summaryrefslogtreecommitdiffstats
path: root/src/methods
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2013-11-15 05:44:02 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2013-11-15 05:44:02 +0100
commit0504f57c91eb7dd2ac4adfc6906e006f775a76e4 (patch)
tree4de445b2525fdfd4fafe0dfa97fd266dde7efd2f /src/methods
parentbef39b72834173e969efc6cee10145300a3af94c (diff)
downloadfastd-0504f57c91eb7dd2ac4adfc6906e006f775a76e4.tar
fastd-0504f57c91eb7dd2ac4adfc6906e006f775a76e4.zip
methods/common: decrease nonce length to 6, add flags byte
Diffstat (limited to 'src/methods')
-rw-r--r--src/methods/common.h4
-rw-r--r--src/methods/generic_gcm/generic_gcm.c16
-rw-r--r--src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c16
3 files changed, 24 insertions, 12 deletions
diff --git a/src/methods/common.h b/src/methods/common.h
index 6be32e9..d3218ae 100644
--- a/src/methods/common.h
+++ b/src/methods/common.h
@@ -30,8 +30,10 @@
#include "../fastd.h"
-#define COMMON_NONCEBYTES 7
+#define COMMON_NONCEBYTES 6
+#define COMMON_FLAGBYTES 1
+#define COMMON_HEADBYTES (COMMON_NONCEBYTES+COMMON_FLAGBYTES)
typedef struct fastd_method_common {
struct timespec valid_till;
diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c
index 8ae9dbe..5d6c45a 100644
--- a/src/methods/generic_gcm/generic_gcm.c
+++ b/src/methods/generic_gcm/generic_gcm.c
@@ -73,7 +73,7 @@ static bool method_provides(const char *name) {
}
static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + sizeof(fastd_block128_t));
+ return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + sizeof(fastd_block128_t));
}
@@ -181,7 +181,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
memset(in.data, 0, sizeof(fastd_block128_t));
size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
- *out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_NONCEBYTES, 16), sizeof(fastd_block128_t)+tail_len);
+ *out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_HEADBYTES, 16), sizeof(fastd_block128_t)+tail_len);
if (tail_len)
memset(in.data+in.len, 0, tail_len);
@@ -219,20 +219,26 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_buffer_free(in);
- fastd_buffer_pull_head(ctx, out, COMMON_NONCEBYTES);
+ fastd_buffer_pull_head(ctx, out, COMMON_HEADBYTES);
+
memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES);
fastd_method_increment_nonce(&session->common);
+ ((uint8_t*)out->data)[COMMON_NONCEBYTES] = 0; /* flags */
+
return true;
}
static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
- if (in.len < COMMON_NONCEBYTES+sizeof(fastd_block128_t))
+ if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t))
return false;
if (!method_session_is_valid(ctx, session))
return false;
+ if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
+ return false;
+
uint8_t nonce[session->ivlen];
memset(nonce, 0, session->ivlen);
memcpy(nonce, in.data, COMMON_NONCEBYTES);
@@ -242,7 +248,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
return false;
- fastd_buffer_push_head(ctx, &in, COMMON_NONCEBYTES);
+ fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES);
size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
*out = fastd_buffer_alloc(ctx, in.len, 0, tail_len);
diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
index f7709bb..01c623a 100644
--- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
+++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
@@ -42,7 +42,7 @@ static bool method_provides(const char *name) {
}
static size_t method_max_packet_size(fastd_context_t *ctx) {
- return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
+ return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
}
static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) {
@@ -50,7 +50,7 @@ static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) {
}
static size_t method_min_decrypt_head_space(fastd_context_t *ctx UNUSED) {
- return (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_NONCEBYTES);
+ return (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_HEADBYTES);
}
static size_t method_min_tail_space(fastd_context_t *ctx UNUSED) {
@@ -116,8 +116,9 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_buffer_free(in);
- fastd_buffer_push_head(ctx, out, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES);
+ fastd_buffer_push_head(ctx, out, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES);
memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES);
+ /* flags are 0, no need to set */
fastd_method_increment_nonce(&session->common);
@@ -125,12 +126,15 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
}
static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
- if (in.len < COMMON_NONCEBYTES)
+ if (in.len < COMMON_HEADBYTES)
return false;
if (!method_session_is_valid(ctx, session))
return false;
+ if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
+ return false;
+
uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES];
memcpy(nonce, in.data, COMMON_NONCEBYTES);
memset(nonce+COMMON_NONCEBYTES, 0, crypto_secretbox_xsalsa20poly1305_NONCEBYTES-COMMON_NONCEBYTES);
@@ -139,7 +143,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
return false;
- fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES);
+ fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES);
memset(in.data, 0, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
*out = fastd_buffer_alloc(ctx, in.len, 0, 0);
@@ -148,7 +152,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
fastd_buffer_free(*out);
/* restore input buffer */
- fastd_buffer_push_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES);
+ fastd_buffer_push_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES);
memcpy(in.data, nonce, COMMON_NONCEBYTES);
return false;
}