[noise] fixup to transport to work correctly (actually set i_r on handshake messages)

This commit is contained in:
c0repwn3r 2023-01-12 10:39:53 -05:00
parent 45bcd98f08
commit 70bff48a54
Signed by: core
GPG Key ID: FDBF740DADDCEECF
4 changed files with 12 additions and 8 deletions

View File

@ -18,8 +18,8 @@ fn unpad_packet(p: &[u8]) -> Vec<u8> {
/// This function will error if the encryption step is unsuccessful. /// This function will error if the encryption step is unsuccessful.
pub fn encapsulate(state: &mut HandshakeState, packet: &Vec<u8>) -> Result<Vec<u8>, NoiseError> { pub fn encapsulate(state: &mut HandshakeState, packet: &Vec<u8>) -> Result<Vec<u8>, NoiseError> {
let packet = pad_packet(packet); let packet = pad_packet(packet);
let counter = state.n_send; let counter = state.n_send + 1;
let packet_data = match qcrypto_aead(&state.t_send, state.n_send, &packet, &[]) { let packet_data = match qcrypto_aead(&state.t_send, state.n_send + 1, &packet, &[]) {
Ok(d) => d, Ok(d) => d,
Err(e) => return Err(NoiseError::ChaCha20Error(e)) Err(e) => return Err(NoiseError::ChaCha20Error(e))
}; };
@ -32,6 +32,8 @@ pub fn encapsulate(state: &mut HandshakeState, packet: &Vec<u8>) -> Result<Vec<u
res[8..16].copy_from_slice(&counter.to_le_bytes()); res[8..16].copy_from_slice(&counter.to_le_bytes());
res[16..16+packet_data.len()].copy_from_slice(&packet_data); res[16..16+packet_data.len()].copy_from_slice(&packet_data);
state.n_send += 1;
Ok(res) Ok(res)
} }

View File

@ -114,8 +114,8 @@ impl<'a> HandshakeState<'a> {
cookies: vec![], cookies: vec![],
t_send: [0u8; 32], t_send: [0u8; 32],
t_recv: [0u8; 32], t_recv: [0u8; 32],
n_send: 0, n_send: 1,
n_recv: 0, n_recv: 1,
we_are_initiator: false, we_are_initiator: false,
bitfield: ShiftWindow::new() bitfield: ShiftWindow::new()
} }

View File

@ -70,6 +70,9 @@ pub fn generate_handshake_response(session: &mut HandshakeState) -> Result<[u8;
mac2: [0u8; 16] mac2: [0u8; 16]
}; };
msg.receiver = session.i_i.to_le_bytes();
msg.sender = session.i_r.to_le_bytes();
session.ck = qcrypto_hkdf::<1>(&session.ck, eph_keypair.1.as_bytes())[0]; session.ck = qcrypto_hkdf::<1>(&session.ck, eph_keypair.1.as_bytes())[0];
msg.ephemeral = eph_keypair.1.to_bytes(); msg.ephemeral = eph_keypair.1.to_bytes();
@ -120,9 +123,6 @@ pub fn parse_handshake_response(session: &mut HandshakeState, packet: [u8; 92])
h = qcrypto_hash_twice(&h, &t); h = qcrypto_hash_twice(&h, &t);
println!("here");
println!("{:?} {:?} {:?}", k, 0, h);
let empty = match qcrypto_aead_decrypt(&k, 0, &msg.empty, &h) { let empty = match qcrypto_aead_decrypt(&k, 0, &msg.empty, &h) {
Ok(s) => s, Ok(s) => s,
Err(e) => return Err(NoiseError::ChaCha20Error(e)) Err(e) => return Err(NoiseError::ChaCha20Error(e))

View File

@ -22,7 +22,9 @@ impl ShiftWindow {
} }
/// Check if a given sequence value is okay given the current state of the shift window /// Check if a given sequence value is okay given the current state of the shift window
pub const fn check_replay_window(&self, seq: u64) -> bool { pub fn check_replay_window(&self, seq: u64) -> bool {
println!("sequence {} {}", seq, self.replaywin_lastseq);
// first == 0 or wrapped // first == 0 or wrapped
if seq == 0 { if seq == 0 {
return false; return false;