Skip to content

Commit

Permalink
Patched INITIATE message following Daniel Boucher
Browse files Browse the repository at this point in the history 
I was looking at the file curve_codec.c and I found a little issue in
the implementation of the INITIATE message when computing Box [C',S](C->S')
At some point there was a fix made (#14) referring to
https://codesinchaos.wordpress.com/2012/09/09/curvecp-1 but I think a
bug got introduced in the code

NOTE: The following problem doesn't apply in the ZMQ's implementation,
the code in curve_client.cpp and curve_server.cpp seems correct

The actual code at line 627 for s_produce_initiate() is

    s_encrypt (self, vouch_crypt,
               vouch_plain, 64,
               "VOUCH---",
               NULL, NULL);

So it's using the precomputed key (C'->S') instead of (C->S'), if I'm
not mistaking to the correct code should be:

    s_encrypt (self, vouch_crypt,
               vouch_plain, 64,
               "VOUCH---",
               self->peer_transkey,
               zcert_secret_key (self->permacert));

Same thing on the server side for processing the initiate message at
line 704 (process_initiate()):

        int rc = s_decrypt (self,
            vouch,
            plain, 64,
            "VOUCH---",
            NULL, NULL);

The correct behavior would be:

        int rc = s_decrypt (self,
            vouch,
            plain, 64,
            "VOUCH---",
            self->peer_permakey,
            zcert_secret_key(self->transcert));
  • Loading branch information
@hintjens
hintjens committed May 20, 2014
1 parent 75e22af commit 56317bf
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions src/curve_codec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -627,7 +627,8 @@ s_produce_initiate (curve_codec_t *self)
s_encrypt (self, vouch_crypt,
vouch_plain, 64,
"VOUCH---",
NULL, NULL);
self->peer_transkey,
zcert_secret_key (self->permacert));

// Working variables for crypto calls
size_t box_size = 128 + self->metadata_size;
Expand Down Expand Up @@ -701,11 +702,12 @@ s_process_initiate (curve_codec_t *self, zframe_t *input)
// Vouch nonce + box is 96 bytes at (plain + 32)
byte vouch [96];
memcpy (vouch, plain + 32, 96);
int rc = s_decrypt (self,
rc = s_decrypt (self,
vouch,
plain, 64,
"VOUCH---",
NULL, NULL);
self->peer_permakey,
zcert_secret_key (self->transcert));

// Check vouch is short term client public key plus our public key
if (rc == 0
Expand Down Expand Up @@ -1098,7 +1100,10 @@ curve_codec_test (bool verbose)
zcert_save (server_cert, TESTDIR "/server.cert");

zcert_t *client_cert = zcert_new ();
zcert_save_public (client_cert, TESTDIR "/client.cert");
char *filename = (char *) malloc (strlen (TESTDIR) + 21);
sprintf (filename, TESTDIR "/client-%07d.cert", randof (10000000));
zcert_save_public (client_cert, filename);
free (filename);

// We'll run the server as a background task, and the
// client in this foreground thread.
Expand Down

0 comments on commit 56317bf

Please sign in to comment.