|
@@ -179,21 +179,21 @@ static inline struct CryptoAuth_User* getAuth(struct CryptoHeader_Challenge* aut
|
|
|
* @param secret a shared secret.
|
|
|
* @return 0 if decryption is succeddful, otherwise -1.
|
|
|
*/
|
|
|
-static inline Gcc_USE_RET int decryptRndNonce(uint8_t nonce[24],
|
|
|
+static inline Gcc_USE_RET int decryptRndNonce(const uint8_t nonce[24],
|
|
|
struct Message* msg,
|
|
|
- uint8_t secret[32])
|
|
|
+ const uint8_t secret[32])
|
|
|
{
|
|
|
- if (msg->length < 16) {
|
|
|
+ if (Message_getLength(msg) < 16) {
|
|
|
return -1;
|
|
|
}
|
|
|
- Assert_true(msg->padding >= 16);
|
|
|
- uint8_t* startAt = msg->bytes - 16;
|
|
|
+ Assert_true(Message_getPadding(msg) >= 16);
|
|
|
+ uint8_t* startAt = msg->msgbytes - 16;
|
|
|
uint8_t paddingSpace[16];
|
|
|
Bits_memcpy(paddingSpace, startAt, 16);
|
|
|
Bits_memset(startAt, 0, 16);
|
|
|
if (!Defined(NSA_APPROVED)) {
|
|
|
if (crypto_box_curve25519xsalsa20poly1305_open_afternm(
|
|
|
- startAt, startAt, msg->length + 16, nonce, secret) != 0)
|
|
|
+ startAt, startAt, Message_getLength(msg) + 16, nonce, secret) != 0)
|
|
|
{
|
|
|
return -1;
|
|
|
}
|
|
@@ -212,19 +212,19 @@ static inline Gcc_USE_RET int decryptRndNonce(uint8_t nonce[24],
|
|
|
* @param msg a message to encipher and authenticate.
|
|
|
* @param secret a shared secret.
|
|
|
*/
|
|
|
-static inline void encryptRndNonce(uint8_t nonce[24],
|
|
|
+static inline void encryptRndNonce(const uint8_t nonce[24],
|
|
|
struct Message* msg,
|
|
|
- uint8_t secret[32])
|
|
|
+ const uint8_t secret[32])
|
|
|
{
|
|
|
- Assert_true(msg->padding >= 32);
|
|
|
- uint8_t* startAt = msg->bytes - 32;
|
|
|
+ Assert_true(Message_getPadding(msg) >= 32);
|
|
|
+ uint8_t* startAt = msg->msgbytes - 32;
|
|
|
// This function trashes 16 bytes of the padding so we will put it back
|
|
|
uint8_t paddingSpace[16];
|
|
|
Bits_memcpy(paddingSpace, startAt, 16);
|
|
|
Bits_memset(startAt, 0, 32);
|
|
|
if (!Defined(NSA_APPROVED)) {
|
|
|
crypto_box_curve25519xsalsa20poly1305_afternm(
|
|
|
- startAt, startAt, msg->length + 32, nonce, secret);
|
|
|
+ startAt, startAt, Message_getLength(msg) + 32, nonce, secret);
|
|
|
}
|
|
|
|
|
|
Bits_memcpy(startAt, paddingSpace, 16);
|
|
@@ -277,14 +277,14 @@ static inline void encrypt(uint32_t nonce,
|
|
|
|
|
|
static inline bool knowHerKey(struct CryptoAuth_Session_pvt* session)
|
|
|
{
|
|
|
- return !Bits_isZero(session->pub.herPublicKey, 32);
|
|
|
+ return !Bits_isZero(session->herPublicKey, 32);
|
|
|
}
|
|
|
|
|
|
static void getIp6(struct CryptoAuth_Session_pvt* session, uint8_t* addr)
|
|
|
{
|
|
|
Assert_true(knowHerKey(session));
|
|
|
uint8_t ip6[16];
|
|
|
- AddressCalc_addressForPublicKey(ip6, session->pub.herPublicKey);
|
|
|
+ AddressCalc_addressForPublicKey(ip6, session->herPublicKey);
|
|
|
AddrTools_printIp(addr, ip6);
|
|
|
}
|
|
|
|
|
@@ -293,7 +293,7 @@ static void getIp6(struct CryptoAuth_Session_pvt* session, uint8_t* addr)
|
|
|
if (!Defined(Log_DEBUG)) { break; } \
|
|
|
uint8_t addr[40] = "unknown"; \
|
|
|
getIp6((session), addr); \
|
|
|
- String* dn = (session)->pub.displayName; \
|
|
|
+ String* dn = (session)->displayName; \
|
|
|
Log_debug((session)->context->logger, "%p %s [%s] state[%d]: " format, (void*)(session), \
|
|
|
dn ? dn->bytes : "", addr, (session)->nextNonce, __VA_ARGS__); \
|
|
|
} while (0)
|
|
@@ -313,7 +313,7 @@ static void reset(struct CryptoAuth_Session_pvt* session)
|
|
|
Bits_memset(session->sharedSecret, 0, 32);
|
|
|
session->established = false;
|
|
|
|
|
|
- Bits_memset(&session->pub.replayProtector, 0, sizeof(struct ReplayProtector));
|
|
|
+ Bits_memset(&session->replayProtector, 0, sizeof(struct ReplayProtector));
|
|
|
}
|
|
|
|
|
|
static void resetIfTimeout(struct CryptoAuth_Session_pvt* session)
|
|
@@ -325,10 +325,10 @@ static void resetIfTimeout(struct CryptoAuth_Session_pvt* session)
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- uint64_t nowSecs = Time_currentTimeSeconds(session->context->eventBase);
|
|
|
- if (nowSecs - session->timeOfLastPacket < session->pub.setupResetAfterInactivitySeconds) {
|
|
|
+ uint64_t nowSecs = Time_currentTimeSeconds();
|
|
|
+ if (nowSecs - session->timeOfLastPacket < session->setupResetAfterInactivitySeconds) {
|
|
|
return;
|
|
|
- } else if (nowSecs - session->timeOfLastPacket < session->pub.resetAfterInactivitySeconds) {
|
|
|
+ } else if (nowSecs - session->timeOfLastPacket < session->resetAfterInactivitySeconds) {
|
|
|
if (session->established) { return; }
|
|
|
}
|
|
|
|
|
@@ -345,14 +345,14 @@ static void encryptHandshake(struct Message* message,
|
|
|
{
|
|
|
Er_assert(Message_eshift(message, CryptoHeader_SIZE));
|
|
|
|
|
|
- struct CryptoHeader* header = (struct CryptoHeader*) message->bytes;
|
|
|
+ struct CryptoHeader* header = (struct CryptoHeader*) message->msgbytes;
|
|
|
|
|
|
// garbage the auth challenge and set the nonce which follows it
|
|
|
Random_bytes(session->context->rand, (uint8_t*) &header->auth,
|
|
|
CryptoHeader_Challenge_SIZE + 24);
|
|
|
|
|
|
// set the permanent key
|
|
|
- Bits_memcpy(header->publicKey, session->context->pub.publicKey, 32);
|
|
|
+ Bits_memcpy(header->publicKey, session->context->pubKey, 32);
|
|
|
|
|
|
Assert_true(knowHerKey(session));
|
|
|
|
|
@@ -414,7 +414,7 @@ static void encryptHandshake(struct Message* message,
|
|
|
if (session->nextNonce < CryptoAuth_State_RECEIVED_HELLO) {
|
|
|
getSharedSecret(sharedSecret,
|
|
|
session->context->privateKey,
|
|
|
- session->pub.herPublicKey,
|
|
|
+ session->herPublicKey,
|
|
|
passwordHash,
|
|
|
session->context->logger);
|
|
|
|
|
@@ -459,7 +459,7 @@ static void encryptHandshake(struct Message* message,
|
|
|
uint8_t nonceHex[49];
|
|
|
Hex_encode(nonceHex, 49, header->handshakeNonce, 24);
|
|
|
uint8_t cipherHex[65];
|
|
|
- printHexKey(cipherHex, message->bytes);
|
|
|
+ printHexKey(cipherHex, message->msgbytes);
|
|
|
Log_keys(session->context->logger,
|
|
|
"Encrypting message with:\n"
|
|
|
" nonce: %s\n"
|
|
@@ -473,11 +473,8 @@ static void encryptHandshake(struct Message* message,
|
|
|
}
|
|
|
|
|
|
/** @return 0 on success, -1 otherwise. */
|
|
|
-int CryptoAuth_encrypt(struct CryptoAuth_Session* sessionPub, struct Message* msg)
|
|
|
+static int encryptPacket(struct CryptoAuth_Session_pvt* session, struct Message* msg)
|
|
|
{
|
|
|
- struct CryptoAuth_Session_pvt* session =
|
|
|
- Identity_check((struct CryptoAuth_Session_pvt*) sessionPub);
|
|
|
-
|
|
|
// If there has been no incoming traffic for a while, reset the connection to state 0.
|
|
|
// This will prevent "connection in bad state" situations from lasting forever.
|
|
|
// this will reset the session if it has timed out.
|
|
@@ -488,7 +485,7 @@ int CryptoAuth_encrypt(struct CryptoAuth_Session* sessionPub, struct Message* ms
|
|
|
reset(session);
|
|
|
}
|
|
|
|
|
|
- Assert_true(!((uintptr_t)msg->bytes % 4) || !"alignment fault");
|
|
|
+ Assert_true(!((uintptr_t)msg->msgbytes % 4) || !"alignment fault");
|
|
|
|
|
|
// nextNonce 0: sending hello, we are initiating connection.
|
|
|
// nextNonce 1: sending another hello, nothing received yet.
|
|
@@ -514,8 +511,8 @@ int CryptoAuth_encrypt(struct CryptoAuth_Session* sessionPub, struct Message* ms
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- Assert_true(msg->length > 0 && "Empty packet during handshake");
|
|
|
- Assert_true(msg->padding >= 36 || !"not enough padding");
|
|
|
+ Assert_true(Message_getLength(msg) > 0 && "Empty packet during handshake");
|
|
|
+ Assert_true(Message_getPadding(msg) >= 36 || !"not enough padding");
|
|
|
|
|
|
encrypt(session->nextNonce, msg, session->sharedSecret, session->isInitiator);
|
|
|
|
|
@@ -524,10 +521,17 @@ int CryptoAuth_encrypt(struct CryptoAuth_Session* sessionPub, struct Message* ms
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
+/** @return 0 on success, -1 otherwise. */ // Now only used in unit tests on Rust side
|
|
|
+int CryptoAuth_encrypt(struct CryptoAuth_Session* sessionPub, struct Message* msg) {
|
|
|
+ struct CryptoAuth_Session_pvt *session =
|
|
|
+ Identity_check((struct CryptoAuth_Session_pvt *) sessionPub);
|
|
|
+ return encryptPacket(session, msg);
|
|
|
+}
|
|
|
+
|
|
|
/** Call the external interface and tell it that a message has been received. */
|
|
|
static inline void updateTime(struct CryptoAuth_Session_pvt* session, struct Message* message)
|
|
|
{
|
|
|
- session->timeOfLastPacket = Time_currentTimeSeconds(session->context->eventBase);
|
|
|
+ session->timeOfLastPacket = Time_currentTimeSeconds();
|
|
|
}
|
|
|
|
|
|
static inline enum CryptoAuth_DecryptErr decryptMessage(struct CryptoAuth_Session_pvt* session,
|
|
@@ -540,7 +544,7 @@ static inline enum CryptoAuth_DecryptErr decryptMessage(struct CryptoAuth_Sessio
|
|
|
cryptoAuthDebug0(session, "DROP authenticated decryption failed");
|
|
|
return CryptoAuth_DecryptErr_DECRYPT;
|
|
|
}
|
|
|
- if (!ReplayProtector_checkNonce(nonce, &session->pub.replayProtector)) {
|
|
|
+ if (!ReplayProtector_checkNonce(nonce, &session->replayProtector)) {
|
|
|
cryptoAuthDebug(session, "DROP nonce checking failed nonce=[%u]", nonce);
|
|
|
return CryptoAuth_DecryptErr_REPLAY;
|
|
|
}
|
|
@@ -559,7 +563,7 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
struct Message* message,
|
|
|
struct CryptoHeader* header)
|
|
|
{
|
|
|
- if (message->length < CryptoHeader_SIZE) {
|
|
|
+ if (Message_getLength(message) < CryptoHeader_SIZE) {
|
|
|
cryptoAuthDebug0(session, "DROP runt");
|
|
|
return CryptoAuth_DecryptErr_RUNT;
|
|
|
}
|
|
@@ -572,7 +576,7 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
// nextNonce >3: handshake complete
|
|
|
|
|
|
Assert_true(knowHerKey(session));
|
|
|
- if (Bits_memcmp(session->pub.herPublicKey, header->publicKey, 32)) {
|
|
|
+ if (Bits_memcmp(session->herPublicKey, header->publicKey, 32)) {
|
|
|
cryptoAuthDebug0(session, "DROP a packet with different public key than this session");
|
|
|
return CryptoAuth_DecryptErr_WRONG_PERM_PUBKEY;
|
|
|
}
|
|
@@ -587,7 +591,7 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
passwordHash = userObj->secret;
|
|
|
if (userObj->restrictedToip6[0]) {
|
|
|
restrictedToip6 = userObj->restrictedToip6;
|
|
|
- if (!ip6MatchesKey(restrictedToip6, session->pub.herPublicKey)) {
|
|
|
+ if (!ip6MatchesKey(restrictedToip6, session->herPublicKey)) {
|
|
|
cryptoAuthDebug0(session, "DROP packet with key not matching restrictedToip6");
|
|
|
return CryptoAuth_DecryptErr_IP_RESTRICTED;
|
|
|
}
|
|
@@ -614,7 +618,7 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
|
|
|
getSharedSecret(sharedSecret,
|
|
|
session->context->privateKey,
|
|
|
- session->pub.herPublicKey,
|
|
|
+ session->herPublicKey,
|
|
|
passwordHash,
|
|
|
session->context->logger);
|
|
|
nextNonce = CryptoAuth_State_RECEIVED_HELLO;
|
|
@@ -632,7 +636,7 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
// We sent the hello, this is a key
|
|
|
getSharedSecret(sharedSecret,
|
|
|
session->ourTempPrivKey,
|
|
|
- session->pub.herPublicKey,
|
|
|
+ session->herPublicKey,
|
|
|
passwordHash,
|
|
|
session->context->logger);
|
|
|
nextNonce = CryptoAuth_State_RECEIVED_KEY;
|
|
@@ -647,7 +651,7 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
uint8_t nonceHex[49];
|
|
|
Hex_encode(nonceHex, 49, header->handshakeNonce, 24);
|
|
|
uint8_t cipherHex[65];
|
|
|
- printHexKey(cipherHex, message->bytes);
|
|
|
+ printHexKey(cipherHex, message->msgbytes);
|
|
|
Log_keys(session->context->logger,
|
|
|
"Decrypting message with:\n"
|
|
|
" nonce: %s\n"
|
|
@@ -762,8 +766,8 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
// fresh new hello packet, we should reset the session.
|
|
|
switch (session->nextNonce) {
|
|
|
case CryptoAuth_State_SENT_HELLO: {
|
|
|
- if (Bits_memcmp(session->pub.herPublicKey,
|
|
|
- session->context->pub.publicKey, 32) < 0)
|
|
|
+ if (Bits_memcmp(session->herPublicKey,
|
|
|
+ session->context->pubKey, 32) < 0)
|
|
|
{
|
|
|
// It's a hello and we are the initiator but their permant public key is
|
|
|
// numerically lower than ours, this is so that in the event of two hello
|
|
@@ -824,26 +828,24 @@ static enum CryptoAuth_DecryptErr decryptHandshake(struct CryptoAuth_Session_pvt
|
|
|
);
|
|
|
session->nextNonce = nextNonce;
|
|
|
|
|
|
- Bits_memset(&session->pub.replayProtector, 0, sizeof(struct ReplayProtector));
|
|
|
+ Bits_memset(&session->replayProtector, 0, sizeof(struct ReplayProtector));
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
/** @return 0 on success, -1 otherwise. */
|
|
|
-enum CryptoAuth_DecryptErr CryptoAuth_decrypt(struct CryptoAuth_Session* sessionPub,
|
|
|
- struct Message* msg)
|
|
|
+static enum CryptoAuth_DecryptErr decryptPacket(struct CryptoAuth_Session_pvt* session,
|
|
|
+ struct Message* msg)
|
|
|
{
|
|
|
- struct CryptoAuth_Session_pvt* session =
|
|
|
- Identity_check((struct CryptoAuth_Session_pvt*) sessionPub);
|
|
|
- struct CryptoHeader* header = (struct CryptoHeader*) msg->bytes;
|
|
|
+ struct CryptoHeader* header = (struct CryptoHeader*) msg->msgbytes;
|
|
|
|
|
|
- if (msg->length < 20) {
|
|
|
+ if (Message_getLength(msg) < 20) {
|
|
|
cryptoAuthDebug0(session, "DROP runt");
|
|
|
return CryptoAuth_DecryptErr_RUNT;
|
|
|
}
|
|
|
- Assert_true(msg->padding >= 12 || "need at least 12 bytes of padding in incoming message");
|
|
|
- Assert_true(!((uintptr_t)msg->bytes % 4) || !"alignment fault");
|
|
|
- Assert_true(!(msg->capacity % 4) || !"length fault");
|
|
|
+ Assert_true(Message_getPadding(msg) >= 12 || "need at least 12 bytes of padding in incoming message");
|
|
|
+ Assert_true(!((uintptr_t)msg->msgbytes % 4) || !"alignment fault");
|
|
|
+ Assert_true(!(Message_getCapacity(msg) % 4) || !"length fault");
|
|
|
|
|
|
Er_assert(Message_eshift(msg, -4));
|
|
|
|
|
@@ -869,8 +871,8 @@ enum CryptoAuth_DecryptErr CryptoAuth_decrypt(struct CryptoAuth_Session* session
|
|
|
enum CryptoAuth_DecryptErr ret = decryptMessage(session, nonce, msg, secret);
|
|
|
|
|
|
// This prevents a few "ghost" dropped packets at the beginning of a session.
|
|
|
- session->pub.replayProtector.baseOffset = nonce + 1;
|
|
|
- session->pub.replayProtector.bitfield = 0;
|
|
|
+ session->replayProtector.baseOffset = nonce + 1;
|
|
|
+ session->replayProtector.bitfield = 0;
|
|
|
|
|
|
if (!ret) {
|
|
|
cryptoAuthDebug0(session, "Final handshake step succeeded");
|
|
@@ -911,6 +913,14 @@ enum CryptoAuth_DecryptErr CryptoAuth_decrypt(struct CryptoAuth_Session* session
|
|
|
Assert_failure("unreachable");
|
|
|
}
|
|
|
|
|
|
+/** @return 0 on success, -1 otherwise. */ // Now only used in unit tests on Rust side
|
|
|
+enum CryptoAuth_DecryptErr CryptoAuth_decrypt(struct CryptoAuth_Session* sessionPub,
|
|
|
+ struct Message* msg) {
|
|
|
+ struct CryptoAuth_Session_pvt *session =
|
|
|
+ Identity_check((struct CryptoAuth_Session_pvt *) sessionPub);
|
|
|
+ return decryptPacket(session, msg);
|
|
|
+}
|
|
|
+
|
|
|
/////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
struct CryptoAuth* CryptoAuth_new(struct Allocator* allocator,
|
|
@@ -931,11 +941,11 @@ struct CryptoAuth* CryptoAuth_new(struct Allocator* allocator,
|
|
|
} else {
|
|
|
Random_bytes(rand, ca->privateKey, 32);
|
|
|
}
|
|
|
- crypto_scalarmult_curve25519_base(ca->pub.publicKey, ca->privateKey);
|
|
|
+ crypto_scalarmult_curve25519_base(ca->pubKey, ca->privateKey);
|
|
|
|
|
|
if (Defined(Log_KEYS)) {
|
|
|
uint8_t publicKeyHex[65];
|
|
|
- printHexKey(publicKeyHex, ca->pub.publicKey);
|
|
|
+ printHexKey(publicKeyHex, ca->pubKey);
|
|
|
uint8_t privateKeyHex[65];
|
|
|
printHexKey(privateKeyHex, ca->privateKey);
|
|
|
Log_keys(logger,
|
|
@@ -1023,43 +1033,90 @@ int CryptoAuth_removeUsers(struct CryptoAuth* context, String* login)
|
|
|
return count;
|
|
|
}
|
|
|
|
|
|
-struct StringList* CryptoAuth_getUsers(struct CryptoAuth* context, struct Allocator* alloc)
|
|
|
+RTypes_StrList_t* CryptoAuth_getUsers(const struct CryptoAuth* context, struct Allocator* alloc)
|
|
|
{
|
|
|
struct CryptoAuth_pvt* ca = Identity_check((struct CryptoAuth_pvt*) context);
|
|
|
|
|
|
- struct StringList* users = StringList_new(alloc);
|
|
|
+ int count = 0;
|
|
|
for (struct CryptoAuth_User* u = ca->users; u; u = u->next) {
|
|
|
- StringList_add(users, String_clone(u->login, alloc));
|
|
|
+ count++;
|
|
|
}
|
|
|
|
|
|
- return users;
|
|
|
+ RTypes_StrList_t* out = Allocator_calloc(alloc, sizeof(RTypes_StrList_t), 1);
|
|
|
+ out->len = count;
|
|
|
+ out->items = Allocator_calloc(alloc, sizeof(String*), count);
|
|
|
+ int i = 0;
|
|
|
+ for (struct CryptoAuth_User* u = ca->users; u; u = u->next) {
|
|
|
+ out->items[i] = String_clone(u->login, alloc);
|
|
|
+ i++;
|
|
|
+ }
|
|
|
+
|
|
|
+ return out;
|
|
|
+}
|
|
|
+
|
|
|
+static Iface_DEFUN plaintextMsg(struct Message* msg, struct Iface* iface)
|
|
|
+{
|
|
|
+ struct CryptoAuth_Session_pvt* sess =
|
|
|
+ Identity_containerOf(iface, struct CryptoAuth_Session_pvt, pub.plaintext);
|
|
|
+ if (encryptPacket(sess, msg)) {
|
|
|
+ return Error(msg, "INTERNAL");
|
|
|
+ }
|
|
|
+ return Iface_next(&sess->pub.ciphertext, msg);
|
|
|
+}
|
|
|
+
|
|
|
+static Iface_DEFUN ciphertextMsg(struct Message* msg, struct Iface* iface)
|
|
|
+{
|
|
|
+ struct CryptoAuth_Session_pvt* sess =
|
|
|
+ Identity_containerOf(iface, struct CryptoAuth_Session_pvt, pub.ciphertext);
|
|
|
+ if (Message_getLength(msg) < 32) {
|
|
|
+ return Error(msg, "RUNT");
|
|
|
+ }
|
|
|
+ // Address is pushed on top of the message
|
|
|
+ Er_assert(Message_epop(msg, NULL, 16));
|
|
|
+ uint8_t firstSixteen[16];
|
|
|
+ Bits_memcpy(firstSixteen, msg->msgbytes, 16);
|
|
|
+ enum CryptoAuth_DecryptErr e = decryptPacket(sess, msg);
|
|
|
+ if (e == CryptoAuth_DecryptErr_NONE) {
|
|
|
+ Er_assert(Message_epush32be(msg, CryptoAuth_DecryptErr_NONE));
|
|
|
+ return Iface_next(&sess->pub.plaintext, msg);
|
|
|
+ }
|
|
|
+ Er_assert(Message_epop(msg, NULL, Message_getLength(msg)));
|
|
|
+ Er_assert(Message_epush32be(msg, CryptoAuth_getState(&sess->pub)));
|
|
|
+ Er_assert(Message_epush32be(msg, e));
|
|
|
+ Er_assert(Message_epush(msg, firstSixteen, 16));
|
|
|
+ Er_assert(Message_epush32h(msg, e));
|
|
|
+ return Iface_next(&sess->pub.plaintext, msg);
|
|
|
}
|
|
|
|
|
|
struct CryptoAuth_Session* CryptoAuth_newSession(struct CryptoAuth* ca,
|
|
|
struct Allocator* alloc,
|
|
|
const uint8_t herPublicKey[32],
|
|
|
const bool requireAuth,
|
|
|
- char* displayName)
|
|
|
+ const char* displayName,
|
|
|
+ bool useNoise)
|
|
|
{
|
|
|
+ Assert_true(!useNoise && "Noise protocol not implemented in old CryptoAuth");
|
|
|
struct CryptoAuth_pvt* context = Identity_check((struct CryptoAuth_pvt*) ca);
|
|
|
struct CryptoAuth_Session_pvt* session =
|
|
|
Allocator_calloc(alloc, sizeof(struct CryptoAuth_Session_pvt), 1);
|
|
|
Identity_set(session);
|
|
|
+ session->pub.plaintext.send = plaintextMsg;
|
|
|
+ session->pub.ciphertext.send = ciphertextMsg;
|
|
|
session->context = context;
|
|
|
session->requireAuth = requireAuth;
|
|
|
- session->pub.displayName = displayName ? String_new(displayName, alloc) : NULL;
|
|
|
- session->timeOfLastPacket = Time_currentTimeSeconds(context->eventBase);
|
|
|
+ session->displayName = displayName ? String_new(displayName, alloc) : NULL;
|
|
|
+ session->timeOfLastPacket = Time_currentTimeSeconds();
|
|
|
session->alloc = alloc;
|
|
|
|
|
|
- session->pub.resetAfterInactivitySeconds = CryptoAuth_DEFAULT_RESET_AFTER_INACTIVITY_SECONDS;
|
|
|
- session->pub.setupResetAfterInactivitySeconds =
|
|
|
+ session->resetAfterInactivitySeconds = CryptoAuth_DEFAULT_RESET_AFTER_INACTIVITY_SECONDS;
|
|
|
+ session->setupResetAfterInactivitySeconds =
|
|
|
CryptoAuth_DEFAULT_SETUP_RESET_AFTER_INACTIVITY_SECONDS;
|
|
|
|
|
|
Assert_true(herPublicKey);
|
|
|
- Bits_memcpy(session->pub.herPublicKey, herPublicKey, 32);
|
|
|
+ Bits_memcpy(session->herPublicKey, herPublicKey, 32);
|
|
|
uint8_t calculatedIp6[16];
|
|
|
AddressCalc_addressForPublicKey(calculatedIp6, herPublicKey);
|
|
|
- Bits_memcpy(session->pub.herIp6, calculatedIp6, 16);
|
|
|
+ Bits_memcpy(session->herIp6, calculatedIp6, 16);
|
|
|
|
|
|
return &session->pub;
|
|
|
}
|
|
@@ -1099,13 +1156,13 @@ void CryptoAuth_setAuth(const String* password,
|
|
|
reset(session);
|
|
|
}
|
|
|
|
|
|
-enum CryptoAuth_State CryptoAuth_getState(struct CryptoAuth_Session* caSession)
|
|
|
+RTypes_CryptoAuth_State_t CryptoAuth_getState(struct CryptoAuth_Session* caSession)
|
|
|
{
|
|
|
struct CryptoAuth_Session_pvt* session =
|
|
|
Identity_check((struct CryptoAuth_Session_pvt*)caSession);
|
|
|
|
|
|
if (session->nextNonce <= CryptoAuth_State_RECEIVED_KEY) {
|
|
|
- return session->nextNonce;
|
|
|
+ return (RTypes_CryptoAuth_State_t) session->nextNonce;
|
|
|
}
|
|
|
return (session->established) ? CryptoAuth_State_ESTABLISHED : CryptoAuth_State_RECEIVED_KEY;
|
|
|
}
|
|
@@ -1124,13 +1181,57 @@ void CryptoAuth_reset(struct CryptoAuth_Session* caSession)
|
|
|
reset(session);
|
|
|
}
|
|
|
|
|
|
+void CryptoAuth_getHerPubKey(const struct CryptoAuth_Session* session, uint8_t* pkOut)
|
|
|
+{
|
|
|
+ const struct CryptoAuth_Session_pvt* s =
|
|
|
+ Identity_check((struct CryptoAuth_Session_pvt*)session);
|
|
|
+ Bits_memcpy(pkOut, s->herPublicKey, 32);
|
|
|
+}
|
|
|
+
|
|
|
+void CryptoAuth_getHerIp6(const struct CryptoAuth_Session* session, uint8_t* ipOut)
|
|
|
+{
|
|
|
+ const struct CryptoAuth_Session_pvt* s =
|
|
|
+ Identity_check((struct CryptoAuth_Session_pvt*)session);
|
|
|
+ Bits_memcpy(ipOut, s->herIp6, 16);
|
|
|
+}
|
|
|
+
|
|
|
+void CryptoAuth_getPubKey(const struct CryptoAuth* ca, uint8_t* pkOut)
|
|
|
+{
|
|
|
+ const struct CryptoAuth_pvt* context = Identity_check((struct CryptoAuth_pvt*) ca);
|
|
|
+ Bits_memcpy(pkOut, context->pubKey, 32);
|
|
|
+}
|
|
|
+
|
|
|
+String_t *CryptoAuth_getName(const struct CryptoAuth_Session* session, Allocator_t* alloc)
|
|
|
+{
|
|
|
+ const struct CryptoAuth_Session_pvt* s =
|
|
|
+ Identity_check((struct CryptoAuth_Session_pvt*)session);
|
|
|
+ if (s->displayName) {
|
|
|
+ return String_clone(s->displayName, alloc);
|
|
|
+ } else {
|
|
|
+ return NULL;
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+void CryptoAuth_stats(const struct CryptoAuth_Session* session, RTypes_CryptoStats_t* statsOut)
|
|
|
+{
|
|
|
+ const struct CryptoAuth_Session_pvt* s =
|
|
|
+ Identity_check((struct CryptoAuth_Session_pvt*)session);
|
|
|
+ statsOut->received_packets = s->replayProtector.baseOffset +
|
|
|
+ Bits_popCountx64(s->replayProtector.bitfield);
|
|
|
+ statsOut->lost_packets = s->replayProtector.lostPackets;
|
|
|
+ statsOut->received_unexpected = s->replayProtector.receivedOutOfRange;
|
|
|
+ statsOut->duplicate_packets = s->replayProtector.duplicates;
|
|
|
+ statsOut->noise_proto = false;
|
|
|
+}
|
|
|
+
|
|
|
// For testing:
|
|
|
-void CryptoAuth_encryptRndNonce(uint8_t nonce[24], struct Message* msg, uint8_t secret[32])
|
|
|
+void CryptoAuth_encryptRndNonce(const uint8_t nonce[24], struct Message* msg, const uint8_t secret[32])
|
|
|
{
|
|
|
encryptRndNonce(nonce, msg, secret);
|
|
|
}
|
|
|
|
|
|
-int CryptoAuth_decryptRndNonce(uint8_t nonce[24], struct Message* msg, uint8_t secret[32])
|
|
|
+int CryptoAuth_decryptRndNonce(const uint8_t nonce[24], struct Message* msg, const uint8_t secret[32])
|
|
|
{
|
|
|
return decryptRndNonce(nonce, msg, secret);
|
|
|
}
|
|
|
+
|