- refactor kx handling

4 files changed, 99 insertions, 157 deletions

diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h
index dc91af304..1c0a1a89f 100644
--- a/src/cadet/cadet_protocol.h
+++ b/src/cadet/cadet_protocol.h
@@ -72,6 +72,7 @@ struct GNUNET_CADET_ConnectionCreate
   /* struct GNUNET_PeerIdentity peers[path_length]; */
 };
 
+
 /**
  * Message for ack'ing a connection
  */
@@ -109,6 +110,26 @@ struct GNUNET_CADET_KX
 };
 
 
+
+/**
+ * Message for encapsulation of a Key eXchange message in a connection.
+ */
+struct GNUNET_CADET_AX_KX
+{
+  /**
+   * Type: GNUNET_MESSAGE_TYPE_CADET_AX_KX.
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Ephemeral public ECC key (always for NIST P-521) encoded in a format
+   * suitable for network transmission as created using 'gcry_sexp_sprint'.
+   */
+  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
+
+};
+
+
 /**
  * Message transmitted with the signed ephemeral key of a peer.  The
  * session key is then derived from the two ephemeral keys (ECDHE).
diff --git a/src/cadet/gnunet-service-cadet_connection.c b/src/cadet/gnunet-service-cadet_connection.c
index 957c81f6b..10acee8f9 100644
--- a/src/cadet/gnunet-service-cadet_connection.c
+++ b/src/cadet/gnunet-service-cadet_connection.c
@@ -2296,71 +2296,20 @@ handle_cadet_encrypted (const struct GNUNET_PeerIdentity *peer,
  */
 static int
 handle_cadet_kx (const struct GNUNET_PeerIdentity *peer,
-                const struct GNUNET_CADET_KX *msg)
+                 const struct GNUNET_CADET_KX *msg)
 {
+  const struct GNUNET_CADET_Hash* cid;
   struct CadetConnection *c;
-  struct CadetPeer *neighbor;
-  GNUNET_PEER_Id peer_id;
-  size_t size;
+  size_t expected_size;
   int fwd;
 
-  log_message (&msg->header, peer, &msg->cid);
-
-  /* Check size */
-  size = ntohs (msg->header.size);
-  if (size <
-      sizeof (struct GNUNET_CADET_KX) +
-      sizeof (struct GNUNET_MessageHeader))
-  {
-    GNUNET_break_op (0);
-    return GNUNET_OK;
-  }
-
-  /* Check connection */
-  c = connection_get (&msg->cid);
-  if (NULL == c)
-  {
-    GNUNET_STATISTICS_update (stats, "# unknown connection", 1, GNUNET_NO);
-    LOG (GNUNET_ERROR_TYPE_DEBUG, "kx on unknown connection %s\n",
-         GNUNET_h2s (GC_h2hc (&msg->cid)));
-    send_broken_unknown (&msg->cid, &my_full_id, NULL, peer);
-    return GNUNET_OK;
-  }
-  LOG (GNUNET_ERROR_TYPE_DEBUG, " on connection %s\n", GCC_2s (c));
-
-  /* Check if origin is as expected */
-  neighbor = get_prev_hop (c);
-  peer_id = GNUNET_PEER_search (peer);
-  if (peer_id == GCP_get_short_id (neighbor))
-  {
-    fwd = GNUNET_YES;
-  }
-  else
-  {
-    neighbor = get_next_hop (c);
-    if (peer_id == GCP_get_short_id (neighbor))
-    {
-      fwd = GNUNET_NO;
-    }
-    else
-    {
-      /* Unexpected peer sending traffic on a connection. */
-      GNUNET_break_op (0);
-      return GNUNET_OK;
-    }
-  }
+  cid = &msg->cid;
+  log_message (&msg->header, peer, cid);
 
-  /* Count as connection confirmation. */
-  if (CADET_CONNECTION_SENT == c->state || CADET_CONNECTION_ACK == c->state)
-  {
-    connection_change_state (c, CADET_CONNECTION_READY);
-    if (NULL != c->t)
-    {
-      if (CADET_TUNNEL_WAITING == GCT_get_cstate (c->t))
-        GCT_change_cstate (c->t, CADET_TUNNEL_READY);
-    }
-  }
-  connection_reset_timeout (c, fwd);
+  expected_size = sizeof (struct GNUNET_CADET_KX)
+                  + sizeof (struct GNUNET_MessageHeader);
+  c = connection_get (cid);
+  fwd = check_message (&msg->header, expected_size, cid, c, peer, 0);
 
   /* Is this message for us? */
   if (GCC_is_terminal (c, fwd))
@@ -2423,93 +2372,6 @@ GCC_handle_encrypted (void *cls, const struct GNUNET_PeerIdentity *peer,
 
 
 /**
- * Core handler for axolotl key exchange traffic.
- *
- * @param cls Closure (unused).
- * @param message Message received.
- * @param peer Neighbor who sent the message.
- *
- * @return GNUNET_OK, to keep the connection open.
- */
-int
-GCC_handle_ax_kx (void *cls, const struct GNUNET_PeerIdentity *peer,
-                  const struct GNUNET_MessageHeader *message)
-{
-  const struct GNUNET_CADET_AX *msg;
-  struct CadetConnection *c;
-  size_t expected_size;
-  uint32_t pid;
-  uint32_t ttl;
-  int fwd;
-
-  msg = (struct GNUNET_CADET_AX *) message;
-  log_message (message, peer, &msg->cid);
-
-  expected_size = sizeof (struct GNUNET_CADET_AX)
-                  + sizeof (struct GNUNET_MessageHeader);
-  c = connection_get (&msg->cid);
-  pid = ntohl (msg->pid);
-  fwd = check_message (message, expected_size, c, peer, pid);
-
-  /* If something went wrong, discard message. */
-  if (GNUNET_SYSERR == fwd)
-    return GNUNET_OK;
-
-  /* Is this message for us? */
-  if (GCC_is_terminal (c, fwd))
-  {
-    GNUNET_STATISTICS_update (stats, "# messages received", 1, GNUNET_NO);
-
-    if (NULL == c->t)
-    {
-      GNUNET_break (GNUNET_NO != c->destroy);
-      return GNUNET_OK;
-    }
-    GCT_handle_encrypted (c->t, message);
-    GCC_send_ack (c, fwd, GNUNET_NO);
-    return GNUNET_OK;
-  }
-
-  /* Message not for us: forward to next hop */
-  ttl = ntohl (msg->ttl);
-  LOG (GNUNET_ERROR_TYPE_DEBUG, " forwarding, ttl: %u\n", ttl);
-  if (ttl == 0)
-  {
-    GNUNET_STATISTICS_update (stats, "# TTL drops", 1, GNUNET_NO);
-    LOG (GNUNET_ERROR_TYPE_WARNING, " TTL is 0, DROPPING!\n");
-    GCC_send_ack (c, fwd, GNUNET_NO);
-    return GNUNET_OK;
-  }
-
-  GNUNET_STATISTICS_update (stats, "# messages forwarded", 1, GNUNET_NO);
-  GNUNET_assert (NULL == GCC_send_prebuilt_message (&msg->header, 0, 0, c, fwd,
-                                                    GNUNET_NO, NULL, NULL));
-
-
-
-  return GNUNET_OK;
-}
-
-
-
-/**
- * Core handler for axolotl encrypted cadet network traffic.
- *
- * @param cls Closure (unused).
- * @param message Message received.
- * @param peer Neighbor who sent the message.
- *
- * @return GNUNET_OK, to keep the connection open.
- */
-int
-GCC_handle_ax (void *cls, const struct GNUNET_PeerIdentity *peer,
-               struct GNUNET_MessageHeader *message)
-{
-  return handle_cadet_encrypted (peer, message);
-}
-
-
-/**
  * Core handler for cadet network traffic point-to-point acks.
  *
  * @param cls closure
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c
index 1462c5daa..272da9b4e 100644
--- a/src/cadet/gnunet-service-cadet_peer.c
+++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -483,9 +483,7 @@ static struct GNUNET_CORE_MessageHandler core_handlers[] = {
   {&GCC_handle_poll, GNUNET_MESSAGE_TYPE_CADET_POLL,
     sizeof (struct GNUNET_CADET_Poll)},
   {&GCC_handle_kx, GNUNET_MESSAGE_TYPE_CADET_KX, 0},
-  {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0},
-  {&GCC_handle_ax_kx, GNUNET_MESSAGE_TYPE_CADET_AX_KX, 0},  {NULL, 0, 0},
-  {&GCC_handle_ax, GNUNET_MESSAGE_TYPE_CADET_AX, 0}
+  {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0}
 };
 
 
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c
index ac49a5cad..577549f06 100644
--- a/src/cadet/gnunet-service-cadet_tunnel.c
+++ b/src/cadet/gnunet-service-cadet_tunnel.c
@@ -135,6 +135,21 @@ struct CadetTunnelKXCtx
   struct GNUNET_SCHEDULER_Task * finish_task;
 };
 
+/**
+ * Encryption systems possible.
+ */
+enum CadetTunnelEncryption
+{
+  /**
+   * Default Axolotl system.
+   */
+  CADET_Axolotl,
+
+  /**
+   * Fallback OTR-style encryption.
+   */
+  CADET_Fallback
+};
 
 struct CadetTunnelSkippedKey
 {
@@ -177,14 +192,24 @@ struct CadetTunnelAxolotl
  */
 struct CadetTunnel
 {
-    /**
-     * Endpoint of the tunnel.
-     */
+  /**
+   * Endpoint of the tunnel.
+   */
   struct CadetPeer *peer;
 
-    /**
-     * State of the tunnel connectivity.
-     */
+  /**
+   * Type of encryption used in the tunnel.
+   */
+  enum CadetTunnelEncryption enc_type;
+
+  /**
+   * Axolotl info.
+   */
+  struct CadetTunnelAxolotl *ax;
+
+  /**
+   * State of the tunnel connectivity.
+   */
   enum CadetTunnelCState cstate;
 
   /**
@@ -899,6 +924,13 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t,
                            void *dst, const void *src, size_t size,
                            const struct GNUNET_CADET_Hash *msg_hmac)
 {
+  struct CadetTunnelAxolotl *ax;
+
+  ax = t->ax;
+
+  if (NULL == ax)
+    return -1;
+
   return 0;
 }
 
@@ -2005,6 +2037,14 @@ handle_ephemeral (struct CadetTunnel *t,
     return;
   }
 
+  /* If we get a proper OTR-style ephemeral, fallback to old crypto. */
+  if (NULL != t->ax)
+  {
+    GNUNET_free (t->ax);
+    t->ax = NULL;
+    t->enc_type = CADET_Fallback;
+  }
+
   /**
    * If the key is different from what we know, derive the new E/D keys.
    * Else destroy the rekey ctx (duplicate EPHM after successful KX).
@@ -2099,6 +2139,23 @@ handle_pong (struct CadetTunnel *t, const struct GNUNET_CADET_KX_Pong *msg)
 
 
 /**
+ * .
+ *
+ * @param t Tunnel this message came on.
+ * @param msg Key eXchange Pong message.
+ */
+static void
+handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
+{
+
+  if (NULL == t->ax)
+  {
+    t->ax = GNUNET_new (struct CadetTunnelAxolotl);
+  }
+}
+
+
+/**
  * Demultiplex by message type and call appropriate handler for a message
  * towards a channel of a local tunnel.
  *
@@ -2255,9 +2312,13 @@ GCT_handle_kx (struct CadetTunnel *t,
       handle_pong (t, (const struct GNUNET_CADET_KX_Pong *) message);
       break;
 
+    case GNUNET_MESSAGE_TYPE_CADET_AX_KX:
+      handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message);
+      break;
+
     default:
       GNUNET_break_op (0);
-      LOG (GNUNET_ERROR_TYPE_DEBUG, "kx message not known (%u)\n", type);
+      LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type));
   }
 }