/* Rotate in a new DH public key for our correspondent. Be sure to keep * the sesskeys array in sync. */ static gcry_error_t rotate_y_keys(ConnContext *context, gcry_mpi_t new_y) { gcry_error_t err; /* Rotate the public key */ gcry_mpi_release(context->their_old_y); context->their_old_y = context->their_y; /* Rotate the session keys */ err = reveal_macs(context, &(context->sesskeys[0][1]), &(context->sesskeys[1][1])); if (err) return err; otrl_dh_session_free(&(context->sesskeys[0][1])); otrl_dh_session_free(&(context->sesskeys[1][1])); memmove(&(context->sesskeys[0][1]), &(context->sesskeys[0][0]), sizeof(DH_sesskeys)); memmove(&(context->sesskeys[1][1]), &(context->sesskeys[1][0]), sizeof(DH_sesskeys)); /* Copy in the new public key */ context->their_y = gcry_mpi_copy(new_y); context->their_keyid++; /* Make the session keys */ err = otrl_dh_session(&(context->sesskeys[0][0]), &(context->our_dh_key), context->their_y); if (err) return err; err = otrl_dh_session(&(context->sesskeys[1][0]), &(context->our_old_dh_key), context->their_y); if (err) return err; return gcry_error(GPG_ERR_NO_ERROR); }
/* Make a new DH key for us, and rotate old old ones. Be sure to keep * the sesskeys array in sync. */ static gcry_error_t rotate_dh_keys(ConnContext *context) { gcry_error_t err; /* Rotate the keypair */ otrl_dh_keypair_free(&(context->context_priv->our_old_dh_key)); memmove(&(context->context_priv->our_old_dh_key), &(context->context_priv->our_dh_key), sizeof(DH_keypair)); /* Rotate the session keys */ err = reveal_macs(context, &(context->context_priv->sesskeys[1][0]), &(context->context_priv->sesskeys[1][1])); if (err) return err; otrl_dh_session_free(&(context->context_priv->sesskeys[1][0])); otrl_dh_session_free(&(context->context_priv->sesskeys[1][1])); memmove(&(context->context_priv->sesskeys[1][0]), &(context->context_priv->sesskeys[0][0]), sizeof(DH_sesskeys)); memmove(&(context->context_priv->sesskeys[1][1]), &(context->context_priv->sesskeys[0][1]), sizeof(DH_sesskeys)); /* Create a new DH key */ otrl_dh_gen_keypair(DH1536_GROUP_ID, &(context->context_priv->our_dh_key)); context->context_priv->our_keyid++; /* Make the session keys */ if (context->context_priv->their_y) { err = otrl_dh_session(&(context->context_priv->sesskeys[0][0]), &(context->context_priv->our_dh_key), context->context_priv->their_y); if (err) return err; } else { otrl_dh_session_blank(&(context->context_priv->sesskeys[0][0])); } if (context->context_priv->their_old_y) { err = otrl_dh_session(&(context->context_priv->sesskeys[0][1]), &(context->context_priv->our_dh_key), context->context_priv->their_old_y); if (err) return err; } else { otrl_dh_session_blank(&(context->context_priv->sesskeys[0][1])); } return gcry_error(GPG_ERR_NO_ERROR); }