Use one time key for BLAKE2b

9 years ago · 552fca1bff
9 changed files with 25 additions and 8 deletions
--- a/src/encrypt.c
+++ b/src/encrypt.c
@ -1511,7 +1511,12 @@ int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf
        if (cidx == chunk->len + AUTH_BYTES) {
            // Compare hash
            uint8_t *hash = (uint8_t *)malloc(chunk->len);
-            crypto_generichash(hash, HASH_BYTES, (uint8_t *)chunk->buf + AUTH_BYTES, chunk->len, NULL, 0);
+            uint8_t key[MAX_KEY_LENGTH + sizeof(uint32_t)];
+
+            memcpy(key, enc_key, enc_key_len);
+            memcpy(key + enc_key_len, &chunk->counter, sizeof(uint32_t));
+            crypto_generichash(hash, HASH_BYTES, (uint8_t *)chunk->buf + AUTH_BYTES, chunk->len,
+                    key, enc_key_len + sizeof(uint32_t));

            if (memcmp(hash, chunk->buf + CLEN_BYTES, HASH_BYTES) != 0) return 0;

@ -1523,6 +1528,7 @@ int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf
            j += chunk->len;
            k = j;
            cidx = 0;
+            chunk->counter++;
        }
    }

@ -1532,7 +1538,7 @@ int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf
    return 1;
 }

-char *ss_gen_hash(char *buf, ssize_t *buf_len, int buf_size)
+char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, int buf_size)
 {
    ssize_t blen = *buf_len;
    int size = max(AUTH_BYTES + blen, buf_size);
@ -1543,12 +1549,17 @@ char *ss_gen_hash(char *buf, ssize_t *buf_len, int buf_size)

    uint16_t chunk_len = htons((uint16_t)blen);
    uint8_t hash[HASH_BYTES];
-    crypto_generichash(hash, HASH_BYTES, (uint8_t *)buf, blen, NULL, 0);
+    uint8_t key[MAX_KEY_LENGTH + sizeof(uint32_t)];
+
+    memcpy(key, enc_key, enc_key_len);
+    memcpy(key + enc_key_len, counter, sizeof(uint32_t));
+    crypto_generichash(hash, HASH_BYTES, (uint8_t *)buf, blen, key, enc_key_len + sizeof(uint32_t));

    memmove(buf + AUTH_BYTES, buf, blen);
    memcpy(buf + CLEN_BYTES, hash, HASH_BYTES);
    memcpy(buf, &chunk_len, CLEN_BYTES);

    *buf_len = blen + AUTH_BYTES;
+    *counter = *counter + 1;
    return buf;
 }
--- a/src/encrypt.h
+++ b/src/encrypt.h
@ -156,6 +156,7 @@ typedef struct {
 struct chunk {
    uint32_t idx;
    uint32_t len;
+    uint32_t counter;
    char *buf;
 };

@ -181,6 +182,6 @@ int ss_onetimeauth(char *auth, char *msg, int msg_len, struct enc_ctx *ctx);
 int ss_onetimeauth_verify(char *auth, char *msg, int msg_len, struct enc_ctx *ctx);

 int ss_check_hash(char **buf_ptr, ssize_t *buf_len, struct chunk *chunk, int buf_size);
-char *ss_gen_hash(char *buf, ssize_t *buf_len, int buf_size);
+char *ss_gen_hash(char *buf, ssize_t *buf_len, uint32_t *counter, int buf_size);

 #endif // _ENCRYPT_H
--- a/src/local.c
+++ b/src/local.c
@ -245,7 +245,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
            }

            if (!remote->direct && remote->send_ctx->connected && auth) {
-                remote->buf = ss_gen_hash(remote->buf, &r, BUF_SIZE);
+                remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, BUF_SIZE);
            }

            // insert shadowsocks header
@ -485,7 +485,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)

                    if (r > 0) {
                        if (auth) {
-                            buf = ss_gen_hash(buf, &r, BUF_SIZE);
+                            buf = ss_gen_hash(buf, &r, &remote->counter, BUF_SIZE);
                        }
                        memcpy(remote->buf + addr_len, buf, r);
                    }
--- a/src/local.h
+++ b/src/local.h
@ -81,6 +81,7 @@ struct remote {
    struct server *server;
    struct sockaddr_storage addr;
    int addr_len;
+    uint32_t counter;
 };

 #endif // _LOCAL_H
--- a/src/redir.c
+++ b/src/redir.c
@ -185,7 +185,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
    }

    if (auth) {
-        remote->buf = ss_gen_hash(remote->buf, &r, BUF_SIZE);
+        remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, BUF_SIZE);
    }

    remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);
--- a/src/redir.h
+++ b/src/redir.h
@ -70,6 +70,7 @@ struct remote {
    struct remote_ctx *recv_ctx;
    struct remote_ctx *send_ctx;
    struct server *server;
+    uint32_t counter;
 };

 #endif // _LOCAL_H
--- a/src/server.c
+++ b/src/server.c
@ -547,6 +547,8 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
         *    +------+---------+-------------+------+
         *    |  2   |    4    |  Variable   |      ...
         *    +------+---------+-------------+------+
+         *
+         *    The key of BLAKE2b is (KEY + CHUNK ID)
         */

        int offset = 0;
--- a/src/tunnel.c
+++ b/src/tunnel.c
@ -197,7 +197,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
    }

    if (auth) {
-        remote->buf = ss_gen_hash(remote->buf, &r, BUF_SIZE);
+        remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, BUF_SIZE);
    }

    remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);
--- a/src/tunnel.h
+++ b/src/tunnel.h
@ -74,6 +74,7 @@ struct remote {
    struct remote_ctx *recv_ctx;
    struct remote_ctx *send_ctx;
    struct server *server;
+    uint32_t counter;
 };

 #endif // _TUNNEL_H