1 /**
2  * (C) 2007-20 - ntop.org and contributors
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not see see <http://www.gnu.org/licenses/>
16  *
17  */
18 
19 
20 #include "n2n.h"
21 
22 #define HASH_FIND_COMMUNITY(head, name, out) HASH_FIND_STR(head, name, out)
23 
24 /* ********************************************************************** */
25 
packet_header_decrypt(uint8_t packet[],uint16_t packet_len,char * community_name,he_context_t * ctx,he_context_t * ctx_iv,uint64_t * stamp,uint16_t * checksum)26 uint32_t packet_header_decrypt (uint8_t packet[], uint16_t packet_len,
27 			        char * community_name, he_context_t * ctx,
28 				he_context_t * ctx_iv, uint64_t * stamp, uint16_t * checksum) {
29 
30   // assemble IV
31   // the last four are ASCII "n2n!" and do not get overwritten
32   uint8_t iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
33 		     0x00, 0x00, 0x00, 0x00, 0x6E, 0x32, 0x6E, 0x21 };
34   // the first 96 bits of the packet get padded with ASCII "n2n!"
35   // to full 128 bit IV
36   memcpy (iv, packet, 12);
37 
38   // extract time stamp (first 64 bit) and checksum (last 16 bit) blended in IV
39   speck_he_iv_decrypt (iv, (speck_context_t*)ctx_iv);
40   *checksum = be16toh (((uint16_t*)iv)[5]);
41   *stamp    = be64toh (((uint64_t*)iv)[0]);
42 
43   memcpy (iv, packet, 12);
44 
45   // try community name as possible key and check for magic bytes
46   uint32_t magic = 0x6E326E00; // ="n2n_"
47   uint32_t test_magic;
48   // check for magic bytes and reasonable value in header len field
49   // so, as a first step, decrypt 4 bytes only starting at byte 12
50   speck_he ((uint8_t*)&test_magic, &packet[12], 4, iv, (speck_context_t*)ctx);
51   test_magic = be32toh (test_magic);
52   if( (((test_magic >> 8) <<  8) == magic)	// check the thre uppermost bytes
53        && (((uint8_t)test_magic) <= packet_len) // lowest 8 bit of test_magic are header_len
54        ) {
55     // decrypt the complete header
56     speck_he (&packet[12], &packet[12], (uint8_t)(test_magic) - 12, iv, (speck_context_t*)ctx);
57     // restore original packet order
58     memcpy (&packet[0], &packet[16], 4);
59     memcpy (&packet[4], community_name, N2N_COMMUNITY_SIZE);
60     return (1); // successful
61   } else
62     return (0); // unsuccessful
63 }
64 
65 /* ********************************************************************** */
66 
packet_header_encrypt(uint8_t packet[],uint8_t header_len,he_context_t * ctx,he_context_t * ctx_iv,uint64_t stamp,uint16_t checksum)67 int32_t packet_header_encrypt (uint8_t packet[], uint8_t header_len, he_context_t * ctx,
68                                he_context_t * ctx_iv, uint64_t stamp, uint16_t checksum) {
69 
70   uint8_t iv[16];
71   uint16_t *iv16 = (uint16_t*)&iv;
72   uint32_t *iv32 = (uint32_t*)&iv;
73   uint64_t *iv64 = (uint64_t*)&iv;
74   const uint32_t magic = 0x6E326E21; // = ASCII "n2n!"
75 
76   if(header_len < 20) {
77     traceEvent(TRACE_DEBUG, "packet_header_encrypt dropped a packet too short to be valid.");
78     return (-1);
79   }
80 
81   memcpy (&packet[16], &packet[00], 4);
82 
83   iv64[0] = htobe64 (stamp);
84   iv16[4] = n2n_rand ();
85   iv16[5] = htobe16 (checksum);
86   iv32[3] = htobe32 (magic);
87   // blend checksum into 96-bit IV
88   speck_he_iv_encrypt (iv, (speck_context_t*)ctx_iv);
89 
90   memcpy (packet, iv, 16);
91   packet[15] = header_len;
92 
93   speck_he (&packet[12], &packet[12], header_len - 12, iv, (speck_context_t*)ctx);
94   return (0);
95 }
96 
97 /* ********************************************************************** */
98 
packet_header_setup_key(const char * community_name,he_context_t ** ctx,he_context_t ** ctx_iv)99 void packet_header_setup_key (const char * community_name, he_context_t ** ctx,
100                                                            he_context_t ** ctx_iv) {
101 
102   uint8_t key[16];
103   pearson_hash_128 (key, (uint8_t*)community_name, N2N_COMMUNITY_SIZE);
104 
105   *ctx = (he_context_t*)calloc(1, sizeof (speck_context_t));
106   speck_expand_key_he (key, (speck_context_t*)*ctx);
107 
108   // hash again and use last 96 bit (skipping 4 bytes) as key for IV encryption
109   // REMOVE as soon as checksum and replay protection get their own fields
110   pearson_hash_128 (key, key, sizeof (key));
111   *ctx_iv = (he_context_t*)calloc(1, sizeof (speck_context_t));
112   speck_expand_key_he_iv (&key[4], (speck_context_t*)*ctx_iv);
113 }
114