Compilation fixes

2024-09-19 00:21:11 +02:00 · 2020-06-07 10:00:18 +02:00 · 2020-06-07 10:00:18 +02:00 · b8fcf09177
commit b8fcf09177
parent 597c5be4b0
3 changed files with 50 additions and 46 deletions
--- a/README.md
+++ b/README.md
@ -109,7 +109,8 @@ When encryption is enabled, the supernode will not be able to decrypt the traffi
 two edge nodes, but it will know that edge A is talking with edge B.

 Recently AES encryption support has been implemented, which increases both security and performance,
-so it is recommended to enable it on all the edge nodes by specifying the `-A` option.
+so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible
+(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4

 A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.

--- a/edge.c
+++ b/edge.c
@ -189,12 +189,12 @@ static void help() {
 #endif
  printf("-r                       | Enable packet forwarding through n2n community.\n");
  printf("-A1                      | Disable payload encryption. Do not use with -k.\n");
-  printf("-A2                      | Use Twofish  for payload encryption (default). Requires a key.\n");
+  printf("-A2                      | Use Twofish  for payload encryption (default). Requires a key (-k).\n");
 #ifdef N2N_HAVE_AES
-  printf("-A3 or -A (deprecated)   | Use AES-CBC  for payload encryption. Requires a key.\n");
+  printf("-A3 or -A (deprecated)   | Use AES-CBC  for payload encryption. Requires a key (-k).\n");
 #endif
 #ifdef HAVE_OPENSSL_1_1
-  printf("-A4                      | Use ChaCha20 for payload encryption. Requires a key.\n");
+  printf("-A4                      | Use ChaCha20 for payload encryption. Requires a key (-k).\n");
 #endif
  printf("-z                       | Enable lzo1x compression for outgoing data packets\n");
  printf("                         | (default=disabled).\n");
@ -220,6 +220,46 @@ static void help() {

 /* *************************************************** */

+static void setPayloadEncryption( n2n_edge_conf_t *conf, int cipher) {
+  /* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
+   * a switch-statement under conditional compilation is used to sort out the
+   * unsupported ciphers */
+  switch (cipher) {
+  case 1:
+    {
+      conf->transop_id = N2N_TRANSFORM_ID_NULL;
+      break;
+    }
+  case 2:
+    {
+      conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
+      break;
+    }
+#ifdef N2N_HAVE_AES
+  case 3:
+    {
+      conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
+      break;
+    }
+#endif
+#ifdef HAVE_OPENSSL_1_1
+  case 4:
+    {
+      conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
+      break;
+    }
+#endif
+  default:
+    {
+      conf->transop_id = N2N_TRANSFORM_ID_INVAL;
+      traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
+      exit(1);
+    }
+  }
+}
+
+/* *************************************************** */
+
 static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_edge_conf_t *conf) {
  /* traceEvent(TRACE_NORMAL, "Option %c = %s", optkey, optargument ? optargument : ""); */

@ -308,48 +348,17 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e

  case 'A':
    {
-      int cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only
+      int cipher;
+
      if (optargument) {
        cipher = atoi(optargument);
      } else {
        traceEvent(TRACE_NORMAL, "the use of the solitary -A switch is deprecated and might not be supported in future versions. "
                                 "please use -A3 instead to choose a the AES-CBC cipher for payload encryption.");
+	cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only   
      }
-      /* even though 'cipher' and 'conf->transop_id' share the same encoding scheme,
-       * a switch-statement under conditional compilation is used to sort out the
-       * unsupported ciphers */
-      switch (cipher) {
-      case 1:
-	{
-	  conf->transop_id = N2N_TRANSFORM_ID_NULL;
-	  break;
-	}
-      case 2:
-	{
-	  conf->transop_id = N2N_TRANSFORM_ID_TWOFISH;
-	  break;
-	}
-#ifdef N2N_HAVE_AES
-      case 3:
-	{
-	  conf->transop_id = N2N_TRANSFORM_ID_AESCBC;
-	  break;
-	}
-#endif
-#ifdef HAVE_OPENSSL_1_1
-      case 4:
-	{
-	  conf->transop_id = N2N_TRANSFORM_ID_CHACHA20;
-	  break;
-	}
-#endif
-      default:
-	{
- 	  conf->transop_id = N2N_TRANSFORM_ID_INVAL;
-          traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher));
-	  exit(1);
-	}
-      }
+
+      setPayloadEncryption(conf, cipher);
      break;
    }

--- a/transform_cc20.c
+++ b/transform_cc20.c
@ -120,9 +120,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
      /* Generate and encode the IV. */
      set_cc20_iv(priv, enc_ivec);
      encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
-      traceEvent(TRACE_DEBUG, "encode_cc20 iv=%016llx:%016llx",
-                               htobe64(*(uint64_t*)&enc_ivec[0]),
-                               htobe64(*(uint64_t*)&enc_ivec[8]) );

      /* Encrypt the assembly contents and write the ciphertext after the iv. */
      /* len is set to the length of the cipher plain text to be encrpyted
@ -198,9 +195,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,

      /* Get the IV */
      decode_buf((uint8_t *)&dec_ivec, N2N_CC20_IVEC_SIZE, inbuf, &rem, &idx);
-      traceEvent(TRACE_DEBUG, "decode_cc20 iv=%016llx:%016llx",
-                               htobe64(*(uint64_t*)&dec_ivec[0]),
-                               htobe64(*(uint64_t*)&dec_ivec[8]) );

      EVP_CIPHER_CTX *ctx = priv->dec_ctx;
      int evp_len;