diff options
Diffstat (limited to 'toxcore')
| -rw-r--r-- | toxcore/DHT.c | 4 | ||||
| -rw-r--r-- | toxcore/net_crypto.c | 24 | ||||
| -rw-r--r-- | toxcore/net_crypto.h | 3 | ||||
| -rw-r--r-- | toxcore/network.c | 5 | ||||
| -rw-r--r-- | toxcore/network.h | 2 | ||||
| -rw-r--r-- | toxcore/ping.c | 4 |
6 files changed, 29 insertions, 13 deletions
diff --git a/toxcore/DHT.c b/toxcore/DHT.c index 0b212d5b..085f93ed 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c | |||
| @@ -527,7 +527,7 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli | |||
| 527 | uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; | 527 | uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; |
| 528 | uint8_t encrypt[sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING]; | 528 | uint8_t encrypt[sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING]; |
| 529 | uint8_t nonce[crypto_box_NONCEBYTES]; | 529 | uint8_t nonce[crypto_box_NONCEBYTES]; |
| 530 | random_nonce(nonce); | 530 | new_nonce(nonce); |
| 531 | 531 | ||
| 532 | memcpy(plain, &ping_id, sizeof(ping_id)); | 532 | memcpy(plain, &ping_id, sizeof(ping_id)); |
| 533 | memcpy(plain + sizeof(ping_id), client_id, CLIENT_ID_SIZE); | 533 | memcpy(plain + sizeof(ping_id), client_id, CLIENT_ID_SIZE); |
| @@ -572,7 +572,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl | |||
| 572 | uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES]; | 572 | uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES]; |
| 573 | uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + ENCRYPTION_PADDING]; | 573 | uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + ENCRYPTION_PADDING]; |
| 574 | uint8_t nonce[crypto_box_NONCEBYTES]; | 574 | uint8_t nonce[crypto_box_NONCEBYTES]; |
| 575 | random_nonce(nonce); | 575 | new_nonce(nonce); |
| 576 | 576 | ||
| 577 | memcpy(plain, &ping_id, sizeof(ping_id)); | 577 | memcpy(plain, &ping_id, sizeof(ping_id)); |
| 578 | #ifdef TOX_ENABLE_IPV6 | 578 | #ifdef TOX_ENABLE_IPV6 |
diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index b6f08fe4..3f866f74 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c | |||
| @@ -145,14 +145,26 @@ static void increment_nonce(uint8_t *nonce) | |||
| 145 | /* Fill the given nonce with random bytes. */ | 145 | /* Fill the given nonce with random bytes. */ |
| 146 | void random_nonce(uint8_t *nonce) | 146 | void random_nonce(uint8_t *nonce) |
| 147 | { | 147 | { |
| 148 | uint32_t i, temp; | 148 | randombytes(nonce, crypto_box_NONCEBYTES); |
| 149 | } | ||
| 150 | |||
| 151 | |||
| 152 | static uint8_t base_nonce[crypto_box_NONCEBYTES]; | ||
| 153 | static uint8_t nonce_set = 0; | ||
| 149 | 154 | ||
| 150 | for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) { | 155 | /*Gives a nonce guaranteed to be different from previous ones.*/ |
| 151 | temp = random_int(); | 156 | void new_nonce(uint8_t *nonce) |
| 152 | memcpy(nonce + 4 * i, &temp, 4); | 157 | { |
| 158 | if (nonce_set == 0) { | ||
| 159 | random_nonce(base_nonce); | ||
| 160 | nonce_set = 1; | ||
| 153 | } | 161 | } |
| 162 | |||
| 163 | increment_nonce(base_nonce); | ||
| 164 | memcpy(nonce, base_nonce, crypto_box_NONCEBYTES); | ||
| 154 | } | 165 | } |
| 155 | 166 | ||
| 167 | |||
| 156 | /* return 0 if there is no received data in the buffer. | 168 | /* return 0 if there is no received data in the buffer. |
| 157 | * return -1 if the packet was discarded. | 169 | * return -1 if the packet was discarded. |
| 158 | * return length of received data if successful. | 170 | * return length of received data if successful. |
| @@ -237,7 +249,7 @@ int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t * | |||
| 237 | uint8_t temp[MAX_DATA_SIZE]; | 249 | uint8_t temp[MAX_DATA_SIZE]; |
| 238 | memcpy(temp + 1, data, length); | 250 | memcpy(temp + 1, data, length); |
| 239 | temp[0] = request_id; | 251 | temp[0] = request_id; |
| 240 | random_nonce(nonce); | 252 | new_nonce(nonce); |
| 241 | int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, | 253 | int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, |
| 242 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); | 254 | 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); |
| 243 | 255 | ||
| @@ -336,7 +348,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi | |||
| 336 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; | 348 | uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; |
| 337 | uint8_t nonce[crypto_box_NONCEBYTES]; | 349 | uint8_t nonce[crypto_box_NONCEBYTES]; |
| 338 | 350 | ||
| 339 | random_nonce(nonce); | 351 | new_nonce(nonce); |
| 340 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); | 352 | memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); |
| 341 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); | 353 | memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); |
| 342 | 354 | ||
diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index e5dfcae0..55c1e3e3 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h | |||
| @@ -115,6 +115,9 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce, | |||
| 115 | /* Fill the given nonce with random bytes. */ | 115 | /* Fill the given nonce with random bytes. */ |
| 116 | void random_nonce(uint8_t *nonce); | 116 | void random_nonce(uint8_t *nonce); |
| 117 | 117 | ||
| 118 | /*Gives a nonce guaranteed to be different from previous ones.*/ | ||
| 119 | void new_nonce(uint8_t *nonce); | ||
| 120 | |||
| 118 | /* return 0 if there is no received data in the buffer. | 121 | /* return 0 if there is no received data in the buffer. |
| 119 | * return -1 if the packet was discarded. | 122 | * return -1 if the packet was discarded. |
| 120 | * return length of received data if successful. | 123 | * return length of received data if successful. |
diff --git a/toxcore/network.c b/toxcore/network.c index 39483b42..0baa6242 100644 --- a/toxcore/network.c +++ b/toxcore/network.c | |||
| @@ -50,7 +50,6 @@ uint64_t current_time(void) | |||
| 50 | } | 50 | } |
| 51 | 51 | ||
| 52 | /* return a random number. | 52 | /* return a random number. |
| 53 | * NOTE: This function should probably not be used where cryptographic randomness is absolutely necessary. | ||
| 54 | */ | 53 | */ |
| 55 | uint32_t random_int(void) | 54 | uint32_t random_int(void) |
| 56 | { | 55 | { |
| @@ -58,7 +57,9 @@ uint32_t random_int(void) | |||
| 58 | /* NOTE: this function comes from libsodium. */ | 57 | /* NOTE: this function comes from libsodium. */ |
| 59 | return randombytes_random(); | 58 | return randombytes_random(); |
| 60 | #else | 59 | #else |
| 61 | return random(); | 60 | uint32_t randnum; |
| 61 | randombytes((uint8_t *)&randnum , sizeof(randnum)); | ||
| 62 | return randnum; | ||
| 62 | #endif | 63 | #endif |
| 63 | } | 64 | } |
| 64 | 65 | ||
diff --git a/toxcore/network.h b/toxcore/network.h index 6d9bbfc0..7dea8c16 100644 --- a/toxcore/network.h +++ b/toxcore/network.h | |||
| @@ -62,6 +62,7 @@ typedef int sock_t; | |||
| 62 | #include <sodium.h> | 62 | #include <sodium.h> |
| 63 | #else | 63 | #else |
| 64 | #include <crypto_box.h> | 64 | #include <crypto_box.h> |
| 65 | #include <randombytes.h> | ||
| 65 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) | 66 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) |
| 66 | #endif | 67 | #endif |
| 67 | 68 | ||
| @@ -229,7 +230,6 @@ typedef struct { | |||
| 229 | uint64_t current_time(void); | 230 | uint64_t current_time(void); |
| 230 | 231 | ||
| 231 | /* return a random number. | 232 | /* return a random number. |
| 232 | * NOTE: this function should probably not be used where cryptographic randomness is absolutely necessary. | ||
| 233 | */ | 233 | */ |
| 234 | uint32_t random_int(void); | 234 | uint32_t random_int(void); |
| 235 | 235 | ||
diff --git a/toxcore/ping.c b/toxcore/ping.c index 49e0dba9..113702bf 100644 --- a/toxcore/ping.c +++ b/toxcore/ping.c | |||
| @@ -137,7 +137,7 @@ int send_ping_request(void *ping, Net_Crypto *c, IP_Port ipp, uint8_t *client_id | |||
| 137 | 137 | ||
| 138 | pk[0] = NET_PACKET_PING_REQUEST; | 138 | pk[0] = NET_PACKET_PING_REQUEST; |
| 139 | id_cpy(pk + 1, c->self_public_key); // Our pubkey | 139 | id_cpy(pk + 1, c->self_public_key); // Our pubkey |
| 140 | random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce | 140 | new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce |
| 141 | 141 | ||
| 142 | // Encrypt ping_id using recipient privkey | 142 | // Encrypt ping_id using recipient privkey |
| 143 | rc = encrypt_data(client_id, | 143 | rc = encrypt_data(client_id, |
| @@ -162,7 +162,7 @@ int send_ping_response(Net_Crypto *c, IP_Port ipp, uint8_t *client_id, uint64_t | |||
| 162 | 162 | ||
| 163 | pk[0] = NET_PACKET_PING_RESPONSE; | 163 | pk[0] = NET_PACKET_PING_RESPONSE; |
| 164 | id_cpy(pk + 1, c->self_public_key); // Our pubkey | 164 | id_cpy(pk + 1, c->self_public_key); // Our pubkey |
| 165 | random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce | 165 | new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce |
| 166 | 166 | ||
| 167 | // Encrypt ping_id using recipient privkey | 167 | // Encrypt ping_id using recipient privkey |
| 168 | rc = encrypt_data(client_id, | 168 | rc = encrypt_data(client_id, |