Recipient in encrypted packet is needed for future changes

diff --git a/VERSION b/VERSION
index f3040840fd7058ec0e224314c609184fd4ec53f2..d3827e75a5cadb9fe4a27e1cb9b6d192e7323120 100644 (file)
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.13
+1.0

diff --git a/doc/news.ru.texi b/doc/news.ru.texi
index 5c5ee0d135eae55630cc2ea1429f2098deaa5dc7..6d83db8442810cce5688b46ab129cf56ff05f4ce 100644 (file)
--- a/doc/news.ru.texi
+++ b/doc/news.ru.texi
@@ -1,10 +1,13 @@
 @node Новости
 @section Новости
 
-@node Релиз 0.13
-@subsection Релиз 0.13
+@node Релиз 1.0
+@subsection Релиз 1.0
 @itemize
 @item
+@strong{Несовместимое} изменение формата зашифрованных пакетов. Работа
+со старыми версиями не поддерживается.
+@item
 В команде @command{nncp-call} разрешается иметь только одного
 обработчика контрольной суммы в фоне. Это полезно когда тысячи маленьких
 входящих пакетов могут создать много горутин.

diff --git a/doc/news.texi b/doc/news.texi
index d673d807537ffc7202b3376bb7214f5c8c83da75..e03a11c0867f42b1bf9e8bc9267d218192af16c8 100644 (file)
--- a/doc/news.texi
+++ b/doc/news.texi
@@ -7,6 +7,9 @@ See also this page @ref{Новости, on russian}.
 @section Release 0.13
 @itemize
 @item
+@strong{Incompatible} encrypted packet format changes. Older versions
+are not supported.
+@item
 Single background checksum verifier worker is allowed in
 @command{nncp-call}. This is helpful when thousands of small inbound
 packets could create many goroutines.

diff --git a/doc/pkt.texi b/doc/pkt.texi
index 4549505961533aed1290bffe37d79f85824abb60..c0103994ee8a24180a19d8ed4527af3d666cb55a 100644 (file)
--- a/doc/pkt.texi
+++ b/doc/pkt.texi
@@ -70,13 +70,13 @@ Each encrypted packet has the following header:
 @verbatim
   +------------ HEADER -------------+   +-------- ENCRYPTED --------+
  /                                   \ /                             \
-+-------------------------------------+------------+----...-----------+------+
-| MAGIC | NICE | SENDER | EPUB | SIGN | SIZE | MAC | CIPHERTEXT | MAC | JUNK |
-+------------------------------/------\------------+----...-----------+------+
-                              /        \
-               +-------------------------------------+
-               | MAGIC | NICE | RCPT | SENDER | EPUB |
-               +-------------------------------------+
++--------------------------------------------+------------+----...-----------+------+
+| MAGIC | NICE | SENDER | RCPT | EPUB | SIGN | SIZE | MAC | CIPHERTEXT | MAC | JUNK |
++-------------------------------------/------\------------+----...-----------+------+
+                                     /        \
+                      +-------------------------------------+
+                      | MAGIC | NICE | SENDER | RCPT | EPUB |
+                      +-------------------------------------+
 @end verbatim
 
 @multitable @columnfractions 0.2 0.3 0.5
@@ -90,6 +90,9 @@ Each encrypted packet has the following header:
 @item Sender @tab
     32-byte, fixed length opaque data @tab
     Sender node's id
+@item Recipient @tab
+    32-byte, fixed length opaque data @tab
+    Recipient node's id
 @item Exchange public key @tab
     32-byte, fixed length opaque data @tab
     Ephemeral curve25519 public key
@@ -98,15 +101,7 @@ Each encrypted packet has the following header:
     ed25519 signature for that packet's header
 @end multitable
 
-Signature is calculated over the following structure:
-
-@itemize
-@item Magic number
-@item Niceness
-@item Recipient (32-byte recipient node's id)
-@item Sender
-@item Exchange public key
-@end itemize
+Signature is calculated over all previous fields.
 
 All following encryption is done using
 @url{https://www.schneier.com/academic/twofish/, Twofish} algorithm with

diff --git a/src/cypherpunks.ru/nncp/cmd/nncp-pkt/main.go b/src/cypherpunks.ru/nncp/cmd/nncp-pkt/main.go
index 93759b69ee7037fca2984d42580fbd7bc2c1e13f..170b9e1990c81934254760cff1fe7ad7521cdccc 100644 (file)
--- a/src/cypherpunks.ru/nncp/cmd/nncp-pkt/main.go
+++ b/src/cypherpunks.ru/nncp/cmd/nncp-pkt/main.go
@@ -112,7 +112,7 @@ func main() {
        }
        var pktEnc nncp.PktEnc
        _, err = xdr.Unmarshal(bytes.NewReader(beginning), &pktEnc)
-       if err == nil && pktEnc.Magic == nncp.MagicNNCPEv1 {
+       if err == nil && pktEnc.Magic == nncp.MagicNNCPEv2 {
                if *dump {
                        cfgRaw, err := ioutil.ReadFile(nncp.CfgPathFromEnv(cfgPath))
                        if err != nil {
@@ -143,8 +143,8 @@ func main() {
                        return
                }
                fmt.Printf(
-                       "Packet type: encrypted\nNiceness: %d\nSender: %s\n",
-                       pktEnc.Nice, pktEnc.Sender,
+                       "Packet type: encrypted\nNiceness: %d\nSender: %s\nRecipient: %s\n",
+                       pktEnc.Nice, pktEnc.Sender, pktEnc.Recipient,
                )
                return
        }

diff --git a/src/cypherpunks.ru/nncp/cmd/nncp-xfer/main.go b/src/cypherpunks.ru/nncp/cmd/nncp-xfer/main.go
index bcd76257bf0581a0fd2abf026893014411861104..5abac1f02db6789aad34d628cb9b5acdd7c1662e 100644 (file)
--- a/src/cypherpunks.ru/nncp/cmd/nncp-xfer/main.go
+++ b/src/cypherpunks.ru/nncp/cmd/nncp-xfer/main.go
@@ -174,7 +174,7 @@ func main() {
                        }
                        var pktEnc nncp.PktEnc
                        _, err = xdr.Unmarshal(fd, &pktEnc)
-                       if err != nil || pktEnc.Magic != nncp.MagicNNCPEv1 {
+                       if err != nil || pktEnc.Magic != nncp.MagicNNCPEv2 {
                                ctx.LogD("nncp-xfer", sds, "is not a packet")
                                fd.Close()
                                continue

diff --git a/src/cypherpunks.ru/nncp/jobs.go b/src/cypherpunks.ru/nncp/jobs.go
index 1f3afd1e4f93534347b1826b73e28a62c48c16e1..4a59db02d5f60874230c549fea2df61bacef8e18 100644 (file)
--- a/src/cypherpunks.ru/nncp/jobs.go
+++ b/src/cypherpunks.ru/nncp/jobs.go
@@ -64,7 +64,7 @@ func (ctx *Ctx) Jobs(nodeId *NodeId, xx TRxTx) chan Job {
                                continue
                        }
                        var pktEnc PktEnc
-                       if _, err = xdr.Unmarshal(fd, &pktEnc); err != nil || pktEnc.Magic != MagicNNCPEv1 {
+                       if _, err = xdr.Unmarshal(fd, &pktEnc); err != nil || pktEnc.Magic != MagicNNCPEv2 {
                                fd.Close()
                                continue
                        }

diff --git a/src/cypherpunks.ru/nncp/pkt.go b/src/cypherpunks.ru/nncp/pkt.go
index b35f83e3ee969f6fdaad031ae3972b83b8cf04bb..fa46282c3b9354d5ea8382ec57d46096cd3a53e9 100644 (file)
--- a/src/cypherpunks.ru/nncp/pkt.go
+++ b/src/cypherpunks.ru/nncp/pkt.go
@@ -53,7 +53,7 @@ const (
 
 var (
        MagicNNCPPv1 [8]byte = [8]byte{'N', 'N', 'C', 'P', 'P', 0, 0, 1}
-       MagicNNCPEv1 [8]byte = [8]byte{'N', 'N', 'C', 'P', 'E', 0, 0, 1}
+       MagicNNCPEv2 [8]byte = [8]byte{'N', 'N', 'C', 'P', 'E', 0, 0, 2}
        BadMagic     error   = errors.New("Unknown magic number")
        BadPktType   error   = errors.New("Unknown packet type")
 
@@ -71,17 +71,18 @@ type Pkt struct {
 type PktTbs struct {
        Magic     [8]byte
        Nice      uint8
-       Recipient *NodeId
        Sender    *NodeId
+       Recipient *NodeId
        ExchPub   *[32]byte
 }
 
 type PktEnc struct {
-       Magic   [8]byte
-       Nice    uint8
-       Sender  *NodeId
-       ExchPub *[32]byte
-       Sign    *[ed25519.SignatureSize]byte
+       Magic     [8]byte
+       Nice      uint8
+       Sender    *NodeId
+       Recipient *NodeId
+       ExchPub   *[32]byte
+       Sign      *[ed25519.SignatureSize]byte
 }
 
 func init() {
@@ -102,11 +103,12 @@ func init() {
                panic(err)
        }
        pktEnc := PktEnc{
-               Magic:   MagicNNCPEv1,
-               Nice:    123,
-               Sender:  dummyId,
-               ExchPub: new([32]byte),
-               Sign:    new([ed25519.SignatureSize]byte),
+               Magic:     MagicNNCPEv2,
+               Nice:      123,
+               Sender:    dummyId,
+               Recipient: dummyId,
+               ExchPub:   new([32]byte),
+               Sign:      new([ed25519.SignatureSize]byte),
        }
        n, err = xdr.Marshal(&buf, pktEnc)
        if err != nil {
@@ -157,10 +159,10 @@ func PktEncWrite(our *NodeOur, their *Node, pkt *Pkt, nice uint8, size, padSize
                return err
        }
        tbs := PktTbs{
-               Magic:     MagicNNCPEv1,
+               Magic:     MagicNNCPEv2,
                Nice:      nice,
-               Recipient: their.Id,
                Sender:    our.Id,
+               Recipient: their.Id,
                ExchPub:   pubEph,
        }
        var tbsBuf bytes.Buffer
@@ -170,18 +172,19 @@ func PktEncWrite(our *NodeOur, their *Node, pkt *Pkt, nice uint8, size, padSize
        signature := new([ed25519.SignatureSize]byte)
        copy(signature[:], ed25519.Sign(our.SignPrv, tbsBuf.Bytes()))
        pktEnc := PktEnc{
-               Magic:   MagicNNCPEv1,
-               Nice:    nice,
-               Sender:  our.Id,
-               ExchPub: pubEph,
-               Sign:    signature,
+               Magic:     MagicNNCPEv2,
+               Nice:      nice,
+               Sender:    our.Id,
+               Recipient: their.Id,
+               ExchPub:   pubEph,
+               Sign:      signature,
        }
        if _, err = xdr.Marshal(out, &pktEnc); err != nil {
                return err
        }
        sharedKey := new([32]byte)
        curve25519.ScalarMult(sharedKey, prvEph, their.ExchPub)
-       kdf := hkdf.New(blake256, sharedKey[:], nil, MagicNNCPEv1[:])
+       kdf := hkdf.New(blake256, sharedKey[:], nil, MagicNNCPEv2[:])
 
        keyEnc := make([]byte, 32)
        if _, err = io.ReadFull(kdf, keyEnc); err != nil {
@@ -257,10 +260,10 @@ func PktEncWrite(our *NodeOur, their *Node, pkt *Pkt, nice uint8, size, padSize
 
 func TbsVerify(our *NodeOur, their *Node, pktEnc *PktEnc) (bool, error) {
        tbs := PktTbs{
-               Magic:     MagicNNCPEv1,
+               Magic:     MagicNNCPEv2,
                Nice:      pktEnc.Nice,
-               Recipient: our.Id,
                Sender:    their.Id,
+               Recipient: our.Id,
                ExchPub:   pktEnc.ExchPub,
        }
        var tbsBuf bytes.Buffer
@@ -276,13 +279,16 @@ func PktEncRead(our *NodeOur, nodes map[NodeId]*Node, data io.Reader, out io.Wri
        if err != nil {
                return nil, 0, err
        }
-       if pktEnc.Magic != MagicNNCPEv1 {
+       if pktEnc.Magic != MagicNNCPEv2 {
                return nil, 0, BadMagic
        }
        their, known := nodes[*pktEnc.Sender]
        if !known {
                return nil, 0, errors.New("Unknown sender")
        }
+       if *pktEnc.Recipient != *our.Id {
+               return nil, 0, errors.New("Invalid recipient")
+       }
        verified, err := TbsVerify(our, their, &pktEnc)
        if err != nil {
                return nil, 0, err
@@ -292,7 +298,7 @@ func PktEncRead(our *NodeOur, nodes map[NodeId]*Node, data io.Reader, out io.Wri
        }
        sharedKey := new([32]byte)
        curve25519.ScalarMult(sharedKey, our.ExchPrv, pktEnc.ExchPub)
-       kdf := hkdf.New(blake256, sharedKey[:], nil, MagicNNCPEv1[:])
+       kdf := hkdf.New(blake256, sharedKey[:], nil, MagicNNCPEv2[:])
 
        keyEnc := make([]byte, 32)
        if _, err = io.ReadFull(kdf, keyEnc); err != nil {