Changed creation of key for kx to be for every notification of transport about a new connected peer.

author: t3sserakt <t3ss@posteo.de> 2024-01-10 11:04:55 +0100
committer: t3sserakt <t3ss@posteo.de> 2024-01-10 11:04:55 +0100
commit: a54d28cd8a4550a5e8345038d451cfd2b936fbba (patch)
tree: 085a944a2b2055f77e393a265e13e5b830901951
parent: 1d22f56d16954fb0f1252ae65dfdae6ee69a7ff2 (diff)
download: gnunet-a54d28cd8a4550a5e8345038d451cfd2b936fbba.tar.gz
gnunet-a54d28cd8a4550a5e8345038d451cfd2b936fbba.zip
1 files changed, 71 insertions, 35 deletions
diff --git a/src/service/core/gnunet-service-core_kx.c b/src/service/core/gnunet-service-core_kx.c
index ca7bccbd9..440c88ca3 100644
--- a/src/service/core/gnunet-service-core_kx.c
+++ b/src/service/core/gnunet-service-core_kx.c
@@ -693,6 +693,14 @@ deliver_message (void *cls, const struct GNUNET_MessageHeader *m)
 }
+static void
+do_rekey (void *cls);
+static void
+sign_ephemeral_key ();
 /**
 * Function called by transport to notify us that
 * a peer connected to us (on the network level).
@@ -718,33 +726,66 @@ handle_transport_notify_connect (void *cls,
                            gettext_noop ("# key exchanges initiated"),
                            1,
                            GNUNET_NO);
-  kx = GNUNET_new (struct GSC_KeyExchangeInfo);
+  for (kx = kx_head; NULL != kx; kx = kx->next)
-  kx->mst = GNUNET_MST_create (&deliver_message, kx);
-  kx->mq = mq;
-  kx->peer = pid;
-  kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
-  GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
-  kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
-  monitor_notify_all (kx);
-  GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
-  GNUNET_CRYPTO_hash (&GSC_my_identity,
-                      sizeof(struct GNUNET_PeerIdentity),
-                      &h2);
-  if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
  {
-    /* peer with "lower" identity starts KX, otherwise we typically end up
+    if (0 == memcmp (pid, kx->peer, sizeof(struct GNUNET_PeerIdentity)))
-       with both peers starting the exchange and transmit the 'set key'
+      break;
-       message twice */
+  }
-    send_key (kx);
+  if (NULL == kx)
+  {
+    GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
+    sign_ephemeral_key ();
+    {
+      struct GNUNET_HashCode eh;
+      GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
+                          sizeof(current_ekm.ephemeral_key),
+                          &eh);
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                  "Starting with ephemeral key %s\n",
+                  GNUNET_h2s (&eh));
+    }
+    kx = GNUNET_new (struct GSC_KeyExchangeInfo);
+    kx->mst = GNUNET_MST_create (&deliver_message, kx);
+    kx->mq = mq;
+    kx->peer = pid;
+    kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
+    GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
+    kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
+    monitor_notify_all (kx);
+    GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
+    GNUNET_CRYPTO_hash (&GSC_my_identity,
+                        sizeof(struct GNUNET_PeerIdentity),
+                        &h2);
+    if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
+      {
+        /* peer with "lower" identity starts KX, otherwise we typically end up
+           with both peers starting the exchange and transmit the 'set key'
+           message twice */
+        send_key (kx);
+      }
+    else
+      {
+        /* peer with "higher" identity starts a delayed KX, if the "lower" peer
+         * does not start a KX since it sees no reasons to do so  */
+        kx->retry_set_key_task =
+          GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
+                                        &set_key_retry_task,
+                                        kx);
+      }
  }
  else
  {
-    /* peer with "higher" identity starts a delayed KX, if the "lower" peer
+    struct GNUNET_TIME_Relative left;
-     * does not start a KX since it sees no reasons to do so  */
-    kx->retry_set_key_task =
+    left = GNUNET_TIME_absolute_get_remaining (kx->timeout);
-      GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
+    if (0 == left.rel_value_us)
-                                    &set_key_retry_task,
+    {
-                                    kx);
+      kx->status = GNUNET_CORE_KX_STATE_DOWN;
+    }
+    else
+      kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
+    do_rekey (NULL);
  }
  return kx;
 }
@@ -1754,6 +1795,12 @@ do_rekey (void *cls)
 {
  struct GSC_KeyExchangeInfo *pos;
+  (void *) cls;
+  if (NULL != rekey_task)
+  {
+    GNUNET_SCHEDULER_cancel (rekey_task);
+    rekey_task = NULL;
+  }
  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
  sign_ephemeral_key ();
@@ -1816,18 +1863,7 @@ GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
  my_private_key = *pk;
  GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,
                                      &GSC_my_identity.public_key);
-  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
+  
-  sign_ephemeral_key ();
-  {
-    struct GNUNET_HashCode eh;
-    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
-                        sizeof(current_ekm.ephemeral_key),
-                        &eh);
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                "Starting with ephemeral key %s\n",
-                GNUNET_h2s (&eh));
-  }
  nc = GNUNET_notification_context_create (1);
  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
author	t3sserakt <t3ss@posteo.de>	2024-01-10 11:04:55 +0100
committer	t3sserakt <t3ss@posteo.de>	2024-01-10 11:04:55 +0100
commit	a54d28cd8a4550a5e8345038d451cfd2b936fbba (patch)
tree	085a944a2b2055f77e393a265e13e5b830901951
parent	1d22f56d16954fb0f1252ae65dfdae6ee69a7ff2 (diff)
download	gnunet-a54d28cd8a4550a5e8345038d451cfd2b936fbba.tar.gz gnunet-a54d28cd8a4550a5e8345038d451cfd2b936fbba.zip

diff --git a/src/service/core/gnunet-service-core_kx.c b/src/service/core/gnunet-service-core_kx.c index ca7bccbd9..440c88ca3 100644 --- a/src/service/core/gnunet-service-core_kx.c +++ b/src/service/core/gnunet-service-core_kx.c
@@ -693,6 +693,14 @@ deliver_message (void cls, const struct GNUNET_MessageHeader m)
693	}	693	}
694		694
695		695
		696	static void
		697	do_rekey (void *cls);
		698
		699
		700	static void
		701	sign_ephemeral_key ();
		702
		703
696	/**	704	/**
697	* Function called by transport to notify us that	705	* Function called by transport to notify us that
698	* a peer connected to us (on the network level).	706	* a peer connected to us (on the network level).
@@ -718,33 +726,66 @@ handle_transport_notify_connect (void *cls,
718	gettext_noop ("# key exchanges initiated"),	726	gettext_noop ("# key exchanges initiated"),
719	1,	727	1,
720	GNUNET_NO);	728	GNUNET_NO);
721	kx = GNUNET_new (struct GSC_KeyExchangeInfo);	729	for (kx = kx_head; NULL != kx; kx = kx->next)
722	kx->mst = GNUNET_MST_create (&deliver_message, kx);
723	kx->mq = mq;
724	kx->peer = pid;
725	kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
726	GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
727	kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
728	monitor_notify_all (kx);
729	GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
730	GNUNET_CRYPTO_hash (&GSC_my_identity,
731	sizeof(struct GNUNET_PeerIdentity),
732	&h2);
733	if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
734	{	730	{
735	/* peer with "lower" identity starts KX, otherwise we typically end up	731	if (0 == memcmp (pid, kx->peer, sizeof(struct GNUNET_PeerIdentity)))
736	with both peers starting the exchange and transmit the 'set key'	732	break;
737	message twice */	733	}
738	send_key (kx);	734	if (NULL == kx)
		735	{
		736	GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
		737	sign_ephemeral_key ();
		738	{
		739	struct GNUNET_HashCode eh;
		740
		741	GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
		742	sizeof(current_ekm.ephemeral_key),
		743	&eh);
		744	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
		745	"Starting with ephemeral key %s\n",
		746	GNUNET_h2s (&eh));
		747	}
		748	kx = GNUNET_new (struct GSC_KeyExchangeInfo);
		749	kx->mst = GNUNET_MST_create (&deliver_message, kx);
		750	kx->mq = mq;
		751	kx->peer = pid;
		752	kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
		753	GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
		754	kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
		755	monitor_notify_all (kx);
		756	GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
		757	GNUNET_CRYPTO_hash (&GSC_my_identity,
		758	sizeof(struct GNUNET_PeerIdentity),
		759	&h2);
		760	if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
		761	{
		762	/* peer with "lower" identity starts KX, otherwise we typically end up
		763	with both peers starting the exchange and transmit the 'set key'
		764	message twice */
		765	send_key (kx);
		766	}
		767	else
		768	{
		769	/* peer with "higher" identity starts a delayed KX, if the "lower" peer
		770	* does not start a KX since it sees no reasons to do so */
		771	kx->retry_set_key_task =
		772	GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
		773	&set_key_retry_task,
		774	kx);
		775	}
739	}	776	}
740	else	777	else
741	{	778	{
742	/* peer with "higher" identity starts a delayed KX, if the "lower" peer	779	struct GNUNET_TIME_Relative left;
743	* does not start a KX since it sees no reasons to do so */	780
744	kx->retry_set_key_task =	781	left = GNUNET_TIME_absolute_get_remaining (kx->timeout);
745	GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,	782	if (0 == left.rel_value_us)
746	&set_key_retry_task,	783	{
747	kx);	784	kx->status = GNUNET_CORE_KX_STATE_DOWN;
		785	}
		786	else
		787	kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
		788	do_rekey (NULL);
748	}	789	}
749	return kx;	790	return kx;
750	}	791	}
@@ -1754,6 +1795,12 @@ do_rekey (void *cls)
1754	{	1795	{
1755	struct GSC_KeyExchangeInfo *pos;	1796	struct GSC_KeyExchangeInfo *pos;
1756		1797
		1798	(void *) cls;
		1799	if (NULL != rekey_task)
		1800	{
		1801	GNUNET_SCHEDULER_cancel (rekey_task);
		1802	rekey_task = NULL;
		1803	}
1757	rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);	1804	rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
1758	GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);	1805	GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
1759	sign_ephemeral_key ();	1806	sign_ephemeral_key ();
@@ -1816,18 +1863,7 @@ GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
1816	my_private_key = *pk;	1863	my_private_key = *pk;
1817	GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,	1864	GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,
1818	&GSC_my_identity.public_key);	1865	&GSC_my_identity.public_key);
1819	GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);	1866
1820	sign_ephemeral_key ();
1821	{
1822	struct GNUNET_HashCode eh;
1823
1824	GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1825	sizeof(current_ekm.ephemeral_key),
1826	&eh);
1827	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1828	"Starting with ephemeral key %s\n",
1829	GNUNET_h2s (&eh));
1830	}
1831		1867
1832	nc = GNUNET_notification_context_create (1);	1868	nc = GNUNET_notification_context_create (1);
1833	rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);	1869	rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);