From c2f627bc07dfe3696f668dd470e3177fdb2d6ce5 Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Mon, 30 Nov 2015 23:04:24 +0100 Subject: [PATCH] Checking AES support --- performance.md | 4 +--- src/cloud.rs | 2 +- src/crypto.rs | 10 ++++++++++ src/main.rs | 8 ++++++-- src/usage.txt | 2 +- vpncloud.md | 4 ++-- 6 files changed, 21 insertions(+), 9 deletions(-) diff --git a/performance.md b/performance.md index 1113be6..05eaa1e 100644 --- a/performance.md +++ b/performance.md @@ -8,16 +8,14 @@ Sender node: * 8 GiB Ram * Intel 82579LM Gigabit Network * Ubuntu 14.04 (Kernel 3.13.0-65-generic) - * Libsodium 1.0.7 Receiver node: * Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz * 16 GiB Ram * Realtek RTL8111/8168/8411 Gigabit Network * Ubuntu 14.04 (Kernel 3.13.0-63-generic) - * Libsodium 1.0.7 -VpnCloud version: `VpnCloud v0.3.0 (protocol version 1, libsodium 1.0.7)` +VpnCloud version: `VpnCloud v0.3.0, protocol version 1, libsodium 1.0.7 (AES256: true)` The sender runs the following command: diff --git a/src/cloud.rs b/src/cloud.rs index c74c670..a0d2a90 100644 --- a/src/cloud.rs +++ b/src/cloud.rs @@ -292,7 +292,7 @@ impl GenericCloud

{ let (size, src) = try_fail!(self.socket.recv_from(&mut buffer), "Failed to read from network socket: {}"); match decode(&mut buffer[..size], &mut self.crypto).and_then(|(options, msg)| self.handle_net_message(src, options, msg)) { Ok(_) => (), - Err(e) => error!("Error: {}", e) + Err(e) => error!("Error: {}, from: {}", e, src) } }, &1 => { diff --git a/src/crypto.rs b/src/crypto.rs index 472bf17..0ac02e9 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -54,6 +54,7 @@ extern { pub fn sodium_init() -> c_int; pub fn randombytes_buf(buf: *mut u8, size: size_t); pub fn sodium_version_string() -> *const c_char; + pub fn crypto_aead_aes256gcm_is_available() -> c_int; pub fn crypto_pwhash_scryptsalsa208sha256( out: *mut u8, outlen: c_ulonglong, @@ -149,6 +150,12 @@ impl Crypto { } } + pub fn aes256_available() -> bool { + unsafe { + crypto_aead_aes256gcm_is_available() == 1 + } + } + pub fn method(&self) -> u8 { match self { &Crypto::None => 0, @@ -200,6 +207,9 @@ impl Crypto { Crypto::ChaCha20Poly1305{key: crypto_key, nonce: nonce} }, CryptoMethod::AES256 => { + if ! Crypto::aes256_available() { + fail!("AES256 is not supported by this processor, use ChaCha20 instead"); + } let mut nonce = [0u8; crypto_aead_aes256gcm_NPUBBYTES]; unsafe { randombytes_buf(nonce.as_mut_ptr(), nonce.len()) }; let state = Aes256State::new(); diff --git a/src/main.rs b/src/main.rs index 67441c9..8de847c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -133,8 +133,12 @@ fn run (args: Args) { fn main() { let args: Args = Docopt::new(USAGE).and_then(|d| d.decode()).unwrap_or_else(|e| e.exit()); if args.flag_version { - println!("VpnCloud v{} (protocol version {}, libsodium {})", env!("CARGO_PKG_VERSION"), - VERSION, Crypto::sodium_version() + Crypto::init(); + println!("VpnCloud v{}, protocol version {}, libsodium {} (AES256: {})", + env!("CARGO_PKG_VERSION"), + VERSION, + Crypto::sodium_version(), + Crypto::aes256_available() ); return; } diff --git a/src/usage.txt b/src/usage.txt index 8a17e49..c1216ef 100644 --- a/src/usage.txt +++ b/src/usage.txt @@ -15,7 +15,7 @@ Options: --network-id Optional token that identifies the network. --shared-key The shared key to encrypt all traffic. --crypto The encryption method to use ("aes256", or - "chacha20"). [default: aes256] + "chacha20"). [default: chacha20] --peer-timeout Peer timeout in seconds. [default: 1800] --dst-timeout Switch table entry timeout in seconds. [default: 300] diff --git a/vpncloud.md b/vpncloud.md index 662eb77..5403b07 100644 --- a/vpncloud.md +++ b/vpncloud.md @@ -53,8 +53,8 @@ vpncloud(1) -- Peer-to-peer VPN The encryption method to use ("aes256", or "chacha20"). Most current CPUs have special support for AES256 so this should be faster. For older - computers lacking this support, CHACHA20 should be faster. - [default: `aes256`] + computers lacking this support, only CHACHA20 is supported. + [default: `chacha20`] * `--network-id `: