zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-25 09:50:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

initial chunk approach

Browse Source
This commit is contained in:
0xdcarns
2022-02-14 14:21:56 -05:00
parent b7acb824dd
commit 83250980eb
4 changed files with 115 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mq/util.go
View File

@@ -10,7 +10,7 @@ import (
func decryptMsg(node *models.Node, msg []byte) ([]byte, error) { func decryptMsg(node *models.Node, msg []byte) ([]byte, error) {
if len(msg) <= 24 { // make sure message is of appropriate length if len(msg) <= 24 { // make sure message is of appropriate length
return nil, fmt.Errorf("recieved invalid message from broker %s", string(msg)) return nil, fmt.Errorf("recieved invalid message from broker %v", msg)
} }
trafficKey, trafficErr := logic.RetrievePrivateTrafficKey() // get server private key trafficKey, trafficErr := logic.RetrievePrivateTrafficKey() // get server private key
@@ -26,7 +26,7 @@ func decryptMsg(node *models.Node, msg []byte) ([]byte, error) {
return nil, err return nil, err
} }
return ncutils.BoxDecrypt(msg, nodePubTKey, serverPrivTKey) return ncutils.DeChunk(msg, nodePubTKey, serverPrivTKey)
} }
func encryptMsg(node *models.Node, msg []byte) ([]byte, error) { func encryptMsg(node *models.Node, msg []byte) ([]byte, error) {
@@ -46,7 +46,7 @@ func encryptMsg(node *models.Node, msg []byte) ([]byte, error) {
return nil, err return nil, err
} }
return ncutils.BoxEncrypt(msg, nodePubKey, serverPrivKey) return ncutils.Chunk(msg, nodePubKey, serverPrivKey)
} }
func publish(node *models.Node, dest string, msg []byte) error { func publish(node *models.Node, dest string, msg []byte) error {

6
netclient/functions/daemon.go
View File

@@ -553,7 +553,7 @@ func publish(cfg *config.ClientConfig, dest string, msg []byte) error {
client := SetupMQTT(cfg, true) client := SetupMQTT(cfg, true)
defer client.Disconnect(250) defer client.Disconnect(250)
encrypted, err := ncutils.BoxEncrypt(msg, serverPubKey, trafficPrivKey) encrypted, err := ncutils.Chunk(msg, serverPubKey, trafficPrivKey)
if err != nil { if err != nil {
return err return err
} }
@@ -570,7 +570,7 @@ func parseNetworkFromTopic(topic string) string {
func decryptMsg(cfg *config.ClientConfig, msg []byte) ([]byte, error) { func decryptMsg(cfg *config.ClientConfig, msg []byte) ([]byte, error) {
if len(msg) <= 24 { // make sure message is of appropriate length if len(msg) <= 24 { // make sure message is of appropriate length
return nil, fmt.Errorf("recieved invalid message from broker %s", string(msg)) return nil, fmt.Errorf("recieved invalid message from broker %v", msg)
} }
// setup the keys // setup the keys
@@ -584,7 +584,7 @@ func decryptMsg(cfg *config.ClientConfig, msg []byte) ([]byte, error) {
return nil, err return nil, err
} }
return ncutils.BoxDecrypt(msg, serverPubKey, diskKey) return ncutils.DeChunk(msg, serverPubKey, diskKey)
} }
func pingServer(cfg *config.ClientConfig) error { func pingServer(cfg *config.ClientConfig) error {

109
netclient/ncutils/encryption.go Normal file
View File

@@ -0,0 +1,109 @@
package ncutils
import (
"bytes"
"crypto/rand"
"encoding/gob"
"fmt"
"io"
"golang.org/x/crypto/nacl/box"
)
const (
chunkSize = 16128 // 16128 bytes max message size
)
// BoxEncrypt - encrypts traffic box
func BoxEncrypt(message []byte, recipientPubKey *[32]byte, senderPrivateKey *[32]byte) ([]byte, error) {
var nonce [24]byte // 192 bits of randomization
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
return nil, err
}
encrypted := box.Seal(nonce[:], message, &nonce, recipientPubKey, senderPrivateKey)
return encrypted, nil
}
// BoxDecrypt - decrypts traffic box
func BoxDecrypt(encrypted []byte, senderPublicKey *[32]byte, recipientPrivateKey *[32]byte) ([]byte, error) {
var decryptNonce [24]byte
copy(decryptNonce[:], encrypted[:24])
decrypted, ok := box.Open(nil, encrypted[24:], &decryptNonce, senderPublicKey, recipientPrivateKey)
if !ok {
return nil, fmt.Errorf("could not decrypt message")
}
return decrypted, nil
}
// Chunk - chunks a message and encrypts each chunk
func Chunk(message []byte, recipientPubKey *[32]byte, senderPrivateKey *[32]byte) ([]byte, error) {
var chunks [][]byte
for i := 0; i < len(message); i += chunkSize {
end := i + chunkSize
// necessary check to avoid slicing beyond
// slice capacity
if end > len(message) {
end = len(message)
}
encryptedMsgSlice, err := BoxEncrypt(message[i:end], recipientPubKey, senderPrivateKey)
if err != nil {
return nil, err
}
chunks = append(chunks, encryptedMsgSlice)
}
chunkedMsg, err := convertBytesToMsg(chunks) // encode the array into some bytes to decode on receiving end
if err != nil {
return nil, err
}
return chunkedMsg, nil
}
// DeChunk - "de" chunks and decrypts a message
func DeChunk(chunkedMsg []byte, senderPublicKey *[32]byte, recipientPrivateKey *[32]byte) ([]byte, error) {
chunks, err := convertMsgToBytes(chunkedMsg)
if err != nil {
return nil, err
}
var totalMsg []byte
for i := range chunks {
decodedMsg, err := BoxDecrypt(chunks[i], senderPublicKey, recipientPrivateKey)
if err != nil {
return nil, err
}
totalMsg = append(totalMsg, decodedMsg...)
}
return totalMsg, nil
}
// == private ==
// ConvertMsgToBytes - converts a message (MQ) to it's chunked version
// decode action
func convertMsgToBytes(msg []byte) ([][]byte, error) {
var buffer = bytes.NewBuffer(msg)
var dec = gob.NewDecoder(buffer)
var result [][]byte
var err = dec.Decode(&result)
if err != nil {
return nil, err
}
return result, err
}
// ConvertBytesToMsg - converts the chunked message into a MQ message
// encode action
func convertBytesToMsg(b [][]byte) ([]byte, error) {
var buffer bytes.Buffer
var enc = gob.NewEncoder(&buffer)
if err := enc.Encode(b); err != nil {
return nil, err
}
return buffer.Bytes(), nil
}

24
netclient/ncutils/netclientutils.go
View File

@@ -2,7 +2,6 @@ package ncutils
import ( import (
"bytes" "bytes"
crand "crypto/rand"
"crypto/tls" "crypto/tls"
"encoding/gob" "encoding/gob"
"errors" "errors"
@@ -22,7 +21,6 @@ import (
"time" "time"
"github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/models"
"golang.org/x/crypto/nacl/box"
"golang.zx2c4.com/wireguard/wgctrl" "golang.zx2c4.com/wireguard/wgctrl"
"golang.zx2c4.com/wireguard/wgctrl/wgtypes" "golang.zx2c4.com/wireguard/wgctrl/wgtypes"
"google.golang.org/grpc" "google.golang.org/grpc"
@@ -613,28 +611,6 @@ func ServerAddrSliceContains(slice []models.ServerAddr, item models.ServerAddr)
return false return false
} }
// BoxEncrypt - encrypts traffic box
func BoxEncrypt(message []byte, recipientPubKey *[32]byte, senderPrivateKey *[32]byte) ([]byte, error) {
var nonce [24]byte // 192 bits of randomization
if _, err := io.ReadFull(crand.Reader, nonce[:]); err != nil {
return nil, err
}
encrypted := box.Seal(nonce[:], message, &nonce, recipientPubKey, senderPrivateKey)
return encrypted, nil
}
// BoxDecrypt - decrypts traffic box
func BoxDecrypt(encrypted []byte, senderPublicKey *[32]byte, recipientPrivateKey *[32]byte) ([]byte, error) {
var decryptNonce [24]byte
copy(decryptNonce[:], encrypted[:24])
decrypted, ok := box.Open(nil, encrypted[24:], &decryptNonce, senderPublicKey, recipientPrivateKey)
if !ok {
return nil, fmt.Errorf("could not decrypt message")
}
return decrypted, nil
}
// MakeRandomString - generates a random string of len n // MakeRandomString - generates a random string of len n
func MakeRandomString(n int) string { func MakeRandomString(n int) string {
sb := strings.Builder{} sb := strings.Builder{}