3 コミット afd609566a ... 559950ca73

作者 SHA1 メッセージ 日付
  cecylia 559950ca73 made cryptothread functions static 6 年 前
  cecylia febe6f1624 cleaned up header files and moved static functions to .c files 6 年 前
  cecylia 02f5617045 fixed comments at the end of include guards 6 年 前

+ 2 - 2
relay_station/Makefile

@@ -4,9 +4,9 @@ TARGETS=slitheen
 
 all: $(TARGETS)
 
-slitheen.o packet.o flow.o ptwist168.o crypto.o relay.o cryptothread.o util.o:: ptwist.h flow.h packet.h slitheen.h crypto.h relay.h cryptothread.h util.h
+packet.o flow.o ptwist168.o crypto.o relay.o cryptothread.o util.o:: ptwist.h flow.h packet.h crypto.h relay.h cryptothread.h util.h
 
-slitheen: slitheen.o packet.o flow.o ptwist168.o crypto.o relay.o cryptothread.o util.o relay.h crypto.h ptwist.h flow.h packet.h slitheen.h cryptothread.h util.h
+slitheen: slitheen.c packet.o flow.o ptwist168.o crypto.o relay.o cryptothread.o util.o relay.h crypto.h ptwist.h flow.h packet.h cryptothread.h util.h
 	gcc -g -ggdb -o $@ $^ -L/usr/local/lib -I/usr/local/include -lssl -lcrypto -lpcap -lpthread -ldl
 
 clean:

+ 45 - 34
relay_station/crypto.c

@@ -179,6 +179,33 @@
 #define NID_brainpoolP512r1             933
 #define NID_X25519             1034
 
+#define SLITHEEN_KEYGEN_CONST "SLITHEEN_KEYGEN"
+#define SLITHEEN_KEYGEN_CONST_SIZE 15
+#define SLITHEEN_FINISHED_INPUT_CONST "SLITHEEN_FINISHED"
+#define SLITHEEN_FINISHED_INPUT_CONST_SIZE 17
+#define SLITHEEN_SUPER_SECRET_SIZE 16 //extracted from slitheen ID tag
+#define SLITHEEN_SUPER_CONST "SLITHEEN_SUPER_ENCRYPT"
+#define SLITHEEN_SUPER_CONST_SIZE 22
+
+#define PRE_MASTER_MAX_LEN BUFSIZ
+#define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"
+#define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22
+
+#define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
+            (((unsigned int)(c[1]))    )),c+=2)
+
+
+/* Curve 25519 */
+#define X25519_KEYLEN        32
+#define X25519_BITS          253
+#define X25519_SECURITY_BITS 128
+
+#if OPENSSL_VERSION_NUMBER >= 0x1010000eL
+typedef struct {
+    unsigned char pubkey[X25519_KEYLEN];
+    unsigned char *privkey;
+} X25519_KEY;
+#endif
 
 static int nid_list[] = {
     NID_sect163k1,              /* sect163k1 (1) */
@@ -216,7 +243,16 @@ static int nid_list[] = {
 #endif
 };
 
+static int tls_PRF(flow *f, uint8_t *secret, int32_t secret_len,
+        uint8_t *seed1, int32_t seed1_len,
+        uint8_t *seed2, int32_t seed2_len,
+        uint8_t *seed3, int32_t seed3_len,
+        uint8_t *seed4, int32_t seed4_len,
+        uint8_t *output, int32_t output_len);
 
+static int check_tag(byte key[16], const byte privkey[PTWIST_BYTES],
+        const byte tag[PTWIST_TAG_BYTES], const byte *context,
+        size_t context_len);
 
 /** Updates the hash of all TLS handshake messages up to and
  * including the ClientKeyExchange. This hash is eventually used
@@ -527,31 +563,6 @@ int encrypt(flow *f, uint8_t *input, uint8_t *output, int32_t len, int32_t incom
 }
 
 
-/** Increases the GCM counter when we don't decrypt a record to produce the correct tag in the next
- *  re-encrypted record
- *
- * 	Inputs:
- * 		f: the tagged flow
- * 		incoming: the direction of the flow
- *
- * 	Output:
- * 		0 on success, 1 on failure
- */
-int fake_encrypt(flow *f, int32_t incoming){
-
-    uint8_t *seq = (incoming) ? f->read_seq : f->write_seq;
-
-    for(int i=7; i>=0; i--){
-        ++seq[i];
-        if(seq[i] != 0)
-            break;
-    }
-
-    return 0;
-
-}
-
-
 /** Mark the hash in a downstream TLS finished message
  *
  * Changes the finished hash to
@@ -676,7 +687,7 @@ int compute_master_secret(flow *f){
         printf("\n");
 #endif
 
-        PRF(f, f->key, 16,
+        tls_PRF(f, f->key, 16,
                 (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
                 NULL, 0, NULL, 0, NULL, 0,
                 buf, bytes);
@@ -742,7 +753,7 @@ int compute_master_secret(flow *f){
                 goto err;
             }
 
-            PRF(f, f->key, 16, (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
+            tls_PRF(f, f->key, 16, (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
                     NULL, 0, NULL, 0, NULL, 0, xkey->privkey, X25519_KEYLEN);
 
 #ifdef DEBUG_HS
@@ -817,7 +828,7 @@ int compute_master_secret(flow *f){
                 goto err;
             }
 
-            PRF(f, f->key, 16, (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
+            tls_PRF(f, f->key, 16, (uint8_t *) SLITHEEN_KEYGEN_CONST, SLITHEEN_KEYGEN_CONST_SIZE,
                     NULL, 0, NULL, 0, NULL, 0, buf, bytes);
 
 #ifdef DEBUG_HS
@@ -884,7 +895,7 @@ int compute_master_secret(flow *f){
         free(md_ctx);
 #endif
 
-        PRF(f, pre_master_secret, pre_master_len, (uint8_t *) TLS_MD_EXTENDED_MASTER_SECRET_CONST, TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, hash, hash_len, NULL, 0, NULL, 0, f->master_secret, SSL3_MASTER_SECRET_SIZE);
+        tls_PRF(f, pre_master_secret, pre_master_len, (uint8_t *) TLS_MD_EXTENDED_MASTER_SECRET_CONST, TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, hash, hash_len, NULL, 0, NULL, 0, f->master_secret, SSL3_MASTER_SECRET_SIZE);
 #ifdef DEBUG_HS
         fprintf(stdout, "Premaster Secret:\n");
         BIO_dump_fp(stdout, (char *)pre_master_secret, pre_master_len);
@@ -896,7 +907,7 @@ int compute_master_secret(flow *f){
 
     } else {
 
-        PRF(f, pre_master_secret, pre_master_len, (uint8_t *) TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, f->client_random, SSL3_RANDOM_SIZE, f->server_random, SSL3_RANDOM_SIZE, NULL, 0, f->master_secret, SSL3_MASTER_SECRET_SIZE);
+        tls_PRF(f, pre_master_secret, pre_master_len, (uint8_t *) TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, f->client_random, SSL3_RANDOM_SIZE, f->server_random, SSL3_RANDOM_SIZE, NULL, 0, f->master_secret, SSL3_MASTER_SECRET_SIZE);
 
 #ifdef DEBUG_HS
         fprintf(stdout, "Premaster Secret:\n");
@@ -1049,7 +1060,7 @@ int extract_server_random(flow *f, uint8_t *hs){
  *  Output:
  *  	0 on success, 1 on failure
  */
-int PRF(flow *f, uint8_t *secret, int32_t secret_len,
+static int tls_PRF(flow *f, uint8_t *secret, int32_t secret_len,
         uint8_t *seed1, int32_t seed1_len,
         uint8_t *seed2, int32_t seed2_len,
         uint8_t *seed3, int32_t seed3_len,
@@ -1202,7 +1213,7 @@ int init_ciphers(flow *f){
     total_len *= 2;
     uint8_t *key_block = scalloc(1, total_len);
 
-    PRF(f, f->master_secret, SSL3_MASTER_SECRET_SIZE,
+    tls_PRF(f, f->master_secret, SSL3_MASTER_SECRET_SIZE,
             (uint8_t *) TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
             f->server_random, SSL3_RANDOM_SIZE,
             f->client_random, SSL3_RANDOM_SIZE,
@@ -1391,7 +1402,7 @@ void generate_client_super_keys(uint8_t *secret, client *c){
     int32_t total_len = 2*key_len + mac_len;
     uint8_t *key_block = scalloc(1, total_len);
 
-    PRF(NULL, shared_secret, SLITHEEN_SUPER_SECRET_SIZE,
+    tls_PRF(NULL, shared_secret, SLITHEEN_SUPER_SECRET_SIZE,
             (uint8_t *) SLITHEEN_SUPER_CONST, SLITHEEN_SUPER_CONST_SIZE,
             NULL, 0,
             NULL, 0,
@@ -1680,7 +1691,7 @@ int check_handshake(struct packet_info *info){
 /* Check the given tag with the given context and private key.  Return 0
    if the tag is properly formed, non-0 if not.  If the tag is correct,
    set key to the resulting secret key. */
-int check_tag(byte key[16], const byte privkey[PTWIST_BYTES],
+static int check_tag(byte key[16], const byte privkey[PTWIST_BYTES],
         const byte tag[PTWIST_TAG_BYTES], const byte *context,
         size_t context_len)
 {

+ 2 - 44
relay_station/crypto.h

@@ -29,62 +29,20 @@
 #define CRYPTO_H
 
 #include "flow.h"
-#include "ptwist.h"
-
-#define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
-            (((unsigned int)(c[1]))    )),c+=2)
-
-
-/* Curves */
-#define X25519_KEYLEN        32
-#define X25519_BITS          253
-#define X25519_SECURITY_BITS 128
-
-#if OPENSSL_VERSION_NUMBER >= 0x1010000eL
-typedef struct {
-    unsigned char pubkey[X25519_KEYLEN];
-    unsigned char *privkey;
-} X25519_KEY;
-#endif
 
 int update_handshake_hash(flow *f, uint8_t *hs);
 int extract_parameters(flow *f, uint8_t *hs);
 int encrypt(flow *f, uint8_t *input, uint8_t *output, int32_t len, int32_t incoming, int32_t type, int32_t enc, uint8_t re);
-int fake_encrypt(flow *f, int32_t incoming);
 int extract_server_random(flow *f, uint8_t *hs);
 int compute_master_secret(flow *f);
 
-int PRF(flow *f, uint8_t *secret, int32_t secret_len,
-        uint8_t *seed1, int32_t seed1_len,
-        uint8_t *seed2, int32_t seed2_len,
-        uint8_t *seed3, int32_t seed3_len,
-        uint8_t *seed4, int32_t seed4_len,
-        uint8_t *output, int32_t output_len);
-
 int mark_finished_hash(flow *f, uint8_t *hs);
 int init_ciphers(flow *f);
 void generate_client_super_keys(uint8_t *secret, client *c);
 int super_encrypt(client *c, uint8_t *data, uint32_t len);
 int check_handshake(struct packet_info *info);
 
-int check_tag(byte key[16], const byte privkey[PTWIST_BYTES],
-        const byte tag[PTWIST_TAG_BYTES], const byte *context,
-        size_t context_len);
-#define PRE_MASTER_MAX_LEN BUFSIZ
-
-#define SLITHEEN_KEYGEN_CONST "SLITHEEN_KEYGEN"
-#define SLITHEEN_KEYGEN_CONST_SIZE 15
-
-#define SLITHEEN_FINISHED_INPUT_CONST "SLITHEEN_FINISHED"
-#define SLITHEEN_FINISHED_INPUT_CONST_SIZE 17
-
-#define SLITHEEN_SUPER_SECRET_SIZE 16 //extracted from slitheen ID tag
-#define SLITHEEN_SUPER_CONST "SLITHEEN_SUPER_ENCRYPT"
-#define SLITHEEN_SUPER_CONST_SIZE 22
-
-#define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"
-#define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22
-
 int partial_aes_gcm_tls_cipher(flow *f, unsigned char *out, const unsigned char *in, size_t len, uint8_t env);
 void partial_aes_gcm_tls_tag(flow *f, unsigned char *tag, size_t len);
-#endif
+
+#endif /* CRYPTO_H */

+ 5 - 2
relay_station/cryptothread.c

@@ -37,6 +37,9 @@
 static pthread_mutex_t *crypto_locks;
 static long *lock_count;
 
+static void pthreads_thread_id(CRYPTO_THREADID *tid);
+static void pthreads_locking_callback(int mode, int type, const char *file, int line);
+
 void init_crypto_locks(void){
 
     crypto_locks = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
@@ -67,7 +70,7 @@ void crypto_locks_cleanup(void){
 }
 
 /** If the mode is CRYPTO_LOCK, the lock indicated by type will be acquired, otherwise it will be released */
-void pthreads_locking_callback(int mode, int type, const char *file, int line){
+static void pthreads_locking_callback(int mode, int type, const char *file, int line){
 
     if(mode & CRYPTO_LOCK){
         pthread_mutex_lock(&(crypto_locks[type]));
@@ -77,7 +80,7 @@ void pthreads_locking_callback(int mode, int type, const char *file, int line){
     }
 }
 
-void pthreads_thread_id(CRYPTO_THREADID *tid){
+static void pthreads_thread_id(CRYPTO_THREADID *tid){
     CRYPTO_THREADID_set_numeric(tid, (unsigned long)pthread_self());
 }
 

+ 1 - 3
relay_station/cryptothread.h

@@ -32,6 +32,4 @@
 void init_crypto_locks(void);
 void crypto_locks_cleanup(void);
 
-void pthreads_thread_id(CRYPTO_THREADID *tid);
-void pthreads_locking_callback(int mode, int type, const char *file, int line);
-#endif /* _CRYPTOTHREAD_H_ */
+#endif /* CRYPTOTHREAD_H */

+ 49 - 5
relay_station/flow.c

@@ -43,12 +43,56 @@
 #include "relay.h"
 #include "util.h"
 
+/* Data structures */
+typedef struct packet_chain_st {
+    packet *first_packet;
+    uint32_t expected_seq_num;
+    uint32_t record_len;
+    uint32_t remaining_record_len;
+} packet_chain;
+
+typedef struct session_cache_st {
+    session *first_session;
+    uint32_t length;
+} session_cache;
+
+typedef struct flow_entry_st {
+    flow *f;
+    struct flow_entry_st *next;
+} flow_entry;
+
+typedef struct flow_table_st {
+    flow_entry *first_entry;
+    int len;
+} flow_table;
+
 static flow_table *table;
 static session_cache *sessions;
 client_table *clients;
 
 sem_t flow_table_lock;
 
+#define TLS_HELLO_REQ 0x00
+#define TLS_CLNT_HELLO 0x01
+#define TLS_SERV_HELLO 0x02
+#define TLS_NEW_SESS 0x04
+#define TLS_CERT 0x0b
+#define TLS_SRVR_KEYEX 0x0c
+#define TLS_CERT_REQ 0x0d
+#define TLS_SRVR_HELLO_DONE 0x0e
+#define TLS_CERT_VERIFY 0x0f
+#define TLS_CLNT_KEYEX 0x10
+#define TLS_FINISHED 0x14
+#define TLS_CERT_STATUS 0x16
+
+static int update_flow(flow *f, uint8_t *record, uint8_t incoming);
+static int verify_session_id(flow *f, uint8_t *hs);
+static int check_extensions(flow *f, uint8_t *hs, uint32_t len);
+static int verify_extensions(flow *f, uint8_t *hs, uint32_t len);
+static int save_session_id(flow *f, uint8_t *hs);
+static int save_session_ticket(flow *f, uint8_t *hs, uint32_t len);
+
+
 /* Initialize the table of tagged flows */
 int init_tables(void) {
 
@@ -191,7 +235,7 @@ flow *add_flow(struct packet_info *info) {
  *  Output:
  *  	0 on success, 1 on failure
  */
-int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
+static int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
     const struct record_header *record_hdr;
     const struct handshake_header *handshake_hdr;
     uint8_t *p;
@@ -801,7 +845,7 @@ int init_session_cache(void){
  *  Output:
  *  	0 if success, 1 if failed
  */
-int verify_session_id(flow *f, uint8_t *hs){
+static int verify_session_id(flow *f, uint8_t *hs){
 
     if (f->current_session == NULL)
         return 1;
@@ -902,7 +946,7 @@ int verify_session_id(flow *f, uint8_t *hs){
  *  Output:
  *  	0 if success, 1 if failed
  */
-int check_extensions(flow *f, uint8_t *hs, uint32_t len){
+static int check_extensions(flow *f, uint8_t *hs, uint32_t len){
 
     uint8_t *p = hs + HANDSHAKE_HEADER_LEN;
     p += 2; //skip version
@@ -988,7 +1032,7 @@ int check_extensions(flow *f, uint8_t *hs, uint32_t len){
  *  Output:
  *  	0 if success, 1 if failed
  */
-int verify_extensions(flow *f, uint8_t *hs, uint32_t len){
+static int verify_extensions(flow *f, uint8_t *hs, uint32_t len){
 
     uint8_t extended_master_secret = 0;
     uint32_t remaining_len = len;
@@ -1052,7 +1096,7 @@ int verify_extensions(flow *f, uint8_t *hs, uint32_t len){
  *  Output:
  *  	0 if success, 1 if failed
  */
-int save_session_id(flow *f, uint8_t *hs){
+static int save_session_id(flow *f, uint8_t *hs){
 
     //increment pointer to point to sessionid
     uint8_t *p = hs + HANDSHAKE_HEADER_LEN;

+ 2 - 44
relay_station/flow.h

@@ -41,19 +41,6 @@
 #define MAX_FLOWS 10
 #define SLITHEEN_ID_LEN 28
 
-#define TLS_HELLO_REQ 0x00
-#define TLS_CLNT_HELLO 0x01
-#define TLS_SERV_HELLO 0x02
-#define TLS_NEW_SESS 0x04
-#define TLS_CERT 0x0b
-#define TLS_SRVR_KEYEX 0x0c
-#define TLS_CERT_REQ 0x0d
-#define TLS_SRVR_HELLO_DONE 0x0e
-#define TLS_CERT_VERIFY 0x0f
-#define TLS_CLNT_KEYEX 0x10
-#define TLS_FINISHED 0x14
-#define TLS_CERT_STATUS 0x16
-
 struct client_st;
 typedef struct client_st client;
 
@@ -75,12 +62,7 @@ typedef struct packet_st{
     struct packet_st *next;
 } packet;
 
-typedef struct packet_chain_st {
-    packet *first_packet;
-    uint32_t expected_seq_num;
-    uint32_t record_len;
-    uint32_t remaining_record_len;
-} packet_chain;
+typedef struct packet_chain_st packet_chain;
 
 typedef struct queue_block_st{
     int32_t len;
@@ -121,11 +103,6 @@ typedef struct session_st {
     uint8_t *session_ticket;
 } session;
 
-typedef struct session_cache_st {
-    session *first_session;
-    uint32_t length;
-} session_cache;
-
 typedef struct flow_st {
     sem_t flow_lock;
 
@@ -218,31 +195,12 @@ typedef struct flow_st {
 
 } flow;
 
-typedef struct flow_entry_st {
-    flow *f;
-    struct flow_entry_st *next;
-} flow_entry;
-
-typedef struct flow_table_st {
-    flow_entry *first_entry;
-    int len;
-} flow_table;
-
-
 int init_tables(void);
 flow *add_flow(struct packet_info *info);
-int update_flow(flow *f, uint8_t *record, uint8_t incoming);
 int remove_flow(flow *f);
 flow *check_flow(struct packet_info *info);
-flow *get_flow(int index);
 
 int init_session_cache (void);
-int verify_session_id(flow *f, uint8_t *hs);
-int check_extensions(flow *f, uint8_t *hs, uint32_t len);
-int verify_extensions(flow *f, uint8_t *hs, uint32_t len);
-int save_session_id(flow *f, uint8_t *hs);
-int save_session_ticket(flow *f, uint8_t *hs, uint32_t len);
-
 int add_packet(flow *f, struct packet_info *info);
 
-#endif /* __RELAY_H__ */
+#endif /* FLOW_H */

+ 1 - 1
relay_station/ptwist.h

@@ -61,4 +61,4 @@ typedef unsigned char byte;
 void ptwist_pointmul(byte out[PTWIST_BYTES], const byte x[PTWIST_BYTES],
         const byte seckey[PTWIST_BYTES]);
 
-#endif
+#endif /* PTWIST_H */

+ 32 - 4
relay_station/relay.c

@@ -57,6 +57,34 @@
 #include "crypto.h"
 #include "util.h"
 
+/* Data structures */
+struct proxy_thread_data {
+    uint8_t *initial_data;
+    uint16_t initial_len;
+    uint16_t stream_id;
+    int32_t pipefd;
+    stream_table *streams;
+    data_queue *downstream_queue;
+    client *client;
+};
+
+struct socks_req {
+    uint8_t version;
+    uint8_t cmd;
+    uint8_t rsvd;
+    uint8_t addr_type;
+};
+
+struct __attribute__((__packed__)) sl_up_hdr {
+    uint16_t stream_id;
+    uint16_t len;
+};
+
+static int process_downstream(flow *f, int32_t offset, struct packet_info *info);
+static int read_header(flow *f, struct packet_info *info);
+static int fill_with_downstream(flow *f, uint8_t *data, int32_t length);
+static void *proxy_covert_site(void *data);
+
 /** Called when a TLS application record is received for a
  *  tagged flow. Upstream packets will be checked for covert
  *  requests to censored sites, downstream packets will be
@@ -133,7 +161,7 @@ int replace_packet(flow *f, struct packet_info *info){
  *  Ouput:
  *  	0 on success, 1 on failure
  */
-int read_header(flow *f, struct packet_info *info){
+static int read_header(flow *f, struct packet_info *info){
     uint8_t *p = info->app_data;
 
     if (info->tcp_hdr == NULL){
@@ -536,7 +564,7 @@ int read_header(flow *f, struct packet_info *info){
  *  	- the downstream queue for the client
  *
  */
-void *proxy_covert_site(void *data){
+static void *proxy_covert_site(void *data){
 
     struct proxy_thread_data *thread_data =
         (struct proxy_thread_data *) data;
@@ -852,7 +880,7 @@ err:
  *  Output:
  *  	Returns 0 on sucess 
  */
-int process_downstream(flow *f, int32_t offset, struct packet_info *info){
+static int process_downstream(flow *f, int32_t offset, struct packet_info *info){
 
     uint8_t *p = info->app_data;
     uint32_t remaining_packet_len = info->app_data_len;
@@ -1472,7 +1500,7 @@ int process_downstream(flow *f, int32_t offset, struct packet_info *info){
  *  	length: The length of the downstream data required
  *
  */
-int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
+static int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
 
     printf("In fill_with_ds\n");
     uint8_t *p = data;

+ 1 - 32
relay_station/relay.h

@@ -31,16 +31,6 @@
 #include "flow.h"
 #include <stdint.h>
 
-struct proxy_thread_data {
-    uint8_t *initial_data;
-    uint16_t initial_len;
-    uint16_t stream_id;
-    int32_t pipefd;
-    stream_table *streams;
-    data_queue *downstream_queue;
-    client *client;
-};
-
 typedef struct client_st {
     uint8_t slitheen_id[SLITHEEN_ID_LEN];
     stream_table *streams;
@@ -50,9 +40,6 @@ typedef struct client_st {
     struct client_st *next;
     uint8_t *header_key;
     uint8_t *body_key;
-    //uint8_t *mac_key
-    //EVP_CIPHER_CTX *header_ctx;
-    //EVP_CIPHER_CTX *body_ctx;
     EVP_MD_CTX *mac_ctx;
 } client;
 
@@ -62,27 +49,9 @@ typedef struct client_table_st {
 
 extern client_table *clients;
 
-struct socks_req {
-    uint8_t version;
-    uint8_t cmd;
-    uint8_t rsvd;
-    uint8_t addr_type;
-};
-
-struct __attribute__((__packed__)) sl_up_hdr {
-    uint16_t stream_id;
-    uint16_t len;
-};
-
 int replace_packet(flow *f, struct packet_info *info);
-int process_downstream(flow *f, int32_t offset, struct packet_info *info);
-int read_header(flow *f, struct packet_info *info);
-uint32_t get_response_length(uint8_t *response);
-int fill_with_downstream(flow *f, uint8_t *data, int32_t length);
 uint16_t tcp_checksum(struct packet_info *info);
 
-void *proxy_covert_site(void *data);
-
 #define BEGIN_HEADER 0x10
 #define PARSE_HEADER 0x20
 #define MID_CONTENT 0x30
@@ -93,4 +62,4 @@ void *proxy_covert_site(void *data);
 #define FORFEIT_REST 0x80
 #define USE_REST 0x90
 
-#endif /* _RELAY_H_ */
+#endif /* RELAY_H */

+ 5 - 1
relay_station/slitheen.c

@@ -39,12 +39,16 @@
 
 #include "util.h"
 #include "flow.h"
-#include "slitheen.h"
 #include "relay.h"
 #include "crypto.h"
 #include "cryptothread.h"
 #include "packet.h"
 
+struct sniff_args {
+    char *readdev;
+    char *writedev;
+};
+
 void got_packet(uint8_t *args, const struct pcap_pkthdr *header, const uint8_t *packet);
 void *sniff_packets(void *);
 void process_packet(struct inject_args *iargs, const struct pcap_pkthdr *header, uint8_t *packet);

+ 0 - 40
relay_station/slitheen.h

@@ -1,40 +0,0 @@
-
-/* Slitheen - a decoy routing system for censorship resistance
- * Copyright (C) 2017 Cecylia Bocovich (cbocovic@uwaterloo.ca)
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, version 3.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Additional permission under GNU GPL version 3 section 7
- * 
- * If you modify this Program, or any covered work, by linking or combining
- * it with the OpenSSL library (or a modified version of that library), 
- * containing parts covered by the terms of the OpenSSL Licence and the
- * SSLeay license, the licensors of this Program grant you additional
- * permission to convey the resulting work. Corresponding Source for a
- * non-source form of such a combination shall include the source code
- * for the parts of the OpenSSL library used as well as that of the covered
- * work.
- */
-#ifndef SLITHEEN_H
-#define SLITHEEN_H
-#include <stdint.h>
-#include <pcap.h>
-
-
-struct sniff_args {
-    char *readdev;
-    char *writedev;
-};
-
-
-#endif /* _SLITHEEN_H_ */

+ 11 - 2
relay_station/util.c

@@ -30,12 +30,21 @@
  * work.
  */
 
-
-
 #include <stdio.h>
 #include <stdlib.h>
 #include "util.h"
 
+//Standard queue data structure
+typedef struct element_st {
+    void *data;
+    struct element_st *next;
+} element;
+
+typedef struct queue_st {
+    element *first;
+    element *last;
+} queue;
+
 //malloc macro that exits on error
 void *smalloc(size_t size){
     void *ptr = malloc(size);

+ 2 - 11
relay_station/util.h

@@ -38,16 +38,7 @@
 void *smalloc(size_t size);
 void *scalloc(size_t nmemb, size_t size);
 
-//Standard queue data structure
-typedef struct element_st {
-    void *data;
-    struct element_st *next;
-} element;
-
-typedef struct queue_st {
-    element *first;
-    element *last;
-} queue;
+typedef struct queue_st queue;
 
 queue *init_queue();
 void enqueue(queue *list, void *data);
@@ -55,4 +46,4 @@ void *dequeue(queue *list);
 void *peek(queue *list, int32_t n);
 void remove_queue(queue *list);
 
-#endif /*_UTIL_H_*/
+#endif /* UTIL_H */