mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
removed minor tranform version
This commit is contained in:
parent
052127734e
commit
c2cae9d02e
|
@ -25,7 +25,6 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
#define N2N_AES_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
|
||||||
#define N2N_AES_IVEC_SIZE (AES_BLOCK_SIZE)
|
#define N2N_AES_IVEC_SIZE (AES_BLOCK_SIZE)
|
||||||
|
|
||||||
#define AES256_KEY_BYTES (256/8)
|
#define AES256_KEY_BYTES (256/8)
|
||||||
|
@ -33,13 +32,12 @@
|
||||||
#define AES128_KEY_BYTES (128/8)
|
#define AES128_KEY_BYTES (128/8)
|
||||||
|
|
||||||
/* AES plaintext preamble */
|
/* AES plaintext preamble */
|
||||||
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
|
||||||
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; could range
|
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; could range
|
||||||
* from 0=lowest security (constant IV) to 16=higest security
|
* from 0=lowest security (constant IV) to 16=higest security
|
||||||
* (fully random IV); default=8 */
|
* (fully random IV); default=8 */
|
||||||
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
|
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
|
||||||
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
|
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
|
||||||
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE)
|
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_IV_SEED_SIZE)
|
||||||
|
|
||||||
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
|
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
|
||||||
|
|
||||||
|
@ -138,11 +136,10 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint8_t * i
|
||||||
|
|
||||||
/** The aes packet format consists of:
|
/** The aes packet format consists of:
|
||||||
*
|
*
|
||||||
* - a 8-bit aes encoding version in clear text
|
|
||||||
* - a TRANSOP_AES_IV_SEED_SIZE-sized [bytes] random IV seed
|
* - a TRANSOP_AES_IV_SEED_SIZE-sized [bytes] random IV seed
|
||||||
* - encrypted payload.
|
* - encrypted payload.
|
||||||
*
|
*
|
||||||
* [V|II|DDDDDDDDDDDDDDDDDDDDD]
|
* [II|DDDDDDDDDDDDDDDDDDDDD]
|
||||||
* |<---- encrypted ---->|
|
* |<---- encrypted ---->|
|
||||||
*/
|
*/
|
||||||
static int transop_encode_aes(n2n_trans_op_t * arg,
|
static int transop_encode_aes(n2n_trans_op_t * arg,
|
||||||
|
@ -165,9 +162,6 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
|
||||||
|
|
||||||
traceEvent(TRACE_DEBUG, "encode_aes %lu", in_len);
|
traceEvent(TRACE_DEBUG, "encode_aes %lu", in_len);
|
||||||
|
|
||||||
/* Encode the aes format version. */
|
|
||||||
encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
|
|
||||||
|
|
||||||
/* Generate and encode the IV seed using as many calls to n2n_rand() as neccessary.
|
/* Generate and encode the IV seed using as many calls to n2n_rand() as neccessary.
|
||||||
* Note: ( N2N_AES_IV_SEED_SIZE % sizeof(rand_value) ) not neccessarily equals 0. */
|
* Note: ( N2N_AES_IV_SEED_SIZE % sizeof(rand_value) ) not neccessarily equals 0. */
|
||||||
uint64_t rand_value;
|
uint64_t rand_value;
|
||||||
|
@ -257,18 +251,13 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
|
||||||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
|
||||||
if(((in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
if(((in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
||||||
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least version, iv seed */
|
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least iv seed */
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
size_t rem=in_len;
|
size_t rem=in_len;
|
||||||
size_t idx=0;
|
size_t idx=0;
|
||||||
uint8_t aes_enc_ver=0;
|
|
||||||
uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
|
uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
|
||||||
|
|
||||||
/* Get the encoding version to make sure it is supported */
|
|
||||||
decode_uint8(&aes_enc_ver, inbuf, &rem, &idx );
|
|
||||||
|
|
||||||
if(N2N_AES_TRANSFORM_VERSION == aes_enc_ver) {
|
|
||||||
/* Get the IV seed */
|
/* Get the IV seed */
|
||||||
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
|
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
|
||||||
|
|
||||||
|
@ -336,8 +325,6 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
|
||||||
traceEvent(TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE);
|
traceEvent(TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE);
|
||||||
len = 0;
|
len = 0;
|
||||||
}
|
}
|
||||||
} else
|
|
||||||
traceEvent(TRACE_ERROR, "decode_aes unsupported aes version %u.", aes_enc_ver);
|
|
||||||
} else
|
} else
|
||||||
traceEvent(TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len);
|
traceEvent(TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len);
|
||||||
|
|
||||||
|
|
|
@ -24,14 +24,12 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
#define N2N_CC20_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
|
||||||
#define N2N_CC20_IVEC_SIZE 16
|
#define N2N_CC20_IVEC_SIZE 16
|
||||||
|
|
||||||
#define CC20_KEY_BYTES (256/8)
|
#define CC20_KEY_BYTES (256/8)
|
||||||
|
|
||||||
/* ChaCha20 plaintext preamble */
|
/* ChaCha20 plaintext preamble */
|
||||||
#define TRANSOP_CC20_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
#define TRANSOP_CC20_PREAMBLE_SIZE (N2N_CC20_IVEC_SIZE)
|
||||||
#define TRANSOP_CC20_PREAMBLE_SIZE (TRANSOP_CC20_VER_SIZE + N2N_CC20_IVEC_SIZE)
|
|
||||||
|
|
||||||
typedef unsigned char n2n_cc20_ivec_t[N2N_CC20_IVEC_SIZE];
|
typedef unsigned char n2n_cc20_ivec_t[N2N_CC20_IVEC_SIZE];
|
||||||
|
|
||||||
|
@ -89,11 +87,10 @@ static void set_cc20_iv(transop_cc20_t *priv, n2n_cc20_ivec_t ivec) {
|
||||||
|
|
||||||
/** The ChaCha20 packet format consists of:
|
/** The ChaCha20 packet format consists of:
|
||||||
*
|
*
|
||||||
* - a 8-bit cc20 encoding version in clear text
|
|
||||||
* - a 128-bit random IV
|
* - a 128-bit random IV
|
||||||
* - encrypted payload.
|
* - encrypted payload.
|
||||||
*
|
*
|
||||||
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
|
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
|
||||||
* |<---- encrypted ---->|
|
* |<---- encrypted ---->|
|
||||||
*/
|
*/
|
||||||
static int transop_encode_cc20(n2n_trans_op_t * arg,
|
static int transop_encode_cc20(n2n_trans_op_t * arg,
|
||||||
|
@ -113,9 +110,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
|
||||||
|
|
||||||
traceEvent(TRACE_DEBUG, "encode_cc20 %lu bytes", in_len);
|
traceEvent(TRACE_DEBUG, "encode_cc20 %lu bytes", in_len);
|
||||||
|
|
||||||
/* Encode the ChaCha20 format version. */
|
|
||||||
encode_uint8(outbuf, &idx, N2N_CC20_TRANSFORM_VERSION);
|
|
||||||
|
|
||||||
/* Generate and encode the IV. */
|
/* Generate and encode the IV. */
|
||||||
set_cc20_iv(priv, enc_ivec);
|
set_cc20_iv(priv, enc_ivec);
|
||||||
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
|
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
|
||||||
|
@ -177,18 +171,13 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
|
||||||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
|
||||||
if(((in_len - TRANSOP_CC20_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
if(((in_len - TRANSOP_CC20_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
||||||
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least version, iv */
|
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least iv */
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
size_t rem=in_len;
|
size_t rem=in_len;
|
||||||
size_t idx=0;
|
size_t idx=0;
|
||||||
uint8_t cc20_enc_ver=0;
|
|
||||||
n2n_cc20_ivec_t dec_ivec = {0};
|
n2n_cc20_ivec_t dec_ivec = {0};
|
||||||
|
|
||||||
/* Get the encoding version to make sure it is supported */
|
|
||||||
decode_uint8(&cc20_enc_ver, inbuf, &rem, &idx );
|
|
||||||
|
|
||||||
if(N2N_CC20_TRANSFORM_VERSION == cc20_enc_ver) {
|
|
||||||
traceEvent(TRACE_DEBUG, "decode_cc20 %lu bytes", in_len);
|
traceEvent(TRACE_DEBUG, "decode_cc20 %lu bytes", in_len);
|
||||||
len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE);
|
len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE);
|
||||||
|
|
||||||
|
@ -221,8 +210,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
|
||||||
EVP_CIPHER_CTX_reset(ctx);
|
EVP_CIPHER_CTX_reset(ctx);
|
||||||
|
|
||||||
memcpy(outbuf, assembly, len);
|
memcpy(outbuf, assembly, len);
|
||||||
} else
|
|
||||||
traceEvent(TRACE_ERROR, "decode_cc20 unsupported ChaCha20 version %u.", cc20_enc_ver);
|
|
||||||
} else
|
} else
|
||||||
traceEvent(TRACE_ERROR, "decode_cc20 inbuf wrong size (%ul) to decrypt.", in_len);
|
traceEvent(TRACE_ERROR, "decode_cc20 inbuf wrong size (%ul) to decrypt.", in_len);
|
||||||
|
|
||||||
|
|
|
@ -18,14 +18,12 @@
|
||||||
|
|
||||||
#include "n2n.h"
|
#include "n2n.h"
|
||||||
|
|
||||||
#define N2N_SPECK_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
|
||||||
#define N2N_SPECK_IVEC_SIZE 16
|
#define N2N_SPECK_IVEC_SIZE 16
|
||||||
|
|
||||||
#define SPECK_KEY_BYTES (256/8)
|
#define SPECK_KEY_BYTES (256/8)
|
||||||
|
|
||||||
/* Speck plaintext preamble */
|
/* Speck plaintext preamble */
|
||||||
#define TRANSOP_SPECK_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
#define TRANSOP_SPECK_PREAMBLE_SIZE (N2N_SPECK_IVEC_SIZE)
|
||||||
#define TRANSOP_SPECK_PREAMBLE_SIZE (TRANSOP_SPECK_VER_SIZE + N2N_SPECK_IVEC_SIZE)
|
|
||||||
|
|
||||||
typedef unsigned char n2n_speck_ivec_t[N2N_SPECK_IVEC_SIZE];
|
typedef unsigned char n2n_speck_ivec_t[N2N_SPECK_IVEC_SIZE];
|
||||||
|
|
||||||
|
@ -64,11 +62,10 @@ static void set_speck_iv(transop_speck_t *priv, n2n_speck_ivec_t ivec) {
|
||||||
|
|
||||||
/** The Speck packet format consists of:
|
/** The Speck packet format consists of:
|
||||||
*
|
*
|
||||||
* - a 8-bit speck encoding version in clear text
|
|
||||||
* - a 128-bit random IV
|
* - a 128-bit random IV
|
||||||
* - encrypted payload.
|
* - encrypted payload.
|
||||||
*
|
*
|
||||||
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
|
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
|
||||||
* |<---- encrypted ---->|
|
* |<---- encrypted ---->|
|
||||||
*/
|
*/
|
||||||
static int transop_encode_speck(n2n_trans_op_t * arg,
|
static int transop_encode_speck(n2n_trans_op_t * arg,
|
||||||
|
@ -87,9 +84,6 @@ static int transop_encode_speck(n2n_trans_op_t * arg,
|
||||||
|
|
||||||
traceEvent(TRACE_DEBUG, "encode_speck %lu bytes", in_len);
|
traceEvent(TRACE_DEBUG, "encode_speck %lu bytes", in_len);
|
||||||
|
|
||||||
/* Encode the Speck format version. */
|
|
||||||
encode_uint8(outbuf, &idx, N2N_SPECK_TRANSFORM_VERSION);
|
|
||||||
|
|
||||||
/* Generate and encode the IV. */
|
/* Generate and encode the IV. */
|
||||||
set_speck_iv(priv, enc_ivec);
|
set_speck_iv(priv, enc_ivec);
|
||||||
encode_buf(outbuf, &idx, &enc_ivec, N2N_SPECK_IVEC_SIZE);
|
encode_buf(outbuf, &idx, &enc_ivec, N2N_SPECK_IVEC_SIZE);
|
||||||
|
@ -129,18 +123,13 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
|
||||||
transop_speck_t * priv = (transop_speck_t *)arg->priv;
|
transop_speck_t * priv = (transop_speck_t *)arg->priv;
|
||||||
|
|
||||||
if(((in_len - TRANSOP_SPECK_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in buffer */
|
if(((in_len - TRANSOP_SPECK_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in buffer */
|
||||||
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least version, iv */
|
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least iv */
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
size_t rem=in_len;
|
size_t rem=in_len;
|
||||||
size_t idx=0;
|
size_t idx=0;
|
||||||
uint8_t speck_enc_ver=0;
|
|
||||||
n2n_speck_ivec_t dec_ivec = {0};
|
n2n_speck_ivec_t dec_ivec = {0};
|
||||||
|
|
||||||
/* Get the encoding version to make sure it is supported */
|
|
||||||
decode_uint8(&speck_enc_ver, inbuf, &rem, &idx );
|
|
||||||
|
|
||||||
if(N2N_SPECK_TRANSFORM_VERSION == speck_enc_ver) {
|
|
||||||
traceEvent(TRACE_DEBUG, "decode_speck %lu bytes", in_len);
|
traceEvent(TRACE_DEBUG, "decode_speck %lu bytes", in_len);
|
||||||
len = (in_len - TRANSOP_SPECK_PREAMBLE_SIZE);
|
len = (in_len - TRANSOP_SPECK_PREAMBLE_SIZE);
|
||||||
|
|
||||||
|
@ -155,8 +144,6 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
|
||||||
#endif
|
#endif
|
||||||
traceEvent(TRACE_DEBUG, "decode_speck: decrypted %u bytes.\n", len);
|
traceEvent(TRACE_DEBUG, "decode_speck: decrypted %u bytes.\n", len);
|
||||||
|
|
||||||
} else
|
|
||||||
traceEvent(TRACE_ERROR, "decode_speck unsupported Speck version %u.", speck_enc_ver);
|
|
||||||
} else
|
} else
|
||||||
traceEvent(TRACE_ERROR, "decode_speck inbuf wrong size (%ul) to decrypt.", in_len);
|
traceEvent(TRACE_ERROR, "decode_speck inbuf wrong size (%ul) to decrypt.", in_len);
|
||||||
|
|
||||||
|
@ -215,4 +202,3 @@ int n2n_transop_speck_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
|
||||||
/* Setup the cipher and key */
|
/* Setup the cipher and key */
|
||||||
return(setup_speck_key(priv, encrypt_key, encrypt_key_len));
|
return(setup_speck_key(priv, encrypt_key, encrypt_key_len));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,9 +18,6 @@
|
||||||
|
|
||||||
#include "n2n.h"
|
#include "n2n.h"
|
||||||
|
|
||||||
#define N2N_TWOFISH_NUM_SA 32 /* space for SAa */
|
|
||||||
|
|
||||||
#define N2N_TWOFISH_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
|
||||||
|
|
||||||
typedef struct transop_tf {
|
typedef struct transop_tf {
|
||||||
TWOFISH* enc_tf; /* tx state */
|
TWOFISH* enc_tf; /* tx state */
|
||||||
|
@ -39,17 +36,13 @@ static int transop_deinit_twofish( n2n_trans_op_t * arg ) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define TRANSOP_TF_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
|
||||||
#define TRANSOP_TF_NONCE_SIZE 4
|
#define TRANSOP_TF_NONCE_SIZE 4
|
||||||
#define TRANSOP_TF_SA_SIZE 4
|
|
||||||
|
|
||||||
/** The twofish packet format consists of:
|
/** The twofish packet format consists of:
|
||||||
*
|
*
|
||||||
* - a 8-bit twofish encoding version in clear text
|
|
||||||
* - a 32-bit SA number in clear text
|
|
||||||
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||||
*
|
*
|
||||||
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
* [nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||||
* |<------ encrypted ------>|
|
* |<------ encrypted ------>|
|
||||||
*/
|
*/
|
||||||
static int transop_encode_twofish( n2n_trans_op_t * arg,
|
static int transop_encode_twofish( n2n_trans_op_t * arg,
|
||||||
|
@ -66,19 +59,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
|
||||||
|
|
||||||
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
|
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
|
||||||
{
|
{
|
||||||
if ( (in_len + TRANSOP_TF_NONCE_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_VER_SIZE) <= out_len )
|
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= out_len )
|
||||||
{
|
{
|
||||||
size_t idx=0;
|
|
||||||
uint32_t sa_id=0; // Not used
|
|
||||||
|
|
||||||
traceEvent(TRACE_DEBUG, "encode_twofish %lu", in_len);
|
traceEvent(TRACE_DEBUG, "encode_twofish %lu", in_len);
|
||||||
|
|
||||||
/* Encode the twofish format version. */
|
|
||||||
encode_uint8( outbuf, &idx, N2N_TWOFISH_TRANSFORM_VERSION );
|
|
||||||
|
|
||||||
/* Encode the security association (SA) number */
|
|
||||||
encode_uint32( outbuf, &idx, sa_id );
|
|
||||||
|
|
||||||
/* The assembly buffer is a source for encrypting data. The nonce is
|
/* The assembly buffer is a source for encrypting data. The nonce is
|
||||||
* written in first followed by the packet payload. The whole
|
* written in first followed by the packet payload. The whole
|
||||||
* contents of assembly are encrypted. */
|
* contents of assembly are encrypted. */
|
||||||
|
@ -88,14 +72,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
|
||||||
|
|
||||||
/* Encrypt the assembly contents and write the ciphertext after the SA. */
|
/* Encrypt the assembly contents and write the ciphertext after the SA. */
|
||||||
len = TwoFishEncryptRaw( assembly, /* source */
|
len = TwoFishEncryptRaw( assembly, /* source */
|
||||||
outbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE,
|
outbuf,
|
||||||
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
|
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
|
||||||
priv->enc_tf);
|
priv->enc_tf);
|
||||||
if ( len > 0 )
|
if ( len <= 0 )
|
||||||
{
|
|
||||||
len += TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE; /* size of data carried in UDP. */
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
|
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
|
||||||
}
|
}
|
||||||
|
@ -114,15 +94,7 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** The twofish packet format consists of:
|
|
||||||
*
|
|
||||||
* - a 8-bit twofish encoding version in clear text
|
|
||||||
* - a 32-bit SA number in clear text
|
|
||||||
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
|
||||||
*
|
|
||||||
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
|
||||||
* |<------ encrypted ------>|
|
|
||||||
*/
|
|
||||||
static int transop_decode_twofish( n2n_trans_op_t * arg,
|
static int transop_decode_twofish( n2n_trans_op_t * arg,
|
||||||
uint8_t * outbuf,
|
uint8_t * outbuf,
|
||||||
size_t out_len,
|
size_t out_len,
|
||||||
|
@ -134,26 +106,15 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
|
||||||
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||||
|
|
||||||
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
|
if ( ( in_len <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
|
||||||
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) /* Has at least version, SA and nonce */
|
&& (in_len >= TRANSOP_TF_NONCE_SIZE ) /* Has at least nonce */
|
||||||
) {
|
) {
|
||||||
size_t rem=in_len;
|
|
||||||
size_t idx=0;
|
|
||||||
uint8_t tf_enc_ver=0;
|
|
||||||
uint32_t sa_rx=0; // Not used
|
|
||||||
|
|
||||||
/* Get the encoding version to make sure it is supported */
|
|
||||||
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
|
|
||||||
|
|
||||||
if ( N2N_TWOFISH_TRANSFORM_VERSION == tf_enc_ver ) {
|
|
||||||
/* Get the SA number and make sure we are decrypting with the right one. */
|
|
||||||
decode_uint32( &sa_rx, inbuf, &rem, &idx );
|
|
||||||
|
|
||||||
traceEvent(TRACE_DEBUG, "decode_twofish %lu", in_len);
|
traceEvent(TRACE_DEBUG, "decode_twofish %lu", in_len);
|
||||||
|
|
||||||
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
|
len = TwoFishDecryptRaw( (void *)inbuf,
|
||||||
assembly, /* destination */
|
assembly, /* destination */
|
||||||
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
|
in_len,
|
||||||
priv->dec_tf);
|
priv->dec_tf);
|
||||||
|
|
||||||
if(len > 0) {
|
if(len > 0) {
|
||||||
|
@ -165,8 +126,6 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
|
||||||
len );
|
len );
|
||||||
} else
|
} else
|
||||||
traceEvent(TRACE_ERROR, "decode_twofish decryption failed");
|
traceEvent(TRACE_ERROR, "decode_twofish decryption failed");
|
||||||
} else
|
|
||||||
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
|
|
||||||
} else
|
} else
|
||||||
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );
|
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user