diff options
author | t3sserakt <t3ss@posteo.de> | 2020-10-16 17:31:04 +0200 |
---|---|---|
committer | t3sserakt <t3ss@posteo.de> | 2020-10-16 17:31:04 +0200 |
commit | 4b69b0866d7f29efeb92176e518ddbb6a9052033 (patch) | |
tree | 3bd7225cebc5a070ca6eae765981958785c5b588 | |
parent | c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff) | |
download | gnunet-4b69b0866d7f29efeb92176e518ddbb6a9052033.tar.gz gnunet-4b69b0866d7f29efeb92176e518ddbb6a9052033.zip |
- added secret destroy. Started with rekey logic
-rw-r--r-- | src/transport/gnunet-communicator-udp.c | 83 |
1 files changed, 80 insertions, 3 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index 4dc65896e..e967e8e9a 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c | |||
@@ -134,7 +134,7 @@ | |||
134 | * sense. Might make sense to adapt to RTT if we had | 134 | * sense. Might make sense to adapt to RTT if we had |
135 | * a good measurement... | 135 | * a good measurement... |
136 | */ | 136 | */ |
137 | #define MAX_SECRETS 128 | 137 | #define MAX_SECRETS 128000 |
138 | 138 | ||
139 | /** | 139 | /** |
140 | * How often do we rekey based on number of bytes transmitted? | 140 | * How often do we rekey based on number of bytes transmitted? |
@@ -671,6 +671,11 @@ struct BroadcastInterface | |||
671 | }; | 671 | }; |
672 | 672 | ||
673 | /** | 673 | /** |
674 | * Timeout for this receiver address. | ||
675 | */ | ||
676 | struct GNUNET_TIME_Absolute *rekey_timeout; | ||
677 | |||
678 | /** | ||
674 | * Shared secret we finished the last kce working queue for. | 679 | * Shared secret we finished the last kce working queue for. |
675 | */ | 680 | */ |
676 | struct SharedSecret *ss_finished; | 681 | struct SharedSecret *ss_finished; |
@@ -953,12 +958,20 @@ kce_generate (struct SharedSecret *ss, uint32_t seq) | |||
953 | * @param ss shared secret to destroy | 958 | * @param ss shared secret to destroy |
954 | */ | 959 | */ |
955 | static void | 960 | static void |
956 | secret_destroy (struct SharedSecret *ss) | 961 | secret_destroy (struct SharedSecret *ss, int withoutKce) |
957 | { | 962 | { |
958 | struct SenderAddress *sender; | 963 | struct SenderAddress *sender; |
959 | struct ReceiverAddress *receiver; | 964 | struct ReceiverAddress *receiver; |
960 | struct KeyCacheEntry *kce; | 965 | struct KeyCacheEntry *kce; |
961 | 966 | ||
967 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
968 | "secret destroy %u %u\n", | ||
969 | withoutKce, | ||
970 | ss->sequence_allowed); | ||
971 | |||
972 | if (withoutKce && (ss->sequence_allowed > 0)) | ||
973 | return; | ||
974 | |||
962 | if (NULL != (sender = ss->sender)) | 975 | if (NULL != (sender = ss->sender)) |
963 | { | 976 | { |
964 | GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss); | 977 | GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss); |
@@ -1319,8 +1332,11 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value) | |||
1319 | { | 1332 | { |
1320 | const struct UDPAck *ack = cls; | 1333 | const struct UDPAck *ack = cls; |
1321 | struct ReceiverAddress *receiver = value; | 1334 | struct ReceiverAddress *receiver = value; |
1335 | struct SharedSecret *pos; | ||
1336 | |||
1322 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1337 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1323 | "in handle ack\n"); | 1338 | "in handle ack\n"); |
1339 | struct SharedSecret *ss_to_destroy; | ||
1324 | 1340 | ||
1325 | (void) pid; | 1341 | (void) pid; |
1326 | for (struct SharedSecret *ss = receiver->ss_head; NULL != ss; ss = ss->next) | 1342 | for (struct SharedSecret *ss = receiver->ss_head; NULL != ss; ss = ss->next) |
@@ -1355,6 +1371,14 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value) | |||
1355 | /* move ss to head to avoid discarding it anytime soon! */ | 1371 | /* move ss to head to avoid discarding it anytime soon! */ |
1356 | GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss); | 1372 | GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss); |
1357 | GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss); | 1373 | GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss); |
1374 | pos = receiver->ss_head; | ||
1375 | while ( NULL != pos) | ||
1376 | { | ||
1377 | ss_to_destroy = pos; | ||
1378 | pos = pos->next; | ||
1379 | |||
1380 | secret_destroy (ss_to_destroy, GNUNET_YES); | ||
1381 | } | ||
1358 | } | 1382 | } |
1359 | 1383 | ||
1360 | // Uncomment this for alternativ 2 of backchannel functionality | 1384 | // Uncomment this for alternativ 2 of backchannel functionality |
@@ -1465,6 +1489,9 @@ kce_generate_cb (void *cls) | |||
1465 | static void | 1489 | static void |
1466 | consider_ss_ack (struct SharedSecret *ss, int initial) | 1490 | consider_ss_ack (struct SharedSecret *ss, int initial) |
1467 | { | 1491 | { |
1492 | struct SharedSecret *ss_to_destroy; | ||
1493 | struct SharedSecret *pos; | ||
1494 | |||
1468 | GNUNET_assert (NULL != ss->sender); | 1495 | GNUNET_assert (NULL != ss->sender); |
1469 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1496 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1470 | "Considering SS UDPAck %s\n", | 1497 | "Considering SS UDPAck %s\n", |
@@ -1508,9 +1535,18 @@ consider_ss_ack (struct SharedSecret *ss, int initial) | |||
1508 | &ss_finished->sender->target, | 1535 | &ss_finished->sender->target, |
1509 | COMMUNICATOR_ADDRESS_PREFIX, | 1536 | COMMUNICATOR_ADDRESS_PREFIX, |
1510 | &ack.header); | 1537 | &ack.header); |
1538 | pos = ss->sender->ss_head; | ||
1539 | while ( NULL != pos) | ||
1540 | { | ||
1541 | ss_to_destroy = pos; | ||
1542 | pos = pos->next; | ||
1543 | secret_destroy (ss_to_destroy, GNUNET_YES); | ||
1544 | } | ||
1511 | kce_task = NULL; | 1545 | kce_task = NULL; |
1512 | } | 1546 | } |
1513 | else if ((NULL == kce_task) && (KCN_THRESHOLD > ss->sender->acks_available)) | 1547 | else if (((NULL == kce_task) && (KCN_THRESHOLD > |
1548 | ss->sender->acks_available)) || | ||
1549 | (ss->sender->num_secrets > MAX_SECRETS) ) | ||
1514 | { | 1550 | { |
1515 | 1551 | ||
1516 | // kce_generate (ss, ++ss->sequence_allowed); | 1552 | // kce_generate (ss, ++ss->sequence_allowed); |
@@ -2102,6 +2138,19 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq, | |||
2102 | size_t dpos; | 2138 | size_t dpos; |
2103 | gcry_cipher_hd_t out_cipher; | 2139 | gcry_cipher_hd_t out_cipher; |
2104 | struct SharedSecret *ss; | 2140 | struct SharedSecret *ss; |
2141 | struct SharedSecret *ss_to_destroy; | ||
2142 | struct SharedSecret *pos; | ||
2143 | |||
2144 | if (receiver->num_secrets > MAX_SECRETS) | ||
2145 | { | ||
2146 | pos = receiver->ss_head; | ||
2147 | while ( NULL != pos) | ||
2148 | { | ||
2149 | ss_to_destroy = pos; | ||
2150 | pos = pos->next; | ||
2151 | secret_destroy (ss_to_destroy, GNUNET_YES); | ||
2152 | } | ||
2153 | } | ||
2105 | 2154 | ||
2106 | 2155 | ||
2107 | GNUNET_assert (mq == receiver->kx_mq); | 2156 | GNUNET_assert (mq == receiver->kx_mq); |
@@ -2179,6 +2228,8 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
2179 | { | 2228 | { |
2180 | struct ReceiverAddress *receiver = impl_state; | 2229 | struct ReceiverAddress *receiver = impl_state; |
2181 | uint16_t msize = ntohs (msg->size); | 2230 | uint16_t msize = ntohs (msg->size); |
2231 | struct GNUNET_TIME_Relative rt; | ||
2232 | struct SharedSecret *pos; | ||
2182 | 2233 | ||
2183 | GNUNET_assert (mq == receiver->d_mq); | 2234 | GNUNET_assert (mq == receiver->d_mq); |
2184 | if ((msize > receiver->d_mtu) || | 2235 | if ((msize > receiver->d_mtu) || |
@@ -2244,6 +2295,32 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
2244 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2295 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2245 | "No more acks\n"); | 2296 | "No more acks\n"); |
2246 | } | 2297 | } |
2298 | |||
2299 | /* (NULL == rekey_timeout) | ||
2300 | rekey_timeout = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL); | ||
2301 | else | ||
2302 | { | ||
2303 | rt = GNUNET_TIME_absolute_get_remaining (rekey_timeout); | ||
2304 | if (0 == rt.rel_value_us) | ||
2305 | { | ||
2306 | rekey_timeout = NULL; | ||
2307 | pos = receiver->ss_head; | ||
2308 | while ( NULL != pos) | ||
2309 | { | ||
2310 | ss_to_destroy = pos; | ||
2311 | pos = pos->next; | ||
2312 | secret_destroy (ss_to_destroy, GNUNET_NO); | ||
2313 | } | ||
2314 | if (0 != receiver->acks_available) | ||
2315 | GNUNET_TRANSPORT_communicator_mq_update (ch, | ||
2316 | receiver->d_qh, | ||
2317 | // TODO We can not do this. But how can we signal this queue is not able to handle a message. Test code interprets q-len as additional length. | ||
2318 | -receiver->acks_available, | ||
2319 | 1); | ||
2320 | } | ||
2321 | }*/ | ||
2322 | |||
2323 | |||
2247 | return; | 2324 | return; |
2248 | } | 2325 | } |
2249 | } | 2326 | } |