diff options
Diffstat (limited to 'src/transport/gnunet-service-tng.c')
-rw-r--r-- | src/transport/gnunet-service-tng.c | 41 |
1 files changed, 14 insertions, 27 deletions
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index d3c3defec..3381f886f 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c | |||
@@ -385,7 +385,7 @@ struct EphemeralConfirmationPS | |||
385 | * communicators must protect against replay attacks when using backchannel | 385 | * communicators must protect against replay attacks when using backchannel |
386 | * communication! | 386 | * communication! |
387 | */ | 387 | */ |
388 | struct GNUNET_TIME_AbsoluteNBO ephemeral_validity; | 388 | struct GNUNET_TIME_AbsoluteNBO sender_monotonic_time; |
389 | 389 | ||
390 | /** | 390 | /** |
391 | * Target's peer identity. | 391 | * Target's peer identity. |
@@ -419,22 +419,6 @@ struct TransportBackchannelRequestPayloadP | |||
419 | struct GNUNET_CRYPTO_EddsaSignature sender_sig; | 419 | struct GNUNET_CRYPTO_EddsaSignature sender_sig; |
420 | 420 | ||
421 | /** | 421 | /** |
422 | * How long is this signature over the ephemeral key valid? | ||
423 | * | ||
424 | * Note that the receiver MUST IGNORE the absolute time, and only interpret | ||
425 | * the value as a mononic time and reject "older" values than the last one | ||
426 | * observed. This is necessary as we do not want to require synchronized | ||
427 | * clocks and may not have a bidirectional communication channel. | ||
428 | * | ||
429 | * Even with this, there is no real guarantee against replay achieved here, | ||
430 | * unless the latest timestamp is persisted. While persistence should be | ||
431 | * provided via PEERSTORE, we do not consider the mechanism reliable! Thus, | ||
432 | * communicators must protect against replay attacks when using backchannel | ||
433 | * communication! | ||
434 | */ | ||
435 | struct GNUNET_TIME_AbsoluteNBO ephemeral_validity; | ||
436 | |||
437 | /** | ||
438 | * Current monotonic time of the sending transport service. Used to | 422 | * Current monotonic time of the sending transport service. Used to |
439 | * detect replayed messages. Note that the receiver should remember | 423 | * detect replayed messages. Note that the receiver should remember |
440 | * a list of the recently seen timestamps and only reject messages | 424 | * a list of the recently seen timestamps and only reject messages |
@@ -1020,6 +1004,11 @@ struct EphemeralCacheEntry | |||
1020 | struct GNUNET_TIME_Absolute ephemeral_validity; | 1004 | struct GNUNET_TIME_Absolute ephemeral_validity; |
1021 | 1005 | ||
1022 | /** | 1006 | /** |
1007 | * What time was @e sender_sig created | ||
1008 | */ | ||
1009 | struct GNUNET_TIME_Absolute monotime; | ||
1010 | |||
1011 | /** | ||
1023 | * Our ephemeral key. | 1012 | * Our ephemeral key. |
1024 | */ | 1013 | */ |
1025 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | 1014 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; |
@@ -3914,14 +3903,14 @@ expire_ephemerals (void *cls) | |||
3914 | * @param private_key[out] set to the private key | 3903 | * @param private_key[out] set to the private key |
3915 | * @param ephemeral_key[out] set to the key | 3904 | * @param ephemeral_key[out] set to the key |
3916 | * @param ephemeral_sender_sig[out] set to the signature | 3905 | * @param ephemeral_sender_sig[out] set to the signature |
3917 | * @param ephemeral_validity[out] set to the validity expiration time | 3906 | * @param monotime[out] set to the monotime used for the signature |
3918 | */ | 3907 | */ |
3919 | static void | 3908 | static void |
3920 | lookup_ephemeral (const struct GNUNET_PeerIdentity *pid, | 3909 | lookup_ephemeral (const struct GNUNET_PeerIdentity *pid, |
3921 | struct GNUNET_CRYPTO_EcdhePrivateKey *private_key, | 3910 | struct GNUNET_CRYPTO_EcdhePrivateKey *private_key, |
3922 | struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key, | 3911 | struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key, |
3923 | struct GNUNET_CRYPTO_EddsaSignature *ephemeral_sender_sig, | 3912 | struct GNUNET_CRYPTO_EddsaSignature *ephemeral_sender_sig, |
3924 | struct GNUNET_TIME_Absolute *ephemeral_validity) | 3913 | struct GNUNET_TIME_Absolute *monotime) |
3925 | { | 3914 | { |
3926 | struct EphemeralCacheEntry *ece; | 3915 | struct EphemeralCacheEntry *ece; |
3927 | struct EphemeralConfirmationPS ec; | 3916 | struct EphemeralConfirmationPS ec; |
@@ -3938,9 +3927,9 @@ lookup_ephemeral (const struct GNUNET_PeerIdentity *pid, | |||
3938 | { | 3927 | { |
3939 | ece = GNUNET_new (struct EphemeralCacheEntry); | 3928 | ece = GNUNET_new (struct EphemeralCacheEntry); |
3940 | ece->target = *pid; | 3929 | ece->target = *pid; |
3930 | ece->monotime = GNUNET_TIME_absolute_get_monotonic (GST_cfg); | ||
3941 | ece->ephemeral_validity = | 3931 | ece->ephemeral_validity = |
3942 | GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get_monotonic (GST_cfg), | 3932 | GNUNET_TIME_absolute_add (ece->monotime, EPHEMERAL_VALIDITY); |
3943 | EPHEMERAL_VALIDITY); | ||
3944 | GNUNET_assert (GNUNET_OK == | 3933 | GNUNET_assert (GNUNET_OK == |
3945 | GNUNET_CRYPTO_ecdhe_key_create2 (&ece->private_key)); | 3934 | GNUNET_CRYPTO_ecdhe_key_create2 (&ece->private_key)); |
3946 | GNUNET_CRYPTO_ecdhe_key_get_public (&ece->private_key, &ece->ephemeral_key); | 3935 | GNUNET_CRYPTO_ecdhe_key_get_public (&ece->private_key, &ece->ephemeral_key); |
@@ -3969,7 +3958,7 @@ lookup_ephemeral (const struct GNUNET_PeerIdentity *pid, | |||
3969 | *private_key = ece->private_key; | 3958 | *private_key = ece->private_key; |
3970 | *ephemeral_key = ece->ephemeral_key; | 3959 | *ephemeral_key = ece->ephemeral_key; |
3971 | *ephemeral_sender_sig = ece->sender_sig; | 3960 | *ephemeral_sender_sig = ece->sender_sig; |
3972 | *ephemeral_validity = ece->ephemeral_validity; | 3961 | *monotime = ece->monotime; |
3973 | } | 3962 | } |
3974 | 3963 | ||
3975 | 3964 | ||
@@ -4410,7 +4399,7 @@ handle_communicator_backchannel ( | |||
4410 | { | 4399 | { |
4411 | struct TransportClient *tc = cls; | 4400 | struct TransportClient *tc = cls; |
4412 | struct GNUNET_CRYPTO_EcdhePrivateKey private_key; | 4401 | struct GNUNET_CRYPTO_EcdhePrivateKey private_key; |
4413 | struct GNUNET_TIME_Absolute ephemeral_validity; | 4402 | struct GNUNET_TIME_Absolute monotime; |
4414 | struct TransportBackchannelEncapsulationMessage *enc; | 4403 | struct TransportBackchannelEncapsulationMessage *enc; |
4415 | struct TransportBackchannelRequestPayloadP ppay; | 4404 | struct TransportBackchannelRequestPayloadP ppay; |
4416 | struct BackchannelKeyState key; | 4405 | struct BackchannelKeyState key; |
@@ -4429,14 +4418,12 @@ handle_communicator_backchannel ( | |||
4429 | &private_key, | 4418 | &private_key, |
4430 | &enc->ephemeral_key, | 4419 | &enc->ephemeral_key, |
4431 | &ppay.sender_sig, | 4420 | &ppay.sender_sig, |
4432 | &ephemeral_validity); | 4421 | &monotime); |
4433 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | 4422 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, |
4434 | &enc->iv, | 4423 | &enc->iv, |
4435 | sizeof (enc->iv)); | 4424 | sizeof (enc->iv)); |
4436 | dh_key_derive_eph_pid (&private_key, &cb->pid, &enc->iv, &key); | 4425 | dh_key_derive_eph_pid (&private_key, &cb->pid, &enc->iv, &key); |
4437 | ppay.ephemeral_validity = GNUNET_TIME_absolute_hton (ephemeral_validity); | 4426 | ppay.monotonic_time = GNUNET_TIME_absolute_hton (monotime); |
4438 | ppay.monotonic_time = | ||
4439 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg)); | ||
4440 | mpos = (char *) &enc[1]; | 4427 | mpos = (char *) &enc[1]; |
4441 | bc_encrypt (&key, &ppay, mpos, sizeof (ppay)); | 4428 | bc_encrypt (&key, &ppay, mpos, sizeof (ppay)); |
4442 | bc_encrypt (&key, | 4429 | bc_encrypt (&key, |