Fix verification message when using libsodium
Previous implementation had the client send only epoch-time-in-seconds to be signed by the server. Now the client sends random data and epoch-time to be signed by the server.
This commit is contained in:
parent
a3da8334e4
commit
136c8b21a5
2 changed files with 17 additions and 7 deletions
|
|
@ -39,7 +39,7 @@
|
||||||
|
|
||||||
#define UDPC_MIN_HEADER_SIZE 20
|
#define UDPC_MIN_HEADER_SIZE 20
|
||||||
#define UDPC_CON_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4)
|
#define UDPC_CON_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4)
|
||||||
#define UDPC_CCL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+8)
|
#define UDPC_CCL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+12)
|
||||||
#define UDPC_CSR_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+crypto_sign_BYTES)
|
#define UDPC_CSR_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+crypto_sign_BYTES)
|
||||||
#define UDPC_LSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1+crypto_sign_BYTES)
|
#define UDPC_LSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1+crypto_sign_BYTES)
|
||||||
#define UDPC_NSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1)
|
#define UDPC_NSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1)
|
||||||
|
|
|
||||||
|
|
@ -671,6 +671,7 @@ void UDPC::Context::update_impl() {
|
||||||
iter->second.pk,
|
iter->second.pk,
|
||||||
crypto_sign_PUBLICKEYBYTES);
|
crypto_sign_PUBLICKEYBYTES);
|
||||||
// set verify message
|
// set verify message
|
||||||
|
// time in seconds from epoch
|
||||||
std::time_t time = std::time(nullptr);
|
std::time_t time = std::time(nullptr);
|
||||||
if(time <= 0) {
|
if(time <= 0) {
|
||||||
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR,
|
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR,
|
||||||
|
|
@ -685,15 +686,21 @@ void UDPC::Context::update_impl() {
|
||||||
# endif
|
# endif
|
||||||
UDPC::be64((char*)&timeInt);
|
UDPC::be64((char*)&timeInt);
|
||||||
iter->second.verifyMessage =
|
iter->second.verifyMessage =
|
||||||
std::unique_ptr<char[]>(new char[8]);
|
std::unique_ptr<char[]>(new char[12]);
|
||||||
|
// prepend with random data generated by client
|
||||||
|
uint32_t rdata = randombytes_random();
|
||||||
std::memcpy(
|
std::memcpy(
|
||||||
iter->second.verifyMessage.get(),
|
iter->second.verifyMessage.get(),
|
||||||
|
&rdata,
|
||||||
|
4);
|
||||||
|
std::memcpy(
|
||||||
|
iter->second.verifyMessage.get() + 4,
|
||||||
&timeInt,
|
&timeInt,
|
||||||
8);
|
8);
|
||||||
std::memcpy(
|
std::memcpy(
|
||||||
buf.get() + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES,
|
buf.get() + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES,
|
||||||
&timeInt,
|
iter->second.verifyMessage.get(),
|
||||||
8);
|
12);
|
||||||
#else
|
#else
|
||||||
assert(!"libsodium is disabled, invalid state");
|
assert(!"libsodium is disabled, invalid state");
|
||||||
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR,
|
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR,
|
||||||
|
|
@ -1264,7 +1271,10 @@ void UDPC::Context::update_impl() {
|
||||||
newConnection.verifyMessage = std::unique_ptr<char[]>(new char[crypto_sign_BYTES]);
|
newConnection.verifyMessage = std::unique_ptr<char[]>(new char[crypto_sign_BYTES]);
|
||||||
std::time_t currentTime = std::time(nullptr);
|
std::time_t currentTime = std::time(nullptr);
|
||||||
uint64_t receivedTime;
|
uint64_t receivedTime;
|
||||||
std::memcpy(&receivedTime, recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES, 8);
|
std::memcpy(
|
||||||
|
&receivedTime,
|
||||||
|
recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES + 4,
|
||||||
|
8);
|
||||||
UDPC::be64((char*)&receivedTime);
|
UDPC::be64((char*)&receivedTime);
|
||||||
# ifndef NDEBUG
|
# ifndef NDEBUG
|
||||||
if(willLog(UDPC_LoggingType::UDPC_DEBUG)) {
|
if(willLog(UDPC_LoggingType::UDPC_DEBUG)) {
|
||||||
|
|
@ -1283,7 +1293,7 @@ void UDPC::Context::update_impl() {
|
||||||
(unsigned char*)newConnection.verifyMessage.get(),
|
(unsigned char*)newConnection.verifyMessage.get(),
|
||||||
nullptr,
|
nullptr,
|
||||||
(unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES),
|
(unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES),
|
||||||
8,
|
12,
|
||||||
newConnection.sk);
|
newConnection.sk);
|
||||||
#else
|
#else
|
||||||
assert(!"libsodium disabled, invalid state");
|
assert(!"libsodium disabled, invalid state");
|
||||||
|
|
@ -1377,7 +1387,7 @@ void UDPC::Context::update_impl() {
|
||||||
if(crypto_sign_verify_detached(
|
if(crypto_sign_verify_detached(
|
||||||
(unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES),
|
(unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES),
|
||||||
(unsigned char*)(iter->second.verifyMessage.get()),
|
(unsigned char*)(iter->second.verifyMessage.get()),
|
||||||
8,
|
12,
|
||||||
iter->second.peer_pk) != 0) {
|
iter->second.peer_pk) != 0) {
|
||||||
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_WARNING,
|
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_WARNING,
|
||||||
"Failed to verify peer (server) ",
|
"Failed to verify peer (server) ",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue