diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-02-15 16:56:14 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-02-15 16:56:14 +0100 |
commit | e6fbcee2510d7263b53d7a5c7cf1fc1d4a7bbdd6 (patch) | |
tree | 4412928bf7e8ab79e881308fef1122b829a6636d /src/cadet | |
parent | 1df412a8f680980aea00ce6e7c17a1bad3b789cc (diff) | |
download | gnunet-e6fbcee2510d7263b53d7a5c7cf1fc1d4a7bbdd6.tar.gz gnunet-e6fbcee2510d7263b53d7a5c7cf1fc1d4a7bbdd6.zip |
fixing #4878 -- by avoiding allocation in the first place
Diffstat (limited to 'src/cadet')
-rw-r--r-- | src/cadet/gnunet-service-cadet-new_tunnels.c | 51 |
1 files changed, 20 insertions, 31 deletions
diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.c b/src/cadet/gnunet-service-cadet-new_tunnels.c index ffc38af18..9d2ea451b 100644 --- a/src/cadet/gnunet-service-cadet-new_tunnels.c +++ b/src/cadet/gnunet-service-cadet-new_tunnels.c | |||
@@ -173,18 +173,14 @@ struct CadetTunnelAxolotl | |||
173 | struct GNUNET_CRYPTO_SymmetricSessionKey CKr; | 173 | struct GNUNET_CRYPTO_SymmetricSessionKey CKr; |
174 | 174 | ||
175 | /** | 175 | /** |
176 | * ECDH for key exchange (A0 / B0). Note that for the | 176 | * ECDH for key exchange (A0 / B0). |
177 | * 'unverified_ax', this member is an alias with the main | ||
178 | * 't->ax.kx_0' value, so do not free it! | ||
179 | */ | 177 | */ |
180 | struct GNUNET_CRYPTO_EcdhePrivateKey *kx_0; | 178 | struct GNUNET_CRYPTO_EcdhePrivateKey kx_0; |
181 | 179 | ||
182 | /** | 180 | /** |
183 | * ECDH Ratchet key (our private key in the current DH). Note that | 181 | * ECDH Ratchet key (our private key in the current DH). |
184 | * for the 'unverified_ax', this member is an alias with the main | ||
185 | * 't->ax.kx_0' value, so do not free it! | ||
186 | */ | 182 | */ |
187 | struct GNUNET_CRYPTO_EcdhePrivateKey *DHRs; | 183 | struct GNUNET_CRYPTO_EcdhePrivateKey DHRs; |
188 | 184 | ||
189 | /** | 185 | /** |
190 | * ECDH Ratchet key (other peer's public key in the current DH). | 186 | * ECDH Ratchet key (other peer's public key in the current DH). |
@@ -648,10 +644,10 @@ trigger_transmissions (void *cls); | |||
648 | static void | 644 | static void |
649 | new_ephemeral (struct CadetTunnelAxolotl *ax) | 645 | new_ephemeral (struct CadetTunnelAxolotl *ax) |
650 | { | 646 | { |
651 | GNUNET_free_non_null (ax->DHRs); | ||
652 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 647 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
653 | "Creating new ephemeral ratchet key (DHRs)\n"); | 648 | "Creating new ephemeral ratchet key (DHRs)\n"); |
654 | ax->DHRs = GNUNET_CRYPTO_ecdhe_key_create (); | 649 | GNUNET_assert (GNUNET_OK == |
650 | GNUNET_CRYPTO_ecdhe_key_create2 (&ax->DHRs)); | ||
655 | } | 651 | } |
656 | 652 | ||
657 | 653 | ||
@@ -786,7 +782,7 @@ t_ax_encrypt (struct CadetTunnelAxolotl *ax, | |||
786 | ax->HKs = ax->NHKs; | 782 | ax->HKs = ax->NHKs; |
787 | 783 | ||
788 | /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */ | 784 | /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */ |
789 | GNUNET_CRYPTO_ecc_ecdh (ax->DHRs, | 785 | GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs, |
790 | &ax->DHRr, | 786 | &ax->DHRr, |
791 | &dh); | 787 | &dh); |
792 | t_ax_hmac_hash (&ax->RK, | 788 | t_ax_hmac_hash (&ax->RK, |
@@ -1192,7 +1188,7 @@ t_ax_decrypt_and_validate (struct CadetTunnelAxolotl *ax, | |||
1192 | PNp); | 1188 | PNp); |
1193 | 1189 | ||
1194 | /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */ | 1190 | /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */ |
1195 | GNUNET_CRYPTO_ecc_ecdh (ax->DHRs, | 1191 | GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs, |
1196 | DHRp, | 1192 | DHRp, |
1197 | &dh); | 1193 | &dh); |
1198 | t_ax_hmac_hash (&ax->RK, | 1194 | t_ax_hmac_hash (&ax->RK, |
@@ -1341,9 +1337,9 @@ send_kx (struct CadetTunnel *t, | |||
1341 | flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */ | 1337 | flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */ |
1342 | msg->flags = htonl (flags); | 1338 | msg->flags = htonl (flags); |
1343 | msg->cid = *GCC_get_id (cc); | 1339 | msg->cid = *GCC_get_id (cc); |
1344 | GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0, | 1340 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0, |
1345 | &msg->ephemeral_key); | 1341 | &msg->ephemeral_key); |
1346 | GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs, | 1342 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs, |
1347 | &msg->ratchet_key); | 1343 | &msg->ratchet_key); |
1348 | mark_connection_unready (ct); | 1344 | mark_connection_unready (ct); |
1349 | t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay); | 1345 | t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay); |
@@ -1406,9 +1402,9 @@ send_kx_auth (struct CadetTunnel *t, | |||
1406 | flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY; | 1402 | flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY; |
1407 | msg->kx.flags = htonl (flags); | 1403 | msg->kx.flags = htonl (flags); |
1408 | msg->kx.cid = *GCC_get_id (cc); | 1404 | msg->kx.cid = *GCC_get_id (cc); |
1409 | GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0, | 1405 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0, |
1410 | &msg->kx.ephemeral_key); | 1406 | &msg->kx.ephemeral_key); |
1411 | GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs, | 1407 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs, |
1412 | &msg->kx.ratchet_key); | 1408 | &msg->kx.ratchet_key); |
1413 | /* Compute authenticator (this is the main difference to #send_kx()) */ | 1409 | /* Compute authenticator (this is the main difference to #send_kx()) */ |
1414 | GNUNET_CRYPTO_hash (&ax->RK, | 1410 | GNUNET_CRYPTO_hash (&ax->RK, |
@@ -1447,8 +1443,8 @@ cleanup_ax (struct CadetTunnelAxolotl *ax) | |||
1447 | delete_skipped_key (ax, | 1443 | delete_skipped_key (ax, |
1448 | ax->skipped_head); | 1444 | ax->skipped_head); |
1449 | GNUNET_assert (0 == ax->skipped); | 1445 | GNUNET_assert (0 == ax->skipped); |
1450 | GNUNET_free_non_null (ax->kx_0); | 1446 | GNUNET_CRYPTO_ecdhe_key_clear (&ax->kx_0); |
1451 | GNUNET_free_non_null (ax->DHRs); | 1447 | GNUNET_CRYPTO_ecdhe_key_clear (&ax->DHRs); |
1452 | } | 1448 | } |
1453 | 1449 | ||
1454 | 1450 | ||
@@ -1508,7 +1504,7 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1508 | } | 1504 | } |
1509 | else | 1505 | else |
1510 | { | 1506 | { |
1511 | GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */ | 1507 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ |
1512 | &pid->public_key, /* A */ | 1508 | &pid->public_key, /* A */ |
1513 | &key_material[0]); | 1509 | &key_material[0]); |
1514 | } | 1510 | } |
@@ -1516,7 +1512,7 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1516 | /* ECDH A0 B */ | 1512 | /* ECDH A0 B */ |
1517 | if (GNUNET_YES == am_I_alice) | 1513 | if (GNUNET_YES == am_I_alice) |
1518 | { | 1514 | { |
1519 | GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */ | 1515 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ |
1520 | &pid->public_key, /* B */ | 1516 | &pid->public_key, /* B */ |
1521 | &key_material[1]); | 1517 | &key_material[1]); |
1522 | } | 1518 | } |
@@ -1532,7 +1528,7 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1532 | /* ECDH A0 B0 */ | 1528 | /* ECDH A0 B0 */ |
1533 | /* (This is the triple-DH, we could probably safely skip this, | 1529 | /* (This is the triple-DH, we could probably safely skip this, |
1534 | as A0/B0 are already in the key material.) */ | 1530 | as A0/B0 are already in the key material.) */ |
1535 | GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */ | 1531 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ |
1536 | ephemeral_key, /* B0 or A0 */ | 1532 | ephemeral_key, /* B0 or A0 */ |
1537 | &key_material[2]); | 1533 | &key_material[2]); |
1538 | 1534 | ||
@@ -1835,8 +1831,6 @@ GCT_handle_kx_auth (struct CadetTConnection *ct, | |||
1835 | if (NULL != t->unverified_ax) | 1831 | if (NULL != t->unverified_ax) |
1836 | { | 1832 | { |
1837 | /* We got some "stale" KX before, drop that. */ | 1833 | /* We got some "stale" KX before, drop that. */ |
1838 | t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */ | ||
1839 | t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */ | ||
1840 | cleanup_ax (t->unverified_ax); | 1834 | cleanup_ax (t->unverified_ax); |
1841 | GNUNET_free (t->unverified_ax); | 1835 | GNUNET_free (t->unverified_ax); |
1842 | t->unverified_ax = NULL; | 1836 | t->unverified_ax = NULL; |
@@ -2054,8 +2048,6 @@ destroy_tunnel (void *cls) | |||
2054 | GNUNET_MQ_destroy (t->mq); | 2048 | GNUNET_MQ_destroy (t->mq); |
2055 | if (NULL != t->unverified_ax) | 2049 | if (NULL != t->unverified_ax) |
2056 | { | 2050 | { |
2057 | t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */ | ||
2058 | t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */ | ||
2059 | cleanup_ax (t->unverified_ax); | 2051 | cleanup_ax (t->unverified_ax); |
2060 | GNUNET_free (t->unverified_ax); | 2052 | GNUNET_free (t->unverified_ax); |
2061 | } | 2053 | } |
@@ -2917,7 +2909,8 @@ GCT_create_tunnel (struct CadetPeer *destination) | |||
2917 | 2909 | ||
2918 | t->kx_retry_delay = INITIAL_KX_RETRY_DELAY; | 2910 | t->kx_retry_delay = INITIAL_KX_RETRY_DELAY; |
2919 | new_ephemeral (&t->ax); | 2911 | new_ephemeral (&t->ax); |
2920 | t->ax.kx_0 = GNUNET_CRYPTO_ecdhe_key_create (); | 2912 | GNUNET_assert (GNUNET_OK == |
2913 | GNUNET_CRYPTO_ecdhe_key_create2 (&t->ax.kx_0)); | ||
2921 | t->destination = destination; | 2914 | t->destination = destination; |
2922 | t->channels = GNUNET_CONTAINER_multihashmap32_create (8); | 2915 | t->channels = GNUNET_CONTAINER_multihashmap32_create (8); |
2923 | t->maintain_connections_task | 2916 | t->maintain_connections_task |
@@ -3086,8 +3079,6 @@ GCT_handle_encrypted (struct CadetTConnection *ct, | |||
3086 | if (-1 != decrypted_size) | 3079 | if (-1 != decrypted_size) |
3087 | { | 3080 | { |
3088 | /* It worked! Treat this as authentication of the AX data! */ | 3081 | /* It worked! Treat this as authentication of the AX data! */ |
3089 | t->ax.DHRs = NULL; /* aliased with ax.DHRs */ | ||
3090 | t->ax.kx_0 = NULL; /* aliased with ax.DHRs */ | ||
3091 | cleanup_ax (&t->ax); | 3082 | cleanup_ax (&t->ax); |
3092 | t->ax = *t->unverified_ax; | 3083 | t->ax = *t->unverified_ax; |
3093 | GNUNET_free (t->unverified_ax); | 3084 | GNUNET_free (t->unverified_ax); |
@@ -3118,8 +3109,6 @@ GCT_handle_encrypted (struct CadetTConnection *ct, | |||
3118 | t->unverified_attempts); | 3109 | t->unverified_attempts); |
3119 | if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS) | 3110 | if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS) |
3120 | { | 3111 | { |
3121 | t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */ | ||
3122 | t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */ | ||
3123 | cleanup_ax (t->unverified_ax); | 3112 | cleanup_ax (t->unverified_ax); |
3124 | GNUNET_free (t->unverified_ax); | 3113 | GNUNET_free (t->unverified_ax); |
3125 | t->unverified_ax = NULL; | 3114 | t->unverified_ax = NULL; |
@@ -3195,7 +3184,7 @@ GCT_send (struct CadetTunnel *t, | |||
3195 | /* FIXME: we should do this once, not once per message; | 3184 | /* FIXME: we should do this once, not once per message; |
3196 | this is a point multiplication, and DHRs does not | 3185 | this is a point multiplication, and DHRs does not |
3197 | change all the time. */ | 3186 | change all the time. */ |
3198 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs, | 3187 | GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs, |
3199 | &ax_msg->ax_header.DHRs); | 3188 | &ax_msg->ax_header.DHRs); |
3200 | t_h_encrypt (&t->ax, | 3189 | t_h_encrypt (&t->ax, |
3201 | ax_msg); | 3190 | ax_msg); |