Skip to content

Commit e2a6aec

Browse files
angtangt
committed
Be more paranoid: generate 2 keys
1 parent ef05617 commit e2a6aec

File tree

1 file changed

+14
-9
lines changed

1 file changed

+14
-9
lines changed

src/main.c

+14-9
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,8 @@ struct netio {
3838
};
3939

4040
struct crypto_ctx {
41-
crypto_aead_aes256gcm_state state;
41+
crypto_aead_aes256gcm_state state_r;
42+
crypto_aead_aes256gcm_state state_w;
4243
uint8_t nonce_r[crypto_aead_aes256gcm_NPUBBYTES];
4344
uint8_t nonce_w[crypto_aead_aes256gcm_NPUBBYTES];
4445
uint8_t skey[crypto_generichash_KEYBYTES];
@@ -466,7 +467,7 @@ static int encrypt_packet (struct crypto_ctx *ctx, uint8_t *packet, size_t size,
466467
packet + hs, size - hs,
467468
packet, hs,
468469
NULL, ctx->nonce_w,
469-
(const crypto_aead_aes256gcm_state *)&ctx->state);
470+
(const crypto_aead_aes256gcm_state *)&ctx->state_w);
470471

471472
sodium_increment(ctx->nonce_w, crypto_aead_aes256gcm_NPUBBYTES);
472473
buffer->write += ws;
@@ -491,7 +492,7 @@ static int decrypt_packet (struct crypto_ctx *ctx, uint8_t *packet, size_t size,
491492
buffer->read + hs, rs - hs,
492493
packet, hs,
493494
ctx->nonce_r,
494-
(const crypto_aead_aes256gcm_state *)&ctx->state))
495+
(const crypto_aead_aes256gcm_state *)&ctx->state_r))
495496
return -1;
496497

497498
sodium_increment(ctx->nonce_r, crypto_aead_aes256gcm_NPUBBYTES);
@@ -575,7 +576,7 @@ static int gt_setup_crypto (struct crypto_ctx *ctx, int fd, int listener)
575576
uint8_t shared[crypto_scalarmult_BYTES];
576577
uint8_t key[crypto_aead_aes256gcm_KEYBYTES];
577578

578-
uint8_t data_r[size], data_w[size], data_x[size];
579+
uint8_t data_r[size], data_w[size];
579580
uint8_t hkey_c[hkey_size];
580581

581582
randombytes_buf(data_w, nonce_size);
@@ -600,18 +601,22 @@ static int gt_setup_crypto (struct crypto_ctx *ctx, int fd, int listener)
600601
if (listener && fd_write_all(fd, data_w, size)!=size)
601602
return -1;
602603

603-
for (size_t i=0; i<size; i++)
604-
data_x[i] = data_r[i]^data_w[i];
605-
606604
crypto_scalarmult(shared, secret, &data_r[nonce_size]);
607605

608606
crypto_generichash_state state;
609607
crypto_generichash_init(&state, ctx->skey, sizeof(ctx->skey), sizeof(key));
610608
crypto_generichash_update(&state, shared, sizeof(shared));
611-
crypto_generichash_update(&state, data_x, size);
609+
crypto_generichash_update(&state, data_r, size);
610+
crypto_generichash_update(&state, data_w, size);
612611
crypto_generichash_final(&state, key, sizeof(key));
612+
crypto_aead_aes256gcm_beforenm(&ctx->state_r, key);
613613

614-
crypto_aead_aes256gcm_beforenm(&ctx->state, key);
614+
crypto_generichash_init(&state, ctx->skey, sizeof(ctx->skey), sizeof(key));
615+
crypto_generichash_update(&state, shared, sizeof(shared));
616+
crypto_generichash_update(&state, data_w, size);
617+
crypto_generichash_update(&state, data_r, size);
618+
crypto_generichash_final(&state, key, sizeof(key));
619+
crypto_aead_aes256gcm_beforenm(&ctx->state_w, key);
615620

616621
sodium_memzero(secret, sizeof(secret));
617622
sodium_memzero(shared, sizeof(shared));

0 commit comments

Comments
 (0)