enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-19 16:41:11 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

AES: remove obsolete fields sa and nonce (#152)

Browse Source 
* removed obsolete fields for nonce and sa
This commit is contained in:
Logan008 2019-06-30 23:32:40 +02:00 committed by Emanuele Faranda
parent 53d27bebf5
commit 47a298cb4d
1 changed files with 16 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
transform_aes.c
View File

@ -33,14 +33,10 @@
/* AES plaintext preamble */
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_AES_SA_SIZE 4
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; leave it set to 8 for now */
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE + TRANSOP_AES_IV_SEED_SIZE)
/* AES ciphertext preamble */
#define TRANSOP_AES_NONCE_SIZE 4
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE)
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
@ -79,12 +75,11 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint64_t iv
/** The aes packet format consists of:
*
* - a 8-bit aes encoding version in clear text
* - a 32-bit SA number in clear text
* - a 64-bit random IV seed
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
* - encrypted payload.
*
* [V|SSSS|II|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
* [V|II|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_aes( n2n_trans_op_t * arg,
uint8_t * outbuf,
@ -96,13 +91,11 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
int len2=-1;
transop_aes_t * priv = (transop_aes_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE] = {0};
uint32_t * pnonce;
if ( (in_len + TRANSOP_AES_NONCE_SIZE) <= N2N_PKT_BUF_SIZE) {
if ( (in_len + TRANSOP_AES_NONCE_SIZE + TRANSOP_AES_PREAMBLE_SIZE) <= out_len) {
if ( in_len <= N2N_PKT_BUF_SIZE) {
if ( (in_len + TRANSOP_AES_PREAMBLE_SIZE) <= out_len) {
int len=-1;
size_t idx=0;
size_t tx_sa_num = 0; // Not used
uint64_t iv_seed = 0;
uint8_t padding = 0;
n2n_aes_ivec_t enc_ivec = {0};
@ -112,9 +105,6 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
/* Encode the aes format version. */
encode_uint8( outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
/* Encode the security association (SA) number */
encode_uint32( outbuf, &idx, tx_sa_num); // Not used
/* Generate and encode the IV seed.
* Using two calls to rand() because RAND_MAX is usually < 64bit
* (e.g. linux) and sometimes < 32bit (e.g. Windows).
@ -122,15 +112,14 @@ static int transop_encode_aes( n2n_trans_op_t * arg,
iv_seed = ((((uint64_t)rand() & 0xFFFFFFFF)) << 32) | rand();
encode_buf(outbuf, &idx, &iv_seed, TRANSOP_AES_IV_SEED_SIZE);
/* Encrypt the assembly contents and write the ciphertext after the SA. */
len = in_len + TRANSOP_AES_NONCE_SIZE;
/* Encrypt the assembly contents and write the ciphertext after the iv seed. */
/* len is set to the length of the cipher plain text to be encrpyted
which is (in this case) identical to original packet lentgh */
len = in_len;
/* The assembly buffer is a source for encrypting data. The nonce is
* written in first followed by the packet payload. The whole
* contents of assembly are encrypted. */
pnonce = (uint32_t *)assembly;
*pnonce = rand();
memcpy( assembly + TRANSOP_AES_NONCE_SIZE, inbuf, in_len);
/* The assembly buffer is a source for encrypting data.
* The whole contents of assembly are encrypted. */
memcpy( assembly, inbuf, in_len);
/* Need at least one encrypted byte at the end for the padding. */
len2 = ( (len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */
@ -166,10 +155,9 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
uint8_t assembly[N2N_PKT_BUF_SIZE];
if ( ( (in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
&& (in_len >= (TRANSOP_AES_PREAMBLE_SIZE + TRANSOP_AES_NONCE_SIZE)) /* Has at least version, SA, iv seed and nonce */
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least version, iv seed */
)
{
uint32_t sa_rx=0; // Not used
size_t rem=in_len;
size_t idx=0;
uint8_t aes_enc_ver=0;
@ -179,9 +167,6 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
decode_uint8( &aes_enc_ver, inbuf, &rem, &idx );
if ( N2N_AES_TRANSFORM_VERSION == aes_enc_ver) {
/* Get the SA number and make sure we are decrypting with the right one. - Not used*/
decode_uint32( &sa_rx, inbuf, &rem, &idx);
/* Get the IV seed */
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
@ -205,7 +190,7 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
* AES_BLOCKSIZE-1 */
padding = assembly[ len-1 ] & 0xff;
if ( len >= (padding + TRANSOP_AES_NONCE_SIZE))
if ( len >= padding)
{
/* strictly speaking for this to be an ethernet packet
* it is going to need to be even bigger; but this is
@ -213,11 +198,8 @@ static int transop_decode_aes( n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "padding = %u", padding);
len -= padding;
len -= TRANSOP_AES_NONCE_SIZE; /* size of ethernet packet */
/* Step over 4-byte random nonce value */
memcpy( outbuf,
assembly + TRANSOP_AES_NONCE_SIZE,
assembly,
len);
} else
traceEvent(TRACE_WARNING, "UDP payload decryption failed.");