enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-20 00:51:10 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

removed minor tranform version

Browse Source
This commit is contained in:
Logan007 2020-08-15 21:14:24 +05:45
parent 052127734e
commit c2cae9d02e
4 changed files with 22 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/transform_aes.c
View File

@ -25,7 +25,6 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#define N2N_AES_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_AES_IVEC_SIZE (AES_BLOCK_SIZE)
#define AES256_KEY_BYTES (256/8)
@ -33,13 +32,12 @@
#define AES128_KEY_BYTES (128/8)
/* AES plaintext preamble */
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; could range
* from 0=lowest security (constant IV) to 16=higest security
* (fully random IV); default=8 */
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE)
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_IV_SEED_SIZE)
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
@ -138,11 +136,10 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint8_t * i
/** The aes packet format consists of:
*
* - a 8-bit aes encoding version in clear text
* - a TRANSOP_AES_IV_SEED_SIZE-sized [bytes] random IV seed
* - encrypted payload.
*
* [V|II|DDDDDDDDDDDDDDDDDDDDD]
* [II|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_aes(n2n_trans_op_t * arg,
@ -165,9 +162,6 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "encode_aes %lu", in_len);
/* Encode the aes format version. */
encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
/* Generate and encode the IV seed using as many calls to n2n_rand() as neccessary.
* Note: ( N2N_AES_IV_SEED_SIZE % sizeof(rand_value) ) not neccessarily equals 0. */
uint64_t rand_value;
@ -257,18 +251,13 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
uint8_t assembly[N2N_PKT_BUF_SIZE];
if(((in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least version, iv seed */
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least iv seed */
)
{
size_t rem=in_len;
size_t idx=0;
uint8_t aes_enc_ver=0;
uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
/* Get the encoding version to make sure it is supported */
decode_uint8(&aes_enc_ver, inbuf, &rem, &idx );
if(N2N_AES_TRANSFORM_VERSION == aes_enc_ver) {
/* Get the IV seed */
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
@ -336,8 +325,6 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
traceEvent(TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE);
len = 0;
}
} else
traceEvent(TRACE_ERROR, "decode_aes unsupported aes version %u.", aes_enc_ver);
} else
traceEvent(TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len);

19
src/transform_cc20.c
View File

@ -24,14 +24,12 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#define N2N_CC20_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_CC20_IVEC_SIZE 16
#define CC20_KEY_BYTES (256/8)
/* ChaCha20 plaintext preamble */
#define TRANSOP_CC20_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_CC20_PREAMBLE_SIZE (TRANSOP_CC20_VER_SIZE + N2N_CC20_IVEC_SIZE)
#define TRANSOP_CC20_PREAMBLE_SIZE (N2N_CC20_IVEC_SIZE)
typedef unsigned char n2n_cc20_ivec_t[N2N_CC20_IVEC_SIZE];
@ -89,11 +87,10 @@ static void set_cc20_iv(transop_cc20_t *priv, n2n_cc20_ivec_t ivec) {
/** The ChaCha20 packet format consists of:
*
* - a 8-bit cc20 encoding version in clear text
* - a 128-bit random IV
* - encrypted payload.
*
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_cc20(n2n_trans_op_t * arg,
@ -113,9 +110,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "encode_cc20 %lu bytes", in_len);
/* Encode the ChaCha20 format version. */
encode_uint8(outbuf, &idx, N2N_CC20_TRANSFORM_VERSION);
/* Generate and encode the IV. */
set_cc20_iv(priv, enc_ivec);
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
@ -177,18 +171,13 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
uint8_t assembly[N2N_PKT_BUF_SIZE];
if(((in_len - TRANSOP_CC20_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least version, iv */
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least iv */
)
{
size_t rem=in_len;
size_t idx=0;
uint8_t cc20_enc_ver=0;
n2n_cc20_ivec_t dec_ivec = {0};
/* Get the encoding version to make sure it is supported */
decode_uint8(&cc20_enc_ver, inbuf, &rem, &idx );
if(N2N_CC20_TRANSFORM_VERSION == cc20_enc_ver) {
traceEvent(TRACE_DEBUG, "decode_cc20 %lu bytes", in_len);
len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE);
@ -221,8 +210,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
EVP_CIPHER_CTX_reset(ctx);
memcpy(outbuf, assembly, len);
} else
traceEvent(TRACE_ERROR, "decode_cc20 unsupported ChaCha20 version %u.", cc20_enc_ver);
} else
traceEvent(TRACE_ERROR, "decode_cc20 inbuf wrong size (%ul) to decrypt.", in_len);

20
src/transform_speck.c
View File

@ -18,14 +18,12 @@
#include "n2n.h"
#define N2N_SPECK_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_SPECK_IVEC_SIZE 16
#define SPECK_KEY_BYTES (256/8)
/* Speck plaintext preamble */
#define TRANSOP_SPECK_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_SPECK_PREAMBLE_SIZE (TRANSOP_SPECK_VER_SIZE + N2N_SPECK_IVEC_SIZE)
#define TRANSOP_SPECK_PREAMBLE_SIZE (N2N_SPECK_IVEC_SIZE)
typedef unsigned char n2n_speck_ivec_t[N2N_SPECK_IVEC_SIZE];
@ -64,11 +62,10 @@ static void set_speck_iv(transop_speck_t *priv, n2n_speck_ivec_t ivec) {
/** The Speck packet format consists of:
*
* - a 8-bit speck encoding version in clear text
* - a 128-bit random IV
* - encrypted payload.
*
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_speck(n2n_trans_op_t * arg,
@ -87,9 +84,6 @@ static int transop_encode_speck(n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "encode_speck %lu bytes", in_len);
/* Encode the Speck format version. */
encode_uint8(outbuf, &idx, N2N_SPECK_TRANSFORM_VERSION);
/* Generate and encode the IV. */
set_speck_iv(priv, enc_ivec);
encode_buf(outbuf, &idx, &enc_ivec, N2N_SPECK_IVEC_SIZE);
@ -129,18 +123,13 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
transop_speck_t * priv = (transop_speck_t *)arg->priv;
if(((in_len - TRANSOP_SPECK_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in buffer */
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least version, iv */
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least iv */
)
{
size_t rem=in_len;
size_t idx=0;
uint8_t speck_enc_ver=0;
n2n_speck_ivec_t dec_ivec = {0};
/* Get the encoding version to make sure it is supported */
decode_uint8(&speck_enc_ver, inbuf, &rem, &idx );
if(N2N_SPECK_TRANSFORM_VERSION == speck_enc_ver) {
traceEvent(TRACE_DEBUG, "decode_speck %lu bytes", in_len);
len = (in_len - TRANSOP_SPECK_PREAMBLE_SIZE);
@ -155,8 +144,6 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
#endif
traceEvent(TRACE_DEBUG, "decode_speck: decrypted %u bytes.\n", len);
} else
traceEvent(TRACE_ERROR, "decode_speck unsupported Speck version %u.", speck_enc_ver);
} else
traceEvent(TRACE_ERROR, "decode_speck inbuf wrong size (%ul) to decrypt.", in_len);
@ -215,4 +202,3 @@ int n2n_transop_speck_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
/* Setup the cipher and key */
return(setup_speck_key(priv, encrypt_key, encrypt_key_len));
}

59
src/transform_tf.c
View File

@ -18,9 +18,6 @@
#include "n2n.h"
#define N2N_TWOFISH_NUM_SA 32 /* space for SAa */
#define N2N_TWOFISH_TRANSFORM_VERSION 1 /* version of the transform encoding */
typedef struct transop_tf {
TWOFISH* enc_tf; /* tx state */
@ -39,17 +36,13 @@ static int transop_deinit_twofish( n2n_trans_op_t * arg ) {
return 0;
}
#define TRANSOP_TF_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_TF_NONCE_SIZE 4
#define TRANSOP_TF_SA_SIZE 4
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* [nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_encode_twofish( n2n_trans_op_t * arg,
@ -66,19 +59,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
{
if ( (in_len + TRANSOP_TF_NONCE_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_VER_SIZE) <= out_len )
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= out_len )
{
size_t idx=0;
uint32_t sa_id=0; // Not used
traceEvent(TRACE_DEBUG, "encode_twofish %lu", in_len);
/* Encode the twofish format version. */
encode_uint8( outbuf, &idx, N2N_TWOFISH_TRANSFORM_VERSION );
/* Encode the security association (SA) number */
encode_uint32( outbuf, &idx, sa_id );
/* The assembly buffer is a source for encrypting data. The nonce is
* written in first followed by the packet payload. The whole
* contents of assembly are encrypted. */
@ -88,14 +72,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
/* Encrypt the assembly contents and write the ciphertext after the SA. */
len = TwoFishEncryptRaw( assembly, /* source */
outbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE,
outbuf,
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
priv->enc_tf);
if ( len > 0 )
{
len += TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE; /* size of data carried in UDP. */
}
else
if ( len <= 0 )
{
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
}
@ -114,15 +94,7 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
return len;
}
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_decode_twofish( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
@ -134,26 +106,15 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
transop_tf_t * priv = (transop_tf_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE];
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) /* Has at least version, SA and nonce */
if ( ( in_len <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= TRANSOP_TF_NONCE_SIZE ) /* Has at least nonce */
) {
size_t rem=in_len;
size_t idx=0;
uint8_t tf_enc_ver=0;
uint32_t sa_rx=0; // Not used
/* Get the encoding version to make sure it is supported */
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
if ( N2N_TWOFISH_TRANSFORM_VERSION == tf_enc_ver ) {
/* Get the SA number and make sure we are decrypting with the right one. */
decode_uint32( &sa_rx, inbuf, &rem, &idx );
traceEvent(TRACE_DEBUG, "decode_twofish %lu", in_len);
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
len = TwoFishDecryptRaw( (void *)inbuf,
assembly, /* destination */
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
in_len,
priv->dec_tf);
if(len > 0) {
@ -165,8 +126,6 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
len );
} else
traceEvent(TRACE_ERROR, "decode_twofish decryption failed");
} else
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
} else
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );