mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
added encryption step
This commit is contained in:
parent
033b1890f2
commit
e8d5e939a7
|
@ -22,7 +22,7 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint16_t packet_len,
|
||||||
|
|
||||||
|
|
||||||
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
|
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
|
||||||
uint16_t checksum);
|
he_context_t * ctx_iv, uint16_t checksum);
|
||||||
|
|
||||||
|
|
||||||
void packet_header_setup_key (const char * community_name, he_context_t ** ctx,
|
void packet_header_setup_key (const char * community_name, he_context_t ** ctx,
|
||||||
|
|
|
@ -744,7 +744,7 @@ static void send_register_super(n2n_edge_t * eee,
|
||||||
|
|
||||||
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
||||||
pearson_hash_16 (pktbuf, idx));
|
eee->conf.header_iv_ctx, pearson_hash_16 (pktbuf, idx));
|
||||||
|
|
||||||
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, supernode);
|
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, supernode);
|
||||||
}
|
}
|
||||||
|
@ -776,7 +776,7 @@ static void send_query_peer( n2n_edge_t * eee,
|
||||||
|
|
||||||
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
||||||
pearson_hash_16 (pktbuf, idx));
|
eee->conf.header_iv_ctx, pearson_hash_16 (pktbuf, idx));
|
||||||
|
|
||||||
sendto_sock( eee->udp_sock, pktbuf, idx, &(eee->supernode) );
|
sendto_sock( eee->udp_sock, pktbuf, idx, &(eee->supernode) );
|
||||||
}
|
}
|
||||||
|
@ -823,7 +823,7 @@ static void send_register(n2n_edge_t * eee,
|
||||||
|
|
||||||
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
||||||
pearson_hash_16 (pktbuf, idx));
|
eee->conf.header_iv_ctx, pearson_hash_16 (pktbuf, idx));
|
||||||
|
|
||||||
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
|
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
|
||||||
}
|
}
|
||||||
|
@ -866,7 +866,7 @@ static void send_register_ack(n2n_edge_t * eee,
|
||||||
|
|
||||||
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
|
||||||
pearson_hash_16 (pktbuf, idx));
|
eee->conf.header_iv_ctx, pearson_hash_16 (pktbuf, idx));
|
||||||
|
|
||||||
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
|
/* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
|
||||||
}
|
}
|
||||||
|
@ -1474,7 +1474,7 @@ static void send_packet2net(n2n_edge_t * eee,
|
||||||
|
|
||||||
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (pktbuf, headerIdx, eee->conf.header_encryption_ctx,
|
packet_header_encrypt (pktbuf, headerIdx, eee->conf.header_encryption_ctx,
|
||||||
pearson_hash_16 (pktbuf, idx));
|
eee->conf.header_iv_ctx, pearson_hash_16 (pktbuf, idx));
|
||||||
|
|
||||||
#ifdef MTU_ASSERT_VALUE
|
#ifdef MTU_ASSERT_VALUE
|
||||||
{
|
{
|
||||||
|
|
|
@ -57,7 +57,7 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint16_t packet_len,
|
||||||
/* ********************************************************************** */
|
/* ********************************************************************** */
|
||||||
|
|
||||||
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
|
int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
|
||||||
uint16_t checksum) {
|
he_context_t * ctx_iv, uint16_t checksum) {
|
||||||
|
|
||||||
uint8_t iv[16];
|
uint8_t iv[16];
|
||||||
uint16_t *iv16 = (uint16_t*)&iv;
|
uint16_t *iv16 = (uint16_t*)&iv;
|
||||||
|
@ -76,6 +76,8 @@ int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_
|
||||||
iv16[4] = n2n_rand ();
|
iv16[4] = n2n_rand ();
|
||||||
iv16[5] = htobe16 (checksum);
|
iv16[5] = htobe16 (checksum);
|
||||||
iv32[3] = htobe32 (magic);
|
iv32[3] = htobe32 (magic);
|
||||||
|
// blend checksum into 96-bit IV
|
||||||
|
speck_he_iv_encrypt (iv, (speck_context_t*)ctx_iv);
|
||||||
|
|
||||||
memcpy (packet, iv, 16);
|
memcpy (packet, iv, 16);
|
||||||
packet[15] = header_len;
|
packet[15] = header_len;
|
||||||
|
|
10
src/sn.c
10
src/sn.c
|
@ -587,7 +587,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (rec_buf, oldEncx, comm->header_encryption_ctx,
|
packet_header_encrypt (rec_buf, oldEncx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (rec_buf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (rec_buf, encx));
|
||||||
} else {
|
} else {
|
||||||
/* Already from a supernode. Nothing to modify, just pass to
|
/* Already from a supernode. Nothing to modify, just pass to
|
||||||
* destination. */
|
* destination. */
|
||||||
|
@ -599,7 +599,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx,
|
packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (rec_buf, udp_size));
|
comm->header_iv_ctx, pearson_hash_16 (rec_buf, udp_size));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Common section to forward the final product. */
|
/* Common section to forward the final product. */
|
||||||
|
@ -663,7 +663,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx,
|
packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (rec_buf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (rec_buf, encx));
|
||||||
|
|
||||||
|
|
||||||
try_forward(sss, comm, &cmn, reg.dstMac, rec_buf, encx); /* unicast only */
|
try_forward(sss, comm, &cmn, reg.dstMac, rec_buf, encx); /* unicast only */
|
||||||
|
@ -736,7 +736,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx,
|
packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (ackbuf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (ackbuf, encx));
|
||||||
|
|
||||||
sendto(sss->sock, ackbuf, encx, 0,
|
sendto(sss->sock, ackbuf, encx, 0,
|
||||||
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in));
|
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in));
|
||||||
|
@ -784,7 +784,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
|
packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (encbuf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (encbuf, encx));
|
||||||
|
|
||||||
sendto( sss->sock, encbuf, encx, 0,
|
sendto( sss->sock, encbuf, encx, 0,
|
||||||
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
|
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
|
||||||
|
|
|
@ -513,7 +513,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (rec_buf, oldEncx, comm->header_encryption_ctx,
|
packet_header_encrypt (rec_buf, oldEncx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (rec_buf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (rec_buf, encx));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
/* Already from a supernode. Nothing to modify, just pass to
|
/* Already from a supernode. Nothing to modify, just pass to
|
||||||
|
@ -526,7 +526,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx,
|
packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (rec_buf, udp_size));
|
comm->header_iv_ctx, pearson_hash_16 (rec_buf, udp_size));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Common section to forward the final product. */
|
/* Common section to forward the final product. */
|
||||||
|
@ -590,7 +590,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx,
|
packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (rec_buf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (rec_buf, encx));
|
||||||
|
|
||||||
try_forward(sss, comm, &cmn, reg.dstMac, rec_buf, encx); /* unicast only */
|
try_forward(sss, comm, &cmn, reg.dstMac, rec_buf, encx); /* unicast only */
|
||||||
} else
|
} else
|
||||||
|
@ -662,7 +662,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx,
|
packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (ackbuf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (ackbuf, encx));
|
||||||
|
|
||||||
sendto(sss->sock, ackbuf, encx, 0,
|
sendto(sss->sock, ackbuf, encx, 0,
|
||||||
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in));
|
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in));
|
||||||
|
@ -710,7 +710,7 @@ static int process_udp(n2n_sn_t * sss,
|
||||||
|
|
||||||
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
|
||||||
packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
|
packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
|
||||||
pearson_hash_16 (encbuf, encx));
|
comm->header_iv_ctx, pearson_hash_16 (encbuf, encx));
|
||||||
|
|
||||||
sendto( sss->sock, encbuf, encx, 0,
|
sendto( sss->sock, encbuf, encx, 0,
|
||||||
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
|
(struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
|
||||||
|
|
Loading…
Reference in New Issue
Block a user