diff --git a/src/UDPC_Defines.hpp b/src/UDPC_Defines.hpp index e43d189..16c3c29 100644 --- a/src/UDPC_Defines.hpp +++ b/src/UDPC_Defines.hpp @@ -39,7 +39,7 @@ #define UDPC_MIN_HEADER_SIZE 20 #define UDPC_CON_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4) -#define UDPC_CCL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+8) +#define UDPC_CCL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+12) #define UDPC_CSR_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+crypto_sign_BYTES) #define UDPC_LSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1+crypto_sign_BYTES) #define UDPC_NSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1) diff --git a/src/UDPConnection.cpp b/src/UDPConnection.cpp index 01055b0..360bf84 100644 --- a/src/UDPConnection.cpp +++ b/src/UDPConnection.cpp @@ -671,6 +671,7 @@ void UDPC::Context::update_impl() { iter->second.pk, crypto_sign_PUBLICKEYBYTES); // set verify message + // time in seconds from epoch std::time_t time = std::time(nullptr); if(time <= 0) { UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR, @@ -685,15 +686,21 @@ void UDPC::Context::update_impl() { # endif UDPC::be64((char*)&timeInt); iter->second.verifyMessage = - std::unique_ptr(new char[8]); + std::unique_ptr(new char[12]); + // prepend with random data generated by client + uint32_t rdata = randombytes_random(); std::memcpy( iter->second.verifyMessage.get(), + &rdata, + 4); + std::memcpy( + iter->second.verifyMessage.get() + 4, &timeInt, 8); std::memcpy( buf.get() + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES, - &timeInt, - 8); + iter->second.verifyMessage.get(), + 12); #else assert(!"libsodium is disabled, invalid state"); UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR, @@ -1264,7 +1271,10 @@ void UDPC::Context::update_impl() { newConnection.verifyMessage = std::unique_ptr(new char[crypto_sign_BYTES]); std::time_t currentTime = std::time(nullptr); uint64_t receivedTime; - std::memcpy(&receivedTime, recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES, 8); + std::memcpy( + &receivedTime, + recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES + 4, + 8); UDPC::be64((char*)&receivedTime); # ifndef NDEBUG if(willLog(UDPC_LoggingType::UDPC_DEBUG)) { @@ -1283,7 +1293,7 @@ void UDPC::Context::update_impl() { (unsigned char*)newConnection.verifyMessage.get(), nullptr, (unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES), - 8, + 12, newConnection.sk); #else assert(!"libsodium disabled, invalid state"); @@ -1377,7 +1387,7 @@ void UDPC::Context::update_impl() { if(crypto_sign_verify_detached( (unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES), (unsigned char*)(iter->second.verifyMessage.get()), - 8, + 12, iter->second.peer_pk) != 0) { UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_WARNING, "Failed to verify peer (server) ",