diff options
author | irungentoo <irungentoo@gmail.com> | 2013-08-01 11:22:56 -0400 |
---|---|---|
committer | irungentoo <irungentoo@gmail.com> | 2013-08-01 11:22:56 -0400 |
commit | 7a08681af57254b9d6831de8321956f09b77b9fa (patch) | |
tree | 64a1455377601bac1257b8fe05c4a9318e4e031a /core/net_crypto.c | |
parent | 6244af0512ebdc2f858ce62f95f32036a51723fe (diff) |
Fixed possible issues with the crypto reported by an anonymous person.
Diffstat (limited to 'core/net_crypto.c')
-rw-r--r-- | core/net_crypto.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/core/net_crypto.c b/core/net_crypto.c index a437c5ee..2cc6f06e 100644 --- a/core/net_crypto.c +++ b/core/net_crypto.c | |||
@@ -65,15 +65,18 @@ int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, | |||
65 | 65 | ||
66 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; | 66 | uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES] = {0}; |
67 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; | 67 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES]; |
68 | uint8_t zeroes[crypto_box_BOXZEROBYTES] = {0}; | ||
69 | 68 | ||
70 | memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */ | 69 | memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */ |
71 | 70 | ||
72 | crypto_box(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, public_key, secret_key); | 71 | crypto_box(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, public_key, secret_key); |
73 | 72 | ||
74 | /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero */ | 73 | /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero |
75 | if (memcmp(temp_encrypted, zeroes, crypto_box_BOXZEROBYTES) != 0) | 74 | apparently memcmp should not be used so we do this instead:*/ |
76 | return -1; | 75 | uint32_t i; |
76 | for(i = 0; i < crypto_box_BOXZEROBYTES; ++i) { | ||
77 | if (temp_encrypted[i] != 0) | ||
78 | return -1; | ||
79 | } | ||
77 | 80 | ||
78 | /* unpad the encrypted message */ | 81 | /* unpad the encrypted message */ |
79 | memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); | 82 | memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); |
@@ -92,7 +95,6 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, | |||
92 | 95 | ||
93 | uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; | 96 | uint8_t temp_plain[MAX_DATA_SIZE - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES]; |
94 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; | 97 | uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0}; |
95 | uint8_t zeroes[crypto_box_ZEROBYTES] = {0}; | ||
96 | 98 | ||
97 | memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */ | 99 | memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */ |
98 | 100 | ||
@@ -100,9 +102,13 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce, | |||
100 | nonce, public_key, secret_key) == -1) | 102 | nonce, public_key, secret_key) == -1) |
101 | return -1; | 103 | return -1; |
102 | 104 | ||
103 | /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero */ | 105 | /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero |
104 | if (memcmp(temp_plain, zeroes, crypto_box_ZEROBYTES) != 0) | 106 | apparently memcmp should not be used so we do this instead:*/ |
105 | return -1; | 107 | uint32_t i; |
108 | for(i = 0; i < crypto_box_ZEROBYTES; ++i) { | ||
109 | if (temp_plain[i] != 0) | ||
110 | return -1; | ||
111 | } | ||
106 | 112 | ||
107 | /* unpad the plain message */ | 113 | /* unpad the plain message */ |
108 | memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES); | 114 | memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES); |
@@ -365,6 +371,7 @@ int crypto_kill(int crypt_connection_id) | |||
365 | if (crypto_connections[crypt_connection_id].status != 0) { | 371 | if (crypto_connections[crypt_connection_id].status != 0) { |
366 | crypto_connections[crypt_connection_id].status = 0; | 372 | crypto_connections[crypt_connection_id].status = 0; |
367 | kill_connection(crypto_connections[crypt_connection_id].number); | 373 | kill_connection(crypto_connections[crypt_connection_id].number); |
374 | memset(&crypto_connections[crypt_connection_id], 0 ,sizeof(Crypto_Connection)); | ||
368 | crypto_connections[crypt_connection_id].number = ~0; | 375 | crypto_connections[crypt_connection_id].number = ~0; |
369 | return 0; | 376 | return 0; |
370 | } | 377 | } |