Adding encrypted data to send/getnode packets part 1.

This commit is contained in:
irungentoo 2013-10-24 14:10:55 -04:00
parent 8e0ab68d30
commit 9bef5f5bff
2 changed files with 29 additions and 27 deletions

View File

@ -630,6 +630,8 @@ static uint64_t add_gettingnodes(DHT *dht, IP_Port ip_port)
return 0; return 0;
} }
#define NODES_ENCRYPTED_MESSAGE_LENGTH (crypto_secretbox_NONCEBYTES + sizeof(Node_format) + crypto_secretbox_MACBYTES)
/* Send a getnodes request. */ /* Send a getnodes request. */
static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id) static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id)
{ {
@ -669,12 +671,13 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
return sendpacket(dht->c->lossless_udp->net, ip_port, data, sizeof(data)); return sendpacket(dht->c->lossless_udp->net, ip_port, data, sizeof(data));
} }
#define NODES_ENCRYPTED_MESSAGE_LENGTH (sizeof(Node_format) + crypto_secretbox_MACBYTES)
/* Send a send nodes response. */ /* Send a send nodes response. */
/* because of BINARY compatibility, the Node_format MUST BE Node4_format, /* because of BINARY compatibility, the Node_format MUST BE Node4_format,
* IPv6 nodes are sent in a different message */ * IPv6 nodes are sent in a different message
static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id) * encrypted_data must be of size NODES_ENCRYPTED_MESSAGE_LENGTH */
static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id,
uint8_t *encrypted_data)
{ {
/* Check if packet is going to be sent to ourself. */ /* Check if packet is going to be sent to ourself. */
if (id_equal(public_key, dht->c->self_public_key)) if (id_equal(public_key, dht->c->self_public_key))
@ -682,7 +685,7 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
size_t Node4_format_size = sizeof(Node4_format); size_t Node4_format_size = sizeof(Node4_format);
uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
+ Node4_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
Node_format nodes_list[MAX_SENT_NODES]; Node_format nodes_list[MAX_SENT_NODES];
int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET, LAN_ip(ip_port.ip) == 0); int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET, LAN_ip(ip_port.ip) == 0);
@ -690,8 +693,8 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
if (num_nodes == 0) if (num_nodes == 0)
return 0; return 0;
uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES]; uint8_t plain[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH];
uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; uint8_t encrypt[sizeof(ping_id) + Node4_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
uint8_t nonce[crypto_box_NONCEBYTES]; uint8_t nonce[crypto_box_NONCEBYTES];
new_nonce(nonce); new_nonce(nonce);
@ -722,17 +725,16 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
num_nodes = num_nodes_ok; num_nodes = num_nodes_ok;
} }
memcpy(plain + sizeof(ping_id) + num_nodes * Node4_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
int len = encrypt_data( public_key, int len = encrypt_data( public_key,
dht->c->self_secret_key, dht->c->self_secret_key,
nonce, nonce,
plain, plain,
sizeof(ping_id) + num_nodes * Node4_format_size, sizeof(ping_id) + num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
encrypt ); encrypt );
if (len == -1) if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH +
return -1; crypto_box_MACBYTES)
if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node4_format_size + crypto_box_MACBYTES)
return -1; return -1;
data[0] = NET_PACKET_SEND_NODES; data[0] = NET_PACKET_SEND_NODES;
@ -744,7 +746,8 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
} }
/* Send a send nodes response: message for IPv6 nodes */ /* Send a send nodes response: message for IPv6 nodes */
static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id) static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint64_t ping_id,
uint8_t *encrypted_data)
{ {
/* Check if packet is going to be sent to ourself. */ /* Check if packet is going to be sent to ourself. */
if (id_equal(public_key, dht->c->self_public_key)) if (id_equal(public_key, dht->c->self_public_key))
@ -752,7 +755,7 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
size_t Node_format_size = sizeof(Node_format); size_t Node_format_size = sizeof(Node_format);
uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) uint8_t data[1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
+ Node_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
Node_format nodes_list[MAX_SENT_NODES]; Node_format nodes_list[MAX_SENT_NODES];
int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET6, LAN_ip(ip_port.ip) == 0); int num_nodes = get_close_nodes(dht, client_id, nodes_list, AF_INET6, LAN_ip(ip_port.ip) == 0);
@ -760,25 +763,23 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
if (num_nodes == 0) if (num_nodes == 0)
return 0; return 0;
uint8_t plain[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES]; uint8_t plain[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH];
uint8_t encrypt[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + crypto_box_MACBYTES]; uint8_t encrypt[sizeof(ping_id) + Node_format_size * MAX_SENT_NODES + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES];
uint8_t nonce[crypto_box_NONCEBYTES]; uint8_t nonce[crypto_box_NONCEBYTES];
new_nonce(nonce); new_nonce(nonce);
memcpy(plain, &ping_id, sizeof(ping_id)); memcpy(plain, &ping_id, sizeof(ping_id));
memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * Node_format_size); memcpy(plain + sizeof(ping_id), nodes_list, num_nodes * Node_format_size);
memcpy(plain + sizeof(ping_id) + num_nodes * Node_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
int len = encrypt_data( public_key, int len = encrypt_data( public_key,
dht->c->self_secret_key, dht->c->self_secret_key,
nonce, nonce,
plain, plain,
sizeof(ping_id) + num_nodes * Node_format_size, sizeof(ping_id) + num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
encrypt ); encrypt );
if (len == -1) if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH +
return -1; crypto_box_MACBYTES)
if ((unsigned int)len != sizeof(ping_id) + num_nodes * Node_format_size + crypto_box_MACBYTES)
return -1; return -1;
data[0] = NET_PACKET_SEND_NODES_IPV6; data[0] = NET_PACKET_SEND_NODES_IPV6;
@ -795,29 +796,29 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
uint64_t ping_id; uint64_t ping_id;
if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES
+ sizeof(ping_id) + CLIENT_ID_SIZE + crypto_box_MACBYTES )) + sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES ))
return 1; return 1;
/* Check if packet is from ourself. */ /* Check if packet is from ourself. */
if (id_equal(packet + 1, dht->c->self_public_key)) if (id_equal(packet + 1, dht->c->self_public_key))
return 1; return 1;
uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH];
int len = decrypt_data( packet + 1, int len = decrypt_data( packet + 1,
dht->c->self_secret_key, dht->c->self_secret_key,
packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + CLIENT_ID_SIZE + crypto_box_MACBYTES, sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
plain ); plain );
if (len != sizeof(ping_id) + CLIENT_ID_SIZE) if (len != sizeof(ping_id) + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH)
return 1; return 1;
memcpy(&ping_id, plain, sizeof(ping_id)); memcpy(&ping_id, plain, sizeof(ping_id));
sendnodes(dht, source, packet + 1, plain + sizeof(ping_id), ping_id); sendnodes(dht, source, packet + 1, plain + sizeof(ping_id), ping_id, plain + sizeof(ping_id) + CLIENT_ID_SIZE);
sendnodes_ipv6(dht, source, packet + 1, plain + sizeof(ping_id), sendnodes_ipv6(dht, source, packet + 1, plain + sizeof(ping_id),
ping_id); /* TODO: prevent possible amplification attacks */ ping_id, plain + sizeof(ping_id) + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */
add_toping(dht->ping, packet + 1, source); add_toping(dht->ping, packet + 1, source);
//send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */ //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */

View File

@ -68,6 +68,7 @@ typedef int sock_t;
#include <sodium.h> #include <sodium.h>
#else #else
#include <crypto_box.h> #include <crypto_box.h>
#include <crypto_secretbox.h>
#include <randombytes.h> #include <randombytes.h>
#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
#define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES) #define crypto_secretbox_MACBYTES (crypto_secretbox_ZEROBYTES - crypto_secretbox_BOXZEROBYTES)