dark/zerotiertspu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Tweak how we do crypto of the masked portions of HELLO just to be more "boring" in the DJB sense.

Browse source
This commit is contained in:
Adam Ierymenko 2017-02-06 07:39:38 -08:00
parent f85a630a64
commit 803f74634a
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
node/Packet.cpp
View file

@ -2026,9 +2026,11 @@ bool Packet::dearmor(const void *key)
void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
{
unsigned char mangledKey[32];
uint64_t iv = Utils::hton((uint64_t)start ^ at<uint64_t>(ZT_PACKET_IDX_IV));
unsigned char macKey[32];
_salsa20MangleKey((const unsigned char *)key,mangledKey);
Salsa20 s20(mangledKey,256,&iv);
mangledKey[0] ^= 1; // slightly alter key for this use case as an added guard against key stream reuse
Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8));
s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution
unsigned char *const ptr = field(start,len);
s20.crypt12(ptr,ptr,len);
}