From 2d8bfaab51c2dd42d73c348e238802912e870b22 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Mon, 8 Jun 2020 00:46:20 +0200 Subject: moved client/server stream crypto init code into subroutines Signed-off-by: Toni Uhlig --- client.c | 7 ++++--- common-sodium.c | 38 ++++++++++++++++++++++++++++++++++++++ common-sodium.h | 8 ++++++++ server.c | 6 +----- 4 files changed, 51 insertions(+), 8 deletions(-) diff --git a/client.c b/client.c index 38afa82..95375cf 100644 --- a/client.c +++ b/client.c @@ -65,9 +65,10 @@ enum recv_return protocol_request_server_helo(struct connection * const state, (void)processed; LOG(NOTICE, "Server HELLO with message: %.*s", sizeof(helo_pkt->server_message), helo_pkt->server_message); - crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state, - helo_pkt->client_rx_header, - state->session_keys->rx); + if (init_crypto_client(state, helo_pkt->client_rx_header, sizeof(helo_pkt->client_rx_header)) != 0) { + LOG(ERROR, "Client session keypair generation failed"); + return RECV_FATAL; + } if (ev_setup_generic_timer((struct ev_user_data *)state->user_data, PING_INTERVAL) != 0) { LOG(ERROR, "Timer init failed"); diff --git a/common-sodium.c b/common-sodium.c index 4398782..a69196d 100644 --- a/common-sodium.c +++ b/common-sodium.c @@ -48,6 +48,8 @@ struct longterm_keypair * generate_keypair_from_secretkey_hexstr_sodium(char con goto error; } + sodium_mlock(keypair, sizeof(*keypair)); + return keypair; error: free(keypair); @@ -104,3 +106,39 @@ int init_sockaddr_inet(struct sockaddr_in * const sin, return 0; } + +int init_crypto_server(struct connection * const state, + unsigned char const * const server_rx_header, + size_t server_rx_header_size) +{ + if (server_rx_header_size != crypto_secretstream_xchacha20poly1305_HEADERBYTES) { + LOG(ERROR, + "Invalid Sodium RX header size: %zu != %zu", + server_rx_header_size, + crypto_secretstream_xchacha20poly1305_HEADERBYTES); + return 1; + } + if (generate_session_keypair_sodium(state) != 0) { + LOG(ERROR, "Client session keypair generation failed"); + return 1; + } + crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state, server_rx_header, state->session_keys->rx); + + return 0; +} + +int init_crypto_client(struct connection * const state, + unsigned char const * const client_rx_header, + size_t client_rx_header_size) +{ + if (client_rx_header_size != crypto_secretstream_xchacha20poly1305_HEADERBYTES) { + LOG(ERROR, + "Invalid Sodium RX header size: %zu != %zu", + client_rx_header_size, + crypto_secretstream_xchacha20poly1305_HEADERBYTES); + return 1; + } + crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state, client_rx_header, state->session_keys->rx); + + return 0; +} diff --git a/common-sodium.h b/common-sodium.h index 95ec94d..7ccfc0c 100644 --- a/common-sodium.h +++ b/common-sodium.h @@ -21,4 +21,12 @@ __attribute__((warn_unused_result)) int init_sockaddr_inet(struct sockaddr_in * int port, char ip_str[INET6_ADDRSTRLEN + 1]); +__attribute__((warn_unused_result)) int init_crypto_server(struct connection * const state, + unsigned char const * const server_rx_header, + size_t server_rx_header_size); + +__attribute__((warn_unused_result)) int init_crypto_client(struct connection * const state, + unsigned char const * const client_rx_header, + size_t client_rx_header_size); + #endif diff --git a/server.c b/server.c index d679c87..86a43e4 100644 --- a/server.c +++ b/server.c @@ -66,14 +66,10 @@ enum recv_return protocol_request_client_auth(struct connection * const state, } log_bin2hex_sodium("Client AUTH with PublicKey", auth_pkt->client_publickey, sizeof(auth_pkt->client_publickey)); - - if (generate_session_keypair_sodium(state) != 0) { + if (init_crypto_server(state, auth_pkt->server_rx_header, sizeof(auth_pkt->server_rx_header)) != 0) { LOG(ERROR, "Client session keypair generation failed"); return RECV_FATAL; } - crypto_secretstream_xchacha20poly1305_init_pull(&state->crypto_rx_state, - auth_pkt->server_rx_header, - state->session_keys->rx); if (ev_protocol_server_helo(state, "Welcome.") != 0) { LOG(ERROR, "Server AUTH response failed"); -- cgit v1.2.3