Skip to content

Commit

Permalink
PSK authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
@gjedeer
gjedeer committed Jun 19, 2015
1 parent 8f9376b commit 8d4dd76
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 7 deletions.
24 changes: 21 additions & 3 deletions client.c
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include <time.h>
#include "log.h"
#include "main.h"
#include "client.h"
Expand Down Expand Up @@ -220,6 +221,7 @@ int do_client_loop(char *tox_id_str)
uint32_t friendnumber;
struct timeval tv;
fd_set fds;
static time_t invitation_sent_time = 0;
TOX_ERR_FRIEND_QUERY friend_query_error;
TOX_ERR_FRIEND_CUSTOM_PACKET custom_packet_error;

Expand Down Expand Up @@ -260,10 +262,18 @@ int do_client_loop(char *tox_id_str)
break;
case CLIENT_STATE_CONNECTED:
{
uint8_t data[] = "Hi, fellow tuntox instance!";
uint8_t* data = "Hi, fellow tuntox instance!";
uint16_t length = sizeof(data);
TOX_ERR_FRIEND_ADD add_error;

if(use_shared_secret)
{
data = shared_secret;
data[TOX_MAX_FRIEND_REQUEST_LENGTH-1] = '\0';
length = strlen(data)+1;
log_printf(L_DEBUG, "Sent shared secret of length %u\n", length);
}

log_printf(L_INFO, "Connected. Sending friend request.\n");

friendnumber = tox_friend_add(
Expand All @@ -274,12 +284,15 @@ int do_client_loop(char *tox_id_str)
&add_error
);

if(friendnumber == UINT32_MAX)
if(add_error != TOX_ERR_FRIEND_ADD_OK)
{
log_printf(L_ERROR, "Error %u adding friend %s\n", add_error, tox_id);
unsigned char tox_printable_id[TOX_ADDRESS_SIZE * 2 + 1];
id_to_string(tox_printable_id, tox_id);
log_printf(L_ERROR, "Error %u adding friend %s\n", add_error, tox_printable_id);
exit(-1);
}

invitation_sent_time = time(NULL);
state = CLIENT_STATE_SENTREQUEST;
log_printf(L_INFO, "Waiting for friend to accept us...\n");
}
Expand All @@ -302,6 +315,11 @@ int do_client_loop(char *tox_id_str)
}
else
{
if(0 && (time(NULL) - invitation_sent_time > 60))
{
log_printf(L_INFO, "Sending another friend request...");
state = CLIENT_STATE_CONNECTED;
}
}
}
break;
Expand Down
40 changes: 37 additions & 3 deletions main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ char *pidfile = NULL;
char *daemon_username = NULL;

/* Shared secret used for authentication */
char *shared_secret = NULL;
int use_shared_secret = 0;
char shared_secret[TOX_MAX_FRIEND_REQUEST_LENGTH];

fd_set master_server_fds;

Expand Down Expand Up @@ -676,6 +677,28 @@ void accept_friend_request(Tox *tox, const uint8_t *public_key, const uint8_t *m

log_printf(L_DEBUG, "Got friend request\n");

if(use_shared_secret)
{
if(!message)
{
log_printf(L_WARNING, "Friend sent NULL message - not accepting request");
return;
}

if(message[length - 1] != '\0')
{
log_printf(L_WARNING, "Message of size %u is not NULL terminated - not accepting request", length);
return;
}

if(strncmp(message, shared_secret, TOX_MAX_FRIEND_REQUEST_LENGTH-1))
{
log_printf(L_WARNING, "Received shared secret \"%s\" differs from our shared secret - not accepting request", message);
return;
}
}


friendnumber = tox_friend_add_norequest(tox, public_key, &friend_add_error);
if(friend_add_error != TOX_ERR_FRIEND_ADD_OK)
{
Expand Down Expand Up @@ -948,7 +971,7 @@ void help()
fprintf(stderr, "-P <remotehostname>:<remoteport> - forward <remotehostname>:<remoteport> to stdin/stdout (SSH ProxyCommand mode)\n");
fprintf(stderr, "-p - ping the server from -i and exit\n");
fprintf(stderr, "-C <dir> - save private key in <dir> instead of /etc/tuntox in server mode\n");
fprintf(stderr, "-s <secret> - shared secret used for connection authentication\n");
fprintf(stderr, "-s <secret> - shared secret used for connection authentication (max %u characters)\n", TOX_MAX_FRIEND_REQUEST_LENGTH-1);
fprintf(stderr, "-d - debug mode\n");
fprintf(stderr, "-q - quiet mode\n");
fprintf(stderr, "-S - send output to syslog instead of stderr\n");
Expand All @@ -969,7 +992,7 @@ int main(int argc, char *argv[])

log_init();

while ((oc = getopt(argc, argv, "L:pi:C:P:dqhSF:DU:")) != -1)
while ((oc = getopt(argc, argv, "L:pi:C:s:P:dqhSF:DU:")) != -1)
{
switch(oc)
{
Expand Down Expand Up @@ -1027,6 +1050,12 @@ int main(int argc, char *argv[])
config_path[optarg_len + 1] = '\0';
}
break;
case 's':
/* Shared secret */
use_shared_secret = 1;
memset(shared_secret, 0, TOX_MAX_FRIEND_REQUEST_LENGTH);
strncpy(shared_secret, optarg, TOX_MAX_FRIEND_REQUEST_LENGTH-1);
break;
case 'd':
min_log_level = L_DEBUG;
break;
Expand Down Expand Up @@ -1130,6 +1159,11 @@ int main(int argc, char *argv[])
{
write_save(tox);

if(!use_shared_secret)
{
log_printf(L_WARNING, "Shared secret authentication is not used - skilled attackers may connect to your tuntox server");
}

tox_self_get_address(tox, tox_id);
memset(tox_printable_id, '\0', sizeof(tox_printable_id));
id_to_string(tox_printable_id, tox_id);
Expand Down
3 changes: 3 additions & 0 deletions main.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@ extern char *remote_tox_id;
extern int remote_port;
extern char *remote_host;
extern int local_port;
/* Shared secret used for authentication */
extern int use_shared_secret;
extern char shared_secret[TOX_MAX_FRIEND_REQUEST_LENGTH];

extern int select_nfds;
extern tunnel *by_id;
Expand Down
2 changes: 1 addition & 1 deletion util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ const char *readable_connection_status(TOX_CONNECTION status)
case TOX_CONNECTION_TCP:
return "A TCP connection has been established (via TCP relay)";
case TOX_CONNECTION_UDP:
return "A UDP connection has been established with DHT nodes";
return "An UDP connection has been established";
default:
return "Unknown connection status";
}
Expand Down

0 comments on commit 8d4dd76

Please sign in to comment.