buy-back from bug1685781 - vtun3 client should parse vtun2 server encr directives

This commit is contained in:
mtbishop 2008-01-07 22:12:48 +00:00
parent e971c621d2
commit a460c4bfc1
8 changed files with 332 additions and 15 deletions

View File

@ -1,4 +1,5 @@
3.0.2:
ref1685781 - vtun3 client should parse vtun2 server encr directives (hch)
rfe1744575 - cfg_file.y bugs (mf)
rfe1738167 - build on c5 still fails (bc)
@ -68,7 +69,7 @@ ver 2.5:
Fixes to support both Linux TUN/TAP drivers.
ver 2.5b1:
Encryption fixes: improved challenge generation, padding check.
Encryption fixes: improved challenge generation (jy), padding check.
Config parser fixes. Don't allow empty passwords.
New config option to specify syslog logging facility.
Support for new Linux TUN/TAP driver.

142
Credits Normal file
View File

@ -0,0 +1,142 @@
Author of this package is Maxim Krasnyansky <max_mk@yahoo.com>.
A lot of thanks to the following people for their suggestions and
contributions:
Gayaneh Krasnyanskaya(Max's Wife) <gayaneh@yahoo.com>
Initial Web site creation. And a lot of other help :)))
Alex Korenkov <alex@uznet.net>
Testing, bug reports.
Shukhrat Zakhidov <shukhrat@ishonch.uz>
Testing, bug reports, suggestions.
Dag Wieers <dag@mind.be>
Initial RPM packager specification file.
RedHat startup script.
Several bug reports.
SOCKS support suggestions.
Ted Rolle <ted@acacia.datacomm.com>
Spelling fixes.
Craig Sanders <cas@taz.net.au>
Debian startup script.
Catalin Ciocoiu <catalin@ccp.pub.ro>
Reported compilation problems.
Timur Danyarhojaev <tid@podolsk.ru>
Added client source address option.
Andreas Kainz <aka@gams.at>
RPM package improvements.
Chris Todd <christ@insynq.com>
Idea of challenge based authentication.
Initial BlowFish encryption code.
Suggestions.
Garet Krampe <garet@satix.net>
A lot of great ideas. Mailing list.
Web site mirror.
Denis Zapolsky <denis@granch.com.my>
Testing.
Vadim Zaliva <lord@crocodile.org>
Solaris patches. Suggestions.
Hurricane Floyd <floyd@hurricanes.org>
Max had several vacations.
Bishop had no power or water, and was able
to experience the Third World.
:)))))))))))))))))))
James B. MacLean <macleajb@Trademart-1.EDnet.NS.CA>
Client persist mode fix. Suggestions.
Paul <xerox@httpd.net>
Stress tests, bug reports, suggestions.
Maksim Yevenkin <m_evmenkin@yahoo.com>
TAP driver for FreeBSD.
Anthon Walters <anthon@ws.co.za>
Web site mirror. Testing. Initial FAQ.
Ryan Defelice <ryand@mobiletel.com>
OpenBSD package maintainer. Provided OpenBSD server for
development and testing
Alexander Bergolth <leo@strike.wu-wien.ac.at>
Initial multiple connection handling and host lock functionalities.
Improvements and fixes of source address option. Incorrect error
handling fix. Ideas. Suggestions.
Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de>
NetBSD package.
Hiroharu Tamaru <tamaru@ap.t.u-tokyo.ac.jp>
Updated FreeBSD 4.0 TUN driver support.
Terry Donaldson <tsd@geo-mis.com>
Provided Solaris 8.0 server for development and testing.
Daniel Podlejski <underley@underley.eu.org>
TUN/TAP driver modifications for 2.3.99-pre5 kernel.
Michael Tokarev <mjt@tls.msk.ru>
File descriptors and memory leaks fix.
Tons of other bug fixes and patches. Suggestions. Ideas.
Xavier <xavier@bru-noc.net>
European web site mirror.
Chris Snell <chris@bikeworld.com>
Mailing list archives.
Robert Stone <talby@trap.mtview.ca.us>
Security enhancements. Suggestions. Ideas.
Encryption and other subsystems rework for 3.X.
Steinar H. Gunderson <sgunderson@bigfoot.com>
Tons of stability fixes and problem reports.
Ideas and suggestions.
Yan Seiner <yan@cardinalengineering.com>
Testing. Bug reports. Suggestions.
James Yonan <jim@funnybee.ntlp.com>
Encryption and other fixes. Suggestions.
Greg Olszewski <noop@nwonknu.org>
Config parser and other fixes. Suggestions.
Kevin P. Fleming <kevin@labsysgrp.com>
Makefile and config parser enhancement.
Other minor fixes and suggestions.
Robert R. Wal <rrw@hell.pl>
Added support for iproute command.
Willems Luc <willems.luc@pandora.be>
Initial SuSE packaging. Testing.
Nickolai Zeldovich <nickolai@cs.stanford.edu>
mlockall() support to prevent VM collapse.
Dale Fountain <dpf-vtun@fountainbay.com>
Added multiple cipher support.
Added multiple cipher modes support.
Added support for different sized keys.
Re-sync ciphers when using non-ECB modes over a UDP connection.
Fixed Bug#908824 (persist=keep not re-applying routes)
Alan Grow <agrow-at-thegotonerd.com>
Added a Listening Address/Interface (rfe936523)
Cleaned up the code around that portion of the config.
Hans Carlos Hoffman <hchs.de>
Inventive method for vtund3c->vtund2s encryption (rfe1685781)

View File

@ -15,7 +15,7 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# $Id: Makefile.in,v 1.11.2.1 2007/06/29 05:26:33 mtbishop Exp $
# $Id: Makefile.in,v 1.11.2.2 2008/01/07 22:12:57 mtbishop Exp $
#
CC = @CC@
CFLAGS = @CFLAGS@ @CPPFLAGS@
@ -50,7 +50,7 @@ OBJS = main.o cfg_file.tab.o cfg_file.lex.o server.o client.o lib.o \
llist.o auth.o tunnel.o lock.o netlib.o \
tun_dev.o tap_dev.o pty_dev.o pipe_dev.o \
tcp_proto.o udp_proto.o \
linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o
linkfd.o lfd_shaper.o lfd_zlib.o lfd_lzo.o lfd_encrypt.o lfd_legacy_encrypt.o
CONFIGURE_FILES = Makefile config.status config.cache config.h config.log

27
auth.c
View File

@ -17,15 +17,12 @@
*/
/*
* $Id: auth.c,v 1.9.2.1 2007/06/29 05:25:45 mtbishop Exp $
* $Id: auth.c,v 1.9.2.2 2008/01/07 22:12:48 mtbishop Exp $
*/
/*
* Challenge based authentication.
* Thanx to Chris Todd<christ@insynq.com> for the good idea.
*
* Jim Yonan, 05/24/2001
* gen_chal rewrite to use better random number generator
*/
#include "config.h"
@ -180,7 +177,10 @@ char *bf2cf(struct vtun_host *host)
return str;
}
/* return 1 on success, otherwise 0 */
/* return 1 on success, otherwise 0
Example:
FLAGS: <TuE1>
*/
int cf2bf(char *str, struct vtun_host *host)
{
@ -188,6 +188,7 @@ int cf2bf(char *str, struct vtun_host *host)
int s;
if( (ptr = strchr(str,'<')) ){
vtun_syslog(LOG_DEBUG,"Remote Server sends %s.", ptr);
ptr++;
while(*ptr){
switch(*ptr++){
@ -229,10 +230,19 @@ int cf2bf(char *str, struct vtun_host *host)
ptr = p;
break;
case 'E':
if((s = strtol(ptr,&p,10)) == ERANGE || ptr == p)
/* new form is 'E10', old form is 'E', so remove the
ptr==p check */
if((s = strtol(ptr,&p,10)) == ERANGE) {
vtun_syslog(LOG_ERR,"Garbled encryption method. Bailing out.");
return 0;
}
host->flags |= VTUN_ENCRYPT;
host->cipher = s;
if (0 == s) {
host->cipher = VTUN_LEGACY_ENCRYPT;
vtun_syslog(LOG_INFO,"Remote server using older encryption.");
} else {
host->cipher = s;
}
ptr = p;
break;
case 'S':
@ -244,6 +254,9 @@ int cf2bf(char *str, struct vtun_host *host)
}
ptr = p;
break;
case 'F':
/* reserved for Feature transmit */
break;
case '>':
return 1;
default:

154
lfd_legacy_encrypt.c Normal file
View File

@ -0,0 +1,154 @@
/*
VTun - Virtual Tunnel over TCP/IP network.
Copyright (C) 1998-2000 Maxim Krasnyansky <max_mk@yahoo.com>
VTun has been derived from VPPP package by Maxim Krasnyansky.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
/*
* $Id: lfd_legacy_encrypt.c,v 1.1.4.1 2008/01/07 22:12:53 mtbishop Exp $
* Code added wholesale temporarily from lfd_encrypt 1.2.2.8
*/
/*
Encryption module uses software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*/
/*
* This lfd_encrypt module uses MD5 to create 128 bits encryption
* keys and BlowFish for actual data encryption.
* It is based on code written by Chris Todd<christ@insynq.com> with
* several improvements and modifications.
*/
#include "config.h"
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <syslog.h>
#include <strings.h>
#include <string.h>
#include "vtun.h"
#include "linkfd.h"
#include "lib.h"
#ifdef HAVE_SSL
#ifndef __APPLE_CC__
/* OpenSSL includes */
#include <openssl/md5.h>
#include <openssl/blowfish.h>
#else /* YAY - We're MAC OS */
#include <sys/md5.h>
#include <crypto/blowfish.h>
#endif /* __APPLE_CC__ */
#define ENC_BUF_SIZE VTUN_FRAME_SIZE + 16
#define ENC_KEY_SIZE 16
BF_KEY key;
char * enc_buf;
int alloc_legacy_encrypt(struct vtun_host *host)
{
if( !(enc_buf = lfd_alloc(ENC_BUF_SIZE)) ){
vtun_syslog(LOG_ERR,"Can't allocate buffer for legacy encryptor");
return -1;
}
BF_set_key(&key, ENC_KEY_SIZE, MD5(host->passwd,strlen(host->passwd),NULL));
vtun_syslog(LOG_INFO, "BlowFish legacy encryption initialized");
return 0;
}
int free_legacy_encrypt()
{
lfd_free(enc_buf); enc_buf = NULL;
return 0;
}
int legacy_encrypt_buf(int len, char *in, char **out)
{
register int pad, p;
register char *in_ptr = in, *out_ptr = enc_buf;
/* 8 - ( len % 8 ) */
pad = (~len & 0x07) + 1; p = 8 - pad;
memset(out_ptr, 0, pad);
*out_ptr = (char) pad;
memcpy(out_ptr + pad, in_ptr, p);
BF_ecb_encrypt(out_ptr, out_ptr, &key, BF_ENCRYPT);
out_ptr += 8; in_ptr += p;
len = len - p;
for (p=0; p < len; p += 8)
BF_ecb_encrypt(in_ptr + p, out_ptr + p, &key, BF_ENCRYPT);
*out = enc_buf;
return len + 8;
}
int legacy_decrypt_buf(int len, char *in, char **out)
{
register int p;
for (p = 0; p < len; p += 8)
BF_ecb_encrypt(in + p, in + p, &key, BF_DECRYPT);
p = *in;
if (p < 1 || p > 8) {
vtun_syslog(LOG_INFO, "legacy_decrypt_buf: bad pad length");
return 0;
}
*out = in + p;
return len - p;
}
/*
* Module structure.
*/
struct lfd_mod lfd_legacy_encrypt = {
"Encryptor",
alloc_legacy_encrypt,
legacy_encrypt_buf,
NULL,
legacy_decrypt_buf,
NULL,
free_legacy_encrypt,
NULL,
NULL
};
#else /* HAVE_SSL */
int no_legacy_encrypt(struct vtun_host *host)
{
vtun_syslog(LOG_INFO, "Encryption is not supported");
return -1;
}
struct lfd_mod lfd_legacy_encrypt = {
"Encryptor",
no_legacy_encrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif /* HAVE_SSL */

View File

@ -17,7 +17,7 @@
*/
/*
* $Id: linkfd.c,v 1.13.2.1 2007/06/29 05:26:19 mtbishop Exp $
* $Id: linkfd.c,v 1.13.2.2 2008/01/07 22:12:54 mtbishop Exp $
*/
#include "config.h"
@ -365,7 +365,11 @@ int linkfd(struct vtun_host *host)
lfd_add_mod(&lfd_lzo);
if(host->flags & VTUN_ENCRYPT)
lfd_add_mod(&lfd_encrypt);
if(host->cipher == VTUN_LEGACY_ENCRYPT) {
lfd_add_mod(&lfd_legacy_encrypt);
} else {
lfd_add_mod(&lfd_encrypt);
}
if(host->flags & VTUN_SHAPE)
lfd_add_mod(&lfd_shaper);

View File

@ -17,7 +17,7 @@
*/
/*
* $Id: linkfd.h,v 1.4.2.1 2007/06/29 05:26:21 mtbishop Exp $
* $Id: linkfd.h,v 1.4.2.2 2008/01/07 22:12:56 mtbishop Exp $
*/
#ifndef _LINKFD_H
@ -87,6 +87,7 @@ struct lfd_mod {
extern struct lfd_mod lfd_zlib;
extern struct lfd_mod lfd_lzo;
extern struct lfd_mod lfd_encrypt;
extern struct lfd_mod lfd_legacy_encrypt;
extern struct lfd_mod lfd_shaper;
#endif

4
vtun.h
View File

@ -17,7 +17,7 @@
*/
/*
* $Id: vtun.h,v 1.12.2.1 2007/06/29 05:26:49 mtbishop Exp $
* $Id: vtun.h,v 1.12.2.2 2008/01/07 22:12:59 mtbishop Exp $
*/
#ifndef _VTUN_H
@ -155,6 +155,8 @@ extern llist host_list;
#define VTUN_ENC_AES256CFB 15
#define VTUN_ENC_AES256OFB 16
#define VTUN_LEGACY_ENCRYPT 999
/* Mask to drop the flags which will be supplied by the server */
#define VTUN_CLNT_MASK 0xf000