[gnunet] 02/03: TNG(udp): Upon rekey, actually do another KX and not jus

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] 02/03: TNG(udp): Upon rekey, actually do another KX and not jus

From:	gnunet
Subject:	[gnunet] 02/03: TNG(udp): Upon rekey, actually do another KX and not just transmit a new symmetric key.
Date:	Sat, 15 Jul 2023 15:53:11 +0200

This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository gnunet.

commit 365a1f1bd2a3674b0892ab48630a53ce59f4ddac
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sat Jul 15 15:48:25 2023 +0200

    TNG(udp): Upon rekey, actually do another KX and not just transmit a new 
symmetric key.
---
 src/transport/gnunet-communicator-udp.c | 74 ++++++++-------------------------
 1 file changed, 18 insertions(+), 56 deletions(-)

diff --git a/src/transport/gnunet-communicator-udp.c 
b/src/transport/gnunet-communicator-udp.c
index 8fcf5ac46..bd51e3003 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -1376,30 +1376,7 @@ setup_shared_secret_dec (const struct 
GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
 
   ss = GNUNET_new (struct SharedSecret);
   GNUNET_CRYPTO_eddsa_kem_decaps (my_private_key, ephemeral, &ss->master);
-  return ss;
-}
-
-
-/**
- * Setup shared secret for encryption.
- *
- * @param ephemeral ephemeral key we are sending to the other peer
- * @param[in,out] receiver queue to initialize encryption key for
- * @return new shared secret
- */
-static struct SharedSecret *
-setup_shared_secret_from_k (struct GNUNET_HashCode *k,
-                            struct ReceiverAddress *receiver)
-{
-  struct SharedSecret *ss;
-
-  ss = GNUNET_new (struct SharedSecret);
-  memcpy (&ss->master, k, sizeof (*k));
   calculate_cmac (ss);
-  ss->receiver = receiver;
-  GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
-  receiver->num_secrets++;
-  GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
   return ss;
 }
 
@@ -1419,26 +1396,12 @@ setup_shared_secret_ephemeral (struct 
GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
   struct GNUNET_HashCode k;
 
   GNUNET_CRYPTO_eddsa_kem_encaps (&receiver->target.public_key, ephemeral, &k);
-  ss = setup_shared_secret_from_k (&k, receiver);
-  GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
-  return ss;
-}
-
-
-/**
- * Setup new random shared secret for encryption.
- *
- * @param[in,out] receiver queue to initialize encryption key for
- * @return new shared secret
- */
-static struct SharedSecret *
-setup_shared_secret_random (struct ReceiverAddress *receiver)
-{
-  struct SharedSecret *ss;
-  struct GNUNET_HashCode k;
-
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &k, sizeof(k));
-  ss = setup_shared_secret_from_k (&k, receiver);
+  ss = GNUNET_new (struct SharedSecret);
+  memcpy (&ss->master, k, sizeof (*k));
+  calculate_cmac (ss);
+  ss->receiver = receiver;
+  GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
+  receiver->num_secrets++;
   GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
   return ss;
 }
@@ -2009,7 +1972,7 @@ decrypt_rekey (const struct UDPRekey *rekey,
   struct SharedSecret *ss = kce->ss;
   struct SharedSecret *ss_rekey;
   char out_buf[rekey_len - sizeof(*rekey)];
-  struct GNUNET_HashCode *master;
+  struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_pubkey;
 
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -2041,10 +2004,8 @@ decrypt_rekey (const struct UDPRekey *rekey,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "decrypted UDPRekey with kid %s\n",
               GNUNET_sh2s (&rekey->kid));
-  master = (struct GNUNET_HashCode *) out_buf;
-  ss_rekey = GNUNET_new (struct SharedSecret);
-  ss_rekey->master = *master;
-  calculate_cmac (ss_rekey);
+  ephemeral_pubkey = (struct GNUNET_CRYPTO_EcdhePublicKey *) out_buf;
+  ss_rekey = setup_shared_secret_dec (ephemeral_pubkey);
   ss_rekey->sender = sender;
   GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
   sender->ss_rekey = ss_rekey;
@@ -2801,6 +2762,7 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct 
SharedSecret *ss)
   uint8_t send_rekey = GNUNET_NO;
   uint16_t not_below;
   struct UDPRekey *rekey;
+  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_pubkey;
   size_t dpos;
 
   char rekey_dgram[sizeof(struct UDPRekey) + receiver->d_mtu];
@@ -2823,7 +2785,8 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct 
SharedSecret *ss)
   else if (NULL == receiver->ss_rekey)
   {
     /* setup key material */
-    receiver->ss_rekey = setup_shared_secret_random (receiver);
+    receiver->ss_rekey = setup_shared_secret_ephemeral (&ephemeral_pubkey,
+                                                        receiver);
     receiver->ss_rekey->sequence_allowed = 0;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Setup secret with cmac %s\n",
@@ -2856,10 +2819,10 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct 
SharedSecret *ss)
 
       GNUNET_assert (
         0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos],
-                                  sizeof(receiver->ss_rekey->master),
-                                  &(receiver->ss_rekey->master),
-                                  sizeof(receiver->ss_rekey->master)));
-      dpos += sizeof(receiver->ss_rekey->master);
+                                  sizeof(ephemeral_pubkey),
+                                  &ephemeral_pubkey,
+                                  sizeof(ephemeral_pubkey)));
+      dpos += sizeof(ephemeral_pubkey);
       do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram)
               - dpos);
       GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher,
@@ -2868,9 +2831,8 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct 
SharedSecret *ss)
       gcry_cipher_close (rekey_out_cipher);
 
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Sending rekey with kid %s and master %s\n",
-                  GNUNET_sh2s (&rekey->kid),
-                  GNUNET_h2s (&(receiver->ss_rekey->master)));
+                  "Sending rekey with kid %s and new pubkey\n",
+                  GNUNET_sh2s (&rekey->kid));
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                   "Sending rekey with cmac %s\n",
                   GNUNET_h2s (&(receiver->ss_rekey->cmac)));

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated (cbbd64c51 -> 55d5ed204), gnunet, 2023/07/15
- [gnunet] 03/03: Merge branch 'master' of git+ssh://git.gnunet.org/gnunet, gnunet, 2023/07/15
- [gnunet] 01/03: UTIL: Start of a CCA-secure KEM implementation, gnunet, 2023/07/15
- [gnunet] 02/03: TNG(udp): Upon rekey, actually do another KX and not just transmit a new symmetric key., gnunet <=

Prev by Date: [gnunet] 01/03: UTIL: Start of a CCA-secure KEM implementation
Next by Date: [gnunet] branch master updated (cbbd64c51 -> 55d5ed204)
Previous by thread: [gnunet] 01/03: UTIL: Start of a CCA-secure KEM implementation
Next by thread: [gnunet] branch master updated: TNG: ftbfs
Index(es):
- Date
- Thread