fastd/fastd
1
0
Fork 0
mirror of https://github.com/neocturne/fastd.git synced 2025-05-15 04:35:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

methods/common: decrease nonce length to 6, add flags byte

Browse source
This commit is contained in:
Matthias Schiffer 2013-11-15 05:44:02 +01:00
parent bef39b7283
commit 0504f57c91
3 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/methods/common.h
View file

@ -30,8 +30,10 @@
#include "../fastd.h" #include "../fastd.h"
#define COMMON_NONCEBYTES 7 #define COMMON_NONCEBYTES 6
#define COMMON_FLAGBYTES 1
#define COMMON_HEADBYTES (COMMON_NONCEBYTES+COMMON_FLAGBYTES)
typedef struct fastd_method_common { typedef struct fastd_method_common {
struct timespec valid_till; struct timespec valid_till;

16
src/methods/generic_gcm/generic_gcm.c
View file

@ -73,7 +73,7 @@ static bool method_provides(const char *name) {
} }
static size_t method_max_packet_size(fastd_context_t *ctx) { static size_t method_max_packet_size(fastd_context_t *ctx) {
return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + sizeof(fastd_block128_t)); return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + sizeof(fastd_block128_t));
} }
@ -181,7 +181,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
memset(in.data, 0, sizeof(fastd_block128_t)); memset(in.data, 0, sizeof(fastd_block128_t));
size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len; size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
*out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_NONCEBYTES, 16), sizeof(fastd_block128_t)+tail_len); *out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_HEADBYTES, 16), sizeof(fastd_block128_t)+tail_len);
if (tail_len) if (tail_len)
memset(in.data+in.len, 0, tail_len); memset(in.data+in.len, 0, tail_len);
@ -219,20 +219,26 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_buffer_free(in); fastd_buffer_free(in);
fastd_buffer_pull_head(ctx, out, COMMON_NONCEBYTES); fastd_buffer_pull_head(ctx, out, COMMON_HEADBYTES);
memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES); memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES);
fastd_method_increment_nonce(&session->common); fastd_method_increment_nonce(&session->common);
((uint8_t*)out->data)[COMMON_NONCEBYTES] = 0; /* flags */
return true; return true;
} }
static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
if (in.len < COMMON_NONCEBYTES+sizeof(fastd_block128_t)) if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t))
return false; return false;
if (!method_session_is_valid(ctx, session)) if (!method_session_is_valid(ctx, session))
return false; return false;
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
uint8_t nonce[session->ivlen]; uint8_t nonce[session->ivlen];
memset(nonce, 0, session->ivlen); memset(nonce, 0, session->ivlen);
memcpy(nonce, in.data, COMMON_NONCEBYTES); memcpy(nonce, in.data, COMMON_NONCEBYTES);
@ -242,7 +248,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
return false; return false;
fastd_buffer_push_head(ctx, &in, COMMON_NONCEBYTES); fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES);
size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len; size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
*out = fastd_buffer_alloc(ctx, in.len, 0, tail_len); *out = fastd_buffer_alloc(ctx, in.len, 0, tail_len);

16
src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
View file

@ -42,7 +42,7 @@ static bool method_provides(const char *name) {
} }
static size_t method_max_packet_size(fastd_context_t *ctx) { static size_t method_max_packet_size(fastd_context_t *ctx) {
return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES); return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
} }
static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) { static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) {
@ -50,7 +50,7 @@ static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) {
} }
static size_t method_min_decrypt_head_space(fastd_context_t *ctx UNUSED) { static size_t method_min_decrypt_head_space(fastd_context_t *ctx UNUSED) {
return (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_NONCEBYTES); return (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_HEADBYTES);
} }
static size_t method_min_tail_space(fastd_context_t *ctx UNUSED) { static size_t method_min_tail_space(fastd_context_t *ctx UNUSED) {
@ -116,8 +116,9 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
fastd_buffer_free(in); fastd_buffer_free(in);
fastd_buffer_push_head(ctx, out, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES); fastd_buffer_push_head(ctx, out, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES);
memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES); memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES);
/* flags are 0, no need to set */
fastd_method_increment_nonce(&session->common); fastd_method_increment_nonce(&session->common);
@ -125,12 +126,15 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
} }
static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
if (in.len < COMMON_NONCEBYTES) if (in.len < COMMON_HEADBYTES)
return false; return false;
if (!method_session_is_valid(ctx, session)) if (!method_session_is_valid(ctx, session))
return false; return false;
if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */
return false;
uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES]; uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES];
memcpy(nonce, in.data, COMMON_NONCEBYTES); memcpy(nonce, in.data, COMMON_NONCEBYTES);
memset(nonce+COMMON_NONCEBYTES, 0, crypto_secretbox_xsalsa20poly1305_NONCEBYTES-COMMON_NONCEBYTES); memset(nonce+COMMON_NONCEBYTES, 0, crypto_secretbox_xsalsa20poly1305_NONCEBYTES-COMMON_NONCEBYTES);
@ -139,7 +143,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age))
return false; return false;
fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES); fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES);
memset(in.data, 0, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES); memset(in.data, 0, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES);
*out = fastd_buffer_alloc(ctx, in.len, 0, 0); *out = fastd_buffer_alloc(ctx, in.len, 0, 0);
@ -148,7 +152,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
fastd_buffer_free(*out); fastd_buffer_free(*out);
/* restore input buffer */ /* restore input buffer */
fastd_buffer_push_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES); fastd_buffer_push_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES);
memcpy(in.data, nonce, COMMON_NONCEBYTES); memcpy(in.data, nonce, COMMON_NONCEBYTES);
return false; return false;
} }