crypto.h

#include <event2/bufferevent.h>
#include <event2/event.h>
#include <event2/listener.h>
#include <sodium/core.h>

#include <string>

#include "tlv.h"

class CryptoKey {
	public:
		CryptoKey(const size_t key_bytes);
		~CryptoKey();
		void ReadFromFile(const std::string& filename);
		void WriteToFile(const std::string& filename) const;

		const unsigned char* Key() const;
		bool IsSet() const;

		unsigned char* MutableKey();
		void MarkSet();

	protected:
		unsigned char* const key_;
		bool is_set_;
		const size_t key_bytes_;
};

class SharedKey : public CryptoKey {
	public:
		SharedKey();
};

class SecretKey : public CryptoKey {
	public:
		SecretKey();
};

class PublicKey : public CryptoKey {
	public:
		PublicKey();

		std::string AsString() const;
		std::string ToHex() const;
		void FromString(const std::string& str);
};

class CryptoUtil {
	public:
		static void GenKey(SharedKey* key);
		static void GenKeyPair(SecretKey* secret_key, PublicKey* public_key);
		static void DerivePublicKey(const SecretKey& secret_key, PublicKey* public_key);

		static std::unique_ptr<TLVNode> EncodeEncrypt(const SecretKey& secret_key, const PublicKey& public_key, const TLVNode& input);
		static std::unique_ptr<TLVNode> DecryptDecode(const SecretKey& secret_key, const PublicKey& public_key, const TLVNode& input);
};

class CryptoBase {
	protected:
		std::ostream& Log(void *obj=nullptr);
};

class CryptoPubConnBase : public CryptoBase {
	protected:
		CryptoPubConnBase(const SecretKey& secret_key);
		virtual ~CryptoPubConnBase();

		void LogFatal(const std::string& msg, void *obj=nullptr);

		std::unique_ptr<TLVNode> BuildSecureHandshake();
		std::unique_ptr<TLVNode> BuildHandshake();
		void SendHandshake();

		bool HandleSecureHandshake(const TLVNode& node);
		bool HandleHandshake(const TLVNode& node);

		void EncryptSend(const TLVNode& node);

		static void OnReadable_(struct bufferevent* bev, void* this__);
		void OnReadable();
		virtual void OnHandshake(const TLVNode& decoded) = 0;
		virtual bool OnMessage(const TLVNode& node) = 0;

		enum {
			AWAITING_HANDSHAKE,
			READY,
		} state_;

		struct bufferevent* bev_;

		const SecretKey& secret_key_;
		PublicKey peer_public_key_;
		SecretKey ephemeral_secret_key_;
		PublicKey peer_ephemeral_public_key_;
};

class CryptoPubServerConnection;

class CryptoPubServer : public CryptoBase {
	public:
		CryptoPubServer(const SecretKey& secret_key);
		~CryptoPubServer();
		void Loop();
		void Shutdown();

	private:
		static void Shutdown_(evutil_socket_t sig, short events, void *this__);

		static void OnNewConn_(struct evconnlistener* listener, int fd, struct sockaddr* client_addr, int client_addrlen, void* this__);
		void OnNewConn(int fd, struct sockaddr* client_addr, int client_addrlen);

		struct event_base* event_base_;
		struct evconnlistener* listener_;
		struct event* sigevent_;

		const SecretKey& secret_key_;
};

class CryptoPubServerConnection : public CryptoPubConnBase {
	public:
		CryptoPubServerConnection(struct bufferevent* bev, const SecretKey& secret_key);
		~CryptoPubServerConnection();

	private:
		void OnHandshake(const TLVNode& decoded);
		bool OnMessage(const TLVNode& node);
		bool OnTunnelRequest(const TLVNode& node);

		static void OnError_(struct bufferevent* bev, const short what, void* this__);
		void OnError(const short what);

		friend CryptoPubServer;
};

class CryptoPubClient : public CryptoPubConnBase {
	public:
		CryptoPubClient(struct sockaddr* addr, socklen_t addrlen, const SecretKey& secret_key, const PublicKey& server_public_key, const std::list<uint32_t>& channel_bitrates);
		~CryptoPubClient();

		static CryptoPubClient* FromHostname(const std::string& server_address, const std::string& server_port, const SecretKey& secret_key, const PublicKey& server_public_key, const std::list<uint32_t>& channel_bitrates);

		void Loop();

	private:
		void OnHandshake(const TLVNode& decoded);
		bool OnMessage(const TLVNode& node);

		static void OnConnectOrError_(struct bufferevent* bev, const short what, void* this__);
		void OnConnect();
		void OnError();

		void SendTunnelRequest();

		struct event_base* event_base_;

		const std::list<uint32_t> channel_bitrates_;
};
Switch from epoll to libevent, to add OS X support. 2015-02-07 16:44:42 +01:00			`#include <event2/bufferevent.h>`
			`#include <event2/event.h>`
			`#include <event2/listener.h>`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`#include <sodium/core.h>`
Main loop, epoll handling 2015-02-05 16:36:25 +00:00
Public key generation 2015-02-05 12:55:48 +00:00			`#include <string>`

Client sending encoded handshake, server decoding the insecure bits 2015-02-07 19:01:48 +01:00			`#include "tlv.h"`

Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`class CryptoKey {`
			`public:`
			`CryptoKey(const size_t key_bytes);`
			`~CryptoKey();`
			`void ReadFromFile(const std::string& filename);`
			`void WriteToFile(const std::string& filename) const;`

			`const unsigned char* Key() const;`
Make the handshake mirrored again, for common code and to support future key rotation. 2015-02-08 19:50:09 +00:00			`bool IsSet() const;`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00
			`unsigned char* MutableKey();`
			`void MarkSet();`

			`protected:`
			`unsigned char* const key_;`
			`bool is_set_;`
			`const size_t key_bytes_;`
			`};`

			`class SharedKey : public CryptoKey {`
			`public:`
			`SharedKey();`
			`};`

			`class SecretKey : public CryptoKey {`
			`public:`
			`SecretKey();`
			`};`

			`class PublicKey : public CryptoKey {`
Public key generation 2015-02-05 12:55:48 +00:00			`public:`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`PublicKey();`
Log client ID from server 2015-02-07 13:38:51 -08:00
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`std::string AsString() const;`
			`std::string ToHex() const;`
			`void FromString(const std::string& str);`
			`};`

			`class CryptoUtil {`
			`public:`
			`static void GenKey(SharedKey* key);`
			`static void GenKeyPair(SecretKey* secret_key, PublicKey* public_key);`
			`static void DerivePublicKey(const SecretKey& secret_key, PublicKey* public_key);`
Clean up key file save and load. 2015-02-07 13:25:46 -08:00
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`static std::unique_ptr<TLVNode> EncodeEncrypt(const SecretKey& secret_key, const PublicKey& public_key, const TLVNode& input);`
			`static std::unique_ptr<TLVNode> DecryptDecode(const SecretKey& secret_key, const PublicKey& public_key, const TLVNode& input);`
Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00			`};`
Logging cleanup 2015-02-07 11:18:31 -08:00
Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00			`class CryptoBase {`
Error handling fixes. 2015-02-07 15:56:29 -08:00			`protected:`
Logging cleanup 2015-02-07 11:18:31 -08:00			`std::ostream& Log(void *obj=nullptr);`
Main loop, epoll handling 2015-02-05 16:36:25 +00:00			`};`

Rename CryptoConnBase to CryptoPubConnBase 2015-02-07 15:26:39 -08:00			`class CryptoPubConnBase : public CryptoBase {`
Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00			`protected:`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`CryptoPubConnBase(const SecretKey& secret_key);`
Error handling fixes. 2015-02-07 15:56:29 -08:00			`virtual ~CryptoPubConnBase();`

			`void LogFatal(const std::string& msg, void *obj=nullptr);`
Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00
Switch to unique_ptr for ownership clarity in places, combine more code. 2015-02-07 15:07:34 -08:00			`std::unique_ptr<TLVNode> BuildSecureHandshake();`
Make the handshake mirrored again, for common code and to support future key rotation. 2015-02-08 19:50:09 +00:00			`std::unique_ptr<TLVNode> BuildHandshake();`
			`void SendHandshake();`

Switch to unique_ptr for ownership clarity in places, combine more code. 2015-02-07 15:07:34 -08:00			`bool HandleSecureHandshake(const TLVNode& node);`
Make the handshake mirrored again, for common code and to support future key rotation. 2015-02-08 19:50:09 +00:00			`bool HandleHandshake(const TLVNode& node);`

Send tunnel request. 2015-02-07 15:37:45 -08:00			`void EncryptSend(const TLVNode& node);`
Switch to unique_ptr for ownership clarity in places, combine more code. 2015-02-07 15:07:34 -08:00
More code dedupe. 2015-02-07 15:25:22 -08:00			`static void OnReadable_(struct bufferevent* bev, void* this__);`
			`void OnReadable();`
			`virtual void OnHandshake(const TLVNode& decoded) = 0;`
			`virtual bool OnMessage(const TLVNode& node) = 0;`

Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00			`enum {`
			`AWAITING_HANDSHAKE,`
			`READY,`
			`} state_;`

More code dedupe. 2015-02-07 15:25:22 -08:00			`struct bufferevent* bev_;`

Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`const SecretKey& secret_key_;`
			`PublicKey peer_public_key_;`
			`SecretKey ephemeral_secret_key_;`
			`PublicKey peer_ephemeral_public_key_;`
Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00			`};`

Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00			`class CryptoPubServerConnection;`

			`class CryptoPubServer : public CryptoBase {`
			`public:`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`CryptoPubServer(const SecretKey& secret_key);`
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00			`~CryptoPubServer();`
			`void Loop();`
Shutdown messages and sigint handling. 2015-02-07 16:18:07 -08:00			`void Shutdown();`
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00
			`private:`
Shutdown messages and sigint handling. 2015-02-07 16:18:07 -08:00			`static void Shutdown_(evutil_socket_t sig, short events, void *this__);`

Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00			`static void OnNewConn_(struct evconnlistener* listener, int fd, struct sockaddr* client_addr, int client_addrlen, void* this__);`
			`void OnNewConn(int fd, struct sockaddr* client_addr, int client_addrlen);`

			`struct event_base* event_base_;`
			`struct evconnlistener* listener_;`
Fix a memory leak in signal event handling. libevent's API is an ownership disaster. 2015-02-08 19:13:00 +00:00			`struct event* sigevent_;`
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`const SecretKey& secret_key_;`
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00			`};`

Rename CryptoConnBase to CryptoPubConnBase 2015-02-07 15:26:39 -08:00			`class CryptoPubServerConnection : public CryptoPubConnBase {`
Main loop, epoll handling 2015-02-05 16:36:25 +00:00			`public:`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`CryptoPubServerConnection(struct bufferevent* bev, const SecretKey& secret_key);`
Switch from epoll to libevent, to add OS X support. 2015-02-07 16:44:42 +01:00			`~CryptoPubServerConnection();`
Main loop, epoll handling 2015-02-05 16:36:25 +00:00
			`private:`
More cleanup for real messages 2015-02-07 13:49:19 -08:00			`void OnHandshake(const TLVNode& decoded);`
More code dedupe. 2015-02-07 15:25:22 -08:00			`bool OnMessage(const TLVNode& node);`
Start of tunnel request handling. 2015-02-07 16:04:40 -08:00			`bool OnTunnelRequest(const TLVNode& node);`
More code dedupe. 2015-02-07 15:25:22 -08:00
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00			`static void OnError_(struct bufferevent* bev, const short what, void* this__);`
			`void OnError(const short what);`

			`friend CryptoPubServer;`
Public key generation 2015-02-05 12:55:48 +00:00			`};`
Convert auth-client to libevent 2015-02-07 17:07:31 +01:00
Rename CryptoConnBase to CryptoPubConnBase 2015-02-07 15:26:39 -08:00			`class CryptoPubClient : public CryptoPubConnBase {`
Convert auth-client to libevent 2015-02-07 17:07:31 +01:00			`public:`
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`CryptoPubClient(struct sockaddr* addr, socklen_t addrlen, const SecretKey& secret_key, const PublicKey& server_public_key, const std::list<uint32_t>& channel_bitrates);`
Convert auth-client to libevent 2015-02-07 17:07:31 +01:00			`~CryptoPubClient();`
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00
Key handling cleanup, now using libsodium's secure memory allocation 2015-02-08 19:02:37 +00:00			`static CryptoPubClient* FromHostname(const std::string& server_address, const std::string& server_port, const SecretKey& secret_key, const PublicKey& server_public_key, const std::list<uint32_t>& channel_bitrates);`
Move the horrible C wrappers out of the real functions. 2015-02-07 17:15:09 +01:00
Convert auth-client to libevent 2015-02-07 17:07:31 +01:00			`void Loop();`

			`private:`
More cleanup for real messages 2015-02-07 13:49:19 -08:00			`void OnHandshake(const TLVNode& decoded);`
More code dedupe. 2015-02-07 15:25:22 -08:00			`bool OnMessage(const TLVNode& node);`

Actually sending client handshake 2015-02-07 17:32:57 +01:00			`static void OnConnectOrError_(struct bufferevent* bev, const short what, void* this__);`
			`void OnConnect();`
Logging cleanup 2015-02-07 11:18:31 -08:00			`void OnError();`
Actually sending client handshake 2015-02-07 17:32:57 +01:00
Start of channel_bitrates, start combining server and client common code. 2015-02-07 14:32:53 -08:00			`void SendTunnelRequest();`

Convert auth-client to libevent 2015-02-07 17:07:31 +01:00			`struct event_base* event_base_;`
Client sending encoded handshake, server decoding the insecure bits 2015-02-07 19:01:48 +01:00
Send tunnel request. 2015-02-07 15:37:45 -08:00			`const std::list<uint32_t> channel_bitrates_;`
Convert auth-client to libevent 2015-02-07 17:07:31 +01:00			`};`