From 105cc40bd4f1f87887c45687b8535472b2473b46 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Mon, 15 Jun 2020 12:53:37 +0545 Subject: [PATCH] drafted header encryption --- header_encryption.c | 104 +++++++++++++++++++++++++++++++++++++ speck.c | 123 +++++++++++++++++++++++++++++++++++++++----- speck.h | 7 +++ 3 files changed, 221 insertions(+), 13 deletions(-) create mode 100644 header_encryption.c diff --git a/header_encryption.c b/header_encryption.c new file mode 100644 index 0000000..e263cfc --- /dev/null +++ b/header_encryption.c @@ -0,0 +1,104 @@ +#include +#include + +// #include "n2n_wire.h" // n2n_community_t +#include "n2n.h" +#include "speck.h" +#include "portable_endian.h" + + +uint32_t decryt_packet_header (uint8_t packet[], uint8_t packet_len, + char * community_name, speck_ctx * ctx) { + + // assemble IV + // the last four are ASCII "n2n!" and do not get overwritten + uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 }; + // the first 96 bits of the packet are used padded with ASCII "n2n!" + // to full 128 bit IV + memcopy (iv, packet, 12); + + // alternatively, consider: pearson_hash_128 (iv, packet, 12) + + // try community name as possible key and check for magic bytes + uint32_t magic = 0x6E326E00; // ="n2n_" + uint32_t test_magic; + // check for magic bytes and resonable value in header len field + speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, ctx); + test_magic = be32toh (test_magic); + if ( ((test_magic << 8) == magic) + && ((test_magic >> 24) <= packet_len) // (test_masgic >> 24) is header_len + ) { + speck_he (&packet[12], &packet[12], (test_magic >> 24) - 12, iv, ctx); + // restore original packet order + memcpy (&packet[0], &packet[16], 4); + memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE); + return (1); // successful + } else + return (0); // unsuccessful +} + + +int32_t decryt_packet_header_if_required (uint8_t packet[], uint16_t packet_len, + struct sn_community *communities) { + + if (packet_len < 20) + return (-1); + + // first, check if header is unenrypted to put it into the fast-lane then + + // the following check is around 99.99962 percent reliable + // it heavily relies on the structure of packet's common part + // changes to wire.c:encode/decode_common need to go together with this code + if ( (packet[19] == (uint8_t)0x00) // null terminated community name + && (packet[00] == N2N_PKT_VERSION) // correct packet version +// && (packet[01] <= N2N_DEFAULT_TTL) // reasonable TTL -- might interfere with hole-punching-related or cli passed higher values ?! + && ((be16toh (*(uint16_t*)&(packet[02])) & N2N_FLAGS_TYPE_MASK ) <= MSG_TYPE_MAX_TYPE ) // message type + && ( be16toh (*(uint16_t*)&(packet[02])) < N2N_FLAGS_OPTIONS) // flags + ) { + + // most probably unencrypted + return (1); + + } else { + + // most probably encrypted + // cycle through the known communities (as keys) to eventually decrypt + int32_t ret; + struct sn_community *c, *tmp; + HASH_ITER (hh, communities, c, tmp) { + // check if this is an encrypted community + if ( ret = decrypt_packet_header (packet, packet_len, c->community, c-> ctx) ) { + // no upgrade from unencrypted to encrypted + if (c->header_encryption == 1) + return (-2); + // set to 'encrypted' + c->header_encryption = 2; + // no need to test any further + return (2); + } + } + // no match + return (-3); + } +} + + +int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, speck_ctx * ctx) { + + if (header_len < 20) + return (-1); + + memcpy (&packet[16], &packet[00], 4); + + uint8_t iv[16]; + ((uint64_t*)iv)[0] = n2n_rand (); + ((uint64_t*)iv)[1] = n2n_rand (); + + const uint32_t magic = 0x006E326E; + ((uint32_t*)iv)[3] = htobe32 (magic); + + iv[12] = header_len; + + speck_he (&packet[12], &packet[12], header_len - 12, iv, ctx); +} diff --git a/speck.c b/speck.c index d9afca5..74a1426 100644 --- a/speck.c +++ b/speck.c @@ -1,4 +1,4 @@ -// cipher SPECK -- 128 bit block size -- 256 bit key size +// cipher SPECK -- 128 bit block size -- 256 bit key size -- CTR mode // taken from (and modified: removed pure crypto-stream generation and seperated key expansion) // https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/ @@ -565,9 +565,9 @@ int speck_expand_key (const unsigned char *k, speck_context_t *ctx) { #else // plain C ---------------------------------------------------------------- -#define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r)))) -#define ROL64(x,r) (((x)<<(r))|((x)>>(64-(r)))) -#define R(x,y,k) (x=ROR64(x,8), x+=y, x^=k, y=ROL64(y,3), y^=x) +#define ROR(x,r) (((x)>>(r))|((x)<<(64-(r)))) +#define ROL(x,r) (((x)<<(r))|((x)>>(64-(r)))) +#define R(x,y,k) (x=ROR(x,8), x+=y, x^=k, y=ROL(y,3), y^=x) static int speck_encrypt (u64 *u, u64 *v, speck_context_t *ctx) { @@ -642,6 +642,85 @@ int speck_expand_key (const unsigned char *k, speck_context_t *ctx) { #endif // AVX, SSE, NEON, plain C ------------------------------------------------ +// cipher SPECK -- 128 bit block size -- 128 bit key size -- CTR mode +// used for header encryption, thus the prefix 'he_' +// for now: just plain C -- AVX, SSE, NEON might follow + +#define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r)))) +#define ROL64(x,r) (((x)<<(r))|((x)>>(64-(r)))) +#define R64(x,y,k) (x=ROR64(x,8), x+=y, x^=k, y=ROL64(y,3), y^=x) + + +static int speck_encrypt_he (u64 *u, u64 *v, speck_context_t *ctx) { + + u64 i, x=*u, y=*v; + + for (i = 0; i < 32; i++) + R64 (x, y, ctx->key[i]); + + *u = x; *v = y; + + return 0; +} + + +int speck_he (unsigned char *out, const unsigned char *in, unsigned long long inlen, + const unsigned char *n, speck_context_t *ctx) { + + u64 i, nonce[2], x, y, t; + unsigned char *block = malloc(16); + + if (!inlen) { + free (block); + return 0; + } + nonce[0] = htole64 ( ((u64*)n)[0] ); + nonce[1] = htole64 ( ((u64*)n)[1] ); + + t = 0; + while (inlen >= 16) { + x = nonce[1]; y = nonce[0]; nonce[0]++; + speck_encrypt_he (&x, &y, ctx); + ((u64 *)out)[1+t] = htole64 (x ^ ((u64 *)in)[1+t]); + ((u64 *)out)[0+t] = htole64 (y ^ ((u64 *)in)[0+t]); + t += 2; + inlen -= 16; + } + + if (inlen > 0) { + x = nonce[1]; y = nonce[0]; + speck_encrypt_he (&x, &y, ctx); + ((u64 *)block)[1] = htole64 (x); ((u64 *)block)[0] = htole64 (y); + for (i = 0; i < inlen; i++) + out[i+8*t] = block[i] ^ in[i+8*t]; + } + + free(block); + return 0; +} + + +int speck_expand_key_he (const unsigned char *k, speck_context_t *ctx) { + + u64 A, B; + u64 i; + + A = htole64 ( ((u64 *)k)[0] ); + B = htole64 ( ((u64 *)k)[1] ); + + for (i = 0; i < 32; i ++) { + ctx->key[i] = A; + R64 ( B, A, i); + } + return 1; +} + + +// code for testing -- to be removed when finished +/* +#include // for testing +#include + int speck_test () { uint8_t key[32] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -649,16 +728,23 @@ int speck_test () { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - uint8_t iv[16] = { 0x70, 0x6f, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x20, 0x49, 0x6e, 0x20, 0x74, 0x68, 0x6f, 0x73, 0x65 }; + uint8_t xv[16] = { 0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, 0x69, 0x74, + 0x20, 0x65, 0x71, 0x75, 0x69, 0x76, 0x61, 0x6c }; + + uint8_t pt[16] = { 0x00 }; // expected outcome (according to pp. 35 & 36 of Implementation Guide) uint8_t ct[16] = { 0x43, 0x8f, 0x18, 0x9c, 0x8d, 0xb4, 0xee, 0x4e, 0x3e, 0xf5, 0xc0, 0x05, 0x04, 0x01, 0x09, 0x41 }; + uint8_t xt[16] = { 0x18, 0x0d, 0x57, 0x5c, 0xdf, 0xfe, 0x60, 0x78, + 0x65, 0x32, 0x78, 0x79, 0x51, 0x98, 0x5d, 0xa6 }; + + speck_context_t ctx; speck_expand_key (key, &ctx); @@ -667,24 +753,35 @@ int speck_test () { #else speck_ctr (pt, pt, 16, iv, &ctx); #endif + u64 i; - // fprintf (stderr, "rk00: %016llx\n", ctx.key[0]); - // fprintf (stderr, "rk33: %016llx\n", ctx.key[33]); - // fprintf (stderr, "out : %016lx\n", *(uint64_t*)pt); - // fprintf (stderr, "mem : " ); for (i=0; i < 16; i++) fprintf (stderr, "%02x ", pt[i]); fprintf (stderr, "\n"); + fprintf (stderr, "rk00: %016llx\n", ctx.key[0]); + fprintf (stderr, "rk33: %016llx\n", ctx.key[33]); + fprintf (stderr, "out : %016lx\n", *(uint64_t*)pt); + fprintf (stderr, "mem : " ); for (i=0; i < 16; i++) fprintf (stderr, "%02x ", pt[i]); fprintf (stderr, "\n"); int ret = 1; for (i=0; i < 16; i++) if (pt[i] != ct[i]) ret = 0; + memset (pt, 0, 16); + speck_expand_key_he (key, &ctx); + speck_he (pt, pt, 16, xv, &ctx); + + fprintf (stderr, "rk00: %016llx\n", ctx.key[0]); + fprintf (stderr, "rk31: %016llx\n", ctx.key[31]); + fprintf (stderr, "out : %016lx\n", *(uint64_t*)pt); + fprintf (stderr, "mem : " ); for (i=0; i < 16; i++) fprintf (stderr, "%02x ", pt[i]); fprintf (stderr, "\n"); + + for (i=0; i < 16; i++) + if (pt[i] != xt[i]) ret = 0; + return (ret); } -/* -#include // for testing - int main (int argc, char* argv[]) { +int main (int argc, char* argv[]) { fprintf (stdout, "SPECK SELF TEST RESULT: %u\n", speck_test (0,NULL)); - } +} */ diff --git a/speck.h b/speck.h index 18a67b6..3b8cba5 100644 --- a/speck.h +++ b/speck.h @@ -54,3 +54,10 @@ speck_context_t *ctx); int speck_expand_key (const unsigned char *k, speck_context_t *ctx); + + +int speck_he (unsigned char *out, const unsigned char *in, unsigned long long inlen, + const unsigned char *n, speck_context_t *ctx); + + +int speck_expand_key_he (const unsigned char *k, speck_context_t *ctx);