diff --git a/auto_tests/TCP_test.c b/auto_tests/TCP_test.c index 0cf063f1..ba1d5232 100644 --- a/auto_tests/TCP_test.c +++ b/auto_tests/TCP_test.c @@ -117,7 +117,7 @@ START_TEST(test_basic) increment_nonce(f_nonce_r); ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]); ck_assert_msg(packet_resp_plain[1] == 0, "connection not refused %u", packet_resp_plain[1]); - ck_assert_msg(memcmp(packet_resp_plain + 2, f_public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); + ck_assert_msg(public_key_cmp(packet_resp_plain + 2, f_public_key) == 0, "key in packet wrong"); kill_TCP_server(tcp_s); } END_TEST @@ -235,12 +235,12 @@ START_TEST(test_some) ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len); ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]); ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]); - ck_assert_msg(memcmp(data + 2, con3->public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); + ck_assert_msg(public_key_cmp(data + 2, con3->public_key) == 0, "key in packet wrong"); len = read_packet_sec_TCP(con3, data, 2 + 1 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES); ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len); ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]); ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]); - ck_assert_msg(memcmp(data + 2, con1->public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); + ck_assert_msg(public_key_cmp(data + 2, con1->public_key) == 0, "key in packet wrong"); uint8_t test_packet[512] = {16, 17, 16, 86, 99, 127, 255, 189, 78}; write_packet_TCP_secure_connection(con3, test_packet, sizeof(test_packet)); @@ -363,7 +363,7 @@ static int oob_data_callback(void *object, const uint8_t *public_key, const uint if (length != 5) return 1; - if (memcmp(public_key, oob_pubkey, crypto_box_PUBLICKEYBYTES) != 0) + if (public_key_cmp(public_key, oob_pubkey) != 0) return 1; if (data[0] == 1 && data[1] == 2 && data[2] == 3 && data[3] == 4 && data[4] == 5) { @@ -447,7 +447,7 @@ START_TEST(test_client) do_TCP_connection(conn2); ck_assert_msg(oob_data_callback_good == 1, "oob callback not called"); ck_assert_msg(response_callback_good == 1, "response callback not called"); - ck_assert_msg(memcmp(response_callback_public_key, f2_public_key, crypto_box_PUBLICKEYBYTES) == 0, "wrong public key"); + ck_assert_msg(public_key_cmp(response_callback_public_key, f2_public_key) == 0, "wrong public key"); ck_assert_msg(status_callback_good == 1, "status callback not called"); ck_assert_msg(status_callback_status == 2, "wrong status"); ck_assert_msg(status_callback_connection_id == response_callback_connection_id, "connection ids not equal"); @@ -538,17 +538,17 @@ START_TEST(test_tcp_connection) uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; crypto_box_keypair(self_public_key, self_secret_key); TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_secret_key, NULL); - ck_assert_msg(memcmp(tcp_s->public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); + ck_assert_msg(public_key_cmp(tcp_s->public_key, self_public_key) == 0, "Wrong public key"); TCP_Proxy_Info proxy_info; proxy_info.proxy_type = TCP_PROXY_NONE; crypto_box_keypair(self_public_key, self_secret_key); TCP_Connections *tc_1 = new_tcp_connections(self_secret_key, &proxy_info); - ck_assert_msg(memcmp(tc_1->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); + ck_assert_msg(public_key_cmp(tc_1->self_public_key, self_public_key) == 0, "Wrong public key"); crypto_box_keypair(self_public_key, self_secret_key); TCP_Connections *tc_2 = new_tcp_connections(self_secret_key, &proxy_info); - ck_assert_msg(memcmp(tc_2->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); + ck_assert_msg(public_key_cmp(tc_2->self_public_key, self_public_key) == 0, "Wrong public key"); IP_Port ip_port_tcp_s; @@ -641,17 +641,17 @@ START_TEST(test_tcp_connection2) uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; crypto_box_keypair(self_public_key, self_secret_key); TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_secret_key, NULL); - ck_assert_msg(memcmp(tcp_s->public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); + ck_assert_msg(public_key_cmp(tcp_s->public_key, self_public_key) == 0, "Wrong public key"); TCP_Proxy_Info proxy_info; proxy_info.proxy_type = TCP_PROXY_NONE; crypto_box_keypair(self_public_key, self_secret_key); TCP_Connections *tc_1 = new_tcp_connections(self_secret_key, &proxy_info); - ck_assert_msg(memcmp(tc_1->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); + ck_assert_msg(public_key_cmp(tc_1->self_public_key, self_public_key) == 0, "Wrong public key"); crypto_box_keypair(self_public_key, self_secret_key); TCP_Connections *tc_2 = new_tcp_connections(self_secret_key, &proxy_info); - ck_assert_msg(memcmp(tc_2->self_public_key, self_public_key, crypto_box_PUBLICKEYBYTES) == 0, "Wrong public key"); + ck_assert_msg(public_key_cmp(tc_2->self_public_key, self_public_key) == 0, "Wrong public key"); IP_Port ip_port_tcp_s; diff --git a/testing/DHT_test.c b/testing/DHT_test.c index d07e3959..1078ce6f 100644 --- a/testing/DHT_test.c +++ b/testing/DHT_test.c @@ -108,7 +108,7 @@ void print_clientlist(DHT *dht) for (i = 0; i < LCLIENT_LIST; i++) { Client_data *client = &dht->close_clientlist[i]; - if (memcmp(client->public_key, zeroes_cid, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(client->public_key, zeroes_cid) == 0) continue; printf("ClientID: "); @@ -139,7 +139,7 @@ void print_friendlist(DHT *dht) for (i = 0; i < MAX_FRIEND_CLIENTS; i++) { Client_data *client = &dht->friends_list[k].client_list[i]; - if (memcmp(client->public_key, zeroes_cid, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(client->public_key, zeroes_cid) == 0) continue; printf("ClientID: "); diff --git a/toxcore/DHT.c b/toxcore/DHT.c index 052b74ff..51f1e5ba 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c @@ -126,7 +126,7 @@ void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, const uint8_t int index = public_key[30] * MAX_KEYS_PER_SLOT + i; if (shared_keys->keys[index].stored) { - if (memcmp(public_key, shared_keys->keys[index].public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(public_key, shared_keys->keys[index].public_key) == 0) { memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES); ++shared_keys->keys[index].times_requested; shared_keys->keys[index].time_last_requested = unix_time(); @@ -844,7 +844,7 @@ static _Bool is_pk_in_client_list(Client_data *list, unsigned int client_list_le for (i = 0; i < client_list_length; ++i) { if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT)) || (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) { - if (memcmp(list[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(list[i].public_key, public_key) == 0) { return 1; } } @@ -944,7 +944,7 @@ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key) DHT_Friend *friend = &dht->friends_list[i]; - if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(public_key, friend->public_key) == 0) { friend_foundip = friend; } @@ -953,7 +953,7 @@ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key) } else { DHT_Friend *friend = &dht->friends_list[i]; - if (memcmp(public_key, friend->public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(public_key, friend->public_key) == 0) { friend_foundip = friend; } @@ -1212,7 +1212,7 @@ static uint8_t sent_getnode_to_node(DHT *dht, const uint8_t *public_key, IP_Port Node_format test; memcpy(&test, data, sizeof(Node_format)); - if (!ipport_equal(&test.ip_port, &node_ip_port) || memcmp(test.public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0) + if (!ipport_equal(&test.ip_port, &node_ip_port) || public_key_cmp(test.public_key, public_key) != 0) return 0; return 1; @@ -2081,7 +2081,7 @@ static IPPTsPng *get_closelist_IPPTsPng(DHT *dht, const uint8_t *public_key, sa_ uint32_t i; for (i = 0; i < LCLIENT_LIST; ++i) { - if (memcmp(dht->close_clientlist[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) != 0) + if (public_key_cmp(dht->close_clientlist[i].public_key, public_key) != 0) continue; if (sa_family == AF_INET) @@ -2178,7 +2178,7 @@ static int handle_hardening(void *object, IP_Port source, const uint8_t *source_ if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL)) return 1; - if (memcmp(temp->hardening.send_nodes_pingedid, source_pubkey, crypto_box_PUBLICKEYBYTES) != 0) + if (public_key_cmp(temp->hardening.send_nodes_pingedid, source_pubkey) != 0) return 1; /* If Nodes look good and the request checks out */ @@ -2351,7 +2351,7 @@ static int cryptopacket_handle(void *object, IP_Port source, const uint8_t *pack length > MAX_CRYPTO_REQUEST_SIZE + crypto_box_MACBYTES) return 1; - if (memcmp(packet + 1, dht->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { // Check if request is for us. + if (public_key_cmp(packet + 1, dht->self_public_key) == 0) { // Check if request is for us. uint8_t public_key[crypto_box_PUBLICKEYBYTES]; uint8_t data[MAX_CRYPTO_REQUEST_SIZE]; uint8_t number; diff --git a/toxcore/Messenger.c b/toxcore/Messenger.c index 6d45077a..34296c24 100644 --- a/toxcore/Messenger.c +++ b/toxcore/Messenger.c @@ -2660,7 +2660,7 @@ static int messenger_load_state_callback(void *outer, const uint8_t *data, uint3 set_nospam(&(m->fr), *(uint32_t *)data); load_secret_key(m->net_crypto, (&data[sizeof(uint32_t)]) + crypto_box_PUBLICKEYBYTES); - if (memcmp((&data[sizeof(uint32_t)]), m->net_crypto->self_public_key, crypto_box_PUBLICKEYBYTES) != 0) { + if (public_key_cmp((&data[sizeof(uint32_t)]), m->net_crypto->self_public_key) != 0) { return -1; } } else diff --git a/toxcore/TCP_connection.c b/toxcore/TCP_connection.c index 5f38b5dd..027779dd 100644 --- a/toxcore/TCP_connection.c +++ b/toxcore/TCP_connection.c @@ -384,7 +384,7 @@ static int find_tcp_connection_to(TCP_Connections *tcp_c, const uint8_t *public_ TCP_Connection_to *con_to = get_connection(tcp_c, i); if (con_to) { - if (memcmp(con_to->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(con_to->public_key, public_key) == 0) { return i; } } @@ -407,11 +407,11 @@ static int find_tcp_connection_relay(TCP_Connections *tcp_c, const uint8_t *rela if (tcp_con) { if (tcp_con->status == TCP_CONN_SLEEPING) { - if (memcmp(tcp_con->relay_pk, relay_pk, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(tcp_con->relay_pk, relay_pk) == 0) { return i; } } else { - if (memcmp(tcp_con->connection->public_key, relay_pk, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(tcp_con->connection->public_key, relay_pk) == 0) { return i; } } diff --git a/toxcore/TCP_server.c b/toxcore/TCP_server.c index cf997d34..79f59acd 100644 --- a/toxcore/TCP_server.c +++ b/toxcore/TCP_server.c @@ -583,7 +583,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, const TCP_Secure_Connection *con = &TCP_server->accepted_connection_array[con_id]; /* If person tries to cennect to himself we deny the request*/ - if (memcmp(con->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(con->public_key, public_key) == 0) { if (send_routing_response(con, 0, public_key) == -1) return -1; @@ -592,7 +592,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, const for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) { if (con->connections[i].status != 0) { - if (memcmp(public_key, con->connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(public_key, con->connections[i].public_key) == 0) { if (send_routing_response(con, i + NUM_RESERVED_PORTS, public_key) == -1) { return -1; } else { @@ -629,7 +629,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, const for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) { if (other_conn->connections[i].status == 1 - && memcmp(other_conn->connections[i].public_key, con->public_key, crypto_box_PUBLICKEYBYTES) == 0) { + && public_key_cmp(other_conn->connections[i].public_key, con->public_key) == 0) { other_id = i; break; } diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c index d1549b2a..679ba669 100644 --- a/toxcore/crypto_core.c +++ b/toxcore/crypto_core.c @@ -84,7 +84,7 @@ void encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, ui int encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, uint32_t length, uint8_t *encrypted) { - if (length == 0) + if (length == 0 || !secret_key || !nonce || !plain || !encrypted) return -1; uint8_t temp_plain[length + crypto_box_ZEROBYTES]; @@ -104,7 +104,7 @@ int encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, cons int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, uint32_t length, uint8_t *plain) { - if (length <= crypto_box_BOXZEROBYTES) + if (length <= crypto_box_BOXZEROBYTES || !secret_key || !nonce || !encrypted || !plain) return -1; uint8_t temp_plain[length + crypto_box_ZEROBYTES]; @@ -123,53 +123,70 @@ int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, cons int encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, uint32_t length, uint8_t *encrypted) { + if (!public_key || !secret_key) + return -1; + uint8_t k[crypto_box_BEFORENMBYTES]; encrypt_precompute(public_key, secret_key, k); - return encrypt_data_symmetric(k, nonce, plain, length, encrypted); + int ret = encrypt_data_symmetric(k, nonce, plain, length, encrypted); + sodium_memzero(k, sizeof k); + return ret; } int decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, uint32_t length, uint8_t *plain) { + if (!public_key || !secret_key) + return -1; + uint8_t k[crypto_box_BEFORENMBYTES]; encrypt_precompute(public_key, secret_key, k); - return decrypt_data_symmetric(k, nonce, encrypted, length, plain); + int ret = decrypt_data_symmetric(k, nonce, encrypted, length, plain); + sodium_memzero(k, sizeof k); + return ret; } /* Increment the given nonce by 1. */ void increment_nonce(uint8_t *nonce) { - uint32_t i; - - for (i = crypto_box_NONCEBYTES; i != 0; --i) { - ++nonce[i - 1]; - - if (nonce[i - 1] != 0) - break; + /* FIXME use increment_nonce_number(nonce, 1) or sodium_increment (change to little endian) + * NOTE don't use breaks inside this loop + * In particular, make sure, as far as possible, + * that loop bounds and their potential underflow or overflow + * are independent of user-controlled input (you may have heard of the Heartbleed bug). + */ + uint32_t i = crypto_box_NONCEBYTES; + uint_fast16_t carry = 1U; + for (; i != 0; --i) { + carry += (uint_fast16_t) nonce[i - 1]; + nonce[i - 1] = (uint8_t) carry; + carry >>= 8; } } /* increment the given nonce by num */ -void increment_nonce_number(uint8_t *nonce, uint32_t num) +void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num) { - uint32_t num1, num2; - memcpy(&num1, nonce + (crypto_box_NONCEBYTES - sizeof(num1)), sizeof(num1)); - num1 = ntohl(num1); - num2 = num + num1; + /* NOTE don't use breaks inside this loop + * In particular, make sure, as far as possible, + * that loop bounds and their potential underflow or overflow + * are independent of user-controlled input (you may have heard of the Heartbleed bug). + */ + const uint32_t big_endian_num = htonl(host_order_num); + const uint8_t* const num_vec = (const uint8_t*) &big_endian_num; + uint8_t num_as_nonce[crypto_box_NONCEBYTES] = {0}; + num_as_nonce[crypto_box_NONCEBYTES - 4] = num_vec[0]; + num_as_nonce[crypto_box_NONCEBYTES - 3] = num_vec[1]; + num_as_nonce[crypto_box_NONCEBYTES - 2] = num_vec[2]; + num_as_nonce[crypto_box_NONCEBYTES - 1] = num_vec[3]; - if (num2 < num1) { - uint32_t i; - - for (i = crypto_box_NONCEBYTES - sizeof(num1); i != 0; --i) { - ++nonce[i - 1]; - - if (nonce[i - 1] != 0) - break; - } + uint32_t i = crypto_box_NONCEBYTES; + uint_fast16_t carry = 0U; + for (; i != 0; --i) { + carry += (uint_fast16_t) nonce[i] + (uint_fast16_t) num_as_nonce[i]; + nonce[i] = (unsigned char) carry; + carry >>= 8; } - - num2 = htonl(num2); - memcpy(nonce + (crypto_box_NONCEBYTES - sizeof(num2)), &num2, sizeof(num2)); } /* Fill the given nonce with random bytes. */ @@ -203,15 +220,18 @@ void new_nonce(uint8_t *nonce) int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_key, uint8_t *packet, const uint8_t *recv_public_key, const uint8_t *data, uint32_t length, uint8_t request_id) { + if (!send_public_key || !packet || !recv_public_key || !data) + return -1; + if (MAX_CRYPTO_REQUEST_SIZE < length + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + crypto_box_MACBYTES) return -1; - uint8_t nonce[crypto_box_NONCEBYTES]; - uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; + uint8_t* nonce = packet + 1 + crypto_box_PUBLICKEYBYTES * 2; + new_nonce(nonce); + uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; // FIXME sodium_memzero before exit function memcpy(temp + 1, data, length); temp[0] = request_id; - new_nonce(nonce); int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + packet); @@ -221,7 +241,6 @@ int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_ke packet[0] = NET_PACKET_CRYPTO; memcpy(packet + 1, recv_public_key, crypto_box_PUBLICKEYBYTES); memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES, send_public_key, crypto_box_PUBLICKEYBYTES); - memcpy(packet + 1 + crypto_box_PUBLICKEYBYTES * 2, nonce, crypto_box_NONCEBYTES); return len + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES; } @@ -235,17 +254,19 @@ int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_ke int handle_request(const uint8_t *self_public_key, const uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data, uint8_t *request_id, const uint8_t *packet, uint16_t length) { + if (!self_public_key || !public_key || !data || !request_id || !packet) + return -1; + if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + crypto_box_MACBYTES || length > MAX_CRYPTO_REQUEST_SIZE) return -1; - if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) != 0) + if (public_key_cmp(packet + 1, self_public_key) != 0) return -1; memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); - uint8_t nonce[crypto_box_NONCEBYTES]; - uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; - memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); + const uint8_t* nonce = packet + 1 + crypto_box_PUBLICKEYBYTES * 2; + uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; // FIXME sodium_memzero before exit function int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp); diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h index eefb1d90..41a5a045 100644 --- a/toxcore/crypto_core.h +++ b/toxcore/crypto_core.h @@ -108,7 +108,7 @@ int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, cons void increment_nonce(uint8_t *nonce); /* increment the given nonce by num */ -void increment_nonce_number(uint8_t *nonce, uint32_t num); +void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num); /* Fill the given nonce with random bytes. */ void random_nonce(uint8_t *nonce); diff --git a/toxcore/friend_connection.c b/toxcore/friend_connection.c index 04deaf81..e7c8432b 100644 --- a/toxcore/friend_connection.c +++ b/toxcore/friend_connection.c @@ -138,7 +138,7 @@ int getfriend_conn_id_pk(Friend_Connections *fr_c, const uint8_t *real_pk) Friend_Conn *friend_con = get_conn(fr_c, i); if (friend_con) { - if (memcmp(friend_con->real_public_key, real_pk, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(friend_con->real_public_key, real_pk) == 0) return i; } } @@ -159,7 +159,7 @@ int friend_add_tcp_relay(Friend_Connections *fr_c, int friendcon_id, IP_Port ip_ return -1; /* Local ip and same pk means that they are hosting a TCP relay. */ - if (Local_ip(ip_port.ip) && memcmp(friend_con->dht_temp_pk, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (Local_ip(ip_port.ip) && public_key_cmp(friend_con->dht_temp_pk, public_key) == 0) { if (friend_con->dht_ip_port.ip.family != 0) { ip_port.ip = friend_con->dht_ip_port.ip; } else { @@ -173,7 +173,7 @@ int friend_add_tcp_relay(Friend_Connections *fr_c, int friendcon_id, IP_Port ip_ for (i = 0; i < FRIEND_MAX_STORED_TCP_RELAYS; ++i) { if (friend_con->tcp_relays[i].ip_port.ip.family != 0 - && memcmp(friend_con->tcp_relays[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + && public_key_cmp(friend_con->tcp_relays[i].public_key, public_key) == 0) { memset(&friend_con->tcp_relays[i], 0, sizeof(Node_format)); } } @@ -356,7 +356,7 @@ static void dht_pk_callback(void *object, int32_t number, const uint8_t *dht_pub if (!friend_con) return; - if (memcmp(friend_con->dht_temp_pk, dht_public_key, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(friend_con->dht_temp_pk, dht_public_key) == 0) return; change_dht_pk(fr_c, number, dht_public_key); @@ -479,7 +479,7 @@ static int handle_new_connections(void *object, New_Connection *n_c) friend_con->dht_ip_port_lastrecv = unix_time(); } - if (memcmp(friend_con->dht_temp_pk, n_c->dht_public_key, crypto_box_PUBLICKEYBYTES) != 0) { + if (public_key_cmp(friend_con->dht_temp_pk, n_c->dht_public_key) != 0) { change_dht_pk(fr_c, friendcon_id, n_c->dht_public_key); } diff --git a/toxcore/group.c b/toxcore/group.c index 2eadaf74..1d733479 100644 --- a/toxcore/group.c +++ b/toxcore/group.c @@ -162,7 +162,7 @@ static int get_group_num(const Group_Chats *g_c, const uint8_t *identifier) uint32_t i; for (i = 0; i < g_c->num_chats; ++i) - if (memcmp(g_c->chats[i].identifier, identifier, GROUP_IDENTIFIER_LENGTH) == 0) + if (sodium_memcmp(g_c->chats[i].identifier, identifier, GROUP_IDENTIFIER_LENGTH) == 0) return i; return -1; @@ -218,14 +218,14 @@ static int add_to_closest(Group_Chats *g_c, int groupnumber, const uint8_t *real if (!g) return -1; - if (memcmp(g->real_pk, real_pk, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(g->real_pk, real_pk) == 0) return -1; unsigned int i; unsigned int index = DESIRED_CLOSE_CONNECTIONS; for (i = 0; i < DESIRED_CLOSE_CONNECTIONS; ++i) { - if (g->closest_peers[i].entry && memcmp(real_pk, g->closest_peers[i].real_pk, crypto_box_PUBLICKEYBYTES) == 0) { + if (g->closest_peers[i].entry && public_key_cmp(real_pk, g->closest_peers[i].real_pk) == 0) { return 0; } } @@ -299,7 +299,7 @@ static unsigned int pk_in_closest_peers(Group_c *g, uint8_t *real_pk) if (!g->closest_peers[i].entry) continue; - if (memcmp(g->closest_peers[i].real_pk, real_pk, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(g->closest_peers[i].real_pk, real_pk) == 0) return 1; } @@ -1277,7 +1277,7 @@ static void handle_friend_invite_packet(Messenger *m, uint32_t friendnumber, con if (!g) return; - if (memcmp(data + 1 + sizeof(uint16_t) * 2, g->identifier, GROUP_IDENTIFIER_LENGTH) != 0) + if (sodium_memcmp(data + 1 + sizeof(uint16_t) * 2, g->identifier, GROUP_IDENTIFIER_LENGTH) != 0) return; uint16_t peer_number = rand(); /* TODO: what if two people enter the group at the same time and @@ -1525,7 +1525,7 @@ static int handle_send_peers(Group_Chats *g_c, int groupnumber, const uint8_t *d return -1; if (g->status == GROUPCHAT_STATUS_VALID - && memcmp(d, g_c->m->net_crypto->self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { + && public_key_cmp(d, g_c->m->net_crypto->self_public_key) == 0) { g->peer_number = peer_num; g->status = GROUPCHAT_STATUS_CONNECTED; group_name_send(g_c, groupnumber, g_c->m->name, g_c->m->name_length); diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index 8e53143f..1d6fa02e 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c @@ -244,7 +244,7 @@ static int tcp_oob_handle_cookie_request(const Net_Crypto *c, unsigned int tcp_c if (handle_cookie_request(c, request_plain, shared_key, dht_public_key_temp, packet, length) != 0) return -1; - if (memcmp(dht_public_key, dht_public_key_temp, crypto_box_PUBLICKEYBYTES) != 0) + if (public_key_cmp(dht_public_key, dht_public_key_temp) != 0) return -1; uint8_t data[COOKIE_RESPONSE_LENGTH]; @@ -363,7 +363,7 @@ static int handle_crypto_handshake(const Net_Crypto *c, uint8_t *nonce, uint8_t if (len != sizeof(plain)) return -1; - if (memcmp(cookie_hash, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, crypto_hash_sha512_BYTES) != 0) + if (sodium_memcmp(cookie_hash, plain + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, crypto_hash_sha512_BYTES) != 0) return -1; memcpy(nonce, plain, crypto_box_NONCEBYTES); @@ -1548,7 +1548,7 @@ static int getcryptconnection_id(const Net_Crypto *c, const uint8_t *public_key) for (i = 0; i < c->crypto_connections_length; ++i) { if (c->crypto_connections[i].status != CRYPTO_CONN_NO_CONNECTION) - if (memcmp(public_key, c->crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(public_key, c->crypto_connections[i].public_key) == 0) return i; } diff --git a/toxcore/onion_announce.c b/toxcore/onion_announce.c index 25f3e0f8..82c3dc96 100644 --- a/toxcore/onion_announce.c +++ b/toxcore/onion_announce.c @@ -211,7 +211,7 @@ static int in_entries(const Onion_Announce *onion_a, const uint8_t *public_key) for (i = 0; i < ONION_ANNOUNCE_MAX_ENTRIES; ++i) { if (!is_timeout(onion_a->entries[i].time, ONION_ANNOUNCE_TIMEOUT) - && memcmp(onion_a->entries[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) + && public_key_cmp(onion_a->entries[i].public_key, public_key) == 0) return i; } @@ -316,7 +316,7 @@ static int handle_announce_request(void *object, IP_Port source, const uint8_t * uint8_t *data_public_key = plain + ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES; - if (memcmp(ping_id1, plain, ONION_PING_ID_SIZE) == 0 || memcmp(ping_id2, plain, ONION_PING_ID_SIZE) == 0) { + if (sodium_memcmp(ping_id1, plain, ONION_PING_ID_SIZE) == 0 || sodium_memcmp(ping_id2, plain, ONION_PING_ID_SIZE) == 0) { index = add_to_entries(onion_a, source, packet_public_key, data_public_key, packet + (ANNOUNCE_REQUEST_SIZE_RECV - ONION_RETURN_3)); } else { @@ -336,8 +336,8 @@ static int handle_announce_request(void *object, IP_Port source, const uint8_t * pl[0] = 0; memcpy(pl + 1, ping_id2, ONION_PING_ID_SIZE); } else { - if (memcmp(onion_a->entries[index].public_key, packet_public_key, crypto_box_PUBLICKEYBYTES) == 0) { - if (memcmp(onion_a->entries[index].data_public_key, data_public_key, crypto_box_PUBLICKEYBYTES) != 0) { + if (public_key_cmp(onion_a->entries[index].public_key, packet_public_key) == 0) { + if (public_key_cmp(onion_a->entries[index].data_public_key, data_public_key) != 0) { pl[0] = 0; memcpy(pl + 1, ping_id2, ONION_PING_ID_SIZE); } else { diff --git a/toxcore/onion_client.c b/toxcore/onion_client.c index d6d078e1..41efc363 100644 --- a/toxcore/onion_client.c +++ b/toxcore/onion_client.c @@ -46,7 +46,7 @@ int onion_add_bs_path_node(Onion_Client *onion_c, IP_Port ip_port, const uint8_t unsigned int i; for (i = 0; i < MAX_PATH_NODES; ++i) { - if (memcmp(public_key, onion_c->path_nodes_bs[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(public_key, onion_c->path_nodes_bs[i].public_key) == 0) return -1; } @@ -76,7 +76,7 @@ static int onion_add_path_node(Onion_Client *onion_c, IP_Port ip_port, const uin unsigned int i; for (i = 0; i < MAX_PATH_NODES; ++i) { - if (memcmp(public_key, onion_c->path_nodes[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(public_key, onion_c->path_nodes[i].public_key) == 0) return -1; } @@ -484,7 +484,7 @@ static int client_add_to_list(Onion_Client *onion_c, uint32_t num, const uint8_t reference_id = onion_c->c->self_public_key; list_length = MAX_ONION_CLIENTS_ANNOUNCE; - if (is_stored == 1 && memcmp(pingid_or_key, onion_c->temp_public_key, crypto_box_PUBLICKEYBYTES) != 0) { + if (is_stored == 1 && public_key_cmp(pingid_or_key, onion_c->temp_public_key) != 0) { is_stored = 0; } @@ -509,7 +509,7 @@ static int client_add_to_list(Onion_Client *onion_c, uint32_t num, const uint8_t } for (i = 0; i < list_length; ++i) { - if (memcmp(list_nodes[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(list_nodes[i].public_key, public_key) == 0) { index = i; stored = 1; break; @@ -547,7 +547,7 @@ static int good_to_ping(Last_Pinged *last_pinged, uint8_t *last_pinged_index, co for (i = 0; i < MAX_STORED_PINGED_NODES; ++i) { if (!is_timeout(last_pinged[i].timestamp, MIN_NODE_PING_TIME)) - if (memcmp(last_pinged[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(last_pinged[i].public_key, public_key) == 0) return 0; } @@ -602,7 +602,7 @@ static int client_ping_nodes(Onion_Client *onion_c, uint32_t num, const Node_for || id_closest(reference_id, list_nodes[1].public_key, nodes[i].public_key) == 2 ) { /* check if node is already in list. */ for (j = 0; j < list_length; ++j) { - if (memcmp(list_nodes[j].public_key, nodes[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(list_nodes[j].public_key, nodes[i].public_key) == 0) { break; } } @@ -912,7 +912,7 @@ static int handle_dht_dhtpk(void *object, IP_Port source, const uint8_t *source_ if (len != length - (DATA_IN_RESPONSE_MIN_SIZE + crypto_box_NONCEBYTES)) return 1; - if (memcmp(source_pubkey, plain + 1 + sizeof(uint64_t), crypto_box_PUBLICKEYBYTES) != 0) + if (public_key_cmp(source_pubkey, plain + 1 + sizeof(uint64_t)) != 0) return 1; return handle_dhtpk_announce(onion_c, packet, plain, len); @@ -981,7 +981,7 @@ int onion_friend_num(const Onion_Client *onion_c, const uint8_t *public_key) if (onion_c->friends_list[i].status == 0) continue; - if (memcmp(public_key, onion_c->friends_list[i].real_public_key, crypto_box_PUBLICKEYBYTES) == 0) + if (public_key_cmp(public_key, onion_c->friends_list[i].real_public_key) == 0) return i; } @@ -1129,7 +1129,7 @@ int onion_set_friend_DHT_pubkey(Onion_Client *onion_c, int friend_num, const uin return -1; if (onion_c->friends_list[friend_num].know_dht_public_key) { - if (memcmp(dht_key, onion_c->friends_list[friend_num].dht_public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(dht_key, onion_c->friends_list[friend_num].dht_public_key) == 0) { return -1; } diff --git a/toxcore/ping.c b/toxcore/ping.c index 2c6125e8..f81766cb 100644 --- a/toxcore/ping.c +++ b/toxcore/ping.c @@ -284,7 +284,7 @@ int add_to_ping(PING *ping, const uint8_t *public_key, IP_Port ip_port) return 0; } - if (memcmp(ping->to_ping[i].public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (public_key_cmp(ping->to_ping[i].public_key, public_key) == 0) { return -1; } } diff --git a/toxcore/tox.c b/toxcore/tox.c index 3e9db766..c28c5178 100644 --- a/toxcore/tox.c +++ b/toxcore/tox.c @@ -153,7 +153,7 @@ Tox *tox_new(const struct Tox_Options *options, TOX_ERR_NEW *error) return NULL; } - if (memcmp(options->savedata_data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) { + if (sodium_memcmp(options->savedata_data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0) { SET_ERROR_PARAMETER(error, TOX_ERR_NEW_LOAD_ENCRYPTED); return NULL; } diff --git a/toxcore/util.c b/toxcore/util.c index 28d8721c..ea1988e4 100644 --- a/toxcore/util.c +++ b/toxcore/util.c @@ -60,7 +60,7 @@ int is_timeout(uint64_t timestamp, uint64_t timeout) /* id functions */ bool id_equal(const uint8_t *dest, const uint8_t *src) { - return memcmp(dest, src, crypto_box_PUBLICKEYBYTES) == 0; + return public_key_cmp(dest, src) == 0; } uint32_t id_copy(uint8_t *dest, const uint8_t *src)