Mercurial > hg > quicktun
comparison src/proto.salty.c @ 43:4adbd9b67fe2
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
| author | Ivo Smits <Ivo@UCIS.nl> |
|---|---|
| date | Thu, 16 May 2013 01:35:26 +0200 |
| parents | c8d176154d7c |
| children | 671d640390f2 |
comparison
equal
deleted
inserted
replaced
| 42:c8d176154d7c | 43:4adbd9b67fe2 |
|---|---|
| 142 unsigned char nonce[NONCEBYTES]; | 142 unsigned char nonce[NONCEBYTES]; |
| 143 }; | 143 }; |
| 144 struct qt_proto_data_salty { | 144 struct qt_proto_data_salty { |
| 145 time_t lastkeyupdate, lastkeyupdatesent; | 145 time_t lastkeyupdate, lastkeyupdatesent; |
| 146 unsigned char controlkey[BEFORENMBYTES]; | 146 unsigned char controlkey[BEFORENMBYTES]; |
| 147 bool controlencoderole; | 147 int controlroles; |
| 148 uint64 controldecodetime; | 148 uint64 controldecodetime; |
| 149 uint64 controlencodetime; | 149 uint64 controlencodetime; |
| 150 struct qt_proto_data_salty_keyset* dataencoder; | 150 struct qt_proto_data_salty_keyset* dataencoder; |
| 151 struct qt_proto_data_salty_keyset datalocalkeys[2]; | 151 struct qt_proto_data_salty_keyset datalocalkeys[2]; |
| 152 int datalocalkeyid; | 152 int datalocalkeyid; |
| 224 encodeuint64(buffer + 32 + 1 + 32 + 24 + 32 + 24, d->controldecodetime); | 224 encodeuint64(buffer + 32 + 1 + 32 + 24 + 32 + 24, d->controldecodetime); |
| 225 memset(buffer, 0, 32); | 225 memset(buffer, 0, 32); |
| 226 d->controlencodetime++; | 226 d->controlencodetime++; |
| 227 unsigned char nonce[24]; | 227 unsigned char nonce[24]; |
| 228 memset(nonce, 0, 24); | 228 memset(nonce, 0, 24); |
| 229 nonce[0] = d->controlencoderole ? 1 : 0; | 229 nonce[0] = d->controlroles & 1; |
| 230 encodeuint64(nonce + 16, d->controlencodetime); | 230 encodeuint64(nonce + 16, d->controlencodetime); |
| 231 unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8]; | 231 unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8]; |
| 232 if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return; | 232 if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return; |
| 233 memcpy(encbuffer + 16 - 8, nonce + 16, 8); | 233 memcpy(encbuffer + 16 - 8, nonce + 16, 8); |
| 234 encbuffer[16 - 1 - 8] = 0x80; | 234 encbuffer[16 - 1 - 8] = 0x80; |
| 292 return errorexit("Missing PRIVATE_KEY"); | 292 return errorexit("Missing PRIVATE_KEY"); |
| 293 } | 293 } |
| 294 crypto_box_curve25519xsalsa20poly1305_beforenm(d->controlkey, cpublickey, csecretkey); | 294 crypto_box_curve25519xsalsa20poly1305_beforenm(d->controlkey, cpublickey, csecretkey); |
| 295 unsigned char cownpublickey[PUBLICKEYBYTES]; | 295 unsigned char cownpublickey[PUBLICKEYBYTES]; |
| 296 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); | 296 crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); |
| 297 d->controlencoderole = memcmp(cownpublickey, cpublickey, PUBLICKEYBYTES) > 0; | 297 int role = memcmp(cownpublickey, cpublickey, PUBLICKEYBYTES); |
| 298 d->controlroles = (role == 0) ? 0 : ((role > 0) ? 1 : 2); | |
| 298 d->controldecodetime = 0; | 299 d->controldecodetime = 0; |
| 299 d->controlencodetime = ((uint64)time(NULL)) << 8; | 300 d->controlencodetime = ((uint64)time(NULL)) << 8; |
| 300 d->datalocalkeyid = 0; | 301 d->datalocalkeyid = 0; |
| 301 d->datalocalkeynextid = -1; | 302 d->datalocalkeynextid = -1; |
| 302 d->dataremotekeyid = 0; | 303 d->dataremotekeyid = 0; |
| 397 fprintf(stderr, "Late control packet received: %llu < %llu\n", ts, d->controldecodetime); | 398 fprintf(stderr, "Late control packet received: %llu < %llu\n", ts, d->controldecodetime); |
| 398 return -1; | 399 return -1; |
| 399 } | 400 } |
| 400 unsigned char cnonce[NONCEBYTES]; | 401 unsigned char cnonce[NONCEBYTES]; |
| 401 memset(cnonce, 0, 24); | 402 memset(cnonce, 0, 24); |
| 402 cnonce[0] = d->controlencoderole ? 0 : 1; | 403 cnonce[0] = (d->controlroles >> 1) & 1; |
| 403 memcpy(cnonce + 16, enc + 13, 8); | 404 memcpy(cnonce + 16, enc + 13, 8); |
| 404 memset(enc + 12 + 1 + 8 - 16, 0, 16); | 405 memset(enc + 12 + 1 + 8 - 16, 0, 16); |
| 405 if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) { | 406 if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) { |
| 406 fprintf(stderr, "Decryption of control packet failed len=%d\n", len); | 407 fprintf(stderr, "Decryption of control packet failed len=%d\n", len); |
| 407 return -1; | 408 return -1; |