From 8d4dd7660af8cd3856d0d54d92386ce3ef1bc333 Mon Sep 17 00:00:00 2001 From: GDR! Date: Fri, 19 Jun 2015 21:54:59 +0200 Subject: [PATCH] PSK authentication --- client.c | 24 +++++++++++++++++++++--- main.c | 40 +++++++++++++++++++++++++++++++++++++--- main.h | 3 +++ util.c | 2 +- 4 files changed, 62 insertions(+), 7 deletions(-) diff --git a/client.c b/client.c index d2ef837..929e2f5 100644 --- a/client.c +++ b/client.c @@ -1,3 +1,4 @@ +#include #include "log.h" #include "main.h" #include "client.h" @@ -220,6 +221,7 @@ int do_client_loop(char *tox_id_str) uint32_t friendnumber; struct timeval tv; fd_set fds; + static time_t invitation_sent_time = 0; TOX_ERR_FRIEND_QUERY friend_query_error; TOX_ERR_FRIEND_CUSTOM_PACKET custom_packet_error; @@ -260,10 +262,18 @@ int do_client_loop(char *tox_id_str) break; case CLIENT_STATE_CONNECTED: { - uint8_t data[] = "Hi, fellow tuntox instance!"; + uint8_t* data = "Hi, fellow tuntox instance!"; uint16_t length = sizeof(data); TOX_ERR_FRIEND_ADD add_error; + if(use_shared_secret) + { + data = shared_secret; + data[TOX_MAX_FRIEND_REQUEST_LENGTH-1] = '\0'; + length = strlen(data)+1; + log_printf(L_DEBUG, "Sent shared secret of length %u\n", length); + } + log_printf(L_INFO, "Connected. Sending friend request.\n"); friendnumber = tox_friend_add( @@ -274,12 +284,15 @@ int do_client_loop(char *tox_id_str) &add_error ); - if(friendnumber == UINT32_MAX) + if(add_error != TOX_ERR_FRIEND_ADD_OK) { - log_printf(L_ERROR, "Error %u adding friend %s\n", add_error, tox_id); + unsigned char tox_printable_id[TOX_ADDRESS_SIZE * 2 + 1]; + id_to_string(tox_printable_id, tox_id); + log_printf(L_ERROR, "Error %u adding friend %s\n", add_error, tox_printable_id); exit(-1); } + invitation_sent_time = time(NULL); state = CLIENT_STATE_SENTREQUEST; log_printf(L_INFO, "Waiting for friend to accept us...\n"); } @@ -302,6 +315,11 @@ int do_client_loop(char *tox_id_str) } else { + if(0 && (time(NULL) - invitation_sent_time > 60)) + { + log_printf(L_INFO, "Sending another friend request..."); + state = CLIENT_STATE_CONNECTED; + } } } break; diff --git a/main.c b/main.c index bdfe201..ed653ef 100644 --- a/main.c +++ b/main.c @@ -40,7 +40,8 @@ char *pidfile = NULL; char *daemon_username = NULL; /* Shared secret used for authentication */ -char *shared_secret = NULL; +int use_shared_secret = 0; +char shared_secret[TOX_MAX_FRIEND_REQUEST_LENGTH]; fd_set master_server_fds; @@ -676,6 +677,28 @@ void accept_friend_request(Tox *tox, const uint8_t *public_key, const uint8_t *m log_printf(L_DEBUG, "Got friend request\n"); + if(use_shared_secret) + { + if(!message) + { + log_printf(L_WARNING, "Friend sent NULL message - not accepting request"); + return; + } + + if(message[length - 1] != '\0') + { + log_printf(L_WARNING, "Message of size %u is not NULL terminated - not accepting request", length); + return; + } + + if(strncmp(message, shared_secret, TOX_MAX_FRIEND_REQUEST_LENGTH-1)) + { + log_printf(L_WARNING, "Received shared secret \"%s\" differs from our shared secret - not accepting request", message); + return; + } + } + + friendnumber = tox_friend_add_norequest(tox, public_key, &friend_add_error); if(friend_add_error != TOX_ERR_FRIEND_ADD_OK) { @@ -948,7 +971,7 @@ void help() fprintf(stderr, "-P : - forward : to stdin/stdout (SSH ProxyCommand mode)\n"); fprintf(stderr, "-p - ping the server from -i and exit\n"); fprintf(stderr, "-C - save private key in instead of /etc/tuntox in server mode\n"); - fprintf(stderr, "-s - shared secret used for connection authentication\n"); + fprintf(stderr, "-s - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1); fprintf(stderr, "-d - debug mode\n"); fprintf(stderr, "-q - quiet mode\n"); fprintf(stderr, "-S - send output to syslog instead of stderr\n"); @@ -969,7 +992,7 @@ int main(int argc, char *argv[]) log_init(); - while ((oc = getopt(argc, argv, "L:pi:C:P:dqhSF:DU:")) != -1) + while ((oc = getopt(argc, argv, "L:pi:C:s:P:dqhSF:DU:")) != -1) { switch(oc) { @@ -1027,6 +1050,12 @@ int main(int argc, char *argv[]) config_path[optarg_len + 1] = '\0'; } break; + case 's': + /* Shared secret */ + use_shared_secret = 1; + memset(shared_secret, 0, TOX_MAX_FRIEND_REQUEST_LENGTH); + strncpy(shared_secret, optarg, TOX_MAX_FRIEND_REQUEST_LENGTH-1); + break; case 'd': min_log_level = L_DEBUG; break; @@ -1130,6 +1159,11 @@ int main(int argc, char *argv[]) { write_save(tox); + if(!use_shared_secret) + { + log_printf(L_WARNING, "Shared secret authentication is not used - skilled attackers may connect to your tuntox server"); + } + tox_self_get_address(tox, tox_id); memset(tox_printable_id, '\0', sizeof(tox_printable_id)); id_to_string(tox_printable_id, tox_id); diff --git a/main.h b/main.h index aad191a..41a7995 100644 --- a/main.h +++ b/main.h @@ -86,6 +86,9 @@ extern char *remote_tox_id; extern int remote_port; extern char *remote_host; extern int local_port; +/* Shared secret used for authentication */ +extern int use_shared_secret; +extern char shared_secret[TOX_MAX_FRIEND_REQUEST_LENGTH]; extern int select_nfds; extern tunnel *by_id; diff --git a/util.c b/util.c index 0d88f8d..5d3fefe 100644 --- a/util.c +++ b/util.c @@ -191,7 +191,7 @@ const char *readable_connection_status(TOX_CONNECTION status) case TOX_CONNECTION_TCP: return "A TCP connection has been established (via TCP relay)"; case TOX_CONNECTION_UDP: - return "A UDP connection has been established with DHT nodes"; + return "An UDP connection has been established"; default: return "Unknown connection status"; }