diff options
author | Nils Durner <durner@gnunet.org> | 2010-10-03 14:46:52 +0000 |
---|---|---|
committer | Nils Durner <durner@gnunet.org> | 2010-10-03 14:46:52 +0000 |
commit | c7594ff34a47257328f79accd9214c01c3b87703 (patch) | |
tree | dac0c409482808bdde59d4e2e52f2cf45553cb8f /src/core/gnunet-service-core.c | |
parent | 9d9853441df5b565f6932fcf7fbb156b2d929392 (diff) | |
download | gnunet-c7594ff34a47257328f79accd9214c01c3b87703.tar.gz gnunet-c7594ff34a47257328f79accd9214c01c3b87703.zip |
use separate keys for message authentication
Diffstat (limited to 'src/core/gnunet-service-core.c')
-rw-r--r-- | src/core/gnunet-service-core.c | 82 |
1 files changed, 58 insertions, 24 deletions
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c index 8ceb92ac6..d2a7a45af 100644 --- a/src/core/gnunet-service-core.c +++ b/src/core/gnunet-service-core.c | |||
@@ -476,6 +476,18 @@ struct Neighbour | |||
476 | struct GNUNET_CRYPTO_AesSessionKey decrypt_key; | 476 | struct GNUNET_CRYPTO_AesSessionKey decrypt_key; |
477 | 477 | ||
478 | /** | 478 | /** |
479 | * Key we use to authenticate messages sent to the other peer | ||
480 | * (derived from the encrypt_key during the handshake) | ||
481 | */ | ||
482 | struct GNUNET_CRYPTO_AuthKey encrypt_auth_key; | ||
483 | |||
484 | /** | ||
485 | * Key we use to authenticate messages sent from the other peer | ||
486 | * (derived from the decrypt_key during the handshake) | ||
487 | */ | ||
488 | struct GNUNET_CRYPTO_AuthKey decrypt_auth_key; | ||
489 | |||
490 | /** | ||
479 | * ID of task used for re-trying plaintext scheduling. | 491 | * ID of task used for re-trying plaintext scheduling. |
480 | */ | 492 | */ |
481 | GNUNET_SCHEDULER_TaskIdentifier retry_plaintext_task; | 493 | GNUNET_SCHEDULER_TaskIdentifier retry_plaintext_task; |
@@ -729,6 +741,28 @@ static unsigned long long bandwidth_target_in_bps; | |||
729 | */ | 741 | */ |
730 | static unsigned long long bandwidth_target_out_bps; | 742 | static unsigned long long bandwidth_target_out_bps; |
731 | 743 | ||
744 | /** | ||
745 | * Derive an authentication key from "set key" information | ||
746 | */ | ||
747 | static void | ||
748 | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, | ||
749 | const struct GNUNET_CRYPTO_AesSessionKey *skey, | ||
750 | const struct GNUNET_TIME_Absolute creation_time, | ||
751 | const struct GNUNET_PeerIdentity *identity) | ||
752 | { | ||
753 | static char ctx[] = "authentication key"; | ||
754 | |||
755 | GNUNET_CRYPTO_hmac_derive_key (akey, | ||
756 | skey, | ||
757 | &skey->key, | ||
758 | sizeof(skey->key), | ||
759 | &identity->hashPubKey.bits, | ||
760 | sizeof(identity->hashPubKey.bits), | ||
761 | &creation_time, | ||
762 | sizeof(creation_time), | ||
763 | ctx, | ||
764 | sizeof(ctx), NULL); | ||
765 | } | ||
732 | 766 | ||
733 | 767 | ||
734 | /** | 768 | /** |
@@ -2122,11 +2156,10 @@ process_plaintext_neighbour_queue (struct Neighbour *n) | |||
2122 | em->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE); | 2156 | em->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE); |
2123 | em->iv_seed = ph->iv_seed; | 2157 | em->iv_seed = ph->iv_seed; |
2124 | esize = used - ENCRYPTED_HEADER_SIZE; | 2158 | esize = used - ENCRYPTED_HEADER_SIZE; |
2125 | // FIXME NILS | 2159 | GNUNET_CRYPTO_hmac (&n->encrypt_auth_key, |
2126 | // GNUNET_CRYPTO_hmac (&n->encrypt_key, | 2160 | &ph->sequence_number, |
2127 | // &ph->sequence_number, | 2161 | esize - sizeof (GNUNET_HashCode), |
2128 | // esize - sizeof (GNUNET_HashCode), | 2162 | &ph->hmac); |
2129 | // &ph->hmac); | ||
2130 | GNUNET_CRYPTO_hash (&ph->iv_seed, sizeof (uint32_t), &iv); | 2163 | GNUNET_CRYPTO_hash (&ph->iv_seed, sizeof (uint32_t), &iv); |
2131 | #if DEBUG_HANDSHAKE | 2164 | #if DEBUG_HANDSHAKE |
2132 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2165 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -2221,6 +2254,7 @@ create_neighbour (const struct GNUNET_PeerIdentity *pid) | |||
2221 | n->bw_out_external_limit = GNUNET_CONSTANTS_DEFAULT_BW_IN_OUT; | 2254 | n->bw_out_external_limit = GNUNET_CONSTANTS_DEFAULT_BW_IN_OUT; |
2222 | n->ping_challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | 2255 | n->ping_challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, |
2223 | UINT32_MAX); | 2256 | UINT32_MAX); |
2257 | derive_auth_key (&n->encrypt_auth_key, &n->encrypt_key, now, &n->peer); | ||
2224 | neighbour_quota_update (n, NULL); | 2258 | neighbour_quota_update (n, NULL); |
2225 | consider_free_neighbour (n); | 2259 | consider_free_neighbour (n); |
2226 | return n; | 2260 | return n; |
@@ -3151,6 +3185,7 @@ handle_set_key (struct Neighbour *n, const struct SetKeyMessage *m) | |||
3151 | n->last_packets_bitmap = 0; | 3185 | n->last_packets_bitmap = 0; |
3152 | n->decrypt_key_created = t; | 3186 | n->decrypt_key_created = t; |
3153 | } | 3187 | } |
3188 | derive_auth_key(&n->decrypt_auth_key, &k, n->decrypt_key_created, &my_identity); | ||
3154 | sender_status = (enum PeerStateMachine) ntohl (m->sender_status); | 3189 | sender_status = (enum PeerStateMachine) ntohl (m->sender_status); |
3155 | switch (n->status) | 3190 | switch (n->status) |
3156 | { | 3191 | { |
@@ -3357,25 +3392,24 @@ handle_encrypted_message (struct Neighbour *n, | |||
3357 | return; | 3392 | return; |
3358 | pt = (struct EncryptedMessage *) buf; | 3393 | pt = (struct EncryptedMessage *) buf; |
3359 | /* validate hash */ | 3394 | /* validate hash */ |
3360 | // FIXME NILS | 3395 | GNUNET_CRYPTO_hmac (&n->decrypt_auth_key, |
3361 | // GNUNET_CRYPTO_hmac (&n->decrypt_key, | 3396 | &pt->sequence_number, |
3362 | // &pt->sequence_number, | 3397 | size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode), &ph); |
3363 | // size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode), &ph); | 3398 | #if DEBUG_HANDSHAKE |
3364 | //#if DEBUG_HANDSHAKE | 3399 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
3365 | // GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 3400 | "V-Hashed %u bytes of plaintext (`%s') using IV `%d'\n", |
3366 | // "V-Hashed %u bytes of plaintext (`%s') using IV `%d'\n", | 3401 | (unsigned int) (size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode)), |
3367 | // (unsigned int) (size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode)), | 3402 | GNUNET_h2s (&ph), |
3368 | // GNUNET_h2s (&ph), | 3403 | (int) m->iv_seed); |
3369 | // (int) m->iv_seed); | 3404 | #endif |
3370 | //#endif | 3405 | if (0 != memcmp (&ph, |
3371 | // if (0 != memcmp (&ph, | 3406 | &pt->hmac, |
3372 | // &pt->hmac, | 3407 | sizeof (GNUNET_HashCode))) |
3373 | // sizeof (GNUNET_HashCode))) | 3408 | { |
3374 | // { | 3409 | /* checksum failed */ |
3375 | // /* checksum failed */ | 3410 | GNUNET_break_op (0); |
3376 | // GNUNET_break_op (0); | 3411 | return; |
3377 | // return; | 3412 | } |
3378 | // } | ||
3379 | 3413 | ||
3380 | /* validate sequence number */ | 3414 | /* validate sequence number */ |
3381 | snum = ntohl (pt->sequence_number); | 3415 | snum = ntohl (pt->sequence_number); |