make it nicer

This commit is contained in:
Jeff Becker 2018-05-20 11:35:59 -04:00
parent 14b795a384
commit 87ae0aa972
No known key found for this signature in database
GPG Key ID: F357B3B42F6F9B05
3 changed files with 93 additions and 38 deletions

View File

@ -78,18 +78,19 @@ dropping if it does not match.
2) session start 2) session start
Alice uses the token from bob to start the wire session Alice uses the token from the previous message to start the wire session
32 bytes hmac, h 32 bytes hmac, h
32 bytes nounce, n 32 bytes nounce, n
32 bytes ciphertext, x 32 bytes ciphertext, x
variadic byttes padding, w2 variadic byttes padding, w2
T = HS(token + n)
w2 = "[insert variable length random padding here]" w2 = "[insert variable length random padding here]"
e_K = TKE(a.k, b.k, n)
x = SE(e_K, token, n[0:24])
h = MDS(n + x + w2, e_K)
T = HS(token + n)
K = TKE(a.k, b.k, T) K = TKE(a.k, b.k, T)
x = SE(K, token, n[0:24])
h = MDS(n + x + w2, K)
Alice transmits ( h + n + x + w2 ) Alice transmits ( h + n + x + w2 )
Bob recieves ( h + n + x + w2) and verifies that h == MDS(n + x, k) silently Bob recieves ( h + n + x + w2) and verifies that h == MDS(n + x, k) silently

View File

@ -98,6 +98,8 @@ struct iwp_async_session_start
uint8_t * nonce; uint8_t * nonce;
uint8_t * token; uint8_t * token;
uint8_t * sessionkey; uint8_t * sessionkey;
uint8_t * secretkey;
uint8_t * remote_pubkey;
iwp_session_start_hook hook; iwp_session_start_hook hook;
}; };

View File

@ -11,30 +11,33 @@ struct llarp_async_iwp
struct llarp_threadpool * worker; struct llarp_threadpool * worker;
}; };
void iwp_inform_keygen(void * user) namespace iwp
{
void inform_keygen(void * user)
{ {
iwp_async_keygen * keygen = static_cast<iwp_async_keygen *>(user); iwp_async_keygen * keygen = static_cast<iwp_async_keygen *>(user);
keygen->hook(keygen); keygen->hook(keygen);
} }
void iwp_do_keygen(void * user) void keygen(void * user)
{ {
iwp_async_keygen * keygen = static_cast<iwp_async_keygen *>(user); iwp_async_keygen * keygen = static_cast<iwp_async_keygen *>(user);
keygen->iwp->crypto->keygen(keygen->keybuf); keygen->iwp->crypto->keygen(keygen->keybuf);
llarp_thread_job job = { llarp_thread_job job = {
.user = user, .user = user,
.work = iwp_inform_keygen .work = &inform_keygen
}; };
llarp_logic_queue_job(keygen->iwp->logic, job); llarp_logic_queue_job(keygen->iwp->logic, job);
} }
void iwp_inform_genintro(void * user) void inform_gen_intro(void * user)
{ {
iwp_async_intro * intro = static_cast<iwp_async_intro *>(user); iwp_async_intro * intro = static_cast<iwp_async_intro *>(user);
intro->hook(intro); intro->hook(intro);
} }
void iwp_do_genintro(void * user) void gen_intro(void * user)
{ {
iwp_async_intro * intro = static_cast<iwp_async_intro *>(user); iwp_async_intro * intro = static_cast<iwp_async_intro *>(user);
llarp_sharedkey_t sharedkey; llarp_sharedkey_t sharedkey;
@ -44,7 +47,7 @@ void iwp_do_genintro(void * user)
uint8_t tmp[64]; uint8_t tmp[64];
llarp_thread_job job = { llarp_thread_job job = {
.user = user, .user = user,
.work = &iwp_inform_genintro .work = &inform_gen_intro
}; };
// S = TKE(a.k, b.k, n) // S = TKE(a.k, b.k, n)
crypto->transport_dh_client(sharedkey, intro->remote_pubkey, intro->secretkey, intro->nonce); crypto->transport_dh_client(sharedkey, intro->remote_pubkey, intro->secretkey, intro->nonce);
@ -68,33 +71,33 @@ void iwp_do_genintro(void * user)
} }
void iwp_inform_verify_introack(void * user) void inform_verify_introack(void * user)
{ {
iwp_async_introack * introack = static_cast<iwp_async_introack *>(user); iwp_async_introack * introack = static_cast<iwp_async_introack *>(user);
introack->hook(introack); introack->hook(introack);
} }
void iwp_do_verify_introack(void * user) void verify_introack(void * user)
{ {
iwp_async_introack * introack = static_cast<iwp_async_introack *>(user); iwp_async_introack * introack = static_cast<iwp_async_introack *>(user);
llarp_crypto * crypto = introack->iwp->crypto; auto crypto = introack->iwp->crypto;
llarp_logic * logic = introack->iwp->logic; auto logic = introack->iwp->logic;
llarp_thread_job job = { llarp_thread_job job = {
.user = user, .user = user,
.work = &iwp_inform_verify_introack .work = &inform_verify_introack
}; };
llarp_hmac_t digest; llarp_hmac_t digest;
llarp_sharedkey_t sharedkey; llarp_sharedkey_t sharedkey;
uint8_t * hmac = introack->buf; auto hmac = introack->buf;
uint8_t * body = introack->buf + 32; auto body = introack->buf + 32;
uint8_t * pubkey = introack->remote_pubkey; auto pubkey = introack->remote_pubkey;
uint8_t * secretkey = introack->secretkey; auto secretkey = introack->secretkey;
uint8_t * nonce = introack->buf + 32; auto nonce = introack->buf + 32;
uint8_t * token = introack->buf + 64; auto token = introack->buf + 64;
size_t bodysz = introack->sz - 32; size_t bodysz = introack->sz - 32;
llarp_buffer_t buf; llarp_buffer_t buf;
buf.base = (char*) body; buf.base = (char*) body;
@ -109,7 +112,7 @@ void iwp_do_verify_introack(void * user)
if(!llarp_eq(digest, hmac, 32)) if(!llarp_eq(digest, hmac, 32))
{ {
// fail to verify hmac // fail to verify hmac
introack->buf = 0; introack->buf = nullptr;
llarp_logic_queue_job(logic, job); llarp_logic_queue_job(logic, job);
return; return;
} }
@ -119,6 +122,67 @@ void iwp_do_verify_introack(void * user)
crypto->xchacha20(buf, sharedkey, nonce); crypto->xchacha20(buf, sharedkey, nonce);
// copy token // copy token
memcpy(introack->token, token, 32); memcpy(introack->token, token, 32);
llarp_logic_queue_job(logic, job);
}
void inform_gen_session_start(void * user)
{
iwp_async_session_start * session = static_cast<iwp_async_session_start *>(user);
session->hook(session);
}
void gen_session_start(void * user)
{
iwp_async_session_start * session = static_cast<iwp_async_session_start *>(user);
auto crypto = session->iwp->crypto;
auto dh = crypto->transport_dh_client;
auto shorthash = crypto->shorthash;
auto hmac = crypto->hmac;
auto encrypt = crypto->xchacha20;
auto logic = session->iwp->logic;
auto a_sK = session->secretkey;
auto b_K = session->remote_pubkey;
auto N = session->nonce;
auto token = session->token;
auto K = session->sessionkey;
llarp_sharedkey_t e_K;
llarp_shorthash_t T;
llarp_buffer_t buf;
uint8_t tmp[64];
// T = HS(token + n)
memcpy(tmp, token, 32);
memcpy(tmp + 32, N, 32);
buf.base = (char *) tmp;
buf.sz = 64;
shorthash(&T, buf);
// e_K = TKE(a.k, b.k, N)
dh(e_K, b_K, a_sK, N);
// K = TKE(a.k, b.k, T)
dh(K, b_K, a_sK, T);
// x = SE(e_K, token, n[0:24])
buf.base = (char *) (session->buf + 64);
buf.sz = 32;
memcpy(buf.base, token, 32);
encrypt(buf, e_K, N);
// h = MDS(n + x + w2, e_K)
buf.base = (char*) (session->buf + 32);
buf.sz = session->sz - 32;
hmac(session->buf, buf, e_K);
// K = TKE(a.k, b.k, T)
dh(K, b_K, a_sK, T);
llarp_logic_queue_job(logic, {user, &inform_gen_session_start});
}
} }
extern "C" { extern "C" {
@ -126,37 +190,25 @@ extern "C" {
void iwp_call_async_keygen(struct llarp_async_iwp * iwp, struct iwp_async_keygen * keygen) void iwp_call_async_keygen(struct llarp_async_iwp * iwp, struct iwp_async_keygen * keygen)
{ {
keygen->iwp = iwp; keygen->iwp = iwp;
struct llarp_thread_job job = { llarp_threadpool_queue_job(iwp->worker, {keygen, &iwp::keygen});
.user = keygen,
.work = &iwp_do_keygen
};
llarp_threadpool_queue_job(iwp->worker, job);
} }
void iwp_call_async_gen_intro(struct llarp_async_iwp * iwp, struct iwp_async_intro * intro) void iwp_call_async_gen_intro(struct llarp_async_iwp * iwp, struct iwp_async_intro * intro)
{ {
intro->iwp = iwp; intro->iwp = iwp;
struct llarp_thread_job job = { llarp_threadpool_queue_job(iwp->worker, {intro, &iwp::gen_intro});
.user = intro,
.work = &iwp_do_genintro
};
llarp_threadpool_queue_job(iwp->worker, job);
} }
void iwp_call_async_verify_introack(struct llarp_async_iwp * iwp, struct iwp_async_introack * introack) void iwp_call_async_verify_introack(struct llarp_async_iwp * iwp, struct iwp_async_introack * introack)
{ {
introack->iwp = iwp; introack->iwp = iwp;
struct llarp_thread_job job = { llarp_threadpool_queue_job(iwp->worker, {introack, &iwp::verify_introack});
.user = introack,
.work = &iwp_do_verify_introack
};
llarp_threadpool_queue_job(iwp->worker, job);
} }
void iwp_call_async_gen_session_start(struct llarp_async_iwp * iwp, struct iwp_async_session_start * session) void iwp_call_async_gen_session_start(struct llarp_async_iwp * iwp, struct iwp_async_session_start * session)
{ {
session->iwp = iwp; session->iwp = iwp;
llarp_threadpool_queue_job(iwp->worker, {session, &iwp::gen_session_start});
} }
void iwp_call_async_frame_decrypt(struct llarp_async_iwp * iwp, struct iwp_async_frame * frame) void iwp_call_async_frame_decrypt(struct llarp_async_iwp * iwp, struct iwp_async_frame * frame)