checksums now covers all header bits, including flow control (ignored for cookie)

: c:add-tag ( -- ) +addme

    net2o-code

      expect-reply

      s" DHT test" $, type cr get-ip

      log s" DHT test" $, type cr endwith get-ip

      pkc keysize 2* $, dht-id

      forever "test:tag" pkc keysize 2* gen-tag-del $, dht-tags-

      forever "test:tag" pkc keysize 2* gen-tag $, dht-tags+

    \G Encrypt message in buffer addr u

    umethod c:decrypt ( addr u -- )

    \G Decrypt message in buffer addr u

    umethod c:encrypt+auth ( addr u -- )

    umethod c:encrypt+auth ( addr u tag -- )

    \G Encrypt message in buffer addr u

    umethod c:decrypt+auth ( addr u -- flag )

    umethod c:decrypt+auth ( addr u tag -- flag )

    \G Decrypt message in buffer addr u

    umethod c:hash ( addr u -- )

    \G Hash message in buffer addr u

    umethod c:prng ( addr u -- )

    \G Fill buffer addr u with PRNG sequence

    umethod c:checksum ( -- xd )

    umethod c:checksum ( tag -- xd )

    \G compute a 128 bit checksum

    umethod c:cookie ( -- x )

    \G compute a different checksum

    \G compute a different 64 bit checksum

end-class crypto

25 8 * Constant keccak#

128 Constant keccak#max

24 Constant keccak#cks

128 Constant keccak#cks

UValue @keccak

\    BEGIN  @keccak KeccakF  2dup keccak#max umin tuck -keccak

\    /string dup 0= UNTIL  2drop

; to c:decrypt ( addr u -- )

:noname ( addr u -- )

:noname ( addr u tag -- )

    \G Encrypt message in buffer addr u with auth

\    BEGIN  @keccak KeccakF  2dup keccak#max umin tuck +keccak

\    /string dup 0= UNTIL  drop

    @keccak -rot KeccakEncryptLoop

    { tag } @keccak -rot KeccakEncryptLoop

    @keccak KeccakF

    >r keccak-checksums keccak#cks keccak> keccak-checksums 128@ r> 128!

    >r keccak-checksums keccak#cks keccak>

    keccak-checksums tag 7 and 4 lshift + 128@ r> 128!

; to c:encrypt+auth ( addr u -- )

:noname ( addr u -- )

:noname ( addr u tag -- )

    \G Decrypt message in buffer addr u, with auth check

\    BEGIN  @keccak KeccakF  2dup keccak#max umin tuck -keccak

\    /string dup 0= UNTIL  drop

    @keccak -rot KeccakDecryptLoop

    { tag } @keccak -rot KeccakDecryptLoop

    @keccak KeccakF

    128@ keccak-checksums keccak#cks keccak> keccak-checksums 128@ 128=

    128@ keccak-checksums keccak#cks keccak>

    keccak-checksums tag 7 and 4 lshift + 128@ 128=

; to c:decrypt+auth ( addr u -- flag )

:noname ( addr u -- )

\G Hash message in buffer addr u

; to c:prng

\G Fill buffer addr u with PRNG sequence

:noname @keccak KeccakF

    keccak-checksums keccak#cks keccak> keccak-checksums 128@ ; to c:checksum ( -- xd )

    keccak-checksums keccak#cks keccak>

    7 and 4 lshift keccak-checksums + 128@ ; to c:checksum ( tag -- xd )

\G compute a 128 bit checksum

:noname keccak-checksums keccak#cks keccak> keccak-checksums $10 + 64@ ; to c:cookie ( -- x )

\G obtain a different 64 bit checksum part

:noname keccak-checksums keccak#cks keccak>

    64#0 keccak-checksums keccak#cks bounds ?DO

	I 64@ 64xor  8 +LOOP ; to c:cookie ( -- x )

\G obtain a 64 bit checksum

keccak ' new static-a with-allocater Constant keccak-o

    ELSE  ." don't store key: o=" o hex. .nnb F cr  THEN ;

+net2o: map-request ( addrs ucode udata -- ) \ request mapping

    knocked? 0= IF   64drop 64drop 64drop un-cmd  EXIT  THEN

    2*64>n

    nest[

    ?new-mykey ticker 64@ lit, set-cookie

    update-key all-ivs ;

+net2o: gen-reply ( -- ) \ generate a key request reply reply

    own-crypt? 0= ?EXIT

    own-crypt? knocked? or 0= ?EXIT

    [: crypt( ." Reply key: " tmpkey@ .nnb F cr )

      reply-key, cookie+request time-offset! ]tmpnest

      push-cmd ;]  IS expect-reply? ;

+net2o: gen-punch-reply ( -- )  o? \ generate a key request reply reply

    knocked? 0= ?EXIT

    [: crypt( ." Reply key: " tmpkey@ .nnb F cr )

      reply-key, gen-punchload gen-punch time-offset! ]tmpnest

      push-cmd ;]  IS expect-reply? ;

+net2o: knock ( $:challenge -- ) $> net2o:knock knock-val and validated or! ;

gen-table $freeze

\ everything that follows here can assume to have a connection context

    2>r over >r  rng@ rng@ r> 128! 2r> crypt-key-init ;

: encrypt$ ( addr u1 key u2 -- )

    crypt-key-setup  2 64s - c:encrypt+auth ;

    crypt-key-setup  2 64s - 0 c:encrypt+auth ;

: decrypt$ ( addr u1 key u2 -- addr' u' flag )

    crypt-key-init 2 64s - 2dup c:decrypt+auth ;

    crypt-key-init 2 64s - 2dup 0 c:decrypt+auth ;

\ passphraese encryption needs to diffuse a lot after mergin in the salt

    drop c@ $F and 2* $100 swap lshift ;

: encrypt-pw$ ( addr u1 key u2 n -- )

    crypt-pw-setup  pw-diffuse  2 64s - c:encrypt+auth ;

    crypt-pw-setup  pw-diffuse  2 64s - 0 c:encrypt+auth ;

: decrypt-pw$ ( addr u1 key u2 -- addr' u' flag )  2over pw-setup >r

    crypt-key-init   r> pw-diffuse  2 64s - 2dup c:decrypt+auth ;

    crypt-key-init   r> pw-diffuse  2 64s - 2dup 0 c:decrypt+auth ;

\ encrypt with own key

    $>align oldmykey state# decrypt$ +enc ;

: outbuf-encrypt ( map -- ) +calc

    crypt-buf-init outbuf packet-data +cryptsu c:encrypt+auth +enc ;

    crypt-buf-init outbuf packet-data +cryptsu

    outbuf 1+ c@ c:encrypt+auth +enc ;

: inbuf-decrypt ( map -- flag2 ) +calc

    crypt-buf-init inbuf packet-data +cryptsu c:decrypt+auth +enc ;

    crypt-buf-init inbuf packet-data +cryptsu

    inbuf 1+ c@ c:decrypt+auth +enc ;

\ IVS

    THEN

    2drop ;

\ port knocking

Variable knocks

: net2o:knock ( addr u -- flag )

    0 -rot knocks [: 2over 2swap decrypt$ nip nip -rot 2>r or 2r>

    ;] $[]map 2drop ;

0 [IF]

Local Variables:

forth-local-words: