aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-02-09 23:00:25 +0100
committerChristian Grothoff <christian@grothoff.org>2019-02-09 23:00:25 +0100
commita9a0d8fde657e29ed0d254c47a1c942929c3570f (patch)
treeff43cb2f0ceaf7f782d64cd86925292f7b5b918a
parent25c5d5e5a0227f6557383f925c6925b28ab679d1 (diff)
downloadgnunet-a9a0d8fde657e29ed0d254c47a1c942929c3570f.tar.gz
gnunet-a9a0d8fde657e29ed0d254c47a1c942929c3570f.zip
fix #5554
-rw-r--r--src/transport/gnunet-communicator-tcp.c224
1 files changed, 112 insertions, 112 deletions
diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c
index 1d10b82e5..93f510be0 100644
--- a/src/transport/gnunet-communicator-tcp.c
+++ b/src/transport/gnunet-communicator-tcp.c
@@ -61,18 +61,18 @@
61 61
62/** 62/**
63 * How often do we rekey based on time (at least) 63 * How often do we rekey based on time (at least)
64 */ 64 */
65#define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS 65#define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
66 66
67/** 67/**
68 * How long do we wait until we must have received the initial KX? 68 * How long do we wait until we must have received the initial KX?
69 */ 69 */
70#define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES 70#define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
71 71
72/** 72/**
73 * How often do we rekey based on number of bytes transmitted? 73 * How often do we rekey based on number of bytes transmitted?
74 * (additionally randomized). 74 * (additionally randomized).
75 */ 75 */
76#define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU) 76#define REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
77 77
78/** 78/**
@@ -108,23 +108,23 @@ struct TcpHandshakeSignature
108 108
109 /** 109 /**
110 * Identity of the inititor of the TCP connection (TCP client). 110 * Identity of the inititor of the TCP connection (TCP client).
111 */ 111 */
112 struct GNUNET_PeerIdentity sender; 112 struct GNUNET_PeerIdentity sender;
113 113
114 /** 114 /**
115 * Presumed identity of the target of the TCP connection (TCP server) 115 * Presumed identity of the target of the TCP connection (TCP server)
116 */ 116 */
117 struct GNUNET_PeerIdentity receiver; 117 struct GNUNET_PeerIdentity receiver;
118 118
119 /** 119 /**
120 * Ephemeral key used by the @e sender. 120 * Ephemeral key used by the @e sender.
121 */ 121 */
122 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral; 122 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
123 123
124 /** 124 /**
125 * Monotonic time of @e sender, to possibly help detect replay attacks 125 * Monotonic time of @e sender, to possibly help detect replay attacks
126 * (if receiver persists times by sender). 126 * (if receiver persists times by sender).
127 */ 127 */
128 struct GNUNET_TIME_AbsoluteNBO monotonic_time; 128 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
129}; 129};
130 130
@@ -147,7 +147,7 @@ struct TCPConfirmation
147 /** 147 /**
148 * Monotonic time of @e sender, to possibly help detect replay attacks 148 * Monotonic time of @e sender, to possibly help detect replay attacks
149 * (if receiver persists times by sender). 149 * (if receiver persists times by sender).
150 */ 150 */
151 struct GNUNET_TIME_AbsoluteNBO monotonic_time; 151 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
152 152
153}; 153};
@@ -155,16 +155,16 @@ struct TCPConfirmation
155 155
156/** 156/**
157 * TCP message box. Always sent encrypted! 157 * TCP message box. Always sent encrypted!
158 */ 158 */
159struct TCPBox 159struct TCPBox
160{ 160{
161 161
162 /** 162 /**
163 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the 163 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX. Warning: the
164 * header size EXCLUDES the size of the `struct TCPBox`. We usually 164 * header size EXCLUDES the size of the `struct TCPBox`. We usually
165 * never do this, but here the payload may truly be 64k *after* the 165 * never do this, but here the payload may truly be 64k *after* the
166 * TCPBox (as we have no MTU)!! 166 * TCPBox (as we have no MTU)!!
167 */ 167 */
168 struct GNUNET_MessageHeader header; 168 struct GNUNET_MessageHeader header;
169 169
170 /** 170 /**
@@ -174,25 +174,25 @@ struct TCPBox
174 * attacks do not apply. Besides, due to the use of ephemeral keys 174 * attacks do not apply. Besides, due to the use of ephemeral keys
175 * (hopefully with effective replay protection from monotonic time!) 175 * (hopefully with effective replay protection from monotonic time!)
176 * the attacker is limited in using the oracle. 176 * the attacker is limited in using the oracle.
177 */ 177 */
178 struct GNUNET_ShortHashCode hmac; 178 struct GNUNET_ShortHashCode hmac;
179 179
180 /* followed by as may bytes of payload as indicated in @e header, 180 /* followed by as may bytes of payload as indicated in @e header,
181 excluding the TCPBox itself! */ 181 excluding the TCPBox itself! */
182 182
183}; 183};
184 184
185 185
186/** 186/**
187 * TCP rekey message box. Always sent encrypted! Data after 187 * TCP rekey message box. Always sent encrypted! Data after
188 * this message will use the new key. 188 * this message will use the new key.
189 */ 189 */
190struct TCPRekey 190struct TCPRekey
191{ 191{
192 192
193 /** 193 /**
194 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY. 194 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY.
195 */ 195 */
196 struct GNUNET_MessageHeader header; 196 struct GNUNET_MessageHeader header;
197 197
198 /** 198 /**
@@ -202,14 +202,14 @@ struct TCPRekey
202 * attacks do not apply. Besides, due to the use of ephemeral keys 202 * attacks do not apply. Besides, due to the use of ephemeral keys
203 * (hopefully with effective replay protection from monotonic time!) 203 * (hopefully with effective replay protection from monotonic time!)
204 * the attacker is limited in using the oracle. 204 * the attacker is limited in using the oracle.
205 */ 205 */
206 struct GNUNET_ShortHashCode hmac; 206 struct GNUNET_ShortHashCode hmac;
207 207
208 /** 208 /**
209 * New ephemeral key. 209 * New ephemeral key.
210 */ 210 */
211 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral; 211 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
212 212
213 /** 213 /**
214 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY 214 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY
215 */ 215 */
@@ -218,7 +218,7 @@ struct TCPRekey
218 /** 218 /**
219 * Monotonic time of @e sender, to possibly help detect replay attacks 219 * Monotonic time of @e sender, to possibly help detect replay attacks
220 * (if receiver persists times by sender). 220 * (if receiver persists times by sender).
221 */ 221 */
222 struct GNUNET_TIME_AbsoluteNBO monotonic_time; 222 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
223 223
224}; 224};
@@ -228,13 +228,13 @@ struct TCPRekey
228 * TCP finish. Sender asks for the connection to be closed. 228 * TCP finish. Sender asks for the connection to be closed.
229 * Needed/useful in case we drop RST/FIN packets on the GNUnet 229 * Needed/useful in case we drop RST/FIN packets on the GNUnet
230 * port due to the possibility of malicious RST/FIN injection. 230 * port due to the possibility of malicious RST/FIN injection.
231 */ 231 */
232struct TCPFinish 232struct TCPFinish
233{ 233{
234 234
235 /** 235 /**
236 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH. 236 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH.
237 */ 237 */
238 struct GNUNET_MessageHeader header; 238 struct GNUNET_MessageHeader header;
239 239
240 /** 240 /**
@@ -244,7 +244,7 @@ struct TCPFinish
244 * attacks do not apply. Besides, due to the use of ephemeral keys 244 * attacks do not apply. Besides, due to the use of ephemeral keys
245 * (hopefully with effective replay protection from monotonic time!) 245 * (hopefully with effective replay protection from monotonic time!)
246 * the attacker is limited in using the oracle. 246 * the attacker is limited in using the oracle.
247 */ 247 */
248 struct GNUNET_ShortHashCode hmac; 248 struct GNUNET_ShortHashCode hmac;
249 249
250}; 250};
@@ -271,7 +271,7 @@ struct Queue
271 271
272 /** 272 /**
273 * cipher for decryption of incoming data. 273 * cipher for decryption of incoming data.
274 */ 274 */
275 gcry_cipher_hd_t in_cipher; 275 gcry_cipher_hd_t in_cipher;
276 276
277 /** 277 /**
@@ -281,20 +281,20 @@ struct Queue
281 281
282 /** 282 /**
283 * Shared secret for HMAC verification on incoming data. 283 * Shared secret for HMAC verification on incoming data.
284 */ 284 */
285 struct GNUNET_HashCode in_hmac; 285 struct GNUNET_HashCode in_hmac;
286 286
287 /** 287 /**
288 * Shared secret for HMAC generation on outgoing data, ratcheted after 288 * Shared secret for HMAC generation on outgoing data, ratcheted after
289 * each operation. 289 * each operation.
290 */ 290 */
291 struct GNUNET_HashCode out_hmac; 291 struct GNUNET_HashCode out_hmac;
292 292
293 /** 293 /**
294 * Our ephemeral key. Stored here temporarily during rekeying / key generation. 294 * Our ephemeral key. Stored here temporarily during rekeying / key generation.
295 */ 295 */
296 struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral; 296 struct GNUNET_CRYPTO_EcdhePrivateKey ephemeral;
297 297
298 /** 298 /**
299 * ID of read task for this connection. 299 * ID of read task for this connection.
300 */ 300 */
@@ -309,7 +309,7 @@ struct Queue
309 * Address of the other peer. 309 * Address of the other peer.
310 */ 310 */
311 struct sockaddr *address; 311 struct sockaddr *address;
312 312
313 /** 313 /**
314 * How many more bytes may we sent with the current @e out_cipher 314 * How many more bytes may we sent with the current @e out_cipher
315 * before we should rekey? 315 * before we should rekey?
@@ -321,7 +321,7 @@ struct Queue
321 * before we should rekey? 321 * before we should rekey?
322 */ 322 */
323 struct GNUNET_TIME_Absolute rekey_time; 323 struct GNUNET_TIME_Absolute rekey_time;
324 324
325 /** 325 /**
326 * Length of the address. 326 * Length of the address.
327 */ 327 */
@@ -361,7 +361,7 @@ struct Queue
361 * Plaintext buffer for messages to be encrypted. 361 * Plaintext buffer for messages to be encrypted.
362 */ 362 */
363 char pwrite_buf[UINT16_MAX + 1 + sizeof (struct TCPBox)]; 363 char pwrite_buf[UINT16_MAX + 1 + sizeof (struct TCPBox)];
364 364
365 /** 365 /**
366 * At which offset in the ciphertext read buffer should we 366 * At which offset in the ciphertext read buffer should we
367 * append more ciphertext for transmission next? 367 * append more ciphertext for transmission next?
@@ -373,13 +373,13 @@ struct Queue
373 * append more ciphertext from reading next? 373 * append more ciphertext from reading next?
374 */ 374 */
375 size_t cwrite_off; 375 size_t cwrite_off;
376 376
377 /** 377 /**
378 * At which offset in the plaintext input buffer should we 378 * At which offset in the plaintext input buffer should we
379 * append more plaintext from decryption next? 379 * append more plaintext from decryption next?
380 */ 380 */
381 size_t pread_off; 381 size_t pread_off;
382 382
383 /** 383 /**
384 * At which offset in the plaintext output buffer should we 384 * At which offset in the plaintext output buffer should we
385 * append more plaintext for encryption next? 385 * append more plaintext for encryption next?
@@ -397,19 +397,19 @@ struct Queue
397 * them? If "large" (or even just non-zero), we should throttle 397 * them? If "large" (or even just non-zero), we should throttle
398 * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH 398 * reading to provide flow control. See also #DEFAULT_MAX_QUEUE_LENGTH
399 * and #max_queue_length. 399 * and #max_queue_length.
400 */ 400 */
401 unsigned int backpressure; 401 unsigned int backpressure;
402 402
403 /** 403 /**
404 * Which network type does this queue use? 404 * Which network type does this queue use?
405 */ 405 */
406 enum GNUNET_NetworkType nt; 406 enum GNUNET_NetworkType nt;
407 407
408 /** 408 /**
409 * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call? 409 * Is MQ awaiting a #GNUNET_MQ_impl_send_continue() call?
410 */ 410 */
411 int mq_awaits_continue; 411 int mq_awaits_continue;
412 412
413 /** 413 /**
414 * Did we enqueue a finish message and are closing down the queue? 414 * Did we enqueue a finish message and are closing down the queue?
415 */ 415 */
@@ -447,14 +447,14 @@ struct ProtoQueue
447 447
448 /** 448 /**
449 * Kept in a DLL. 449 * Kept in a DLL.
450 */ 450 */
451 struct ProtoQueue *next; 451 struct ProtoQueue *next;
452 452
453 /** 453 /**
454 * Kept in a DLL. 454 * Kept in a DLL.
455 */ 455 */
456 struct ProtoQueue *prev; 456 struct ProtoQueue *prev;
457 457
458 /** 458 /**
459 * socket that we transmit all data with on this queue 459 * socket that we transmit all data with on this queue
460 */ 460 */
@@ -480,15 +480,15 @@ struct ProtoQueue
480 */ 480 */
481 struct GNUNET_TIME_Absolute timeout; 481 struct GNUNET_TIME_Absolute timeout;
482 482
483 /** 483 /**
484 * Buffer for reading all the information we need to upgrade from 484 * Buffer for reading all the information we need to upgrade from
485 * protoqueue to queue. 485 * protoqueue to queue.
486 */ 486 */
487 char ibuf[INITIAL_KX_SIZE]; 487 char ibuf[INITIAL_KX_SIZE];
488 488
489 /** 489 /**
490 * Current offset for reading into @e ibuf. 490 * Current offset for reading into @e ibuf.
491 */ 491 */
492 size_t ibuf_off; 492 size_t ibuf_off;
493}; 493};
494 494
@@ -550,12 +550,12 @@ static struct GNUNET_NAT_Handle *nat;
550 550
551/** 551/**
552 * Protoqueues DLL head. 552 * Protoqueues DLL head.
553 */ 553 */
554static struct ProtoQueue *proto_head; 554static struct ProtoQueue *proto_head;
555 555
556/** 556/**
557 * Protoqueues DLL tail. 557 * Protoqueues DLL tail.
558 */ 558 */
559static struct ProtoQueue *proto_tail; 559static struct ProtoQueue *proto_tail;
560 560
561 561
@@ -638,10 +638,10 @@ queue_destroy (struct Queue *queue)
638 * @param smac[out] where to write the HMAC 638 * @param smac[out] where to write the HMAC
639 */ 639 */
640static void 640static void
641hmac (struct GNUNET_HashCode *hmac_secret, 641calculate_hmac (struct GNUNET_HashCode *hmac_secret,
642 const void *buf, 642 const void *buf,
643 size_t buf_size, 643 size_t buf_size,
644 struct GNUNET_ShortHashCode *smac) 644 struct GNUNET_ShortHashCode *smac)
645{ 645{
646 struct GNUNET_HashCode mac; 646 struct GNUNET_HashCode mac;
647 647
@@ -677,11 +677,11 @@ queue_finish (struct Queue *queue)
677 sizeof (fin)); 677 sizeof (fin));
678 fin.header.size = htons (sizeof (fin)); 678 fin.header.size = htons (sizeof (fin));
679 fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH); 679 fin.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH);
680 hmac (&queue->out_hmac, 680 calculate_hmac (&queue->out_hmac,
681 &fin, 681 &fin,
682 sizeof (fin), 682 sizeof (fin),
683 &fin.hmac); 683 &fin.hmac);
684 /* if there is any message left in pwrite_buf, we 684 /* if there is any message left in pwrite_buf, we
685 overwrite it (possibly dropping the last message 685 overwrite it (possibly dropping the last message
686 from CORE hard here) */ 686 from CORE hard here) */
687 memcpy (queue->pwrite_buf, 687 memcpy (queue->pwrite_buf,
@@ -765,7 +765,7 @@ core_read_finished_cb (void *cls,
765 * @param queue the queue that received the plaintext 765 * @param queue the queue that received the plaintext
766 * @param plaintext the plaintext that was received 766 * @param plaintext the plaintext that was received
767 * @param plaintext_len number of bytes of plaintext received 767 * @param plaintext_len number of bytes of plaintext received
768 */ 768 */
769static void 769static void
770pass_plaintext_to_core (struct Queue *queue, 770pass_plaintext_to_core (struct Queue *queue,
771 const void *plaintext, 771 const void *plaintext,
@@ -869,7 +869,7 @@ setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
869 struct Queue *queue) 869 struct Queue *queue)
870{ 870{
871 struct GNUNET_HashCode dh; 871 struct GNUNET_HashCode dh;
872 872
873 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, 873 GNUNET_CRYPTO_eddsa_ecdh (my_private_key,
874 ephemeral, 874 ephemeral,
875 &dh); 875 &dh);
@@ -878,7 +878,7 @@ setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
878 &queue->in_cipher, 878 &queue->in_cipher,
879 &queue->in_hmac); 879 &queue->in_hmac);
880} 880}
881 881
882 882
883/** 883/**
884 * Handle @a rekey message on @a queue. The message was already 884 * Handle @a rekey message on @a queue. The message was already
@@ -887,7 +887,7 @@ setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
887 * 887 *
888 * @param queue the queue @a rekey was received on 888 * @param queue the queue @a rekey was received on
889 * @param rekey the rekey message 889 * @param rekey the rekey message
890 */ 890 */
891static void 891static void
892do_rekey (struct Queue *queue, 892do_rekey (struct Queue *queue,
893 const struct TCPRekey *rekey) 893 const struct TCPRekey *rekey)
@@ -923,7 +923,7 @@ do_rekey (struct Queue *queue,
923 * 923 *
924 * @param queue queue to process inbound plaintext for 924 * @param queue queue to process inbound plaintext for
925 * @return number of bytes of plaintext handled, 0 for none 925 * @return number of bytes of plaintext handled, 0 for none
926 */ 926 */
927static size_t 927static size_t
928try_handle_plaintext (struct Queue *queue) 928try_handle_plaintext (struct Queue *queue)
929{ 929{
@@ -950,10 +950,10 @@ try_handle_plaintext (struct Queue *queue)
950 /* Special case: header size excludes box itself! */ 950 /* Special case: header size excludes box itself! */
951 if (ntohs (hdr->size) + sizeof (struct TCPBox) > queue->pread_off) 951 if (ntohs (hdr->size) + sizeof (struct TCPBox) > queue->pread_off)
952 return 0; 952 return 0;
953 hmac (&queue->in_hmac, 953 calculate_hmac (&queue->in_hmac,
954 &box[1], 954 &box[1],
955 ntohs (hdr->size), 955 ntohs (hdr->size),
956 &tmac); 956 &tmac);
957 if (0 != memcmp (&tmac, 957 if (0 != memcmp (&tmac,
958 &box->hmac, 958 &box->hmac,
959 sizeof (tmac))) 959 sizeof (tmac)))
@@ -980,10 +980,10 @@ try_handle_plaintext (struct Queue *queue)
980 memset (&rekeyz.hmac, 980 memset (&rekeyz.hmac,
981 0, 981 0,
982 sizeof (rekeyz.hmac)); 982 sizeof (rekeyz.hmac));
983 hmac (&queue->in_hmac, 983 calculate_hmac (&queue->in_hmac,
984 &rekeyz, 984 &rekeyz,
985 sizeof (rekeyz), 985 sizeof (rekeyz),
986 &tmac); 986 &tmac);
987 if (0 != memcmp (&tmac, 987 if (0 != memcmp (&tmac,
988 &box->hmac, 988 &box->hmac,
989 sizeof (tmac))) 989 sizeof (tmac)))
@@ -1009,10 +1009,10 @@ try_handle_plaintext (struct Queue *queue)
1009 memset (&finz.hmac, 1009 memset (&finz.hmac,
1010 0, 1010 0,
1011 sizeof (finz.hmac)); 1011 sizeof (finz.hmac));
1012 hmac (&queue->in_hmac, 1012 calculate_hmac (&queue->in_hmac,
1013 &rekeyz, 1013 &rekeyz,
1014 sizeof (rekeyz), 1014 sizeof (rekeyz),
1015 &tmac); 1015 &tmac);
1016 if (0 != memcmp (&tmac, 1016 if (0 != memcmp (&tmac,
1017 &fin->hmac, 1017 &fin->hmac,
1018 sizeof (tmac))) 1018 sizeof (tmac)))
@@ -1078,7 +1078,7 @@ queue_read (void *cls)
1078 queue->cread_off); 1078 queue->cread_off);
1079 size_t done; 1079 size_t done;
1080 size_t total; 1080 size_t total;
1081 1081
1082 GNUNET_assert (0 == 1082 GNUNET_assert (0 ==
1083 gcry_cipher_decrypt (queue->in_cipher, 1083 gcry_cipher_decrypt (queue->in_cipher,
1084 &queue->pread_buf[queue->pread_off], 1084 &queue->pread_buf[queue->pread_off],
@@ -1088,7 +1088,7 @@ queue_read (void *cls)
1088 queue->pread_off += max; 1088 queue->pread_off += max;
1089 total = 0; 1089 total = 0;
1090 while ( (GNUNET_NO == queue->rekeyed) && 1090 while ( (GNUNET_NO == queue->rekeyed) &&
1091 (0 != (done = try_handle_plaintext (queue))) ) 1091 (0 != (done = try_handle_plaintext (queue))) )
1092 { 1092 {
1093 /* 'done' bytes of plaintext were used, shift buffer */ 1093 /* 'done' bytes of plaintext were used, shift buffer */
1094 GNUNET_assert (done <= queue->pread_off); 1094 GNUNET_assert (done <= queue->pread_off);
@@ -1114,13 +1114,13 @@ queue_read (void *cls)
1114 memmove (queue->cread_buf, 1114 memmove (queue->cread_buf,
1115 &queue->cread_buf[max], 1115 &queue->cread_buf[max],
1116 queue->cread_off - max); 1116 queue->cread_off - max);
1117 queue->cread_off -= max; 1117 queue->cread_off -= max;
1118 } 1118 }
1119 1119
1120 if (BUF_SIZE == queue->cread_off) 1120 if (BUF_SIZE == queue->cread_off)
1121 return; /* buffer full, suspend reading */ 1121 return; /* buffer full, suspend reading */
1122 left = GNUNET_TIME_absolute_get_remaining (queue->timeout); 1122 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1123 if (0 != left.rel_value_us) 1123 if (0 != left.rel_value_us)
1124 { 1124 {
1125 if (max_queue_length < queue->backpressure) 1125 if (max_queue_length < queue->backpressure)
1126 { 1126 {
@@ -1158,7 +1158,7 @@ tcp_address_to_sockaddr (const char *bindto,
1158 char dummy[2]; 1158 char dummy[2];
1159 char *colon; 1159 char *colon;
1160 char *cp; 1160 char *cp;
1161 1161
1162 if (1 == SSCANF (bindto, 1162 if (1 == SSCANF (bindto,
1163 "%u%1s", 1163 "%u%1s",
1164 &port, 1164 &port,
@@ -1180,7 +1180,7 @@ tcp_address_to_sockaddr (const char *bindto,
1180 "DISABLE_V6")) 1180 "DISABLE_V6"))
1181 { 1181 {
1182 struct sockaddr_in *i4; 1182 struct sockaddr_in *i4;
1183 1183
1184 i4 = GNUNET_malloc (sizeof (struct sockaddr_in)); 1184 i4 = GNUNET_malloc (sizeof (struct sockaddr_in));
1185 i4->sin_family = AF_INET; 1185 i4->sin_family = AF_INET;
1186 i4->sin_port = htons ((uint16_t) port); 1186 i4->sin_port = htons ((uint16_t) port);
@@ -1190,7 +1190,7 @@ tcp_address_to_sockaddr (const char *bindto,
1190 else 1190 else
1191 { 1191 {
1192 struct sockaddr_in6 *i6; 1192 struct sockaddr_in6 *i6;
1193 1193
1194 i6 = GNUNET_malloc (sizeof (struct sockaddr_in6)); 1194 i6 = GNUNET_malloc (sizeof (struct sockaddr_in6));
1195 i6->sin6_family = AF_INET6; 1195 i6->sin6_family = AF_INET6;
1196 i6->sin6_port = htons ((uint16_t) port); 1196 i6->sin6_port = htons ((uint16_t) port);
@@ -1291,7 +1291,7 @@ static void
1291setup_out_cipher (struct Queue *queue) 1291setup_out_cipher (struct Queue *queue)
1292{ 1292{
1293 struct GNUNET_HashCode dh; 1293 struct GNUNET_HashCode dh;
1294 1294
1295 GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral, 1295 GNUNET_CRYPTO_ecdh_eddsa (&queue->ephemeral,
1296 &queue->target.public_key, 1296 &queue->target.public_key,
1297 &dh); 1297 &dh);
@@ -1303,7 +1303,7 @@ setup_out_cipher (struct Queue *queue)
1303 &queue->target, 1303 &queue->target,
1304 &queue->out_cipher, 1304 &queue->out_cipher,
1305 &queue->out_hmac); 1305 &queue->out_hmac);
1306 1306
1307 queue->rekey_time = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL); 1307 queue->rekey_time = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL);
1308 queue->rekey_left_bytes = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, 1308 queue->rekey_left_bytes = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
1309 REKEY_MAX_BYTES); 1309 REKEY_MAX_BYTES);
@@ -1315,13 +1315,13 @@ setup_out_cipher (struct Queue *queue)
1315 * buffer. 1315 * buffer.
1316 * 1316 *
1317 * @param queue queue to perform rekeying on 1317 * @param queue queue to perform rekeying on
1318 */ 1318 */
1319static void 1319static void
1320inject_rekey (struct Queue *queue) 1320inject_rekey (struct Queue *queue)
1321{ 1321{
1322 struct TCPRekey rekey; 1322 struct TCPRekey rekey;
1323 struct TcpHandshakeSignature thp; 1323 struct TcpHandshakeSignature thp;
1324 1324
1325 GNUNET_assert (0 == queue->pwrite_off); 1325 GNUNET_assert (0 == queue->pwrite_off);
1326 memset (&rekey, 1326 memset (&rekey,
1327 0, 1327 0,
@@ -1343,10 +1343,10 @@ inject_rekey (struct Queue *queue)
1343 GNUNET_CRYPTO_eddsa_sign (my_private_key, 1343 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1344 &thp.purpose, 1344 &thp.purpose,
1345 &rekey.sender_sig)); 1345 &rekey.sender_sig));
1346 hmac (&queue->out_hmac, 1346 calculate_hmac (&queue->out_hmac,
1347 &rekey, 1347 &rekey,
1348 sizeof (rekey), 1348 sizeof (rekey),
1349 &rekey.hmac); 1349 &rekey.hmac);
1350 memcpy (queue->pwrite_buf, 1350 memcpy (queue->pwrite_buf,
1351 &rekey, 1351 &rekey,
1352 sizeof (rekey)); 1352 sizeof (rekey));
@@ -1357,11 +1357,11 @@ inject_rekey (struct Queue *queue)
1357/** 1357/**
1358 * We encrypted the rekey message, now update actually swap the key 1358 * We encrypted the rekey message, now update actually swap the key
1359 * material and update the key freshness parameters of @a queue. 1359 * material and update the key freshness parameters of @a queue.
1360 */ 1360 */
1361static void 1361static void
1362switch_key (struct Queue *queue) 1362switch_key (struct Queue *queue)
1363{ 1363{
1364 queue->rekey_state = GNUNET_NO; 1364 queue->rekey_state = GNUNET_NO;
1365 gcry_cipher_close (queue->out_cipher); 1365 gcry_cipher_close (queue->out_cipher);
1366 setup_out_cipher (queue); 1366 setup_out_cipher (queue);
1367} 1367}
@@ -1390,7 +1390,7 @@ queue_write (void *cls)
1390 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, 1390 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
1391 "send"); 1391 "send");
1392 queue_destroy (queue); 1392 queue_destroy (queue);
1393 return; 1393 return;
1394 } 1394 }
1395 if (sent > 0) 1395 if (sent > 0)
1396 { 1396 {
@@ -1441,7 +1441,7 @@ queue_write (void *cls)
1441 } 1441 }
1442 /* do we care to write more? */ 1442 /* do we care to write more? */
1443 if (0 < queue->cwrite_off) 1443 if (0 < queue->cwrite_off)
1444 queue->write_task 1444 queue->write_task
1445 = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, 1445 = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
1446 queue->sock, 1446 queue->sock,
1447 &queue_write, 1447 &queue_write,
@@ -1472,10 +1472,10 @@ mq_send (struct GNUNET_MQ_Handle *mq,
1472 GNUNET_assert (0 == queue->pread_off); 1472 GNUNET_assert (0 == queue->pread_off);
1473 box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX); 1473 box.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX);
1474 box.header.size = htons (msize); 1474 box.header.size = htons (msize);
1475 hmac (&queue->out_hmac, 1475 calculate_hmac (&queue->out_hmac,
1476 msg, 1476 msg,
1477 msize, 1477 msize,
1478 &box.hmac); 1478 &box.hmac);
1479 memcpy (&queue->pread_buf[queue->pread_off], 1479 memcpy (&queue->pread_buf[queue->pread_off],
1480 &box, 1480 &box,
1481 sizeof (box)); 1481 sizeof (box));
@@ -1562,7 +1562,7 @@ mq_error (void *cls,
1562 * be called after the KX for outgoing messages has been bootstrapped. 1562 * be called after the KX for outgoing messages has been bootstrapped.
1563 * 1563 *
1564 * @param queue queue to boot 1564 * @param queue queue to boot
1565 */ 1565 */
1566static void 1566static void
1567boot_queue (struct Queue *queue, 1567boot_queue (struct Queue *queue,
1568 enum GNUNET_TRANSPORT_ConnectionStatus cs) 1568 enum GNUNET_TRANSPORT_ConnectionStatus cs)
@@ -1668,7 +1668,7 @@ transmit_kx (struct Queue *queue,
1668 1668
1669 1669
1670/** 1670/**
1671 * Initialize our key material for outgoing transmissions and 1671 * Initialize our key material for outgoing transmissions and
1672 * inform the other peer about it. Must be called first before 1672 * inform the other peer about it. Must be called first before
1673 * any data is sent. 1673 * any data is sent.
1674 * 1674 *
@@ -1680,7 +1680,7 @@ start_initial_kx_out (struct Queue *queue)
1680 struct GNUNET_CRYPTO_EcdhePublicKey epub; 1680 struct GNUNET_CRYPTO_EcdhePublicKey epub;
1681 1681
1682 GNUNET_assert (GNUNET_OK == 1682 GNUNET_assert (GNUNET_OK ==
1683 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral)); 1683 GNUNET_CRYPTO_ecdhe_key_create2 (&queue->ephemeral));
1684 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral, 1684 GNUNET_CRYPTO_ecdhe_key_get_public (&queue->ephemeral,
1685 &epub); 1685 &epub);
1686 setup_out_cipher (queue); 1686 setup_out_cipher (queue);
@@ -1696,7 +1696,7 @@ start_initial_kx_out (struct Queue *queue)
1696 * 1696 *
1697 * @param queue queue to decrypt initial bytes from other peer for 1697 * @param queue queue to decrypt initial bytes from other peer for
1698 * @param tc[out] where to store the result 1698 * @param tc[out] where to store the result
1699 * @param ibuf incoming data, of size 1699 * @param ibuf incoming data, of size
1700 * `INITIAL_KX_SIZE` 1700 * `INITIAL_KX_SIZE`
1701 * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not 1701 * @return #GNUNET_OK if the signature was OK, #GNUNET_SYSERR if not
1702 */ 1702 */
@@ -1706,7 +1706,7 @@ decrypt_and_check_tc (struct Queue *queue,
1706 char *ibuf) 1706 char *ibuf)
1707{ 1707{
1708 struct TcpHandshakeSignature ths; 1708 struct TcpHandshakeSignature ths;
1709 1709
1710 GNUNET_assert (0 == 1710 GNUNET_assert (0 ==
1711 gcry_cipher_decrypt (queue->in_cipher, 1711 gcry_cipher_decrypt (queue->in_cipher,
1712 tc, 1712 tc,
@@ -1732,7 +1732,7 @@ decrypt_and_check_tc (struct Queue *queue,
1732 * Closes socket and frees memory associated with @a pq. 1732 * Closes socket and frees memory associated with @a pq.
1733 * 1733 *
1734 * @param pq proto queue to free 1734 * @param pq proto queue to free
1735 */ 1735 */
1736static void 1736static void
1737free_proto_queue (struct ProtoQueue *pq) 1737free_proto_queue (struct ProtoQueue *pq)
1738{ 1738{
@@ -1743,7 +1743,7 @@ free_proto_queue (struct ProtoQueue *pq)
1743 pq); 1743 pq);
1744 GNUNET_free (pq); 1744 GNUNET_free (pq);
1745} 1745}
1746 1746
1747 1747
1748/** 1748/**
1749 * Read from the socket of the proto queue until we have enough data 1749 * Read from the socket of the proto queue until we have enough data
@@ -1759,7 +1759,7 @@ proto_read_kx (void *cls)
1759 struct GNUNET_TIME_Relative left; 1759 struct GNUNET_TIME_Relative left;
1760 struct Queue *queue; 1760 struct Queue *queue;
1761 struct TCPConfirmation tc; 1761 struct TCPConfirmation tc;
1762 1762
1763 pq->read_task = NULL; 1763 pq->read_task = NULL;
1764 left = GNUNET_TIME_absolute_get_remaining (pq->timeout); 1764 left = GNUNET_TIME_absolute_get_remaining (pq->timeout);
1765 if (0 == left.rel_value_us) 1765 if (0 == left.rel_value_us)
@@ -1785,7 +1785,7 @@ proto_read_kx (void *cls)
1785 pq->sock, 1785 pq->sock,
1786 &proto_read_kx, 1786 &proto_read_kx,
1787 pq); 1787 pq);
1788 return; 1788 return;
1789 } 1789 }
1790 pq->ibuf_off += rcvd; 1790 pq->ibuf_off += rcvd;
1791 if (pq->ibuf_off > sizeof (pq->ibuf)) 1791 if (pq->ibuf_off > sizeof (pq->ibuf))
@@ -1813,7 +1813,7 @@ proto_read_kx (void *cls)
1813 gcry_cipher_close (queue->in_cipher); 1813 gcry_cipher_close (queue->in_cipher);
1814 GNUNET_free (queue); 1814 GNUNET_free (queue);
1815 free_proto_queue (pq); 1815 free_proto_queue (pq);
1816 return; 1816 return;
1817 } 1817 }
1818 queue->address = pq->address; /* steals reference */ 1818 queue->address = pq->address; /* steals reference */
1819 queue->address_len = pq->address_len; 1819 queue->address_len = pq->address_len;
@@ -1905,7 +1905,7 @@ queue_read_kx (void *cls)
1905 ssize_t rcvd; 1905 ssize_t rcvd;
1906 struct GNUNET_TIME_Relative left; 1906 struct GNUNET_TIME_Relative left;
1907 struct TCPConfirmation tc; 1907 struct TCPConfirmation tc;
1908 1908
1909 queue->read_task = NULL; 1909 queue->read_task = NULL;
1910 left = GNUNET_TIME_absolute_get_remaining (queue->timeout); 1910 left = GNUNET_TIME_absolute_get_remaining (queue->timeout);
1911 if (0 == left.rel_value_us) 1911 if (0 == left.rel_value_us)
@@ -1980,7 +1980,7 @@ queue_read_kx (void *cls)
1980 queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read, 1980 queue->read_task = GNUNET_SCHEDULER_add_now (&queue_read,
1981 queue); 1981 queue);
1982} 1982}
1983 1983
1984 1984
1985/** 1985/**
1986 * Function called by the transport service to initialize a 1986 * Function called by the transport service to initialize a
@@ -2009,7 +2009,7 @@ mq_init (void *cls,
2009 struct sockaddr *in; 2009 struct sockaddr *in;
2010 socklen_t in_len; 2010 socklen_t in_len;
2011 struct GNUNET_NETWORK_Handle *sock; 2011 struct GNUNET_NETWORK_Handle *sock;
2012 2012
2013 if (0 != strncmp (address, 2013 if (0 != strncmp (address,
2014 COMMUNICATOR_ADDRESS_PREFIX "-", 2014 COMMUNICATOR_ADDRESS_PREFIX "-",
2015 strlen (COMMUNICATOR_ADDRESS_PREFIX "-"))) 2015 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
@@ -2020,7 +2020,7 @@ mq_init (void *cls,
2020 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")]; 2020 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
2021 in = tcp_address_to_sockaddr (path, 2021 in = tcp_address_to_sockaddr (path,
2022 &in_len); 2022 &in_len);
2023 2023
2024 sock = GNUNET_NETWORK_socket_create (in->sa_family, 2024 sock = GNUNET_NETWORK_socket_create (in->sa_family,
2025 SOCK_STREAM, 2025 SOCK_STREAM,
2026 IPPROTO_TCP); 2026 IPPROTO_TCP);
@@ -2048,7 +2048,7 @@ mq_init (void *cls,
2048 } 2048 }
2049 2049
2050 queue = GNUNET_new (struct Queue); 2050 queue = GNUNET_new (struct Queue);
2051 queue->target = *peer; 2051 queue->target = *peer;
2052 queue->address = in; 2052 queue->address = in;
2053 queue->address_len = in_len; 2053 queue->address_len = in_len;
2054 queue->sock = sock; 2054 queue->sock = sock;
@@ -2069,7 +2069,7 @@ mq_init (void *cls,
2069 return GNUNET_NO; 2069 return GNUNET_NO;
2070 } 2070 }
2071 start_initial_kx_out (queue); 2071 start_initial_kx_out (queue);
2072 return GNUNET_OK; 2072 return GNUNET_OK;
2073} 2073}
2074 2074
2075 2075
@@ -2177,7 +2177,7 @@ enc_notify_cb (void *cls,
2177 * @param cls closure 2177 * @param cls closure
2178 * @param app_ctx[in,out] location where the app can store stuff 2178 * @param app_ctx[in,out] location where the app can store stuff
2179 * on add and retrieve it on remove 2179 * on add and retrieve it on remove
2180 * @param add_remove #GNUNET_YES to add a new public IP address, 2180 * @param add_remove #GNUNET_YES to add a new public IP address,
2181 * #GNUNET_NO to remove a previous (now invalid) one 2181 * #GNUNET_NO to remove a previous (now invalid) one
2182 * @param ac address class the address belongs to 2182 * @param ac address class the address belongs to
2183 * @param addr either the previous or the new public IP address 2183 * @param addr either the previous or the new public IP address
@@ -2205,7 +2205,7 @@ nat_address_cb (void *cls,
2205 addrlen)); 2205 addrlen));
2206 nt = GNUNET_NT_scanner_get_type (is, 2206 nt = GNUNET_NT_scanner_get_type (is,
2207 addr, 2207 addr,
2208 addrlen); 2208 addrlen);
2209 ai = GNUNET_TRANSPORT_communicator_address_add (ch, 2209 ai = GNUNET_TRANSPORT_communicator_address_add (ch,
2210 my_addr, 2210 my_addr,
2211 nt, 2211 nt,
@@ -2241,7 +2241,7 @@ run (void *cls,
2241 socklen_t in_len; 2241 socklen_t in_len;
2242 struct sockaddr_storage in_sto; 2242 struct sockaddr_storage in_sto;
2243 socklen_t sto_len; 2243 socklen_t sto_len;
2244 2244
2245 (void) cls; 2245 (void) cls;
2246 cfg = c; 2246 cfg = c;
2247 if (GNUNET_OK != 2247 if (GNUNET_OK !=