ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-18 10:46:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Also must mask off counter bits in IV in cryptField.

Browse Source
This commit is contained in:
Adam Ierymenko 2017-03-10 17:44:25 -08:00
parent 0c00b83702
commit aad6f79efa
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
node/Packet.cpp
View File

@ -2025,9 +2025,11 @@ bool Packet::dearmor(const void *key)
void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
{
unsigned char discard[32];
Salsa20 s20(key,256,field(ZT_PACKET_IDX_IV,8));
s20.crypt12(ZERO_KEY,discard,sizeof(discard)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution
const uint8_t *const data = reinterpret_cast<const uint8_t *>(data());
uint8_t iv[8];
for(int i=0;i<8;++i) iv[i] = data[i];
iv[7] &= 0xf8; // mask off least significant 3 bits of packet ID / IV since this is unset when this function gets called
Salsa20 s20(key,256,data);
unsigned char *const ptr = field(start,len);
s20.crypt12(ptr,ptr,len);
}