From 0504f57c91eb7dd2ac4adfc6906e006f775a76e4 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 15 Nov 2013 05:44:02 +0100 Subject: methods/common: decrease nonce length to 6, add flags byte --- src/methods/common.h | 4 +++- src/methods/generic_gcm/generic_gcm.c | 16 +++++++++++----- src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c | 16 ++++++++++------ 3 files changed, 24 insertions(+), 12 deletions(-) (limited to 'src/methods') diff --git a/src/methods/common.h b/src/methods/common.h index 6be32e9..d3218ae 100644 --- a/src/methods/common.h +++ b/src/methods/common.h @@ -30,8 +30,10 @@ #include "../fastd.h" -#define COMMON_NONCEBYTES 7 +#define COMMON_NONCEBYTES 6 +#define COMMON_FLAGBYTES 1 +#define COMMON_HEADBYTES (COMMON_NONCEBYTES+COMMON_FLAGBYTES) typedef struct fastd_method_common { struct timespec valid_till; diff --git a/src/methods/generic_gcm/generic_gcm.c b/src/methods/generic_gcm/generic_gcm.c index 8ae9dbe..5d6c45a 100644 --- a/src/methods/generic_gcm/generic_gcm.c +++ b/src/methods/generic_gcm/generic_gcm.c @@ -73,7 +73,7 @@ static bool method_provides(const char *name) { } static size_t method_max_packet_size(fastd_context_t *ctx) { - return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + sizeof(fastd_block128_t)); + return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + sizeof(fastd_block128_t)); } @@ -181,7 +181,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast memset(in.data, 0, sizeof(fastd_block128_t)); size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len; - *out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_NONCEBYTES, 16), sizeof(fastd_block128_t)+tail_len); + *out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_HEADBYTES, 16), sizeof(fastd_block128_t)+tail_len); if (tail_len) memset(in.data+in.len, 0, tail_len); @@ -219,20 +219,26 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast fastd_buffer_free(in); - fastd_buffer_pull_head(ctx, out, COMMON_NONCEBYTES); + fastd_buffer_pull_head(ctx, out, COMMON_HEADBYTES); + memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES); fastd_method_increment_nonce(&session->common); + ((uint8_t*)out->data)[COMMON_NONCEBYTES] = 0; /* flags */ + return true; } static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { - if (in.len < COMMON_NONCEBYTES+sizeof(fastd_block128_t)) + if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t)) return false; if (!method_session_is_valid(ctx, session)) return false; + if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */ + return false; + uint8_t nonce[session->ivlen]; memset(nonce, 0, session->ivlen); memcpy(nonce, in.data, COMMON_NONCEBYTES); @@ -242,7 +248,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) return false; - fastd_buffer_push_head(ctx, &in, COMMON_NONCEBYTES); + fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES); size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len; *out = fastd_buffer_alloc(ctx, in.len, 0, tail_len); diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c index f7709bb..01c623a 100644 --- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c +++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c @@ -42,7 +42,7 @@ static bool method_provides(const char *name) { } static size_t method_max_packet_size(fastd_context_t *ctx) { - return (fastd_max_packet_size(ctx) + COMMON_NONCEBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES); + return (fastd_max_packet_size(ctx) + COMMON_HEADBYTES + crypto_secretbox_xsalsa20poly1305_ZEROBYTES - crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES); } static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) { @@ -50,7 +50,7 @@ static size_t method_min_encrypt_head_space(fastd_context_t *ctx UNUSED) { } static size_t method_min_decrypt_head_space(fastd_context_t *ctx UNUSED) { - return (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_NONCEBYTES); + return (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES - COMMON_HEADBYTES); } static size_t method_min_tail_space(fastd_context_t *ctx UNUSED) { @@ -116,8 +116,9 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast fastd_buffer_free(in); - fastd_buffer_push_head(ctx, out, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES); + fastd_buffer_push_head(ctx, out, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES); memcpy(out->data, session->common.send_nonce, COMMON_NONCEBYTES); + /* flags are 0, no need to set */ fastd_method_increment_nonce(&session->common); @@ -125,12 +126,15 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast } static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { - if (in.len < COMMON_NONCEBYTES) + if (in.len < COMMON_HEADBYTES) return false; if (!method_session_is_valid(ctx, session)) return false; + if (((const uint8_t*)in.data)[COMMON_NONCEBYTES]) /* flags */ + return false; + uint8_t nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES]; memcpy(nonce, in.data, COMMON_NONCEBYTES); memset(nonce+COMMON_NONCEBYTES, 0, crypto_secretbox_xsalsa20poly1305_NONCEBYTES-COMMON_NONCEBYTES); @@ -139,7 +143,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho if (!fastd_method_is_nonce_valid(ctx, &session->common, nonce, &age)) return false; - fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES); + fastd_buffer_pull_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES); memset(in.data, 0, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES); *out = fastd_buffer_alloc(ctx, in.len, 0, 0); @@ -148,7 +152,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho fastd_buffer_free(*out); /* restore input buffer */ - fastd_buffer_push_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_NONCEBYTES); + fastd_buffer_push_head(ctx, &in, crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES-COMMON_HEADBYTES); memcpy(in.data, nonce, COMMON_NONCEBYTES); return false; } -- cgit v1.2.3