vppn/node/datacipher.go

package node

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"unsafe"
)

// ----------------------------------------------------------------------------

const (
	dataStreamID       = 1
	dataHeaderSize     = 12
	dataCipherOverhead = 16 + 1
)

type dataHeader struct {
	Counter  uint64 // Init with fasttime.Now() << 30 to ensure monotonic.
	SourceIP byte
	DestIP   byte
}

func (h *dataHeader) Parse(b []byte) {
	h.Counter = *(*uint64)(unsafe.Pointer(&b[0]))
	h.SourceIP = b[8]
	h.DestIP = b[9]
}

func (h *dataHeader) Marshal(buf []byte) {
	*(*uint64)(unsafe.Pointer(&buf[0])) = h.Counter
	buf[8] = h.SourceIP
	buf[9] = h.DestIP
	buf[10] = 0
	buf[11] = 0
}

// ----------------------------------------------------------------------------

type dataCipher struct {
	key  []byte
	aead cipher.AEAD
}

func newDataCipher() *dataCipher {
	key := make([]byte, 32)
	if _, err := rand.Read(key); err != nil {
		panic(err)
	}
	return newDataCipherFromKey(key)
}

// key must be 32 bytes.
func newDataCipherFromKey(key []byte) *dataCipher {
	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}

	aead, err := cipher.NewGCM(block)
	if err != nil {
		panic(err)
	}

	return &dataCipher{key: key, aead: aead}
}

func (sc *dataCipher) Key() []byte {
	return sc.key
}

func (sc *dataCipher) Encrypt(h *dataHeader, data, out []byte) []byte {
	out = out[:dataHeaderSize+dataCipherOverhead+len(data)]
	out[0] = dataStreamID

	h.Marshal(out[1:])

	const s = dataHeaderSize
	sc.aead.Seal(out[1+s:1+s], out[1:1+s], data, nil)
	return out
}

func (sc *dataCipher) Decrypt(encrypted, out []byte) (data []byte, h dataHeader, ok bool) {
	const s = dataHeaderSize
	if len(encrypted) < s+dataCipherOverhead {
		ok = false
		return
	}

	h.Parse(encrypted[1 : 1+s])

	var err error

	data, err = sc.aead.Open(out[:0], encrypted[1:1+s], encrypted[1+s:], nil)
	ok = err == nil
	return
}