blended checksum into header iv

4 years ago · 033b1890f2
3 changed files with 45 additions and 24 deletions
--- a/src/edge_utils.c
+++ b/src/edge_utils.c
@ -258,7 +258,7 @@ n2n_edge_t* edge_init(const tuntap_dev *dev, const n2n_edge_conf_t *conf, int *r
  /* Set the key schedule (context) for header encryption if enabled */
  if(conf->header_encryption == HEADER_ENCRYPTION_ENABLED) {
    traceEvent(TRACE_NORMAL, "Header encryption is enabled.");
-    packet_header_setup_key ((char *)(conf->community_name), &(eee->conf.header_encryption_ctx));
+    packet_header_setup_key ((char *)(conf->community_name), &(eee->conf.header_encryption_ctx),&(eee->conf.header_iv_ctx));
  }
  if(eee->transop.no_encryption)
@ -743,7 +743,8 @@ static void send_register_super(n2n_edge_t * eee,
 	     sock_to_cstr(sockbuf, supernode));
  if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
-    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx);
+    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
                                        pearson_hash_16 (pktbuf, idx));
  /* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, supernode);
 }
@ -774,7 +775,8 @@ static void send_query_peer( n2n_edge_t * eee,
  traceEvent( TRACE_DEBUG, "send QUERY_PEER to supernode" );
  if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
-    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx);
+    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
                                        pearson_hash_16 (pktbuf, idx));
  sendto_sock( eee->udp_sock, pktbuf, idx, &(eee->supernode) );
 }
@ -820,7 +822,8 @@ static void send_register(n2n_edge_t * eee,
 	     sock_to_cstr(sockbuf, remote_peer));
  if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
-    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx);
+    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
                                        pearson_hash_16 (pktbuf, idx));
  /* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
 }
@ -862,7 +865,8 @@ static void send_register_ack(n2n_edge_t * eee,
 	     sock_to_cstr(sockbuf, remote_peer));
  if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
-    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx);
+    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx,
                                        pearson_hash_16 (pktbuf, idx));
  /* sent = */ sendto_sock(eee->udp_sock, pktbuf, idx, remote_peer);
 }
@ -1459,8 +1463,7 @@ static void send_packet2net(n2n_edge_t * eee,
  idx=0;
  encode_PACKET(pktbuf, &idx, &cmn, &pkt);
-  if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
+  uint16_t headerIdx = idx;
    packet_header_encrypt (pktbuf, idx, eee->conf.header_encryption_ctx);
  idx += eee->transop.fwd(&eee->transop,
 			  pktbuf+idx, N2N_PKT_BUF_SIZE-idx,
@ -1469,6 +1472,10 @@ static void send_packet2net(n2n_edge_t * eee,
  traceEvent(TRACE_DEBUG, "Encode %u B PACKET [%u B data, %u B overhead] transform %u",
 	     (u_int)idx, (u_int)len, (u_int)(idx-len), tx_transop_idx);
  if(eee->conf.header_encryption == HEADER_ENCRYPTION_ENABLED)
    packet_header_encrypt (pktbuf, headerIdx, eee->conf.header_encryption_ctx,
                                              pearson_hash_16 (pktbuf, idx));
 #ifdef MTU_ASSERT_VALUE
  {
    const u_int eth_udp_overhead = ETH_FRAMESIZE + IP4_MIN_SIZE + UDP_SIZE;
--- a/src/sn.c
+++ b/src/sn.c
@ -408,7 +408,7 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) {
      /* we do not know if header encryption is used in this community,
       * first packet will show. just in case, setup the key.           */
      s->header_encryption = HEADER_ENCRYPTION_UNKNOWN;
-      packet_header_setup_key (s->community, &(s->header_encryption_ctx));
+      packet_header_setup_key (s->community, &(s->header_encryption_ctx), &(s->header_iv_ctx));
      HASH_ADD_STR(sss->communities, community, s);
      num_communities++;
@ -580,12 +580,14 @@ static int process_udp(n2n_sn_t * sss,
      /* Re-encode the header. */
      encode_PACKET(encbuf, &encx, &cmn2, &pkt);
-
+      uint16_t oldEncx = encx;
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
        packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx);
      /* Copy the original payload unchanged */
      encode_buf(encbuf, &encx, (udp_buf + idx), (udp_size - idx));
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
        packet_header_encrypt (rec_buf, oldEncx, comm->header_encryption_ctx,
                                                 pearson_hash_16 (rec_buf, encx));
    } else {
      /* Already from a supernode. Nothing to modify, just pass to
       * destination. */
@ -596,7 +598,8 @@ static int process_udp(n2n_sn_t * sss,
      encx = udp_size;
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx);
+        packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx,
                                             pearson_hash_16 (rec_buf, udp_size));
    }
    /* Common section to forward the final product. */
@ -647,7 +650,7 @@ static int process_udp(n2n_sn_t * sss,
 	/* Re-encode the header. */
 	encode_REGISTER(encbuf, &encx, &cmn2, &reg);
-
+// !!! does this ever happen? does REGISTER ever come with a payload ??? !!!
 	/* Copy the original payload unchanged */
 	encode_buf(encbuf, &encx, (udp_buf + idx), (udp_size - idx));
      } else {
@ -659,7 +662,9 @@ static int process_udp(n2n_sn_t * sss,
      }
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx);
+        packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx,
                                              pearson_hash_16 (rec_buf, encx));
      try_forward(sss, comm, &cmn, reg.dstMac, rec_buf, encx); /* unicast only */
    } else
@ -730,7 +735,8 @@ static int process_udp(n2n_sn_t * sss,
      encode_REGISTER_SUPER_ACK(ackbuf, &encx, &cmn2, &ack);
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx);
+        packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx,
                                             pearson_hash_16 (ackbuf, encx));
      sendto(sss->sock, ackbuf, encx, 0,
 	     (struct sockaddr *)sender_sock, sizeof(struct sockaddr_in));
@ -777,7 +783,8 @@ static int process_udp(n2n_sn_t * sss,
      encode_PEER_INFO( encbuf, &encx, &cmn2, &pi );
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx);
+        packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
                                             pearson_hash_16 (encbuf, encx));
      sendto( sss->sock, encbuf, encx, 0,
 	      (struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );
--- a/src/sn_utils.c
+++ b/src/sn_utils.c
@ -506,12 +506,15 @@ static int process_udp(n2n_sn_t * sss,
      /* Re-encode the header. */
      encode_PACKET(encbuf, &encx, &cmn2, &pkt);
-
+      uint16_t oldEncx = encx;
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
        packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx);
      /* Copy the original payload unchanged */
      encode_buf(encbuf, &encx, (udp_buf + idx), (udp_size - idx));
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
        packet_header_encrypt (rec_buf, oldEncx, comm->header_encryption_ctx,
                                                 pearson_hash_16 (rec_buf, encx));
    } else {
      /* Already from a supernode. Nothing to modify, just pass to
       * destination. */
@ -522,7 +525,8 @@ static int process_udp(n2n_sn_t * sss,
      encx = udp_size;
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx);
+        packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx,
                                             pearson_hash_16 (rec_buf, udp_size));
    }
    /* Common section to forward the final product. */
@ -573,7 +577,7 @@ static int process_udp(n2n_sn_t * sss,
 	/* Re-encode the header. */
 	encode_REGISTER(encbuf, &encx, &cmn2, &reg);
-
+// !!! does this ever happen? does REGISTER ever come with a payload ??? !!!
 	/* Copy the original payload unchanged */
 	encode_buf(encbuf, &encx, (udp_buf + idx), (udp_size - idx));
      } else {
@ -585,7 +589,8 @@ static int process_udp(n2n_sn_t * sss,
      }
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (rec_buf, idx, comm->header_encryption_ctx);
+        packet_header_encrypt (rec_buf, encx, comm->header_encryption_ctx,
                                             pearson_hash_16 (rec_buf, encx));
      try_forward(sss, comm, &cmn, reg.dstMac, rec_buf, encx); /* unicast only */
    } else
@ -656,7 +661,8 @@ static int process_udp(n2n_sn_t * sss,
      encode_REGISTER_SUPER_ACK(ackbuf, &encx, &cmn2, &ack);
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx);
+        packet_header_encrypt (ackbuf, encx, comm->header_encryption_ctx,
                                             pearson_hash_16 (ackbuf, encx));
      sendto(sss->sock, ackbuf, encx, 0,
 	     (struct sockaddr *)sender_sock, sizeof(struct sockaddr_in));
@ -703,7 +709,8 @@ static int process_udp(n2n_sn_t * sss,
      encode_PEER_INFO( encbuf, &encx, &cmn2, &pi );
      if (comm->header_encryption == HEADER_ENCRYPTION_ENABLED)
-        packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx);
+        packet_header_encrypt (encbuf, encx, comm->header_encryption_ctx,
                                             pearson_hash_16 (encbuf, encx));
      sendto( sss->sock, encbuf, encx, 0,
 	      (struct sockaddr *)sender_sock, sizeof(struct sockaddr_in) );