TNG: Implemented 5530: add replay protection to TCP communicator. Added monotime value checks

5 files changed, 155 insertions, 0 deletions

diff --git a/src/include/gnunet_core_service.h b/src/include/gnunet_core_service.h
index 66b292c3c..60bc3c2a6 100644
--- a/src/include/gnunet_core_service.h
+++ b/src/include/gnunet_core_service.h
@@ -48,6 +48,122 @@ extern "C" {
  */
 #define GNUNET_CORE_VERSION 0x00000001
 
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Message transmitted with the signed ephemeral key of a peer.  The
+ * session key is then derived from the two ephemeral keys (ECDHE).
+ */
+struct EphemeralKeyMessage
+{
+  /**
+   * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Status of the sender (should be in `enum PeerStateMachine`), nbo.
+   */
+  int32_t sender_status GNUNET_PACKED;
+
+  /**
+   * An ECC signature of the @e origin_identity asserting the validity
+   * of the given ephemeral key.
+   */
+  struct GNUNET_CRYPTO_EddsaSignature signature;
+
+  /**
+   * Information about what is being signed.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * At what time was this key created (beginning of validity).
+   */
+  struct GNUNET_TIME_AbsoluteNBO creation_time;
+
+  /**
+   * When does the given ephemeral key expire (end of validity).
+   */
+  struct GNUNET_TIME_AbsoluteNBO expiration_time;
+
+  /**
+   * Ephemeral public ECC key.
+   */
+  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
+
+  /**
+   * Public key of the signing peer (persistent version, not the
+   * ephemeral public key).
+   */
+  struct GNUNET_PeerIdentity origin_identity;
+};
+
+
+/**
+ * We're sending an (encrypted) PING to the other peer to check if it
+ * can decrypt.  The other peer should respond with a PONG with the
+ * same content, except this time encrypted with the receiver's key.
+ */
+struct PingMessage
+{
+  /**
+   * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Seed for the IV
+   */
+  uint32_t iv_seed GNUNET_PACKED;
+
+  /**
+   * Intended target of the PING, used primarily to check
+   * that decryption actually worked.
+   */
+  struct GNUNET_PeerIdentity target;
+
+  /**
+   * Random number chosen to make replay harder.
+   */
+  uint32_t challenge GNUNET_PACKED;
+};
+
+
+/**
+ * Response to a PING.  Includes data from the original PING.
+ */
+struct PongMessage
+{
+  /**
+   * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Seed for the IV
+   */
+  uint32_t iv_seed GNUNET_PACKED;
+
+  /**
+   * Random number to make replay attacks harder.
+   */
+  uint32_t challenge GNUNET_PACKED;
+
+  /**
+   * Reserved, always zero.
+   */
+  uint32_t reserved;
+
+  /**
+   * Intended target of the PING, used primarily to check
+   * that decryption actually worked.
+   */
+  struct GNUNET_PeerIdentity target;
+};
+
+
+GNUNET_NETWORK_STRUCT_END
 
 /**
  * Opaque handle to the service.
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 320701643..c1b0b3b1b 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -289,6 +289,17 @@ struct GNUNET_CRYPTO_SymmetricSessionKey
   unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
 };
 
+/**
+ * Type of a nonce used for challenges.
+ */
+struct ChallengeNonceP
+{
+  /**
+   * The value of the nonce.  Note that this is NOT a hash.
+   */
+  struct GNUNET_ShortHashCode value;
+};
+
 GNUNET_NETWORK_STRUCT_END
 
 /**
diff --git a/src/include/gnunet_peerstore_service.h b/src/include/gnunet_peerstore_service.h
index cd68dad66..91a8f2e66 100644
--- a/src/include/gnunet_peerstore_service.h
+++ b/src/include/gnunet_peerstore_service.h
@@ -67,6 +67,24 @@ extern "C" {
 #define GNUNET_PEERSTORE_TRANSPORT_DVLEARN_MONOTIME \
   "transport-dv-learn-monotonic-time"
 
+/**
+ * Key used to store sender's monotonic time from handshake message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE \
+  "transport-tcp-communicator-handshake"
+
+/**
+ * Key used to store sender's monotonic time from handshake ack message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK \
+  "transport-tcp-communicator-handshake-ack"
+
+/**
+ * Key used to store sender's monotonic time from rekey message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY \
+  "transport-tcp-communicator-rekey"
+
 
 /**
  * Options for storing values in PEERSTORE
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 0db6150aa..5af58664f 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -3293,6 +3293,11 @@ extern "C" {
 #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH 1452
 
 /**
+ * TCP communicator confirmation ack.
+ */
+#define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK 1453
+
+/**
  * UDP KX acknowledgement.
  */
 #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK 1460
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index 503113770..7c0c1d104 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -246,6 +246,11 @@ extern "C"
  */
 #define GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR 38
 
+/**
+ * Signature by a peer sending back the nonce received at initial handshake.
+ */
+#define GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK 39
+
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
 #endif