Network constructor deuglification, remove unused old encrypt/decrypt methods from Identity.
This commit is contained in:
parent
28a73b620e
commit
b342f56bec
5 changed files with 70 additions and 167 deletions
|
@ -225,81 +225,5 @@ Address Identity::deriveAddress(const void *keyBytes,unsigned int keyLen)
|
|||
return Address(dig,ZT_ADDRESS_LENGTH); // first 5 bytes of dig[]
|
||||
}
|
||||
|
||||
std::string Identity::encrypt(const Identity &to,const void *data,unsigned int len) const
|
||||
{
|
||||
unsigned char key[64];
|
||||
unsigned char mac[32];
|
||||
unsigned char iv[8];
|
||||
|
||||
if (!agree(to,key,sizeof(key)))
|
||||
return std::string();
|
||||
Utils::getSecureRandom(iv,8);
|
||||
for(int i=0;i<8;++i)
|
||||
key[i + 32] ^= iv[i]; // perturb HMAC key with IV so IV is effectively included in HMAC
|
||||
Salsa20 s20(key,256,iv);
|
||||
|
||||
std::string compressed;
|
||||
compressed.reserve(len);
|
||||
Utils::compress((const char *)data,(const char *)data + len,Utils::StringAppendOutput(compressed));
|
||||
if (!compressed.length())
|
||||
return std::string();
|
||||
|
||||
char *encrypted = new char[compressed.length() + 16];
|
||||
try {
|
||||
s20.encrypt(compressed.data(),encrypted + 16,(unsigned int)compressed.length());
|
||||
HMAC::sha256(key + 32,32,encrypted + 16,(unsigned int)compressed.length(),mac);
|
||||
for(int i=0;i<8;++i)
|
||||
encrypted[i] = iv[i];
|
||||
for(int i=0;i<8;++i)
|
||||
encrypted[i + 8] = mac[i];
|
||||
|
||||
std::string s(encrypted,compressed.length() + 16);
|
||||
delete [] encrypted;
|
||||
return s;
|
||||
} catch ( ... ) {
|
||||
delete [] encrypted;
|
||||
return std::string();
|
||||
}
|
||||
}
|
||||
|
||||
std::string Identity::decrypt(const Identity &from,const void *cdata,unsigned int len) const
|
||||
{
|
||||
unsigned char key[64];
|
||||
unsigned char mac[32];
|
||||
|
||||
if (len < 16)
|
||||
return std::string();
|
||||
|
||||
if (!agree(from,key,sizeof(key)))
|
||||
return std::string();
|
||||
|
||||
for(int i=0;i<8;++i)
|
||||
key[i + 32] ^= ((const unsigned char *)cdata)[i]; // apply IV to HMAC key
|
||||
HMAC::sha256(key + 32,32,((const char *)cdata) + 16,(unsigned int)(len - 16),mac);
|
||||
for(int i=0;i<8;++i) {
|
||||
if (((const unsigned char *)cdata)[i + 8] != mac[i])
|
||||
return std::string();
|
||||
}
|
||||
|
||||
char *decbuf = new char[len - 16];
|
||||
try {
|
||||
Salsa20 s20(key,256,cdata); // first 8 bytes are IV
|
||||
len -= 16;
|
||||
s20.decrypt((const char *)cdata + 16,decbuf,len);
|
||||
|
||||
std::string decompressed;
|
||||
if (Utils::decompress((const char *)decbuf,(const char *)decbuf + len,Utils::StringAppendOutput(decompressed))) {
|
||||
delete [] decbuf;
|
||||
return decompressed;
|
||||
} else {
|
||||
delete [] decbuf;
|
||||
return std::string();
|
||||
}
|
||||
} catch ( ... ) {
|
||||
delete [] decbuf;
|
||||
return std::string();
|
||||
}
|
||||
}
|
||||
|
||||
} // namespace ZeroTier
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue