Commit 678dd07b authored by Bernd Paysan's avatar Bernd Paysan

Tie secret key to routes

parent bff8bb17
......@@ -131,6 +131,8 @@ warnings !
: #. ( hash -- ) ['] #.entry #map ;
warnings !
' Variable alias hash:
\ test: move dictionary to hash
0 [IF]
......@@ -147,4 +149,4 @@ variable ht
context @ cell+ BEGIN @ dup WHILE
dup name>string 2dup ht #key dup hex. cr ht #.key $@ str= 0= IF ." unequal" cr THEN
REPEAT drop ;
[THEN]
\ No newline at end of file
[THEN]
......@@ -112,13 +112,13 @@ User dest-0key> \ pointer to dest-0key
User dest-0key< \ pointer to obtained dest-0key
: addr>6sock ( -- )
host-key sec@ dest-0key< sec!
host-key sec@ 2dup lastaddr# $! dest-0key< sec!
host-portv6 w@ sockaddr1 port be-w!
host-ipv6 sockaddr1 sin6_addr ip6!
host-route $@ !temp-addr ;
: addr>4sock ( -- )
host-key sec@ dest-0key< sec!
host-key sec@ 2dup lastaddr# $! dest-0key< sec!
host-portv4 w@ sockaddr1 port be-w!
host-ipv4 be-ul@ sockaddr1 ipv4!
host-route $@ !temp-addr ;
......@@ -223,7 +223,7 @@ also net2o-base
[: cmd$ $! return-address $10 0 -skip $, addr-route ;] gen-cmd$ ;
previous
: >sockaddr ( -- addr len )
return-address be@ routes #.key $@ .sockaddr ;
return-address be@ routes# #.key $@ .sockaddr ;
0 [IF]
Local Variables:
......
......@@ -80,7 +80,7 @@ $30 net2o: tmpnest ( $:string -- ) \g nested (temporary encrypted) command
\g cose a opened tmpnest, and add the necessary stuff
nest-stack $[]# IF ]tmpnest THEN ;
+net2o: close-encnest ( -- )
\g cose a opened tmpnest, and add the necessary stuff
\g cose a opened encnest, and add the necessary stuff
nest-stack $[]# IF ]encnest THEN ;
+net2o: new-data ( addr addr u -- ) \g create new data mapping
......@@ -139,13 +139,13 @@ net2o-base
net2o:update-key ;
+net2o: gen-ivs ( $:string -- ) \g generate IVs
$> tmp-ivs sec! [ ivs-val receive-val or ]L validated or! ;
+net2o: set-cmd0key ( $:string -- ) \g set key for reply
$> dup ?keysize your-0key sec! ;
+net2o: addr-key! ( $:string -- ) \g set key for reply
$> dup ?keysize lastaddr# cell+ $! ;
: cookie, ( xtd xtto -- ) add-cookie lit, set-cookie ;
: #request, ( -- ) ulit, request-done ;
: request, ( -- ) next-request #request, ;
: 0key, ( -- ) my-0key sec@ $, set-cmd0key ;
: 0key, ( -- ) my-0key sec@ sec$, addr-key! ;
: gen-punch ( -- ) nat( ." gen punches" forth:cr )
my-addr$ [: -sig nat( ticks .ticks ." gen punch: " 2dup .addr$ forth:cr ) $, punch ;] $[]map ;
......
......@@ -21,7 +21,8 @@ keypack# key-salt# + key-cksum# + Constant keypack-all#
key-salt# key-cksum# + Constant wrapper#
Variable my-0key
Variable your-0key
: your-0key ( -- addr u )
o IF dest-0key sec@ ELSE lastaddr# cell+ $@ THEN ;
user-o keytmp \ storage for secure temporary keys
......@@ -97,8 +98,16 @@ init-keybuf
state# rng$ mykey swap move
genkey( ." mykey: " mykey state# xtype cr ) ;
0 Value header-key
0 Value header-your-key
$20 buffer: dummy-buf
: init-my0key ( -- )
no0key( EXIT ) keysize rng$ my-0key sec! ;
no0key( EXIT ) keysize rng$ my-0key sec!
kalloc64 dup to header-key $40 erase
kalloc64 dup to header-your-key $40 erase
my-0key sec@ header-key swap move
header-key dummy-buf dup $C tf_encrypt_256 ( sets tweaks ) ;
: ?new-mykey ( -- )
last-mykey 64@ ticker 64@ 64- 64-0< IF init-mykey THEN ;
......@@ -193,6 +202,14 @@ scope{ mapc
: decrypt-pw$ ( addr u1 key u2 -- addr' u' flag ) 2over pw-setup >r
crypt-key-init r> pw-diffuse key-cksum# - 2dup 0 c:decrypt+auth ;
\ encrypt/decrypt header
: header-encrypt ( addr -- )
your-0key header-your-key swap move
header-your-key swap dup $C tf_encrypt_256 ;
: header-decrypt ( addr -- )
header-key swap dup $0 tf_decrypt_256 ;
\ encrypt with own key
: mykey-encrypt$ ( addr u -- ) +calc
......@@ -229,7 +246,7 @@ scope{ mapc
: outbuf0-encrypt ( -- ) +calc
outbuf mapaddr le-64@ outbuf hdrflags le-uw@ addr>assembly
o IF dest-0key ELSE your-0key THEN sec@ set-0key
your-0key set-0key
outbuf packet-data +cryptsu
outbuf 1+ c@ c:encrypt+auth +enc ;
......
......@@ -153,7 +153,7 @@ event: :>do-beacon ( addr -- )
: ?-beacon ( -- )
\G if we don't know that address, send a reply
net2o-sock
sockaddr alen @ routes #key -1 = IF s" !" ELSE s" ." THEN
sockaddr alen @ routes# #key -1 = IF s" !" ELSE s" ." THEN
beacon( ticks .ticks ." Send '" 2dup type ." ' reply to: " sockaddr alen @ .address forth:cr )
0 sockaddr alen @ sendto drop +send ;
: !-beacon ( -- )
......@@ -225,7 +225,8 @@ User hostc$ \ check for this hostname
connect( ." insert host: " temp-addr .addr-path cr )
ret-addr $10 0 skip nip 0= IF
temp-addr ret-addr $10 move
dest-0key< sec@ dup IF dest-0key> @ sec! ELSE 2drop THEN
dest-0key< sec@ dup IF
2dup lastaddr# cell+ $! dest-0key> @ sec! ELSE 2drop THEN
THEN drop true ;] addr>sock ;
: insert-addr$ ( addr u -- flag ) dest-0key dest-0key> !
......
......@@ -307,7 +307,7 @@ Forward !my-addr ( -- )
BEGIN dup WHILE over c@ $80 < >r 1 /string r> UNTIL THEN ;
: .addr-path ( addr -- )
dup be@ routes #.key dup 0= IF drop $10 xtype ELSE
dup be@ routes# #.key dup 0= IF drop $10 xtype ELSE
$@ .address
$10 pathc+ 0 -skip dup IF '|' emit THEN xtype THEN ;
......
......@@ -93,7 +93,7 @@ $00000000 Value droprate#
\ clients routing table
: init-route ( -- ) s" " routes hash@ $! ; \ field 0 is me, myself
: init-route ( -- ) s" " routes# hash@ $! ; \ field 0 is me, myself
: ipv4>ipv6 ( addr u -- addr' u' )
drop >r
......@@ -107,18 +107,18 @@ $00000000 Value droprate#
: info>string ( info -- addr u )
info@ ?>ipv6 ;
0 Value lastaddr
0 Value lastaddr#
Variable lastn2oaddr
: insert-address ( addr u -- net2o-addr )
address( ." Insert address " 2dup .address cr )
lastaddr IF 2dup lastaddr over str=
lastaddr# IF 2dup lastaddr# $@ str=
IF 2drop lastn2oaddr @ EXIT THEN
THEN
2dup routes #key dup -1 = IF
drop s" " 2over routes #!
last# $@ drop to lastaddr
routes #key dup lastn2oaddr !
2dup routes# #key dup -1 = IF
drop s" " 2over routes# #!
last# to lastaddr#
routes# #key dup lastn2oaddr !
ELSE
nip nip
THEN ;
......@@ -134,10 +134,8 @@ Variable lastn2oaddr
: insert-ip4 ( addr u port -- net2o-addr ) PF_INET insert-ip* ;
: insert-ip6 ( addr u port -- net2o-addr ) PF_INET6 insert-ip* ;
: address>route ( -- n/-1 )
sockaddr alen @ insert-address ;
: route>address ( n -- flag )
routes #.key dup 0= ?EXIT
routes# #.key dup 0= ?EXIT
$@ sockaddr swap dup alen ! move true ;
\ route an incoming packet
......@@ -217,7 +215,6 @@ Variable lastn2oaddr
rdrop false EXIT THEN
2drop true ; \ local packet
: in-check ( -- flag ) address>route -1 <> ;
: out-route ( -- ) 0 outbuf packet-route drop ;
0 [IF]
......@@ -234,4 +231,4 @@ forth-local-indent-words:
(("net2o:" "+net2o:") (0 . 2) (0 . 2) non-immediate)
)
End:
[THEN]
\ No newline at end of file
[THEN]
......@@ -91,7 +91,7 @@ $10 Constant key-cksum#
UValue inbuf ( -- addr )
UValue tmpbuf ( -- addr )
UValue outbuf ( -- addr )
Variable routes
hash: routes#
\ add IP addresses
......
\ threefish wrapper
\ Copyright (C) 2012-2015 Bernd Paysan
\ Copyright (C) 2015,2018 Bernd Paysan
\ This program is free software: you can redistribute it and/or modify
\ it under the terms of the GNU Affero General Public License as published by
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment