mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
removed minor tranform version
This commit is contained in:
parent
052127734e
commit
c2cae9d02e
|
@ -25,7 +25,6 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#define N2N_AES_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
||||
#define N2N_AES_IVEC_SIZE (AES_BLOCK_SIZE)
|
||||
|
||||
#define AES256_KEY_BYTES (256/8)
|
||||
|
@ -33,13 +32,12 @@
|
|||
#define AES128_KEY_BYTES (128/8)
|
||||
|
||||
/* AES plaintext preamble */
|
||||
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
||||
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; could range
|
||||
* from 0=lowest security (constant IV) to 16=higest security
|
||||
* (fully random IV); default=8 */
|
||||
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
|
||||
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
|
||||
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE)
|
||||
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_IV_SEED_SIZE)
|
||||
|
||||
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
|
||||
|
||||
|
@ -138,11 +136,10 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint8_t * i
|
|||
|
||||
/** The aes packet format consists of:
|
||||
*
|
||||
* - a 8-bit aes encoding version in clear text
|
||||
* - a TRANSOP_AES_IV_SEED_SIZE-sized [bytes] random IV seed
|
||||
* - encrypted payload.
|
||||
*
|
||||
* [V|II|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* [II|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* |<---- encrypted ---->|
|
||||
*/
|
||||
static int transop_encode_aes(n2n_trans_op_t * arg,
|
||||
|
@ -165,9 +162,6 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
|
|||
|
||||
traceEvent(TRACE_DEBUG, "encode_aes %lu", in_len);
|
||||
|
||||
/* Encode the aes format version. */
|
||||
encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
|
||||
|
||||
/* Generate and encode the IV seed using as many calls to n2n_rand() as neccessary.
|
||||
* Note: ( N2N_AES_IV_SEED_SIZE % sizeof(rand_value) ) not neccessarily equals 0. */
|
||||
uint64_t rand_value;
|
||||
|
@ -257,18 +251,13 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
|
|||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||
|
||||
if(((in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
||||
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least version, iv seed */
|
||||
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least iv seed */
|
||||
)
|
||||
{
|
||||
size_t rem=in_len;
|
||||
size_t idx=0;
|
||||
uint8_t aes_enc_ver=0;
|
||||
uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
|
||||
|
||||
/* Get the encoding version to make sure it is supported */
|
||||
decode_uint8(&aes_enc_ver, inbuf, &rem, &idx );
|
||||
|
||||
if(N2N_AES_TRANSFORM_VERSION == aes_enc_ver) {
|
||||
/* Get the IV seed */
|
||||
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
|
||||
|
||||
|
@ -336,8 +325,6 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
|
|||
traceEvent(TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE);
|
||||
len = 0;
|
||||
}
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_aes unsupported aes version %u.", aes_enc_ver);
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len);
|
||||
|
||||
|
|
|
@ -24,14 +24,12 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#define N2N_CC20_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
||||
#define N2N_CC20_IVEC_SIZE 16
|
||||
|
||||
#define CC20_KEY_BYTES (256/8)
|
||||
|
||||
/* ChaCha20 plaintext preamble */
|
||||
#define TRANSOP_CC20_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
||||
#define TRANSOP_CC20_PREAMBLE_SIZE (TRANSOP_CC20_VER_SIZE + N2N_CC20_IVEC_SIZE)
|
||||
#define TRANSOP_CC20_PREAMBLE_SIZE (N2N_CC20_IVEC_SIZE)
|
||||
|
||||
typedef unsigned char n2n_cc20_ivec_t[N2N_CC20_IVEC_SIZE];
|
||||
|
||||
|
@ -89,11 +87,10 @@ static void set_cc20_iv(transop_cc20_t *priv, n2n_cc20_ivec_t ivec) {
|
|||
|
||||
/** The ChaCha20 packet format consists of:
|
||||
*
|
||||
* - a 8-bit cc20 encoding version in clear text
|
||||
* - a 128-bit random IV
|
||||
* - encrypted payload.
|
||||
*
|
||||
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* |<---- encrypted ---->|
|
||||
*/
|
||||
static int transop_encode_cc20(n2n_trans_op_t * arg,
|
||||
|
@ -113,9 +110,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
|
|||
|
||||
traceEvent(TRACE_DEBUG, "encode_cc20 %lu bytes", in_len);
|
||||
|
||||
/* Encode the ChaCha20 format version. */
|
||||
encode_uint8(outbuf, &idx, N2N_CC20_TRANSFORM_VERSION);
|
||||
|
||||
/* Generate and encode the IV. */
|
||||
set_cc20_iv(priv, enc_ivec);
|
||||
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
|
||||
|
@ -177,18 +171,13 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
|
|||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||
|
||||
if(((in_len - TRANSOP_CC20_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
|
||||
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least version, iv */
|
||||
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least iv */
|
||||
)
|
||||
{
|
||||
size_t rem=in_len;
|
||||
size_t idx=0;
|
||||
uint8_t cc20_enc_ver=0;
|
||||
n2n_cc20_ivec_t dec_ivec = {0};
|
||||
|
||||
/* Get the encoding version to make sure it is supported */
|
||||
decode_uint8(&cc20_enc_ver, inbuf, &rem, &idx );
|
||||
|
||||
if(N2N_CC20_TRANSFORM_VERSION == cc20_enc_ver) {
|
||||
traceEvent(TRACE_DEBUG, "decode_cc20 %lu bytes", in_len);
|
||||
len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE);
|
||||
|
||||
|
@ -221,8 +210,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
|
|||
EVP_CIPHER_CTX_reset(ctx);
|
||||
|
||||
memcpy(outbuf, assembly, len);
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_cc20 unsupported ChaCha20 version %u.", cc20_enc_ver);
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_cc20 inbuf wrong size (%ul) to decrypt.", in_len);
|
||||
|
||||
|
|
|
@ -18,14 +18,12 @@
|
|||
|
||||
#include "n2n.h"
|
||||
|
||||
#define N2N_SPECK_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
||||
#define N2N_SPECK_IVEC_SIZE 16
|
||||
|
||||
#define SPECK_KEY_BYTES (256/8)
|
||||
|
||||
/* Speck plaintext preamble */
|
||||
#define TRANSOP_SPECK_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
||||
#define TRANSOP_SPECK_PREAMBLE_SIZE (TRANSOP_SPECK_VER_SIZE + N2N_SPECK_IVEC_SIZE)
|
||||
#define TRANSOP_SPECK_PREAMBLE_SIZE (N2N_SPECK_IVEC_SIZE)
|
||||
|
||||
typedef unsigned char n2n_speck_ivec_t[N2N_SPECK_IVEC_SIZE];
|
||||
|
||||
|
@ -64,11 +62,10 @@ static void set_speck_iv(transop_speck_t *priv, n2n_speck_ivec_t ivec) {
|
|||
|
||||
/** The Speck packet format consists of:
|
||||
*
|
||||
* - a 8-bit speck encoding version in clear text
|
||||
* - a 128-bit random IV
|
||||
* - encrypted payload.
|
||||
*
|
||||
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
|
||||
* |<---- encrypted ---->|
|
||||
*/
|
||||
static int transop_encode_speck(n2n_trans_op_t * arg,
|
||||
|
@ -87,9 +84,6 @@ static int transop_encode_speck(n2n_trans_op_t * arg,
|
|||
|
||||
traceEvent(TRACE_DEBUG, "encode_speck %lu bytes", in_len);
|
||||
|
||||
/* Encode the Speck format version. */
|
||||
encode_uint8(outbuf, &idx, N2N_SPECK_TRANSFORM_VERSION);
|
||||
|
||||
/* Generate and encode the IV. */
|
||||
set_speck_iv(priv, enc_ivec);
|
||||
encode_buf(outbuf, &idx, &enc_ivec, N2N_SPECK_IVEC_SIZE);
|
||||
|
@ -129,18 +123,13 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
|
|||
transop_speck_t * priv = (transop_speck_t *)arg->priv;
|
||||
|
||||
if(((in_len - TRANSOP_SPECK_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in buffer */
|
||||
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least version, iv */
|
||||
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least iv */
|
||||
)
|
||||
{
|
||||
size_t rem=in_len;
|
||||
size_t idx=0;
|
||||
uint8_t speck_enc_ver=0;
|
||||
n2n_speck_ivec_t dec_ivec = {0};
|
||||
|
||||
/* Get the encoding version to make sure it is supported */
|
||||
decode_uint8(&speck_enc_ver, inbuf, &rem, &idx );
|
||||
|
||||
if(N2N_SPECK_TRANSFORM_VERSION == speck_enc_ver) {
|
||||
traceEvent(TRACE_DEBUG, "decode_speck %lu bytes", in_len);
|
||||
len = (in_len - TRANSOP_SPECK_PREAMBLE_SIZE);
|
||||
|
||||
|
@ -155,8 +144,6 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
|
|||
#endif
|
||||
traceEvent(TRACE_DEBUG, "decode_speck: decrypted %u bytes.\n", len);
|
||||
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_speck unsupported Speck version %u.", speck_enc_ver);
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_speck inbuf wrong size (%ul) to decrypt.", in_len);
|
||||
|
||||
|
@ -215,4 +202,3 @@ int n2n_transop_speck_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
|
|||
/* Setup the cipher and key */
|
||||
return(setup_speck_key(priv, encrypt_key, encrypt_key_len));
|
||||
}
|
||||
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
#include "n2n.h"
|
||||
|
||||
#define N2N_TWOFISH_NUM_SA 32 /* space for SAa */
|
||||
|
||||
#define N2N_TWOFISH_TRANSFORM_VERSION 1 /* version of the transform encoding */
|
||||
|
||||
typedef struct transop_tf {
|
||||
TWOFISH* enc_tf; /* tx state */
|
||||
|
@ -39,17 +36,13 @@ static int transop_deinit_twofish( n2n_trans_op_t * arg ) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
#define TRANSOP_TF_VER_SIZE 1 /* Support minor variants in encoding in one module. */
|
||||
#define TRANSOP_TF_NONCE_SIZE 4
|
||||
#define TRANSOP_TF_SA_SIZE 4
|
||||
|
||||
/** The twofish packet format consists of:
|
||||
*
|
||||
* - a 8-bit twofish encoding version in clear text
|
||||
* - a 32-bit SA number in clear text
|
||||
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||
*
|
||||
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||
* [nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||
* |<------ encrypted ------>|
|
||||
*/
|
||||
static int transop_encode_twofish( n2n_trans_op_t * arg,
|
||||
|
@ -66,19 +59,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
|
|||
|
||||
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
|
||||
{
|
||||
if ( (in_len + TRANSOP_TF_NONCE_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_VER_SIZE) <= out_len )
|
||||
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= out_len )
|
||||
{
|
||||
size_t idx=0;
|
||||
uint32_t sa_id=0; // Not used
|
||||
|
||||
traceEvent(TRACE_DEBUG, "encode_twofish %lu", in_len);
|
||||
|
||||
/* Encode the twofish format version. */
|
||||
encode_uint8( outbuf, &idx, N2N_TWOFISH_TRANSFORM_VERSION );
|
||||
|
||||
/* Encode the security association (SA) number */
|
||||
encode_uint32( outbuf, &idx, sa_id );
|
||||
|
||||
/* The assembly buffer is a source for encrypting data. The nonce is
|
||||
* written in first followed by the packet payload. The whole
|
||||
* contents of assembly are encrypted. */
|
||||
|
@ -88,14 +72,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
|
|||
|
||||
/* Encrypt the assembly contents and write the ciphertext after the SA. */
|
||||
len = TwoFishEncryptRaw( assembly, /* source */
|
||||
outbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE,
|
||||
outbuf,
|
||||
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
|
||||
priv->enc_tf);
|
||||
if ( len > 0 )
|
||||
{
|
||||
len += TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE; /* size of data carried in UDP. */
|
||||
}
|
||||
else
|
||||
if ( len <= 0 )
|
||||
{
|
||||
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
|
||||
}
|
||||
|
@ -114,15 +94,7 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
|
|||
return len;
|
||||
}
|
||||
|
||||
/** The twofish packet format consists of:
|
||||
*
|
||||
* - a 8-bit twofish encoding version in clear text
|
||||
* - a 32-bit SA number in clear text
|
||||
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
|
||||
*
|
||||
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
|
||||
* |<------ encrypted ------>|
|
||||
*/
|
||||
|
||||
static int transop_decode_twofish( n2n_trans_op_t * arg,
|
||||
uint8_t * outbuf,
|
||||
size_t out_len,
|
||||
|
@ -134,26 +106,15 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
|
|||
transop_tf_t * priv = (transop_tf_t *)arg->priv;
|
||||
uint8_t assembly[N2N_PKT_BUF_SIZE];
|
||||
|
||||
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
|
||||
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) /* Has at least version, SA and nonce */
|
||||
if ( ( in_len <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
|
||||
&& (in_len >= TRANSOP_TF_NONCE_SIZE ) /* Has at least nonce */
|
||||
) {
|
||||
size_t rem=in_len;
|
||||
size_t idx=0;
|
||||
uint8_t tf_enc_ver=0;
|
||||
uint32_t sa_rx=0; // Not used
|
||||
|
||||
/* Get the encoding version to make sure it is supported */
|
||||
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
|
||||
|
||||
if ( N2N_TWOFISH_TRANSFORM_VERSION == tf_enc_ver ) {
|
||||
/* Get the SA number and make sure we are decrypting with the right one. */
|
||||
decode_uint32( &sa_rx, inbuf, &rem, &idx );
|
||||
|
||||
traceEvent(TRACE_DEBUG, "decode_twofish %lu", in_len);
|
||||
|
||||
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
|
||||
len = TwoFishDecryptRaw( (void *)inbuf,
|
||||
assembly, /* destination */
|
||||
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
|
||||
in_len,
|
||||
priv->dec_tf);
|
||||
|
||||
if(len > 0) {
|
||||
|
@ -165,8 +126,6 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
|
|||
len );
|
||||
} else
|
||||
traceEvent(TRACE_ERROR, "decode_twofish decryption failed");
|
||||
} else
|
||||
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
|
||||
} else
|
||||
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user