n2n/header_encryption.c

/**
 * (C) 2007-20 - ntop.org and contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not see see <http://www.gnu.org/licenses/>
 *
 */

#include "header_encryption.h"

#include <string.h>

#include "random_numbers.h"
#include "pearson.h"
#include "portable_endian.h"


#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)


uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,
			        char * community_name, he_context_t * ctx) {

  // assemble IV
  // the last four are ASCII "n2n!" and do not get overwritten
  uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		     0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 };
  // the first 96 bits of the packet get padded with ASCII "n2n!"
  // to full 128 bit IV
  memcpy (iv, packet, 12);
  // alternatively, consider: pearson_hash_128 (iv, packet, 12);

  // try community name as possible key and check for magic bytes
  uint32_t magic = 0x6E326E00; // ="n2n_"
  uint32_t test_magic;
  // check for magic bytes and resonable value in header len field
  speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, (speck_context_t*)ctx);
  test_magic = be32toh (test_magic);
  if ( ((test_magic <<  8) == magic)
       && ((test_magic >> 24) <= packet_len) // (test_masgic >> 24) is header_len
       ) {
    speck_he (&packet[12], &packet[12], (test_magic >> 24) - 12, iv, (speck_context_t*)ctx);
    // restore original packet order
    memcpy (&packet[0], &packet[16], 4);
    memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE);
    return (1); // successful
  } else
    return (0); // unsuccessful
}


int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,
					  struct sn_community *communities) {

  struct sn_community *c, *tmp;


  if (packet_len < 20)
    return (-1);

  // first, check if header is unenrypted to put it into the fast-lane then

  // the following check is around 99.99962 percent reliable
  // it heavily relies on the structure of packet's common part
  // changes to wire.c:encode/decode_common need to go together with this code
  if ( (packet[19] == (uint8_t)0x00)	// null terminated community name
       && (packet[00] == N2N_PKT_VERSION)	// correct packet version
       //	  && (packet[01] <= N2N_DEFAULT_TTL) 	// reasonable TTL -- might interfere with hole-punching-related or cli passed higher values ?!
       && ((be16toh (*(uint16_t*)&(packet[02])) & N2N_FLAGS_TYPE_MASK ) <= MSG_TYPE_MAX_TYPE  ) // message type
       && ( be16toh (*(uint16_t*)&(packet[02])) < N2N_FLAGS_OPTIONS)	// flags
       ) {

    // most probably unencrypted

    // make sure, no downgrading happens here and no unencrypted packets can be
    // injected in a community which definitely deals with encrypted headers
    HASH_FIND_COMMUNITY(communities, (char *)&packet[04], c);
    if (!c)
      if (c->header_encryption == HEADER_ENCRYPTION_ENABLED)
	return (-2);
    // set 'no encryption'  in case it is not set yet
    c->header_encryption = HEADER_ENCRYPTION_NONE;
    c->header_encryption_ctx = NULL;
    return (HEADER_ENCRYPTION_NONE);
  } else {

    // most probably encrypted
    // cycle through the known communities (as keys) to eventually decrypt
    int32_t ret;
    HASH_ITER (hh, communities, c, tmp) {
      // skip the definitely unencrypted communities
      if (c->header_encryption == HEADER_ENCRYPTION_NONE)
	continue;
      if ( (ret = packet_header_decrypt (packet, packet_len, c->community, c->header_encryption_ctx)) ) {
	// set 'encrypted' in case it is not set yet
	c->header_encryption = HEADER_ENCRYPTION_ENABLED;
	// no need to test further communities
	return (HEADER_ENCRYPTION_ENABLED);
      }
    }
    // no matching key/community
    return (-3);
  }
}


int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx) {
  uint8_t iv[16];
  uint64_t *iv64 = (uint64_t*)&iv;
  const uint32_t magic = 0x006E326E;

  if (header_len < 20)
    return (-1);

  memcpy (&packet[16], &packet[00], 4);
	
  iv64[0] = n2n_rand();
  iv64[1] = n2n_rand();
  iv64[3] = htobe32(magic);
  iv[12]  = header_len;

  speck_he (&packet[12], &packet[12], header_len - 12, iv, (speck_context_t*)ctx);

  return (0);
}


void packet_header_setup_key (char * community_name, he_context_t * ctx) {

  uint8_t key[16];
  pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);

  ctx = calloc(1, sizeof(speck_context_t));
  speck_expand_key_he (key, (speck_context_t*)ctx);
}
Added copyright 4 years ago			`/**`
			`* (C) 2007-20 - ntop.org and contributors`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not see see <http://www.gnu.org/licenses/>`
			`*`
			`*/`

prepared header encryption 4 years ago			`#include "header_encryption.h"`

			`#include <string.h>`
drafted header encryption 4 years ago
prepared header encryption 4 years ago			`#include "random_numbers.h"`
			`#include "pearson.h"`
drafted header encryption 4 years ago			`#include "portable_endian.h"`


woke up from a nightmare of missing typedefs 4 years ago			`#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)`
prepared header encryption 4 years ago

			`uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len,`
			`char * community_name, he_context_t * ctx) {`
drafted header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`// assemble IV`
			`// the last four are ASCII "n2n!" and do not get overwritten`
			`uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,`
			`0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 };`
			`// the first 96 bits of the packet get padded with ASCII "n2n!"`
			`// to full 128 bit IV`
			`memcpy (iv, packet, 12);`
			`// alternatively, consider: pearson_hash_128 (iv, packet, 12);`

			`// try community name as possible key and check for magic bytes`
			`uint32_t magic = 0x6E326E00; // ="n2n_"`
			`uint32_t test_magic;`
			`// check for magic bytes and resonable value in header len field`
			`speck_he ((uint8_t)&test_magic, &packet[12], 4, iv, (speck_context_t)ctx);`
			`test_magic = be32toh (test_magic);`
			`if ( ((test_magic << 8) == magic)`
			`&& ((test_magic >> 24) <= packet_len) // (test_masgic >> 24) is header_len`
			`) {`
			`speck_he (&packet[12], &packet[12], (test_magic >> 24) - 12, iv, (speck_context_t*)ctx);`
			`// restore original packet order`
			`memcpy (&packet[0], &packet[16], 4);`
			`memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE);`
			`return (1); // successful`
			`} else`
			`return (0); // unsuccessful`
drafted header encryption 4 years ago			`}`


made header encryption indicator 8-bit type 4 years ago			`int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len,`
			`struct sn_community *communities) {`
drafted header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`struct sn_community c, tmp;`


			`if (packet_len < 20)`
			`return (-1);`

			`// first, check if header is unenrypted to put it into the fast-lane then`

			`// the following check is around 99.99962 percent reliable`
			`// it heavily relies on the structure of packet's common part`
			`// changes to wire.c:encode/decode_common need to go together with this code`
			`if ( (packet[19] == (uint8_t)0x00) // null terminated community name`
			`&& (packet[00] == N2N_PKT_VERSION) // correct packet version`
			`// && (packet[01] <= N2N_DEFAULT_TTL) // reasonable TTL -- might interfere with hole-punching-related or cli passed higher values ?!`
			`&& ((be16toh ((uint16_t)&(packet[02])) & N2N_FLAGS_TYPE_MASK ) <= MSG_TYPE_MAX_TYPE ) // message type`
			`&& ( be16toh ((uint16_t)&(packet[02])) < N2N_FLAGS_OPTIONS) // flags`
			`) {`

			`// most probably unencrypted`

			`// make sure, no downgrading happens here and no unencrypted packets can be`
			`// injected in a community which definitely deals with encrypted headers`
			`HASH_FIND_COMMUNITY(communities, (char *)&packet[04], c);`
			`if (!c)`
			`if (c->header_encryption == HEADER_ENCRYPTION_ENABLED)`
			`return (-2);`
			`// set 'no encryption' in case it is not set yet`
			`c->header_encryption = HEADER_ENCRYPTION_NONE;`
			`c->header_encryption_ctx = NULL;`
			`return (HEADER_ENCRYPTION_NONE);`
			`} else {`

			`// most probably encrypted`
			`// cycle through the known communities (as keys) to eventually decrypt`
			`int32_t ret;`
			`HASH_ITER (hh, communities, c, tmp) {`
			`// skip the definitely unencrypted communities`
			`if (c->header_encryption == HEADER_ENCRYPTION_NONE)`
			`continue;`
			`if ( (ret = packet_header_decrypt (packet, packet_len, c->community, c->header_encryption_ctx)) ) {`
			`// set 'encrypted' in case it is not set yet`
			`c->header_encryption = HEADER_ENCRYPTION_ENABLED;`
			`// no need to test further communities`
			`return (HEADER_ENCRYPTION_ENABLED);`
			`}`
			`}`
			`// no matching key/community`
			`return (-3);`
			`}`
drafted header encryption 4 years ago			`}`


prepared header encryption 4 years ago			`int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx) {`
CentOS 6 compilation fixes 4 years ago			`uint8_t iv[16];`
			`uint64_t iv64 = (uint64_t)&iv;`
			`const uint32_t magic = 0x006E326E;`
drafted header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`if (header_len < 20)`
			`return (-1);`
drafted header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`memcpy (&packet[16], &packet[00], 4);`

			`iv64[0] = n2n_rand();`
			`iv64[1] = n2n_rand();`
			`iv64[3] = htobe32(magic);`
			`iv[12] = header_len;`
drafted header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`speck_he (&packet[12], &packet[12], header_len - 12, iv, (speck_context_t*)ctx);`
drafted header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`return (0);`
prepared header encryption 4 years ago			`}`


			`void packet_header_setup_key (char * community_name, he_context_t * ctx) {`

CentOS 6 compilation fixes 4 years ago			`uint8_t key[16];`
			`pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);`
prepared header encryption 4 years ago
CentOS 6 compilation fixes 4 years ago			`ctx = calloc(1, sizeof(speck_context_t));`
			`speck_expand_key_he (key, (speck_context_t*)ctx);`
drafted header encryption 4 years ago			`}`