3 files changed, 103 insertions, 54 deletions
diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h
index 8fb260dfd..e2d6f9d0b 100644
--- a/src/cadet/cadet_protocol.h
+++ b/src/cadet/cadet_protocol.h
@@ -205,7 +205,9 @@ enum GNUNET_CADET_KX_Flags {
 struct GNUNET_CADET_TunnelKeyExchangeMessage
 {
  /**
-   * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX.
+   * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX or
+   * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH as part
+   * of `struct GNUNET_CADET_TunnelKeyExchangeAuthMessage`.
   */
  struct GNUNET_MessageHeader header;
@@ -234,17 +236,57 @@ struct GNUNET_CADET_TunnelKeyExchangeMessage
   */
  struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key;
-#ifdef NEW_CADET
+};
+/**
+ * Message for a Key eXchange for a tunnel, with authentication.
+ * Used as a response to the initial KX as well as for rekeying.
+ */
+struct GNUNET_CADET_TunnelKeyExchangeAuthMessage
+{
  /**
-   * Proof that sender could compute the 3-DH, in lieu of a signature.
+   * Message header with key material.
   */
-  struct GNUNET_HashCode triple_dh_proof;
+  struct GNUNET_CADET_TunnelKeyExchangeMessage kx;
-#endif
+  /**
+   * KDF-proof that sender could compute the 3-DH, used in lieu of a
+   * signature or payload data.
+   */
+  struct GNUNET_HashCode auth;
+};
+/**
+ * Encrypted axolotl header with numbers that identify which
+ * keys in which ratchet are to be used to decrypt the body.
+ */
+struct GNUNET_CADET_AxHeader
+{
+  /**
+   * Number of messages sent with the current ratchet key.
+   */
+  uint32_t Ns GNUNET_PACKED;
+  /**
+   * Number of messages sent with the previous ratchet key.
+   */
+  uint32_t PNs GNUNET_PACKED;
+  /**
+   * Current ratchet key.
+   */
+  struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
 };
 /**
- * Axolotl tunnel message.
+ * Axolotl-encrypted tunnel message with application payload.
 */
 struct GNUNET_CADET_TunnelEncryptedMessage
 {
@@ -277,8 +319,13 @@ struct GNUNET_CADET_TunnelEncryptedMessage
   */
  struct GNUNET_ShortHashCode hmac;
-  /**************** AX_HEADER start ****************/
+  #if NEW_CADET
+  /**
+   * Axolotl-header that specifies which keys to use in which ratchet
+   * to decrypt the body that follows.
+   */
+  struct GNUNET_CADET_AxHeader ax_header;
+#else
  /**
   * Number of messages sent with the current ratchet key.
   */
@@ -293,9 +340,7 @@ struct GNUNET_CADET_TunnelEncryptedMessage
   * Current ratchet key.
   */
  struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
+#endif
-  /**************** AX_HEADER  end  ****************/
  /**
   * Encrypted content follows.
   */
diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.c b/src/cadet/gnunet-service-cadet-new_tunnels.c
index bd46dc151..020564d8e 100644
--- a/src/cadet/gnunet-service-cadet-new_tunnels.c
+++ b/src/cadet/gnunet-service-cadet-new_tunnels.c
@@ -25,9 +25,9 @@
 *
 * FIXME:
 * - KX:
+ *   + clean up KX logic, including adding sender authentication
 *   + implement rekeying
 *   + check KX estate machine -- make sure it is never stuck!
- *   + clean up KX logic, including adding sender authentication
 * - connection management
 *   + properly (evaluate, kill old ones, search for new ones)
 *   + when managing connections, distinguish those that
@@ -56,14 +56,6 @@
 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
 /**
- * Yuck, replace by 'offsetof' expression?
- * FIXME.
- */
-#define AX_HEADER_SIZE (sizeof (uint32_t) * 2\
-                        + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))
-/**
 * Maximum number of skipped keys we keep in memory per tunnel.
 */
 #define MAX_SKIPPED_KEYS 64
@@ -600,7 +592,8 @@ t_hmac (const void *plaintext,
                                 key, sizeof (*key),
                                 ctx, sizeof (ctx),
                                 NULL);
-  /* Two step: CADET_Hash is only 256 bits, HashCode is 512. */
+  /* Two step: GNUNET_ShortHash is only 256 bits,
+     GNUNET_HashCode is 512, so we truncate. */
  GNUNET_CRYPTO_hmac (&auth_key,
                      plaintext,
                      size,
@@ -814,12 +807,12 @@ t_h_encrypt (struct CadetTunnel *t,
                                     &ax->HKs,
                                     NULL, 0,
                                     NULL);
-  out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->Ns,
+  out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header.Ns,
-                                              AX_HEADER_SIZE,
+                                              sizeof (struct GNUNET_CADET_AxHeader),
                                              &ax->HKs,
                                              &iv,
-                                              &msg->Ns);
+                                              &msg->ax_header.Ns);
-  GNUNET_assert (AX_HEADER_SIZE == out_size);
+  GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
 }
@@ -844,12 +837,12 @@ t_h_decrypt (struct CadetTunnel *t,
                                     &ax->HKr,
                                     NULL, 0,
                                     NULL);
-  out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,
+  out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
-                                              AX_HEADER_SIZE,
+                                              sizeof (struct GNUNET_CADET_AxHeader),
                                              &ax->HKr,
                                              &iv,
-                                              &dst->Ns);
+                                              &dst->ax_header.Ns);
-  GNUNET_assert (AX_HEADER_SIZE == out_size);
+  GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
 }
@@ -906,8 +899,8 @@ try_old_ax_keys (struct CadetTunnel *t,
  valid_HK = NULL;
  for (key = t->ax.skipped_head; NULL != key; key = key->next)
  {
-    t_hmac (&src->Ns,
+    t_hmac (&src->ax_header,
-            AX_HEADER_SIZE + esize,
+            sizeof (struct GNUNET_CADET_AxHeader) + esize,
            0,
            &key->HK,
            hmac);
@@ -932,15 +925,15 @@ try_old_ax_keys (struct CadetTunnel *t,
                                     &key->HK,
                                     NULL, 0,
                                     NULL);
-  res = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,
+  res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
-                                         AX_HEADER_SIZE,
+                                         sizeof (struct GNUNET_CADET_AxHeader),
                                         &key->HK,
                                         &iv,
-                                         &plaintext_header.Ns);
+                                         &plaintext_header.ax_header.Ns);
-  GNUNET_assert (AX_HEADER_SIZE == res);
+  GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res);
  /* Find the correct message key */
-  N = ntohl (plaintext_header.Ns);
+  N = ntohl (plaintext_header.ax_header.Ns);
  while ( (NULL != key) &&
          (N != key->Kn) )
    key = key->next;
@@ -1077,8 +1070,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
  ax = &t->ax;
  /* Try current HK */
-  t_hmac (&src->Ns,
+  t_hmac (&src->ax_header,
-          AX_HEADER_SIZE + esize,
+          sizeof (struct GNUNET_CADET_AxHeader) + esize,
          0, &ax->HKr,
          &msg_hmac);
  if (0 != memcmp (&msg_hmac,
@@ -1092,8 +1085,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
    struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
    /* Try Next HK */
-    t_hmac (&src->Ns,
+    t_hmac (&src->ax_header,
-            AX_HEADER_SIZE + esize,
+            sizeof (struct GNUNET_CADET_AxHeader) + esize,
            0,
            &ax->NHKr,
            &msg_hmac);
@@ -1112,9 +1105,9 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
    t_h_decrypt (t,
                 src,
                 &plaintext_header);
-    Np = ntohl (plaintext_header.Ns);
+    Np = ntohl (plaintext_header.ax_header.Ns);
-    PNp = ntohl (plaintext_header.PNs);
+    PNp = ntohl (plaintext_header.ax_header.PNs);
-    DHRp = &plaintext_header.DHRs;
+    DHRp = &plaintext_header.ax_header.DHRs;
    store_ax_keys (t,
                   &HK,
                   PNp);
@@ -1144,8 +1137,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
    t_h_decrypt (t,
                 src,
                 &plaintext_header);
-    Np = ntohl (plaintext_header.Ns);
+    Np = ntohl (plaintext_header.ax_header.Ns);
-    PNp = ntohl (plaintext_header.PNs);
+    PNp = ntohl (plaintext_header.ax_header.PNs);
  }
  if ( (Np != ax->Nr) &&
       (GNUNET_OK != store_ax_keys (t,
@@ -2473,14 +2466,14 @@ GCT_send (struct CadetTunnel *t,
                &ax_msg[1],
                message,
                payload_size);
-  ax_msg->Ns = htonl (t->ax.Ns++);
+  ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
-  ax_msg->PNs = htonl (t->ax.PNs);
+  ax_msg->ax_header.PNs = htonl (t->ax.PNs);
  GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,
-                                      &ax_msg->DHRs);
+                                      &ax_msg->ax_header.DHRs);
  t_h_encrypt (t,
               ax_msg);
-  t_hmac (&ax_msg->Ns,
+  t_hmac (&ax_msg->ax_header,
-          AX_HEADER_SIZE + payload_size,
+          sizeof (struct GNUNET_CADET_AxHeader) + payload_size,
          0,
          &t->ax.HKs,
          &ax_msg->hmac);
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 4079aa0e4..1b6152206 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -2651,10 +2651,21 @@ extern "C"
 /**
 * Hop-by-hop, connection dependent ACK.
+ *
+ * @deprecated
 */
 #define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_HOP_BY_HOP_ENCRYPTED_ACK 1005
 /**
+ * We do not bother with ACKs for
+ * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead
+ * poll for one if we got nothing for a while and start to be worried.
+ *
+ * @deprecated
+ */
+#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006
+/**
 * Axolotl key exchange.
 */
 #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX 1007
@@ -2665,11 +2676,9 @@ extern "C"
 #define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED 1008
 /**
- * We do not bother with ACKs for
+ * Axolotl key exchange response with authentication.
- * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead
- * poll for one if we got nothing for a while and start to be worried.
 */
-#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006
+#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH 1009
@@ -2707,6 +2716,8 @@ extern "C"
 /**
 * Reject the creation of a channel
+ *
+ * @deprecated
 */
 #define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_NACK_DEPRECATED 1016

diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h index 8fb260dfd..e2d6f9d0b 100644 --- a/src/cadet/cadet_protocol.h +++ b/src/cadet/cadet_protocol.h
@@ -205,7 +205,9 @@ enum GNUNET_CADET_KX_Flags {
205	struct GNUNET_CADET_TunnelKeyExchangeMessage	205	struct GNUNET_CADET_TunnelKeyExchangeMessage
206	{	206	{
207	/**	207	/**
208	* Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX.	208	* Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX or
		209	* #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH as part
		210	* of `struct GNUNET_CADET_TunnelKeyExchangeAuthMessage`.
209	*/	211	*/
210	struct GNUNET_MessageHeader header;	212	struct GNUNET_MessageHeader header;
211		213
@@ -234,17 +236,57 @@ struct GNUNET_CADET_TunnelKeyExchangeMessage
234	*/	236	*/
235	struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key;	237	struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key;
236		238
237	#ifdef NEW_CADET	239	};
		240
		241
		242	/**
		243	* Message for a Key eXchange for a tunnel, with authentication.
		244	* Used as a response to the initial KX as well as for rekeying.
		245	*/
		246	struct GNUNET_CADET_TunnelKeyExchangeAuthMessage
		247	{
		248
238	/**	249	/**
239	* Proof that sender could compute the 3-DH, in lieu of a signature.	250	* Message header with key material.
240	*/	251	*/
241	struct GNUNET_HashCode triple_dh_proof;	252	struct GNUNET_CADET_TunnelKeyExchangeMessage kx;
242	#endif	253
		254	/**
		255	* KDF-proof that sender could compute the 3-DH, used in lieu of a
		256	* signature or payload data.
		257	*/
		258	struct GNUNET_HashCode auth;
		259
		260	};
		261
		262
		263	/**
		264	* Encrypted axolotl header with numbers that identify which
		265	* keys in which ratchet are to be used to decrypt the body.
		266	*/
		267	struct GNUNET_CADET_AxHeader
		268	{
		269
		270	/**
		271	* Number of messages sent with the current ratchet key.
		272	*/
		273	uint32_t Ns GNUNET_PACKED;
		274
		275	/**
		276	* Number of messages sent with the previous ratchet key.
		277	*/
		278	uint32_t PNs GNUNET_PACKED;
		279
		280	/**
		281	* Current ratchet key.
		282	*/
		283	struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
		284
243	};	285	};
244		286
245		287
246	/**	288	/**
247	* Axolotl tunnel message.	289	* Axolotl-encrypted tunnel message with application payload.
248	*/	290	*/
249	struct GNUNET_CADET_TunnelEncryptedMessage	291	struct GNUNET_CADET_TunnelEncryptedMessage
250	{	292	{
@@ -277,8 +319,13 @@ struct GNUNET_CADET_TunnelEncryptedMessage
277	*/	319	*/
278	struct GNUNET_ShortHashCode hmac;	320	struct GNUNET_ShortHashCode hmac;
279		321
280	/************** AX_HEADER start **************/	322	#if NEW_CADET
281		323	/**
		324	* Axolotl-header that specifies which keys to use in which ratchet
		325	* to decrypt the body that follows.
		326	*/
		327	struct GNUNET_CADET_AxHeader ax_header;
		328	#else
282	/**	329	/**
283	* Number of messages sent with the current ratchet key.	330	* Number of messages sent with the current ratchet key.
284	*/	331	*/
@@ -293,9 +340,7 @@ struct GNUNET_CADET_TunnelEncryptedMessage
293	* Current ratchet key.	340	* Current ratchet key.
294	*/	341	*/
295	struct GNUNET_CRYPTO_EcdhePublicKey DHRs;	342	struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
296		343	#endif
297	/************** AX_HEADER end **************/
298
299	/**	344	/**
300	* Encrypted content follows.	345	* Encrypted content follows.
301	*/	346	*/


diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.c b/src/cadet/gnunet-service-cadet-new_tunnels.c index bd46dc151..020564d8e 100644 --- a/src/cadet/gnunet-service-cadet-new_tunnels.c +++ b/src/cadet/gnunet-service-cadet-new_tunnels.c
@@ -25,9 +25,9 @@
25	*	25	*
26	* FIXME:	26	* FIXME:
27	* - KX:	27	* - KX:
		28	* + clean up KX logic, including adding sender authentication
28	* + implement rekeying	29	* + implement rekeying
29	* + check KX estate machine -- make sure it is never stuck!	30	* + check KX estate machine -- make sure it is never stuck!
30	* + clean up KX logic, including adding sender authentication
31	* - connection management	31	* - connection management
32	* + properly (evaluate, kill old ones, search for new ones)	32	* + properly (evaluate, kill old ones, search for new ones)
33	* + when managing connections, distinguish those that	33	* + when managing connections, distinguish those that
@@ -56,14 +56,6 @@
56	#define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)	56	#define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
57		57
58	/**	58	/**
59	* Yuck, replace by 'offsetof' expression?
60	* FIXME.
61	*/
62	#define AX_HEADER_SIZE (sizeof (uint32_t) * 2\
63	+ sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))
64
65
66	/**
67	* Maximum number of skipped keys we keep in memory per tunnel.	59	* Maximum number of skipped keys we keep in memory per tunnel.
68	*/	60	*/
69	#define MAX_SKIPPED_KEYS 64	61	#define MAX_SKIPPED_KEYS 64
@@ -600,7 +592,8 @@ t_hmac (const void *plaintext,
600	key, sizeof (*key),	592	key, sizeof (*key),
601	ctx, sizeof (ctx),	593	ctx, sizeof (ctx),
602	NULL);	594	NULL);
603	/* Two step: CADET_Hash is only 256 bits, HashCode is 512. */	595	/* Two step: GNUNET_ShortHash is only 256 bits,
		596	GNUNET_HashCode is 512, so we truncate. */
604	GNUNET_CRYPTO_hmac (&auth_key,	597	GNUNET_CRYPTO_hmac (&auth_key,
605	plaintext,	598	plaintext,
606	size,	599	size,
@@ -814,12 +807,12 @@ t_h_encrypt (struct CadetTunnel *t,
814	&ax->HKs,	807	&ax->HKs,
815	NULL, 0,	808	NULL, 0,
816	NULL);	809	NULL);
817	out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->Ns,	810	out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header.Ns,
818	AX_HEADER_SIZE,	811	sizeof (struct GNUNET_CADET_AxHeader),
819	&ax->HKs,	812	&ax->HKs,
820	&iv,	813	&iv,
821	&msg->Ns);	814	&msg->ax_header.Ns);
822	GNUNET_assert (AX_HEADER_SIZE == out_size);	815	GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
823	}	816	}
824		817
825		818
@@ -844,12 +837,12 @@ t_h_decrypt (struct CadetTunnel *t,
844	&ax->HKr,	837	&ax->HKr,
845	NULL, 0,	838	NULL, 0,
846	NULL);	839	NULL);
847	out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,	840	out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
848	AX_HEADER_SIZE,	841	sizeof (struct GNUNET_CADET_AxHeader),
849	&ax->HKr,	842	&ax->HKr,
850	&iv,	843	&iv,
851	&dst->Ns);	844	&dst->ax_header.Ns);
852	GNUNET_assert (AX_HEADER_SIZE == out_size);	845	GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
853	}	846	}
854		847
855		848
@@ -906,8 +899,8 @@ try_old_ax_keys (struct CadetTunnel *t,
906	valid_HK = NULL;	899	valid_HK = NULL;
907	for (key = t->ax.skipped_head; NULL != key; key = key->next)	900	for (key = t->ax.skipped_head; NULL != key; key = key->next)
908	{	901	{
909	t_hmac (&src->Ns,	902	t_hmac (&src->ax_header,
910	AX_HEADER_SIZE + esize,	903	sizeof (struct GNUNET_CADET_AxHeader) + esize,
911	0,	904	0,
912	&key->HK,	905	&key->HK,
913	hmac);	906	hmac);
@@ -932,15 +925,15 @@ try_old_ax_keys (struct CadetTunnel *t,
932	&key->HK,	925	&key->HK,
933	NULL, 0,	926	NULL, 0,
934	NULL);	927	NULL);
935	res = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,	928	res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
936	AX_HEADER_SIZE,	929	sizeof (struct GNUNET_CADET_AxHeader),
937	&key->HK,	930	&key->HK,
938	&iv,	931	&iv,
939	&plaintext_header.Ns);	932	&plaintext_header.ax_header.Ns);
940	GNUNET_assert (AX_HEADER_SIZE == res);	933	GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res);
941		934
942	/* Find the correct message key */	935	/* Find the correct message key */
943	N = ntohl (plaintext_header.Ns);	936	N = ntohl (plaintext_header.ax_header.Ns);
944	while ( (NULL != key) &&	937	while ( (NULL != key) &&
945	(N != key->Kn) )	938	(N != key->Kn) )
946	key = key->next;	939	key = key->next;
@@ -1077,8 +1070,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
1077	ax = &t->ax;	1070	ax = &t->ax;
1078		1071
1079	/* Try current HK */	1072	/* Try current HK */
1080	t_hmac (&src->Ns,	1073	t_hmac (&src->ax_header,
1081	AX_HEADER_SIZE + esize,	1074	sizeof (struct GNUNET_CADET_AxHeader) + esize,
1082	0, &ax->HKr,	1075	0, &ax->HKr,
1083	&msg_hmac);	1076	&msg_hmac);
1084	if (0 != memcmp (&msg_hmac,	1077	if (0 != memcmp (&msg_hmac,
@@ -1092,8 +1085,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
1092	struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;	1085	struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1093		1086
1094	/* Try Next HK */	1087	/* Try Next HK */
1095	t_hmac (&src->Ns,	1088	t_hmac (&src->ax_header,
1096	AX_HEADER_SIZE + esize,	1089	sizeof (struct GNUNET_CADET_AxHeader) + esize,
1097	0,	1090	0,
1098	&ax->NHKr,	1091	&ax->NHKr,
1099	&msg_hmac);	1092	&msg_hmac);
@@ -1112,9 +1105,9 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
1112	t_h_decrypt (t,	1105	t_h_decrypt (t,
1113	src,	1106	src,
1114	&plaintext_header);	1107	&plaintext_header);
1115	Np = ntohl (plaintext_header.Ns);	1108	Np = ntohl (plaintext_header.ax_header.Ns);
1116	PNp = ntohl (plaintext_header.PNs);	1109	PNp = ntohl (plaintext_header.ax_header.PNs);
1117	DHRp = &plaintext_header.DHRs;	1110	DHRp = &plaintext_header.ax_header.DHRs;
1118	store_ax_keys (t,	1111	store_ax_keys (t,
1119	&HK,	1112	&HK,
1120	PNp);	1113	PNp);
@@ -1144,8 +1137,8 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
1144	t_h_decrypt (t,	1137	t_h_decrypt (t,
1145	src,	1138	src,
1146	&plaintext_header);	1139	&plaintext_header);
1147	Np = ntohl (plaintext_header.Ns);	1140	Np = ntohl (plaintext_header.ax_header.Ns);
1148	PNp = ntohl (plaintext_header.PNs);	1141	PNp = ntohl (plaintext_header.ax_header.PNs);
1149	}	1142	}
1150	if ( (Np != ax->Nr) &&	1143	if ( (Np != ax->Nr) &&
1151	(GNUNET_OK != store_ax_keys (t,	1144	(GNUNET_OK != store_ax_keys (t,
@@ -2473,14 +2466,14 @@ GCT_send (struct CadetTunnel *t,
2473	&ax_msg[1],	2466	&ax_msg[1],
2474	message,	2467	message,
2475	payload_size);	2468	payload_size);
2476	ax_msg->Ns = htonl (t->ax.Ns++);	2469	ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
2477	ax_msg->PNs = htonl (t->ax.PNs);	2470	ax_msg->ax_header.PNs = htonl (t->ax.PNs);
2478	GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,	2471	GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,
2479	&ax_msg->DHRs);	2472	&ax_msg->ax_header.DHRs);
2480	t_h_encrypt (t,	2473	t_h_encrypt (t,
2481	ax_msg);	2474	ax_msg);
2482	t_hmac (&ax_msg->Ns,	2475	t_hmac (&ax_msg->ax_header,
2483	AX_HEADER_SIZE + payload_size,	2476	sizeof (struct GNUNET_CADET_AxHeader) + payload_size,
2484	0,	2477	0,
2485	&t->ax.HKs,	2478	&t->ax.HKs,
2486	&ax_msg->hmac);	2479	&ax_msg->hmac);


diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 4079aa0e4..1b6152206 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h
@@ -2651,10 +2651,21 @@ extern "C"
2651		2651
2652	/**	2652	/**
2653	* Hop-by-hop, connection dependent ACK.	2653	* Hop-by-hop, connection dependent ACK.
		2654	*
		2655	* @deprecated
2654	*/	2656	*/
2655	#define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_HOP_BY_HOP_ENCRYPTED_ACK 1005	2657	#define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_HOP_BY_HOP_ENCRYPTED_ACK 1005
2656		2658
2657	/**	2659	/**
		2660	* We do not bother with ACKs for
		2661	* #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead
		2662	* poll for one if we got nothing for a while and start to be worried.
		2663	*
		2664	* @deprecated
		2665	*/
		2666	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006
		2667
		2668	/**
2658	* Axolotl key exchange.	2669	* Axolotl key exchange.
2659	*/	2670	*/
2660	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX 1007	2671	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX 1007
@@ -2665,11 +2676,9 @@ extern "C"
2665	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED 1008	2676	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED 1008
2666		2677
2667	/**	2678	/**
2668	* We do not bother with ACKs for	2679	* Axolotl key exchange response with authentication.
2669	* #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead
2670	* poll for one if we got nothing for a while and start to be worried.
2671	*/	2680	*/
2672	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006	2681	#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH 1009
2673		2682
2674		2683
2675		2684
@@ -2707,6 +2716,8 @@ extern "C"
2707		2716
2708	/**	2717	/**
2709	* Reject the creation of a channel	2718	* Reject the creation of a channel
		2719	*
		2720	* @deprecated
2710	*/	2721	*/
2711	#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_NACK_DEPRECATED 1016	2722	#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_NACK_DEPRECATED 1016
2712		2723