ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-05-01 00:10:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Restrict usage to when encryption is not active.

Browse Source
This commit is contained in:
Adam Ierymenko 2024-09-25 20:12:19 -04:00
parent 6b078ee935
commit f190df8621
No known key found for this signature in database
GPG Key ID: C8877CF2D7A5D7F3
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
node/Packet.cpp
View File

@ -1071,6 +1071,7 @@ void Packet::armor(const void *key,bool encryptPayload,bool extendedArmor,const
} }
} }
/* NOTE: this is currently only ever used with NONE encryption for HELLO packets. */
if (extendedArmor) { if (extendedArmor) {
ECC::Pair ephemeralKeyPair = ECC::generate(); ECC::Pair ephemeralKeyPair = ECC::generate();
uint8_t ephemeralSymmetric[32]; uint8_t ephemeralSymmetric[32];
@ -1088,9 +1089,10 @@ void Packet::armor(const void *key,bool encryptPayload,bool extendedArmor,const
bool Packet::dearmor(const void *key,const AES aesKeys[2],const Identity &identity) bool Packet::dearmor(const void *key,const AES aesKeys[2],const Identity &identity)
{ {
uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData()); uint8_t *const data = reinterpret_cast<uint8_t *>(unsafeData());
const unsigned int cs = cipher();
if (extendedArmor()) { if (extendedArmor() && (cs == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_NONE)) {
if (size() < ZT_ECC_EPHEMERAL_PUBLIC_KEY_LEN) { if (size() < (ZT_PACKET_IDX_VERB + 1 + ZT_ECC_EPHEMERAL_PUBLIC_KEY_LEN)) {
return false; return false;
} }
uint8_t ephemeralSymmetric[32]; uint8_t ephemeralSymmetric[32];
@ -1112,7 +1114,6 @@ bool Packet::dearmor(const void *key,const AES aesKeys[2],const Identity &identi
const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB; const unsigned int payloadLen = size() - ZT_PACKET_IDX_VERB;
unsigned char *const payload = data + ZT_PACKET_IDX_VERB; unsigned char *const payload = data + ZT_PACKET_IDX_VERB;
const unsigned int cs = cipher();
if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) { if (cs == ZT_PROTO_CIPHER_SUITE__AES_GMAC_SIV) {
if (aesKeys) { if (aesKeys) {