void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-05 03:53:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

One more tweak after thinking about related keys and key stream reuse. Just a precaution.

Browse source
This commit is contained in:
Adam Ierymenko 2017-02-06 07:45:57 -08:00
parent 803f74634a
commit e0d63c50db
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
node/Packet.cpp
View file

@ -2028,7 +2028,9 @@ void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
unsigned char mangledKey[32]; unsigned char mangledKey[32];
unsigned char macKey[32]; unsigned char macKey[32];
_salsa20MangleKey((const unsigned char *)key,mangledKey); _salsa20MangleKey((const unsigned char *)key,mangledKey);
mangledKey[0] ^= 1; // slightly alter key for this use case as an added guard against key stream reuse mangledKey[0] ^= 0x7f;
mangledKey[1] ^= ((start >> 8) & 0xff);
mangledKey[2] ^= (start & 0xff); // slightly alter key for this use case as an added guard against key stream reuse
Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8)); Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8));
s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution
unsigned char *const ptr = field(start,len); unsigned char *const ptr = field(start,len);