From 8757312d412f1d43c5b9a133a9ceea045c290fdc Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 1 Sep 2020 20:09:29 +0545 Subject: [PATCH] reworked cc20 --- include/cc20.h | 29 ++++++---- include/n2n.h | 2 - src/cc20.c | 126 +++++++++++++++++++++++++++++++++++++++---- src/edge.c | 4 -- src/edge_utils.c | 2 - src/transform_cc20.c | 4 +- tools/benchmark.c | 8 --- 7 files changed, 136 insertions(+), 39 deletions(-) diff --git a/include/cc20.h b/include/cc20.h index 1bc52eb..9c0456e 100644 --- a/include/cc20.h +++ b/include/cc20.h @@ -20,26 +20,38 @@ #ifndef CC20_H #define CC20_H +#include #include "n2n.h" // HAVE_OPENSSL_1_1, traceEvent ... +#define CC20_IV_SIZE 16 +#define CC20_KEY_BYTES (256/8) -#ifdef HAVE_OPENSSL_1_1 - +#ifdef HAVE_OPENSSL_1_1 // openSSL 1.1 ---------------------------------------------------- -#include #include #include -#define CC20_IV_SIZE 16 -#define CC20_KEY_BYTES (256/8) - - typedef struct cc20_context_t { EVP_CIPHER_CTX *ctx; /* openssl's reusable evp_* en/de-cryption context */ const EVP_CIPHER *cipher; /* cipher to use: e.g. EVP_chacha20() */ uint8_t key[CC20_KEY_BYTES]; /* the pure key data for payload encryption & decryption */ } cc20_context_t; +#else // plain C -------------------------------------------------------------------------- + +typedef struct cc20_context { + uint32_t keystream32[16]; + size_t position; + + uint8_t key[CC20_KEY_BYTES]; + uint8_t nonce[CC20_IV_SIZE]; + uint64_t counter; + + uint32_t state[16]; +} cc20_context_t; + +#endif // openSSL 1.1, plain C ------------------------------------------------------------ + int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len, const unsigned char *iv, cc20_context_t *ctx); @@ -51,7 +63,4 @@ int cc20_init (const unsigned char *key, cc20_context_t **ctx); int cc20_deinit (cc20_context_t *ctx); -#endif // HAVE_OPENSSL_1_1 - - #endif // CC20_H diff --git a/include/n2n.h b/include/n2n.h index 74b8798..18a109e 100644 --- a/include/n2n.h +++ b/include/n2n.h @@ -425,9 +425,7 @@ int n2n_transop_tf_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); #ifdef N2N_HAVE_AES int n2n_transop_aes_cbc_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); #endif -#ifdef HAVE_OPENSSL_1_1 int n2n_transop_cc20_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); -#endif int n2n_transop_speck_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt); /* Log */ diff --git a/src/cc20.c b/src/cc20.c index 87bb5e1..7ba7ef7 100644 --- a/src/cc20.c +++ b/src/cc20.c @@ -20,11 +20,9 @@ #include "cc20.h" -#ifdef HAVE_OPENSSL_1_1 +#if defined (HAVE_OPENSSL_1_1) // openSSL 1.1 --------------------------------------------- -/* ****************************************************** */ - /* get any erorr message out of openssl taken from https://en.wikibooks.org/wiki/OpenSSL/Error_handling */ static char *openssl_err_as_string (void) { @@ -41,7 +39,6 @@ static char *openssl_err_as_string (void) { return ret; } -/* ****************************************************** */ // encryption == decryption int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len, @@ -78,13 +75,124 @@ int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len, } +#else // plain C -------------------------------------------------------------------------- + + +// taken (and modified) from https://github.com/Ginurx/chacha20-c (public domain) + + +static uint32_t rotl32(uint32_t x, int n) { + + return (x << n) | (x >> (32 - n)); +} + +// little endian +static uint32_t pack4(const uint8_t *a) { + + uint32_t res = 0; + res |= (uint32_t)a[0] << 0 * 8; + res |= (uint32_t)a[1] << 1 * 8; + res |= (uint32_t)a[2] << 2 * 8; + res |= (uint32_t)a[3] << 3 * 8; + return res; +} + + +static void unpack4(uint32_t src, uint8_t *dst) { + + dst[0] = (src >> 0 * 8) & 0xff; + dst[1] = (src >> 1 * 8) & 0xff; + dst[2] = (src >> 2 * 8) & 0xff; + dst[3] = (src >> 3 * 8) & 0xff; +} + + +static void chacha20_init_block(cc20_context_t *ctx, const uint8_t nonce[]) { + + const uint8_t *magic_constant = (uint8_t*)"expand 32-byte k"; + + memcpy(&(ctx->state[0]), magic_constant, 16); + memcpy (&(ctx->state[4]), ctx->key, CC20_KEY_BYTES); + memcpy(&(ctx->state[12]), nonce, CC20_IV_SIZE); +} + + +#define CHACHA20_QUARTERROUND(x, a, b, c, d) \ + x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16); \ + x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12); \ + x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 8); \ + x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 7); + +static void chacha20_block_next(cc20_context_t *ctx) { + + int i; + + for(i = 0; i < 16; i++) + ctx->keystream32[i] = ctx->state[i]; + + for(i = 0; i < 10; i++) { + CHACHA20_QUARTERROUND(ctx->keystream32, 0, 4, 8, 12) + CHACHA20_QUARTERROUND(ctx->keystream32, 1, 5, 9, 13) + CHACHA20_QUARTERROUND(ctx->keystream32, 2, 6, 10, 14) + CHACHA20_QUARTERROUND(ctx->keystream32, 3, 7, 11, 15) + CHACHA20_QUARTERROUND(ctx->keystream32, 0, 5, 10, 15) + CHACHA20_QUARTERROUND(ctx->keystream32, 1, 6, 11, 12) + CHACHA20_QUARTERROUND(ctx->keystream32, 2, 7, 8, 13) + CHACHA20_QUARTERROUND(ctx->keystream32, 3, 4, 9, 14) + } + + for(i = 0; i < 16; i++) + ctx->keystream32[i] += ctx->state[i]; + + uint32_t *counter = ctx->state + 12; + // increment counter + counter[0]++; + if(0 == counter[0]) { + // wrap around occured, increment higher 32 bits of counter + counter[1]++; + // Limited to 2^64 blocks of 64 bytes each. + // if you want to process more than 1180591620717411303424 bytes + // you have other problems. + // we could keep counting with counter[2] and counter[3] (nonce), + // but then we risk reusing the nonce which is very bad. + } +} + + +static void chacha20_init_context(cc20_context_t *ctx, const uint8_t *nonce) { + + chacha20_init_block(ctx, nonce); + ctx->position = 64; +} + + +int cc20_crypt (unsigned char *out, const unsigned char *in, size_t in_len, + const unsigned char *iv, cc20_context_t *ctx) { + + chacha20_init_context(ctx, iv); + + uint8_t *keystream8 = (uint8_t*)ctx->keystream32; + for(size_t i = 0; i < in_len; i++) { + if(ctx->position >= 64) { + chacha20_block_next(ctx); + ctx->position = 0; + } + out[i] = in[i] ^ keystream8[ctx->position]; + ctx->position++; + } +} + + +#endif // openSSL 1.1, plain C ------------------------------------------------------------ + + int cc20_init (const unsigned char *key, cc20_context_t **ctx) { // allocate context... *ctx = (cc20_context_t*) calloc(1, sizeof(cc20_context_t)); if (!(*ctx)) return -1; - +#if defined (HAVE_OPENSSL_1_1) if(!((*ctx)->ctx = EVP_CIPHER_CTX_new())) { traceEvent(TRACE_ERROR, "cc20_init openssl's evp_* encryption context creation failed: %s", openssl_err_as_string()); @@ -92,7 +200,7 @@ int cc20_init (const unsigned char *key, cc20_context_t **ctx) { } (*ctx)->cipher = EVP_chacha20(); - +#endif memcpy((*ctx)->key, key, CC20_KEY_BYTES); return 0; @@ -101,10 +209,8 @@ int cc20_init (const unsigned char *key, cc20_context_t **ctx) { int cc20_deinit (cc20_context_t *ctx) { +#if defined (HAVE_OPENSSL_1_1) if (ctx->ctx) EVP_CIPHER_CTX_free(ctx->ctx); - +#endif return 0; } - - -#endif // HAVE_OPENSSL_1_1 diff --git a/src/edge.c b/src/edge.c index 1f2423e..61ed709 100644 --- a/src/edge.c +++ b/src/edge.c @@ -168,9 +168,7 @@ static void help() { #ifdef N2N_HAVE_AES "-A3 or -A (deprecated) = AES-CBC, " #endif -#ifdef HAVE_OPENSSL_1_1 "-A4 = ChaCha20, " -#endif "-A5 = Speck-CTR.\n"); printf("-H | Enable full header encryption. Requires supernode with fixed community.\n"); printf("-z1 ... -z2 or -z | Enable compression for outgoing data packets: -z1 or -z = lzo1x" @@ -250,13 +248,11 @@ static void setPayloadEncryption( n2n_edge_conf_t *conf, int cipher) { break; } #endif -#ifdef HAVE_OPENSSL_1_1 case 4: { conf->transop_id = N2N_TRANSFORM_ID_CHACHA20; break; } -#endif case 5: { conf->transop_id = N2N_TRANSFORM_ID_SPECK; diff --git a/src/edge_utils.c b/src/edge_utils.c index f3d807e..07baca3 100644 --- a/src/edge_utils.c +++ b/src/edge_utils.c @@ -226,11 +226,9 @@ n2n_edge_t* edge_init(const n2n_edge_conf_t *conf, int *rv) { rc = n2n_transop_aes_cbc_init(&eee->conf, &eee->transop); break; #endif -#ifdef HAVE_OPENSSL_1_1 case N2N_TRANSFORM_ID_CHACHA20: rc = n2n_transop_cc20_init(&eee->conf, &eee->transop); break; -#endif case N2N_TRANSFORM_ID_SPECK: rc = n2n_transop_speck_init(&eee->conf, &eee->transop); break; diff --git a/src/transform_cc20.c b/src/transform_cc20.c index d3c42f3..26ffd3b 100644 --- a/src/transform_cc20.c +++ b/src/transform_cc20.c @@ -16,9 +16,9 @@ * */ + #include "n2n.h" -#ifdef HAVE_OPENSSL_1_1 /* ChaCha20 plaintext preamble */ #define CC20_PREAMBLE_SIZE (CC20_IV_SIZE) @@ -177,5 +177,3 @@ int n2n_transop_cc20_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) { /* Setup the cipher and key */ return setup_cc20_key(priv, encrypt_key, encrypt_key_len); } - -#endif /* HAVE_OPENSSL_1_1 */ diff --git a/tools/benchmark.c b/tools/benchmark.c index 61f7ee7..48112c2 100644 --- a/tools/benchmark.c +++ b/tools/benchmark.c @@ -66,9 +66,7 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES n2n_trans_op_t transop_aes_cbc; #endif -#ifdef HAVE_OPENSSL_1_1 n2n_trans_op_t transop_cc20; -#endif n2n_trans_op_t transop_speck; n2n_edge_conf_t conf; @@ -86,9 +84,7 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES n2n_transop_aes_cbc_init(&conf, &transop_aes_cbc); #endif -#ifdef HAVE_OPENSSL_1_1 n2n_transop_cc20_init(&conf, &transop_cc20); -#endif n2n_transop_speck_init(&conf, &transop_speck); /* Run the tests */ @@ -97,9 +93,7 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES run_transop_benchmark("transop_aes", &transop_aes_cbc, &conf, pktbuf); #endif -#ifdef HAVE_OPENSSL_1_1 run_transop_benchmark("transop_cc20", &transop_cc20, &conf, pktbuf); -#endif run_transop_benchmark("transop_speck", &transop_speck, &conf, pktbuf); /* Cleanup */ @@ -108,9 +102,7 @@ int main(int argc, char * argv[]) { #ifdef N2N_HAVE_AES transop_aes_cbc.deinit(&transop_aes_cbc); #endif -#ifdef HAVE_OPENSSL_1_1 transop_cc20.deinit(&transop_cc20); -#endif transop_speck.deinit(&transop_speck); return 0;