1
0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-14 21:09:57 +00:00

Ensure zero-inialization, add TODO update gitignore.

This commit is contained in:
EinMByte 2015-07-16 17:39:24 +02:00
parent c939dec26a
commit 62ac53563c
8 changed files with 35 additions and 19 deletions

1
.gitignore vendored
View File

@ -5,6 +5,7 @@ router.keys
i2p i2p
libi2pd.so libi2pd.so
netDb netDb
tunnels.cfg
# Autotools # Autotools
autom4te.cache autom4te.cache

View File

@ -353,7 +353,7 @@ namespace i2p
} }
else else
{ {
uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE]; uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE] = {};
if (HandleBuildRequestRecords (num, buf + 1, clearText)) if (HandleBuildRequestRecords (num, buf + 1, clearText))
{ {
if (clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x40) // we are endpoint of outboud tunnel if (clearText[BUILD_REQUEST_RECORD_FLAG_OFFSET] & 0x40) // we are endpoint of outboud tunnel

View File

@ -193,7 +193,7 @@ namespace tunnel
struct I2NPMessageBuffer: public I2NPMessage struct I2NPMessageBuffer: public I2NPMessage
{ {
I2NPMessageBuffer () { buf = m_Buffer; maxLen = sz; }; I2NPMessageBuffer () { buf = m_Buffer; maxLen = sz; };
uint8_t m_Buffer[sz + 16]; uint8_t m_Buffer[sz + 16] = {};
}; };
I2NPMessage * NewI2NPMessage (); I2NPMessage * NewI2NPMessage ();

View File

@ -275,7 +275,7 @@ namespace transport
return; return;
} }
uint8_t buf[320 + 18]; // 304 bytes for ipv4, 320 for ipv6 uint8_t buf[320 + 18] = {}; // 304 bytes for ipv4, 320 for ipv6, all set to 0
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
memcpy (payload, m_DHKeysPair->publicKey, 256); // x memcpy (payload, m_DHKeysPair->publicKey, 256); // x
bool isV4 = m_RemoteEndpoint.address ().is_v4 (); bool isV4 = m_RemoteEndpoint.address ().is_v4 ();
@ -306,7 +306,7 @@ namespace transport
return; return;
} }
uint8_t buf[96 + 18]; uint8_t buf[96 + 18] = {};
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
htobe32buf (payload, iTag); htobe32buf (payload, iTag);
payload += 4; payload += 4;
@ -344,7 +344,7 @@ namespace transport
SignedData s; // x,y, remote IP, remote port, our IP, our port, relayTag, signed on time SignedData s; // x,y, remote IP, remote port, our IP, our port, relayTag, signed on time
s.Insert (x, 256); // x s.Insert (x, 256); // x
uint8_t buf[384 + 18]; uint8_t buf[384 + 18] = {};
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
memcpy (payload, m_DHKeysPair->publicKey, 256); memcpy (payload, m_DHKeysPair->publicKey, 256);
s.Insert (payload, 256); // y s.Insert (payload, 256); // y
@ -408,7 +408,7 @@ namespace transport
void SSUSession::SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen) void SSUSession::SendSessionConfirmed (const uint8_t * y, const uint8_t * ourAddress, size_t ourAddressLen)
{ {
uint8_t buf[512 + 18]; uint8_t buf[512 + 18] = {};
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
*payload = 1; // 1 fragment *payload = 1; // 1 fragment
payload++; // info payload++; // info
@ -475,7 +475,7 @@ namespace transport
void SSUSession::SendRelayResponse (uint32_t nonce, const boost::asio::ip::udp::endpoint& from, void SSUSession::SendRelayResponse (uint32_t nonce, const boost::asio::ip::udp::endpoint& from,
const uint8_t * introKey, const boost::asio::ip::udp::endpoint& to) const uint8_t * introKey, const boost::asio::ip::udp::endpoint& to)
{ {
uint8_t buf[80 + 18]; // 64 Alice's ipv4 and 80 Alice's ipv6 uint8_t buf[80 + 18] = {}; // 64 Alice's ipv4 and 80 Alice's ipv6
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
// Charlie's address always v4 // Charlie's address always v4
if (!to.address ().is_v4 ()) if (!to.address ().is_v4 ())
@ -536,7 +536,7 @@ namespace transport
LogPrint (eLogError, "Alice's IP must be v4"); LogPrint (eLogError, "Alice's IP must be v4");
return; return;
} }
uint8_t buf[48 + 18]; uint8_t buf[48 + 18] = {};
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
*payload = 4; *payload = 4;
payload++; // size payload++; // size
@ -616,9 +616,7 @@ namespace transport
htobe32buf (&(header->time), i2p::util::GetSecondsSinceEpoch ()); htobe32buf (&(header->time), i2p::util::GetSecondsSinceEpoch ());
uint8_t * encrypted = &header->flag; uint8_t * encrypted = &header->flag;
uint16_t encryptedLen = len - (encrypted - buf); uint16_t encryptedLen = len - (encrypted - buf);
i2p::crypto::CBCEncryption encryption; i2p::crypto::CBCEncryption encryption(aesKey, iv);
encryption.SetKey (aesKey);
encryption.SetIV (iv);
encryption.Encrypt (encrypted, encryptedLen, encrypted); encryption.Encrypt (encrypted, encryptedLen, encrypted);
// assume actual buffer size is 18 (16 + 2) bytes more // assume actual buffer size is 18 (16 + 2) bytes more
memcpy (buf + len, iv, 16); memcpy (buf + len, iv, 16);
@ -960,8 +958,7 @@ namespace transport
// toAddress is true for Alice<->Chalie communications only // toAddress is true for Alice<->Chalie communications only
// sendAddress is false if message comes from Alice // sendAddress is false if message comes from Alice
{ {
uint8_t buf[80 + 18]; uint8_t buf[80 + 18] = {};
uint8_t iv[16];
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
htobe32buf (payload, nonce); htobe32buf (payload, nonce);
payload += 4; // nonce payload += 4; // nonce
@ -995,6 +992,7 @@ namespace transport
// send // send
CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator (); CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
uint8_t iv[16];
rnd.GenerateBlock (iv, 16); // random iv rnd.GenerateBlock (iv, 16); // random iv
if (toAddress) if (toAddress)
{ {
@ -1032,7 +1030,7 @@ namespace transport
{ {
if (m_State == eSessionStateEstablished) if (m_State == eSessionStateEstablished)
{ {
uint8_t buf[48 + 18]; uint8_t buf[48 + 18] = {};
uint8_t * payload = buf + sizeof (SSUHeader); uint8_t * payload = buf + sizeof (SSUHeader);
*payload = 0; // flags *payload = 0; // flags
payload++; payload++;
@ -1049,7 +1047,7 @@ namespace transport
{ {
if (m_IsSessionKey) if (m_IsSessionKey)
{ {
uint8_t buf[48 + 18]; uint8_t buf[48 + 18] = {};
// encrypt message with session key // encrypt message with session key
FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_DESTROYED, buf, 48); FillHeaderAndEncrypt (PAYLOAD_TYPE_SESSION_DESTROYED, buf, 48);
try try
@ -1066,7 +1064,7 @@ namespace transport
void SSUSession::Send (uint8_t type, const uint8_t * payload, size_t len) void SSUSession::Send (uint8_t type, const uint8_t * payload, size_t len)
{ {
uint8_t buf[SSU_MTU_V4 + 18]; uint8_t buf[SSU_MTU_V4 + 18] = {};
size_t msgSize = len + sizeof (SSUHeader); size_t msgSize = len + sizeof (SSUHeader);
size_t paddingSize = msgSize & 0x0F; // %16 size_t paddingSize = msgSize & 0x0F; // %16
if (paddingSize > 0) msgSize += (16 - paddingSize); if (paddingSize > 0) msgSize += (16 - paddingSize);

View File

@ -15,6 +15,8 @@ namespace i2p
namespace transport namespace transport
{ {
#pragma pack(1) #pragma pack(1)
// Warning: do not change the order of these variables
// (or fix the unsafe casts in SSU.h)
struct SSUHeader struct SSUHeader
{ {
uint8_t mac[16]; uint8_t mac[16];

9
TODO Normal file
View File

@ -0,0 +1,9 @@
Short-term refactoring:
- SSUSession:637, SSUSession:635 get rid of casting to SSUHeader
Long-term refactoring:
- Rely on a library for TLS and SSL.
Additions:
- Write tests.
- Add documentation.

View File

@ -86,8 +86,8 @@ namespace tunnel
void CreateBuildRequestRecord (uint8_t * record, uint32_t replyMsgID) const void CreateBuildRequestRecord (uint8_t * record, uint32_t replyMsgID) const
{ {
uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE]; uint8_t clearText[BUILD_REQUEST_RECORD_CLEAR_TEXT_SIZE] = {};
htobe32buf (clearText + BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET, tunnelID); htobe32buf (clearText + BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET, tunnelID);
memcpy (clearText + BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET, router->GetIdentHash (), 32); memcpy (clearText + BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET, router->GetIdentHash (), 32);
htobe32buf (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET, nextTunnelID); htobe32buf (clearText + BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET, nextTunnelID);
memcpy (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, nextRouter->GetIdentHash (), 32); memcpy (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, nextRouter->GetIdentHash (), 32);

8
aes.h
View File

@ -140,7 +140,13 @@ namespace crypto
{ {
public: public:
CBCEncryption () { memset (m_LastBlock.buf, 0, 16); }; CBCEncryption () { memset (m_LastBlock.buf, 0, 16); };
CBCEncryption(const AESKey& key, const uint8_t* iv)
: CBCEncryption()
{
SetKey(key);
SetIV(iv);
};
void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
void SetIV (const uint8_t * iv) { memcpy (m_LastBlock.buf, iv, 16); }; // 16 bytes void SetIV (const uint8_t * iv) { memcpy (m_LastBlock.buf, iv, 16); }; // 16 bytes