Author: andrews Date: 2008-03-29 12:46:14 +0100 (Sat, 29 Mar 2008) New Revision: 3439
Modified: branches/andrews_n2n_3436/edge.c branches/andrews_n2n_3436/n2n.c branches/andrews_n2n_3436/n2n.h branches/andrews_n2n_3436/supernode.c branches/andrews_n2n_3436/twofish.c branches/andrews_n2n_3436/twofish.h Log: NOTE: Untested as I don't currently have a second host to run the second edge. -------- M twofish.h M twofish.c Heavily modified the twofish encryption stuff. All data blocks are now u_int8_t instead of various char types. Any char conversions are now done outside the twofish code. Removed some dangerous key corruptions where a short key would have a random component from uninitialised memory hence making two edge processes incompatible (compiler dependent). Updated the twofish unit test to ensure the changes are reliable. $ gcc -o tftest -DTWOFISH_UNIT_TEST twofish.c $ ./tftest -------- M n2n.h M n2n.c M edge.c M supernode.c Catch up with twofish initialisation changes. The key is now passed in as a u_int8_t* and size. -------- Commentary The twofish code generated a lot of compiler warnings due to various signed and unsigned char types throughout the implementation. This is not an acceptible situation in encryption code as all data should internally be bytes and there should be no possibility of sign conversions. In the absence of an abstract byte type I used u_int8_t from stdint.h which should be available on all C99 compilers. The key management in twofish code was based on the assumption that the key was a NULL terminated string. This has no place in encryption code. It is now possible for fully binary encryption keys to be specified. This lays the groundwork for better keys being injected, eg. from a config file rather than the command line. _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
