ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-29 15:43:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

One more tweak after thinking about related keys and key stream reuse. Just a precaution.

Browse Source
This commit is contained in:
Adam Ierymenko 2017-02-06 07:45:57 -08:00
parent 803f74634a
commit e0d63c50db
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
node/Packet.cpp
View File

@ -2028,7 +2028,9 @@ void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
unsigned char mangledKey[32];
unsigned char macKey[32];
_salsa20MangleKey((const unsigned char *)key,mangledKey);
mangledKey[0] ^= 1; // slightly alter key for this use case as an added guard against key stream reuse
mangledKey[0] ^= 0x7f;
mangledKey[1] ^= ((start >> 8) & 0xff);
mangledKey[2] ^= (start & 0xff); // slightly alter key for this use case as an added guard against key stream reuse
Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8));
s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution
unsigned char *const ptr = field(start,len);