mirror
/
devilutionX-ZeroTierOne
mirror of https://github.com/diasurgical/ZeroTierOne.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Gotta support old encrypted flag, move cipher spec to middle 3 bits... due to some shortsighted design early-on. In the future this can die once there are no old peers.

pull/1/head
Adam Ierymenko 12 years ago
parent
23836d4c11
commit
17da733f97
1 changed files with 14 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 38
      node/Packet.hpp

38
node/Packet.hpp
Unescape View File

@ -107,15 +107,6 @@
*/
#define ZT_PROTO_CIPHER_SUITE__C25519_AES256_GCM 0x1
/**
* Header flag indicating that a packet is encrypted with Salsa20
*
* If this is not set, then the packet's payload is in the clear and the
* MAC is over this (since there is no ciphertext). Otherwise the MAC is
* of the ciphertext after encryption.
*/
#define ZT_PROTO_FLAG_ENCRYPTED 0x80
/**
* Header flag indicating that a packet is fragmented
*
@ -320,7 +311,7 @@ namespace ZeroTier {
*
* Packets smaller than 28 bytes are invalid and silently discarded.
*
* The flags/cipher/hops bit field is: CCCFFHHH where C is a 3-bit cipher
* The flags/cipher/hops bit field is: FFCCCHHH where C is a 3-bit cipher
* selection allowing up to 8 cipher suites, F is flags (reserved, currently
* all zero), and H is hop count.
*
@ -1024,7 +1015,13 @@ public:
/**
* @return Cipher suite selector: 0 - 7 (see #defines)
*/
inline unsigned int cipher() const { return (((unsigned int)(*this)[ZT_PACKET_IDX_FLAGS] & 0xe0) >> 5); }
inline unsigned int cipher() const
{
unsigned char b = (*this)[ZT_PACKET_IDX_FLAGS];
//return (((unsigned int)(*this)[ZT_PACKET_IDX_FLAGS] & 0x38) >> 3);
// Use DEPRECATED 0x80 "encrypted" flag -- this will go away once there are no more <1.0.0 peers on the net
return ((b & 0x80) == 0) ? ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE : ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012;
}
/**
* Set this packet's cipher suite
@ -1035,18 +1032,13 @@ public:
inline void setCipher(unsigned int c)
{
unsigned char &b = (*this)[ZT_PACKET_IDX_FLAGS];
b &= 0x1f;
b |= (unsigned char)(c << 5);
b = (b & 0xc7) | (unsigned char)((c << 3) & 0x38);
// Set both the new cipher suite spec field and the old DEPRECATED "encrypted" flag as long as there's <1.0.0 peers online
if (c == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)
b |= 0x80;
else b &= 0x7f;
}
/**
* Set the cipher suite field to zero indicating unencrypted
*
* This normally should not be called directly. It's here for use by
* armoring and dearmoring functions.
*/
inline void clearCipher() { (*this)[ZT_PACKET_IDX_FLAGS] &= 0x1f; }
/**
* Get this packet's unique ID (the IV field interpreted as uint64_t)
*
@ -1137,10 +1129,8 @@ public:
if (!Utils::secureEq(mac,field(ZT_PACKET_IDX_MAC,8),8))
return false;
if (cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012) {
if (cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)
s20.decrypt(payload,payload,payloadLen);
clearCipher();
}
return true;
} else if (cs == ZT_PROTO_CIPHER_SUITE__C25519_AES256_GCM) {

Write Preview
Loading…
Cancel
Save