diff --git a/files/dawn.config b/files/dawn.config index a5e8ca1..5e37719 100644 --- a/files/dawn.config +++ b/files/dawn.config @@ -1,6 +1,8 @@ config settings network option broadcast_ip '10.0.0.255' option broadcast_port '1025' + option shared_key 'Niiiiiiiiiiiiiik' + option iv 'Niiiiiiiiiiiiiik' config settings ordering option sort_order 'csfb' diff --git a/files/dawn.init b/files/dawn.init index a9d215e..20a0d4e 100755 --- a/files/dawn.init +++ b/files/dawn.init @@ -16,14 +16,18 @@ start_service() local broadcast_port local sort_order local hostapd_dir + local shared_key + local iv config_load "${NAME}" config_get broadcast_ip network broadcast_ip config_get broadcast_port network broadcast_port + config_get shared_key network shared_key + config_get iv network iv + config_get sort_order ordering sort_order config_get hostapd_dir hostapd hostapd_dir - procd_open_instance echo "$PROG -p $broadcast_port -i $broadcast_ip -o $sort_order" procd_set_param command "$PROG" @@ -31,6 +35,8 @@ start_service() procd_append_param command -i "${broadcast_ip}" procd_append_param command -o "${sort_order}" procd_append_param command -h "${hostapd_dir}" + procd_append_param command -k "${shared_key}" + procd_append_param command -v "${iv}" procd_set_param stdout 1 procd_set_param stderr 1 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0e9003c..eadcb1d 100755 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -30,10 +30,10 @@ SET(SOURCES utils/runopts.c include/runopts.h - utils/dawn_uci.c include/dawn_uci.h) + utils/dawn_uci.c include/dawn_uci.h crypto/crypto.c include/crypto.h) SET(LIBS - ubox ubus json-c blobmsg_json config uci) + ubox ubus json-c blobmsg_json config uci gcrypt) ADD_EXECUTABLE(dawn ${SOURCES} utils/dawn_uci.c include/dawn_uci.h) diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c new file mode 100644 index 0000000..7f85d05 --- /dev/null +++ b/src/crypto/crypto.c @@ -0,0 +1,117 @@ +#include "crypto.h" + +#include +#include + +#define GCRY_CIPHER GCRY_CIPHER_AES128 // Pick the cipher here +#define GCRY_C_MODE GCRY_CIPHER_MODE_ECB // Pick the cipher mode here + +gcry_error_t gcry_error_handle; +gcry_cipher_hd_t gcry_cipher_hd; + +void gcrypt_init() +{ + if (!gcry_check_version (GCRYPT_VERSION)) + { + fprintf(stderr,"gcrypt: library version mismatch"); + } + gcry_error_t err = 0; + err = gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); + err |= gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); + err |= gcry_control (GCRYCTL_RESUME_SECMEM_WARN); + err |= gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + + if (err) { + fprintf(stderr,"gcrypt: failed initialization"); + } +} + +void gcrypt_set_key_and_iv(char *key, char *iv) +{ + size_t keylen = gcry_cipher_get_algo_keylen(GCRY_CIPHER); + size_t blklen = gcry_cipher_get_algo_blklen(GCRY_CIPHER); + + gcry_error_handle = gcry_cipher_open( + &gcry_cipher_hd, // gcry_cipher_hd_t * + GCRY_CIPHER, // int + GCRY_C_MODE, // int + 0); + if (gcry_error_handle) + { + printf("gcry_cipher_open failed: %s/%s\n", + gcry_strsource(gcry_error_handle), + gcry_strerror(gcry_error_handle)); + return; + } + + gcry_error_handle = gcry_cipher_setkey(gcry_cipher_hd, key, keylen); + if (gcry_error_handle) + { + printf("gcry_cipher_setkey failed: %s/%s\n", + gcry_strsource(gcry_error_handle), + gcry_strerror(gcry_error_handle)); + return; + } + + gcry_error_handle = gcry_cipher_setiv(gcry_cipher_hd, iv, blklen); + if (gcry_error_handle) + { + printf("gcry_cipher_setiv failed: %s/%s\n", + gcry_strsource(gcry_error_handle), + gcry_strerror(gcry_error_handle)); + return; + } +} + +// free out buffer after using! +char* gcrypt_encrypt_msg(char* msg, size_t msg_length) +{ + if ( 0U != (msg_length & 0xfU) ) + msg_length += 0x10U - (msg_length & 0xfU); + + //msg_length++; // increase because of \0 + char *out = malloc(msg_length); + gcry_error_handle = gcry_cipher_encrypt( + gcry_cipher_hd, // gcry_cipher_hd_t + out, // void * + msg_length, // size_t + msg, // const void * + msg_length); // size_t + printf("Message encrypted: %s : %s size: %d\n", msg, out, msg_length); + if (gcry_error_handle) + { + printf("gcry_cipher_encrypt failed: %s/%s\n", + gcry_strsource(gcry_error_handle), + gcry_strerror(gcry_error_handle)); + return NULL; + } + return out; +} + +// free out buffer after using! +char* gcrypt_decrypt_msg(char* msg, size_t msg_length) +{ + if ( 0U != (msg_length & 0xfU) ) + msg_length += 0x10U - (msg_length & 0xfU); + + char* out_buffer = malloc(msg_length); + gcry_error_handle = gcry_cipher_decrypt( + gcry_cipher_hd, // gcry_cipher_hd_t + out_buffer, // void * + msg_length, // size_t + msg, // const void * + msg_length); // size_t + if (gcry_error_handle) + { + printf("gcry_cipher_encrypt failed: %s/%s\n", + gcry_strsource(gcry_error_handle), + gcry_strerror(gcry_error_handle)); + return NULL; + } + char* out = malloc(strlen(out_buffer) + 1); + strcpy(out, out_buffer); + free(out_buffer); + return out; +} + + diff --git a/src/include/crypto.h b/src/include/crypto.h new file mode 100644 index 0000000..b862c13 --- /dev/null +++ b/src/include/crypto.h @@ -0,0 +1,10 @@ +#ifndef DAWN_CRYPTO_H +#define DAWN_CRYPTO_H + +#include + +void gcrypt_init(); +void gcrypt_set_key_and_iv(char *key, char *iv); +char* gcrypt_encrypt_msg(char* msg, size_t msg_length); +char* gcrypt_decrypt_msg(char* msg, size_t msg_length); +#endif //DAWN_CRYPTO_H diff --git a/src/include/networksocket.h b/src/include/networksocket.h index e6a10a2..07ebd5f 100644 --- a/src/include/networksocket.h +++ b/src/include/networksocket.h @@ -7,6 +7,7 @@ pthread_mutex_t send_mutex; int init_socket_runopts(char *_ip, char *_port, int broadcast_socket); int send_string(char *msg); +int send_string_enc(char *msg); void close_socket(); #endif diff --git a/src/main.c b/src/main.c index 712ce81..4f0212a 100644 --- a/src/main.c +++ b/src/main.c @@ -7,7 +7,10 @@ #include "dawn_uci.h" #define BUFSIZE 17 -#define BUFSIZE_DIR 255 +#define BUFSIZE_DIR 256 + + +#include "crypto.h" int main(int argc, char **argv) { const char *ubus_socket = NULL; @@ -17,7 +20,10 @@ int main(int argc, char **argv) { char opt_broadcast_port[BUFSIZE]; char opt_hostapd_dir[BUFSIZE_DIR]; - while ((ch = getopt(argc, argv, "cs:p:i:b:o:h:")) != -1) { + char shared_key[BUFSIZE_DIR]; + char iv[BUFSIZE_DIR]; + + while ((ch = getopt(argc, argv, "cs:p:i:b:o:h:i:k:v:")) != -1) { switch (ch) { case 's': ubus_socket = optarg; @@ -33,15 +39,45 @@ int main(int argc, char **argv) { case 'o': snprintf(sort_string, SORT_NUM, "%s", optarg); printf("sort string: %s\n", sort_string); + break; case 'h': snprintf(opt_hostapd_dir, BUFSIZE_DIR, "%s", optarg); printf("hostapd dir: %s\n", opt_hostapd_dir); hostapd_dir_glob = optarg; + break; + case 'k': + snprintf(shared_key, BUFSIZE_DIR, "%s", optarg); + printf("Key: %s\n", shared_key); + break; + case 'v': + snprintf(iv, BUFSIZE_DIR, "%s", optarg); + printf("IV: %s\n", iv); + break; default: break; } } + /* ---- + * Testing encryption + * ---- + */ + + char msg[] = "Hallo Lotta!!!!! :D"; + gcrypt_init(); + gcrypt_set_key_and_iv(shared_key, iv); + printf("Encrypting msg: %s\n", msg); + char* enc = gcrypt_encrypt_msg(msg, strlen(msg) + 1); + printf("Decrypting msg: %s\n", enc); + char* dec = gcrypt_decrypt_msg(enc, strlen(enc)); + printf("Message decrypted: %s\n", dec); + free(enc); + free(dec); + + /* + * ---- + */ + argc -= optind; argv += optind; diff --git a/src/network/networksocket.c b/src/network/networksocket.c index 377babd..91055e0 100644 --- a/src/network/networksocket.c +++ b/src/network/networksocket.c @@ -14,6 +14,7 @@ #include "broadcastsocket.h" #include "multicastsocket.h" #include "ubus.h" +#include "crypto.h" /* Network Defines */ #define MAX_RECV_STRING 500 @@ -28,6 +29,7 @@ char recv_string[MAX_RECV_STRING + 1]; int recv_string_len; void *receive_msg(void *args); +void *receive_msg_enc(void *args); int init_socket_runopts(char *_ip, char *_port, int broadcast_socket) { @@ -42,7 +44,7 @@ int init_socket_runopts(char *_ip, char *_port, int broadcast_socket) { } pthread_t sniffer_thread; - if (pthread_create(&sniffer_thread, NULL, receive_msg, NULL)) { + if (pthread_create(&sniffer_thread, NULL, receive_msg_enc, NULL)) { // try encrypted fprintf(stderr, "Could not create receiving thread!"); return -1; } @@ -119,6 +121,56 @@ void *receive_msg(void *args) { } } +void *receive_msg_enc(void *args) { + while (1) { + if ((recv_string_len = + recvfrom(sock, recv_string, MAX_RECV_STRING, 0, NULL, 0)) < 0) { + fprintf(stderr, "Could not receive message!"); + continue; + } + + if (recv_string == NULL) { + return 0; + } + + if (strlen(recv_string) <= 0) { + return 0; + } + recv_string[recv_string_len] = '\0'; + + char* dec = gcrypt_decrypt_msg(recv_string, strlen(recv_string)); + + printf("[WC] Network-Received: %s\n", dec); + + probe_entry prob_req; + struct blob_buf b; + + blob_buf_init(&b, 0); + blobmsg_add_json_from_string(&b, dec); + + char *str; + str = blobmsg_format_json(b.head, true); + + if (str == NULL) { + return 0; + } + + if (strlen(str) <= 0) { + return 0; + } + + if (strstr(str, "clients") != NULL) { + parse_to_clients(b.head, 0, 0); + } else if (strstr(str, "target") != NULL) { + if (parse_to_probe_req(b.head, &prob_req) == 0) { + insert_to_array(prob_req, 0); + } + } + // free encrypted string + free(dec); + } +} + int send_string(char *msg) { pthread_mutex_lock(&send_mutex); size_t msglen = strlen(msg); @@ -144,4 +196,23 @@ int send_string(char *msg) { return 0; } +int send_string_enc(char *msg) { + pthread_mutex_lock(&send_mutex); + size_t msglen = strlen(msg); + char* enc = gcrypt_encrypt_msg(msg, msglen + 1); + + if (sendto(sock, + enc, + strlen(enc), + 0, + (struct sockaddr *) &addr, + sizeof(addr)) < 0) { + perror("sendto()"); + pthread_mutex_unlock(&send_mutex); + exit(EXIT_FAILURE); + } + pthread_mutex_unlock(&send_mutex); + return 0; +} + void close_socket() { close(sock); } diff --git a/src/utils/ubus.c b/src/utils/ubus.c index 540d0e7..aeabc81 100644 --- a/src/utils/ubus.c +++ b/src/utils/ubus.c @@ -192,7 +192,7 @@ static int hostapd_notify(struct ubus_context *ctx, struct ubus_object *obj, // send probe via network char *str; str = blobmsg_format_json(msg, true); - send_string(str); + send_string_enc(str); printf("[WC] Hostapd-Probe: %s : %s\n", method, str); @@ -407,7 +407,7 @@ static void ubus_get_clients_cb(struct ubus_request *req, int type, struct blob_ parse_to_clients(msg, 1, req->peer); char *str = blobmsg_format_json(msg, true); - send_string(str); + send_string_enc(str); print_client_array(); }