struct GNUNET_CRYPTO_SymmetricSessionKey CKr;
/**
- * ECDH for key exchange (A0 / B0). Note that for the
- * 'unverified_ax', this member is an alias with the main
- * 't->ax.kx_0' value, so do not free it!
+ * ECDH for key exchange (A0 / B0).
*/
- struct GNUNET_CRYPTO_EcdhePrivateKey *kx_0;
+ struct GNUNET_CRYPTO_EcdhePrivateKey kx_0;
/**
- * ECDH Ratchet key (our private key in the current DH). Note that
- * for the 'unverified_ax', this member is an alias with the main
- * 't->ax.kx_0' value, so do not free it!
+ * ECDH Ratchet key (our private key in the current DH).
*/
- struct GNUNET_CRYPTO_EcdhePrivateKey *DHRs;
+ struct GNUNET_CRYPTO_EcdhePrivateKey DHRs;
/**
* ECDH Ratchet key (other peer's public key in the current DH).
static void
new_ephemeral (struct CadetTunnelAxolotl *ax)
{
- GNUNET_free_non_null (ax->DHRs);
LOG (GNUNET_ERROR_TYPE_DEBUG,
"Creating new ephemeral ratchet key (DHRs)\n");
- ax->DHRs = GNUNET_CRYPTO_ecdhe_key_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdhe_key_create2 (&ax->DHRs));
}
ax->HKs = ax->NHKs;
/* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
- GNUNET_CRYPTO_ecc_ecdh (ax->DHRs,
+ GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
&ax->DHRr,
&dh);
t_ax_hmac_hash (&ax->RK,
PNp);
/* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
- GNUNET_CRYPTO_ecc_ecdh (ax->DHRs,
+ GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
DHRp,
&dh);
t_ax_hmac_hash (&ax->RK,
flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
msg->flags = htonl (flags);
msg->cid = *GCC_get_id (cc);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
&msg->ephemeral_key);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
&msg->ratchet_key);
mark_connection_unready (ct);
t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY;
msg->kx.flags = htonl (flags);
msg->kx.cid = *GCC_get_id (cc);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
&msg->kx.ephemeral_key);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
&msg->kx.ratchet_key);
/* Compute authenticator (this is the main difference to #send_kx()) */
GNUNET_CRYPTO_hash (&ax->RK,
delete_skipped_key (ax,
ax->skipped_head);
GNUNET_assert (0 == ax->skipped);
- GNUNET_free_non_null (ax->kx_0);
- GNUNET_free_non_null (ax->DHRs);
+ GNUNET_CRYPTO_ecdhe_key_clear (&ax->kx_0);
+ GNUNET_CRYPTO_ecdhe_key_clear (&ax->DHRs);
}
}
else
{
- GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */
+ GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */
&pid->public_key, /* A */
&key_material[0]);
}
/* ECDH A0 B */
if (GNUNET_YES == am_I_alice)
{
- GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */
+ GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */
&pid->public_key, /* B */
&key_material[1]);
}
/* ECDH A0 B0 */
/* (This is the triple-DH, we could probably safely skip this,
as A0/B0 are already in the key material.) */
- GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */
+ GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */
ephemeral_key, /* B0 or A0 */
&key_material[2]);
if (NULL != t->unverified_ax)
{
/* We got some "stale" KX before, drop that. */
- t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */
- t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (t->unverified_ax);
GNUNET_free (t->unverified_ax);
t->unverified_ax = NULL;
GNUNET_MQ_destroy (t->mq);
if (NULL != t->unverified_ax)
{
- t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */
- t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (t->unverified_ax);
GNUNET_free (t->unverified_ax);
}
t->kx_retry_delay = INITIAL_KX_RETRY_DELAY;
new_ephemeral (&t->ax);
- t->ax.kx_0 = GNUNET_CRYPTO_ecdhe_key_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdhe_key_create2 (&t->ax.kx_0));
t->destination = destination;
t->channels = GNUNET_CONTAINER_multihashmap32_create (8);
t->maintain_connections_task
if (-1 != decrypted_size)
{
/* It worked! Treat this as authentication of the AX data! */
- t->ax.DHRs = NULL; /* aliased with ax.DHRs */
- t->ax.kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (&t->ax);
t->ax = *t->unverified_ax;
GNUNET_free (t->unverified_ax);
t->unverified_attempts);
if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS)
{
- t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */
- t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (t->unverified_ax);
GNUNET_free (t->unverified_ax);
t->unverified_ax = NULL;
/* FIXME: we should do this once, not once per message;
this is a point multiplication, and DHRs does not
change all the time. */
- GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs,
&ax_msg->ax_header.DHRs);
t_h_encrypt (&t->ax,
ax_msg);