summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authort3sserakt <t3ss@posteo.de>2020-07-17 14:26:45 +0200
committert3sserakt <t3ss@posteo.de>2020-07-17 14:26:45 +0200
commit0c9911d73744da31776f98019ff1460032f2c82b (patch)
tree6746a66f0467b5115d7c23547b563aab3e119163
parent686a873aed44e0dff36f0d52c465af2e5efb5ab2 (diff)
TNG: Implemented 5530: add replay protection to TCP communicator. Added monotime value checks
-rw-r--r--src/core/gnunet-service-core_kx.c113
-rw-r--r--src/include/gnunet_core_service.h116
-rw-r--r--src/include/gnunet_crypto_lib.h11
-rw-r--r--src/include/gnunet_peerstore_service.h18
-rw-r--r--src/include/gnunet_protocols.h5
-rw-r--r--src/include/gnunet_signatures.h5
-rw-r--r--src/transport/Makefile.am1
-rw-r--r--src/transport/gnunet-communicator-tcp.c629
-rw-r--r--src/transport/gnunet-service-tng.c13
-rw-r--r--src/transport/test_communicator_tcp_basic_peer1.conf3
-rw-r--r--src/transport/test_communicator_tcp_basic_peer2.conf3
-rw-r--r--src/transport/test_communicator_tcp_rekey_peer1.conf7
-rw-r--r--src/transport/test_communicator_tcp_rekey_peer2.conf7
-rw-r--r--src/transport/test_communicator_udp_backchannel_peer1.conf7
-rw-r--r--src/transport/test_communicator_udp_backchannel_peer2.conf7
-rw-r--r--src/transport/test_communicator_udp_basic_peer1.conf7
-rw-r--r--src/transport/test_communicator_udp_basic_peer2.conf8
-rw-r--r--src/transport/test_communicator_udp_rekey_peer1.conf7
-rw-r--r--src/transport/test_communicator_udp_rekey_peer2.conf7
-rw-r--r--src/transport/test_communicator_unix_basic_peer1.conf7
-rw-r--r--src/transport/test_communicator_unix_basic_peer2.conf7
-rw-r--r--src/transport/transport-testing2.c51
22 files changed, 859 insertions, 180 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index cafe658e8..a79ef075b 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -77,119 +77,6 @@
GNUNET_NETWORK_STRUCT_BEGIN
/**
- * Message transmitted with the signed ephemeral key of a peer. The
- * session key is then derived from the two ephemeral keys (ECDHE).
- */
-struct EphemeralKeyMessage
-{
- /**
- * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Status of the sender (should be in `enum PeerStateMachine`), nbo.
- */
- int32_t sender_status GNUNET_PACKED;
-
- /**
- * An ECC signature of the @e origin_identity asserting the validity
- * of the given ephemeral key.
- */
- struct GNUNET_CRYPTO_EddsaSignature signature;
-
- /**
- * Information about what is being signed.
- */
- struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
-
- /**
- * At what time was this key created (beginning of validity).
- */
- struct GNUNET_TIME_AbsoluteNBO creation_time;
-
- /**
- * When does the given ephemeral key expire (end of validity).
- */
- struct GNUNET_TIME_AbsoluteNBO expiration_time;
-
- /**
- * Ephemeral public ECC key.
- */
- struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
-
- /**
- * Public key of the signing peer (persistent version, not the
- * ephemeral public key).
- */
- struct GNUNET_PeerIdentity origin_identity;
-};
-
-
-/**
- * We're sending an (encrypted) PING to the other peer to check if it
- * can decrypt. The other peer should respond with a PONG with the
- * same content, except this time encrypted with the receiver's key.
- */
-struct PingMessage
-{
- /**
- * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING.
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Seed for the IV
- */
- uint32_t iv_seed GNUNET_PACKED;
-
- /**
- * Intended target of the PING, used primarily to check
- * that decryption actually worked.
- */
- struct GNUNET_PeerIdentity target;
-
- /**
- * Random number chosen to make replay harder.
- */
- uint32_t challenge GNUNET_PACKED;
-};
-
-
-/**
- * Response to a PING. Includes data from the original PING.
- */
-struct PongMessage
-{
- /**
- * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG.
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Seed for the IV
- */
- uint32_t iv_seed GNUNET_PACKED;
-
- /**
- * Random number to make replay attacks harder.
- */
- uint32_t challenge GNUNET_PACKED;
-
- /**
- * Reserved, always zero.
- */
- uint32_t reserved;
-
- /**
- * Intended target of the PING, used primarily to check
- * that decryption actually worked.
- */
- struct GNUNET_PeerIdentity target;
-};
-
-
-/**
* Encapsulation for encrypted messages exchanged between
* peers. Followed by the actual encrypted data.
*/
diff --git a/src/include/gnunet_core_service.h b/src/include/gnunet_core_service.h
index 66b292c3c..60bc3c2a6 100644
--- a/src/include/gnunet_core_service.h
+++ b/src/include/gnunet_core_service.h
@@ -48,6 +48,122 @@ extern "C" {
*/
#define GNUNET_CORE_VERSION 0x00000001
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Message transmitted with the signed ephemeral key of a peer. The
+ * session key is then derived from the two ephemeral keys (ECDHE).
+ */
+struct EphemeralKeyMessage
+{
+ /**
+ * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Status of the sender (should be in `enum PeerStateMachine`), nbo.
+ */
+ int32_t sender_status GNUNET_PACKED;
+
+ /**
+ * An ECC signature of the @e origin_identity asserting the validity
+ * of the given ephemeral key.
+ */
+ struct GNUNET_CRYPTO_EddsaSignature signature;
+
+ /**
+ * Information about what is being signed.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * At what time was this key created (beginning of validity).
+ */
+ struct GNUNET_TIME_AbsoluteNBO creation_time;
+
+ /**
+ * When does the given ephemeral key expire (end of validity).
+ */
+ struct GNUNET_TIME_AbsoluteNBO expiration_time;
+
+ /**
+ * Ephemeral public ECC key.
+ */
+ struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
+
+ /**
+ * Public key of the signing peer (persistent version, not the
+ * ephemeral public key).
+ */
+ struct GNUNET_PeerIdentity origin_identity;
+};
+
+
+/**
+ * We're sending an (encrypted) PING to the other peer to check if it
+ * can decrypt. The other peer should respond with a PONG with the
+ * same content, except this time encrypted with the receiver's key.
+ */
+struct PingMessage
+{
+ /**
+ * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Seed for the IV
+ */
+ uint32_t iv_seed GNUNET_PACKED;
+
+ /**
+ * Intended target of the PING, used primarily to check
+ * that decryption actually worked.
+ */
+ struct GNUNET_PeerIdentity target;
+
+ /**
+ * Random number chosen to make replay harder.
+ */
+ uint32_t challenge GNUNET_PACKED;
+};
+
+
+/**
+ * Response to a PING. Includes data from the original PING.
+ */
+struct PongMessage
+{
+ /**
+ * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Seed for the IV
+ */
+ uint32_t iv_seed GNUNET_PACKED;
+
+ /**
+ * Random number to make replay attacks harder.
+ */
+ uint32_t challenge GNUNET_PACKED;
+
+ /**
+ * Reserved, always zero.
+ */
+ uint32_t reserved;
+
+ /**
+ * Intended target of the PING, used primarily to check
+ * that decryption actually worked.
+ */
+ struct GNUNET_PeerIdentity target;
+};
+
+
+GNUNET_NETWORK_STRUCT_END
/**
* Opaque handle to the service.
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 320701643..c1b0b3b1b 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -289,6 +289,17 @@ struct GNUNET_CRYPTO_SymmetricSessionKey
unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
};
+/**
+ * Type of a nonce used for challenges.
+ */
+struct ChallengeNonceP
+{
+ /**
+ * The value of the nonce. Note that this is NOT a hash.
+ */
+ struct GNUNET_ShortHashCode value;
+};
+
GNUNET_NETWORK_STRUCT_END
/**
diff --git a/src/include/gnunet_peerstore_service.h b/src/include/gnunet_peerstore_service.h
index cd68dad66..91a8f2e66 100644
--- a/src/include/gnunet_peerstore_service.h
+++ b/src/include/gnunet_peerstore_service.h
@@ -67,6 +67,24 @@ extern "C" {
#define GNUNET_PEERSTORE_TRANSPORT_DVLEARN_MONOTIME \
"transport-dv-learn-monotonic-time"
+/**
+ * Key used to store sender's monotonic time from handshake message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE \
+ "transport-tcp-communicator-handshake"
+
+/**
+ * Key used to store sender's monotonic time from handshake ack message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK \
+ "transport-tcp-communicator-handshake-ack"
+
+/**
+ * Key used to store sender's monotonic time from rekey message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY \
+ "transport-tcp-communicator-rekey"
+
/**
* Options for storing values in PEERSTORE
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 0db6150aa..5af58664f 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -3293,6 +3293,11 @@ extern "C" {
#define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH 1452
/**
+ * TCP communicator confirmation ack.
+ */
+#define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK 1453
+
+/**
* UDP KX acknowledgement.
*/
#define GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK 1460
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index 503113770..7c0c1d104 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -246,6 +246,11 @@ extern "C"
*/
#define GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR 38
+/**
+ * Signature by a peer sending back the nonce received at initial handshake.
+ */
+#define GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK 39
+
#if 0 /* keep Emacsens' auto-indent happy */
{
#endif
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index eadb601ef..127ba9516 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -266,6 +266,7 @@ gnunet_communicator_tcp_SOURCES = \
gnunet-communicator-tcp.c
gnunet_communicator_tcp_LDADD = \
libgnunettransportcommunicator.la \
+ $(top_builddir)/src/peerstore/libgnunetpeerstore.la \
$(top_builddir)/src/nat/libgnunetnatnew.la \
$(top_builddir)/src/nt/libgnunetnt.la \
$(top_builddir)/src/statistics/libgnunetstatistics.la \
diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c
index e25cdf139..fff699415 100644
--- a/src/transport/gnunet-communicator-tcp.c
+++ b/src/transport/gnunet-communicator-tcp.c
@@ -24,26 +24,22 @@
* @author Christian Grothoff
*
* TODO:
- * - support DNS names in BINDTO option (#5528)
* - support NAT connection reversal method (#5529)
* - support other TCP-specific NAT traversal methods (#5531)
- * - add replay protection support to the protocol by
- * adding a nonce in the KX and requiring (!) a
- * nounce ACK to be send within the first X bytes of
- * data (#5530)
*/
#include "platform.h"
#include "gnunet_util_lib.h"
+#include "gnunet_core_service.h"
+#include "gnunet_peerstore_service.h"
#include "gnunet_protocols.h"
#include "gnunet_signatures.h"
#include "gnunet_constants.h"
#include "gnunet_nt_lib.h"
#include "gnunet_nat_service.h"
#include "gnunet_statistics_service.h"
-#include "gnunet_ats_transport_service.h"
-#include "transport.h"
#include "gnunet_transport_communication_service.h"
#include "gnunet_resolver_service.h"
+
/**
* How long do we believe our addresses to remain up (before
* the other peer should revalidate).
@@ -91,6 +87,13 @@
(sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \
+ sizeof(struct TCPConfirmation))
+/**
+ * Size of the initial core key exchange messages.
+ */
+#define INITIAL_CORE_KX_SIZE \
+ (sizeof(struct EphemeralKeyMessage) \
+ + sizeof(struct PingMessage) \
+ + sizeof(struct PongMessage))
/**
* Address prefix used by the communicator.
@@ -136,8 +139,45 @@ struct TcpHandshakeSignature
* (if receiver persists times by sender).
*/
struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
};
+/**
+ * Signature we use to verify that the ack from the receiver of the ephemeral key was really send by
+ * the specified sender.
+ */
+struct TcpHandshakeAckSignature
+{
+ /**
+ * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Identity of the inititor of the TCP connection (TCP client).
+ */
+ struct GNUNET_PeerIdentity sender;
+
+ /**
+ * Presumed identity of the target of the TCP connection (TCP server)
+ */
+ struct GNUNET_PeerIdentity receiver;
+
+ /**
+ * Monotonic time of @e sender, to possibly help detect replay attacks
+ * (if receiver persists times by sender).
+ */
+ struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+};
/**
* Encrypted continuation of TCP initial handshake.
@@ -159,8 +199,48 @@ struct TCPConfirmation
* (if receiver persists times by sender).
*/
struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+
};
+/**
+ * Ack for the encrypted continuation of TCP initial handshake.
+ */
+struct TCPConfirmationAck
+{
+
+
+ /**
+ * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Sender's identity
+ */
+ struct GNUNET_PeerIdentity sender;
+
+ /**
+ * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK
+ */
+ struct GNUNET_CRYPTO_EddsaSignature sender_sig;
+
+ /**
+ * Monotonic time of @e sender, to possibly help detect replay attacks
+ * (if receiver persists times by sender).
+ */
+ struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+
+};
/**
* TCP message box. Always sent encrypted!
@@ -456,6 +536,56 @@ struct Queue
* re-decrypt ciphertext.
*/
int rekeyed;
+
+ /**
+ * Monotonic time value for rekey message.
+ */
+ struct GNUNET_TIME_AbsoluteNBO rekey_monotonic_time;
+
+ /**
+ * Monotonic time value for handshake message.
+ */
+ struct GNUNET_TIME_AbsoluteNBO handshake_monotonic_time;
+
+ /**
+ * Monotonic time value for handshake ack message.
+ */
+ struct GNUNET_TIME_AbsoluteNBO handshake_ack_monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+
+ /**
+ * Iteration Context for retrieving the monotonic time send with key for rekeying.
+ */
+ struct GNUNET_PEERSTORE_IterateContext *rekey_monotime_get;
+
+ /**
+ * Iteration Context for retrieving the monotonic time send with the handshake.
+ */
+ struct GNUNET_PEERSTORE_IterateContext *handshake_monotime_get;
+
+ /**
+ * Iteration Context for retrieving the monotonic time send with the handshake ack.
+ */
+ struct GNUNET_PEERSTORE_IterateContext *handshake_ack_monotime_get;
+
+ /**
+ * Store Context for retrieving the monotonic time send with key for rekeying.
+ */
+ struct GNUNET_PEERSTORE_StoreContext *rekey_monotime_sc;
+
+ /**
+ * Store Context for retrieving the monotonic time send with the handshake.
+ */
+ struct GNUNET_PEERSTORE_StoreContext *handshake_monotime_sc;
+
+ /**
+ * Store Context for retrieving the monotonic time send with the handshake ack.
+ */
+ struct GNUNET_PEERSTORE_StoreContext *handshake_ack_monotime_sc;
};
@@ -659,6 +789,16 @@ struct Addresses *addrs_tail;
int addrs_lens;
/**
+ * Size of data received without KX challenge played back.
+ */
+size_t unverified_size;
+
+/**
+ * Database for peer's HELLOs.
+ */
+static struct GNUNET_PEERSTORE_Handle *peerstore;
+
+/**
* We have been notified that our listen socket has something to
* read. Do the read and reschedule this function to be called again
* once more is available.
@@ -688,6 +828,36 @@ queue_destroy (struct Queue *queue)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Disconnecting queue for peer `%s'\n",
GNUNET_i2s (&queue->target));
+ if (NULL != queue->rekey_monotime_sc)
+ {
+ GNUNET_PEERSTORE_store_cancel (queue->rekey_monotime_sc);
+ queue->rekey_monotime_sc = NULL;
+ }
+ if (NULL != queue->handshake_monotime_sc)
+ {
+ GNUNET_PEERSTORE_store_cancel (queue->handshake_monotime_sc);
+ queue->handshake_monotime_sc = NULL;
+ }
+ if (NULL != queue->handshake_ack_monotime_sc)
+ {
+ GNUNET_PEERSTORE_store_cancel (queue->handshake_ack_monotime_sc);
+ queue->handshake_ack_monotime_sc = NULL;
+ }
+ if (NULL != queue->rekey_monotime_get)
+ {
+ GNUNET_PEERSTORE_iterate_cancel (queue->rekey_monotime_get);
+ queue->rekey_monotime_get = NULL;
+ }
+ if (NULL != queue->handshake_monotime_get)
+ {
+ GNUNET_PEERSTORE_iterate_cancel (queue->handshake_monotime_get);
+ queue->handshake_monotime_get = NULL;
+ }
+ if (NULL != queue->handshake_ack_monotime_get)
+ {
+ GNUNET_PEERSTORE_iterate_cancel (queue->handshake_ack_monotime_get);
+ queue->handshake_ack_monotime_get = NULL;
+ }
if (NULL != (mq = queue->mq))
{
queue->mq = NULL;
@@ -965,6 +1135,78 @@ setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
}
+/**
+ * Callback called when peerstore store operation for rekey monotime value is finished.
+ * @param cls Queue context the store operation was executed.
+ * @param success Store operation was successful (GNUNET_OK) or not.
+ */
+static void
+rekey_monotime_store_cb (void *cls, int success)
+{
+ struct Queue *queue = cls;
+ if (GNUNET_OK != success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store rekey monotonic time in PEERSTORE!\n");
+ }
+ queue->rekey_monotime_sc = NULL;
+}
+
+/**
+ * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY
+ * where found.
+ * @param cls Queue context the store operation was executed.
+ * @param record The record found or NULL if there is no record left.
+ * @param emsg Message from peerstore.
+ */
+static void
+rekey_monotime_cb (void *cls,
+ const struct GNUNET_PEERSTORE_Record *record,
+ const char *emsg)
+{
+ struct Queue *queue = cls;
+ struct GNUNET_TIME_AbsoluteNBO *mtbe;
+ struct GNUNET_TIME_Absolute mt;
+ const struct GNUNET_PeerIdentity *pid;
+ struct GNUNET_TIME_AbsoluteNBO *rekey_monotonic_time;
+
+ (void) emsg;
+
+ rekey_monotonic_time = &queue->rekey_monotonic_time;
+ pid = &queue->target;
+ if (NULL == record)
+ {
+ queue->rekey_monotime_get = NULL;
+ return;
+ }
+ if (sizeof(*mtbe) != record->value_size)
+ {
+ GNUNET_break (0);
+ return;
+ }
+ mtbe = record->value;
+ mt = GNUNET_TIME_absolute_ntoh (*mtbe);
+ if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh (
+ queue->rekey_monotonic_time).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Queue from %s dropped, rekey monotime in the past\n",
+ GNUNET_i2s (&queue->target));
+ GNUNET_break (0);
+ queue_finish (queue);
+ return;
+ }
+ queue->rekey_monotime_sc = GNUNET_PEERSTORE_store (peerstore,
+ "transport_tcp_communicator",
+ pid,
+ GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY,
+ rekey_monotonic_time,
+ sizeof(rekey_monotonic_time),
+ GNUNET_TIME_UNIT_FOREVER_ABS,
+ GNUNET_PEERSTORE_STOREOPTION_REPLACE,
+ &rekey_monotime_store_cb,
+ queue);
+}
/**
* Handle @a rekey message on @a queue. The message was already
@@ -984,7 +1226,6 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
thp.receiver = my_identity;
thp.ephemeral = rekey->ephemeral;
thp.monotonic_time = rekey->monotonic_time;
- /* FIXME: check monotonic time is monotonic... */
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
&thp,
@@ -995,11 +1236,93 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey)
queue_finish (queue);
return;
}
+ queue->rekey_monotonic_time = rekey->monotonic_time;
+ queue->rekey_monotime_get = GNUNET_PEERSTORE_iterate (peerstore,
+ "transport_tcp_communicator",
+ &queue->target,
+ GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY,
+ &rekey_monotime_cb,
+ queue);
gcry_cipher_close (queue->in_cipher);
queue->rekeyed = GNUNET_YES;
setup_in_cipher (&rekey->ephemeral, queue);
}
+/**
+ * Callback called when peerstore store operation for handshake ack monotime value is finished.
+ * @param cls Queue context the store operation was executed.
+ * @param success Store operation was successful (GNUNET_OK) or not.
+ */
+static void
+handshake_ack_monotime_store_cb (void *cls, int success)
+{
+ struct Queue *queue = cls;
+
+ if (GNUNET_OK != success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store handshake ack monotonic time in PEERSTORE!\n");
+ }
+ queue->handshake_ack_monotime_sc = NULL;
+}
+
+/**
+ * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK
+ * where found.
+ * @param cls Queue context the store operation was executed.
+ * @param record The record found or NULL if there is no record left.
+ * @param emsg Message from peerstore.
+ */
+static void
+handshake_ack_monotime_cb (void *cls,
+ const struct GNUNET_PEERSTORE_Record *record,
+ const char *emsg)
+{
+ struct Queue *queue = cls;
+ struct GNUNET_TIME_AbsoluteNBO *mtbe;
+ struct GNUNET_TIME_Absolute mt;
+ const struct GNUNET_PeerIdentity *pid;
+ struct GNUNET_TIME_AbsoluteNBO *handshake_ack_monotonic_time;
+
+ (void) emsg;
+
+ handshake_ack_monotonic_time = &queue->handshake_ack_monotonic_time;
+ pid = &queue->target;
+ if (NULL == record)
+ {
+ queue->handshake_ack_monotime_get = NULL;
+ return;
+ }
+ if (sizeof(*mtbe) != record->value_size)
+ {
+ GNUNET_break (0);
+ return;
+ }
+ mtbe = record->value;
+ mt = GNUNET_TIME_absolute_ntoh (*mtbe);
+ if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh (
+ queue->handshake_ack_monotonic_time).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Queue from %s dropped, handshake ack monotime in the past\n",
+ GNUNET_i2s (&queue->target));
+ GNUNET_break (0);
+ queue_finish (queue);
+ return;
+ }
+ queue->handshake_ack_monotime_sc = GNUNET_PEERSTORE_store (peerstore,
+ "transport_tcp_communicator",
+ pid,
+ GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK,
+ handshake_ack_monotonic_time,
+ sizeof(
+ handshake_ack_monotonic_time),
+ GNUNET_TIME_UNIT_FOREVER_ABS,
+ GNUNET_PEERSTORE_STOREOPTION_REPLACE,
+ &
+ handshake_ack_monotime_store_cb,
+ queue);
+}
/**
* Test if we have received a full message in plaintext.
@@ -1013,6 +1336,8 @@ try_handle_plaintext (struct Queue *queue)
{
const struct GNUNET_MessageHeader *hdr =
(const struct GNUNET_MessageHeader *) queue->pread_buf;
+ const struct TCPConfirmationAck *tca = (const struct
+ TCPConfirmationAck *) queue->pread_buf;
const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf;
const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf;
const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf;
@@ -1021,12 +1346,92 @@ try_handle_plaintext (struct Queue *queue)
struct GNUNET_ShortHashCode tmac;
uint16_t type;
size_t size = 0; /* make compiler happy */
+ struct TcpHandshakeAckSignature thas;
+ const struct ChallengeNonceP challenge = queue->challenge;
- if (sizeof(*hdr) > queue->pread_off)
+ if ((sizeof(*hdr) > queue->pread_off))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, not even a header!\n");
return 0; /* not even a header */
+ }
+
+ if ((-1 != unverified_size) && (unverified_size > INITIAL_CORE_KX_SIZE))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Already received data of size %u bigger than KX size %u!\n",
+ unverified_size,
+ INITIAL_CORE_KX_SIZE);
+ GNUNET_break_op (0);
+ queue_finish (queue);
+ return 0;
+ }
+
type = ntohs (hdr->type);
switch (type)
{
+ case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK:
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "start processing ack\n");
+ if (sizeof(*tca) > queue->pread_off)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext size of tca greater than pread offset.\n");
+ return 0;
+ }
+ if (ntohs (hdr->size) != sizeof(*tca))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext size does not match message type.\n");
+ GNUNET_break_op (0);
+ queue_finish (queue);
+ return 0;
+ }
+
+ thas.purpose.purpose = htonl (
+ GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK);
+ thas.purpose.size = htonl (sizeof(thas));
+ thas.sender = tca->sender;
+ thas.receiver = my_identity;
+ thas.monotonic_time = tca->monotonic_time;
+ thas.challenge = tca->challenge;
+
+ if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_verify (
+ GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK,
+ &thas,
+ &tca->sender_sig,
+ &tca->sender.public_key))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Verification of signature failed!\n");
+ GNUNET_break (0);
+ queue_finish (queue);
+ return 0;
+ }
+ if (0 != GNUNET_memcmp (&tca->challenge, &challenge))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Challenge in TCPConfirmationAck not correct!\n");
+ GNUNET_break (0);
+ queue_finish (queue);
+ return 0;
+ }
+
+ queue->handshake_ack_monotime_get = GNUNET_PEERSTORE_iterate (peerstore,
+ "transport_tcp_communicator",
+ &queue->target,
+ GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK,
+ &
+ handshake_ack_monotime_cb,
+ queue);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, ack processed!");
+
+ unverified_size = -1;
+
+ size = ntohs (hdr->size);
+ break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX:
/* Special case: header size excludes box itself! */
if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off)
@@ -1040,6 +1445,8 @@ try_handle_plaintext (struct Queue *queue)
}
pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size));
size = ntohs (hdr->size) + sizeof(*box);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, box processed!\n");
break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY:
@@ -1062,6 +1469,8 @@ try_handle_plaintext (struct Queue *queue)
}
do_rekey (queue, rekey);
size = ntohs (hdr->size);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, rekey processed!\n");
break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH:
@@ -1084,14 +1493,20 @@ try_handle_plaintext (struct Queue *queue)
}
/* handle FINISH by destroying queue */
queue_destroy (queue);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, finish processed!\n");
break;
default:
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, nothing processed!\n");
GNUNET_break_op (0);
queue_finish (queue);
return 0;
}
GNUNET_assert (0 != size);
+ if (-1 != unverified_size)
+ unverified_size += size;
return size;
}
@@ -1216,10 +1631,6 @@ tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len, struct sockaddr_in6 v6,
{
struct sockaddr *in;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "1 address %s\n",
- GNUNET_a2s (in, *sock_len));
-
v6.sin6_family = AF_INET6;
v6.sin6_port = htons ((uint16_t) port);
#if HAVE_SOCKADDR_IN_SIN_LEN
@@ -1227,9 +1638,6 @@ tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len, struct sockaddr_in6 v6,
#endif
in = GNUNET_memdup (&v6, sizeof(v6));
*sock_len = sizeof(struct sockaddr_in6);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "address %s\n",
- GNUNET_a2s (in, *sock_len));
return in;
}
@@ -1302,16 +1710,9 @@ tcp_address_to_sockaddr_port_only (const char *bindto, unsigned int *port)
*port);
po->addr_len_ipv4 = &sock_len_ipv4;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "3.5 address %s\n",
- GNUNET_a2s (po->addr_ipv4, sock_len_ipv4));
-
i6 = GNUNET_malloc (sizeof(struct sockaddr_in6));
po->addr_ipv6 = tcp_address_to_sockaddr_numeric_v6 (&sock_len_ipv6, *i6,
*port);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "3 address %s\n",
- GNUNET_a2s (po->addr_ipv6, sock_len_ipv6));
po->addr_len_ipv6 = &sock_len_ipv6;
}
@@ -1821,12 +2222,16 @@ transmit_kx (struct Queue *queue,
tc.sender = my_identity;
tc.monotonic_time =
GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &tc.challenge,
+ sizeof(tc.challenge));
ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
ths.purpose.size = htonl (sizeof(ths));
ths.sender = my_identity;
ths.receiver = queue->target;
ths.ephemeral = *epub;
ths.monotonic_time = tc.monotonic_time;
+ ths.challenge = tc.challenge;
GNUNET_CRYPTO_eddsa_sign (my_private_key,
&ths,
&tc.sender_sig);
@@ -1836,7 +2241,12 @@ transmit_kx (struct Queue *queue,
sizeof(tc),
&tc,
sizeof(tc)));
+ queue->challenge = tc.challenge;
queue->cwrite_off += sizeof(tc);
+
+ GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
+ "transport",
+ "handshake written\n");
}
@@ -1858,6 +2268,80 @@ start_initial_kx_out (struct Queue *queue)
transmit_kx (queue, &epub);
}
+/**
+ * Callback called when peerstore store operation for handshake monotime is finished.
+ * @param cls Queue context the store operation was executed.
+ * @param success Store operation was successful (GNUNET_OK) or not.
+ */
+static void
+handshake_monotime_store_cb (void *cls, int success)
+{
+ struct Queue *queue = cls;
+ if (GNUNET_OK != success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store handshake monotonic time in PEERSTORE!\n");
+ }
+ queue->handshake_monotime_sc = NULL;
+}
+
+/**
+ * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE
+ * where found.
+ * @param cls Queue context the store operation was executed.
+ * @param record The record found or NULL if there is no record left.
+ * @param emsg Message from peerstore.
+ */
+static void
+handshake_monotime_cb (void *cls,
+ const struct GNUNET_PEERSTORE_Record *record,
+ const char *emsg)
+{
+ struct Queue *queue = cls;
+ struct GNUNET_TIME_AbsoluteNBO *mtbe;
+ struct GNUNET_TIME_Absolute mt;
+ const struct GNUNET_PeerIdentity *pid;
+ struct GNUNET_TIME_AbsoluteNBO *handshake_monotonic_time;
+
+ (void) emsg;
+
+ handshake_monotonic_time = &queue->handshake_monotonic_time;
+ pid = &queue->target;
+ if (NULL == record)
+ {
+ queue->handshake_monotime_get = NULL;
+ return;
+ }
+ if (sizeof(*mtbe) != record->value_size)
+ {
+ GNUNET_break (0);
+ return;
+ }
+ mtbe = record->value;
+ mt = GNUNET_TIME_absolute_ntoh (*mtbe);
+ if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh (
+ queue->handshake_monotonic_time).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Queue from %s dropped, handshake monotime in the past\n",
+ GNUNET_i2s (&queue->target));
+ GNUNET_break (0);
+ queue_finish (queue);
+ return;
+ }
+ queue->handshake_monotime_sc = GNUNET_PEERSTORE_store (peerstore,
+ "transport_tcp_communicator",
+ pid,
+ GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE,
+ handshake_monotonic_time,
+ sizeof(
+ handshake_monotonic_time),
+ GNUNET_TIME_UNIT_FOREVER_ABS,
+ GNUNET_PEERSTORE_STOREOPTION_REPLACE,
+ &
+ handshake_monotime_store_cb,
+ queue);
+}
/**
* We have received the first bytes from the other side on a @a queue.
@@ -1890,13 +2374,19 @@ decrypt_and_check_tc (struct Queue *queue,
ths.receiver = my_identity;
memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey));
ths.monotonic_time = tc->monotonic_time;
- /* FIXME: check monotonic time against previous mono times
- from this sender! */
+ ths.challenge = tc->challenge;
return GNUNET_CRYPTO_eddsa_verify (
GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
&ths,
&tc->sender_sig,
&tc->sender.public_key);
+ queue->handshake_monotime_get = GNUNET_PEERSTORE_iterate (peerstore,
+ "transport_tcp_communicator",
+ &queue->target,
+ GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE,
+ &
+ handshake_monotime_cb,
+ queue);
}
@@ -1924,6 +2414,47 @@ free_proto_queue (struct ProtoQueue *pq)
GNUNET_free (pq);
}
+/**
+ * Sending challenge with TcpConfirmationAck back to sender of ephemeral key.
+ *
+ * @param tc The TCPConfirmation originally send.
+ * @param queue The queue context.
+ */
+static void
+send_challenge (struct TCPConfirmation tc, struct Queue *queue)
+{
+ struct TCPConfirmationAck tca;
+ struct TcpHandshakeAckSignature thas;
+
+ GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
+ "transport",
+ "sending challenge\n");
+
+ tca.header.type = ntohs (
+ GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK);
+ tca.header.size = ntohs (sizeof(tca));
+ tca.challenge = tc.challenge;
+ tca.sender = my_identity;
+ tca.monotonic_time =
+ GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
+ thas.purpose.purpose = htonl (
+ GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK);
+ thas.purpose.size = htonl (sizeof(thas));
+ thas.sender = my_identity;
+ thas.receiver = queue->target;
+ thas.monotonic_time = tca.monotonic_time;
+ thas.challenge = tca.challenge;
+ GNUNET_CRYPTO_eddsa_sign (my_private_key,
+ &thas,
+ &tca.sender_sig);
+ GNUNET_assert (0 ==
+ gcry_cipher_encrypt (queue->out_cipher,
+ &queue->cwrite_buf[queue->cwrite_off],
+ sizeof(tca),
+ &tca,
+ sizeof(tca)));
+ queue->cwrite_off += sizeof(tca);
+}
/**
* Read from the socket of the proto queue until we have enough data
@@ -1993,6 +2524,11 @@ proto_read_kx (void *cls)
queue->listen_task = pq->listen_task;
queue->listen_sock = pq->listen_sock;
queue->sock = pq->sock;
+
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "start kx proto\n");
+
start_initial_kx_out (queue);
boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND);
queue->read_task =
@@ -2005,6 +2541,8 @@ proto_read_kx (void *cls)
queue->sock,
&queue_write,
queue);
+ send_challenge (tc, queue);
+
GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
GNUNET_free (pq);
}
@@ -2128,7 +2666,7 @@ queue_read_kx (void *cls)
queue_destroy (queue);
return;
}
-
+ send_challenge (tc, queue);
/* update queue timeout */
reschedule_queue_timeout (queue);
/* prepare to continue with regular read task immediately */
@@ -2220,6 +2758,11 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
queue->sock,
&queue_read_kx,
queue);
+
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "start kx mq_init\n");
+
start_initial_kx_out (queue);
queue->write_task =
GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
@@ -2338,10 +2881,6 @@ nat_address_cb (void *cls,
char *my_addr;
struct GNUNET_TRANSPORT_AddressIdentifier *ai;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "1 nat_address %s\n",
- GNUNET_a2s (addr, addrlen));
-
if (GNUNET_YES == add_remove)
{
enum GNUNET_NetworkType nt;
@@ -2390,10 +2929,6 @@ init_socket (const struct sockaddr *addr,
return GNUNET_SYSERR;
}
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "4 address %s\n",
- GNUNET_a2s (addr, in_len));
-
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"address %s\n",
GNUNET_a2s (addr, in_len));
@@ -2508,35 +3043,20 @@ nat_register ()
int i;
struct Addresses *pos;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "nat here\n");
-
i = 0;
saddrs = GNUNET_malloc ((addrs_lens + 1) * sizeof(struct sockaddr *));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "2 nat here\n");
-
saddr_lens = GNUNET_malloc ((addrs_lens + 1) * sizeof(socklen_t));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "3 nat here\n");
-
for (pos = addrs_head; NULL != pos; pos = pos->next)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "5 nat here\n");
-
saddr_lens[i] = addrs_head->addr_len;
saddrs[i] = GNUNET_malloc (saddr_lens[i]);
saddrs[i] = addrs_head->addr;
i++;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "6 nat here\n");
-
}
nat = GNUNET_NAT_register (cfg,
@@ -2676,6 +3196,13 @@ run (void *cls,
&rekey_interval))
rekey_interval = DEFAULT_REKEY_INTERVAL;
+ peerstore = GNUNET_PEERSTORE_connect (cfg);
+ if (NULL == peerstore)
+ {
+ GNUNET_break (0);
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ }
// cp = GNUNET_strdup (bindto);
start = extract_address (bindto);
@@ -2690,11 +3217,11 @@ run (void *cls,
add_addr (po->addr_ipv4, *po->addr_len_ipv4);
}
- if (NULL != &po->addr_ipv6)
+ /*if (NULL != &po->addr_ipv6)
{
init_socket (po->addr_ipv6, *po->addr_len_ipv6);
add_addr (po->addr_ipv6, *po->addr_len_ipv6);
- }
+ }*/
nat_register ();
}
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index 5f3178939..baefdfa88 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -329,19 +329,6 @@ struct AcknowledgementUUIDP
struct GNUNET_Uuid value;
};
-
-/**
- * Type of a nonce used for challenges.
- */
-struct ChallengeNonceP
-{
- /**
- * The value of the nonce. Note that this is NOT a hash.
- */
- struct GNUNET_ShortHashCode value;
-};
-
-
/**
* Outer layer of an encapsulated backchannel message.
*/
diff --git a/src/transport/test_communicator_tcp_basic_peer1.conf b/src/transport/test_communicator_tcp_basic_peer1.conf
index d0293ff51..31568fd0d 100644
--- a/src/transport/test_communicator_tcp_basic_peer1.conf
+++ b/src/transport/test_communicator_tcp_basic_peer1.conf
@@ -19,6 +19,9 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
diff --git a/src/transport/test_communicator_tcp_basic_peer2.conf b/src/transport/test_communicator_tcp_basic_peer2.conf
index 5b9050547..44037d47f 100644
--- a/src/transport/test_communicator_tcp_basic_peer2.conf
+++ b/src/transport/test_communicator_tcp_basic_peer2.conf
@@ -20,6 +20,9 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
diff --git a/src/transport/test_communicator_tcp_rekey_peer1.conf b/src/transport/test_communicator_tcp_rekey_peer1.conf
index 18028cd48..e7161e488 100644
--- a/src/transport/test_communicator_tcp_rekey_peer1.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
diff --git a/src/transport/test_communicator_tcp_rekey_peer2.conf b/src/transport/test_communicator_tcp_rekey_peer2.conf
index 7d7179578..8f175a405 100644
--- a/src/transport/test_communicator_tcp_rekey_peer2.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
diff --git a/src/transport/test_communicator_udp_backchannel_peer1.conf b/src/transport/test_communicator_udp_backchannel_peer1.conf
index 0c595b77b..b99a76d6c 100644
--- a/src/transport/test_communicator_udp_backchannel_peer1.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
diff --git a/src/transport/test_communicator_udp_backchannel_peer2.conf b/src/transport/test_communicator_udp_backchannel_peer2.conf
index d29f37ec9..48bd54c8b 100644
--- a/src/transport/test_communicator_udp_backchannel_peer2.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
diff --git a/src/transport/test_communicator_udp_basic_peer1.conf b/src/transport/test_communicator_udp_basic_peer1.conf
index 4cfb6f72f..d53a55210 100644
--- a/src/transport/test_communicator_udp_basic_peer1.conf
+++ b/src/transport/test_communicator_udp_basic_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-udp]
BINDTO = 60002
DISABLE_V6 = YES
diff --git a/src/transport/test_communicator_udp_basic_peer2.conf b/src/transport/test_communicator_udp_basic_peer2.conf
index b9bed2756..f05ebc5cb 100644
--- a/src/transport/test_communicator_udp_basic_peer2.conf
+++ b/src/transport/test_communicator_udp_basic_peer2.conf
@@ -20,6 +20,14 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-udp]
BINDTO = 60003
DISABLE_V6 = YES
diff --git a/src/transport/test_communicator_udp_rekey_peer1.conf b/src/transport/test_communicator_udp_rekey_peer1.conf
index 18028cd48..e7161e488 100644
--- a/src/transport/test_communicator_udp_rekey_peer1.conf
+++ b/src/transport/test_communicator_udp_rekey_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
diff --git a/src/transport/test_communicator_udp_rekey_peer2.conf b/src/transport/test_communicator_udp_rekey_peer2.conf
index 7d7179578..8f175a405 100644
--- a/src/transport/test_communicator_udp_rekey_peer2.conf
+++ b/src/transport/test_communicator_udp_rekey_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
diff --git a/src/transport/test_communicator_unix_basic_peer1.conf b/src/transport/test_communicator_unix_basic_peer1.conf
index d50588007..71283e381 100644
--- a/src/transport/test_communicator_unix_basic_peer1.conf
+++ b/src/transport/test_communicator_unix_basic_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-1.sock
diff --git a/src/transport/test_communicator_unix_basic_peer2.conf b/src/transport/test_communicator_unix_basic_peer2.conf
index fe27ef1a6..ac95845b2 100644
--- a/src/transport/test_communicator_unix_basic_peer2.conf
+++ b/src/transport/test_communicator_unix_basic_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-2.sock
diff --git a/src/transport/transport-testing2.c b/src/transport/transport-testing2.c
index 0dc1bb331..974dc56c1 100644
--- a/src/transport/transport-testing2.c
+++ b/src/transport/transport-testing2.c
@@ -114,6 +114,11 @@ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
struct GNUNET_OS_Process *resolver_proc;
/**
+ * peerstore service process
+ */
+ struct GNUNET_OS_Process *ps_proc;
+
+ /**
* @brief Task that will be run on shutdown to stop and clean communicator
*/
struct GNUNET_SCHEDULER_Task *c_shutdown_task;
@@ -671,8 +676,8 @@ handle_update_queue_message (void *cls,
struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorQueue *tc_queue;
LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Received queue update message for %u with q_len %"PRIu64"\n",
- msg->qid, GNUNET_ntohll(msg->q_len));
+ "Received queue update message for %u with q_len %" PRIu64 "\n",
+ msg->qid, GNUNET_ntohll (msg->q_len));
tc_queue = tc_h->queue_head;
if (NULL != tc_queue)
{
@@ -892,6 +897,12 @@ shutdown_process (struct GNUNET_OS_Process *proc)
GNUNET_OS_process_destroy (proc);
}
+static void
+shutdown_peerstore (void *cls)
+{
+ struct GNUNET_OS_Process *proc = cls;
+ shutdown_process (proc);
+}
static void
shutdown_communicator (void *cls)
@@ -987,6 +998,38 @@ resolver_start (struct
}
+
+/**
+ * @brief Start Peerstore
+ *
+ */
+static void
+peerstore_start (
+ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
+{
+ char *binary;
+
+ LOG (GNUNET_ERROR_TYPE_DEBUG, "peerstore_start\n");
+ binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-peerstore");
+ tc_h->ps_proc = GNUNET_OS_start_process (GNUNET_YES,
+ GNUNET_OS_INHERIT_STD_OUT_AND_ERR,
+ NULL,
+ NULL,
+ NULL,
+ binary,
+ "gnunet-service-peerstore",
+ "-c",
+ tc_h->cfg_filename,
+ NULL);
+ if (NULL == tc_h->ps_proc)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start Peerstore!");
+ return;
+ }
+ LOG (GNUNET_ERROR_TYPE_INFO, "started Peerstore\n");
+ GNUNET_free (binary);
+}
+
/**
* @brief Start NAT
*
@@ -1018,7 +1061,6 @@ nat_start (
GNUNET_free (binary);
}
-
/**
* @brief Start communicator part of transport service and communicator
*
@@ -1083,6 +1125,8 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_start (
nat_start (tc_h);
/* Start resolver service */
resolver_start (tc_h);
+ /* Start peerstore service */
+ peerstore_start (tc_h);
/* Schedule start communicator */
communicator_start (tc_h,
binary_name);
@@ -1098,6 +1142,7 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop (
shutdown_service (tc_h->sh);
shutdown_nat (tc_h->nat_proc);
shutdown_resolver (tc_h->resolver_proc);
+ shutdown_peerstore (tc_h->ps_proc);
GNUNET_CONFIGURATION_destroy (tc_h->cfg);
GNUNET_free (tc_h);
}