diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-05-16 17:17:04 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-05-16 17:17:04 +0200 |
commit | 2a25c3af926cf1a3ca22ed1059dd5baa8ce3a52a (patch) | |
tree | 6187aa500c4886c01934320a808e56f70748bb69 /src/cadet | |
parent | 77cb689bc95d0dd37c88548ff0d3c2930fa7cf27 (diff) | |
download | gnunet-2a25c3af926cf1a3ca22ed1059dd5baa8ce3a52a.tar.gz gnunet-2a25c3af926cf1a3ca22ed1059dd5baa8ce3a52a.zip |
also remember last ephemeral for duplicate KX detection
Diffstat (limited to 'src/cadet')
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnels.c | 45 |
1 files changed, 29 insertions, 16 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c index 6e8ce96b3..d12c55092 100644 --- a/src/cadet/gnunet-service-cadet_tunnels.c +++ b/src/cadet/gnunet-service-cadet_tunnels.c | |||
@@ -187,6 +187,12 @@ struct CadetTunnelAxolotl | |||
187 | struct GNUNET_CRYPTO_EcdhePublicKey DHRr; | 187 | struct GNUNET_CRYPTO_EcdhePublicKey DHRr; |
188 | 188 | ||
189 | /** | 189 | /** |
190 | * Last ephemeral public key received from the other peer, | ||
191 | * for duplicate detection. | ||
192 | */ | ||
193 | struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral; | ||
194 | |||
195 | /** | ||
190 | * Time when the current ratchet expires and a new one is triggered | 196 | * Time when the current ratchet expires and a new one is triggered |
191 | * (if @e ratchet_allowed is #GNUNET_YES). | 197 | * (if @e ratchet_allowed is #GNUNET_YES). |
192 | */ | 198 | */ |
@@ -1509,18 +1515,18 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1509 | } | 1515 | } |
1510 | 1516 | ||
1511 | ax->DHRr = *ratchet_key; | 1517 | ax->DHRr = *ratchet_key; |
1512 | 1518 | ax->last_ephemeral = *ephemeral_key; | |
1513 | /* ECDH A B0 */ | 1519 | /* ECDH A B0 */ |
1514 | if (GNUNET_YES == am_I_alice) | 1520 | if (GNUNET_YES == am_I_alice) |
1515 | { | 1521 | { |
1516 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1522 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ |
1517 | ephemeral_key, /* B0 */ | 1523 | ephemeral_key, /* B0 */ |
1518 | &key_material[0]); | 1524 | &key_material[0]); |
1519 | } | 1525 | } |
1520 | else | 1526 | else |
1521 | { | 1527 | { |
1522 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ | 1528 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ |
1523 | &pid->public_key, /* A */ | 1529 | &pid->public_key, /* A */ |
1524 | &key_material[0]); | 1530 | &key_material[0]); |
1525 | } | 1531 | } |
1526 | 1532 | ||
@@ -1528,21 +1534,19 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1528 | if (GNUNET_YES == am_I_alice) | 1534 | if (GNUNET_YES == am_I_alice) |
1529 | { | 1535 | { |
1530 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ | 1536 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ |
1531 | &pid->public_key, /* B */ | 1537 | &pid->public_key, /* B */ |
1532 | &key_material[1]); | 1538 | &key_material[1]); |
1533 | } | 1539 | } |
1534 | else | 1540 | else |
1535 | { | 1541 | { |
1536 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1542 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ |
1537 | ephemeral_key, /* B0 */ | 1543 | ephemeral_key, /* B0 */ |
1538 | &key_material[1]); | 1544 | &key_material[1]); |
1539 | } | 1545 | } |
1540 | 1546 | ||
1541 | /* ECDH A0 B0 */ | 1547 | /* ECDH A0 B0 */ |
1542 | /* (This is the triple-DH, we could probably safely skip this, | ||
1543 | as A0/B0 are already in the key material.) */ | ||
1544 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ | 1548 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ |
1545 | ephemeral_key, /* B0 or A0 */ | 1549 | ephemeral_key, /* B0 or A0 */ |
1546 | &key_material[2]); | 1550 | &key_material[2]); |
1547 | 1551 | ||
1548 | /* KDF */ | 1552 | /* KDF */ |
@@ -1697,10 +1701,15 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1697 | "# KX received", | 1701 | "# KX received", |
1698 | 1, | 1702 | 1, |
1699 | GNUNET_NO); | 1703 | GNUNET_NO); |
1700 | if (0 == | 1704 | if ( (0 == |
1701 | memcmp (&t->ax.DHRr, | 1705 | memcmp (&t->ax.DHRr, |
1702 | &msg->ratchet_key, | 1706 | &msg->ratchet_key, |
1703 | sizeof (msg->ratchet_key))) | 1707 | sizeof (msg->ratchet_key))) && |
1708 | (0 == | ||
1709 | memcmp (&t->ax.last_ephemeral, | ||
1710 | &msg->ephemeral_key, | ||
1711 | sizeof (msg->ephemeral_key))) ) | ||
1712 | |||
1704 | { | 1713 | { |
1705 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1714 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1706 | "Got duplicate KX. Firing back KX_AUTH.\n"); | 1715 | "Got duplicate KX. Firing back KX_AUTH.\n"); |
@@ -1719,10 +1728,14 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1719 | clean it up. */ | 1728 | clean it up. */ |
1720 | if (NULL != t->unverified_ax) | 1729 | if (NULL != t->unverified_ax) |
1721 | { | 1730 | { |
1722 | if (0 == | 1731 | if ( (0 == |
1723 | memcmp (&t->unverified_ax->DHRr, | 1732 | memcmp (&t->unverified_ax->DHRr, |
1724 | &msg->ratchet_key, | 1733 | &msg->ratchet_key, |
1725 | sizeof (msg->ratchet_key))) | 1734 | sizeof (msg->ratchet_key))) && |
1735 | (0 == | ||
1736 | memcmp (&t->unverified_ax->last_ephemeral, | ||
1737 | &msg->ephemeral_key, | ||
1738 | sizeof (msg->ephemeral_key))) ) | ||
1726 | { | 1739 | { |
1727 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1740 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1728 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", | 1741 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", |