Using different methods instead of switching decryptor global state o…

…n each packet
OpenHD · Nov 27, 2023 · 24776a3 · 24776a3
1 parent 3fdaf81
commit 24776a3
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 2 deletions.
diff --git a/src/WBTxRx.cpp b/src/WBTxRx.cpp
@@ -612,14 +612,34 @@ void WBTxRx::switch_tx_card_if_needed() {
   }
 }
 
-bool WBTxRx::process_received_data_packet(int wlan_idx,uint8_t stream_index,bool encrypted,const uint64_t nonce,const uint8_t *payload_and_enc_suffix,int payload_and_enc_suffix_size) {
+bool WBTxRx::process_received_data_packet(
+    int wlan_idx,
+    uint8_t stream_index,
+    bool encrypted,
+    const uint64_t nonce,
+    const uint8_t *payload_and_enc_suffix,
+    int payload_and_enc_suffix_size) {
   std::shared_ptr<std::vector<uint8_t>> decrypted=std::make_shared<std::vector<uint8_t>>(payload_and_enc_suffix_size-crypto_aead_chacha20poly1305_ABYTES);
   // after that, we have the encrypted data (and the encryption suffix)
   const uint8_t* encrypted_data_with_suffix=payload_and_enc_suffix;
   const auto encrypted_data_with_suffix_len = payload_and_enc_suffix_size;
   m_decryptor->set_encryption_enabled(encrypted);
   const auto before_decrypt=std::chrono::steady_clock::now();
-  const auto res= m_decryptor->authenticate_and_decrypt(nonce, encrypted_data_with_suffix, encrypted_data_with_suffix_len,decrypted->data());
+  bool res;
+  if (encrypted) {
+    res = m_decryptor->decrypt(
+        nonce,
+        encrypted_data_with_suffix,
+        encrypted_data_with_suffix_len,
+        decrypted->data());
+  } else {
+    res = m_decryptor->authenticate(
+        nonce,
+        encrypted_data_with_suffix,
+        encrypted_data_with_suffix_len,
+        decrypted->data());
+  }
+
   if(res){
     if(m_options.log_all_received_validated_packets){
       m_console->debug("Got valid packet nonce:{} wlan_idx:{} encrypted:{} stream_index:{} size:{}",nonce,wlan_idx,encrypted,stream_index,payload_and_enc_suffix_size);

diff --git a/src/encryption/Decryptor.cpp b/src/encryption/Decryptor.cpp
@@ -61,6 +61,46 @@ bool wb::Decryptor::authenticate_and_decrypt(const uint64_t& nonce,
   return res != -1;
 }
 
+bool wb::Decryptor::authenticate(
+    const uint64_t& nonce,
+    const uint8_t* encrypted,
+    int encrypted_size,
+    uint8_t* dest) {
+  const auto payload_size = encrypted_size - crypto_onetimeauth_BYTES;
+  assert(payload_size > 0);
+  const uint8_t* sign = encrypted + payload_size;
+  // const int
+  // res=crypto_auth_hmacsha256_verify(sign,msg,payload_size,session_key.data());
+  const auto sub_key = wb::create_onetimeauth_subkey(nonce, session_key);
+  const int res = crypto_onetimeauth_verify(sign, encrypted, payload_size,
+                                            sub_key.data());
+  if (res != -1) {
+    memcpy(dest, encrypted, payload_size);
+    return true;
+  }
+  return false;
+}
+
+bool wb::Decryptor::decrypt(
+    const uint64_t& nonce,
+    const uint8_t* encrypted,
+    int encrypted_size,
+    uint8_t* dest) {
+  unsigned long long mlen;
+  int res = crypto_aead_chacha20poly1305_decrypt(
+      dest,
+      &mlen,
+      nullptr,
+      encrypted,
+      encrypted_size,
+      nullptr,
+      0,
+      (uint8_t*)(&nonce),
+      session_key.data());
+  return res != -1;
+}
+
+
 std::shared_ptr<std::vector<uint8_t>>
 wb::Decryptor::authenticate_and_decrypt_buff(const uint64_t& nonce,
                                              const uint8_t* encrypted,

diff --git a/src/encryption/Decryptor.h b/src/encryption/Decryptor.h
@@ -41,6 +41,11 @@ class Decryptor {
   bool authenticate_and_decrypt(const uint64_t& nonce, const uint8_t* encrypted,
                                 int encrypted_size, uint8_t* dest);
 
+  bool decrypt(const uint64_t& nonce, const uint8_t* encrypted,
+                                int encrypted_size, uint8_t* dest);
+
+  bool authenticate(const uint64_t& nonce, const uint8_t* encrypted, int encrypted_size, uint8_t* dest);
+
   /**
    * Easier to use, but usage might require memcpy
    */