2019-01-14 22:46:07 +01:00
|
|
|
#include <crypto/encrypted_frame.hpp>
|
2019-01-10 20:41:51 +01:00
|
|
|
|
2019-01-13 15:00:50 +01:00
|
|
|
#include <crypto/crypto.hpp>
|
2019-01-10 20:41:51 +01:00
|
|
|
#include <util/logger.hpp>
|
|
|
|
|
#include <util/mem.hpp>
|
2018-06-10 16:05:48 +02:00
|
|
|
|
|
|
|
|
namespace llarp
|
|
|
|
|
{
|
2018-06-11 15:44:49 +02:00
|
|
|
bool
|
2019-01-02 02:04:04 +01:00
|
|
|
EncryptedFrame::EncryptInPlace(const SecretKey& ourSecretKey,
|
|
|
|
|
const PubKey& otherPubkey,
|
2018-12-11 01:53:11 +01:00
|
|
|
llarp::Crypto* crypto)
|
2018-06-11 15:44:49 +02:00
|
|
|
{
|
|
|
|
|
// format of frame is
|
|
|
|
|
// <32 bytes keyed hash of following data>
|
|
|
|
|
// <32 bytes nonce>
|
|
|
|
|
// <32 bytes pubkey>
|
|
|
|
|
// <N bytes encrypted payload>
|
|
|
|
|
//
|
2019-01-02 02:04:06 +01:00
|
|
|
byte_t* hash = data();
|
|
|
|
|
byte_t* noncePtr = hash + SHORTHASHSIZE;
|
|
|
|
|
byte_t* pubkey = noncePtr + TUNNONCESIZE;
|
|
|
|
|
byte_t* body = pubkey + PUBKEYSIZE;
|
2018-06-11 15:44:49 +02:00
|
|
|
|
2018-06-12 13:57:14 +02:00
|
|
|
SharedSecret shared;
|
2018-06-11 15:44:49 +02:00
|
|
|
|
|
|
|
|
llarp_buffer_t buf;
|
|
|
|
|
buf.base = body;
|
|
|
|
|
buf.cur = buf.base;
|
2018-12-20 17:49:05 +01:00
|
|
|
buf.sz = size() - EncryptedFrameOverheadSize;
|
2018-06-11 15:44:49 +02:00
|
|
|
|
|
|
|
|
// set our pubkey
|
2019-01-02 02:04:08 +01:00
|
|
|
memcpy(pubkey, ourSecretKey.toPublic().data(), PUBKEYSIZE);
|
2018-06-11 15:44:49 +02:00
|
|
|
// randomize nonce
|
2019-01-02 02:04:06 +01:00
|
|
|
crypto->randbytes(noncePtr, TUNNONCESIZE);
|
|
|
|
|
TunnelNonce nonce(noncePtr);
|
2018-06-11 15:44:49 +02:00
|
|
|
|
|
|
|
|
// derive shared key
|
2019-01-26 16:40:58 +01:00
|
|
|
if(!crypto->dh_client(shared, otherPubkey, ourSecretKey, nonce))
|
2018-06-11 15:44:49 +02:00
|
|
|
{
|
2018-07-05 17:44:06 +02:00
|
|
|
llarp::LogError("DH failed");
|
2018-06-11 15:44:49 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
2018-06-20 14:34:48 +02:00
|
|
|
|
2018-06-11 15:44:49 +02:00
|
|
|
// encrypt body
|
2019-01-26 16:40:58 +01:00
|
|
|
if(!crypto->xchacha20(buf, shared, nonce))
|
2018-06-11 15:44:49 +02:00
|
|
|
{
|
2018-07-05 17:44:06 +02:00
|
|
|
llarp::LogError("encrypt failed");
|
2018-06-11 15:44:49 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// generate message auth
|
2019-01-02 02:04:06 +01:00
|
|
|
buf.base = noncePtr;
|
2018-06-11 15:44:49 +02:00
|
|
|
buf.cur = buf.base;
|
2018-06-19 19:11:24 +02:00
|
|
|
buf.sz = size() - SHORTHASHSIZE;
|
2018-06-11 15:44:49 +02:00
|
|
|
|
2019-01-26 16:40:58 +01:00
|
|
|
if(!crypto->hmac(hash, buf, shared))
|
2018-06-11 15:44:49 +02:00
|
|
|
{
|
2019-01-02 02:04:03 +01:00
|
|
|
llarp::LogError("Failed to generate message auth");
|
2018-06-11 15:44:49 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-10 16:05:48 +02:00
|
|
|
bool
|
2019-01-02 02:04:04 +01:00
|
|
|
EncryptedFrame::DecryptInPlace(const SecretKey& ourSecretKey,
|
2018-12-11 01:53:11 +01:00
|
|
|
llarp::Crypto* crypto)
|
2018-06-10 16:05:48 +02:00
|
|
|
{
|
2018-06-11 15:25:10 +02:00
|
|
|
// format of frame is
|
|
|
|
|
// <32 bytes keyed hash of following data>
|
|
|
|
|
// <32 bytes nonce>
|
|
|
|
|
// <32 bytes pubkey>
|
|
|
|
|
// <N bytes encrypted payload>
|
|
|
|
|
//
|
2019-01-02 02:04:06 +01:00
|
|
|
ShortHash hash(data());
|
2019-01-02 02:04:08 +01:00
|
|
|
byte_t* noncePtr = data() + SHORTHASHSIZE;
|
|
|
|
|
byte_t* body = data() + EncryptedFrameOverheadSize;
|
2019-01-02 02:04:06 +01:00
|
|
|
TunnelNonce nonce(noncePtr);
|
2019-01-02 02:04:08 +01:00
|
|
|
PubKey otherPubkey(noncePtr + TUNNONCESIZE);
|
2018-06-11 15:25:10 +02:00
|
|
|
|
2018-06-12 13:57:14 +02:00
|
|
|
SharedSecret shared;
|
2018-06-11 15:25:10 +02:00
|
|
|
|
2019-01-26 16:40:58 +01:00
|
|
|
// use dh_server because we are not the creator of this message
|
|
|
|
|
if(!crypto->dh_server(shared, otherPubkey, ourSecretKey, nonce))
|
2018-06-11 15:25:10 +02:00
|
|
|
{
|
2018-07-05 17:44:06 +02:00
|
|
|
llarp::LogError("DH failed");
|
2018-06-11 15:25:10 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-02 02:04:06 +01:00
|
|
|
llarp_buffer_t buf;
|
|
|
|
|
buf.base = noncePtr;
|
|
|
|
|
buf.cur = buf.base;
|
|
|
|
|
buf.sz = size() - SHORTHASHSIZE;
|
|
|
|
|
|
|
|
|
|
ShortHash digest;
|
2019-01-26 16:40:58 +01:00
|
|
|
if(!crypto->hmac(digest.data(), buf, shared))
|
2018-06-11 15:25:10 +02:00
|
|
|
{
|
2018-07-05 17:44:06 +02:00
|
|
|
llarp::LogError("Digest failed");
|
2018-06-11 15:25:10 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-02 02:04:06 +01:00
|
|
|
if(!std::equal(digest.begin(), digest.end(), hash.begin()))
|
2018-06-11 15:25:10 +02:00
|
|
|
{
|
2018-07-05 17:44:06 +02:00
|
|
|
llarp::LogError("message authentication failed");
|
2018-06-11 15:25:10 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-11 15:44:49 +02:00
|
|
|
buf.base = body;
|
|
|
|
|
buf.cur = body;
|
2018-12-20 17:49:05 +01:00
|
|
|
buf.sz = size() - EncryptedFrameOverheadSize;
|
2018-06-11 15:44:49 +02:00
|
|
|
|
2019-01-26 16:40:58 +01:00
|
|
|
if(!crypto->xchacha20(buf, shared, nonce))
|
2018-06-11 15:25:10 +02:00
|
|
|
{
|
2018-07-05 17:44:06 +02:00
|
|
|
llarp::LogError("decrypt failed");
|
2018-06-11 15:25:10 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
2018-06-10 16:05:48 +02:00
|
|
|
}
|
2018-06-19 00:03:50 +02:00
|
|
|
} // namespace llarp
|
