diff options
| author | irungentoo <irungentoo@gmail.com> | 2013-10-25 14:43:47 -0400 |
|---|---|---|
| committer | irungentoo <irungentoo@gmail.com> | 2013-10-25 14:43:47 -0400 |
| commit | b891446c31c5319182fcf98dd6e1edffef5857d6 (patch) | |
| tree | da58f896bb6c4ed384575f5e566d885b39aff236 /toxcore/net_crypto.c | |
| parent | 065495cd7c269389af7f834e568d12105589dd97 (diff) | |
For security reasons, keep memcpy's and memcmp's in crypto functions.
Diffstat (limited to 'toxcore/net_crypto.c')
| -rw-r--r-- | toxcore/net_crypto.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 7ae7c502..a9aa77f9 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
| @@ -29,7 +29,6 @@ | |||
| 29 | #endif | 29 | #endif |
| 30 | 30 | ||
| 31 | #include "net_crypto.h" | 31 | #include "net_crypto.h" |
| 32 | #include "util.h" | ||
| 33 | 32 | ||
| 34 | static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection_id) | 33 | static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection_id) |
| 35 | { | 34 | { |
| @@ -263,8 +262,8 @@ int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t * | |||
| 263 | return -1; | 262 | return -1; |
| 264 | 263 | ||
| 265 | packet[0] = NET_PACKET_CRYPTO; | 264 | packet[0] = NET_PACKET_CRYPTO; |
| 266 | id_copy(packet + 1, recv_public_key); | 265 | memcpy(packet + 1, recv_public_key, crypto_box_PUBLICKEYBYTES); |
| 267 | id_copy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key); | 266 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key, crypto_box_PUBLICKEYBYTES); |
| 268 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES); | 267 | memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES); |
| 269 | 268 | ||
| 270 | return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; | 269 | return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; |
| @@ -281,8 +280,8 @@ int handle_request(uint8_t *self_public_key, uint8_t *self_secret_key, uint8_t * | |||
| 281 | { | 280 | { |
| 282 | if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && | 281 | if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && |
| 283 | length <= MAX_DATA_SIZE) { | 282 | length <= MAX_DATA_SIZE) { |
| 284 | if (id_equal(packet + 1, self_public_key)) { | 283 | if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { |
| 285 | id_copy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES); | 284 | memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); |
| 286 | uint8_t nonce[crypto_box_NONCEBYTES]; | 285 | uint8_t nonce[crypto_box_NONCEBYTES]; |
| 287 | uint8_t temp[MAX_DATA_SIZE]; | 286 | uint8_t temp[MAX_DATA_SIZE]; |
| 288 | memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); | 287 | memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); |
| @@ -318,7 +317,7 @@ static int cryptopacket_handle(void *object, IP_Port source, uint8_t *packet, ui | |||
| 318 | length > MAX_DATA_SIZE + ENCRYPTION_PADDING) | 317 | length > MAX_DATA_SIZE + ENCRYPTION_PADDING) |
| 319 | return 1; | 318 | return 1; |
| 320 | 319 | ||
| 321 | if (id_equal(packet + 1, dht->c->self_public_key)) { // Check if request is for us. | 320 | if (memcmp(packet + 1, dht->c->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { // Check if request is for us. |
| 322 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; | 321 | uint8_t public_key[crypto_box_PUBLICKEYBYTES]; |
| 323 | uint8_t data[MAX_DATA_SIZE]; | 322 | uint8_t data[MAX_DATA_SIZE]; |
| 324 | uint8_t number; | 323 | uint8_t number; |
| @@ -356,7 +355,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi | |||
| 356 | 355 | ||
| 357 | new_nonce(nonce); | 356 | new_nonce(nonce); |
| 358 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); | 357 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); |
| 359 | id_copy(temp + crypto_box_NONCEBYTES, session_key); | 358 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); |
| 360 | 359 | ||
| 361 | int len = encrypt_data(public_key, c->self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, | 360 | int len = encrypt_data(public_key, c->self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, |
| 362 | 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); | 361 | 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); |
| @@ -365,7 +364,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi | |||
| 365 | return 0; | 364 | return 0; |
| 366 | 365 | ||
| 367 | temp_data[0] = 2; | 366 | temp_data[0] = 2; |
| 368 | id_copy(temp_data + 1, c->self_public_key); | 367 | memcpy(temp_data + 1, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
| 369 | memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); | 368 | memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); |
| 370 | return write_packet(c->lossless_udp, connection_id, temp_data, | 369 | return write_packet(c->lossless_udp, connection_id, temp_data, |
| 371 | len + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); | 370 | len + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); |
| @@ -391,7 +390,7 @@ static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *s | |||
| 391 | 390 | ||
| 392 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; | 391 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; |
| 393 | 392 | ||
| 394 | id_copy(public_key, data + 1); | 393 | memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); |
| 395 | 394 | ||
| 396 | int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES, | 395 | int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES, |
| 397 | data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, | 396 | data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, |
| @@ -401,7 +400,7 @@ static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *s | |||
| 401 | return 0; | 400 | return 0; |
| 402 | 401 | ||
| 403 | memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); | 402 | memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); |
| 404 | id_copy(session_key, temp + crypto_box_NONCEBYTES); | 403 | memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES); |
| 405 | return 1; | 404 | return 1; |
| 406 | } | 405 | } |
| 407 | 406 | ||
| @@ -414,10 +413,11 @@ static int getcryptconnection_id(Net_Crypto *c, uint8_t *public_key) | |||
| 414 | { | 413 | { |
| 415 | uint32_t i; | 414 | uint32_t i; |
| 416 | 415 | ||
| 417 | for (i = 0; i < c->crypto_connections_length; ++i) | 416 | for (i = 0; i < c->crypto_connections_length; ++i) { |
| 418 | if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION) | 417 | if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION) |
| 419 | if (id_equal(public_key, c->crypto_connections[i].public_key)) | 418 | if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) |
| 420 | return i; | 419 | return i; |
| 420 | } | ||
| 421 | 421 | ||
| 422 | return -1; | 422 | return -1; |
| 423 | } | 423 | } |
| @@ -477,7 +477,7 @@ int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port) | |||
| 477 | c->crypto_connections[i].number = id_new; | 477 | c->crypto_connections[i].number = id_new; |
| 478 | c->crypto_connections[i].status = CRYPTO_CONN_HANDSHAKE_SENT; | 478 | c->crypto_connections[i].status = CRYPTO_CONN_HANDSHAKE_SENT; |
| 479 | random_nonce(c->crypto_connections[i].recv_nonce); | 479 | random_nonce(c->crypto_connections[i].recv_nonce); |
| 480 | id_copy(c->crypto_connections[i].public_key, public_key); | 480 | memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); |
| 481 | crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); | 481 | crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); |
| 482 | c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; | 482 | c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; |
| 483 | 483 | ||
| @@ -598,9 +598,9 @@ int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key, | |||
| 598 | c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; | 598 | c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; |
| 599 | random_nonce(c->crypto_connections[i].recv_nonce); | 599 | random_nonce(c->crypto_connections[i].recv_nonce); |
| 600 | memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); | 600 | memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); |
| 601 | id_copy(c->crypto_connections[i].peersessionpublic_key, session_key); | 601 | memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); |
| 602 | increment_nonce(c->crypto_connections[i].sent_nonce); | 602 | increment_nonce(c->crypto_connections[i].sent_nonce); |
| 603 | id_copy(c->crypto_connections[i].public_key, public_key); | 603 | memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES); |
| 604 | 604 | ||
| 605 | crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); | 605 | crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); |
| 606 | 606 | ||
| @@ -652,7 +652,7 @@ void new_keys(Net_Crypto *c) | |||
| 652 | */ | 652 | */ |
| 653 | void save_keys(Net_Crypto *c, uint8_t *keys) | 653 | void save_keys(Net_Crypto *c, uint8_t *keys) |
| 654 | { | 654 | { |
| 655 | id_copy(keys, c->self_public_key); | 655 | memcpy(keys, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
| 656 | memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES); | 656 | memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES); |
| 657 | } | 657 | } |
| 658 | 658 | ||
| @@ -661,7 +661,7 @@ void save_keys(Net_Crypto *c, uint8_t *keys) | |||
| 661 | */ | 661 | */ |
| 662 | void load_keys(Net_Crypto *c, uint8_t *keys) | 662 | void load_keys(Net_Crypto *c, uint8_t *keys) |
| 663 | { | 663 | { |
| 664 | id_copy(c->self_public_key, keys); | 664 | memcpy(c->self_public_key, keys, crypto_box_PUBLICKEYBYTES); |
| 665 | memcpy(c->self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES); | 665 | memcpy(c->self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES); |
| 666 | } | 666 | } |
| 667 | 667 | ||
| @@ -686,9 +686,9 @@ static void receive_crypto(Net_Crypto *c) | |||
| 686 | len = read_packet(c->lossless_udp, c->crypto_connections[i].number, temp_data); | 686 | len = read_packet(c->lossless_udp, c->crypto_connections[i].number, temp_data); |
| 687 | 687 | ||
| 688 | if (handle_cryptohandshake(c, public_key, secret_nonce, session_key, temp_data, len)) { | 688 | if (handle_cryptohandshake(c, public_key, secret_nonce, session_key, temp_data, len)) { |
| 689 | if (id_equal(public_key, c->crypto_connections[i].public_key)) { | 689 | if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { |
| 690 | memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); | 690 | memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); |
| 691 | id_copy(c->crypto_connections[i].peersessionpublic_key, session_key); | 691 | memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); |
| 692 | increment_nonce(c->crypto_connections[i].sent_nonce); | 692 | increment_nonce(c->crypto_connections[i].sent_nonce); |
| 693 | uint32_t zero = 0; | 693 | uint32_t zero = 0; |
| 694 | encrypt_precompute(c->crypto_connections[i].peersessionpublic_key, | 694 | encrypt_precompute(c->crypto_connections[i].peersessionpublic_key, |