Mercurial > hg > quicktun
comparison src/proto.nacltai.c @ 52:3115f8af98bb V2.2.2
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
| author | Ivo Smits <Ivo@UCIS.nl> |
|---|---|
| date | Sun, 27 Oct 2013 23:10:43 +0100 |
| parents | 55f379f0a650 |
| children | 5685fad38195 |
comparison
equal
deleted
inserted
replaced
| 51:d83d6bb647a2 | 52:3115f8af98bb |
|---|---|
| 27 #include "crypto_box_curve25519xsalsa20poly1305.h" | 27 #include "crypto_box_curve25519xsalsa20poly1305.h" |
| 28 #include "crypto_scalarmult_curve25519.h" | 28 #include "crypto_scalarmult_curve25519.h" |
| 29 #include <sys/types.h> | 29 #include <sys/types.h> |
| 30 #include <sys/time.h> | 30 #include <sys/time.h> |
| 31 | 31 |
| 32 struct packedtaia { | |
| 33 unsigned char buffer[16]; | |
| 34 }; | |
| 35 | |
| 32 struct qt_proto_data_nacltai { | 36 struct qt_proto_data_nacltai { |
| 33 unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; | 37 unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; |
| 34 unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; | 38 unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; |
| 35 unsigned char cdtaipp[16]; | 39 struct packedtaia cdtailog[5]; |
| 36 }; | 40 }; |
| 37 | 41 |
| 38 #define noncelength 16 | 42 #define noncelength 16 |
| 39 #define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength) | 43 #define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength) |
| 40 static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; | 44 static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; |
| 80 if (len < overhead) { | 84 if (len < overhead) { |
| 81 fprintf(stderr, "Short packet received: %d\n", len); | 85 fprintf(stderr, "Short packet received: %d\n", len); |
| 82 return -1; | 86 return -1; |
| 83 } | 87 } |
| 84 len -= overhead; | 88 len -= overhead; |
| 85 if (memcmp(enc, d->cdtaipp, 16) <= 0) { | 89 struct packedtaia* tailog = &d->cdtailog[0]; |
| 90 struct packedtaia* taiold = tailog; | |
| 91 for (i = 0; i < 5; i++) { | |
| 92 if (memcmp(enc, tailog, 16) == 0) { | |
| 93 fprintf(stderr, "Duplicate timestamp received\n"); | |
| 94 return -1; | |
| 95 } | |
| 96 if (memcmp(tailog, taiold, 16) < 0) taiold = tailog; | |
| 97 tailog++; | |
| 98 } | |
| 99 if (memcmp(enc, taiold, 16) <= 0) { | |
| 86 fprintf(stderr, "Timestamp going back, ignoring packet\n"); | 100 fprintf(stderr, "Timestamp going back, ignoring packet\n"); |
| 87 return -1; | 101 return -1; |
| 88 } | 102 } |
| 89 memcpy(d->cdnonce + nonceoffset, enc, noncelength); | 103 memcpy(d->cdnonce + nonceoffset, enc, noncelength); |
| 90 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); | 104 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); |
| 91 if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cdnonce, d->cbefore)) { | 105 if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cdnonce, d->cbefore)) { |
| 92 fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i); | 106 fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i); |
| 93 return -1; | 107 return -1; |
| 94 } | 108 } |
| 95 memcpy(d->cdtaipp, d->cdnonce + nonceoffset, 16); | 109 memcpy(taiold, d->cdnonce + nonceoffset, 16); |
| 96 if (debug) fprintf(stderr, "Decoded packet of %d bytes from %p to %p\n", len, enc, raw); | 110 if (debug) fprintf(stderr, "Decoded packet of %d bytes from %p to %p\n", len, enc, raw); |
| 97 return len; | 111 return len; |
| 98 } | 112 } |
| 99 | 113 |
| 100 static int init(struct qtsession* sess) { | 114 static int init(struct qtsession* sess) { |
| 126 } | 140 } |
| 127 crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); | 141 crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); |
| 128 | 142 |
| 129 memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); | 143 memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); |
| 130 memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); | 144 memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); |
| 131 memset(d->cdtaipp, 0, 16); | 145 memset(d->cdtailog, 0, 5 * 16); |
| 132 | 146 |
| 133 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); | 147 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); |
| 134 | 148 |
| 135 if (envval = getconf("TIME_WINDOW")) { | 149 if (envval = getconf("TIME_WINDOW")) { |
| 136 taia_now_packed(d->cdtaipp, -atol(envval)); | 150 struct packedtaia* tailog = d->cdtailog; |
| 151 taia_now_packed((unsigned char*)&tailog[0], -atol(envval)); | |
| 152 tailog[4] = tailog[3] = tailog[2] = tailog[1] = tailog[0]; | |
| 137 } else { | 153 } else { |
| 138 fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n"); | 154 fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n"); |
| 139 } | 155 } |
| 140 int role = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES); | 156 int role = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES); |
| 141 if (envval = getconf("ROLE")) role = atoi(envval) ? 1 : -1; | 157 if (envval = getconf("ROLE")) role = atoi(envval) ? 1 : -1; |