Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ubuntu/noble
ubuntu/mantic
quic-wip
dev
dev-next
opensuse/tumbleweed
ubuntu/lunar
ubuntu/kinetic
ubuntu/jammy
ubuntu/focal
ubuntu/bionic
debian/buster
debian/bullseye
debian/bookworm
debian/sid
fedora/36
fedora/37
stable
makepkg
fedora/35
ubuntu/impish
fedora/34
centos/8
ubuntu/hirsute
ubuntu/groovy
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.1-rc3
v0.8.1-rc2
v0.8.1-rc1
v0.7.1
v0.7.0
v0.7.0-rc3
v0.7.0-rc2
v0.7.0-rc1
v0.6.4
v0.6.2
v0.6.1
v0.6.0
v0.6.0-rc2
v0.6.0-rc1
v0.5.2
v0.5.0
v0.4.2½
v0.4.2
v0.4.1
v0.4.0-release
0.4.0-release
v0.4.0
v0.4.0-rc3
v0.4.0-rc2
v0.3.1
0.3.0-neuro1
v0.2.3-rc1
v0.2.2
v0.2.1
v0.1.0
v0.0.3
0.2.3-neuro0
0.6.1
rm
v0.0.1
v0.0.2
v0.3.0
v0.4.3
v0.5.1
v0.6.3
v0.7
v0.8.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '874b1cd53c'
${ noResults }
lokinet/llarp/encrypted_frame.cpp

125 lines
2.9 KiB
C++
Raw Blame History

#include <crypto.hpp>
#include <encrypted_frame.hpp>
#include <logger.hpp>
#include <mem.hpp>
namespace llarp
{
bool
EncryptedFrame::EncryptInPlace(const byte_t* ourSecretKey,
const byte_t* otherPubkey,
llarp::Crypto* crypto)
{
// format of frame is
// <32 bytes keyed hash of following data>
// <32 bytes nonce>
// <32 bytes pubkey>
// <N bytes encrypted payload>
//
byte_t* hash = data();
byte_t* nonce = hash + SHORTHASHSIZE;
byte_t* pubkey = nonce + TUNNONCESIZE;
byte_t* body = pubkey + PUBKEYSIZE;
SharedSecret shared;
auto DH = crypto->dh_client;
auto Encrypt = crypto->xchacha20;
auto MDS = crypto->hmac;
llarp_buffer_t buf;
buf.base = body;
buf.cur = buf.base;
buf.sz = size() - EncryptedFrameOverheadSize;
// set our pubkey
memcpy(pubkey, llarp::seckey_topublic(ourSecretKey), PUBKEYSIZE);
// randomize nonce
crypto->randbytes(nonce, TUNNONCESIZE);
// derive shared key
if(!DH(shared, otherPubkey, ourSecretKey, nonce))
{
llarp::LogError("DH failed");
return false;
}
// encrypt body
if(!Encrypt(buf, shared, nonce))
{
llarp::LogError("encrypt failed");
return false;
}
// generate message auth
buf.base = nonce;
buf.cur = buf.base;
buf.sz = size() - SHORTHASHSIZE;
if(!MDS(hash, buf, shared))
{
llarp::LogError("Failed to generate messgae auth");
return false;
}
return true;
}
bool
EncryptedFrame::DecryptInPlace(const byte_t* ourSecretKey,
llarp::Crypto* crypto)
{
// format of frame is
// <32 bytes keyed hash of following data>
// <32 bytes nonce>
// <32 bytes pubkey>
// <N bytes encrypted payload>
//
byte_t* hash = data();
byte_t* nonce = hash + SHORTHASHSIZE;
byte_t* otherPubkey = nonce + TUNNONCESIZE;
byte_t* body = otherPubkey + PUBKEYSIZE;
// use dh_server becuase we are not the creator of this message
auto DH = crypto->dh_server;
auto Decrypt = crypto->xchacha20;
auto MDS = crypto->hmac;
llarp_buffer_t buf;
buf.base = nonce;
buf.cur = buf.base;
buf.sz = size() - SHORTHASHSIZE;
SharedSecret shared;
ShortHash digest;
if(!DH(shared, otherPubkey, ourSecretKey, nonce))
{
llarp::LogError("DH failed");
return false;
}
if(!MDS(digest, buf, shared))
{
llarp::LogError("Digest failed");
return false;
}
if(memcmp(digest, hash, digest.size()))
{
llarp::LogError("message authentication failed");
return false;
}
buf.base = body;
buf.cur = body;
buf.sz = size() - EncryptedFrameOverheadSize;
if(!Decrypt(buf, shared, nonce))
{
llarp::LogError("decrypt failed");
return false;
}
return true;
}
} // namespace llarp
Reference in New Issue View Git Blame Copy Permalink