diff options
Diffstat (limited to 'src/transport/gnunet-communicator-tcp.c')
-rw-r--r-- | src/transport/gnunet-communicator-tcp.c | 51 |
1 files changed, 22 insertions, 29 deletions
diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c index e2f1e4507..20d052dce 100644 --- a/src/transport/gnunet-communicator-tcp.c +++ b/src/transport/gnunet-communicator-tcp.c | |||
@@ -52,7 +52,7 @@ | |||
52 | * the other peer should revalidate). | 52 | * the other peer should revalidate). |
53 | */ | 53 | */ |
54 | #define ADDRESS_VALIDITY_PERIOD \ | 54 | #define ADDRESS_VALIDITY_PERIOD \ |
55 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) | 55 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) |
56 | 56 | ||
57 | /** | 57 | /** |
58 | * How many messages do we keep at most in the queue to the | 58 | * How many messages do we keep at most in the queue to the |
@@ -91,16 +91,16 @@ | |||
91 | * directions. | 91 | * directions. |
92 | */ | 92 | */ |
93 | #define INITIAL_KX_SIZE \ | 93 | #define INITIAL_KX_SIZE \ |
94 | (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \ | 94 | (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \ |
95 | + sizeof(struct TCPConfirmation)) | 95 | + sizeof(struct TCPConfirmation)) |
96 | 96 | ||
97 | /** | 97 | /** |
98 | * Size of the initial core key exchange messages. | 98 | * Size of the initial core key exchange messages. |
99 | */ | 99 | */ |
100 | #define INITIAL_CORE_KX_SIZE \ | 100 | #define INITIAL_CORE_KX_SIZE \ |
101 | (sizeof(struct EphemeralKeyMessage) \ | 101 | (sizeof(struct EphemeralKeyMessage) \ |
102 | + sizeof(struct PingMessage) \ | 102 | + sizeof(struct PingMessage) \ |
103 | + sizeof(struct PongMessage)) | 103 | + sizeof(struct PongMessage)) |
104 | 104 | ||
105 | /** | 105 | /** |
106 | * Address prefix used by the communicator. | 106 | * Address prefix used by the communicator. |
@@ -469,12 +469,6 @@ struct Queue | |||
469 | struct GNUNET_HashCode out_hmac; | 469 | struct GNUNET_HashCode out_hmac; |
470 | 470 | ||
471 | /** | 471 | /** |
472 | * Our ephemeral key. Stored here temporarily during rekeying / key | ||
473 | * generation. | ||
474 | */ | ||
475 | struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral; | ||
476 | |||
477 | /** | ||
478 | * ID of read task for this connection. | 472 | * ID of read task for this connection. |
479 | */ | 473 | */ |
480 | struct GNUNET_SCHEDULER_Task *read_task; | 474 | struct GNUNET_SCHEDULER_Task *read_task; |
@@ -1357,10 +1351,10 @@ static void | |||
1357 | setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral, | 1351 | setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral, |
1358 | struct Queue *queue) | 1352 | struct Queue *queue) |
1359 | { | 1353 | { |
1360 | struct GNUNET_HashCode dh; | 1354 | struct GNUNET_HashCode k; |
1361 | 1355 | ||
1362 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &dh); | 1356 | GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &k); |
1363 | setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac); | 1357 | setup_cipher (&k, &my_identity, &queue->in_cipher, &queue->in_hmac); |
1364 | } | 1358 | } |
1365 | 1359 | ||
1366 | 1360 | ||
@@ -1557,14 +1551,9 @@ send_challenge (struct GNUNET_CRYPTO_ChallengeNonceP challenge, | |||
1557 | * @param queue queue to setup outgoing (encryption) cipher for | 1551 | * @param queue queue to setup outgoing (encryption) cipher for |
1558 | */ | 1552 | */ |
1559 | static void | 1553 | static void |
1560 | setup_out_cipher (struct Queue *queue) | 1554 | setup_out_cipher (struct Queue *queue, struct GNUNET_HashCode *dh) |
1561 | { | 1555 | { |
1562 | struct GNUNET_HashCode dh; | 1556 | setup_cipher (dh, &queue->target, &queue->out_cipher, &queue->out_hmac); |
1563 | |||
1564 | GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, &queue->target.public_key, &dh); | ||
1565 | /* we don't need the private key anymore, drop it! */ | ||
1566 | memset (&queue->ephemeral, 0, sizeof(queue->ephemeral)); | ||
1567 | setup_cipher (&dh, &queue->target, &queue->out_cipher, &queue->out_hmac); | ||
1568 | queue->rekey_time = GNUNET_TIME_relative_to_absolute (rekey_interval); | 1557 | queue->rekey_time = GNUNET_TIME_relative_to_absolute (rekey_interval); |
1569 | queue->rekey_left_bytes = | 1558 | queue->rekey_left_bytes = |
1570 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES); | 1559 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, REKEY_MAX_BYTES); |
@@ -1582,13 +1571,15 @@ inject_rekey (struct Queue *queue) | |||
1582 | { | 1571 | { |
1583 | struct TCPRekey rekey; | 1572 | struct TCPRekey rekey; |
1584 | struct TcpRekeySignature thp; | 1573 | struct TcpRekeySignature thp; |
1574 | struct GNUNET_HashCode k; | ||
1575 | struct GNUNET_CRYPTO_EcdhePublicKey c; | ||
1585 | 1576 | ||
1586 | GNUNET_assert (0 == queue->pwrite_off); | 1577 | GNUNET_assert (0 == queue->pwrite_off); |
1587 | memset (&rekey, 0, sizeof(rekey)); | 1578 | memset (&rekey, 0, sizeof(rekey)); |
1588 | GNUNET_CRYPTO_ecdhe_key_create (&queue->ephemeral); | 1579 | GNUNET_CRYPTO_eddsa_kem_encaps (&queue->target.public_key, &rekey.ephemeral, |
1580 | &k); | ||
1589 | rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY); | 1581 | rekey.header.type = ntohs (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY); |
1590 | rekey.header.size = ntohs (sizeof(rekey)); | 1582 | rekey.header.size = ntohs (sizeof(rekey)); |
1591 | GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &rekey.ephemeral); | ||
1592 | rekey.monotonic_time = | 1583 | rekey.monotonic_time = |
1593 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); | 1584 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); |
1594 | thp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY); | 1585 | thp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_TCP_REKEY); |
@@ -1627,9 +1618,10 @@ inject_rekey (struct Queue *queue) | |||
1627 | queue->cwrite_off += sizeof(rekey); | 1618 | queue->cwrite_off += sizeof(rekey); |
1628 | /* Setup new cipher for successive messages */ | 1619 | /* Setup new cipher for successive messages */ |
1629 | gcry_cipher_close (queue->out_cipher); | 1620 | gcry_cipher_close (queue->out_cipher); |
1630 | setup_out_cipher (queue); | 1621 | setup_out_cipher (queue, &k); |
1631 | } | 1622 | } |
1632 | 1623 | ||
1624 | |||
1633 | static int | 1625 | static int |
1634 | pending_reversals_delete_it (void *cls, | 1626 | pending_reversals_delete_it (void *cls, |
1635 | const struct GNUNET_HashCode *key, | 1627 | const struct GNUNET_HashCode *key, |
@@ -1829,7 +1821,7 @@ queue_write (void *cls) | |||
1829 | if (((0 == queue->rekey_left_bytes) || | 1821 | if (((0 == queue->rekey_left_bytes) || |
1830 | (0 == GNUNET_TIME_absolute_get_remaining ( | 1822 | (0 == GNUNET_TIME_absolute_get_remaining ( |
1831 | queue->rekey_time).rel_value_us)) && | 1823 | queue->rekey_time).rel_value_us)) && |
1832 | (((0 == queue->pwrite_off) || ! we_do_not_need_to_rekey)&& | 1824 | (((0 == queue->pwrite_off) || ! we_do_not_need_to_rekey) && |
1833 | (queue->cwrite_off + sizeof (struct TCPRekey) <= BUF_SIZE))) | 1825 | (queue->cwrite_off + sizeof (struct TCPRekey) <= BUF_SIZE))) |
1834 | { | 1826 | { |
1835 | inject_rekey (queue); | 1827 | inject_rekey (queue); |
@@ -2712,10 +2704,10 @@ static void | |||
2712 | start_initial_kx_out (struct Queue *queue) | 2704 | start_initial_kx_out (struct Queue *queue) |
2713 | { | 2705 | { |
2714 | struct GNUNET_CRYPTO_EcdhePublicKey epub; | 2706 | struct GNUNET_CRYPTO_EcdhePublicKey epub; |
2707 | struct GNUNET_HashCode k; | ||
2715 | 2708 | ||
2716 | GNUNET_CRYPTO_ecdhe_key_create (&queue->ephemeral); | 2709 | GNUNET_CRYPTO_eddsa_kem_encaps (&queue->target.public_key, &epub, &k); |
2717 | GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, &epub); | 2710 | setup_out_cipher (queue, &k); |
2718 | setup_out_cipher (queue); | ||
2719 | transmit_kx (queue, &epub); | 2711 | transmit_kx (queue, &epub); |
2720 | } | 2712 | } |
2721 | 2713 | ||
@@ -3060,6 +3052,7 @@ proto_read_kx (void *cls) | |||
3060 | GNUNET_free (pq); | 3052 | GNUNET_free (pq); |
3061 | } | 3053 | } |
3062 | 3054 | ||
3055 | |||
3063 | static struct ProtoQueue * | 3056 | static struct ProtoQueue * |
3064 | create_proto_queue (struct GNUNET_NETWORK_Handle *sock, | 3057 | create_proto_queue (struct GNUNET_NETWORK_Handle *sock, |
3065 | struct sockaddr *in, | 3058 | struct sockaddr *in, |