From 50bc1492e22bd132e7b895c5328c57521f81bc1c Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Fri, 12 Apr 2019 00:23:20 +0200 Subject: [PATCH] Remove unnecessary structures in AES encryption This undoes most of the changes made in 37233553a451df6caa3895c6197c1f8cf779cc11 as the problem with the drops was only mitigated. The actual fix for the dropped packets was in e989f475a1b7df8e8d51ea5805c1009b71b075f4 and the invalid initialization was the root cause --- transform_aes.c | 58 +++++-------------------------------------------- 1 file changed, 5 insertions(+), 53 deletions(-) diff --git a/transform_aes.c b/transform_aes.c index f41aaea..1aed1ab 100644 --- a/transform_aes.c +++ b/transform_aes.c @@ -59,13 +59,7 @@ struct transop_aes ssize_t tx_sa; size_t num_sa; sa_aes_t sa[N2N_AES_NUM_SA]; - - /* PSK mode only */ - int psk_mode; - u_int8_t mac_sa[N2N_AES_NUM_SA][N2N_MAC_SIZE]; /* this is used as a key in the sa array */ - uint8_t *encrypt_pwd; - uint32_t encrypt_pwd_len; - size_t sa_to_replace; + u_int8_t psk_mode; }; typedef struct transop_aes transop_aes_t; @@ -99,43 +93,8 @@ static int transop_deinit_aes( n2n_trans_op_t * arg ) return 0; } -/* Find the peer_mac sa */ -static size_t aes_psk_get_peer_sa(transop_aes_t * priv, const u_int8_t * peer_mac) { - size_t i; - int found = 0; - - /* Find the MAC sa */ - for(i=0; inum_sa; i++) { - if(!memcmp(priv->mac_sa[i], peer_mac, N2N_MAC_SIZE)) { - found = 1; - break; - } - } - - if(found) - return(i); - - size_t new_sa = priv->sa_to_replace; - macstr_t mac_buf; - macaddr_str(mac_buf, peer_mac); - traceEvent(TRACE_DEBUG, "Assigning SA %u to %s", new_sa, mac_buf); - - setup_aes_key(priv, priv->encrypt_pwd, priv->encrypt_pwd_len, new_sa); - priv->num_sa = max(priv->num_sa, new_sa + 1); - memcpy(priv->mac_sa[new_sa], peer_mac, N2N_MAC_SIZE); - priv->sa[new_sa].sa_id = new_sa; - - /* Use sa_to_replace round-robin */ - priv->sa_to_replace = (priv->sa_to_replace + 1) % N2N_AES_NUM_SA; - - return new_sa; -} - static size_t aes_choose_tx_sa( transop_aes_t * priv, const u_int8_t * peer_mac ) { - if(!priv->psk_mode) - return priv->tx_sa; /* set in tick */ - else - return aes_psk_get_peer_sa(priv, peer_mac); + return priv->tx_sa; /* set in tick */ } static ssize_t aes_choose_rx_sa( transop_aes_t * priv, const u_int8_t * peer_mac, ssize_t sa_rx) { @@ -143,7 +102,7 @@ static ssize_t aes_choose_rx_sa( transop_aes_t * priv, const u_int8_t * peer_mac return aes_find_sa(priv, sa_rx); else /* NOTE the sa_rx of the packet is ignored in this case */ - return aes_psk_get_peer_sa(priv, peer_mac); + return 0; } #define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */ @@ -606,7 +565,6 @@ int transop_aes_setup_psk(n2n_trans_op_t *ttt, n2n_sa_t sa_num, uint8_t *encrypt_pwd, uint32_t encrypt_pwd_len) { - static const u_int8_t broadcast_mac[6] = {0xff,0xff,0xff,0xff,0xff,0xff}; int retval = 1; transop_aes_t *priv = (transop_aes_t *)ttt->priv; @@ -614,17 +572,11 @@ int transop_aes_setup_psk(n2n_trans_op_t *ttt, /* Replace the tick function with the PSK version of it */ ttt->tick = transop_tick_aes_psk; priv->psk_mode = 1; - memset(priv->mac_sa, 0, sizeof(priv->mac_sa)); - priv->encrypt_pwd = encrypt_pwd; - priv->encrypt_pwd_len = encrypt_pwd_len; - priv->num_sa=0; priv->tx_sa=0; - /* Add the key to be used for broadcast */ - add_aes_key(priv, priv->encrypt_pwd, priv->encrypt_pwd_len); - memcpy(priv->mac_sa[0], broadcast_mac, N2N_MAC_SIZE); - priv->sa_to_replace = priv->num_sa; + /* Setup the key to use for encryption/decryption */ + add_aes_key(priv, encrypt_pwd, encrypt_pwd_len); retval = 0; } else