Arav/tetatet
1
0
Fork 0
Code Releases Activity

Now hello has a half of a nonce is being generated. A crypt_hello_get_nonce() func was introduced to make a full-length nonce.

Browse Source
This commit is contained in:
Alexander Andreev 2024-03-24 02:18:27 +04:00
parent 61b1992828
commit 0cdca672a0
Signed by: Arav
GPG Key ID: 25969B23DCB5CA34
2 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/crypt.c
View File

@ -113,6 +113,8 @@ unsigned char *crypt_hello(const crypt_key_t *const own) {
return NULL;
}
randombytes_buf(hello+CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN, CRYPT_NONCEHALF_LEN);
return hello;
}
@ -120,7 +122,26 @@ int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remo
if (crypt_key_from_hex_public(remote, (const char *const)hello) < 0)
return -1;
return crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN, remote->sign_pub);
if (crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN, remote->sign_pub))
return -1;
return 0;
}
const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, const bool is_client) {
unsigned char *nonce = (unsigned char *)malloc(CRYPT_NONCE_LEN * sizeof(unsigned char));
if (nonce == NULL)
return NULL;
const unsigned char *first = NULL, *second = NULL;
first = (is_client ? own_hello : remote_hello) + CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN;
second = (is_client ? remote_hello : own_hello) + CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN;
memcpy(nonce, first, CRYPT_NONCEHALF_LEN);
memcpy(nonce+CRYPT_NONCEHALF_LEN, second, CRYPT_NONCEHALF_LEN);
return nonce;
}
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const bool is_client) {

14
src/crypt.h
View File

@ -15,10 +15,13 @@
#define CRYPT_SESS_KEY_LEN crypto_kx_SESSIONKEYBYTES
#define CRYPT_HELLO_LEN CRYPT_PKEY_HEXLEN + CRYPT_SIGN_LEN
#define CRYPT_NONCE_LEN crypto_aead_aegis256_NPUBBYTES
#define CRYPT_NONCEHALF_LEN (CRYPT_NONCE_LEN/2)
#define CRYPT_PKEY_HEXLEN (CRYPT_KX_PKEY_LEN + CRYPT_SIGN_PKEY_LEN) * 2
#define CRYPT_SKEY_HEXLEN (CRYPT_SIGN_PKEY_LEN + CRYPT_SIGN_SKEY_LEN) * 2
#define CRYPT_HELLO_LEN (CRYPT_PKEY_HEXLEN + CRYPT_SIGN_LEN + (CRYPT_NONCEHALF_LEN))
#define CRYPT_PKEY_HEXLEN ((CRYPT_KX_PKEY_LEN + CRYPT_SIGN_PKEY_LEN) * 2)
#define CRYPT_SKEY_HEXLEN ((CRYPT_SIGN_PKEY_LEN + CRYPT_SIGN_SKEY_LEN) * 2)
// Stores the public and secret keys used in a key exchange and for signing.
typedef struct crypt_key_t {
@ -52,10 +55,13 @@ int crypt_load_key(crypt_key_t *const k, FILE *const pub, FILE *const sec);
int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec);
// Returns a hello packet consisting of a public key and its sign.
// The packet is sign_len long.
// The packet is of CRYPT_SIGN_LEN long.
unsigned char *crypt_hello(const crypt_key_t *const own);
// Verify a hello message. It only shows that a remote public key's sign is ok.
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote);
// Combines own and remote halves of a nonce depending in a connection direction and returns it.
// It will be of CRYPT_NONCE_LEN length.
const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, const bool is_client);
// Stores symmetric keys used for a data encryption in both directions
// and a remote public key.