mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
readability code clean-up (#550)
* readability code clean-up * readability code clean-up
This commit is contained in:
parent
de92fab878
commit
71065278fa
|
@ -18,15 +18,13 @@
|
|||
|
||||
|
||||
uint32_t packet_header_decrypt (uint8_t packet[], uint16_t packet_len,
|
||||
char * community_name, he_context_t * ctx,
|
||||
he_context_t * ctx_iv,
|
||||
uint64_t * stamp, uint16_t * checksum);
|
||||
char *community_name, he_context_t *ctx,
|
||||
he_context_t *ctx_iv,
|
||||
uint64_t *stamp, uint16_t *checksum);
|
||||
|
||||
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
|
||||
he_context_t * ctx_iv,
|
||||
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t *ctx,
|
||||
he_context_t *ctx_iv,
|
||||
uint64_t stamp, uint16_t checksum);
|
||||
|
||||
|
||||
void packet_header_setup_key (const char * community_name, he_context_t ** ctx,
|
||||
he_context_t ** ctx_iv);
|
||||
|
||||
void packet_header_setup_key (const char *community_name, he_context_t **ctx,
|
||||
he_context_t **ctx_iv);
|
||||
|
|
|
@ -19,97 +19,98 @@
|
|||
|
||||
#include "n2n.h"
|
||||
|
||||
|
||||
#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)
|
||||
|
||||
/* ********************************************************************** */
|
||||
|
||||
uint32_t packet_header_decrypt (uint8_t packet[], uint16_t packet_len,
|
||||
char * community_name, he_context_t * ctx,
|
||||
he_context_t * ctx_iv, uint64_t * stamp, uint16_t * checksum) {
|
||||
char *community_name, he_context_t *ctx,
|
||||
he_context_t *ctx_iv, uint64_t *stamp, uint16_t *checksum) {
|
||||
|
||||
// assemble IV
|
||||
// the last four are ASCII "n2n!" and do not get overwritten
|
||||
uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 };
|
||||
// the first 96 bits of the packet get padded with ASCII "n2n!"
|
||||
// to full 128 bit IV
|
||||
memcpy (iv, packet, 12);
|
||||
// assemble IV
|
||||
// the last four are ASCII "n2n!" and do not get overwritten
|
||||
uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 };
|
||||
// the first 96 bits of the packet get padded with ASCII "n2n!"
|
||||
// to full 128 bit IV
|
||||
memcpy(iv, packet, 12);
|
||||
|
||||
// try community name as possible key and check for magic bytes
|
||||
uint32_t magic = 0x6E326E00; // ="n2n_"
|
||||
uint32_t test_magic;
|
||||
// check for magic bytes and reasonable value in header len field
|
||||
// so, as a first step, decrypt 4 bytes only starting at byte 12
|
||||
speck_he((uint8_t*)&test_magic, &packet[12], 4, iv, (speck_context_t*)ctx);
|
||||
test_magic = be32toh(test_magic);
|
||||
if((((test_magic >> 8) << 8) == magic) /* check the thre uppermost bytes */
|
||||
&& (((uint8_t)test_magic) <= packet_len)) { /* lowest 8 bit of test_magic are header_len */
|
||||
// decrypt the complete header
|
||||
speck_he(&packet[12], &packet[12], (uint8_t)(test_magic) - 12, iv, (speck_context_t*)ctx);
|
||||
|
||||
// try community name as possible key and check for magic bytes
|
||||
uint32_t magic = 0x6E326E00; // ="n2n_"
|
||||
uint32_t test_magic;
|
||||
// check for magic bytes and reasonable value in header len field
|
||||
// so, as a first step, decrypt 4 bytes only starting at byte 12
|
||||
speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, (speck_context_t*)ctx);
|
||||
test_magic = be32toh (test_magic);
|
||||
if( (((test_magic >> 8) << 8) == magic) // check the thre uppermost bytes
|
||||
&& (((uint8_t)test_magic) <= packet_len) // lowest 8 bit of test_magic are header_len
|
||||
) {
|
||||
// decrypt the complete header
|
||||
speck_he (&packet[12], &packet[12], (uint8_t)(test_magic) - 12, iv, (speck_context_t*)ctx);
|
||||
// extract time stamp (first 64 bit) and checksum (last 16 bit) blended in IV
|
||||
speck_he_iv_decrypt(iv, (speck_context_t*)ctx_iv);
|
||||
*checksum = be16toh(((uint16_t*)iv)[5]);
|
||||
*stamp = be64toh(((uint64_t*)iv)[0]);
|
||||
|
||||
// extract time stamp (first 64 bit) and checksum (last 16 bit) blended in IV
|
||||
speck_he_iv_decrypt (iv, (speck_context_t*)ctx_iv);
|
||||
*checksum = be16toh (((uint16_t*)iv)[5]);
|
||||
*stamp = be64toh (((uint64_t*)iv)[0]);
|
||||
// restore original packet order
|
||||
memcpy(&packet[0], &packet[16], 4);
|
||||
memcpy(&packet[4], community_name, N2N_COMMUNITY_SIZE);
|
||||
|
||||
// restore original packet order
|
||||
memcpy (&packet[0], &packet[16], 4);
|
||||
memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE);
|
||||
// successful
|
||||
return 1;
|
||||
} else {
|
||||
|
||||
return (1); // successful
|
||||
} else {
|
||||
return (0); // unsuccessful
|
||||
}
|
||||
// unsuccessful
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* ********************************************************************** */
|
||||
|
||||
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
|
||||
he_context_t * ctx_iv, uint64_t stamp, uint16_t checksum) {
|
||||
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t *ctx,
|
||||
he_context_t *ctx_iv, uint64_t stamp, uint16_t checksum) {
|
||||
|
||||
uint8_t iv[16];
|
||||
uint16_t *iv16 = (uint16_t*)&iv;
|
||||
uint32_t *iv32 = (uint32_t*)&iv;
|
||||
uint64_t *iv64 = (uint64_t*)&iv;
|
||||
const uint32_t magic = 0x6E326E21; // = ASCII "n2n!"
|
||||
uint8_t iv[16];
|
||||
uint16_t *iv16 = (uint16_t*)&iv;
|
||||
uint32_t *iv32 = (uint32_t*)&iv;
|
||||
uint64_t *iv64 = (uint64_t*)&iv;
|
||||
const uint32_t magic = 0x6E326E21; /* == ASCII "n2n!" */
|
||||
|
||||
if(header_len < 20) {
|
||||
traceEvent(TRACE_DEBUG, "packet_header_encrypt dropped a packet too short to be valid.");
|
||||
return (-1);
|
||||
}
|
||||
if(header_len < 20) {
|
||||
traceEvent(TRACE_DEBUG, "packet_header_encrypt dropped a packet too short to be valid.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
memcpy (&packet[16], &packet[00], 4);
|
||||
memcpy(&packet[16], &packet[00], 4);
|
||||
|
||||
iv64[0] = htobe64 (stamp);
|
||||
iv16[4] = n2n_rand ();
|
||||
iv16[5] = htobe16 (checksum);
|
||||
iv32[3] = htobe32 (magic);
|
||||
// blend checksum into 96-bit IV
|
||||
speck_he_iv_encrypt (iv, (speck_context_t*)ctx_iv);
|
||||
iv64[0] = htobe64(stamp);
|
||||
iv16[4] = n2n_rand();
|
||||
iv16[5] = htobe16(checksum);
|
||||
iv32[3] = htobe32(magic);
|
||||
|
||||
memcpy (packet, iv, 16);
|
||||
packet[15] = header_len;
|
||||
// blend checksum into 96-bit IV
|
||||
speck_he_iv_encrypt(iv, (speck_context_t*)ctx_iv);
|
||||
|
||||
speck_he (&packet[12], &packet[12], header_len - 12, iv, (speck_context_t*)ctx);
|
||||
return (0);
|
||||
memcpy(packet, iv, 16);
|
||||
packet[15] = header_len;
|
||||
|
||||
speck_he(&packet[12], &packet[12], header_len - 12, iv, (speck_context_t*)ctx);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* ********************************************************************** */
|
||||
|
||||
void packet_header_setup_key (const char * community_name, he_context_t ** ctx,
|
||||
he_context_t ** ctx_iv) {
|
||||
void packet_header_setup_key (const char *community_name, he_context_t **ctx,
|
||||
he_context_t **ctx_iv) {
|
||||
|
||||
uint8_t key[16];
|
||||
pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);
|
||||
uint8_t key[16];
|
||||
pearson_hash_128(key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);
|
||||
|
||||
*ctx = (he_context_t*)calloc(1, sizeof (speck_context_t));
|
||||
speck_expand_key_he (key, (speck_context_t*)*ctx);
|
||||
*ctx = (he_context_t*)calloc(1, sizeof (speck_context_t));
|
||||
speck_expand_key_he(key, (speck_context_t*)*ctx);
|
||||
|
||||
// hash again and use last 96 bit (skipping 4 bytes) as key for IV encryption
|
||||
// REMOVE as soon as checksum and replay protection get their own fields
|
||||
pearson_hash_128 (key, key, sizeof (key));
|
||||
*ctx_iv = (he_context_t*)calloc(1, sizeof (speck_context_t));
|
||||
speck_expand_key_he_iv (&key[4], (speck_context_t*)*ctx_iv);
|
||||
// hash again and use last 96 bit (skipping 4 bytes) as key for IV encryption
|
||||
// REMOVE as soon as checksum and replay protection get their own fields
|
||||
pearson_hash_128(key, key, sizeof (key));
|
||||
*ctx_iv = (he_context_t*)calloc(1, sizeof (speck_context_t));
|
||||
speck_expand_key_he_iv(&key[4], (speck_context_t*)*ctx_iv);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user