mirror of
https://github.com/irungentoo/toxcore.git
synced 2024-03-22 13:30:51 +08:00
Some small DHT CPU optimizations.
Only compute the shared key once instead of twice for received DHT requests/responses.
This commit is contained in:
parent
16b93e823b
commit
de69dcef24
|
@ -844,7 +844,8 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
|
|||
/* because of BINARY compatibility, the Node_format MUST BE Node4_format,
|
||||
* IPv6 nodes are sent in a different message
|
||||
* encrypted_data must be of size NODES_ENCRYPTED_MESSAGE_LENGTH */
|
||||
static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data)
|
||||
static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data,
|
||||
uint8_t *shared_encryption_key)
|
||||
{
|
||||
/* Check if packet is going to be sent to ourself. */
|
||||
if (id_equal(public_key, dht->self_public_key))
|
||||
|
@ -891,12 +892,11 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
|
|||
}
|
||||
|
||||
memcpy(plain + num_nodes * Node4_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
|
||||
int len = encrypt_data( public_key,
|
||||
dht->self_secret_key,
|
||||
nonce,
|
||||
plain,
|
||||
num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
||||
encrypt );
|
||||
int len = encrypt_data_fast( shared_encryption_key,
|
||||
nonce,
|
||||
plain,
|
||||
num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
||||
encrypt );
|
||||
|
||||
if ((unsigned int)len != num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH +
|
||||
crypto_box_MACBYTES)
|
||||
|
@ -930,7 +930,8 @@ void to_host_family(IP *ip)
|
|||
ip->family = AF_INET6;
|
||||
}
|
||||
/* Send a send nodes response: message for IPv6 nodes */
|
||||
static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data)
|
||||
static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data,
|
||||
uint8_t *shared_encryption_key)
|
||||
{
|
||||
/* Check if packet is going to be sent to ourself. */
|
||||
if (id_equal(public_key, dht->self_public_key))
|
||||
|
@ -958,12 +959,11 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
|
|||
|
||||
memcpy(plain, nodes_list, num_nodes * Node_format_size);
|
||||
memcpy(plain + num_nodes * Node_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
|
||||
int len = encrypt_data( public_key,
|
||||
dht->self_secret_key,
|
||||
nonce,
|
||||
plain,
|
||||
num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
||||
encrypt );
|
||||
int len = encrypt_data_fast( shared_encryption_key,
|
||||
nonce,
|
||||
plain,
|
||||
num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
|
||||
encrypt );
|
||||
|
||||
if ((unsigned int)len != num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES)
|
||||
return -1;
|
||||
|
@ -989,20 +989,21 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
|
|||
return 1;
|
||||
|
||||
uint8_t plain[CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH];
|
||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||
|
||||
int len = decrypt_data( packet + 1,
|
||||
dht->self_secret_key,
|
||||
packet + 1 + CLIENT_ID_SIZE,
|
||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
|
||||
plain );
|
||||
encrypt_precompute(packet + 1, dht->self_secret_key, shared_key);
|
||||
int len = decrypt_data_fast( shared_key,
|
||||
packet + 1 + CLIENT_ID_SIZE,
|
||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
|
||||
plain );
|
||||
|
||||
if (len != CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH)
|
||||
return 1;
|
||||
|
||||
sendnodes(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE);
|
||||
sendnodes(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE, shared_key);
|
||||
sendnodes_ipv6(dht, source, packet + 1, plain,
|
||||
plain + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */
|
||||
plain + CLIENT_ID_SIZE, shared_key); /* TODO: prevent possible amplification attacks */
|
||||
|
||||
add_toping(dht->ping, packet + 1, source);
|
||||
//send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */
|
||||
|
|
|
@ -171,7 +171,8 @@ int send_ping_request(PING *ping, IP_Port ipp, uint8_t *client_id)
|
|||
return sendpacket(ping->dht->net, ipp, pk, sizeof(pk));
|
||||
}
|
||||
|
||||
static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint64_t ping_id)
|
||||
static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint64_t ping_id,
|
||||
uint8_t *shared_encryption_key)
|
||||
{
|
||||
uint8_t pk[DHT_PING_SIZE];
|
||||
int rc;
|
||||
|
@ -184,11 +185,10 @@ static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint6
|
|||
new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
|
||||
|
||||
// Encrypt ping_id using recipient privkey
|
||||
rc = encrypt_data(client_id,
|
||||
ping->dht->self_secret_key,
|
||||
pk + 1 + CLIENT_ID_SIZE,
|
||||
(uint8_t *) &ping_id, sizeof(ping_id),
|
||||
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
|
||||
rc = encrypt_data_fast(shared_encryption_key,
|
||||
pk + 1 + CLIENT_ID_SIZE,
|
||||
(uint8_t *) &ping_id, sizeof(ping_id),
|
||||
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
|
||||
|
||||
if (rc != sizeof(ping_id) + crypto_box_MACBYTES)
|
||||
return 1;
|
||||
|
@ -210,19 +210,21 @@ static int handle_ping_request(void *_dht, IP_Port source, uint8_t *packet, uint
|
|||
if (id_equal(packet + 1, ping->dht->self_public_key))
|
||||
return 1;
|
||||
|
||||
uint8_t shared_key[crypto_box_BEFORENMBYTES];
|
||||
|
||||
// Decrypt ping_id
|
||||
rc = decrypt_data(packet + 1,
|
||||
ping->dht->self_secret_key,
|
||||
packet + 1 + CLIENT_ID_SIZE,
|
||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||
sizeof(ping_id) + crypto_box_MACBYTES,
|
||||
(uint8_t *) &ping_id);
|
||||
encrypt_precompute(packet + 1, ping->dht->self_secret_key, shared_key);
|
||||
rc = decrypt_data_fast(shared_key,
|
||||
packet + 1 + CLIENT_ID_SIZE,
|
||||
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
|
||||
sizeof(ping_id) + crypto_box_MACBYTES,
|
||||
(uint8_t *) &ping_id );
|
||||
|
||||
if (rc != sizeof(ping_id))
|
||||
return 1;
|
||||
|
||||
// Send response
|
||||
send_ping_response(ping, source, packet + 1, ping_id);
|
||||
send_ping_response(ping, source, packet + 1, ping_id, shared_key);
|
||||
add_toping(ping, packet + 1, source);
|
||||
|
||||
return 0;
|
||||
|
|
Loading…
Reference in New Issue
Block a user