diff options
-rw-r--r-- | src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h | 1 | ||||
-rw-r--r-- | src/protocols/ec25519_fhmqvc/handshake.c | 26 |
2 files changed, 19 insertions, 8 deletions
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h index 5798a22..01903c8 100644 --- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h +++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h @@ -69,6 +69,7 @@ struct fastd_protocol_peer_state { uint64_t last_handshake_serial; aligned_int256_t peer_handshake_key; aligned_int256_t sigma; + fastd_sha256_t shared_handshake_key; fastd_sha256_t shared_handshake_key_compat; }; diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c index c6c00e5..a981e30 100644 --- a/src/protocols/ec25519_fhmqvc/handshake.c +++ b/src/protocols/ec25519_fhmqvc/handshake.c @@ -134,7 +134,9 @@ static inline bool secure_handshake(const fastd_handshake_t *handshake) { static bool make_shared_handshake_key(fastd_context_t *ctx, const handshake_key_t *handshake_key, bool initiator, const aligned_int256_t *A, const aligned_int256_t *B, const aligned_int256_t *X, const aligned_int256_t *Y, - aligned_int256_t *sigma, fastd_sha256_t *shared_handshake_key_compat) { + aligned_int256_t *sigma, + fastd_sha256_t *shared_handshake_key, + fastd_sha256_t *shared_handshake_key_compat) { ecc_25519_work_t work, workXY; if (!ecc_25519_load_packed(&workXY, initiator ? Y : X)) @@ -180,7 +182,12 @@ static bool make_shared_handshake_key(fastd_context_t *ctx, const handshake_key_ return false; ecc_25519_store_packed(sigma, &work); - fastd_sha256_blocks(shared_handshake_key_compat, Y->p, X->p, B->p, A->p, sigma->p, NULL); + + if (shared_handshake_key) + fastd_sha256_blocks(shared_handshake_key, Y->p, X->p, B->p, A->p, sigma->p, NULL); + + if (shared_handshake_key_compat) + fastd_sha256_blocks(shared_handshake_key_compat, Y->p, X->p, B->p, A->p, sigma->p, NULL); return true; } @@ -197,6 +204,7 @@ static bool update_shared_handshake_key(fastd_context_t *ctx, const fastd_peer_t peer_handshake_key, &handshake_key->key2.public, &peer->protocol_state->sigma, + &peer->protocol_state->shared_handshake_key, &peer->protocol_state->shared_handshake_key_compat)) return false; @@ -208,6 +216,7 @@ static bool update_shared_handshake_key(fastd_context_t *ctx, const fastd_peer_t static void clear_shared_handshake_key(fastd_context_t *ctx UNUSED, const fastd_peer_t *peer) { memset(&peer->protocol_state->sigma, 0, sizeof(peer->protocol_state->sigma)); + memset(&peer->protocol_state->shared_handshake_key, 0, sizeof(peer->protocol_state->shared_handshake_key)); memset(&peer->protocol_state->shared_handshake_key_compat, 0, sizeof(peer->protocol_state->shared_handshake_key_compat)); peer->protocol_state->last_handshake_serial = 0; @@ -236,7 +245,7 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock, } uint8_t *mac = fastd_handshake_add_zero(ctx, &buffer, RECORD_TLV_MAC, HASHBYTES); - fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key_compat.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); + fastd_hmacsha256(&hmacbuf, peer->protocol_state->shared_handshake_key.w, fastd_handshake_tlv_data(&buffer), fastd_handshake_tlv_len(&buffer)); memcpy(mac, hmacbuf.b, HASHBYTES); fastd_send_handshake(ctx, sock, local_addr, remote_addr, peer, buffer); @@ -247,14 +256,15 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f pr_debug(ctx, "finishing handshake with %P[%I]...", peer, remote_addr); aligned_int256_t sigma; - fastd_sha256_t shared_handshake_key; + fastd_sha256_t shared_handshake_key, shared_handshake_key_compat; if (!make_shared_handshake_key(ctx, handshake_key, true, &ctx->conf->protocol_config->key.public, &peer->protocol_config->public_key, &handshake_key->key1.public, peer_handshake_key, &sigma, - &shared_handshake_key)) + &shared_handshake_key, + &shared_handshake_key_compat)) return; bool valid; @@ -266,7 +276,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f valid = fastd_hmacsha256_verify(mac, shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len); } else { - valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL); + valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, shared_handshake_key_compat.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL); } if (!valid) { @@ -293,7 +303,7 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f } else { fastd_sha256_t hmacbuf; - fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key.w, ctx->conf->protocol_config->key.public.p, handshake_key->key1.public.p, NULL); + fastd_hmacsha256_blocks(&hmacbuf, shared_handshake_key_compat.w, ctx->conf->protocol_config->key.public.p, handshake_key->key1.public.p, NULL); fastd_handshake_add(ctx, &buffer, RECORD_T, HASHBYTES, hmacbuf.b); } @@ -314,7 +324,7 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, memcpy(mac, handshake->records[RECORD_TLV_MAC].data, HASHBYTES); memset(handshake->records[RECORD_TLV_MAC].data, 0, HASHBYTES); - valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key_compat.w, handshake->tlv_data, handshake->tlv_len); + valid = fastd_hmacsha256_verify(mac, peer->protocol_state->shared_handshake_key.w, handshake->tlv_data, handshake->tlv_len); } else { valid = fastd_hmacsha256_blocks_verify(handshake->records[RECORD_T].data, peer->protocol_state->shared_handshake_key_compat.w, peer->protocol_config->public_key.p, peer_handshake_key->p, NULL); |