From 9e5934acc82c1b58da6c7f8e2633d4cc445c4790 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Sun, 26 Apr 2020 15:46:41 +0200 Subject: [PATCH 1/6] added ChaCha20 (cc20) --- Makefile.in | 2 +- edge_utils.c | 6 + n2n.h | 3 + n2n_transforms.h | 1 + tools/benchmark.c | 12 ++ transform_cc20.c | 293 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 transform_cc20.c diff --git a/Makefile.in b/Makefile.in index 14f5599..d428259 100644 --- a/Makefile.in +++ b/Makefile.in @@ -50,7 +50,7 @@ MAN8DIR=$(MANDIR)/man8 N2N_LIB=libn2n.a N2N_OBJS=n2n.o wire.o minilzo.o twofish.o \ edge_utils.o sn_utils.o \ - transform_null.o transform_tf.o transform_aes.o \ + transform_null.o transform_tf.o transform_aes.o transform_cc20.o \ tuntap_freebsd.o tuntap_netbsd.o tuntap_linux.o \ tuntap_osx.o LIBS_EDGE+=$(LIBS_EDGE_OPT) diff --git a/edge_utils.c b/edge_utils.c index acae39e..9376503 100644 --- a/edge_utils.c +++ b/edge_utils.c @@ -138,6 +138,7 @@ static const char* transop_str(enum n2n_transform tr) { case N2N_TRANSFORM_ID_NULL: return("null"); case N2N_TRANSFORM_ID_TWOFISH: return("twofish"); case N2N_TRANSFORM_ID_AESCBC: return("AES-CBC"); + case N2N_TRANSFORM_ID_CHACHA20:return("ChaCha20"); default: return("invalid"); }; } @@ -240,6 +241,11 @@ n2n_edge_t* edge_init(const tuntap_dev *dev, const n2n_edge_conf_t *conf, int *r case N2N_TRANSFORM_ID_AESCBC: rc = n2n_transop_aes_cbc_init(&eee->conf, &eee->transop); break; +#endif +#ifdef HAVE_OPENSSL_1_1 + case N2N_TRANSFORM_ID_CHACHA20: + rc = n2n_transop_cc20_init(&eee->conf, &eee->transop); + break; #endif default: rc = n2n_transop_null_init(&eee->conf, &eee->transop); diff --git a/n2n.h b/n2n.h index dbdb5a3..5c23480 100644 --- a/n2n.h +++ b/n2n.h @@ -293,6 +293,9 @@ int n2n_transop_twofish_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); #ifdef N2N_HAVE_AES int n2n_transop_aes_cbc_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); #endif +#ifdef HAVE_OPENSSL_1_1 +int n2n_transop_cc20_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); +#endif /* Log */ void setTraceLevel(int level); diff --git a/n2n_transforms.h b/n2n_transforms.h index 1ede8cf..f203257 100644 --- a/n2n_transforms.h +++ b/n2n_transforms.h @@ -30,6 +30,7 @@ typedef enum n2n_transform { N2N_TRANSFORM_ID_NULL = 1, N2N_TRANSFORM_ID_TWOFISH = 2, N2N_TRANSFORM_ID_AESCBC = 3, + N2N_TRANSFORM_ID_CHACHA20 = 4, } n2n_transform_t; struct n2n_trans_op; diff --git a/tools/benchmark.c b/tools/benchmark.c index 381f511..9197035 100644 --- a/tools/benchmark.c +++ b/tools/benchmark.c @@ -96,6 +96,9 @@ int main(int argc, char * argv[]) { n2n_trans_op_t transop_null, transop_twofish; #ifdef N2N_HAVE_AES n2n_trans_op_t transop_aes_cbc; +#endif +#ifdef HAVE_OPENSSL_1_1 + n2n_trans_op_t transop_cc20; #endif n2n_edge_conf_t conf; @@ -112,6 +115,9 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES n2n_transop_aes_cbc_init(&conf, &transop_aes_cbc); #endif +#ifdef HAVE_OPENSSL_1_1 + n2n_transop_cc20_init(&conf, &transop_cc20); +#endif /* Run the tests */ run_transop_benchmark("transop_null", &transop_null, &conf, pktbuf); @@ -119,6 +125,9 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES run_transop_benchmark("transop_aes", &transop_aes_cbc, &conf, pktbuf); #endif +#ifdef N2N_HAVE_AES + run_transop_benchmark("transop_cc20", &transop_cc20, &conf, pktbuf); +#endif /* Cleanup */ transop_null.deinit(&transop_null); @@ -126,6 +135,9 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES transop_aes_cbc.deinit(&transop_aes_cbc); #endif +#ifdef HAVE_OPENSSL_1_1 + transop_cc20.deinit(&transop_cc20); +#endif return 0; } diff --git a/transform_cc20.c b/transform_cc20.c new file mode 100644 index 0000000..d6e2ee1 --- /dev/null +++ b/transform_cc20.c @@ -0,0 +1,293 @@ +/** + * (C) 2007-20 - ntop.org and contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not see see + * + */ + +#include "n2n.h" +#include "n2n_transforms.h" + +#ifdef HAVE_OPENSSL_1_1 + +#include +#include +#include + +#define N2N_CC20_TRANSFORM_VERSION 1 /* version of the transform encoding */ +#define N2N_CC20_IVEC_SIZE 16 + +#define CC20_KEY_BYTES (256/8) + +/* ChaCha20 plaintext preamble */ +#define TRANSOP_CC20_VER_SIZE 1 /* Support minor variants in encoding in one module. */ +#define TRANSOP_CC20_PREAMBLE_SIZE (TRANSOP_CC20_VER_SIZE + N2N_CC20_IVEC_SIZE) + +typedef unsigned char n2n_cc20_ivec_t[N2N_CC20_IVEC_SIZE]; + +typedef struct transop_cc20 { + EVP_CIPHER_CTX *enc_ctx; /* openssl's reusable evp_* encryption context */ + EVP_CIPHER_CTX *dec_ctx; /* openssl's reusable evp_* decryption context */ + const EVP_CIPHER *cipher; /* cipher to use: EVP_chacha20() */ + uint8_t key[32]; /* the pure key data for payload encryption & decryption */ +} transop_cc20_t; + +/* ****************************************************** */ + +static int transop_deinit_cc20(n2n_trans_op_t *arg) { + transop_cc20_t *priv = (transop_cc20_t *)arg->priv; + + EVP_CIPHER_CTX_free(priv->enc_ctx); + EVP_CIPHER_CTX_free(priv->dec_ctx); + + if(priv) + free(priv); + + return 0; +} + +/* ****************************************************** */ + +/* get any erorr message out of openssl + taken from https://en.wikibooks.org/wiki/OpenSSL/Error_handling */ +char *openssl_err_as_string (void) { + BIO *bio = BIO_new (BIO_s_mem ()); + ERR_print_errors (bio); + char *buf = NULL; + size_t len = BIO_get_mem_data (bio, &buf); + char *ret = (char *) calloc (1, 1 + len); + + if(ret) + memcpy (ret, buf, len); + + BIO_free (bio); + return ret; +} + +/* ****************************************************** */ + +static void set_cc20_iv(transop_cc20_t *priv, n2n_cc20_ivec_t ivec) { + // keep in mind the following condition: N2N_CC20_IVEC_SIZE % sizeof(rand_value) == 0 ! + uint32_t rand_value; + for (uint8_t i = 0; i < N2N_CC20_IVEC_SIZE; i += sizeof(rand_value)) { + rand_value = rand(); // CONCERN: rand() is not consideren cryptographicly secure, REPLACE later + memcpy(ivec + i, &rand_value, sizeof(rand_value)); + } +} + +/* ****************************************************** */ + +/** The ChaCha20 packet format consists of: + * + * - a 8-bit cc20 encoding version in clear text + * - a 128-bit random IV + * - encrypted payload. + * + * [V|IIII|DDDDDDDDDDDDDDDDDDDDD] + * |<---- encrypted ---->| + */ +static int transop_encode_cc20(n2n_trans_op_t * arg, + uint8_t * outbuf, + size_t out_len, + const uint8_t * inbuf, + size_t in_len, + const uint8_t * peer_mac) { + int len=-1; + transop_cc20_t * priv = (transop_cc20_t *)arg->priv; + uint8_t assembly[N2N_PKT_BUF_SIZE] = {0}; + + if(in_len <= N2N_PKT_BUF_SIZE) { + if((in_len + TRANSOP_CC20_PREAMBLE_SIZE) <= out_len) { + size_t idx=0; + n2n_cc20_ivec_t enc_ivec = {0}; + + traceEvent(TRACE_DEBUG, "encode_cc20 %lu", in_len); + + /* Encode the ChaCha20 format version. */ + encode_uint8(outbuf, &idx, N2N_CC20_TRANSFORM_VERSION); + + /* Generate and encode the IV. */ + set_cc20_iv(priv, enc_ivec); + encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE); + + /* Encrypt the assembly contents and write the ciphertext after the iv. */ + /* len is set to the length of the cipher plain text to be encrpyted + which is (in this case) identical to original packet lentgh */ + len = in_len; + + /* The assembly buffer is a source for encrypting data. + * The whole contents of assembly are encrypted. */ + memcpy(assembly, inbuf, in_len); + + EVP_CIPHER_CTX *ctx = priv->enc_ctx; + int evp_len; + int evp_ciphertext_len; + + if(1 == EVP_EncryptInit_ex(ctx, priv->cipher, NULL, priv->key, enc_ivec)) { + if(1 == EVP_CIPHER_CTX_set_padding(ctx, 0)) { + if(1 == EVP_EncryptUpdate(ctx, outbuf + TRANSOP_CC20_PREAMBLE_SIZE, &evp_len, assembly, len)) { + evp_ciphertext_len = evp_len; + if(1 == EVP_EncryptFinal_ex(ctx, outbuf + TRANSOP_CC20_PREAMBLE_SIZE + evp_len, &evp_len)) { + evp_ciphertext_len += evp_len; + + if(evp_ciphertext_len != len) + traceEvent(TRACE_ERROR, "encode_cc20 openssl encryption: encrypted %u bytes where %u were expected.\n", + evp_ciphertext_len, len); + } else + traceEvent(TRACE_ERROR, "encode_cc20 openssl final encryption: %s\n", openssl_err_as_string()); + } else + traceEvent(TRACE_ERROR, "encode_cc20 openssl encrpytion: %s\n", openssl_err_as_string()); + } else + traceEvent(TRACE_ERROR, "encode_cc20 openssl padding setup: %s\n", openssl_err_as_string()); + } else + traceEvent(TRACE_ERROR, "encode_cc20 openssl init: %s\n", openssl_err_as_string()); + + EVP_CIPHER_CTX_reset(ctx); + + len += TRANSOP_CC20_PREAMBLE_SIZE; /* size of data carried in UDP. */ + } else + traceEvent(TRACE_ERROR, "encode_cc20 outbuf too small."); + } else + traceEvent(TRACE_ERROR, "encode_cc20 inbuf too big to encrypt."); + + return len; +} + +/* ****************************************************** */ + +/* See transop_encode_cc20 for packet format */ +static int transop_decode_cc20(n2n_trans_op_t * arg, + uint8_t * outbuf, + size_t out_len, + const uint8_t * inbuf, + size_t in_len, + const uint8_t * peer_mac) { + int len=0; + transop_cc20_t * priv = (transop_cc20_t *)arg->priv; + uint8_t assembly[N2N_PKT_BUF_SIZE]; + + if(((in_len - TRANSOP_CC20_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */ + && (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least version, iv */ + ) + { + size_t rem=in_len; + size_t idx=0; + uint8_t cc20_enc_ver=0; + n2n_cc20_ivec_t dec_ivec = {0}; + + /* Get the encoding version to make sure it is supported */ + decode_uint8(&cc20_enc_ver, inbuf, &rem, &idx ); + + if(N2N_CC20_TRANSFORM_VERSION == cc20_enc_ver) { + /* Get the IV */ + decode_buf((uint8_t *)&dec_ivec, N2N_CC20_IVEC_SIZE, inbuf, &rem, &idx); + + traceEvent(TRACE_DEBUG, "decode_cc20 %lu", in_len); + len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE); + + EVP_CIPHER_CTX *ctx = priv->dec_ctx; + int evp_len; + int evp_plaintext_len; + + if(1 == EVP_DecryptInit_ex(ctx, priv->cipher, NULL, priv->key, dec_ivec)) { + if(1 == EVP_CIPHER_CTX_set_padding(ctx, 0)) { + if(1 == EVP_DecryptUpdate(ctx, assembly, &evp_len, inbuf + TRANSOP_CC20_PREAMBLE_SIZE, len)) { + evp_plaintext_len = evp_len; + if(1 == EVP_DecryptFinal_ex(ctx, assembly + evp_len, &evp_len)) { + evp_plaintext_len += evp_len; + + if(evp_plaintext_len != len) + traceEvent(TRACE_ERROR, "decode_cc20 openssl decryption: decrypted %u bytes where %u were expected.\n", + evp_plaintext_len, len); + } else + traceEvent(TRACE_ERROR, "decode_cc20 openssl final decryption: %s\n", openssl_err_as_string()); + } else + traceEvent(TRACE_ERROR, "decode_cc20 openssl decrpytion: %s\n", openssl_err_as_string()); + } else + traceEvent(TRACE_ERROR, "decode_cc20 openssl padding setup: %s\n", openssl_err_as_string()); + } else + traceEvent(TRACE_ERROR, "decode_cc20 openssl init: %s\n", openssl_err_as_string()); + + EVP_CIPHER_CTX_reset(ctx); + + memcpy(outbuf, assembly, len); + } else + traceEvent(TRACE_ERROR, "decode_cc20 unsupported ChaCha20 version %u.", cc20_enc_ver); + } else + traceEvent(TRACE_ERROR, "decode_cc20 inbuf wrong size (%ul) to decrypt.", in_len); + + return len; +} + +/* ****************************************************** */ + +static int setup_cc20_key(transop_cc20_t *priv, const uint8_t *key, ssize_t key_size) { + uint8_t key_mat_buf[SHA256_DIGEST_LENGTH]; + + priv->cipher = EVP_chacha20(); + + /* Clear out any old possibly longer key matter. */ + memset(&(priv->key), 0, sizeof(priv->key) ); + /* The input key always gets hashed to make a more unpredictable and more complete use of the key space */ + SHA256(key, key_size, key_mat_buf); + memcpy (priv->key, key_mat_buf, SHA256_DIGEST_LENGTH); + + traceEvent(TRACE_DEBUG, "ChaCha20 key setup completed\n"); + + return(0); +} + +/* ****************************************************** */ + +static void transop_tick_cc20(n2n_trans_op_t * arg, time_t now) { ; } + +/* ****************************************************** */ + +/* ChaCha20 initialization function */ +int n2n_transop_cc20_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) { + transop_cc20_t *priv; + const u_char *encrypt_key = (const u_char *)conf->encrypt_key; + size_t encrypt_key_len = strlen(conf->encrypt_key); + + memset(ttt, 0, sizeof(*ttt)); + ttt->transform_id = N2N_TRANSFORM_ID_CHACHA20; + + ttt->tick = transop_tick_cc20; + ttt->deinit = transop_deinit_cc20; + ttt->fwd = transop_encode_cc20; + ttt->rev = transop_decode_cc20; + + priv = (transop_cc20_t*) calloc(1, sizeof(transop_cc20_t)); + if(!priv) { + traceEvent(TRACE_ERROR, "cannot allocate transop_cc20_t memory"); + return(-1); + } + ttt->priv = priv; + + /* Setup openssl's reusable evp_* contexts for encryption and decryption*/ + if(!(priv->enc_ctx = EVP_CIPHER_CTX_new())) { + traceEvent(TRACE_ERROR, "openssl's evp_* encryption context creation: %s\n", openssl_err_as_string()); + return(-1); + } + + if(!(priv->dec_ctx = EVP_CIPHER_CTX_new())) { + traceEvent(TRACE_ERROR, "openssl's evp_* decryption context creation: %s\n", openssl_err_as_string()); + return(-1); + } + + /* Setup the cipher and key */ + return(setup_cc20_key(priv, encrypt_key, encrypt_key_len)); +} + +#endif /* HAVE_OPENSSL_1_1 */ From c741a3a6cbea5c1c3b73e49cc5d6ce4565204316 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Sun, 26 Apr 2020 20:20:59 +0200 Subject: [PATCH 2/6] added full iv output to debug trace --- transform_cc20.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/transform_cc20.c b/transform_cc20.c index d6e2ee1..f9b2ab2 100644 --- a/transform_cc20.c +++ b/transform_cc20.c @@ -112,7 +112,7 @@ static int transop_encode_cc20(n2n_trans_op_t * arg, size_t idx=0; n2n_cc20_ivec_t enc_ivec = {0}; - traceEvent(TRACE_DEBUG, "encode_cc20 %lu", in_len); + traceEvent(TRACE_DEBUG, "encode_cc20 %lu bytes", in_len); /* Encode the ChaCha20 format version. */ encode_uint8(outbuf, &idx, N2N_CC20_TRANSFORM_VERSION); @@ -120,6 +120,9 @@ static int transop_encode_cc20(n2n_trans_op_t * arg, /* Generate and encode the IV. */ set_cc20_iv(priv, enc_ivec); encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE); + traceEvent(TRACE_DEBUG, "encode_cc20 iv=%016llx:%016llx", + htobe64(*(uint64_t*)&enc_ivec[0]), + htobe64(*(uint64_t*)&enc_ivec[8]) ); /* Encrypt the assembly contents and write the ciphertext after the iv. */ /* len is set to the length of the cipher plain text to be encrpyted @@ -190,11 +193,14 @@ static int transop_decode_cc20(n2n_trans_op_t * arg, decode_uint8(&cc20_enc_ver, inbuf, &rem, &idx ); if(N2N_CC20_TRANSFORM_VERSION == cc20_enc_ver) { + traceEvent(TRACE_DEBUG, "decode_cc20 %lu bytes", in_len); + len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE); + /* Get the IV */ decode_buf((uint8_t *)&dec_ivec, N2N_CC20_IVEC_SIZE, inbuf, &rem, &idx); - - traceEvent(TRACE_DEBUG, "decode_cc20 %lu", in_len); - len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE); + traceEvent(TRACE_DEBUG, "decode_cc20 iv=%016llx:%016llx", + htobe64(*(uint64_t*)&dec_ivec[0]), + htobe64(*(uint64_t*)&dec_ivec[8]) ); EVP_CIPHER_CTX *ctx = priv->dec_ctx; int evp_len; From 3ecdff429713b8af13da3242ecffc6eed8a233a7 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Sun, 26 Apr 2020 20:35:01 +0200 Subject: [PATCH 3/6] made openssl_err_as_string static to avoid compile error (also defined in transform_aes.c) --- transform_cc20.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transform_cc20.c b/transform_cc20.c index f9b2ab2..389cfe5 100644 --- a/transform_cc20.c +++ b/transform_cc20.c @@ -61,7 +61,7 @@ static int transop_deinit_cc20(n2n_trans_op_t *arg) { /* get any erorr message out of openssl taken from https://en.wikibooks.org/wiki/OpenSSL/Error_handling */ -char *openssl_err_as_string (void) { +static char *openssl_err_as_string (void) { BIO *bio = BIO_new (BIO_s_mem ()); ERR_print_errors (bio); char *buf = NULL; From 7c2648c1e2f9cd9cba5c72afc88a826703c5dee6 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 12 May 2020 16:49:07 +0545 Subject: [PATCH 4/6] added cli option for ChaCha20 (-A4) --- edge.c | 63 +++++++++++++++++++++++++++++++++++++++++++--------- edge_utils.c | 2 +- n2n.h | 1 + 3 files changed, 54 insertions(+), 12 deletions(-) diff --git a/edge.c b/edge.c index 5b470c4..16f2174 100644 --- a/edge.c +++ b/edge.c @@ -143,7 +143,7 @@ static void help() { #ifndef __APPLE__ "[-D] " #endif - "[-r] [-E] [-v] [-i ] [-L ] [-t ] [-A] [-h]\n\n"); + "[-r] [-E] [-v] [-i ] [-L ] [-t ] [-A[]] [-h]\n\n"); #if defined(N2N_CAN_NAME_IFACE) printf("-d | tun device name\n"); @@ -172,8 +172,13 @@ static void help() { " | causes connections stall when not properly supported.\n"); #endif printf("-r | Enable packet forwarding through n2n community.\n"); + printf("-A1 | Disable payload encryption. Do not use with -k.\n"); + printf("-A2 | Use Twofish for payload encryption (default). Requires a key.\n"); #ifdef N2N_HAVE_AES - printf("-A | Use AES CBC for encryption (default=use twofish).\n"); + printf("-A3 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key.\n"); +#endif +#ifdef HAVE_OPENSSL_1_1 + printf("-A4 | Use ChaCha20 for payload encryption. Requires a key.\n"); #endif printf("-E | Accept multicast MAC addresses (default=drop).\n"); printf("-S | Do not connect P2P. Always use the supernode.\n"); @@ -271,7 +276,6 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e if(conf->encrypt_key) free(conf->encrypt_key); if(conf->transop_id == N2N_TRANSFORM_ID_NULL) conf->transop_id = N2N_TRANSFORM_ID_TWOFISH; - conf->encrypt_key = strdup(optargument); traceEvent(TRACE_DEBUG, "encrypt_key = '%s'\n", conf->encrypt_key); break; @@ -283,13 +287,52 @@ static int setOption(int optkey, char *optargument, n2n_priv_config_t *ec, n2n_e break; } -#ifdef N2N_HAVE_AES case 'A': { - conf->transop_id = N2N_TRANSFORM_ID_AESCBC; + int cipher = N2N_TRANSFORM_ID_AESCBC; // default, if '-A' only + if (optargument) { + cipher = atoi(optargument); + } else { + traceEvent(TRACE_NORMAL, "the use of the solitary -A switch is deprecated and might not be supported in future versions. " + "please use -A3 instead to choose a the AES-CBC cipher for payload encryption."); + } + /* even though 'cipher' and 'conf->transop_id' share the same encoding scheme, + * a switch-statement under conditional compilation is used to sort out the + * unsupported ciphers */ + switch (cipher) { + case 1: + { + conf->transop_id = N2N_TRANSFORM_ID_NULL; + break; + } + case 2: + { + conf->transop_id = N2N_TRANSFORM_ID_TWOFISH; + break; + } +#ifdef N2N_HAVE_AES + case 3: + { + conf->transop_id = N2N_TRANSFORM_ID_AESCBC; + break; + } +#endif +#ifdef HAVE_OPENSSL_1_1 + case 4: + { + conf->transop_id = N2N_TRANSFORM_ID_CHACHA20; + break; + } +#endif + default: + { + conf->transop_id = N2N_TRANSFORM_ID_INVAL; + traceEvent(TRACE_NORMAL, "the %s cipher given by -A_ option is not supported in this version.", transop_str(cipher)); + exit(1); + } + } break; } -#endif case 'l': /* supernode-list */ if(optargument) { @@ -398,10 +441,7 @@ static int loadFromCLI(int argc, char *argv[], n2n_edge_conf_t *conf, n2n_priv_c u_char c; while((c = getopt_long(argc, argv, - "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:" -#ifdef N2N_HAVE_AES - "A" -#endif + "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:A::" #ifdef __linux__ "T:" #endif @@ -682,7 +722,8 @@ int main(int argc, char* argv[]) { #if defined(HAVE_OPENSSL_1_1) traceEvent(TRACE_NORMAL, "Using %s", OpenSSL_version(0)); #endif - + traceEvent(TRACE_NORMAL, "Using %s cipher.", transop_str(conf.transop_id)); + /* Random seed */ srand(time(NULL)); diff --git a/edge_utils.c b/edge_utils.c index 9376503..454c30e 100644 --- a/edge_utils.c +++ b/edge_utils.c @@ -133,7 +133,7 @@ struct n2n_edge { /* ************************************** */ -static const char* transop_str(enum n2n_transform tr) { +const char* transop_str(enum n2n_transform tr) { switch(tr) { case N2N_TRANSFORM_ID_NULL: return("null"); case N2N_TRANSFORM_ID_TWOFISH: return("twofish"); diff --git a/n2n.h b/n2n.h index 5c23480..c41098b 100644 --- a/n2n.h +++ b/n2n.h @@ -354,5 +354,6 @@ int quick_edge_init(char *device_name, char *community_name, int sn_init(n2n_sn_t *sss); void sn_term(n2n_sn_t *sss); int run_sn_loop(n2n_sn_t *sss, int *keep_running); +const char* transop_str(enum n2n_transform tr); #endif /* _N2N_H_ */ From 05e96bb8feed0094d16d778ac86629b5f3d093f7 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 12 May 2020 17:19:40 +0545 Subject: [PATCH 5/6] tried to resolve conflict --- edge.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/edge.c b/edge.c index 16f2174..9a3c56d 100644 --- a/edge.c +++ b/edge.c @@ -441,7 +441,7 @@ static int loadFromCLI(int argc, char *argv[], n2n_edge_conf_t *conf, n2n_priv_c u_char c; while((c = getopt_long(argc, argv, - "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:A::" + "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:zA::" #ifdef __linux__ "T:" #endif From 12aea29abfd665cc1742a9232238dca97e06aaf9 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 12 May 2020 17:24:37 +0545 Subject: [PATCH 6/6] tried to resolve conflict - part II --- edge.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/edge.c b/edge.c index 9a3c56d..9e100f7 100644 --- a/edge.c +++ b/edge.c @@ -441,7 +441,8 @@ static int loadFromCLI(int argc, char *argv[], n2n_edge_conf_t *conf, n2n_priv_c u_char c; while((c = getopt_long(argc, argv, - "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:zA::" + "k:a:bc:Eu:g:m:M:s:d:l:p:fvhrt:i:SDL:z" + "A::" #ifdef __linux__ "T:" #endif