From e0d63c50db120df9fa6fa750d12c8fb2e621cae7 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 6 Feb 2017 07:45:57 -0800
Subject: One more tweak after thinking about related keys and key stream
 reuse. Just a precaution.

---
 node/Packet.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'node')

diff --git a/node/Packet.cpp b/node/Packet.cpp
index e685bcaa..790f4b09 100644
--- a/node/Packet.cpp
+++ b/node/Packet.cpp
@@ -2028,7 +2028,9 @@ void Packet::cryptField(const void *key,unsigned int start,unsigned int len)
 	unsigned char mangledKey[32];
 	unsigned char macKey[32];
 	_salsa20MangleKey((const unsigned char *)key,mangledKey);
-    mangledKey[0] ^= 1; // slightly alter key for this use case as an added guard against key stream reuse
+    mangledKey[0] ^= 0x7f;
+    mangledKey[1] ^= ((start >> 8) & 0xff);
+    mangledKey[2] ^= (start & 0xff); // slightly alter key for this use case as an added guard against key stream reuse
 	Salsa20 s20(mangledKey,256,field(ZT_PACKET_IDX_IV,8));
 	s20.crypt12(ZERO_KEY,macKey,sizeof(macKey)); // discard the first 32 bytes of key stream (the ones use for MAC in armor()) as a precaution
     unsigned char *const ptr = field(start,len);
-- 
cgit v1.2.3