[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36428 - gnunet/src/cadet
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r36428 - gnunet/src/cadet |
|
Date: |
Fri, 2 Oct 2015 05:37:54 +0200 |
Author: bartpolot
Date: 2015-10-02 05:37:54 +0200 (Fri, 02 Oct 2015)
New Revision: 36428
Modified:
gnunet/src/cadet/gnunet-service-cadet_tunnel.c
Log:
- find the correct stored key, not always the first one
Modified: gnunet/src/cadet/gnunet-service-cadet_tunnel.c
===================================================================
--- gnunet/src/cadet/gnunet-service-cadet_tunnel.c 2015-10-02 03:37:53 UTC
(rev 36427)
+++ gnunet/src/cadet/gnunet-service-cadet_tunnel.c 2015-10-02 03:37:54 UTC
(rev 36428)
@@ -1337,17 +1337,28 @@
struct GNUNET_CADET_Hash *hmac;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_CADET_AX plaintext_header;
+ struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
size_t esize;
size_t res;
size_t len;
+ unsigned int N;
+ LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying old keys\n");
hmac = &plaintext_header.hmac;
esize = size - sizeof (struct GNUNET_CADET_AX);
+
+ /* Find a correct Header Key */
for (key = t->ax->skipped_head; NULL != key; key = key->next)
{
+ #if DUMP_KEYS_TO_STDERR
+ LOG (GNUNET_ERROR_TYPE_DEBUG, " Trying hmac with key %s\n",
+ GNUNET_i2s ((struct GNUNET_PeerIdentity *) &key->HK));
+ #endif
t_hmac (&src->Ns, AX_HEADER_SIZE + esize, 0, &key->HK, hmac);
if (0 == memcmp (hmac, &src->hmac, sizeof (*hmac)))
{
+ LOG (GNUNET_ERROR_TYPE_DEBUG, " hmac correct\n");
+ valid_HK = &key->HK;
break;
}
}
@@ -1354,13 +1365,6 @@
if (NULL == key)
return -1;
- #if DUMP_KEYS_TO_STDERR
- LOG (GNUNET_ERROR_TYPE_INFO, " AX_DEC_H with skipped key %s\n",
- GNUNET_i2s ((struct GNUNET_PeerIdentity *) &key->HK));
- LOG (GNUNET_ERROR_TYPE_INFO, " AX_DEC with skipped key %u: %s\n",
- key->Kn, GNUNET_i2s ((struct GNUNET_PeerIdentity *) &key->MK));
- #endif
-
/* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
GNUNET_assert (size > sizeof (struct GNUNET_CADET_AX));
len = size - sizeof (struct GNUNET_CADET_AX);
@@ -1371,11 +1375,23 @@
res = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns, AX_HEADER_SIZE,
&key->HK, &iv, &plaintext_header.Ns);
GNUNET_assert (AX_HEADER_SIZE == res);
- LOG (GNUNET_ERROR_TYPE_INFO, " Message %u, previous: %u\n",
+ LOG (GNUNET_ERROR_TYPE_DEBUG, " Message %u, previous: %u\n",
ntohl (plaintext_header.Ns), ntohl (plaintext_header.PNs));
- // FIXME find correct key
+ /* Find the correct Message Key */
+ N = ntohl (plaintext_header.Ns);
+ while (NULL != key && N != key->Kn)
+ key = key->next;
+ if (NULL == key || 0 != memcmp (&key->HK, valid_HK, sizeof (*valid_HK)))
+ return -1;
+ #if DUMP_KEYS_TO_STDERR
+ LOG (GNUNET_ERROR_TYPE_INFO, " AX_DEC_H with skipped key %s\n",
+ GNUNET_i2s ((struct GNUNET_PeerIdentity *) &key->HK));
+ LOG (GNUNET_ERROR_TYPE_INFO, " AX_DEC with skipped key %u: %s\n",
+ key->Kn, GNUNET_i2s ((struct GNUNET_PeerIdentity *) &key->MK));
+ #endif
+
/* Decrypt payload */
GNUNET_CRYPTO_symmetric_derive_iv (&iv, &key->MK, NULL, 0, NULL);
res = GNUNET_CRYPTO_symmetric_decrypt (&src[1], len, &key->MK, &iv, dst);
@@ -2972,7 +2988,7 @@
if (GNUNET_YES == am_I_alice)
{
GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */
- &msg->ephemeral_key, /* B0 */
+ &msg->ephemeral_key, /* B0 */
&key_material[0]);
}
else
@@ -2992,7 +3008,7 @@
else
{
GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */
- &msg->ephemeral_key, /* B0 */
+ &msg->ephemeral_key, /* B0 */
&key_material[1]);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36428 - gnunet/src/cadet,
gnunet <=