Checking AES support

performance.md

@@ -8,16 +8,14 @@ Sender node:
   * 8 GiB Ram
   * Intel 82579LM Gigabit Network
   * Ubuntu 14.04 (Kernel 3.13.0-65-generic)
-  * Libsodium 1.0.7
 
 Receiver node:
   * Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
   * 16 GiB Ram
   * Realtek RTL8111/8168/8411 Gigabit Network
   * Ubuntu 14.04 (Kernel 3.13.0-63-generic)
-  * Libsodium 1.0.7
 
-VpnCloud version: `VpnCloud v0.3.0 (protocol version 1, libsodium 1.0.7)`
+VpnCloud version: `VpnCloud v0.3.0, protocol version 1, libsodium 1.0.7 (AES256: true)`
 
 The sender runs the following command:
 

src/cloud.rs

@@ -292,7 +292,7 @@ impl<P: Protocol> GenericCloud<P> {
                         let (size, src) = try_fail!(self.socket.recv_from(&mut buffer), "Failed to read from network socket: {}");
                         match decode(&mut buffer[..size], &mut self.crypto).and_then(|(options, msg)| self.handle_net_message(src, options, msg)) {
                             Ok(_) => (),
-                            Err(e) => error!("Error: {}", e)
+                            Err(e) => error!("Error: {}, from: {}", e, src)
                         }
                     },
                     &1 => {

src/crypto.rs

@@ -54,6 +54,7 @@ extern {
     pub fn sodium_init() -> c_int;
     pub fn randombytes_buf(buf: *mut u8, size: size_t);
     pub fn sodium_version_string() -> *const c_char;
+    pub fn crypto_aead_aes256gcm_is_available() -> c_int;
     pub fn crypto_pwhash_scryptsalsa208sha256(
         out: *mut u8,
         outlen: c_ulonglong,
@@ -149,6 +150,12 @@ impl Crypto {
         }
     }
 
+    pub fn aes256_available() -> bool {
+        unsafe {
+            crypto_aead_aes256gcm_is_available() == 1
+        }
+    }
+
     pub fn method(&self) -> u8 {
         match self {
             &Crypto::None => 0,
@@ -200,6 +207,9 @@ impl Crypto {
                 Crypto::ChaCha20Poly1305{key: crypto_key, nonce: nonce}
             },
             CryptoMethod::AES256 => {
+                if ! Crypto::aes256_available() {
+                    fail!("AES256 is not supported by this processor, use ChaCha20 instead");
+                }
                 let mut nonce = [0u8; crypto_aead_aes256gcm_NPUBBYTES];
                 unsafe { randombytes_buf(nonce.as_mut_ptr(), nonce.len()) };
                 let state = Aes256State::new();

src/main.rs

@@ -133,8 +133,12 @@ fn run<T: Protocol> (args: Args) {
 fn main() {
     let args: Args = Docopt::new(USAGE).and_then(|d| d.decode()).unwrap_or_else(|e| e.exit());
     if args.flag_version {
-        println!("VpnCloud v{} (protocol version {}, libsodium {})", env!("CARGO_PKG_VERSION"),
+        Crypto::init();
-            VERSION, Crypto::sodium_version()
+        println!("VpnCloud v{}, protocol version {}, libsodium {} (AES256: {})",
+            env!("CARGO_PKG_VERSION"),
+            VERSION,
+            Crypto::sodium_version(),
+            Crypto::aes256_available()
         );
         return;
     }

src/usage.txt

@@ -15,7 +15,7 @@ Options:
     --network-id <id>               Optional token that identifies the network.
     --shared-key <key>              The shared key to encrypt all traffic.
     --crypto <method>               The encryption method to use ("aes256", or
-                                    "chacha20"). [default: aes256]
+                                    "chacha20"). [default: chacha20]
     --peer-timeout <secs>           Peer timeout in seconds. [default: 1800]
     --dst-timeout <secs>            Switch table entry timeout in seconds.
                                     [default: 300]

vpncloud.md

@@ -53,8 +53,8 @@ vpncloud(1) -- Peer-to-peer VPN
 
     The encryption method to use ("aes256", or "chacha20"). Most current CPUs
     have special support for AES256 so this should be faster. For older
-    computers lacking this support, CHACHA20 should be faster.
+    computers lacking this support, only CHACHA20 is supported.
-    [default: `aes256`]
+    [default: `chacha20`]
 
   * `--network-id <id>`: