crypt module was freed from malloc use.
This commit is contained in:
parent
124bad3938
commit
f9a660a634
45
src/crypt.c
45
src/crypt.c
@ -103,25 +103,20 @@ int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *crypt_hello(const crypt_key_t *const own) {
|
int crypt_hello(const crypt_key_t *const own, unsigned char *const hello) {
|
||||||
unsigned char *hello = (unsigned char *)malloc(CRYPT_HELLO_LEN * sizeof(unsigned char));
|
|
||||||
if (hello == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if (crypt_key_export_public(own, (char *const)hello) == -1) {
|
if (crypt_key_export_public(own, (char *const)hello) == -1) {
|
||||||
free(hello);
|
return -1;
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
randombytes_buf(hello+CRYPT_PKEY_HEXLEN, CRYPT_NONCEHALF_LEN);
|
randombytes_buf(hello+CRYPT_PKEY_HEXLEN, CRYPT_NONCEHALF_LEN);
|
||||||
|
|
||||||
if (crypto_sign_detached(hello+CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, NULL, (const unsigned char *)hello, CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, own->sign_sec) == -1) {
|
if (crypto_sign_detached(hello+CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, NULL, (const unsigned char *)hello, CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, own->sign_sec) == -1) {
|
||||||
free(hello);
|
free(hello);
|
||||||
return NULL;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
return hello;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote) {
|
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote) {
|
||||||
@ -134,11 +129,7 @@ int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remo
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, bool is_client) {
|
void crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, unsigned char *const nonce, bool is_client) {
|
||||||
unsigned char *nonce = (unsigned char *)malloc(CRYPT_NONCE_LEN * sizeof(unsigned char));
|
|
||||||
if (nonce == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
const unsigned char *first = NULL, *second = NULL;
|
const unsigned char *first = NULL, *second = NULL;
|
||||||
|
|
||||||
first = (is_client ? own_hello : remote_hello) + CRYPT_PKEY_HEXLEN;
|
first = (is_client ? own_hello : remote_hello) + CRYPT_PKEY_HEXLEN;
|
||||||
@ -146,8 +137,6 @@ unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const
|
|||||||
|
|
||||||
memcpy(nonce, first, CRYPT_NONCEHALF_LEN);
|
memcpy(nonce, first, CRYPT_NONCEHALF_LEN);
|
||||||
memcpy(nonce+CRYPT_NONCEHALF_LEN, second, CRYPT_NONCEHALF_LEN);
|
memcpy(nonce+CRYPT_NONCEHALF_LEN, second, CRYPT_NONCEHALF_LEN);
|
||||||
|
|
||||||
return nonce;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client) {
|
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client) {
|
||||||
@ -170,28 +159,12 @@ int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, c
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen) {
|
int crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned char *const c, unsigned long long *const clen) {
|
||||||
unsigned char *c = (unsigned char *)malloc((mlen + crypto_aead_aegis256_ABYTES) * sizeof(unsigned char));
|
return crypto_aead_aegis256_encrypt(c, clen, m, mlen, NULL, 0, NULL, s->nonce, s->tx);
|
||||||
if (c == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if (crypto_aead_aegis256_encrypt(c, clen, m, mlen, NULL, 0, NULL, s->nonce, s->tx) == -1) {
|
|
||||||
free(c);
|
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return c;
|
int crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned char *const m, unsigned long long *const mlen) {
|
||||||
}
|
return crypto_aead_aegis256_decrypt(m, mlen, NULL, c, clen, NULL, 0, s->nonce, s->rx);
|
||||||
|
|
||||||
unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen) {
|
|
||||||
unsigned char *m = (unsigned char *)malloc((clen - crypto_aead_aegis256_ABYTES) * sizeof(unsigned char));
|
|
||||||
|
|
||||||
if (crypto_aead_aegis256_decrypt(m, mlen, NULL, c, clen, NULL, 0, s->nonce, s->rx) != 0) {
|
|
||||||
free(m);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
return m;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void crypt_session_destroy(crypt_session_t *const s) {
|
void crypt_session_destroy(crypt_session_t *const s) {
|
||||||
|
11
src/crypt.h
11
src/crypt.h
@ -41,9 +41,9 @@ int crypt_key_export_secret(const crypt_key_t *const k, char hex[CRYPT_SKEY_HEXL
|
|||||||
int crypt_load_key(crypt_key_t *const k, FILE *const pub, FILE *const sec);
|
int crypt_load_key(crypt_key_t *const k, FILE *const pub, FILE *const sec);
|
||||||
int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec);
|
int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec);
|
||||||
|
|
||||||
unsigned char *crypt_hello(const crypt_key_t *const own);
|
int crypt_hello(const crypt_key_t *const own, unsigned char *const hello);
|
||||||
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote);
|
int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote);
|
||||||
unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, bool is_client);
|
void crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, unsigned char *const nonce, bool is_client);
|
||||||
|
|
||||||
typedef struct crypt_session_t {
|
typedef struct crypt_session_t {
|
||||||
unsigned char rx[CRYPT_SESS_KEY_LEN];
|
unsigned char rx[CRYPT_SESS_KEY_LEN];
|
||||||
@ -52,9 +52,12 @@ typedef struct crypt_session_t {
|
|||||||
crypt_key_t *remote_key;
|
crypt_key_t *remote_key;
|
||||||
} crypt_session_t;
|
} crypt_session_t;
|
||||||
|
|
||||||
|
#define CLEN(mlen) (mlen + crypto_aead_aegis256_ABYTES)
|
||||||
|
#define MLEN(clen) (clen - crypto_aead_aegis256_ABYTES)
|
||||||
|
|
||||||
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client);
|
int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const unsigned char *const nonce, bool is_client);
|
||||||
unsigned char *crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned long long *clen);
|
int crypt_session_encrypt(crypt_session_t *const s, const unsigned char *const m, unsigned long long mlen, unsigned char *const c, unsigned long long *const clen);
|
||||||
unsigned char *crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned long long *mlen);
|
int crypt_session_decrypt(crypt_session_t *const s, const unsigned char *const c, unsigned long long clen, unsigned char *const m, unsigned long long *const mlen);
|
||||||
void crypt_session_destroy(crypt_session_t *const s);
|
void crypt_session_destroy(crypt_session_t *const s);
|
||||||
|
|
||||||
#endif /* _CRYPT_H_ */
|
#endif /* _CRYPT_H_ */
|
||||||
|
30
src/main.c
30
src/main.c
@ -245,7 +245,7 @@ cleanup:
|
|||||||
}
|
}
|
||||||
|
|
||||||
int handshake(const unsigned char * hello, const char * remote_hello, crypt_session_t *const s, crypt_key_t *const ok, crypt_key_t *const rk) {
|
int handshake(const unsigned char * hello, const char * remote_hello, crypt_session_t *const s, crypt_key_t *const ok, crypt_key_t *const rk) {
|
||||||
unsigned char *nonce = NULL;
|
unsigned char nonce[CRYPT_NONCE_LEN] = {0};
|
||||||
|
|
||||||
if (crypt_key_from_hex_public(rk, remote_hello) == -1)
|
if (crypt_key_from_hex_public(rk, remote_hello) == -1)
|
||||||
return -1;
|
return -1;
|
||||||
@ -253,53 +253,42 @@ int handshake(const unsigned char * hello, const char * remote_hello, crypt_sess
|
|||||||
if (crypt_hello_verify((unsigned char *)remote_hello, rk) == -1)
|
if (crypt_hello_verify((unsigned char *)remote_hello, rk) == -1)
|
||||||
return -2;
|
return -2;
|
||||||
|
|
||||||
if ((nonce = crypt_hello_get_nonce(hello, (unsigned char *)remote_hello, true)) == NULL)
|
crypt_hello_get_nonce(hello, (unsigned char *)remote_hello, nonce, true);
|
||||||
return -1;
|
|
||||||
|
|
||||||
if (crypt_session_init(s, ok, rk, nonce, true) == -1) {
|
if (crypt_session_init(s, ok, rk, nonce, true) == -1) {
|
||||||
free(nonce);
|
|
||||||
return -3;
|
return -3;
|
||||||
}
|
}
|
||||||
|
|
||||||
free(nonce);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int client_handshake(net_t *const n, crypt_session_t *const s, crypt_key_t *const ok, crypt_key_t *const rk) {
|
int client_handshake(net_t *const n, crypt_session_t *const s, crypt_key_t *const ok, crypt_key_t *const rk) {
|
||||||
char buffer[NET_BUF_SIZE];
|
char buffer[NET_BUF_SIZE];
|
||||||
ssize_t bytes = 0;
|
ssize_t bytes = 0;
|
||||||
unsigned char *hello = NULL;
|
unsigned char hello[CRYPT_HELLO_LEN] = {0};
|
||||||
|
|
||||||
if ((hello = crypt_hello(ok)) == NULL)
|
if (crypt_hello(ok, hello) != 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (net_send(n, (char *)hello, CRYPT_HELLO_LEN) == -1) {
|
if (net_send(n, (char *)hello, CRYPT_HELLO_LEN) == -1) {
|
||||||
free(hello);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((bytes = net_recv(n, buffer, NET_BUF_SIZE)) == -1) {
|
if ((bytes = net_recv(n, buffer, NET_BUF_SIZE)) == -1) {
|
||||||
free(hello);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (CRYPT_HELLO_LEN != bytes) {
|
if (CRYPT_HELLO_LEN != bytes) {
|
||||||
free(hello);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int res = handshake(hello, buffer, s, ok, rk);
|
return handshake(hello, buffer, s, ok, rk);
|
||||||
|
|
||||||
free(hello);
|
|
||||||
|
|
||||||
return res;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int server_handshake(net_t *const n, crypt_session_t *const s, crypt_key_t *const ok, crypt_key_t *const rk) {
|
int server_handshake(net_t *const n, crypt_session_t *const s, crypt_key_t *const ok, crypt_key_t *const rk) {
|
||||||
char buffer[NET_BUF_SIZE];
|
char buffer[NET_BUF_SIZE];
|
||||||
ssize_t bytes = 0;
|
ssize_t bytes = 0;
|
||||||
unsigned char *hello = NULL;
|
unsigned char hello[CRYPT_HELLO_LEN] = {0};
|
||||||
|
|
||||||
if ((bytes = net_recv(n, buffer, NET_BUF_SIZE)) == -1)
|
if ((bytes = net_recv(n, buffer, NET_BUF_SIZE)) == -1)
|
||||||
return -1;
|
return -1;
|
||||||
@ -307,13 +296,11 @@ int server_handshake(net_t *const n, crypt_session_t *const s, crypt_key_t *cons
|
|||||||
if (CRYPT_HELLO_LEN != bytes)
|
if (CRYPT_HELLO_LEN != bytes)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if ((hello = crypt_hello(ok)) == NULL)
|
if (crypt_hello(ok, hello) != 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
|
||||||
int res = handshake(hello, buffer, s, ok, rk);
|
int res = handshake(hello, buffer, s, ok, rk);
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
free(hello);
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -321,12 +308,9 @@ int server_handshake(net_t *const n, crypt_session_t *const s, crypt_key_t *cons
|
|||||||
n->raddr_len = n->inaddr_len;
|
n->raddr_len = n->inaddr_len;
|
||||||
|
|
||||||
if (net_send(n, (char *)hello, CRYPT_HELLO_LEN) == -1) {
|
if (net_send(n, (char *)hello, CRYPT_HELLO_LEN) == -1) {
|
||||||
free(hello);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
free(hello);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user