Removing old methods. Fixing tests.

OpenHD · Nov 27, 2023 · 5843353 · 5843353
1 parent 24776a3
commit 5843353
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 59 deletions.
diff --git a/executables/benchmark.cpp b/executables/benchmark.cpp
@@ -111,7 +111,7 @@ void benchmark_crypt(const Options &options,const bool packet_validation_only) {
   wb::Encryptor encryptor{keyPairTxRx.key_1};
   encryptor.set_encryption_enabled(!packet_validation_only);
   wb::Decryptor decryptor{keyPairTxRx.key_1};
-  decryptor.set_encryption_enabled(!packet_validation_only);
+  auto decryptor_encryption_enabled = !packet_validation_only;
   std::array<uint8_t, crypto_box_NONCEBYTES> sessionKeyNonce{};
   std::array<uint8_t, crypto_aead_chacha20poly1305_KEYBYTES + crypto_box_MACBYTES> sessionKeyData{};
   encryptor.makeNewSessionKey(sessionKeyNonce, sessionKeyData);
@@ -173,7 +173,8 @@ void benchmark_crypt(const Options &options,const bool packet_validation_only) {
             durationBenchmark.start();
             auto decrypted= decryptor.authenticate_and_decrypt_buff(
                 encrypted.nonce, encrypted.data->data(),
-                encrypted.data->size());
+                encrypted.data->size(),
+                decryptor_encryption_enabled);
             assert(!decrypted->empty());
             durationBenchmark.stop();
             packetizedBenchmark.doneWithPacket(decrypted->size());

diff --git a/executables/unit_test.cpp b/executables/unit_test.cpp
@@ -194,7 +194,7 @@ static void test_encrypt_decrypt_validate(const bool use_key_from_file,bool mess
   wb::Encryptor encryptor{keyPairTxRx.get_tx_key(true)};// We send from air unit
   encryptor.set_encryption_enabled(!message_signing_only);
   wb::Decryptor decryptor{keyPairTxRx.get_rx_key(false)}; // To the ground unit
-  decryptor.set_encryption_enabled(!message_signing_only);
+  auto decryptor_encryption_enabled = !message_signing_only;
   struct SessionStuff{
     std::array<uint8_t, crypto_box_NONCEBYTES> sessionKeyNonce{};  // filled with random data
     std::array<uint8_t, crypto_aead_chacha20poly1305_KEYBYTES + crypto_box_MACBYTES> sessionKeyData{};
@@ -213,13 +213,14 @@ static void test_encrypt_decrypt_validate(const bool use_key_from_file,bool mess
         {
             // Correct usage - let packets through and get the original data back
             const auto decrypted = decryptor.authenticate_and_decrypt_buff(
-          nonce, encrypted->data(), encrypted->size());
+          nonce, encrypted->data(), encrypted->size(), decryptor_encryption_enabled);
             assert(GenericHelper::compareVectors(data, *decrypted) == true);
         }
         {
             // tamper with the nonce - shouldn't let packets through
             const auto decrypted = decryptor.authenticate_and_decrypt_buff(
-                nonce + 1, encrypted->data(), encrypted->size());
+                nonce + 1, encrypted->data(), encrypted->size(),
+                decryptor_encryption_enabled);
             assert(decrypted== nullptr);
         }
         {
@@ -229,7 +230,7 @@ static void test_encrypt_decrypt_validate(const bool use_key_from_file,bool mess
             encrypted_wrong_sing->at(encrypted_wrong_sing->size()-2)=0;
             const auto decrypted = decryptor.authenticate_and_decrypt_buff(
                 nonce, encrypted_wrong_sing->data(),
-                encrypted_wrong_sing->size());
+                encrypted_wrong_sing->size(), decryptor_encryption_enabled);
             assert(decrypted== nullptr);
         }
   }
@@ -240,7 +241,8 @@ static void test_encrypt_decrypt_validate(const bool use_key_from_file,bool mess
         enrypted_wrong_sign->resize(data.size()+ENCRYPTION_ADDITIONAL_VALIDATION_DATA);
         memcpy(enrypted_wrong_sign->data(),data.data(),data.size());
         const auto decrypted = decryptor.authenticate_and_decrypt_buff(
-            nonce, enrypted_wrong_sign->data(), enrypted_wrong_sign->size());
+            nonce, enrypted_wrong_sign->data(), enrypted_wrong_sign->size(),
+            decryptor_encryption_enabled);
         assert(decrypted== nullptr);
   }
   fmt::print("Test {} with {} passed\n",TEST_TYPE,TEST_KEY_TYPE);

diff --git a/src/WBTxRx.cpp b/src/WBTxRx.cpp
@@ -623,7 +623,7 @@ bool WBTxRx::process_received_data_packet(
   // after that, we have the encrypted data (and the encryption suffix)
   const uint8_t* encrypted_data_with_suffix=payload_and_enc_suffix;
   const auto encrypted_data_with_suffix_len = payload_and_enc_suffix_size;
-  m_decryptor->set_encryption_enabled(encrypted);
+
   const auto before_decrypt=std::chrono::steady_clock::now();
   bool res;
   if (encrypted) {

diff --git a/src/encryption/Decryptor.cpp b/src/encryption/Decryptor.cpp
@@ -35,32 +35,6 @@ int wb::Decryptor::onNewPacketSessionKeyData(
   return SESSION_VALID_NOT_NEW;
 }
 
-bool wb::Decryptor::authenticate_and_decrypt(const uint64_t& nonce,
-                                             const uint8_t* encrypted,
-                                             int encrypted_size,
-                                             uint8_t* dest) {
-  if (!m_encrypt_data) {
-    const auto payload_size = encrypted_size - crypto_onetimeauth_BYTES;
-    assert(payload_size > 0);
-    const uint8_t* sign = encrypted + payload_size;
-    // const int
-    // res=crypto_auth_hmacsha256_verify(sign,msg,payload_size,session_key.data());
-    const auto sub_key = wb::create_onetimeauth_subkey(nonce, session_key);
-    const int res = crypto_onetimeauth_verify(sign, encrypted, payload_size,
-                                              sub_key.data());
-    if (res != -1) {
-      memcpy(dest, encrypted, payload_size);
-      return true;
-    }
-    return false;
-  }
-  unsigned long long mlen;
-  int res = crypto_aead_chacha20poly1305_decrypt(
-      dest, &mlen, nullptr, encrypted, encrypted_size, nullptr, 0,
-      (uint8_t*)(&nonce), session_key.data());
-  return res != -1;
-}
-
 bool wb::Decryptor::authenticate(
     const uint64_t& nonce,
     const uint8_t* encrypted,
@@ -81,11 +55,10 @@ bool wb::Decryptor::authenticate(
   return false;
 }
 
-bool wb::Decryptor::decrypt(
-    const uint64_t& nonce,
-    const uint8_t* encrypted,
-    int encrypted_size,
-    uint8_t* dest) {
+bool wb::Decryptor::decrypt(const uint64_t& nonce,
+                            const uint8_t* encrypted,
+                            int encrypted_size,
+                            uint8_t* dest) {
   unsigned long long mlen;
   int res = crypto_aead_chacha20poly1305_decrypt(
       dest,
@@ -100,15 +73,21 @@ bool wb::Decryptor::decrypt(
   return res != -1;
 }
 
-
 std::shared_ptr<std::vector<uint8_t>>
 wb::Decryptor::authenticate_and_decrypt_buff(const uint64_t& nonce,
                                              const uint8_t* encrypted,
-                                             int encrypted_size) {
+                                             int encrypted_size,
+                                             bool isEncrypt) {
   auto ret = std::make_shared<std::vector<uint8_t>>(
       encrypted_size - crypto_aead_chacha20poly1305_ABYTES);
-  const auto res =
-      authenticate_and_decrypt(nonce, encrypted, encrypted_size, ret->data());
+
+  bool res;
+  if (isEncrypt) {
+    res = decrypt(nonce, encrypted, encrypted_size, ret->data());
+  } else {
+    res = authenticate(nonce, encrypted, encrypted_size, ret->data());
+  }
+
   if (res) {
     return ret;
   }

diff --git a/src/encryption/Decryptor.h b/src/encryption/Decryptor.h
@@ -10,7 +10,6 @@
 
 #include "Key.hpp"
 
-
 namespace wb {
 class Decryptor {
  public:
@@ -31,40 +30,37 @@ class Decryptor {
       const std::array<uint8_t, crypto_box_NONCEBYTES>& sessionKeyNonce,
       const std::array<uint8_t, crypto_aead_chacha20poly1305_KEYBYTES +
                                     crypto_box_MACBYTES>& sessionKeyData);
+
   /**
-   * Decrypt (or validate only if encryption is disabled) the given message
+   * Decrypt the given message
    * and writes the original message content into dest.
    * Returns true on success, false otherwise (false== the message is not a
    * valid message)
    * @param dest needs to be at least @param encrypted - 16 bytes big.
    */
-  bool authenticate_and_decrypt(const uint64_t& nonce, const uint8_t* encrypted,
-                                int encrypted_size, uint8_t* dest);
-
   bool decrypt(const uint64_t& nonce, const uint8_t* encrypted,
                                 int encrypted_size, uint8_t* dest);
 
+  /**
+   * Validate only the given message
+   * and writes the original message content into dest.
+   * Returns true on success, false otherwise (false== the message is not a
+   * valid message)
+   * @param dest needs to be at least @param encrypted - 16 bytes big.
+   */
   bool authenticate(const uint64_t& nonce, const uint8_t* encrypted, int encrypted_size, uint8_t* dest);
 
   /**
    * Easier to use, but usage might require memcpy
+   * For test use
    */
   std::shared_ptr<std::vector<uint8_t>> authenticate_and_decrypt_buff(
-      const uint64_t& nonce, const uint8_t* encrypted, int encrypted_size);
-  /**
-   * Disables encryption (to save cpu performance) but keeps packet validation
-   * functionality
-   * @param encryption_enabled
-   */
-  void set_encryption_enabled(bool encryption_enabled) {
-    m_encrypt_data = encryption_enabled;
-  }
+      const uint64_t& nonce, const uint8_t* encrypted, int encrypted_size, bool isEncrypt);
+
   // Set to true as soon as a valid session has been detected
   bool has_valid_session() const { return m_has_valid_session; }
 
  private:
-  // use this one if you are worried about CPU usage when using encryption
-  bool m_encrypt_data = true;
   const std::array<uint8_t, crypto_box_SECRETKEYBYTES> rx_secretkey{};
   const std::array<uint8_t, crypto_box_PUBLICKEYBYTES> tx_publickey{};
   std::array<uint8_t, crypto_aead_chacha20poly1305_KEYBYTES> session_key{};