diff options
author | Christian Grothoff <christian@grothoff.org> | 2016-08-26 12:37:48 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2016-08-26 12:37:48 +0000 |
commit | 25081ad4af5f056cb17cc3654560a89f7a932540 (patch) | |
tree | 4fdaf9824a9d65e773008f0aadf74a0a94027ccb | |
parent | 6ddb3909c0386efc4cf172eda113dbe904a0f75a (diff) | |
download | gnunet-25081ad4af5f056cb17cc3654560a89f7a932540.tar.gz gnunet-25081ad4af5f056cb17cc3654560a89f7a932540.zip |
putting CADET on a diet: proper alignment for AX KX, kill obsolete OTR legacy code
-rw-r--r-- | src/cadet/cadet.conf.in | 2 | ||||
-rw-r--r-- | src/cadet/cadet_common.c | 21 | ||||
-rw-r--r-- | src/cadet/cadet_protocol.h | 271 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet_connection.c | 70 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet_peer.c | 16 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnel.c | 1077 | ||||
-rw-r--r-- | src/include/gnunet_constants.h | 4 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 15 |
8 files changed, 113 insertions, 1363 deletions
diff --git a/src/cadet/cadet.conf.in b/src/cadet/cadet.conf.in index e9406be97..88f49fde8 100644 --- a/src/cadet/cadet.conf.in +++ b/src/cadet/cadet.conf.in | |||
@@ -13,12 +13,10 @@ UNIX_MATCH_GID = YES | |||
13 | REFRESH_CONNECTION_TIME = 5 min | 13 | REFRESH_CONNECTION_TIME = 5 min |
14 | ID_ANNOUNCE_TIME = 1 h | 14 | ID_ANNOUNCE_TIME = 1 h |
15 | CONNECT_TIMEOUT = 30 s | 15 | CONNECT_TIMEOUT = 30 s |
16 | DEFAULT_TTL = 64 | ||
17 | DHT_REPLICATION_LEVEL = 3 | 16 | DHT_REPLICATION_LEVEL = 3 |
18 | MAX_TUNNELS = 1000 | 17 | MAX_TUNNELS = 1000 |
19 | MAX_CONNECTIONS = 1000 | 18 | MAX_CONNECTIONS = 1000 |
20 | MAX_MSGS_QUEUE = 10000 | 19 | MAX_MSGS_QUEUE = 10000 |
21 | MAX_PEERS = 1000 | 20 | MAX_PEERS = 1000 |
22 | REKEY_PERIOD = 12 h | ||
23 | RATCHET_TIME = 1 h | 21 | RATCHET_TIME = 1 h |
24 | RATCHET_MESSAGES = 64 | 22 | RATCHET_MESSAGES = 64 |
diff --git a/src/cadet/cadet_common.c b/src/cadet/cadet_common.c index 2fbd97283..c24bc5c4b 100644 --- a/src/cadet/cadet_common.c +++ b/src/cadet/cadet_common.c | |||
@@ -206,20 +206,6 @@ GC_m2s (uint16_t m) | |||
206 | break; | 206 | break; |
207 | 207 | ||
208 | /** | 208 | /** |
209 | * New ephemeral key. | ||
210 | */ | ||
211 | case GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL: | ||
212 | s = "KX_EPHM"; | ||
213 | break; | ||
214 | |||
215 | /** | ||
216 | * Answer to session key challenge. | ||
217 | */ | ||
218 | case GNUNET_MESSAGE_TYPE_CADET_KX_PONG: | ||
219 | s = "KX_PONG"; | ||
220 | break; | ||
221 | |||
222 | /** | ||
223 | * Request the destuction of a path | 209 | * Request the destuction of a path |
224 | */ | 210 | */ |
225 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_DESTROY: | 211 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_DESTROY: |
@@ -290,13 +276,6 @@ GC_m2s (uint16_t m) | |||
290 | break; | 276 | break; |
291 | 277 | ||
292 | /** | 278 | /** |
293 | * OTR encrypted payload. | ||
294 | */ | ||
295 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
296 | s = "OTR"; | ||
297 | break; | ||
298 | |||
299 | /** | ||
300 | * Axolotl encrypted payload. | 279 | * Axolotl encrypted payload. |
301 | */ | 280 | */ |
302 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 281 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h index 1a42e920f..e40fa0e7b 100644 --- a/src/cadet/cadet_protocol.h +++ b/src/cadet/cadet_protocol.h | |||
@@ -52,23 +52,23 @@ GNUNET_NETWORK_STRUCT_BEGIN | |||
52 | */ | 52 | */ |
53 | struct GNUNET_CADET_ConnectionCreate | 53 | struct GNUNET_CADET_ConnectionCreate |
54 | { | 54 | { |
55 | /** | 55 | /** |
56 | * Type: #GNUNET_MESSAGE_TYPE_CADET_CONNECTION_CREATE | 56 | * Type: #GNUNET_MESSAGE_TYPE_CADET_CONNECTION_CREATE |
57 | * | 57 | * |
58 | * Size: sizeof (struct GNUNET_CADET_ConnectionCreate) + | 58 | * Size: sizeof (struct GNUNET_CADET_ConnectionCreate) + |
59 | * path_length * sizeof (struct GNUNET_PeerIdentity) | 59 | * path_length * sizeof (struct GNUNET_PeerIdentity) |
60 | */ | 60 | */ |
61 | struct GNUNET_MessageHeader header; | 61 | struct GNUNET_MessageHeader header; |
62 | 62 | ||
63 | /** | 63 | /** |
64 | * ID of the connection | 64 | * ID of the connection |
65 | */ | 65 | */ |
66 | struct GNUNET_CADET_Hash cid; | 66 | struct GNUNET_CADET_Hash cid; |
67 | 67 | ||
68 | /** | 68 | /** |
69 | * path_length structs defining the *whole* path from the origin [0] to the | 69 | * path_length structs defining the *whole* path from the origin [0] to the |
70 | * final destination [path_length-1]. | 70 | * final destination [path_length-1]. |
71 | */ | 71 | */ |
72 | /* struct GNUNET_PeerIdentity peers[path_length]; */ | 72 | /* struct GNUNET_PeerIdentity peers[path_length]; */ |
73 | }; | 73 | }; |
74 | 74 | ||
@@ -160,157 +160,24 @@ struct GNUNET_CADET_AX_KX | |||
160 | 160 | ||
161 | 161 | ||
162 | /** | 162 | /** |
163 | * Message transmitted with the signed ephemeral key of a peer. The | ||
164 | * session key is then derived from the two ephemeral keys (ECDHE). | ||
165 | * | ||
166 | * As far as possible, same as CORE's EphemeralKeyMessage. | ||
167 | */ | ||
168 | struct GNUNET_CADET_KX_Ephemeral | ||
169 | { | ||
170 | |||
171 | /** | ||
172 | * Message type is GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL. | ||
173 | */ | ||
174 | struct GNUNET_MessageHeader header; | ||
175 | |||
176 | /** | ||
177 | * Status of the sender (should be in "enum PeerStateMachine"), nbo. | ||
178 | */ | ||
179 | int32_t sender_status GNUNET_PACKED; | ||
180 | |||
181 | /** | ||
182 | * An ECC signature of the 'origin' asserting the validity of | ||
183 | * the given ephemeral key. | ||
184 | */ | ||
185 | struct GNUNET_CRYPTO_EddsaSignature signature; | ||
186 | |||
187 | /** | ||
188 | * Information about what is being signed. | ||
189 | */ | ||
190 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
191 | |||
192 | /** | ||
193 | * At what time was this key created (beginning of validity). | ||
194 | */ | ||
195 | struct GNUNET_TIME_AbsoluteNBO creation_time; | ||
196 | |||
197 | /** | ||
198 | * When does the given ephemeral key expire (end of validity). | ||
199 | */ | ||
200 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | ||
201 | |||
202 | /** | ||
203 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format | ||
204 | * suitable for network transmission as created using 'gcry_sexp_sprint'. | ||
205 | */ | ||
206 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | ||
207 | |||
208 | /** | ||
209 | * Public key of the signing peer | ||
210 | * (persistent version, not the ephemeral public key). | ||
211 | */ | ||
212 | struct GNUNET_PeerIdentity origin_identity; | ||
213 | |||
214 | /** | ||
215 | * Seed for the IV of nonce. | ||
216 | */ | ||
217 | uint32_t iv GNUNET_PACKED; | ||
218 | |||
219 | /** | ||
220 | * Nonce to check liveness of peer. | ||
221 | */ | ||
222 | uint32_t nonce GNUNET_PACKED; | ||
223 | }; | ||
224 | |||
225 | |||
226 | /** | ||
227 | * Response to a PING. Includes data from the original PING. | ||
228 | */ | ||
229 | struct GNUNET_CADET_KX_Pong | ||
230 | { | ||
231 | /** | ||
232 | * Message type is GNUNET_MESSAGE_TYPE_CADET_KX_PONG. | ||
233 | */ | ||
234 | struct GNUNET_MessageHeader header; | ||
235 | |||
236 | /** | ||
237 | * Seed for the IV | ||
238 | */ | ||
239 | uint32_t iv GNUNET_PACKED; | ||
240 | |||
241 | /** | ||
242 | * Same nonce as in the reve. | ||
243 | */ | ||
244 | uint32_t nonce GNUNET_PACKED; | ||
245 | }; | ||
246 | |||
247 | |||
248 | /** | ||
249 | * Tunnel(ed) message. | ||
250 | */ | ||
251 | struct GNUNET_CADET_Encrypted | ||
252 | { | ||
253 | /** | ||
254 | * Type: GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED | ||
255 | */ | ||
256 | struct GNUNET_MessageHeader header; | ||
257 | |||
258 | /** | ||
259 | * ID of the connection. | ||
260 | */ | ||
261 | struct GNUNET_CADET_Hash cid; | ||
262 | |||
263 | /** | ||
264 | * ID of the packet (hop by hop). | ||
265 | */ | ||
266 | uint32_t pid GNUNET_PACKED; | ||
267 | |||
268 | /** | ||
269 | * Number of hops to live. | ||
270 | */ | ||
271 | uint32_t ttl GNUNET_PACKED; | ||
272 | |||
273 | /** | ||
274 | * Initialization Vector for payload encryption. | ||
275 | */ | ||
276 | uint32_t iv GNUNET_PACKED; | ||
277 | |||
278 | /** | ||
279 | * MAC of the encrypted message, used to verify message integrity. | ||
280 | * Everything after this value will be encrypted and authenticated. | ||
281 | */ | ||
282 | struct GNUNET_CADET_Hash hmac; | ||
283 | |||
284 | /** | ||
285 | * Encrypted content follows. | ||
286 | */ | ||
287 | }; | ||
288 | |||
289 | |||
290 | /** | ||
291 | * Axolotl tunnel message. | 163 | * Axolotl tunnel message. |
292 | */ | 164 | */ |
293 | struct GNUNET_CADET_AX | 165 | struct GNUNET_CADET_AX |
294 | { | 166 | { |
295 | /** | 167 | /** |
296 | * Type: GNUNET_MESSAGE_TYPE_CADET_AXOLOTL_DATA | 168 | * Type: #GNUNET_MESSAGE_TYPE_CADET_AXOLOTL_DATA |
297 | */ | 169 | */ |
298 | struct GNUNET_MessageHeader header; | 170 | struct GNUNET_MessageHeader header; |
299 | 171 | ||
300 | /** | 172 | /** |
301 | * ID of the connection. | ||
302 | */ | ||
303 | struct GNUNET_CADET_Hash cid; | ||
304 | |||
305 | /** | ||
306 | * ID of the packet (hop by hop). | 173 | * ID of the packet (hop by hop). |
307 | */ | 174 | */ |
308 | uint32_t pid GNUNET_PACKED; | 175 | uint32_t pid GNUNET_PACKED; |
309 | 176 | ||
310 | /** | 177 | /** |
311 | * Reserved field for 64b alignment. | 178 | * ID of the connection. |
312 | */ | 179 | */ |
313 | uint32_t reserved GNUNET_PACKED; | 180 | struct GNUNET_CADET_Hash cid; |
314 | 181 | ||
315 | /** | 182 | /** |
316 | * MAC of the encrypted message, used to verify message integrity. | 183 | * MAC of the encrypted message, used to verify message integrity. |
@@ -324,12 +191,12 @@ struct GNUNET_CADET_AX | |||
324 | /** | 191 | /** |
325 | * Number of messages sent with the current ratchet key. | 192 | * Number of messages sent with the current ratchet key. |
326 | */ | 193 | */ |
327 | uint32_t Ns; | 194 | uint32_t Ns GNUNET_PACKED; |
328 | 195 | ||
329 | /** | 196 | /** |
330 | * Number of messages sent with the previous ratchet key. | 197 | * Number of messages sent with the previous ratchet key. |
331 | */ | 198 | */ |
332 | uint32_t PNs; | 199 | uint32_t PNs GNUNET_PACKED; |
333 | 200 | ||
334 | /** | 201 | /** |
335 | * Current ratchet key. | 202 | * Current ratchet key. |
@@ -350,7 +217,7 @@ struct GNUNET_CADET_AX | |||
350 | struct GNUNET_CADET_ChannelCreate | 217 | struct GNUNET_CADET_ChannelCreate |
351 | { | 218 | { |
352 | /** | 219 | /** |
353 | * Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_CREATE | 220 | * Type: #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_CREATE |
354 | */ | 221 | */ |
355 | struct GNUNET_MessageHeader header; | 222 | struct GNUNET_MessageHeader header; |
356 | 223 | ||
@@ -377,7 +244,7 @@ struct GNUNET_CADET_ChannelCreate | |||
377 | struct GNUNET_CADET_ChannelManage | 244 | struct GNUNET_CADET_ChannelManage |
378 | { | 245 | { |
379 | /** | 246 | /** |
380 | * Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_{ACK|NACK|DESTROY} | 247 | * Type: #GNUNET_MESSAGE_TYPE_CADET_CHANNEL_{ACK|NACK|DESTROY} |
381 | */ | 248 | */ |
382 | struct GNUNET_MessageHeader header; | 249 | struct GNUNET_MessageHeader header; |
383 | 250 | ||
@@ -393,25 +260,25 @@ struct GNUNET_CADET_ChannelManage | |||
393 | */ | 260 | */ |
394 | struct GNUNET_CADET_Data | 261 | struct GNUNET_CADET_Data |
395 | { | 262 | { |
396 | /** | 263 | /** |
397 | * Type: GNUNET_MESSAGE_TYPE_CADET_UNICAST, | 264 | * Type: #GNUNET_MESSAGE_TYPE_CADET_UNICAST, |
398 | * GNUNET_MESSAGE_TYPE_CADET_TO_ORIGIN | 265 | * #GNUNET_MESSAGE_TYPE_CADET_TO_ORIGIN |
399 | */ | 266 | */ |
400 | struct GNUNET_MessageHeader header; | 267 | struct GNUNET_MessageHeader header; |
401 | 268 | ||
402 | /** | 269 | /** |
403 | * Unique ID of the payload message | 270 | * Unique ID of the payload message |
404 | */ | 271 | */ |
405 | uint32_t mid GNUNET_PACKED; | 272 | uint32_t mid GNUNET_PACKED; |
406 | 273 | ||
407 | /** | 274 | /** |
408 | * ID of the channel | 275 | * ID of the channel |
409 | */ | 276 | */ |
410 | CADET_ChannelNumber chid GNUNET_PACKED; | 277 | CADET_ChannelNumber chid GNUNET_PACKED; |
411 | 278 | ||
412 | /** | 279 | /** |
413 | * Payload follows | 280 | * Payload follows |
414 | */ | 281 | */ |
415 | }; | 282 | }; |
416 | 283 | ||
417 | 284 | ||
@@ -449,19 +316,19 @@ struct GNUNET_CADET_DataACK | |||
449 | */ | 316 | */ |
450 | struct GNUNET_CADET_ACK | 317 | struct GNUNET_CADET_ACK |
451 | { | 318 | { |
452 | /** | 319 | /** |
453 | * Type: GNUNET_MESSAGE_TYPE_CADET_ACK | 320 | * Type: #GNUNET_MESSAGE_TYPE_CADET_ACK |
454 | */ | 321 | */ |
455 | struct GNUNET_MessageHeader header; | 322 | struct GNUNET_MessageHeader header; |
456 | 323 | ||
457 | /** | 324 | /** |
458 | * Maximum packet ID authorized. | 325 | * Maximum packet ID authorized. |
459 | */ | 326 | */ |
460 | uint32_t ack GNUNET_PACKED; | 327 | uint32_t ack GNUNET_PACKED; |
461 | 328 | ||
462 | /** | 329 | /** |
463 | * ID of the connection. | 330 | * ID of the connection. |
464 | */ | 331 | */ |
465 | struct GNUNET_CADET_Hash cid; | 332 | struct GNUNET_CADET_Hash cid; |
466 | }; | 333 | }; |
467 | 334 | ||
@@ -471,19 +338,19 @@ struct GNUNET_CADET_ACK | |||
471 | */ | 338 | */ |
472 | struct GNUNET_CADET_Poll | 339 | struct GNUNET_CADET_Poll |
473 | { | 340 | { |
474 | /** | 341 | /** |
475 | * Type: GNUNET_MESSAGE_TYPE_CADET_POLL | 342 | * Type: #GNUNET_MESSAGE_TYPE_CADET_POLL |
476 | */ | 343 | */ |
477 | struct GNUNET_MessageHeader header; | 344 | struct GNUNET_MessageHeader header; |
478 | 345 | ||
479 | /** | 346 | /** |
480 | * Last packet sent. | 347 | * Last packet sent. |
481 | */ | 348 | */ |
482 | uint32_t pid GNUNET_PACKED; | 349 | uint32_t pid GNUNET_PACKED; |
483 | 350 | ||
484 | /** | 351 | /** |
485 | * ID of the connection. | 352 | * ID of the connection. |
486 | */ | 353 | */ |
487 | struct GNUNET_CADET_Hash cid; | 354 | struct GNUNET_CADET_Hash cid; |
488 | 355 | ||
489 | }; | 356 | }; |
@@ -494,24 +361,24 @@ struct GNUNET_CADET_Poll | |||
494 | */ | 361 | */ |
495 | struct GNUNET_CADET_ConnectionBroken | 362 | struct GNUNET_CADET_ConnectionBroken |
496 | { | 363 | { |
497 | /** | 364 | /** |
498 | * Type: GNUNET_MESSAGE_TYPE_CADET_CONNECTION_BROKEN | 365 | * Type: #GNUNET_MESSAGE_TYPE_CADET_CONNECTION_BROKEN |
499 | */ | 366 | */ |
500 | struct GNUNET_MessageHeader header; | 367 | struct GNUNET_MessageHeader header; |
501 | 368 | ||
502 | /** | 369 | /** |
503 | * ID of the connection. | 370 | * ID of the connection. |
504 | */ | 371 | */ |
505 | struct GNUNET_CADET_Hash cid; | 372 | struct GNUNET_CADET_Hash cid; |
506 | 373 | ||
507 | /** | 374 | /** |
508 | * ID of the endpoint | 375 | * ID of the endpoint |
509 | */ | 376 | */ |
510 | struct GNUNET_PeerIdentity peer1; | 377 | struct GNUNET_PeerIdentity peer1; |
511 | 378 | ||
512 | /** | 379 | /** |
513 | * ID of the endpoint | 380 | * ID of the endpoint |
514 | */ | 381 | */ |
515 | struct GNUNET_PeerIdentity peer2; | 382 | struct GNUNET_PeerIdentity peer2; |
516 | }; | 383 | }; |
517 | 384 | ||
@@ -521,14 +388,14 @@ struct GNUNET_CADET_ConnectionBroken | |||
521 | */ | 388 | */ |
522 | struct GNUNET_CADET_ConnectionDestroy | 389 | struct GNUNET_CADET_ConnectionDestroy |
523 | { | 390 | { |
524 | /** | 391 | /** |
525 | * Type: GNUNET_MESSAGE_TYPE_CADET_CONNECTION_DESTROY | 392 | * Type: #GNUNET_MESSAGE_TYPE_CADET_CONNECTION_DESTROY |
526 | */ | 393 | */ |
527 | struct GNUNET_MessageHeader header; | 394 | struct GNUNET_MessageHeader header; |
528 | 395 | ||
529 | /** | 396 | /** |
530 | * ID of the connection. | 397 | * ID of the connection. |
531 | */ | 398 | */ |
532 | struct GNUNET_CADET_Hash cid; | 399 | struct GNUNET_CADET_Hash cid; |
533 | }; | 400 | }; |
534 | 401 | ||
diff --git a/src/cadet/gnunet-service-cadet_connection.c b/src/cadet/gnunet-service-cadet_connection.c index babb00d66..0c11c24df 100644 --- a/src/cadet/gnunet-service-cadet_connection.c +++ b/src/cadet/gnunet-service-cadet_connection.c | |||
@@ -665,8 +665,7 @@ conn_message_sent (void *cls, | |||
665 | } | 665 | } |
666 | GNUNET_free (q); | 666 | GNUNET_free (q); |
667 | } | 667 | } |
668 | else if (type == GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED | 668 | else if (type == GNUNET_MESSAGE_TYPE_CADET_AX) |
669 | || type == GNUNET_MESSAGE_TYPE_CADET_AX) | ||
670 | { | 669 | { |
671 | /* If NULL == q and ENCRYPTED == type, message must have been ch_mngmnt */ | 670 | /* If NULL == q and ENCRYPTED == type, message must have been ch_mngmnt */ |
672 | forced = GNUNET_YES; | 671 | forced = GNUNET_YES; |
@@ -708,7 +707,6 @@ conn_message_sent (void *cls, | |||
708 | schedule_next_keepalive (c, fwd); | 707 | schedule_next_keepalive (c, fwd); |
709 | break; | 708 | break; |
710 | 709 | ||
711 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
712 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 710 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
713 | if (GNUNET_YES == sent) | 711 | if (GNUNET_YES == sent) |
714 | { | 712 | { |
@@ -2458,8 +2456,7 @@ check_message (const struct GNUNET_MessageHeader *message, | |||
2458 | 2456 | ||
2459 | /* Check PID for payload messages */ | 2457 | /* Check PID for payload messages */ |
2460 | type = ntohs (message->type); | 2458 | type = ntohs (message->type); |
2461 | if (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED == type | 2459 | if (GNUNET_MESSAGE_TYPE_CADET_AX == type) |
2462 | || GNUNET_MESSAGE_TYPE_CADET_AX == type) | ||
2463 | { | 2460 | { |
2464 | fc = fwd ? &c->bck_fc : &c->fwd_fc; | 2461 | fc = fwd ? &c->bck_fc : &c->fwd_fc; |
2465 | LOG (GNUNET_ERROR_TYPE_DEBUG, " PID %u (expected %u - %u)\n", | 2462 | LOG (GNUNET_ERROR_TYPE_DEBUG, " PID %u (expected %u - %u)\n", |
@@ -2522,33 +2519,20 @@ static int | |||
2522 | handle_cadet_encrypted (const struct GNUNET_PeerIdentity *peer, | 2519 | handle_cadet_encrypted (const struct GNUNET_PeerIdentity *peer, |
2523 | const struct GNUNET_MessageHeader *message) | 2520 | const struct GNUNET_MessageHeader *message) |
2524 | { | 2521 | { |
2525 | const struct GNUNET_CADET_Encrypted *otr_msg; | ||
2526 | const struct GNUNET_CADET_AX *ax_msg; | 2522 | const struct GNUNET_CADET_AX *ax_msg; |
2527 | const struct GNUNET_CADET_Hash* cid; | 2523 | const struct GNUNET_CADET_Hash* cid; |
2528 | struct CadetConnection *c; | 2524 | struct CadetConnection *c; |
2529 | size_t minimum_size; | 2525 | size_t minimum_size; |
2530 | size_t overhead; | 2526 | size_t overhead; |
2531 | uint32_t pid; | 2527 | uint32_t pid; |
2532 | uint32_t ttl; | ||
2533 | int fwd; | 2528 | int fwd; |
2534 | 2529 | ||
2535 | GCC_check_connections (); | 2530 | GCC_check_connections (); |
2536 | if (GNUNET_MESSAGE_TYPE_CADET_AX == ntohs (message->type)) | 2531 | GNUNET_assert (GNUNET_MESSAGE_TYPE_CADET_AX == ntohs (message->type)); |
2537 | { | 2532 | overhead = sizeof (struct GNUNET_CADET_AX); |
2538 | overhead = sizeof (struct GNUNET_CADET_AX); | 2533 | ax_msg = (const struct GNUNET_CADET_AX *) message; |
2539 | ax_msg = (const struct GNUNET_CADET_AX *) message; | 2534 | cid = &ax_msg->cid; |
2540 | cid = &ax_msg->cid; | 2535 | pid = ntohl (ax_msg->pid); |
2541 | pid = ntohl (ax_msg->pid); | ||
2542 | otr_msg = NULL; | ||
2543 | } | ||
2544 | else | ||
2545 | { | ||
2546 | overhead = sizeof (struct GNUNET_CADET_Encrypted); | ||
2547 | otr_msg = (const struct GNUNET_CADET_Encrypted *) message; | ||
2548 | cid = &otr_msg->cid; | ||
2549 | pid = ntohl (otr_msg->pid); | ||
2550 | } | ||
2551 | |||
2552 | log_message (message, peer, cid); | 2536 | log_message (message, peer, cid); |
2553 | 2537 | ||
2554 | minimum_size = sizeof (struct GNUNET_MessageHeader) + overhead; | 2538 | minimum_size = sizeof (struct GNUNET_MessageHeader) + overhead; |
@@ -2585,20 +2569,6 @@ handle_cadet_encrypted (const struct GNUNET_PeerIdentity *peer, | |||
2585 | 2569 | ||
2586 | /* Message not for us: forward to next hop */ | 2570 | /* Message not for us: forward to next hop */ |
2587 | LOG (GNUNET_ERROR_TYPE_DEBUG, " not for us, retransmitting...\n"); | 2571 | LOG (GNUNET_ERROR_TYPE_DEBUG, " not for us, retransmitting...\n"); |
2588 | if (NULL != otr_msg) /* only otr has ttl */ | ||
2589 | { | ||
2590 | ttl = ntohl (otr_msg->ttl); | ||
2591 | LOG (GNUNET_ERROR_TYPE_DEBUG, " ttl: %u\n", ttl); | ||
2592 | if (ttl == 0) | ||
2593 | { | ||
2594 | GNUNET_STATISTICS_update (stats, "# TTL drops", 1, GNUNET_NO); | ||
2595 | LOG (GNUNET_ERROR_TYPE_WARNING, " TTL is 0, DROPPING!\n"); | ||
2596 | GCC_send_ack (c, fwd, GNUNET_NO); | ||
2597 | GCC_check_connections (); | ||
2598 | return GNUNET_OK; | ||
2599 | } | ||
2600 | } | ||
2601 | |||
2602 | GNUNET_STATISTICS_update (stats, "# messages forwarded", 1, GNUNET_NO); | 2572 | GNUNET_STATISTICS_update (stats, "# messages forwarded", 1, GNUNET_NO); |
2603 | GNUNET_assert (NULL == GCC_send_prebuilt_message (message, 0, 0, c, fwd, | 2573 | GNUNET_assert (NULL == GCC_send_prebuilt_message (message, 0, 0, c, fwd, |
2604 | GNUNET_NO, NULL, NULL)); | 2574 | GNUNET_NO, NULL, NULL)); |
@@ -3501,34 +3471,15 @@ GCC_send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
3501 | switch (type) | 3471 | switch (type) |
3502 | { | 3472 | { |
3503 | struct GNUNET_CADET_AX *axmsg; | 3473 | struct GNUNET_CADET_AX *axmsg; |
3504 | struct GNUNET_CADET_Encrypted *emsg; | ||
3505 | struct GNUNET_CADET_KX *kmsg; | 3474 | struct GNUNET_CADET_KX *kmsg; |
3506 | struct GNUNET_CADET_ACK *amsg; | 3475 | struct GNUNET_CADET_ACK *amsg; |
3507 | struct GNUNET_CADET_Poll *pmsg; | 3476 | struct GNUNET_CADET_Poll *pmsg; |
3508 | struct GNUNET_CADET_ConnectionDestroy *dmsg; | 3477 | struct GNUNET_CADET_ConnectionDestroy *dmsg; |
3509 | struct GNUNET_CADET_ConnectionBroken *bmsg; | 3478 | struct GNUNET_CADET_ConnectionBroken *bmsg; |
3510 | uint32_t ttl; | ||
3511 | 3479 | ||
3512 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 3480 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
3513 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | 3481 | axmsg = (struct GNUNET_CADET_AX *) data; |
3514 | if (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED == type) | 3482 | axmsg->cid = c->id; |
3515 | { | ||
3516 | emsg = (struct GNUNET_CADET_Encrypted *) data; | ||
3517 | ttl = ntohl (emsg->ttl); | ||
3518 | if (0 == ttl) | ||
3519 | { | ||
3520 | GNUNET_break_op (0); | ||
3521 | GNUNET_free (data); | ||
3522 | return NULL; | ||
3523 | } | ||
3524 | emsg->cid = c->id; | ||
3525 | emsg->ttl = htonl (ttl - 1); | ||
3526 | } | ||
3527 | else | ||
3528 | { | ||
3529 | axmsg = (struct GNUNET_CADET_AX *) data; | ||
3530 | axmsg->cid = c->id; | ||
3531 | } | ||
3532 | LOG (GNUNET_ERROR_TYPE_DEBUG, " Q_N+ %p %u\n", fc, fc->queue_n); | 3483 | LOG (GNUNET_ERROR_TYPE_DEBUG, " Q_N+ %p %u\n", fc, fc->queue_n); |
3533 | LOG (GNUNET_ERROR_TYPE_DEBUG, "last pid sent %u\n", fc->last_pid_sent); | 3484 | LOG (GNUNET_ERROR_TYPE_DEBUG, "last pid sent %u\n", fc->last_pid_sent); |
3534 | LOG (GNUNET_ERROR_TYPE_DEBUG, " ack recv %u\n", fc->last_ack_recv); | 3485 | LOG (GNUNET_ERROR_TYPE_DEBUG, " ack recv %u\n", fc->last_ack_recv); |
@@ -3588,8 +3539,7 @@ GCC_send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
3588 | GNUNET_break (0); | 3539 | GNUNET_break (0); |
3589 | LOG (GNUNET_ERROR_TYPE_DEBUG, "queue full: %u/%u\n", | 3540 | LOG (GNUNET_ERROR_TYPE_DEBUG, "queue full: %u/%u\n", |
3590 | fc->queue_n, fc->queue_max); | 3541 | fc->queue_n, fc->queue_max); |
3591 | if (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED == type | 3542 | if (GNUNET_MESSAGE_TYPE_CADET_AX == type) |
3592 | || GNUNET_MESSAGE_TYPE_CADET_AX == type) | ||
3593 | { | 3543 | { |
3594 | fc->queue_n--; | 3544 | fc->queue_n--; |
3595 | } | 3545 | } |
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c index f9117953d..64d9168fd 100644 --- a/src/cadet/gnunet-service-cadet_peer.c +++ b/src/cadet/gnunet-service-cadet_peer.c | |||
@@ -538,7 +538,6 @@ static struct GNUNET_CORE_MessageHandler core_handlers[] = { | |||
538 | {&GCC_handle_poll, GNUNET_MESSAGE_TYPE_CADET_POLL, | 538 | {&GCC_handle_poll, GNUNET_MESSAGE_TYPE_CADET_POLL, |
539 | sizeof (struct GNUNET_CADET_Poll)}, | 539 | sizeof (struct GNUNET_CADET_Poll)}, |
540 | {&GCC_handle_kx, GNUNET_MESSAGE_TYPE_CADET_KX, 0}, | 540 | {&GCC_handle_kx, GNUNET_MESSAGE_TYPE_CADET_KX, 0}, |
541 | {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0}, | ||
542 | {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_AX, 0}, | 541 | {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_AX, 0}, |
543 | {NULL, 0, 0} | 542 | {NULL, 0, 0} |
544 | }; | 543 | }; |
@@ -724,11 +723,9 @@ get_priority (struct CadetPeerQueue *q) | |||
724 | } | 723 | } |
725 | 724 | ||
726 | /* Bulky payload has lower priority, control traffic has higher. */ | 725 | /* Bulky payload has lower priority, control traffic has higher. */ |
727 | if (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED == q->type | 726 | if (GNUNET_MESSAGE_TYPE_CADET_AX == q->type) |
728 | || GNUNET_MESSAGE_TYPE_CADET_AX == q->type) | ||
729 | return low; | 727 | return low; |
730 | else | 728 | return high; |
731 | return high; | ||
732 | } | 729 | } |
733 | 730 | ||
734 | 731 | ||
@@ -1022,7 +1019,6 @@ queue_is_sendable (struct CadetPeerQueue *q) | |||
1022 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_BROKEN: | 1019 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_BROKEN: |
1023 | return GNUNET_YES; | 1020 | return GNUNET_YES; |
1024 | 1021 | ||
1025 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
1026 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 1022 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
1027 | break; | 1023 | break; |
1028 | 1024 | ||
@@ -1140,12 +1136,6 @@ fill_buf (struct CadetPeerQueue *queue, void *buf, size_t size, uint32_t *pid) | |||
1140 | 1136 | ||
1141 | switch (queue->type) | 1137 | switch (queue->type) |
1142 | { | 1138 | { |
1143 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
1144 | *pid = GCC_get_pid (queue->c, queue->fwd); | ||
1145 | LOG (GNUNET_ERROR_TYPE_DEBUG, " otr payload ID %u\n", *pid); | ||
1146 | msg_size = send_core_data_raw (queue->cls, size, buf); | ||
1147 | ((struct GNUNET_CADET_Encrypted *) buf)->pid = htonl (*pid); | ||
1148 | break; | ||
1149 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 1139 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
1150 | *pid = GCC_get_pid (queue->c, queue->fwd); | 1140 | *pid = GCC_get_pid (queue->c, queue->fwd); |
1151 | LOG (GNUNET_ERROR_TYPE_DEBUG, " ax payload ID %u\n", *pid); | 1141 | LOG (GNUNET_ERROR_TYPE_DEBUG, " ax payload ID %u\n", *pid); |
@@ -1425,7 +1415,6 @@ GCP_queue_destroy (struct CadetPeerQueue *queue, | |||
1425 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_CREATE: | 1415 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_CREATE: |
1426 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_BROKEN: | 1416 | case GNUNET_MESSAGE_TYPE_CADET_CONNECTION_BROKEN: |
1427 | case GNUNET_MESSAGE_TYPE_CADET_KX: | 1417 | case GNUNET_MESSAGE_TYPE_CADET_KX: |
1428 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
1429 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 1418 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
1430 | case GNUNET_MESSAGE_TYPE_CADET_ACK: | 1419 | case GNUNET_MESSAGE_TYPE_CADET_ACK: |
1431 | case GNUNET_MESSAGE_TYPE_CADET_POLL: | 1420 | case GNUNET_MESSAGE_TYPE_CADET_POLL: |
@@ -1733,7 +1722,6 @@ GCP_connection_pop (struct CadetPeer *peer, | |||
1733 | continue; | 1722 | continue; |
1734 | 1723 | ||
1735 | case GNUNET_MESSAGE_TYPE_CADET_KX: | 1724 | case GNUNET_MESSAGE_TYPE_CADET_KX: |
1736 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
1737 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 1725 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
1738 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: | 1726 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: |
1739 | msg = (struct GNUNET_MessageHeader *) q->cls; | 1727 | msg = (struct GNUNET_MessageHeader *) q->cls; |
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index 565ddf411..0ede4a886 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c | |||
@@ -94,54 +94,6 @@ struct CadetTConnection | |||
94 | uint32_t throughput; | 94 | uint32_t throughput; |
95 | }; | 95 | }; |
96 | 96 | ||
97 | /** | ||
98 | * Structure used during a Key eXchange. | ||
99 | */ | ||
100 | struct CadetTunnelKXCtx | ||
101 | { | ||
102 | /** | ||
103 | * Encryption ("our") old "confirmed" key, for encrypting traffic sent by us | ||
104 | * end before the key exchange is finished or times out. | ||
105 | */ | ||
106 | struct GNUNET_CRYPTO_SymmetricSessionKey e_key_old; | ||
107 | |||
108 | /** | ||
109 | * Decryption ("their") old "confirmed" key, for decrypting traffic sent by | ||
110 | * the other end before the key exchange started. | ||
111 | */ | ||
112 | struct GNUNET_CRYPTO_SymmetricSessionKey d_key_old; | ||
113 | |||
114 | /** | ||
115 | * Same as @c e_key_old, for the case of two simultaneous KX. | ||
116 | * This can happen if cadet decides to start a re-key while the peer has also | ||
117 | * started its re-key (due to network delay this is impossible to avoid). | ||
118 | * In this case, the key material generated with the peer's old ephemeral | ||
119 | * *might* (but doesn't have to) be incorrect. | ||
120 | * Since no more than two re-keys can happen simultaneously, this is enough. | ||
121 | */ | ||
122 | struct GNUNET_CRYPTO_SymmetricSessionKey e_key_old2; | ||
123 | |||
124 | /** | ||
125 | * Same as @c d_key_old, for the case described in @c e_key_old2. | ||
126 | */ | ||
127 | struct GNUNET_CRYPTO_SymmetricSessionKey d_key_old2; | ||
128 | |||
129 | /** | ||
130 | * Challenge to send and expect in the PONG. | ||
131 | */ | ||
132 | uint32_t challenge; | ||
133 | |||
134 | /** | ||
135 | * When the rekey started. One minute after this the new key will be used. | ||
136 | */ | ||
137 | struct GNUNET_TIME_Absolute rekey_start_time; | ||
138 | |||
139 | /** | ||
140 | * Task for delayed destruction of the Key eXchange context, to allow delayed | ||
141 | * messages with the old key to be decrypted successfully. | ||
142 | */ | ||
143 | struct GNUNET_SCHEDULER_Task *finish_task; | ||
144 | }; | ||
145 | 97 | ||
146 | /** | 98 | /** |
147 | * Encryption systems possible. | 99 | * Encryption systems possible. |
@@ -151,12 +103,8 @@ enum CadetTunnelEncryption | |||
151 | /** | 103 | /** |
152 | * Default Axolotl system. | 104 | * Default Axolotl system. |
153 | */ | 105 | */ |
154 | CADET_Axolotl, | 106 | CADET_Axolotl |
155 | 107 | ||
156 | /** | ||
157 | * Fallback OTR-style encryption. | ||
158 | */ | ||
159 | CADET_OTR | ||
160 | }; | 108 | }; |
161 | 109 | ||
162 | /** | 110 | /** |
@@ -339,11 +287,6 @@ struct CadetTunnel | |||
339 | enum CadetTunnelEState estate; | 287 | enum CadetTunnelEState estate; |
340 | 288 | ||
341 | /** | 289 | /** |
342 | * Key eXchange context. | ||
343 | */ | ||
344 | struct CadetTunnelKXCtx *kx_ctx; | ||
345 | |||
346 | /** | ||
347 | * Peer's ephemeral key, to recreate @c e_key and @c d_key when own ephemeral | 290 | * Peer's ephemeral key, to recreate @c e_key and @c d_key when own ephemeral |
348 | * key changes. | 291 | * key changes. |
349 | */ | 292 | */ |
@@ -362,7 +305,7 @@ struct CadetTunnel | |||
362 | /** | 305 | /** |
363 | * Task to start the rekey process. | 306 | * Task to start the rekey process. |
364 | */ | 307 | */ |
365 | struct GNUNET_SCHEDULER_Task * rekey_task; | 308 | struct GNUNET_SCHEDULER_Task *rekey_task; |
366 | 309 | ||
367 | /** | 310 | /** |
368 | * Paths that are actively used to reach the destination peer. | 311 | * Paths that are actively used to reach the destination peer. |
@@ -502,11 +445,6 @@ extern int shutting_down; | |||
502 | static struct GNUNET_CONTAINER_MultiPeerMap *tunnels; | 445 | static struct GNUNET_CONTAINER_MultiPeerMap *tunnels; |
503 | 446 | ||
504 | /** | 447 | /** |
505 | * Default TTL for payload packets. | ||
506 | */ | ||
507 | static unsigned long long default_ttl; | ||
508 | |||
509 | /** | ||
510 | * Own Peer ID private key. | 448 | * Own Peer ID private key. |
511 | */ | 449 | */ |
512 | const static struct GNUNET_CRYPTO_EddsaPrivateKey *id_key; | 450 | const static struct GNUNET_CRYPTO_EddsaPrivateKey *id_key; |
@@ -525,29 +463,6 @@ static unsigned long long ratchet_messages; | |||
525 | static struct GNUNET_TIME_Relative ratchet_time; | 463 | static struct GNUNET_TIME_Relative ratchet_time; |
526 | 464 | ||
527 | 465 | ||
528 | /******************************** OTR ***********************************/ | ||
529 | |||
530 | /** | ||
531 | * Own global OTR ephemeral private key. | ||
532 | */ | ||
533 | static struct GNUNET_CRYPTO_EcdhePrivateKey *otr_ephemeral_key; | ||
534 | |||
535 | /** | ||
536 | * Cached message used to perform a OTR key exchange. | ||
537 | */ | ||
538 | static struct GNUNET_CADET_KX_Ephemeral otr_kx_msg; | ||
539 | |||
540 | /** | ||
541 | * Task to generate a new OTR ephemeral key. | ||
542 | */ | ||
543 | static struct GNUNET_SCHEDULER_Task *rekey_task; | ||
544 | |||
545 | /** | ||
546 | * OTR Rekey period. | ||
547 | */ | ||
548 | static struct GNUNET_TIME_Relative rekey_period; | ||
549 | |||
550 | |||
551 | /******************************************************************************/ | 466 | /******************************************************************************/ |
552 | /******************************** STATIC ***********************************/ | 467 | /******************************** STATIC ***********************************/ |
553 | /******************************************************************************/ | 468 | /******************************************************************************/ |
@@ -644,56 +559,6 @@ is_ready (struct CadetTunnel *t) | |||
644 | 559 | ||
645 | 560 | ||
646 | /** | 561 | /** |
647 | * Check if a key is invalid (NULL pointer or all 0) | ||
648 | * | ||
649 | * @param key Key to check. | ||
650 | * | ||
651 | * @return #GNUNET_YES if key is null, #GNUNET_NO if exists and is not 0. | ||
652 | */ | ||
653 | static int | ||
654 | is_key_null (struct GNUNET_CRYPTO_SymmetricSessionKey *key) | ||
655 | { | ||
656 | struct GNUNET_CRYPTO_SymmetricSessionKey null_key; | ||
657 | |||
658 | if (NULL == key) | ||
659 | return GNUNET_YES; | ||
660 | |||
661 | memset (&null_key, 0, sizeof (null_key)); | ||
662 | if (0 == memcmp (key, &null_key, sizeof (null_key))) | ||
663 | return GNUNET_YES; | ||
664 | return GNUNET_NO; | ||
665 | } | ||
666 | |||
667 | |||
668 | /** | ||
669 | * Ephemeral key message purpose size. | ||
670 | * | ||
671 | * @return Size of the part of the ephemeral key message that must be signed. | ||
672 | */ | ||
673 | static size_t | ||
674 | ephemeral_purpose_size (void) | ||
675 | { | ||
676 | return sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
677 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
678 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
679 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | ||
680 | sizeof (struct GNUNET_PeerIdentity); | ||
681 | } | ||
682 | |||
683 | |||
684 | /** | ||
685 | * Size of the encrypted part of a ping message. | ||
686 | * | ||
687 | * @return Size of the encrypted part of a ping message. | ||
688 | */ | ||
689 | static size_t | ||
690 | ping_encryption_size (void) | ||
691 | { | ||
692 | return sizeof (uint32_t); | ||
693 | } | ||
694 | |||
695 | |||
696 | /** | ||
697 | * Get the channel's buffer. ONLY FOR NON-LOOPBACK CHANNELS!! | 562 | * Get the channel's buffer. ONLY FOR NON-LOOPBACK CHANNELS!! |
698 | * | 563 | * |
699 | * @param tch Tunnel's channel handle. | 564 | * @param tch Tunnel's channel handle. |
@@ -770,110 +635,6 @@ get_connection_allowed (const struct CadetTConnection *tc) | |||
770 | 635 | ||
771 | 636 | ||
772 | /** | 637 | /** |
773 | * Check that a ephemeral key message s well formed and correctly signed. | ||
774 | * | ||
775 | * @param t Tunnel on which the message came. | ||
776 | * @param msg The ephemeral key message. | ||
777 | * | ||
778 | * @return #GNUNET_OK if message is fine, #GNUNET_SYSERR otherwise. | ||
779 | */ | ||
780 | int | ||
781 | check_ephemeral (struct CadetTunnel *t, | ||
782 | const struct GNUNET_CADET_KX_Ephemeral *msg) | ||
783 | { | ||
784 | /* Check message size */ | ||
785 | if (ntohs (msg->header.size) != sizeof (struct GNUNET_CADET_KX_Ephemeral)) | ||
786 | { | ||
787 | /* This is probably an old "MESH" version. */ | ||
788 | LOG (GNUNET_ERROR_TYPE_INFO, | ||
789 | "Expected ephemeral of size %u, got %u\n", | ||
790 | sizeof (struct GNUNET_CADET_KX_Ephemeral), | ||
791 | ntohs (msg->header.size)); | ||
792 | return GNUNET_SYSERR; | ||
793 | } | ||
794 | |||
795 | /* Check signature size */ | ||
796 | if (ntohl (msg->purpose.size) != ephemeral_purpose_size ()) | ||
797 | { | ||
798 | LOG (GNUNET_ERROR_TYPE_WARNING, | ||
799 | "Expected signature purpose of size %u, got %u\n", | ||
800 | ephemeral_purpose_size (), | ||
801 | ntohs (msg->purpose.size)); | ||
802 | return GNUNET_SYSERR; | ||
803 | } | ||
804 | |||
805 | /* Check origin */ | ||
806 | if (0 != memcmp (&msg->origin_identity, | ||
807 | GCP_get_id (t->peer), | ||
808 | sizeof (struct GNUNET_PeerIdentity))) | ||
809 | { | ||
810 | LOG (GNUNET_ERROR_TYPE_WARNING, | ||
811 | "Unexpected origin, got %s\n", | ||
812 | GNUNET_i2s (&msg->origin_identity)); | ||
813 | return GNUNET_SYSERR; | ||
814 | } | ||
815 | |||
816 | /* Check signature */ | ||
817 | if (GNUNET_OK != | ||
818 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_KX, | ||
819 | &msg->purpose, | ||
820 | &msg->signature, | ||
821 | &msg->origin_identity.public_key)) | ||
822 | { | ||
823 | LOG (GNUNET_ERROR_TYPE_WARNING, "Signature invalid\n"); | ||
824 | return GNUNET_SYSERR; | ||
825 | } | ||
826 | |||
827 | return GNUNET_OK; | ||
828 | } | ||
829 | |||
830 | |||
831 | /** | ||
832 | * Select the best key to use for encryption (send), based on KX status. | ||
833 | * | ||
834 | * Normally, return the current key. If there is a KX in progress and the old | ||
835 | * key is fresh enough, return the old key. | ||
836 | * | ||
837 | * @param t Tunnel to choose the key from. | ||
838 | * | ||
839 | * @return The optimal key to encrypt/hmac outgoing traffic. | ||
840 | */ | ||
841 | static const struct GNUNET_CRYPTO_SymmetricSessionKey * | ||
842 | select_key (const struct CadetTunnel *t) | ||
843 | { | ||
844 | const struct GNUNET_CRYPTO_SymmetricSessionKey *key; | ||
845 | |||
846 | if (NULL != t->kx_ctx | ||
847 | && NULL == t->kx_ctx->finish_task) | ||
848 | { | ||
849 | struct GNUNET_TIME_Relative age; | ||
850 | |||
851 | age = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time); | ||
852 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
853 | " key exchange in progress, started %s ago\n", | ||
854 | GNUNET_STRINGS_relative_time_to_string (age, GNUNET_YES)); | ||
855 | // FIXME make duration of old keys configurable | ||
856 | if (age.rel_value_us < GNUNET_TIME_UNIT_MINUTES.rel_value_us) | ||
857 | { | ||
858 | LOG (GNUNET_ERROR_TYPE_DEBUG, " using old key\n"); | ||
859 | key = &t->kx_ctx->e_key_old; | ||
860 | } | ||
861 | else | ||
862 | { | ||
863 | LOG (GNUNET_ERROR_TYPE_DEBUG, " using new key (old key too old)\n"); | ||
864 | key = &t->e_key; | ||
865 | } | ||
866 | } | ||
867 | else | ||
868 | { | ||
869 | LOG (GNUNET_ERROR_TYPE_DEBUG, " no KX: using current key\n"); | ||
870 | key = &t->e_key; | ||
871 | } | ||
872 | return key; | ||
873 | } | ||
874 | |||
875 | |||
876 | /** | ||
877 | * Create a new Axolotl ephemeral (ratchet) key. | 638 | * Create a new Axolotl ephemeral (ratchet) key. |
878 | * | 639 | * |
879 | * @param t Tunnel. | 640 | * @param t Tunnel. |
@@ -928,43 +689,6 @@ t_hmac (const void *plaintext, size_t size, | |||
928 | 689 | ||
929 | 690 | ||
930 | /** | 691 | /** |
931 | * Encrypt daforce_newest_keyta with the tunnel key. | ||
932 | * | ||
933 | * @param t Tunnel whose key to use. | ||
934 | * @param dst Destination for the encrypted data. | ||
935 | * @param src Source of the plaintext. Can overlap with @c dst. | ||
936 | * @param size Size of the plaintext. | ||
937 | * @param iv Initialization Vector to use. | ||
938 | * @param force_newest_key Force the use of the newest key, otherwise | ||
939 | * CADET will use the old key when allowed. | ||
940 | * This can happen in the case when a KX is going on | ||
941 | * and the old one hasn't expired. | ||
942 | */ | ||
943 | static int | ||
944 | t_encrypt (struct CadetTunnel *t, void *dst, const void *src, | ||
945 | size_t size, uint32_t iv, int force_newest_key) | ||
946 | { | ||
947 | struct GNUNET_CRYPTO_SymmetricInitializationVector siv; | ||
948 | const struct GNUNET_CRYPTO_SymmetricSessionKey *key; | ||
949 | size_t out_size; | ||
950 | |||
951 | LOG (GNUNET_ERROR_TYPE_DEBUG, " t_encrypt start\n"); | ||
952 | |||
953 | key = GNUNET_YES == force_newest_key ? &t->e_key : select_key (t); | ||
954 | #if DUMP_KEYS_TO_STDERR | ||
955 | LOG (GNUNET_ERROR_TYPE_INFO, " ENC with key %s\n", | ||
956 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) key)); | ||
957 | #endif | ||
958 | GNUNET_CRYPTO_symmetric_derive_iv (&siv, key, &iv, sizeof (iv), NULL); | ||
959 | LOG (GNUNET_ERROR_TYPE_DEBUG, " t_encrypt IV derived\n"); | ||
960 | out_size = GNUNET_CRYPTO_symmetric_encrypt (src, size, key, &siv, dst); | ||
961 | LOG (GNUNET_ERROR_TYPE_DEBUG, " t_encrypt end\n"); | ||
962 | |||
963 | return out_size; | ||
964 | } | ||
965 | |||
966 | |||
967 | /** | ||
968 | * Perform a HMAC. | 692 | * Perform a HMAC. |
969 | * | 693 | * |
970 | * @param key Key to use. | 694 | * @param key Key to use. |
@@ -1199,134 +923,6 @@ t_h_decrypt (struct CadetTunnel *t, const struct GNUNET_CADET_AX *src, | |||
1199 | 923 | ||
1200 | 924 | ||
1201 | /** | 925 | /** |
1202 | * Decrypt and verify data with the appropriate tunnel key. | ||
1203 | * | ||
1204 | * @param key Key to use. | ||
1205 | * @param dst Destination for the plaintext. | ||
1206 | * @param src Source of the encrypted data. Can overlap with @c dst. | ||
1207 | * @param size Size of the encrypted data. | ||
1208 | * @param iv Initialization Vector to use. | ||
1209 | * | ||
1210 | * @return Size of the decrypted data, -1 if an error was encountered. | ||
1211 | */ | ||
1212 | static int | ||
1213 | decrypt (const struct GNUNET_CRYPTO_SymmetricSessionKey *key, | ||
1214 | void *dst, const void *src, size_t size, uint32_t iv) | ||
1215 | { | ||
1216 | struct GNUNET_CRYPTO_SymmetricInitializationVector siv; | ||
1217 | size_t out_size; | ||
1218 | |||
1219 | LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt start\n"); | ||
1220 | LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt iv\n"); | ||
1221 | GNUNET_CRYPTO_symmetric_derive_iv (&siv, key, &iv, sizeof (iv), NULL); | ||
1222 | LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt iv done\n"); | ||
1223 | out_size = GNUNET_CRYPTO_symmetric_decrypt (src, size, key, &siv, dst); | ||
1224 | LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt end\n"); | ||
1225 | |||
1226 | return out_size; | ||
1227 | } | ||
1228 | |||
1229 | |||
1230 | /** | ||
1231 | * Decrypt and verify data with the most recent tunnel key. | ||
1232 | * | ||
1233 | * @param t Tunnel whose key to use. | ||
1234 | * @param dst Destination for the plaintext. | ||
1235 | * @param src Source of the encrypted data. Can overlap with @c dst. | ||
1236 | * @param size Size of the encrypted data. | ||
1237 | * @param iv Initialization Vector to use. | ||
1238 | * | ||
1239 | * @return Size of the decrypted data, -1 if an error was encountered. | ||
1240 | */ | ||
1241 | static int | ||
1242 | t_decrypt (struct CadetTunnel *t, void *dst, const void *src, | ||
1243 | size_t size, uint32_t iv) | ||
1244 | { | ||
1245 | size_t out_size; | ||
1246 | |||
1247 | #if DUMP_KEYS_TO_STDERR | ||
1248 | LOG (GNUNET_ERROR_TYPE_DEBUG, " t_decrypt with %s\n", | ||
1249 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->d_key)); | ||
1250 | #endif | ||
1251 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) | ||
1252 | { | ||
1253 | GNUNET_STATISTICS_update (stats, "# non decryptable data", 1, GNUNET_NO); | ||
1254 | LOG (GNUNET_ERROR_TYPE_WARNING, | ||
1255 | "got data on %s without a valid key\n", | ||
1256 | GCT_2s (t)); | ||
1257 | GCT_debug (t, GNUNET_ERROR_TYPE_WARNING); | ||
1258 | return -1; | ||
1259 | } | ||
1260 | |||
1261 | out_size = decrypt (&t->d_key, dst, src, size, iv); | ||
1262 | |||
1263 | return out_size; | ||
1264 | } | ||
1265 | |||
1266 | |||
1267 | /** | ||
1268 | * Decrypt and verify data with the appropriate tunnel key and verify that the | ||
1269 | * data has not been altered since it was sent by the remote peer. | ||
1270 | * | ||
1271 | * @param t Tunnel whose key to use. | ||
1272 | * @param dst Destination for the plaintext. | ||
1273 | * @param src Source of the encrypted data. Can overlap with @c dst. | ||
1274 | * @param size Size of the encrypted data. | ||
1275 | * @param iv Initialization Vector to use. | ||
1276 | * @param msg_hmac HMAC of the message, cannot be NULL. | ||
1277 | * | ||
1278 | * @return Size of the decrypted data, -1 if an error was encountered. | ||
1279 | */ | ||
1280 | static int | ||
1281 | t_decrypt_and_validate (struct CadetTunnel *t, | ||
1282 | void *dst, const void *src, | ||
1283 | size_t size, uint32_t iv, | ||
1284 | const struct GNUNET_CADET_Hash *msg_hmac) | ||
1285 | { | ||
1286 | struct GNUNET_CRYPTO_SymmetricSessionKey *key; | ||
1287 | struct GNUNET_CADET_Hash hmac; | ||
1288 | int decrypted_size; | ||
1289 | |||
1290 | /* Try primary (newest) key */ | ||
1291 | key = &t->d_key; | ||
1292 | decrypted_size = decrypt (key, dst, src, size, iv); | ||
1293 | t_hmac (src, size, iv, key, &hmac); | ||
1294 | if (0 == memcmp (msg_hmac, &hmac, sizeof (hmac))) | ||
1295 | return decrypted_size; | ||
1296 | |||
1297 | /* If no key exchange is going on, we just failed. */ | ||
1298 | if (NULL == t->kx_ctx) | ||
1299 | { | ||
1300 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1301 | "Failed checksum validation on tunnel %s with no KX\n", | ||
1302 | GCT_2s (t)); | ||
1303 | GNUNET_STATISTICS_update (stats, "# wrong HMAC no KX", 1, GNUNET_NO); | ||
1304 | return -1; | ||
1305 | } | ||
1306 | |||
1307 | /* Try secondary key, from previous KX period. */ | ||
1308 | key = &t->kx_ctx->d_key_old; | ||
1309 | decrypted_size = decrypt (key, dst, src, size, iv); | ||
1310 | t_hmac (src, size, iv, key, &hmac); | ||
1311 | if (0 == memcmp (msg_hmac, &hmac, sizeof (hmac))) | ||
1312 | return decrypted_size; | ||
1313 | |||
1314 | /* Hail Mary, try tertiary, key, in case of parallel re-keys. */ | ||
1315 | key = &t->kx_ctx->d_key_old2; | ||
1316 | decrypted_size = decrypt (key, dst, src, size, iv); | ||
1317 | t_hmac (src, size, iv, key, &hmac); | ||
1318 | if (0 == memcmp (msg_hmac, &hmac, sizeof (hmac))) | ||
1319 | return decrypted_size; | ||
1320 | |||
1321 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1322 | "Failed checksum validation on tunnel %s with KX\n", | ||
1323 | GCT_2s (t)); | ||
1324 | GNUNET_STATISTICS_update (stats, "# wrong HMAC with KX", 1, GNUNET_NO); | ||
1325 | return -1; | ||
1326 | } | ||
1327 | |||
1328 | |||
1329 | /** | ||
1330 | * Decrypt and verify data with the appropriate tunnel key and verify that the | 926 | * Decrypt and verify data with the appropriate tunnel key and verify that the |
1331 | * data has not been altered since it was sent by the remote peer. | 927 | * data has not been altered since it was sent by the remote peer. |
1332 | * | 928 | * |
@@ -1604,175 +1200,6 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, void *dst, | |||
1604 | 1200 | ||
1605 | 1201 | ||
1606 | /** | 1202 | /** |
1607 | * Create key material by doing ECDH on the local and remote ephemeral keys. | ||
1608 | * | ||
1609 | * @param key_material Where to store the key material. | ||
1610 | * @param ephemeral Peer's public ephemeral key. | ||
1611 | * | ||
1612 | * @return GNUNET_OK if it went fine, GNUNET_SYSERR otherwise. | ||
1613 | */ | ||
1614 | static int | ||
1615 | derive_otr_key_material (struct GNUNET_HashCode *key_material, | ||
1616 | const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral) | ||
1617 | { | ||
1618 | if (GNUNET_OK != | ||
1619 | GNUNET_CRYPTO_ecc_ecdh (otr_ephemeral_key, ephemeral, key_material)) | ||
1620 | { | ||
1621 | GNUNET_break (0); | ||
1622 | return GNUNET_SYSERR; | ||
1623 | } | ||
1624 | return GNUNET_OK; | ||
1625 | } | ||
1626 | |||
1627 | |||
1628 | /** | ||
1629 | * Create a symmetic key from the identities of both ends and the key material | ||
1630 | * from ECDH. | ||
1631 | * | ||
1632 | * @param key Destination for the generated key. | ||
1633 | * @param sender ID of the peer that will encrypt with @c key. | ||
1634 | * @param receiver ID of the peer that will decrypt with @c key. | ||
1635 | * @param key_material Hash created with ECDH with the ephemeral keys. | ||
1636 | */ | ||
1637 | void | ||
1638 | derive_symmertic (struct GNUNET_CRYPTO_SymmetricSessionKey *key, | ||
1639 | const struct GNUNET_PeerIdentity *sender, | ||
1640 | const struct GNUNET_PeerIdentity *receiver, | ||
1641 | const struct GNUNET_HashCode *key_material) | ||
1642 | { | ||
1643 | const char salt[] = "CADET kx salt"; | ||
1644 | |||
1645 | GNUNET_CRYPTO_kdf (key, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | ||
1646 | salt, sizeof (salt), | ||
1647 | key_material, sizeof (struct GNUNET_HashCode), | ||
1648 | sender, sizeof (struct GNUNET_PeerIdentity), | ||
1649 | receiver, sizeof (struct GNUNET_PeerIdentity), | ||
1650 | NULL); | ||
1651 | } | ||
1652 | |||
1653 | |||
1654 | /** | ||
1655 | * Derive the tunnel's keys using our own and the peer's ephemeral keys. | ||
1656 | * | ||
1657 | * @param t Tunnel for which to create the keys. | ||
1658 | * | ||
1659 | * @return GNUNET_OK if successful, GNUNET_SYSERR otherwise. | ||
1660 | */ | ||
1661 | static int | ||
1662 | create_otr_keys (struct CadetTunnel *t) | ||
1663 | { | ||
1664 | struct GNUNET_HashCode km; | ||
1665 | |||
1666 | if (GNUNET_OK != derive_otr_key_material (&km, &t->peers_ephemeral_key)) | ||
1667 | return GNUNET_SYSERR; | ||
1668 | derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km); | ||
1669 | derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km); | ||
1670 | #if DUMP_KEYS_TO_STDERR | ||
1671 | LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n", | ||
1672 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &otr_kx_msg.ephemeral_key)); | ||
1673 | LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n", | ||
1674 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->peers_ephemeral_key)); | ||
1675 | LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km)); | ||
1676 | LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n", | ||
1677 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->e_key)); | ||
1678 | LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n", | ||
1679 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->d_key)); | ||
1680 | #endif | ||
1681 | return GNUNET_OK; | ||
1682 | } | ||
1683 | |||
1684 | |||
1685 | /** | ||
1686 | * Create a new Key eXchange context for the tunnel. | ||
1687 | * | ||
1688 | * If the old keys were verified, keep them for old traffic. Create a new KX | ||
1689 | * timestamp and a new nonce. | ||
1690 | * | ||
1691 | * @param t Tunnel for which to create the KX ctx. | ||
1692 | * | ||
1693 | * @return GNUNET_OK if successful, GNUNET_SYSERR otherwise. | ||
1694 | */ | ||
1695 | static int | ||
1696 | create_kx_ctx (struct CadetTunnel *t) | ||
1697 | { | ||
1698 | LOG (GNUNET_ERROR_TYPE_INFO, " new kx ctx for %s\n", GCT_2s (t)); | ||
1699 | |||
1700 | if (NULL != t->kx_ctx) | ||
1701 | { | ||
1702 | if (NULL != t->kx_ctx->finish_task) | ||
1703 | { | ||
1704 | LOG (GNUNET_ERROR_TYPE_INFO, " resetting exisiting finish task\n"); | ||
1705 | GNUNET_SCHEDULER_cancel (t->kx_ctx->finish_task); | ||
1706 | t->kx_ctx->finish_task = NULL; | ||
1707 | } | ||
1708 | } | ||
1709 | else | ||
1710 | { | ||
1711 | t->kx_ctx = GNUNET_new (struct CadetTunnelKXCtx); | ||
1712 | t->kx_ctx->challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, | ||
1713 | UINT32_MAX); | ||
1714 | } | ||
1715 | |||
1716 | if (CADET_TUNNEL_KEY_OK == t->estate) | ||
1717 | { | ||
1718 | LOG (GNUNET_ERROR_TYPE_INFO, " backing up keys\n"); | ||
1719 | t->kx_ctx->d_key_old = t->d_key; | ||
1720 | t->kx_ctx->e_key_old = t->e_key; | ||
1721 | } | ||
1722 | else | ||
1723 | LOG (GNUNET_ERROR_TYPE_INFO, " old keys not valid, not saving\n"); | ||
1724 | t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get (); | ||
1725 | return create_otr_keys (t); | ||
1726 | } | ||
1727 | |||
1728 | |||
1729 | /** | ||
1730 | * @brief Finish the Key eXchange and destroy the old keys. | ||
1731 | * | ||
1732 | * @param cls Closure (Tunnel for which to finish the KX). | ||
1733 | */ | ||
1734 | static void | ||
1735 | finish_kx (void *cls) | ||
1736 | { | ||
1737 | struct CadetTunnel *t = cls; | ||
1738 | |||
1739 | LOG (GNUNET_ERROR_TYPE_INFO, "finish KX for %s\n", GCT_2s (t)); | ||
1740 | GNUNET_free (t->kx_ctx); | ||
1741 | t->kx_ctx = NULL; | ||
1742 | } | ||
1743 | |||
1744 | |||
1745 | /** | ||
1746 | * Destroy a Key eXchange context for the tunnel. This function only schedules | ||
1747 | * the destruction, the freeing of the memory (and clearing of old key material) | ||
1748 | * happens after a delay! | ||
1749 | * | ||
1750 | * @param t Tunnel whose KX ctx to destroy. | ||
1751 | */ | ||
1752 | static void | ||
1753 | destroy_kx_ctx (struct CadetTunnel *t) | ||
1754 | { | ||
1755 | struct GNUNET_TIME_Relative delay; | ||
1756 | |||
1757 | if (NULL == t->kx_ctx || NULL != t->kx_ctx->finish_task) | ||
1758 | return; | ||
1759 | |||
1760 | if (is_key_null (&t->kx_ctx->e_key_old)) | ||
1761 | { | ||
1762 | t->kx_ctx->finish_task = GNUNET_SCHEDULER_add_now (&finish_kx, t); | ||
1763 | return; | ||
1764 | } | ||
1765 | |||
1766 | delay = GNUNET_TIME_relative_divide (rekey_period, 4); | ||
1767 | delay = GNUNET_TIME_relative_min (delay, GNUNET_TIME_UNIT_MINUTES); | ||
1768 | |||
1769 | t->kx_ctx->finish_task = GNUNET_SCHEDULER_add_delayed (delay, | ||
1770 | &finish_kx, t); | ||
1771 | } | ||
1772 | |||
1773 | |||
1774 | |||
1775 | /** | ||
1776 | * Pick a connection on which send the next data message. | 1203 | * Pick a connection on which send the next data message. |
1777 | * | 1204 | * |
1778 | * @param t Tunnel on which to send the message. | 1205 | * @param t Tunnel on which to send the message. |
@@ -1904,27 +1331,25 @@ queue_data (struct CadetTunnel *t, const struct GNUNET_MessageHeader *msg) | |||
1904 | * @param existing_q In case this a transmission of previously queued data, | 1331 | * @param existing_q In case this a transmission of previously queued data, |
1905 | * this should be TunnelQueue given to the client. | 1332 | * this should be TunnelQueue given to the client. |
1906 | * Otherwise, NULL. | 1333 | * Otherwise, NULL. |
1907 | * | ||
1908 | * @return Handle to cancel message. | 1334 | * @return Handle to cancel message. |
1909 | * NULL if @c cont is NULL or an error happens and message is dropped. | 1335 | * NULL if @c cont is NULL or an error happens and message is dropped. |
1910 | */ | 1336 | */ |
1911 | static struct CadetTunnelQueue * | 1337 | static struct CadetTunnelQueue * |
1912 | send_prebuilt_message (const struct GNUNET_MessageHeader *message, | 1338 | send_prebuilt_message (const struct GNUNET_MessageHeader *message, |
1913 | struct CadetTunnel *t, struct CadetConnection *c, | 1339 | struct CadetTunnel *t, |
1914 | int force, GCT_sent cont, void *cont_cls, | 1340 | struct CadetConnection *c, |
1341 | int force, | ||
1342 | GCT_sent cont, | ||
1343 | void *cont_cls, | ||
1915 | struct CadetTunnelQueue *existing_q) | 1344 | struct CadetTunnelQueue *existing_q) |
1916 | { | 1345 | { |
1917 | struct GNUNET_MessageHeader *msg; | 1346 | struct GNUNET_MessageHeader *msg; |
1918 | struct GNUNET_CADET_Encrypted *otr_msg; | ||
1919 | struct GNUNET_CADET_AX *ax_msg; | 1347 | struct GNUNET_CADET_AX *ax_msg; |
1920 | struct CadetTunnelQueue *tq; | 1348 | struct CadetTunnelQueue *tq; |
1921 | size_t size = ntohs (message->size); | 1349 | size_t size = ntohs (message->size); |
1922 | const uint16_t max_overhead = sizeof (struct GNUNET_CADET_Encrypted) | 1350 | char cbuf[sizeof (struct GNUNET_CADET_AX) + size] GNUNET_ALIGN; |
1923 | + sizeof (struct GNUNET_CADET_AX); | ||
1924 | char cbuf[max_overhead + size]; | ||
1925 | size_t esize; | 1351 | size_t esize; |
1926 | uint32_t mid; | 1352 | uint32_t mid; |
1927 | uint32_t iv; | ||
1928 | uint16_t type; | 1353 | uint16_t type; |
1929 | int fwd; | 1354 | int fwd; |
1930 | 1355 | ||
@@ -1950,32 +1375,17 @@ send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
1950 | 1375 | ||
1951 | GNUNET_assert (GNUNET_NO == GCT_is_loopback (t)); | 1376 | GNUNET_assert (GNUNET_NO == GCT_is_loopback (t)); |
1952 | 1377 | ||
1953 | if (CADET_Axolotl == t->enc_type) | 1378 | GNUNET_assert (CADET_Axolotl == t->enc_type); |
1954 | { | 1379 | ax_msg = (struct GNUNET_CADET_AX *) cbuf; |
1955 | ax_msg = (struct GNUNET_CADET_AX *) cbuf; | 1380 | msg = &ax_msg->header; |
1956 | msg = &ax_msg->header; | 1381 | msg->size = htons (sizeof (struct GNUNET_CADET_AX) + size); |
1957 | msg->size = htons (sizeof (struct GNUNET_CADET_AX) + size); | 1382 | msg->type = htons (GNUNET_MESSAGE_TYPE_CADET_AX); |
1958 | msg->type = htons (GNUNET_MESSAGE_TYPE_CADET_AX); | 1383 | esize = t_ax_encrypt (t, &ax_msg[1], message, size); |
1959 | ax_msg->reserved = 0; | 1384 | ax_msg->Ns = htonl (t->ax->Ns++); |
1960 | esize = t_ax_encrypt (t, &ax_msg[1], message, size); | 1385 | ax_msg->PNs = htonl (t->ax->PNs); |
1961 | ax_msg->Ns = htonl (t->ax->Ns++); | 1386 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->DHRs, &ax_msg->DHRs); |
1962 | ax_msg->PNs = htonl (t->ax->PNs); | 1387 | t_h_encrypt (t, ax_msg); |
1963 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->DHRs, &ax_msg->DHRs); | 1388 | t_hmac (&ax_msg->Ns, AX_HEADER_SIZE + esize, 0, &t->ax->HKs, &ax_msg->hmac); |
1964 | t_h_encrypt (t, ax_msg); | ||
1965 | t_hmac (&ax_msg->Ns, AX_HEADER_SIZE + esize, 0, &t->ax->HKs, &ax_msg->hmac); | ||
1966 | } | ||
1967 | else | ||
1968 | { | ||
1969 | otr_msg = (struct GNUNET_CADET_Encrypted *) cbuf; | ||
1970 | msg = &otr_msg->header; | ||
1971 | iv = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); | ||
1972 | otr_msg->iv = iv; | ||
1973 | esize = t_encrypt (t, &otr_msg[1], message, size, iv, GNUNET_NO); | ||
1974 | t_hmac (&otr_msg[1], size, iv, select_key (t), &otr_msg->hmac); | ||
1975 | msg->size = htons (sizeof (struct GNUNET_CADET_Encrypted) + size); | ||
1976 | msg->type = htons (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED); | ||
1977 | otr_msg->ttl = htonl (default_ttl); | ||
1978 | } | ||
1979 | GNUNET_assert (esize == size); | 1389 | GNUNET_assert (esize == size); |
1980 | 1390 | ||
1981 | if (NULL == c) | 1391 | if (NULL == c) |
@@ -2147,28 +1557,6 @@ ephm_sent (void *cls, | |||
2147 | 1557 | ||
2148 | 1558 | ||
2149 | /** | 1559 | /** |
2150 | * Callback called when a queued message is sent. | ||
2151 | * | ||
2152 | * @param cls Closure. | ||
2153 | * @param c Connection this message was on. | ||
2154 | * @param type Type of message sent. | ||
2155 | * @param fwd Was this a FWD going message? | ||
2156 | * @param size Size of the message. | ||
2157 | */ | ||
2158 | static void | ||
2159 | pong_sent (void *cls, | ||
2160 | struct CadetConnection *c, | ||
2161 | struct CadetConnectionQueue *q, | ||
2162 | uint16_t type, int fwd, size_t size) | ||
2163 | { | ||
2164 | struct CadetTunnel *t = cls; | ||
2165 | LOG (GNUNET_ERROR_TYPE_DEBUG, "pong_sent %s\n", GC_m2s (type)); | ||
2166 | |||
2167 | t->pong_h = NULL; | ||
2168 | } | ||
2169 | |||
2170 | |||
2171 | /** | ||
2172 | * Sends key exchange message on a tunnel, choosing the best connection. | 1560 | * Sends key exchange message on a tunnel, choosing the best connection. |
2173 | * Should not be called on loopback tunnels. | 1561 | * Should not be called on loopback tunnels. |
2174 | * | 1562 | * |
@@ -2232,16 +1620,10 @@ send_kx (struct CadetTunnel *t, | |||
2232 | } | 1620 | } |
2233 | switch (type) | 1621 | switch (type) |
2234 | { | 1622 | { |
2235 | case GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL: | ||
2236 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: | 1623 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: |
2237 | GNUNET_assert (NULL == t->ephm_h); | 1624 | GNUNET_assert (NULL == t->ephm_h); |
2238 | cont = &ephm_sent; | 1625 | cont = &ephm_sent; |
2239 | break; | 1626 | break; |
2240 | case GNUNET_MESSAGE_TYPE_CADET_KX_PONG: | ||
2241 | GNUNET_assert (NULL == t->pong_h); | ||
2242 | cont = &pong_sent; | ||
2243 | break; | ||
2244 | |||
2245 | default: | 1627 | default: |
2246 | LOG (GNUNET_ERROR_TYPE_DEBUG, "unkown type %s\n", GC_m2s (type)); | 1628 | LOG (GNUNET_ERROR_TYPE_DEBUG, "unkown type %s\n", GC_m2s (type)); |
2247 | GNUNET_assert (0); | 1629 | GNUNET_assert (0); |
@@ -2257,213 +1639,6 @@ send_kx (struct CadetTunnel *t, | |||
2257 | 1639 | ||
2258 | 1640 | ||
2259 | /** | 1641 | /** |
2260 | * Send the ephemeral key on a tunnel. | ||
2261 | * | ||
2262 | * @param t Tunnel on which to send the key. | ||
2263 | */ | ||
2264 | static void | ||
2265 | send_ephemeral (struct CadetTunnel *t) | ||
2266 | { | ||
2267 | LOG (GNUNET_ERROR_TYPE_INFO, "==> EPHM for %s\n", GCT_2s (t)); | ||
2268 | if (NULL != t->ephm_h) | ||
2269 | { | ||
2270 | LOG (GNUNET_ERROR_TYPE_INFO, " already queued\n"); | ||
2271 | return; | ||
2272 | } | ||
2273 | |||
2274 | otr_kx_msg.sender_status = htonl (t->estate); | ||
2275 | otr_kx_msg.iv = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); | ||
2276 | otr_kx_msg.nonce = t->kx_ctx->challenge; | ||
2277 | LOG (GNUNET_ERROR_TYPE_DEBUG, " send nonce c %u\n", otr_kx_msg.nonce); | ||
2278 | t_encrypt (t, &otr_kx_msg.nonce, &otr_kx_msg.nonce, | ||
2279 | ping_encryption_size(), otr_kx_msg.iv, GNUNET_YES); | ||
2280 | LOG (GNUNET_ERROR_TYPE_DEBUG, " send nonce e %u\n", otr_kx_msg.nonce); | ||
2281 | t->ephm_h = send_kx (t, &otr_kx_msg.header); | ||
2282 | } | ||
2283 | |||
2284 | |||
2285 | /** | ||
2286 | * Send a pong message on a tunnel. | ||
2287 | *d_ | ||
2288 | * @param t Tunnel on which to send the pong. | ||
2289 | * @param challenge Value sent in the ping that we have to send back. | ||
2290 | */ | ||
2291 | static void | ||
2292 | send_pong (struct CadetTunnel *t, uint32_t challenge) | ||
2293 | { | ||
2294 | struct GNUNET_CADET_KX_Pong msg; | ||
2295 | |||
2296 | LOG (GNUNET_ERROR_TYPE_INFO, "==> PONG for %s\n", GCT_2s (t)); | ||
2297 | if (NULL != t->pong_h) | ||
2298 | { | ||
2299 | LOG (GNUNET_ERROR_TYPE_INFO, " already queued\n"); | ||
2300 | return; | ||
2301 | } | ||
2302 | msg.header.size = htons (sizeof (msg)); | ||
2303 | msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX_PONG); | ||
2304 | msg.iv = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); | ||
2305 | msg.nonce = challenge; | ||
2306 | LOG (GNUNET_ERROR_TYPE_DEBUG, " sending %u\n", msg.nonce); | ||
2307 | t_encrypt (t, &msg.nonce, &msg.nonce, | ||
2308 | sizeof (msg.nonce), msg.iv, GNUNET_YES); | ||
2309 | LOG (GNUNET_ERROR_TYPE_DEBUG, " e sending %u\n", msg.nonce); | ||
2310 | |||
2311 | t->pong_h = send_kx (t, &msg.header); | ||
2312 | } | ||
2313 | |||
2314 | |||
2315 | /** | ||
2316 | * Initiate a rekey with the remote peer. | ||
2317 | * | ||
2318 | * @param cls Closure (tunnel). | ||
2319 | */ | ||
2320 | static void | ||
2321 | rekey_tunnel (void *cls) | ||
2322 | { | ||
2323 | struct CadetTunnel *t = cls; | ||
2324 | |||
2325 | t->rekey_task = NULL; | ||
2326 | LOG (GNUNET_ERROR_TYPE_INFO, "Re-key Tunnel %s\n", GCT_2s (t)); | ||
2327 | GNUNET_assert (NULL != t->kx_ctx); | ||
2328 | struct GNUNET_TIME_Relative duration; | ||
2329 | |||
2330 | duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time); | ||
2331 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
2332 | " kx started %s ago\n", | ||
2333 | GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES)); | ||
2334 | |||
2335 | // FIXME make duration of old keys configurable | ||
2336 | if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us) | ||
2337 | { | ||
2338 | LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n"); | ||
2339 | memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old)); | ||
2340 | memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old)); | ||
2341 | } | ||
2342 | |||
2343 | send_ephemeral (t); | ||
2344 | |||
2345 | switch (t->estate) | ||
2346 | { | ||
2347 | case CADET_TUNNEL_KEY_UNINITIALIZED: | ||
2348 | GCT_change_estate (t, CADET_TUNNEL_KEY_SENT); | ||
2349 | break; | ||
2350 | |||
2351 | case CADET_TUNNEL_KEY_SENT: | ||
2352 | break; | ||
2353 | |||
2354 | case CADET_TUNNEL_KEY_OK: | ||
2355 | /* Inconsistent! | ||
2356 | * - state should have changed during rekey_iterator | ||
2357 | * - task should have been canceled at pong_handle | ||
2358 | */ | ||
2359 | GNUNET_break (0); | ||
2360 | GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY); | ||
2361 | break; | ||
2362 | |||
2363 | case CADET_TUNNEL_KEY_PING: | ||
2364 | case CADET_TUNNEL_KEY_REKEY: | ||
2365 | break; | ||
2366 | |||
2367 | default: | ||
2368 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Unexpected state %u\n", t->estate); | ||
2369 | } | ||
2370 | |||
2371 | // FIXME exponential backoff | ||
2372 | struct GNUNET_TIME_Relative delay; | ||
2373 | |||
2374 | delay = GNUNET_TIME_relative_divide (rekey_period, 16); | ||
2375 | delay = GNUNET_TIME_relative_min (delay, REKEY_WAIT); | ||
2376 | LOG (GNUNET_ERROR_TYPE_DEBUG, " next call in %s\n", | ||
2377 | GNUNET_STRINGS_relative_time_to_string (delay, GNUNET_YES)); | ||
2378 | t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t); | ||
2379 | } | ||
2380 | |||
2381 | |||
2382 | /** | ||
2383 | * Our ephemeral key has changed, create new session key on all tunnels. | ||
2384 | * | ||
2385 | * Each tunnel will start the Key Exchange with a random delay between | ||
2386 | * 0 and number_of_tunnels*100 milliseconds, so there are 10 key exchanges | ||
2387 | * per second, on average. | ||
2388 | * | ||
2389 | * @param cls Closure (size of the hashmap). | ||
2390 | * @param key Current public key. | ||
2391 | * @param value Value in the hash map (tunnel). | ||
2392 | * | ||
2393 | * @return #GNUNET_YES, so we should continue to iterate, | ||
2394 | */ | ||
2395 | static int | ||
2396 | rekey_iterator (void *cls, | ||
2397 | const struct GNUNET_PeerIdentity *key, | ||
2398 | void *value) | ||
2399 | { | ||
2400 | struct CadetTunnel *t = value; | ||
2401 | struct GNUNET_TIME_Relative delay; | ||
2402 | long n = (long) cls; | ||
2403 | uint32_t r; | ||
2404 | |||
2405 | if (NULL != t->rekey_task) | ||
2406 | return GNUNET_YES; | ||
2407 | |||
2408 | if (GNUNET_YES == GCT_is_loopback (t)) | ||
2409 | return GNUNET_YES; | ||
2410 | |||
2411 | if (CADET_OTR != t->enc_type) | ||
2412 | return GNUNET_YES; | ||
2413 | |||
2414 | r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100); | ||
2415 | delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r); | ||
2416 | t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t); | ||
2417 | if (GNUNET_OK == create_kx_ctx (t)) | ||
2418 | GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY); | ||
2419 | else | ||
2420 | { | ||
2421 | GNUNET_break (0); | ||
2422 | // FIXME restart kx | ||
2423 | } | ||
2424 | |||
2425 | return GNUNET_YES; | ||
2426 | } | ||
2427 | |||
2428 | |||
2429 | /** | ||
2430 | * Create a new ephemeral key and key message, schedule next rekeying. | ||
2431 | * | ||
2432 | * @param cls Closure (unused). | ||
2433 | */ | ||
2434 | static void | ||
2435 | global_otr_rekey (void *cls) | ||
2436 | { | ||
2437 | struct GNUNET_TIME_Absolute time; | ||
2438 | long n; | ||
2439 | |||
2440 | rekey_task = NULL; | ||
2441 | GNUNET_free_non_null (otr_ephemeral_key); | ||
2442 | otr_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create (); | ||
2443 | |||
2444 | time = GNUNET_TIME_absolute_get (); | ||
2445 | otr_kx_msg.creation_time = GNUNET_TIME_absolute_hton (time); | ||
2446 | time = GNUNET_TIME_absolute_add (time, rekey_period); | ||
2447 | time = GNUNET_TIME_absolute_add (time, GNUNET_TIME_UNIT_MINUTES); | ||
2448 | otr_kx_msg.expiration_time = GNUNET_TIME_absolute_hton (time); | ||
2449 | GNUNET_CRYPTO_ecdhe_key_get_public (otr_ephemeral_key, &otr_kx_msg.ephemeral_key); | ||
2450 | LOG (GNUNET_ERROR_TYPE_INFO, "GLOBAL OTR RE-KEY, NEW EPHM: %s\n", | ||
2451 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &otr_kx_msg.ephemeral_key)); | ||
2452 | |||
2453 | GNUNET_assert (GNUNET_OK == | ||
2454 | GNUNET_CRYPTO_eddsa_sign (id_key, | ||
2455 | &otr_kx_msg.purpose, | ||
2456 | &otr_kx_msg.signature)); | ||
2457 | |||
2458 | n = (long) GNUNET_CONTAINER_multipeermap_size (tunnels); | ||
2459 | GNUNET_CONTAINER_multipeermap_iterate (tunnels, &rekey_iterator, (void *) n); | ||
2460 | |||
2461 | rekey_task = GNUNET_SCHEDULER_add_delayed (rekey_period, | ||
2462 | &global_otr_rekey, NULL); | ||
2463 | } | ||
2464 | |||
2465 | |||
2466 | /** | ||
2467 | * Called only on shutdown, destroy every tunnel. | 1642 | * Called only on shutdown, destroy every tunnel. |
2468 | * | 1643 | * |
2469 | * @param cls Closure (unused). | 1644 | * @param cls Closure (unused). |
@@ -2784,138 +1959,6 @@ destroy_ax (struct CadetTunnel *t) | |||
2784 | 1959 | ||
2785 | 1960 | ||
2786 | /** | 1961 | /** |
2787 | * The peer's ephemeral key has changed: update the symmetrical keys. | ||
2788 | * | ||
2789 | * @param t Tunnel this message came on. | ||
2790 | * @param msg Key eXchange message. | ||
2791 | */ | ||
2792 | static void | ||
2793 | handle_ephemeral (struct CadetTunnel *t, | ||
2794 | const struct GNUNET_CADET_KX_Ephemeral *msg) | ||
2795 | { | ||
2796 | LOG (GNUNET_ERROR_TYPE_INFO, "<== EPHM for %s\n", GCT_2s (t)); | ||
2797 | |||
2798 | /* Some old versions are still around, don't log as error. */ | ||
2799 | if (GNUNET_OK != check_ephemeral (t, msg)) | ||
2800 | return; | ||
2801 | |||
2802 | /* If we get a proper OTR-style ephemeral, fallback to old crypto. */ | ||
2803 | if (NULL != t->ax) | ||
2804 | { | ||
2805 | destroy_ax (t); | ||
2806 | t->enc_type = CADET_OTR; | ||
2807 | if (NULL != t->rekey_task) | ||
2808 | GNUNET_SCHEDULER_cancel (t->rekey_task); | ||
2809 | if (GNUNET_OK != create_kx_ctx (t)) | ||
2810 | { | ||
2811 | // FIXME restart kx | ||
2812 | GNUNET_break (0); | ||
2813 | return; | ||
2814 | } | ||
2815 | rekey_tunnel (t); | ||
2816 | GNUNET_STATISTICS_update (stats, "# otr-downgrades", -1, GNUNET_NO); | ||
2817 | } | ||
2818 | |||
2819 | /** | ||
2820 | * If the key is different from what we know, derive the new E/D keys. | ||
2821 | * Else destroy the rekey ctx (duplicate EPHM after successful KX). | ||
2822 | */ | ||
2823 | if (0 != memcmp (&t->peers_ephemeral_key, &msg->ephemeral_key, | ||
2824 | sizeof (msg->ephemeral_key))) | ||
2825 | { | ||
2826 | #if DUMP_KEYS_TO_STDERR | ||
2827 | LOG (GNUNET_ERROR_TYPE_INFO, "OLD: %s\n", | ||
2828 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->peers_ephemeral_key)); | ||
2829 | LOG (GNUNET_ERROR_TYPE_INFO, "NEW: %s\n", | ||
2830 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &msg->ephemeral_key)); | ||
2831 | #endif | ||
2832 | t->peers_ephemeral_key = msg->ephemeral_key; | ||
2833 | |||
2834 | if (GNUNET_OK != create_kx_ctx (t)) | ||
2835 | { | ||
2836 | // FIXME restart kx | ||
2837 | GNUNET_break (0); | ||
2838 | return; | ||
2839 | } | ||
2840 | |||
2841 | if (CADET_TUNNEL_KEY_OK == t->estate) | ||
2842 | { | ||
2843 | GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY); | ||
2844 | } | ||
2845 | if (NULL != t->rekey_task) | ||
2846 | GNUNET_SCHEDULER_cancel (t->rekey_task); | ||
2847 | t->rekey_task = GNUNET_SCHEDULER_add_now (&rekey_tunnel, t); | ||
2848 | } | ||
2849 | if (CADET_TUNNEL_KEY_SENT == t->estate) | ||
2850 | { | ||
2851 | LOG (GNUNET_ERROR_TYPE_DEBUG, " our key was sent, sending challenge\n"); | ||
2852 | send_ephemeral (t); | ||
2853 | GCT_change_estate (t, CADET_TUNNEL_KEY_PING); | ||
2854 | } | ||
2855 | |||
2856 | if (CADET_TUNNEL_KEY_UNINITIALIZED != ntohl(msg->sender_status)) | ||
2857 | { | ||
2858 | uint32_t nonce; | ||
2859 | |||
2860 | LOG (GNUNET_ERROR_TYPE_DEBUG, " recv nonce e %u\n", msg->nonce); | ||
2861 | t_decrypt (t, &nonce, &msg->nonce, ping_encryption_size (), msg->iv); | ||
2862 | LOG (GNUNET_ERROR_TYPE_DEBUG, " recv nonce c %u\n", nonce); | ||
2863 | send_pong (t, nonce); | ||
2864 | } | ||
2865 | } | ||
2866 | |||
2867 | |||
2868 | /** | ||
2869 | * Peer has answer to our challenge. | ||
2870 | * If answer is successful, consider the key exchange finished and clean | ||
2871 | * up all related state. | ||
2872 | * | ||
2873 | * @param t Tunnel this message came on. | ||
2874 | * @param msg Key eXchange Pong message. | ||
2875 | */ | ||
2876 | static void | ||
2877 | handle_pong (struct CadetTunnel *t, | ||
2878 | const struct GNUNET_CADET_KX_Pong *msg) | ||
2879 | { | ||
2880 | uint32_t challenge; | ||
2881 | |||
2882 | LOG (GNUNET_ERROR_TYPE_INFO, "<== PONG for %s\n", GCT_2s (t)); | ||
2883 | if (NULL == t->rekey_task) | ||
2884 | { | ||
2885 | GNUNET_STATISTICS_update (stats, "# duplicate PONG messages", 1, GNUNET_NO); | ||
2886 | return; | ||
2887 | } | ||
2888 | if (NULL == t->kx_ctx) | ||
2889 | { | ||
2890 | GNUNET_STATISTICS_update (stats, "# stray PONG messages", 1, GNUNET_NO); | ||
2891 | return; | ||
2892 | } | ||
2893 | |||
2894 | t_decrypt (t, &challenge, &msg->nonce, sizeof (uint32_t), msg->iv); | ||
2895 | if (challenge != t->kx_ctx->challenge) | ||
2896 | { | ||
2897 | LOG (GNUNET_ERROR_TYPE_WARNING, "Wrong PONG challenge on %s\n", GCT_2s (t)); | ||
2898 | LOG (GNUNET_ERROR_TYPE_DEBUG, "PONG: %u (e: %u). Expected: %u.\n", | ||
2899 | challenge, msg->nonce, t->kx_ctx->challenge); | ||
2900 | send_ephemeral (t); | ||
2901 | return; | ||
2902 | } | ||
2903 | GNUNET_SCHEDULER_cancel (t->rekey_task); | ||
2904 | t->rekey_task = NULL; | ||
2905 | |||
2906 | /* Don't free the old keys right away, but after a delay. | ||
2907 | * Rationale: the KX could have happened over a very fast connection, | ||
2908 | * with payload traffic still signed with the old key stuck in a slower | ||
2909 | * connection. | ||
2910 | * Don't keep the keys longer than 1/4 the rekey period, and no longer than | ||
2911 | * one minute. | ||
2912 | */ | ||
2913 | destroy_kx_ctx (t); | ||
2914 | GCT_change_estate (t, CADET_TUNNEL_KEY_OK); | ||
2915 | } | ||
2916 | |||
2917 | |||
2918 | /** | ||
2919 | * Handle Axolotl handshake. | 1962 | * Handle Axolotl handshake. |
2920 | * | 1963 | * |
2921 | * @param t Tunnel this message came on. | 1964 | * @param t Tunnel this message came on. |
@@ -2936,7 +1979,6 @@ handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg) | |||
2936 | if (NULL == t->ax) | 1979 | if (NULL == t->ax) |
2937 | { | 1980 | { |
2938 | /* Something is wrong if ax is NULL. Whose fault it is? */ | 1981 | /* Something is wrong if ax is NULL. Whose fault it is? */ |
2939 | GNUNET_break_op (CADET_OTR == t->enc_type); | ||
2940 | GNUNET_break (CADET_Axolotl == t->enc_type); | 1982 | GNUNET_break (CADET_Axolotl == t->enc_type); |
2941 | return; | 1983 | return; |
2942 | } | 1984 | } |
@@ -3148,18 +2190,6 @@ GCT_handle_encrypted (struct CadetTunnel *t, | |||
3148 | type = ntohs (msg->type); | 2190 | type = ntohs (msg->type); |
3149 | switch (type) | 2191 | switch (type) |
3150 | { | 2192 | { |
3151 | case GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED: | ||
3152 | { | ||
3153 | const struct GNUNET_CADET_Encrypted *emsg; | ||
3154 | size_t payload_size; | ||
3155 | |||
3156 | GNUNET_STATISTICS_update (stats, "# received OTR", 1, GNUNET_NO); | ||
3157 | emsg = (const struct GNUNET_CADET_Encrypted *) msg; | ||
3158 | payload_size = size - sizeof (struct GNUNET_CADET_Encrypted); | ||
3159 | decrypted_size = t_decrypt_and_validate (t, cbuf, &emsg[1], payload_size, | ||
3160 | emsg->iv, &emsg->hmac); | ||
3161 | } | ||
3162 | break; | ||
3163 | case GNUNET_MESSAGE_TYPE_CADET_AX: | 2193 | case GNUNET_MESSAGE_TYPE_CADET_AX: |
3164 | { | 2194 | { |
3165 | const struct GNUNET_CADET_AX *emsg; | 2195 | const struct GNUNET_CADET_AX *emsg; |
@@ -3229,18 +2259,9 @@ GCT_handle_kx (struct CadetTunnel *t, | |||
3229 | GNUNET_STATISTICS_update (stats, buf, 1, GNUNET_NO); | 2259 | GNUNET_STATISTICS_update (stats, buf, 1, GNUNET_NO); |
3230 | switch (type) | 2260 | switch (type) |
3231 | { | 2261 | { |
3232 | case GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL: | ||
3233 | handle_ephemeral (t, (const struct GNUNET_CADET_KX_Ephemeral *) message); | ||
3234 | break; | ||
3235 | |||
3236 | case GNUNET_MESSAGE_TYPE_CADET_KX_PONG: | ||
3237 | handle_pong (t, (const struct GNUNET_CADET_KX_Pong *) message); | ||
3238 | break; | ||
3239 | |||
3240 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: | 2262 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: |
3241 | handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message); | 2263 | handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message); |
3242 | break; | 2264 | break; |
3243 | |||
3244 | default: | 2265 | default: |
3245 | GNUNET_break_op (0); | 2266 | GNUNET_break_op (0); |
3246 | LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type)); | 2267 | LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type)); |
@@ -3257,40 +2278,32 @@ void | |||
3257 | GCT_init (const struct GNUNET_CONFIGURATION_Handle *c, | 2278 | GCT_init (const struct GNUNET_CONFIGURATION_Handle *c, |
3258 | const struct GNUNET_CRYPTO_EddsaPrivateKey *key) | 2279 | const struct GNUNET_CRYPTO_EddsaPrivateKey *key) |
3259 | { | 2280 | { |
3260 | int expected_overhead; | 2281 | unsigned int expected_overhead; |
3261 | 2282 | ||
3262 | LOG (GNUNET_ERROR_TYPE_DEBUG, "init\n"); | 2283 | LOG (GNUNET_ERROR_TYPE_DEBUG, "init\n"); |
3263 | 2284 | ||
3264 | expected_overhead = 0; | 2285 | expected_overhead = 0; |
3265 | expected_overhead += sizeof (struct GNUNET_CADET_Encrypted); | 2286 | expected_overhead += sizeof (struct GNUNET_CADET_AX); |
3266 | expected_overhead += sizeof (struct GNUNET_CADET_Data); | 2287 | expected_overhead += sizeof (struct GNUNET_CADET_Data); |
3267 | expected_overhead += sizeof (struct GNUNET_CADET_ACK); | 2288 | expected_overhead += sizeof (struct GNUNET_CADET_ACK); |
3268 | GNUNET_assert (GNUNET_CONSTANTS_CADET_P2P_OVERHEAD == expected_overhead); | 2289 | GNUNET_assert (GNUNET_CONSTANTS_CADET_P2P_OVERHEAD == expected_overhead); |
3269 | 2290 | ||
3270 | if (GNUNET_OK != | 2291 | if (GNUNET_OK != |
3271 | GNUNET_CONFIGURATION_get_value_number (c, "CADET", "DEFAULT_TTL", | 2292 | GNUNET_CONFIGURATION_get_value_number (c, |
3272 | &default_ttl)) | 2293 | "CADET", |
3273 | { | 2294 | "RATCHET_MESSAGES", |
3274 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_DEBUG, | ||
3275 | "CADET", "DEFAULT_TTL", "USING DEFAULT"); | ||
3276 | default_ttl = 64; | ||
3277 | } | ||
3278 | if (GNUNET_OK != | ||
3279 | GNUNET_CONFIGURATION_get_value_time (c, "CADET", "REKEY_PERIOD", | ||
3280 | &rekey_period)) | ||
3281 | { | ||
3282 | rekey_period = GNUNET_TIME_UNIT_DAYS; | ||
3283 | } | ||
3284 | if (GNUNET_OK != | ||
3285 | GNUNET_CONFIGURATION_get_value_number (c, "CADET", "RATCHET_MESSAGES", | ||
3286 | &ratchet_messages)) | 2295 | &ratchet_messages)) |
3287 | { | 2296 | { |
3288 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_WARNING, | 2297 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_WARNING, |
3289 | "CADET", "RATCHET_MESSAGES", "USING DEFAULT"); | 2298 | "CADET", |
2299 | "RATCHET_MESSAGES", | ||
2300 | "USING DEFAULT"); | ||
3290 | ratchet_messages = 64; | 2301 | ratchet_messages = 64; |
3291 | } | 2302 | } |
3292 | if (GNUNET_OK != | 2303 | if (GNUNET_OK != |
3293 | GNUNET_CONFIGURATION_get_value_time (c, "CADET", "RATCHET_TIME", | 2304 | GNUNET_CONFIGURATION_get_value_time (c, |
2305 | "CADET", | ||
2306 | "RATCHET_TIME", | ||
3294 | &ratchet_time)) | 2307 | &ratchet_time)) |
3295 | { | 2308 | { |
3296 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_WARNING, | 2309 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_WARNING, |
@@ -3300,13 +2313,6 @@ GCT_init (const struct GNUNET_CONFIGURATION_Handle *c, | |||
3300 | 2313 | ||
3301 | 2314 | ||
3302 | id_key = key; | 2315 | id_key = key; |
3303 | |||
3304 | otr_kx_msg.header.size = htons (sizeof (otr_kx_msg)); | ||
3305 | otr_kx_msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL); | ||
3306 | otr_kx_msg.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CADET_KX); | ||
3307 | otr_kx_msg.purpose.size = htonl (ephemeral_purpose_size ()); | ||
3308 | otr_kx_msg.origin_identity = my_full_id; | ||
3309 | rekey_task = GNUNET_SCHEDULER_add_now (&global_otr_rekey, NULL); | ||
3310 | tunnels = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_YES); | 2316 | tunnels = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_YES); |
3311 | } | 2317 | } |
3312 | 2318 | ||
@@ -3318,11 +2324,6 @@ void | |||
3318 | GCT_shutdown (void) | 2324 | GCT_shutdown (void) |
3319 | { | 2325 | { |
3320 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Shutting down tunnels\n"); | 2326 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Shutting down tunnels\n"); |
3321 | if (NULL != rekey_task) | ||
3322 | { | ||
3323 | GNUNET_SCHEDULER_cancel (rekey_task); | ||
3324 | rekey_task = NULL; | ||
3325 | } | ||
3326 | GNUNET_CONTAINER_multipeermap_iterate (tunnels, &destroy_iterator, NULL); | 2327 | GNUNET_CONTAINER_multipeermap_iterate (tunnels, &destroy_iterator, NULL); |
3327 | GNUNET_CONTAINER_multipeermap_destroy (tunnels); | 2328 | GNUNET_CONTAINER_multipeermap_destroy (tunnels); |
3328 | } | 2329 | } |
@@ -3845,13 +2846,6 @@ GCT_destroy (struct CadetTunnel *t) | |||
3845 | GNUNET_SCHEDULER_cancel (t->rekey_task); | 2846 | GNUNET_SCHEDULER_cancel (t->rekey_task); |
3846 | t->rekey_task = NULL; | 2847 | t->rekey_task = NULL; |
3847 | } | 2848 | } |
3848 | if (NULL != t->kx_ctx) | ||
3849 | { | ||
3850 | if (NULL != t->kx_ctx->finish_task) | ||
3851 | GNUNET_SCHEDULER_cancel (t->kx_ctx->finish_task); | ||
3852 | GNUNET_free (t->kx_ctx); | ||
3853 | } | ||
3854 | |||
3855 | if (NULL != t->ax) | 2849 | if (NULL != t->ax) |
3856 | destroy_ax (t); | 2850 | destroy_ax (t); |
3857 | 2851 | ||
@@ -4566,8 +3560,6 @@ GCT_debug (const struct CadetTunnel *t, enum GNUNET_ErrorType level) | |||
4566 | LOG2 (level, "TTT DEBUG TUNNEL TOWARDS %s\n", GCT_2s (t)); | 3560 | LOG2 (level, "TTT DEBUG TUNNEL TOWARDS %s\n", GCT_2s (t)); |
4567 | LOG2 (level, "TTT cstate %s, estate %s\n", | 3561 | LOG2 (level, "TTT cstate %s, estate %s\n", |
4568 | cstate2s (t->cstate), estate2s (t->estate)); | 3562 | cstate2s (t->cstate), estate2s (t->estate)); |
4569 | LOG2 (level, "TTT kx_ctx %p, rekey_task %u, finish task %u\n", | ||
4570 | t->kx_ctx, t->rekey_task, t->kx_ctx ? t->kx_ctx->finish_task : 0); | ||
4571 | #if DUMP_KEYS_TO_STDERR | 3563 | #if DUMP_KEYS_TO_STDERR |
4572 | if (CADET_Axolotl == t->enc_type) | 3564 | if (CADET_Axolotl == t->enc_type) |
4573 | { | 3565 | { |
@@ -4575,21 +3567,12 @@ GCT_debug (const struct CadetTunnel *t, enum GNUNET_ErrorType level) | |||
4575 | } | 3567 | } |
4576 | else | 3568 | else |
4577 | { | 3569 | { |
4578 | LOG2 (level, "TTT my EPHM\t %s\n", | ||
4579 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &otr_kx_msg.ephemeral_key)); | ||
4580 | LOG2 (level, "TTT peers EPHM:\t %s\n", | 3570 | LOG2 (level, "TTT peers EPHM:\t %s\n", |
4581 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->peers_ephemeral_key)); | 3571 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->peers_ephemeral_key)); |
4582 | LOG2 (level, "TTT ENC key:\t %s\n", | 3572 | LOG2 (level, "TTT ENC key:\t %s\n", |
4583 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->e_key)); | 3573 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->e_key)); |
4584 | LOG2 (level, "TTT DEC key:\t %s\n", | 3574 | LOG2 (level, "TTT DEC key:\t %s\n", |
4585 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->d_key)); | 3575 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->d_key)); |
4586 | if (t->kx_ctx) | ||
4587 | { | ||
4588 | LOG2 (level, "TTT OLD ENC key:\t %s\n", | ||
4589 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->kx_ctx->e_key_old)); | ||
4590 | LOG2 (level, "TTT OLD DEC key:\t %s\n", | ||
4591 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->kx_ctx->d_key_old)); | ||
4592 | } | ||
4593 | } | 3576 | } |
4594 | #endif | 3577 | #endif |
4595 | LOG2 (level, "TTT tq_head %p, tq_tail %p\n", t->tq_head, t->tq_tail); | 3578 | LOG2 (level, "TTT tq_head %p, tq_tail %p\n", t->tq_head, t->tq_tail); |
diff --git a/src/include/gnunet_constants.h b/src/include/gnunet_constants.h index 000def902..a40354fb5 100644 --- a/src/include/gnunet_constants.h +++ b/src/include/gnunet_constants.h | |||
@@ -127,13 +127,13 @@ extern "C" | |||
127 | 127 | ||
128 | /** | 128 | /** |
129 | * Size of the CADET message overhead: | 129 | * Size of the CADET message overhead: |
130 | * + sizeof (struct GNUNET_CADET_Encrypted) | 130 | * + sizeof (struct GNUNET_CADET_AX) |
131 | * + sizeof (struct GNUNET_CADET_Data) | 131 | * + sizeof (struct GNUNET_CADET_Data) |
132 | * + sizeof (struct GNUNET_CADET_ACK)) | 132 | * + sizeof (struct GNUNET_CADET_ACK)) |
133 | * | 133 | * |
134 | * Checked for correcteness in gnunet-service-cadet_tunnel.c: GCT_init(). | 134 | * Checked for correcteness in gnunet-service-cadet_tunnel.c: GCT_init(). |
135 | */ | 135 | */ |
136 | #define GNUNET_CONSTANTS_CADET_P2P_OVERHEAD 132 | 136 | #define GNUNET_CONSTANTS_CADET_P2P_OVERHEAD 164 |
137 | 137 | ||
138 | /** | 138 | /** |
139 | * Maximum message size that can be sent on CADET. | 139 | * Maximum message size that can be sent on CADET. |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 086406a44..8da8fcd00 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -847,16 +847,6 @@ extern "C" | |||
847 | #define GNUNET_MESSAGE_TYPE_CADET_KX 262 | 847 | #define GNUNET_MESSAGE_TYPE_CADET_KX 262 |
848 | 848 | ||
849 | /** | 849 | /** |
850 | * New ephemeral key. | ||
851 | */ | ||
852 | #define GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL 263 | ||
853 | |||
854 | /** | ||
855 | * Answer to session key challenge. | ||
856 | */ | ||
857 | #define GNUNET_MESSAGE_TYPE_CADET_KX_PONG 265 | ||
858 | |||
859 | /** | ||
860 | * Request the destuction of a connection | 850 | * Request the destuction of a connection |
861 | */ | 851 | */ |
862 | #define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_DESTROY 266 | 852 | #define GNUNET_MESSAGE_TYPE_CADET_CONNECTION_DESTROY 266 |
@@ -898,11 +888,6 @@ extern "C" | |||
898 | #define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_NACK 276 | 888 | #define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_NACK 276 |
899 | 889 | ||
900 | /** | 890 | /** |
901 | * Encrypted data. (Payload, channel management, keepalive) | ||
902 | */ | ||
903 | #define GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED 280 | ||
904 | |||
905 | /** | ||
906 | * Axolotl key exchange. | 891 | * Axolotl key exchange. |
907 | */ | 892 | */ |
908 | #define GNUNET_MESSAGE_TYPE_CADET_AX_KX 281 | 893 | #define GNUNET_MESSAGE_TYPE_CADET_AX_KX 281 |