mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
woke up from a nightmare of missing typedefs
This commit is contained in:
parent
365d2b2782
commit
e6e4999f19
|
@ -2,13 +2,15 @@
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "n2n.h"
|
|
||||||
#include "random_numbers.h"
|
#include "random_numbers.h"
|
||||||
#include "pearson.h"
|
#include "pearson.h"
|
||||||
#include "portable_endian.h"
|
#include "portable_endian.h"
|
||||||
|
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h> // !!!
|
||||||
|
|
||||||
|
|
||||||
|
#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)
|
||||||
|
|
||||||
|
|
||||||
uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
|
uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
|
||||||
|
@ -45,6 +47,9 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
|
||||||
int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
|
int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
|
||||||
struct sn_community *communities) {
|
struct sn_community *communities) {
|
||||||
|
|
||||||
|
struct sn_community *c, *tmp;
|
||||||
|
|
||||||
|
|
||||||
if (packet_len < 20)
|
if (packet_len < 20)
|
||||||
return (-1);
|
return (-1);
|
||||||
|
|
||||||
|
@ -62,25 +67,28 @@ int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len
|
||||||
|
|
||||||
// most probably unencrypted
|
// most probably unencrypted
|
||||||
|
|
||||||
// TODO:
|
// make sure, no downgrading happens here and no unencrypted packets can be
|
||||||
// !!! make sure, no downgrading happens here !!!
|
// injected in a community which definitely deals with encrypted headers
|
||||||
// NOT FOR DEFINETLY ENCRYPTED COMMUNITIES / NO DOWNGRADE, NO INJECTION
|
HASH_FIND_COMMUNITY(communities, (char *)&packet[04], c);
|
||||||
|
if (!c)
|
||||||
|
if (c->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
|
return (-2);
|
||||||
|
// set 'no encryption' in case it is not set yet
|
||||||
|
c->header_encryption = HEADER_ENCRYPTION_NONE;
|
||||||
return (HEADER_ENCRYPTION_NONE);
|
return (HEADER_ENCRYPTION_NONE);
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// most probably encrypted
|
// most probably encrypted
|
||||||
// cycle through the known communities (as keys) to eventually decrypt
|
// cycle through the known communities (as keys) to eventually decrypt
|
||||||
int32_t ret;
|
int32_t ret;
|
||||||
struct sn_community *c, *tmp;
|
|
||||||
HASH_ITER (hh, communities, c, tmp) {
|
HASH_ITER (hh, communities, c, tmp) {
|
||||||
// skip the definitely unencrypted communities
|
// skip the definitely unencrypted communities
|
||||||
if (c->header_encryption == HEADER_ENCRYPTION_NONE)
|
if (c->header_encryption == HEADER_ENCRYPTION_NONE)
|
||||||
continue;
|
continue;
|
||||||
if ( (ret = packet_header_decrypt (packet, packet_len, c->community, &(c->header_encryption_ctx))) ) {
|
if ( (ret = packet_header_decrypt (packet, packet_len, c->community, c->header_encryption_ctx)) ) {
|
||||||
// set to 'encrypted'
|
// set 'encrypted' in case it is not set yet
|
||||||
c->header_encryption = HEADER_ENCRYPTION_ENABLED;
|
c->header_encryption = HEADER_ENCRYPTION_ENABLED;
|
||||||
// no need to test any further
|
// no need to test further communities
|
||||||
return (HEADER_ENCRYPTION_ENABLED);
|
return (HEADER_ENCRYPTION_ENABLED);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -117,5 +125,5 @@ void packet_header_setup_key (char * community_name, he_context_t * ctx) {
|
||||||
uint8_t key[16];
|
uint8_t key[16];
|
||||||
pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);
|
pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);
|
||||||
|
|
||||||
speck_expand_key_he (key, ctx);
|
speck_expand_key_he (key, (speck_context_t*)ctx);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +1,33 @@
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef _HEADER_ENCRYPTION_H_
|
||||||
|
#define _HEADER_ENCRYPTION_H_
|
||||||
|
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
#include "speck.h"
|
#include "speck.h"
|
||||||
typedef speck_context_t he_context_t;
|
|
||||||
|
|
||||||
|
|
||||||
|
#include "n2n.h"
|
||||||
|
//define he_context_t speck_context_t
|
||||||
|
typedef struct speck_context_t he_context_t;
|
||||||
|
|
||||||
|
|
||||||
|
/* Header encryption indicators */
|
||||||
#define HEADER_ENCRYPTION_UNKNOWN 0
|
#define HEADER_ENCRYPTION_UNKNOWN 0
|
||||||
#define HEADER_ENCRYPTION_NONE 1
|
#define HEADER_ENCRYPTION_NONE 1
|
||||||
#define HEADER_ENCRYPTION_ENABLED 2
|
#define HEADER_ENCRYPTION_ENABLED 2
|
||||||
|
|
||||||
|
|
||||||
uint32_t decrypt_packet_header (uint8_t packet[], uint8_t packet_len,
|
uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
|
||||||
char * community_name, he_context_t * ctx);
|
char * community_name, he_context_t * ctx);
|
||||||
|
|
||||||
int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, he_context_t * ctx);
|
|
||||||
|
|
||||||
int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, he_context_t * ctx);
|
int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
|
||||||
|
struct sn_community * communities);
|
||||||
|
|
||||||
|
|
||||||
|
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx);
|
||||||
|
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
26
n2n.h
26
n2n.h
|
@ -111,7 +111,6 @@ typedef struct ether_hdr ether_hdr_t;
|
||||||
#include <openssl/opensslv.h>
|
#include <openssl/opensslv.h>
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include "minilzo.h"
|
#include "minilzo.h"
|
||||||
#include "header_encryption.h"
|
|
||||||
|
|
||||||
#define closesocket(a) close(a)
|
#define closesocket(a) close(a)
|
||||||
#endif /* #ifndef WIN32 */
|
#endif /* #ifndef WIN32 */
|
||||||
|
@ -180,6 +179,9 @@ typedef struct tuntap_dev {
|
||||||
bits of transform_id; will be obsolete as soon as compression gets
|
bits of transform_id; will be obsolete as soon as compression gets
|
||||||
its own field in the packet. REVISIT then. */
|
its own field in the packet. REVISIT then. */
|
||||||
|
|
||||||
|
/* forward delcaration of header encryption context, see 'header_encryption.h' */
|
||||||
|
typedef struct speck_context_t he_context_t;
|
||||||
|
|
||||||
#define DEFAULT_MTU 1290
|
#define DEFAULT_MTU 1290
|
||||||
|
|
||||||
/** Uncomment this to enable the MTU check, then try to ssh to generate a fragmented packet. */
|
/** Uncomment this to enable the MTU check, then try to ssh to generate a fragmented packet. */
|
||||||
|
@ -228,7 +230,7 @@ typedef struct n2n_edge_conf {
|
||||||
n2n_route_t *routes; /**< Networks to route through n2n */
|
n2n_route_t *routes; /**< Networks to route through n2n */
|
||||||
n2n_community_t community_name; /**< The community. 16 full octets. */
|
n2n_community_t community_name; /**< The community. 16 full octets. */
|
||||||
uint8_t header_encryption; /**< Header encryption indicator. */
|
uint8_t header_encryption; /**< Header encryption indicator. */
|
||||||
he_context_t header_encryption_ctx; /**< Header encryption cipher context. */
|
he_context_t *header_encryption_ctx; /**< Header encryption cipher context. */
|
||||||
n2n_transform_t transop_id; /**< The transop to use. */
|
n2n_transform_t transop_id; /**< The transop to use. */
|
||||||
uint16_t compression; /**< Compress outgoing data packets before encryption */
|
uint16_t compression; /**< Compress outgoing data packets before encryption */
|
||||||
uint16_t num_routes; /**< Number of routes in routes */
|
uint16_t num_routes; /**< Number of routes in routes */
|
||||||
|
@ -259,6 +261,16 @@ typedef struct sn_stats
|
||||||
time_t last_reg_super; /* Time when last REGISTER_SUPER was received. */
|
time_t last_reg_super; /* Time when last REGISTER_SUPER was received. */
|
||||||
} sn_stats_t;
|
} sn_stats_t;
|
||||||
|
|
||||||
|
struct sn_community
|
||||||
|
{
|
||||||
|
char community[N2N_COMMUNITY_SIZE];
|
||||||
|
uint8_t header_encryption; /* Header encryption indicator. */
|
||||||
|
he_context_t *header_encryption_ctx; /* Header encryption cipher context. */
|
||||||
|
struct peer_info *edges; /* Link list of registered edges. */
|
||||||
|
|
||||||
|
UT_hash_handle hh; /* makes this structure hashable */
|
||||||
|
};
|
||||||
|
|
||||||
typedef struct n2n_sn
|
typedef struct n2n_sn
|
||||||
{
|
{
|
||||||
time_t start_time; /* Used to measure uptime. */
|
time_t start_time; /* Used to measure uptime. */
|
||||||
|
@ -271,16 +283,6 @@ typedef struct sn_stats
|
||||||
struct sn_community *communities;
|
struct sn_community *communities;
|
||||||
} n2n_sn_t;
|
} n2n_sn_t;
|
||||||
|
|
||||||
struct sn_community
|
|
||||||
{
|
|
||||||
char community[N2N_COMMUNITY_SIZE];
|
|
||||||
uint8_t header_encryption; /* Header encryption indicator. */
|
|
||||||
he_context_t header_encryption_ctx; /* Header encryption cipher context. */
|
|
||||||
struct peer_info *edges; /* Link list of registered edges. */
|
|
||||||
|
|
||||||
UT_hash_handle hh; /* makes this structure hashable */
|
|
||||||
};
|
|
||||||
|
|
||||||
/* ************************************** */
|
/* ************************************** */
|
||||||
|
|
||||||
#ifdef __ANDROID_NDK__
|
#ifdef __ANDROID_NDK__
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#include "n2n.h"
|
#include "n2n.h"
|
||||||
|
#include "header_encryption.h"
|
||||||
|
|
||||||
#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)
|
#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)
|
||||||
#define N2N_SN_LPORT_DEFAULT 7654
|
#define N2N_SN_LPORT_DEFAULT 7654
|
||||||
|
@ -37,7 +38,7 @@ static int process_mgmt(n2n_sn_t *sss,
|
||||||
|
|
||||||
static int process_udp(n2n_sn_t *sss,
|
static int process_udp(n2n_sn_t *sss,
|
||||||
const struct sockaddr_in *sender_sock,
|
const struct sockaddr_in *sender_sock,
|
||||||
const uint8_t *udp_buf,
|
uint8_t *udp_buf,
|
||||||
size_t udp_size,
|
size_t udp_size,
|
||||||
time_t now);
|
time_t now);
|
||||||
|
|
||||||
|
@ -372,13 +373,14 @@ static int process_mgmt(n2n_sn_t *sss,
|
||||||
*/
|
*/
|
||||||
static int process_udp(n2n_sn_t *sss,
|
static int process_udp(n2n_sn_t *sss,
|
||||||
const struct sockaddr_in *sender_sock,
|
const struct sockaddr_in *sender_sock,
|
||||||
const uint8_t *udp_buf,
|
uint8_t *udp_buf,
|
||||||
size_t udp_size,
|
size_t udp_size,
|
||||||
time_t now)
|
time_t now)
|
||||||
{
|
{
|
||||||
n2n_common_t cmn; /* common fields in the packet header */
|
n2n_common_t cmn; /* common fields in the packet header */
|
||||||
size_t rem;
|
size_t rem;
|
||||||
size_t idx;
|
size_t idx;
|
||||||
|
int8_t he = HEADER_ENCRYPTION_UNKNOWN;
|
||||||
size_t msg_type;
|
size_t msg_type;
|
||||||
uint8_t from_supernode;
|
uint8_t from_supernode;
|
||||||
macstr_t mac_buf;
|
macstr_t mac_buf;
|
||||||
|
@ -390,6 +392,8 @@ static int process_udp(n2n_sn_t *sss,
|
||||||
udp_size, intoa(ntohl(sender_sock->sin_addr.s_addr), buf, sizeof(buf)),
|
udp_size, intoa(ntohl(sender_sock->sin_addr.s_addr), buf, sizeof(buf)),
|
||||||
ntohs(sender_sock->sin_port));
|
ntohs(sender_sock->sin_port));
|
||||||
|
|
||||||
|
he = packet_header_decrypt_if_required (udp_buf, udp_size, sss->communities);
|
||||||
|
|
||||||
/* Use decode_common() to determine the kind of packet then process it:
|
/* Use decode_common() to determine the kind of packet then process it:
|
||||||
*
|
*
|
||||||
* REGISTER_SUPER adds an edge and generate a return REGISTER_SUPER_ACK
|
* REGISTER_SUPER adds an edge and generate a return REGISTER_SUPER_ACK
|
||||||
|
|
1
speck.c
1
speck.c
|
@ -3,7 +3,6 @@
|
||||||
// https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/
|
// https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdint.h>
|
|
||||||
#include "portable_endian.h"
|
#include "portable_endian.h"
|
||||||
|
|
||||||
#include "speck.h"
|
#include "speck.h"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user