diff --git a/node/Packet.cpp b/node/Packet.cpp index fdf9edb3f..4b8b6037f 100644 --- a/node/Packet.cpp +++ b/node/Packet.cpp @@ -1005,9 +1005,13 @@ static inline int LZ4_decompress_safe(const char* source, char* dest, int compre const unsigned char Packet::ZERO_KEY[32] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }; -void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2]) +void Packet::armor(const void *key,bool encryptPayload,bool extendedArmor,const AES aesKeys[2],const Identity &identity) { uint8_t *const data = reinterpret_cast(unsafeData()); + + if (extendedArmor) { + } + if ((aesKeys) && (encryptPayload)) { setCipher(ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV); @@ -1066,7 +1070,7 @@ void Packet::armor(const void *key,bool encryptPayload,const AES aesKeys[2]) } } -bool Packet::dearmor(const void *key,const AES aesKeys[2]) +bool Packet::dearmor(const void *key,const AES aesKeys[2],const Identity &identity) { uint8_t *const data = reinterpret_cast(unsafeData()); const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB; diff --git a/node/Packet.hpp b/node/Packet.hpp index 930bc477a..c2391b957 100644 --- a/node/Packet.hpp +++ b/node/Packet.hpp @@ -29,6 +29,7 @@ #include "AES.hpp" #include "Utils.hpp" #include "Buffer.hpp" +#include "Identity.hpp" /** * Protocol version -- incremented only for major changes @@ -180,6 +181,11 @@ #define ZT_PACKET_IDX_VERB 27 #define ZT_PACKET_IDX_PAYLOAD 28 +/** + * Index where extended armor encryption starts (right after flags, before MAC) + */ +#define ZT_PACKET_IDX_EXTENDED_ARMOR_START ZT_PACKET_IDX_MAC + /** * Packet buffer size (can be changed) */ @@ -744,12 +750,12 @@ public: * * ERROR response payload: * <[8] 64-bit network ID> - * <[2] 16-bit length of error-related data (optional)> - * <[...] error-related data (optional)> - * - * Error related data is a Dictionary containing things like a URL - * for authentication or a human-readable error message, and is - * optional and may be absent or empty. + * <[2] 16-bit length of error-related data (optional)> + * <[...] error-related data (optional)> + * + * Error related data is a Dictionary containing things like a URL + * for authentication or a human-readable error message, and is + * optional and may be absent or empty. */ VERB_NETWORK_CONFIG_REQUEST = 0x0b, @@ -1283,7 +1289,7 @@ public: * @param encryptPayload If true, encrypt packet payload, else just MAC * @param aesKeys If non-NULL these are the two keys for AES-GMAC-SIV */ - void armor(const void *key,bool encryptPayload,const AES aesKeys[2]); + void armor(const void *key,bool encryptPayload,bool extendedArmor,const AES aesKeys[2],const Identity &identity); /** * Verify and (if encrypted) decrypt packet @@ -1296,7 +1302,7 @@ public: * @param aesKeys If non-NULL these are the two keys for AES-GMAC-SIV * @return False if packet is invalid or failed MAC authenticity check */ - bool dearmor(const void *key,const AES aesKeys[2]); + bool dearmor(const void *key,const AES aesKeys[2],const Identity &identity); /** * Encrypt/decrypt a separately armored portion of a packet