cpp/funstraw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Client sending encoded handshake, server decoding the insecure bits

Browse Source
This commit is contained in:
Ian Gulliver
2015-02-07 19:01:48 +01:00
parent 409c912eeb
commit f1540c897e
5 changed files with 127 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
crypto.cc
View File

@@ -8,12 +8,19 @@
#include <sodium/crypto_box.h>
#include <sodium/crypto_secretbox.h>
#include <sodium/crypto_scalarmult.h>
#include <sodium/randombytes.h>
#include "crypto.h"
#include "tlv.h"
#define TLV_TYPE_CLIENT_HANDSHAKE 0x8001
#define TLV_TYPE_ENCRYPTED_BLOB 0x0000
#define TLV_TYPE_NONCE 0x0001
#define TLV_TYPE_PUBLIC_KEY 0x0002
#define TLV_TYPE_ENCRYPTED 0x8000
#define TLV_TYPE_CLIENT_HANDSHAKE 0x8001
#define TLV_TYPE_CLIENT_HANDSHAKE_SECURE 0x8002
void CryptoBase::GenKey(std::string* key) {
@@ -30,10 +37,38 @@ void CryptoBase::GenKeyPair(std::string* secret_key, std::string* public_key) {
secret_key->assign((char*)secret_key_buf, crypto_box_SECRETKEYBYTES);
}
void CryptoBase::DerivePublicKey(const std::string& secret_key, std::string* public_key) {
assert(secret_key.length() == crypto_box_SECRETKEYBYTES);
unsigned char buf[crypto_box_PUBLICKEYBYTES];
assert(!crypto_scalarmult_base(buf, (const unsigned char*)secret_key.data()));
public_key->assign((char*)buf, crypto_box_PUBLICKEYBYTES);
}
void CryptoBase::EncodeEncryptAppend(const std::string& secret_key, const std::string& public_key, const TLVNode& input, TLVNode* container) {
std::string encoded;
input.Encode(&encoded);
size_t encrypted_bytes = encoded.length() + crypto_box_MACBYTES;
unsigned char nonce[crypto_box_NONCEBYTES];
randombytes_buf(nonce, crypto_box_NONCEBYTES);
unsigned char output[encrypted_bytes];
assert(!crypto_box_easy(output, (const unsigned char*)encoded.data(), encoded.length(), nonce, (const unsigned char*)public_key.data(), (const unsigned char*)secret_key.data()));
TLVNode encrypted(TLV_TYPE_ENCRYPTED);
encrypted.AppendChild(TLVNode(TLV_TYPE_NONCE, std::string((char*)nonce, crypto_box_NONCEBYTES)));
encrypted.AppendChild(TLVNode(TLV_TYPE_ENCRYPTED_BLOB, std::string((char*)output, encrypted_bytes)));
container->AppendChild(encrypted);
}
CryptoPubServer::CryptoPubServer(const std::string& secret_key)
: secret_key_(secret_key),
event_base_(event_base_new()) {
assert(secret_key_.length() == crypto_box_SECRETKEYBYTES);
struct sockaddr_in6 server_addr = {0};
server_addr.sin6_family = AF_INET6;
server_addr.sin6_addr = in6addr_any;
@@ -89,9 +124,14 @@ void CryptoPubServerConnection::OnReadable_(struct bufferevent* bev, void* this_
}
void CryptoPubServerConnection::OnReadable() {
char buf[128];
int bytes = bufferevent_read(bev_, buf, 128);
std::cerr << "OnReadable: " << bytes << " bytes" << std::endl;
char buf[UINT16_MAX];
int bytes = bufferevent_read(bev_, buf, UINT16_MAX);
std::unique_ptr<TLVNode> decoded(TLVNode::Decode(std::string(buf, bytes)));
if (!decoded.get()) {
// TODO: re-buffer?
return;
}
std::cerr << "successful decode" << std::endl;
}
void CryptoPubServerConnection::OnError_(struct bufferevent* bev, const short what, void* this__) {
@@ -104,9 +144,15 @@ void CryptoPubServerConnection::OnError(const short what) {
}
CryptoPubClient::CryptoPubClient(struct sockaddr* addr, socklen_t addrlen)
CryptoPubClient::CryptoPubClient(struct sockaddr* addr, socklen_t addrlen, const std::string& secret_key, const std::string& server_public_key)
: event_base_(event_base_new()),
bev_(bufferevent_socket_new(event_base_, -1, BEV_OPT_CLOSE_ON_FREE)) {
bev_(bufferevent_socket_new(event_base_, -1, BEV_OPT_CLOSE_ON_FREE)),
secret_key_(secret_key),
server_public_key_(server_public_key) {
assert(secret_key_.length() == crypto_box_SECRETKEYBYTES);
assert(server_public_key_.length() == crypto_box_PUBLICKEYBYTES);
DerivePublicKey(secret_key_, &public_key_);
bufferevent_setcb(bev_, &CryptoPubClient::OnReadable_, NULL, &CryptoPubClient::OnConnectOrError_, this);
bufferevent_enable(bev_, EV_READ);
bufferevent_enable(bev_, EV_WRITE);
@@ -118,14 +164,14 @@ CryptoPubClient::~CryptoPubClient() {
event_base_free(event_base_);
}
CryptoPubClient* CryptoPubClient::FromHostname(const std::string& server_address, const std::string& server_port) {
CryptoPubClient* CryptoPubClient::FromHostname(const std::string& server_address, const std::string& server_port, const std::string& secret_key, const std::string& server_public_key) {
struct addrinfo* res;
int gai_ret = getaddrinfo(server_address.c_str(), server_port.c_str(), NULL, &res);
if (gai_ret) {
std::cerr << "Failed to resolve server_address: " << gai_strerror(gai_ret) << std::endl;
return nullptr;
}
auto ret = new CryptoPubClient((struct sockaddr*)res->ai_addr, res->ai_addrlen);
auto ret = new CryptoPubClient((struct sockaddr*)res->ai_addr, res->ai_addrlen, secret_key, server_public_key);
freeaddrinfo(res);
return ret;
}
@@ -147,7 +193,15 @@ void CryptoPubClient::OnConnectOrError_(struct bufferevent* bev, const short wha
}
void CryptoPubClient::OnConnect() {
std::string ephemeral_public_key;
GenKeyPair(&ephemeral_secret_key_, &ephemeral_public_key);
TLVNode handshake(TLV_TYPE_CLIENT_HANDSHAKE);
handshake.AppendChild(TLVNode(TLV_TYPE_PUBLIC_KEY, public_key_));
TLVNode secure_handshake(TLV_TYPE_CLIENT_HANDSHAKE_SECURE);
secure_handshake.AppendChild(TLVNode(TLV_TYPE_PUBLIC_KEY, ephemeral_public_key));
EncodeEncryptAppend(secret_key_, server_public_key_, secure_handshake, &handshake);
std::string out;
handshake.Encode(&out);
bufferevent_write(bev_, out.data(), out.length());