enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-20 00:51:10 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Merge pull request #296 from Logan007/fixHE

Browse Source 
quick fix for header encryption, temporary disabling checksum check
This commit is contained in:
Luca Deri 2020-07-03 09:17:06 +02:00 committed by GitHub
commit 18998e6a96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/edge_utils.c
View File

@ -1658,8 +1658,8 @@ static void readFromIPSocket(n2n_edge_t * eee, int in_sock) {
return; return;
} }
if (checksum != pearson_hash_16 (udp_buf, recvlen)) { if (checksum != pearson_hash_16 (udp_buf, recvlen)) {
traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to checksum error."); // !!! traceEvent(TRACE_DEBUG, "readFromIPSocket dropped packet due to checksum error.");
return; // !!! return;
} }
} }

6
src/header_encryption.c
View File

@ -36,8 +36,10 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint16_t packet_len,
memcpy (iv, packet, 12); memcpy (iv, packet, 12);
// extract checksum (last 16 bit) blended in IV // extract checksum (last 16 bit) blended in IV
speck_he_iv_decrypt (packet, (speck_context_t*)ctx_iv); speck_he_iv_decrypt (iv, (speck_context_t*)ctx_iv);
*checksum = be16toh (((uint16_t*)packet)[5]); *checksum = be16toh (((uint16_t*)iv)[5]);
memcpy (iv, packet, 12);
// try community name as possible key and check for magic bytes // try community name as possible key and check for magic bytes
uint32_t magic = 0x6E326E00; // ="n2n_" uint32_t magic = 0x6E326E00; // ="n2n_"

1
src/pearson.c
View File

@ -75,6 +75,7 @@ static uint16_t t16[65536]; // 16-bit look-up table
#endif #endif
#define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r)))) #define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r))))
#define ROR32(x,r) (((x)>>(r))|((x)<<(32-(r))))
void pearson_hash_256 (uint8_t *out, const uint8_t *in, size_t len) { void pearson_hash_256 (uint8_t *out, const uint8_t *in, size_t len) {

4
src/sn.c
View File

@ -495,8 +495,8 @@ static int process_udp(n2n_sn_t * sss,
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx, if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
comm->header_iv_ctx, &checksum)) ) { comm->header_iv_ctx, &checksum)) ) {
if (checksum != pearson_hash_16 (udp_buf, udp_size)) { if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error."); // !!! traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
return -1; // !!! return -1;
} }
if (comm->header_encryption == HEADER_ENCRYPTION_UNKNOWN) { if (comm->header_encryption == HEADER_ENCRYPTION_UNKNOWN) {
traceEvent (TRACE_INFO, "process_udp locked community '%s' to using " traceEvent (TRACE_INFO, "process_udp locked community '%s' to using "

4
src/sn_utils.c
View File

@ -424,8 +424,8 @@ static int process_udp(n2n_sn_t * sss,
if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx, if ( (ret = packet_header_decrypt (udp_buf, udp_size, comm->community, comm->header_encryption_ctx,
comm->header_iv_ctx, &checksum)) ) { comm->header_iv_ctx, &checksum)) ) {
if (checksum != pearson_hash_16 (udp_buf, udp_size)) { if (checksum != pearson_hash_16 (udp_buf, udp_size)) {
traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error."); // !!! traceEvent(TRACE_DEBUG, "process_udp dropped packet due to checksum error.");
return -1; // !!! return -1;
} }
if (comm->header_encryption == HEADER_ENCRYPTION_UNKNOWN) { if (comm->header_encryption == HEADER_ENCRYPTION_UNKNOWN) {
traceEvent (TRACE_INFO, "process_udp locked community '%s' to using " traceEvent (TRACE_INFO, "process_udp locked community '%s' to using "