diff --git a/PROTOCOL.md b/PROTOCOL.md index 6094ab3..d34bf65 100644 --- a/PROTOCOL.md +++ b/PROTOCOL.md @@ -29,6 +29,8 @@ respondent: send_enc(<16 bytes random data>) # nonce injection send_mac(8) +ratchet() # prevent backtracking + initiator: send_enc('confirm') send_mac(8) diff --git a/comms.c b/comms.c index 2ae25a8..614d0dd 100644 --- a/comms.c +++ b/comms.c @@ -74,6 +74,9 @@ comms_process(struct comms_state *cs, struct pktbuf pbin, struct pktbuf *pbout) ret = strobe_put(&cs->cs_state, APP_CIPHERTEXT, buf, CHALLENGE_LEN); ret += strobe_put(&cs->cs_state, MAC, NULL, MAC_LEN); + + strobe_operate(&cs->cs_state, RATCHET, NULL, 32); + cs->cs_comm_state = COMMS_WAIT_CONFIRM; break; diff --git a/lora.py b/lora.py index f34bfa7..2a2e045 100644 --- a/lora.py +++ b/lora.py @@ -35,6 +35,8 @@ class LORANode(object): self.st.recv_enc(resp[:16]) self.st.recv_mac(resp[16:]) + self.st.ratchet() + resp = await self.sd.sendtillrecv( self.st.send_enc(b'confirm') + self.st.send_mac(8), 1) @@ -190,6 +192,8 @@ class TestLORANode(unittest.IsolatedAsyncioTestCase): await self.put(l.send_enc(os.urandom(16)) + l.send_mac(8)) + l.ratchet() + r = await self.get() c = l.recv_enc(r[:-8]) l.recv_mac(r[-8:])