added signing of monotonic time

diff --git a/src/cadet/gnunet-service-cadet_connection.c b/src/cadet/gnunet-service-cadet_connection.c
index a6c3e51d4eceb86a8b8a7e64657461c9e8e26976..1e0f82579c4e2b3395e2a8b20e48da11fbe1b2e0 100644 (file)
--- a/src/cadet/gnunet-service-cadet_connection.c
+++ b/src/cadet/gnunet-service-cadet_connection.c
@@ -78,6 +78,29 @@ enum CadetConnectionState
   CADET_CONNECTION_READY
 };
 
+struct CadetConnectionCreatePS
+{
+
+  /**
+   * Purpose is #GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * Time at the initiator when generating the signature.
+   *
+   * Note that the receiver MUST IGNORE the absolute time, and only interpret
+   * the value as a mononic time and reject "older" values than the last one
+   * observed.  This is necessary as we do not want to require synchronized
+   * clocks and may not have a bidirectional communication channel.
+   *
+   * Even with this, there is no real guarantee against replay achieved here,
+   * unless the latest timestamp is persisted.  Persistence should be
+   * provided via PEERSTORE if possible.
+   */
+  struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+}
 
 /**
  * Low-level connection to a destination.

diff --git a/src/cadet/gnunet-service-cadet_core.c b/src/cadet/gnunet-service-cadet_core.c
index 7fc13111429bc72011b0372b77ce22a30344b258..4cc29782ebf832cefdc32dba202bf839ca3bed38 100644 (file)
--- a/src/cadet/gnunet-service-cadet_core.c
+++ b/src/cadet/gnunet-service-cadet_core.c
@@ -227,6 +227,28 @@ static unsigned long long cur_buffers;
  */
 static struct GNUNET_SCHEDULER_Task *timeout_task;
 
+static int
+check_monotime_sig (struc GNUNET_PeerIdentity *pid,
+                    const struct GNUNET_CADET_ConnectionCreateMessage *msg)
+{
+
+  struct CCCreatePS cp = { .purpose.purpose = htonl (
+                           GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR),
+                         .purpose.size = htonl (sizeof(cp)),
+                         .monotonic_time = sender_monotonic_time};
+
+  if (
+    GNUNET_OK !=
+    GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR,
+                                &cp.purpose,
+                                msg->monotime_sig,
+                                &pid->public_key))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
 
 /**
  * Get the route corresponding to a hash.
@@ -826,7 +848,7 @@ handle_connection_create (
     t = GCP_get_tunnel (sender, GNUNET_YES);
 
     // Check for CADET state in case the other side has lost the tunnel (xrs,t3ss)
-    if ((NULL != msg->monotime) && check_monotime_sig(msg)
+    if ((NULL != msg->monotime) && GNUNET_OK == check_monotime_sig(origin->pid, &msg)
         (CADET_TUNNEL_KEY_OK == GCT_get_estate(t)))
     {
       GCT_change_estate (t, CADET_TUNNEL_KEY_UNINITIALIZED);

diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index a00e0372da18b480420698117ad54065d70b4898..5031137701498ffe405636eee9bd90703b4084c7 100644 (file)
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -241,6 +241,10 @@ extern "C"
  */
 #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR 37
 
+/**
+ * Signature by a peer that like to create a connection.
+ */
+#define GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR 38
 
 #if 0                           /* keep Emacsens' auto-indent happy */
 {