1 files changed, 36 insertions, 90 deletions
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index c4711e6fe..f2ee685bc 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -187,20 +187,20 @@
 * the value chosen here might be too aggressively low!
 */
 #define DELAY_WARN_THRESHOLD \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
 /**
 * If a DVBox could not be forwarded after this number of
 * seconds we drop it.
 */
 #define DV_FORWARD_TIMEOUT \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 60)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 60)
 /**
 * Default value for how long we wait for reliability ack.
 */
 #define DEFAULT_ACK_WAIT_DURATION \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
 /**
 * We only consider queues as "quality" connections when
@@ -208,53 +208,53 @@
 * the latency of the queue is below this threshold.
 */
 #define DV_QUALITY_RTT_THRESHOLD \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
 /**
 * How long do we consider a DV path valid if we see no
 * further updates on it? Note: the value chosen here might be too low!
 */
 #define DV_PATH_VALIDITY_TIMEOUT \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
 /**
 * How long do we cache backchannel (struct Backtalker) information
 * after a backchannel goes inactive?
 */
 #define BACKCHANNEL_INACTIVITY_TIMEOUT \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
 /**
 * How long before paths expire would we like to (re)discover DV paths? Should
 * be below #DV_PATH_VALIDITY_TIMEOUT.
 */
 #define DV_PATH_DISCOVERY_FREQUENCY \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
 /**
 * How long are ephemeral keys valid?
 */
 #define EPHEMERAL_VALIDITY \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
 /**
 * How long do we keep partially reassembled messages around before giving up?
 */
 #define REASSEMBLY_EXPIRATION \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
 /**
 * What is the fastest rate at which we send challenges *if* we keep learning
 * an address (gossip, DHT, etc.)?
 */
 #define FAST_VALIDATION_CHALLENGE_FREQ \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1)
 /**
 * What is the slowest rate at which we send challenges?
 */
 #define MAX_VALIDATION_CHALLENGE_FREQ \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1)
 /**
 * How long until we forget about historic accumulators and thus
@@ -262,7 +262,7 @@
 * active connection experiences without an ACK.
 */
 #define ACK_CUMMULATOR_TIMEOUT \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
 /**
 * What is the non-randomized base frequency at which we
@@ -280,13 +280,13 @@
 * When do we forget an invalid address for sure?
 */
 #define MAX_ADDRESS_VALID_UNTIL \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1)
 /**
 * How long do we consider an address valid if we just checked?
 */
 #define ADDRESS_VALIDATION_LIFETIME \
-        GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
+  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
 /**
 * What is the maximum frequency at which we do address validation?
@@ -1774,10 +1774,6 @@ struct DistanceVector
   */
  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
-  /**
-   * Our private ephemeral key.
-   */
-  struct GNUNET_CRYPTO_EcdhePrivateKey private_key;
 };
@@ -4411,24 +4407,18 @@ check_communicator_backchannel (
 /**
- * Ensure ephemeral keys in our @a dv are current. If no current one exists,
+ * Sign ephemeral keys in our @a dv are current.
- * set it up.
 *
 * @param[in,out] dv virtual link to update ephemeral for
 */
 static void
-update_ephemeral (struct DistanceVector *dv)
+sign_ephemeral (struct DistanceVector *dv)
 {
  struct EphemeralConfirmationPS ec;
-  if (0 !=
-      GNUNET_TIME_absolute_get_remaining (dv->ephemeral_validity).rel_value_us)
-    return;
  dv->monotime = GNUNET_TIME_absolute_get_monotonic (GST_cfg);
  dv->ephemeral_validity =
    GNUNET_TIME_absolute_add (dv->monotime, EPHEMERAL_VALIDITY);
-  GNUNET_CRYPTO_ecdhe_key_create (&dv->private_key);
-  GNUNET_CRYPTO_ecdhe_key_get_public (&dv->private_key, &dv->ephemeral_key);
  ec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL);
  ec.target = dv->target;
  ec.ephemeral_key = dv->ephemeral_key;
@@ -4681,7 +4671,7 @@ dv_setup_key_state_from_km (const struct GNUNET_HashCode *km,
                            const struct GNUNET_ShortHashCode *iv,
                            struct DVKeyState *key)
 {
-  /* must match #dh_key_derive_eph_pub */
+  /* must match what we defive from decapsulated key */
  GNUNET_assert (GNUNET_YES ==
                 GNUNET_CRYPTO_kdf (&key->material,
                                    sizeof(key->material),
@@ -4710,62 +4700,6 @@ dv_setup_key_state_from_km (const struct GNUNET_HashCode *km,
 /**
- * Derive backchannel encryption key material from @a priv_ephemeral
- * and @a target and @a iv.
- *
- * @param priv_ephemeral ephemeral private key to use
- * @param target the target peer to encrypt to
- * @param iv unique IV to use
- * @param[out] key set to the key material
- * @return GNUNET_OK on success
- */
-static enum GNUNET_GenericReturnValue
-dh_key_derive_eph_pid (
-  const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ephemeral,
-  const struct GNUNET_PeerIdentity *target,
-  const struct GNUNET_ShortHashCode *iv,
-  struct DVKeyState *key)
-{
-  struct GNUNET_HashCode km;
-  if (GNUNET_YES != GNUNET_CRYPTO_ecdh_eddsa (priv_ephemeral,
-                                              &target->public_key,
-                                              &km))
-    return GNUNET_SYSERR;
-  // FIXME: Possibly also add return values here. We are processing
-  // Input from other peers...
-  dv_setup_key_state_from_km (&km, iv, key);
-  return GNUNET_OK;
-}
-/**
- * Derive backchannel encryption key material from #GST_my_private_key
- * and @a pub_ephemeral and @a iv.
- *
- * @param priv_ephemeral ephemeral private key to use
- * @param target the target peer to encrypt to
- * @param iv unique IV to use
- * @param[out] key set to the key material
- * @return GNUNET_OK on success
- */
-static enum GNUNET_GenericReturnValue
-dh_key_derive_eph_pub (const struct GNUNET_CRYPTO_EcdhePublicKey *pub_ephemeral,
-                       const struct GNUNET_ShortHashCode *iv,
-                       struct DVKeyState *key)
-{
-  struct GNUNET_HashCode km;
-  if (GNUNET_YES != GNUNET_CRYPTO_eddsa_ecdh (GST_my_private_key,
-                                              pub_ephemeral,
-                                              &km))
-    return GNUNET_SYSERR;
-  dv_setup_key_state_from_km (&km, iv, key);
-  return GNUNET_OK;
-}
-/**
 * Do HMAC calculation for backchannel messages over @a data using key
 * material from @a key.
 *
@@ -4882,13 +4816,22 @@ encapsulate_for_dv (struct DistanceVector *dv,
  char enc[sizeof(struct TransportDVBoxPayloadP) + enc_body_size] GNUNET_ALIGN;
  struct DVKeyState *key;
  struct GNUNET_TIME_Relative rtt;
+  struct GNUNET_HashCode k;
  key = GNUNET_new (struct DVKeyState);
  /* Encrypt payload */
  box_hdr.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_DV_BOX);
  box_hdr.total_hops = htons (0);
  box_hdr.without_fc = htons (without_fc);
-  update_ephemeral (dv);
+  // update_ephemeral (dv);
+  if (0 ==
+      GNUNET_TIME_absolute_get_remaining (dv->ephemeral_validity).rel_value_us)
+  {
+    GNUNET_CRYPTO_eddsa_kem_encaps (&dv->target.public_key,
+                                    &dv->ephemeral_key,
+                                    &k);
+    sign_ephemeral (dv);
+  }
  box_hdr.ephemeral_key = dv->ephemeral_key;
  payload_hdr.sender_sig = dv->sender_sig;
@@ -4896,10 +4839,9 @@ encapsulate_for_dv (struct DistanceVector *dv,
                              &box_hdr.iv,
                              sizeof(box_hdr.iv));
  // We are creating this key, so this must work.
-  GNUNET_assert (GNUNET_OK ==
+  // FIXME: Possibly also add return values here. We are processing
-                 dh_key_derive_eph_pid (&dv->private_key,
+  // Input from other peers...
-                                        &dv->target,
+  dv_setup_key_state_from_km (&k, &box_hdr.iv, key);
-                                        &box_hdr.iv, key));
  payload_hdr.sender = GST_my_identity;
  payload_hdr.monotonic_time = GNUNET_TIME_absolute_hton (dv->monotime);
  dv_encrypt (key, &payload_hdr, enc, sizeof(payload_hdr));
@@ -8322,13 +8264,17 @@ handle_dv_box (void *cls, const struct TransportDVBoxMessage *dvb)
  cmc->total_hops = ntohs (dvb->total_hops);
  // DH key derivation with received DV, could be garbage.
-  if (GNUNET_OK !=
+  struct GNUNET_HashCode km;
-      dh_key_derive_eph_pub (&dvb->ephemeral_key, &dvb->iv, &key))
+  if (GNUNET_YES != GNUNET_CRYPTO_eddsa_kem_decaps (GST_my_private_key,
+                                                    &dvb->ephemeral_key,
+                                                    &km))
  {
    GNUNET_break_op (0);
    finish_cmc_handling (cmc);
    return;
  }
+  dv_setup_key_state_from_km (&km, &dvb->iv, &key);
  hdr = (const char *) &dvb[1];
  hdr_len = ntohs (dvb->orig_size) - sizeof(*dvb) - sizeof(struct
                                                           GNUNET_PeerIdentity)

diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index c4711e6fe..f2ee685bc 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c
@@ -187,20 +187,20 @@
187	* the value chosen here might be too aggressively low!	187	* the value chosen here might be too aggressively low!
188	*/	188	*/
189	#define DELAY_WARN_THRESHOLD \	189	#define DELAY_WARN_THRESHOLD \
190	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)	190	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
191		191
192	/**	192	/**
193	* If a DVBox could not be forwarded after this number of	193	* If a DVBox could not be forwarded after this number of
194	* seconds we drop it.	194	* seconds we drop it.
195	*/	195	*/
196	#define DV_FORWARD_TIMEOUT \	196	#define DV_FORWARD_TIMEOUT \
197	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 60)	197	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 60)
198		198
199	/**	199	/**
200	* Default value for how long we wait for reliability ack.	200	* Default value for how long we wait for reliability ack.
201	*/	201	*/
202	#define DEFAULT_ACK_WAIT_DURATION \	202	#define DEFAULT_ACK_WAIT_DURATION \
203	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)	203	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
204		204
205	/**	205	/**
206	* We only consider queues as "quality" connections when	206	* We only consider queues as "quality" connections when
@@ -208,53 +208,53 @@
208	* the latency of the queue is below this threshold.	208	* the latency of the queue is below this threshold.
209	*/	209	*/
210	#define DV_QUALITY_RTT_THRESHOLD \	210	#define DV_QUALITY_RTT_THRESHOLD \
211	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)	211	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1)
212		212
213	/**	213	/**
214	* How long do we consider a DV path valid if we see no	214	* How long do we consider a DV path valid if we see no
215	* further updates on it? Note: the value chosen here might be too low!	215	* further updates on it? Note: the value chosen here might be too low!
216	*/	216	*/
217	#define DV_PATH_VALIDITY_TIMEOUT \	217	#define DV_PATH_VALIDITY_TIMEOUT \
218	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)	218	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
219		219
220	/**	220	/**
221	* How long do we cache backchannel (struct Backtalker) information	221	* How long do we cache backchannel (struct Backtalker) information
222	* after a backchannel goes inactive?	222	* after a backchannel goes inactive?
223	*/	223	*/
224	#define BACKCHANNEL_INACTIVITY_TIMEOUT \	224	#define BACKCHANNEL_INACTIVITY_TIMEOUT \
225	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)	225	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
226		226
227	/**	227	/**
228	* How long before paths expire would we like to (re)discover DV paths? Should	228	* How long before paths expire would we like to (re)discover DV paths? Should
229	* be below #DV_PATH_VALIDITY_TIMEOUT.	229	* be below #DV_PATH_VALIDITY_TIMEOUT.
230	*/	230	*/
231	#define DV_PATH_DISCOVERY_FREQUENCY \	231	#define DV_PATH_DISCOVERY_FREQUENCY \
232	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)	232	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
233		233
234	/**	234	/**
235	* How long are ephemeral keys valid?	235	* How long are ephemeral keys valid?
236	*/	236	*/
237	#define EPHEMERAL_VALIDITY \	237	#define EPHEMERAL_VALIDITY \
238	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)	238	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
239		239
240	/**	240	/**
241	* How long do we keep partially reassembled messages around before giving up?	241	* How long do we keep partially reassembled messages around before giving up?
242	*/	242	*/
243	#define REASSEMBLY_EXPIRATION \	243	#define REASSEMBLY_EXPIRATION \
244	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)	244	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4)
245		245
246	/**	246	/**
247	* What is the fastest rate at which we send challenges if we keep learning	247	* What is the fastest rate at which we send challenges if we keep learning
248	* an address (gossip, DHT, etc.)?	248	* an address (gossip, DHT, etc.)?
249	*/	249	*/
250	#define FAST_VALIDATION_CHALLENGE_FREQ \	250	#define FAST_VALIDATION_CHALLENGE_FREQ \
251	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1)	251	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1)
252		252
253	/**	253	/**
254	* What is the slowest rate at which we send challenges?	254	* What is the slowest rate at which we send challenges?
255	*/	255	*/
256	#define MAX_VALIDATION_CHALLENGE_FREQ \	256	#define MAX_VALIDATION_CHALLENGE_FREQ \
257	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1)	257	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1)
258		258
259	/**	259	/**
260	* How long until we forget about historic accumulators and thus	260	* How long until we forget about historic accumulators and thus
@@ -262,7 +262,7 @@
262	* active connection experiences without an ACK.	262	* active connection experiences without an ACK.
263	*/	263	*/
264	#define ACK_CUMMULATOR_TIMEOUT \	264	#define ACK_CUMMULATOR_TIMEOUT \
265	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)	265	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
266		266
267	/**	267	/**
268	* What is the non-randomized base frequency at which we	268	* What is the non-randomized base frequency at which we
@@ -280,13 +280,13 @@
280	* When do we forget an invalid address for sure?	280	* When do we forget an invalid address for sure?
281	*/	281	*/
282	#define MAX_ADDRESS_VALID_UNTIL \	282	#define MAX_ADDRESS_VALID_UNTIL \
283	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1)	283	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1)
284		284
285	/**	285	/**
286	* How long do we consider an address valid if we just checked?	286	* How long do we consider an address valid if we just checked?
287	*/	287	*/
288	#define ADDRESS_VALIDATION_LIFETIME \	288	#define ADDRESS_VALIDATION_LIFETIME \
289	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)	289	GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4)
290		290
291	/**	291	/**
292	* What is the maximum frequency at which we do address validation?	292	* What is the maximum frequency at which we do address validation?
@@ -1774,10 +1774,6 @@ struct DistanceVector
1774	*/	1774	*/
1775	struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;	1775	struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1776		1776
1777	/**
1778	* Our private ephemeral key.
1779	*/
1780	struct GNUNET_CRYPTO_EcdhePrivateKey private_key;
1781	};	1777	};
1782		1778
1783		1779
@@ -4411,24 +4407,18 @@ check_communicator_backchannel (
4411		4407
4412		4408
4413	/**	4409	/**
4414	* Ensure ephemeral keys in our @a dv are current. If no current one exists,	4410	* Sign ephemeral keys in our @a dv are current.
4415	* set it up.
4416	*	4411	*
4417	* @param[in,out] dv virtual link to update ephemeral for	4412	* @param[in,out] dv virtual link to update ephemeral for
4418	*/	4413	*/
4419	static void	4414	static void
4420	update_ephemeral (struct DistanceVector *dv)	4415	sign_ephemeral (struct DistanceVector *dv)
4421	{	4416	{
4422	struct EphemeralConfirmationPS ec;	4417	struct EphemeralConfirmationPS ec;
4423		4418
4424	if (0 !=
4425	GNUNET_TIME_absolute_get_remaining (dv->ephemeral_validity).rel_value_us)
4426	return;
4427	dv->monotime = GNUNET_TIME_absolute_get_monotonic (GST_cfg);	4419	dv->monotime = GNUNET_TIME_absolute_get_monotonic (GST_cfg);
4428	dv->ephemeral_validity =	4420	dv->ephemeral_validity =
4429	GNUNET_TIME_absolute_add (dv->monotime, EPHEMERAL_VALIDITY);	4421	GNUNET_TIME_absolute_add (dv->monotime, EPHEMERAL_VALIDITY);
4430	GNUNET_CRYPTO_ecdhe_key_create (&dv->private_key);
4431	GNUNET_CRYPTO_ecdhe_key_get_public (&dv->private_key, &dv->ephemeral_key);
4432	ec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL);	4422	ec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL);
4433	ec.target = dv->target;	4423	ec.target = dv->target;
4434	ec.ephemeral_key = dv->ephemeral_key;	4424	ec.ephemeral_key = dv->ephemeral_key;
@@ -4681,7 +4671,7 @@ dv_setup_key_state_from_km (const struct GNUNET_HashCode *km,
4681	const struct GNUNET_ShortHashCode *iv,	4671	const struct GNUNET_ShortHashCode *iv,
4682	struct DVKeyState *key)	4672	struct DVKeyState *key)
4683	{	4673	{
4684	/* must match #dh_key_derive_eph_pub */	4674	/* must match what we defive from decapsulated key */
4685	GNUNET_assert (GNUNET_YES ==	4675	GNUNET_assert (GNUNET_YES ==
4686	GNUNET_CRYPTO_kdf (&key->material,	4676	GNUNET_CRYPTO_kdf (&key->material,
4687	sizeof(key->material),	4677	sizeof(key->material),
@@ -4710,62 +4700,6 @@ dv_setup_key_state_from_km (const struct GNUNET_HashCode *km,
4710		4700
4711		4701
4712	/**	4702	/**
4713	* Derive backchannel encryption key material from @a priv_ephemeral
4714	* and @a target and @a iv.
4715	*
4716	* @param priv_ephemeral ephemeral private key to use
4717	* @param target the target peer to encrypt to
4718	* @param iv unique IV to use
4719	* @param[out] key set to the key material
4720	* @return GNUNET_OK on success
4721	*/
4722	static enum GNUNET_GenericReturnValue
4723	dh_key_derive_eph_pid (
4724	const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ephemeral,
4725	const struct GNUNET_PeerIdentity *target,
4726	const struct GNUNET_ShortHashCode *iv,
4727	struct DVKeyState *key)
4728	{
4729	struct GNUNET_HashCode km;
4730
4731	if (GNUNET_YES != GNUNET_CRYPTO_ecdh_eddsa (priv_ephemeral,
4732	&target->public_key,
4733	&km))
4734	return GNUNET_SYSERR;
4735	// FIXME: Possibly also add return values here. We are processing
4736	// Input from other peers...
4737	dv_setup_key_state_from_km (&km, iv, key);
4738	return GNUNET_OK;
4739	}
4740
4741
4742	/**
4743	* Derive backchannel encryption key material from #GST_my_private_key
4744	* and @a pub_ephemeral and @a iv.
4745	*
4746	* @param priv_ephemeral ephemeral private key to use
4747	* @param target the target peer to encrypt to
4748	* @param iv unique IV to use
4749	* @param[out] key set to the key material
4750	* @return GNUNET_OK on success
4751	*/
4752	static enum GNUNET_GenericReturnValue
4753	dh_key_derive_eph_pub (const struct GNUNET_CRYPTO_EcdhePublicKey *pub_ephemeral,
4754	const struct GNUNET_ShortHashCode *iv,
4755	struct DVKeyState *key)
4756	{
4757	struct GNUNET_HashCode km;
4758
4759	if (GNUNET_YES != GNUNET_CRYPTO_eddsa_ecdh (GST_my_private_key,
4760	pub_ephemeral,
4761	&km))
4762	return GNUNET_SYSERR;
4763	dv_setup_key_state_from_km (&km, iv, key);
4764	return GNUNET_OK;
4765	}
4766
4767
4768	/**
4769	* Do HMAC calculation for backchannel messages over @a data using key	4703	* Do HMAC calculation for backchannel messages over @a data using key
4770	* material from @a key.	4704	* material from @a key.
4771	*	4705	*
@@ -4882,13 +4816,22 @@ encapsulate_for_dv (struct DistanceVector *dv,
4882	char enc[sizeof(struct TransportDVBoxPayloadP) + enc_body_size] GNUNET_ALIGN;	4816	char enc[sizeof(struct TransportDVBoxPayloadP) + enc_body_size] GNUNET_ALIGN;
4883	struct DVKeyState *key;	4817	struct DVKeyState *key;
4884	struct GNUNET_TIME_Relative rtt;	4818	struct GNUNET_TIME_Relative rtt;
		4819	struct GNUNET_HashCode k;
4885		4820
4886	key = GNUNET_new (struct DVKeyState);	4821	key = GNUNET_new (struct DVKeyState);
4887	/* Encrypt payload */	4822	/* Encrypt payload */
4888	box_hdr.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_DV_BOX);	4823	box_hdr.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_DV_BOX);
4889	box_hdr.total_hops = htons (0);	4824	box_hdr.total_hops = htons (0);
4890	box_hdr.without_fc = htons (without_fc);	4825	box_hdr.without_fc = htons (without_fc);
4891	update_ephemeral (dv);	4826	// update_ephemeral (dv);
		4827	if (0 ==
		4828	GNUNET_TIME_absolute_get_remaining (dv->ephemeral_validity).rel_value_us)
		4829	{
		4830	GNUNET_CRYPTO_eddsa_kem_encaps (&dv->target.public_key,
		4831	&dv->ephemeral_key,
		4832	&k);
		4833	sign_ephemeral (dv);
		4834	}
4892	box_hdr.ephemeral_key = dv->ephemeral_key;	4835	box_hdr.ephemeral_key = dv->ephemeral_key;
4893	payload_hdr.sender_sig = dv->sender_sig;	4836	payload_hdr.sender_sig = dv->sender_sig;
4894		4837
@@ -4896,10 +4839,9 @@ encapsulate_for_dv (struct DistanceVector *dv,
4896	&box_hdr.iv,	4839	&box_hdr.iv,
4897	sizeof(box_hdr.iv));	4840	sizeof(box_hdr.iv));
4898	// We are creating this key, so this must work.	4841	// We are creating this key, so this must work.
4899	GNUNET_assert (GNUNET_OK ==	4842	// FIXME: Possibly also add return values here. We are processing
4900	dh_key_derive_eph_pid (&dv->private_key,	4843	// Input from other peers...
4901	&dv->target,	4844	dv_setup_key_state_from_km (&k, &box_hdr.iv, key);
4902	&box_hdr.iv, key));
4903	payload_hdr.sender = GST_my_identity;	4845	payload_hdr.sender = GST_my_identity;
4904	payload_hdr.monotonic_time = GNUNET_TIME_absolute_hton (dv->monotime);	4846	payload_hdr.monotonic_time = GNUNET_TIME_absolute_hton (dv->monotime);
4905	dv_encrypt (key, &payload_hdr, enc, sizeof(payload_hdr));	4847	dv_encrypt (key, &payload_hdr, enc, sizeof(payload_hdr));
@@ -8322,13 +8264,17 @@ handle_dv_box (void cls, const struct TransportDVBoxMessage dvb)
8322	cmc->total_hops = ntohs (dvb->total_hops);	8264	cmc->total_hops = ntohs (dvb->total_hops);
8323		8265
8324	// DH key derivation with received DV, could be garbage.	8266	// DH key derivation with received DV, could be garbage.
8325	if (GNUNET_OK !=	8267	struct GNUNET_HashCode km;
8326	dh_key_derive_eph_pub (&dvb->ephemeral_key, &dvb->iv, &key))	8268
		8269	if (GNUNET_YES != GNUNET_CRYPTO_eddsa_kem_decaps (GST_my_private_key,
		8270	&dvb->ephemeral_key,
		8271	&km))
8327	{	8272	{
8328	GNUNET_break_op (0);	8273	GNUNET_break_op (0);
8329	finish_cmc_handling (cmc);	8274	finish_cmc_handling (cmc);
8330	return;	8275	return;
8331	}	8276	}
		8277	dv_setup_key_state_from_km (&km, &dvb->iv, &key);
8332	hdr = (const char *) &dvb[1];	8278	hdr = (const char *) &dvb[1];
8333	hdr_len = ntohs (dvb->orig_size) - sizeof(*dvb) - sizeof(struct	8279	hdr_len = ntohs (dvb->orig_size) - sizeof(*dvb) - sizeof(struct
8334	GNUNET_PeerIdentity)	8280	GNUNET_PeerIdentity)