moved client/server stream crypto init code into subroutines

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2020-06-08 00:46:20 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2020-06-08 00:46:20 +0200
commit: 2d8bfaab51c2dd42d73c348e238802912e870b22 (patch)
tree: c602138abc6aee099a9df1c6b5541ca9668e9b02
parent: 8900036e927d757272b96625ab0a7018bf217533 (diff)
4 files changed, 51 insertions, 8 deletions
diff --git a/client.c b/client.c
index 38afa82..95375cf 100644
--- a/client.c
+++ b/client.c
@@ -65,9 +65,10 @@ enum recv_return protocol_request_server_helo(struct connection * const state,
     (void)processed;
     LOG(NOTICE, "Server HELLO with message: %.*s", sizeof(helo_pkt->server_message), helo_pkt->server_message);
 
-    crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state,
-                                                    helo_pkt->client_rx_header,
-                                                    state->session_keys->rx);
+    if (init_crypto_client(state, helo_pkt->client_rx_header, sizeof(helo_pkt->client_rx_header)) != 0) {
+        LOG(ERROR, "Client session keypair generation failed");
+        return RECV_FATAL;
+    }
 
     if (ev_setup_generic_timer((struct ev_user_data *)state->user_data, PING_INTERVAL) != 0) {
         LOG(ERROR, "Timer init failed");
diff --git a/common-sodium.c b/common-sodium.c
index 4398782..a69196d 100644
--- a/common-sodium.c
+++ b/common-sodium.c
@@ -48,6 +48,8 @@ struct longterm_keypair * generate_keypair_from_secretkey_hexstr_sodium(char con
         goto error;
     }
 
+    sodium_mlock(keypair, sizeof(*keypair));
+
     return keypair;
 error:
     free(keypair);
@@ -104,3 +106,39 @@ int init_sockaddr_inet(struct sockaddr_in * const sin,
 
     return 0;
 }
+
+int init_crypto_server(struct connection * const state,
+                       unsigned char const * const server_rx_header,
+                       size_t server_rx_header_size)
+{
+    if (server_rx_header_size != crypto_secretstream_xchacha20poly1305_HEADERBYTES) {
+        LOG(ERROR,
+            "Invalid Sodium RX header size: %zu != %zu",
+            server_rx_header_size,
+            crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+        return 1;
+    }
+    if (generate_session_keypair_sodium(state) != 0) {
+        LOG(ERROR, "Client session keypair generation failed");
+        return 1;
+    }
+    crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state, server_rx_header, state->session_keys->rx);
+
+    return 0;
+}
+
+int init_crypto_client(struct connection * const state,
+                       unsigned char const * const client_rx_header,
+                       size_t client_rx_header_size)
+{
+    if (client_rx_header_size != crypto_secretstream_xchacha20poly1305_HEADERBYTES) {
+        LOG(ERROR,
+            "Invalid Sodium RX header size: %zu != %zu",
+            client_rx_header_size,
+            crypto_secretstream_xchacha20poly1305_HEADERBYTES);
+        return 1;
+    }
+    crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state, client_rx_header, state->session_keys->rx);
+
+    return 0;
+}
diff --git a/common-sodium.h b/common-sodium.h
index 95ec94d..7ccfc0c 100644
--- a/common-sodium.h
+++ b/common-sodium.h
@@ -21,4 +21,12 @@ __attribute__((warn_unused_result)) int init_sockaddr_inet(struct sockaddr_in *
                                                            int port,
                                                            char ip_str[INET6_ADDRSTRLEN + 1]);
 
+__attribute__((warn_unused_result)) int init_crypto_server(struct connection * const state,
+                                                           unsigned char const * const server_rx_header,
+                                                           size_t server_rx_header_size);
+
+__attribute__((warn_unused_result)) int init_crypto_client(struct connection * const state,
+                                                           unsigned char const * const client_rx_header,
+                                                           size_t client_rx_header_size);
+
 #endif
diff --git a/server.c b/server.c
index d679c87..86a43e4 100644
--- a/server.c
+++ b/server.c
@@ -66,14 +66,10 @@ enum recv_return protocol_request_client_auth(struct connection * const state,
     }
 
     log_bin2hex_sodium("Client AUTH with PublicKey", auth_pkt->client_publickey, sizeof(auth_pkt->client_publickey));
-
-    if (generate_session_keypair_sodium(state) != 0) {
+    if (init_crypto_server(state, auth_pkt->server_rx_header, sizeof(auth_pkt->server_rx_header)) != 0) {
         LOG(ERROR, "Client session keypair generation failed");
         return RECV_FATAL;
     }
-    crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state,
-                                                    auth_pkt->server_rx_header,
-                                                    state->session_keys->rx);
 
     if (ev_protocol_server_helo(state, "Welcome.") != 0) {
         LOG(ERROR, "Server AUTH response failed");
author	Toni Uhlig <matzeton@googlemail.com>	2020-06-08 00:46:20 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2020-06-08 00:46:20 +0200
commit	2d8bfaab51c2dd42d73c348e238802912e870b22 (patch)
tree	c602138abc6aee099a9df1c6b5541ca9668e9b02
parent	8900036e927d757272b96625ab0a7018bf217533 (diff)