Mercurial > hg > quicktun
comparison src/proto.salty.c @ 55:5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
| author | Ivo Smits <Ivo@UCIS.nl> |
|---|---|
| date | Fri, 31 Jan 2014 22:52:46 +0100 |
| parents | 15d651dec8e9 |
| children | 66d9d80215f0 |
comparison
equal
deleted
inserted
replaced
| 54:4ff8003d0973 | 55:5685fad38195 |
|---|---|
| 118 #include "crypto_box_curve25519xsalsa20poly1305.h" | 118 #include "crypto_box_curve25519xsalsa20poly1305.h" |
| 119 #include "crypto_scalarmult_curve25519.h" | 119 #include "crypto_scalarmult_curve25519.h" |
| 120 #include <sys/types.h> | 120 #include <sys/types.h> |
| 121 #include <sys/time.h> | 121 #include <sys/time.h> |
| 122 #include <stdbool.h> | 122 #include <stdbool.h> |
| 123 #include <time.h> | |
| 123 | 124 |
| 124 #define NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES | 125 #define NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES |
| 125 #define BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES | 126 #define BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES |
| 126 #define PRIVATEKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES | 127 #define PRIVATEKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES |
| 127 #define PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES | 128 #define PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES |
| 165 } | 166 } |
| 166 static uint32 decodeuint32(char* sb) { | 167 static uint32 decodeuint32(char* sb) { |
| 167 unsigned char* b = (unsigned char*)sb; | 168 unsigned char* b = (unsigned char*)sb; |
| 168 return (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]; | 169 return (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]; |
| 169 } | 170 } |
| 170 static void encodeuint64(char* b, uint64 v) { | 171 static void encodeuint64(unsigned char* b, uint64 v) { |
| 171 b[0] = (v >> 56) & 255; | 172 b[0] = (v >> 56) & 255; |
| 172 b[1] = (v >> 48) & 255; | 173 b[1] = (v >> 48) & 255; |
| 173 b[2] = (v >> 40) & 255; | 174 b[2] = (v >> 40) & 255; |
| 174 b[3] = (v >> 32) & 255; | 175 b[3] = (v >> 32) & 255; |
| 175 b[4] = (v >> 24) & 255; | 176 b[4] = (v >> 24) & 255; |
| 182 return ((uint64)b[0] << 56) | ((uint64)b[1] << 48) | ((uint64)b[2] << 40) | ((uint64)b[3] << 32) | ((uint64)b[4] << 24) | ((uint64)b[5] << 16) | ((uint64)b[6] << 8) | (uint64)b[7]; | 183 return ((uint64)b[0] << 56) | ((uint64)b[1] << 48) | ((uint64)b[2] << 40) | ((uint64)b[3] << 32) | ((uint64)b[4] << 24) | ((uint64)b[5] << 16) | ((uint64)b[6] << 8) | (uint64)b[7]; |
| 183 } | 184 } |
| 184 | 185 |
| 185 static int devurandomfd = -1; | 186 static int devurandomfd = -1; |
| 186 | 187 |
| 187 static void dumphex(unsigned char* lbl, unsigned char* buffer, int len) { | 188 static void dumphex(char* lbl, unsigned char* buffer, int len) { |
| 188 fprintf(stderr, "%s: ", lbl); | 189 fprintf(stderr, "%s: ", lbl); |
| 189 for (; len > 0; len--, buffer++) fprintf(stderr, "%02x", *buffer); | 190 for (; len > 0; len--, buffer++) fprintf(stderr, "%02x", *buffer); |
| 190 fprintf(stderr, "\n"); | 191 fprintf(stderr, "\n"); |
| 191 } | 192 } |
| 192 | 193 |
| 230 encodeuint64(nonce + 16, d->controlencodetime); | 231 encodeuint64(nonce + 16, d->controlencodetime); |
| 231 unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8]; | 232 unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8]; |
| 232 if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return; | 233 if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return; |
| 233 memcpy(encbuffer + 16 - 8, nonce + 16, 8); | 234 memcpy(encbuffer + 16 - 8, nonce + 16, 8); |
| 234 encbuffer[16 - 1 - 8] = 0x80; | 235 encbuffer[16 - 1 - 8] = 0x80; |
| 235 if (sess->sendnetworkpacket) sess->sendnetworkpacket(sess, encbuffer + 16 - 1 - 8, 1 + 8 + 16 + (1 + 32 + 24 + 32 + 24 + 8)); | 236 if (sess->sendnetworkpacket) sess->sendnetworkpacket(sess, (char*)encbuffer + 16 - 1 - 8, 1 + 8 + 16 + (1 + 32 + 24 + 32 + 24 + 8)); |
| 236 d->lastkeyupdatesent = time(NULL); | 237 d->lastkeyupdatesent = time(NULL); |
| 237 } | 238 } |
| 238 | 239 |
| 239 static bool beginkeyupdate(struct qtsession* sess) { | 240 static bool beginkeyupdate(struct qtsession* sess) { |
| 240 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; | 241 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; |
| 248 if (debug) dumphex("New public key", enckey->publickey, 32); | 249 if (debug) dumphex("New public key", enckey->publickey, 32); |
| 249 if (debug) dumphex("New base nonce", enckey->nonce, 24); | 250 if (debug) dumphex("New base nonce", enckey->nonce, 24); |
| 250 initdecoder(&d->datadecoders[(d->dataremotekeyid << 1) | d->datalocalkeynextid], d->dataremotekey, enckey->privatekey, d->dataremotenonce); | 251 initdecoder(&d->datadecoders[(d->dataremotekeyid << 1) | d->datalocalkeynextid], d->dataremotekey, enckey->privatekey, d->dataremotenonce); |
| 251 sendkeyupdate(sess, false); | 252 sendkeyupdate(sess, false); |
| 252 d->lastkeyupdate = time(NULL); | 253 d->lastkeyupdate = time(NULL); |
| 254 return true; | |
| 253 } | 255 } |
| 254 | 256 |
| 255 static void beginkeyupdateifnecessary(struct qtsession* sess) { | 257 static void beginkeyupdateifnecessary(struct qtsession* sess) { |
| 256 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; | 258 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; |
| 257 time_t t = time(NULL); | 259 time_t t = time(NULL); |
| 268 printf("Initializing cryptography...\n"); | 270 printf("Initializing cryptography...\n"); |
| 269 unsigned char cpublickey[PUBLICKEYBYTES], csecretkey[PRIVATEKEYBYTES]; | 271 unsigned char cpublickey[PUBLICKEYBYTES], csecretkey[PRIVATEKEYBYTES]; |
| 270 if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY"); | 272 if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY"); |
| 271 if (strlen(envval) != 2*PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length"); | 273 if (strlen(envval) != 2*PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length"); |
| 272 hex2bin(cpublickey, envval, PUBLICKEYBYTES); | 274 hex2bin(cpublickey, envval, PUBLICKEYBYTES); |
| 273 if (envval = getconf("PRIVATE_KEY")) { | 275 if ((envval = getconf("PRIVATE_KEY"))) { |
| 274 if (strlen(envval) != 2 * PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length"); | 276 if (strlen(envval) != 2 * PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length"); |
| 275 hex2bin(csecretkey, envval, PRIVATEKEYBYTES); | 277 hex2bin(csecretkey, envval, PRIVATEKEYBYTES); |
| 276 } else if (envval = getconf("PRIVATE_KEY_FILE")) { | 278 } else if ((envval = getconf("PRIVATE_KEY_FILE"))) { |
| 277 FILE* pkfile = fopen(envval, "rb"); | 279 FILE* pkfile = fopen(envval, "rb"); |
| 278 if (!pkfile) return errorexitp("Could not open PRIVATE_KEY_FILE"); | 280 if (!pkfile) return errorexitp("Could not open PRIVATE_KEY_FILE"); |
| 279 char pktextbuf[PRIVATEKEYBYTES * 2]; | 281 char pktextbuf[PRIVATEKEYBYTES * 2]; |
| 280 size_t pktextsize = fread(pktextbuf, 1, sizeof(pktextbuf), pkfile); | 282 const size_t pktextsize = fread(pktextbuf, 1, sizeof(pktextbuf), pkfile); |
| 281 if (pktextsize == PRIVATEKEYBYTES) { | 283 if (pktextsize == PRIVATEKEYBYTES) { |
| 282 memcpy(csecretkey, pktextbuf, PRIVATEKEYBYTES); | 284 memcpy(csecretkey, pktextbuf, PRIVATEKEYBYTES); |
| 283 } else if (pktextsize = 2 * PRIVATEKEYBYTES) { | 285 } else if (pktextsize == 2 * PRIVATEKEYBYTES) { |
| 284 hex2bin(csecretkey, pktextbuf, PRIVATEKEYBYTES); | 286 hex2bin(csecretkey, pktextbuf, PRIVATEKEYBYTES); |
| 285 } else { | 287 } else { |
| 286 return errorexit("PRIVATE_KEY length"); | 288 return errorexit("PRIVATE_KEY length"); |
| 287 } | 289 } |
| 288 fclose(pkfile); | 290 fclose(pkfile); |
| 327 int i; | 329 int i; |
| 328 for (i = NONCEBYTES - 1; i >= 0 && ++e->nonce[i] == 0; i--) ; | 330 for (i = NONCEBYTES - 1; i >= 0 && ++e->nonce[i] == 0; i--) ; |
| 329 if (e->nonce[20] & 0xE0) return 0; | 331 if (e->nonce[20] & 0xE0) return 0; |
| 330 if (debug) dumphex("ENCODE KEY", e->sharedkey, 32); | 332 if (debug) dumphex("ENCODE KEY", e->sharedkey, 32); |
| 331 memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES); | 333 memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES); |
| 332 if (crypto_box_curve25519xsalsa20poly1305_afternm(enc, raw, len + 32, e->nonce, e->sharedkey)) return errorexit("Encryption failed"); | 334 if (crypto_box_curve25519xsalsa20poly1305_afternm((unsigned char*)enc, (unsigned char*)raw, len + 32, e->nonce, e->sharedkey)) return errorexit("Encryption failed"); |
| 333 enc[12] = (e->nonce[20] & 0x1F) | (0 << 7) | (d->datalocalkeyid << 6) | (d->dataremotekeyid << 5); | 335 enc[12] = (e->nonce[20] & 0x1F) | (0 << 7) | (d->datalocalkeyid << 6) | (d->dataremotekeyid << 5); |
| 334 enc[13] = e->nonce[21]; | 336 enc[13] = e->nonce[21]; |
| 335 enc[14] = e->nonce[22]; | 337 enc[14] = e->nonce[22]; |
| 336 enc[15] = e->nonce[23]; | 338 enc[15] = e->nonce[23]; |
| 337 if (debug) fprintf(stderr, "Encoded packet of %d bytes to %d bytes\n", len, len + 16 + 4); | 339 if (debug) fprintf(stderr, "Encoded packet of %d bytes to %d bytes\n", len, len + 16 + 4); |
| 377 dec->nonce[21] = enc[13]; | 379 dec->nonce[21] = enc[13]; |
| 378 dec->nonce[22] = enc[14]; | 380 dec->nonce[22] = enc[14]; |
| 379 dec->nonce[23] = enc[15]; | 381 dec->nonce[23] = enc[15]; |
| 380 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); | 382 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); |
| 381 if (debug) dumphex("DECODE KEY", dec->sharedkey, 32); | 383 if (debug) dumphex("DECODE KEY", dec->sharedkey, 32); |
| 382 if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len - 4 + 16, dec->nonce, dec->sharedkey)) { | 384 if (crypto_box_curve25519xsalsa20poly1305_open_afternm((unsigned char*)raw, (unsigned char*)enc, len - 4 + 16, dec->nonce, dec->sharedkey)) { |
| 383 fprintf(stderr, "Decryption of data packet failed len=%d\n", len); | 385 fprintf(stderr, "Decryption of data packet failed len=%d\n", len); |
| 384 return -1; | 386 return -1; |
| 385 } | 387 } |
| 386 dec->timestamps[ltsi] = ts; | 388 dec->timestamps[ltsi] = ts; |
| 387 return len - 16 - 4; | 389 return len - 16 - 4; |
| 400 unsigned char cnonce[NONCEBYTES]; | 402 unsigned char cnonce[NONCEBYTES]; |
| 401 memset(cnonce, 0, 24); | 403 memset(cnonce, 0, 24); |
| 402 cnonce[0] = (d->controlroles >> 1) & 1; | 404 cnonce[0] = (d->controlroles >> 1) & 1; |
| 403 memcpy(cnonce + 16, enc + 13, 8); | 405 memcpy(cnonce + 16, enc + 13, 8); |
| 404 memset(enc + 12 + 1 + 8 - 16, 0, 16); | 406 memset(enc + 12 + 1 + 8 - 16, 0, 16); |
| 405 if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) { | 407 if (crypto_box_curve25519xsalsa20poly1305_open_afternm((unsigned char*)raw, (unsigned char*)enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) { |
| 406 fprintf(stderr, "Decryption of control packet failed len=%d\n", len); | 408 fprintf(stderr, "Decryption of control packet failed len=%d\n", len); |
| 407 return -1; | 409 return -1; |
| 408 } | 410 } |
| 409 d->controldecodetime = ts; | 411 d->controldecodetime = ts; |
| 410 int dosendkeyupdate = 0; | 412 int dosendkeyupdate = 0; |