summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h1
-rw-r--r--src/protocols/ec25519_fhmqvc/handshake.c26
2 files changed, 19 insertions, 8 deletions
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
index 5798a22..01903c8 100644
--- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
+++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
@@ -69,6 +69,7 @@ struct fastd_protocol_peer_state {
uint64_t last_handshake_serial;
aligned_int256_t peer_handshake_key;
aligned_int256_t sigma;
+ fastd_sha256_t shared_handshake_key;
fastd_sha256_t shared_handshake_key_compat;
};
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index c6c00e5..a981e30 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -134,7 +134,9 @@ static inline bool secure_handshake(const fastd_handshake_t *handshake) {
static bool make_shared_handshake_key(fastd_context_t *ctx, const handshake_key_t *handshake_key, bool initiator,
const aligned_int256_t *A, const aligned_int256_t *B,
const aligned_int256_t *X, const aligned_int256_t *Y,
- aligned_int256_t *sigma, fastd_sha256_t *shared_handshake_key_compat) {
+ aligned_int256_t *sigma,
+ fastd_sha256_t *shared_handshake_key,
+ fastd_sha256_t *shared_handshake_key_compat) {
ecc_25519_work_t work, workXY;
if (!ecc_25519_load_packed(&workXY, initiator ? Y : X))
@@ -180,7 +182,12 @@ static bool make_shared_handshake_key(fastd_context_t *ctx, const handshake_key_
return false;
ecc_25519_store_packed(sigma, &work);
- fastd_sha256_blocks(shared_handshake_key_compat, Y->p, X->p, B->p, A->p, sigma->p, NULL);
+
+ if (shared_handshake_key)
+ fastd_sha256_blocks(shared_handshake_key, Y->p, X->p, B->p, A->p, sigma->p, NULL);
+
+ if (shared_handshake_key_compat)
+ fastd_sha256_blocks(shared_handshake_key_compat, Y->p, X->p, B->p, A->p, sigma->p, NULL);
return true;
}
@@ -197,6 +204,7 @@ static bool update_shared_handshake_key(fastd_context_t *ctx, const fastd_peer_t
peer_handshake_key,
&handshake_key->key2.public,
&peer->protocol_state->sigma,
+ &peer->protocol_state->shared_handshake_key,
&peer->protocol_state->shared_handshake_key_compat))
return false;
@@ -208,6 +216,7 @@ static bool update_shared_handshake_key(fastd_context_t *ctx, const fastd_peer_t
static void clear_shared_handshake_key(fastd_context_t *ctx UNUSED, const fastd_peer_t *peer) {
memset(&peer->protocol_state->sigma, 0, sizeof(peer->protocol_state->sigma));
+ memset(&peer->protocol_state->shared_handshake_key, 0, sizeof(peer->protocol_state->shared_handshake_key));
memset(&peer->protocol_state->shared_handshake_key_compat, 0, sizeof(peer->protocol_state->shared_handshake_key_compat));
peer->protocol_state->last_handshake_serial = 0;
@@ -236,7 +245,7 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock,
}
uint8_t *mac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES);
- fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer));
+ fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer));
memcpy(mac, hmacbuf.b, HASHBYTES);
fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer);
@@ -247,14 +256,15 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
pr_debug(ctx, "finishing handshake with %P[%I]...", peer, remote_addr);
aligned_int256_t sigma;
- fastd_sha256_t shared_handshake_key;
+ fastd_sha256_t shared_handshake_key, shared_handshake_key_compat;
if (!make_shared_handshake_key(ctx, handshake_key, true,
&ctx->conf->protocol_config->key.public,
&peer->protocol_config->public_key,
&handshake_key->key1.public,
peer_handshake_key,
&sigma,
- &shared_handshake_key))
+ &shared_handshake_key,
+ &shared_handshake_key_compat))
return;
bool valid;
@@ -266,7 +276,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
valid = fastd_hmacsha256_verify(mac, shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len);
}
else {
- valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL);
+ valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key_compat.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL);
}
if (!valid) {
@@ -293,7 +303,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
}
else {
fastd_sha256_t hmacbuf;
- fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key.w, ctx->conf->protocol_config->key.public.p, handshake_key->key1.public.p, NULL);
+ fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, ctx->conf->protocol_config->key.public.p, handshake_key->key1.public.p, NULL);
fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b);
}
@@ -314,7 +324,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock,
memcpy(mac, handshake->records[RECORD_TLV_MAC].data, HASHBYTES);
memset(handshake->records[RECORD_TLV_MAC].data, 0, HASHBYTES);
- valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key_compat.w, handshake->tlv_data, handshake->tlv_len);
+ valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len);
}
else {
valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, peer->protocol_state->shared_handshake_key_compat.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL);