diff options
| author | irungentoo <irungentoo@gmail.com> | 2014-04-30 09:24:05 -0400 |
|---|---|---|
| committer | irungentoo <irungentoo@gmail.com> | 2014-04-30 09:24:05 -0400 |
| commit | 0505df009bc01ef7db6e31ee6ea999aaa83b8bfc (patch) | |
| tree | 89eb7829e54bc14cc0c184e063c7d3c795445c6b | |
| parent | 3863e01e2207198c20bf278c107f24a8cfbf1a73 (diff) | |
Added number to cookie request/response packets to prevent possible
DoS issue.
| -rw-r--r-- | docs/Tox_middle_level_network_protocol.txt | 6 | ||||
| -rw-r--r-- | toxcore/net_crypto.c | 56 | ||||
| -rw-r--r-- | toxcore/net_crypto.h | 2 |
3 files changed, 40 insertions, 24 deletions
diff --git a/docs/Tox_middle_level_network_protocol.txt b/docs/Tox_middle_level_network_protocol.txt index 39b275d2..0382dd4e 100644 --- a/docs/Tox_middle_level_network_protocol.txt +++ b/docs/Tox_middle_level_network_protocol.txt | |||
| @@ -41,12 +41,14 @@ Detailed implementation details: | |||
| 41 | cookie request packet: | 41 | cookie request packet: |
| 42 | [uint8_t 24][Senders DHT Public key (32 bytes)][Random nonce (24 | 42 | [uint8_t 24][Senders DHT Public key (32 bytes)][Random nonce (24 |
| 43 | bytes)][Encrypted message containing: [Senders real public key (32 | 43 | bytes)][Encrypted message containing: [Senders real public key (32 |
| 44 | bytes)][Recievers real public key (32 bytes)]] | 44 | bytes)][Recievers real public key (32 bytes)][uint64_t number (must be sent back |
| 45 | untouched in cookie response)]] | ||
| 45 | Encrypted message is encrypted with sender DHT private key, recievers DHT | 46 | Encrypted message is encrypted with sender DHT private key, recievers DHT |
| 46 | public key and the nonce. | 47 | public key and the nonce. |
| 47 | 48 | ||
| 48 | cookie response packet: | 49 | cookie response packet: |
| 49 | [uint8_t 25][Random nonce (24 bytes)][Encrypted message containing: [Cookie]] | 50 | [uint8_t 25][Random nonce (24 bytes)][Encrypted message containing: |
| 51 | [Cookie][uint64_t number (that was sent in the request)]] | ||
| 50 | Encrypted message is encrypted with sender DHT private key, recievers DHT | 52 | Encrypted message is encrypted with sender DHT private key, recievers DHT |
| 51 | public key and the nonce. | 53 | public key and the nonce. |
| 52 | 54 | ||
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 81cff70a..71959c46 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
| @@ -34,8 +34,16 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection | |||
| 34 | { | 34 | { |
| 35 | return (uint32_t)crypt_connection_id >= c->crypto_connections_length; | 35 | return (uint32_t)crypt_connection_id >= c->crypto_connections_length; |
| 36 | } | 36 | } |
| 37 | #define COOKIE_REQUEST_PLAIN_LENGTH (crypto_box_PUBLICKEYBYTES * 2) | 37 | |
| 38 | /* cookie timeout in seconds */ | ||
| 39 | #define COOKIE_TIMEOUT 10 | ||
| 40 | #define COOKIE_DATA_LENGTH (crypto_box_PUBLICKEYBYTES * 2) | ||
| 41 | #define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_DATA_LENGTH) | ||
| 42 | #define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES) | ||
| 43 | |||
| 44 | #define COOKIE_REQUEST_PLAIN_LENGTH (COOKIE_DATA_LENGTH + sizeof(uint64_t)) | ||
| 38 | #define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) | 45 | #define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) |
| 46 | #define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + sizeof(uint64_t) + crypto_box_MACBYTES) | ||
| 39 | 47 | ||
| 40 | /* Create a cookie request packet and put it in packet. | 48 | /* Create a cookie request packet and put it in packet. |
| 41 | * | 49 | * |
| @@ -44,12 +52,14 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection | |||
| 44 | * return -1 on failure. | 52 | * return -1 on failure. |
| 45 | * return COOKIE_REQUEST_LENGTH on success. | 53 | * return COOKIE_REQUEST_LENGTH on success. |
| 46 | */ | 54 | */ |
| 47 | static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key) | 55 | static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key, |
| 56 | uint64_t number) | ||
| 48 | { | 57 | { |
| 49 | uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH]; | 58 | uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH]; |
| 50 | 59 | ||
| 51 | memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES); | 60 | memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
| 52 | memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES); | 61 | memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES); |
| 62 | memcpy(plain + (crypto_box_PUBLICKEYBYTES * 2), &number, sizeof(uint64_t)); | ||
| 53 | 63 | ||
| 54 | uint8_t shared_key[crypto_box_BEFORENMBYTES]; | 64 | uint8_t shared_key[crypto_box_BEFORENMBYTES]; |
| 55 | DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); | 65 | DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); |
| @@ -67,12 +77,7 @@ static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_pu | |||
| 67 | return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len); | 77 | return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len); |
| 68 | } | 78 | } |
| 69 | 79 | ||
| 70 | /* cookie timeout in seconds */ | 80 | /* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_DATA_LENGTH using encryption_key |
| 71 | #define COOKIE_TIMEOUT 10 | ||
| 72 | #define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_REQUEST_PLAIN_LENGTH) | ||
| 73 | #define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES) | ||
| 74 | |||
| 75 | /* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key | ||
| 76 | * | 81 | * |
| 77 | * return -1 on failure. | 82 | * return -1 on failure. |
| 78 | * return 0 on success. | 83 | * return 0 on success. |
| @@ -82,7 +87,7 @@ static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_ke | |||
| 82 | uint8_t contents[COOKIE_CONTENTS_LENGTH]; | 87 | uint8_t contents[COOKIE_CONTENTS_LENGTH]; |
| 83 | uint64_t temp_time = unix_time(); | 88 | uint64_t temp_time = unix_time(); |
| 84 | memcpy(contents, &temp_time, sizeof(temp_time)); | 89 | memcpy(contents, &temp_time, sizeof(temp_time)); |
| 85 | memcpy(contents + sizeof(temp_time), bytes, COOKIE_REQUEST_PLAIN_LENGTH); | 90 | memcpy(contents + sizeof(temp_time), bytes, COOKIE_DATA_LENGTH); |
| 86 | new_nonce(cookie); | 91 | new_nonce(cookie); |
| 87 | int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES); | 92 | int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES); |
| 88 | 93 | ||
| @@ -92,9 +97,7 @@ static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_ke | |||
| 92 | return 0; | 97 | return 0; |
| 93 | } | 98 | } |
| 94 | 99 | ||
| 95 | #define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + crypto_box_MACBYTES) | 100 | /* Open cookie of length COOKIE_LENGTH to bytes of length COOKIE_DATA_LENGTH using encryption_key |
| 96 | |||
| 97 | /* Open cookie of length COOKIE_LENGTH to bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key | ||
| 98 | * | 101 | * |
| 99 | * return -1 on failure. | 102 | * return -1 on failure. |
| 100 | * return 0 on success. | 103 | * return 0 on success. |
| @@ -115,7 +118,7 @@ static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key) | |||
| 115 | if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time) | 118 | if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time) |
| 116 | return -1; | 119 | return -1; |
| 117 | 120 | ||
| 118 | memcpy(bytes, contents + sizeof(cookie_time), COOKIE_REQUEST_PLAIN_LENGTH); | 121 | memcpy(bytes, contents + sizeof(cookie_time), COOKIE_DATA_LENGTH); |
| 119 | return 0; | 122 | return 0; |
| 120 | } | 123 | } |
| 121 | 124 | ||
| @@ -129,14 +132,15 @@ static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key) | |||
| 129 | */ | 132 | */ |
| 130 | static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key) | 133 | static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key) |
| 131 | { | 134 | { |
| 132 | uint8_t cookie[COOKIE_LENGTH]; | 135 | uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)]; |
| 133 | 136 | ||
| 134 | if (create_cookie(cookie, request_plain, c->secret_symmetric_key) != 0) | 137 | if (create_cookie(plain, request_plain, c->secret_symmetric_key) != 0) |
| 135 | return -1; | 138 | return -1; |
| 136 | 139 | ||
| 140 | memcpy(plain + COOKIE_LENGTH, request_plain + COOKIE_DATA_LENGTH, sizeof(uint64_t)); | ||
| 137 | packet[0] = NET_PACKET_COOKIE_RESPONSE; | 141 | packet[0] = NET_PACKET_COOKIE_RESPONSE; |
| 138 | new_nonce(packet + 1); | 142 | new_nonce(packet + 1); |
| 139 | int len = encrypt_data_symmetric(shared_key, packet + 1, cookie, sizeof(cookie), packet + 1 + crypto_box_NONCEBYTES); | 143 | int len = encrypt_data_symmetric(shared_key, packet + 1, plain, sizeof(plain), packet + 1 + crypto_box_NONCEBYTES); |
| 140 | 144 | ||
| 141 | if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES)) | 145 | if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES)) |
| 142 | return -1; | 146 | return -1; |
| @@ -198,17 +202,21 @@ static int udp_handle_cookie_request(void *object, IP_Port source, uint8_t *pack | |||
| 198 | * return -1 on failure. | 202 | * return -1 on failure. |
| 199 | * return COOKIE_LENGTH on success. | 203 | * return COOKIE_LENGTH on success. |
| 200 | */ | 204 | */ |
| 201 | static int handle_cookie_response(Net_Crypto *c, uint8_t *cookie, uint8_t *packet, uint32_t length, uint8_t *shared_key) | 205 | static int handle_cookie_response(Net_Crypto *c, uint8_t *cookie, uint64_t *number, uint8_t *packet, uint32_t length, |
| 206 | uint8_t *shared_key) | ||
| 202 | { | 207 | { |
| 203 | if (length != COOKIE_RESPONSE_LENGTH) | 208 | if (length != COOKIE_RESPONSE_LENGTH) |
| 204 | return -1; | 209 | return -1; |
| 205 | 210 | ||
| 211 | uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)]; | ||
| 206 | int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES, | 212 | int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES, |
| 207 | length - (1 + crypto_box_NONCEBYTES), cookie); | 213 | length - (1 + crypto_box_NONCEBYTES), plain); |
| 208 | 214 | ||
| 209 | if (len != COOKIE_LENGTH) | 215 | if (len != sizeof(plain)) |
| 210 | return -1; | 216 | return -1; |
| 211 | 217 | ||
| 218 | memcpy(cookie, plain, COOKIE_LENGTH); | ||
| 219 | memcpy(number, plain + COOKIE_LENGTH, sizeof(uint64_t)); | ||
| 212 | return COOKIE_LENGTH; | 220 | return COOKIE_LENGTH; |
| 213 | } | 221 | } |
| 214 | 222 | ||
| @@ -228,7 +236,7 @@ static int create_crypto_handshake(Net_Crypto *c, uint8_t *packet, uint8_t *cook | |||
| 228 | memcpy(plain, nonce, crypto_box_NONCEBYTES); | 236 | memcpy(plain, nonce, crypto_box_NONCEBYTES); |
| 229 | memcpy(plain + crypto_box_NONCEBYTES, session_pk, crypto_box_PUBLICKEYBYTES); | 237 | memcpy(plain + crypto_box_NONCEBYTES, session_pk, crypto_box_PUBLICKEYBYTES); |
| 230 | crypto_hash_sha512(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, cookie, COOKIE_LENGTH); | 238 | crypto_hash_sha512(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, cookie, COOKIE_LENGTH); |
| 231 | uint8_t cookie_plain[COOKIE_REQUEST_PLAIN_LENGTH]; | 239 | uint8_t cookie_plain[COOKIE_DATA_LENGTH]; |
| 232 | memcpy(cookie_plain, peer_real_pk, crypto_box_PUBLICKEYBYTES); | 240 | memcpy(cookie_plain, peer_real_pk, crypto_box_PUBLICKEYBYTES); |
| 233 | memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, c->self_public_key, crypto_box_PUBLICKEYBYTES); | 241 | memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
| 234 | 242 | ||
| @@ -272,7 +280,7 @@ static int handle_crypto_handshake(Net_Crypto *c, uint8_t *nonce, uint8_t *sessi | |||
| 272 | if (length != HANDSHAKE_PACKET_LENGTH) | 280 | if (length != HANDSHAKE_PACKET_LENGTH) |
| 273 | return -1; | 281 | return -1; |
| 274 | 282 | ||
| 275 | uint8_t cookie_plain[COOKIE_REQUEST_PLAIN_LENGTH]; | 283 | uint8_t cookie_plain[COOKIE_DATA_LENGTH]; |
| 276 | 284 | ||
| 277 | if (open_cookie(cookie_plain, packet + 1, c->secret_symmetric_key) != 0) | 285 | if (open_cookie(cookie_plain, packet + 1, c->secret_symmetric_key) != 0) |
| 278 | return -1; | 286 | return -1; |
| @@ -422,8 +430,12 @@ static int handle_packet_connection(Net_Crypto *c, int crypt_connection_id, uint | |||
| 422 | return -1; | 430 | return -1; |
| 423 | 431 | ||
| 424 | uint8_t cookie[COOKIE_LENGTH]; | 432 | uint8_t cookie[COOKIE_LENGTH]; |
| 433 | uint64_t number; | ||
| 434 | |||
| 435 | if (handle_cookie_response(c, cookie, &number, packet, length, conn->shared_key) != sizeof(cookie)) | ||
| 436 | return -1; | ||
| 425 | 437 | ||
| 426 | if (handle_cookie_response(c, cookie, packet, length, conn->shared_key) != sizeof(cookie)) | 438 | if (number != conn->cookie_request_number) |
| 427 | return -1; | 439 | return -1; |
| 428 | 440 | ||
| 429 | uint8_t handshake_packet[HANDSHAKE_PACKET_LENGTH]; | 441 | uint8_t handshake_packet[HANDSHAKE_PACKET_LENGTH]; |
diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index 85aeede6..8dac937e 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h | |||
| @@ -57,6 +57,8 @@ typedef struct { | |||
| 57 | uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ | 57 | uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ |
| 58 | uint64_t timeout; | 58 | uint64_t timeout; |
| 59 | 59 | ||
| 60 | uint64_t cookie_request_number; /* number used in the cookie request packets for this connection */ | ||
| 61 | |||
| 60 | uint8_t *temp_packet; /* Where the cookie request/handshake packet is stored while it is being sent. */ | 62 | uint8_t *temp_packet; /* Where the cookie request/handshake packet is stored while it is being sent. */ |
| 61 | uint16_t temp_packet_length; | 63 | uint16_t temp_packet_length; |
| 62 | uint64_t temp_packet_sent_time; /* The time at which the last temp_packet was sent in ms. */ | 64 | uint64_t temp_packet_sent_time; /* The time at which the last temp_packet was sent in ms. */ |