app/vppn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

sym-encryption #1

Merged
johnnylee merged 18 commits from sym-encryption into main 2024-12-24 18:37:44 +00:00
Conversation 0 Commits 18 Files Changed 48 +35 -38
11 changed files with 35 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1be5c79186 - Show all commits

2
node/cipher-control.go
View File

@ -12,7 +12,7 @@ func newControlCipher(privKey, pubKey []byte) *controlCipher {
return &controlCipher{shared} return &controlCipher{shared}
} }
func (cc *controlCipher) Encrypt(h xHeader, data, out []byte) []byte { func (cc *controlCipher) Encrypt(h header, data, out []byte) []byte {
const s = controlHeaderSize const s = controlHeaderSize
out = out[:s+controlCipherOverhead+len(data)] out = out[:s+controlCipherOverhead+len(data)]
h.Marshal(out[:s]) h.Marshal(out[:s])

8
node/cipher-control_test.go
View File

@ -40,7 +40,7 @@ func TestControlCipher(t *testing.T) {
} }
for _, plaintext := range testCases { for _, plaintext := range testCases {
h1 := xHeader{ h1 := header{
StreamID: controlStreamID, StreamID: controlStreamID,
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
@ -51,7 +51,7 @@ func TestControlCipher(t *testing.T) {
encrypted = c1.Encrypt(h1, plaintext, encrypted) encrypted = c1.Encrypt(h1, plaintext, encrypted)
h2 := xHeader{} h2 := header{}
h2.Parse(encrypted) h2.Parse(encrypted)
if !reflect.DeepEqual(h1, h2) { if !reflect.DeepEqual(h1, h2) {
t.Fatal(h1, h2) t.Fatal(h1, h2)
@ -80,7 +80,7 @@ func TestControlCipher_ShortCiphertext(t *testing.T) {
func BenchmarkControlCipher_Encrypt(b *testing.B) { func BenchmarkControlCipher_Encrypt(b *testing.B) {
c1, _ := newControlCipherForTesting() c1, _ := newControlCipherForTesting()
h1 := xHeader{ h1 := header{
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
DestIP: 88, DestIP: 88,
@ -100,7 +100,7 @@ func BenchmarkControlCipher_Encrypt(b *testing.B) {
func BenchmarkControlCipher_Decrypt(b *testing.B) { func BenchmarkControlCipher_Decrypt(b *testing.B) {
c1, c2 := newControlCipherForTesting() c1, c2 := newControlCipherForTesting()
h1 := xHeader{ h1 := header{
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
DestIP: 88, DestIP: 88,

2
node/cipher-data.go
View File

@ -39,7 +39,7 @@ func (sc *dataCipher) Key() [32]byte {
return sc.key return sc.key
} }
func (sc *dataCipher) Encrypt(h xHeader, data, out []byte) []byte { func (sc *dataCipher) Encrypt(h header, data, out []byte) []byte {
const s = dataHeaderSize const s = dataHeaderSize
out = out[:s+dataCipherOverhead+len(data)] out = out[:s+dataCipherOverhead+len(data)]
h.Marshal(out[:s]) h.Marshal(out[:s])

10
node/cipher-data_test.go
View File

@ -22,7 +22,7 @@ func TestDataCipher(t *testing.T) {
} }
for _, plaintext := range testCases { for _, plaintext := range testCases {
h1 := xHeader{ h1 := header{
StreamID: dataStreamID, StreamID: dataStreamID,
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
@ -33,7 +33,7 @@ func TestDataCipher(t *testing.T) {
dc1 := newDataCipher() dc1 := newDataCipher()
encrypted = dc1.Encrypt(h1, plaintext, encrypted) encrypted = dc1.Encrypt(h1, plaintext, encrypted)
h2 := xHeader{} h2 := header{}
h2.Parse(encrypted) h2.Parse(encrypted)
dc2 := newDataCipherFromKey(dc1.Key()) dc2 := newDataCipherFromKey(dc1.Key())
@ -67,7 +67,7 @@ func TestDataCipher_ModifyCiphertext(t *testing.T) {
} }
for _, plaintext := range testCases { for _, plaintext := range testCases {
h1 := xHeader{ h1 := header{
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
DestIP: 88, DestIP: 88,
@ -99,7 +99,7 @@ func TestDataCipher_ShortCiphertext(t *testing.T) {
} }
func BenchmarkDataCipher_Encrypt(b *testing.B) { func BenchmarkDataCipher_Encrypt(b *testing.B) {
h1 := xHeader{ h1 := header{
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
DestIP: 88, DestIP: 88,
@ -118,7 +118,7 @@ func BenchmarkDataCipher_Encrypt(b *testing.B) {
} }
func BenchmarkDataCipher_Decrypt(b *testing.B) { func BenchmarkDataCipher_Decrypt(b *testing.B) {
h1 := xHeader{ h1 := header{
Counter: 235153, Counter: 235153,
SourceIP: 4, SourceIP: 4,
DestIP: 88, DestIP: 88,

8
node/globals.go
View File

@ -1,3 +1,9 @@
package node package node
const bufferSize = if_mtu + 128 const (
bufferSize = 1536
if_mtu = 1200
if_queue_len = 2048
controlCipherOverhead = 16
dataCipherOverhead = 16
)

23
node/header.go
View File

@ -5,34 +5,29 @@ import "unsafe"
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
const ( const (
headerSize = 12 headerSize = 12
controlStreamID = 2
controlStreamID = 2 controlHeaderSize = 24
controlHeaderSize = 24 dataStreamID = 1
controlCipherOverhead = 16 dataHeaderSize = 12
forwardStreamID = 3
dataStreamID = 1
dataHeaderSize = 12
dataCipherOverhead = 16
forwardStreamID = 3
) )
type xHeader struct { type header struct {
StreamID byte StreamID byte
Counter uint64 // Init with fasttime.Now() << 30 to ensure monotonic. Counter uint64 // Init with fasttime.Now() << 30 to ensure monotonic.
SourceIP byte SourceIP byte
DestIP byte DestIP byte
} }
func (h *xHeader) Parse(b []byte) { func (h *header) Parse(b []byte) {
h.StreamID = b[0] h.StreamID = b[0]
h.Counter = *(*uint64)(unsafe.Pointer(&b[1])) h.Counter = *(*uint64)(unsafe.Pointer(&b[1]))
h.SourceIP = b[9] h.SourceIP = b[9]
h.DestIP = b[10] h.DestIP = b[10]
} }
func (h *xHeader) Marshal(buf []byte) { func (h *header) Marshal(buf []byte) {
buf[0] = h.StreamID buf[0] = h.StreamID
*(*uint64)(unsafe.Pointer(&buf[1])) = h.Counter *(*uint64)(unsafe.Pointer(&buf[1])) = h.Counter
buf[9] = h.SourceIP buf[9] = h.SourceIP

4
node/header_test.go
View File

@ -3,7 +3,7 @@ package node
import "testing" import "testing"
func TestHeaderMarshalParse(t *testing.T) { func TestHeaderMarshalParse(t *testing.T) {
nIn := xHeader{ nIn := header{
StreamID: 23, StreamID: 23,
Counter: 3212, Counter: 3212,
SourceIP: 34, SourceIP: 34,
@ -13,7 +13,7 @@ func TestHeaderMarshalParse(t *testing.T) {
buf := make([]byte, headerSize) buf := make([]byte, headerSize)
nIn.Marshal(buf) nIn.Marshal(buf)
nOut := xHeader{} nOut := header{}
nOut.Parse(buf) nOut.Parse(buf)
if nIn != nOut { if nIn != nOut {
t.Fatal(nIn, nOut) t.Fatal(nIn, nOut)

5
node/interface.go
View File

@ -50,11 +50,6 @@ func readNextPacket(iface io.ReadWriteCloser, buf []byte) ([]byte, byte, error)
} }
} }
const (
if_mtu = 1350
if_queue_len = 2048
)
func openInterface(network []byte, localIP byte, name string) (io.ReadWriteCloser, error) { func openInterface(network []byte, localIP byte, name string) (io.ReadWriteCloser, error) {
if len(network) != 4 { if len(network) != 4 {
return nil, fmt.Errorf("expected network to be 4 bytes, got %d", len(network)) return nil, fmt.Errorf("expected network to be 4 bytes, got %d", len(network))

2
node/main.go
View File

@ -141,7 +141,7 @@ func readFromConn(conn *net.UDPConn, peers remotePeers) {
err error err error
buf = make([]byte, bufferSize) buf = make([]byte, bufferSize)
data []byte data []byte
h xHeader h header
) )
for { for {

2
node/peer-supervisor.go
View File

@ -186,7 +186,7 @@ func (rp *peerSuper) updateShared() {
func (rp *peerSuper) sendControlPacket(pkt interface{ Marshal([]byte) []byte }) { func (rp *peerSuper) sendControlPacket(pkt interface{ Marshal([]byte) []byte }) {
buf := pkt.Marshal(rp.pktBuf) buf := pkt.Marshal(rp.pktBuf)
h := xHeader{ h := header{
StreamID: controlStreamID, StreamID: controlStreamID,
Counter: atomic.AddUint64(&rp.counter, 1), Counter: atomic.AddUint64(&rp.counter, 1),
SourceIP: rp.localIP, SourceIP: rp.localIP,

7
node/peer.go
View File

@ -15,6 +15,7 @@ type peerData struct {
controlCipher *controlCipher controlCipher *controlCipher
dataCipher *dataCipher dataCipher *dataCipher
remoteAddr netip.AddrPort remoteAddr netip.AddrPort
relayIP byte // Non-zero if we should relay.
} }
type remotePeer struct { type remotePeer struct {
@ -88,7 +89,7 @@ func (rp *remotePeer) HandlePeerUpdate(peer *m.Peer) {
// HandlePacket accepts a raw data packet coming in from the network. // HandlePacket accepts a raw data packet coming in from the network.
// //
// This function is called by a single thread. // This function is called by a single thread.
func (rp *remotePeer) HandlePacket(addr netip.AddrPort, h xHeader, data []byte) { func (rp *remotePeer) HandlePacket(addr netip.AddrPort, h header, data []byte) {
switch h.StreamID { switch h.StreamID {
case controlStreamID: case controlStreamID:
rp.handleControlPacket(addr, h, data) rp.handleControlPacket(addr, h, data)
@ -107,7 +108,7 @@ func (rp *remotePeer) HandlePacket(addr netip.AddrPort, h xHeader, data []byte)
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
func (rp *remotePeer) handleControlPacket(addr netip.AddrPort, h xHeader, data []byte) { func (rp *remotePeer) handleControlPacket(addr netip.AddrPort, h header, data []byte) {
shared := rp.shared.Load() shared := rp.shared.Load()
if shared.controlCipher == nil { if shared.controlCipher == nil {
rp.logf("Not connected (control).") rp.logf("Not connected (control).")
@ -194,7 +195,7 @@ func (rp *remotePeer) SendData(data []byte) {
return return
} }
h := xHeader{ h := header{
StreamID: dataStreamID, StreamID: dataStreamID,
Counter: atomic.AddUint64(&rp.counter, 1), Counter: atomic.AddUint64(&rp.counter, 1),
SourceIP: rp.localIP, SourceIP: rp.localIP,