_state.crypt_state.key,
00247 in_state.crypt_state.iv))
00248 send_error("can't start decryption - DecryptInit (2) failed: %s!",
00249 ERR_error_string(ERR_get_error(), NULL));
00250 #else
00251 send_error("can't start decryption - no OpenSSL support!");
00252 #endif
00253 }
00254
00255 void
00256 cmd_set_crypt_out_cipher(struct ctrl_command *cmd)
00257 {
00258 #ifdef HAVE_LIBCRYPTO
00259 unsigned int cipher = *cmd->data;
00260
00261 if (out_state.crypt_state.cipher)
00262 send_error("can't set encryption cipher - already set!");
00263
00264 switch (cipher)
00265 {
00266 #ifdef HAVE_EVP_BF_CFB
00267 case CIPHER_BF:
00268 out_state.crypt_state.cipher = EVP_bf_cfb();
00269 break;
00270 #endif
00271 #ifdef HAVE_EVP_CAST5_CFB
00272 case CIPHER_CAST:
00273 out_state.crypt_state.cipher = EVP_cast5_cfb();
00274 break;
00275 #endif
00276 #ifdef HAVE_EVP_DES_CFB
00277 case CIPHER_DES:
00278 out_state.crypt_state.cipher = EVP_des_cfb();
00279 break;
00280 #endif
00281 #ifdef HAVE_EVP_DES_EDE3_CFB
00282 case CIPHER_3DES:
00283 out_state.crypt_state.cipher = EVP_des_ede3_cfb();
00284 break;
00285 #endif
00286 #ifdef HAVE_EVP_IDEA_CFB
00287 case CIPHER_IDEA:
00288 out_state.crypt_state.cipher = EVP_idea_cfb();
00289 break;
00290 #endif
00291 #ifdef HAVE_EVP_RC5_32_12_16_CFB
00292 case CIPHER_RC5_8:
00293 out_state.crypt_state.cipher = EVP_rc5_32_12_16_cfb();
00294 out_state.crypt_state.rounds = 8;
00295 break;
00296 case CIPHER_RC5_12:
00297 out_state.crypt_state.cipher = EVP_rc5_32_12_16_cfb();
00298 out_state.crypt_state.rounds = 12;
00299 break;
00300 case CIPHER_RC5_16:
00301 out_state.crypt_state.cipher = EVP_rc5_32_12_16_cfb();
00302 out_state.crypt_state.rounds = 16;
00303 break;
00304 #endif
00305 default:
00306 send_error("can't set encryption cipher - invalid cipher %d!",
00307 cipher);
00308 }
00309 #else
00310 send_error("can't set encryption cipher - no OpenSSL support!");
00311 #endif
00312 }
00313
00314 void
00315 cmd_set_crypt_out_key(struct ctrl_command *cmd)
00316 {
00317 #ifdef HAVE_LIBCRYPTO
00318 if (out_state.crypt_state.key)
00319 send_error("can't set encryption key - already set!");
00320
00321 out_state.crypt_state.keylen = cmd->datalen;
00322 out_state.crypt_state.key = malloc(cmd->datalen);
00323
00324 memcpy(out_state.crypt_state.key, cmd->data, cmd->datalen);
00325 #else
00326 send_error("can't set encryption key - no OpenSSL support!");
00327 #endif
00328 }
00329
00330 void
00331 cmd_start_crypt_out(struct ctrl_command *cmd)
00332 {
00333 #ifdef HAVE_LIBCRYPTO
00334 if (out_state.crypt)
00335 send_error("can't start encryption - already started!");
00336
00337 if (!out_state.crypt_state.cipher)
00338 send_error("can't start encryption - no cipher set!");
00339
00340 if (!out_state.crypt_state.key)
00341 send_error("can't start encryption - no key set!");
00342
00343 out_state.crypt = 1;
00344 if (!EVP_EncryptInit(&out_state.crypt_state.ctx,
00345 out_state.crypt_state.cipher, NULL, NULL))
00346 send_error("can't start encryption - EncryptInit (1) failed: %s!",
00347 ERR_error_string(ERR_get_error(), NULL));
00348
00349 if (!EVP_CIPHER_CTX_set_key_length(&out_state.crypt_state.ctx,
00350 out_state.crypt_state.keylen))
00351 send_error("can't start encryption - set_key_length failed: %s!",
00352 ERR_error_string(ERR_get_error(), NULL));
00353
00354 out_state.crypt_state.ivlen =
00355 EVP_CIPHER_CTX_iv_length(&out_state.crypt_state.ctx);
00356
00357 if (out_state.crypt_state.ivlen)
00358 out_state.crypt_state.iv = calloc(out_state.crypt_state.ivlen, 1);
00359
00360 if (out_state.crypt_state.rounds)
00361 {
00362 if (!EVP_CIPHER_CTX_ctrl(&out_state.crypt_state.ctx,
00363 EVP_CTRL_SET_RC5_ROUNDS,
00364 out_state.crypt_state.rounds, NULL))
00365 send_error("can't start encryption - SET_RC5_ROUNDS failed: %s!",
00366 ERR_error_string(ERR_get_error(), NULL));
00367 }
00368
00369 if (!EVP_EncryptInit(&out_state.crypt_state.ctx,
00370 NULL,
00371 out_state.crypt_state.key,
00372 out_state.crypt_state.iv))
00373 send_error("can't start encryption - EncryptInit (2) failed: %s!",
00374 ERR_error_string(ERR_get_error(), NULL));
00375 #else
00376 send_error("can't start encryption - no OpenSSL suppport!");
00377 #endif
00378 }
00379
00380 void
00381 cmd_init(struct ctrl_command *cmd)
00382 {
00383 if (in_state.active || out_state.active)
00384 send_error("CMD_INIT sent twice!");
00385
00386 in_state.active = 1;
00387 out_state.active = 1;
00388 CONTROL_R.read_cb = read_ctrl;
00389 CONTROL_W.write_cb = NULL;
00390 LOCAL_R.read_cb = read_data;
00391 LOCAL_W.write_cb = NULL;
00392 REMOTE_R.read_cb = read_net;
00393 REMOTE_W.write_cb = NULL;
00394 }