fixed: issue 3565 - encryption fails with heavy network traffic.

changed encrypt and decrypt to be asymmetrical (iv change now applies only in one direction).

src/lib/client/CClient.cpp

@@ -194,10 +194,10 @@ CClient::handshakeComplete()
 }
 
 void
-CClient::setCryptoIv(const UInt8* iv)
+CClient::setDecryptIv(const UInt8* iv)
 {
 	if (m_cryptoStream != NULL) {
-		m_cryptoStream->setIv(iv);
+		m_cryptoStream->setDecryptIv(iv);
 	}
 }
 

src/lib/client/CClient.h

@@ -88,8 +88,8 @@ public:
 	*/
 	virtual void		handshakeComplete();
 
-	//! Set crypto IV
+	//! Set crypto IV for decryption
-	virtual void		setCryptoIv(const UInt8* iv);
+	virtual void		setDecryptIv(const UInt8* iv);
 
 	//@}
 	//! @name accessors

src/lib/client/CServerProxy.cpp

@@ -838,7 +838,7 @@ CServerProxy::cryptoIv()
 	LOG((CLOG_DEBUG2 "recv crypto iv size=%i", s.size()));
 
 	// forward
-	m_client->setCryptoIv(reinterpret_cast<const UInt8*>(s.c_str()));
+	m_client->setDecryptIv(reinterpret_cast<const UInt8*>(s.c_str()));
 }
 
 void

src/lib/server/CClientProxy1_4.cpp

@@ -106,7 +106,7 @@ CClientProxy1_4::cryptoIv()
 	
 	// change IV only after we've sent the current IV, otherwise
 	// the client won't be able to decrypt the new IV.
-	cryptoStream->setIv(iv);
+	cryptoStream->setEncryptIv(iv);
 }
 
 bool

src/lib/synergy/CCryptoStream.cpp

@@ -43,7 +43,8 @@ CCryptoStream::CCryptoStream(
 
 		byte iv[CRYPTO_IV_SIZE];
 		createKey(iv, options.m_pass, CRYPTO_IV_SIZE, static_cast<UInt8>(options.m_pass.length()) * 2);
-		setIv(iv);
+		setEncryptIv(iv);
+		setDecryptIv(iv);
 	}
 }
 
@@ -111,12 +112,18 @@ CCryptoStream::createKey(byte* out, const CString& password, UInt8 keyLength, UI
 }
 
 void
-CCryptoStream::setIv(const byte* iv)
+CCryptoStream::setEncryptIv(const byte* iv)
 {
 	assert(m_key != NULL);
-	logBuffer("iv", iv, CRYPTO_IV_SIZE);
+	logBuffer("encrypt iv", iv, CRYPTO_IV_SIZE);
-
 	m_encryption.setKeyWithIv(m_key, kKeyLength, iv);
+}
+
+void
+CCryptoStream::setDecryptIv(const byte* iv)
+{
+	assert(m_key != NULL);
+	logBuffer("decrypt iv", iv, CRYPTO_IV_SIZE);
 	m_decryption.setKeyWithIv(m_key, kKeyLength, iv);
 }
 

src/lib/synergy/CCryptoStream.h

@@ -52,8 +52,11 @@ public:
 	*/
 	virtual void		write(const void* in, UInt32 n);
 
-	//! Set the IV
+	//! Set the IV for encryption
-	void			setIv(const byte* iv);
+	void				setEncryptIv(const byte* iv);
+	
+	//! Set the IV for decryption
+	void				setDecryptIv(const byte* iv);
 
 	//! Get a new IV
 	/*!

src/test/unittests/client/CMockClient.h

@@ -32,5 +32,5 @@ public:
 	MOCK_METHOD2(mouseMove, void(SInt32, SInt32));
 	MOCK_METHOD1(setOptions, void(const COptionsList&));
 	MOCK_METHOD0(handshakeComplete, void());
-	MOCK_METHOD1(setCryptoIv, void(const UInt8*));
+	MOCK_METHOD1(setDecryptIv, void(const UInt8*));
 };

src/test/unittests/server/CClientProxyTests.cpp

@@ -26,69 +26,105 @@ using ::testing::_;
 using ::testing::NiceMock;
 using ::testing::Invoke;
 
-const UInt8 cryptoIvWrite_bufferLen = 200;
+const UInt8 g_cryptoIvWrite_bufferLen = 200;
-UInt8 cryptoIvWrite_buffer[cryptoIvWrite_bufferLen];
+UInt8 g_cryptoIvWrite_buffer[g_cryptoIvWrite_bufferLen];
-UInt32 cryptoIvWrite_bufferIndex;
+UInt32 g_cryptoIvWrite_writeBufferIndex;
+UInt32 g_cryptoIvWrite_readBufferIndex;
 
-void
+void cryptoIv_mockWrite(const void* in, UInt32 n);
-cryptoIv_mockWrite(const void* in, UInt32 n);
+UInt8 cryptoIv_mockRead(void* out, UInt32 n);
 
 TEST(CClientProxyTests, cryptoIvWrite)
 {
-	cryptoIvWrite_bufferIndex = 0;
+	g_cryptoIvWrite_writeBufferIndex = 0;
+	g_cryptoIvWrite_readBufferIndex = 0;
 
 	NiceMock<CMockEventQueue> eventQueue;
 	NiceMock<CMockStream> innerStream;
 	NiceMock<CMockServer> server;
-	NiceMock<CMockCryptoStream>* stream = new NiceMock<CMockCryptoStream>(&eventQueue, &innerStream);
+	CCryptoOptions options("ctr", "mock");
 
-	ON_CALL(*stream, write(_, _)).WillByDefault(Invoke(cryptoIv_mockWrite));
+	CCryptoStream* serverStream = new CCryptoStream(&eventQueue, &innerStream, options, false);
+	CCryptoStream* clientStream = new CCryptoStream(&eventQueue, &innerStream, options, false);
 
-	CClientProxy1_4 clientProxy("stub", stream, &server, &eventQueue);
+	byte iv[CRYPTO_IV_SIZE];
+	serverStream->newIv(iv);
+	serverStream->setEncryptIv(iv);
+	clientStream->setDecryptIv(iv);
+	
+	ON_CALL(innerStream, write(_, _)).WillByDefault(Invoke(cryptoIv_mockWrite));
+	ON_CALL(innerStream, read(_, _)).WillByDefault(Invoke(cryptoIv_mockRead));
+
+	CClientProxy1_4 clientProxy("stub", serverStream, &server, &eventQueue);
+	
+	UInt8 buffer[100];
+	clientStream->read(buffer, 4);
+
+	g_cryptoIvWrite_writeBufferIndex = 0;
+	g_cryptoIvWrite_readBufferIndex = 0;
 
 	// DCIV, then DKDN.
-	cryptoIvWrite_bufferIndex = 0;
 	clientProxy.keyDown(1, 2, 3);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[0]);
+	clientStream->read(buffer, 24);
-	EXPECT_EQ('C', cryptoIvWrite_buffer[1]);
+	EXPECT_EQ('D', buffer[0]);
-	EXPECT_EQ('I', cryptoIvWrite_buffer[2]);
+	EXPECT_EQ('C', buffer[1]);
-	EXPECT_EQ('V', cryptoIvWrite_buffer[3]);
+	EXPECT_EQ('I', buffer[2]);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[24]);
+	EXPECT_EQ('V', buffer[3]);
-	EXPECT_EQ('K', cryptoIvWrite_buffer[25]);
+	clientStream->setDecryptIv(&buffer[8]);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[26]);
+	clientStream->read(buffer, 10);
-	EXPECT_EQ('N', cryptoIvWrite_buffer[27]);
+	EXPECT_EQ('D', buffer[0]);
+	EXPECT_EQ('K', buffer[1]);
+	EXPECT_EQ('D', buffer[2]);
+	EXPECT_EQ('N', buffer[3]);
+	
+	g_cryptoIvWrite_writeBufferIndex = 0;
+	g_cryptoIvWrite_readBufferIndex = 0;
 
 	// DCIV, then DKUP.
-	cryptoIvWrite_bufferIndex = 0;
 	clientProxy.keyUp(1, 2, 3);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[0]);
+	clientStream->read(buffer, 24);
-	EXPECT_EQ('C', cryptoIvWrite_buffer[1]);
+	EXPECT_EQ('D', buffer[0]);
-	EXPECT_EQ('I', cryptoIvWrite_buffer[2]);
+	EXPECT_EQ('C', buffer[1]);
-	EXPECT_EQ('V', cryptoIvWrite_buffer[3]);
+	EXPECT_EQ('I', buffer[2]);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[24]);
+	EXPECT_EQ('V', buffer[3]);
-	EXPECT_EQ('K', cryptoIvWrite_buffer[25]);
+	clientStream->setDecryptIv(&buffer[8]);
-	EXPECT_EQ('U', cryptoIvWrite_buffer[26]);
+	clientStream->read(buffer, 10);
-	EXPECT_EQ('P', cryptoIvWrite_buffer[27]);
+	EXPECT_EQ('D', buffer[0]);
+	EXPECT_EQ('K', buffer[1]);
+	EXPECT_EQ('U', buffer[2]);
+	EXPECT_EQ('P', buffer[3]);
+	
+	g_cryptoIvWrite_writeBufferIndex = 0;
+	g_cryptoIvWrite_readBufferIndex = 0;
 	
 	// DCIV, then DKRP.
-	cryptoIvWrite_bufferIndex = 0;
 	clientProxy.keyRepeat(1, 2, 4, 4);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[0]);
+	clientStream->read(buffer, 24);
-	EXPECT_EQ('C', cryptoIvWrite_buffer[1]);
+	EXPECT_EQ('D', buffer[0]);
-	EXPECT_EQ('I', cryptoIvWrite_buffer[2]);
+	EXPECT_EQ('C', buffer[1]);
-	EXPECT_EQ('V', cryptoIvWrite_buffer[3]);
+	EXPECT_EQ('I', buffer[2]);
-	EXPECT_EQ('D', cryptoIvWrite_buffer[24]);
+	EXPECT_EQ('V', buffer[3]);
-	EXPECT_EQ('K', cryptoIvWrite_buffer[25]);
+	clientStream->setDecryptIv(&buffer[8]);
-	EXPECT_EQ('R', cryptoIvWrite_buffer[26]);
+	clientStream->read(buffer, 12);
-	EXPECT_EQ('P', cryptoIvWrite_buffer[27]);
+	EXPECT_EQ('D', buffer[0]);
+	EXPECT_EQ('K', buffer[1]);
+	EXPECT_EQ('R', buffer[2]);
+	EXPECT_EQ('P', buffer[3]);
 }
 
 void
 cryptoIv_mockWrite(const void* in, UInt32 n)
 {
-	if (cryptoIvWrite_bufferIndex >= cryptoIvWrite_bufferLen) {
+	assert(g_cryptoIvWrite_writeBufferIndex <= sizeof(g_cryptoIvWrite_buffer));
-		return;
+	memcpy(&g_cryptoIvWrite_buffer[g_cryptoIvWrite_writeBufferIndex], in, n);
-	}
+	g_cryptoIvWrite_writeBufferIndex += n;
-	memcpy(&cryptoIvWrite_buffer[cryptoIvWrite_bufferIndex], in, n);
+}
-	cryptoIvWrite_bufferIndex += n;
+
+UInt8
+cryptoIv_mockRead(void* out, UInt32 n)
+{
+	assert(g_cryptoIvWrite_readBufferIndex <= sizeof(g_cryptoIvWrite_buffer));
+	memcpy(out, &g_cryptoIvWrite_buffer[g_cryptoIvWrite_readBufferIndex], n);
+	g_cryptoIvWrite_readBufferIndex += n;
+	return n;
 }

src/test/unittests/synergy/CCryptoStreamTests.cpp

@@ -75,7 +75,7 @@ TEST(CCryptoTests, write)
 	ON_CALL(innerStream, write(_, _)).WillByDefault(Invoke(write_mockWrite));
 	
 	CCryptoStream cs(&eventQueue, &innerStream, options, false);
-	cs.setIv(kIv);
+	cs.setEncryptIv(kIv);
 	cs.write(buffer, size);
 	
 	EXPECT_EQ(95, g_write_buffer[0]);
@@ -93,7 +93,8 @@ TEST(CCryptoTests, read)
 	ON_CALL(innerStream, read(_, _)).WillByDefault(Invoke(read_mockRead));
 	
 	CCryptoStream cs(&eventQueue, &innerStream, options, false);
-	cs.setIv(kIv);
+	cs.setEncryptIv(kIv);
+	cs.setDecryptIv(kIv);
 	
 	g_read_buffer[0] = 95;
 	g_read_buffer[1] = 107;
@@ -122,7 +123,7 @@ TEST(CCryptoTests, write4Read1)
 	ON_CALL(innerStream, read(_, _)).WillByDefault(Invoke(write4Read1_mockRead));
 	
 	CCryptoStream cs1(&eventQueue, &innerStream, options, false);
-	cs1.setIv(kIv);
+	cs1.setEncryptIv(kIv);
 	
 	cs1.write("a", 1);
 	cs1.write("b", 1);
@@ -130,7 +131,7 @@ TEST(CCryptoTests, write4Read1)
 	cs1.write("d", 1);
 
 	CCryptoStream cs2(&eventQueue, &innerStream, options, false);
-	cs2.setIv(kIv);
+	cs2.setDecryptIv(kIv);
 	
 	UInt8 buffer[4];
 	cs2.read(buffer, 4);
@@ -153,7 +154,7 @@ TEST(CCryptoTests, write1Read4)
 	ON_CALL(innerStream, read(_, _)).WillByDefault(Invoke(write1Read4_mockRead));
 
 	CCryptoStream cs1(&eventQueue, &innerStream, options, false);
-	cs1.setIv(kIv);
+	cs1.setEncryptIv(kIv);
 
 	UInt8 bufferIn[4];
 	bufferIn[0] = 'a';
@@ -163,7 +164,7 @@ TEST(CCryptoTests, write1Read4)
 	cs1.write(bufferIn, 4);
 	
 	CCryptoStream cs2(&eventQueue, &innerStream, options, false);
-	cs2.setIv(kIv);
+	cs2.setDecryptIv(kIv);
 
 	UInt8 bufferOut[4];
 	cs2.read(&bufferOut[0], 1);
@@ -194,7 +195,7 @@ TEST(CCryptoTests, readWriteIvChanged)
 	const byte iv2[] = "bbbbbbbbbbbbbbbb";
 	
 	CCryptoStream cs1(&eventQueue, &innerStream, options, false);
-	cs1.setIv(iv1);
+	cs1.setEncryptIv(iv1);
 	
 	UInt8 bufferIn[4];
 	bufferIn[0] = 'a';
@@ -204,7 +205,7 @@ TEST(CCryptoTests, readWriteIvChanged)
 	cs1.write(bufferIn, 4);
 	
 	CCryptoStream cs2(&eventQueue, &innerStream, options, false);
-	cs1.setIv(iv2);
+	cs1.setDecryptIv(iv2);
 
 	UInt8 bufferOut[4];
 	cs2.read(bufferOut, 4);
@@ -220,8 +221,8 @@ TEST(CCryptoTests, readWriteIvChanged)
 	// ensure that the new IV is used.
 	byte iv[CRYPTO_IV_SIZE];
 	cs1.newIv(iv);
-	cs1.setIv(iv);
+	cs1.setEncryptIv(iv);
-	cs2.setIv(iv);
+	cs2.setDecryptIv(iv);
 
 	cs1.write(bufferIn, 4);
 	cs2.read(bufferOut, 4);