Merge pull request #415 from brlin-tw/patch-3

Fix typo (ubuntun -> ubuntu; use proper colons)

common.h

@@ -347,12 +347,12 @@ struct not_copy_able_t
 	}
 };
 
-const int single_max_data_len=1800;
-const int max_data_len=single_max_data_len*10;
-const int buf_len=max_data_len+800;
+const int huge_data_len=65535+100; //a packet with link level header might be larger than 65535
+const int huge_buf_len=huge_data_len+100;
+
+const int max_data_len=1800;
+const int buf_len=max_data_len+400;
 
-//const int max_data_len_gro=max_data_len*10;
-//const int buf_len_gro=max_data_len_gro+400;
 //const int max_address_len=512;
 
 u64_t get_current_time();

connection.cpp

@@ -497,9 +497,16 @@ int send_safer(conn_info_t &conn_info,char type,const char* data,int len)  //saf
             return -1;
         }
         write_u16(send_data_buf2,new_len);
-        send_data_buf2[0]^=gro_xor[0];
-        send_data_buf2[1]^=gro_xor[1];
         new_len+=2;
+	if(cipher_mode==cipher_xor)
+	{
+	    send_data_buf2[0]^=gro_xor[0];
+	    send_data_buf2[1]^=gro_xor[1];
+	}
+	else if(cipher_mode==cipher_aes128cbc||cipher_mode==cipher_aes128cbc)
+	{
+	    aes_ecb_encrypt1(send_data_buf2);
+	}
     }
 
 
@@ -656,14 +663,21 @@ int recv_safer_multi(conn_info_t &conn_info,vector<char> &type_arr,vector<string
         int ori_recv_len=recv_len;
         //mylog(log_debug,"recv_len:%d\n",recv_len);
         int cnt=0;
-        while(recv_len>2)
+        while(recv_len>=16)
         {
             cnt++;
             int single_len_no_xor;
             single_len_no_xor=read_u16(recv_data);
             int single_len;
-            recv_data[0]^=gro_xor[0];
-            recv_data[1]^=gro_xor[1];
+	    if(cipher_mode==cipher_xor)
+	    {
+		recv_data[0]^=gro_xor[0];
+		recv_data[1]^=gro_xor[1];
+	    }
+	    else if(cipher_mode==cipher_aes128cbc||cipher_mode==cipher_aes128cbc)
+	    {
+		aes_ecb_decrypt1(recv_data);
+	    }
             single_len=read_u16(recv_data);
             recv_len-=2;
             recv_data+=2;
@@ -672,9 +686,10 @@ int recv_safer_multi(conn_info_t &conn_info,vector<char> &type_arr,vector<string
                 mylog(log_debug,"illegal single_len %d(%d), recv_len %d left,dropped\n",single_len,single_len_no_xor,recv_len);
                 break;
             }
-            if(single_len> single_max_data_len )
+            if(single_len> max_data_len )
             {
-                mylog(log_warn,"single_len %d(%d) > %d, maybe you need to turn down mtu at upper level\n",single_len,single_len_no_xor,single_max_data_len);
+                mylog(log_warn,"single_len %d(%d) > %d, maybe you need to turn down mtu at upper level\n",single_len,single_len_no_xor,max_data_len);
+		break;
             }
 
             int ret = reserved_parse_safer(conn_info, recv_data, single_len, type, data, len);

doc/build_guide.md

@@ -8,7 +8,7 @@ the guide on how to build udp2raw
 such as PC,raspberry pi
 
 ##### install git
-run on debian/ubuntun：
+run on debian/ubuntu:
 ```
 sudo apt-get install git
 ```
@@ -18,7 +18,7 @@ sudo yum install git
 ```
 ##### clone git code
 
-run in any dir：
+run in any dir:
 
 ```
 git clone https://github.com/wangyu-/udp2raw-tunnel.git
@@ -26,7 +26,7 @@ cd udp2raw-tunnel
 ```
 
 ##### install compile tool
-run on debian/ubuntun：
+run on debian/ubuntu:
 ```
 sudo apt-get install build-essential
 ```
@@ -42,7 +42,7 @@ run 'make'，compilation done. the udp2raw file is the just compiled binary
 such as openwrt router,run following instructions on your PC
 
 ##### install git
-run on debian/ubuntun：
+run on debian/ubuntu:
 ```
 sudo apt-get install git
 ```

encrypt.cpp

@@ -37,6 +37,8 @@ auth_mode_t auth_mode=auth_md5;
 cipher_mode_t cipher_mode=cipher_aes128cbc;
 int is_hmac_used=0;
 
+int aes128cfb_old=0;
+
 //TODO key negotiation and forward secrecy
 
 int my_init_keys(const char * user_passwd,int is_client)
@@ -53,7 +55,7 @@ int my_init_keys(const char * user_passwd,int is_client)
 
 	if(auth_mode==auth_hmac_sha1)
 		is_hmac_used=1;
-	if(is_hmac_used||g_fix_gro)
+	if(is_hmac_used||g_fix_gro||1)
 	{
 		unsigned char salt[400]="";
 		char salt_text[400]="udp2raw_salt1";
@@ -297,6 +299,40 @@ int de_padding(const char *data ,int &data_len,int padding_num)
 	}
 	return 0;
 }
+void aes_ecb_encrypt(const char *data,char *output)
+{
+	static int first_time=1;
+	char *key=(char*)cipher_key_encrypt;
+	if(aes_key_optimize)
+	{
+		if(first_time==0) key=0;
+		else first_time=0;
+	}	
+	AES_ECB_encrypt_buffer((uint8_t*)data,(uint8_t*)key,(uint8_t*)output);
+}
+void aes_ecb_encrypt1(char *data)
+{
+    char buf[16];
+    memcpy(buf,data,16);
+    aes_ecb_encrypt(buf,data);
+}
+void aes_ecb_decrypt(const char *data,char *output)
+{
+	static int first_time=1;
+	char *key=(char*)cipher_key_decrypt;
+	if(aes_key_optimize)
+	{
+		if(first_time==0) key=0;
+		else first_time=0;
+	}	
+	AES_ECB_decrypt_buffer((uint8_t*)data,(uint8_t*)key,(uint8_t*)output);
+}
+void aes_ecb_decrypt1(char *data)
+{
+    char buf[16];
+    memcpy(buf,data,16);
+    aes_ecb_decrypt(buf,data);
+}
 int cipher_aes128cbc_encrypt(const char *data,char *output,int &len,char * key)
 {
 	static int first_time=1;
@@ -318,6 +354,7 @@ int cipher_aes128cbc_encrypt(const char *data,char *output,int &len,char * key)
 int cipher_aes128cfb_encrypt(const char *data,char *output,int &len,char * key)
 {
 	static int first_time=1;
+	assert(len>=16);
 
 	char buf[buf_len];
 	memcpy(buf,data,len);//TODO inefficient code
@@ -326,6 +363,10 @@ int cipher_aes128cfb_encrypt(const char *data,char *output,int &len,char * key)
 		if(first_time==0) key=0;
 		else first_time=0;
 	}
+	if(!aes128cfb_old)
+	{
+	    aes_ecb_encrypt(data,buf); //encrypt the first block
+	}
 
 	AES_CFB_encrypt_buffer((unsigned char *)output,(unsigned char *)buf,len,(unsigned char *)key,(unsigned char *)zero_iv);
 	return 0;
@@ -369,12 +410,19 @@ int cipher_aes128cbc_decrypt(const char *data,char *output,int &len,char * key)
 int cipher_aes128cfb_decrypt(const char *data,char *output,int &len,char * key)
 {
 	static int first_time=1;
+	if(len<16) return -1;
+    
 	if(aes_key_optimize)
 	{
 		if(first_time==0) key=0;
 		else first_time=0;
 	}
+	
+	
 	AES_CFB_decrypt_buffer((unsigned char *)output,(unsigned char *)data,len,(unsigned char *)key,(unsigned char *)zero_iv);
+	
+	if(!aes128cfb_old)
+	    aes_ecb_decrypt1(output); //decrypt the first block
 	//if(de_padding(output,len,16)<0) return -1;
 	return 0;
 }

encrypt.h

@@ -12,6 +12,7 @@
 //extern char key[16];
 
 const int aes_key_optimize=1; //if enabled,once you used a key for aes,you cant change it anymore
+extern int aes128cfb_old;
 
 int my_init_keys(const char *,int);
 
@@ -39,4 +40,10 @@ extern char gro_xor[256+100];
 int cipher_decrypt(const char *data,char *output,int &len,char * key);//internal interface ,exposed for test only
 int cipher_encrypt(const char *data,char *output,int &len,char * key);//internal interface ,exposed for test only
 
+void aes_ecb_encrypt(const char *data,char *output);
+void aes_ecb_decrypt(const char *data,char *output);
+
+void aes_ecb_encrypt1(char *data);
+void aes_ecb_decrypt1(char *data);
+
 #endif

lib/aes_acc/aesacc.c

@@ -366,7 +366,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
   decrypt_cbc(rk, length, iv_tmp, input, output);
 }
 
-void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output, const uint32_t length)
+void AES_ECB_encrypt_buffer(const uint8_t* input, const uint8_t* key, uint8_t* output)
 {
   static uint8_t rk[AES_RKSIZE];
 
@@ -376,7 +376,7 @@ void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t* output,
   encrypt_ecb(AES_NR, rk, input, output);
 }
 
-void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length)
+void AES_ECB_decrypt_buffer(const uint8_t* input, const uint8_t* key, uint8_t *output)
 {
   static uint8_t rk[AES_RKSIZE];
 

lib/aes_faster_c/wrapper.cpp

@@ -12,7 +12,7 @@
 #endif
 
 
-void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length)
+void AES_ECB_encrypt_buffer(const uint8_t* input, const uint8_t* key, uint8_t *output)
 {
 	static aes_context ctx;
 	if(key!=0)
@@ -24,7 +24,7 @@ void AES_ECB_encrypt(const uint8_t* input, const uint8_t* key, uint8_t *output,
 	assert(ret==0);
 	return ;
 }
-void AES_ECB_decrypt(const uint8_t* input, const uint8_t* key, uint8_t *output, const uint32_t length)
+void AES_ECB_decrypt_buffer(const uint8_t* input, const uint8_t* key, uint8_t *output)
 {
 	static aes_context ctx;
 	if(key!=0)

misc.cpp

@@ -563,9 +563,16 @@ void process_arg(int argc, char *argv[])  //process all options
 			}
 			else if(strcmp(long_options[option_index].name,"cipher-mode")==0)
 			{
+				string s=optarg;
+				if(s=="aes128cfb_0")
+				{
+					s="aes128cfb";
+					aes128cfb_old=1;
+					mylog(log_warn,"aes128cfb_0 is used\n");
+				}
 				for(i=0;i<cipher_end;i++)
 				{
-					if(strcmp(optarg,cipher_mode_tostring[i])==0)
+					if(strcmp(s.c_str(),cipher_mode_tostring[i])==0)
 					{
 						cipher_mode=(cipher_mode_t)i;
 						break;

network.cpp

@@ -43,7 +43,7 @@ const u32_t receive_window_lower_bound=40960;
 const u32_t receive_window_random_range=512;
 const unsigned char wscale=0x05;
 
-char g_packet_buf[buf_len]; //looks dirty but works well
+char g_packet_buf[huge_buf_len]; //looks dirty but works well
 int g_packet_buf_len=-1;
 int g_packet_buf_cnt=0;
 
@@ -834,29 +834,37 @@ int pre_recv_raw_packet()
 	assert(g_packet_buf_cnt==0);
 
 	g_sockaddr_len=sizeof(g_sockaddr.ll);
-	g_packet_buf_len = recvfrom(raw_recv_fd, g_packet_buf, max_data_len+1, 0 ,(sockaddr*)&g_sockaddr , &g_sockaddr_len);
+	g_packet_buf_len = recvfrom(raw_recv_fd, g_packet_buf, huge_data_len+1, 0 ,(sockaddr*)&g_sockaddr , &g_sockaddr_len);
 	//assert(g_sockaddr_len==sizeof(g_sockaddr.ll)); //g_sockaddr_len=18, sizeof(g_sockaddr.ll)=20, why its not equal? maybe its bc sll_halen is 6?
 
 	//assert(g_addr_ll_size==sizeof(g_addr_ll));
 
-	if(g_packet_buf_len==max_data_len+1)
+	if(g_packet_buf_len==huge_data_len+1)
 	{
-		mylog(log_warn,"huge packet, data_len %d > %d(max_data_len),dropped\n",g_packet_buf_len,max_data_len);
+		if(g_fix_gro==0)
+		{
+		mylog(log_warn,"huge packet, data_len %d > %d,dropped\n",g_packet_buf_len,huge_data_len);
 		return -1;
+		}
+		else
+		{
+			mylog(log_debug,"huge packet, data_len %d > %d,not dropped\n",g_packet_buf_len,huge_data_len);  
+			g_packet_buf_len=huge_data_len;
+		}
 	}
 
-    if(g_packet_buf_len> single_max_data_len+1)
+    if(g_packet_buf_len> max_data_len+1)
     {
         if(g_fix_gro==0)
         {
-            mylog(log_warn, "huge packet, data_len %d > %d(single_max_data_len) dropped, maybe you need to turn down mtu at upper level, or you may take a look at --fix-gro\n", g_packet_buf_len,
-                  single_max_data_len);
+            mylog(log_warn, "huge packet, data_len %d > %d(max_data_len) dropped, maybe you need to turn down mtu at upper level, or you may take a look at --fix-gro\n", g_packet_buf_len,
+                  max_data_len);
             return -1;
         }
         else
         {
-            mylog(log_debug, "huge packet, data_len %d > %d(single_max_data_len) not dropped\n", g_packet_buf_len,
-                  single_max_data_len);
+            mylog(log_debug, "huge packet, data_len %d > %d(max_data_len) not dropped\n", g_packet_buf_len,
+                  max_data_len);
             //return -1;
         }
 

network.h

@@ -27,7 +27,7 @@ extern int random_drop;
 
 extern int ifindex;
 
-extern char g_packet_buf[buf_len];
+extern char g_packet_buf[huge_buf_len];
 extern int g_packet_buf_len;
 extern int g_packet_buf_cnt;