diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-05-16 17:17:04 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-05-16 17:17:04 +0200 |
| commit | 2a25c3af926cf1a3ca22ed1059dd5baa8ce3a52a (patch) | |
| tree | 6187aa500c4886c01934320a808e56f70748bb69 /src/cadet | |
| parent | 77cb689bc95d0dd37c88548ff0d3c2930fa7cf27 (diff) | |
| download | gnunet-2a25c3af926cf1a3ca22ed1059dd5baa8ce3a52a.tar.gz gnunet-2a25c3af926cf1a3ca22ed1059dd5baa8ce3a52a.zip | |
also remember last ephemeral for duplicate KX detection
Diffstat (limited to 'src/cadet')
| -rw-r--r-- | src/cadet/gnunet-service-cadet_tunnels.c | 45 |
1 files changed, 29 insertions, 16 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c index 6e8ce96b3..d12c55092 100644 --- a/src/cadet/gnunet-service-cadet_tunnels.c +++ b/src/cadet/gnunet-service-cadet_tunnels.c | |||
| @@ -187,6 +187,12 @@ struct CadetTunnelAxolotl | |||
| 187 | struct GNUNET_CRYPTO_EcdhePublicKey DHRr; | 187 | struct GNUNET_CRYPTO_EcdhePublicKey DHRr; |
| 188 | 188 | ||
| 189 | /** | 189 | /** |
| 190 | * Last ephemeral public key received from the other peer, | ||
| 191 | * for duplicate detection. | ||
| 192 | */ | ||
| 193 | struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral; | ||
| 194 | |||
| 195 | /** | ||
| 190 | * Time when the current ratchet expires and a new one is triggered | 196 | * Time when the current ratchet expires and a new one is triggered |
| 191 | * (if @e ratchet_allowed is #GNUNET_YES). | 197 | * (if @e ratchet_allowed is #GNUNET_YES). |
| 192 | */ | 198 | */ |
| @@ -1509,18 +1515,18 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
| 1509 | } | 1515 | } |
| 1510 | 1516 | ||
| 1511 | ax->DHRr = *ratchet_key; | 1517 | ax->DHRr = *ratchet_key; |
| 1512 | 1518 | ax->last_ephemeral = *ephemeral_key; | |
| 1513 | /* ECDH A B0 */ | 1519 | /* ECDH A B0 */ |
| 1514 | if (GNUNET_YES == am_I_alice) | 1520 | if (GNUNET_YES == am_I_alice) |
| 1515 | { | 1521 | { |
| 1516 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1522 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ |
| 1517 | ephemeral_key, /* B0 */ | 1523 | ephemeral_key, /* B0 */ |
| 1518 | &key_material[0]); | 1524 | &key_material[0]); |
| 1519 | } | 1525 | } |
| 1520 | else | 1526 | else |
| 1521 | { | 1527 | { |
| 1522 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ | 1528 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ |
| 1523 | &pid->public_key, /* A */ | 1529 | &pid->public_key, /* A */ |
| 1524 | &key_material[0]); | 1530 | &key_material[0]); |
| 1525 | } | 1531 | } |
| 1526 | 1532 | ||
| @@ -1528,21 +1534,19 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
| 1528 | if (GNUNET_YES == am_I_alice) | 1534 | if (GNUNET_YES == am_I_alice) |
| 1529 | { | 1535 | { |
| 1530 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ | 1536 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ |
| 1531 | &pid->public_key, /* B */ | 1537 | &pid->public_key, /* B */ |
| 1532 | &key_material[1]); | 1538 | &key_material[1]); |
| 1533 | } | 1539 | } |
| 1534 | else | 1540 | else |
| 1535 | { | 1541 | { |
| 1536 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1542 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ |
| 1537 | ephemeral_key, /* B0 */ | 1543 | ephemeral_key, /* B0 */ |
| 1538 | &key_material[1]); | 1544 | &key_material[1]); |
| 1539 | } | 1545 | } |
| 1540 | 1546 | ||
| 1541 | /* ECDH A0 B0 */ | 1547 | /* ECDH A0 B0 */ |
| 1542 | /* (This is the triple-DH, we could probably safely skip this, | ||
| 1543 | as A0/B0 are already in the key material.) */ | ||
| 1544 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ | 1548 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ |
| 1545 | ephemeral_key, /* B0 or A0 */ | 1549 | ephemeral_key, /* B0 or A0 */ |
| 1546 | &key_material[2]); | 1550 | &key_material[2]); |
| 1547 | 1551 | ||
| 1548 | /* KDF */ | 1552 | /* KDF */ |
| @@ -1697,10 +1701,15 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
| 1697 | "# KX received", | 1701 | "# KX received", |
| 1698 | 1, | 1702 | 1, |
| 1699 | GNUNET_NO); | 1703 | GNUNET_NO); |
| 1700 | if (0 == | 1704 | if ( (0 == |
| 1701 | memcmp (&t->ax.DHRr, | 1705 | memcmp (&t->ax.DHRr, |
| 1702 | &msg->ratchet_key, | 1706 | &msg->ratchet_key, |
| 1703 | sizeof (msg->ratchet_key))) | 1707 | sizeof (msg->ratchet_key))) && |
| 1708 | (0 == | ||
| 1709 | memcmp (&t->ax.last_ephemeral, | ||
| 1710 | &msg->ephemeral_key, | ||
| 1711 | sizeof (msg->ephemeral_key))) ) | ||
| 1712 | |||
| 1704 | { | 1713 | { |
| 1705 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1714 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
| 1706 | "Got duplicate KX. Firing back KX_AUTH.\n"); | 1715 | "Got duplicate KX. Firing back KX_AUTH.\n"); |
| @@ -1719,10 +1728,14 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
| 1719 | clean it up. */ | 1728 | clean it up. */ |
| 1720 | if (NULL != t->unverified_ax) | 1729 | if (NULL != t->unverified_ax) |
| 1721 | { | 1730 | { |
| 1722 | if (0 == | 1731 | if ( (0 == |
| 1723 | memcmp (&t->unverified_ax->DHRr, | 1732 | memcmp (&t->unverified_ax->DHRr, |
| 1724 | &msg->ratchet_key, | 1733 | &msg->ratchet_key, |
| 1725 | sizeof (msg->ratchet_key))) | 1734 | sizeof (msg->ratchet_key))) && |
| 1735 | (0 == | ||
| 1736 | memcmp (&t->unverified_ax->last_ephemeral, | ||
| 1737 | &msg->ephemeral_key, | ||
| 1738 | sizeof (msg->ephemeral_key))) ) | ||
| 1726 | { | 1739 | { |
| 1727 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1740 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
| 1728 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", | 1741 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", |