n2nc: filterblowfish.cpp Source File

00001 #include "filterblowfish.h"
00002 
00003 namespace n2nc {
00004 
00005 FilterBlowFish::FilterBlowFish() : n2nc::Filter("BF_FILTER","LOADING BlowFish cipher filter module"){
00006   this->m_bf = NULL ;
00007   this->m_tmpbuf = malloc(65535);
00008   this->m_bf_loaded = false ;
00009   this->m_maxoverhead = sizeof(bfheader_t) + 8 ;  /* 8 due to blowfish internals */
00010 }
00011 
00012 FilterBlowFish::~FilterBlowFish(){
00013   std::cerr << "\t\tBF_FILTER destructor" << std::endl ;
00014   free(m_tmpbuf);
00015 }
00016 
00017 bool n2nc::FilterBlowFish::loadBF(){
00018   this->m_bf = new n2nc::security::BlowFish(this->m_skey);
00019   return this->m_bf_loaded = true ;
00020 }
00021 
00022 Filter::status_t FilterBlowFish::egress(void *inbuf, void *outbuf,size_t inlen,size_t *outlen){
00023   bfheader_t hdr ;
00024   bzero(&hdr,sizeof(bfheader_t));
00025   int retval ;
00026   if (!this->m_bf_loaded && !this->loadBF() ){ std::cerr << "bffilter egress. failing load blowfish key" << std::endl; exit(1);}
00027 
00028 
00029   /* inject the nseq in the bfheader */
00030   hdr.n_seq = this->m_pkm->getSendPkHeader()->p_seq +1 ; /* this way i can avoid the re-injecting DOS */
00031 
00032   ::memcpy(this->m_tmpbuf,&hdr,sizeof(bfheader_t));
00033   ::memcpy((u_char*)this->m_tmpbuf + sizeof(bfheader_t),inbuf,inlen);
00034   this->m_bf->reinit();
00035   /* now encrypt all payload */
00036   retval = this->m_bf->encrypt(this->m_tmpbuf,outbuf,sizeof(bfheader_t) + inlen);
00037 // std::cerr << "\t\tBF_FILTER egress.payload crypted len : " << std::dec << retval << " inlen" << sizeof(bfheader_t) + inlen << std::endl ;
00038   if(retval < 1){
00039     std::cerr << "\t\tBF_FILTER egress. drop packet: " << hdr.n_seq << std::endl ;
00040     *outlen = 0;
00041     return Filter::FILTER_DROP ;
00042   }
00043   *outlen = retval;
00044   std::cerr << "\t\tBF_FILTER egress. bytes written: " << *outlen << " nseq: " << hdr.n_seq << std::endl ;
00045   return Filter::FILTER_CONTINUE ;
00046 }
00047 
00048 Filter::status_t FilterBlowFish::ingress(void *inbuf, void *outbuf,size_t inlen,size_t *outlen){
00049   bfheader_t hdr ;
00050   bzero(&hdr,sizeof(bfheader_t));
00051   int retval ;
00052   
00053   if (!this->m_bf_loaded && !this->loadBF() ){ std::cerr << "bffilter ingress. failing load blowfish key" << std::endl; exit(1);}
00054   /* check wether the active peer want to change the session key */
00055   this->m_bf->reinit();
00056 
00057   retval = this->m_bf->decrypt(inbuf,this->m_tmpbuf,inlen);
00058   if(retval < 1){
00059     std::cerr << "BF_FILTER ingress. drop packet: " << hdr.n_seq << std::endl ;
00060     *outlen = -1;
00061     return Filter::FILTER_DROP ;
00062   }
00063   ::memcpy(&hdr,this->m_tmpbuf,sizeof(bfheader_t));
00064   /* checking the validity of nseq */
00065   if (hdr.n_seq != this->m_pkm->getRecvPkHeader()->p_seq){
00066     /* DOS detected, drop packet */
00067     std::cerr << "\t\tBF_FILTER ingress. DOS detected nseq mismatch. public nseq: " << this->m_pkm->getRecvPkHeader()->p_seq << ". private nseq: " << hdr.n_seq << std::endl ;
00068     *outlen = -1;
00069     return Filter::FILTER_DROP ;
00070   }
00071   /* packet ok */
00072   *outlen = retval - sizeof(bfheader_t) ;
00073 
00074   ::memcpy(outbuf,(u_char*)this->m_tmpbuf + sizeof(bfheader_t),*outlen);
00075   std::cerr << "\t\tBF_FILTER inress. bytes written: " << *outlen << " pri nseq: " << hdr.n_seq << " pub nseq: " << this->m_pkm->getRecvPkHeader()->p_seq  << std::endl ;
00076   
00077   return Filter::FILTER_CONTINUE ;
00078 }
00079 
00080 
00081 
00082 extern "C"
00083 Filter* get_istance(){
00084   return new FilterBlowFish();
00085 }
00086 
00087 extern "C"
00088 int free_istance(Filter *filter){
00089   delete filter ;
00090 }
00091 
00092 
00093 }
00094 
00095