spiped 0.0.0

data/ext/spiped/spiped-source/proto/proto_pipe.h

@@ -0,0 +1,23 @@
+#ifndef _PROTO_PIPE_H_
+#define _PROTO_PIPE_H_
+
+struct proto_keys;
+
+/**
+ * proto_pipe(s_in, s_out, decr, k, status, callback, cookie):
+ * Read bytes from ${s_in} and write them to ${s_out}.  If ${decr} is non-zero
+ * then use ${k} to decrypt the bytes; otherwise use ${k} to encrypt them.
+ * If EOF is read, set ${status} to 0, and if an error is encountered set
+ * ${status} to -1; in either case, invoke ${callback}(${cookie}).  Return a
+ * cookie which can be passed to proto_pipe_cancel.
+ */
+void * proto_pipe(int, int, int, struct proto_keys *, int *,
+    int (*)(void *), void *);
+
+/**
+ * proto_pipe_cancel(cookie):
+ * Shut down the pipe created by proto_pipe for which ${cookie} was returned.
+ */
+void proto_pipe_cancel(void *);
+
+#endif /* !_PROTO_PIPE_H_ */

data/ext/spiped/spiped-source/spipe/Makefile

@@ -0,0 +1,90 @@
+# Program name.
+PROG	=	spipe
+MAN1	=	${PROG}.1
+
+# Libraries which are sometimes merged into libc
+LDADD	=	-lrt
+#LDADD	+=	-lxnet	# Missing on FreeBSD
+
+# Library code required
+LDADD_REQ	=	-lcrypto
+LDADD_REQ	+=	-lpthread
+
+# spipe code
+SRCS	=	main.c
+SRCS	+=	pushbits.c
+
+# spipe protocol
+.PATH.c	:	../proto
+SRCS	+=	proto_conn.c
+SRCS	+=	proto_crypt.c
+SRCS	+=	proto_handshake.c
+SRCS	+=	proto_pipe.c
+IDIRS	+=	-I ../proto
+
+# Fundamental algorithms
+.PATH.c	:	../libcperciva/alg
+SRCS	+=	sha256.c
+IDIRS	+=	-I ../libcperciva/alg
+
+# Data structures
+.PATH.c	:	../libcperciva/datastruct
+SRCS	+=	elasticarray.c
+SRCS	+=	ptrheap.c
+SRCS	+=	timerqueue.c
+IDIRS	+=	-I ../libcperciva/datastruct
+
+# Utility functions
+.PATH.c	:	../libcperciva/util
+SRCS	+=	asprintf.c
+SRCS	+=	entropy.c
+SRCS	+=	insecure_memzero.c
+SRCS	+=	monoclock.c
+SRCS	+=	noeintr.c
+SRCS	+=	sock.c
+SRCS	+=	warnp.c
+IDIRS	+=	-I ../libcperciva/util
+
+# CPU features detection
+.PATH.c	:	../libcperciva/cpusupport
+SRCS	+=	cpusupport_x86_aesni.c
+IDIRS	+=	-I ../libcperciva/cpusupport
+
+# Event loop
+.PATH.c	:	../libcperciva/events
+SRCS	+=	events_immediate.c
+SRCS	+=	events_network.c
+SRCS	+=	events_network_selectstats.c
+SRCS	+=	events_timer.c
+SRCS	+=	events.c
+IDIRS	+=	-I ../libcperciva/events
+
+# Event-driven networking
+.PATH.c	:	../libcperciva/network
+SRCS	+=	network_connect.c
+SRCS	+=	network_read.c
+SRCS	+=	network_write.c
+IDIRS	+=	-I ../libcperciva/network
+
+# Crypto code
+.PATH.c	:	../libcperciva/crypto
+SRCS	+=	crypto_aes.c
+SRCS	+=	crypto_aes_aesni.c
+SRCS	+=	crypto_aesctr.c
+SRCS	+=	crypto_dh.c
+SRCS	+=	crypto_dh_group14.c
+SRCS	+=	crypto_entropy.c
+SRCS	+=	crypto_verify_bytes.c
+IDIRS	+=	-I ../libcperciva/crypto
+
+crypto_aes_aesni.o: crypto_aes_aesni.c cpusupport-config.h
+	. ./cpusupport-config.h; ${CC} ${CFLAGS} $${CFLAGS_X86_AESNI} -c $< -o $@
+cflags-crypto_aes_aesni.o=$${CFLAGS_X86_AESNI}
+
+# Debugging options
+CFLAGS	+=	-g
+#CFLAGS	+=	-DNDEBUG
+#CFLAGS	+=	-DDEBUG
+#CFLAGS	+=	-pg
+
+.include <bsd.prog.mk>

data/ext/spiped/spiped-source/spipe/README

@@ -0,0 +1,24 @@
+spipe usage
+===========
+
+usage: spipe -t <target socket> -k <key file> [-f | -g] [-j]
+    [-o <connection timeout>]
+
+Options:
+    -t <target socket>
+	Address to which spipe should connect.
+    -k <key file>
+	Use the provided key file to authenticate and encrypt.
+    -f
+	Use fast/weak handshaking: This reduces the CPU time spent in the
+	initial connection setup, at the expense of losing perfect forward
+	secrecy.
+    -g
+	Require perfect forward secrecy by dropping connections if the other
+	host is using the -f option.
+    -j
+	Disable transport layer keep-alives. (By default they are enabled.)
+    -o <connection timeout>
+	Timeout, in seconds, after which an attempt to connect to the target
+	or a protocol handshake will be aborted (and the connection dropped)
+	if not completed.  Defaults to 5s.

data/ext/spiped/spiped-source/spipe/main.c

@@ -0,0 +1,178 @@
+#include <sys/socket.h>
+
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "asprintf.h"
+#include "events.h"
+#include "sha256.h"
+#include "sock.h"
+#include "warnp.h"
+
+#include "proto_conn.h"
+#include "proto_crypt.h"
+
+#include "pushbits.h"
+
+static int
+callback_conndied(void * cookie)
+{
+
+	(void)cookie; /* UNUSED */
+
+	/* We're done! */
+	exit(0);
+}
+
+static void
+usage(void)
+{
+
+	fprintf(stderr, "usage: spipe -t <target socket> -k <key file>"
+	    " [-f | -g] [-j] [-o <connection timeout>]\n");
+	exit(1);
+}
+
+/* Simplify error-handling in command-line parse loop. */
+#define OPT_EPARSE(opt, arg) do {					\
+	warnp("Error parsing argument: -%c %s", opt, arg);		\
+	exit(1);							\
+} while (0)
+
+int
+main(int argc, char * argv[])
+{
+	/* Command-line parameters. */
+	int opt_f = 0;
+	int opt_g = 0;
+	int opt_j = 0;
+	const char * opt_k = NULL;
+	double opt_o = 0.0;
+	const char * opt_t = NULL;
+
+	/* Working variables. */
+	struct sock_addr ** sas_t;
+	struct proto_secret * K;
+	int ch;
+	int s[2];
+
+	WARNP_INIT;
+
+	/* Parse the command line. */
+	while ((ch = getopt(argc, argv, "fgjk:o:t:")) != -1) {
+		switch (ch) {
+		case 'f':
+			if (opt_f)
+				usage();
+			opt_f = 1;
+			break;
+		case 'g':
+			if (opt_g)
+				usage();
+			opt_g = 1;
+			break;
+		case 'j':
+			if (opt_j)
+				usage();
+			opt_j = 1;
+			break;
+		case 'k':
+			if (opt_k)
+				usage();
+			opt_k = optarg;
+			break;
+		case 'o':
+			if (opt_o != 0.0)
+				usage();
+			if ((opt_o = strtod(optarg, NULL)) == 0.0) {
+				warn0("Invalid option: -o %s", optarg);
+				exit(1);
+			}
+			break;
+		case 't':
+			if (opt_t)
+				usage();
+			opt_t = optarg;
+			break;
+		default:
+			usage();
+		}
+	}
+
+	/* We should have processed all the arguments. */
+	if (argc != optind)
+		usage();
+
+	/* Set defaults. */
+	if (opt_o == 0.0)
+		opt_o = 5.0;
+
+	/* Sanity-check options. */
+	if (opt_f && opt_g)
+		usage();
+	if (opt_k == NULL)
+		usage();
+	if (!(opt_o > 0.0))
+		usage();
+	if (opt_t == NULL)
+		usage();
+
+	/* Resolve target address. */
+	if ((sas_t = sock_resolve(opt_t)) == NULL) {
+		warnp("Error resolving socket address: %s", opt_t);
+		exit(1);
+	}
+	if (sas_t[0] == NULL) {
+		warn0("No addresses found for %s", opt_t);
+		exit(1);
+	}
+
+	/* Load the keying data. */
+	if ((K = proto_crypt_secret(opt_k)) == NULL) {
+		warnp("Error reading shared secret");
+		exit(1);
+	}
+
+	/*
+	 * Create a socket pair to push bits through.  The spiped protocol
+	 * code expects to be handed a socket to read/write bits to, and our
+	 * stdin/stdout might not be sockets (in fact, almost certainly aren't
+	 * sockets); so we'll hand one end of the socket pair to the spiped
+	 * protocol code and shuttle bits between stdin/stdout and the other
+	 * end of the socket pair ourselves.
+	 */
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, s)) {
+		warnp("socketpair");
+		exit(1);
+	}
+
+	/* Set up a connection. */
+	if (proto_conn_create(s[1], sas_t, 0, opt_f, opt_g, opt_j, K, opt_o,
+	    callback_conndied, NULL)) {
+		warnp("Could not set up connection");
+		exit(1);
+	}
+
+	/* Push bits from stdin into the socket. */
+	if (pushbits(STDIN_FILENO, s[0]) || pushbits(s[0], STDOUT_FILENO)) {
+		warnp("Could not push bits");
+		exit(1);
+	}
+
+	/* Loop until we die. */
+	do {
+		if (events_run()) {
+			warnp("Error running event loop");
+			exit(1);
+		}
+	} while (1);
+
+	/* NOTREACHED */
+	/*
+	 * If we could reach this point, we would free memory, close sockets,
+	 * and otherwise clean up here.
+	 */
+}

data/ext/spiped/spiped-source/spipe/pushbits.c

@@ -0,0 +1,101 @@
+#include <sys/socket.h>
+
+#include <pthread.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "noeintr.h"
+#include "warnp.h"
+
+#include "pushbits.h"
+
+struct push {
+	uint8_t buf[BUFSIZ];
+	int in;
+	int out;
+};
+
+/* Bit-pushing thread. */
+static void *
+workthread(void * cookie)
+{
+	struct push * P = cookie;
+	ssize_t readlen;
+
+	/* Infinite loop unless we hit EOF or an error. */
+	do {
+		/* Read data and die on error. */
+		if ((readlen = read(P->in, P->buf, BUFSIZ)) == -1) {
+			if (errno == EINTR)
+				continue;
+			warnp("Error reading");
+			exit(1);
+		}
+
+		/* If we hit EOF, exit the loop. */
+		if (readlen == 0)
+			break;
+
+		/* Write the data back out. */
+		if (noeintr_write(P->out, &P->buf, readlen) != readlen) {
+			warnp("Error writing");
+			exit(1);
+		}
+	} while (1);
+
+	/* Close the descriptor we hit EOF on. */
+	close(P->in);
+
+	/*
+	 * Try to shut down the descriptor we're writing to.  Ignore ENOTSOCK,
+	 * since it might, indeed, not be a socket.
+	 */
+	if (shutdown(P->out, SHUT_WR)) {
+		if (errno != ENOTSOCK) {
+			warnp("Error shutting down socket");
+			exit(1);
+		}
+	}
+
+	/* Free our parameters. */
+	free(P);
+
+	/* We're done. */
+	return (NULL);
+}
+
+/**
+ * pushbits(in, out):
+ * Create a thread which copies data from ${in} to ${out}.
+ */
+int
+pushbits(int in, int out)
+{
+	struct push * P;
+	pthread_t thr;
+	int rc;
+
+	/* Allocate structure. */
+	if ((P = malloc(sizeof(struct push))) == NULL)
+		goto err0;
+	P->in = in;
+	P->out = out;
+
+	/* Create thread. */
+	if ((rc = pthread_create(&thr, NULL, workthread, P)) != 0) {
+		warn0("pthread_create: %s", strerror(rc));
+		goto err1;
+	}
+
+	/* Success! */
+	return (0);
+
+err1:
+	free(P);
+err0:
+	/* Failure! */
+	return (-1);
+}

data/ext/spiped/spiped-source/spipe/pushbits.h

@@ -0,0 +1,10 @@
+#ifndef _PUSHBITS_H_
+#define _PUSHBITS_H_
+
+/**
+ * pushbits(in, out):
+ * Create a thread which copies data from ${in} to ${out}.
+ */
+int pushbits(int, int);
+
+#endif /* !_PUSHBITS_H_ */

data/ext/spiped/spiped-source/spipe/spipe.1

@@ -0,0 +1,60 @@
+.\"-
+.\" Copyright (c) 2012 Andreas Olsson
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.TH SPIPE 1 "April  2, 2013" "spiped 1.3.0" "spipe README"
+.SH NAME
+spipe \- spiped client utility
+.SH SYNOPSIS
+.B spipe
+\-t <target socket>
+\-k <key file>
+[\-f | \-g]
+[\-j]
+[\-o <connection timeout>]
+.SH OPTIONS
+.TP
+.B \-t <target socket>
+Address to which spipe should connect.
+.TP
+.B \-k <key file>
+Use the provided key file to authenticate and encrypt.
+.TP
+.B \-f
+Use fast/weak handshaking: This reduces the CPU time spent in the
+initial connection setup, at the expense of losing perfect forward
+secrecy.
+.TP
+.B \-g
+Require perfect forward secrecy by dropping connections if the other
+host is using the -f option.
+.TP
+.B \-j
+Disable transport layer keep-alives.
+(By default they are enabled.)
+.TP
+.B \-o <connection timeout>
+Timeout, in seconds, after which an attempt to connect to the target
+or a protocol handshake will be aborted (and the connection dropped)
+if not completed.  Defaults to 5s.
+.SH SEE ALSO
+.BR spiped (1).