diff options
-rw-r--r-- | toxcore/DHT.c | 4 | ||||
-rw-r--r-- | toxcore/net_crypto.c | 24 | ||||
-rw-r--r-- | toxcore/net_crypto.h | 3 | ||||
-rw-r--r-- | toxcore/network.c | 5 | ||||
-rw-r--r-- | toxcore/network.h | 2 | ||||
-rw-r--r-- | toxcore/ping.c | 4 |
6 files changed, 29 insertions, 13 deletions
diff --git a/toxcore/DHT.c b/toxcore/DHT.c index e2d91256..a11f1aad 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c | |||
@@ -498,7 +498,7 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli | |||
498 | uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; | 498 | uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; |
499 | uint8_t encrypt[sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING]; | 499 | uint8_t encrypt[sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING]; |
500 | uint8_t nonce[crypto_box_NONCEBYTES]; | 500 | uint8_t nonce[crypto_box_NONCEBYTES]; |
501 | random_nonce(nonce); | 501 | new_nonce(nonce); |
502 | 502 | ||
503 | memcpy(plain, &ping_id, sizeof(ping_id)); | 503 | memcpy(plain, &ping_id, sizeof(ping_id)); |
504 | memcpy(plain + sizeof(ping_id), client_id, CLIENT_ID_SIZE); | 504 | memcpy(plain + sizeof(ping_id), client_id, CLIENT_ID_SIZE); |
@@ -540,7 +540,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl | |||
540 | uint8_t plain[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES]; | 540 | uint8_t plain[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES]; |
541 | uint8_t encrypt[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES + ENCRYPTION_PADDING]; | 541 | uint8_t encrypt[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES + ENCRYPTION_PADDING]; |
542 | uint8_t nonce[crypto_box_NONCEBYTES]; | 542 | uint8_t nonce[crypto_box_NONCEBYTES]; |
543 | random_nonce(nonce); | 543 | new_nonce(nonce); |
544 | 544 | ||
545 | memcpy(plain, &ping_id, sizeof(ping_id)); | 545 | memcpy(plain, &ping_id, sizeof(ping_id)); |
546 | memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * sizeof(Node_format)); | 546 | memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * sizeof(Node_format)); |
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index a182bb53..8163701e 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
@@ -145,14 +145,26 @@ static void increment_nonce(uint8_t *nonce) | |||
145 | /* Fill the given nonce with random bytes. */ | 145 | /* Fill the given nonce with random bytes. */ |
146 | void random_nonce(uint8_t *nonce) | 146 | void random_nonce(uint8_t *nonce) |
147 | { | 147 | { |
148 | uint32_t i, temp; | 148 | randombytes(nonce, crypto_box_NONCEBYTES); |
149 | } | ||
150 | |||
151 | |||
152 | static uint8_t base_nonce[crypto_box_NONCEBYTES]; | ||
153 | static uint8_t nonce_set = 0; | ||
149 | 154 | ||
150 | for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) { | 155 | /*Gives a nonce guaranteed to be different from previous ones.*/ |
151 | temp = random_int(); | 156 | void new_nonce(uint8_t *nonce) |
152 | memcpy(nonce + 4 * i, &temp, 4); | 157 | { |
158 | if (nonce_set == 0) { | ||
159 | random_nonce(base_nonce); | ||
160 | nonce_set = 1; | ||
153 | } | 161 | } |
162 | |||
163 | increment_nonce(base_nonce); | ||
164 | memcpy(nonce, base_nonce, crypto_box_NONCEBYTES); | ||
154 | } | 165 | } |
155 | 166 | ||
167 | |||
156 | /* return 0 if there is no received data in the buffer. | 168 | /* return 0 if there is no received data in the buffer. |
157 | * return -1 if the packet was discarded. | 169 | * return -1 if the packet was discarded. |
158 | * return length of received data if successful. | 170 | * return length of received data if successful. |
@@ -237,7 +249,7 @@ int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t * | |||
237 | uint8_t temp[MAX_DATA_SIZE]; | 249 | uint8_t temp[MAX_DATA_SIZE]; |
238 | memcpy(temp + 1, data, length); | 250 | memcpy(temp + 1, data, length); |
239 | temp[0] = request_id; | 251 | temp[0] = request_id; |
240 | random_nonce(nonce); | 252 | new_nonce(nonce); |
241 | int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, | 253 | int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, |
242 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); | 254 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); |
243 | 255 | ||
@@ -336,7 +348,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi | |||
336 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; | 348 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; |
337 | uint8_t nonce[crypto_box_NONCEBYTES]; | 349 | uint8_t nonce[crypto_box_NONCEBYTES]; |
338 | 350 | ||
339 | random_nonce(nonce); | 351 | new_nonce(nonce); |
340 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); | 352 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); |
341 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); | 353 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); |
342 | 354 | ||
diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index e5dfcae0..55c1e3e3 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h | |||
@@ -115,6 +115,9 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce, | |||
115 | /* Fill the given nonce with random bytes. */ | 115 | /* Fill the given nonce with random bytes. */ |
116 | void random_nonce(uint8_t *nonce); | 116 | void random_nonce(uint8_t *nonce); |
117 | 117 | ||
118 | /*Gives a nonce guaranteed to be different from previous ones.*/ | ||
119 | void new_nonce(uint8_t *nonce); | ||
120 | |||
118 | /* return 0 if there is no received data in the buffer. | 121 | /* return 0 if there is no received data in the buffer. |
119 | * return -1 if the packet was discarded. | 122 | * return -1 if the packet was discarded. |
120 | * return length of received data if successful. | 123 | * return length of received data if successful. |
diff --git a/toxcore/network.c b/toxcore/network.c index ed3dff8a..c6c4965e 100644 --- a/toxcore/network.c +++ b/toxcore/network.c | |||
@@ -49,7 +49,6 @@ uint64_t current_time(void) | |||
49 | } | 49 | } |
50 | 50 | ||
51 | /* return a random number. | 51 | /* return a random number. |
52 | * NOTE: This function should probably not be used where cryptographic randomness is absolutely necessary. | ||
53 | */ | 52 | */ |
54 | uint32_t random_int(void) | 53 | uint32_t random_int(void) |
55 | { | 54 | { |
@@ -57,7 +56,9 @@ uint32_t random_int(void) | |||
57 | /* NOTE: this function comes from libsodium. */ | 56 | /* NOTE: this function comes from libsodium. */ |
58 | return randombytes_random(); | 57 | return randombytes_random(); |
59 | #else | 58 | #else |
60 | return random(); | 59 | uint32_t randnum; |
60 | randombytes((uint8_t *)&randnum , sizeof(randnum)); | ||
61 | return randnum; | ||
61 | #endif | 62 | #endif |
62 | } | 63 | } |
63 | 64 | ||
diff --git a/toxcore/network.h b/toxcore/network.h index 98307e5b..e1f9b212 100644 --- a/toxcore/network.h +++ b/toxcore/network.h | |||
@@ -57,6 +57,7 @@ | |||
57 | #include <sodium.h> | 57 | #include <sodium.h> |
58 | #else | 58 | #else |
59 | #include <crypto_box.h> | 59 | #include <crypto_box.h> |
60 | #include <randombytes.h> | ||
60 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) | 61 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) |
61 | #endif | 62 | #endif |
62 | 63 | ||
@@ -130,7 +131,6 @@ typedef struct { | |||
130 | uint64_t current_time(void); | 131 | uint64_t current_time(void); |
131 | 132 | ||
132 | /* return a random number. | 133 | /* return a random number. |
133 | * NOTE: this function should probably not be used where cryptographic randomness is absolutely necessary. | ||
134 | */ | 134 | */ |
135 | uint32_t random_int(void); | 135 | uint32_t random_int(void); |
136 | 136 | ||
diff --git a/toxcore/ping.c b/toxcore/ping.c index 3b39d911..3a189f23 100644 --- a/toxcore/ping.c +++ b/toxcore/ping.c | |||
@@ -135,7 +135,7 @@ int send_ping_request(void *ping, Net_Crypto *c, IP_Port ipp, uint8_t *client_id | |||
135 | 135 | ||
136 | pk[0] = NET_PACKET_PING_REQUEST; | 136 | pk[0] = NET_PACKET_PING_REQUEST; |
137 | id_cpy(pk + 1, c->self_public_key); // Our pubkey | 137 | id_cpy(pk + 1, c->self_public_key); // Our pubkey |
138 | random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce | 138 | new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce |
139 | 139 | ||
140 | // Encrypt ping_id using recipient privkey | 140 | // Encrypt ping_id using recipient privkey |
141 | rc = encrypt_data(client_id, | 141 | rc = encrypt_data(client_id, |
@@ -160,7 +160,7 @@ int send_ping_response(Net_Crypto *c, IP_Port ipp, uint8_t *client_id, uint64_t | |||
160 | 160 | ||
161 | pk[0] = NET_PACKET_PING_RESPONSE; | 161 | pk[0] = NET_PACKET_PING_RESPONSE; |
162 | id_cpy(pk + 1, c->self_public_key); // Our pubkey | 162 | id_cpy(pk + 1, c->self_public_key); // Our pubkey |
163 | random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce | 163 | new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce |
164 | 164 | ||
165 | // Encrypt ping_id using recipient privkey | 165 | // Encrypt ping_id using recipient privkey |
166 | rc = encrypt_data(client_id, | 166 | rc = encrypt_data(client_id, |