From aab88fa8ebd9af971c1fc9e2f81b9cd9db538f90 Mon Sep 17 00:00:00 2001 From: Dirk Engling Date: Sun, 17 Jan 2021 01:12:38 +0100 Subject: Add v2 with GCM_IV_LENGTH of 96 bits == 12 bytes for performance and interop reasons --- receiver.cpp | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/receiver.cpp b/receiver.cpp index 2fa2d8a..aaf9673 100644 --- a/receiver.cpp +++ b/receiver.cpp @@ -80,7 +80,7 @@ static time_t now() { } // Constants -enum { SESSION_ID_LENGTH = 8, AES_KEY_LENGTH = 16, GCM_IV_LENGTH = 16, GCM_TAG_LENGTH = 16, MIN_PACKET_SIZE = 40 }; +enum { SESSION_ID_LENGTH = 8, AES_KEY_LENGTH = 16, GCM_IV_LENGTH_LEGACY = 16, GCM_IV_LENGTH = 12, GCM_TAG_LENGTH = 16, MIN_PACKET_SIZE = 40 }; enum { DIRNAME_LENGTH = 10, FILENAME_LENGTH = 73, SIDOFFS = 20, KEYOFFS = 37 }; class Session { @@ -132,19 +132,21 @@ public: return open((_dirname + "/" + _filename).c_str(), O_WRONLY | O_APPEND | O_CREAT, 0755); } - void write_log(const uint8_t *packet, size_t len) { + void write_log(const uint8_t *packet, size_t len, int version = 2) { + const size_t iv_len = ( version == 1 ? GCM_IV_LENGTH_LEGACY : GCM_IV_LENGTH); + // First check if the packet holds enough space for session id, iv and at least one gcm block - if (len < GCM_IV_LENGTH + GCM_TAG_LENGTH) { + if (len < iv_len + GCM_TAG_LENGTH) { std::cerr << "Error: Short packet, size " << len << std::endl; return; } const uint8_t *iv = packet; - const uint8_t *tag = packet + GCM_IV_LENGTH; - const uint8_t *payload = packet + GCM_IV_LENGTH + GCM_TAG_LENGTH; - len -= GCM_IV_LENGTH + GCM_TAG_LENGTH; + const uint8_t *tag = packet + iv_len; + const uint8_t *payload = packet + iv_len + GCM_TAG_LENGTH; + len -= iv_len + GCM_TAG_LENGTH; - std::string ivs(packet, packet +GCM_IV_LENGTH); + std::string ivs(packet, packet + iv_len); if (_used_ivs.find(ivs) != _used_ivs.end()) { std::cerr << "Error: Session " << std::hex << _session_id << " reused IV. Dropping packet" << std::endl; return; @@ -163,7 +165,7 @@ public: uint8_t *output = static_cast(alloca(len)); // This should fail on invalid input sizes - switch (mbedtls_gcm_auth_decrypt(&_ctx, len, iv, GCM_IV_LENGTH, (uint8_t*)&_session_id, SESSION_ID_LENGTH, tag, GCM_TAG_LENGTH, payload, output)) + switch (mbedtls_gcm_auth_decrypt(&_ctx, len, iv, iv_len, (uint8_t*)&_session_id, SESSION_ID_LENGTH, tag, GCM_TAG_LENGTH, payload, output)) { case 0: write(_fd, output, len); @@ -325,13 +327,13 @@ int main() { if (session == g_sessions.end()) g_sessions[session_id] = std::make_unique(session_id, rsa_plain_text); break; - case 1: { + case 1: + case 2: if (session != g_sessions.end()) - session->second->write_log(packet + 1 + SESSION_ID_LENGTH, len - 1 - SESSION_ID_LENGTH); + session->second->write_log(packet + 1 + SESSION_ID_LENGTH, len - 1 - SESSION_ID_LENGTH, static_cast(packet[0])); else - std::cerr << "Error: Can't log to unknown session " << std::hex << session_id << std::endl; + std::cerr << "Error: Can't log to unknown session " << std::hex << session_id << std::dec << std::endl; break; - } default: break; } -- cgit v1.2.3