Add crypto

2025-03-09 15:40:12 +00:00 · 2017-08-13 22:42:34 +02:00 · 2017-08-13 22:42:34 +02:00 · 57209931db
commit 57209931db
parent 1271a50eaf
9 changed files with 251 additions and 8 deletions
--- a/files/dawn.config
+++ b/files/dawn.config
@ -1,6 +1,8 @@
 config settings network
 	option broadcast_ip '10.0.0.255'
 	option broadcast_port '1025'
+	option shared_key 'Niiiiiiiiiiiiiik'
+	option iv 'Niiiiiiiiiiiiiik'

 config settings ordering
    option sort_order 'csfb'
--- a/files/dawn.init
+++ b/files/dawn.init
@ -16,14 +16,18 @@ start_service()
 	local broadcast_port
 	local sort_order
 	local hostapd_dir
+	local shared_key
+	local iv

 	config_load "${NAME}"
 	config_get broadcast_ip network broadcast_ip
 	config_get broadcast_port network broadcast_port
+    config_get shared_key network shared_key
+    config_get iv network iv
+
 	config_get sort_order ordering sort_order
 	config_get hostapd_dir hostapd hostapd_dir

-
 	procd_open_instance
 	echo "$PROG -p $broadcast_port -i $broadcast_ip -o $sort_order"
 	procd_set_param command "$PROG"
@ -31,6 +35,8 @@ start_service()
 	procd_append_param command -i "${broadcast_ip}"
 	procd_append_param command -o "${sort_order}"
 	procd_append_param command -h "${hostapd_dir}"
+    procd_append_param command -k "${shared_key}"
+    procd_append_param command -v "${iv}"

 	procd_set_param stdout 1
 	procd_set_param stderr 1
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -30,10 +30,10 @@ SET(SOURCES
 	utils/runopts.c
 	include/runopts.h

-		utils/dawn_uci.c include/dawn_uci.h)
+		utils/dawn_uci.c include/dawn_uci.h crypto/crypto.c include/crypto.h)

 SET(LIBS
-	ubox ubus json-c blobmsg_json config uci)
+	ubox ubus json-c blobmsg_json config uci gcrypt)

 ADD_EXECUTABLE(dawn ${SOURCES} utils/dawn_uci.c include/dawn_uci.h)

--- a/src/crypto/crypto.c
+++ b/src/crypto/crypto.c
@ -0,0 +1,117 @@
+#include "crypto.h"
+
+#include <gcrypt.h>
+#include <stdio.h>
+
+#define GCRY_CIPHER GCRY_CIPHER_AES128   // Pick the cipher here
+#define GCRY_C_MODE GCRY_CIPHER_MODE_ECB // Pick the cipher mode here
+
+gcry_error_t     gcry_error_handle;
+gcry_cipher_hd_t gcry_cipher_hd;
+
+void gcrypt_init()
+{
+    if (!gcry_check_version (GCRYPT_VERSION))
+    {
+        fprintf(stderr,"gcrypt: library version mismatch");
+    }
+    gcry_error_t err = 0;
+    err = gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+    err |= gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+    err |= gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
+    err |= gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+    if (err) {
+        fprintf(stderr,"gcrypt: failed initialization");
+    }
+}
+
+void gcrypt_set_key_and_iv(char *key, char *iv)
+{
+    size_t keylen = gcry_cipher_get_algo_keylen(GCRY_CIPHER);
+    size_t blklen = gcry_cipher_get_algo_blklen(GCRY_CIPHER);
+
+    gcry_error_handle = gcry_cipher_open(
+            &gcry_cipher_hd, // gcry_cipher_hd_t *
+            GCRY_CIPHER,   // int
+            GCRY_C_MODE,   // int
+            0);
+    if (gcry_error_handle)
+    {
+        printf("gcry_cipher_open failed:  %s/%s\n",
+               gcry_strsource(gcry_error_handle),
+               gcry_strerror(gcry_error_handle));
+        return;
+    }
+
+    gcry_error_handle = gcry_cipher_setkey(gcry_cipher_hd, key, keylen);
+    if (gcry_error_handle)
+    {
+        printf("gcry_cipher_setkey failed:  %s/%s\n",
+               gcry_strsource(gcry_error_handle),
+               gcry_strerror(gcry_error_handle));
+        return;
+    }
+
+    gcry_error_handle = gcry_cipher_setiv(gcry_cipher_hd, iv, blklen);
+    if (gcry_error_handle)
+    {
+        printf("gcry_cipher_setiv failed:  %s/%s\n",
+               gcry_strsource(gcry_error_handle),
+               gcry_strerror(gcry_error_handle));
+        return;
+    }
+}
+
+// free out buffer after using!
+char* gcrypt_encrypt_msg(char* msg, size_t msg_length)
+{
+    if ( 0U != (msg_length & 0xfU) )
+        msg_length += 0x10U - (msg_length & 0xfU);
+
+    //msg_length++; // increase because of \0
+    char *out = malloc(msg_length);
+    gcry_error_handle = gcry_cipher_encrypt(
+            gcry_cipher_hd, // gcry_cipher_hd_t
+            out,    // void *
+            msg_length,    // size_t
+            msg,    // const void *
+            msg_length);   // size_t
+    printf("Message encrypted: %s : %s size: %d\n", msg, out, msg_length);
+    if (gcry_error_handle)
+    {
+        printf("gcry_cipher_encrypt failed:  %s/%s\n",
+               gcry_strsource(gcry_error_handle),
+               gcry_strerror(gcry_error_handle));
+        return NULL;
+    }
+    return out;
+}
+
+// free out buffer after using!
+char* gcrypt_decrypt_msg(char* msg, size_t msg_length)
+{
+    if ( 0U != (msg_length & 0xfU) )
+        msg_length += 0x10U - (msg_length & 0xfU);
+
+    char* out_buffer = malloc(msg_length);
+    gcry_error_handle = gcry_cipher_decrypt(
+            gcry_cipher_hd, // gcry_cipher_hd_t
+            out_buffer,    // void *
+            msg_length,    // size_t
+            msg,    // const void *
+            msg_length);   // size_t
+    if (gcry_error_handle)
+    {
+        printf("gcry_cipher_encrypt failed:  %s/%s\n",
+               gcry_strsource(gcry_error_handle),
+               gcry_strerror(gcry_error_handle));
+        return NULL;
+    }
+    char* out = malloc(strlen(out_buffer) + 1);
+    strcpy(out, out_buffer);
+    free(out_buffer);
+    return out;
+}
+
+
--- a/src/include/crypto.h
+++ b/src/include/crypto.h
@ -0,0 +1,10 @@
+#ifndef DAWN_CRYPTO_H
+#define DAWN_CRYPTO_H
+
+#include <stdlib.h>
+
+void gcrypt_init();
+void gcrypt_set_key_and_iv(char *key, char *iv);
+char* gcrypt_encrypt_msg(char* msg, size_t msg_length);
+char* gcrypt_decrypt_msg(char* msg, size_t msg_length);
+#endif //DAWN_CRYPTO_H
--- a/src/include/networksocket.h
+++ b/src/include/networksocket.h
@ -7,6 +7,7 @@ pthread_mutex_t send_mutex;

 int init_socket_runopts(char *_ip, char *_port, int broadcast_socket);
 int send_string(char *msg);
+int send_string_enc(char *msg);
 void close_socket();

 #endif
--- a/src/main.c
+++ b/src/main.c
@ -7,7 +7,10 @@
 #include "dawn_uci.h"

 #define BUFSIZE 17
-#define BUFSIZE_DIR 255
+#define BUFSIZE_DIR 256
+
+
+#include "crypto.h"

 int main(int argc, char **argv) {
    const char *ubus_socket = NULL;
@ -17,7 +20,10 @@ int main(int argc, char **argv) {
    char opt_broadcast_port[BUFSIZE];
    char opt_hostapd_dir[BUFSIZE_DIR];

-    while ((ch = getopt(argc, argv, "cs:p:i:b:o:h:")) != -1) {
+    char shared_key[BUFSIZE_DIR];
+    char iv[BUFSIZE_DIR];
+
+    while ((ch = getopt(argc, argv, "cs:p:i:b:o:h:i:k:v:")) != -1) {
        switch (ch) {
            case 's':
                ubus_socket = optarg;
@ -33,15 +39,45 @@ int main(int argc, char **argv) {
            case 'o':
                snprintf(sort_string, SORT_NUM, "%s", optarg);
                printf("sort string: %s\n", sort_string);
+                break;
            case 'h':
                snprintf(opt_hostapd_dir, BUFSIZE_DIR, "%s", optarg);
                printf("hostapd dir: %s\n", opt_hostapd_dir);
                hostapd_dir_glob = optarg;
+                break;
+            case 'k':
+                snprintf(shared_key, BUFSIZE_DIR, "%s", optarg);
+                printf("Key: %s\n", shared_key);
+                break;
+            case 'v':
+                snprintf(iv, BUFSIZE_DIR, "%s", optarg);
+                printf("IV: %s\n", iv);
+                break;
            default:
                break;
        }
    }

+    /* ----
+     *  Testing encryption
+     * ----
+     */
+
+    char msg[] = "Hallo Lotta!!!!! :D";
+    gcrypt_init();
+    gcrypt_set_key_and_iv(shared_key, iv);
+    printf("Encrypting msg: %s\n", msg);
+    char* enc = gcrypt_encrypt_msg(msg, strlen(msg) + 1);
+    printf("Decrypting msg: %s\n", enc);
+    char* dec = gcrypt_decrypt_msg(enc, strlen(enc));
+    printf("Message decrypted: %s\n", dec);
+    free(enc);
+    free(dec);
+
+    /*
+     * ----
+     */
+
    argc -= optind;
    argv += optind;

--- a/src/network/networksocket.c
+++ b/src/network/networksocket.c
@ -14,6 +14,7 @@
 #include "broadcastsocket.h"
 #include "multicastsocket.h"
 #include "ubus.h"
+#include "crypto.h"

 /* Network Defines */
 #define MAX_RECV_STRING 500
@ -28,6 +29,7 @@ char recv_string[MAX_RECV_STRING + 1];
 int recv_string_len;

 void *receive_msg(void *args);
+void *receive_msg_enc(void *args);

 int init_socket_runopts(char *_ip, char *_port, int broadcast_socket) {

@ -42,7 +44,7 @@ int init_socket_runopts(char *_ip, char *_port, int broadcast_socket) {
    }

    pthread_t sniffer_thread;
-    if (pthread_create(&sniffer_thread, NULL, receive_msg, NULL)) {
+    if (pthread_create(&sniffer_thread, NULL, receive_msg_enc, NULL)) { // try encrypted
        fprintf(stderr, "Could not create receiving thread!");
        return -1;
    }
@ -119,6 +121,56 @@ void *receive_msg(void *args) {
    }
 }

+void *receive_msg_enc(void *args) {
+    while (1) {
+        if ((recv_string_len =
+                     recvfrom(sock, recv_string, MAX_RECV_STRING, 0, NULL, 0)) < 0) {
+            fprintf(stderr, "Could not receive message!");
+            continue;
+        }
+
+        if (recv_string == NULL) {
+            return 0;
+        }
+
+        if (strlen(recv_string) <= 0) {
+            return 0;
+        }
+        recv_string[recv_string_len] = '\0';
+
+        char* dec = gcrypt_decrypt_msg(recv_string, strlen(recv_string));
+
+        printf("[WC] Network-Received: %s\n", dec);
+
+        probe_entry prob_req;
+        struct blob_buf b;
+
+        blob_buf_init(&b, 0);
+        blobmsg_add_json_from_string(&b, dec);
+
+        char *str;
+        str = blobmsg_format_json(b.head, true);
+
+        if (str == NULL) {
+            return 0;
+        }
+
+        if (strlen(str) <= 0) {
+            return 0;
+        }
+
+        if (strstr(str, "clients") != NULL) {
+            parse_to_clients(b.head, 0, 0);
+        } else if (strstr(str, "target") != NULL) {
+            if (parse_to_probe_req(b.head, &prob_req) == 0) {
+                insert_to_array(prob_req, 0);
+            }
+        }
+        // free encrypted string
+        free(dec);
+    }
+}
+
 int send_string(char *msg) {
    pthread_mutex_lock(&send_mutex);
    size_t msglen = strlen(msg);
@ -144,4 +196,23 @@ int send_string(char *msg) {
    return 0;
 }

+int send_string_enc(char *msg) {
+    pthread_mutex_lock(&send_mutex);
+    size_t msglen = strlen(msg);
+    char* enc = gcrypt_encrypt_msg(msg, msglen + 1);
+
+    if (sendto(sock,
+               enc,
+               strlen(enc),
+               0,
+               (struct sockaddr *) &addr,
+               sizeof(addr)) < 0) {
+        perror("sendto()");
+        pthread_mutex_unlock(&send_mutex);
+        exit(EXIT_FAILURE);
+    }
+    pthread_mutex_unlock(&send_mutex);
+    return 0;
+}
+
 void close_socket() { close(sock); }
--- a/src/utils/ubus.c
+++ b/src/utils/ubus.c
@ -192,7 +192,7 @@ static int hostapd_notify(struct ubus_context *ctx, struct ubus_object *obj,
    // send probe via network
    char *str;
    str = blobmsg_format_json(msg, true);
-    send_string(str);
+    send_string_enc(str);

    printf("[WC] Hostapd-Probe: %s : %s\n", method, str);

@ -407,7 +407,7 @@ static void ubus_get_clients_cb(struct ubus_request *req, int type, struct blob_
    parse_to_clients(msg, 1, req->peer);

    char *str = blobmsg_format_json(msg, true);
-    send_string(str);
+    send_string_enc(str);
    print_client_array();
 }