From 61bfa596b67225282c0496a55cf3cd831d8321ec Mon Sep 17 00:00:00 2001 From: Dubslow Date: Thu, 11 Sep 2014 19:29:18 -0500 Subject: [PATCH] Add magic number, auto tests still required --- toxcore/tox.c | 2 ++ toxcore/tox.h | 4 +++ toxencryptsave/toxencryptsave.c | 53 +++++++++++++++++++++++---------- toxencryptsave/toxencryptsave.h | 7 +++++ 4 files changed, 50 insertions(+), 16 deletions(-) diff --git a/toxcore/tox.c b/toxcore/tox.c index b2aadd39..4822c2db 100644 --- a/toxcore/tox.c +++ b/toxcore/tox.c @@ -925,6 +925,8 @@ void tox_save(const Tox *tox, uint8_t *data) /* Load the messenger from data of size length. */ int tox_load(Tox *tox, const uint8_t *data, uint32_t length) { + if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) + return 1; Messenger *m = tox; return messenger_load(m, data, length); } diff --git a/toxcore/tox.h b/toxcore/tox.h index 1f251085..eea11fb4 100644 --- a/toxcore/tox.h +++ b/toxcore/tox.h @@ -42,6 +42,9 @@ extern "C" { #define TOX_ENABLE_IPV6_DEFAULT 1 +#define TOX_ENC_SAVE_MAGIC_NUMBER "toxesave" +#define TOX_ENC_SAVE_MAGIC_LENGTH 8 + /* Errors for m_addfriend * FAERR - Friend Add Error */ @@ -720,6 +723,7 @@ void tox_save(const Tox *tox, uint8_t *data); * * returns 0 on success * returns -1 on failure + * returns +1 on finding encrypted save data */ int tox_load(Tox *tox, const uint8_t *data, uint32_t length); diff --git a/toxencryptsave/toxencryptsave.c b/toxencryptsave/toxencryptsave.c index 1f5aae35..390a5e5d 100644 --- a/toxencryptsave/toxencryptsave.c +++ b/toxencryptsave/toxencryptsave.c @@ -43,7 +43,7 @@ uint32_t tox_encrypted_size(const Tox *tox) { return tox_size(tox) + crypto_box_MACBYTES + crypto_box_NONCEBYTES - + crypto_pwhash_scryptsalsa208sha256_SALTBYTES; + + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH; } /* Save the messenger data encrypted with the given password. @@ -79,27 +79,30 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 uint8_t temp_data[temp_size]; tox_save(tox, temp_data); - /* now encrypt. - * the output data consists of, in order: - * salt, nonce, mac, enc_data + /* the output data consists of, in order: + * magic number, salt, nonce, mac, enc_data * where the mac is automatically prepended by the encrypt() - * the salt+nonce is called the prefix + * the magic+salt+nonce is called the prefix * I'm not sure what else I'm supposed to do with the salt and nonce, since we * need them to decrypt the data */ - uint32_t prefix_size = crypto_box_NONCEBYTES+crypto_pwhash_scryptsalsa208sha256_SALTBYTES; + /* first add the prefix */ uint8_t nonce[crypto_box_NONCEBYTES]; random_nonce(nonce); - if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data + prefix_size) + memcpy(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH); + data += TOX_ENC_SAVE_MAGIC_LENGTH; + memcpy(data, salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); + data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; + memcpy(data, nonce, crypto_box_NONCEBYTES); + data += crypto_box_NONCEBYTES; + + /* now encrypt */ + if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data) != temp_size + crypto_box_MACBYTES) { return -1; } - - /* add the prefix */ - memcpy(data, salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); - memcpy(data + crypto_pwhash_scryptsalsa208sha256_SALTBYTES, nonce, crypto_box_NONCEBYTES); return 0; } @@ -111,16 +114,22 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 */ int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength) { - if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) + if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH) return -1; + if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0) + return -1; + data += TOX_ENC_SAVE_MAGIC_LENGTH; + uint32_t decrypt_length = length - crypto_box_MACBYTES - crypto_box_NONCEBYTES - - crypto_pwhash_scryptsalsa208sha256_SALTBYTES; + - crypto_pwhash_scryptsalsa208sha256_SALTBYTES - TOX_ENC_SAVE_MAGIC_LENGTH; uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; uint8_t nonce[crypto_box_NONCEBYTES]; memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); - memcpy(nonce, data + crypto_pwhash_scryptsalsa208sha256_SALTBYTES, crypto_box_NONCEBYTES); + data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; + memcpy(nonce, data, crypto_box_NONCEBYTES); + data += crypto_box_NONCEBYTES; /* derive the key */ uint8_t key[crypto_box_KEYBYTES]; @@ -135,11 +144,23 @@ int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t * /* decrypt the data */ uint8_t temp_data[decrypt_length]; - if (decrypt_data_symmetric(key, nonce, data+crypto_pwhash_scryptsalsa208sha256_SALTBYTES+crypto_box_NONCEBYTES, - decrypt_length + crypto_box_MACBYTES, temp_data) + if (decrypt_data_symmetric(key, nonce, data, decrypt_length + crypto_box_MACBYTES, temp_data) != decrypt_length) { return -1; } return tox_load(tox, temp_data, decrypt_length); } + +/* Determines whether or not the given data is encrypted (by checking the magic number) + * + * returns 1 if it is encrypted + * returns 0 otherwise + */ +int tox_is_data_encrypted(const uint8_t *data) +{ + if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) + return 1; + else + return 0; +} diff --git a/toxencryptsave/toxencryptsave.h b/toxencryptsave/toxencryptsave.h index c32716f8..64617b27 100644 --- a/toxencryptsave/toxencryptsave.h +++ b/toxencryptsave/toxencryptsave.h @@ -54,6 +54,13 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 */ int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength); +/* Determines whether or not the given data is encrypted (by checking the magic number) + * + * returns 1 if it is encrypted + * returns 0 otherwise + */ +int tox_is_data_encrypted(const uint8_t *data); + #ifdef __cplusplus } #endif