From 339dcd60707ea7b46f5c450569d32f852a1c0be7 Mon Sep 17 00:00:00 2001 From: irungentoo Date: Fri, 13 Sep 2013 10:42:14 -0400 Subject: [PATCH] Nonce generation changes. Nonces don't need to be random, only different. also random_int now gives same quality random numbers for both NaCl and libsodium. --- toxcore/DHT.c | 4 ++-- toxcore/net_crypto.c | 28 ++++++++++++++++++++-------- toxcore/net_crypto.h | 3 +++ toxcore/network.c | 5 +++-- toxcore/network.h | 2 +- toxcore/ping.c | 4 ++-- 6 files changed, 31 insertions(+), 15 deletions(-) diff --git a/toxcore/DHT.c b/toxcore/DHT.c index e2d91256..a11f1aad 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c @@ -498,7 +498,7 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; uint8_t encrypt[sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING]; uint8_t nonce[crypto_box_NONCEBYTES]; - random_nonce(nonce); + new_nonce(nonce); memcpy(plain, &ping_id, sizeof(ping_id)); memcpy(plain + sizeof(ping_id), client_id, CLIENT_ID_SIZE); @@ -540,7 +540,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl uint8_t plain[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES]; uint8_t encrypt[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES + ENCRYPTION_PADDING]; uint8_t nonce[crypto_box_NONCEBYTES]; - random_nonce(nonce); + new_nonce(nonce); memcpy(plain, &ping_id, sizeof(ping_id)); memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * sizeof(Node_format)); diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index a182bb53..8163701e 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c @@ -145,14 +145,26 @@ static void increment_nonce(uint8_t *nonce) /* Fill the given nonce with random bytes. */ void random_nonce(uint8_t *nonce) { - uint32_t i, temp; - - for (i = 0; i < crypto_box_NONCEBYTES / 4; ++i) { - temp = random_int(); - memcpy(nonce + 4 * i, &temp, 4); - } + randombytes(nonce, crypto_box_NONCEBYTES); } + +static uint8_t base_nonce[crypto_box_NONCEBYTES]; +static uint8_t nonce_set = 0; + +/*Gives a nonce guaranteed to be different from previous ones.*/ +void new_nonce(uint8_t *nonce) +{ + if (nonce_set == 0) { + random_nonce(base_nonce); + nonce_set = 1; + } + + increment_nonce(base_nonce); + memcpy(nonce, base_nonce, crypto_box_NONCEBYTES); +} + + /* return 0 if there is no received data in the buffer. * return -1 if the packet was discarded. * return length of received data if successful. @@ -237,7 +249,7 @@ int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t * uint8_t temp[MAX_DATA_SIZE]; memcpy(temp + 1, data, length); temp[0] = request_id; - random_nonce(nonce); + new_nonce(nonce); int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); @@ -336,7 +348,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; uint8_t nonce[crypto_box_NONCEBYTES]; - random_nonce(nonce); + new_nonce(nonce); memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES); diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index e5dfcae0..55c1e3e3 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h @@ -115,6 +115,9 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce, /* Fill the given nonce with random bytes. */ void random_nonce(uint8_t *nonce); +/*Gives a nonce guaranteed to be different from previous ones.*/ +void new_nonce(uint8_t *nonce); + /* return 0 if there is no received data in the buffer. * return -1 if the packet was discarded. * return length of received data if successful. diff --git a/toxcore/network.c b/toxcore/network.c index ed3dff8a..c6c4965e 100644 --- a/toxcore/network.c +++ b/toxcore/network.c @@ -49,7 +49,6 @@ uint64_t current_time(void) } /* return a random number. - * NOTE: This function should probably not be used where cryptographic randomness is absolutely necessary. */ uint32_t random_int(void) { @@ -57,7 +56,9 @@ uint32_t random_int(void) /* NOTE: this function comes from libsodium. */ return randombytes_random(); #else - return random(); + uint32_t randnum; + randombytes((uint8_t *)&randnum , sizeof(randnum)); + return randnum; #endif } diff --git a/toxcore/network.h b/toxcore/network.h index 98307e5b..e1f9b212 100644 --- a/toxcore/network.h +++ b/toxcore/network.h @@ -57,6 +57,7 @@ #include #else #include +#include #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) #endif @@ -130,7 +131,6 @@ typedef struct { uint64_t current_time(void); /* return a random number. - * NOTE: this function should probably not be used where cryptographic randomness is absolutely necessary. */ uint32_t random_int(void); diff --git a/toxcore/ping.c b/toxcore/ping.c index 3b39d911..3a189f23 100644 --- a/toxcore/ping.c +++ b/toxcore/ping.c @@ -135,7 +135,7 @@ int send_ping_request(void *ping, Net_Crypto *c, IP_Port ipp, uint8_t *client_id pk[0] = NET_PACKET_PING_REQUEST; id_cpy(pk + 1, c->self_public_key); // Our pubkey - random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce + new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce // Encrypt ping_id using recipient privkey rc = encrypt_data(client_id, @@ -160,7 +160,7 @@ int send_ping_response(Net_Crypto *c, IP_Port ipp, uint8_t *client_id, uint64_t pk[0] = NET_PACKET_PING_RESPONSE; id_cpy(pk + 1, c->self_public_key); // Our pubkey - random_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate random nonce + new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce // Encrypt ping_id using recipient privkey rc = encrypt_data(client_id,