Mercurial > hg > quicktun
comparison src/proto.nacltai.c @ 52:3115f8af98bb V2.2.2
Added support for libsodium, fixed bug in USE_PI compatibility mode, improved timestamp checking in nacltai protocol
author | Ivo Smits <Ivo@UCIS.nl> |
---|---|
date | Sun, 27 Oct 2013 23:10:43 +0100 |
parents | 55f379f0a650 |
children | 5685fad38195 |
comparison
equal
deleted
inserted
replaced
51:d83d6bb647a2 | 52:3115f8af98bb |
---|---|
27 #include "crypto_box_curve25519xsalsa20poly1305.h" | 27 #include "crypto_box_curve25519xsalsa20poly1305.h" |
28 #include "crypto_scalarmult_curve25519.h" | 28 #include "crypto_scalarmult_curve25519.h" |
29 #include <sys/types.h> | 29 #include <sys/types.h> |
30 #include <sys/time.h> | 30 #include <sys/time.h> |
31 | 31 |
32 struct packedtaia { | |
33 unsigned char buffer[16]; | |
34 }; | |
35 | |
32 struct qt_proto_data_nacltai { | 36 struct qt_proto_data_nacltai { |
33 unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; | 37 unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; |
34 unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; | 38 unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; |
35 unsigned char cdtaipp[16]; | 39 struct packedtaia cdtailog[5]; |
36 }; | 40 }; |
37 | 41 |
38 #define noncelength 16 | 42 #define noncelength 16 |
39 #define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength) | 43 #define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength) |
40 static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; | 44 static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; |
80 if (len < overhead) { | 84 if (len < overhead) { |
81 fprintf(stderr, "Short packet received: %d\n", len); | 85 fprintf(stderr, "Short packet received: %d\n", len); |
82 return -1; | 86 return -1; |
83 } | 87 } |
84 len -= overhead; | 88 len -= overhead; |
85 if (memcmp(enc, d->cdtaipp, 16) <= 0) { | 89 struct packedtaia* tailog = &d->cdtailog[0]; |
90 struct packedtaia* taiold = tailog; | |
91 for (i = 0; i < 5; i++) { | |
92 if (memcmp(enc, tailog, 16) == 0) { | |
93 fprintf(stderr, "Duplicate timestamp received\n"); | |
94 return -1; | |
95 } | |
96 if (memcmp(tailog, taiold, 16) < 0) taiold = tailog; | |
97 tailog++; | |
98 } | |
99 if (memcmp(enc, taiold, 16) <= 0) { | |
86 fprintf(stderr, "Timestamp going back, ignoring packet\n"); | 100 fprintf(stderr, "Timestamp going back, ignoring packet\n"); |
87 return -1; | 101 return -1; |
88 } | 102 } |
89 memcpy(d->cdnonce + nonceoffset, enc, noncelength); | 103 memcpy(d->cdnonce + nonceoffset, enc, noncelength); |
90 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); | 104 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); |
91 if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cdnonce, d->cbefore)) { | 105 if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cdnonce, d->cbefore)) { |
92 fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i); | 106 fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i); |
93 return -1; | 107 return -1; |
94 } | 108 } |
95 memcpy(d->cdtaipp, d->cdnonce + nonceoffset, 16); | 109 memcpy(taiold, d->cdnonce + nonceoffset, 16); |
96 if (debug) fprintf(stderr, "Decoded packet of %d bytes from %p to %p\n", len, enc, raw); | 110 if (debug) fprintf(stderr, "Decoded packet of %d bytes from %p to %p\n", len, enc, raw); |
97 return len; | 111 return len; |
98 } | 112 } |
99 | 113 |
100 static int init(struct qtsession* sess) { | 114 static int init(struct qtsession* sess) { |
126 } | 140 } |
127 crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); | 141 crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); |
128 | 142 |
129 memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); | 143 memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); |
130 memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); | 144 memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); |
131 memset(d->cdtaipp, 0, 16); | 145 memset(d->cdtailog, 0, 5 * 16); |
132 | 146 |
133 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); | 147 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); |
134 | 148 |
135 if (envval = getconf("TIME_WINDOW")) { | 149 if (envval = getconf("TIME_WINDOW")) { |
136 taia_now_packed(d->cdtaipp, -atol(envval)); | 150 struct packedtaia* tailog = d->cdtailog; |
151 taia_now_packed((unsigned char*)&tailog[0], -atol(envval)); | |
152 tailog[4] = tailog[3] = tailog[2] = tailog[1] = tailog[0]; | |
137 } else { | 153 } else { |
138 fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n"); | 154 fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n"); |
139 } | 155 } |
140 int role = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES); | 156 int role = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES); |
141 if (envval = getconf("ROLE")) role = atoi(envval) ? 1 : -1; | 157 if (envval = getconf("ROLE")) role = atoi(envval) ? 1 : -1; |