Merge branch 'kpp-code_review'

This commit is contained in:
irungentoo 2016-01-30 16:30:28 -05:00
commit ccfa6c6a4f
No known key found for this signature in database
GPG Key ID: 10349DC9BED89E98
19 changed files with 148 additions and 125 deletions

View File

@ -117,7 +117,7 @@ START_TEST(test_basic)
increment_nonce(f_nonce_r); increment_nonce(f_nonce_r);
ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]); ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]);
ck_assert_msg(packet_resp_plain[1] == 0, "connection not refused %u", packet_resp_plain[1]); ck_assert_msg(packet_resp_plain[1] == 0, "connection not refused %u", packet_resp_plain[1]);
ck_assert_msg(memcmp(packet_resp_plain + 2, f_public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); ck_assert_msg(public_key_cmp(packet_resp_plain + 2, f_public_key) == 0, "key in packet wrong");
kill_TCP_server(tcp_s); kill_TCP_server(tcp_s);
} }
END_TEST END_TEST
@ -235,12 +235,12 @@ START_TEST(test_some)
ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len); ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len);
ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]); ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]);
ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]); ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]);
ck_assert_msg(memcmp(data + 2, con3->public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); ck_assert_msg(public_key_cmp(data + 2, con3->public_key) == 0, "key in packet wrong");
len = read_packet_sec_TCP(con3, data, 2 + 1 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES); len = read_packet_sec_TCP(con3, data, 2 + 1 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES);
ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len); ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len);
ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]); ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]);
ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]); ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]);
ck_assert_msg(memcmp(data + 2, con1->public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); ck_assert_msg(public_key_cmp(data + 2, con1->public_key) == 0, "key in packet wrong");
uint8_t test_packet[512] = {16, 17, 16, 86, 99, 127, 255, 189, 78}; uint8_t test_packet[512] = {16, 17, 16, 86, 99, 127, 255, 189, 78};
write_packet_TCP_secure_connection(con3, test_packet, sizeof(test_packet)); write_packet_TCP_secure_connection(con3, test_packet, sizeof(test_packet));
@ -363,7 +363,7 @@ static int oob_data_callback(void *object, const uint8_t *public_key, const uint
if (length != 5) if (length != 5)
return 1; return 1;
if (memcmp(public_key, oob_pubkey, crypto_box_PUBLICKEYBYTES) != 0) if (public_key_cmp(public_key, oob_pubkey) != 0)
return 1; return 1;
if (data[0] == 1 && data[1] == 2 && data[2] == 3 && data[3] == 4 && data[4] == 5) { if (data[0] == 1 && data[1] == 2 && data[2] == 3 && data[3] == 4 && data[4] == 5) {
@ -447,7 +447,7 @@ START_TEST(test_client)
do_TCP_connection(conn2); do_TCP_connection(conn2);
ck_assert_msg(oob_data_callback_good == 1, "oob callback not called"); ck_assert_msg(oob_data_callback_good == 1, "oob callback not called");
ck_assert_msg(response_callback_good == 1, "response callback not called"); ck_assert_msg(response_callback_good == 1, "response callback not called");
ck_assert_msg(memcmp(response_callback_public_key, f2_public_key, crypto_box_PUBLICKEYBYTES) == 0, "wrong public key"); ck_assert_msg(public_key_cmp(response_callback_public_key, f2_public_key) == 0, "wrong public key");
ck_assert_msg(status_callback_good == 1, "status callback not called"); ck_assert_msg(status_callback_good == 1, "status callback not called");
ck_assert_msg(status_callback_status == 2, "wrong status"); ck_assert_msg(status_callback_status == 2, "wrong status");
ck_assert_msg(status_callback_connection_id == response_callback_connection_id, "connection ids not equal"); ck_assert_msg(status_callback_connection_id == response_callback_connection_id, "connection ids not equal");
@ -538,17 +538,17 @@ START_TEST(test_tcp_connection)
uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
crypto_box_keypair(self_public_key, self_secret_key); crypto_box_keypair(self_public_key, self_secret_key);
TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_secret_key, NULL); TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_secret_key, NULL);
ck_assert_msg(memcmp(tcp_s->public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); ck_assert_msg(public_key_cmp(tcp_s->public_key, self_public_key) == 0, "Wrong public key");
TCP_Proxy_Info proxy_info; TCP_Proxy_Info proxy_info;
proxy_info.proxy_type = TCP_PROXY_NONE; proxy_info.proxy_type = TCP_PROXY_NONE;
crypto_box_keypair(self_public_key, self_secret_key); crypto_box_keypair(self_public_key, self_secret_key);
TCP_Connections *tc_1 = new_tcp_connections(self_secret_key, &proxy_info); TCP_Connections *tc_1 = new_tcp_connections(self_secret_key, &proxy_info);
ck_assert_msg(memcmp(tc_1->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); ck_assert_msg(public_key_cmp(tc_1->self_public_key, self_public_key) == 0, "Wrong public key");
crypto_box_keypair(self_public_key, self_secret_key); crypto_box_keypair(self_public_key, self_secret_key);
TCP_Connections *tc_2 = new_tcp_connections(self_secret_key, &proxy_info); TCP_Connections *tc_2 = new_tcp_connections(self_secret_key, &proxy_info);
ck_assert_msg(memcmp(tc_2->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); ck_assert_msg(public_key_cmp(tc_2->self_public_key, self_public_key) == 0, "Wrong public key");
IP_Port ip_port_tcp_s; IP_Port ip_port_tcp_s;
@ -641,17 +641,17 @@ START_TEST(test_tcp_connection2)
uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; uint8_t self_secret_key[crypto_box_SECRETKEYBYTES];
crypto_box_keypair(self_public_key, self_secret_key); crypto_box_keypair(self_public_key, self_secret_key);
TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_secret_key, NULL); TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_secret_key, NULL);
ck_assert_msg(memcmp(tcp_s->public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); ck_assert_msg(public_key_cmp(tcp_s->public_key, self_public_key) == 0, "Wrong public key");
TCP_Proxy_Info proxy_info; TCP_Proxy_Info proxy_info;
proxy_info.proxy_type = TCP_PROXY_NONE; proxy_info.proxy_type = TCP_PROXY_NONE;
crypto_box_keypair(self_public_key, self_secret_key); crypto_box_keypair(self_public_key, self_secret_key);
TCP_Connections *tc_1 = new_tcp_connections(self_secret_key, &proxy_info); TCP_Connections *tc_1 = new_tcp_connections(self_secret_key, &proxy_info);
ck_assert_msg(memcmp(tc_1->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); ck_assert_msg(public_key_cmp(tc_1->self_public_key, self_public_key) == 0, "Wrong public key");
crypto_box_keypair(self_public_key, self_secret_key); crypto_box_keypair(self_public_key, self_secret_key);
TCP_Connections *tc_2 = new_tcp_connections(self_secret_key, &proxy_info); TCP_Connections *tc_2 = new_tcp_connections(self_secret_key, &proxy_info);
ck_assert_msg(memcmp(tc_2->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); ck_assert_msg(public_key_cmp(tc_2->self_public_key, self_public_key) == 0, "Wrong public key");
IP_Port ip_port_tcp_s; IP_Port ip_port_tcp_s;

View File

@ -108,7 +108,7 @@ void print_clientlist(DHT *dht)
for (i = 0; i < LCLIENT_LIST; i++) { for (i = 0; i < LCLIENT_LIST; i++) {
Client_data *client = &dht->close_clientlist[i]; Client_data *client = &dht->close_clientlist[i];
if (memcmp(client->public_key, zeroes_cid, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(client->public_key, zeroes_cid) == 0)
continue; continue;
printf("ClientID: "); printf("ClientID: ");
@ -139,7 +139,7 @@ void print_friendlist(DHT *dht)
for (i = 0; i < MAX_FRIEND_CLIENTS; i++) { for (i = 0; i < MAX_FRIEND_CLIENTS; i++) {
Client_data *client = &dht->friends_list[k].client_list[i]; Client_data *client = &dht->friends_list[k].client_list[i];
if (memcmp(client->public_key, zeroes_cid, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(client->public_key, zeroes_cid) == 0)
continue; continue;
printf("ClientID: "); printf("ClientID: ");

View File

@ -126,7 +126,7 @@ void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, const uint8_t
int index = public_key[30] * MAX_KEYS_PER_SLOT + i; int index = public_key[30] * MAX_KEYS_PER_SLOT + i;
if (shared_keys->keys[index].stored) { if (shared_keys->keys[index].stored) {
if (memcmp(public_key, shared_keys->keys[index].public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(public_key, shared_keys->keys[index].public_key) == 0) {
memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES); memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES);
++shared_keys->keys[index].times_requested; ++shared_keys->keys[index].times_requested;
shared_keys->keys[index].time_last_requested = unix_time(); shared_keys->keys[index].time_last_requested = unix_time();
@ -233,6 +233,7 @@ int pack_nodes(uint8_t *data, uint16_t length, const Node_format *nodes, uint16_
int ipv6 = -1; int ipv6 = -1;
uint8_t net_family; uint8_t net_family;
// FIXME use functions to convert endianness
if (nodes[i].ip_port.ip.family == AF_INET) { if (nodes[i].ip_port.ip.family == AF_INET) {
ipv6 = 0; ipv6 = 0;
net_family = TOX_AF_INET; net_family = TOX_AF_INET;
@ -844,7 +845,7 @@ static _Bool is_pk_in_client_list(Client_data *list, unsigned int client_list_le
for (i = 0; i < client_list_length; ++i) { for (i = 0; i < client_list_length; ++i) {
if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT)) if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT))
|| (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) { || (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) {
if (memcmp(list[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(list[i].public_key, public_key) == 0) {
return 1; return 1;
} }
} }
@ -944,7 +945,7 @@ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key)
DHT_Friend *friend = &dht->friends_list[i]; DHT_Friend *friend = &dht->friends_list[i];
if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(public_key, friend->public_key) == 0) {
friend_foundip = friend; friend_foundip = friend;
} }
@ -953,7 +954,7 @@ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key)
} else { } else {
DHT_Friend *friend = &dht->friends_list[i]; DHT_Friend *friend = &dht->friends_list[i];
if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(public_key, friend->public_key) == 0) {
friend_foundip = friend; friend_foundip = friend;
} }
@ -1212,7 +1213,7 @@ static uint8_t sent_getnode_to_node(DHT *dht, const uint8_t *public_key, IP_Port
Node_format test; Node_format test;
memcpy(&test, data, sizeof(Node_format)); memcpy(&test, data, sizeof(Node_format));
if (!ipport_equal(&test.ip_port, &node_ip_port) || memcmp(test.public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0) if (!ipport_equal(&test.ip_port, &node_ip_port) || public_key_cmp(test.public_key, public_key) != 0)
return 0; return 0;
return 1; return 1;
@ -2081,7 +2082,7 @@ static IPPTsPng *get_closelist_IPPTsPng(DHT *dht, const uint8_t *public_key, sa_
uint32_t i; uint32_t i;
for (i = 0; i < LCLIENT_LIST; ++i) { for (i = 0; i < LCLIENT_LIST; ++i) {
if (memcmp(dht->close_clientlist[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0) if (public_key_cmp(dht->close_clientlist[i].public_key, public_key) != 0)
continue; continue;
if (sa_family == AF_INET) if (sa_family == AF_INET)
@ -2178,7 +2179,7 @@ static int handle_hardening(void *object, IP_Port source, const uint8_t *source_
if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL)) if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL))
return 1; return 1;
if (memcmp(temp->hardening.send_nodes_pingedid, source_pubkey, crypto_box_PUBLICKEYBYTES) != 0) if (public_key_cmp(temp->hardening.send_nodes_pingedid, source_pubkey) != 0)
return 1; return 1;
/* If Nodes look good and the request checks out */ /* If Nodes look good and the request checks out */
@ -2351,7 +2352,7 @@ static int cryptopacket_handle(void *object, IP_Port source, const uint8_t *pack
length > MAX_CRYPTO_REQUEST_SIZE + crypto_box_MACBYTES) length > MAX_CRYPTO_REQUEST_SIZE + crypto_box_MACBYTES)
return 1; return 1;
if (memcmp(packet + 1, dht->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { // Check if request is for us. if (public_key_cmp(packet + 1, dht->self_public_key) == 0) { // Check if request is for us.
uint8_t public_key[crypto_box_PUBLICKEYBYTES]; uint8_t public_key[crypto_box_PUBLICKEYBYTES];
uint8_t data[MAX_CRYPTO_REQUEST_SIZE]; uint8_t data[MAX_CRYPTO_REQUEST_SIZE];
uint8_t number; uint8_t number;

View File

@ -2660,7 +2660,7 @@ static int messenger_load_state_callback(void *outer, const uint8_t *data, uint3
set_nospam(&(m->fr), *(uint32_t *)data); set_nospam(&(m->fr), *(uint32_t *)data);
load_secret_key(m->net_crypto, (&data[sizeof(uint32_t)]) + crypto_box_PUBLICKEYBYTES); load_secret_key(m->net_crypto, (&data[sizeof(uint32_t)]) + crypto_box_PUBLICKEYBYTES);
if (memcmp((&data[sizeof(uint32_t)]), m->net_crypto->self_public_key, crypto_box_PUBLICKEYBYTES) != 0) { if (public_key_cmp((&data[sizeof(uint32_t)]), m->net_crypto->self_public_key) != 0) {
return -1; return -1;
} }
} else } else

View File

@ -151,7 +151,7 @@ static int socks5_read_handshake_response(TCP_Client_Connection *TCP_conn)
if (ret == -1) if (ret == -1)
return 0; return 0;
if (data[0] == 5 && data[1] == 0) if (data[0] == 5 && data[1] == 0) // FIXME magic numbers
return 1; return 1;
return -1; return -1;
@ -251,7 +251,7 @@ static int handle_handshake(TCP_Client_Connection *TCP_conn, const uint8_t *data
memcpy(TCP_conn->recv_nonce, plain + crypto_box_PUBLICKEYBYTES, crypto_box_NONCEBYTES); memcpy(TCP_conn->recv_nonce, plain + crypto_box_PUBLICKEYBYTES, crypto_box_NONCEBYTES);
encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key); encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key);
memset(TCP_conn->temp_secret_key, 0, crypto_box_SECRETKEYBYTES); sodium_memzero(TCP_conn->temp_secret_key, crypto_box_SECRETKEYBYTES);
return 0; return 0;
} }
@ -962,6 +962,6 @@ void kill_TCP_connection(TCP_Client_Connection *TCP_connection)
wipe_priority_list(TCP_connection); wipe_priority_list(TCP_connection);
kill_sock(TCP_connection->sock); kill_sock(TCP_connection->sock);
memset(TCP_connection, 0, sizeof(TCP_Client_Connection)); sodium_memzero(TCP_connection, sizeof(TCP_Client_Connection));
free(TCP_connection); free(TCP_connection);
} }

View File

@ -384,7 +384,7 @@ static int find_tcp_connection_to(TCP_Connections *tcp_c, const uint8_t *public_
TCP_Connection_to *con_to = get_connection(tcp_c, i); TCP_Connection_to *con_to = get_connection(tcp_c, i);
if (con_to) { if (con_to) {
if (memcmp(con_to->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(con_to->public_key, public_key) == 0) {
return i; return i;
} }
} }
@ -407,11 +407,11 @@ static int find_tcp_connection_relay(TCP_Connections *tcp_c, const uint8_t *rela
if (tcp_con) { if (tcp_con) {
if (tcp_con->status == TCP_CONN_SLEEPING) { if (tcp_con->status == TCP_CONN_SLEEPING) {
if (memcmp(tcp_con->relay_pk, relay_pk, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(tcp_con->relay_pk, relay_pk) == 0) {
return i; return i;
} }
} else { } else {
if (memcmp(tcp_con->connection->public_key, relay_pk, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(tcp_con->connection->public_key, relay_pk) == 0) {
return i; return i;
} }
} }

View File

@ -169,7 +169,7 @@ static int del_accepted(TCP_Server *TCP_server, int index)
if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index)) if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index))
return -1; return -1;
memset(&TCP_server->accepted_connection_array[index], 0, sizeof(TCP_Secure_Connection)); sodium_memzero(&TCP_server->accepted_connection_array[index], sizeof(TCP_Secure_Connection));
--TCP_server->num_accepted_connections; --TCP_server->num_accepted_connections;
if (TCP_server->num_accepted_connections == 0) if (TCP_server->num_accepted_connections == 0)
@ -447,7 +447,7 @@ static int write_packet_TCP_secure_connection(TCP_Secure_Connection *con, const
static void kill_TCP_connection(TCP_Secure_Connection *con) static void kill_TCP_connection(TCP_Secure_Connection *con)
{ {
kill_sock(con->sock); kill_sock(con->sock);
memset(con, 0, sizeof(TCP_Secure_Connection)); sodium_memzero(con, sizeof(TCP_Secure_Connection));
} }
static int rm_connection_index(TCP_Server *TCP_server, TCP_Secure_Connection *con, uint8_t con_number); static int rm_connection_index(TCP_Server *TCP_server, TCP_Secure_Connection *con, uint8_t con_number);
@ -583,7 +583,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, const
TCP_Secure_Connection *con = &TCP_server->accepted_connection_array[con_id]; TCP_Secure_Connection *con = &TCP_server->accepted_connection_array[con_id];
/* If person tries to cennect to himself we deny the request*/ /* If person tries to cennect to himself we deny the request*/
if (memcmp(con->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(con->public_key, public_key) == 0) {
if (send_routing_response(con, 0, public_key) == -1) if (send_routing_response(con, 0, public_key) == -1)
return -1; return -1;
@ -592,7 +592,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, const
for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) { for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) {
if (con->connections[i].status != 0) { if (con->connections[i].status != 0) {
if (memcmp(public_key, con->connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(public_key, con->connections[i].public_key) == 0) {
if (send_routing_response(con, i + NUM_RESERVED_PORTS, public_key) == -1) { if (send_routing_response(con, i + NUM_RESERVED_PORTS, public_key) == -1) {
return -1; return -1;
} else { } else {
@ -629,7 +629,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, const
for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) { for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) {
if (other_conn->connections[i].status == 1 if (other_conn->connections[i].status == 1
&& memcmp(other_conn->connections[i].public_key, con->public_key, crypto_box_PUBLICKEYBYTES) == 0) { && public_key_cmp(other_conn->connections[i].public_key, con->public_key) == 0) {
other_id = i; other_id = i;
break; break;
} }
@ -868,7 +868,7 @@ static int confirm_TCP_connection(TCP_Server *TCP_server, TCP_Secure_Connection
return -1; return -1;
} }
memset(con, 0, sizeof(TCP_Secure_Connection)); sodium_memzero(con, sizeof(TCP_Secure_Connection));
if (handle_TCP_packet(TCP_server, index, data, length) == -1) { if (handle_TCP_packet(TCP_server, index, data, length) == -1) {
kill_accepted(TCP_server, index); kill_accepted(TCP_server, index);
@ -1056,7 +1056,7 @@ static int do_incoming(TCP_Server *TCP_server, uint32_t i)
kill_TCP_connection(conn_new); kill_TCP_connection(conn_new);
memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection)); memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection));
memset(conn_old, 0, sizeof(TCP_Secure_Connection)); sodium_memzero(conn_old, sizeof(TCP_Secure_Connection));
++TCP_server->unconfirmed_connection_queue_index; ++TCP_server->unconfirmed_connection_queue_index;
return index_new; return index_new;

View File

@ -84,7 +84,7 @@ void encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, ui
int encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, uint32_t length, int encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, uint32_t length,
uint8_t *encrypted) uint8_t *encrypted)
{ {
if (length == 0) if (length == 0 || !secret_key || !nonce || !plain || !encrypted)
return -1; return -1;
uint8_t temp_plain[length + crypto_box_ZEROBYTES]; uint8_t temp_plain[length + crypto_box_ZEROBYTES];
@ -104,7 +104,7 @@ int encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, cons
int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, uint32_t length, int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, uint32_t length,
uint8_t *plain) uint8_t *plain)
{ {
if (length <= crypto_box_BOXZEROBYTES) if (length <= crypto_box_BOXZEROBYTES || !secret_key || !nonce || !encrypted || !plain)
return -1; return -1;
uint8_t temp_plain[length + crypto_box_ZEROBYTES]; uint8_t temp_plain[length + crypto_box_ZEROBYTES];
@ -123,53 +123,70 @@ int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, cons
int encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, int encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
const uint8_t *plain, uint32_t length, uint8_t *encrypted) const uint8_t *plain, uint32_t length, uint8_t *encrypted)
{ {
if (!public_key || !secret_key)
return -1;
uint8_t k[crypto_box_BEFORENMBYTES]; uint8_t k[crypto_box_BEFORENMBYTES];
encrypt_precompute(public_key, secret_key, k); encrypt_precompute(public_key, secret_key, k);
return encrypt_data_symmetric(k, nonce, plain, length, encrypted); int ret = encrypt_data_symmetric(k, nonce, plain, length, encrypted);
sodium_memzero(k, sizeof k);
return ret;
} }
int decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, int decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
const uint8_t *encrypted, uint32_t length, uint8_t *plain) const uint8_t *encrypted, uint32_t length, uint8_t *plain)
{ {
if (!public_key || !secret_key)
return -1;
uint8_t k[crypto_box_BEFORENMBYTES]; uint8_t k[crypto_box_BEFORENMBYTES];
encrypt_precompute(public_key, secret_key, k); encrypt_precompute(public_key, secret_key, k);
return decrypt_data_symmetric(k, nonce, encrypted, length, plain); int ret = decrypt_data_symmetric(k, nonce, encrypted, length, plain);
sodium_memzero(k, sizeof k);
return ret;
} }
/* Increment the given nonce by 1. */ /* Increment the given nonce by 1. */
void increment_nonce(uint8_t *nonce) void increment_nonce(uint8_t *nonce)
{ {
uint32_t i; /* FIXME use increment_nonce_number(nonce, 1) or sodium_increment (change to little endian)
* NOTE don't use breaks inside this loop
for (i = crypto_box_NONCEBYTES; i != 0; --i) { * In particular, make sure, as far as possible,
++nonce[i - 1]; * that loop bounds and their potential underflow or overflow
* are independent of user-controlled input (you may have heard of the Heartbleed bug).
if (nonce[i - 1] != 0) */
break; uint32_t i = crypto_box_NONCEBYTES;
uint_fast16_t carry = 1U;
for (; i != 0; --i) {
carry += (uint_fast16_t) nonce[i - 1];
nonce[i - 1] = (uint8_t) carry;
carry >>= 8;
} }
} }
/* increment the given nonce by num */ /* increment the given nonce by num */
void increment_nonce_number(uint8_t *nonce, uint32_t num) void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num)
{ {
uint32_t num1, num2; /* NOTE don't use breaks inside this loop
memcpy(&num1, nonce + (crypto_box_NONCEBYTES - sizeof(num1)), sizeof(num1)); * In particular, make sure, as far as possible,
num1 = ntohl(num1); * that loop bounds and their potential underflow or overflow
num2 = num + num1; * are independent of user-controlled input (you may have heard of the Heartbleed bug).
*/
const uint32_t big_endian_num = htonl(host_order_num);
const uint8_t* const num_vec = (const uint8_t*) &big_endian_num;
uint8_t num_as_nonce[crypto_box_NONCEBYTES] = {0};
num_as_nonce[crypto_box_NONCEBYTES - 4] = num_vec[0];
num_as_nonce[crypto_box_NONCEBYTES - 3] = num_vec[1];
num_as_nonce[crypto_box_NONCEBYTES - 2] = num_vec[2];
num_as_nonce[crypto_box_NONCEBYTES - 1] = num_vec[3];
if (num2 < num1) { uint32_t i = crypto_box_NONCEBYTES;
uint32_t i; uint_fast16_t carry = 0U;
for (; i != 0; --i) {
for (i = crypto_box_NONCEBYTES - sizeof(num1); i != 0; --i) { carry += (uint_fast16_t) nonce[i] + (uint_fast16_t) num_as_nonce[i];
++nonce[i - 1]; nonce[i] = (unsigned char) carry;
carry >>= 8;
if (nonce[i - 1] != 0)
break;
} }
}
num2 = htonl(num2);
memcpy(nonce + (crypto_box_NONCEBYTES - sizeof(num2)), &num2, sizeof(num2));
} }
/* Fill the given nonce with random bytes. */ /* Fill the given nonce with random bytes. */
@ -203,15 +220,18 @@ void new_nonce(uint8_t *nonce)
int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_key, uint8_t *packet, int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_key, uint8_t *packet,
const uint8_t *recv_public_key, const uint8_t *data, uint32_t length, uint8_t request_id) const uint8_t *recv_public_key, const uint8_t *data, uint32_t length, uint8_t request_id)
{ {
if (!send_public_key || !packet || !recv_public_key || !data)
return -1;
if (MAX_CRYPTO_REQUEST_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + if (MAX_CRYPTO_REQUEST_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 +
crypto_box_MACBYTES) crypto_box_MACBYTES)
return -1; return -1;
uint8_t nonce[crypto_box_NONCEBYTES]; uint8_t* nonce = packet + 1 + crypto_box_PUBLICKEYBYTES * 2;
uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; new_nonce(nonce);
uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; // FIXME sodium_memzero before exit function
memcpy(temp + 1, data, length); memcpy(temp + 1, data, length);
temp[0] = request_id; temp[0] = request_id;
new_nonce(nonce);
int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1,
1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet);
@ -221,7 +241,6 @@ int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_ke
packet[0] = NET_PACKET_CRYPTO; packet[0] = NET_PACKET_CRYPTO;
memcpy(packet + 1, recv_public_key, crypto_box_PUBLICKEYBYTES); memcpy(packet + 1, recv_public_key, crypto_box_PUBLICKEYBYTES);
memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key, crypto_box_PUBLICKEYBYTES); memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key, crypto_box_PUBLICKEYBYTES);
memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES);
return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES;
} }
@ -235,17 +254,19 @@ int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_ke
int handle_request(const uint8_t *self_public_key, const uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data, int handle_request(const uint8_t *self_public_key, const uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data,
uint8_t *request_id, const uint8_t *packet, uint16_t length) uint8_t *request_id, const uint8_t *packet, uint16_t length)
{ {
if (!self_public_key || !public_key || !data || !request_id || !packet)
return -1;
if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + crypto_box_MACBYTES || if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + crypto_box_MACBYTES ||
length > MAX_CRYPTO_REQUEST_SIZE) length > MAX_CRYPTO_REQUEST_SIZE)
return -1; return -1;
if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) != 0) if (public_key_cmp(packet + 1, self_public_key) != 0)
return -1; return -1;
memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
uint8_t nonce[crypto_box_NONCEBYTES]; const uint8_t* nonce = packet + 1 + crypto_box_PUBLICKEYBYTES * 2;
uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; // FIXME sodium_memzero before exit function
memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES);
int len1 = decrypt_data(public_key, self_secret_key, nonce, int len1 = decrypt_data(public_key, self_secret_key, nonce,
packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES,
length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp); length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp);

View File

@ -108,7 +108,7 @@ int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, cons
void increment_nonce(uint8_t *nonce); void increment_nonce(uint8_t *nonce);
/* increment the given nonce by num */ /* increment the given nonce by num */
void increment_nonce_number(uint8_t *nonce, uint32_t num); void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num);
/* Fill the given nonce with random bytes. */ /* Fill the given nonce with random bytes. */
void random_nonce(uint8_t *nonce); void random_nonce(uint8_t *nonce);

View File

@ -138,7 +138,7 @@ int getfriend_conn_id_pk(Friend_Connections *fr_c, const uint8_t *real_pk)
Friend_Conn *friend_con = get_conn(fr_c, i); Friend_Conn *friend_con = get_conn(fr_c, i);
if (friend_con) { if (friend_con) {
if (memcmp(friend_con->real_public_key, real_pk, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(friend_con->real_public_key, real_pk) == 0)
return i; return i;
} }
} }
@ -159,7 +159,7 @@ int friend_add_tcp_relay(Friend_Connections *fr_c, int friendcon_id, IP_Port ip_
return -1; return -1;
/* Local ip and same pk means that they are hosting a TCP relay. */ /* Local ip and same pk means that they are hosting a TCP relay. */
if (Local_ip(ip_port.ip) && memcmp(friend_con->dht_temp_pk, public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (Local_ip(ip_port.ip) && public_key_cmp(friend_con->dht_temp_pk, public_key) == 0) {
if (friend_con->dht_ip_port.ip.family != 0) { if (friend_con->dht_ip_port.ip.family != 0) {
ip_port.ip = friend_con->dht_ip_port.ip; ip_port.ip = friend_con->dht_ip_port.ip;
} else { } else {
@ -173,7 +173,7 @@ int friend_add_tcp_relay(Friend_Connections *fr_c, int friendcon_id, IP_Port ip_
for (i = 0; i < FRIEND_MAX_STORED_TCP_RELAYS; ++i) { for (i = 0; i < FRIEND_MAX_STORED_TCP_RELAYS; ++i) {
if (friend_con->tcp_relays[i].ip_port.ip.family != 0 if (friend_con->tcp_relays[i].ip_port.ip.family != 0
&& memcmp(friend_con->tcp_relays[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { && public_key_cmp(friend_con->tcp_relays[i].public_key, public_key) == 0) {
memset(&friend_con->tcp_relays[i], 0, sizeof(Node_format)); memset(&friend_con->tcp_relays[i], 0, sizeof(Node_format));
} }
} }
@ -356,7 +356,7 @@ static void dht_pk_callback(void *object, int32_t number, const uint8_t *dht_pub
if (!friend_con) if (!friend_con)
return; return;
if (memcmp(friend_con->dht_temp_pk, dht_public_key, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(friend_con->dht_temp_pk, dht_public_key) == 0)
return; return;
change_dht_pk(fr_c, number, dht_public_key); change_dht_pk(fr_c, number, dht_public_key);
@ -479,7 +479,7 @@ static int handle_new_connections(void *object, New_Connection *n_c)
friend_con->dht_ip_port_lastrecv = unix_time(); friend_con->dht_ip_port_lastrecv = unix_time();
} }
if (memcmp(friend_con->dht_temp_pk, n_c->dht_public_key, crypto_box_PUBLICKEYBYTES) != 0) { if (public_key_cmp(friend_con->dht_temp_pk, n_c->dht_public_key) != 0) {
change_dht_pk(fr_c, friendcon_id, n_c->dht_public_key); change_dht_pk(fr_c, friendcon_id, n_c->dht_public_key);
} }

View File

@ -94,7 +94,7 @@ int remove_request_received(Friend_Requests *fr, const uint8_t *real_pk)
for (i = 0; i < MAX_RECEIVED_STORED; ++i) { for (i = 0; i < MAX_RECEIVED_STORED; ++i) {
if (id_equal(fr->received_requests[i], real_pk)) { if (id_equal(fr->received_requests[i], real_pk)) {
memset(fr->received_requests[i], 0, crypto_box_PUBLICKEYBYTES); sodium_memzero(fr->received_requests[i], crypto_box_PUBLICKEYBYTES);
return 0; return 0;
} }
} }

View File

@ -106,7 +106,7 @@ static int wipe_group_chat(Group_Chats *g_c, int groupnumber)
return -1; return -1;
uint32_t i; uint32_t i;
memset(&(g_c->chats[groupnumber]), 0 , sizeof(Group_c)); sodium_memzero(&(g_c->chats[groupnumber]), sizeof(Group_c));
for (i = g_c->num_chats; i != 0; --i) { for (i = g_c->num_chats; i != 0; --i) {
if (g_c->chats[i - 1].status != GROUPCHAT_STATUS_NONE) if (g_c->chats[i - 1].status != GROUPCHAT_STATUS_NONE)
@ -162,7 +162,7 @@ static int get_group_num(const Group_Chats *g_c, const uint8_t *identifier)
uint32_t i; uint32_t i;
for (i = 0; i < g_c->num_chats; ++i) for (i = 0; i < g_c->num_chats; ++i)
if (memcmp(g_c->chats[i].identifier, identifier, GROUP_IDENTIFIER_LENGTH) == 0) if (sodium_memcmp(g_c->chats[i].identifier, identifier, GROUP_IDENTIFIER_LENGTH) == 0)
return i; return i;
return -1; return -1;
@ -218,14 +218,14 @@ static int add_to_closest(Group_Chats *g_c, int groupnumber, const uint8_t *real
if (!g) if (!g)
return -1; return -1;
if (memcmp(g->real_pk, real_pk, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(g->real_pk, real_pk) == 0)
return -1; return -1;
unsigned int i; unsigned int i;
unsigned int index = DESIRED_CLOSE_CONNECTIONS; unsigned int index = DESIRED_CLOSE_CONNECTIONS;
for (i = 0; i < DESIRED_CLOSE_CONNECTIONS; ++i) { for (i = 0; i < DESIRED_CLOSE_CONNECTIONS; ++i) {
if (g->closest_peers[i].entry && memcmp(real_pk, g->closest_peers[i].real_pk, crypto_box_PUBLICKEYBYTES) == 0) { if (g->closest_peers[i].entry && public_key_cmp(real_pk, g->closest_peers[i].real_pk) == 0) {
return 0; return 0;
} }
} }
@ -299,7 +299,7 @@ static unsigned int pk_in_closest_peers(Group_c *g, uint8_t *real_pk)
if (!g->closest_peers[i].entry) if (!g->closest_peers[i].entry)
continue; continue;
if (memcmp(g->closest_peers[i].real_pk, real_pk, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(g->closest_peers[i].real_pk, real_pk) == 0)
return 1; return 1;
} }
@ -1277,7 +1277,7 @@ static void handle_friend_invite_packet(Messenger *m, uint32_t friendnumber, con
if (!g) if (!g)
return; return;
if (memcmp(data + 1 + sizeof(uint16_t) * 2, g->identifier, GROUP_IDENTIFIER_LENGTH) != 0) if (sodium_memcmp(data + 1 + sizeof(uint16_t) * 2, g->identifier, GROUP_IDENTIFIER_LENGTH) != 0)
return; return;
uint16_t peer_number = rand(); /* TODO: what if two people enter the group at the same time and uint16_t peer_number = rand(); /* TODO: what if two people enter the group at the same time and
@ -1525,7 +1525,7 @@ static int handle_send_peers(Group_Chats *g_c, int groupnumber, const uint8_t *d
return -1; return -1;
if (g->status == GROUPCHAT_STATUS_VALID if (g->status == GROUPCHAT_STATUS_VALID
&& memcmp(d, g_c->m->net_crypto->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { && public_key_cmp(d, g_c->m->net_crypto->self_public_key) == 0) {
g->peer_number = peer_num; g->peer_number = peer_num;
g->status = GROUPCHAT_STATUS_CONNECTED; g->status = GROUPCHAT_STATUS_CONNECTED;
group_name_send(g_c, groupnumber, g_c->m->name, g_c->m->name_length); group_name_send(g_c, groupnumber, g_c->m->name, g_c->m->name_length);
@ -2011,7 +2011,7 @@ static unsigned int lossy_packet_not_received(Group_c *g, int peer_index, uint16
uint16_t top_distance = message_number - g->group[peer_index].top_lossy_number; uint16_t top_distance = message_number - g->group[peer_index].top_lossy_number;
if (top_distance >= MAX_LOSSY_COUNT) { if (top_distance >= MAX_LOSSY_COUNT) {
memset(g->group[peer_index].recv_lossy, 0, sizeof(g->group[peer_index].recv_lossy)); sodium_memzero(g->group[peer_index].recv_lossy, sizeof(g->group[peer_index].recv_lossy));
g->group[peer_index].top_lossy_number = message_number; g->group[peer_index].top_lossy_number = message_number;
g->group[peer_index].bottom_lossy_number = (message_number - MAX_LOSSY_COUNT) + 1; g->group[peer_index].bottom_lossy_number = (message_number - MAX_LOSSY_COUNT) + 1;
g->group[peer_index].recv_lossy[message_number % MAX_LOSSY_COUNT] = 1; g->group[peer_index].recv_lossy[message_number % MAX_LOSSY_COUNT] = 1;

View File

@ -244,7 +244,7 @@ static int tcp_oob_handle_cookie_request(const Net_Crypto *c, unsigned int tcp_c
if (handle_cookie_request(c, request_plain, shared_key, dht_public_key_temp, packet, length) != 0) if (handle_cookie_request(c, request_plain, shared_key, dht_public_key_temp, packet, length) != 0)
return -1; return -1;
if (memcmp(dht_public_key, dht_public_key_temp, crypto_box_PUBLICKEYBYTES) != 0) if (public_key_cmp(dht_public_key, dht_public_key_temp) != 0)
return -1; return -1;
uint8_t data[COOKIE_RESPONSE_LENGTH]; uint8_t data[COOKIE_RESPONSE_LENGTH];
@ -363,7 +363,7 @@ static int handle_crypto_handshake(const Net_Crypto *c, uint8_t *nonce, uint8_t
if (len != sizeof(plain)) if (len != sizeof(plain))
return -1; return -1;
if (memcmp(cookie_hash, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, crypto_hash_sha512_BYTES) != 0) if (sodium_memcmp(cookie_hash, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, crypto_hash_sha512_BYTES) != 0)
return -1; return -1;
memcpy(nonce, plain, crypto_box_NONCEBYTES); memcpy(nonce, plain, crypto_box_NONCEBYTES);
@ -1518,7 +1518,7 @@ static int wipe_crypto_connection(Net_Crypto *c, int crypt_connection_id)
/* Keep mutex, only destroy it when connection is realloced out. */ /* Keep mutex, only destroy it when connection is realloced out. */
pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex; pthread_mutex_t mutex = c->crypto_connections[crypt_connection_id].mutex;
memset(&(c->crypto_connections[crypt_connection_id]), 0 , sizeof(Crypto_Connection)); sodium_memzero(&(c->crypto_connections[crypt_connection_id]), sizeof(Crypto_Connection));
c->crypto_connections[crypt_connection_id].mutex = mutex; c->crypto_connections[crypt_connection_id].mutex = mutex;
for (i = c->crypto_connections_length; i != 0; --i) { for (i = c->crypto_connections_length; i != 0; --i) {
@ -1548,7 +1548,7 @@ static int getcryptconnection_id(const Net_Crypto *c, const uint8_t *public_key)
for (i = 0; i < c->crypto_connections_length; ++i) { for (i = 0; i < c->crypto_connections_length; ++i) {
if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION) if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION)
if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(public_key, c->crypto_connections[i].public_key) == 0)
return i; return i;
} }
@ -2709,6 +2709,6 @@ void kill_net_crypto(Net_Crypto *c)
networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL); networking_registerhandler(c->dht->net, NET_PACKET_COOKIE_RESPONSE, NULL, NULL);
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL); networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_HS, NULL, NULL);
networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL); networking_registerhandler(c->dht->net, NET_PACKET_CRYPTO_DATA, NULL, NULL);
memset(c, 0, sizeof(Net_Crypto)); sodium_memzero(c, sizeof(Net_Crypto));
free(c); free(c);
} }

View File

@ -699,6 +699,9 @@ Networking_Core *new_networking_ex(IP ip, uint16_t port_from, uint16_t port_to,
/* Function to cleanup networking stuff. */ /* Function to cleanup networking stuff. */
void kill_networking(Networking_Core *net) void kill_networking(Networking_Core *net)
{ {
if (!net)
return;
if (net->family != 0) /* Socket not initialized */ if (net->family != 0) /* Socket not initialized */
kill_sock(net->sock); kill_sock(net->sock);
@ -823,7 +826,7 @@ void ipport_copy(IP_Port *target, const IP_Port *source)
* writes error message into the buffer on error * writes error message into the buffer on error
*/ */
/* there would be INET6_ADDRSTRLEN, but it might be too short for the error message */ /* there would be INET6_ADDRSTRLEN, but it might be too short for the error message */
static char addresstext[96]; static char addresstext[96]; // FIXME magic number. Why not INET6_ADDRSTRLEN ?
const char *ip_ntoa(const IP *ip) const char *ip_ntoa(const IP *ip)
{ {
if (ip) { if (ip) {
@ -964,10 +967,10 @@ int addr_resolve(const char *address, IP *to, IP *extra)
return 0; return 0;
} }
IP4 ip4; IP ip4;
memset(&ip4, 0, sizeof(ip4)); ip_init(&ip4, /* ipv6? */ false);
IP6 ip6; IP ip6;
memset(&ip6, 0, sizeof(ip6)); ip_init(&ip6, /* ipv6? */ true);
for (walker = server; (walker != NULL) && (rc != 3); walker = walker->ai_next) { for (walker = server; (walker != NULL) && (rc != 3); walker = walker->ai_next) {
switch (walker->ai_family) { switch (walker->ai_family) {
@ -975,11 +978,11 @@ int addr_resolve(const char *address, IP *to, IP *extra)
if (walker->ai_family == family) { /* AF_INET requested, done */ if (walker->ai_family == family) { /* AF_INET requested, done */
struct sockaddr_in *addr = (struct sockaddr_in *)walker->ai_addr; struct sockaddr_in *addr = (struct sockaddr_in *)walker->ai_addr;
to->ip4.in_addr = addr->sin_addr; to->ip4.in_addr = addr->sin_addr;
rc = 3; rc = 3; // TODO do we really have to reuse variable instead of creating a new one?
} else if (!(rc & 1)) { /* AF_UNSPEC requested, store away */ } else if (!(rc & 1)) { /* AF_UNSPEC requested, store away */
struct sockaddr_in *addr = (struct sockaddr_in *)walker->ai_addr; struct sockaddr_in *addr = (struct sockaddr_in *)walker->ai_addr;
ip4.in_addr = addr->sin_addr; ip4.ip4.in_addr = addr->sin_addr;
rc |= 1; rc |= 1; // FIXME magic number
} }
break; /* switch */ break; /* switch */
@ -994,7 +997,7 @@ int addr_resolve(const char *address, IP *to, IP *extra)
} else if (!(rc & 2)) { /* AF_UNSPEC requested, store away */ } else if (!(rc & 2)) { /* AF_UNSPEC requested, store away */
if (walker->ai_addrlen == sizeof(struct sockaddr_in6)) { if (walker->ai_addrlen == sizeof(struct sockaddr_in6)) {
struct sockaddr_in6 *addr = (struct sockaddr_in6 *)walker->ai_addr; struct sockaddr_in6 *addr = (struct sockaddr_in6 *)walker->ai_addr;
ip6.in6_addr = addr->sin6_addr; ip6.ip6.in6_addr = addr->sin6_addr;
rc |= 2; rc |= 2;
} }
} }
@ -1004,17 +1007,14 @@ int addr_resolve(const char *address, IP *to, IP *extra)
} }
if (to->family == AF_UNSPEC) { if (to->family == AF_UNSPEC) {
if (rc & 2) { if (rc & 2) { // FIXME magic number
to->family = AF_INET6; ip_copy(to, &ip6);
to->ip6 = ip6;
if ((rc & 1) && (extra != NULL)) { if ((rc & 1) && (extra != NULL)) {
extra->family = AF_INET; ip_copy(extra, &ip4);
extra->ip4 = ip4;
} }
} else if (rc & 1) { } else if (rc & 1) {
to->family = AF_INET; ip_copy(to, &ip4);
to->ip4 = ip4;
} else } else
rc = 0; rc = 0;
} }

View File

@ -211,7 +211,7 @@ static int in_entries(const Onion_Announce *onion_a, const uint8_t *public_key)
for (i = 0; i < ONION_ANNOUNCE_MAX_ENTRIES; ++i) { for (i = 0; i < ONION_ANNOUNCE_MAX_ENTRIES; ++i) {
if (!is_timeout(onion_a->entries[i].time, ONION_ANNOUNCE_TIMEOUT) if (!is_timeout(onion_a->entries[i].time, ONION_ANNOUNCE_TIMEOUT)
&& memcmp(onion_a->entries[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) && public_key_cmp(onion_a->entries[i].public_key, public_key) == 0)
return i; return i;
} }
@ -316,7 +316,7 @@ static int handle_announce_request(void *object, IP_Port source, const uint8_t *
uint8_t *data_public_key = plain + ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES; uint8_t *data_public_key = plain + ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES;
if (memcmp(ping_id1, plain, ONION_PING_ID_SIZE) == 0 || memcmp(ping_id2, plain, ONION_PING_ID_SIZE) == 0) { if (sodium_memcmp(ping_id1, plain, ONION_PING_ID_SIZE) == 0 || sodium_memcmp(ping_id2, plain, ONION_PING_ID_SIZE) == 0) {
index = add_to_entries(onion_a, source, packet_public_key, data_public_key, index = add_to_entries(onion_a, source, packet_public_key, data_public_key,
packet + (ANNOUNCE_REQUEST_SIZE_RECV - ONION_RETURN_3)); packet + (ANNOUNCE_REQUEST_SIZE_RECV - ONION_RETURN_3));
} else { } else {
@ -336,8 +336,8 @@ static int handle_announce_request(void *object, IP_Port source, const uint8_t *
pl[0] = 0; pl[0] = 0;
memcpy(pl + 1, ping_id2, ONION_PING_ID_SIZE); memcpy(pl + 1, ping_id2, ONION_PING_ID_SIZE);
} else { } else {
if (memcmp(onion_a->entries[index].public_key, packet_public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(onion_a->entries[index].public_key, packet_public_key) == 0) {
if (memcmp(onion_a->entries[index].data_public_key, data_public_key, crypto_box_PUBLICKEYBYTES) != 0) { if (public_key_cmp(onion_a->entries[index].data_public_key, data_public_key) != 0) {
pl[0] = 0; pl[0] = 0;
memcpy(pl + 1, ping_id2, ONION_PING_ID_SIZE); memcpy(pl + 1, ping_id2, ONION_PING_ID_SIZE);
} else { } else {

View File

@ -46,7 +46,7 @@ int onion_add_bs_path_node(Onion_Client *onion_c, IP_Port ip_port, const uint8_t
unsigned int i; unsigned int i;
for (i = 0; i < MAX_PATH_NODES; ++i) { for (i = 0; i < MAX_PATH_NODES; ++i) {
if (memcmp(public_key, onion_c->path_nodes_bs[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(public_key, onion_c->path_nodes_bs[i].public_key) == 0)
return -1; return -1;
} }
@ -76,7 +76,7 @@ static int onion_add_path_node(Onion_Client *onion_c, IP_Port ip_port, const uin
unsigned int i; unsigned int i;
for (i = 0; i < MAX_PATH_NODES; ++i) { for (i = 0; i < MAX_PATH_NODES; ++i) {
if (memcmp(public_key, onion_c->path_nodes[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(public_key, onion_c->path_nodes[i].public_key) == 0)
return -1; return -1;
} }
@ -190,6 +190,7 @@ static int is_path_used(const Onion_Client_Paths *onion_paths, const Node_format
continue; continue;
} }
// TODO: do we really have to check it with the last node?
if (ipport_equal(&onion_paths->paths[i].ip_port1, &nodes[ONION_PATH_LENGTH - 1].ip_port)) { if (ipport_equal(&onion_paths->paths[i].ip_port1, &nodes[ONION_PATH_LENGTH - 1].ip_port)) {
return i; return i;
} }
@ -484,7 +485,7 @@ static int client_add_to_list(Onion_Client *onion_c, uint32_t num, const uint8_t
reference_id = onion_c->c->self_public_key; reference_id = onion_c->c->self_public_key;
list_length = MAX_ONION_CLIENTS_ANNOUNCE; list_length = MAX_ONION_CLIENTS_ANNOUNCE;
if (is_stored == 1 && memcmp(pingid_or_key, onion_c->temp_public_key, crypto_box_PUBLICKEYBYTES) != 0) { if (is_stored == 1 && public_key_cmp(pingid_or_key, onion_c->temp_public_key) != 0) {
is_stored = 0; is_stored = 0;
} }
@ -509,7 +510,7 @@ static int client_add_to_list(Onion_Client *onion_c, uint32_t num, const uint8_t
} }
for (i = 0; i < list_length; ++i) { for (i = 0; i < list_length; ++i) {
if (memcmp(list_nodes[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(list_nodes[i].public_key, public_key) == 0) {
index = i; index = i;
stored = 1; stored = 1;
break; break;
@ -547,7 +548,7 @@ static int good_to_ping(Last_Pinged *last_pinged, uint8_t *last_pinged_index, co
for (i = 0; i < MAX_STORED_PINGED_NODES; ++i) { for (i = 0; i < MAX_STORED_PINGED_NODES; ++i) {
if (!is_timeout(last_pinged[i].timestamp, MIN_NODE_PING_TIME)) if (!is_timeout(last_pinged[i].timestamp, MIN_NODE_PING_TIME))
if (memcmp(last_pinged[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(last_pinged[i].public_key, public_key) == 0)
return 0; return 0;
} }
@ -602,7 +603,7 @@ static int client_ping_nodes(Onion_Client *onion_c, uint32_t num, const Node_for
|| id_closest(reference_id, list_nodes[1].public_key, nodes[i].public_key) == 2 ) { || id_closest(reference_id, list_nodes[1].public_key, nodes[i].public_key) == 2 ) {
/* check if node is already in list. */ /* check if node is already in list. */
for (j = 0; j < list_length; ++j) { for (j = 0; j < list_length; ++j) {
if (memcmp(list_nodes[j].public_key, nodes[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(list_nodes[j].public_key, nodes[i].public_key) == 0) {
break; break;
} }
} }
@ -912,7 +913,7 @@ static int handle_dht_dhtpk(void *object, IP_Port source, const uint8_t *source_
if (len != length - (DATA_IN_RESPONSE_MIN_SIZE + crypto_box_NONCEBYTES)) if (len != length - (DATA_IN_RESPONSE_MIN_SIZE + crypto_box_NONCEBYTES))
return 1; return 1;
if (memcmp(source_pubkey, plain + 1 + sizeof(uint64_t), crypto_box_PUBLICKEYBYTES) != 0) if (public_key_cmp(source_pubkey, plain + 1 + sizeof(uint64_t)) != 0)
return 1; return 1;
return handle_dhtpk_announce(onion_c, packet, plain, len); return handle_dhtpk_announce(onion_c, packet, plain, len);
@ -981,7 +982,7 @@ int onion_friend_num(const Onion_Client *onion_c, const uint8_t *public_key)
if (onion_c->friends_list[i].status == 0) if (onion_c->friends_list[i].status == 0)
continue; continue;
if (memcmp(public_key, onion_c->friends_list[i].real_public_key, crypto_box_PUBLICKEYBYTES) == 0) if (public_key_cmp(public_key, onion_c->friends_list[i].real_public_key) == 0)
return i; return i;
} }
@ -1059,7 +1060,7 @@ int onion_delfriend(Onion_Client *onion_c, int friend_num)
//if (onion_c->friends_list[friend_num].know_dht_public_key) //if (onion_c->friends_list[friend_num].know_dht_public_key)
// DHT_delfriend(onion_c->dht, onion_c->friends_list[friend_num].dht_public_key, 0); // DHT_delfriend(onion_c->dht, onion_c->friends_list[friend_num].dht_public_key, 0);
memset(&(onion_c->friends_list[friend_num]), 0, sizeof(Onion_Friend)); sodium_memzero(&(onion_c->friends_list[friend_num]), sizeof(Onion_Friend));
unsigned int i; unsigned int i;
for (i = onion_c->num_friends; i != 0; --i) { for (i = onion_c->num_friends; i != 0; --i) {
@ -1129,7 +1130,7 @@ int onion_set_friend_DHT_pubkey(Onion_Client *onion_c, int friend_num, const uin
return -1; return -1;
if (onion_c->friends_list[friend_num].know_dht_public_key) { if (onion_c->friends_list[friend_num].know_dht_public_key) {
if (memcmp(dht_key, onion_c->friends_list[friend_num].dht_public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(dht_key, onion_c->friends_list[friend_num].dht_public_key) == 0) {
return -1; return -1;
} }
@ -1522,7 +1523,7 @@ void kill_onion_client(Onion_Client *onion_c)
oniondata_registerhandler(onion_c, ONION_DATA_DHTPK, NULL, NULL); oniondata_registerhandler(onion_c, ONION_DATA_DHTPK, NULL, NULL);
cryptopacket_registerhandler(onion_c->dht, CRYPTO_PACKET_DHTPK, NULL, NULL); cryptopacket_registerhandler(onion_c->dht, CRYPTO_PACKET_DHTPK, NULL, NULL);
set_onion_packet_tcp_connection_callback(onion_c->c->tcp_c, NULL, NULL); set_onion_packet_tcp_connection_callback(onion_c->c->tcp_c, NULL, NULL);
memset(onion_c, 0, sizeof(Onion_Client)); sodium_memzero(onion_c, sizeof(Onion_Client));
free(onion_c); free(onion_c);
} }

View File

@ -284,7 +284,7 @@ int add_to_ping(PING *ping, const uint8_t *public_key, IP_Port ip_port)
return 0; return 0;
} }
if (memcmp(ping->to_ping[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { if (public_key_cmp(ping->to_ping[i].public_key, public_key) == 0) {
return -1; return -1;
} }
} }

View File

@ -153,7 +153,7 @@ Tox *tox_new(const struct Tox_Options *options, TOX_ERR_NEW *error)
return NULL; return NULL;
} }
if (memcmp(options->savedata_data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) { if (sodium_memcmp(options->savedata_data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) {
SET_ERROR_PARAMETER(error, TOX_ERR_NEW_LOAD_ENCRYPTED); SET_ERROR_PARAMETER(error, TOX_ERR_NEW_LOAD_ENCRYPTED);
return NULL; return NULL;
} }

View File

@ -60,7 +60,7 @@ int is_timeout(uint64_t timestamp, uint64_t timeout)
/* id functions */ /* id functions */
bool id_equal(const uint8_t *dest, const uint8_t *src) bool id_equal(const uint8_t *dest, const uint8_t *src)
{ {
return memcmp(dest, src, crypto_box_PUBLICKEYBYTES) == 0; return public_key_cmp(dest, src) == 0;
} }
uint32_t id_copy(uint8_t *dest, const uint8_t *src) uint32_t id_copy(uint8_t *dest, const uint8_t *src)