kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge pull request #239 from Logan007/flexIv 

allowed flexibe iv seed size (AES)
pull/242/head
Luca Deri 5 years ago
committed by GitHub
parent
dccbc4961a aa3b2b17a5
commit
7d5aa1f752
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 50 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 64
      transform_aes.c

64
transform_aes.c
View File

@ -35,7 +35,9 @@
/* AES plaintext preamble */ /* AES plaintext preamble */
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */ #define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; leave it set to 8 for now */ #define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; could range
* from 0=lowest security (constant IV) to 16=higest security
* (fully random IV); default=8 */
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE) #define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */ #define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE) #define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE)
@ -94,12 +96,35 @@ static char *openssl_err_as_string (void) {
/* ****************************************************** */ /* ****************************************************** */
static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint64_t iv_seed) { /* convert a given number of bytes from memory to hex string; taken (and modified) from
https://stackoverflow.com/questions/6357031/how-do-you-convert-a-byte-array-to-a-hexadecimal-string-in-c */
const char* to_hex(unsigned char * in, size_t insz, char * out, size_t outsz)
{
unsigned char * pin = in;
const char * hex = "0123456789abcdef";
char * pout = out;
for(; pin < in+insz; pout +=2, pin++){
pout[0] = hex[(*pin>>4) & 0xF];
pout[1] = hex[ *pin & 0xF];
if (pout + 2 - out > outsz){
/* Better to truncate output string than overflow buffer */
/* it would be still better to either return a status */
/* or ensure the target buffer is large enough and it never happen */
break;
}
}
pout[2] = 0;
return out;
}
/* ****************************************************** */
static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint8_t * iv_seed) {
uint8_t iv_full[N2N_AES_IVEC_SIZE]; uint8_t iv_full[N2N_AES_IVEC_SIZE];
/* Extend the seed to full block size with padding value */ /* Extend the seed to full block size with padding value */
memcpy(iv_full, priv->iv_pad_val, TRANSOP_AES_IV_PADDING_SIZE); memcpy(iv_full, priv->iv_pad_val, TRANSOP_AES_IV_PADDING_SIZE);
memcpy(iv_full + TRANSOP_AES_IV_PADDING_SIZE, &iv_seed, TRANSOP_AES_IV_SEED_SIZE); memcpy(iv_full + TRANSOP_AES_IV_PADDING_SIZE, iv_seed, TRANSOP_AES_IV_SEED_SIZE);
/* Encrypt the IV with secret key to make it unpredictable. /* Encrypt the IV with secret key to make it unpredictable.
* As discussed in https://github.com/ntop/n2n/issues/72, it's important to * As discussed in https://github.com/ntop/n2n/issues/72, it's important to
@ -115,7 +140,7 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint64_t iv
/** The aes packet format consists of: /** The aes packet format consists of:
* *
* - a 8-bit aes encoding version in clear text * - a 8-bit aes encoding version in clear text
* - a 64-bit random IV seed * - a TRANSOP_AES_IV_SEED_SIZE-sized [bytes] random IV seed
* - encrypted payload. * - encrypted payload.
* *
* [V|II|DDDDDDDDDDDDDDDDDDDDD] * [V|II|DDDDDDDDDDDDDDDDDDDDD]
@ -135,7 +160,7 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
if((in_len + TRANSOP_AES_PREAMBLE_SIZE) <= out_len) { if((in_len + TRANSOP_AES_PREAMBLE_SIZE) <= out_len) {
int len=-1; int len=-1;
size_t idx=0; size_t idx=0;
uint64_t iv_seed = 0; uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
uint8_t padding = 0; uint8_t padding = 0;
n2n_aes_ivec_t enc_ivec = {0}; n2n_aes_ivec_t enc_ivec = {0};
@ -144,12 +169,20 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
/* Encode the aes format version. */ /* Encode the aes format version. */
encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION); encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
/* Generate and encode the IV seed. /* Generate and encode the IV seed using as many calls to rand() as neccessary.
* Using two calls to rand() because RAND_MAX is usually < 64bit * Note: ( N2N_AES_IV_SEED_SIZE % sizeof(rand_value) ) not neccessarily equals 0. */
* (e.g. linux) and sometimes < 32bit (e.g. Windows). uint32_t rand_value;
*/ int8_t i;
iv_seed = ((((uint64_t)rand() & 0xFFFFFFFF)) << 32) | rand(); for (i = TRANSOP_AES_IV_SEED_SIZE; i >= sizeof(rand_value); i -= sizeof(rand_value)) {
encode_buf(outbuf, &idx, &iv_seed, TRANSOP_AES_IV_SEED_SIZE); rand_value = rand(); // CONCERN: rand() is not consideren cryptographicly secure, REPLACE later
memcpy(iv_seed + TRANSOP_AES_IV_SEED_SIZE - i, &rand_value, sizeof(rand_value));
}
/* Are there bytes left to fill? */
if (i != 0) {
rand_value = rand(); // CONCERN: rand() is not consideren cryptographicly secure, REPLACE later
memcpy(iv_seed, &rand_value, i);
}
encode_buf(outbuf, &idx, iv_seed, TRANSOP_AES_IV_SEED_SIZE);
/* Encrypt the assembly contents and write the ciphertext after the iv seed. */ /* Encrypt the assembly contents and write the ciphertext after the iv seed. */
/* len is set to the length of the cipher plain text to be encrpyted /* len is set to the length of the cipher plain text to be encrpyted
@ -164,7 +197,9 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
len2 = ((len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */ len2 = ((len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */
padding = (len2-len); padding = (len2-len);
assembly[len2 - 1] = padding; assembly[len2 - 1] = padding;
traceEvent(TRACE_DEBUG, "padding = %u, seed = %016llx", padding, iv_seed);
char iv_seed_hex[2 * N2N_AES_IVEC_SIZE + 1];
traceEvent(TRACE_DEBUG, "padding = %u, seed = 0x%s", padding, to_hex (iv_seed, TRANSOP_AES_IV_SEED_SIZE, iv_seed_hex, 2 * N2N_AES_IVEC_SIZE + 1) );
set_aes_cbc_iv(priv, enc_ivec, iv_seed); set_aes_cbc_iv(priv, enc_ivec, iv_seed);
@ -229,7 +264,7 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
size_t rem=in_len; size_t rem=in_len;
size_t idx=0; size_t idx=0;
uint8_t aes_enc_ver=0; uint8_t aes_enc_ver=0;
uint64_t iv_seed=0; uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
/* Get the encoding version to make sure it is supported */ /* Get the encoding version to make sure it is supported */
decode_uint8(&aes_enc_ver, inbuf, &rem, &idx ); decode_uint8(&aes_enc_ver, inbuf, &rem, &idx );
@ -238,7 +273,8 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
/* Get the IV seed */ /* Get the IV seed */
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx); decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
traceEvent(TRACE_DEBUG, "decode_aes %lu with seed %016llx", in_len, iv_seed); char iv_seed_hex[2 * N2N_AES_IVEC_SIZE + 1];
traceEvent(TRACE_DEBUG, "decode_aes %lu with seed 0x%s", in_len, to_hex (iv_seed, TRANSOP_AES_IV_SEED_SIZE, iv_seed_hex, 2 * N2N_AES_IVEC_SIZE + 1) );
len = (in_len - TRANSOP_AES_PREAMBLE_SIZE); len = (in_len - TRANSOP_AES_PREAMBLE_SIZE);

Write Preview
Loading…
Cancel
Save