summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorirungentoo <irungentoo@gmail.com>2013-10-24 14:10:55 -0400
committerirungentoo <irungentoo@gmail.com>2013-10-24 14:10:55 -0400
commit9bef5f5bffde83d19c02c6e112fea82d587790dc (patch)
tree9f8bd73f249b38261c4c24d0ab0730003fdf6ccf
parent8e0ab68d30d9ed49e6f57e87251d8fcdecf40c93 (diff)
Adding encrypted data to send/getnode packets part 1.
-rw-r--r--toxcore/DHT.c55
-rw-r--r--toxcore/network.h1
2 files changed, 29 insertions, 27 deletions
diff --git a/toxcore/DHT.c b/toxcore/DHT.c
index bce726c8..fc7fd66f 100644
--- a/toxcore/DHT.c
+++ b/toxcore/DHT.c
@@ -630,6 +630,8 @@ static uint64_t add_gettingnodes(DHT *dht, IP_Port ip_port)
630 return 0; 630 return 0;
631} 631}
632 632
633#define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(Node_format) + crypto_secretbox_MACBYTES)
634
633/* Send a getnodes request. */ 635/* Send a getnodes request. */
634static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id) 636static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id)
635{ 637{
@@ -669,12 +671,13 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
669 return sendpacket(dht->c->lossless_udp->net, ip_port, data, sizeof(data)); 671 return sendpacket(dht->c->lossless_udp->net, ip_port, data, sizeof(data));
670} 672}
671 673
672#define NODES_ENCRYPTED_MESSAGE_LENGTH (sizeof(Node_format) + crypto_secretbox_MACBYTES)
673 674
674/* Send a send nodes response. */ 675/* Send a send nodes response. */
675/* because of BINARY compatibility, the Node_format MUST BE Node4_format, 676/* because of BINARY compatibility, the Node_format MUST BE Node4_format,
676 * IPv6 nodes are sent in a different message */ 677 * IPv6 nodes are sent in a different message
677static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id) 678 * encrypted_data must be of size NODES_ENCRYPTED_MESSAGE_LENGTH */
679static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id,
680 uint8_t *encrypted_data)
678{ 681{
679 /* Check if packet is going to be sent to ourself. */ 682 /* Check if packet is going to be sent to ourself. */
680 if (id_equal(public_key, dht->c->self_public_key)) 683 if (id_equal(public_key, dht->c->self_public_key))
@@ -682,7 +685,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
682 685
683 size_t Node4_format_size = sizeof(Node4_format); 686 size_t Node4_format_size = sizeof(Node4_format);
684 uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) 687 uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
685 + Node4_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; 688 + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
686 689
687 Node_format nodes_list[MAX_SENT_NODES]; 690 Node_format nodes_list[MAX_SENT_NODES];
688 int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET, LAN_ip(ip_port.ip) == 0); 691 int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET, LAN_ip(ip_port.ip) == 0);
@@ -690,8 +693,8 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
690 if (num_nodes == 0) 693 if (num_nodes == 0)
691 return 0; 694 return 0;
692 695
693 uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES]; 696 uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH];
694 uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; 697 uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
695 uint8_t nonce[crypto_box_NONCEBYTES]; 698 uint8_t nonce[crypto_box_NONCEBYTES];
696 new_nonce(nonce); 699 new_nonce(nonce);
697 700
@@ -722,17 +725,16 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
722 num_nodes = num_nodes_ok; 725 num_nodes = num_nodes_ok;
723 } 726 }
724 727
728 memcpy(plain + sizeof(ping_id) + num_nodes * Node4_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
725 int len = encrypt_data( public_key, 729 int len = encrypt_data( public_key,
726 dht->c->self_secret_key, 730 dht->c->self_secret_key,
727 nonce, 731 nonce,
728 plain, 732 plain,
729 sizeof(ping_id) + num_nodes * Node4_format_size, 733 sizeof(ping_id) + num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
730 encrypt ); 734 encrypt );
731 735
732 if (len == -1) 736 if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH +
733 return -1; 737 crypto_box_MACBYTES)
734
735 if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node4_format_size + crypto_box_MACBYTES)
736 return -1; 738 return -1;
737 739
738 data[0] = NET_PACKET_SEND_NODES; 740 data[0] = NET_PACKET_SEND_NODES;
@@ -744,7 +746,8 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
744} 746}
745 747
746/* Send a send nodes response: message for IPv6 nodes */ 748/* Send a send nodes response: message for IPv6 nodes */
747static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id) 749static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id,
750 uint8_t *encrypted_data)
748{ 751{
749 /* Check if packet is going to be sent to ourself. */ 752 /* Check if packet is going to be sent to ourself. */
750 if (id_equal(public_key, dht->c->self_public_key)) 753 if (id_equal(public_key, dht->c->self_public_key))
@@ -752,7 +755,7 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
752 755
753 size_t Node_format_size = sizeof(Node_format); 756 size_t Node_format_size = sizeof(Node_format);
754 uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) 757 uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
755 + Node_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; 758 + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
756 759
757 Node_format nodes_list[MAX_SENT_NODES]; 760 Node_format nodes_list[MAX_SENT_NODES];
758 int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET6, LAN_ip(ip_port.ip) == 0); 761 int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET6, LAN_ip(ip_port.ip) == 0);
@@ -760,25 +763,23 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
760 if (num_nodes == 0) 763 if (num_nodes == 0)
761 return 0; 764 return 0;
762 765
763 uint8_t plain[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES]; 766 uint8_t plain[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH];
764 uint8_t encrypt[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; 767 uint8_t encrypt[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
765 uint8_t nonce[crypto_box_NONCEBYTES]; 768 uint8_t nonce[crypto_box_NONCEBYTES];
766 new_nonce(nonce); 769 new_nonce(nonce);
767 770
768 memcpy(plain, &ping_id, sizeof(ping_id)); 771 memcpy(plain, &ping_id, sizeof(ping_id));
769 memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * Node_format_size); 772 memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * Node_format_size);
770 773 memcpy(plain + sizeof(ping_id) + num_nodes * Node_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
771 int len = encrypt_data( public_key, 774 int len = encrypt_data( public_key,
772 dht->c->self_secret_key, 775 dht->c->self_secret_key,
773 nonce, 776 nonce,
774 plain, 777 plain,
775 sizeof(ping_id) + num_nodes * Node_format_size, 778 sizeof(ping_id) + num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
776 encrypt ); 779 encrypt );
777 780
778 if (len == -1) 781 if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH +
779 return -1; 782 crypto_box_MACBYTES)
780
781 if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node_format_size + crypto_box_MACBYTES)
782 return -1; 783 return -1;
783 784
784 data[0] = NET_PACKET_SEND_NODES_IPV6; 785 data[0] = NET_PACKET_SEND_NODES_IPV6;
@@ -795,29 +796,29 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
795 uint64_t ping_id; 796 uint64_t ping_id;
796 797
797 if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES 798 if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES
798 + sizeof(ping_id) + CLIENT_ID_SIZE + crypto_box_MACBYTES )) 799 + sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES ))
799 return 1; 800 return 1;
800 801
801 /* Check if packet is from ourself. */ 802 /* Check if packet is from ourself. */
802 if (id_equal(packet + 1, dht->c->self_public_key)) 803 if (id_equal(packet + 1, dht->c->self_public_key))
803 return 1; 804 return 1;
804 805
805 uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; 806 uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH];
806 807
807 int len = decrypt_data( packet + 1, 808 int len = decrypt_data( packet + 1,
808 dht->c->self_secret_key, 809 dht->c->self_secret_key,
809 packet + 1 + CLIENT_ID_SIZE, 810 packet + 1 + CLIENT_ID_SIZE,
810 packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, 811 packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
811 sizeof(ping_id) + CLIENT_ID_SIZE + crypto_box_MACBYTES, 812 sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
812 plain ); 813 plain );
813 814
814 if (len != sizeof(ping_id) + CLIENT_ID_SIZE) 815 if (len != sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH)
815 return 1; 816 return 1;
816 817
817 memcpy(&ping_id, plain, sizeof(ping_id)); 818 memcpy(&ping_id, plain, sizeof(ping_id));
818 sendnodes(dht, source, packet + 1, plain + sizeof(ping_id), ping_id); 819 sendnodes(dht, source, packet + 1, plain + sizeof(ping_id), ping_id, plain + sizeof(ping_id) + CLIENT_ID_SIZE);
819 sendnodes_ipv6(dht, source, packet + 1, plain + sizeof(ping_id), 820 sendnodes_ipv6(dht, source, packet + 1, plain + sizeof(ping_id),
820 ping_id); /* TODO: prevent possible amplification attacks */ 821 ping_id, plain + sizeof(ping_id) + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */
821 822
822 add_toping(dht->ping, packet + 1, source); 823 add_toping(dht->ping, packet + 1, source);
823 //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */ 824 //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */
diff --git a/toxcore/network.h b/toxcore/network.h
index 0b76a574..99fc4039 100644
--- a/toxcore/network.h
+++ b/toxcore/network.h
@@ -68,6 +68,7 @@ typedef int sock_t;
68#include <sodium.h> 68#include <sodium.h>
69#else 69#else
70#include <crypto_box.h> 70#include <crypto_box.h>
71#include <crypto_secretbox.h>
71#include <randombytes.h> 72#include <randombytes.h>
72#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) 73#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
73#define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES) 74#define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES)