diff options
author | irungentoo <irungentoo@gmail.com> | 2013-10-24 14:10:55 -0400 |
---|---|---|
committer | irungentoo <irungentoo@gmail.com> | 2013-10-24 14:10:55 -0400 |
commit | 9bef5f5bffde83d19c02c6e112fea82d587790dc (patch) | |
tree | 9f8bd73f249b38261c4c24d0ab0730003fdf6ccf | |
parent | 8e0ab68d30d9ed49e6f57e87251d8fcdecf40c93 (diff) |
Adding encrypted data to send/getnode packets part 1.
-rw-r--r-- | toxcore/DHT.c | 55 | ||||
-rw-r--r-- | toxcore/network.h | 1 |
2 files changed, 29 insertions, 27 deletions
diff --git a/toxcore/DHT.c b/toxcore/DHT.c index bce726c8..fc7fd66f 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c | |||
@@ -630,6 +630,8 @@ static uint64_t add_gettingnodes(DHT *dht, IP_Port ip_port) | |||
630 | return 0; | 630 | return 0; |
631 | } | 631 | } |
632 | 632 | ||
633 | #define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(Node_format) + crypto_secretbox_MACBYTES) | ||
634 | |||
633 | /* Send a getnodes request. */ | 635 | /* Send a getnodes request. */ |
634 | static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id) | 636 | static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id) |
635 | { | 637 | { |
@@ -669,12 +671,13 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli | |||
669 | return sendpacket(dht->c->lossless_udp->net, ip_port, data, sizeof(data)); | 671 | return sendpacket(dht->c->lossless_udp->net, ip_port, data, sizeof(data)); |
670 | } | 672 | } |
671 | 673 | ||
672 | #define NODES_ENCRYPTED_MESSAGE_LENGTH (sizeof(Node_format) + crypto_secretbox_MACBYTES) | ||
673 | 674 | ||
674 | /* Send a send nodes response. */ | 675 | /* Send a send nodes response. */ |
675 | /* because of BINARY compatibility, the Node_format MUST BE Node4_format, | 676 | /* because of BINARY compatibility, the Node_format MUST BE Node4_format, |
676 | * IPv6 nodes are sent in a different message */ | 677 | * IPv6 nodes are sent in a different message |
677 | static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id) | 678 | * encrypted_data must be of size NODES_ENCRYPTED_MESSAGE_LENGTH */ |
679 | static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id, | ||
680 | uint8_t *encrypted_data) | ||
678 | { | 681 | { |
679 | /* Check if packet is going to be sent to ourself. */ | 682 | /* Check if packet is going to be sent to ourself. */ |
680 | if (id_equal(public_key, dht->c->self_public_key)) | 683 | if (id_equal(public_key, dht->c->self_public_key)) |
@@ -682,7 +685,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl | |||
682 | 685 | ||
683 | size_t Node4_format_size = sizeof(Node4_format); | 686 | size_t Node4_format_size = sizeof(Node4_format); |
684 | uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) | 687 | uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) |
685 | + Node4_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; | 688 | + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES]; |
686 | 689 | ||
687 | Node_format nodes_list[MAX_SENT_NODES]; | 690 | Node_format nodes_list[MAX_SENT_NODES]; |
688 | int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET, LAN_ip(ip_port.ip) == 0); | 691 | int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET, LAN_ip(ip_port.ip) == 0); |
@@ -690,8 +693,8 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl | |||
690 | if (num_nodes == 0) | 693 | if (num_nodes == 0) |
691 | return 0; | 694 | return 0; |
692 | 695 | ||
693 | uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES]; | 696 | uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH]; |
694 | uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; | 697 | uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES]; |
695 | uint8_t nonce[crypto_box_NONCEBYTES]; | 698 | uint8_t nonce[crypto_box_NONCEBYTES]; |
696 | new_nonce(nonce); | 699 | new_nonce(nonce); |
697 | 700 | ||
@@ -722,17 +725,16 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl | |||
722 | num_nodes = num_nodes_ok; | 725 | num_nodes = num_nodes_ok; |
723 | } | 726 | } |
724 | 727 | ||
728 | memcpy(plain + sizeof(ping_id) + num_nodes * Node4_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH); | ||
725 | int len = encrypt_data( public_key, | 729 | int len = encrypt_data( public_key, |
726 | dht->c->self_secret_key, | 730 | dht->c->self_secret_key, |
727 | nonce, | 731 | nonce, |
728 | plain, | 732 | plain, |
729 | sizeof(ping_id) + num_nodes * Node4_format_size, | 733 | sizeof(ping_id) + num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH, |
730 | encrypt ); | 734 | encrypt ); |
731 | 735 | ||
732 | if (len == -1) | 736 | if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH + |
733 | return -1; | 737 | crypto_box_MACBYTES) |
734 | |||
735 | if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node4_format_size + crypto_box_MACBYTES) | ||
736 | return -1; | 738 | return -1; |
737 | 739 | ||
738 | data[0] = NET_PACKET_SEND_NODES; | 740 | data[0] = NET_PACKET_SEND_NODES; |
@@ -744,7 +746,8 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl | |||
744 | } | 746 | } |
745 | 747 | ||
746 | /* Send a send nodes response: message for IPv6 nodes */ | 748 | /* Send a send nodes response: message for IPv6 nodes */ |
747 | static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id) | 749 | static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id, |
750 | uint8_t *encrypted_data) | ||
748 | { | 751 | { |
749 | /* Check if packet is going to be sent to ourself. */ | 752 | /* Check if packet is going to be sent to ourself. */ |
750 | if (id_equal(public_key, dht->c->self_public_key)) | 753 | if (id_equal(public_key, dht->c->self_public_key)) |
@@ -752,7 +755,7 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_ | |||
752 | 755 | ||
753 | size_t Node_format_size = sizeof(Node_format); | 756 | size_t Node_format_size = sizeof(Node_format); |
754 | uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) | 757 | uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) |
755 | + Node_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; | 758 | + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES]; |
756 | 759 | ||
757 | Node_format nodes_list[MAX_SENT_NODES]; | 760 | Node_format nodes_list[MAX_SENT_NODES]; |
758 | int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET6, LAN_ip(ip_port.ip) == 0); | 761 | int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET6, LAN_ip(ip_port.ip) == 0); |
@@ -760,25 +763,23 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_ | |||
760 | if (num_nodes == 0) | 763 | if (num_nodes == 0) |
761 | return 0; | 764 | return 0; |
762 | 765 | ||
763 | uint8_t plain[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES]; | 766 | uint8_t plain[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH]; |
764 | uint8_t encrypt[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; | 767 | uint8_t encrypt[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES]; |
765 | uint8_t nonce[crypto_box_NONCEBYTES]; | 768 | uint8_t nonce[crypto_box_NONCEBYTES]; |
766 | new_nonce(nonce); | 769 | new_nonce(nonce); |
767 | 770 | ||
768 | memcpy(plain, &ping_id, sizeof(ping_id)); | 771 | memcpy(plain, &ping_id, sizeof(ping_id)); |
769 | memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * Node_format_size); | 772 | memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * Node_format_size); |
770 | 773 | memcpy(plain + sizeof(ping_id) + num_nodes * Node_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH); | |
771 | int len = encrypt_data( public_key, | 774 | int len = encrypt_data( public_key, |
772 | dht->c->self_secret_key, | 775 | dht->c->self_secret_key, |
773 | nonce, | 776 | nonce, |
774 | plain, | 777 | plain, |
775 | sizeof(ping_id) + num_nodes * Node_format_size, | 778 | sizeof(ping_id) + num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH, |
776 | encrypt ); | 779 | encrypt ); |
777 | 780 | ||
778 | if (len == -1) | 781 | if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH + |
779 | return -1; | 782 | crypto_box_MACBYTES) |
780 | |||
781 | if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node_format_size + crypto_box_MACBYTES) | ||
782 | return -1; | 783 | return -1; |
783 | 784 | ||
784 | data[0] = NET_PACKET_SEND_NODES_IPV6; | 785 | data[0] = NET_PACKET_SEND_NODES_IPV6; |
@@ -795,29 +796,29 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32 | |||
795 | uint64_t ping_id; | 796 | uint64_t ping_id; |
796 | 797 | ||
797 | if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES | 798 | if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES |
798 | + sizeof(ping_id) + CLIENT_ID_SIZE + crypto_box_MACBYTES )) | 799 | + sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES )) |
799 | return 1; | 800 | return 1; |
800 | 801 | ||
801 | /* Check if packet is from ourself. */ | 802 | /* Check if packet is from ourself. */ |
802 | if (id_equal(packet + 1, dht->c->self_public_key)) | 803 | if (id_equal(packet + 1, dht->c->self_public_key)) |
803 | return 1; | 804 | return 1; |
804 | 805 | ||
805 | uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; | 806 | uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH]; |
806 | 807 | ||
807 | int len = decrypt_data( packet + 1, | 808 | int len = decrypt_data( packet + 1, |
808 | dht->c->self_secret_key, | 809 | dht->c->self_secret_key, |
809 | packet + 1 + CLIENT_ID_SIZE, | 810 | packet + 1 + CLIENT_ID_SIZE, |
810 | packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, | 811 | packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, |
811 | sizeof(ping_id) + CLIENT_ID_SIZE + crypto_box_MACBYTES, | 812 | sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES, |
812 | plain ); | 813 | plain ); |
813 | 814 | ||
814 | if (len != sizeof(ping_id) + CLIENT_ID_SIZE) | 815 | if (len != sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH) |
815 | return 1; | 816 | return 1; |
816 | 817 | ||
817 | memcpy(&ping_id, plain, sizeof(ping_id)); | 818 | memcpy(&ping_id, plain, sizeof(ping_id)); |
818 | sendnodes(dht, source, packet + 1, plain + sizeof(ping_id), ping_id); | 819 | sendnodes(dht, source, packet + 1, plain + sizeof(ping_id), ping_id, plain + sizeof(ping_id) + CLIENT_ID_SIZE); |
819 | sendnodes_ipv6(dht, source, packet + 1, plain + sizeof(ping_id), | 820 | sendnodes_ipv6(dht, source, packet + 1, plain + sizeof(ping_id), |
820 | ping_id); /* TODO: prevent possible amplification attacks */ | 821 | ping_id, plain + sizeof(ping_id) + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */ |
821 | 822 | ||
822 | add_toping(dht->ping, packet + 1, source); | 823 | add_toping(dht->ping, packet + 1, source); |
823 | //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */ | 824 | //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */ |
diff --git a/toxcore/network.h b/toxcore/network.h index 0b76a574..99fc4039 100644 --- a/toxcore/network.h +++ b/toxcore/network.h | |||
@@ -68,6 +68,7 @@ typedef int sock_t; | |||
68 | #include <sodium.h> | 68 | #include <sodium.h> |
69 | #else | 69 | #else |
70 | #include <crypto_box.h> | 70 | #include <crypto_box.h> |
71 | #include <crypto_secretbox.h> | ||
71 | #include <randombytes.h> | 72 | #include <randombytes.h> |
72 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) | 73 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) |
73 | #define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES) | 74 | #define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES) |