j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Enforce maximum amount of bytes sent/received on meta-connections.

Browse source 
This is 2^{block_length_in_bits / 2 - 1}.
This commit is contained in:
Guus Sliepen 2016-10-30 15:19:12 +01:00
parent edc1efed3c
commit 979acc48ad
5 changed files with 39 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/openssl/cipher.c
View file

@ -77,6 +77,24 @@ size_t cipher_keylength(const cipher_t *cipher) {
return EVP_CIPHER_key_length(cipher->cipher) + EVP_CIPHER_iv_length(cipher->cipher);
}
uint64_t cipher_budget(const cipher_t *cipher) {
/* Hopefully some failsafe way to calculate the maximum amount of bytes to
send/receive with a given cipher before we might run into birthday paradox
attacks. Because we might use different modes, the block size of the mode
might be 1 byte. In that case, use the IV length. Ensure the whole thing
is limited to what can be represented with a 64 bits integer.
*/
if(!cipher || !cipher->cipher)
return UINT64_MAX; // NULL cipher
int ivlen = EVP_CIPHER_iv_length(cipher->cipher);
int blklen = EVP_CIPHER_block_size(cipher->cipher);
int len = blklen > 1 ? blklen : ivlen > 1 ? ivlen : 8;
int bits = len * 4 - 1;
return bits < 64 ? UINT64_C(1) << bits : UINT64_MAX;
}
size_t cipher_blocksize(const cipher_t *cipher) {
if(!cipher || !cipher->cipher)
return 1;