mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-30 09:48:54 +00:00
Some prep work to make room for perfect forward security (PFS). Will not affect existing clients.
This commit is contained in:
parent
bdce679d84
commit
a8835cd8b3
@ -118,8 +118,6 @@ bool Packet::dearmor(const void *key)
|
||||
s20.decrypt(payload,payload,payloadLen);
|
||||
|
||||
return true;
|
||||
} else if (cs == ZT_PROTO_CIPHER_SUITE__C25519_AES256_GCM) {
|
||||
return false; // not implemented yet
|
||||
} else return false; // unrecognized cipher suite
|
||||
}
|
||||
|
||||
|
@ -99,14 +99,12 @@
|
||||
#define ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012 1
|
||||
|
||||
/**
|
||||
* Cipher suite: Curve25519/AES256-GCM
|
||||
* DEPRECATED payload encrypted flag, will be removed for re-use soon.
|
||||
*
|
||||
* This specifies AES256 in GCM mode using GCM's built-in authentication
|
||||
* with Curve25519 elliptic curve Diffie-Hellman.
|
||||
*
|
||||
* (Not implemented yet in client but reserved for future use.)
|
||||
* This has been replaced by the two-bit cipher suite selection field where
|
||||
* a value of 0 indicated unencrypted (but authenticated) messages.
|
||||
*/
|
||||
#define ZT_PROTO_CIPHER_SUITE__C25519_AES256_GCM 2
|
||||
#define ZT_PROTO_FLAG_ENCRYPTED 0x80
|
||||
|
||||
/**
|
||||
* Header flag indicating that a packet is fragmented
|
||||
@ -116,6 +114,13 @@
|
||||
*/
|
||||
#define ZT_PROTO_FLAG_FRAGMENTED 0x40
|
||||
|
||||
/**
|
||||
* Flag indicating encryption with a PFS session key
|
||||
*
|
||||
* Not used yet -- for future PFS session re-keying support.
|
||||
*/
|
||||
#define ZT_PROTO_FLAG_PFS_SESSION 0x20
|
||||
|
||||
/**
|
||||
* Verb flag indicating payload is compressed with LZ4
|
||||
*/
|
||||
@ -293,9 +298,9 @@ namespace ZeroTier {
|
||||
*
|
||||
* Packets smaller than 28 bytes are invalid and silently discarded.
|
||||
*
|
||||
* The flags/cipher/hops bit field is: FFCCCHHH where C is a 3-bit cipher
|
||||
* selection allowing up to 8 cipher suites, F is flags (reserved, currently
|
||||
* all zero), and H is hop count.
|
||||
* The flags/cipher/hops bit field is: FFFCCHHH where C is a 2-bit cipher
|
||||
* selection allowing up to 4 cipher suites, F is outside-envelope flags,
|
||||
* and H is hop count.
|
||||
*
|
||||
* The three-bit hop count is the only part of a packet that is mutable in
|
||||
* transit without invalidating the MAC. All other bits in the packet are
|
||||
@ -968,25 +973,21 @@ public:
|
||||
*/
|
||||
inline unsigned int cipher() const
|
||||
{
|
||||
//return (((unsigned int)(*this)[ZT_PACKET_IDX_FLAGS] & 0x38) >> 3);
|
||||
// Use DEPRECATED 0x80 "encrypted" flag -- this will go away once there are no more <1.0.0 peers on the net
|
||||
return (((*this)[ZT_PACKET_IDX_FLAGS] & 0x80) == 0) ? ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE : ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012;
|
||||
// Note: this uses the new cipher spec field, which is incompatible with <1.0.0 peers
|
||||
return (((unsigned int)(*this)[ZT_PACKET_IDX_FLAGS] & 0x18) >> 3);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set this packet's cipher suite
|
||||
*
|
||||
* This normally shouldn't be called directly as armor() will set it after
|
||||
* encrypting and MACing the packet.
|
||||
*/
|
||||
inline void setCipher(unsigned int c)
|
||||
{
|
||||
unsigned char &b = (*this)[ZT_PACKET_IDX_FLAGS];
|
||||
b = (b & 0xc7) | (unsigned char)((c << 3) & 0x38);
|
||||
// Set both the new cipher suite spec field and the old DEPRECATED "encrypted" flag as long as there's <1.0.0 peers online
|
||||
b = (b & 0xe7) | (unsigned char)((c << 3) & 0x18); // bits: FFFCCHHH
|
||||
// DEPRECATED "encrypted" flag -- used by pre-1.0.3 peers
|
||||
if (c == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012)
|
||||
b |= 0x80;
|
||||
else b &= 0x7f;
|
||||
b |= ZT_PROTO_FLAG_ENCRYPTED;
|
||||
else b &= (~ZT_PROTO_FLAG_ENCRYPTED);
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user