struct GNUNET_CADET_TunnelKeyExchangeMessage
{
/**
- * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX.
+ * Type: #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX or
+ * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH as part
+ * of `struct GNUNET_CADET_TunnelKeyExchangeAuthMessage`.
*/
struct GNUNET_MessageHeader header;
*/
struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key;
-#ifdef NEW_CADET
+};
+
+
+/**
+ * Message for a Key eXchange for a tunnel, with authentication.
+ * Used as a response to the initial KX as well as for rekeying.
+ */
+struct GNUNET_CADET_TunnelKeyExchangeAuthMessage
+{
+
/**
- * Proof that sender could compute the 3-DH, in lieu of a signature.
+ * Message header with key material.
*/
- struct GNUNET_HashCode triple_dh_proof;
-#endif
+ struct GNUNET_CADET_TunnelKeyExchangeMessage kx;
+
+ /**
+ * KDF-proof that sender could compute the 3-DH, used in lieu of a
+ * signature or payload data.
+ */
+ struct GNUNET_HashCode auth;
+
+};
+
+
+/**
+ * Encrypted axolotl header with numbers that identify which
+ * keys in which ratchet are to be used to decrypt the body.
+ */
+struct GNUNET_CADET_AxHeader
+{
+
+ /**
+ * Number of messages sent with the current ratchet key.
+ */
+ uint32_t Ns GNUNET_PACKED;
+
+ /**
+ * Number of messages sent with the previous ratchet key.
+ */
+ uint32_t PNs GNUNET_PACKED;
+
+ /**
+ * Current ratchet key.
+ */
+ struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
+
};
/**
- * Axolotl tunnel message.
+ * Axolotl-encrypted tunnel message with application payload.
*/
struct GNUNET_CADET_TunnelEncryptedMessage
{
*/
struct GNUNET_ShortHashCode hmac;
- /**************** AX_HEADER start ****************/
-
+ #if NEW_CADET
+ /**
+ * Axolotl-header that specifies which keys to use in which ratchet
+ * to decrypt the body that follows.
+ */
+ struct GNUNET_CADET_AxHeader ax_header;
+#else
/**
* Number of messages sent with the current ratchet key.
*/
* Current ratchet key.
*/
struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
-
- /**************** AX_HEADER end ****************/
-
+#endif
/**
* Encrypted content follows.
*/
*
* FIXME:
* - KX:
+ * + clean up KX logic, including adding sender authentication
* + implement rekeying
* + check KX estate machine -- make sure it is never stuck!
- * + clean up KX logic, including adding sender authentication
* - connection management
* + properly (evaluate, kill old ones, search for new ones)
* + when managing connections, distinguish those that
*/
#define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
-/**
- * Yuck, replace by 'offsetof' expression?
- * FIXME.
- */
-#define AX_HEADER_SIZE (sizeof (uint32_t) * 2\
- + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))
-
-
/**
* Maximum number of skipped keys we keep in memory per tunnel.
*/
key, sizeof (*key),
ctx, sizeof (ctx),
NULL);
- /* Two step: CADET_Hash is only 256 bits, HashCode is 512. */
+ /* Two step: GNUNET_ShortHash is only 256 bits,
+ GNUNET_HashCode is 512, so we truncate. */
GNUNET_CRYPTO_hmac (&auth_key,
plaintext,
size,
&ax->HKs,
NULL, 0,
NULL);
- out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->Ns,
- AX_HEADER_SIZE,
+ out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header.Ns,
+ sizeof (struct GNUNET_CADET_AxHeader),
&ax->HKs,
&iv,
- &msg->Ns);
- GNUNET_assert (AX_HEADER_SIZE == out_size);
+ &msg->ax_header.Ns);
+ GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
}
&ax->HKr,
NULL, 0,
NULL);
- out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,
- AX_HEADER_SIZE,
+ out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
+ sizeof (struct GNUNET_CADET_AxHeader),
&ax->HKr,
&iv,
- &dst->Ns);
- GNUNET_assert (AX_HEADER_SIZE == out_size);
+ &dst->ax_header.Ns);
+ GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
}
valid_HK = NULL;
for (key = t->ax.skipped_head; NULL != key; key = key->next)
{
- t_hmac (&src->Ns,
- AX_HEADER_SIZE + esize,
+ t_hmac (&src->ax_header,
+ sizeof (struct GNUNET_CADET_AxHeader) + esize,
0,
&key->HK,
hmac);
&key->HK,
NULL, 0,
NULL);
- res = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,
- AX_HEADER_SIZE,
+ res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
+ sizeof (struct GNUNET_CADET_AxHeader),
&key->HK,
&iv,
- &plaintext_header.Ns);
- GNUNET_assert (AX_HEADER_SIZE == res);
+ &plaintext_header.ax_header.Ns);
+ GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res);
/* Find the correct message key */
- N = ntohl (plaintext_header.Ns);
+ N = ntohl (plaintext_header.ax_header.Ns);
while ( (NULL != key) &&
(N != key->Kn) )
key = key->next;
ax = &t->ax;
/* Try current HK */
- t_hmac (&src->Ns,
- AX_HEADER_SIZE + esize,
+ t_hmac (&src->ax_header,
+ sizeof (struct GNUNET_CADET_AxHeader) + esize,
0, &ax->HKr,
&msg_hmac);
if (0 != memcmp (&msg_hmac,
struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
/* Try Next HK */
- t_hmac (&src->Ns,
- AX_HEADER_SIZE + esize,
+ t_hmac (&src->ax_header,
+ sizeof (struct GNUNET_CADET_AxHeader) + esize,
0,
&ax->NHKr,
&msg_hmac);
t_h_decrypt (t,
src,
&plaintext_header);
- Np = ntohl (plaintext_header.Ns);
- PNp = ntohl (plaintext_header.PNs);
- DHRp = &plaintext_header.DHRs;
+ Np = ntohl (plaintext_header.ax_header.Ns);
+ PNp = ntohl (plaintext_header.ax_header.PNs);
+ DHRp = &plaintext_header.ax_header.DHRs;
store_ax_keys (t,
&HK,
PNp);
t_h_decrypt (t,
src,
&plaintext_header);
- Np = ntohl (plaintext_header.Ns);
- PNp = ntohl (plaintext_header.PNs);
+ Np = ntohl (plaintext_header.ax_header.Ns);
+ PNp = ntohl (plaintext_header.ax_header.PNs);
}
if ( (Np != ax->Nr) &&
(GNUNET_OK != store_ax_keys (t,
&ax_msg[1],
message,
payload_size);
- ax_msg->Ns = htonl (t->ax.Ns++);
- ax_msg->PNs = htonl (t->ax.PNs);
+ ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
+ ax_msg->ax_header.PNs = htonl (t->ax.PNs);
GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,
- &ax_msg->DHRs);
+ &ax_msg->ax_header.DHRs);
t_h_encrypt (t,
ax_msg);
- t_hmac (&ax_msg->Ns,
- AX_HEADER_SIZE + payload_size,
+ t_hmac (&ax_msg->ax_header,
+ sizeof (struct GNUNET_CADET_AxHeader) + payload_size,
0,
&t->ax.HKs,
&ax_msg->hmac);
/**
* Hop-by-hop, connection dependent ACK.
+ *
+ * @deprecated
*/
#define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_HOP_BY_HOP_ENCRYPTED_ACK 1005
+/**
+ * We do not bother with ACKs for
+ * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead
+ * poll for one if we got nothing for a while and start to be worried.
+ *
+ * @deprecated
+ */
+#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006
+
/**
* Axolotl key exchange.
*/
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED 1008
/**
- * We do not bother with ACKs for
- * #GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED messages, but we instead
- * poll for one if we got nothing for a while and start to be worried.
+ * Axolotl key exchange response with authentication.
*/
-#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED_POLL 1006
+#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH 1009
/**
* Reject the creation of a channel
+ *
+ * @deprecated
*/
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_NACK_DEPRECATED 1016
projects / oweals / gnunet.git / commitdiff