Mercurial > hg > quicktun
comparison src/proto.salty.c @ 55:5685fad38195
Fixed compiler warnings from clang (including small bug in private key loading)
author | Ivo Smits <Ivo@UCIS.nl> |
---|---|
date | Fri, 31 Jan 2014 22:52:46 +0100 |
parents | 15d651dec8e9 |
children | 66d9d80215f0 |
comparison
equal
deleted
inserted
replaced
54:4ff8003d0973 | 55:5685fad38195 |
---|---|
118 #include "crypto_box_curve25519xsalsa20poly1305.h" | 118 #include "crypto_box_curve25519xsalsa20poly1305.h" |
119 #include "crypto_scalarmult_curve25519.h" | 119 #include "crypto_scalarmult_curve25519.h" |
120 #include <sys/types.h> | 120 #include <sys/types.h> |
121 #include <sys/time.h> | 121 #include <sys/time.h> |
122 #include <stdbool.h> | 122 #include <stdbool.h> |
123 #include <time.h> | |
123 | 124 |
124 #define NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES | 125 #define NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES |
125 #define BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES | 126 #define BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES |
126 #define PRIVATEKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES | 127 #define PRIVATEKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES |
127 #define PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES | 128 #define PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES |
165 } | 166 } |
166 static uint32 decodeuint32(char* sb) { | 167 static uint32 decodeuint32(char* sb) { |
167 unsigned char* b = (unsigned char*)sb; | 168 unsigned char* b = (unsigned char*)sb; |
168 return (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]; | 169 return (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]; |
169 } | 170 } |
170 static void encodeuint64(char* b, uint64 v) { | 171 static void encodeuint64(unsigned char* b, uint64 v) { |
171 b[0] = (v >> 56) & 255; | 172 b[0] = (v >> 56) & 255; |
172 b[1] = (v >> 48) & 255; | 173 b[1] = (v >> 48) & 255; |
173 b[2] = (v >> 40) & 255; | 174 b[2] = (v >> 40) & 255; |
174 b[3] = (v >> 32) & 255; | 175 b[3] = (v >> 32) & 255; |
175 b[4] = (v >> 24) & 255; | 176 b[4] = (v >> 24) & 255; |
182 return ((uint64)b[0] << 56) | ((uint64)b[1] << 48) | ((uint64)b[2] << 40) | ((uint64)b[3] << 32) | ((uint64)b[4] << 24) | ((uint64)b[5] << 16) | ((uint64)b[6] << 8) | (uint64)b[7]; | 183 return ((uint64)b[0] << 56) | ((uint64)b[1] << 48) | ((uint64)b[2] << 40) | ((uint64)b[3] << 32) | ((uint64)b[4] << 24) | ((uint64)b[5] << 16) | ((uint64)b[6] << 8) | (uint64)b[7]; |
183 } | 184 } |
184 | 185 |
185 static int devurandomfd = -1; | 186 static int devurandomfd = -1; |
186 | 187 |
187 static void dumphex(unsigned char* lbl, unsigned char* buffer, int len) { | 188 static void dumphex(char* lbl, unsigned char* buffer, int len) { |
188 fprintf(stderr, "%s: ", lbl); | 189 fprintf(stderr, "%s: ", lbl); |
189 for (; len > 0; len--, buffer++) fprintf(stderr, "%02x", *buffer); | 190 for (; len > 0; len--, buffer++) fprintf(stderr, "%02x", *buffer); |
190 fprintf(stderr, "\n"); | 191 fprintf(stderr, "\n"); |
191 } | 192 } |
192 | 193 |
230 encodeuint64(nonce + 16, d->controlencodetime); | 231 encodeuint64(nonce + 16, d->controlencodetime); |
231 unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8]; | 232 unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8]; |
232 if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return; | 233 if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return; |
233 memcpy(encbuffer + 16 - 8, nonce + 16, 8); | 234 memcpy(encbuffer + 16 - 8, nonce + 16, 8); |
234 encbuffer[16 - 1 - 8] = 0x80; | 235 encbuffer[16 - 1 - 8] = 0x80; |
235 if (sess->sendnetworkpacket) sess->sendnetworkpacket(sess, encbuffer + 16 - 1 - 8, 1 + 8 + 16 + (1 + 32 + 24 + 32 + 24 + 8)); | 236 if (sess->sendnetworkpacket) sess->sendnetworkpacket(sess, (char*)encbuffer + 16 - 1 - 8, 1 + 8 + 16 + (1 + 32 + 24 + 32 + 24 + 8)); |
236 d->lastkeyupdatesent = time(NULL); | 237 d->lastkeyupdatesent = time(NULL); |
237 } | 238 } |
238 | 239 |
239 static bool beginkeyupdate(struct qtsession* sess) { | 240 static bool beginkeyupdate(struct qtsession* sess) { |
240 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; | 241 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; |
248 if (debug) dumphex("New public key", enckey->publickey, 32); | 249 if (debug) dumphex("New public key", enckey->publickey, 32); |
249 if (debug) dumphex("New base nonce", enckey->nonce, 24); | 250 if (debug) dumphex("New base nonce", enckey->nonce, 24); |
250 initdecoder(&d->datadecoders[(d->dataremotekeyid << 1) | d->datalocalkeynextid], d->dataremotekey, enckey->privatekey, d->dataremotenonce); | 251 initdecoder(&d->datadecoders[(d->dataremotekeyid << 1) | d->datalocalkeynextid], d->dataremotekey, enckey->privatekey, d->dataremotenonce); |
251 sendkeyupdate(sess, false); | 252 sendkeyupdate(sess, false); |
252 d->lastkeyupdate = time(NULL); | 253 d->lastkeyupdate = time(NULL); |
254 return true; | |
253 } | 255 } |
254 | 256 |
255 static void beginkeyupdateifnecessary(struct qtsession* sess) { | 257 static void beginkeyupdateifnecessary(struct qtsession* sess) { |
256 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; | 258 struct qt_proto_data_salty* d = (struct qt_proto_data_salty*)sess->protocol_data; |
257 time_t t = time(NULL); | 259 time_t t = time(NULL); |
268 printf("Initializing cryptography...\n"); | 270 printf("Initializing cryptography...\n"); |
269 unsigned char cpublickey[PUBLICKEYBYTES], csecretkey[PRIVATEKEYBYTES]; | 271 unsigned char cpublickey[PUBLICKEYBYTES], csecretkey[PRIVATEKEYBYTES]; |
270 if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY"); | 272 if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY"); |
271 if (strlen(envval) != 2*PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length"); | 273 if (strlen(envval) != 2*PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length"); |
272 hex2bin(cpublickey, envval, PUBLICKEYBYTES); | 274 hex2bin(cpublickey, envval, PUBLICKEYBYTES); |
273 if (envval = getconf("PRIVATE_KEY")) { | 275 if ((envval = getconf("PRIVATE_KEY"))) { |
274 if (strlen(envval) != 2 * PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length"); | 276 if (strlen(envval) != 2 * PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length"); |
275 hex2bin(csecretkey, envval, PRIVATEKEYBYTES); | 277 hex2bin(csecretkey, envval, PRIVATEKEYBYTES); |
276 } else if (envval = getconf("PRIVATE_KEY_FILE")) { | 278 } else if ((envval = getconf("PRIVATE_KEY_FILE"))) { |
277 FILE* pkfile = fopen(envval, "rb"); | 279 FILE* pkfile = fopen(envval, "rb"); |
278 if (!pkfile) return errorexitp("Could not open PRIVATE_KEY_FILE"); | 280 if (!pkfile) return errorexitp("Could not open PRIVATE_KEY_FILE"); |
279 char pktextbuf[PRIVATEKEYBYTES * 2]; | 281 char pktextbuf[PRIVATEKEYBYTES * 2]; |
280 size_t pktextsize = fread(pktextbuf, 1, sizeof(pktextbuf), pkfile); | 282 const size_t pktextsize = fread(pktextbuf, 1, sizeof(pktextbuf), pkfile); |
281 if (pktextsize == PRIVATEKEYBYTES) { | 283 if (pktextsize == PRIVATEKEYBYTES) { |
282 memcpy(csecretkey, pktextbuf, PRIVATEKEYBYTES); | 284 memcpy(csecretkey, pktextbuf, PRIVATEKEYBYTES); |
283 } else if (pktextsize = 2 * PRIVATEKEYBYTES) { | 285 } else if (pktextsize == 2 * PRIVATEKEYBYTES) { |
284 hex2bin(csecretkey, pktextbuf, PRIVATEKEYBYTES); | 286 hex2bin(csecretkey, pktextbuf, PRIVATEKEYBYTES); |
285 } else { | 287 } else { |
286 return errorexit("PRIVATE_KEY length"); | 288 return errorexit("PRIVATE_KEY length"); |
287 } | 289 } |
288 fclose(pkfile); | 290 fclose(pkfile); |
327 int i; | 329 int i; |
328 for (i = NONCEBYTES - 1; i >= 0 && ++e->nonce[i] == 0; i--) ; | 330 for (i = NONCEBYTES - 1; i >= 0 && ++e->nonce[i] == 0; i--) ; |
329 if (e->nonce[20] & 0xE0) return 0; | 331 if (e->nonce[20] & 0xE0) return 0; |
330 if (debug) dumphex("ENCODE KEY", e->sharedkey, 32); | 332 if (debug) dumphex("ENCODE KEY", e->sharedkey, 32); |
331 memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES); | 333 memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES); |
332 if (crypto_box_curve25519xsalsa20poly1305_afternm(enc, raw, len + 32, e->nonce, e->sharedkey)) return errorexit("Encryption failed"); | 334 if (crypto_box_curve25519xsalsa20poly1305_afternm((unsigned char*)enc, (unsigned char*)raw, len + 32, e->nonce, e->sharedkey)) return errorexit("Encryption failed"); |
333 enc[12] = (e->nonce[20] & 0x1F) | (0 << 7) | (d->datalocalkeyid << 6) | (d->dataremotekeyid << 5); | 335 enc[12] = (e->nonce[20] & 0x1F) | (0 << 7) | (d->datalocalkeyid << 6) | (d->dataremotekeyid << 5); |
334 enc[13] = e->nonce[21]; | 336 enc[13] = e->nonce[21]; |
335 enc[14] = e->nonce[22]; | 337 enc[14] = e->nonce[22]; |
336 enc[15] = e->nonce[23]; | 338 enc[15] = e->nonce[23]; |
337 if (debug) fprintf(stderr, "Encoded packet of %d bytes to %d bytes\n", len, len + 16 + 4); | 339 if (debug) fprintf(stderr, "Encoded packet of %d bytes to %d bytes\n", len, len + 16 + 4); |
377 dec->nonce[21] = enc[13]; | 379 dec->nonce[21] = enc[13]; |
378 dec->nonce[22] = enc[14]; | 380 dec->nonce[22] = enc[14]; |
379 dec->nonce[23] = enc[15]; | 381 dec->nonce[23] = enc[15]; |
380 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); | 382 memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES); |
381 if (debug) dumphex("DECODE KEY", dec->sharedkey, 32); | 383 if (debug) dumphex("DECODE KEY", dec->sharedkey, 32); |
382 if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len - 4 + 16, dec->nonce, dec->sharedkey)) { | 384 if (crypto_box_curve25519xsalsa20poly1305_open_afternm((unsigned char*)raw, (unsigned char*)enc, len - 4 + 16, dec->nonce, dec->sharedkey)) { |
383 fprintf(stderr, "Decryption of data packet failed len=%d\n", len); | 385 fprintf(stderr, "Decryption of data packet failed len=%d\n", len); |
384 return -1; | 386 return -1; |
385 } | 387 } |
386 dec->timestamps[ltsi] = ts; | 388 dec->timestamps[ltsi] = ts; |
387 return len - 16 - 4; | 389 return len - 16 - 4; |
400 unsigned char cnonce[NONCEBYTES]; | 402 unsigned char cnonce[NONCEBYTES]; |
401 memset(cnonce, 0, 24); | 403 memset(cnonce, 0, 24); |
402 cnonce[0] = (d->controlroles >> 1) & 1; | 404 cnonce[0] = (d->controlroles >> 1) & 1; |
403 memcpy(cnonce + 16, enc + 13, 8); | 405 memcpy(cnonce + 16, enc + 13, 8); |
404 memset(enc + 12 + 1 + 8 - 16, 0, 16); | 406 memset(enc + 12 + 1 + 8 - 16, 0, 16); |
405 if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) { | 407 if (crypto_box_curve25519xsalsa20poly1305_open_afternm((unsigned char*)raw, (unsigned char*)enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) { |
406 fprintf(stderr, "Decryption of control packet failed len=%d\n", len); | 408 fprintf(stderr, "Decryption of control packet failed len=%d\n", len); |
407 return -1; | 409 return -1; |
408 } | 410 } |
409 d->controldecodetime = ts; | 411 d->controldecodetime = ts; |
410 int dosendkeyupdate = 0; | 412 int dosendkeyupdate = 0; |