enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-19 16:41:11 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

made AES new default cipher (#471)

Browse Source 
Co-authored-by: Logan007 <you@example.com>
This commit is contained in:
Logan oos Even 2020-10-19 23:30:29 +05:45 committed by GitHub
parent b858ffeb06
commit 51d55a60f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -82,8 +82,7 @@ the traffic exchanged between two edge nodes but it will know that edge A is tal
The choice of encryption schemes that can be applied to payload has recently been enhanced. Please have
a look at [Crypto description](doc/Crypto.md) for a quick comparison chart to help make a choice. n2n edge nodes use
Twofish encryption by default for compatibility reasons with existing versions. Other ciphers can be chosen
using the `-A_` option.
AES encryption by default. Other ciphers can be chosen using the `-A_` option.
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.

14
src/edge.c
View File

@ -171,11 +171,9 @@ static void help() {
" | causes connections stall when not properly supported.\n");
#endif
printf("-r | Enable packet forwarding through n2n community.\n");
printf("-A1 | Disable payload encryption. Do not use with key (defaulting to Twofish then).\n");
printf("-A2 ... -A5 or -A | Choose a cipher for payload encryption, requires a key: -A2 = Twofish (default),\n");
printf(" | -A3 or -A (deprecated) = AES, "
"-A4 = ChaCha20, "
"-A5 = Speck-CTR.\n");
printf("-A1 | Disable payload encryption. Do not use with key (defaulting to AES then).\n");
printf("-A2 ... -A5 or -A | Choose a cipher for payload encryption, requires a key: -A2 = Twofish,\n");
printf(" | -A3 or -A (deprecated) = AES (default), -A4 = ChaCha20, -A5 = Speck-CTR.\n");
printf("-H | Enable full header encryption. Requires supernode with fixed community.\n");
printf("-z1 ... -z2 or -z | Enable compression for outgoing data packets: -z1 or -z = lzo1x"
#ifdef N2N_HAVE_ZSTD
@ -828,9 +826,9 @@ int main(int argc, char* argv[]) {
if(conf.transop_id == N2N_TRANSFORM_ID_NULL) {
if(conf.encrypt_key) {
/* make sure that Twofish is default cipher if key only (and no cipher) is specified */
traceEvent(TRACE_WARNING, "Switching to Twofish as key was provided.");
conf.transop_id = N2N_TRANSFORM_ID_TWOFISH;
/* make sure that AES is default cipher if key only (and no cipher) is specified */
traceEvent(TRACE_WARNING, "Switching to AES as key was provided.");
conf.transop_id = N2N_TRANSFORM_ID_AES;
}
}

4
src/edge_utils.c
View File

@ -2618,7 +2618,7 @@ void edge_init_conf_defaults(n2n_edge_conf_t *conf) {
if (getenv("N2N_KEY")) {
conf->encrypt_key = strdup(getenv("N2N_KEY"));
conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
conf->transop_id = N2N_TRANSFORM_ID_AES;
}
}
@ -2663,7 +2663,7 @@ int quick_edge_init(char *device_name, char *community_name,
/* Setup the configuration */
edge_init_conf_defaults(&conf);
conf.encrypt_key = encrypt_key;
conf.transop_id = N2N_TRANSFORM_ID_TWOFISH;
conf.transop_id = N2N_TRANSFORM_ID_AES;
conf.compression = N2N_COMPRESSION_ID_NONE;
snprintf((char*)conf.community_name, sizeof(conf.community_name), "%s", community_name);
edge_conf_add_supernode(&conf, supernode_ip_address_port);