Mercurial > hg > quicktun

changeset 43:4adbd9b67fe2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix nonce calculation when both sides use the same key in nacltai and salty protocols
author Ivo Smits <Ivo@UCIS.nl>
date Thu, 16 May 2013 01:35:26 +0200
parents c8d176154d7c
children 55f379f0a650
files src/proto.nacltai.c src/proto.salty.c
diffstat 2 files changed, 10 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/proto.nacltai.c	Thu May 16 01:19:12 2013 +0200
+++ b/src/proto.nacltai.c	Thu May 16 01:35:26 2013 +0200
@@ -196,12 +196,11 @@
 	} else {
 		fprintf(stderr, "Warning: TIME_WINDOW not set, risking an initial replay attack\n");
 	}
-	if (envval = getconf("ROLE")) {
-		d->cenonce[nonceoffset-1] = atoi(envval) ? 1 : 0;
-	} else {
-		d->cenonce[nonceoffset-1] = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) > 0 ? 1 : 0;
-	}
-	d->cdnonce[nonceoffset-1] = d->cenonce[nonceoffset-1] ? 0 : 1;
+	int role = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES);
+	if (envval = getconf("ROLE")) role = atoi(envval) ? 1 : -1;
+	role = (role == 0) ? 0 : ((role > 0) ? 1 : 2);
+	d->cenonce[nonceoffset-1] = role & 1;
+	d->cdnonce[nonceoffset-1] = (role >> 1) & 1;
 	return 0;
 }
 
--- a/src/proto.salty.c	Thu May 16 01:19:12 2013 +0200
+++ b/src/proto.salty.c	Thu May 16 01:35:26 2013 +0200
@@ -144,7 +144,7 @@
 struct qt_proto_data_salty {
 	time_t lastkeyupdate, lastkeyupdatesent;
 	unsigned char controlkey[BEFORENMBYTES];
-	bool controlencoderole;
+	int controlroles;
 	uint64 controldecodetime;
 	uint64 controlencodetime;
 	struct qt_proto_data_salty_keyset* dataencoder;
@@ -226,7 +226,7 @@
 	d->controlencodetime++;
 	unsigned char nonce[24];
 	memset(nonce, 0, 24);
-	nonce[0] = d->controlencoderole ? 1 : 0;
+	nonce[0] = d->controlroles & 1;
 	encodeuint64(nonce + 16, d->controlencodetime);
 	unsigned char encbuffer[32 + 1 + 32 + 24 + 32 + 24 + 8];
 	if (crypto_box_curve25519xsalsa20poly1305_afternm(encbuffer, buffer, 32 + (1 + 32 + 24 + 32 + 24 + 8), nonce, d->controlkey)) return;
@@ -294,7 +294,8 @@
 	crypto_box_curve25519xsalsa20poly1305_beforenm(d->controlkey, cpublickey, csecretkey);
 	unsigned char cownpublickey[PUBLICKEYBYTES];
 	crypto_scalarmult_curve25519_base(cownpublickey, csecretkey);
-	d->controlencoderole = memcmp(cownpublickey, cpublickey, PUBLICKEYBYTES) > 0;
+	int role = memcmp(cownpublickey, cpublickey, PUBLICKEYBYTES);
+	d->controlroles = (role == 0) ? 0 : ((role > 0) ? 1 : 2);
 	d->controldecodetime = 0;
 	d->controlencodetime = ((uint64)time(NULL)) << 8;
 	d->datalocalkeyid = 0;
@@ -399,7 +400,7 @@
 		}
 		unsigned char cnonce[NONCEBYTES];
 		memset(cnonce, 0, 24);
-		cnonce[0] = d->controlencoderole ? 0 : 1;
+		cnonce[0] = (d->controlroles >> 1) & 1;
 		memcpy(cnonce + 16, enc + 13, 8);
 		memset(enc + 12 + 1 + 8 - 16, 0, 16);
 		if (crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc + 12 + 1 + 8 - 16, len - 1 - 8 + 16, cnonce, d->controlkey)) {