diff --git a/header_encryption.c b/header_encryption.c index 756d198..7866eff 100644 --- a/header_encryption.c +++ b/header_encryption.c @@ -75,6 +75,7 @@ int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, return (-2); // set 'no encryption' in case it is not set yet c->header_encryption = HEADER_ENCRYPTION_NONE; + c->header_encryption_ctx = NULL; return (HEADER_ENCRYPTION_NONE); } else { @@ -125,5 +126,6 @@ void packet_header_setup_key (char * community_name, he_context_t * ctx) { uint8_t key[16]; pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE); + ctx = calloc(1, sizeof(speck_context_t)); speck_expand_key_he (key, (speck_context_t*)ctx); } diff --git a/header_encryption.h b/header_encryption.h index 65b9709..dec8911 100644 --- a/header_encryption.h +++ b/header_encryption.h @@ -1,14 +1,13 @@ - - -#ifndef _HEADER_ENCRYPTION_H_ -#define _HEADER_ENCRYPTION_H_ +//#ifndef _HEADER_ENCRYPTION_H_ +//#define _HEADER_ENCRYPTION_H_ #include -#include "speck.h" #include "n2n.h" +#include "speck.h" + //define he_context_t speck_context_t typedef struct speck_context_t he_context_t; @@ -30,4 +29,7 @@ int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx); -#endif +void packet_header_setup_key (char * community_name, he_context_t * ctx); + + +// #endif diff --git a/sn.c b/sn.c index 60549e3..636b3b3 100644 --- a/sn.c +++ b/sn.c @@ -81,6 +81,8 @@ static void deinit_sn(n2n_sn_t * sss) HASH_ITER(hh, sss->communities, community, tmp) { clear_peer_list(&community->edges); + if (NULL != community->header_encryption_ctx) + free (community->header_encryption_ctx); HASH_DEL(sss->communities, community); free(community); } @@ -390,6 +392,8 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) { HASH_ITER(hh, sss->communities, s, tmp) { HASH_DEL(sss->communities, s); + if (NULL != s->header_encryption_ctx) + free (s->header_encryption_ctx); free(s); } @@ -413,7 +417,12 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) { if(s != NULL) { strncpy((char*)s->community, line, N2N_COMMUNITY_SIZE-1); s->community[N2N_COMMUNITY_SIZE-1] = '\0'; + /* we do not know if header encryption is used in this community, + * first packet will show. just in case, setup the key. */ + s->header_encryption = HEADER_ENCRYPTION_UNKNOWN; + packet_header_setup_key (s->community, s->header_encryption_ctx); HASH_ADD_STR(sss->communities, community, s); + num_communities++; traceEvent(TRACE_INFO, "Added allowed community '%s' [total: %u]", (char*)s->community, num_communities); @@ -630,6 +639,7 @@ static int process_udp(n2n_sn_t * sss, comm->community[N2N_COMMUNITY_SIZE-1] = '\0'; /* new communities introduced by REGISTERs could not have had encrypted header */ comm->header_encryption = HEADER_ENCRYPTION_NONE; + comm->header_encryption_ctx = NULL; HASH_ADD_STR(sss->communities, community, comm); @@ -1122,6 +1132,9 @@ static int run_loop(n2n_sn_t * sss) { if((comm->edges == NULL) && (!sss->lock_communities)) { traceEvent(TRACE_INFO, "Purging idle community %s", comm->community); + if (NULL != comm->header_encryption_ctx) + /* this should not happen as no 'locked' and thus only communities w/o encrypted header here */ + free (comm->header_encryption_ctx); HASH_DEL(sss->communities, comm); free(comm); } diff --git a/sn_utils.c b/sn_utils.c index 51742f7..256e3af 100644 --- a/sn_utils.c +++ b/sn_utils.c @@ -226,6 +226,8 @@ void sn_term(n2n_sn_t *sss) HASH_ITER(hh, sss->communities, community, tmp) { clear_peer_list(&community->edges); + if (NULL != community->header_encryption_ctx) + free (community->header_encryption_ctx); HASH_DEL(sss->communities, community); free(community); } @@ -579,6 +581,7 @@ static int process_udp(n2n_sn_t *sss, comm->community[N2N_COMMUNITY_SIZE - 1] = '\0'; /* new communities introduced by REGISTERs could not have had encrypted header */ comm->header_encryption = HEADER_ENCRYPTION_NONE; + comm->header_encryption_ctx = NULL; HASH_ADD_STR(sss->communities, community, comm); @@ -780,7 +783,10 @@ int run_sn_loop(n2n_sn_t *sss, int *keep_running) if ((comm->edges == NULL) && (!sss->lock_communities)) { traceEvent(TRACE_INFO, "Purging idle community %s", comm->community); - HASH_DEL(sss->communities, comm); + if (NULL != comm->header_encryption_ctx) + /* this should not happen as no 'locked' and thus only communities w/o encrypted header here */ + free (comm->header_encryption_ctx); + HASH_DEL(sss->communities, comm); free(comm); } }