From 164e9747a9a90666c98d2dd31541bb11a3eee51d Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 27 Jan 2017 14:30:52 +0100 Subject: trying to make KX logic slightly more readable --- src/cadet/cadet_protocol.h | 67 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 56 insertions(+), 11 deletions(-) (limited to 'src/cadet/cadet_protocol.h') diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h index 8fb260dfd..e2d6f9d0b 100644 --- a/src/cadet/cadet_protocol.h +++ b/src/cadet/cadet_protocol.h @@ -205,7 +205,9 @@ enum GNUNET_CADET_KX_Flags { struct GNUNET_CADET_TunnelKeyExchangeMessage { /** - * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX. + * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX or + * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH as part + * of `struct GNUNET_CADET_TunnelKeyExchangeAuthMessage`. */ struct GNUNET_MessageHeader header; @@ -234,17 +236,57 @@ struct GNUNET_CADET_TunnelKeyExchangeMessage */ struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key; -#ifdef NEW_CADET +}; + + +/** + * Message for a Key eXchange for a tunnel, with authentication. + * Used as a response to the initial KX as well as for rekeying. + */ +struct GNUNET_CADET_TunnelKeyExchangeAuthMessage +{ + /** - * Proof that sender could compute the 3-DH, in lieu of a signature. + * Message header with key material. */ - struct GNUNET_HashCode triple_dh_proof; -#endif + struct GNUNET_CADET_TunnelKeyExchangeMessage kx; + + /** + * KDF-proof that sender could compute the 3-DH, used in lieu of a + * signature or payload data. + */ + struct GNUNET_HashCode auth; + +}; + + +/** + * Encrypted axolotl header with numbers that identify which + * keys in which ratchet are to be used to decrypt the body. + */ +struct GNUNET_CADET_AxHeader +{ + + /** + * Number of messages sent with the current ratchet key. + */ + uint32_t Ns GNUNET_PACKED; + + /** + * Number of messages sent with the previous ratchet key. + */ + uint32_t PNs GNUNET_PACKED; + + /** + * Current ratchet key. + */ + struct GNUNET_CRYPTO_EcdhePublicKey DHRs; + }; /** - * Axolotl tunnel message. + * Axolotl-encrypted tunnel message with application payload. */ struct GNUNET_CADET_TunnelEncryptedMessage { @@ -277,8 +319,13 @@ struct GNUNET_CADET_TunnelEncryptedMessage */ struct GNUNET_ShortHashCode hmac; - /**************** AX_HEADER start ****************/ - + #if NEW_CADET + /** + * Axolotl-header that specifies which keys to use in which ratchet + * to decrypt the body that follows. + */ + struct GNUNET_CADET_AxHeader ax_header; +#else /** * Number of messages sent with the current ratchet key. */ @@ -293,9 +340,7 @@ struct GNUNET_CADET_TunnelEncryptedMessage * Current ratchet key. */ struct GNUNET_CRYPTO_EcdhePublicKey DHRs; - - /**************** AX_HEADER end ****************/ - +#endif /** * Encrypted content follows. */ -- cgit v1.2.3