static int do_incoming(TCP_Server *TCP_server, uint32_t i) { if (TCP_server->incoming_connection_queue[i].status != TCP_STATUS_CONNECTED) { return -1; } int ret = read_connection_handshake(&TCP_server->incoming_connection_queue[i], TCP_server->secret_key); if (ret == -1) { kill_TCP_secure_connection(&TCP_server->incoming_connection_queue[i]); } else if (ret == 1) { int index_new = TCP_server->unconfirmed_connection_queue_index % MAX_INCOMING_CONNECTIONS; TCP_Secure_Connection *conn_old = &TCP_server->incoming_connection_queue[i]; TCP_Secure_Connection *conn_new = &TCP_server->unconfirmed_connection_queue[index_new]; if (conn_new->status != TCP_STATUS_NO_STATUS) { kill_TCP_secure_connection(conn_new); } memcpy(conn_new, conn_old, sizeof(TCP_Secure_Connection)); crypto_memzero(conn_old, sizeof(TCP_Secure_Connection)); ++TCP_server->unconfirmed_connection_queue_index; return index_new; } return -1; }
/* Kill the TCP connection */ void kill_TCP_connection(TCP_Client_Connection *TCP_connection) { if (TCP_connection == NULL) { return; } wipe_priority_list(TCP_connection); kill_sock(TCP_connection->sock); crypto_memzero(TCP_connection, sizeof(TCP_Client_Connection)); free(TCP_connection); }
/* Remove real pk from received_requests list. * * return 0 if it removed it successfully. * return -1 if it didn't find it. */ int remove_request_received(Friend_Requests *fr, const uint8_t *real_pk) { uint32_t i; for (i = 0; i < MAX_RECEIVED_STORED; ++i) { if (id_equal(fr->received_requests[i], real_pk)) { crypto_memzero(fr->received_requests[i], CRYPTO_PUBLIC_KEY_SIZE); return 0; } } return -1; }
int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, size_t length, uint8_t *plain) { if (!public_key || !secret_key) { return -1; } uint8_t k[crypto_box_BEFORENMBYTES]; encrypt_precompute(public_key, secret_key, k); int ret = decrypt_data_symmetric(k, nonce, encrypted, length, plain); crypto_memzero(k, sizeof k); return ret; }
END_TEST START_TEST(test_memzero) { uint8_t src[sizeof(test_c)]; memcpy(src, test_c, sizeof(test_c)); crypto_memzero(src, sizeof(src)); size_t i; for (i = 0; i < sizeof(src); i++) { ck_assert_msg(src[i] == 0, "Memory is not zeroed"); } }
/* data must be of length TCP_SERVER_HANDSHAKE_SIZE * * return 0 on success. * return -1 on failure. */ static int handle_handshake(TCP_Client_Connection *TCP_conn, const uint8_t *data) { uint8_t plain[CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE]; int len = decrypt_data_symmetric(TCP_conn->shared_key, data, data + CRYPTO_NONCE_SIZE, TCP_SERVER_HANDSHAKE_SIZE - CRYPTO_NONCE_SIZE, plain); if (len != sizeof(plain)) { return -1; } memcpy(TCP_conn->recv_nonce, plain + CRYPTO_PUBLIC_KEY_SIZE, CRYPTO_NONCE_SIZE); encrypt_precompute(plain, TCP_conn->temp_secret_key, TCP_conn->shared_key); crypto_memzero(TCP_conn->temp_secret_key, CRYPTO_SECRET_KEY_SIZE); return 0; }
static int confirm_TCP_connection(TCP_Server *TCP_server, TCP_Secure_Connection *con, const uint8_t *data, uint16_t length) { int index = add_accepted(TCP_server, con); if (index == -1) { kill_TCP_secure_connection(con); return -1; } crypto_memzero(con, sizeof(TCP_Secure_Connection)); if (handle_TCP_packet(TCP_server, index, data, length) == -1) { kill_accepted(TCP_server, index); return -1; } return index; }
/* Delete accepted connection from list. * * return 0 on success * return -1 on failure */ static int del_accepted(TCP_Server *TCP_server, int index) { if ((uint32_t)index >= TCP_server->size_accepted_connections) { return -1; } if (TCP_server->accepted_connection_array[index].status == TCP_STATUS_NO_STATUS) { return -1; } if (!bs_list_remove(&TCP_server->accepted_key_list, TCP_server->accepted_connection_array[index].public_key, index)) { return -1; } crypto_memzero(&TCP_server->accepted_connection_array[index], sizeof(TCP_Secure_Connection)); --TCP_server->num_accepted_connections; if (TCP_server->num_accepted_connections == 0) { realloc_connection(TCP_server, 0); } return 0; }
/* Kill a TCP_Secure_Connection */ static void kill_TCP_secure_connection(TCP_Secure_Connection *con) { kill_sock(con->sock); crypto_memzero(con, sizeof(TCP_Secure_Connection)); }