1 files changed, 44 insertions, 52 deletions

diff --git a/ncrypt.h b/ncrypt.h
index 917b1bf9b..96db56049 100644
--- a/ncrypt.h
+++ b/ncrypt.h
@@ -4,63 +4,43 @@
 #include <stdlib.h>
 
 #include "config.h"
+#include "nDPIsrvd.h"
 
 #define NCRYPT_X25519_KEYLEN 32
 #define NCRYPT_AES_IVLEN 12
 #define NCRYPT_TAG_SIZE 16
 #define NCRYPT_BUFFER_SIZE NETWORK_BUFFER_MAX_SIZE
-#define NCRYPT_PACKET_BUFFER_SIZE NCRYPT_AES_IVLEN + NCRYPT_TAG_SIZE + NCRYPT_BUFFER_SIZE
+#define NCRYPT_PACKET_OVERHEAD (NCRYPT_AES_IVLEN + NCRYPT_TAG_SIZE)
+#define NCRYPT_PACKET_BUFFER_SIZE (NCRYPT_PACKET_OVERHEAD + NCRYPT_BUFFER_SIZE)
+#define NCRYPT_PACKET_MIN_SIZE (NCRYPT_PACKET_OVERHEAD + NETWORK_BUFFER_LENGTH_DIGITS + 1)
 
-struct ncrypt
+struct aes
 {
-    void * libctx;
-    void * aesctx;
-    unsigned char * shared_secret;
-    const char * propq;
-    struct
-    {
-        void * priv_key;
-        unsigned char pub_key[NCRYPT_X25519_KEYLEN];
-    } local;
-    struct
-    {
-        void * pub_key;
-    } remote;
+    void * ctx;
+};
+
+struct peer
+{
+    nDPIsrvd_hashkey hash_key;
+    struct nDPIsrvd_address address;
     unsigned char iv[NCRYPT_AES_IVLEN];
+    size_t crypto_errors;
     size_t iv_mismatches;
+    size_t send_errors;
+    size_t recv_errors;
     size_t partial_writes;
+    struct aes aes;
+    UT_hash_handle hh;
 };
 
-struct ncrypt_buffer
+struct ncrypt
 {
-    struct
-    {
-        unsigned char data[NCRYPT_BUFFER_SIZE];
-    } plaintext;
-
-    struct
-    {
-        union
-        {
-            unsigned char raw[NCRYPT_PACKET_BUFFER_SIZE];
-            struct
-            {
-                unsigned char iv[NCRYPT_AES_IVLEN];
-                unsigned char tag[NCRYPT_TAG_SIZE];
-                unsigned char data[NCRYPT_BUFFER_SIZE];
-            } __attribute__((__packed__));
-        };
-    } encrypted;
-
-    size_t data_used;    // size of plaintext and encrypted is equal for AES-GCM
-    size_t write_offset; // partial write; offset to next bytes of data
+    void * libctx;
+    const char * propq;
+    unsigned char shared_secret[NCRYPT_X25519_KEYLEN];
+    struct peer * peers;
 };
 
-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
-_Static_assert(sizeof(((struct ncrypt_buffer *)0)->encrypted) == sizeof(((struct ncrypt_buffer *)0)->encrypted.raw),
-               "Raw buffer and iv/tag/data sizes differ");
-#endif
-
 int ncrypt_keygen(unsigned char priv_key[NCRYPT_X25519_KEYLEN], unsigned char pub_key[NCRYPT_X25519_KEYLEN]);
 
 int ncrypt_load_privkey(char const * const private_key_file, unsigned char priv_key[NCRYPT_X25519_KEYLEN]);
@@ -71,26 +51,38 @@ int ncrypt_init(struct ncrypt * const nc,
                 unsigned char local_priv_key[NCRYPT_X25519_KEYLEN],
                 unsigned char remote_pub_key[NCRYPT_X25519_KEYLEN]);
 
-int ncrypt_init_encrypt(struct ncrypt * const nc);
+int ncrypt_init_encrypt(struct ncrypt * const nc, struct aes * const aes);
+
+int ncrypt_init_encrypt2(struct ncrypt * const nc, struct nDPIsrvd_address * const peer_address);
 
-int ncrypt_init_decrypt(struct ncrypt * const nc);
+int ncrypt_init_decrypt(struct ncrypt * const nc, struct aes * const aes);
+
+int ncrypt_init_decrypt2(struct ncrypt * const nc, struct nDPIsrvd_address * const peer_address);
+
+void ncrypt_free_aes(struct aes * const aes);
 
 void ncrypt_free(struct ncrypt * const nc);
 
-int ncrypt_encrypt(struct ncrypt * const nc,
-                   unsigned char const * const plaintext,
-                   size_t used,
+int ncrypt_add_peer(struct ncrypt * const nc, struct nDPIsrvd_address const * const peer_address);
+
+struct peer * ncrypt_get_peer(struct ncrypt * const nc, struct nDPIsrvd_address const * const peer_address);
+
+int ncrypt_encrypt(struct aes * const aes,
+                   char const * const plaintext,
+                   size_t plaintext_size,
+                   unsigned char const iv[NCRYPT_AES_IVLEN],
                    unsigned char encrypted[NCRYPT_BUFFER_SIZE],
                    unsigned char tag[NCRYPT_TAG_SIZE]);
 
-int ncrypt_decrypt(struct ncrypt * const nc,
+int ncrypt_decrypt(struct aes * const aes,
                    unsigned char const * const encrypted,
-                   size_t used,
+                   size_t encrypted_size,
+                   unsigned char const iv[NCRYPT_AES_IVLEN],
                    unsigned char tag[NCRYPT_TAG_SIZE],
-                   unsigned char plaintext[NCRYPT_BUFFER_SIZE]);
+                   char plaintext[NCRYPT_BUFFER_SIZE]);
 
-int ncrypt_encrypt_send(struct ncrypt * const nc, int fd, struct ncrypt_buffer * const buf);
+int ncrypt_dgram_send(struct ncrypt * const nc, int fd, char const * const plaintext, size_t plaintext_size);
 
-int ncrypt_decrypt_recv(struct ncrypt * const nc, int fd, struct ncrypt_buffer * const buf);
+int ncrypt_dgram_recv(struct ncrypt * const nc, int fd, char * const plaintext, size_t plaintext_size);
 
 #endif