[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r32547 - gnunet/src/mesh
From: |
gnunet |
Subject: |
[GNUnet-SVN] r32547 - gnunet/src/mesh |
Date: |
Thu, 6 Mar 2014 02:36:27 +0100 |
Author: bartpolot
Date: 2014-03-06 02:36:27 +0100 (Thu, 06 Mar 2014)
New Revision: 32547
Modified:
gnunet/src/mesh/gnunet-service-mesh_tunnel.c
Log:
- add hmac to tunnel messages
Modified: gnunet/src/mesh/gnunet-service-mesh_tunnel.c
===================================================================
--- gnunet/src/mesh/gnunet-service-mesh_tunnel.c 2014-03-06 01:36:26 UTC
(rev 32546)
+++ gnunet/src/mesh/gnunet-service-mesh_tunnel.c 2014-03-06 01:36:27 UTC
(rev 32547)
@@ -717,7 +717,34 @@
}
+/**
+ * Calculate HMAC.
+ *
+ * @param t Tunnel to get keys from.
+ * @param plaintext Content to HMAC.
+ * @param size Size of @c plaintext.
+ * @param iv Initialization vector for the message.
+ * @param outgoing Is this an outgoing message that we encrypted?
+ * @param hmac Destination to store the HMAC.
+ */
+static void
+t_hmac (struct MeshTunnel3 *t, const void *plaintext, size_t size, uint32_t iv,
+ int outgoing, struct GNUNET_HashCode *hmac)
+{
+ struct GNUNET_CRYPTO_AuthKey auth_key;
+ static const char ctx[] = "mesh authentication key";
+ struct GNUNET_CRYPTO_SymmetricSessionKey *key;
+ key = outgoing ? &t->e_key : &t->d_key;
+ GNUNET_CRYPTO_hmac_derive_key (&auth_key, key,
+ &iv, sizeof (iv),
+ key, sizeof (*key),
+ ctx, sizeof (ctx),
+ NULL);
+ GNUNET_CRYPTO_hmac (&auth_key, plaintext, size, hmac);
+}
+
+
/**
* Sends an already built message on a tunnel, encrypting it and
* choosing the best connection.
@@ -775,7 +802,9 @@
msg->header.type = htons (GNUNET_MESSAGE_TYPE_MESH_ENCRYPTED);
msg->iv = iv;
GNUNET_assert (t_encrypt (t, &msg[1], message, size, iv) == size);
+ t_hmac (t, message, size, iv, GNUNET_YES, &msg->hmac);
msg->header.size = htons (sizeof (struct GNUNET_MESH_Encrypted) + size);
+
if (NULL == c)
c = tunnel_get_connection (t);
if (NULL == c)
@@ -1619,8 +1648,19 @@
char cbuf [payload_size];
struct GNUNET_MessageHeader *msgh;
unsigned int off;
+ struct GNUNET_HashCode hmac;
decrypted_size = t_decrypt (t, cbuf, &msg[1], payload_size, msg->iv);
+ t_hmac (t, cbuf, payload_size, msg->iv, GNUNET_NO, &hmac);
+ if (0 != memcmp (&hmac, &msg->hmac, sizeof (struct GNUNET_HashCode)))
+ {
+ /* checksum failed */
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Failed checksum validation for a message on tunnel `%s'\n",
+ GMT_2s (t));
+ GNUNET_STATISTICS_update (stats, "# wrong HMAC", 1, GNUNET_NO);
+ return;
+ }
off = 0;
while (off < decrypted_size)
{
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r32547 - gnunet/src/mesh,
gnunet <=