TNG(udp): Upon rekey, actually do another KX and not just transmit a new symmetric key.

author: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-15 15:48:25 +0200
committer: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-15 15:48:25 +0200
commit: 365a1f1bd2a3674b0892ab48630a53ce59f4ddac (patch)
tree: d4ec1e22b94cf085859119f9113bd5d85ffb942b /src/transport/gnunet-communicator-udp.c
parent: e4367b08dd72b71ba1d73462cf6297641b6885b1 (diff)
download: gnunet-365a1f1bd2a3674b0892ab48630a53ce59f4ddac.tar.gz
gnunet-365a1f1bd2a3674b0892ab48630a53ce59f4ddac.zip
1 files changed, 18 insertions, 56 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index 8fcf5ac46..bd51e3003 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -1376,30 +1376,7 @@ setup_shared_secret_dec (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
  ss = GNUNET_new (struct SharedSecret);
  GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &ss->master);
-  return ss;
-}
-/**
- * Setup shared secret for encryption.
- *
- * @param ephemeral ephemeral key we are sending to the other peer
- * @param[in,out] receiver queue to initialize encryption key for
- * @return new shared secret
- */
-static struct SharedSecret *
-setup_shared_secret_from_k (struct GNUNET_HashCode *k,
-                            struct ReceiverAddress *receiver)
-{
-  struct SharedSecret *ss;
-  ss = GNUNET_new (struct SharedSecret);
-  memcpy (&ss->master, k, sizeof (*k));
  calculate_cmac (ss);
-  ss->receiver = receiver;
-  GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
-  receiver->num_secrets++;
-  GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
  return ss;
 }
@@ -1419,26 +1396,12 @@ setup_shared_secret_ephemeral (struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
  struct GNUNET_HashCode k;
  GNUNET_CRYPTO_eddsa_kem_encaps (&receiver->target.public_key, ephemeral, &k);
-  ss = setup_shared_secret_from_k (&k, receiver);
+  ss = GNUNET_new (struct SharedSecret);
-  GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
+  memcpy (&ss->master, k, sizeof (*k));
-  return ss;
+  calculate_cmac (ss);
-}
+  ss->receiver = receiver;
+  GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
+  receiver->num_secrets++;
-/**
- * Setup new random shared secret for encryption.
- *
- * @param[in,out] receiver queue to initialize encryption key for
- * @return new shared secret
- */
-static struct SharedSecret *
-setup_shared_secret_random (struct ReceiverAddress *receiver)
-{
-  struct SharedSecret *ss;
-  struct GNUNET_HashCode k;
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &k, sizeof(k));
-  ss = setup_shared_secret_from_k (&k, receiver);
  GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
  return ss;
 }
@@ -2009,7 +1972,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
  struct SharedSecret *ss = kce->ss;
  struct SharedSecret *ss_rekey;
  char out_buf[rekey_len - sizeof(*rekey)];
-  struct GNUNET_HashCode *master;
+  struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_pubkey;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2041,10 +2004,8 @@ decrypt_rekey (const struct UDPRekey *rekey,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "decrypted UDPRekey with kid %s\n",
              GNUNET_sh2s (&rekey->kid));
-  master = (struct GNUNET_HashCode *) out_buf;
+  ephemeral_pubkey = (struct GNUNET_CRYPTO_EcdhePublicKey *) out_buf;
-  ss_rekey = GNUNET_new (struct SharedSecret);
+  ss_rekey = setup_shared_secret_dec (ephemeral_pubkey);
-  ss_rekey->master = *master;
-  calculate_cmac (ss_rekey);
  ss_rekey->sender = sender;
  GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
  sender->ss_rekey = ss_rekey;
@@ -2801,6 +2762,7 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
  uint8_t send_rekey = GNUNET_NO;
  uint16_t not_below;
  struct UDPRekey *rekey;
+  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_pubkey;
  size_t dpos;
  char rekey_dgram[sizeof(struct UDPRekey) + receiver->d_mtu];
@@ -2823,7 +2785,8 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
  else if (NULL == receiver->ss_rekey)
  {
    /* setup key material */
-    receiver->ss_rekey = setup_shared_secret_random (receiver);
+    receiver->ss_rekey = setup_shared_secret_ephemeral (&ephemeral_pubkey,
+                                                        receiver);
    receiver->ss_rekey->sequence_allowed = 0;
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Setup secret with cmac %s\n",
@@ -2856,10 +2819,10 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
      GNUNET_assert (
        0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos],
-                                  sizeof(receiver->ss_rekey->master),
+                                  sizeof(ephemeral_pubkey),
-                                  &(receiver->ss_rekey->master),
+                                  &ephemeral_pubkey,
-                                  sizeof(receiver->ss_rekey->master)));
+                                  sizeof(ephemeral_pubkey)));
-      dpos += sizeof(receiver->ss_rekey->master);
+      dpos += sizeof(ephemeral_pubkey);
      do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram)
              - dpos);
      GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher,
@@ -2868,9 +2831,8 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
      gcry_cipher_close (rekey_out_cipher);
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Sending rekey with kid %s and master %s\n",
+                  "Sending rekey with kid %s and new pubkey\n",
-                  GNUNET_sh2s (&rekey->kid),
+                  GNUNET_sh2s (&rekey->kid));
-                  GNUNET_h2s (&(receiver->ss_rekey->master)));
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                  "Sending rekey with cmac %s\n",
                  GNUNET_h2s (&(receiver->ss_rekey->cmac)));
author	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-15 15:48:25 +0200
committer	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-15 15:48:25 +0200
commit	365a1f1bd2a3674b0892ab48630a53ce59f4ddac (patch)
tree	d4ec1e22b94cf085859119f9113bd5d85ffb942b /src/transport/gnunet-communicator-udp.c
parent	e4367b08dd72b71ba1d73462cf6297641b6885b1 (diff)
download	gnunet-365a1f1bd2a3674b0892ab48630a53ce59f4ddac.tar.gz gnunet-365a1f1bd2a3674b0892ab48630a53ce59f4ddac.zip

diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index 8fcf5ac46..bd51e3003 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c
@@ -1376,30 +1376,7 @@ setup_shared_secret_dec (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
1376		1376
1377	ss = GNUNET_new (struct SharedSecret);	1377	ss = GNUNET_new (struct SharedSecret);
1378	GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &ss->master);	1378	GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &ss->master);
1379	return ss;
1380	}
1381
1382
1383	/**
1384	* Setup shared secret for encryption.
1385	*
1386	* @param ephemeral ephemeral key we are sending to the other peer
1387	* @param[in,out] receiver queue to initialize encryption key for
1388	* @return new shared secret
1389	*/
1390	static struct SharedSecret *
1391	setup_shared_secret_from_k (struct GNUNET_HashCode *k,
1392	struct ReceiverAddress *receiver)
1393	{
1394	struct SharedSecret *ss;
1395
1396	ss = GNUNET_new (struct SharedSecret);
1397	memcpy (&ss->master, k, sizeof (*k));
1398	calculate_cmac (ss);	1379	calculate_cmac (ss);
1399	ss->receiver = receiver;
1400	GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
1401	receiver->num_secrets++;
1402	GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
1403	return ss;	1380	return ss;
1404	}	1381	}
1405		1382
@@ -1419,26 +1396,12 @@ setup_shared_secret_ephemeral (struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
1419	struct GNUNET_HashCode k;	1396	struct GNUNET_HashCode k;
1420		1397
1421	GNUNET_CRYPTO_eddsa_kem_encaps (&receiver->target.public_key, ephemeral, &k);	1398	GNUNET_CRYPTO_eddsa_kem_encaps (&receiver->target.public_key, ephemeral, &k);
1422	ss = setup_shared_secret_from_k (&k, receiver);	1399	ss = GNUNET_new (struct SharedSecret);
1423	GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);	1400	memcpy (&ss->master, k, sizeof (*k));
1424	return ss;	1401	calculate_cmac (ss);
1425	}	1402	ss->receiver = receiver;
1426		1403	GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
1427		1404	receiver->num_secrets++;
1428	/**
1429	* Setup new random shared secret for encryption.
1430	*
1431	* @param[in,out] receiver queue to initialize encryption key for
1432	* @return new shared secret
1433	*/
1434	static struct SharedSecret *
1435	setup_shared_secret_random (struct ReceiverAddress *receiver)
1436	{
1437	struct SharedSecret *ss;
1438	struct GNUNET_HashCode k;
1439
1440	GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &k, sizeof(k));
1441	ss = setup_shared_secret_from_k (&k, receiver);
1442	GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);	1405	GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
1443	return ss;	1406	return ss;
1444	}	1407	}
@@ -2009,7 +1972,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
2009	struct SharedSecret *ss = kce->ss;	1972	struct SharedSecret *ss = kce->ss;
2010	struct SharedSecret *ss_rekey;	1973	struct SharedSecret *ss_rekey;
2011	char out_buf[rekey_len - sizeof(*rekey)];	1974	char out_buf[rekey_len - sizeof(*rekey)];
2012	struct GNUNET_HashCode *master;	1975	struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_pubkey;
2013		1976
2014		1977
2015	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1978	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2041,10 +2004,8 @@ decrypt_rekey (const struct UDPRekey *rekey,
2041	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2004	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2042	"decrypted UDPRekey with kid %s\n",	2005	"decrypted UDPRekey with kid %s\n",
2043	GNUNET_sh2s (&rekey->kid));	2006	GNUNET_sh2s (&rekey->kid));
2044	master = (struct GNUNET_HashCode *) out_buf;	2007	ephemeral_pubkey = (struct GNUNET_CRYPTO_EcdhePublicKey *) out_buf;
2045	ss_rekey = GNUNET_new (struct SharedSecret);	2008	ss_rekey = setup_shared_secret_dec (ephemeral_pubkey);
2046	ss_rekey->master = *master;
2047	calculate_cmac (ss_rekey);
2048	ss_rekey->sender = sender;	2009	ss_rekey->sender = sender;
2049	GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);	2010	GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
2050	sender->ss_rekey = ss_rekey;	2011	sender->ss_rekey = ss_rekey;
@@ -2801,6 +2762,7 @@ send_UDPRekey (struct ReceiverAddress receiver, struct SharedSecret ss)
2801	uint8_t send_rekey = GNUNET_NO;	2762	uint8_t send_rekey = GNUNET_NO;
2802	uint16_t not_below;	2763	uint16_t not_below;
2803	struct UDPRekey *rekey;	2764	struct UDPRekey *rekey;
		2765	struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_pubkey;
2804	size_t dpos;	2766	size_t dpos;
2805		2767
2806	char rekey_dgram[sizeof(struct UDPRekey) + receiver->d_mtu];	2768	char rekey_dgram[sizeof(struct UDPRekey) + receiver->d_mtu];
@@ -2823,7 +2785,8 @@ send_UDPRekey (struct ReceiverAddress receiver, struct SharedSecret ss)
2823	else if (NULL == receiver->ss_rekey)	2785	else if (NULL == receiver->ss_rekey)
2824	{	2786	{
2825	/* setup key material */	2787	/* setup key material */
2826	receiver->ss_rekey = setup_shared_secret_random (receiver);	2788	receiver->ss_rekey = setup_shared_secret_ephemeral (&ephemeral_pubkey,
		2789	receiver);
2827	receiver->ss_rekey->sequence_allowed = 0;	2790	receiver->ss_rekey->sequence_allowed = 0;
2828	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2791	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2829	"Setup secret with cmac %s\n",	2792	"Setup secret with cmac %s\n",
@@ -2856,10 +2819,10 @@ send_UDPRekey (struct ReceiverAddress receiver, struct SharedSecret ss)
2856		2819
2857	GNUNET_assert (	2820	GNUNET_assert (
2858	0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos],	2821	0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos],
2859	sizeof(receiver->ss_rekey->master),	2822	sizeof(ephemeral_pubkey),
2860	&(receiver->ss_rekey->master),	2823	&ephemeral_pubkey,
2861	sizeof(receiver->ss_rekey->master)));	2824	sizeof(ephemeral_pubkey)));
2862	dpos += sizeof(receiver->ss_rekey->master);	2825	dpos += sizeof(ephemeral_pubkey);
2863	do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram)	2826	do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram)
2864	- dpos);	2827	- dpos);
2865	GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher,	2828	GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher,
@@ -2868,9 +2831,8 @@ send_UDPRekey (struct ReceiverAddress receiver, struct SharedSecret ss)
2868	gcry_cipher_close (rekey_out_cipher);	2831	gcry_cipher_close (rekey_out_cipher);
2869		2832
2870	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2833	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2871	"Sending rekey with kid %s and master %s\n",	2834	"Sending rekey with kid %s and new pubkey\n",
2872	GNUNET_sh2s (&rekey->kid),	2835	GNUNET_sh2s (&rekey->kid));
2873	GNUNET_h2s (&(receiver->ss_rekey->master)));
2874	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2836	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2875	"Sending rekey with cmac %s\n",	2837	"Sending rekey with cmac %s\n",
2876	GNUNET_h2s (&(receiver->ss_rekey->cmac)));	2838	GNUNET_h2s (&(receiver->ss_rekey->cmac)));