diff options
author | Bart Polot <bart@net.in.tum.de> | 2014-03-06 01:36:27 +0000 |
---|---|---|
committer | Bart Polot <bart@net.in.tum.de> | 2014-03-06 01:36:27 +0000 |
commit | 20a75818488f503411355eb3732931cc9d10b82a (patch) | |
tree | a29f1706c0b24fb61738b4510e5231b9b095c3c1 /src/mesh/gnunet-service-mesh_tunnel.c | |
parent | e5a3f3fd90eab64da75c3e314951dca00b16c806 (diff) | |
download | gnunet-20a75818488f503411355eb3732931cc9d10b82a.tar.gz gnunet-20a75818488f503411355eb3732931cc9d10b82a.zip |
- add hmac to tunnel messages
Diffstat (limited to 'src/mesh/gnunet-service-mesh_tunnel.c')
-rw-r--r-- | src/mesh/gnunet-service-mesh_tunnel.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/mesh/gnunet-service-mesh_tunnel.c b/src/mesh/gnunet-service-mesh_tunnel.c index d4efb5ff7..6888cc862 100644 --- a/src/mesh/gnunet-service-mesh_tunnel.c +++ b/src/mesh/gnunet-service-mesh_tunnel.c | |||
@@ -717,6 +717,33 @@ queue_data (struct MeshTunnel3 *t, const struct GNUNET_MessageHeader *msg) | |||
717 | } | 717 | } |
718 | 718 | ||
719 | 719 | ||
720 | /** | ||
721 | * Calculate HMAC. | ||
722 | * | ||
723 | * @param t Tunnel to get keys from. | ||
724 | * @param plaintext Content to HMAC. | ||
725 | * @param size Size of @c plaintext. | ||
726 | * @param iv Initialization vector for the message. | ||
727 | * @param outgoing Is this an outgoing message that we encrypted? | ||
728 | * @param hmac Destination to store the HMAC. | ||
729 | */ | ||
730 | static void | ||
731 | t_hmac (struct MeshTunnel3 *t, const void *plaintext, size_t size, uint32_t iv, | ||
732 | int outgoing, struct GNUNET_HashCode *hmac) | ||
733 | { | ||
734 | struct GNUNET_CRYPTO_AuthKey auth_key; | ||
735 | static const char ctx[] = "mesh authentication key"; | ||
736 | struct GNUNET_CRYPTO_SymmetricSessionKey *key; | ||
737 | |||
738 | key = outgoing ? &t->e_key : &t->d_key; | ||
739 | GNUNET_CRYPTO_hmac_derive_key (&auth_key, key, | ||
740 | &iv, sizeof (iv), | ||
741 | key, sizeof (*key), | ||
742 | ctx, sizeof (ctx), | ||
743 | NULL); | ||
744 | GNUNET_CRYPTO_hmac (&auth_key, plaintext, size, hmac); | ||
745 | } | ||
746 | |||
720 | 747 | ||
721 | /** | 748 | /** |
722 | * Sends an already built message on a tunnel, encrypting it and | 749 | * Sends an already built message on a tunnel, encrypting it and |
@@ -775,7 +802,9 @@ send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
775 | msg->header.type = htons (GNUNET_MESSAGE_TYPE_MESH_ENCRYPTED); | 802 | msg->header.type = htons (GNUNET_MESSAGE_TYPE_MESH_ENCRYPTED); |
776 | msg->iv = iv; | 803 | msg->iv = iv; |
777 | GNUNET_assert (t_encrypt (t, &msg[1], message, size, iv) == size); | 804 | GNUNET_assert (t_encrypt (t, &msg[1], message, size, iv) == size); |
805 | t_hmac (t, message, size, iv, GNUNET_YES, &msg->hmac); | ||
778 | msg->header.size = htons (sizeof (struct GNUNET_MESH_Encrypted) + size); | 806 | msg->header.size = htons (sizeof (struct GNUNET_MESH_Encrypted) + size); |
807 | |||
779 | if (NULL == c) | 808 | if (NULL == c) |
780 | c = tunnel_get_connection (t); | 809 | c = tunnel_get_connection (t); |
781 | if (NULL == c) | 810 | if (NULL == c) |
@@ -1619,8 +1648,19 @@ GMT_handle_encrypted (struct MeshTunnel3 *t, | |||
1619 | char cbuf [payload_size]; | 1648 | char cbuf [payload_size]; |
1620 | struct GNUNET_MessageHeader *msgh; | 1649 | struct GNUNET_MessageHeader *msgh; |
1621 | unsigned int off; | 1650 | unsigned int off; |
1651 | struct GNUNET_HashCode hmac; | ||
1622 | 1652 | ||
1623 | decrypted_size = t_decrypt (t, cbuf, &msg[1], payload_size, msg->iv); | 1653 | decrypted_size = t_decrypt (t, cbuf, &msg[1], payload_size, msg->iv); |
1654 | t_hmac (t, cbuf, payload_size, msg->iv, GNUNET_NO, &hmac); | ||
1655 | if (0 != memcmp (&hmac, &msg->hmac, sizeof (struct GNUNET_HashCode))) | ||
1656 | { | ||
1657 | /* checksum failed */ | ||
1658 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1659 | "Failed checksum validation for a message on tunnel `%s'\n", | ||
1660 | GMT_2s (t)); | ||
1661 | GNUNET_STATISTICS_update (stats, "# wrong HMAC", 1, GNUNET_NO); | ||
1662 | return; | ||
1663 | } | ||
1624 | off = 0; | 1664 | off = 0; |
1625 | while (off < decrypted_size) | 1665 | while (off < decrypted_size) |
1626 | { | 1666 | { |