2 files changed, 66 insertions, 0 deletions
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c
index 19c6c99bf..1948c1ed9 100644
--- a/src/cadet/gnunet-service-cadet_peer.c
+++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -22,6 +22,8 @@
 #include "platform.h"
 #include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
 #include "gnunet_transport_service.h"
 #include "gnunet_core_service.h"
 #include "gnunet_statistics_service.h"
@@ -124,6 +126,11 @@ struct CadetPeer
  GNUNET_PEER_Id id;
    /**
+     * Axolotl permanent public key.
+     */
+  struct GNUNET_CRYPTO_EcdhePublicKey ax_key;
+    /**
     * Last time we heard from this peer
     */
  struct GNUNET_TIME_Absolute last_contact;
@@ -2366,6 +2373,46 @@ GCP_try_connect (struct CadetPeer *peer)
 /**
+ * Check if the given ECDH key is correct for the peer.
+ *
+ * This function caches the results if the key has been previoulsy checked,
+ * otherwise checks that the key is signed with the peer's ID (EdDSA key).
+ *
+ * TODO: save the cached public key to permanent storage / peerinfo.
+ *
+ * @param peer Peer whose key to check.
+ * @param key ECDH key to check.
+ * @param purpose Purpose of the signature (followed by the key).
+ * @param sig Signature with the peer's EdDSA key (PeerID).
+ */
+int
+GCP_check_key (struct CadetPeer *peer,
+               const struct GNUNET_CRYPTO_EcdhePublicKey *key,
+               const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+               const struct GNUNET_CRYPTO_EddsaSignature *sig)
+{
+  struct GNUNET_CRYPTO_EddsaPublicKey *pub;
+  int verified;
+  /* Is it the same as the cached key? */
+  if (0 == memcmp (&peer->ax_key, key, sizeof (*key)))
+    return GNUNET_OK;
+  /* New key, verify. */
+  pub = (struct GNUNET_CRYPTO_EddsaPublicKey *) GCP_get_id (peer);
+  verified = GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_AXKX,
+                                         purpose, sig, pub);
+  if (GNUNET_OK != verified)
+    return GNUNET_SYSERR;
+  /* Cache key for later. */
+  peer->ax_key = *key;
+  return GNUNET_OK;
+}
+/**
 * Notify a peer that a link between two other peers is broken. If any path
 * used that link, eliminate it.
 *
diff --git a/src/cadet/gnunet-service-cadet_peer.h b/src/cadet/gnunet-service-cadet_peer.h
index a0211328b..53a26b2e9 100644
--- a/src/cadet/gnunet-service-cadet_peer.h
+++ b/src/cadet/gnunet-service-cadet_peer.h
@@ -390,6 +390,25 @@ void
 GCP_try_connect (struct CadetPeer *peer);
 /**
+ * Check if the given ECDH key is correct for the peer.
+ *
+ * This function caches the results if the key has been previoulsy checked,
+ * otherwise checks that the key is signed with the peer's ID (EdDSA key).
+ *
+ * TODO: save the cached public key to permanent storage / peerinfo.
+ *
+ * @param peer Peer whose key to check.
+ * @param key ECDH key to check.
+ * @param purpose Purpose of the signature (followed by the key).
+ * @param sig Signature with the peer's EdDSA key (PeerID).
+ */
+int
+GCP_check_key (struct CadetPeer *peer,
+               const struct GNUNET_CRYPTO_EcdhePublicKey *key,
+               const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+               const struct GNUNET_CRYPTO_EddsaSignature *sig);
+/**
 * Notify a peer that a link between two other peers is broken. If any path
 * used that link, eliminate it.
 *

diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c index 19c6c99bf..1948c1ed9 100644 --- a/src/cadet/gnunet-service-cadet_peer.c +++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -22,6 +22,8 @@
22	#include "platform.h"	22	#include "platform.h"
23	#include "gnunet_util_lib.h"	23	#include "gnunet_util_lib.h"
24		24
		25	#include "gnunet_signatures.h"
		26
25	#include "gnunet_transport_service.h"	27	#include "gnunet_transport_service.h"
26	#include "gnunet_core_service.h"	28	#include "gnunet_core_service.h"
27	#include "gnunet_statistics_service.h"	29	#include "gnunet_statistics_service.h"
@@ -124,6 +126,11 @@ struct CadetPeer
124	GNUNET_PEER_Id id;	126	GNUNET_PEER_Id id;
125		127
126	/**	128	/**
		129	* Axolotl permanent public key.
		130	*/
		131	struct GNUNET_CRYPTO_EcdhePublicKey ax_key;
		132
		133	/**
127	* Last time we heard from this peer	134	* Last time we heard from this peer
128	*/	135	*/
129	struct GNUNET_TIME_Absolute last_contact;	136	struct GNUNET_TIME_Absolute last_contact;
@@ -2366,6 +2373,46 @@ GCP_try_connect (struct CadetPeer *peer)
2366		2373
2367		2374
2368	/**	2375	/**
		2376	* Check if the given ECDH key is correct for the peer.
		2377	*
		2378	* This function caches the results if the key has been previoulsy checked,
		2379	* otherwise checks that the key is signed with the peer's ID (EdDSA key).
		2380	*
		2381	* TODO: save the cached public key to permanent storage / peerinfo.
		2382	*
		2383	* @param peer Peer whose key to check.
		2384	* @param key ECDH key to check.
		2385	* @param purpose Purpose of the signature (followed by the key).
		2386	* @param sig Signature with the peer's EdDSA key (PeerID).
		2387	*/
		2388	int
		2389	GCP_check_key (struct CadetPeer *peer,
		2390	const struct GNUNET_CRYPTO_EcdhePublicKey *key,
		2391	const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
		2392	const struct GNUNET_CRYPTO_EddsaSignature *sig)
		2393	{
		2394	struct GNUNET_CRYPTO_EddsaPublicKey *pub;
		2395	int verified;
		2396
		2397	/* Is it the same as the cached key? */
		2398	if (0 == memcmp (&peer->ax_key, key, sizeof (*key)))
		2399	return GNUNET_OK;
		2400
		2401	/* New key, verify. */
		2402	pub = (struct GNUNET_CRYPTO_EddsaPublicKey *) GCP_get_id (peer);
		2403	verified = GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_AXKX,
		2404	purpose, sig, pub);
		2405
		2406	if (GNUNET_OK != verified)
		2407	return GNUNET_SYSERR;
		2408
		2409	/* Cache key for later. */
		2410	peer->ax_key = *key;
		2411	return GNUNET_OK;
		2412	}
		2413
		2414
		2415	/**
2369	* Notify a peer that a link between two other peers is broken. If any path	2416	* Notify a peer that a link between two other peers is broken. If any path
2370	* used that link, eliminate it.	2417	* used that link, eliminate it.
2371	*	2418	*


diff --git a/src/cadet/gnunet-service-cadet_peer.h b/src/cadet/gnunet-service-cadet_peer.h index a0211328b..53a26b2e9 100644 --- a/src/cadet/gnunet-service-cadet_peer.h +++ b/src/cadet/gnunet-service-cadet_peer.h
@@ -390,6 +390,25 @@ void
390	GCP_try_connect (struct CadetPeer *peer);	390	GCP_try_connect (struct CadetPeer *peer);
391		391
392	/**	392	/**
		393	* Check if the given ECDH key is correct for the peer.
		394	*
		395	* This function caches the results if the key has been previoulsy checked,
		396	* otherwise checks that the key is signed with the peer's ID (EdDSA key).
		397	*
		398	* TODO: save the cached public key to permanent storage / peerinfo.
		399	*
		400	* @param peer Peer whose key to check.
		401	* @param key ECDH key to check.
		402	* @param purpose Purpose of the signature (followed by the key).
		403	* @param sig Signature with the peer's EdDSA key (PeerID).
		404	*/
		405	int
		406	GCP_check_key (struct CadetPeer *peer,
		407	const struct GNUNET_CRYPTO_EcdhePublicKey *key,
		408	const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
		409	const struct GNUNET_CRYPTO_EddsaSignature *sig);
		410
		411	/**
393	* Notify a peer that a link between two other peers is broken. If any path	412	* Notify a peer that a link between two other peers is broken. If any path
394	* used that link, eliminate it.	413	* used that link, eliminate it.
395	*	414	*