Add check for reusing server's nonce/salt

6 years ago · 92cab3503c
2 changed files with 8 additions and 0 deletions
--- a/src/aead.c
+++ b/src/aead.c
@ -408,6 +408,8 @@ aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
    /* copy salt to first pos */
    memcpy(ciphertext->data, cipher_ctx.salt, salt_len);

+    ppbloom_add((void *)cipher_ctx.salt, salt_len);
+
    aead_cipher_ctx_set_key(&cipher_ctx, 1);

    size_t clen = ciphertext->len;
@ -552,6 +554,8 @@ aead_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
        memcpy(ciphertext->data, cipher_ctx->salt, salt_len);
        aead_cipher_ctx_set_key(cipher_ctx, 1);
        cipher_ctx->init = 1;
+
+        ppbloom_add((void *)cipher_ctx->salt, salt_len);
    }

    err = aead_chunk_encrypt(cipher_ctx,
--- a/src/stream.c
+++ b/src/stream.c
@ -345,6 +345,8 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
    cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 1);
    memcpy(ciphertext->data, nonce, nonce_len);

+    ppbloom_add((void *)nonce, nonce_len);
+
    if (cipher->method >= SALSA20) {
        crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len),
                             (const uint8_t *)plaintext->data, (uint64_t)(plaintext->len),
@ -399,6 +401,8 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
        memcpy(ciphertext->data, cipher_ctx->nonce, nonce_len);
        cipher_ctx->counter = 0;
        cipher_ctx->init    = 1;
+
+        ppbloom_add((void *)cipher_ctx->nonce, nonce_len);
    }

    if (cipher->method >= SALSA20) {