Skip to content

Commit

Permalink
in-place encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
@Hasan6979
Hasan6979 committed Jan 21, 2025
1 parent 61e0ae4 commit 6753d10
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 31 deletions.
10 changes: 5 additions & 5 deletions neptun/src/device/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1055,8 +1055,8 @@ impl Device {
for _ in 0..MAX_ITR {
let element = unsafe { TX_RING_BUFFER.get_next() };
if element.is_element_free.load(Ordering::Relaxed) {
let src = match iface.read(&mut t.src_buf[..mtu]) {
Ok(src) => src,
let len = match iface.read(&mut element.data[16..mtu + 16]) {
Ok(src) => src.len(),
Err(Error::IfaceRead(e)) => {
let ek = e.kind();
if ek == io::ErrorKind::Interrupted
Expand All @@ -1077,7 +1077,7 @@ impl Device {
}
};

let dst_addr = match Tunn::dst_address(src) {
let dst_addr = match Tunn::dst_address(&element.data[16..len + 16]) {
Some(addr) => addr,
None => continue,
};
Expand All @@ -1088,14 +1088,14 @@ impl Device {
};

if let Some(callback) = &d.config.firewall_process_outbound_callback {
if !callback(&peer.public_key.0, src) {
if !callback(&peer.public_key.0, &element.data[16..len + 16]) {
continue;
}
}

let res = {
let mut tun = peer.tunnel.lock();
tun.encapsulate(src, &mut element.data[..])
tun.encapsulate_in_place(len, &mut element.data[..])
};

match res {
Expand Down
19 changes: 14 additions & 5 deletions neptun/src/noise/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,26 +294,35 @@ impl Tunn {
/// Panics if dst buffer is too small.
/// Size of dst should be at least src.len() + 32, and no less than 148 bytes.
pub fn encapsulate<'a>(&mut self, src: &[u8], dst: &'a mut [u8]) -> TunnResult<'a> {
dst[16..src.len() + 16].copy_from_slice(src);
self.encapsulate_in_place(src.len(), dst)
}

pub fn encapsulate_in_place<'a>(
&mut self,
src_len: usize,
dst: &'a mut [u8],
) -> TunnResult<'a> {
let current = self.current;
if let Some(ref session) = self.sessions[current % N_SESSIONS] {
// Send the packet using an established session
let packet = session.format_packet_data(src, dst);
let packet = session.format_packet_data(src_len, dst);

// Send the notification on the channel to encrypt the packet
self.timer_tick(TimerName::TimeLastPacketSent);
// Exclude Keepalive packets from timer update.
if !src.is_empty() {
if src_len.ne(&0) {
self.timer_tick(TimerName::TimeLastDataPacketSent);
}
self.tx_bytes += packet.len();
return TunnResult::WriteToNetwork(packet);
}

if !src.is_empty() {
if src_len.ne(&0) {
// If there is no session, queue the packet for future retry,
// except if it's keepalive packet, new keepalive packets will be sent when session is created.
// This prevents double keepalive packets on initiation
self.queue_packet(src);
self.queue_packet(&dst[16..src_len + 16]);
}

// Initiate a new handshake if none is in progress
Expand Down Expand Up @@ -417,7 +426,7 @@ impl Tunn {
// Increase the rx_bytes accordingly
self.rx_bytes += HANDSHAKE_RESP_SZ;

let keepalive_packet = { session.format_packet_data(&[], dst) };
let keepalive_packet = { session.format_packet_data(0, dst) };
// Store new session in ring buffer
let l_idx = session.local_index();
let index = l_idx % N_SESSIONS;
Expand Down
12 changes: 6 additions & 6 deletions neptun/src/noise/session.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,8 +194,8 @@ impl Session {
/// src - an IP packet from the interface
/// dst - pre-allocated space to hold the encapsulating UDP packet to send over the network
/// returns the size of the formatted packet
pub(super) fn format_packet_data<'a>(&self, src: &[u8], dst: &'a mut [u8]) -> &'a mut [u8] {
if dst.len() < src.len() + super::DATA_OVERHEAD_SZ {
pub(super) fn format_packet_data<'a>(&self, src_len: usize, dst: &'a mut [u8]) -> &'a mut [u8] {
if dst.len() < src_len + super::DATA_OVERHEAD_SZ {
panic!("The destination buffer is too small");
}

Expand All @@ -213,16 +213,16 @@ impl Session {
let n = {
let mut nonce = [0u8; 12];
nonce[4..12].copy_from_slice(&sending_key_counter.to_le_bytes());
data[..src.len()].copy_from_slice(src);
// data[..src.len()].copy_from_slice(src);
self.sender
.seal_in_place_separate_tag(
Nonce::assume_unique_for_key(nonce),
Aad::from(&[]),
&mut data[..src.len()],
&mut data[..src_len],
)
.map(|tag| {
data[src.len()..src.len() + AEAD_SIZE].copy_from_slice(tag.as_ref());
src.len() + AEAD_SIZE
data[src_len..src_len + AEAD_SIZE].copy_from_slice(tag.as_ref());
src_len + AEAD_SIZE
})
.unwrap()
};
Expand Down
15 changes: 0 additions & 15 deletions neptun/src/noise/timers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,19 +66,6 @@ pub enum TimerName {
Top,
}

impl TimerName {
pub const VALUES: [Self; TimerName::Top as usize - 1] = [
Self::TimeSessionEstablished,
Self::TimeLastHandshakeStarted,
Self::TimeLastPacketReceived,
Self::TimeLastPacketSent,
Self::TimeLastDataPacketReceived,
Self::TimeLastDataPacketSent,
Self::TimeCookieReceived,
Self::TimePersistentKeepalive,
];
}

use self::TimerName::*;

#[derive(Debug)]
Expand All @@ -96,7 +83,6 @@ pub struct Timers {
persistent_keepalive: usize,
/// Should this timer call reset rr function (if not a shared rr instance)
pub(super) should_reset_rr: bool,
timers_to_update_mask: AtomicU16,
}

impl Timers {
Expand All @@ -110,7 +96,6 @@ impl Timers {
want_handshake_since: Default::default(),
persistent_keepalive: usize::from(persistent_keepalive.unwrap_or(0)),
should_reset_rr: reset_rr,
timers_to_update_mask: Default::default(),
}
}

Expand Down

0 comments on commit 6753d10

Please sign in to comment.