[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 02/03: hpke: harmonize elligator implementation
|
From: |
gnunet |
|
Subject: |
[gnunet] 02/03: hpke: harmonize elligator implementation |
|
Date: |
Thu, 18 Jul 2024 16:41:04 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 4d2c872d97c9abd3d89a0eb46aa8c83dc030b2bb
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Thu Jul 18 15:08:40 2024 +0200
hpke: harmonize elligator implementation
---
src/include/gnunet_crypto_lib.h | 18 +++----
src/lib/util/crypto_hpke.c | 60 ++++++++-------------
src/lib/util/test_crypto_elligator.c | 25 +++++----
src/service/transport/gnunet-communicator-tcp.c | 71 +++++++++++++++++-------
src/service/transport/gnunet-communicator-udp.c | 72 ++++++++++++++++++-------
5 files changed, 153 insertions(+), 93 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 8100fc992..ce4e008f2 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -3109,15 +3109,15 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
* Use #GNUNET_CRYPTO_hkdf_expand to derive further context-specific
* keys from the key material.
*
- * @param pub given edwards curve public key (X)
- * @param r representative of ephemeral public key A to use for the ECDH
(direct_map(r)=A=aG)
+ * @param pkR Receiver public key (X)
+ * @param c representative of ephemeral public key A to use for the ECDH
(direct_map(r)=A=aG)
* @param prk where to write the key material
HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG))
* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_eddsa_elligator_kem_encaps (
- const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
- struct GNUNET_CRYPTO_ElligatorRepresentative *r,
+GNUNET_CRYPTO_hpke_elligator_kem_encaps (
+ const struct GNUNET_CRYPTO_EcdhePublicKey *pkR,
+ struct GNUNET_CRYPTO_HpkeEncapsulation *c,
struct GNUNET_ShortHashCode *prk);
/**
@@ -3127,15 +3127,15 @@ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (
* Use #GNUNET_CRYPTO_hkdf_expand to derive further context-specific
* keys from the key material.
*
- * @param priv own private key (x)
+ * @param skR own private key (x)
* @param r received representative r, from which we can obtain the public key
A (direct_map(r)=A=aG)
* @param prk where to write the key material
HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG))
* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_eddsa_elligator_kem_decaps (
- const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
- const struct GNUNET_CRYPTO_ElligatorRepresentative *r,
+GNUNET_CRYPTO_hpke_elligator_kem_decaps (
+ const struct GNUNET_CRYPTO_EcdhePrivateKey *skR,
+ const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
struct GNUNET_ShortHashCode *prk);
diff --git a/src/lib/util/crypto_hpke.c b/src/lib/util/crypto_hpke.c
index ad6efc7f7..c85cf34cc 100644
--- a/src/lib/util/crypto_hpke.c
+++ b/src/lib/util/crypto_hpke.c
@@ -158,6 +158,10 @@ GNUNET_CRYPTO_hpke_labeled_extract_and_expand (const void
*dh,
static uint8_t GNUNET_CRYPTO_HPKE_KEM_SUITE_ID[] = { 'K', 'E', 'M',
0x00, 0x20 };
+// DHKEM(X25519Elligator, HKDF-256): kem_id = 0x0030
+// concat("KEM", I2OSP(kem_id, 2))
+static uint8_t GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID[] = { 'K', 'E', 'M',
+ 0x00, 0x30 };
enum GNUNET_GenericReturnValue
GNUNET_CRYPTO_authkem_encaps_norand (
const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
@@ -376,39 +380,29 @@ GNUNET_CRYPTO_eddsa_kem_decaps (const struct
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_eddsa_elligator_kem_encaps (
- const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
- struct GNUNET_CRYPTO_ElligatorRepresentative *r,
+GNUNET_CRYPTO_hpke_elligator_kem_encaps (
+ const struct GNUNET_CRYPTO_EcdhePublicKey *pkR,
+ struct GNUNET_CRYPTO_HpkeEncapsulation *c,
struct GNUNET_ShortHashCode *shared_secret)
{
struct GNUNET_CRYPTO_EcdhePrivateKey sk;
- struct GNUNET_CRYPTO_EcdhePublicKey pkR;
struct GNUNET_CRYPTO_EcdhePublicKey dh;
- uint8_t kem_context[sizeof *r + sizeof *pub];
- uint8_t suite_id[strlen ("KEM") + 2];
- uint16_t kem_id = htons (256); // FIXME hardcode as constant
-
- // DHKEM(X25519, HKDF-256): kem_id = 32
- // concat("KEM", I2OSP(kem_id, 2))
- memcpy (suite_id, "KEM", 3);
- memcpy (suite_id + 3, &kem_id, 2);
-
- // This maps the ed25519 point to X25519
- if (0 != crypto_sign_ed25519_pk_to_curve25519 (pkR.q_y, pub->q_y))
- return GNUNET_SYSERR;
+ struct GNUNET_CRYPTO_ElligatorRepresentative *r;
+ uint8_t kem_context[sizeof *r + sizeof *pkR];
+ r = (struct GNUNET_CRYPTO_ElligatorRepresentative*) c;
// skE, pkE = GenerateElligatorKeyPair()
GNUNET_CRYPTO_ecdhe_elligator_key_create (r, &sk);
// dh = DH(skE, pkR)
- GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_x25519 (&sk, &pkR,
+ GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_x25519 (&sk, pkR,
&dh));
// kem_context = concat(enc, pkRm)
// enc = SerializePublicKey(pkE) == r
// pkRm = SerializePublicKey(pkR) is a NOP, see Section 7.1.1
// kem_context = concat(enc, pkRm)
memcpy (kem_context, r, sizeof *r);
- memcpy (kem_context + sizeof *r, &pkR, sizeof pkR);
+ memcpy (kem_context + sizeof *r, pkR, sizeof *pkR);
// shared_secret = ExtractAndExpand(dh, kem_context)
return GNUNET_CRYPTO_hpke_labeled_extract_and_expand (
&dh, sizeof dh,
@@ -417,41 +411,32 @@ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (
"eae_prk", strlen ("eae_prk"),
"shared_secret", strlen ("shared_secret"),
kem_context, sizeof kem_context,
- suite_id, sizeof suite_id,
+ GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
+ sizeof GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
shared_secret);
}
enum GNUNET_GenericReturnValue
-GNUNET_CRYPTO_eddsa_elligator_kem_decaps (
- const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
- const struct GNUNET_CRYPTO_ElligatorRepresentative *r,
+GNUNET_CRYPTO_hpke_elligator_kem_decaps (
+ const struct GNUNET_CRYPTO_EcdhePrivateKey *skR,
+ const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
struct GNUNET_ShortHashCode *shared_secret)
{
- struct GNUNET_CRYPTO_EcdhePrivateKey skR;
struct GNUNET_CRYPTO_EcdhePublicKey pkE;
struct GNUNET_CRYPTO_EcdhePublicKey dh;
+ const struct GNUNET_CRYPTO_ElligatorRepresentative *r;
uint8_t kem_context[sizeof *r + crypto_scalarmult_curve25519_BYTES];
uint8_t pkR[crypto_scalarmult_BYTES];
- uint8_t suite_id[strlen ("KEM") + 2];
- uint16_t kem_id = htons (256); // FIXME hardcode as constant
-
- // DHKEM(X25519, HKDF-256): kem_id = 32
- // concat("KEM", I2OSP(kem_id, 2))
- memcpy (suite_id, "KEM", 3);
- memcpy (suite_id + 3, &kem_id, 2);
-
- // This maps the ed25519 point to X25519
- if (0 != crypto_sign_ed25519_sk_to_curve25519 (skR.d, priv->d))
- return GNUNET_SYSERR;
+ r = (struct GNUNET_CRYPTO_ElligatorRepresentative*) c;
// pkE = DeserializePublicKey(enc) Elligator deserialize!
GNUNET_CRYPTO_ecdhe_elligator_decoding (&pkE, NULL, r);
// dh = DH(skR, pkE)
- GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_x25519_ecdh (&skR, &pkE,
+ GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_x25519_ecdh (skR, &pkE,
&dh));
// pkRm = DeserializePublicKey(pk(skR)) is a NOP, see Section 7.1.1
- crypto_scalarmult_curve25519_base (pkR, skR.d);
+ crypto_scalarmult_curve25519_base (pkR, skR->d);
memcpy (kem_context, r, sizeof *r);
memcpy (kem_context + sizeof *r, pkR, sizeof pkR);
// shared_secret = ExtractAndExpand(dh, kem_context)
@@ -462,7 +447,8 @@ GNUNET_CRYPTO_eddsa_elligator_kem_decaps (
"eae_prk", strlen ("eae_prk"),
"shared_secret", strlen ("shared_secret"),
kem_context, sizeof kem_context,
- suite_id, sizeof suite_id,
+ GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
+ sizeof GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
shared_secret);
}
diff --git a/src/lib/util/test_crypto_elligator.c
b/src/lib/util/test_crypto_elligator.c
index fd1453fc0..7f2d3dd40 100644
--- a/src/lib/util/test_crypto_elligator.c
+++ b/src/lib/util/test_crypto_elligator.c
@@ -222,21 +222,28 @@ testTimeDecoding (void)
static int
elligatorKEM ()
{
- struct GNUNET_CRYPTO_EddsaPrivateKey pk_receiver;
- struct GNUNET_CRYPTO_EddsaPublicKey pub_receiver;
- GNUNET_CRYPTO_eddsa_key_create (&pk_receiver);
- GNUNET_CRYPTO_eddsa_key_get_public (&pk_receiver, &pub_receiver);
-
- struct GNUNET_CRYPTO_ElligatorRepresentative r_sender;
-
+ struct GNUNET_CRYPTO_PrivateKey pk_receiver;
+ struct GNUNET_CRYPTO_EcdhePrivateKey pk_receiver_hpke;
+ struct GNUNET_CRYPTO_PublicKey pub_receiver;
+ struct GNUNET_CRYPTO_EcdhePublicKey pub_receiver_hpke;
+ pk_receiver.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA);
+ pub_receiver.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA);
+ GNUNET_CRYPTO_eddsa_key_create (&pk_receiver.eddsa_key);
+ GNUNET_CRYPTO_eddsa_key_get_public (&pk_receiver.eddsa_key,
+ &pub_receiver.eddsa_key);
+
+ struct GNUNET_CRYPTO_HpkeEncapsulation c_sender;
+
+ GNUNET_CRYPTO_hpke_sk_to_x25519(&pk_receiver, &pk_receiver_hpke);
+ GNUNET_CRYPTO_hpke_pk_to_x25519(&pub_receiver, &pub_receiver_hpke);
// Sender side
struct GNUNET_ShortHashCode key_material_encaps;
- GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&pub_receiver, &r_sender,
+ GNUNET_CRYPTO_hpke_elligator_kem_encaps (&pub_receiver_hpke, &c_sender,
&key_material_encaps);
// Receiving side
struct GNUNET_ShortHashCode key_material_decaps;
- GNUNET_CRYPTO_eddsa_elligator_kem_decaps (&pk_receiver, &r_sender,
+ GNUNET_CRYPTO_hpke_elligator_kem_decaps (&pk_receiver_hpke, &c_sender,
&key_material_decaps);
GNUNET_assert (0 == GNUNET_memcmp (&key_material_encaps,
diff --git a/src/service/transport/gnunet-communicator-tcp.c
b/src/service/transport/gnunet-communicator-tcp.c
index 4720bd617..6ea572ecc 100644
--- a/src/service/transport/gnunet-communicator-tcp.c
+++ b/src/service/transport/gnunet-communicator-tcp.c
@@ -139,7 +139,7 @@ struct TcpHandshakeSignature
/**
* Ephemeral key used by the @e sender (as Elligator representative).
*/
- struct GNUNET_CRYPTO_ElligatorRepresentative ephemeral;
+ struct GNUNET_CRYPTO_HpkeEncapsulation ephemeral;
/**
* Monotonic time of @e sender, to possibly help detect replay attacks
@@ -437,6 +437,11 @@ struct Queue
*/
struct GNUNET_PeerIdentity target;
+ /**
+ * To whom are we talking to.
+ */
+ struct GNUNET_CRYPTO_EcdhePublicKey target_hpke_key;
+
/**
* Listen socket.
*/
@@ -853,6 +858,11 @@ static struct GNUNET_TIME_Relative rekey_interval;
*/
static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
+/**
+ * Our private key.
+ */
+static struct GNUNET_CRYPTO_EcdhePrivateKey my_x25519_private_key;
+
/**
* Our configuration.
*/
@@ -933,6 +943,26 @@ static struct GNUNET_CONTAINER_MultiHashMap
*pending_reversals;
static void
listen_cb (void *cls);
+static void
+eddsa_priv_to_hpke_key (struct GNUNET_CRYPTO_EddsaPrivateKey *edpk,
+ struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
+{
+ struct GNUNET_CRYPTO_PrivateKey key;
+ key.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA);
+ key.eddsa_key = *edpk;
+ GNUNET_CRYPTO_hpke_sk_to_x25519 (&key, pk);
+}
+
+static void
+eddsa_pub_to_hpke_key (struct GNUNET_CRYPTO_EddsaPublicKey *edpk,
+ struct GNUNET_CRYPTO_EcdhePublicKey *pk)
+{
+ struct GNUNET_CRYPTO_PublicKey key;
+ key.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA);
+ key.eddsa_key = *edpk;
+ GNUNET_CRYPTO_hpke_pk_to_x25519 (&key, pk);
+}
+
/**
* Functions with this signature are called whenever we need
* to close a queue due to a disconnect or failure to
@@ -1347,12 +1377,12 @@ rekey_monotime_cb (void *cls,
*/
static void
setup_in_cipher_elligator (
- const struct GNUNET_CRYPTO_ElligatorRepresentative *repr,
+ const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
struct Queue *queue)
{
struct GNUNET_ShortHashCode k;
- GNUNET_CRYPTO_eddsa_elligator_kem_decaps (my_private_key, repr, &k);
+ GNUNET_CRYPTO_hpke_elligator_kem_decaps (&my_x25519_private_key, c, &k);
setup_cipher (&k, &my_identity, &queue->in_cipher, &queue->in_hmac);
}
@@ -2710,13 +2740,13 @@ boot_queue (struct Queue *queue)
*/
static void
transmit_kx (struct Queue *queue,
- const struct GNUNET_CRYPTO_ElligatorRepresentative *repr)
+ const struct GNUNET_CRYPTO_HpkeEncapsulation *c)
{
struct TcpHandshakeSignature ths;
struct TCPConfirmation tc;
- memcpy (queue->cwrite_buf, repr, sizeof(*repr));
- queue->cwrite_off = sizeof(*repr);
+ memcpy (queue->cwrite_buf, c, sizeof(*c));
+ queue->cwrite_off = sizeof(*c);
/* compute 'tc' and append in encrypted format to cwrite_buf */
tc.sender = my_identity;
tc.monotonic_time =
@@ -2729,7 +2759,7 @@ transmit_kx (struct Queue *queue,
ths.purpose.size = htonl (sizeof(ths));
ths.sender = my_identity;
ths.receiver = queue->target;
- ths.ephemeral = *repr;
+ ths.ephemeral = *c;
ths.monotonic_time = tc.monotonic_time;
ths.challenge = tc.challenge;
GNUNET_CRYPTO_eddsa_sign (my_private_key,
@@ -2759,13 +2789,13 @@ transmit_kx (struct Queue *queue,
static void
start_initial_kx_out (struct Queue *queue)
{
- struct GNUNET_CRYPTO_ElligatorRepresentative repr;
+ struct GNUNET_CRYPTO_HpkeEncapsulation c;
struct GNUNET_ShortHashCode k;
- GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&queue->target.public_key,
- &repr, &k);
+ GNUNET_CRYPTO_hpke_elligator_kem_encaps (&queue->target_hpke_key,
+ &c, &k);
setup_out_cipher (queue, &k);
- transmit_kx (queue, &repr);
+ transmit_kx (queue, &c);
}
@@ -2968,10 +2998,10 @@ queue_read_kx (void *cls)
return;
}
/* we got all the data, let's find out who we are talking to! */
- setup_in_cipher_elligator ((const struct
GNUNET_CRYPTO_ElligatorRepresentative
- *)
- queue->cread_buf,
- queue);
+ setup_in_cipher_elligator (
+ (const struct GNUNET_CRYPTO_HpkeEncapsulation*)
+ queue->cread_buf,
+ queue);
if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, queue->cread_buf))
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -3073,6 +3103,7 @@ proto_read_kx (void *cls)
queue = GNUNET_new (struct Queue);
queue->target = pm->clientIdentity;
+ eddsa_pub_to_hpke_key (&queue->target.public_key, &queue->target_hpke_key);
queue->cs = GNUNET_TRANSPORT_CS_OUTBOUND;
read_task = &queue_read_kx;
}
@@ -3087,10 +3118,10 @@ proto_read_kx (void *cls)
{
/* we got all the data, let's find out who we are talking to! */
queue = GNUNET_new (struct Queue);
- setup_in_cipher_elligator ((const struct
- GNUNET_CRYPTO_ElligatorRepresentative *) pq->
- ibuf,
- queue);
+ setup_in_cipher_elligator (
+ (const struct GNUNET_CRYPTO_HpkeEncapsulation *) pq->
+ ibuf,
+ queue);
if (GNUNET_OK != decrypt_and_check_tc (queue, &tc, pq->ibuf))
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -3836,6 +3867,8 @@ init_socket (struct sockaddr *addr,
return GNUNET_SYSERR;
}
GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
+ eddsa_priv_to_hpke_key (my_private_key,
+ &my_x25519_private_key);
/* start listening */
lt = GNUNET_new (struct ListenTask);
diff --git a/src/service/transport/gnunet-communicator-udp.c
b/src/service/transport/gnunet-communicator-udp.c
index 089ac29da..fd679bc65 100644
--- a/src/service/transport/gnunet-communicator-udp.c
+++ b/src/service/transport/gnunet-communicator-udp.c
@@ -200,7 +200,7 @@ struct InitialKX
/**
* Representative of ephemeral key for KX.
*/
- struct GNUNET_CRYPTO_ElligatorRepresentative representative;
+ struct GNUNET_CRYPTO_HpkeEncapsulation enc;
/**
* HMAC for the following encrypted message, using GCM. HMAC uses
@@ -590,6 +590,11 @@ struct ReceiverAddress
*/
struct GNUNET_PeerIdentity target;
+ /**
+ * To whom are we talking to.
+ */
+ struct GNUNET_CRYPTO_EcdhePublicKey target_hpke_key;
+
/**
* The address key for this entry.
*/
@@ -825,6 +830,11 @@ static struct GNUNET_PeerIdentity my_identity;
*/
static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
+/**
+ * Our private key for HPKE.
+ */
+static struct GNUNET_CRYPTO_EcdhePrivateKey my_x25519_private_key;
+
/**
* Our configuration.
*/
@@ -855,6 +865,25 @@ static uint16_t my_port;
*/
static int disable_v6;
+static void
+eddsa_priv_to_hpke_key (struct GNUNET_CRYPTO_EddsaPrivateKey *edpk,
+ struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
+{
+ struct GNUNET_CRYPTO_PrivateKey key;
+ key.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA);
+ key.eddsa_key = *edpk;
+ GNUNET_CRYPTO_hpke_sk_to_x25519 (&key, pk);
+}
+
+static void
+eddsa_pub_to_hpke_key (struct GNUNET_CRYPTO_EddsaPublicKey *edpk,
+ struct GNUNET_CRYPTO_EcdhePublicKey *pk)
+{
+ struct GNUNET_CRYPTO_PublicKey key;
+ key.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA);
+ key.eddsa_key = *edpk;
+ GNUNET_CRYPTO_hpke_pk_to_x25519 (&key, pk);
+}
/**
* An interface went away, stop broadcasting on it.
@@ -1347,7 +1376,8 @@ try_decrypt (const struct SharedSecret *ss,
* @return new shared secret
*/
static struct SharedSecret *
-setup_shared_secret_dec (const struct GNUNET_CRYPTO_HpkeEncapsulation
*ephemeral)
+setup_shared_secret_dec (const struct GNUNET_CRYPTO_HpkeEncapsulation
*ephemeral
+ )
{
struct SharedSecret *ss;
@@ -1366,14 +1396,13 @@ setup_shared_secret_dec (const struct
GNUNET_CRYPTO_HpkeEncapsulation *ephemeral
*/
static struct SharedSecret *
setup_initial_shared_secret_dec (const struct
- GNUNET_CRYPTO_ElligatorRepresentative *
- representative)
+ GNUNET_CRYPTO_HpkeEncapsulation *c)
{
struct SharedSecret *ss;
ss = GNUNET_new (struct SharedSecret);
- GNUNET_CRYPTO_eddsa_elligator_kem_decaps (my_private_key, representative,
- &ss->master);
+ GNUNET_CRYPTO_hpke_elligator_kem_decaps (&my_x25519_private_key, c,
+ &ss->master);
calculate_cmac (ss);
return ss;
}
@@ -1413,16 +1442,15 @@ setup_shared_secret_ephemeral (struct
GNUNET_CRYPTO_HpkeEncapsulation *ephemeral
* @return new shared secret
*/
static struct SharedSecret *
-setup_initial_shared_secret_ephemeral (struct
- GNUNET_CRYPTO_ElligatorRepresentative *
- representative,
- struct ReceiverAddress *receiver)
+setup_initial_shared_secret_ephemeral (
+ struct GNUNET_CRYPTO_HpkeEncapsulation *c,
+ struct ReceiverAddress *receiver)
{
struct SharedSecret *ss;
struct GNUNET_ShortHashCode k;
- GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&receiver->target.public_key,
- representative, &k);
+ GNUNET_CRYPTO_hpke_elligator_kem_encaps (&receiver->target_hpke_key,
+ c, &k);
ss = GNUNET_new (struct SharedSecret);
memcpy (&ss->master, &k, sizeof (k));
calculate_cmac (ss);
@@ -2160,7 +2188,7 @@ sock_read (void *cls)
struct SenderAddress *sender;
kx = (const struct InitialKX *) buf;
- ss = setup_initial_shared_secret_dec (&kx->representative);
+ ss = setup_initial_shared_secret_dec (&kx->enc);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Before DEC\n");
@@ -2187,8 +2215,9 @@ sock_read (void *cls)
uc = (const struct UDPConfirmation *) pbuf;
struct GNUNET_CRYPTO_EcdhePublicKey pub_ephemeral;
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub_ephemeral, NULL,
- &kx->representative);
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (
+ &pub_ephemeral, NULL,
+ (struct GNUNET_CRYPTO_ElligatorRepresentative*) &kx->enc);
if (GNUNET_OK != verify_confirmation (&pub_ephemeral, uc)) // TODO: need
ephemeral instead of representative
{
GNUNET_break_op (0);
@@ -2418,10 +2447,12 @@ send_msg_with_kx (const struct GNUNET_MessageHeader
*msg, struct
reschedule_receiver_timeout (receiver);
/* setup key material */
- struct GNUNET_CRYPTO_ElligatorRepresentative repr;
- ss = setup_initial_shared_secret_ephemeral (&repr, receiver);
+ struct GNUNET_CRYPTO_HpkeEncapsulation c;
+ struct GNUNET_CRYPTO_ElligatorRepresentative *repr;
+ ss = setup_initial_shared_secret_ephemeral (&c, receiver);
+ repr = (struct GNUNET_CRYPTO_ElligatorRepresentative*) &c;
GNUNET_CRYPTO_ecdhe_elligator_decoding (&uhs.ephemeral, NULL,
- &repr);
+ repr);
if (0 == purge_secrets (receiver->ss_tail))
{
@@ -2461,7 +2492,7 @@ send_msg_with_kx (const struct GNUNET_MessageHeader *msg,
struct
dpos += msize;
do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
/* Datagram starts with kx */
- kx.representative = repr;
+ kx.enc = c;
GNUNET_assert (
0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
gcry_cipher_close (out_cipher);
@@ -2913,6 +2944,8 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity
*peer, const char *address)
receiver->address = in;
receiver->address_len = in_len;
receiver->target = *peer;
+ eddsa_pub_to_hpke_key(&receiver->target.public_key,
+ &receiver->target_hpke_key);
receiver->nt = GNUNET_NT_scanner_get_type (is, in, in_len);
(void) GNUNET_CONTAINER_multihashmap_put (
receivers,
@@ -3577,6 +3610,7 @@ run (void *cls,
return;
}
GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
+ eddsa_priv_to_hpke_key(my_private_key, &my_x25519_private_key);
/* start reading */
read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
udp_sock,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.