diff options
| author | Adam Ierymenko <[email protected]> | 2017-02-06 07:39:38 -0800 |
|---|---|---|
| committer | Adam Ierymenko <[email protected]> | 2017-02-06 07:39:38 -0800 |
| commit | 803f74634a7e88e4e2781e4b8df7afeda3d968be (patch) | |
| tree | 602ae5aa230d4142aabe0a0f1ea81587f3c2e0dc /node/Packet.cpp | |
| parent | f85a630a6438261fd21c149f32a77283e7bf76a3 (diff) | |
Tweak how we do crypto of the masked portions of HELLO just to be more "boring" in the DJB sense.
Diffstat (limited to 'node/Packet.cpp')
| -rw-r--r-- | node/Packet.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/node/Packet.cpp b/node/Packet.cpp index a1bb3132..e685bcaa 100644 --- a/node/Packet.cpp +++ b/node/Packet.cpp @@ -2026,9 +2026,11 @@ bool Packet::dearmor(const void *key) void Packet::cryptField(const void *key,unsigned int start,unsigned int len) { unsigned char mangledKey[32]; - uint64_t iv = Utils::hton((uint64_t)start ^ at<uint64_t>(ZT_PACKET_IDX_IV)); + unsigned char macKey[32]; _salsa20MangleKey((const unsigned char *)key,mangledKey); - Salsa20 s20(mangledKey,256,&iv); + mangledKey[0] ^= 1; // slightly alter key for this use case as an added guard against key stream reuse + Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8)); + s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution unsigned char *const ptr = field(start,len); s20.crypt12(ptr,ptr,len); } |