diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-01-27 14:30:52 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-01-27 14:30:52 +0100 |
commit | 164e9747a9a90666c98d2dd31541bb11a3eee51d (patch) | |
tree | ab51f64cd797ecacf9d3cee364eb8292246957b0 | |
parent | d3b0b69e7d360b4b82c5a5580a7ea21317dfee24 (diff) | |
download | gnunet-164e9747a9a90666c98d2dd31541bb11a3eee51d.tar.gz gnunet-164e9747a9a90666c98d2dd31541bb11a3eee51d.zip |
trying to make KX logic slightly more readable
-rw-r--r-- | src/cadet/cadet_protocol.h | 67 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet-new_tunnels.c | 71 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 19 |
3 files changed, 103 insertions, 54 deletions
diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h index 8fb260dfd..e2d6f9d0b 100644 --- a/src/cadet/cadet_protocol.h +++ b/src/cadet/cadet_protocol.h | |||
@@ -205,7 +205,9 @@ enum GNUNET_CADET_KX_Flags { | |||
205 | struct GNUNET_CADET_TunnelKeyExchangeMessage | 205 | struct GNUNET_CADET_TunnelKeyExchangeMessage |
206 | { | 206 | { |
207 | /** | 207 | /** |
208 | * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX. | 208 | * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX or |
209 | * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH as part | ||
210 | * of `struct GNUNET_CADET_TunnelKeyExchangeAuthMessage`. | ||
209 | */ | 211 | */ |
210 | struct GNUNET_MessageHeader header; | 212 | struct GNUNET_MessageHeader header; |
211 | 213 | ||
@@ -234,17 +236,57 @@ struct GNUNET_CADET_TunnelKeyExchangeMessage | |||
234 | */ | 236 | */ |
235 | struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key; | 237 | struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key; |
236 | 238 | ||
237 | #ifdef NEW_CADET | 239 | }; |
240 | |||
241 | |||
242 | /** | ||
243 | * Message for a Key eXchange for a tunnel, with authentication. | ||
244 | * Used as a response to the initial KX as well as for rekeying. | ||
245 | */ | ||
246 | struct GNUNET_CADET_TunnelKeyExchangeAuthMessage | ||
247 | { | ||
248 | |||
238 | /** | 249 | /** |
239 | * Proof that sender could compute the 3-DH, in lieu of a signature. | 250 | * Message header with key material. |
240 | */ | 251 | */ |
241 | struct GNUNET_HashCode triple_dh_proof; | 252 | struct GNUNET_CADET_TunnelKeyExchangeMessage kx; |
242 | #endif | 253 | |
254 | /** | ||
255 | * KDF-proof that sender could compute the 3-DH, used in lieu of a | ||
256 | * signature or payload data. | ||
257 | */ | ||
258 | struct GNUNET_HashCode auth; | ||
259 | |||
260 | }; | ||
261 | |||
262 | |||
263 | /** | ||
264 | * Encrypted axolotl header with numbers that identify which | ||
265 | * keys in which ratchet are to be used to decrypt the body. | ||
266 | */ | ||
267 | struct GNUNET_CADET_AxHeader | ||
268 | { | ||
269 | |||
270 | /** | ||
271 | * Number of messages sent with the current ratchet key. | ||
272 | */ | ||
273 | uint32_t Ns GNUNET_PACKED; | ||
274 | |||
275 | /** | ||
276 | * Number of messages sent with the previous ratchet key. | ||
277 | */ | ||
278 | uint32_t PNs GNUNET_PACKED; | ||
279 | |||
280 | /** | ||
281 | * Current ratchet key. | ||
282 | */ | ||
283 | struct GNUNET_CRYPTO_EcdhePublicKey DHRs; | ||
284 | |||
243 | }; | 285 | }; |
244 | 286 | ||
245 | 287 | ||
246 | /** | 288 | /** |
247 | * Axolotl tunnel message. | 289 | * Axolotl-encrypted tunnel message with application payload. |
248 | */ | 290 | */ |
249 | struct GNUNET_CADET_TunnelEncryptedMessage | 291 | struct GNUNET_CADET_TunnelEncryptedMessage |
250 | { | 292 | { |
@@ -277,8 +319,13 @@ struct GNUNET_CADET_TunnelEncryptedMessage | |||
277 | */ | 319 | */ |
278 | struct GNUNET_ShortHashCode hmac; | 320 | struct GNUNET_ShortHashCode hmac; |
279 | 321 | ||
280 | /**************** AX_HEADER start ****************/ | 322 | #if NEW_CADET |
281 | 323 | /** | |
324 | * Axolotl-header that specifies which keys to use in which ratchet | ||
325 | * to decrypt the body that follows. | ||
326 | */ | ||
327 | struct GNUNET_CADET_AxHeader ax_header; | ||
328 | #else | ||
282 | /** | 329 | /** |
283 | * Number of messages sent with the current ratchet key. | 330 | * Number of messages sent with the current ratchet key. |
284 | */ | 331 | */ |
@@ -293,9 +340,7 @@ struct GNUNET_CADET_TunnelEncryptedMessage | |||
293 | * Current ratchet key. | 340 | * Current ratchet key. |
294 | */ | 341 | */ |
295 | struct GNUNET_CRYPTO_EcdhePublicKey DHRs; | 342 | struct GNUNET_CRYPTO_EcdhePublicKey DHRs; |
296 | 343 | #endif | |
297 | /**************** AX_HEADER end ****************/ | ||
298 | |||
299 | /** | 344 | /** |
300 | * Encrypted content follows. | 345 | * Encrypted content follows. |
301 | */ | 346 | */ |
diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.c b/src/cadet/gnunet-service-cadet-new_tunnels.c index bd46dc151..020564d8e 100644 --- a/src/cadet/gnunet-service-cadet-new_tunnels.c +++ b/src/cadet/gnunet-service-cadet-new_tunnels.c | |||
@@ -25,9 +25,9 @@ | |||
25 | * | 25 | * |
26 | * FIXME: | 26 | * FIXME: |
27 | * - KX: | 27 | * - KX: |
28 | * + clean up KX logic, including adding sender authentication | ||
28 | * + implement rekeying | 29 | * + implement rekeying |
29 | * + check KX estate machine -- make sure it is never stuck! | 30 | * + check KX estate machine -- make sure it is never stuck! |
30 | * + clean up KX logic, including adding sender authentication | ||
31 | * - connection management | 31 | * - connection management |
32 | * + properly (evaluate, kill old ones, search for new ones) | 32 | * + properly (evaluate, kill old ones, search for new ones) |
33 | * + when managing connections, distinguish those that | 33 | * + when managing connections, distinguish those that |
@@ -56,14 +56,6 @@ | |||
56 | #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90) | 56 | #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90) |
57 | 57 | ||
58 | /** | 58 | /** |
59 | * Yuck, replace by 'offsetof' expression? | ||
60 | * FIXME. | ||
61 | */ | ||
62 | #define AX_HEADER_SIZE (sizeof (uint32_t) * 2\ | ||
63 | + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)) | ||
64 | |||
65 | |||
66 | /** | ||
67 | * Maximum number of skipped keys we keep in memory per tunnel. | 59 | * Maximum number of skipped keys we keep in memory per tunnel. |
68 | */ | 60 | */ |
69 | #define MAX_SKIPPED_KEYS 64 | 61 | #define MAX_SKIPPED_KEYS 64 |
@@ -600,7 +592,8 @@ t_hmac (const void *plaintext, | |||
600 | key, sizeof (*key), | 592 | key, sizeof (*key), |
601 | ctx, sizeof (ctx), | 593 | ctx, sizeof (ctx), |
602 | NULL); | 594 | NULL); |
603 | /* Two step: CADET_Hash is only 256 bits, HashCode is 512. */ | 595 | /* Two step: GNUNET_ShortHash is only 256 bits, |
596 | GNUNET_HashCode is 512, so we truncate. */ | ||
604 | GNUNET_CRYPTO_hmac (&auth_key, | 597 | GNUNET_CRYPTO_hmac (&auth_key, |
605 | plaintext, | 598 | plaintext, |
606 | size, | 599 | size, |
@@ -814,12 +807,12 @@ t_h_encrypt (struct CadetTunnel *t, | |||
814 | &ax->HKs, | 807 | &ax->HKs, |
815 | NULL, 0, | 808 | NULL, 0, |
816 | NULL); | 809 | NULL); |
817 | out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->Ns, | 810 | out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header.Ns, |
818 | AX_HEADER_SIZE, | 811 | sizeof (struct GNUNET_CADET_AxHeader), |
819 | &ax->HKs, | 812 | &ax->HKs, |
820 | &iv, | 813 | &iv, |
821 | &msg->Ns); | 814 | &msg->ax_header.Ns); |
822 | GNUNET_assert (AX_HEADER_SIZE == out_size); | 815 | GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size); |
823 | } | 816 | } |
824 | 817 | ||
825 | 818 | ||
@@ -844,12 +837,12 @@ t_h_decrypt (struct CadetTunnel *t, | |||
844 | &ax->HKr, | 837 | &ax->HKr, |
845 | NULL, 0, | 838 | NULL, 0, |
846 | NULL); | 839 | NULL); |
847 | out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns, | 840 | out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns, |
848 | AX_HEADER_SIZE, | 841 | sizeof (struct GNUNET_CADET_AxHeader), |
849 | &ax->HKr, | 842 | &ax->HKr, |
850 | &iv, | 843 | &iv, |
851 | &dst->Ns); | 844 | &dst->ax_header.Ns); |
852 | GNUNET_assert (AX_HEADER_SIZE == out_size); | 845 | GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size); |
853 | } | 846 | } |
854 | 847 | ||
855 | 848 | ||
@@ -906,8 +899,8 @@ try_old_ax_keys (struct CadetTunnel *t, | |||
906 | valid_HK = NULL; | 899 | valid_HK = NULL; |
907 | for (key = t->ax.skipped_head; NULL != key; key = key->next) | 900 | for (key = t->ax.skipped_head; NULL != key; key = key->next) |
908 | { | 901 | { |
909 | t_hmac (&src->Ns, | 902 | t_hmac (&src->ax_header, |
910 | AX_HEADER_SIZE + esize, | 903 | sizeof (struct GNUNET_CADET_AxHeader) + esize, |
911 | 0, | 904 | 0, |
912 | &key->HK, | 905 | &key->HK, |
913 | hmac); | 906 | hmac); |
@@ -932,15 +925,15 @@ try_old_ax_keys (struct CadetTunnel *t, | |||
932 | &key->HK, | 925 | &key->HK, |
933 | NULL, 0, | 926 | NULL, 0, |
934 | NULL); | 927 | NULL); |
935 | res = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns, | 928 | res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns, |
936 | AX_HEADER_SIZE, | 929 | sizeof (struct GNUNET_CADET_AxHeader), |
937 | &key->HK, | 930 | &key->HK, |
938 | &iv, | 931 | &iv, |
939 | &plaintext_header.Ns); | 932 | &plaintext_header.ax_header.Ns); |
940 | GNUNET_assert (AX_HEADER_SIZE == res); | 933 | GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res); |
941 | 934 | ||
942 | /* Find the correct message key */ | 935 | /* Find the correct message key */ |
943 | N = ntohl (plaintext_header.Ns); | 936 | N = ntohl (plaintext_header.ax_header.Ns); |
944 | while ( (NULL != key) && | 937 | while ( (NULL != key) && |
945 | (N != key->Kn) ) | 938 | (N != key->Kn) ) |
946 | key = key->next; | 939 | key = key->next; |
@@ -1077,8 +1070,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, | |||
1077 | ax = &t->ax; | 1070 | ax = &t->ax; |
1078 | 1071 | ||
1079 | /* Try current HK */ | 1072 | /* Try current HK */ |
1080 | t_hmac (&src->Ns, | 1073 | t_hmac (&src->ax_header, |
1081 | AX_HEADER_SIZE + esize, | 1074 | sizeof (struct GNUNET_CADET_AxHeader) + esize, |
1082 | 0, &ax->HKr, | 1075 | 0, &ax->HKr, |
1083 | &msg_hmac); | 1076 | &msg_hmac); |
1084 | if (0 != memcmp (&msg_hmac, | 1077 | if (0 != memcmp (&msg_hmac, |
@@ -1092,8 +1085,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, | |||
1092 | struct GNUNET_CRYPTO_EcdhePublicKey *DHRp; | 1085 | struct GNUNET_CRYPTO_EcdhePublicKey *DHRp; |
1093 | 1086 | ||
1094 | /* Try Next HK */ | 1087 | /* Try Next HK */ |
1095 | t_hmac (&src->Ns, | 1088 | t_hmac (&src->ax_header, |
1096 | AX_HEADER_SIZE + esize, | 1089 | sizeof (struct GNUNET_CADET_AxHeader) + esize, |
1097 | 0, | 1090 | 0, |
1098 | &ax->NHKr, | 1091 | &ax->NHKr, |
1099 | &msg_hmac); | 1092 | &msg_hmac); |
@@ -1112,9 +1105,9 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, | |||
1112 | t_h_decrypt (t, | 1105 | t_h_decrypt (t, |
1113 | src, | 1106 | src, |
1114 | &plaintext_header); | 1107 | &plaintext_header); |
1115 | Np = ntohl (plaintext_header.Ns); | 1108 | Np = ntohl (plaintext_header.ax_header.Ns); |
1116 | PNp = ntohl (plaintext_header.PNs); | 1109 | PNp = ntohl (plaintext_header.ax_header.PNs); |
1117 | DHRp = &plaintext_header.DHRs; | 1110 | DHRp = &plaintext_header.ax_header.DHRs; |
1118 | store_ax_keys (t, | 1111 | store_ax_keys (t, |
1119 | &HK, | 1112 | &HK, |
1120 | PNp); | 1113 | PNp); |
@@ -1144,8 +1137,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, | |||
1144 | t_h_decrypt (t, | 1137 | t_h_decrypt (t, |
1145 | src, | 1138 | src, |
1146 | &plaintext_header); | 1139 | &plaintext_header); |
1147 | Np = ntohl (plaintext_header.Ns); | 1140 | Np = ntohl (plaintext_header.ax_header.Ns); |
1148 | PNp = ntohl (plaintext_header.PNs); | 1141 | PNp = ntohl (plaintext_header.ax_header.PNs); |
1149 | } | 1142 | } |
1150 | if ( (Np != ax->Nr) && | 1143 | if ( (Np != ax->Nr) && |
1151 | (GNUNET_OK != store_ax_keys (t, | 1144 | (GNUNET_OK != store_ax_keys (t, |
@@ -2473,14 +2466,14 @@ GCT_send (struct CadetTunnel *t, | |||
2473 | &ax_msg[1], | 2466 | &ax_msg[1], |
2474 | message, | 2467 | message, |
2475 | payload_size); | 2468 | payload_size); |
2476 | ax_msg->Ns = htonl (t->ax.Ns++); | 2469 | ax_msg->ax_header.Ns = htonl (t->ax.Ns++); |
2477 | ax_msg->PNs = htonl (t->ax.PNs); | 2470 | ax_msg->ax_header.PNs = htonl (t->ax.PNs); |
2478 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs, | 2471 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs, |
2479 | &ax_msg->DHRs); | 2472 | &ax_msg->ax_header.DHRs); |
2480 | t_h_encrypt (t, | 2473 | t_h_encrypt (t, |
2481 | ax_msg); | 2474 | ax_msg); |
2482 | t_hmac (&ax_msg->Ns, | 2475 | t_hmac (&ax_msg->ax_header, |
2483 | AX_HEADER_SIZE + payload_size, | 2476 | sizeof (struct GNUNET_CADET_AxHeader) + payload_size, |
2484 | 0, | 2477 | 0, |
2485 | &t->ax.HKs, | 2478 | &t->ax.HKs, |
2486 | &ax_msg->hmac); | 2479 | &ax_msg->hmac); |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 4079aa0e4..1b6152206 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -2651,10 +2651,21 @@ extern "C" | |||
2651 | 2651 | ||
2652 | /** | 2652 | /** |
2653 | * Hop-by-hop, connection dependent ACK. | 2653 | * Hop-by-hop, connection dependent ACK. |
2654 | * | ||
2655 | * @deprecated | ||
2654 | */ | 2656 | */ |
2655 | #define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_HOP_BY_HOP_ENCRYPTED_ACK 1005 | 2657 | #define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_HOP_BY_HOP_ENCRYPTED_ACK 1005 |
2656 | 2658 | ||
2657 | /** | 2659 | /** |
2660 | * We do not bother with ACKs for | ||
2661 | * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead | ||
2662 | * poll for one if we got nothing for a while and start to be worried. | ||
2663 | * | ||
2664 | * @deprecated | ||
2665 | */ | ||
2666 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006 | ||
2667 | |||
2668 | /** | ||
2658 | * Axolotl key exchange. | 2669 | * Axolotl key exchange. |
2659 | */ | 2670 | */ |
2660 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX 1007 | 2671 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX 1007 |
@@ -2665,11 +2676,9 @@ extern "C" | |||
2665 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED 1008 | 2676 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED 1008 |
2666 | 2677 | ||
2667 | /** | 2678 | /** |
2668 | * We do not bother with ACKs for | 2679 | * Axolotl key exchange response with authentication. |
2669 | * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead | ||
2670 | * poll for one if we got nothing for a while and start to be worried. | ||
2671 | */ | 2680 | */ |
2672 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006 | 2681 | #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH 1009 |
2673 | 2682 | ||
2674 | 2683 | ||
2675 | 2684 | ||
@@ -2707,6 +2716,8 @@ extern "C" | |||
2707 | 2716 | ||
2708 | /** | 2717 | /** |
2709 | * Reject the creation of a channel | 2718 | * Reject the creation of a channel |
2719 | * | ||
2720 | * @deprecated | ||
2710 | */ | 2721 | */ |
2711 | #define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_NACK_DEPRECATED 1016 | 2722 | #define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_NACK_DEPRECATED 1016 |
2712 | 2723 | ||