From 7c2648c1e2f9cd9cba5c72afc88a826703c5dee6 Mon Sep 17 00:00:00 2001
From: Logan007 <you@example.com>
Date: Tue, 12 May 2020 16:49:07 +0545
Subject: [PATCH] added cli option for ChaCha20 (-A4)

---
 edge.c       | 63 +++++++++++++++++++++++++++++++++++++++++++---------
 edge_utils.c |  2 +-
 n2n.h        |  1 +
 3 files changed, 54 insertions(+), 12 deletions(-)

diff --git a/edge.c b/edge.c
index 5b470c4..16f2174 100644
--- a/edge.c
+++ b/edge.c
@@ -143,7 +143,7 @@ static void help() {
 #ifndef __APPLE__
 	 "[-D] "
 #endif
-	 "[-r] [-E] [-v] [-i <reg_interval>] [-L <reg_ttl>] [-t <mgmt port>] [-A] [-h]\n\n");
+	 "[-r] [-E] [-v] [-i <reg_interval>] [-L <reg_ttl>] [-t <mgmt port>] [-A[<cipher>]] [-h]\n\n");
 
 #if defined(N2N_CAN_NAME_IFACE)
   printf("-d <tun device>          | tun device name\n");
@@ -172,8 +172,13 @@ static void help() {
          "                         | causes connections stall when not properly supported.\n");
 #endif
   printf("-r                       | Enable packet forwarding through n2n community.\n");
+  printf("-A1                      | Disable payload encryption. Do not use with -k.\n");
+  printf("-A2                      | Use Twofish  for payload encryption (default). Requires a key.\n");
 #ifdef N2N_HAVE_AES
-  printf("-A                       | Use AES CBC for encryption (default=use twofish).\n");
+  printf("-A3 or -A (deprecated)   | Use AES-CBC  for payload encryption. Requires a key.\n");
+#endif
+#ifdef HAVE_OPENSSL_1_1
+  printf("-A4                      | Use ChaCha20 for payload encryption. Requires a key.\n");
 #endif
   printf("-E                       | Accept multicast MAC addresses (default=drop).\n");
   printf("-S                       | Do not connect P2P. Always use the supernode.\n");
@@ -271,7 +276,6 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e
       if(conf->encrypt_key) free(conf->encrypt_key);
       if(conf->transop_id == N2N_TRANSFORM_ID_NULL)
         conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
-
       conf->encrypt_key = strdup(optargument);
       traceEvent(TRACE_DEBUG, "encrypt_key = '%s'\n", conf->encrypt_key);
       break;
@@ -283,13 +287,52 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e
       break;
     }
 
-#ifdef N2N_HAVE_AES
   case 'A':
     {
-      conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
+      int cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only
+      if (optargument) {
+        cipher = atoi(optargument);
+      } else {
+        traceEvent(TRACE_NORMAL, "the use of the solitary -A switch is deprecated and might not be supported in future versions. "
+                                 "please use -A3 instead to choose a the AES-CBC cipher for payload encryption.");
+      }
+      /* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
+       * a switch-statement under conditional compilation is used to sort out the
+       * unsupported ciphers */
+      switch (cipher) {
+      case 1:
+	{
+	  conf->transop_id = N2N_TRANSFORM_ID_NULL;
+	  break;
+	}
+      case 2:
+	{
+	  conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
+	  break;
+	}
+#ifdef N2N_HAVE_AES
+      case 3:
+	{
+	  conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
+	  break;
+	}
+#endif
+#ifdef HAVE_OPENSSL_1_1
+      case 4:
+	{
+	  conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
+	  break;
+	}
+#endif
+      default:
+	{
+ 	  conf->transop_id = N2N_TRANSFORM_ID_INVAL;
+          traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
+	  exit(1);
+	}
+      }
       break;
     }
-#endif
 
   case 'l': /* supernode-list */
     if(optargument) {
@@ -398,10 +441,7 @@ static int loadFromCLI(int argc, char *argv[], n2n_edge_conf_t *conf, n2n_priv_c
   u_char c;
 
   while((c = getopt_long(argc, argv,
-			 "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:"
-#ifdef N2N_HAVE_AES
-			 "A"
-#endif
+			 "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:A::"
 #ifdef __linux__
 			 "T:"
 #endif
@@ -682,7 +722,8 @@ int main(int argc, char* argv[]) {
 #if defined(HAVE_OPENSSL_1_1)
   traceEvent(TRACE_NORMAL, "Using %s", OpenSSL_version(0));
 #endif
-  
+  traceEvent(TRACE_NORMAL, "Using %s cipher.", transop_str(conf.transop_id));
+
   /* Random seed */
   srand(time(NULL));
 
diff --git a/edge_utils.c b/edge_utils.c
index 9376503..454c30e 100644
--- a/edge_utils.c
+++ b/edge_utils.c
@@ -133,7 +133,7 @@ struct n2n_edge {
 
 /* ************************************** */
 
-static const char* transop_str(enum n2n_transform tr) {
+const char* transop_str(enum n2n_transform tr) {
   switch(tr) {
   case N2N_TRANSFORM_ID_NULL:    return("null");
   case N2N_TRANSFORM_ID_TWOFISH: return("twofish");
diff --git a/n2n.h b/n2n.h
index 5c23480..c41098b 100644
--- a/n2n.h
+++ b/n2n.h
@@ -354,5 +354,6 @@ int quick_edge_init(char *device_name, char *community_name,
 int sn_init(n2n_sn_t *sss);
 void sn_term(n2n_sn_t *sss);
 int run_sn_loop(n2n_sn_t *sss, int *keep_running);
+const char* transop_str(enum n2n_transform tr);
 
 #endif /* _N2N_H_ */