Mercurial > hg > quicktun
annotate src/proto.nacltai.c @ 44:55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
| author | Ivo Smits <Ivo@UCIS.nl> |
|---|---|
| date | Fri, 17 May 2013 16:09:49 +0200 |
| parents | 4adbd9b67fe2 |
| children | 3115f8af98bb |
| rev | line source |
|---|---|
| 0 | 1 /* Copyright 2010 Ivo Smits <Ivo@UCIS.nl>. All rights reserved. |
| 2 Redistribution and use in source and binary forms, with or without modification, are | |
| 3 permitted provided that the following conditions are met: | |
| 4 | |
| 5 1. Redistributions of source code must retain the above copyright notice, this list of | |
| 6 conditions and the following disclaimer. | |
| 7 | |
| 8 2. Redistributions in binary form must reproduce the above copyright notice, this list | |
| 9 of conditions and the following disclaimer in the documentation and/or other materials | |
| 10 provided with the distribution. | |
| 11 | |
| 12 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED | |
| 13 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND | |
| 14 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR | |
| 15 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| 16 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 17 SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | |
| 18 ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 19 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | |
| 20 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 21 | |
| 22 The views and conclusions contained in the software and documentation are those of the | |
| 23 authors and should not be interpreted as representing official policies, either expressed | |
| 24 or implied, of Ivo Smits.*/ | |
| 25 | |
| 26 #include "common.c" | |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
27 #include "crypto_box_curve25519xsalsa20poly1305.h" |
|
19
3400045a57b8
Version 2.1.6, changed sourcecode archive generation, use NaCl version 20110221, do not duplicate NaCl sourcecode, support iproute2 for persistent tunnel creation on Debian, support running as root on Debian, removed autogenerated header files
Ivo Smits <Ivo@UCIS.nl>
parents:
11
diff
changeset
|
28 #include "crypto_scalarmult_curve25519.h" |
| 0 | 29 #include <sys/types.h> |
| 30 #include <sys/time.h> | |
| 31 | |
| 32 struct qt_proto_data_nacltai { | |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
33 unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; |
|
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
34 unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
35 unsigned char cdtaipp[16]; |
| 0 | 36 }; |
| 37 | |
|
6
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
38 #define noncelength 16 |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
39 #define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength) |
|
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
40 static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; |
| 0 | 41 |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
42 static void taia_now_packed(unsigned char* b, int secoffset) { |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
43 struct timeval now; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
44 gettimeofday(&now, NULL); |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
45 u_int64_t sec = 4611686018427387914ULL + (u_int64_t)now.tv_sec + secoffset; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
46 b[0] = (sec >> 56) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
47 b[1] = (sec >> 48) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
48 b[2] = (sec >> 40) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
49 b[3] = (sec >> 32) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
50 b[4] = (sec >> 24) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
51 b[5] = (sec >> 16) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
52 b[6] = (sec >> 8) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
53 b[7] = (sec >> 0) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
54 u_int32_t nano = 1000 * now.tv_usec + 500; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
55 b[8] = (nano >> 24) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
56 b[9] = (nano >> 16) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
57 b[10] = (nano >> 8) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
58 b[11] = (nano >> 0) & 0xff; |
|
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
59 ++b[15] == 0 && ++b[14] == 0 && ++b[13] == 0 && ++b[12] == 0; |
| 0 | 60 } |
| 61 | |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
62 //Packet format: <16 bytes taia packed timestamp><16 bytes checksum><n bytes encrypted data> |
| 0 | 63 |
| 64 static int encode(struct qtsession* sess, char* raw, char* enc, int len) { | |
|
30
6f0e6b7dc088
Fixed build script to support multiple abis on one machine, bugfix in code, minor improvements
Ivo Smits <Ivo@UCIS.nl>
parents:
27
diff
changeset
|
65 if (debug) fprintf(stderr, "Encoding packet of %d bytes from %p to %p\n", len, raw, enc); |
| 0 | 66 struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data; |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
67 memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES); |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
68 taia_now_packed(d->cenonce + nonceoffset, 0); |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
69 if (crypto_box_curve25519xsalsa20poly1305_afternm(enc, raw, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cenonce, d->cbefore)) return errorexit("Encryption failed"); |
|
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
70 memcpy((void*)(enc + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength), d->cenonce + nonceoffset, noncelength); |
| 0 | 71 len += overhead; |
|
30
6f0e6b7dc088
Fixed build script to support multiple abis on one machine, bugfix in code, minor improvements
Ivo Smits <Ivo@UCIS.nl>
parents:
27
diff
changeset
|
72 if (debug) fprintf(stderr, "Encoded packet of %d bytes from %p to %p\n", len, raw, enc); |
| 0 | 73 return len; |
| 74 } | |
| 75 | |
| 76 static int decode(struct qtsession* sess, char* enc, char* raw, int len) { | |
|
30
6f0e6b7dc088
Fixed build script to support multiple abis on one machine, bugfix in code, minor improvements
Ivo Smits <Ivo@UCIS.nl>
parents:
27
diff
changeset
|
77 if (debug) fprintf(stderr, "Decoding packet of %d bytes from %p to %p\n", len, enc, raw); |
| 0 | 78 struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data; |
| 79 int i; | |
| 80 if (len < overhead) { | |
| 81 fprintf(stderr, "Short packet received: %d\n", len); | |
|
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
38
diff
changeset
|
82 return -1; |
| 0 | 83 } |
| 84 len -= overhead; | |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
85 if (memcmp(enc, d->cdtaipp, 16) <= 0) { |
| 0 | 86 fprintf(stderr, "Timestamp going back, ignoring packet\n"); |
|
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
38
diff
changeset
|
87 return -1; |
| 0 | 88 } |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
89 memcpy(d->cdnonce + nonceoffset, enc, noncelength); |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
90 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); |
|
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
91 if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cdnonce, d->cbefore)) { |
| 0 | 92 fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i); |
|
41
54d28a81ca99
Small updates in preparation for stateful protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
38
diff
changeset
|
93 return -1; |
| 0 | 94 } |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
95 memcpy(d->cdtaipp, d->cdnonce + nonceoffset, 16); |
|
30
6f0e6b7dc088
Fixed build script to support multiple abis on one machine, bugfix in code, minor improvements
Ivo Smits <Ivo@UCIS.nl>
parents:
27
diff
changeset
|
96 if (debug) fprintf(stderr, "Decoded packet of %d bytes from %p to %p\n", len, enc, raw); |
| 0 | 97 return len; |
| 98 } | |
| 99 | |
| 100 static int init(struct qtsession* sess) { | |
| 101 struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data; | |
| 102 char* envval; | |
| 103 printf("Initializing cryptography...\n"); | |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
104 unsigned char cownpublickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES], cpublickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES], csecretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES]; |
| 0 | 105 if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY"); |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
106 if (strlen(envval) != 2*crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length"); |
|
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
107 hex2bin(cpublickey, envval, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES); |
|
37
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
108 if (envval = getconf("PRIVATE_KEY")) { |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
109 if (strlen(envval) != 2*crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length"); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
110 hex2bin(csecretkey, envval, crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
111 } else if (envval = getconf("PRIVATE_KEY_FILE")) { |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
112 FILE* pkfile = fopen(envval, "rb"); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
113 if (!pkfile) return errorexitp("Could not open PRIVATE_KEY_FILE"); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
114 char pktextbuf[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES * 2]; |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
115 size_t pktextsize = fread(pktextbuf, 1, sizeof(pktextbuf), pkfile); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
116 if (pktextsize == crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES) { |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
117 memcpy(csecretkey, pktextbuf, crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
118 } else if (pktextsize = 2 * crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES) { |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
119 hex2bin(csecretkey, pktextbuf, crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
120 } else { |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
121 return errorexit("PRIVATE_KEY length"); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
122 } |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
123 fclose(pkfile); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
124 } else { |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
125 return errorexit("Missing PRIVATE_KEY"); |
|
bb4bbf380938
Added option PRIVATE_KEY_FILE to read private key from file
Ivo Smits <Ivo@UCIS.nl>
parents:
32
diff
changeset
|
126 } |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
127 crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); |
| 0 | 128 |
|
24
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
129 memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); |
|
dfac56805c77
Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
Ivo Smits <Ivo@UCIS.nl>
parents:
22
diff
changeset
|
130 memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
131 memset(d->cdtaipp, 0, 16); |
| 0 | 132 |
|
19
3400045a57b8
Version 2.1.6, changed sourcecode archive generation, use NaCl version 20110221, do not duplicate NaCl sourcecode, support iproute2 for persistent tunnel creation on Debian, support running as root on Debian, removed autogenerated header files
Ivo Smits <Ivo@UCIS.nl>
parents:
11
diff
changeset
|
133 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); |
| 0 | 134 |
|
32
51c6d2fc712f
Fixes contributed by Daniel Dickinson <daniel@cshore.neomailbox.net>
Ivo Smits <Ivo@UCIS.nl>
parents:
30
diff
changeset
|
135 if (envval = getconf("TIME_WINDOW")) { |
|
44
55f379f0a650
Fixed/improved handling of timestamp in nonce in nacltai protocol
Ivo Smits <Ivo@UCIS.nl>
parents:
43
diff
changeset
|
136 taia_now_packed(d->cdtaipp, -atol(envval)); |
| 0 | 137 } else { |
| 4 | 138 fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n"); |
| 0 | 139 } |
|
43
4adbd9b67fe2
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
140 int role = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES); |
|
4adbd9b67fe2
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
141 if (envval = getconf("ROLE")) role = atoi(envval) ? 1 : -1; |
|
4adbd9b67fe2
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
142 role = (role == 0) ? 0 : ((role > 0) ? 1 : 2); |
|
4adbd9b67fe2
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
143 d->cenonce[nonceoffset-1] = role & 1; |
|
4adbd9b67fe2
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
Ivo Smits <Ivo@UCIS.nl>
parents:
41
diff
changeset
|
144 d->cdnonce[nonceoffset-1] = (role >> 1) & 1; |
|
6
cf9b44b46be5
Use stderr for output instead of stdout, added debugging code to nacltai
root <root@Really.UFO-Net.nl>
parents:
4
diff
changeset
|
145 return 0; |
| 0 | 146 } |
| 147 | |
|
27
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
148 struct qtproto qtproto_nacltai = { |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
149 1, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
150 MAX_PACKET_LEN + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
151 MAX_PACKET_LEN + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
152 crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
153 crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
154 encode, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
155 decode, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
156 init, |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
157 sizeof(struct qt_proto_data_nacltai), |
|
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
158 }; |
| 0 | 159 |
| 160 #ifndef COMBINED_BINARY | |
|
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
37
diff
changeset
|
161 int main(int argc, char** argv) { |
| 0 | 162 print_header(); |
|
38
d9f5caa13898
Added support for NetBSD, added command line parsing to provide configuration options
Ivo Smits <Ivo@UCIS.nl>
parents:
37
diff
changeset
|
163 if (qtprocessargs(argc, argv) < 0) return -1; |
|
27
5ba185ca7102
Fixed error checking during initialization, restructured code a bit to make it even simpler
Ivo Smits <Ivo@UCIS.nl>
parents:
26
diff
changeset
|
164 return qtrun(&qtproto_nacltai); |
| 0 | 165 } |
| 166 #endif |