diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-10-07 10:00:05 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-10-07 10:00:05 +0000 |
commit | 9526b3f3f756fef898c750b960b9c89c7159cf1b (patch) | |
tree | 385fde3cfa8c0b3aa5f9d3626d95679e62a95d18 | |
parent | 145db4f07472ffd03b8872928c165a4a7ef46352 (diff) | |
download | gnunet-9526b3f3f756fef898c750b960b9c89c7159cf1b.tar.gz gnunet-9526b3f3f756fef898c750b960b9c89c7159cf1b.zip |
hxing
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 228 | ||||
-rw-r--r-- | src/core/gnunet-service-core_kx.h | 1 |
2 files changed, 140 insertions, 89 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index 8c02eb2ea..16e5804c6 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -25,7 +25,41 @@ | |||
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet-service-core_kx.h" | 27 | #include "gnunet-service-core_kx.h" |
28 | #include "gnunet-service-core.h" | ||
29 | #include "gnunet-service-core_clients.h" | ||
28 | #include "gnunet-service-core_neighbours.h" | 30 | #include "gnunet-service-core_neighbours.h" |
31 | #include "gnunet-service-core_sessions.h" | ||
32 | #include "gnunet_statistics_service.h" | ||
33 | #include "gnunet_peerinfo_service.h" | ||
34 | #include "gnunet_hello_lib.h" | ||
35 | #include "gnunet_constants.h" | ||
36 | #include "gnunet_signatures.h" | ||
37 | #include "gnunet_protocols.h" | ||
38 | #include "core.h" | ||
39 | |||
40 | /** | ||
41 | * How long do we wait for SET_KEY confirmation initially? | ||
42 | */ | ||
43 | #define INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (MAX_SET_KEY_DELAY, 1) | ||
44 | |||
45 | /** | ||
46 | * What is the minimum frequency for a PING message? | ||
47 | */ | ||
48 | #define MIN_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) | ||
49 | |||
50 | /** | ||
51 | * What is the maximum age of a message for us to consider processing | ||
52 | * it? Note that this looks at the timestamp used by the other peer, | ||
53 | * so clock skew between machines does come into play here. So this | ||
54 | * should be picked high enough so that a little bit of clock skew | ||
55 | * does not prevent peers from connecting to us. | ||
56 | */ | ||
57 | #define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS | ||
58 | |||
59 | /** | ||
60 | * What is the maximum delay for a SET_KEY message? | ||
61 | */ | ||
62 | #define MAX_SET_KEY_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) | ||
29 | 63 | ||
30 | 64 | ||
31 | /** | 65 | /** |
@@ -183,6 +217,12 @@ struct EncryptedMessage | |||
183 | 217 | ||
184 | }; | 218 | }; |
185 | 219 | ||
220 | /** | ||
221 | * Number of bytes (at the beginning) of "struct EncryptedMessage" | ||
222 | * that are NOT encrypted. | ||
223 | */ | ||
224 | #define ENCRYPTED_HEADER_SIZE (offsetof(struct EncryptedMessage, sequence_number)) | ||
225 | |||
186 | 226 | ||
187 | /** | 227 | /** |
188 | * State machine for our P2P encryption handshake. Everyone starts in | 228 | * State machine for our P2P encryption handshake. Everyone starts in |
@@ -317,6 +357,23 @@ struct GSC_KeyExchangeInfo | |||
317 | GNUNET_SCHEDULER_TaskIdentifier keep_alive_task; | 357 | GNUNET_SCHEDULER_TaskIdentifier keep_alive_task; |
318 | 358 | ||
319 | /** | 359 | /** |
360 | * Bit map indicating which of the 32 sequence numbers before the last | ||
361 | * were received (good for accepting out-of-order packets and | ||
362 | * estimating reliability of the connection) | ||
363 | */ | ||
364 | unsigned int last_packets_bitmap; | ||
365 | |||
366 | /** | ||
367 | * last sequence number received on this connection (highest) | ||
368 | */ | ||
369 | uint32_t last_sequence_number_received; | ||
370 | |||
371 | /** | ||
372 | * last sequence number transmitted | ||
373 | */ | ||
374 | uint32_t last_sequence_number_sent; | ||
375 | |||
376 | /** | ||
320 | * What was our PING challenge number (for this peer)? | 377 | * What was our PING challenge number (for this peer)? |
321 | */ | 378 | */ |
322 | uint32_t ping_challenge; | 379 | uint32_t ping_challenge; |
@@ -428,7 +485,7 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx, | |||
428 | GNUNET_assert (size == | 485 | GNUNET_assert (size == |
429 | GNUNET_CRYPTO_aes_encrypt (in, (uint16_t) size, | 486 | GNUNET_CRYPTO_aes_encrypt (in, (uint16_t) size, |
430 | &kx->encrypt_key, iv, out)); | 487 | &kx->encrypt_key, iv, out)); |
431 | GNUNET_STATISTICS_update (stats, gettext_noop ("# bytes encrypted"), size, | 488 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# bytes encrypted"), size, |
432 | GNUNET_NO); | 489 | GNUNET_NO); |
433 | #if DEBUG_CORE > 2 | 490 | #if DEBUG_CORE > 2 |
434 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 491 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -478,7 +535,7 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx, | |||
478 | GNUNET_break (0); | 535 | GNUNET_break (0); |
479 | return GNUNET_SYSERR; | 536 | return GNUNET_SYSERR; |
480 | } | 537 | } |
481 | GNUNET_STATISTICS_update (stats, gettext_noop ("# bytes decrypted"), size, | 538 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# bytes decrypted"), size, |
482 | GNUNET_NO); | 539 | GNUNET_NO); |
483 | #if DEBUG_CORE > 1 | 540 | #if DEBUG_CORE > 1 |
484 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 541 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -492,6 +549,14 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx, | |||
492 | } | 549 | } |
493 | 550 | ||
494 | 551 | ||
552 | /** | ||
553 | * Send our key (and encrypted PING) to the other peer. | ||
554 | * | ||
555 | * @param kx key exchange context | ||
556 | */ | ||
557 | static void | ||
558 | send_key (struct GSC_KeyExchangeInfo *kx); | ||
559 | |||
495 | 560 | ||
496 | /** | 561 | /** |
497 | * Task that will retry "send_key" if our previous attempt failed. | 562 | * Task that will retry "send_key" if our previous attempt failed. |
@@ -528,7 +593,7 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
528 | struct GSC_KeyExchangeInfo *kx = cls; | 593 | struct GSC_KeyExchangeInfo *kx = cls; |
529 | struct SetKeyMessage *skm; | 594 | struct SetKeyMessage *skm; |
530 | 595 | ||
531 | GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == n->retry_set_key_task); | 596 | GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == kx->retry_set_key_task); |
532 | if (err_msg != NULL) | 597 | if (err_msg != NULL) |
533 | { | 598 | { |
534 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 599 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -546,7 +611,7 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
546 | "Failed to obtain public key for peer `%4s', delaying processing of SET_KEY\n", | 611 | "Failed to obtain public key for peer `%4s', delaying processing of SET_KEY\n", |
547 | GNUNET_i2s (&kx->peer)); | 612 | GNUNET_i2s (&kx->peer)); |
548 | #endif | 613 | #endif |
549 | GNUNET_STATISTICS_update (stats, | 614 | GNUNET_STATISTICS_update (GSC_stats, |
550 | gettext_noop | 615 | gettext_noop |
551 | ("# Delayed connecting due to lack of public key"), | 616 | ("# Delayed connecting due to lack of public key"), |
552 | 1, GNUNET_NO); | 617 | 1, GNUNET_NO); |
@@ -563,7 +628,7 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
563 | } | 628 | } |
564 | kx->public_key = | 629 | kx->public_key = |
565 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)); | 630 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)); |
566 | if (GNUNET_OK != GNUNET_HELLO_get_key (hello, n->public_key)) | 631 | if (GNUNET_OK != GNUNET_HELLO_get_key (hello, kx->public_key)) |
567 | { | 632 | { |
568 | GNUNET_break (0); | 633 | GNUNET_break (0); |
569 | GNUNET_free (kx->public_key); | 634 | GNUNET_free (kx->public_key); |
@@ -582,15 +647,6 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
582 | 647 | ||
583 | 648 | ||
584 | /** | 649 | /** |
585 | * Send our key (and encrypted PING) to the other peer. | ||
586 | * | ||
587 | * @param kx key exchange context | ||
588 | */ | ||
589 | static void | ||
590 | send_key (struct GSC_KeyExchangeInfo *kx); | ||
591 | |||
592 | |||
593 | /** | ||
594 | * Start the key exchange with the given peer. | 650 | * Start the key exchange with the given peer. |
595 | * | 651 | * |
596 | * @param pid identity of the peer to do a key exchange with | 652 | * @param pid identity of the peer to do a key exchange with |
@@ -603,7 +659,7 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid) | |||
603 | 659 | ||
604 | kx = GNUNET_malloc (sizeof (struct GSC_KeyExchangeInfo)); | 660 | kx = GNUNET_malloc (sizeof (struct GSC_KeyExchangeInfo)); |
605 | kx->peer = *pid; | 661 | kx->peer = *pid; |
606 | n->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; | 662 | kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; |
607 | kx->pitr = GNUNET_PEERINFO_iterate (peerinfo, | 663 | kx->pitr = GNUNET_PEERINFO_iterate (peerinfo, |
608 | pid, | 664 | pid, |
609 | GNUNET_TIME_UNIT_FOREVER_REL /* timeout? */, | 665 | GNUNET_TIME_UNIT_FOREVER_REL /* timeout? */, |
@@ -633,7 +689,7 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx) | |||
633 | } | 689 | } |
634 | if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK) | 690 | if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK) |
635 | { | 691 | { |
636 | GNUNET_SCHEDULER_cancel (n->keep_alive_task); | 692 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); |
637 | kx->keep_alive_task = GNUNET_SCHEDULER_NO_TASK; | 693 | kx->keep_alive_task = GNUNET_SCHEDULER_NO_TASK; |
638 | } | 694 | } |
639 | GNUNET_free_non_null (kx->skm_received); | 695 | GNUNET_free_non_null (kx->skm_received); |
@@ -653,25 +709,24 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx) | |||
653 | */ | 709 | */ |
654 | void | 710 | void |
655 | GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | 711 | GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, |
656 | const struct GNUNET_MessageHandler *msg) | 712 | const struct GNUNET_MessageHeader *msg) |
657 | { | 713 | { |
658 | const struct SetKeyMessage *m; | 714 | const struct SetKeyMessage *m; |
659 | struct SetKeyMessage *m_cpy; | ||
660 | struct GNUNET_TIME_Absolute t; | 715 | struct GNUNET_TIME_Absolute t; |
661 | struct GNUNET_CRYPTO_AesSessionKey k; | 716 | struct GNUNET_CRYPTO_AesSessionKey k; |
662 | struct PingMessage *ping; | 717 | struct PingMessage *ping; |
663 | struct PongMessage *pong; | 718 | struct PongMessage *pong; |
664 | enum PeerStateMachine sender_status; | 719 | enum KxStateMachine sender_status; |
665 | uint16_t size; | 720 | uint16_t size; |
666 | 721 | ||
667 | size = ntohs (msg->header); | 722 | size = ntohs (msg->size); |
668 | if (size != sizeof (struct SetKeyMessage)) | 723 | if (size != sizeof (struct SetKeyMessage)) |
669 | { | 724 | { |
670 | GNUNET_break_op (0); | 725 | GNUNET_break_op (0); |
671 | return; | 726 | return; |
672 | } | 727 | } |
673 | m = (const struct SetKeyMessage*) msg; | 728 | m = (const struct SetKeyMessage*) msg; |
674 | GNUNET_STATISTICS_update (stats, gettext_noop ("# session keys received"), | 729 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# session keys received"), |
675 | 1, GNUNET_NO); | 730 | 1, GNUNET_NO); |
676 | 731 | ||
677 | #if DEBUG_CORE | 732 | #if DEBUG_CORE |
@@ -727,7 +782,7 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | |||
727 | GNUNET_break_op (0); | 782 | GNUNET_break_op (0); |
728 | return; | 783 | return; |
729 | } | 784 | } |
730 | GNUNET_STATISTICS_update (stats, | 785 | GNUNET_STATISTICS_update (GSC_stats, |
731 | gettext_noop ("# SET_KEY messages decrypted"), 1, | 786 | gettext_noop ("# SET_KEY messages decrypted"), 1, |
732 | GNUNET_NO); | 787 | GNUNET_NO); |
733 | kx->decrypt_key = k; | 788 | kx->decrypt_key = k; |
@@ -738,16 +793,16 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | |||
738 | kx->last_packets_bitmap = 0; | 793 | kx->last_packets_bitmap = 0; |
739 | kx->decrypt_key_created = t; | 794 | kx->decrypt_key_created = t; |
740 | } | 795 | } |
741 | sender_status = (enum PeerStateMachine) ntohl (m->sender_status); | 796 | sender_status = (enum KxStateMachine) ntohl (m->sender_status); |
742 | 797 | ||
743 | switch (kx->status) | 798 | switch (kx->status) |
744 | { | 799 | { |
745 | case KX_STATE_DOWN: | 800 | case KX_STATE_DOWN: |
746 | kx->status = PEER_STATE_KEY_RECEIVED; | 801 | kx->status = KX_STATE_KEY_RECEIVED; |
747 | /* we're not up, so we are already doing 'send_key' */ | 802 | /* we're not up, so we are already doing 'send_key' */ |
748 | break; | 803 | break; |
749 | case KX_STATE_KEY_SENT: | 804 | case KX_STATE_KEY_SENT: |
750 | n->status = PEER_STATE_KEY_RECEIVED; | 805 | kx->status = KX_STATE_KEY_RECEIVED; |
751 | /* we're not up, so we are already doing 'send_key' */ | 806 | /* we're not up, so we are already doing 'send_key' */ |
752 | break; | 807 | break; |
753 | case KX_STATE_KEY_RECEIVED: | 808 | case KX_STATE_KEY_RECEIVED: |
@@ -755,7 +810,7 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | |||
755 | break; | 810 | break; |
756 | case KX_STATE_UP: | 811 | case KX_STATE_UP: |
757 | if ( (sender_status == KX_STATE_DOWN) || | 812 | if ( (sender_status == KX_STATE_DOWN) || |
758 | (sender_status == KX_PEER_STATE_KEY_SENT) ) | 813 | (sender_status == KX_STATE_KEY_SENT) ) |
759 | send_key (kx); /* we are up, but other peer is not! */ | 814 | send_key (kx); /* we are up, but other peer is not! */ |
760 | break; | 815 | break; |
761 | default: | 816 | default: |
@@ -787,7 +842,8 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | |||
787 | * @param msg the encrypted PING message itself | 842 | * @param msg the encrypted PING message itself |
788 | */ | 843 | */ |
789 | void | 844 | void |
790 | GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *n, const struct GNUNET_MessageHeader *msg) | 845 | GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, |
846 | const struct GNUNET_MessageHeader *msg) | ||
791 | { | 847 | { |
792 | const struct PingMessage *m; | 848 | const struct PingMessage *m; |
793 | struct PingMessage t; | 849 | struct PingMessage t; |
@@ -809,15 +865,15 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *n, const struct GNUNET_MessageHe | |||
809 | (kx->status != KX_STATE_UP) ) | 865 | (kx->status != KX_STATE_UP) ) |
810 | { | 866 | { |
811 | /* defer */ | 867 | /* defer */ |
812 | GNUNET_free_non_null (n->pending_ping); | 868 | GNUNET_free_non_null (kx->ping_received); |
813 | n->pending_ping = GNUNET_copy_message (msg); | 869 | kx->ping_received = GNUNET_copy_message (msg); |
814 | return; | 870 | return; |
815 | } | 871 | } |
816 | m = (const struct PingMessage*) msg; | 872 | m = (const struct PingMessage*) msg; |
817 | #if DEBUG_CORE | 873 | #if DEBUG_CORE |
818 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 874 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
819 | "Core service receives `%s' request from `%4s'.\n", "PING", | 875 | "Core service receives `%s' request from `%4s'.\n", "PING", |
820 | GNUNET_i2s (&n->peer)); | 876 | GNUNET_i2s (&kx->peer)); |
821 | #endif | 877 | #endif |
822 | derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); | 878 | derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); |
823 | if (GNUNET_OK != | 879 | if (GNUNET_OK != |
@@ -834,24 +890,24 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *n, const struct GNUNET_MessageHe | |||
834 | char sender[9]; | 890 | char sender[9]; |
835 | char peer[9]; | 891 | char peer[9]; |
836 | 892 | ||
837 | GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&n->peer)); | 893 | GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&kx->peer)); |
838 | GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target)); | 894 | GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target)); |
839 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 895 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
840 | _("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"), | 896 | _("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"), |
841 | sender, GNUNET_i2s (&my_identity), peer); | 897 | sender, GNUNET_i2s (&GSC_my_identity), peer); |
842 | GNUNET_break_op (0); | 898 | GNUNET_break_op (0); |
843 | return; | 899 | return; |
844 | } | 900 | } |
845 | /* construct PONG */ | 901 | /* construct PONG */ |
846 | tx.inbound_bw_limit = n->bw_in; | 902 | tx.inbound_bw_limit = kx->bw_in; // FIXME! |
847 | tx.challenge = t.challenge; | 903 | tx.challenge = t.challenge; |
848 | tx.target = t.target; | 904 | tx.target = t.target; |
849 | tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); | 905 | tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); |
850 | tp.header.size = htons (sizeof (struct PongMessage)); | 906 | tp.header.size = htons (sizeof (struct PongMessage)); |
851 | tp.iv_seed = | 907 | tp.iv_seed = |
852 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); | 908 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); |
853 | derive_pong_iv (&iv, &n->encrypt_key, tp.iv_seed, t.challenge, &kx->peer); | 909 | derive_pong_iv (&iv, &kx->encrypt_key, tp.iv_seed, t.challenge, &kx->peer); |
854 | do_encrypt (n, &iv, &tx.challenge, &tp.challenge, | 910 | do_encrypt (kx, &iv, &tx.challenge, &tp.challenge, |
855 | sizeof (struct PongMessage) - ((void *) &tp.challenge - | 911 | sizeof (struct PongMessage) - ((void *) &tp.challenge - |
856 | (void *) tp)); | 912 | (void *) tp)); |
857 | GNUNET_STATISTICS_update (GSC_stats, | 913 | GNUNET_STATISTICS_update (GSC_stats, |
@@ -908,6 +964,7 @@ setup_fresh_ping (struct GSC_KeyExchangeInfo *kx) | |||
908 | { | 964 | { |
909 | struct PingMessage pp; | 965 | struct PingMessage pp; |
910 | struct PingMessage *pm; | 966 | struct PingMessage *pm; |
967 | struct GNUNET_CRYPTO_AesInitializationVector iv; | ||
911 | 968 | ||
912 | pm = &kx->ping; | 969 | pm = &kx->ping; |
913 | pm->header.size = htons (sizeof (struct PingMessage)); | 970 | pm->header.size = htons (sizeof (struct PingMessage)); |
@@ -946,7 +1003,7 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
946 | return; | 1003 | return; |
947 | } | 1004 | } |
948 | setup_fresh_ping (kx); | 1005 | setup_fresh_ping (kx); |
949 | GDS_NEIGHBOURS_transmit (&kx->peer, | 1006 | GSC_NEIGHBOURS_transmit (&kx->peer, |
950 | &kx->ping.header, | 1007 | &kx->ping.header, |
951 | kx->set_key_retry_frequency); | 1008 | kx->set_key_retry_frequency); |
952 | retry = | 1009 | retry = |
@@ -954,7 +1011,26 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
954 | MIN_PING_FREQUENCY); | 1011 | MIN_PING_FREQUENCY); |
955 | kx->keep_alive_task = | 1012 | kx->keep_alive_task = |
956 | GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx); | 1013 | GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx); |
1014 | } | ||
957 | 1015 | ||
1016 | |||
1017 | /** | ||
1018 | * We've seen a valid message from the other peer. | ||
1019 | * Update the time when the session would time out | ||
1020 | * and delay sending our keep alive message further. | ||
1021 | * | ||
1022 | * @param kx key exchange where we saw activity | ||
1023 | */ | ||
1024 | static void | ||
1025 | update_timeout (struct GSC_KeyExchangeInfo *kx) | ||
1026 | { | ||
1027 | kx->timeout = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | ||
1028 | if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK) | ||
1029 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); | ||
1030 | kx->keep_alive_task = | ||
1031 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_divide | ||
1032 | (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, | ||
1033 | 2), &send_keep_alive, kx); | ||
958 | } | 1034 | } |
959 | 1035 | ||
960 | 1036 | ||
@@ -969,12 +1045,8 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
969 | { | 1045 | { |
970 | const struct PongMessage *m; | 1046 | const struct PongMessage *m; |
971 | struct PongMessage t; | 1047 | struct PongMessage t; |
972 | struct ConnectNotifyMessage *cnm; | ||
973 | struct GNUNET_CRYPTO_AesInitializationVector iv; | 1048 | struct GNUNET_CRYPTO_AesInitializationVector iv; |
974 | char buf[GNUNET_SERVER_MAX_MESSAGE_SIZE - 1]; | ||
975 | struct GNUNET_TRANSPORT_ATS_Information *mats; | ||
976 | uint16_t msize; | 1049 | uint16_t msize; |
977 | size_t size; | ||
978 | 1050 | ||
979 | msize = ntohs (msg->size); | 1051 | msize = ntohs (msg->size); |
980 | if (msize != sizeof (struct PongMessage)) | 1052 | if (msize != sizeof (struct PongMessage)) |
@@ -990,8 +1062,8 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
990 | { | 1062 | { |
991 | if (kx->status == KX_STATE_KEY_SENT) | 1063 | if (kx->status == KX_STATE_KEY_SENT) |
992 | { | 1064 | { |
993 | GNUNET_free_non_null (n->pending_pong); | 1065 | GNUNET_free_non_null (kx->pong_received); |
994 | n->pending_pong = GNUNET_copy_message (msg); | 1066 | kx->pong_received = GNUNET_copy_message (msg); |
995 | } | 1067 | } |
996 | return; | 1068 | return; |
997 | } | 1069 | } |
@@ -1004,7 +1076,7 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
1004 | /* mark as garbage, just to be sure */ | 1076 | /* mark as garbage, just to be sure */ |
1005 | memset (&t, 255, sizeof (t)); | 1077 | memset (&t, 255, sizeof (t)); |
1006 | derive_pong_iv (&iv, &kx->decrypt_key, m->iv_seed, kx->ping_challenge, | 1078 | derive_pong_iv (&iv, &kx->decrypt_key, m->iv_seed, kx->ping_challenge, |
1007 | &my_identity); | 1079 | &GSC_my_identity); |
1008 | if (GNUNET_OK != | 1080 | if (GNUNET_OK != |
1009 | do_decrypt (kx, &iv, &m->challenge, &t.challenge, | 1081 | do_decrypt (kx, &iv, &m->challenge, &t.challenge, |
1010 | sizeof (struct PongMessage) - ((void *) &m->challenge - | 1082 | sizeof (struct PongMessage) - ((void *) &m->challenge - |
@@ -1013,7 +1085,7 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
1013 | GNUNET_break_op (0); | 1085 | GNUNET_break_op (0); |
1014 | return; | 1086 | return; |
1015 | } | 1087 | } |
1016 | GNUNET_STATISTICS_update (stats, gettext_noop ("# PONG messages decrypted"), | 1088 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# PONG messages decrypted"), |
1017 | 1, GNUNET_NO); | 1089 | 1, GNUNET_NO); |
1018 | if ((0 != memcmp (&t.target, &kx->peer, sizeof (struct GNUNET_PeerIdentity))) | 1090 | if ((0 != memcmp (&t.target, &kx->peer, sizeof (struct GNUNET_PeerIdentity))) |
1019 | || (kx->ping_challenge != t.challenge)) | 1091 | || (kx->ping_challenge != t.challenge)) |
@@ -1022,8 +1094,8 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
1022 | #if DEBUG_CORE | 1094 | #if DEBUG_CORE |
1023 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1095 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1024 | "Received malformed `%s' wanted sender `%4s' with challenge %u\n", | 1096 | "Received malformed `%s' wanted sender `%4s' with challenge %u\n", |
1025 | "PONG", GNUNET_i2s (&n->peer), | 1097 | "PONG", GNUNET_i2s (&kx->peer), |
1026 | (unsigned int) n->ping_challenge); | 1098 | (unsigned int) kx->ping_challenge); |
1027 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1099 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1028 | "Received malformed `%s' received from `%4s' with challenge %u\n", | 1100 | "Received malformed `%s' received from `%4s' with challenge %u\n", |
1029 | "PONG", GNUNET_i2s (&t.target), (unsigned int) t.challenge); | 1101 | "PONG", GNUNET_i2s (&t.target), (unsigned int) t.challenge); |
@@ -1039,19 +1111,19 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
1039 | GNUNET_break (0); /* should be impossible */ | 1111 | GNUNET_break (0); /* should be impossible */ |
1040 | return; | 1112 | return; |
1041 | case KX_STATE_KEY_RECEIVED: | 1113 | case KX_STATE_KEY_RECEIVED: |
1042 | GNUNET_STATISTICS_update (stats, | 1114 | GNUNET_STATISTICS_update (GSC_stats, |
1043 | gettext_noop | 1115 | gettext_noop |
1044 | ("# Session keys confirmed via PONG"), 1, | 1116 | ("# Session keys confirmed via PONG"), 1, |
1045 | GNUNET_NO); | 1117 | GNUNET_NO); |
1046 | kx->status = KX_STATE_UP; | 1118 | kx->status = KX_STATE_UP; |
1047 | GSC_SESSIONS_create (&kx->peer); | 1119 | GSC_SESSIONS_create (&kx->peer, kx); |
1048 | GNUNET_assert (kx->retry_set_key_task != GNUNET_SCHEDULER_NO_TASK); | 1120 | GNUNET_assert (kx->retry_set_key_task != GNUNET_SCHEDULER_NO_TASK); |
1049 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | 1121 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
1050 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; | 1122 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; |
1051 | GNUNET_assert (kx->keep_alive_task == GNUNET_SCHEDULER_NO_TASK); | 1123 | GNUNET_assert (kx->keep_alive_task == GNUNET_SCHEDULER_NO_TASK); |
1052 | update_timeout (kx); | 1124 | update_timeout (kx); |
1053 | break; | 1125 | break; |
1054 | case PEER_STATE_KEY_CONFIRMED: | 1126 | case KX_STATE_UP: |
1055 | update_timeout (kx); | 1127 | update_timeout (kx); |
1056 | break; | 1128 | break; |
1057 | default: | 1129 | default: |
@@ -1069,8 +1141,6 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH | |||
1069 | static void | 1141 | static void |
1070 | send_key (struct GSC_KeyExchangeInfo *kx) | 1142 | send_key (struct GSC_KeyExchangeInfo *kx) |
1071 | { | 1143 | { |
1072 | struct GNUNET_CRYPTO_AesInitializationVector iv; | ||
1073 | |||
1074 | GNUNET_assert (kx->retry_set_key_task == GNUNET_SCHEDULER_NO_TASK); | 1144 | GNUNET_assert (kx->retry_set_key_task == GNUNET_SCHEDULER_NO_TASK); |
1075 | if (KX_STATE_UP == kx->status) | 1145 | if (KX_STATE_UP == kx->status) |
1076 | return; /* nothing to do */ | 1146 | return; /* nothing to do */ |
@@ -1085,14 +1155,14 @@ send_key (struct GSC_KeyExchangeInfo *kx) | |||
1085 | } | 1155 | } |
1086 | 1156 | ||
1087 | /* update status */ | 1157 | /* update status */ |
1088 | switch (n->status) | 1158 | switch (kx->status) |
1089 | { | 1159 | { |
1090 | case KX_STATE_DOWN: | 1160 | case KX_STATE_DOWN: |
1091 | n->status = PEER_STATE_KEY_SENT; | 1161 | kx->status = KX_STATE_KEY_SENT; |
1092 | /* setup SET KEY message */ | 1162 | /* setup SET KEY message */ |
1093 | setup_fresh_set_key (kx); | 1163 | setup_fresh_setkey (kx); |
1094 | setup_fresh_ping (kx); | 1164 | setup_fresh_ping (kx); |
1095 | GNUNET_STATISTICS_update (stats, | 1165 | GNUNET_STATISTICS_update (GSC_stats, |
1096 | gettext_noop | 1166 | gettext_noop |
1097 | ("# SET_KEY and PING messages created"), 1, | 1167 | ("# SET_KEY and PING messages created"), 1, |
1098 | GNUNET_NO); | 1168 | GNUNET_NO); |
@@ -1101,7 +1171,7 @@ send_key (struct GSC_KeyExchangeInfo *kx) | |||
1101 | break; | 1171 | break; |
1102 | case KX_STATE_KEY_RECEIVED: | 1172 | case KX_STATE_KEY_RECEIVED: |
1103 | break; | 1173 | break; |
1104 | case KX_STATE_KEY_CONFIRMED: | 1174 | case KX_STATE_UP: |
1105 | GNUNET_break (0); | 1175 | GNUNET_break (0); |
1106 | return; | 1176 | return; |
1107 | default: | 1177 | default: |
@@ -1112,10 +1182,10 @@ send_key (struct GSC_KeyExchangeInfo *kx) | |||
1112 | /* always update sender status in SET KEY message */ | 1182 | /* always update sender status in SET KEY message */ |
1113 | kx->skm.sender_status = htonl ((int32_t) kx->status); | 1183 | kx->skm.sender_status = htonl ((int32_t) kx->status); |
1114 | 1184 | ||
1115 | GDS_NEIGHBOURS_transmit (&kx->peer, | 1185 | GSC_NEIGHBOURS_transmit (&kx->peer, |
1116 | &kx->skm.header, | 1186 | &kx->skm.header, |
1117 | kx->set_key_retry_frequency); | 1187 | kx->set_key_retry_frequency); |
1118 | GDS_NEIGHBOURS_transmit (&kx->peer, | 1188 | GSC_NEIGHBOURS_transmit (&kx->peer, |
1119 | &kx->ping.header, | 1189 | &kx->ping.header, |
1120 | kx->set_key_retry_frequency); | 1190 | kx->set_key_retry_frequency); |
1121 | kx->retry_set_key_task = | 1191 | kx->retry_set_key_task = |
@@ -1175,33 +1245,13 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1175 | kx->encrypt_key_created); | 1245 | kx->encrypt_key_created); |
1176 | GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, | 1246 | GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, |
1177 | used - ENCRYPTED_HEADER_SIZE, &em->hmac); | 1247 | used - ENCRYPTED_HEADER_SIZE, &em->hmac); |
1178 | GDS_NEIGHBOURS_transmit (&kx->peer, | 1248 | GSC_NEIGHBOURS_transmit (&kx->peer, |
1179 | &em->header, | 1249 | &em->header, |
1180 | GNUNET_TIME_UNIT_FOREVER_REL); | 1250 | GNUNET_TIME_UNIT_FOREVER_REL); |
1181 | } | 1251 | } |
1182 | 1252 | ||
1183 | 1253 | ||
1184 | /** | 1254 | /** |
1185 | * We've seen a valid message from the other peer. | ||
1186 | * Update the time when the session would time out | ||
1187 | * and delay sending our keep alive message further. | ||
1188 | * | ||
1189 | * @param kx key exchange where we saw activity | ||
1190 | */ | ||
1191 | static void | ||
1192 | update_timeout (struct GSC_KeyExchangeInfo *kx) | ||
1193 | { | ||
1194 | kx->timeout = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | ||
1195 | if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK) | ||
1196 | GNUNET_SCHEDULER_cancel (n->keep_alive_task); | ||
1197 | kx->keep_alive_task = | ||
1198 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_divide | ||
1199 | (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, | ||
1200 | 2), &send_keep_alive, kx); | ||
1201 | } | ||
1202 | |||
1203 | |||
1204 | /** | ||
1205 | * Closure for 'deliver_message' | 1255 | * Closure for 'deliver_message' |
1206 | */ | 1256 | */ |
1207 | struct DeliverMessageContext | 1257 | struct DeliverMessageContext |
@@ -1221,20 +1271,20 @@ struct DeliverMessageContext | |||
1221 | * Number of entries in 'atsi' array. | 1271 | * Number of entries in 'atsi' array. |
1222 | */ | 1272 | */ |
1223 | uint32_t atsi_count; | 1273 | uint32_t atsi_count; |
1224 | } | 1274 | }; |
1225 | |||
1226 | 1275 | ||
1276 | |||
1227 | /** | 1277 | /** |
1228 | * We received an encrypted message. Decrypt, validate and | 1278 | * We received an encrypted message. Decrypt, validate and |
1229 | * pass on to the appropriate clients. | 1279 | * pass on to the appropriate clients. |
1230 | * | 1280 | * |
1231 | * @param n target of the message | 1281 | * @param kx key exchange context for encrypting the message |
1232 | * @param m encrypted message | 1282 | * @param m encrypted message |
1233 | * @param atsi performance data | 1283 | * @param atsi performance data |
1234 | * @param atsi_count number of entries in ats (excluding 0-termination) | 1284 | * @param atsi_count number of entries in ats (excluding 0-termination) |
1235 | */ | 1285 | */ |
1236 | void | 1286 | void |
1237 | GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n, | 1287 | GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, |
1238 | const struct GNUNET_MessageHeader *msg, | 1288 | const struct GNUNET_MessageHeader *msg, |
1239 | const struct GNUNET_TRANSPORT_ATS_Information *atsi, | 1289 | const struct GNUNET_TRANSPORT_ATS_Information *atsi, |
1240 | uint32_t atsi_count) | 1290 | uint32_t atsi_count) |
@@ -1260,7 +1310,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n, | |||
1260 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && | 1310 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && |
1261 | (kx->status != KX_STATE_UP) ) | 1311 | (kx->status != KX_STATE_UP) ) |
1262 | { | 1312 | { |
1263 | GNUNET_STATISTICS_update (stats, | 1313 | GNUNET_STATISTICS_update (GSC_stats, |
1264 | gettext_noop | 1314 | gettext_noop |
1265 | ("# failed to decrypt message (no session key)"), | 1315 | ("# failed to decrypt message (no session key)"), |
1266 | 1, GNUNET_NO); | 1316 | 1, GNUNET_NO); |
@@ -1317,7 +1367,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n, | |||
1317 | { | 1367 | { |
1318 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1368 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1319 | "Received duplicate message, ignoring.\n"); | 1369 | "Received duplicate message, ignoring.\n"); |
1320 | GNUNET_STATISTICS_update (stats, | 1370 | GNUNET_STATISTICS_update (GSC_stats, |
1321 | gettext_noop ("# bytes dropped (duplicates)"), | 1371 | gettext_noop ("# bytes dropped (duplicates)"), |
1322 | size, GNUNET_NO); | 1372 | size, GNUNET_NO); |
1323 | /* duplicate, ignore */ | 1373 | /* duplicate, ignore */ |
@@ -1344,7 +1394,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n, | |||
1344 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1394 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1345 | _("Message received far too old (%llu ms). Content ignored.\n"), | 1395 | _("Message received far too old (%llu ms). Content ignored.\n"), |
1346 | GNUNET_TIME_absolute_get_duration (t).rel_value); | 1396 | GNUNET_TIME_absolute_get_duration (t).rel_value); |
1347 | GNUNET_STATISTICS_update (stats, | 1397 | GNUNET_STATISTICS_update (GSC_stats, |
1348 | gettext_noop | 1398 | gettext_noop |
1349 | ("# bytes dropped (ancient message)"), size, | 1399 | ("# bytes dropped (ancient message)"), size, |
1350 | GNUNET_NO); | 1400 | GNUNET_NO); |
@@ -1355,7 +1405,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n, | |||
1355 | update_timeout (kx); | 1405 | update_timeout (kx); |
1356 | GSC_SESSIONS_update (&kx->peer, | 1406 | GSC_SESSIONS_update (&kx->peer, |
1357 | pt->inbound_bw_limit); | 1407 | pt->inbound_bw_limit); |
1358 | GNUNET_STATISTICS_update (stats, | 1408 | GNUNET_STATISTICS_update (GSC_stats, |
1359 | gettext_noop ("# bytes of payload decrypted"), | 1409 | gettext_noop ("# bytes of payload decrypted"), |
1360 | size - sizeof (struct EncryptedMessage), GNUNET_NO); | 1410 | size - sizeof (struct EncryptedMessage), GNUNET_NO); |
1361 | dmc.atsi = atsi; | 1411 | dmc.atsi = atsi; |
@@ -1424,8 +1474,8 @@ GSC_KX_init () | |||
1424 | } | 1474 | } |
1425 | GNUNET_CRYPTO_rsa_key_get_public (my_private_key, &my_public_key); | 1475 | GNUNET_CRYPTO_rsa_key_get_public (my_private_key, &my_public_key); |
1426 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), | 1476 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), |
1427 | &my_identity.hashPubKey); | 1477 | &GSC_my_identity.hashPubKey); |
1428 | peerinfo = GNUNET_PEERINFO_connect (cfg); | 1478 | peerinfo = GNUNET_PEERINFO_connect (GSC_cfg); |
1429 | if (NULL == peerinfo) | 1479 | if (NULL == peerinfo) |
1430 | { | 1480 | { |
1431 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1481 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
diff --git a/src/core/gnunet-service-core_kx.h b/src/core/gnunet-service-core_kx.h index a7f4b9058..0395f68ed 100644 --- a/src/core/gnunet-service-core_kx.h +++ b/src/core/gnunet-service-core_kx.h | |||
@@ -27,6 +27,7 @@ | |||
27 | #define GNUNET_SERVICE_CORE_KX_H | 27 | #define GNUNET_SERVICE_CORE_KX_H |
28 | 28 | ||
29 | #include "gnunet_util_lib.h" | 29 | #include "gnunet_util_lib.h" |
30 | #include "gnunet_transport_service.h" | ||
30 | 31 | ||
31 | 32 | ||
32 | /** | 33 | /** |