diff options
Diffstat (limited to 'toxcore')
-rw-r--r-- | toxcore/net_crypto.c | 56 | ||||
-rw-r--r-- | toxcore/net_crypto.h | 2 |
2 files changed, 36 insertions, 22 deletions
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 81cff70a..71959c46 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
@@ -34,8 +34,16 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection | |||
34 | { | 34 | { |
35 | return (uint32_t)crypt_connection_id >= c->crypto_connections_length; | 35 | return (uint32_t)crypt_connection_id >= c->crypto_connections_length; |
36 | } | 36 | } |
37 | #define COOKIE_REQUEST_PLAIN_LENGTH (crypto_box_PUBLICKEYBYTES * 2) | 37 | |
38 | /* cookie timeout in seconds */ | ||
39 | #define COOKIE_TIMEOUT 10 | ||
40 | #define COOKIE_DATA_LENGTH (crypto_box_PUBLICKEYBYTES * 2) | ||
41 | #define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_DATA_LENGTH) | ||
42 | #define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES) | ||
43 | |||
44 | #define COOKIE_REQUEST_PLAIN_LENGTH (COOKIE_DATA_LENGTH + sizeof(uint64_t)) | ||
38 | #define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) | 45 | #define COOKIE_REQUEST_LENGTH (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + COOKIE_REQUEST_PLAIN_LENGTH + crypto_box_MACBYTES) |
46 | #define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + sizeof(uint64_t) + crypto_box_MACBYTES) | ||
39 | 47 | ||
40 | /* Create a cookie request packet and put it in packet. | 48 | /* Create a cookie request packet and put it in packet. |
41 | * | 49 | * |
@@ -44,12 +52,14 @@ static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection | |||
44 | * return -1 on failure. | 52 | * return -1 on failure. |
45 | * return COOKIE_REQUEST_LENGTH on success. | 53 | * return COOKIE_REQUEST_LENGTH on success. |
46 | */ | 54 | */ |
47 | static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key) | 55 | static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_public_key, uint8_t *real_public_key, |
56 | uint64_t number) | ||
48 | { | 57 | { |
49 | uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH]; | 58 | uint8_t plain[COOKIE_REQUEST_PLAIN_LENGTH]; |
50 | 59 | ||
51 | memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES); | 60 | memcpy(plain, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
52 | memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES); | 61 | memcpy(plain + crypto_box_PUBLICKEYBYTES, real_public_key, crypto_box_PUBLICKEYBYTES); |
62 | memcpy(plain + (crypto_box_PUBLICKEYBYTES * 2), &number, sizeof(uint64_t)); | ||
53 | 63 | ||
54 | uint8_t shared_key[crypto_box_BEFORENMBYTES]; | 64 | uint8_t shared_key[crypto_box_BEFORENMBYTES]; |
55 | DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); | 65 | DHT_get_shared_key_sent(c->dht, shared_key, dht_public_key); |
@@ -67,12 +77,7 @@ static int create_cookie_request(Net_Crypto *c, uint8_t *packet, uint8_t *dht_pu | |||
67 | return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len); | 77 | return (1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + len); |
68 | } | 78 | } |
69 | 79 | ||
70 | /* cookie timeout in seconds */ | 80 | /* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_DATA_LENGTH using encryption_key |
71 | #define COOKIE_TIMEOUT 10 | ||
72 | #define COOKIE_CONTENTS_LENGTH (sizeof(uint64_t) + COOKIE_REQUEST_PLAIN_LENGTH) | ||
73 | #define COOKIE_LENGTH (crypto_box_NONCEBYTES + COOKIE_CONTENTS_LENGTH + crypto_box_MACBYTES) | ||
74 | |||
75 | /* Create cookie of length COOKIE_LENGTH from bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key | ||
76 | * | 81 | * |
77 | * return -1 on failure. | 82 | * return -1 on failure. |
78 | * return 0 on success. | 83 | * return 0 on success. |
@@ -82,7 +87,7 @@ static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_ke | |||
82 | uint8_t contents[COOKIE_CONTENTS_LENGTH]; | 87 | uint8_t contents[COOKIE_CONTENTS_LENGTH]; |
83 | uint64_t temp_time = unix_time(); | 88 | uint64_t temp_time = unix_time(); |
84 | memcpy(contents, &temp_time, sizeof(temp_time)); | 89 | memcpy(contents, &temp_time, sizeof(temp_time)); |
85 | memcpy(contents + sizeof(temp_time), bytes, COOKIE_REQUEST_PLAIN_LENGTH); | 90 | memcpy(contents + sizeof(temp_time), bytes, COOKIE_DATA_LENGTH); |
86 | new_nonce(cookie); | 91 | new_nonce(cookie); |
87 | int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES); | 92 | int len = encrypt_data_symmetric(encryption_key, cookie, contents, sizeof(contents), cookie + crypto_box_NONCEBYTES); |
88 | 93 | ||
@@ -92,9 +97,7 @@ static int create_cookie(uint8_t *cookie, uint8_t *bytes, uint8_t *encryption_ke | |||
92 | return 0; | 97 | return 0; |
93 | } | 98 | } |
94 | 99 | ||
95 | #define COOKIE_RESPONSE_LENGTH (1 + crypto_box_NONCEBYTES + COOKIE_LENGTH + crypto_box_MACBYTES) | 100 | /* Open cookie of length COOKIE_LENGTH to bytes of length COOKIE_DATA_LENGTH using encryption_key |
96 | |||
97 | /* Open cookie of length COOKIE_LENGTH to bytes of length COOKIE_REQUEST_PLAIN_LENGTH using encryption_key | ||
98 | * | 101 | * |
99 | * return -1 on failure. | 102 | * return -1 on failure. |
100 | * return 0 on success. | 103 | * return 0 on success. |
@@ -115,7 +118,7 @@ static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key) | |||
115 | if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time) | 118 | if (cookie_time + COOKIE_TIMEOUT < temp_time || temp_time < cookie_time) |
116 | return -1; | 119 | return -1; |
117 | 120 | ||
118 | memcpy(bytes, contents + sizeof(cookie_time), COOKIE_REQUEST_PLAIN_LENGTH); | 121 | memcpy(bytes, contents + sizeof(cookie_time), COOKIE_DATA_LENGTH); |
119 | return 0; | 122 | return 0; |
120 | } | 123 | } |
121 | 124 | ||
@@ -129,14 +132,15 @@ static int open_cookie(uint8_t *bytes, uint8_t *cookie, uint8_t *encryption_key) | |||
129 | */ | 132 | */ |
130 | static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key) | 133 | static int create_cookie_response(Net_Crypto *c, uint8_t *packet, uint8_t *request_plain, uint8_t *shared_key) |
131 | { | 134 | { |
132 | uint8_t cookie[COOKIE_LENGTH]; | 135 | uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)]; |
133 | 136 | ||
134 | if (create_cookie(cookie, request_plain, c->secret_symmetric_key) != 0) | 137 | if (create_cookie(plain, request_plain, c->secret_symmetric_key) != 0) |
135 | return -1; | 138 | return -1; |
136 | 139 | ||
140 | memcpy(plain + COOKIE_LENGTH, request_plain + COOKIE_DATA_LENGTH, sizeof(uint64_t)); | ||
137 | packet[0] = NET_PACKET_COOKIE_RESPONSE; | 141 | packet[0] = NET_PACKET_COOKIE_RESPONSE; |
138 | new_nonce(packet + 1); | 142 | new_nonce(packet + 1); |
139 | int len = encrypt_data_symmetric(shared_key, packet + 1, cookie, sizeof(cookie), packet + 1 + crypto_box_NONCEBYTES); | 143 | int len = encrypt_data_symmetric(shared_key, packet + 1, plain, sizeof(plain), packet + 1 + crypto_box_NONCEBYTES); |
140 | 144 | ||
141 | if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES)) | 145 | if (len != COOKIE_RESPONSE_LENGTH - (1 + crypto_box_NONCEBYTES)) |
142 | return -1; | 146 | return -1; |
@@ -198,17 +202,21 @@ static int udp_handle_cookie_request(void *object, IP_Port source, uint8_t *pack | |||
198 | * return -1 on failure. | 202 | * return -1 on failure. |
199 | * return COOKIE_LENGTH on success. | 203 | * return COOKIE_LENGTH on success. |
200 | */ | 204 | */ |
201 | static int handle_cookie_response(Net_Crypto *c, uint8_t *cookie, uint8_t *packet, uint32_t length, uint8_t *shared_key) | 205 | static int handle_cookie_response(Net_Crypto *c, uint8_t *cookie, uint64_t *number, uint8_t *packet, uint32_t length, |
206 | uint8_t *shared_key) | ||
202 | { | 207 | { |
203 | if (length != COOKIE_RESPONSE_LENGTH) | 208 | if (length != COOKIE_RESPONSE_LENGTH) |
204 | return -1; | 209 | return -1; |
205 | 210 | ||
211 | uint8_t plain[COOKIE_LENGTH + sizeof(uint64_t)]; | ||
206 | int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES, | 212 | int len = decrypt_data_symmetric(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES, |
207 | length - (1 + crypto_box_NONCEBYTES), cookie); | 213 | length - (1 + crypto_box_NONCEBYTES), plain); |
208 | 214 | ||
209 | if (len != COOKIE_LENGTH) | 215 | if (len != sizeof(plain)) |
210 | return -1; | 216 | return -1; |
211 | 217 | ||
218 | memcpy(cookie, plain, COOKIE_LENGTH); | ||
219 | memcpy(number, plain + COOKIE_LENGTH, sizeof(uint64_t)); | ||
212 | return COOKIE_LENGTH; | 220 | return COOKIE_LENGTH; |
213 | } | 221 | } |
214 | 222 | ||
@@ -228,7 +236,7 @@ static int create_crypto_handshake(Net_Crypto *c, uint8_t *packet, uint8_t *cook | |||
228 | memcpy(plain, nonce, crypto_box_NONCEBYTES); | 236 | memcpy(plain, nonce, crypto_box_NONCEBYTES); |
229 | memcpy(plain + crypto_box_NONCEBYTES, session_pk, crypto_box_PUBLICKEYBYTES); | 237 | memcpy(plain + crypto_box_NONCEBYTES, session_pk, crypto_box_PUBLICKEYBYTES); |
230 | crypto_hash_sha512(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, cookie, COOKIE_LENGTH); | 238 | crypto_hash_sha512(plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, cookie, COOKIE_LENGTH); |
231 | uint8_t cookie_plain[COOKIE_REQUEST_PLAIN_LENGTH]; | 239 | uint8_t cookie_plain[COOKIE_DATA_LENGTH]; |
232 | memcpy(cookie_plain, peer_real_pk, crypto_box_PUBLICKEYBYTES); | 240 | memcpy(cookie_plain, peer_real_pk, crypto_box_PUBLICKEYBYTES); |
233 | memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, c->self_public_key, crypto_box_PUBLICKEYBYTES); | 241 | memcpy(cookie_plain + crypto_box_PUBLICKEYBYTES, c->self_public_key, crypto_box_PUBLICKEYBYTES); |
234 | 242 | ||
@@ -272,7 +280,7 @@ static int handle_crypto_handshake(Net_Crypto *c, uint8_t *nonce, uint8_t *sessi | |||
272 | if (length != HANDSHAKE_PACKET_LENGTH) | 280 | if (length != HANDSHAKE_PACKET_LENGTH) |
273 | return -1; | 281 | return -1; |
274 | 282 | ||
275 | uint8_t cookie_plain[COOKIE_REQUEST_PLAIN_LENGTH]; | 283 | uint8_t cookie_plain[COOKIE_DATA_LENGTH]; |
276 | 284 | ||
277 | if (open_cookie(cookie_plain, packet + 1, c->secret_symmetric_key) != 0) | 285 | if (open_cookie(cookie_plain, packet + 1, c->secret_symmetric_key) != 0) |
278 | return -1; | 286 | return -1; |
@@ -422,8 +430,12 @@ static int handle_packet_connection(Net_Crypto *c, int crypt_connection_id, uint | |||
422 | return -1; | 430 | return -1; |
423 | 431 | ||
424 | uint8_t cookie[COOKIE_LENGTH]; | 432 | uint8_t cookie[COOKIE_LENGTH]; |
433 | uint64_t number; | ||
434 | |||
435 | if (handle_cookie_response(c, cookie, &number, packet, length, conn->shared_key) != sizeof(cookie)) | ||
436 | return -1; | ||
425 | 437 | ||
426 | if (handle_cookie_response(c, cookie, packet, length, conn->shared_key) != sizeof(cookie)) | 438 | if (number != conn->cookie_request_number) |
427 | return -1; | 439 | return -1; |
428 | 440 | ||
429 | uint8_t handshake_packet[HANDSHAKE_PACKET_LENGTH]; | 441 | uint8_t handshake_packet[HANDSHAKE_PACKET_LENGTH]; |
diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index 85aeede6..8dac937e 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h | |||
@@ -57,6 +57,8 @@ typedef struct { | |||
57 | uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ | 57 | uint16_t number; /* Lossless_UDP connection number corresponding to this connection. */ |
58 | uint64_t timeout; | 58 | uint64_t timeout; |
59 | 59 | ||
60 | uint64_t cookie_request_number; /* number used in the cookie request packets for this connection */ | ||
61 | |||
60 | uint8_t *temp_packet; /* Where the cookie request/handshake packet is stored while it is being sent. */ | 62 | uint8_t *temp_packet; /* Where the cookie request/handshake packet is stored while it is being sent. */ |
61 | uint16_t temp_packet_length; | 63 | uint16_t temp_packet_length; |
62 | uint64_t temp_packet_sent_time; /* The time at which the last temp_packet was sent in ms. */ | 64 | uint64_t temp_packet_sent_time; /* The time at which the last temp_packet was sent in ms. */ |