diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2017-02-06 07:45:57 -0800 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2017-02-06 07:45:57 -0800 |
| commit | e0d63c50db120df9fa6fa750d12c8fb2e621cae7 (patch) | |
| tree | c918f07c8bc5a850a310882fd3b5a230d776c3e2 /node | |
| parent | 803f74634a7e88e4e2781e4b8df7afeda3d968be (diff) | |
| download | infinitytier-e0d63c50db120df9fa6fa750d12c8fb2e621cae7.tar.gz infinitytier-e0d63c50db120df9fa6fa750d12c8fb2e621cae7.zip | |
One more tweak after thinking about related keys and key stream reuse. Just a precaution.
Diffstat (limited to 'node')
| -rw-r--r-- | node/Packet.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/node/Packet.cpp b/node/Packet.cpp index e685bcaa..790f4b09 100644 --- a/node/Packet.cpp +++ b/node/Packet.cpp @@ -2028,7 +2028,9 @@ void Packet::cryptField(const void *key,unsigned int start,unsigned int len) unsigned char mangledKey[32]; unsigned char macKey[32]; _salsa20MangleKey((const unsigned char *)key,mangledKey); - mangledKey[0] ^= 1; // slightly alter key for this use case as an added guard against key stream reuse + mangledKey[0] ^= 0x7f; + mangledKey[1] ^= ((start >> 8) & 0xff); + mangledKey[2] ^= (start & 0xff); // slightly alter key for this use case as an added guard against key stream reuse Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8)); s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution unsigned char *const ptr = field(start,len); |