aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2016-06-03 01:43:09 -0400
committerbnewbold <bnewbold@robocracy.org>2016-06-03 01:43:09 -0400
commit6f8284e3158d360d9c251ef93021eef40861276b (patch)
tree82616ec272521140bbecbbdde9c1e14d95c67e33 /src
parentf68ff03d06a489114989b501e7e82cba1525f99e (diff)
downloaducp-6f8284e3158d360d9c251ef93021eef40861276b.tar.gz
ucp-6f8284e3158d360d9c251ef93021eef40861276b.zip
try AES stream crypto (NO INTEGRITY)aes_crypto_experiment
Diffstat (limited to 'src')
-rw-r--r--src/crypto.rs17
-rw-r--r--src/server.rs8
2 files changed, 11 insertions, 14 deletions
diff --git a/src/crypto.rs b/src/crypto.rs
index da0a770..20a7f17 100644
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -4,7 +4,8 @@ use std::io;
use std::cmp::min;
use std::io::{Read,Write, ErrorKind};
use sodiumoxide::crypto::secretbox;
-use sodiumoxide::crypto::secretbox::{Key, Nonce};
+use sodiumoxide::crypto::stream::aes128ctr;
+use sodiumoxide::crypto::stream::aes128ctr::{Key, Nonce};
use rustc_serialize::base64::{ToBase64, FromBase64, STANDARD};
use std::mem::transmute;
@@ -25,9 +26,9 @@ impl<S: Read+Write> SecretStream<S> {
pub fn new(stream: S) -> SecretStream<S> {
SecretStream {
inner: stream,
- read_nonce: secretbox::gen_nonce(),
- write_nonce: secretbox::gen_nonce(),
- key: secretbox::gen_key(),
+ read_nonce: aes128ctr::gen_nonce(),
+ write_nonce: aes128ctr::gen_nonce(),
+ key: aes128ctr::gen_key(),
read_buf: [0; CHUNK_SIZE+512],
read_buf_offset: 0,
read_buf_len: 0,
@@ -65,11 +66,7 @@ impl<S: Read+Write> Read for SecretStream<S> {
println!("\tnonce: {}", nonce2string(&self.write_nonce));
println!("\tkey: {}", key2string(&self.key));
*/
- let cleartext = match secretbox::open(&self.read_buf[..len], &self.read_nonce, &self.key) {
- Ok(cleartext) => cleartext,
- Err(_) => { return Err(io::Error::new(ErrorKind::InvalidData,
- "Failed to decrypt message (could mean corruption or malicious attack"))},
- };
+ let cleartext = aes128ctr::stream_xor(&self.read_buf[..len], &self.read_nonce, &self.key);
self.read_nonce.increment_le_inplace();
let clen = cleartext.len() as usize;
@@ -92,7 +89,7 @@ impl<S: Read+Write> Write for SecretStream<S> {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
assert!(buf.len() < u32::MAX as usize);
let raw_len = buf.len() as u32;
- let ciphertext = secretbox::seal(buf, &self.write_nonce, &self.key);
+ let ciphertext = aes128ctr::stream_xor(buf, &self.write_nonce, &self.key);
let len = ciphertext.len() as u32;
let header_buf: [u8; 4] = unsafe { transmute(len.to_be()) };
diff --git a/src/server.rs b/src/server.rs
index ca75664..84ac2ec 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -18,7 +18,7 @@ use getopts::Options;
use udt::{self, UdtSocket, UdtStatus};
use crypto::{SecretStream, key2string, string2key, nonce2string, string2nonce};
use udt_extras::{UdtStream};
-use sodiumoxide::crypto::secretbox;
+use sodiumoxide::crypto::stream::aes128ctr;
pub fn get_local_ip() -> Result<net::IpAddr, String> {
let ip_str = match env::var("SSH_CONNECTION") {
@@ -82,9 +82,9 @@ fn run_server(path: &str, is_recv: bool, recursive: bool, daemonize: bool, no_cr
// This is the hack; we'll rebind below
let listen_port = listen_port + 1;
- let secret_key = secretbox::gen_key();
- let read_nonce = secretbox::gen_nonce();
- let write_nonce = secretbox::gen_nonce();
+ let secret_key = aes128ctr::gen_key();
+ let read_nonce = aes128ctr::gen_nonce();
+ let write_nonce = aes128ctr::gen_nonce();
/* XXX: DEBUG:
assert!(secret_key == string2key(&key2string(&secret_key)).unwrap());