diff options
author | Dirk Engling <erdgeist@erdgeist.org> | 2020-12-05 13:12:09 +0100 |
---|---|---|
committer | Dirk Engling <erdgeist@erdgeist.org> | 2020-12-05 13:12:09 +0100 |
commit | 8e4cbe717397f38bd479a2dbe327adb5ae0baef8 (patch) | |
tree | 0ded7f6be7f4184e5d1464ab6f41a86a10239c68 | |
parent | 5b369d672e35d95740dd3d24f8d69ea08fb7741c (diff) |
Make iv history session local
-rw-r--r-- | receiver.cpp | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/receiver.cpp b/receiver.cpp index 9e622d9..a3a0dc9 100644 --- a/receiver.cpp +++ b/receiver.cpp | |||
@@ -131,6 +131,13 @@ public: | |||
131 | const uint8_t *payload = packet + GCM_IV_LENGTH + GCM_TAG_LENGTH; | 131 | const uint8_t *payload = packet + GCM_IV_LENGTH + GCM_TAG_LENGTH; |
132 | len -= GCM_IV_LENGTH + GCM_TAG_LENGTH; | 132 | len -= GCM_IV_LENGTH + GCM_TAG_LENGTH; |
133 | 133 | ||
134 | std::string ivs(packet, packet +GCM_IV_LENGTH); | ||
135 | if (_used_ivs.find(ivs) != _used_ivs.end()) { | ||
136 | std::cerr << "Error: Session " << std::hex << _session_id << " reused IV. Dropping packet" << std::endl; | ||
137 | return; | ||
138 | } | ||
139 | _used_ivs.insert(ivs); | ||
140 | |||
134 | // Create output file if it doesn't exist | 141 | // Create output file if it doesn't exist |
135 | if (_fd < 0) | 142 | if (_fd < 0) |
136 | _fd = ::open(_filename.c_str(), O_WRONLY | O_APPEND | O_CREAT, 0755); | 143 | _fd = ::open(_filename.c_str(), O_WRONLY | O_APPEND | O_CREAT, 0755); |
@@ -168,16 +175,16 @@ public: | |||
168 | } | 175 | } |
169 | 176 | ||
170 | private: | 177 | private: |
171 | uint64_t _session_id; | 178 | uint64_t _session_id; |
172 | uint8_t _key[AES_KEY_LENGTH]; | 179 | uint8_t _key[AES_KEY_LENGTH]; |
173 | int _fd = -1; | 180 | int _fd = -1; |
174 | time_t _last_access = 0; | 181 | time_t _last_access = 0; |
175 | std::string _filename; | 182 | std::string _filename; |
176 | mbedtls_gcm_context _ctx; | 183 | std::set<std::string> _used_ivs; |
184 | mbedtls_gcm_context _ctx; | ||
177 | }; | 185 | }; |
178 | 186 | ||
179 | std::map<uint64_t, std::unique_ptr<Session>> g_sessions; | 187 | std::map<uint64_t, std::unique_ptr<Session>> g_sessions; |
180 | std::set<std::string> g_used_ivs; | ||
181 | 188 | ||
182 | static uint8_t hex2nyble(char c) | 189 | static uint8_t hex2nyble(char c) |
183 | { | 190 | { |
@@ -286,12 +293,6 @@ int main() { | |||
286 | g_sessions[session_id] = std::make_unique<Session>(session_id, rsa_plain_text); | 293 | g_sessions[session_id] = std::make_unique<Session>(session_id, rsa_plain_text); |
287 | break; | 294 | break; |
288 | case 1: { | 295 | case 1: { |
289 | std::string sessid_iv(packet + 1, packet + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH); | ||
290 | if (g_used_ivs.find(sessid_iv) != g_used_ivs.end()) { | ||
291 | std::cerr << "Error: Session " << std::hex << session_id << " reused IV. Dropping packet" << std::endl; | ||
292 | break; | ||
293 | } | ||
294 | g_used_ivs.insert(sessid_iv); | ||
295 | if (session != g_sessions.end()) | 296 | if (session != g_sessions.end()) |
296 | session->second->write_log(packet + 1 + SESSION_ID_LENGTH, len - 1 - SESSION_ID_LENGTH); | 297 | session->second->write_log(packet + 1 + SESSION_ID_LENGTH, len - 1 - SESSION_ID_LENGTH); |
297 | else | 298 | else |