Docs, code cleanup, and protect the extra new fields of HELLO with encryption as a precaution.

This commit is contained in:
Adam Ierymenko 2017-02-05 16:19:03 -08:00
parent 594cb1fad8
commit 43182f8f57
13 changed files with 163 additions and 116 deletions

View file

@ -542,6 +542,7 @@ public:
* [<[...] destination address to which packet was sent>]
* <[8] 64-bit world ID of current planet>
* <[8] 64-bit timestamp of current planet>
* [... remainder if packet is encrypted using cryptField() ...]
* <[2] 16-bit number of moons>
* [<[1] 8-bit type ID of moon>]
* [<[8] 64-bit world ID of moon>]
@ -550,9 +551,10 @@ public:
* <[2] 16-bit length of certificate of representation>
* [... certificate of representation ...]
*
* HELLO is sent in the clear, and therefore cannot contain anything
* secret or highly confidential. It should contain nothing that is
* not either public or easy to obtain via other means.
* The initial fields of HELLO are sent in the clear. Fields after the
* planet definition (which are common knowledge) are however encrypted
* using the cryptField() function. The packet is MAC'd as usual using
* the same MAC construct as other packets.
*
* The destination address is the wire address to which this packet is
* being sent, and in OK is *also* the destination address of the OK
@ -566,7 +568,7 @@ public:
* 0x04 - 6-byte IPv4 UDP address/port -- format: <[4] IP>, <[2] port>
* 0x06 - 18-byte IPv6 UDP address/port -- format: <[16] IP>, <[2] port>
*
* OK payload:
* OK payload (note that OK is encrypted):
* <[8] timestamp (echoed from original HELLO)>
* <[1] protocol version (of responder)>
* <[1] software major version (of responder)>
@ -576,6 +578,8 @@ public:
* [<[...] destination address>]
* <[2] 16-bit length of world update or 0 if none>
* [[...] updates to planets and/or moons]
* <[2] 16-bit length of certificate of representation (of responder)>
* [... certificate of representation ...]
*
* ERROR has no payload.
*/
@ -1348,6 +1352,25 @@ public:
*/
bool dearmor(const void *key);
/**
* Encrypt/decrypt a separately armored portion of a packet
*
* This keys using the same key in the same way as armor/dearmor, but
* uses a different IV computed from the packet's IV plus the starting
* point index.
*
* This currently uses Salsa20/12, but any message that uses this should
* incorporate a cipher selector to permit this to be changed later.
*
* This is currently only used to mask portions of HELLO as an extra
* security precation since most of that message is sent in the clear.
*
* @param key 32-byte key
* @param start Start of encrypted portion
* @param len Length of encrypted portion
*/
void cryptField(const void *key,unsigned int start,unsigned int len);
/**
* Attempt to compress payload if not already (must be unencrypted)
*