From 98bc2e0b996014690f191ed8e60516040a868a3e Mon Sep 17 00:00:00 2001
From: wangyu <wangyucn@gmail.com>
Date: Sat, 22 Jul 2017 23:39:35 +0800
Subject: [PATCH] it still works,commit before refactor

---
 encrypt.cpp |  12 ++++-
 encrypt.h   |   3 ++
 main.cpp    | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 144 insertions(+), 2 deletions(-)

diff --git a/encrypt.cpp b/encrypt.cpp
index 7e20dda..dd2b4f5 100755
--- a/encrypt.cpp
+++ b/encrypt.cpp
@@ -7,7 +7,7 @@
 
 //static uint64_t seq=1;
 
-static uint8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,   0,0,0,0};//this prog use zero iv,you should make sure first block of data contains a random/nonce data
+static int8_t zero_iv[]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,   0,0,0,0};//this prog use zero iv,you should make sure first block of data contains a random/nonce data
 
 static const int disable_all=0;
 
@@ -95,3 +95,13 @@ int my_decrypt(uint8_t *data,uint8_t *output,int &len,uint8_t * key)
 	return 0;
 }
 
+int my_encrypt_pesudo_header(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen)
+{
+
+	return 0;
+}
+int my_decrypt_pesudo_header(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen)
+{
+	return 0;
+}
+
diff --git a/encrypt.h b/encrypt.h
index ac8c865..f288adb 100755
--- a/encrypt.h
+++ b/encrypt.h
@@ -8,4 +8,7 @@
 #include <stdio.h>
 int my_encrypt(uint8_t *data,uint8_t *output,int &len,uint8_t * key);
 int my_decrypt(uint8_t *data,uint8_t *output,int &len,uint8_t * key);
+
+int my_encrypt_pesudo_header(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen);
+int my_decrypt_pesudo_header(uint8_t *data,uint8_t *output,int &len,uint8_t * key,uint8_t *header,int hlen);
 #endif
diff --git a/main.cpp b/main.cpp
index 0c76a31..646f989 100755
--- a/main.cpp
+++ b/main.cpp
@@ -58,6 +58,10 @@ typedef uint32_t id_t;
 
 typedef uint64_t iv_t;
 
+typedef uint64_t anti_replay_seq_t;
+
+anti_replay_seq_t anti_replay_seq=0;
+
 id_t const_id=0;
 
 id_t oppsite_const_id=0;
@@ -150,6 +154,8 @@ char raw_recv_buf2[buf_len];
 char raw_recv_buf3[buf_len];
 char replay_buf[buf_len];
 char send_data_buf[buf_len];  //buf for send data and send hb
+char send_data_buf2[buf_len];
+
 
 struct sock_filter code_tcp[] = {
 		{ 0x28, 0, 0, 0x0000000c },//0
@@ -174,7 +180,7 @@ uint16_t ip_id=1;
 
 struct sockaddr_in udp_old_addr_in;
 
-uint64_t anti_replay_seq=0;
+
 
 uint8_t key[]={1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,   0,0,0,0};
 
@@ -204,6 +210,12 @@ void init_random_number_fd()
 		exit(-1);
 	}
 }
+uint64_t get_true_random_number_64()
+{
+	uint64_t ret;
+	read(random_number_fd,&ret,sizeof(ret));
+	return ret;
+}
 uint32_t get_true_random_number_0()
 {
 	uint32_t ret;
@@ -219,6 +231,24 @@ uint32_t get_true_random_number_nz() //nz for non-zero
 	}
 	return ret;
 }
+uint64_t ntoh64(uint64_t a)
+{
+	if(__BYTE_ORDER == __LITTLE_ENDIAN)
+	{
+		return __bswap_64( a);
+	}
+	else return a;
+
+}
+uint64_t hton64(uint64_t a)
+{
+	if(__BYTE_ORDER == __LITTLE_ENDIAN)
+	{
+		return __bswap_64( a);
+	}
+	else return a;
+
+}
 struct anti_replay_t
 {
 	uint64_t max_packet_received;
@@ -1699,6 +1729,105 @@ int recv_raw(packet_info_t &info,char * &payload,int &payloadlen)
 	else if(raw_mode==mode_icmp) return recv_raw_icmp(info,payload,payloadlen);
 }
 
+int send_bare(packet_info_t &info,char* data,int len)
+{
+	if(len==0) //dont encrpyt zero length packet;
+	{
+		send_raw(info,data,len);
+		return 0;
+	}
+	//static send_bare[buf_len];
+	iv_t iv=get_true_random_number_64();
+
+	memcpy(send_data_buf,&iv,sizeof(iv_t));
+	memcpy(send_data_buf+sizeof(iv_t),data,len);
+
+	int new_len=len+sizeof(iv_t);
+	if(my_encrypt((uint8_t *)send_data_buf,(uint8_t*)send_data_buf2,new_len,key_me)!=0)
+	{
+		return -1;
+	}
+	send_raw(info,send_data_buf2,new_len);
+	return 0;
+}
+char recv_data_buf[buf_len];
+int recv_bare(packet_info_t &info,char* & data,int & len)
+{
+	if(recv_raw(info,data,len)<0)
+	{
+		return -1;
+	}
+	if(len==0) //dont decrpyt zero length packet;
+	{
+		return 0;
+	}
+
+	if(my_decrypt((uint8_t *)data,(uint8_t*)recv_data_buf,len,key_oppsite)!=0)
+	{
+		return -1;
+	}
+	data=recv_data_buf+sizeof(iv_t);
+	len-=sizeof(iv_t);
+	return 0;
+}
+
+
+int send_safe(packet_info_t &info,char* data,int len)
+{
+	id_t n_tmp_id=hton64(my_id);
+
+	memcpy(send_data_buf,&n_tmp_id,sizeof(n_tmp_id));
+
+	n_tmp_id=hton64(oppsite_id);
+
+	memcpy(send_data_buf+sizeof(n_tmp_id),&n_tmp_id,sizeof(n_tmp_id));
+
+	anti_replay_seq_t n_seq=hton64(anti_replay_seq++);
+
+	memcpy(send_data_buf+sizeof(n_tmp_id)*2,&n_seq,sizeof(n_seq));
+
+
+	memcpy(send_data_buf+sizeof(n_tmp_id)*2+sizeof(n_seq),data,len);//data;
+
+	int new_len=len+sizeof(n_seq)+sizeof(n_tmp_id)*2;
+
+	if(my_encrypt((uint8_t *)send_data_buf,(uint8_t*)send_data_buf2,new_len,key_me)!=0)
+	{
+		return -1;
+	}
+
+	send_raw(info,send_data_buf2,new_len);
+
+	return 0;
+}
+
+int recv_safe(packet_info_t &info,char* data,int len)
+{
+
+	if(my_decrypt((uint8_t *)data,(uint8_t*)recv_data_buf,len,key_oppsite)!=0)
+	{
+		return -1;
+	}
+	id_t h_oppiste_id= ntoh64 (  *((anti_replay_seq_t * )(data)) );
+	id_t h_my_id= ntoh64 (  *((anti_replay_seq_t * )(data))   +sizeof(h_my_id) );
+
+	anti_replay_seq_t h_seq= ntoh64 (  *((anti_replay_seq_t * )(data  +sizeof(h_my_id) *2 ))   );
+
+	if(h_oppiste_id!=oppsite_id||h_my_id!=my_id)
+	{
+		printf("auth fail\n");
+		return -1;
+	}
+
+	if (anti_replay.is_vaild(h_seq) != 1) {
+		printf("dropped replay packet\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+
 
 int send_bare_data(packet_info_t &info,char* data,int len)
 {