aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-06-04 13:50:02 +0000
committerChristian Grothoff <christian@grothoff.org>2015-06-04 13:50:02 +0000
commit47236bb24d1412aaf3d0ed7da3ff324f8c16d16e (patch)
tree46c8a682303fa66bc85c57be47817ea2b1c98f77 /src
parent910c86036fb29b8e05f57ffc0cdc5e426c231ca9 (diff)
downloadgnunet-47236bb24d1412aaf3d0ed7da3ff324f8c16d16e.tar.gz
gnunet-47236bb24d1412aaf3d0ed7da3ff324f8c16d16e.zip
-simplifying Cadet KX to directly use EdDSA keys for ECDHE
Diffstat (limited to 'src')
-rw-r--r--src/cadet/cadet_protocol.h17
-rw-r--r--src/cadet/gnunet-service-cadet_peer.c90
-rw-r--r--src/cadet/gnunet-service-cadet_peer.h29
-rw-r--r--src/cadet/gnunet-service-cadet_tunnel.c112
-rw-r--r--src/include/gnunet_signatures.h5
5 files changed, 36 insertions, 217 deletions
diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h
index a51be3939..9b0abcc55 100644
--- a/src/cadet/cadet_protocol.h
+++ b/src/cadet/cadet_protocol.h
@@ -127,23 +127,6 @@ struct GNUNET_CADET_AX_KX
127 uint32_t force_reply; 127 uint32_t force_reply;
128 128
129 /** 129 /**
130 * An EdDSA signature of the permanent ECDH key with the Peer's ID key.
131 */
132 struct GNUNET_CRYPTO_EddsaSignature signature;
133
134 /**
135 * Information about what is being signed (@a permanent_key).
136 */
137 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
138
139 /**
140 * Sender's permanent_key public ECC key encoded in a
141 * format suitable for network transmission, as created
142 * using 'gcry_sexp_sprint'.
143 */
144 struct GNUNET_CRYPTO_EcdhePublicKey permanent_key;
145
146 /**
147 * Sender's ephemeral public ECC key encoded in a 130 * Sender's ephemeral public ECC key encoded in a
148 * format suitable for network transmission, as created 131 * format suitable for network transmission, as created
149 * using 'gcry_sexp_sprint'. 132 * using 'gcry_sexp_sprint'.
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c
index 50d40dce7..fef95dfcc 100644
--- a/src/cadet/gnunet-service-cadet_peer.c
+++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -120,34 +120,29 @@ struct CadetPeerQueue
120 */ 120 */
121struct CadetPeer 121struct CadetPeer
122{ 122{
123 /** 123 /**
124 * ID of the peer 124 * ID of the peer
125 */ 125 */
126 GNUNET_PEER_Id id; 126 GNUNET_PEER_Id id;
127 127
128 /** 128 /**
129 * Axolotl permanent public key. 129 * Last time we heard from this peer
130 */ 130 */
131 struct GNUNET_CRYPTO_EcdhePublicKey ax_key;
132
133 /**
134 * Last time we heard from this peer
135 */
136 struct GNUNET_TIME_Absolute last_contact; 131 struct GNUNET_TIME_Absolute last_contact;
137 132
138 /** 133 /**
139 * Paths to reach the peer, ordered by ascending hop count 134 * Paths to reach the peer, ordered by ascending hop count
140 */ 135 */
141 struct CadetPeerPath *path_head; 136 struct CadetPeerPath *path_head;
142 137
143 /** 138 /**
144 * Paths to reach the peer, ordered by ascending hop count 139 * Paths to reach the peer, ordered by ascending hop count
145 */ 140 */
146 struct CadetPeerPath *path_tail; 141 struct CadetPeerPath *path_tail;
147 142
148 /** 143 /**
149 * Handle to stop the DHT search for paths to this peer 144 * Handle to stop the DHT search for paths to this peer
150 */ 145 */
151 struct GCD_search_handle *search_h; 146 struct GCD_search_handle *search_h;
152 147
153 /** 148 /**
@@ -2383,61 +2378,6 @@ GCP_try_connect (struct CadetPeer *peer)
2383 2378
2384 2379
2385/** 2380/**
2386 * Check if the given ECDH key is correct for the peer.
2387 *
2388 * This function caches the results if the key has been previoulsy checked,
2389 * otherwise checks that the key is signed with the peer's ID (EdDSA key).
2390 *
2391 * TODO: save the cached public key to permanent storage / peerinfo.
2392 *
2393 * @param peer Peer whose key to check.
2394 * @param key ECDH key to check.
2395 * @param purpose Purpose of the signature (followed by the key).
2396 * @param sig Signature with the peer's EdDSA key (PeerID).
2397 */
2398int
2399GCP_check_key (struct CadetPeer *peer,
2400 const struct GNUNET_CRYPTO_EcdhePublicKey *key,
2401 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
2402 const struct GNUNET_CRYPTO_EddsaSignature *sig)
2403{
2404 struct GNUNET_CRYPTO_EddsaPublicKey *pub;
2405 int verified;
2406
2407 /* Is it the same as the cached key? */
2408 if (0 == memcmp (&peer->ax_key, key, sizeof (*key)))
2409 return GNUNET_OK;
2410
2411 /* New key, verify. */
2412 pub = (struct GNUNET_CRYPTO_EddsaPublicKey *) GCP_get_id (peer);
2413 verified = GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_AXKX,
2414 purpose, sig, pub);
2415
2416 if (GNUNET_OK != verified)
2417 return GNUNET_SYSERR;
2418
2419 /* Cache key for later. */
2420 peer->ax_key = *key;
2421 return GNUNET_OK;
2422}
2423
2424
2425/**
2426 * Get the Identity ECDH key of the peer.
2427 *
2428 * @param peer Peer whose key to get.
2429 *
2430 * @return Peer's permanent ECDH key (might be all 0: unknown).
2431 *
2432 */
2433struct GNUNET_CRYPTO_EcdhePublicKey *
2434GCP_get_ecdh_key (struct CadetPeer *peer)
2435{
2436 return &peer->ax_key;
2437}
2438
2439
2440/**
2441 * Notify a peer that a link between two other peers is broken. If any path 2381 * Notify a peer that a link between two other peers is broken. If any path
2442 * used that link, eliminate it. 2382 * used that link, eliminate it.
2443 * 2383 *
diff --git a/src/cadet/gnunet-service-cadet_peer.h b/src/cadet/gnunet-service-cadet_peer.h
index 298ef50e7..a0211328b 100644
--- a/src/cadet/gnunet-service-cadet_peer.h
+++ b/src/cadet/gnunet-service-cadet_peer.h
@@ -390,35 +390,6 @@ void
390GCP_try_connect (struct CadetPeer *peer); 390GCP_try_connect (struct CadetPeer *peer);
391 391
392/** 392/**
393 * Check if the given ECDH key is correct for the peer.
394 *
395 * This function caches the results if the key has been previoulsy checked,
396 * otherwise checks that the key is signed with the peer's ID (EdDSA key).
397 *
398 * TODO: save the cached public key to permanent storage / peerinfo.
399 *
400 * @param peer Peer whose key to check.
401 * @param key ECDH key to check.
402 * @param purpose Purpose of the signature (followed by the key).
403 * @param sig Signature with the peer's EdDSA key (PeerID).
404 */
405int
406GCP_check_key (struct CadetPeer *peer,
407 const struct GNUNET_CRYPTO_EcdhePublicKey *key,
408 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
409 const struct GNUNET_CRYPTO_EddsaSignature *sig);
410
411/**
412 * Get the Identity ECDH key of the peer.
413 *
414 * @param peer Peer whose key to get.
415 *
416 * @return Peer's permanent ECDH key (might be all 0: unknown).
417 */
418struct GNUNET_CRYPTO_EddsaPublicKey *
419GCP_get_key (struct CadetPeer *peer);
420
421/**
422 * Notify a peer that a link between two other peers is broken. If any path 393 * Notify a peer that a link between two other peers is broken. If any path
423 * used that link, eliminate it. 394 * used that link, eliminate it.
424 * 395 *
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c
index cb7bbb300..3b0f335f2 100644
--- a/src/cadet/gnunet-service-cadet_tunnel.c
+++ b/src/cadet/gnunet-service-cadet_tunnel.c
@@ -252,11 +252,6 @@ struct CadetTunnelAxolotl
252 struct GNUNET_CRYPTO_EcdhePrivateKey *kx_0; 252 struct GNUNET_CRYPTO_EcdhePrivateKey *kx_0;
253 253
254 /** 254 /**
255 * ECDH Identity key (recv).
256 */
257 struct GNUNET_CRYPTO_EcdhePublicKey DHIr;
258
259 /**
260 * ECDH Ratchet key (send). 255 * ECDH Ratchet key (send).
261 */ 256 */
262 struct GNUNET_CRYPTO_EcdhePrivateKey *DHRs; 257 struct GNUNET_CRYPTO_EcdhePrivateKey *DHRs;
@@ -467,28 +462,6 @@ struct CadetTunnelQueue
467}; 462};
468 463
469 464
470/**
471 * Cached Axolotl key with signature.
472 */
473struct CadetAxolotlSignedKey
474{
475 /**
476 * Information about what is being signed (@a permanent_key).
477 */
478 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
479
480 /**
481 * Permanent public ECDH key.
482 */
483 struct GNUNET_CRYPTO_EcdhePublicKey permanent_key;
484
485 /**
486 * An EdDSA signature of the permanent ECDH key with the Peer's ID key.
487 */
488 struct GNUNET_CRYPTO_EddsaSignature signature;
489} GNUNET_PACKED;
490
491
492/******************************************************************************/ 465/******************************************************************************/
493/******************************* GLOBALS ***********************************/ 466/******************************* GLOBALS ***********************************/
494/******************************************************************************/ 467/******************************************************************************/
@@ -534,13 +507,6 @@ const static struct GNUNET_CRYPTO_EddsaPrivateKey *id_key;
534 507
535/******************************** AXOLOTL ************************************/ 508/******************************** AXOLOTL ************************************/
536 509
537static struct GNUNET_CRYPTO_EcdhePrivateKey *ax_key;
538
539/**
540 * Own Axolotl permanent public key (cache).
541 */
542static struct CadetAxolotlSignedKey ax_identity;
543
544/** 510/**
545 * How many messages are needed to trigger a ratchet advance. 511 * How many messages are needed to trigger a ratchet advance.
546 */ 512 */
@@ -704,19 +670,6 @@ ephemeral_purpose_size (void)
704 670
705 671
706/** 672/**
707 * Ephemeral key message purpose size.
708 *
709 * @return Size of the part of the ephemeral key message that must be signed.
710 */
711static size_t
712ax_purpose_size (void)
713{
714 return sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
715 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey);
716}
717
718
719/**
720 * Size of the encrypted part of a ping message. 673 * Size of the encrypted part of a ping message.
721 * 674 *
722 * @return Size of the encrypted part of a ping message. 675 * @return Size of the encrypted part of a ping message.
@@ -2887,8 +2840,6 @@ handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
2887 struct CadetTunnelAxolotl *ax; 2840 struct CadetTunnelAxolotl *ax;
2888 struct GNUNET_HashCode key_material[3]; 2841 struct GNUNET_HashCode key_material[3];
2889 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5]; 2842 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
2890 const struct GNUNET_CRYPTO_EcdhePublicKey *pub;
2891 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv;
2892 const char salt[] = "CADET Axolotl salt"; 2843 const char salt[] = "CADET Axolotl salt";
2893 const struct GNUNET_PeerIdentity *pid; 2844 const struct GNUNET_PeerIdentity *pid;
2894 int am_I_alice; 2845 int am_I_alice;
@@ -2903,13 +2854,6 @@ handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
2903 return; 2854 return;
2904 } 2855 }
2905 2856
2906 if (GNUNET_OK != GCP_check_key (t->peer, &msg->permanent_key,
2907 &msg->purpose, &msg->signature))
2908 {
2909 GNUNET_break_op (0);
2910 return;
2911 }
2912
2913 pid = GCT_get_destination (t); 2857 pid = GCT_get_destination (t);
2914 if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, pid)) 2858 if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, pid))
2915 am_I_alice = GNUNET_YES; 2859 am_I_alice = GNUNET_YES;
@@ -2931,38 +2875,43 @@ handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
2931 2875
2932 ax = t->ax; 2876 ax = t->ax;
2933 ax->DHRr = msg->ratchet_key; 2877 ax->DHRr = msg->ratchet_key;
2934 ax->DHIr = msg->permanent_key;
2935 2878
2936 /* ECDH A B0 */ 2879 /* ECDH A B0 */
2937 if (GNUNET_YES == am_I_alice) 2880 if (GNUNET_YES == am_I_alice)
2938 { 2881 {
2939 priv = ax_key; /* A */ 2882 GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */
2940 pub = &msg->ephemeral_key; /* B0 */ 2883 &msg->ephemeral_key, /* B0 */
2884 &key_material[0]);
2941 } 2885 }
2942 else 2886 else
2943 { 2887 {
2944 priv = ax->kx_0; /* B0 */ 2888 GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */
2945 pub = &ax->DHIr; /* A */ 2889 &pid->public_key, /* A */
2890 &key_material[0]);
2946 } 2891 }
2947 GNUNET_CRYPTO_ecc_ecdh (priv, pub, &key_material[0]);
2948 2892
2949 /* ECDH A0 B */ 2893 /* ECDH A0 B */
2950 if (GNUNET_YES == am_I_alice) 2894 if (GNUNET_YES == am_I_alice)
2951 { 2895 {
2952 priv = ax->kx_0; /* A0 */ 2896 GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */
2953 pub = &ax->DHIr; /* B */ 2897 &pid->public_key, /* B */
2898 &key_material[1]);
2954 } 2899 }
2955 else 2900 else
2956 { 2901 {
2957 priv = ax_key; /* B */ 2902 GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */
2958 pub = &msg->ephemeral_key; /* A0 */ 2903 &msg->ephemeral_key, /* B0 */
2904 &key_material[1]);
2905
2906
2959 } 2907 }
2960 GNUNET_CRYPTO_ecc_ecdh (priv, pub, &key_material[1]);
2961 2908
2962 /* ECDH A0 B0*/ 2909 /* ECDH A0 B0 */
2963 priv = ax->kx_0; /* A0 or B0 */ 2910 /* (This is the triple-DH, we could probably safely skip this,
2964 pub = &msg->ephemeral_key; /* B0 or A0 */ 2911 as A0/B0 are already in the key material.) */
2965 GNUNET_CRYPTO_ecc_ecdh (priv, pub, &key_material[2]); 2912 GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */
2913 &msg->ephemeral_key, /* B0 or A0 */
2914 &key_material[2]);
2966 2915
2967 #if DUMP_KEYS_TO_STDERR 2916 #if DUMP_KEYS_TO_STDERR
2968 { 2917 {
@@ -3084,7 +3033,7 @@ GCT_handle_encrypted (struct CadetTunnel *t,
3084 size_t payload_size; 3033 size_t payload_size;
3085 int decrypted_size; 3034 int decrypted_size;
3086 uint16_t type; 3035 uint16_t type;
3087 struct GNUNET_MessageHeader *msgh; 3036 const struct GNUNET_MessageHeader *msgh;
3088 unsigned int off; 3037 unsigned int off;
3089 3038
3090 type = ntohs (msg->type); 3039 type = ntohs (msg->type);
@@ -3233,16 +3182,6 @@ GCT_init (const struct GNUNET_CONFIGURATION_Handle *c,
3233 otr_kx_msg.purpose.size = htonl (ephemeral_purpose_size ()); 3182 otr_kx_msg.purpose.size = htonl (ephemeral_purpose_size ());
3234 otr_kx_msg.origin_identity = my_full_id; 3183 otr_kx_msg.origin_identity = my_full_id;
3235 rekey_task = GNUNET_SCHEDULER_add_now (&global_otr_rekey, NULL); 3184 rekey_task = GNUNET_SCHEDULER_add_now (&global_otr_rekey, NULL);
3236
3237 ax_key = GNUNET_CRYPTO_ecdhe_key_create ();
3238 GNUNET_CRYPTO_ecdhe_key_get_public (ax_key, &ax_identity.permanent_key);
3239 ax_identity.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CADET_AXKX);
3240 ax_identity.purpose.size = htonl (ax_purpose_size ());
3241 GNUNET_assert (GNUNET_OK ==
3242 GNUNET_CRYPTO_eddsa_sign (id_key,
3243 &ax_identity.purpose,
3244 &ax_identity.signature));
3245
3246 tunnels = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_YES); 3185 tunnels = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_YES);
3247} 3186}
3248 3187
@@ -3260,7 +3199,6 @@ GCT_shutdown (void)
3260 } 3199 }
3261 GNUNET_CONTAINER_multipeermap_iterate (tunnels, &destroy_iterator, NULL); 3200 GNUNET_CONTAINER_multipeermap_iterate (tunnels, &destroy_iterator, NULL);
3262 GNUNET_CONTAINER_multipeermap_destroy (tunnels); 3201 GNUNET_CONTAINER_multipeermap_destroy (tunnels);
3263 GNUNET_free (ax_key);
3264} 3202}
3265 3203
3266 3204
@@ -4237,9 +4175,6 @@ GCT_send_ax_kx (struct CadetTunnel *t, int force_reply)
4237 msg.header.size = htons (sizeof (msg)); 4175 msg.header.size = htons (sizeof (msg));
4238 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_AX_KX); 4176 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_AX_KX);
4239 msg.force_reply = htonl (force_reply); 4177 msg.force_reply = htonl (force_reply);
4240 msg.permanent_key = ax_identity.permanent_key;
4241 msg.purpose = ax_identity.purpose;
4242 msg.signature = ax_identity.signature;
4243 GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->kx_0, &msg.ephemeral_key); 4178 GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->kx_0, &msg.ephemeral_key);
4244 GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->DHRs, &msg.ratchet_key); 4179 GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->DHRs, &msg.ratchet_key);
4245 4180
@@ -4402,11 +4337,6 @@ ax_debug (const struct CadetTunnelAxolotl *ax, enum GNUNET_ErrorType level)
4402 LOG2 (level, "TTT CKr\t %s\n", 4337 LOG2 (level, "TTT CKr\t %s\n",
4403 GNUNET_h2s ((struct GNUNET_HashCode *) &ax->CKr)); 4338 GNUNET_h2s ((struct GNUNET_HashCode *) &ax->CKr));
4404 4339
4405 GNUNET_CRYPTO_ecdhe_key_get_public (ax_key, &pub);
4406 LOG2 (level, "TTT DHIs\t %s\n",
4407 GNUNET_h2s ((struct GNUNET_HashCode *) &pub));
4408 LOG2 (level, "TTT DHIr\t %s\n",
4409 GNUNET_h2s ((struct GNUNET_HashCode *) &ax->DHIr));
4410 GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs, &pub); 4340 GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs, &pub);
4411 LOG2 (level, "TTT DHRs\t %s\n", 4341 LOG2 (level, "TTT DHRs\t %s\n",
4412 GNUNET_h2s ((struct GNUNET_HashCode *) &pub)); 4342 GNUNET_h2s ((struct GNUNET_HashCode *) &pub));
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index 83596a5ed..f25f31cd3 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -176,11 +176,6 @@ extern "C"
176 */ 176 */
177#define GNUNET_SIGNATURE_PURPOSE_SENSOR_ANOMALY_REPORT 25 177#define GNUNET_SIGNATURE_PURPOSE_SENSOR_ANOMALY_REPORT 25
178 178
179/**
180 * Axolotl key exchange in CADET
181 */
182#define GNUNET_SIGNATURE_PURPOSE_CADET_AXKX 26
183
184 179
185#if 0 /* keep Emacsens' auto-indent happy */ 180#if 0 /* keep Emacsens' auto-indent happy */
186{ 181{