Clean re-implementation of imported SRP code that fixes some bugs and adds support for other crypto backends.

We now fully support all crypto via either MbedTLS or GnuTLS+Nettle+GMP, though for now MbedTLS remains preferred.

During the rewrite a bug was found in the old imported code that leads to incorrect hashes when mbedtls_sha256_update was used.
This bug unfortunately creates an incompatibility between wrongly and correctly hashing versions.
For compatibility reasons we still support the wrong hashing (only via MbedTLS), this is detected at runtime via signalled rist gre version (old versions had version set to 0, the spec allows for version 1).
This also affects generated SRP files.
An extra identifier is added to each line to differentiate between broken and correct hashing.
Thus it's strongly recommended to update SRP files with correct hashing.
The ristsrppassword utility is updated to generate both correct and wrong hashes.
Calling applications should take care to use the new lookup callback and supply the correctly hashed verifier & salt when called with hashversion >= 1

Also added to the lookup callback is a generation variable, which allows libRIST to cache verifier & salt.

We now also have (partial) unit tests for the SRP code, based on the example constants written in the spec. The example constants are unfortunately generated with the wrong hashing algorithm.

Steve Lhomme authored 1 year ago and Gijs Peskens committed 1 year ago

_WIN32_WINNT is always set on Windows build and should at least be 0x0600.

Steve Lhomme authored 1 year ago and Gijs Peskens committed 1 year ago

If the user requires a newer Windows version it should set it manually.

It is also questionable to call inet_ntop (aka InetNtopA) if the build
requests minimum support for Win XP (VLC 3.0). It's only available since
Vista [1]. So building for a Vista target should be fine.

[1] https://learn.microsoft.com/en-us/windows/win32/api/ws2tcpip/nf-ws2tcpip-inet_ntop

-simplify control flow
-create peer & start keep-alive on reception of GRE Keepalive

-start simplifying control flow
-add (limited -> recv only) support for VSF ethertype

Fixes #160

Fixes #152, needs additional verification

-tag will now be parsed & corrected into correct format, usefull error
message is printed on failure
-duplicate stat is fixed on sender

This will enable the tools applications to export stats in Prometheus
(OpenMetrics) format.
Output is available either via HTTP (libmicrohttpd) or on a unix domain
socket.

Only used on outgoing connections.
Fixes #150

implemented

Triages #140

Thank you DJ & crew @ in2ip for supporting the FreeBSD CI till now!
Unfortunately all good things come to an end.

Tristan Matthews authored 2 years ago and Gijs Peskens committed 2 years ago

This is triggering deprecation warnings.

Can be used to set socket options like DSCP and such.

function

our receive loop was reading a single packet per iteration leading to
reduced performance with multiple clients connected. Instead fully
read all packets from the socket till we receive an error (likely
AGAIN)

Thx Jody Garellek for bringing this issue to our attention

It is using glibc like Linux.

Debian is using cJSON from github.com/DaveGamble/cJSON, as well as
archlinux and homebrew, which is shipping a libcjson.pc file. Only
ubuntu is using a different version not including the .pc file.