* transport-to-transport traffic)
*
* Implement next:
- * - backchannel message encryption & decryption
* - DV data structures:
* + using DV routes!
* - handling of DV-boxed messages that need to be forwarded
* FIXME (without marks in the code!):
* - proper use/initialization of timestamps in messages exchanged
* during DV learning
- * -
*
* Optimizations:
* - use shorthashmap on msg_uuid's when matching reliability/fragment ACKs
*/
struct BackchannelKeyState
{
- // FIXME: actual data types in this struct are likely still totally wrong
/**
- *
+ * State of our block cipher.
*/
- char hdr_key[128];
+ gcry_cipher_hd_t cipher;
/**
- *
+ * Actual key material.
*/
- char body_key[128];
+ struct {
- /**
- *
- */
- char hmac_key[128];
+ /**
+ * Key used for HMAC calculations (via #GNUNET_CRYPTO_hmac()).
+ */
+ struct GNUNET_CRYPTO_AuthKey hmac_key;
+
+ /**
+ * Symmetric key to use for encryption.
+ */
+ char aes_key[256/8];
+
+ /**
+ * Counter value to use during setup.
+ */
+ char aes_ctr[128/8];
+
+ } material;
};
{
/* must match #dh_key_derive_eph_pub */
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (key,
- sizeof (*key),
+ GNUNET_CRYPTO_kdf (&key->material,
+ sizeof (key->material),
"transport-backchannel-key",
strlen ("transport-backchannel-key"),
&km,
sizeof (km),
iv,
sizeof (*iv)));
+ gcry_cipher_open (&key->cipher,
+ GCRY_CIPHER_AES256 /* low level: go for speed */,
+ GCRY_CIPHER_MODE_CTR,
+ 0 /* flags */);
+ gcry_cipher_setkey (key->cipher,
+ &key->material.aes_key,
+ sizeof (key->material.aes_key));
+ gcry_cipher_setctr (key->cipher,
+ &key->material.aes_ctr,
+ sizeof (key->material.aes_ctr));
}
const void *data,
size_t data_size)
{
- // FIXME!
+ GNUNET_CRYPTO_hmac (&key->material.hmac_key,
+ data,
+ data_size,
+ hmac);
}
void *dst,
size_t in_size)
{
- // FIXME!
+ GNUNET_assert (0 ==
+ gcry_cipher_encrypt (key->cipher,
+ dst,
+ in_size,
+ in,
+ in_size));
}
const void *ciph,
size_t out_size)
{
- // FIXME!
+ GNUNET_assert (0 ==
+ gcry_cipher_decrypt (key->cipher,
+ out,
+ out_size,
+ ciph,
+ out_size));
}
static void
bc_key_clean (struct BackchannelKeyState *key)
{
- // FIXME!
+ gcry_cipher_close (key->cipher);
+ GNUNET_CRYPTO_zero_keys (&key->material,
+ sizeof (key->material));
}