projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1
[tinc] / src / sptps.c
diff --git a/src/sptps.c b/src/sptps.c
index dc602e3..d22390e 100644 (file)
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -45,7 +45,7 @@ char *logfilename;
 
    Maybe do add some alert messages to give helpful error messages? Not more than TLS sends.
 
-   Use counter mode instead of OFB.
+   Use counter mode instead of OFB. (done)
 
    Make sure ECC operations are fixed time (aka prevent side-channel attacks).
 */
@@ -78,7 +78,7 @@ static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_
                if(!digest_create(&s->outdigest, plaintext, len + 7, plaintext + 7 + len))
                        return false;
 
-               if(!cipher_encrypt(&s->outcipher, plaintext + 4, sizeof ciphertext, ciphertext, NULL, false))
+               if(!cipher_counter_xor(&s->outcipher, plaintext + 4, sizeof ciphertext, ciphertext))
                        return false;
 
                return s->send_data(s->handle, ciphertext, len + 19);
@@ -149,8 +149,8 @@ static bool generate_key_material(sptps_t *s, const char *shared, size_t len) {
        // Initialise cipher and digest structures if necessary
        if(!s->outstate) {
                bool result
-                       =  cipher_open_by_name(&s->incipher, "aes-256-ofb")
-                       && cipher_open_by_name(&s->outcipher, "aes-256-ofb")
+                       =  cipher_open_by_name(&s->incipher, "aes-256-ecb")
+                       && cipher_open_by_name(&s->outcipher, "aes-256-ecb")
                        && digest_open_by_name(&s->indigest, "sha256", 16)
                        && digest_open_by_name(&s->outdigest, "sha256", 16);
                if(!result)
@@ -191,10 +191,27 @@ static bool send_ack(sptps_t *s) {
 // Receive an ACKnowledgement record.
 static bool receive_ack(sptps_t *s, const char *data, uint16_t len) {
        if(len)
-               return false;
+               return error(s, EIO, "Invalid ACK record length");
+
+       if(s->initiator) {
+               bool result
+                       = cipher_set_counter_key(&s->incipher, s->key)
+                       && digest_set_key(&s->indigest, s->key + cipher_keylength(&s->incipher), digest_keylength(&s->indigest));
+               if(!result)
+                       return false;
+       } else {
+               bool result
+                       = cipher_set_counter_key(&s->incipher, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest))
+                       && digest_set_key(&s->indigest, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest) + cipher_keylength(&s->incipher), digest_keylength(&s->indigest));
+               if(!result)
+                       return false;
+       }
 
-       // TODO: set cipher/digest keys
-       return error(s, ENOSYS, "receive_ack() not completely implemented yet");
+       free(s->key);
+       s->key = NULL;
+       s->instate = true;
+
+       return true;
 }
 
 // Receive a Key EXchange record, respond by sending a SIG record.
@@ -244,31 +261,32 @@ static bool receive_sig(sptps_t *s, const char *data, uint16_t len) {
        if(!generate_key_material(s, shared, sizeof shared))
                return false;
 
-       // Send cipher change record if necessary
-       //if(s->outstate && !send_ack(s))
-       //      return false;
+       free(s->mykex);
+       free(s->hiskex);
+
+       s->mykex = NULL;
+       s->hiskex = NULL;
+
+       // Send cipher change record
+       if(!send_ack(s))
+               return false;
 
        // TODO: only set new keys after ACK has been set/received
        if(s->initiator) {
                bool result
-                       =  cipher_set_key(&s->incipher, s->key, false)
-                       && digest_set_key(&s->indigest, s->key + cipher_keylength(&s->incipher), digest_keylength(&s->indigest))
-                       && cipher_set_key(&s->outcipher, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest), true)
+                       = cipher_set_counter_key(&s->outcipher, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest))
                        && digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->incipher) + digest_keylength(&s->indigest) + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest));
                if(!result)
                        return false;
        } else {
                bool result
-                       =  cipher_set_key(&s->outcipher, s->key, true)
-                       && digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest))
-                       && cipher_set_key(&s->incipher, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest), false)
-                       && digest_set_key(&s->indigest, s->key + cipher_keylength(&s->outcipher) + digest_keylength(&s->outdigest) + cipher_keylength(&s->incipher), digest_keylength(&s->indigest));
+                       =  cipher_set_counter_key(&s->outcipher, s->key)
+                       && digest_set_key(&s->outdigest, s->key + cipher_keylength(&s->outcipher), digest_keylength(&s->outdigest));
                if(!result)
                        return false;
        }
 
        s->outstate = true;
-       s->instate = true;
 
        return true;
 }
@@ -302,7 +320,7 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
                        if(!receive_sig(s, data, len))
                                return false;
                        // s->state = SPTPS_ACK;
-                       s->state = SPTPS_SECONDARY_KEX;
+                       s->state = SPTPS_ACK;
                        return true;
                case SPTPS_ACK:
                        // We expect a handshake message to indicate transition to the new keys.
@@ -326,7 +344,7 @@ bool receive_data(sptps_t *s, const char *data, size_t len) {
                                toread = len;
 
                        if(s->instate) {
-                               if(!cipher_decrypt(&s->incipher, data, toread, s->inbuf + s->buflen, NULL, false))
+                               if(!cipher_counter_xor(&s->incipher, data, toread, s->inbuf + s->buflen))
                                        return false;
                        } else {
                                memcpy(s->inbuf + s->buflen, data, toread);
@@ -366,7 +384,7 @@ bool receive_data(sptps_t *s, const char *data, size_t len) {
                        toread = len;
 
                if(s->instate) {
-                       if(!cipher_decrypt(&s->incipher, data, toread, s->inbuf + s->buflen, NULL, false))
+                       if(!cipher_counter_xor(&s->incipher, data, toread, s->inbuf + s->buflen))
                                return false;
                } else {
                        memcpy(s->inbuf + s->buflen, data, toread);
@@ -389,6 +407,8 @@ bool receive_data(sptps_t *s, const char *data, size_t len) {
 
                // Handle record.
                if(type < SPTPS_HANDSHAKE) {
+                       if(!s->instate)
+                               return error(s, EIO, "Application record received before handshake finished");
                        if(!s->receive_record(s->handle, type, s->inbuf + 7, reclen))
                                return false;
                } else if(type == SPTPS_HANDSHAKE) {
tinc, the VPN daemon