fixed compilation errors

client/crypto.c

@@ -0,0 +1,85 @@
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include "crypto.h"
+
+/* PRF using sha384, as defined in RFC 5246 */
+int PRF(uint8_t *secret, int32_t secret_len,
+		uint8_t *seed1, int32_t seed1_len,
+		uint8_t *seed2, int32_t seed2_len,
+		uint8_t *seed3, int32_t seed3_len,
+		uint8_t *seed4, int32_t seed4_len,
+		uint8_t *output, int32_t output_len){
+
+	EVP_MD_CTX ctx, ctx_tmp, ctx_init;
+	EVP_PKEY *mac_key;
+	const EVP_MD *md = EVP_sha384();
+
+	uint8_t A[EVP_MAX_MD_SIZE];
+	size_t len, A_len;
+	int chunk = EVP_MD_size(md);
+	int remaining = output_len;
+
+	uint8_t *out = output;
+
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_init(&ctx_tmp);
+	EVP_MD_CTX_init(&ctx_init);
+	EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+
+	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len);
+
+	/* Calculate first A value */
+	EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key);
+	EVP_MD_CTX_copy_ex(&ctx, &ctx_init);
+	if(seed1 != NULL && seed1_len > 0){
+		EVP_DigestSignUpdate(&ctx, seed1, seed1_len);
+	}
+	if(seed2 != NULL && seed2_len > 0){
+		EVP_DigestSignUpdate(&ctx, seed2, seed2_len);
+	}
+	if(seed3 != NULL && seed3_len > 0){
+		EVP_DigestSignUpdate(&ctx, seed3, seed3_len);
+	}
+	if(seed4 != NULL && seed4_len > 0){
+		EVP_DigestSignUpdate(&ctx, seed4, seed4_len);
+	}
+	EVP_DigestSignFinal(&ctx, A, &A_len);
+
+	//iterate until desired length is achieved
+	while(remaining > 0){
+		/* Now compute SHA384(secret, A+seed) */
+		EVP_MD_CTX_copy_ex(&ctx, &ctx_init);
+		EVP_DigestSignUpdate(&ctx, A, A_len);
+		EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx);
+		if(seed1 != NULL && seed1_len > 0){
+			EVP_DigestSignUpdate(&ctx, seed1, seed1_len);
+		}
+		if(seed2 != NULL && seed2_len > 0){
+			EVP_DigestSignUpdate(&ctx, seed2, seed2_len);
+		}
+		if(seed3 != NULL && seed3_len > 0){
+			EVP_DigestSignUpdate(&ctx, seed3, seed3_len);
+		}
+		if(seed4 != NULL && seed4_len > 0){
+			EVP_DigestSignUpdate(&ctx, seed4, seed4_len);
+		}
+		
+		if(remaining > chunk){
+			EVP_DigestSignFinal(&ctx, out, &len);
+			out += len;
+			remaining -= len;
+
+			/* Next A value */
+			EVP_DigestSignFinal(&ctx_tmp, A, &A_len);
+		} else {
+			EVP_DigestSignFinal(&ctx, A, &A_len);
+			memcpy(out, A, remaining);
+			remaining -= remaining;
+		}
+	}
+	return 1;
+}

client/crypto.h

@@ -0,0 +1,17 @@
+#ifndef _CRYPTO_H_
+#define _CRYPTO_H_
+
+# define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
+							(((unsigned int)(c[1]))    )),c+=2)
+
+
+int PRF(uint8_t *secret, int32_t secret_len,
+		uint8_t *seed1, int32_t seed1_len,
+		uint8_t *seed2, int32_t seed2_len,
+		uint8_t *seed3, int32_t seed3_len,
+		uint8_t *seed4, int32_t seed4_len,
+		uint8_t *output, int32_t output_len);
+
+#define PRE_MASTER_LEN 256
+
+#endif /* _CRYPTO_H_ */

server/crypto.c

@@ -201,9 +201,18 @@ int compute_master_secret(flow *f){
 	pub_key = BN_new();
 	priv_key = BN_new();
 
-	for(int i=0; i<bytes; i++){
-		buf[i] = f->key[i%16];
+	PRF(f->key, 16,
+		(uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
+		NULL, 0, NULL, 0, NULL, 0,
+		buf, bytes);
+
+#ifdef DEBUG
+	printf("Generated the following rand bytes: ");
+	for(int i=0; i< bytes; i++){
+		printf(" %02x ", buf[i]);
 	}
+	printf("\n");
+#endif
 
     if (!BN_bin2bn(buf, bytes, priv_key))
 		return 1;

server/crypto.h

@@ -24,4 +24,7 @@ void update_context(flow *f, uint8_t *input, int32_t len, int32_t incoming, int3
 
 #define PRE_MASTER_LEN 256
 
+#define SLITHEEN_KEYGEN_CONST "SLITHEEN_KEYGEN"
+#define SLITHEEN_KEYGEN_CONST_SIZE 15
+
 #endif /* _CRYPTO_H_ */

server/slitheen-proxy.c

@@ -14,8 +14,8 @@
 void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
 void check_handshake(struct packet_info *info, flow f);
 void *sniff_packets(void *);
-void process_packet(uint8_t *packet, struct packet_info *info);
-void extract_packet_headers(const uint8_t *packet, struct packet_info *info);
+void process_packet(struct packet_info *info);
+void extract_packet_headers(uint8_t *packet, struct packet_info *info);
 
 /** Checks a handshake message to see if it is tagged or a
  *  recognized flow.
@@ -106,7 +106,9 @@ void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *pa
 	//memcpy(modified_packet, packet, header->len);
 
 	struct packet_info *info = calloc(1, sizeof(struct packet_info));
-	extract_packet_headers(packet, info);
+	uint8_t *tmp_packet = calloc(1, header->len);
+	memcpy(tmp_packet, packet, header->len);
+	extract_packet_headers(tmp_packet, info);
 
 	// Check to make sure it is an IP packet 
 	if(info->ip_hdr == NULL)
@@ -128,10 +130,10 @@ void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *pa
 		// TODO: handle errors 
 		
 	} else { //not a fragment, add to packet chain */
-	process_packet(packet, info);
+	process_packet(info);
 
 end:
-	if((pcap_inject(handle, packet, header->len)) < 0 ){
+	if((pcap_inject(handle, tmp_packet, header->len)) < 0 ){
 		fprintf(stderr, "Error: %s\n", pcap_geterr(handle));
 	}
 	free(info);//Note: don't free this while a thread is using it
@@ -248,7 +250,7 @@ void *sniff_packets(void *args){
  * 	2) adds the packet to the flow's data chain
  * 	3) updates the flow's state
  */
-void process_packet(uint8_t *packet, struct packet_info *info){
+void process_packet(struct packet_info *info){
 	int index;
 
 	flow newFlow;
@@ -301,10 +303,10 @@ void process_packet(uint8_t *packet, struct packet_info *info){
  * 	a packet_info struct
  * 	
  */
-void extract_packet_headers(const uint8_t *packet, struct packet_info *info){
+void extract_packet_headers(uint8_t *packet, struct packet_info *info){
 
 	/* First fill in IP header */
-	const uint8_t *p = packet;
+	uint8_t *p = packet;
 	p += ETHER_HEADER_LEN; //skip ethernet header
 	info->ip_hdr = (struct ip_header*) p;
 	info->size_ip_hdr = IP_HEADER_LEN(info->ip_hdr);