billchenchina/n2n
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

New upstream version 3.1.1

Browse source
This commit is contained in:
billchenchina 2022-11-15 08:50:35 +08:00
parent 4e9934e5ec
commit e7b41df57b
229 changed files with 57000 additions and 12055 deletions
Download patch file Download diff file Expand all files Collapse all files

33
legacy/README.md Normal file
View file

@ -0,0 +1,33 @@
# Removed Features
This folder contains a list N2N legacy features which have been dropped due to
maintainance cost versus effective use and benefits.
Multiple Transops
-----------------
N2N used to initialize all the available transops and use the "tick" function of
the transops to decide which transop to use before sending a packet. This however
has the following problems:
- It only works with the keyfile, whereas with normal encryption we inizialize and
keep structures that we don't need.
- It is unfeasable as an edge node is required to implement all the transops in order
to properly talk with other edge nodes (via keyfile).
- It rises the complexity of the code.
- It is not clear which transop will be used.
- Mixing multiple encyptions together is not necessarily a good idea to improve security
as a vulnerability in at least one encryption method will leak some information.
Keyfile and Key Rotation
------------------------
The keyfile mechanism allowed N2N users to specify a keyfile to be used to periodically
rotate keys and encryption methods. However, it has the following problems:
- This feature is obscure for most of the users and poorly documented.
- It is tightly integrated in the core whereas it is used by only a few people (if any).
In conclusion the main problem is the complexity that it adds to the code. In a possible
future rework this could be integrated as an extention (e.g. a specific trasop) without
rising the core complexity.

103
legacy/edge_keyschedule.c Normal file
View file

@ -0,0 +1,103 @@
typedef struct n2n_tostat {
uint8_t can_tx; /* Does this transop have a valid SA for encoding. */
n2n_cipherspec_t tx_spec; /* If can_tx, the spec used to encode. */
} n2n_tostat_t;
typedef uint32_t n2n_sa_t; /* security association number */
typedef int (*n2n_transaddspec_f)( struct n2n_trans_op * arg,
const n2n_cipherspec_t * cspec );
typedef n2n_tostat_t (*n2n_transtick_f)( struct n2n_trans_op * arg,
time_t now );
/** Read in a key-schedule file, parse the lines and pass each line to the
* appropriate trans_op for parsing of key-data and adding key-schedule
* entries. The lookup table of time->trans_op is constructed such that
* encoding can be passed to the correct trans_op. The trans_op internal table
* will then determine the best SA for that trans_op from the key schedule to
* use for encoding. */
static int edge_init_keyschedule(n2n_edge_t *eee) {
#define N2N_NUM_CIPHERSPECS 32
int retval = -1;
ssize_t numSpecs=0;
n2n_cipherspec_t specs[N2N_NUM_CIPHERSPECS];
size_t i;
time_t now = time(NULL);
numSpecs = n2n_read_keyfile(specs, N2N_NUM_CIPHERSPECS, eee->conf.keyschedule);
if(numSpecs > 0)
{
traceEvent(TRACE_NORMAL, "keyfile = %s read -> %d specs.\n", optarg, (signed int)numSpecs);
for (i=0; i < (size_t)numSpecs; ++i)
{
n2n_transform_t idx = (n2n_transform_t) specs[i].t;
if(idx != eee->transop.transform_id) {
traceEvent(TRACE_ERROR, "changing transop in keyschedule is not supported");
retval = -1;
}
if(eee->transop.addspec != NULL)
retval = eee->transop.addspec(&eee->transop, &(specs[i]));
if (0 != retval)
{
traceEvent(TRACE_ERROR, "keyschedule failed to add spec[%u] to transop[%d].\n",
(unsigned int)i, idx);
return retval;
}
}
n2n_tick_transop(eee, now);
}
else
traceEvent(TRACE_ERROR, "Failed to process '%s'", eee->conf.keyschedule);
return retval;
}
#if 0
if(recvlen >= 6)
{
if(0 == memcmp(udp_buf, "reload", 6))
{
if(strlen(eee->conf.keyschedule) > 0)
{
if(edge_init_keyschedule(eee) == 0)
{
msg_len=0;
msg_len += snprintf((char *)(udp_buf+msg_len), (N2N_PKT_BUF_SIZE-msg_len),
"> OK\n");
sendto(eee->udp_mgmt_sock, udp_buf, msg_len, 0/*flags*/,
(struct sockaddr *)&sender_sock, sizeof(struct sockaddr_in));
}
return;
}
}
}
#endif
#if 0
case'K':
{
if(conf->encrypt_key) {
traceEvent(TRACE_ERROR, "Error: -K and -k options are mutually exclusive");
exit(1);
} else {
strncpy(conf->keyschedule, optargument, N2N_PATHNAME_MAXLEN-1);
/* strncpy does not add NULL if the source has no NULL. */
conf->keyschedule[N2N_PATHNAME_MAXLEN-1] = 0;
traceEvent(TRACE_NORMAL, "keyfile = '%s'\n", conf->keyschedule);
}
break;
}
#endif
#if 0
printf("-K <key file> | Specify a key schedule file to load. Not with -k.\n");
#endif

44
legacy/gen_keyfile.py Executable file
View file

@ -0,0 +1,44 @@
#!/usr/bin/env python
# (c) 2009 Richard Andrews <andrews@ntop.org>
# Program to generate a n2n_edge key schedule file for twofish keys
# Each key line consists of the following element
# <from> <until> <txfrm> <opaque>
#
# where <from>, <until> are UNIX time_t values of key valid period
# <txfrm> is the transform ID (=2 for twofish)
# <opaque> is twofish-specific data as follows
# <sec_id>_<hex_key>
import os
import sys
import time
import random
NUM_KEYS=30
KEY_LIFE=300
KEY_LEN=16
now=time.time()
start_sa=random.randint( 0, 0xffffffff )
random.seed(now) # note now is a floating point time value
def rand_key():
key=str()
for i in range(0,KEY_LEN):
key += "%02x"%( random.randint( 0, 255) )
return key
for i in range(0,NUM_KEYS):
from_time = now + (KEY_LIFE * (i-1) )
until_time = now + (KEY_LIFE * (i+1) )
key = rand_key()
sa_idx = start_sa + i
transform_id = random.randint( 2, 3 )
sys.stdout.write("%d %d %d %d_%s\n"%(from_time, until_time, transform_id,sa_idx, key) )

216
legacy/n2n_keyfile.c Normal file
View file

@ -0,0 +1,216 @@
/**
* (C) 2007-18 - ntop.org and contributors
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not see see <http://www.gnu.org/licenses/>
*
*/
#include "n2n.h"
#include "n2n_keyfile.h"
#include <errno.h>
#include <stdio.h>
#include <time.h>
#include <string.h>
#ifdef WIN32
char *strsep( char **ppsz_string, const char *psz_delimiters )
{
char *p;
char *psz_string = *ppsz_string;
if( !psz_string )
return NULL;
p = strpbrk( psz_string, psz_delimiters );
if( !p )
{
*ppsz_string = NULL;
return psz_string;
}
*p++ = '\0';
*ppsz_string = p;
return psz_string;
}
#endif
/* Parse hex nibbles in ascii until a non-nibble character is found. Nibble
* characters are 0-9, a-f and A-F.
*
* Return number of bytes parsed into keyBuf or a negative error code.
*/
ssize_t n2n_parse_hex( uint8_t * keyBuf,
size_t keyLen,
const char * textKey,
size_t textLen)
{
ssize_t retval=0;
uint8_t * pout=keyBuf;
size_t octet=0;
const char * textEnd;
const char * pbeg;
textEnd = textKey+textLen;
pbeg=textKey;
while ( ( pbeg + 1 < textEnd ) && ( retval < (ssize_t)keyLen ) )
{
if ( 1 != sscanf( pbeg, "%02x", (unsigned int*)&octet ) )
{
retval=-1;
break;
}
*pout = (octet & 0xff);
++pout;
++retval;
pbeg += 2;
}
return retval;
}
static int parseKeyLine( n2n_cipherspec_t * spec,
const char * linein )
{
/* parameters are separated by whitespace */
char line[N2N_KEYFILE_LINESIZE];
char * lp=line;
const char * token;
strncpy( line, linein, N2N_KEYFILE_LINESIZE );
memset( spec, 0, sizeof( n2n_cipherspec_t ) );
/* decode valid_from time */
token = strsep( &lp, DELIMITERS );
if ( !token ) { goto error; }
spec->valid_from = atol(token);
/* decode valid_until time */
token = strsep( &lp, DELIMITERS );
if ( !token ) { goto error; }
spec->valid_until = atol(token);
/* decode the transform number */
token = strsep( &lp, DELIMITERS );
if ( !token ) { goto error; }
spec->t = atoi(token);
/* The reset if opaque key data */
token = strsep( &lp, DELIMITERS );
if ( !token ) { goto error; }
strncpy( (char *)spec->opaque, token, N2N_MAX_KEYSIZE );
spec->opaque_size=strlen( (char *)spec->opaque);
return 0;
error:
return -1;
}
#define SEP "/"
int validCipherSpec( const n2n_cipherspec_t * k,
time_t now )
{
if ( k->valid_until < k->valid_from ) { goto bad; }
if ( k->valid_from > now ) { goto bad; }
if ( k->valid_until < now ) { goto bad; }
return 0;
bad:
return -1;
}
/* Read key control file and return the number of specs stored or a negative
* error code.
*
* As the specs are read in the from and until time values are compared to
* present time. Only those keys which are valid are stored.
*/
int n2n_read_keyfile( n2n_cipherspec_t * specs, /* fill out this array of cipherspecs */
size_t numspecs, /* number of slots in the array. */
const char * ctrlfile_path ) /* path to control file */
{
/* Each line contains one cipherspec. */
int retval=0;
FILE * fp=NULL;
size_t idx=0;
time_t now = time(NULL);
traceEvent( TRACE_DEBUG, "Reading '%s'\n", ctrlfile_path );
fp = fopen( ctrlfile_path, "r" );
if ( fp )
{
/* Read the file a line a time with fgets. */
char line[N2N_KEYFILE_LINESIZE];
size_t lineNum=0;
while ( idx < numspecs )
{
n2n_cipherspec_t * k = &(specs[idx]);
fgets( line, N2N_KEYFILE_LINESIZE, fp );
++lineNum;
if ( strlen(line) > 1 )
{
if ( 0 == parseKeyLine( k, line ) )
{
if ( k->valid_until > now )
{
traceEvent( TRACE_INFO, " --> [%u] from %lu, until %lu, transform=%hu, data=%s\n",
idx, k->valid_from, k->valid_until, k->t, k->opaque );
++retval;
++idx;
}
else
{
traceEvent( TRACE_INFO, " --X [%u] from %lu, until %lu, transform=%hu, data=%s\n",
idx, k->valid_from, k->valid_until, k->t, k->opaque );
}
}
else
{
traceEvent( TRACE_WARNING, "Failed to decode line %u\n", lineNum );
}
}
if ( feof(fp) )
{
break;
}
line[0]=0; /* this line has been consumed */
}
fclose( fp);
fp=NULL;
}
else
{
traceEvent( TRACE_ERROR, "Failed to open '%s'\n", ctrlfile_path );
retval = -1;
}
return retval;
}

117
legacy/n2n_keyfile.h Normal file
View file

@ -0,0 +1,117 @@
/**
* (C) 2007-18 - ntop.org and contributors
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not see see <http://www.gnu.org/licenses/>
*
*/
/** Key files
*
* Edge implements a very simple interface for getting instructions about
* rolling keys.
*
* Key definitions are written as individual files in <transform>/<sa>.key. The
* format of each key is a single line of hex nibbles as follows:
*
* 0102030405060708090a0b0c0d0e0f
*
* Any external key exchange mechanism can receive the key data write it into
* the keyfiles.
*
* To control which keys are active at what times the key control file is
* used. This is a single file which is periodically reread. It contains key
* definitions in chronological order with one line per key definition as
* follows:
*
* <valid_from> <valid_until> <transform> <opaque>
*
* edge reads the key control file periodically to get updates in policy. edge
* holds a number of keys in memory. Data can be decoded if it was encoded by
* any of the keys still in memory. By having at least 2 keys in memory it
* allows for clock skew and transmission delay when encoder and decoder roll
* keys at slightly different times. The amount of overlap in the valid time
* ranges provides the tolerance to timing skews in the system.
*
* The keys have the same level of secrecy as any other user file. Existing
* UNIX permission systems can be used to provide access controls.
*
*/
/** How Edge Uses The Key Schedule
*
* Edge provides state space for a number of transform algorithms. Each
* transform uses its state space to store the SA information for its keys as
* found in the key file. When a packet is received the transform ID is in
* plain text. The packets is then sent to that transform for decoding. Each
* transform can store its SA numbers differently (or not at all). The
* transform code then finds the SA number, then finds the cipher (with key) in
* the state space and uses this to decode the packet.
*
* To support this, as edge reads each key line, it passes it to the
* appropriate transform to parse the line and store the SA information in its
* state space.
*
* When encoding a packet, edge has several transforms and potentially valid
* SAs to choose from. To keep track of which one to use for encoding edge does
* its own book-keeping as each key line is passed to the transform code: it
* stores a lookup of valid_from -> transform. When encoding a packet it then
* just calls the transform with the best valid_from in the table. The
* transform's own state space has all the SAs for its keys and the best of
* those is chosen.
*/
#if !defined( N2N_KEYFILE_H_ )
#define N2N_KEYFILE_H_
#include "n2n_wire.h"
#include <time.h>
#define N2N_MAX_KEYSIZE 256 /* bytes */
#define N2N_MAX_NUM_CIPHERSPECS 8
#define N2N_KEYPATH_SIZE 256
#define N2N_KEYFILE_LINESIZE 256
/** This structure stores an encryption cipher spec. */
struct n2n_cipherspec
{
n2n_transform_t t; /* N2N_TRANSFORM_ID_xxx for this spec. */
time_t valid_from; /* Start using the key at this time. */
time_t valid_until; /* Key is valid if time < valid_until. */
uint16_t opaque_size; /* Size in bytes of key. */
uint8_t opaque[N2N_MAX_KEYSIZE];/* Key matter. */
};
typedef struct n2n_cipherspec n2n_cipherspec_t;
static const char * const DELIMITERS=" \t\n\r";
/** @return number of cipherspec items filled. */
int n2n_read_keyfile( n2n_cipherspec_t * specs, /* fill out this array of cipherspecs */
size_t numspecs, /* number of slots in the array. */
const char * ctrlfile_path ); /* path to control file */
int validCipherSpec( const n2n_cipherspec_t * k,
time_t now );
ssize_t n2n_parse_hex( uint8_t * keyBuf,
size_t keyMax,
const char * textKey,
size_t textLen );
/*----------------------------------------------------------------------------*/
#endif /* #if !defined( N2N_KEYFILE_H_ ) */

730
legacy/transform_aes.c Normal file
View file

@ -0,0 +1,730 @@
/**
* (C) 2007-18 - ntop.org and contributors
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not see see <http://www.gnu.org/licenses/>
*
*/
#include "n2n.h"
#include "n2n_transforms.h"
#if defined(N2N_HAVE_AES)
#include "openssl/aes.h"
#include "openssl/sha.h"
#ifndef _MSC_VER
/* Not included in Visual Studio 2008 */
#include <strings.h> /* index() */
#endif
#define N2N_AES_NUM_SA 32 /* space for SAa */
#define N2N_AES_TRANSFORM_VERSION 1 /* version of the transform encoding */
#define N2N_AES_IVEC_SIZE 32 /* Enough space for biggest AES ivec */
#define AES256_KEY_BYTES (256/8)
#define AES192_KEY_BYTES (192/8)
#define AES128_KEY_BYTES (128/8)
typedef unsigned char n2n_aes_ivec_t[N2N_AES_IVEC_SIZE];
struct sa_aes
{
n2n_cipherspec_t spec; /* cipher spec parameters */
n2n_sa_t sa_id; /* security association index */
AES_KEY enc_key; /* tx key */
AES_KEY dec_key; /* tx key */
AES_KEY iv_enc_key; /* key used to encrypt the IV */
uint8_t iv_ext_val[AES128_KEY_BYTES]; /* key used to extend the random IV seed to full block size */
};
typedef struct sa_aes sa_aes_t;
/** Aes transform state data.
*
* With a key-schedule in place this will be populated with a number of
* SAs. Each SA has a lifetime and some opque data. The opaque data for aes
* consists of the SA number and key material.
*
*/
struct transop_aes
{
ssize_t tx_sa;
size_t num_sa;
sa_aes_t sa[N2N_AES_NUM_SA];
u_int8_t psk_mode;
};
typedef struct transop_aes transop_aes_t;
static ssize_t aes_find_sa( const transop_aes_t * priv, const n2n_sa_t req_id );
static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_size, size_t sa_num);
static int transop_deinit_aes( n2n_trans_op_t * arg )
{
transop_aes_t * priv = (transop_aes_t *)arg->priv;
size_t i;
if ( priv )
{
/* Memory was previously allocated */
for (i=0; i<N2N_AES_NUM_SA; ++i )
{
sa_aes_t * sa = &(priv->sa[i]);
sa->sa_id=0;
}
priv->num_sa=0;
priv->tx_sa=-1;
free(priv);
}
arg->priv=NULL; /* return to fully uninitialised state */
return 0;
}
static size_t aes_choose_tx_sa( transop_aes_t * priv, const u_int8_t * peer_mac ) {
return priv->tx_sa; /* set in tick */
}
static ssize_t aes_choose_rx_sa( transop_aes_t * priv, const u_int8_t * peer_mac, ssize_t sa_rx) {
if(!priv->psk_mode)
return aes_find_sa(priv, sa_rx);
else
/* NOTE the sa_rx of the packet is ignored in this case */
return 0;
}
/* AES plaintext preamble */
#define TRANSOP_AES_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_AES_SA_SIZE 4
#define TRANSOP_AES_IV_SEED_SIZE 8
#define TRANSOP_AES_PREAMBLE_SIZE (TRANSOP_AES_VER_SIZE + TRANSOP_AES_SA_SIZE + TRANSOP_AES_IV_SEED_SIZE)
/* AES ciphertext preamble */
#define TRANSOP_AES_NONCE_SIZE 4
/* Return the best acceptable AES key size (in bytes) given an input keysize.
*
* The value returned will be one of AES128_KEY_BYTES, AES192_KEY_BYTES or
* AES256_KEY_BYTES.
*/
static size_t aes_best_keysize(size_t numBytes)
{
if (numBytes >= AES256_KEY_BYTES )
{
return AES256_KEY_BYTES;
}
else if (numBytes >= AES192_KEY_BYTES)
{
return AES192_KEY_BYTES;
}
else
{
return AES128_KEY_BYTES;
}
}
static void set_aes_cbc_iv(sa_aes_t *sa, n2n_aes_ivec_t ivec, uint64_t iv_seed) {
uint8_t iv_full[AES_BLOCK_SIZE];
/* Extend the seed to full block size via the fixed ext value */
memcpy(iv_full, sa->iv_ext_val, sizeof(iv_seed)); // note: only 64bits used of 128 available
memcpy(iv_full + sizeof(iv_seed), &iv_seed, sizeof(iv_seed));
/* Encrypt the IV with secret key to make it unpredictable.
* As discussed in https://github.com/ntop/n2n/issues/72, it's important to
* have an unpredictable IV since the initial part of the packet plaintext
* can be easily reconstructed from plaintext headers and used by an attacker
* to perform differential analysis.
*/
AES_ecb_encrypt(iv_full, ivec, &sa->iv_enc_key, AES_ENCRYPT);
}
/** The aes packet format consists of:
*
* - a 8-bit aes encoding version in clear text
* - a 32-bit SA number in clear text
* - a 64-bit random IV seed
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|II|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_encode_aes( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len,
const uint8_t * peer_mac)
{
int len2=-1;
transop_aes_t * priv = (transop_aes_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE] = {0};
uint32_t * pnonce;
if ( (in_len + TRANSOP_AES_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
{
if ( (in_len + TRANSOP_AES_NONCE_SIZE + TRANSOP_AES_PREAMBLE_SIZE) <= out_len )
{
int len=-1;
size_t idx=0;
sa_aes_t * sa;
size_t tx_sa_num = 0;
uint64_t iv_seed = 0;
uint8_t padding = 0;
n2n_aes_ivec_t enc_ivec = {0};
/* The transmit sa is periodically updated */
tx_sa_num = aes_choose_tx_sa( priv, peer_mac );
sa = &(priv->sa[tx_sa_num]); /* Proper Tx SA index */
traceEvent( TRACE_DEBUG, "encode_aes %lu with SA %lu.", in_len, sa->sa_id );
/* Encode the aes format version. */
encode_uint8( outbuf, &idx, N2N_AES_TRANSFORM_VERSION );
/* Encode the security association (SA) number */
encode_uint32( outbuf, &idx, sa->sa_id );
/* Generate and encode the IV seed.
* Using two calls to rand() because RAND_MAX is usually < 64bit
* (e.g. linux) and sometimes < 32bit (e.g. Windows).
*/
((uint32_t*)&iv_seed)[0] = rand();
((uint32_t*)&iv_seed)[1] = rand();
encode_buf(outbuf, &idx, &iv_seed, sizeof(iv_seed));
/* Encrypt the assembly contents and write the ciphertext after the SA. */
len = in_len + TRANSOP_AES_NONCE_SIZE;
/* The assembly buffer is a source for encrypting data. The nonce is
* written in first followed by the packet payload. The whole
* contents of assembly are encrypted. */
pnonce = (uint32_t *)assembly;
*pnonce = rand();
memcpy( assembly + TRANSOP_AES_NONCE_SIZE, inbuf, in_len );
/* Need at least one encrypted byte at the end for the padding. */
len2 = ( (len / AES_BLOCK_SIZE) + 1) * AES_BLOCK_SIZE; /* Round up to next whole AES adding at least one byte. */
padding = (len2-len);
assembly[len2 - 1] = padding;
traceEvent( TRACE_DEBUG, "padding = %u, seed = %016lx", padding, iv_seed );
set_aes_cbc_iv(sa, enc_ivec, iv_seed);
AES_cbc_encrypt( assembly, /* source */
outbuf + TRANSOP_AES_PREAMBLE_SIZE, /* dest */
len2, /* enc size */
&(sa->enc_key), enc_ivec, AES_ENCRYPT );
len2 += TRANSOP_AES_PREAMBLE_SIZE; /* size of data carried in UDP. */
}
else
{
traceEvent( TRACE_ERROR, "encode_aes outbuf too small." );
}
}
else
{
traceEvent( TRACE_ERROR, "encode_aes inbuf too big to encrypt." );
}
return len2;
}
/* Search through the array of SAs to find the one with the required ID.
*
* @return array index where found or -1 if not found
*/
static ssize_t aes_find_sa( const transop_aes_t * priv, const n2n_sa_t req_id )
{
size_t i;
for (i=0; i < priv->num_sa; ++i)
{
const sa_aes_t * sa=NULL;
sa = &(priv->sa[i]);
if (req_id == sa->sa_id)
{
return i;
}
}
return -1;
}
/* See transop_encode_aes for packet format */
static int transop_decode_aes( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len,
const uint8_t * peer_mac)
{
int len=0;
transop_aes_t * priv = (transop_aes_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE];
if ( ( (in_len - TRANSOP_AES_PREAMBLE_SIZE) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= (TRANSOP_AES_PREAMBLE_SIZE + TRANSOP_AES_NONCE_SIZE) ) /* Has at least version, SA, iv seed and nonce */
)
{
n2n_sa_t sa_rx;
ssize_t sa_idx=-1;
size_t rem=in_len;
size_t idx=0;
uint8_t aes_enc_ver=0;
uint64_t iv_seed=0;
/* Get the encoding version to make sure it is supported */
decode_uint8( &aes_enc_ver, inbuf, &rem, &idx );
if ( N2N_AES_TRANSFORM_VERSION == aes_enc_ver )
{
/* Get the SA number and make sure we are decrypting with the right one. */
decode_uint32( &sa_rx, inbuf, &rem, &idx );
sa_idx = aes_choose_rx_sa(priv, peer_mac, sa_rx);
if ( sa_idx >= 0 )
{
sa_aes_t * sa = &(priv->sa[sa_idx]);
/* Get the IV seed */
decode_buf((uint8_t *)&iv_seed, sizeof(iv_seed), inbuf, &rem, &idx);
traceEvent( TRACE_DEBUG, "decode_aes %lu with SA %lu and seed %016lx", in_len, sa->sa_id, iv_seed );
len = (in_len - TRANSOP_AES_PREAMBLE_SIZE);
if ( 0 == (len % AES_BLOCK_SIZE ) )
{
uint8_t padding;
n2n_aes_ivec_t dec_ivec = {0};
set_aes_cbc_iv(sa, dec_ivec, iv_seed);
AES_cbc_encrypt( (inbuf + TRANSOP_AES_PREAMBLE_SIZE),
assembly, /* destination */
len,
&(sa->dec_key),
dec_ivec, AES_DECRYPT );
/* last byte is how much was padding: max value should be
* AES_BLOCKSIZE-1 */
padding = assembly[ len-1 ] & 0xff;
if ( len >= (padding + TRANSOP_AES_NONCE_SIZE))
{
/* strictly speaking for this to be an ethernet packet
* it is going to need to be even bigger; but this is
* enough to prevent segfaults. */
traceEvent( TRACE_DEBUG, "padding = %u", padding );
len -= padding;
len -= TRANSOP_AES_NONCE_SIZE; /* size of ethernet packet */
/* Step over 4-byte random nonce value */
memcpy( outbuf,
assembly + TRANSOP_AES_NONCE_SIZE,
len );
}
else
{
traceEvent( TRACE_WARNING, "UDP payload decryption failed." );
}
}
else
{
traceEvent( TRACE_WARNING, "Encrypted length %d is not a multiple of AES_BLOCK_SIZE (%d)", len, AES_BLOCK_SIZE );
len = 0;
}
}
else
{
/* Wrong security association; drop the packet as it is undecodable. */
traceEvent( TRACE_ERROR, "decode_aes SA number %lu not found.", sa_rx );
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
}
}
else
{
/* Wrong security association; drop the packet as it is undecodable. */
traceEvent( TRACE_ERROR, "decode_aes unsupported aes version %u.", aes_enc_ver );
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
}
}
else
{
traceEvent( TRACE_ERROR, "decode_aes inbuf wrong size (%ul) to decrypt.", in_len );
}
return len;
}
struct sha512_keybuf {
uint8_t enc_dec_key[AES256_KEY_BYTES]; /* The key to use for AES CBC encryption/decryption */
uint8_t iv_enc_key[AES128_KEY_BYTES]; /* The key to use to encrypt the IV with AES ECB */
uint8_t iv_ext_val[AES128_KEY_BYTES]; /* A value to extend the IV seed */
}; /* size: SHA512_DIGEST_LENGTH */
/* NOTE: the caller should adjust priv->num_sa accordingly */
static int setup_aes_key(transop_aes_t *priv, const uint8_t *key, ssize_t key_size, size_t sa_num) {
sa_aes_t * sa = &(priv->sa[sa_num]);
size_t aes_keysize_bytes;
size_t aes_keysize_bits;
struct sha512_keybuf keybuf;
/* Clear out any old possibly longer key matter. */
memset( &(sa->enc_key), 0, sizeof(sa->enc_key) );
memset( &(sa->dec_key), 0, sizeof(sa->dec_key) );
memset( &(sa->iv_enc_key), 0, sizeof(sa->iv_enc_key) );
memset( &(sa->iv_ext_val), 0, sizeof(sa->iv_ext_val) );
/* We still use aes_best_keysize (even not necessary since we hash the key
* into the 256bits enc_dec_key) to let the users choose the degree of encryption.
* Long keys will pick AES192 or AES256 with more robust but expensive encryption.
*/
aes_keysize_bytes = aes_best_keysize(key_size);
aes_keysize_bits = 8 * aes_keysize_bytes;
/* Hash the main key to generate subkeys */
SHA512(key, key_size, (u_char*)&keybuf);
/* setup of enc_key/dec_key, used for the CBC encryption */
AES_set_encrypt_key(keybuf.enc_dec_key, aes_keysize_bits, &(sa->enc_key));
AES_set_decrypt_key(keybuf.enc_dec_key, aes_keysize_bits, &(sa->dec_key));
/* setup of iv_enc_key and iv_ext_val, used for generating the CBC IV */
AES_set_encrypt_key(keybuf.iv_enc_key, sizeof(keybuf.iv_enc_key) * 8, &(sa->iv_enc_key));
memcpy(sa->iv_ext_val, keybuf.iv_ext_val, sizeof(keybuf.iv_ext_val));
traceEvent( TRACE_DEBUG, "transop_addspec_aes sa_id=%u, %u bits key=%s.\n",
priv->sa[sa_num].sa_id, aes_keysize_bits, key);
return(0);
}
/*
* priv: pointer to transform state
* keybuf: buffer holding the key
* pstat: length of keybuf
*/
static void add_aes_key(transop_aes_t *priv, uint8_t *keybuf, ssize_t pstat) {
setup_aes_key(priv, keybuf, pstat, priv->num_sa);
++(priv->num_sa);
}
static int transop_addspec_aes( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
{
int retval = 1;
ssize_t pstat=-1;
transop_aes_t * priv = (transop_aes_t *)arg->priv;
uint8_t keybuf[N2N_MAX_KEYSIZE];
if ( priv->num_sa < N2N_AES_NUM_SA )
{
const char * op = (const char *)cspec->opaque;
const char * sep = index( op, '_' );
if ( sep )
{
char tmp[256];
size_t s;
s = sep - op;
memcpy( tmp, cspec->opaque, s );
tmp[s]=0;
s = strlen(sep+1); /* sep is the _ which might be immediately followed by NULL */
priv->sa[priv->num_sa].spec = *cspec;
priv->sa[priv->num_sa].sa_id = strtoul(tmp, NULL, 10);
memset( keybuf, 0, N2N_MAX_KEYSIZE );
pstat = n2n_parse_hex( keybuf, N2N_MAX_KEYSIZE, sep+1, s );
if ( pstat > 0 )
{
add_aes_key(priv, keybuf, pstat);
retval = 0;
}
}
else
{
traceEvent( TRACE_ERROR, "transop_addspec_aes : bad key data - missing '_'.\n");
}
}
else
{
traceEvent( TRACE_ERROR, "transop_addspec_aes : full.\n");
}
return retval;
}
static n2n_tostat_t transop_tick_aes( n2n_trans_op_t * arg, time_t now )
{
transop_aes_t * priv = (transop_aes_t *)arg->priv;
size_t i;
int found=0;
n2n_tostat_t r;
memset( &r, 0, sizeof(r) );
traceEvent( TRACE_DEBUG, "transop_aes tick num_sa=%u now=%lu", priv->num_sa, now );
for ( i=0; i < priv->num_sa; ++i )
{
if ( 0 == validCipherSpec( &(priv->sa[i].spec), now ) )
{
time_t remaining = priv->sa[i].spec.valid_until - now;
traceEvent( TRACE_INFO, "transop_aes choosing tx_sa=%u (valid for %lu sec)", priv->sa[i].sa_id, remaining );
priv->tx_sa=i;
found=1;
break;
}
else
{
traceEvent( TRACE_DEBUG, "transop_aes tick rejecting sa=%u %lu -> %lu",
priv->sa[i].sa_id, priv->sa[i].spec.valid_from, priv->sa[i].spec.valid_until );
}
}
if ( 0==found)
{
traceEvent( TRACE_INFO, "transop_aes no keys are currently valid. Keeping tx_sa=%u", priv->tx_sa );
}
else
{
r.can_tx = 1;
r.tx_spec.t = N2N_TRANSFORM_ID_AESCBC;
r.tx_spec = priv->sa[priv->tx_sa].spec;
}
return r;
}
static n2n_tostat_t transop_tick_aes_psk(n2n_trans_op_t * arg, time_t now) {
transop_aes_t * priv = (transop_aes_t *)arg->priv;
n2n_tostat_t r;
memset(&r, 0, sizeof(r));
// Always tx
r.can_tx = 1;
r.tx_spec.t = N2N_TRANSFORM_ID_AESCBC;
r.tx_spec = priv->sa[priv->tx_sa].spec;
return r;
}
int transop_aes_init( n2n_trans_op_t * ttt )
{
int retval = 1;
transop_aes_t * priv = NULL;
if ( ttt->priv )
{
transop_deinit_aes( ttt );
}
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
priv = (transop_aes_t *) calloc(1, sizeof(transop_aes_t));
if ( NULL != priv )
{
size_t i;
sa_aes_t * sa=NULL;
/* install the private structure. */
ttt->priv = priv;
priv->num_sa=0;
priv->tx_sa=0; /* We will use this sa index for encoding. */
priv->psk_mode = 0;
ttt->transform_id = N2N_TRANSFORM_ID_AESCBC;
ttt->addspec = transop_addspec_aes;
ttt->tick = transop_tick_aes; /* chooses a new tx_sa */
ttt->deinit = transop_deinit_aes;
ttt->fwd = transop_encode_aes;
ttt->rev = transop_decode_aes;
for(i=0; i<N2N_AES_NUM_SA; ++i)
{
sa = &(priv->sa[i]);
sa->sa_id=0;
memset( &(sa->spec), 0, sizeof(n2n_cipherspec_t) );
memset( &(sa->enc_key), 0, sizeof(sa->enc_key) );
memset( &(sa->dec_key), 0, sizeof(sa->dec_key) );
memset( &(sa->iv_enc_key), 0, sizeof(sa->iv_enc_key) );
memset( &(sa->iv_ext_val), 0, sizeof(sa->iv_ext_val) );
}
retval = 0;
}
else
{
memset( ttt, 0, sizeof(n2n_trans_op_t) );
traceEvent( TRACE_ERROR, "Failed to allocate priv for aes" );
}
return retval;
}
/* Setup AES in pre-shared key mode */
int transop_aes_setup_psk(n2n_trans_op_t *ttt,
n2n_sa_t sa_num,
uint8_t *encrypt_pwd,
uint32_t encrypt_pwd_len) {
int retval = 1;
transop_aes_t *priv = (transop_aes_t *)ttt->priv;
if(ttt->priv) {
/* Replace the tick function with the PSK version of it */
ttt->tick = transop_tick_aes_psk;
priv->psk_mode = 1;
priv->num_sa=0;
priv->tx_sa=0;
/* Setup the key to use for encryption/decryption */
add_aes_key(priv, encrypt_pwd, encrypt_pwd_len);
retval = 0;
} else
traceEvent(TRACE_ERROR, "AES priv is not allocated");
return retval;
}
#else /* #if defined(N2N_HAVE_AES) */
struct transop_aes
{
ssize_t tx_sa;
};
typedef struct transop_aes transop_aes_t;
static int transop_deinit_aes( n2n_trans_op_t * arg )
{
transop_aes_t * priv = (transop_aes_t *)arg->priv;
if ( priv )
{
free(priv);
}
arg->priv=NULL; /* return to fully uninitialised state */
return 0;
}
static int transop_encode_aes( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len )
{
return -1;
}
static int transop_decode_aes( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len )
{
return -1;
}
static int transop_addspec_aes( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
{
traceEvent( TRACE_DEBUG, "transop_addspec_aes AES not built into edge.\n");
return -1;
}
static n2n_tostat_t transop_tick_aes( n2n_trans_op_t * arg, time_t now )
{
n2n_tostat_t r;
memset( &r, 0, sizeof(r) );
return r;
}
int transop_aes_init( n2n_trans_op_t * ttt )
{
int retval = 1;
transop_aes_t * priv = NULL;
if ( ttt->priv )
{
transop_deinit_aes( ttt );
}
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
priv = (transop_aes_t *) malloc( sizeof(transop_aes_t) );
if ( NULL != priv )
{
/* install the private structure. */
ttt->priv = priv;
priv->tx_sa=0; /* We will use this sa index for encoding. */
ttt->transform_id = N2N_TRANSFORM_ID_AESCBC;
ttt->addspec = transop_addspec_aes;
ttt->tick = transop_tick_aes; /* chooses a new tx_sa */
ttt->deinit = transop_deinit_aes;
ttt->fwd = transop_encode_aes;
ttt->rev = transop_decode_aes;
retval = 0;
}
else
{
memset( ttt, 0, sizeof(n2n_trans_op_t) );
traceEvent( TRACE_ERROR, "Failed to allocate priv for aes" );
}
return retval;
}
int transop_aes_setup_psk(n2n_trans_op_t *ttt,
n2n_sa_t sa_num,
uint8_t *encrypt_pwd,
uint32_t encrypt_pwd_len) {
return 0;
}
#endif /* #if defined(N2N_HAVE_AES) */

467
legacy/transform_tf.c Normal file
View file

@ -0,0 +1,467 @@
/**
* (C) 2007-18 - ntop.org and contributors
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not see see <http://www.gnu.org/licenses/>
*
*/
#include "n2n.h"
#include "n2n_transforms.h"
#include "twofish.h"
#ifndef _MSC_VER
/* Not included in Visual Studio 2008 */
#include <strings.h> /* index() */
#endif
#define N2N_TWOFISH_NUM_SA 32 /* space for SAa */
#define N2N_TWOFISH_TRANSFORM_VERSION 1 /* version of the transform encoding */
struct sa_twofish
{
n2n_cipherspec_t spec; /* cipher spec parameters */
n2n_sa_t sa_id; /* security association index */
TWOFISH * enc_tf; /* tx state */
TWOFISH * dec_tf; /* rx state */
};
typedef struct sa_twofish sa_twofish_t;
/** Twofish transform state data.
*
* With a key-schedule in place this will be populated with a number of
* SAs. Each SA has a lifetime and some opque data. The opaque data for twofish
* consists of the SA number and key material.
*
*/
struct transop_tf
{
ssize_t tx_sa;
size_t num_sa;
sa_twofish_t sa[N2N_TWOFISH_NUM_SA];
};
typedef struct transop_tf transop_tf_t;
static int transop_deinit_twofish( n2n_trans_op_t * arg )
{
transop_tf_t * priv = (transop_tf_t *)arg->priv;
size_t i;
if ( priv )
{
/* Memory was previously allocated */
for (i=0; i<N2N_TWOFISH_NUM_SA; ++i )
{
sa_twofish_t * sa = &(priv->sa[i]);
TwoFishDestroy(sa->enc_tf); /* deallocate TWOFISH */
sa->enc_tf=NULL;
TwoFishDestroy(sa->dec_tf); /* deallocate TWOFISH */
sa->dec_tf=NULL;
sa->sa_id=0;
}
priv->num_sa=0;
priv->tx_sa=-1;
free(priv);
}
arg->priv=NULL; /* return to fully uninitialised state */
return 0;
}
static size_t tf_choose_tx_sa( transop_tf_t * priv )
{
return priv->tx_sa; /* set in tick */
}
#define TRANSOP_TF_VER_SIZE 1 /* Support minor variants in encoding in one module. */
#define TRANSOP_TF_NONCE_SIZE 4
#define TRANSOP_TF_SA_SIZE 4
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_encode_twofish( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len,
const uint8_t * peer_mac)
{
int len=-1;
transop_tf_t * priv = (transop_tf_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE];
uint32_t * pnonce;
if ( (in_len + TRANSOP_TF_NONCE_SIZE) <= N2N_PKT_BUF_SIZE )
{
if ( (in_len + TRANSOP_TF_NONCE_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_VER_SIZE) <= out_len )
{
size_t idx=0;
sa_twofish_t * sa;
size_t tx_sa_num = 0;
/* The transmit sa is periodically updated */
tx_sa_num = tf_choose_tx_sa( priv );
sa = &(priv->sa[tx_sa_num]); /* Proper Tx SA index */
traceEvent( TRACE_DEBUG, "encode_twofish %lu with SA %lu.", in_len, sa->sa_id );
/* Encode the twofish format version. */
encode_uint8( outbuf, &idx, N2N_TWOFISH_TRANSFORM_VERSION );
/* Encode the security association (SA) number */
encode_uint32( outbuf, &idx, sa->sa_id );
/* The assembly buffer is a source for encrypting data. The nonce is
* written in first followed by the packet payload. The whole
* contents of assembly are encrypted. */
pnonce = (uint32_t *)assembly;
*pnonce = rand();
memcpy( assembly + TRANSOP_TF_NONCE_SIZE, inbuf, in_len );
/* Encrypt the assembly contents and write the ciphertext after the SA. */
len = TwoFishEncryptRaw( assembly, /* source */
outbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE,
in_len + TRANSOP_TF_NONCE_SIZE, /* enc size */
sa->enc_tf);
if ( len > 0 )
{
len += TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE; /* size of data carried in UDP. */
}
else
{
traceEvent( TRACE_ERROR, "encode_twofish encryption failed." );
}
}
else
{
traceEvent( TRACE_ERROR, "encode_twofish outbuf too small." );
}
}
else
{
traceEvent( TRACE_ERROR, "encode_twofish inbuf too big to encrypt." );
}
return len;
}
/* Search through the array of SAs to find the one with the required ID.
*
* @return array index where found or -1 if not found
*/
static ssize_t twofish_find_sa( const transop_tf_t * priv, const n2n_sa_t req_id )
{
size_t i;
for (i=0; i < priv->num_sa; ++i)
{
const sa_twofish_t * sa=NULL;
sa = &(priv->sa[i]);
if (req_id == sa->sa_id)
{
return i;
}
}
return -1;
}
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_decode_twofish( n2n_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len,
const uint8_t * peer_mac)
{
int len=0;
transop_tf_t * priv = (transop_tf_t *)arg->priv;
uint8_t assembly[N2N_PKT_BUF_SIZE];
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= N2N_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) /* Has at least version, SA and nonce */
)
{
n2n_sa_t sa_rx;
ssize_t sa_idx=-1;
size_t rem=in_len;
size_t idx=0;
uint8_t tf_enc_ver=0;
/* Get the encoding version to make sure it is supported */
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
if ( N2N_TWOFISH_TRANSFORM_VERSION == tf_enc_ver )
{
/* Get the SA number and make sure we are decrypting with the right one. */
decode_uint32( &sa_rx, inbuf, &rem, &idx );
sa_idx = twofish_find_sa(priv, sa_rx);
if ( sa_idx >= 0 )
{
sa_twofish_t * sa = &(priv->sa[sa_idx]);
traceEvent( TRACE_DEBUG, "decode_twofish %lu with SA %lu.", in_len, sa_rx, sa->sa_id );
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
assembly, /* destination */
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
sa->dec_tf);
if ( len > 0 )
{
/* Step over 4-byte random nonce value */
len -= TRANSOP_TF_NONCE_SIZE; /* size of ethernet packet */
memcpy( outbuf,
assembly + TRANSOP_TF_NONCE_SIZE,
len );
}
else
{
traceEvent( TRACE_ERROR, "decode_twofish decryption failed." );
}
}
else
{
/* Wrong security association; drop the packet as it is undecodable. */
traceEvent( TRACE_ERROR, "decode_twofish SA number %lu not found.", sa_rx );
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
}
}
else
{
/* Wrong security association; drop the packet as it is undecodable. */
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
}
}
else
{
traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );
}
return len;
}
static int transop_addspec_twofish( n2n_trans_op_t * arg, const n2n_cipherspec_t * cspec )
{
int retval = 1;
ssize_t pstat=-1;
transop_tf_t * priv = (transop_tf_t *)arg->priv;
uint8_t keybuf[N2N_MAX_KEYSIZE];
if ( priv->num_sa < N2N_TWOFISH_NUM_SA )
{
const char * op = (const char *)cspec->opaque;
#ifdef __ANDROID_NDK__
const char *sep = strchr(op, '_');
#else
const char * sep = index( op, '_' );
#endif // __ANDROID_NDK__
if ( sep )
{
char tmp[256];
size_t s;
s = sep - op;
memcpy( tmp, cspec->opaque, s );
tmp[s]=0;
s = strlen(sep+1); /* sep is the _ which might be immediately followed by NULL */
priv->sa[priv->num_sa].spec = *cspec;
priv->sa[priv->num_sa].sa_id = strtoul(tmp, NULL, 10);
pstat = n2n_parse_hex( keybuf, N2N_MAX_KEYSIZE, sep+1, s );
if ( pstat > 0 )
{
priv->sa[priv->num_sa].enc_tf = TwoFishInit( keybuf, pstat);
priv->sa[priv->num_sa].dec_tf = TwoFishInit( keybuf, pstat);
traceEvent( TRACE_DEBUG, "transop_addspec_twofish sa_id=%u data=%s.\n",
priv->sa[priv->num_sa].sa_id, sep+1);
++(priv->num_sa);
retval = 0;
}
}
else
{
traceEvent( TRACE_ERROR, "transop_addspec_twofish : bad key data - missing '_'.\n");
}
}
else
{
traceEvent( TRACE_ERROR, "transop_addspec_twofish : full.\n");
}
return retval;
}
static n2n_tostat_t transop_tick_twofish( n2n_trans_op_t * arg, time_t now )
{
transop_tf_t * priv = (transop_tf_t *)arg->priv;
size_t i;
int found=0;
n2n_tostat_t r;
memset( &r, 0, sizeof(r) );
traceEvent( TRACE_DEBUG, "transop_tf tick num_sa=%u", priv->num_sa );
for ( i=0; i < priv->num_sa; ++i )
{
if ( 0 == validCipherSpec( &(priv->sa[i].spec), now ) )
{
time_t remaining = priv->sa[i].spec.valid_until - now;
traceEvent( TRACE_INFO, "transop_tf choosing tx_sa=%u (valid for %lu sec)", priv->sa[i].sa_id, remaining );
priv->tx_sa=i;
found=1;
break;
}
else
{
traceEvent( TRACE_DEBUG, "transop_tf tick rejecting sa=%u %lu -> %lu",
priv->sa[i].sa_id, priv->sa[i].spec.valid_from, priv->sa[i].spec.valid_until );
}
}
if ( 0==found)
{
traceEvent( TRACE_INFO, "transop_tf no keys are currently valid. Keeping tx_sa=%u", priv->tx_sa );
}
else
{
r.can_tx = 1;
r.tx_spec.t = N2N_TRANSFORM_ID_TWOFISH;
r.tx_spec = priv->sa[priv->tx_sa].spec;
}
return r;
}
int transop_twofish_setup_psk( n2n_trans_op_t * ttt,
n2n_sa_t sa_num,
uint8_t * encrypt_pwd,
uint32_t encrypt_pwd_len )
{
int retval = 1;
transop_tf_t * priv = (transop_tf_t *)ttt->priv;
if(priv) {
sa_twofish_t *sa;
priv->num_sa=1; /* There is one SA in the array. */
priv->tx_sa=0;
sa = &(priv->sa[priv->tx_sa]);
sa->sa_id=sa_num;
sa->spec.valid_until = 0x7fffffff;
/* This is a preshared key setup. Both Tx and Rx are using the same security association. */
sa->enc_tf = TwoFishInit(encrypt_pwd, encrypt_pwd_len);
sa->dec_tf = TwoFishInit(encrypt_pwd, encrypt_pwd_len);
if ( (sa->enc_tf) && (sa->dec_tf) )
retval = 0;
else
traceEvent( TRACE_ERROR, "transop_twofish_setup_psk" );
} else
traceEvent( TRACE_ERROR, "twofish priv is not allocated" );
return retval;
}
int transop_twofish_init( n2n_trans_op_t * ttt )
{
int retval = 1;
transop_tf_t * priv = NULL;
if ( ttt->priv )
{
transop_deinit_twofish( ttt );
}
memset( ttt, 0, sizeof( n2n_trans_op_t ) );
priv = (transop_tf_t *) malloc( sizeof(transop_tf_t) );
if ( NULL != priv ) {
size_t i;
sa_twofish_t * sa=NULL;
/* install the private structure. */
ttt->priv = priv;
priv->num_sa=0;
priv->tx_sa=0; /* We will use this sa index for encoding. */
ttt->transform_id = N2N_TRANSFORM_ID_TWOFISH;
ttt->addspec = transop_addspec_twofish;
ttt->tick = transop_tick_twofish; /* chooses a new tx_sa */
ttt->deinit = transop_deinit_twofish;
ttt->fwd = transop_encode_twofish;
ttt->rev = transop_decode_twofish;
for(i=0; i<N2N_TWOFISH_NUM_SA; ++i)
{
sa = &(priv->sa[i]);
sa->sa_id=0;
memset( &(sa->spec), 0, sizeof(n2n_cipherspec_t) );
sa->enc_tf=NULL;
sa->dec_tf=NULL;
}
retval = 0;
} else {
memset( ttt, 0, sizeof(n2n_trans_op_t) );
traceEvent( TRACE_ERROR, "Failed to allocate priv for twofish" );
}
return retval;
}