Tie secret key to routes

678dd07b · Bernd Paysan · bff8bb17 · 678dd07b · 678dd07b · 678dd07b
Verified Commit 678dd07b authored Mar 14, 2018 by Bernd Paysan
9 changed files
--- a/hash-table.fs
+++ b/hash-table.fs
@@ -131,6 +131,8 @@ warnings !
 : #. ( hash -- )  ['] #.entry #map ;
 warnings !

+' Variable alias hash:
+
 \ test: move dictionary to hash

 0 [IF]
@@ -147,4 +149,4 @@ variable ht
    context @ cell+ BEGIN  @ dup  WHILE
 	    dup name>string 2dup ht #key dup hex. cr ht #.key $@ str= 0= IF ." unequal" cr THEN
    REPEAT  drop ;
-[THEN]
\ No newline at end of file
+[THEN]
--- a/net2o-addr.fs
+++ b/net2o-addr.fs
@@ -112,13 +112,13 @@ User dest-0key> \ pointer to dest-0key
 User dest-0key< \ pointer to obtained dest-0key

 : addr>6sock ( -- )
-    host-key sec@ dest-0key< sec!
+    host-key sec@ 2dup lastaddr# $! dest-0key< sec!
    host-portv6 w@ sockaddr1 port be-w!
    host-ipv6 sockaddr1 sin6_addr ip6!
    host-route $@ !temp-addr ;

 : addr>4sock ( -- )
-    host-key sec@ dest-0key< sec!
+    host-key sec@ 2dup lastaddr# $! dest-0key< sec!
    host-portv4 w@ sockaddr1 port be-w!
    host-ipv4 be-ul@ sockaddr1 ipv4!
    host-route $@ !temp-addr ;
@@ -223,7 +223,7 @@ also net2o-base
    [: cmd$ $! return-address $10 0 -skip $, addr-route ;] gen-cmd$ ;
 previous
 : >sockaddr ( -- addr len )
-    return-address be@ routes #.key $@ .sockaddr ;
+    return-address be@ routes# #.key $@ .sockaddr ;

 0 [IF]
 Local Variables:

--- a/net2o-connect.fs
+++ b/net2o-connect.fs
@@ -80,7 +80,7 @@ $30 net2o: tmpnest ( $:string -- ) \g nested (temporary encrypted) command
    \g cose a opened tmpnest, and add the necessary stuff
    nest-stack $[]# IF  ]tmpnest  THEN ;
 +net2o: close-encnest ( -- )
-    \g cose a opened tmpnest, and add the necessary stuff
+    \g cose a opened encnest, and add the necessary stuff
    nest-stack $[]# IF  ]encnest  THEN ;

 +net2o: new-data ( addr addr u -- ) \g create new data mapping
@@ -139,13 +139,13 @@ net2o-base
    net2o:update-key ;
 +net2o: gen-ivs ( $:string -- ) \g generate IVs
    $> tmp-ivs sec! [ ivs-val receive-val or ]L validated or! ;
-+net2o: set-cmd0key ( $:string -- ) \g set key for reply
-    $> dup ?keysize your-0key sec! ;
+net2o: addr-key! ( $:string -- ) \g set key for reply
+    $> dup ?keysize lastaddr# cell+ $! ;

 : cookie, ( xtd xtto -- )  add-cookie lit, set-cookie ;
 : #request, ( -- )  ulit, request-done ;
 : request, ( -- )  next-request #request, ;
-: 0key, ( -- ) my-0key sec@ $, set-cmd0key ;
+: 0key, ( -- ) my-0key sec@ sec$, addr-key! ;

 : gen-punch ( -- ) nat( ." gen punches" forth:cr )
    my-addr$ [: -sig nat( ticks .ticks ."  gen punch: " 2dup .addr$ forth:cr ) $, punch ;] $[]map ;

--- a/net2o-crypt.fs
+++ b/net2o-crypt.fs
@@ -21,7 +21,8 @@ keypack# key-salt# + key-cksum# + Constant keypack-all#
 key-salt# key-cksum# + Constant wrapper#

 Variable my-0key
-Variable your-0key
+: your-0key ( -- addr u )
+    o IF  dest-0key sec@  ELSE  lastaddr# cell+ $@  THEN ;

 user-o keytmp \ storage for secure temporary keys

@@ -97,8 +98,16 @@ init-keybuf
    state# rng$ mykey swap move
    genkey( ." mykey: " mykey state# xtype cr ) ;

+0 Value header-key
+0 Value header-your-key
+$20 buffer: dummy-buf
+
 : init-my0key ( -- )
-    no0key( EXIT ) keysize rng$ my-0key sec! ;
+    no0key( EXIT ) keysize rng$ my-0key sec!
+    kalloc64 dup to header-key $40 erase
+    kalloc64 dup to header-your-key $40 erase
+    my-0key sec@  header-key swap move
+    header-key dummy-buf dup $C tf_encrypt_256 ( sets tweaks ) ;

 : ?new-mykey ( -- )
    last-mykey 64@ ticker 64@ 64- 64-0< IF  init-mykey  THEN ;
@@ -193,6 +202,14 @@ scope{ mapc
 : decrypt-pw$ ( addr u1 key u2 -- addr' u' flag )  2over pw-setup >r
    crypt-key-init   r> pw-diffuse key-cksum# - 2dup 0 c:decrypt+auth ;

+\ encrypt/decrypt header
+
+: header-encrypt ( addr -- )
+    your-0key header-your-key swap move
+    header-your-key swap dup $C tf_encrypt_256 ;
+: header-decrypt ( addr -- )
+    header-key swap dup $0 tf_decrypt_256 ;
+
 \ encrypt with own key

 : mykey-encrypt$ ( addr u -- ) +calc
@@ -229,7 +246,7 @@ scope{ mapc

 : outbuf0-encrypt ( -- ) +calc
    outbuf mapaddr le-64@ outbuf hdrflags le-uw@ addr>assembly
-    o IF  dest-0key  ELSE  your-0key  THEN  sec@ set-0key
+    your-0key  set-0key
    outbuf packet-data +cryptsu
    outbuf 1+ c@ c:encrypt+auth +enc ;


--- a/net2o-helper.fs
+++ b/net2o-helper.fs
@@ -153,7 +153,7 @@ event: :>do-beacon ( addr -- )
 : ?-beacon ( -- )
    \G if we don't know that address, send a reply
    net2o-sock
-    sockaddr alen @ routes #key -1 = IF  s" !"  ELSE  s" ."  THEN
+    sockaddr alen @ routes# #key -1 = IF  s" !"  ELSE  s" ."  THEN
    beacon( ticks .ticks ."  Send '" 2dup type ." ' reply to: " sockaddr alen @ .address forth:cr )
    0 sockaddr alen @ sendto drop +send ;
 : !-beacon ( -- )
@@ -225,7 +225,8 @@ User hostc$ \ check for this hostname
      connect( ." insert host: " temp-addr .addr-path cr )
      ret-addr $10 0 skip nip 0= IF
 	  temp-addr ret-addr $10 move
-	  dest-0key< sec@ dup IF  dest-0key> @ sec!  ELSE  2drop  THEN
+	  dest-0key< sec@ dup IF
+	      2dup lastaddr# cell+ $! dest-0key> @ sec!  ELSE  2drop  THEN
      THEN  drop true ;] addr>sock ;

 : insert-addr$ ( addr u -- flag )  dest-0key dest-0key> !

--- a/net2o-ip.fs
+++ b/net2o-ip.fs
@@ -307,7 +307,7 @@ Forward !my-addr ( -- )
    BEGIN  dup  WHILE  over c@ $80 < >r 1 /string r>  UNTIL  THEN ;

 : .addr-path ( addr -- )
-    dup be@ routes #.key dup 0= IF  drop $10 xtype  ELSE
+    dup be@ routes# #.key dup 0= IF  drop $10 xtype  ELSE
 	$@ .address
 	$10 pathc+ 0 -skip dup IF  '|' emit  THEN xtype  THEN ;


--- a/net2o-socks.fs
+++ b/net2o-socks.fs
@@ -93,7 +93,7 @@ $00000000 Value droprate#

 \ clients routing table

-: init-route ( -- )  s" " routes hash@ $! ; \ field 0 is me, myself
+: init-route ( -- )  s" " routes# hash@ $! ; \ field 0 is me, myself

 : ipv4>ipv6 ( addr u -- addr' u' )
    drop >r
@@ -107,18 +107,18 @@ $00000000 Value droprate#
 : info>string ( info -- addr u )
    info@ ?>ipv6 ;

-0 Value lastaddr
+0 Value lastaddr#
 Variable lastn2oaddr

 : insert-address ( addr u -- net2o-addr )
    address( ." Insert address " 2dup .address cr )
-    lastaddr IF  2dup lastaddr over str=
+    lastaddr# IF  2dup lastaddr# $@ str=
 	IF  2drop lastn2oaddr @ EXIT  THEN
    THEN
-    2dup routes #key dup -1 = IF
-	drop s" " 2over routes #!
-	last# $@ drop to lastaddr
-	routes #key  dup lastn2oaddr !
+    2dup routes# #key dup -1 = IF
+	drop s" " 2over routes# #!
+	last# to lastaddr#
+	routes# #key  dup lastn2oaddr !
    ELSE
 	nip nip
    THEN ;
@@ -134,10 +134,8 @@ Variable lastn2oaddr
 : insert-ip4 ( addr u port -- net2o-addr ) PF_INET   insert-ip* ;
 : insert-ip6 ( addr u port -- net2o-addr ) PF_INET6  insert-ip* ;

-: address>route ( -- n/-1 )
-    sockaddr alen @ insert-address ;
 : route>address ( n -- flag )
-    routes #.key dup 0= ?EXIT
+    routes# #.key dup 0= ?EXIT
    $@ sockaddr swap dup alen ! move true ;

 \ route an incoming packet
@@ -217,7 +215,6 @@ Variable lastn2oaddr
 	rdrop false  EXIT  THEN
    2drop true ; \ local packet

-: in-check ( -- flag )  address>route -1 <> ;
 : out-route ( -- )  0 outbuf packet-route drop ;

 0 [IF]
@@ -234,4 +231,4 @@ forth-local-indent-words:
     (("net2o:" "+net2o:") (0 . 2) (0 . 2) non-immediate)
    )
 End:
-[THEN]
\ No newline at end of file
+[THEN]
--- a/net2o.fs
+++ b/net2o.fs
@@ -91,7 +91,7 @@ $10 Constant key-cksum#
 UValue inbuf    ( -- addr )
 UValue tmpbuf   ( -- addr )
 UValue outbuf   ( -- addr )
-Variable routes
+hash: routes#

 \ add IP addresses


--- a/threefishlib.fs
+++ b/threefishlib.fs
 \ threefish wrapper

-\ Copyright (C) 2012-2015   Bernd Paysan
+\ Copyright (C) 2015,2018   Bernd Paysan

 \ This program is free software: you can redistribute it and/or modify
 \ it under the terms of the GNU Affero General Public License as published by