kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

removed minor tranform version

pull/358/head
Logan007 4 years ago
parent
052127734e
commit
c2cae9d02e
4 changed files with 22 additions and 103 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      src/transform_aes.c
  2. 21
      src/transform_cc20.c
  3. 22
      src/transform_speck.c
  4. 61
      src/transform_tf.c

21
src/transform_aes.c
View File

@ -25,7 +25,6 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#define N2N_AES_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_AES_IVEC_SIZE (AES_BLOCK_SIZE)
#define AES256_KEY_BYTES (256/8)
@ -33,13 +32,12 @@
#define AES128_KEY_BYTES (128/8)
/* AES plaintext preamble */
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_AES_IV_SEED_SIZE 8 /* size of transmitted random part of IV in bytes; could range
* from 0=lowest security (constant IV) to 16=higest security
* (fully random IV); default=8 */
#define TRANSOP_AES_IV_PADDING_SIZE (N2N_AES_IVEC_SIZE - TRANSOP_AES_IV_SEED_SIZE)
#define TRANSOP_AES_IV_KEY_BYTES (AES128_KEY_BYTES) /* use AES128 for IV encryption */
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_IV_SEED_SIZE)
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_IV_SEED_SIZE)
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
@ -138,12 +136,11 @@ static void set_aes_cbc_iv(transop_aes_t *priv, n2n_aes_ivec_t ivec, uint8_t * i
/** The aes packet format consists of:
*
* - a 8-bit aes encoding version in clear text
* - a TRANSOP_AES_IV_SEED_SIZE-sized [bytes] random IV seed
* - encrypted payload.
*
* [V|II|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
* [II|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_aes(n2n_trans_op_t * arg,
uint8_t * outbuf,
@ -165,9 +162,6 @@ static int transop_encode_aes(n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "encode_aes %lu", in_len);
/* Encode the aes format version. */
encode_uint8(outbuf, &idx, N2N_AES_TRANSFORM_VERSION);
/* Generate and encode the IV seed using as many calls to n2n_rand() as neccessary.
* Note: ( N2N_AES_IV_SEED_SIZE % sizeof(rand_value) ) not neccessarily equals 0. */
uint64_t rand_value;
@ -257,18 +251,13 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
uint8_t assembly[N2N_PKT_BUF_SIZE];
if(((in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least version, iv seed */
&& (in_len >= TRANSOP_AES_PREAMBLE_SIZE) /* Has at least iv seed */
)
{
size_t rem=in_len;
size_t idx=0;
uint8_t aes_enc_ver=0;
uint8_t iv_seed[TRANSOP_AES_IV_SEED_SIZE];
/* Get the encoding version to make sure it is supported */
decode_uint8(&aes_enc_ver, inbuf, &rem, &idx );
if(N2N_AES_TRANSFORM_VERSION == aes_enc_ver) {
/* Get the IV seed */
decode_buf((uint8_t *)&iv_seed, TRANSOP_AES_IV_SEED_SIZE, inbuf, &rem, &idx);
@ -336,8 +325,6 @@ static int transop_decode_aes(n2n_trans_op_t * arg,
traceEvent(TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE);
len = 0;
}
} else
traceEvent(TRACE_ERROR, "decode_aes unsupported aes version %u.", aes_enc_ver);
} else
traceEvent(TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len);

21
src/transform_cc20.c
View File

@ -24,14 +24,12 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#define N2N_CC20_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_CC20_IVEC_SIZE 16
#define CC20_KEY_BYTES (256/8)
/* ChaCha20 plaintext preamble */
#define TRANSOP_CC20_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_CC20_PREAMBLE_SIZE (TRANSOP_CC20_VER_SIZE + N2N_CC20_IVEC_SIZE)
#define TRANSOP_CC20_PREAMBLE_SIZE (N2N_CC20_IVEC_SIZE)
typedef unsigned char n2n_cc20_ivec_t[N2N_CC20_IVEC_SIZE];
@ -89,12 +87,11 @@ static void set_cc20_iv(transop_cc20_t *priv, n2n_cc20_ivec_t ivec) {
/** The ChaCha20 packet format consists of:
*
* - a 8-bit cc20 encoding version in clear text
* - a 128-bit random IV
* - encrypted payload.
*
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_cc20(n2n_trans_op_t * arg,
uint8_t * outbuf,
@ -113,9 +110,6 @@ static int transop_encode_cc20(n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "encode_cc20 %lu bytes", in_len);
/* Encode the ChaCha20 format version. */
encode_uint8(outbuf, &idx, N2N_CC20_TRANSFORM_VERSION);
/* Generate and encode the IV. */
set_cc20_iv(priv, enc_ivec);
encode_buf(outbuf, &idx, &enc_ivec, N2N_CC20_IVEC_SIZE);
@ -177,18 +171,13 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
uint8_t assembly[N2N_PKT_BUF_SIZE];
if(((in_len - TRANSOP_CC20_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in assembly */
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least version, iv */
&& (in_len >= TRANSOP_CC20_PREAMBLE_SIZE) /* Has at least iv */
)
{
size_t rem=in_len;
size_t idx=0;
uint8_t cc20_enc_ver=0;
n2n_cc20_ivec_t dec_ivec = {0};
/* Get the encoding version to make sure it is supported */
decode_uint8(&cc20_enc_ver, inbuf, &rem, &idx );
if(N2N_CC20_TRANSFORM_VERSION == cc20_enc_ver) {
traceEvent(TRACE_DEBUG, "decode_cc20 %lu bytes", in_len);
len = (in_len - TRANSOP_CC20_PREAMBLE_SIZE);
@ -221,8 +210,6 @@ static int transop_decode_cc20(n2n_trans_op_t * arg,
EVP_CIPHER_CTX_reset(ctx);
memcpy(outbuf, assembly, len);
} else
traceEvent(TRACE_ERROR, "decode_cc20 unsupported ChaCha20 version %u.", cc20_enc_ver);
} else
traceEvent(TRACE_ERROR, "decode_cc20 inbuf wrong size (%ul) to decrypt.", in_len);

22
src/transform_speck.c
View File

@ -18,14 +18,12 @@
#include "n2n.h"
#define N2N_SPECK_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_SPECK_IVEC_SIZE 16
#define SPECK_KEY_BYTES (256/8)
/* Speck plaintext preamble */
#define TRANSOP_SPECK_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_SPECK_PREAMBLE_SIZE (TRANSOP_SPECK_VER_SIZE + N2N_SPECK_IVEC_SIZE)
#define TRANSOP_SPECK_PREAMBLE_SIZE (N2N_SPECK_IVEC_SIZE)
typedef unsigned char n2n_speck_ivec_t[N2N_SPECK_IVEC_SIZE];
@ -64,12 +62,11 @@ static void set_speck_iv(transop_speck_t *priv, n2n_speck_ivec_t ivec) {
/** The Speck packet format consists of:
*
* - a 8-bit speck encoding version in clear text
* - a 128-bit random IV
* - encrypted payload.
*
* [V|IIII|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
* [IIII|DDDDDDDDDDDDDDDDDDDDD]
* |<---- encrypted ---->|
*/
static int transop_encode_speck(n2n_trans_op_t * arg,
uint8_t * outbuf,
@ -87,9 +84,6 @@ static int transop_encode_speck(n2n_trans_op_t * arg,
traceEvent(TRACE_DEBUG, "encode_speck %lu bytes", in_len);
/* Encode the Speck format version. */
encode_uint8(outbuf, &idx, N2N_SPECK_TRANSFORM_VERSION);
/* Generate and encode the IV. */
set_speck_iv(priv, enc_ivec);
encode_buf(outbuf, &idx, &enc_ivec, N2N_SPECK_IVEC_SIZE);
@ -129,18 +123,13 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
transop_speck_t * priv = (transop_speck_t *)arg->priv;
if(((in_len - TRANSOP_SPECK_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE) /* Cipher text fits in buffer */
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least version, iv */
&& (in_len >= TRANSOP_SPECK_PREAMBLE_SIZE) /* Has at least iv */
)
{
size_t rem=in_len;
size_t idx=0;
uint8_t speck_enc_ver=0;
n2n_speck_ivec_t dec_ivec = {0};
/* Get the encoding version to make sure it is supported */
decode_uint8(&speck_enc_ver, inbuf, &rem, &idx );
if(N2N_SPECK_TRANSFORM_VERSION == speck_enc_ver) {
traceEvent(TRACE_DEBUG, "decode_speck %lu bytes", in_len);
len = (in_len - TRANSOP_SPECK_PREAMBLE_SIZE);
@ -155,8 +144,6 @@ static int transop_decode_speck(n2n_trans_op_t * arg,
#endif
traceEvent(TRACE_DEBUG, "decode_speck: decrypted %u bytes.\n", len);
} else
traceEvent(TRACE_ERROR, "decode_speck unsupported Speck version %u.", speck_enc_ver);
} else
traceEvent(TRACE_ERROR, "decode_speck inbuf wrong size (%ul) to decrypt.", in_len);
@ -215,4 +202,3 @@ int n2n_transop_speck_init(const n2n_edge_conf_t *conf, n2n_trans_op_t *ttt) {
/* Setup the cipher and key */
return(setup_speck_key(priv, encrypt_key, encrypt_key_len));
}

61
src/transform_tf.c
View File

@ -18,9 +18,6 @@
#include "n2n.h"
#define N2N_TWOFISH_NUM_SA 32 /* space for SAa */
#define N2N_TWOFISH_TRANSFORM_VERSION 1 /* version of the transform encoding */
typedef struct transop_tf {
TWOFISH* enc_tf; /* tx state */
@ -39,18 +36,14 @@ static int transop_deinit_twofish( n2n_trans_op_t * arg ) {
return 0;
}
#define TRANSOP_TF_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_TF_NONCE_SIZE 4
#define TRANSOP_TF_SA_SIZE 4
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
* [nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_encode_twofish( n2n_trans_op_t * arg,
uint8_t * outbuf,
@ -66,18 +59,9 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
{
if ( (in_len + TRANSOP_TF_NONCE_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_VER_SIZE) <= out_len )
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= out_len )
{
size_t idx=0;
uint32_t sa_id=0; // Not used
traceEvent(TRACE_DEBUG, "encode_twofish %lu", in_len);
/* Encode the twofish format version. */
encode_uint8( outbuf, &idx, N2N_TWOFISH_TRANSFORM_VERSION );
/* Encode the security association (SA) number */
encode_uint32( outbuf, &idx, sa_id );
/* The assembly buffer is a source for encrypting data. The nonce is
* written in first followed by the packet payload. The whole
@ -88,14 +72,10 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
/* Encrypt the assembly contents and write the ciphertext after the SA. */
len = TwoFishEncryptRaw( assembly, /* source */
outbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE,
outbuf,
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
priv->enc_tf);
if ( len > 0 )
{
len += TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE; /* size of data carried in UDP. */
}
else
if ( len <= 0 )
{
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
}
@ -114,15 +94,7 @@ static int transop_encode_twofish( n2n_trans_op_t * arg,
return len;
}
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_decode_twofish( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
@ -134,26 +106,15 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
transop_tf_t * priv = (transop_tf_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE];
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) /* Has at least version, SA and nonce */
if ( ( in_len <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= TRANSOP_TF_NONCE_SIZE ) /* Has at least nonce */
) {
size_t rem=in_len;
size_t idx=0;
uint8_t tf_enc_ver=0;
uint32_t sa_rx=0; // Not used
/* Get the encoding version to make sure it is supported */
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
if ( N2N_TWOFISH_TRANSFORM_VERSION == tf_enc_ver ) {
/* Get the SA number and make sure we are decrypting with the right one. */
decode_uint32( &sa_rx, inbuf, &rem, &idx );
traceEvent(TRACE_DEBUG, "decode_twofish %lu", in_len);
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
len = TwoFishDecryptRaw( (void *)inbuf,
assembly, /* destination */
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
in_len,
priv->dec_tf);
if(len > 0) {
@ -165,8 +126,6 @@ static int transop_decode_twofish( n2n_trans_op_t * arg,
len );
} else
traceEvent(TRACE_ERROR, "decode_twofish decryption failed");
} else
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
} else
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );

Write Preview
Loading…
Cancel
Save