Fix verification message when using libsodium

Previous implementation had the client send only epoch-time-in-seconds
to be signed by the server. Now the client sends random data and
epoch-time to be signed by the server.
This commit is contained in:
Stephen Seo 2020-01-15 16:31:38 +09:00
parent a3da8334e4
commit 136c8b21a5
2 changed files with 17 additions and 7 deletions

View file

@ -39,7 +39,7 @@
#define UDPC_MIN_HEADER_SIZE 20
#define UDPC_CON_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4)
#define UDPC_CCL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+8)
#define UDPC_CCL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+12)
#define UDPC_CSR_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+4+crypto_sign_PUBLICKEYBYTES+crypto_sign_BYTES)
#define UDPC_LSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1+crypto_sign_BYTES)
#define UDPC_NSFULL_HEADER_SIZE (UDPC_MIN_HEADER_SIZE+1)

View file

@ -671,6 +671,7 @@ void UDPC::Context::update_impl() {
iter->second.pk,
crypto_sign_PUBLICKEYBYTES);
// set verify message
// time in seconds from epoch
std::time_t time = std::time(nullptr);
if(time <= 0) {
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR,
@ -685,15 +686,21 @@ void UDPC::Context::update_impl() {
# endif
UDPC::be64((char*)&timeInt);
iter->second.verifyMessage =
std::unique_ptr<char[]>(new char[8]);
std::unique_ptr<char[]>(new char[12]);
// prepend with random data generated by client
uint32_t rdata = randombytes_random();
std::memcpy(
iter->second.verifyMessage.get(),
&rdata,
4);
std::memcpy(
iter->second.verifyMessage.get() + 4,
&timeInt,
8);
std::memcpy(
buf.get() + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES,
&timeInt,
8);
iter->second.verifyMessage.get(),
12);
#else
assert(!"libsodium is disabled, invalid state");
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_ERROR,
@ -1264,7 +1271,10 @@ void UDPC::Context::update_impl() {
newConnection.verifyMessage = std::unique_ptr<char[]>(new char[crypto_sign_BYTES]);
std::time_t currentTime = std::time(nullptr);
uint64_t receivedTime;
std::memcpy(&receivedTime, recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES, 8);
std::memcpy(
&receivedTime,
recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES + 4,
8);
UDPC::be64((char*)&receivedTime);
# ifndef NDEBUG
if(willLog(UDPC_LoggingType::UDPC_DEBUG)) {
@ -1283,7 +1293,7 @@ void UDPC::Context::update_impl() {
(unsigned char*)newConnection.verifyMessage.get(),
nullptr,
(unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES),
8,
12,
newConnection.sk);
#else
assert(!"libsodium disabled, invalid state");
@ -1377,7 +1387,7 @@ void UDPC::Context::update_impl() {
if(crypto_sign_verify_detached(
(unsigned char*)(recvBuf + UDPC_MIN_HEADER_SIZE + 4 + crypto_sign_PUBLICKEYBYTES),
(unsigned char*)(iter->second.verifyMessage.get()),
8,
12,
iter->second.peer_pk) != 0) {
UDPC_CHECK_LOG(this, UDPC_LoggingType::UDPC_WARNING,
"Failed to verify peer (server) ",