Checking AES support

This commit is contained in:
Dennis Schwerdel 2015-11-30 23:04:24 +01:00
parent 7dfcd92ab0
commit c2f627bc07
6 changed files with 21 additions and 9 deletions

View File

@ -8,16 +8,14 @@ Sender node:
* 8 GiB Ram * 8 GiB Ram
* Intel 82579LM Gigabit Network * Intel 82579LM Gigabit Network
* Ubuntu 14.04 (Kernel 3.13.0-65-generic) * Ubuntu 14.04 (Kernel 3.13.0-65-generic)
* Libsodium 1.0.7
Receiver node: Receiver node:
* Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz * Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
* 16 GiB Ram * 16 GiB Ram
* Realtek RTL8111/8168/8411 Gigabit Network * Realtek RTL8111/8168/8411 Gigabit Network
* Ubuntu 14.04 (Kernel 3.13.0-63-generic) * Ubuntu 14.04 (Kernel 3.13.0-63-generic)
* Libsodium 1.0.7
VpnCloud version: `VpnCloud v0.3.0 (protocol version 1, libsodium 1.0.7)` VpnCloud version: `VpnCloud v0.3.0, protocol version 1, libsodium 1.0.7 (AES256: true)`
The sender runs the following command: The sender runs the following command:

View File

@ -292,7 +292,7 @@ impl<P: Protocol> GenericCloud<P> {
let (size, src) = try_fail!(self.socket.recv_from(&mut buffer), "Failed to read from network socket: {}"); let (size, src) = try_fail!(self.socket.recv_from(&mut buffer), "Failed to read from network socket: {}");
match decode(&mut buffer[..size], &mut self.crypto).and_then(|(options, msg)| self.handle_net_message(src, options, msg)) { match decode(&mut buffer[..size], &mut self.crypto).and_then(|(options, msg)| self.handle_net_message(src, options, msg)) {
Ok(_) => (), Ok(_) => (),
Err(e) => error!("Error: {}", e) Err(e) => error!("Error: {}, from: {}", e, src)
} }
}, },
&1 => { &1 => {

View File

@ -54,6 +54,7 @@ extern {
pub fn sodium_init() -> c_int; pub fn sodium_init() -> c_int;
pub fn randombytes_buf(buf: *mut u8, size: size_t); pub fn randombytes_buf(buf: *mut u8, size: size_t);
pub fn sodium_version_string() -> *const c_char; pub fn sodium_version_string() -> *const c_char;
pub fn crypto_aead_aes256gcm_is_available() -> c_int;
pub fn crypto_pwhash_scryptsalsa208sha256( pub fn crypto_pwhash_scryptsalsa208sha256(
out: *mut u8, out: *mut u8,
outlen: c_ulonglong, outlen: c_ulonglong,
@ -149,6 +150,12 @@ impl Crypto {
} }
} }
pub fn aes256_available() -> bool {
unsafe {
crypto_aead_aes256gcm_is_available() == 1
}
}
pub fn method(&self) -> u8 { pub fn method(&self) -> u8 {
match self { match self {
&Crypto::None => 0, &Crypto::None => 0,
@ -200,6 +207,9 @@ impl Crypto {
Crypto::ChaCha20Poly1305{key: crypto_key, nonce: nonce} Crypto::ChaCha20Poly1305{key: crypto_key, nonce: nonce}
}, },
CryptoMethod::AES256 => { CryptoMethod::AES256 => {
if ! Crypto::aes256_available() {
fail!("AES256 is not supported by this processor, use ChaCha20 instead");
}
let mut nonce = [0u8; crypto_aead_aes256gcm_NPUBBYTES]; let mut nonce = [0u8; crypto_aead_aes256gcm_NPUBBYTES];
unsafe { randombytes_buf(nonce.as_mut_ptr(), nonce.len()) }; unsafe { randombytes_buf(nonce.as_mut_ptr(), nonce.len()) };
let state = Aes256State::new(); let state = Aes256State::new();

View File

@ -133,8 +133,12 @@ fn run<T: Protocol> (args: Args) {
fn main() { fn main() {
let args: Args = Docopt::new(USAGE).and_then(|d| d.decode()).unwrap_or_else(|e| e.exit()); let args: Args = Docopt::new(USAGE).and_then(|d| d.decode()).unwrap_or_else(|e| e.exit());
if args.flag_version { if args.flag_version {
println!("VpnCloud v{} (protocol version {}, libsodium {})", env!("CARGO_PKG_VERSION"), Crypto::init();
VERSION, Crypto::sodium_version() println!("VpnCloud v{}, protocol version {}, libsodium {} (AES256: {})",
env!("CARGO_PKG_VERSION"),
VERSION,
Crypto::sodium_version(),
Crypto::aes256_available()
); );
return; return;
} }

View File

@ -15,7 +15,7 @@ Options:
--network-id <id> Optional token that identifies the network. --network-id <id> Optional token that identifies the network.
--shared-key <key> The shared key to encrypt all traffic. --shared-key <key> The shared key to encrypt all traffic.
--crypto <method> The encryption method to use ("aes256", or --crypto <method> The encryption method to use ("aes256", or
"chacha20"). [default: aes256] "chacha20"). [default: chacha20]
--peer-timeout <secs> Peer timeout in seconds. [default: 1800] --peer-timeout <secs> Peer timeout in seconds. [default: 1800]
--dst-timeout <secs> Switch table entry timeout in seconds. --dst-timeout <secs> Switch table entry timeout in seconds.
[default: 300] [default: 300]

View File

@ -53,8 +53,8 @@ vpncloud(1) -- Peer-to-peer VPN
The encryption method to use ("aes256", or "chacha20"). Most current CPUs The encryption method to use ("aes256", or "chacha20"). Most current CPUs
have special support for AES256 so this should be faster. For older have special support for AES256 so this should be faster. For older
computers lacking this support, CHACHA20 should be faster. computers lacking this support, only CHACHA20 is supported.
[default: `aes256`] [default: `chacha20`]
* `--network-id <id>`: * `--network-id <id>`: