void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 20:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Specify start of extended encryption.

Browse source
This commit is contained in:
Adam Ierymenko 2024-09-24 10:27:06 -04:00
parent a44fd40889
commit 6faee38395
No known key found for this signature in database
GPG key ID: C8877CF2D7A5D7F3
2 changed files with 20 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
node/Packet.cpp
View file

@ -1005,9 +1005,13 @@ static inline int LZ4_decompress_safe(const char* source, char* dest, int compre
const unsigned char Packet::ZERO_KEY[32] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; const unsigned char Packet::ZERO_KEY[32] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2]) void Packet::armor(const void *key,bool encryptPayload,bool extendedArmor,const AES aesKeys[2],const Identity &identity)
{ {
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData()); uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
if (extendedArmor) {
}
if ((aesKeys) && (encryptPayload)) { if ((aesKeys) && (encryptPayload)) {
setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV); setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV);
@ -1066,7 +1070,7 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2])
} }
} }
bool Packet::dearmor(const void *key,const AES aesKeys[2]) bool Packet::dearmor(const void *key,const AES aesKeys[2],const Identity &identity)
{ {
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData()); uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB; const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;

10
node/Packet.hpp
View file

@ -29,6 +29,7 @@
#include "AES.hpp" #include "AES.hpp"
#include "Utils.hpp" #include "Utils.hpp"
#include "Buffer.hpp" #include "Buffer.hpp"
#include "Identity.hpp"
/** /**
* Protocol version -- incremented only for major changes * Protocol version -- incremented only for major changes
@ -180,6 +181,11 @@
#define ZT_PACKET_IDX_VERB 27 #define ZT_PACKET_IDX_VERB 27
#define ZT_PACKET_IDX_PAYLOAD 28 #define ZT_PACKET_IDX_PAYLOAD 28
/**
* Index where extended armor encryption starts (right after flags, before MAC)
*/
#define ZT_PACKET_IDX_EXTENDED_ARMOR_START ZT_PACKET_IDX_MAC
/** /**
* Packet buffer size (can be changed) * Packet buffer size (can be changed)
*/ */
@ -1283,7 +1289,7 @@ public:
* @param encryptPayload If true, encrypt packet payload, else just MAC * @param encryptPayload If true, encrypt packet payload, else just MAC
* @param aesKeys If non-NULL these are the two keys for AES-GMAC-SIV * @param aesKeys If non-NULL these are the two keys for AES-GMAC-SIV
*/ */
void armor(const void *key,bool encryptPayload,const AES aesKeys[2]); void armor(const void *key,bool encryptPayload,bool extendedArmor,const AES aesKeys[2],const Identity &identity);
/** /**
* Verify and (if encrypted) decrypt packet * Verify and (if encrypted) decrypt packet
@ -1296,7 +1302,7 @@ public:
* @param aesKeys If non-NULL these are the two keys for AES-GMAC-SIV * @param aesKeys If non-NULL these are the two keys for AES-GMAC-SIV
* @return False if packet is invalid or failed MAC authenticity check * @return False if packet is invalid or failed MAC authenticity check
*/ */
bool dearmor(const void *key,const AES aesKeys[2]); bool dearmor(const void *key,const AES aesKeys[2],const Identity &identity);
/** /**
* Encrypt/decrypt a separately armored portion of a packet * Encrypt/decrypt a separately armored portion of a packet