StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

For security reasons, keep memcpy's and memcmp's in crypto functions.

Browse Source
This commit is contained in:
irungentoo 2013-10-25 14:43:47 -04:00
parent 065495cd7c
commit b891446c31
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
toxcore/net_crypto.c
View File

@ -29,7 +29,6 @@
#endif #endif
#include "net_crypto.h" #include "net_crypto.h"
#include "util.h"
static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection_id) static uint8_t crypt_connection_id_not_valid(Net_Crypto *c, int crypt_connection_id)
{ {
@ -263,8 +262,8 @@ int create_request(uint8_t *send_public_key, uint8_t *send_secret_key, uint8_t *
return -1; return -1;
packet[0] = NET_PACKET_CRYPTO; packet[0] = NET_PACKET_CRYPTO;
id_copy(packet + 1, recv_public_key); memcpy(packet + 1, recv_public_key, crypto_box_PUBLICKEYBYTES);
id_copy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key); memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key, crypto_box_PUBLICKEYBYTES);
memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES); memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES);
return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES;
@ -281,8 +280,8 @@ int handle_request(uint8_t *self_public_key, uint8_t *self_secret_key, uint8_t *
{ {
if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
length <= MAX_DATA_SIZE) { length <= MAX_DATA_SIZE) {
if (id_equal(packet + 1, self_public_key)) { if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {
id_copy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES); memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
uint8_t nonce[crypto_box_NONCEBYTES]; uint8_t nonce[crypto_box_NONCEBYTES];
uint8_t temp[MAX_DATA_SIZE]; uint8_t temp[MAX_DATA_SIZE];
memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES);
@ -318,7 +317,7 @@ static int cryptopacket_handle(void *object, IP_Port source, uint8_t *packet, ui
length > MAX_DATA_SIZE + ENCRYPTION_PADDING) length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
return 1; return 1;
if (id_equal(packet + 1, dht->c->self_public_key)) { // Check if request is for us. if (memcmp(packet + 1, dht->c->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { // Check if request is for us.
uint8_t public_key[crypto_box_PUBLICKEYBYTES]; uint8_t public_key[crypto_box_PUBLICKEYBYTES];
uint8_t data[MAX_DATA_SIZE]; uint8_t data[MAX_DATA_SIZE];
uint8_t number; uint8_t number;
@ -356,7 +355,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi
new_nonce(nonce); new_nonce(nonce);
memcpy(temp, secret_nonce, crypto_box_NONCEBYTES); memcpy(temp, secret_nonce, crypto_box_NONCEBYTES);
id_copy(temp + crypto_box_NONCEBYTES, session_key); memcpy(temp + crypto_box_NONCEBYTES, session_key, crypto_box_PUBLICKEYBYTES);
int len = encrypt_data(public_key, c->self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, int len = encrypt_data(public_key, c->self_secret_key, nonce, temp, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data); 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + temp_data);
@ -365,7 +364,7 @@ static int send_cryptohandshake(Net_Crypto *c, int connection_id, uint8_t *publi
return 0; return 0;
temp_data[0] = 2; temp_data[0] = 2;
id_copy(temp_data + 1, c->self_public_key); memcpy(temp_data + 1, c->self_public_key, crypto_box_PUBLICKEYBYTES);
memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES); memcpy(temp_data + 1 + crypto_box_PUBLICKEYBYTES, nonce, crypto_box_NONCEBYTES);
return write_packet(c->lossless_udp, connection_id, temp_data, return write_packet(c->lossless_udp, connection_id, temp_data,
len + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); len + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES);
@ -391,7 +390,7 @@ static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *s
uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
id_copy(public_key, data + 1); memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES);
int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES, int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES,
data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES,
@ -401,7 +400,7 @@ static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *s
return 0; return 0;
memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); memcpy(secret_nonce, temp, crypto_box_NONCEBYTES);
id_copy(session_key, temp + crypto_box_NONCEBYTES); memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES);
return 1; return 1;
} }
@ -414,10 +413,11 @@ static int getcryptconnection_id(Net_Crypto *c, uint8_t *public_key)
{ {
uint32_t i; uint32_t i;
for (i = 0; i < c->crypto_connections_length; ++i) for (i = 0; i < c->crypto_connections_length; ++i) {
if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION) if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION)
if (id_equal(public_key, c->crypto_connections[i].public_key)) if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0)
return i; return i;
}
return -1; return -1;
} }
@ -477,7 +477,7 @@ int crypto_connect(Net_Crypto *c, uint8_t *public_key, IP_Port ip_port)
c->crypto_connections[i].number = id_new; c->crypto_connections[i].number = id_new;
c->crypto_connections[i].status = CRYPTO_CONN_HANDSHAKE_SENT; c->crypto_connections[i].status = CRYPTO_CONN_HANDSHAKE_SENT;
random_nonce(c->crypto_connections[i].recv_nonce); random_nonce(c->crypto_connections[i].recv_nonce);
id_copy(c->crypto_connections[i].public_key, public_key); memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key);
c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT;
@ -598,9 +598,9 @@ int accept_crypto_inbound(Net_Crypto *c, int connection_id, uint8_t *public_key,
c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT; c->crypto_connections[i].timeout = unix_time() + CRYPTO_HANDSHAKE_TIMEOUT;
random_nonce(c->crypto_connections[i].recv_nonce); random_nonce(c->crypto_connections[i].recv_nonce);
memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
id_copy(c->crypto_connections[i].peersessionpublic_key, session_key); memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
increment_nonce(c->crypto_connections[i].sent_nonce); increment_nonce(c->crypto_connections[i].sent_nonce);
id_copy(c->crypto_connections[i].public_key, public_key); memcpy(c->crypto_connections[i].public_key, public_key, crypto_box_PUBLICKEYBYTES);
crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key); crypto_box_keypair(c->crypto_connections[i].sessionpublic_key, c->crypto_connections[i].sessionsecret_key);
@ -652,7 +652,7 @@ void new_keys(Net_Crypto *c)
*/ */
void save_keys(Net_Crypto *c, uint8_t *keys) void save_keys(Net_Crypto *c, uint8_t *keys)
{ {
id_copy(keys, c->self_public_key); memcpy(keys, c->self_public_key, crypto_box_PUBLICKEYBYTES);
memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES); memcpy(keys + crypto_box_PUBLICKEYBYTES, c->self_secret_key, crypto_box_SECRETKEYBYTES);
} }
@ -661,7 +661,7 @@ void save_keys(Net_Crypto *c, uint8_t *keys)
*/ */
void load_keys(Net_Crypto *c, uint8_t *keys) void load_keys(Net_Crypto *c, uint8_t *keys)
{ {
id_copy(c->self_public_key, keys); memcpy(c->self_public_key, keys, crypto_box_PUBLICKEYBYTES);
memcpy(c->self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES); memcpy(c->self_secret_key, keys + crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES);
} }
@ -686,9 +686,9 @@ static void receive_crypto(Net_Crypto *c)
len = read_packet(c->lossless_udp, c->crypto_connections[i].number, temp_data); len = read_packet(c->lossless_udp, c->crypto_connections[i].number, temp_data);
if (handle_cryptohandshake(c, public_key, secret_nonce, session_key, temp_data, len)) { if (handle_cryptohandshake(c, public_key, secret_nonce, session_key, temp_data, len)) {
if (id_equal(public_key, c->crypto_connections[i].public_key)) { if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) {
memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); memcpy(c->crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
id_copy(c->crypto_connections[i].peersessionpublic_key, session_key); memcpy(c->crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
increment_nonce(c->crypto_connections[i].sent_nonce); increment_nonce(c->crypto_connections[i].sent_nonce);
uint32_t zero = 0; uint32_t zero = 0;
encrypt_precompute(c->crypto_connections[i].peersessionpublic_key, encrypt_precompute(c->crypto_connections[i].peersessionpublic_key,