From 6774920ed0529c8e9eaa5720dbb3ef3829469b34 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Mon, 15 Jun 2020 12:53:37 +0545 Subject: [PATCH 1/6] drafted header encryption --- header_encryption.c | 104 +++++++++++++++++++++++++++++++++++++ speck.c | 123 +++++++++++++++++++++++++++++++++++++++----- speck.h | 7 +++ 3 files changed, 221 insertions(+), 13 deletions(-) create mode 100644 header_encryption.c diff --git a/header_encryption.c b/header_encryption.c new file mode 100644 index 0000000..e263cfc --- /dev/null +++ b/header_encryption.c @@ -0,0 +1,104 @@ +#include +#include + +// #include "n2n_wire.h" // n2n_community_t +#include "n2n.h" +#include "speck.h" +#include "portable_endian.h" + + +uint32_t decryt_packet_header (uint8_t packet[], uint8_t packet_len, + char * community_name, speck_ctx * ctx) { + + // assemble IV + // the last four are ASCII "n2n!" and do not get overwritten + uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 }; + // the first 96 bits of the packet are used padded with ASCII "n2n!" + // to full 128 bit IV + memcopy (iv, packet, 12); + + // alternatively, consider: pearson_hash_128 (iv, packet, 12) + + // try community name as possible key and check for magic bytes + uint32_t magic = 0x6E326E00; // ="n2n_" + uint32_t test_magic; + // check for magic bytes and resonable value in header len field + speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, ctx); + test_magic = be32toh (test_magic); + if ( ((test_magic << 8) == magic) + && ((test_magic >> 24) <= packet_len) // (test_masgic >> 24) is header_len + ) { + speck_he (&packet[12], &packet[12], (test_magic >> 24) - 12, iv, ctx); + // restore original packet order + memcpy (&packet[0], &packet[16], 4); + memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE); + return (1); // successful + } else + return (0); // unsuccessful +} + + +int32_t decryt_packet_header_if_required (uint8_t packet[], uint16_t packet_len, + struct sn_community *communities) { + + if (packet_len < 20) + return (-1); + + // first, check if header is unenrypted to put it into the fast-lane then + + // the following check is around 99.99962 percent reliable + // it heavily relies on the structure of packet's common part + // changes to wire.c:encode/decode_common need to go together with this code + if ( (packet[19] == (uint8_t)0x00) // null terminated community name + && (packet[00] == N2N_PKT_VERSION) // correct packet version +// && (packet[01] <= N2N_DEFAULT_TTL) // reasonable TTL -- might interfere with hole-punching-related or cli passed higher values ?! + && ((be16toh (*(uint16_t*)&(packet[02])) & N2N_FLAGS_TYPE_MASK ) <= MSG_TYPE_MAX_TYPE ) // message type + && ( be16toh (*(uint16_t*)&(packet[02])) < N2N_FLAGS_OPTIONS) // flags + ) { + + // most probably unencrypted + return (1); + + } else { + + // most probably encrypted + // cycle through the known communities (as keys) to eventually decrypt + int32_t ret; + struct sn_community *c, *tmp; + HASH_ITER (hh, communities, c, tmp) { + // check if this is an encrypted community + if ( ret = decrypt_packet_header (packet, packet_len, c->community, c-> ctx) ) { + // no upgrade from unencrypted to encrypted + if (c->header_encryption == 1) + return (-2); + // set to 'encrypted' + c->header_encryption = 2; + // no need to test any further + return (2); + } + } + // no match + return (-3); + } +} + + +int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, speck_ctx * ctx) { + + if (header_len < 20) + return (-1); + + memcpy (&packet[16], &packet[00], 4); + + uint8_t iv[16]; + ((uint64_t*)iv)[0] = n2n_rand (); + ((uint64_t*)iv)[1] = n2n_rand (); + + const uint32_t magic = 0x006E326E; + ((uint32_t*)iv)[3] = htobe32 (magic); + + iv[12] = header_len; + + speck_he (&packet[12], &packet[12], header_len - 12, iv, ctx); +} diff --git a/speck.c b/speck.c index d9afca5..74a1426 100644 --- a/speck.c +++ b/speck.c @@ -1,4 +1,4 @@ -// cipher SPECK -- 128 bit block size -- 256 bit key size +// cipher SPECK -- 128 bit block size -- 256 bit key size -- CTR mode // taken from (and modified: removed pure crypto-stream generation and seperated key expansion) // https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/ @@ -565,9 +565,9 @@ int speck_expand_key (const unsigned char *k, speck_context_t *ctx) { #else // plain C ---------------------------------------------------------------- -#define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r)))) -#define ROL64(x,r) (((x)<<(r))|((x)>>(64-(r)))) -#define R(x,y,k) (x=ROR64(x,8), x+=y, x^=k, y=ROL64(y,3), y^=x) +#define ROR(x,r) (((x)>>(r))|((x)<<(64-(r)))) +#define ROL(x,r) (((x)<<(r))|((x)>>(64-(r)))) +#define R(x,y,k) (x=ROR(x,8), x+=y, x^=k, y=ROL(y,3), y^=x) static int speck_encrypt (u64 *u, u64 *v, speck_context_t *ctx) { @@ -642,6 +642,85 @@ int speck_expand_key (const unsigned char *k, speck_context_t *ctx) { #endif // AVX, SSE, NEON, plain C ------------------------------------------------ +// cipher SPECK -- 128 bit block size -- 128 bit key size -- CTR mode +// used for header encryption, thus the prefix 'he_' +// for now: just plain C -- AVX, SSE, NEON might follow + +#define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r)))) +#define ROL64(x,r) (((x)<<(r))|((x)>>(64-(r)))) +#define R64(x,y,k) (x=ROR64(x,8), x+=y, x^=k, y=ROL64(y,3), y^=x) + + +static int speck_encrypt_he (u64 *u, u64 *v, speck_context_t *ctx) { + + u64 i, x=*u, y=*v; + + for (i = 0; i < 32; i++) + R64 (x, y, ctx->key[i]); + + *u = x; *v = y; + + return 0; +} + + +int speck_he (unsigned char *out, const unsigned char *in, unsigned long long inlen, + const unsigned char *n, speck_context_t *ctx) { + + u64 i, nonce[2], x, y, t; + unsigned char *block = malloc(16); + + if (!inlen) { + free (block); + return 0; + } + nonce[0] = htole64 ( ((u64*)n)[0] ); + nonce[1] = htole64 ( ((u64*)n)[1] ); + + t = 0; + while (inlen >= 16) { + x = nonce[1]; y = nonce[0]; nonce[0]++; + speck_encrypt_he (&x, &y, ctx); + ((u64 *)out)[1+t] = htole64 (x ^ ((u64 *)in)[1+t]); + ((u64 *)out)[0+t] = htole64 (y ^ ((u64 *)in)[0+t]); + t += 2; + inlen -= 16; + } + + if (inlen > 0) { + x = nonce[1]; y = nonce[0]; + speck_encrypt_he (&x, &y, ctx); + ((u64 *)block)[1] = htole64 (x); ((u64 *)block)[0] = htole64 (y); + for (i = 0; i < inlen; i++) + out[i+8*t] = block[i] ^ in[i+8*t]; + } + + free(block); + return 0; +} + + +int speck_expand_key_he (const unsigned char *k, speck_context_t *ctx) { + + u64 A, B; + u64 i; + + A = htole64 ( ((u64 *)k)[0] ); + B = htole64 ( ((u64 *)k)[1] ); + + for (i = 0; i < 32; i ++) { + ctx->key[i] = A; + R64 ( B, A, i); + } + return 1; +} + + +// code for testing -- to be removed when finished +/* +#include // for testing +#include + int speck_test () { uint8_t key[32] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -649,16 +728,23 @@ int speck_test () { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - uint8_t iv[16] = { 0x70, 0x6f, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x20, 0x49, 0x6e, 0x20, 0x74, 0x68, 0x6f, 0x73, 0x65 }; + uint8_t xv[16] = { 0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, 0x69, 0x74, + 0x20, 0x65, 0x71, 0x75, 0x69, 0x76, 0x61, 0x6c }; + + uint8_t pt[16] = { 0x00 }; // expected outcome (according to pp. 35 & 36 of Implementation Guide) uint8_t ct[16] = { 0x43, 0x8f, 0x18, 0x9c, 0x8d, 0xb4, 0xee, 0x4e, 0x3e, 0xf5, 0xc0, 0x05, 0x04, 0x01, 0x09, 0x41 }; + uint8_t xt[16] = { 0x18, 0x0d, 0x57, 0x5c, 0xdf, 0xfe, 0x60, 0x78, + 0x65, 0x32, 0x78, 0x79, 0x51, 0x98, 0x5d, 0xa6 }; + + speck_context_t ctx; speck_expand_key (key, &ctx); @@ -667,24 +753,35 @@ int speck_test () { #else speck_ctr (pt, pt, 16, iv, &ctx); #endif + u64 i; - // fprintf (stderr, "rk00: %016llx\n", ctx.key[0]); - // fprintf (stderr, "rk33: %016llx\n", ctx.key[33]); - // fprintf (stderr, "out : %016lx\n", *(uint64_t*)pt); - // fprintf (stderr, "mem : " ); for (i=0; i < 16; i++) fprintf (stderr, "%02x ", pt[i]); fprintf (stderr, "\n"); + fprintf (stderr, "rk00: %016llx\n", ctx.key[0]); + fprintf (stderr, "rk33: %016llx\n", ctx.key[33]); + fprintf (stderr, "out : %016lx\n", *(uint64_t*)pt); + fprintf (stderr, "mem : " ); for (i=0; i < 16; i++) fprintf (stderr, "%02x ", pt[i]); fprintf (stderr, "\n"); int ret = 1; for (i=0; i < 16; i++) if (pt[i] != ct[i]) ret = 0; + memset (pt, 0, 16); + speck_expand_key_he (key, &ctx); + speck_he (pt, pt, 16, xv, &ctx); + + fprintf (stderr, "rk00: %016llx\n", ctx.key[0]); + fprintf (stderr, "rk31: %016llx\n", ctx.key[31]); + fprintf (stderr, "out : %016lx\n", *(uint64_t*)pt); + fprintf (stderr, "mem : " ); for (i=0; i < 16; i++) fprintf (stderr, "%02x ", pt[i]); fprintf (stderr, "\n"); + + for (i=0; i < 16; i++) + if (pt[i] != xt[i]) ret = 0; + return (ret); } -/* -#include // for testing - int main (int argc, char* argv[]) { +int main (int argc, char* argv[]) { fprintf (stdout, "SPECK SELF TEST RESULT: %u\n", speck_test (0,NULL)); - } +} */ diff --git a/speck.h b/speck.h index 18a67b6..3b8cba5 100644 --- a/speck.h +++ b/speck.h @@ -54,3 +54,10 @@ speck_context_t *ctx); int speck_expand_key (const unsigned char *k, speck_context_t *ctx); + + +int speck_he (unsigned char *out, const unsigned char *in, unsigned long long inlen, + const unsigned char *n, speck_context_t *ctx); + + +int speck_expand_key_he (const unsigned char *k, speck_context_t *ctx); From 365d2b2782b75f4a2b5516dd4f6a905a0efcc27c Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 16 Jun 2020 13:27:38 +0545 Subject: [PATCH 2/6] prepared header encryption --- CMakeLists.txt | 5 ++ Makefile.in | 1 + header_encryption.c | 65 +++++++++------ header_encryption.h | 17 ++++ n2n.h | 8 +- pearson.c | 195 ++++++++++++++++++++++++++++++++++++++++++++ pearson.h | 3 + speck.h | 7 ++ 8 files changed, 276 insertions(+), 25 deletions(-) create mode 100644 header_encryption.h create mode 100644 pearson.c create mode 100644 pearson.h diff --git a/CMakeLists.txt b/CMakeLists.txt index b5fd37b..36ee727 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -61,7 +61,12 @@ add_library(n2n n2n.c transform_null.c transform_tf.c transform_aes.c + transform_cc20.c + transform_speck.c + speck.c + pearson.c random_numbers.c + header_encryption.c tuntap_freebsd.c tuntap_netbsd.c tuntap_linux.c diff --git a/Makefile.in b/Makefile.in index b231aac..1bca92c 100644 --- a/Makefile.in +++ b/Makefile.in @@ -51,6 +51,7 @@ N2N_LIB=libn2n.a N2N_OBJS=n2n.o wire.o minilzo.o twofish.o speck.o \ edge_utils.o sn_utils.o \ transform_null.o transform_tf.o transform_aes.o transform_cc20.o transform_speck.o \ + header_encryption.o pearson.o \ tuntap_freebsd.o tuntap_netbsd.o tuntap_linux.o random_numbers.o \ tuntap_osx.o LIBS_EDGE+=$(LIBS_EDGE_OPT) diff --git a/header_encryption.c b/header_encryption.c index e263cfc..8f7ab97 100644 --- a/header_encryption.c +++ b/header_encryption.c @@ -1,35 +1,38 @@ -#include -#include +#include "header_encryption.h" + +#include -// #include "n2n_wire.h" // n2n_community_t #include "n2n.h" -#include "speck.h" +#include "random_numbers.h" +#include "pearson.h" #include "portable_endian.h" -uint32_t decryt_packet_header (uint8_t packet[], uint8_t packet_len, - char * community_name, speck_ctx * ctx) { +#include + + +uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len, + char * community_name, he_context_t * ctx) { // assemble IV // the last four are ASCII "n2n!" and do not get overwritten uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 }; - // the first 96 bits of the packet are used padded with ASCII "n2n!" + // the first 96 bits of the packet get padded with ASCII "n2n!" // to full 128 bit IV - memcopy (iv, packet, 12); - - // alternatively, consider: pearson_hash_128 (iv, packet, 12) + memcpy (iv, packet, 12); + // alternatively, consider: pearson_hash_128 (iv, packet, 12); // try community name as possible key and check for magic bytes uint32_t magic = 0x6E326E00; // ="n2n_" uint32_t test_magic; // check for magic bytes and resonable value in header len field - speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, ctx); + speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, (speck_context_t*)ctx); test_magic = be32toh (test_magic); if ( ((test_magic << 8) == magic) && ((test_magic >> 24) <= packet_len) // (test_masgic >> 24) is header_len ) { - speck_he (&packet[12], &packet[12], (test_magic >> 24) - 12, iv, ctx); + speck_he (&packet[12], &packet[12], (test_magic >> 24) - 12, iv, (speck_context_t*)ctx); // restore original packet order memcpy (&packet[0], &packet[16], 4); memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE); @@ -39,7 +42,7 @@ uint32_t decryt_packet_header (uint8_t packet[], uint8_t packet_len, } -int32_t decryt_packet_header_if_required (uint8_t packet[], uint16_t packet_len, +int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, struct sn_community *communities) { if (packet_len < 20) @@ -58,8 +61,12 @@ int32_t decryt_packet_header_if_required (uint8_t packet[], uint16_t packet_len, ) { // most probably unencrypted - return (1); + // TODO: + // !!! make sure, no downgrading happens here !!! + // NOT FOR DEFINETLY ENCRYPTED COMMUNITIES / NO DOWNGRADE, NO INJECTION + + return (HEADER_ENCRYPTION_NONE); } else { // most probably encrypted @@ -67,24 +74,23 @@ int32_t decryt_packet_header_if_required (uint8_t packet[], uint16_t packet_len, int32_t ret; struct sn_community *c, *tmp; HASH_ITER (hh, communities, c, tmp) { - // check if this is an encrypted community - if ( ret = decrypt_packet_header (packet, packet_len, c->community, c-> ctx) ) { - // no upgrade from unencrypted to encrypted - if (c->header_encryption == 1) - return (-2); + // skip the definitely unencrypted communities + if (c->header_encryption == HEADER_ENCRYPTION_NONE) + continue; + if ( (ret = packet_header_decrypt (packet, packet_len, c->community, &(c->header_encryption_ctx))) ) { // set to 'encrypted' - c->header_encryption = 2; + c->header_encryption = HEADER_ENCRYPTION_ENABLED; // no need to test any further - return (2); + return (HEADER_ENCRYPTION_ENABLED); } } - // no match + // no matching key/community return (-3); } } -int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, speck_ctx * ctx) { +int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx) { if (header_len < 20) return (-1); @@ -100,5 +106,16 @@ int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, speck_ctx * iv[12] = header_len; - speck_he (&packet[12], &packet[12], header_len - 12, iv, ctx); + speck_he (&packet[12], &packet[12], header_len - 12, iv, (speck_context_t*)ctx); + + return (0); +} + + +void packet_header_setup_key (char * community_name, he_context_t * ctx) { + + uint8_t key[16]; + pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE); + + speck_expand_key_he (key, ctx); } diff --git a/header_encryption.h b/header_encryption.h new file mode 100644 index 0000000..f8a31cb --- /dev/null +++ b/header_encryption.h @@ -0,0 +1,17 @@ +#include + +#include "speck.h" +typedef speck_context_t he_context_t; + + +#define HEADER_ENCRYPTION_UNKNOWN 0 +#define HEADER_ENCRYPTION_NONE 1 +#define HEADER_ENCRYPTION_ENABLED 2 + + +uint32_t decrypt_packet_header (uint8_t packet[], uint8_t packet_len, + char * community_name, he_context_t * ctx); + +int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, he_context_t * ctx); + +int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, he_context_t * ctx); diff --git a/n2n.h b/n2n.h index 7041fa3..d05e9cf 100644 --- a/n2n.h +++ b/n2n.h @@ -111,6 +111,7 @@ typedef struct ether_hdr ether_hdr_t; #include #include #include "minilzo.h" +#include "header_encryption.h" #define closesocket(a) close(a) #endif /* #ifndef WIN32 */ @@ -160,6 +161,7 @@ typedef struct tuntap_dev { #define MSG_TYPE_FEDERATION 8 #define MSG_TYPE_PEER_INFO 9 #define MSG_TYPE_QUERY_PEER 10 +#define MSG_TYPE_MAX_TYPE 10 /* N2N compression indicators. */ /* Compression is disabled by default for outgoing packets if no cli @@ -225,6 +227,8 @@ typedef struct n2n_edge_conf { n2n_sn_name_t sn_ip_array[N2N_EDGE_NUM_SUPERNODES]; n2n_route_t *routes; /**< Networks to route through n2n */ n2n_community_t community_name; /**< The community. 16 full octets. */ + uint8_t header_encryption; /**< Header encryption indicator. */ + he_context_t header_encryption_ctx; /**< Header encryption cipher context. */ n2n_transform_t transop_id; /**< The transop to use. */ uint16_t compression; /**< Compress outgoing data packets before encryption */ uint16_t num_routes; /**< Number of routes in routes */ @@ -270,7 +274,9 @@ typedef struct sn_stats struct sn_community { char community[N2N_COMMUNITY_SIZE]; - struct peer_info *edges; /* Link list of registered edges. */ + uint8_t header_encryption; /* Header encryption indicator. */ + he_context_t header_encryption_ctx; /* Header encryption cipher context. */ + struct peer_info *edges; /* Link list of registered edges. */ UT_hash_handle hh; /* makes this structure hashable */ }; diff --git a/pearson.c b/pearson.c new file mode 100644 index 0000000..80c90a6 --- /dev/null +++ b/pearson.c @@ -0,0 +1,195 @@ +// taken from https://github.com/Logan007/pearson + +#include +#include + +#include "pearson.h" + + +// table as in original paper "Fast Hashing of Variable-Length Text Strings" by Peter K. Pearson +// as published in The Communications of the ACM Vol.33, No. 6 (June 1990), pp. 677-680. +static const uint8_t t[256] ={ + 0x01, 0x57, 0x31, 0x0c, 0xb0, 0xb2, 0x66, 0xa6, 0x79, 0xc1, 0x06, 0x54, 0xf9, 0xe6, 0x2c, 0xa3, + 0x0e, 0xc5, 0xd5, 0xb5, 0xa1, 0x55, 0xda, 0x50, 0x40, 0xef, 0x18, 0xe2, 0xec, 0x8e, 0x26, 0xc8, + 0x6e, 0xb1, 0x68, 0x67, 0x8d, 0xfd, 0xff, 0x32, 0x4d, 0x65, 0x51, 0x12, 0x2d, 0x60, 0x1f, 0xde, + 0x19, 0x6b, 0xbe, 0x46, 0x56, 0xed, 0xf0, 0x22, 0x48, 0xf2, 0x14, 0xd6, 0xf4, 0xe3, 0x95, 0xeb, + 0x61, 0xea, 0x39, 0x16, 0x3c, 0xfa, 0x52, 0xaf, 0xd0, 0x05, 0x7f, 0xc7, 0x6f, 0x3e, 0x87, 0xf8, + 0xae, 0xa9, 0xd3, 0x3a, 0x42, 0x9a, 0x6a, 0xc3, 0xf5, 0xab, 0x11, 0xbb, 0xb6, 0xb3, 0x00, 0xf3, + 0x84, 0x38, 0x94, 0x4b, 0x80, 0x85, 0x9e, 0x64, 0x82, 0x7e, 0x5b, 0x0d, 0x99, 0xf6, 0xd8, 0xdb, + 0x77, 0x44, 0xdf, 0x4e, 0x53, 0x58, 0xc9, 0x63, 0x7a, 0x0b, 0x5c, 0x20, 0x88, 0x72, 0x34, 0x0a, + 0x8a, 0x1e, 0x30, 0xb7, 0x9c, 0x23, 0x3d, 0x1a, 0x8f, 0x4a, 0xfb, 0x5e, 0x81, 0xa2, 0x3f, 0x98, + 0xaa, 0x07, 0x73, 0xa7, 0xf1, 0xce, 0x03, 0x96, 0x37, 0x3b, 0x97, 0xdc, 0x5a, 0x35, 0x17, 0x83, + 0x7d, 0xad, 0x0f, 0xee, 0x4f, 0x5f, 0x59, 0x10, 0x69, 0x89, 0xe1, 0xe0, 0xd9, 0xa0, 0x25, 0x7b, + 0x76, 0x49, 0x02, 0x9d, 0x2e, 0x74, 0x09, 0x91, 0x86, 0xe4, 0xcf, 0xd4, 0xca, 0xd7, 0x45, 0xe5, + 0x1b, 0xbc, 0x43, 0x7c, 0xa8, 0xfc, 0x2a, 0x04, 0x1d, 0x6c, 0x15, 0xf7, 0x13, 0xcd, 0x27, 0xcb, + 0xe9, 0x28, 0xba, 0x93, 0xc6, 0xc0, 0x9b, 0x21, 0xa4, 0xbf, 0x62, 0xcc, 0xa5, 0xb4, 0x75, 0x4c, + 0x8c, 0x24, 0xd2, 0xac, 0x29, 0x36, 0x9f, 0x08, 0xb9, 0xe8, 0x71, 0xc4, 0xe7, 0x2f, 0x92, 0x78, + 0x33, 0x41, 0x1c, 0x90, 0xfe, 0xdd, 0x5d, 0xbd, 0xc2, 0x8b, 0x70, 0x2b, 0x47, 0x6d, 0xb8, 0xd1 }; + +/* +// alternative table as used in RFC 3074 and NOT as in original paper +static const uint8_t t[256] ={ + 0xfb, 0xaf, 0x77, 0xd7, 0x51, 0x0e, 0x4f, 0xbf, 0x67, 0x31, 0xb5, 0x8f, 0xba, 0x9d, 0x00, 0xe8, + 0x1f, 0x20, 0x37, 0x3c, 0x98, 0x3a, 0x11, 0xed, 0xae, 0x46, 0xa0, 0x90, 0xdc, 0x5a, 0x39, 0xdf, + 0x3b, 0x03, 0x12, 0x8c, 0x6f, 0xa6, 0xcb, 0xc4, 0x86, 0xf3, 0x7c, 0x5f, 0xde, 0xb3, 0xc5, 0x41, + 0xb4, 0x30, 0x24, 0x0f, 0x6b, 0x2e, 0xe9, 0x82, 0xa5, 0x1e, 0x7b, 0xa1, 0xd1, 0x17, 0x61, 0x10, + 0x28, 0x5b, 0xdb, 0x3d, 0x64, 0x0a, 0xd2, 0x6d, 0xfa, 0x7f, 0x16, 0x8a, 0x1d, 0x6c, 0xf4, 0x43, + 0xcf, 0x09, 0xb2, 0xcc, 0x4a, 0x62, 0x7e, 0xf9, 0xa7, 0x74, 0x22, 0x4d, 0xc1, 0xc8, 0x79, 0x05, + 0x14, 0x71, 0x47, 0x23, 0x80, 0x0d, 0xb6, 0x5e, 0x19, 0xe2, 0xe3, 0xc7, 0x4b, 0x1b, 0x29, 0xf5, + 0xe6, 0xe0, 0x2b, 0xe1, 0xb1, 0x1a, 0x9b, 0x96, 0xd4, 0x8e, 0xda, 0x73, 0xf1, 0x49, 0x58, 0x69, + 0x27, 0x72, 0x3e, 0xff, 0xc0, 0xc9, 0x91, 0xd6, 0xa8, 0x9e, 0xdd, 0x94, 0x9a, 0x7a, 0x0c, 0x54, + 0x52, 0xa3, 0x2c, 0x8b, 0xe4, 0xec, 0xcd, 0xf2, 0xd9, 0x0b, 0xbb, 0x92, 0x9f, 0x40, 0x56, 0xef, + 0xc3, 0x2a, 0x6a, 0xc6, 0x76, 0x70, 0xb8, 0xac, 0x57, 0x02, 0xad, 0x75, 0xb0, 0xe5, 0xf7, 0xfd, + 0x89, 0xb9, 0x63, 0xa4, 0x66, 0x93, 0x2d, 0x42, 0xe7, 0x34, 0x8d, 0xd3, 0xc2, 0xce, 0xf6, 0xee, + 0x38, 0x6e, 0x4e, 0xf8, 0x3f, 0xf0, 0xbd, 0x5d, 0x5c, 0x33, 0x35, 0xb7, 0x13, 0xab, 0x48, 0x32, + 0x21, 0x68, 0x65, 0x45, 0x08, 0xfc, 0x53, 0x78, 0x4c, 0x87, 0x55, 0x36, 0xca, 0x7d, 0xbc, 0xd5, + 0x60, 0xeb, 0x88, 0xd0, 0xa2, 0x81, 0xbe, 0x84, 0x9c, 0x26, 0x2f, 0x01, 0x07, 0xfe, 0x18, 0x04, + 0xd8, 0x83, 0x59, 0x15, 0x1c, 0x85, 0x25, 0x99, 0x95, 0x50, 0xaa, 0x44, 0x06, 0xa9, 0xea, 0x97 }; */ + + +#define ROR64(x,r) (((x)>>(r))|((x)<<(64-(r)))) + + +void pearson_hash_256 (uint8_t *out, const uint8_t *in, size_t len) { + + /* initial values - astonishingly, assembling using SHIFTs and ORs (in register) + * works faster on well pipelined CPUs than loading the 64-bit value from memory. + * however, there is one advantage to loading from memory: as we also store back to + * memory at the end, we do not need to care about endianess! */ + uint8_t upper[8] = { 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08 }; + uint8_t lower[8] = { 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; + + uint64_t upper_hash_mask = *(uint64_t*)&upper; + uint64_t lower_hash_mask = *(uint64_t*)&lower; + uint64_t high_upper_hash_mask = upper_hash_mask + 0x1010101010101010; + uint64_t high_lower_hash_mask = lower_hash_mask + 0x1010101010101010; + + uint64_t upper_hash = 0; + uint64_t lower_hash = 0; + uint64_t high_upper_hash = 0; + uint64_t high_lower_hash = 0; + + for (size_t i = 0; i < len; i++) { + // broadcast the character, xor into hash, make them different permutations + uint64_t c = (uint8_t)in[i]; + c |= c << 8; + c |= c << 16; + c |= c << 32; + upper_hash ^= c ^ upper_hash_mask; + lower_hash ^= c ^ lower_hash_mask; + high_upper_hash ^= c ^ high_upper_hash_mask; + high_lower_hash ^= c ^ high_lower_hash_mask; + + // table lookup + uint8_t x; + uint64_t h = 0; + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + upper_hash = h; + + h = 0; + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + lower_hash = h; + + h = 0; + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_upper_hash; x = t[x]; high_upper_hash >>= 8; h |= x; h=ROR64(h,8); + high_upper_hash = h; + + h = 0; + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = high_lower_hash; x = t[x]; high_lower_hash >>= 8; h |= x; h=ROR64(h,8); + high_lower_hash = h; + } + // store output + uint64_t *o; + o = (uint64_t*)&out[0]; + *o = high_upper_hash; + o = (uint64_t*)&out[8]; + *o = high_lower_hash; + o = (uint64_t*)&out[16]; + *o = upper_hash; + o = (uint64_t*)&out[24]; + *o = lower_hash; +} + + +void pearson_hash_128 (uint8_t *out, const uint8_t *in, size_t len) { + + /* initial values - astonishingly, assembling using SHIFTs and ORs (in register) + * works faster on well pipelined CPUs than loading the 64-bit value from memory. + * however, there is one advantage to loading from memory: as we also store back to + * memory at the end, we do not need to care about endianess! */ + uint8_t upper[8] = { 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08 }; + uint8_t lower[8] = { 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; + + uint64_t upper_hash_mask = *(uint64_t*)&upper; + uint64_t lower_hash_mask = *(uint64_t*)&lower; + + uint64_t upper_hash = 0; + uint64_t lower_hash = 0; + + for (size_t i = 0; i < len; i++) { + // broadcast the character, xor into hash, make them different permutations + uint64_t c = (uint8_t)in[i]; + c |= c << 8; + c |= c << 16; + c |= c << 32; + upper_hash ^= c ^ upper_hash_mask; + lower_hash ^= c ^ lower_hash_mask; + // table lookup + uint8_t x; + uint64_t h = 0; + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + x = upper_hash; x = t[x]; upper_hash >>= 8; h |= x; h=ROR64(h,8); + upper_hash = h; + + h = 0; + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + x = lower_hash; x = t[x]; lower_hash >>= 8; h |= x; h=ROR64(h,8); + lower_hash = h; + } + // store output + uint64_t *o; + o = (uint64_t*)&out[0]; + *o = upper_hash; + o = (uint64_t*)&out[8]; + *o = lower_hash; +} diff --git a/pearson.h b/pearson.h new file mode 100644 index 0000000..f021f41 --- /dev/null +++ b/pearson.h @@ -0,0 +1,3 @@ +void pearson_hash_256 (uint8_t *out, const uint8_t *in, size_t len); + +void pearson_hash_128 (uint8_t *out, const uint8_t *in, size_t len); diff --git a/speck.h b/speck.h index 3b8cba5..51df36b 100644 --- a/speck.h +++ b/speck.h @@ -2,6 +2,10 @@ // taken from (and modified: removed pure crypto-stream generation and seperated key expansion) // https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/ + +#ifndef SPECK_H +#define SPECK_H + #define u32 uint32_t #define u64 uint64_t @@ -61,3 +65,6 @@ int speck_he (unsigned char *out, const unsigned char *in, unsigned long long in int speck_expand_key_he (const unsigned char *k, speck_context_t *ctx); + + +#endif From e6e4999f19ed2e3c628a7e9eed20f7314c83731f Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 16 Jun 2020 23:06:06 +0545 Subject: [PATCH 3/6] woke up from a nightmare of missing typedefs --- header_encryption.c | 30 +++++++++++++++++++----------- header_encryption.h | 26 +++++++++++++++++++++----- n2n.h | 26 ++++++++++++++------------ sn_utils.c | 10 +++++++--- speck.c | 1 - speck.h | 1 + 6 files changed, 62 insertions(+), 32 deletions(-) diff --git a/header_encryption.c b/header_encryption.c index 8f7ab97..1966819 100644 --- a/header_encryption.c +++ b/header_encryption.c @@ -2,13 +2,15 @@ #include -#include "n2n.h" #include "random_numbers.h" #include "pearson.h" #include "portable_endian.h" -#include +#include // !!! + + +#define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out) uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len, @@ -45,6 +47,9 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len, int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, struct sn_community *communities) { + struct sn_community *c, *tmp; + + if (packet_len < 20) return (-1); @@ -62,25 +67,28 @@ int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len // most probably unencrypted - // TODO: - // !!! make sure, no downgrading happens here !!! - // NOT FOR DEFINETLY ENCRYPTED COMMUNITIES / NO DOWNGRADE, NO INJECTION - + // make sure, no downgrading happens here and no unencrypted packets can be + // injected in a community which definitely deals with encrypted headers + HASH_FIND_COMMUNITY(communities, (char *)&packet[04], c); + if (!c) + if (c->header_encryption == HEADER_ENCRYPTION_ENABLED) + return (-2); + // set 'no encryption' in case it is not set yet + c->header_encryption = HEADER_ENCRYPTION_NONE; return (HEADER_ENCRYPTION_NONE); } else { // most probably encrypted // cycle through the known communities (as keys) to eventually decrypt int32_t ret; - struct sn_community *c, *tmp; HASH_ITER (hh, communities, c, tmp) { // skip the definitely unencrypted communities if (c->header_encryption == HEADER_ENCRYPTION_NONE) continue; - if ( (ret = packet_header_decrypt (packet, packet_len, c->community, &(c->header_encryption_ctx))) ) { - // set to 'encrypted' + if ( (ret = packet_header_decrypt (packet, packet_len, c->community, c->header_encryption_ctx)) ) { + // set 'encrypted' in case it is not set yet c->header_encryption = HEADER_ENCRYPTION_ENABLED; - // no need to test any further + // no need to test further communities return (HEADER_ENCRYPTION_ENABLED); } } @@ -117,5 +125,5 @@ void packet_header_setup_key (char * community_name, he_context_t * ctx) { uint8_t key[16]; pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE); - speck_expand_key_he (key, ctx); + speck_expand_key_he (key, (speck_context_t*)ctx); } diff --git a/header_encryption.h b/header_encryption.h index f8a31cb..a4395e0 100644 --- a/header_encryption.h +++ b/header_encryption.h @@ -1,17 +1,33 @@ -#include + +#ifndef _HEADER_ENCRYPTION_H_ +#define _HEADER_ENCRYPTION_H_ + + +#include #include "speck.h" -typedef speck_context_t he_context_t; +#include "n2n.h" +//define he_context_t speck_context_t +typedef struct speck_context_t he_context_t; + + +/* Header encryption indicators */ #define HEADER_ENCRYPTION_UNKNOWN 0 #define HEADER_ENCRYPTION_NONE 1 #define HEADER_ENCRYPTION_ENABLED 2 -uint32_t decrypt_packet_header (uint8_t packet[], uint8_t packet_len, +uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len, char * community_name, he_context_t * ctx); -int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, he_context_t * ctx); -int32_t encryt_packet_header (uint8_t packet[], uint8_t header_len, he_context_t * ctx); +int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, + struct sn_community * communities); + + +int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx); + + +#endif diff --git a/n2n.h b/n2n.h index d05e9cf..8b510a5 100644 --- a/n2n.h +++ b/n2n.h @@ -111,7 +111,6 @@ typedef struct ether_hdr ether_hdr_t; #include #include #include "minilzo.h" -#include "header_encryption.h" #define closesocket(a) close(a) #endif /* #ifndef WIN32 */ @@ -180,6 +179,9 @@ typedef struct tuntap_dev { bits of transform_id; will be obsolete as soon as compression gets its own field in the packet. REVISIT then. */ +/* forward delcaration of header encryption context, see 'header_encryption.h' */ +typedef struct speck_context_t he_context_t; + #define DEFAULT_MTU 1290 /** Uncomment this to enable the MTU check, then try to ssh to generate a fragmented packet. */ @@ -228,7 +230,7 @@ typedef struct n2n_edge_conf { n2n_route_t *routes; /**< Networks to route through n2n */ n2n_community_t community_name; /**< The community. 16 full octets. */ uint8_t header_encryption; /**< Header encryption indicator. */ - he_context_t header_encryption_ctx; /**< Header encryption cipher context. */ + he_context_t *header_encryption_ctx; /**< Header encryption cipher context. */ n2n_transform_t transop_id; /**< The transop to use. */ uint16_t compression; /**< Compress outgoing data packets before encryption */ uint16_t num_routes; /**< Number of routes in routes */ @@ -259,6 +261,16 @@ typedef struct sn_stats time_t last_reg_super; /* Time when last REGISTER_SUPER was received. */ } sn_stats_t; + struct sn_community +{ + char community[N2N_COMMUNITY_SIZE]; + uint8_t header_encryption; /* Header encryption indicator. */ + he_context_t *header_encryption_ctx; /* Header encryption cipher context. */ + struct peer_info *edges; /* Link list of registered edges. */ + + UT_hash_handle hh; /* makes this structure hashable */ +}; + typedef struct n2n_sn { time_t start_time; /* Used to measure uptime. */ @@ -271,16 +283,6 @@ typedef struct sn_stats struct sn_community *communities; } n2n_sn_t; - struct sn_community -{ - char community[N2N_COMMUNITY_SIZE]; - uint8_t header_encryption; /* Header encryption indicator. */ - he_context_t header_encryption_ctx; /* Header encryption cipher context. */ - struct peer_info *edges; /* Link list of registered edges. */ - - UT_hash_handle hh; /* makes this structure hashable */ -}; - /* ************************************** */ #ifdef __ANDROID_NDK__ diff --git a/sn_utils.c b/sn_utils.c index ed1f85f..95a26b8 100644 --- a/sn_utils.c +++ b/sn_utils.c @@ -1,4 +1,5 @@ #include "n2n.h" +#include "header_encryption.h" #define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out) #define N2N_SN_LPORT_DEFAULT 7654 @@ -37,7 +38,7 @@ static int process_mgmt(n2n_sn_t *sss, static int process_udp(n2n_sn_t *sss, const struct sockaddr_in *sender_sock, - const uint8_t *udp_buf, + uint8_t *udp_buf, size_t udp_size, time_t now); @@ -372,13 +373,14 @@ static int process_mgmt(n2n_sn_t *sss, */ static int process_udp(n2n_sn_t *sss, const struct sockaddr_in *sender_sock, - const uint8_t *udp_buf, + uint8_t *udp_buf, size_t udp_size, time_t now) { n2n_common_t cmn; /* common fields in the packet header */ size_t rem; size_t idx; + int8_t he = HEADER_ENCRYPTION_UNKNOWN; size_t msg_type; uint8_t from_supernode; macstr_t mac_buf; @@ -390,6 +392,8 @@ static int process_udp(n2n_sn_t *sss, udp_size, intoa(ntohl(sender_sock->sin_addr.s_addr), buf, sizeof(buf)), ntohs(sender_sock->sin_port)); + he = packet_header_decrypt_if_required (udp_buf, udp_size, sss->communities); + /* Use decode_common() to determine the kind of packet then process it: * * REGISTER_SUPER adds an edge and generate a return REGISTER_SUPER_ACK @@ -781,4 +785,4 @@ int run_sn_loop(n2n_sn_t *sss, int *keep_running) sn_term(sss); return 0; -} \ No newline at end of file +} diff --git a/speck.c b/speck.c index 74a1426..a5ced78 100644 --- a/speck.c +++ b/speck.c @@ -3,7 +3,6 @@ // https://github.com/nsacyber/simon-speck-supercop/blob/master/crypto_stream/speck128256ctr/ #include -#include #include "portable_endian.h" #include "speck.h" diff --git a/speck.h b/speck.h index 51df36b..a456f77 100644 --- a/speck.h +++ b/speck.h @@ -6,6 +6,7 @@ #ifndef SPECK_H #define SPECK_H +#include #define u32 uint32_t #define u64 uint64_t From ec635aefa94296e0cda390966d9be323994cc7a7 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 16 Jun 2020 23:12:51 +0545 Subject: [PATCH 4/6] made header encryption indicator 8-bit type --- header_encryption.c | 4 ++-- header_encryption.h | 4 ++-- sn_utils.c | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/header_encryption.c b/header_encryption.c index 1966819..756d198 100644 --- a/header_encryption.c +++ b/header_encryption.c @@ -44,8 +44,8 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len, } -int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, - struct sn_community *communities) { +int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, + struct sn_community *communities) { struct sn_community *c, *tmp; diff --git a/header_encryption.h b/header_encryption.h index a4395e0..65b9709 100644 --- a/header_encryption.h +++ b/header_encryption.h @@ -23,8 +23,8 @@ uint32_t packet_header_decrypt (uint8_t packet[], uint8_t packet_len, char * community_name, he_context_t * ctx); -int32_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, - struct sn_community * communities); +int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, + struct sn_community * communities); int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx); diff --git a/sn_utils.c b/sn_utils.c index 95a26b8..b38e045 100644 --- a/sn_utils.c +++ b/sn_utils.c @@ -393,6 +393,8 @@ static int process_udp(n2n_sn_t *sss, ntohs(sender_sock->sin_port)); he = packet_header_decrypt_if_required (udp_buf, udp_size, sss->communities); + if (he < 0) + return -1; /* something wrong with packet decryption */ /* Use decode_common() to determine the kind of packet then process it: * From a553c8fe38374bd4e4c758e240441b254c360ae9 Mon Sep 17 00:00:00 2001 From: Logan007 Date: Tue, 16 Jun 2020 23:46:52 +0545 Subject: [PATCH 5/6] new communities have no header encryption --- sn.c | 11 ++++++++++- sn_utils.c | 5 ++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/sn.c b/sn.c index 9d7c26b..c14d5a9 100644 --- a/sn.c +++ b/sn.c @@ -19,6 +19,7 @@ /* Supernode for n2n-2.x */ #include "n2n.h" +#include "header_encryption.h" #ifdef WIN32 #include @@ -435,13 +436,14 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) { */ static int process_udp(n2n_sn_t * sss, const struct sockaddr_in * sender_sock, - const uint8_t * udp_buf, + uint8_t * udp_buf, size_t udp_size, time_t now) { n2n_common_t cmn; /* common fields in the packet header */ size_t rem; size_t idx; + int8_t he = HEADER_ENCRYPTION_UNKNOWN; size_t msg_type; uint8_t from_supernode; macstr_t mac_buf; @@ -453,6 +455,10 @@ static int process_udp(n2n_sn_t * sss, udp_size, intoa(ntohl(sender_sock->sin_addr.s_addr), buf, sizeof(buf)), ntohs(sender_sock->sin_port)); + he = packet_header_decrypt_if_required (udp_buf, udp_size, sss->communities); + if (he < 0) + return -1; /* something wrong during packet decryption */ + /* Use decode_common() to determine the kind of packet then process it: * * REGISTER_SUPER adds an edge and generate a return REGISTER_SUPER_ACK @@ -622,6 +628,9 @@ static int process_udp(n2n_sn_t * sss, if(comm) { strncpy(comm->community, (char*)cmn.community, N2N_COMMUNITY_SIZE-1); comm->community[N2N_COMMUNITY_SIZE-1] = '\0'; + /* new communities introduced by REGISTERs could not have had encrypted header */ + comm->header_encryption = HEADER_ENCRYPTION_NONE; + HASH_ADD_STR(sss->communities, community, comm); traceEvent(TRACE_INFO, "New community: %s", comm->community); diff --git a/sn_utils.c b/sn_utils.c index b38e045..51742f7 100644 --- a/sn_utils.c +++ b/sn_utils.c @@ -394,7 +394,7 @@ static int process_udp(n2n_sn_t *sss, he = packet_header_decrypt_if_required (udp_buf, udp_size, sss->communities); if (he < 0) - return -1; /* something wrong with packet decryption */ + return -1; /* something wrong during packet decryption */ /* Use decode_common() to determine the kind of packet then process it: * @@ -577,6 +577,9 @@ static int process_udp(n2n_sn_t *sss, { strncpy(comm->community, (char *)cmn.community, N2N_COMMUNITY_SIZE - 1); comm->community[N2N_COMMUNITY_SIZE - 1] = '\0'; + /* new communities introduced by REGISTERs could not have had encrypted header */ + comm->header_encryption = HEADER_ENCRYPTION_NONE; + HASH_ADD_STR(sss->communities, community, comm); traceEvent(TRACE_INFO, "New community: %s", comm->community); From 9d62263eca186a7a278852270c8eec351a39ce3f Mon Sep 17 00:00:00 2001 From: Logan007 Date: Wed, 17 Jun 2020 01:27:02 +0545 Subject: [PATCH 6/6] having supernode running again (unencryptedly) --- header_encryption.c | 2 ++ header_encryption.h | 14 ++++++++------ sn.c | 13 +++++++++++++ sn_utils.c | 8 +++++++- 4 files changed, 30 insertions(+), 7 deletions(-) diff --git a/header_encryption.c b/header_encryption.c index 756d198..7866eff 100644 --- a/header_encryption.c +++ b/header_encryption.c @@ -75,6 +75,7 @@ int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, return (-2); // set 'no encryption' in case it is not set yet c->header_encryption = HEADER_ENCRYPTION_NONE; + c->header_encryption_ctx = NULL; return (HEADER_ENCRYPTION_NONE); } else { @@ -125,5 +126,6 @@ void packet_header_setup_key (char * community_name, he_context_t * ctx) { uint8_t key[16]; pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE); + ctx = calloc(1, sizeof(speck_context_t)); speck_expand_key_he (key, (speck_context_t*)ctx); } diff --git a/header_encryption.h b/header_encryption.h index 65b9709..dec8911 100644 --- a/header_encryption.h +++ b/header_encryption.h @@ -1,14 +1,13 @@ - - -#ifndef _HEADER_ENCRYPTION_H_ -#define _HEADER_ENCRYPTION_H_ +//#ifndef _HEADER_ENCRYPTION_H_ +//#define _HEADER_ENCRYPTION_H_ #include -#include "speck.h" #include "n2n.h" +#include "speck.h" + //define he_context_t speck_context_t typedef struct speck_context_t he_context_t; @@ -30,4 +29,7 @@ int8_t packet_header_decrypt_if_required (uint8_t packet[], uint16_t packet_len, int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx); -#endif +void packet_header_setup_key (char * community_name, he_context_t * ctx); + + +// #endif diff --git a/sn.c b/sn.c index c14d5a9..72d8a9f 100644 --- a/sn.c +++ b/sn.c @@ -81,6 +81,8 @@ static void deinit_sn(n2n_sn_t * sss) HASH_ITER(hh, sss->communities, community, tmp) { clear_peer_list(&community->edges); + if (NULL != community->header_encryption_ctx) + free (community->header_encryption_ctx); HASH_DEL(sss->communities, community); free(community); } @@ -390,6 +392,8 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) { HASH_ITER(hh, sss->communities, s, tmp) { HASH_DEL(sss->communities, s); + if (NULL != s->header_encryption_ctx) + free (s->header_encryption_ctx); free(s); } @@ -413,7 +417,12 @@ static int load_allowed_sn_community(n2n_sn_t *sss, char *path) { if(s != NULL) { strncpy((char*)s->community, line, N2N_COMMUNITY_SIZE-1); s->community[N2N_COMMUNITY_SIZE-1] = '\0'; + /* we do not know if header encryption is used in this community, + * first packet will show. just in case, setup the key. */ + s->header_encryption = HEADER_ENCRYPTION_UNKNOWN; + packet_header_setup_key (s->community, s->header_encryption_ctx); HASH_ADD_STR(sss->communities, community, s); + num_communities++; traceEvent(TRACE_INFO, "Added allowed community '%s' [total: %u]", (char*)s->community, num_communities); @@ -630,6 +639,7 @@ static int process_udp(n2n_sn_t * sss, comm->community[N2N_COMMUNITY_SIZE-1] = '\0'; /* new communities introduced by REGISTERs could not have had encrypted header */ comm->header_encryption = HEADER_ENCRYPTION_NONE; + comm->header_encryption_ctx = NULL; HASH_ADD_STR(sss->communities, community, comm); @@ -1122,6 +1132,9 @@ static int run_loop(n2n_sn_t * sss) { if((comm->edges == NULL) && (!sss->lock_communities)) { traceEvent(TRACE_INFO, "Purging idle community %s", comm->community); + if (NULL != comm->header_encryption_ctx) + /* this should not happen as no 'locked' and thus only communities w/o encrypted header here */ + free (comm->header_encryption_ctx); HASH_DEL(sss->communities, comm); free(comm); } diff --git a/sn_utils.c b/sn_utils.c index 51742f7..256e3af 100644 --- a/sn_utils.c +++ b/sn_utils.c @@ -226,6 +226,8 @@ void sn_term(n2n_sn_t *sss) HASH_ITER(hh, sss->communities, community, tmp) { clear_peer_list(&community->edges); + if (NULL != community->header_encryption_ctx) + free (community->header_encryption_ctx); HASH_DEL(sss->communities, community); free(community); } @@ -579,6 +581,7 @@ static int process_udp(n2n_sn_t *sss, comm->community[N2N_COMMUNITY_SIZE - 1] = '\0'; /* new communities introduced by REGISTERs could not have had encrypted header */ comm->header_encryption = HEADER_ENCRYPTION_NONE; + comm->header_encryption_ctx = NULL; HASH_ADD_STR(sss->communities, community, comm); @@ -780,7 +783,10 @@ int run_sn_loop(n2n_sn_t *sss, int *keep_running) if ((comm->edges == NULL) && (!sss->lock_communities)) { traceEvent(TRACE_INFO, "Purging idle community %s", comm->community); - HASH_DEL(sss->communities, comm); + if (NULL != comm->header_encryption_ctx) + /* this should not happen as no 'locked' and thus only communities w/o encrypted header here */ + free (comm->header_encryption_ctx); + HASH_DEL(sss->communities, comm); free(comm); } }