diff options
author | Bart Polot <bart@net.in.tum.de> | 2015-04-27 19:14:13 +0000 |
---|---|---|
committer | Bart Polot <bart@net.in.tum.de> | 2015-04-27 19:14:13 +0000 |
commit | 9e037307576cb21d9f04b9686d7c41cf4c5e37b0 (patch) | |
tree | 96cc5db9ae345f1595db61ce59bb2ad5bfab99d5 /src/cadet | |
parent | 3e019a9daf7d01f2ee1fdcc2009be2f017e0244c (diff) | |
download | gnunet-9e037307576cb21d9f04b9686d7c41cf4c5e37b0.tar.gz gnunet-9e037307576cb21d9f04b9686d7c41cf4c5e37b0.zip |
- refactor kx handling
Diffstat (limited to 'src/cadet')
-rw-r--r-- | src/cadet/cadet_protocol.h | 21 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet_connection.c | 156 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet_peer.c | 4 | ||||
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnel.c | 75 |
4 files changed, 99 insertions, 157 deletions
diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h index dc91af304..1c0a1a89f 100644 --- a/src/cadet/cadet_protocol.h +++ b/src/cadet/cadet_protocol.h | |||
@@ -72,6 +72,7 @@ struct GNUNET_CADET_ConnectionCreate | |||
72 | /* struct GNUNET_PeerIdentity peers[path_length]; */ | 72 | /* struct GNUNET_PeerIdentity peers[path_length]; */ |
73 | }; | 73 | }; |
74 | 74 | ||
75 | |||
75 | /** | 76 | /** |
76 | * Message for ack'ing a connection | 77 | * Message for ack'ing a connection |
77 | */ | 78 | */ |
@@ -109,6 +110,26 @@ struct GNUNET_CADET_KX | |||
109 | }; | 110 | }; |
110 | 111 | ||
111 | 112 | ||
113 | |||
114 | /** | ||
115 | * Message for encapsulation of a Key eXchange message in a connection. | ||
116 | */ | ||
117 | struct GNUNET_CADET_AX_KX | ||
118 | { | ||
119 | /** | ||
120 | * Type: GNUNET_MESSAGE_TYPE_CADET_AX_KX. | ||
121 | */ | ||
122 | struct GNUNET_MessageHeader header; | ||
123 | |||
124 | /** | ||
125 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format | ||
126 | * suitable for network transmission as created using 'gcry_sexp_sprint'. | ||
127 | */ | ||
128 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | ||
129 | |||
130 | }; | ||
131 | |||
132 | |||
112 | /** | 133 | /** |
113 | * Message transmitted with the signed ephemeral key of a peer. The | 134 | * Message transmitted with the signed ephemeral key of a peer. The |
114 | * session key is then derived from the two ephemeral keys (ECDHE). | 135 | * session key is then derived from the two ephemeral keys (ECDHE). |
diff --git a/src/cadet/gnunet-service-cadet_connection.c b/src/cadet/gnunet-service-cadet_connection.c index 957c81f6b..10acee8f9 100644 --- a/src/cadet/gnunet-service-cadet_connection.c +++ b/src/cadet/gnunet-service-cadet_connection.c | |||
@@ -2296,71 +2296,20 @@ handle_cadet_encrypted (const struct GNUNET_PeerIdentity *peer, | |||
2296 | */ | 2296 | */ |
2297 | static int | 2297 | static int |
2298 | handle_cadet_kx (const struct GNUNET_PeerIdentity *peer, | 2298 | handle_cadet_kx (const struct GNUNET_PeerIdentity *peer, |
2299 | const struct GNUNET_CADET_KX *msg) | 2299 | const struct GNUNET_CADET_KX *msg) |
2300 | { | 2300 | { |
2301 | const struct GNUNET_CADET_Hash* cid; | ||
2301 | struct CadetConnection *c; | 2302 | struct CadetConnection *c; |
2302 | struct CadetPeer *neighbor; | 2303 | size_t expected_size; |
2303 | GNUNET_PEER_Id peer_id; | ||
2304 | size_t size; | ||
2305 | int fwd; | 2304 | int fwd; |
2306 | 2305 | ||
2307 | log_message (&msg->header, peer, &msg->cid); | 2306 | cid = &msg->cid; |
2308 | 2307 | log_message (&msg->header, peer, cid); | |
2309 | /* Check size */ | ||
2310 | size = ntohs (msg->header.size); | ||
2311 | if (size < | ||
2312 | sizeof (struct GNUNET_CADET_KX) + | ||
2313 | sizeof (struct GNUNET_MessageHeader)) | ||
2314 | { | ||
2315 | GNUNET_break_op (0); | ||
2316 | return GNUNET_OK; | ||
2317 | } | ||
2318 | |||
2319 | /* Check connection */ | ||
2320 | c = connection_get (&msg->cid); | ||
2321 | if (NULL == c) | ||
2322 | { | ||
2323 | GNUNET_STATISTICS_update (stats, "# unknown connection", 1, GNUNET_NO); | ||
2324 | LOG (GNUNET_ERROR_TYPE_DEBUG, "kx on unknown connection %s\n", | ||
2325 | GNUNET_h2s (GC_h2hc (&msg->cid))); | ||
2326 | send_broken_unknown (&msg->cid, &my_full_id, NULL, peer); | ||
2327 | return GNUNET_OK; | ||
2328 | } | ||
2329 | LOG (GNUNET_ERROR_TYPE_DEBUG, " on connection %s\n", GCC_2s (c)); | ||
2330 | |||
2331 | /* Check if origin is as expected */ | ||
2332 | neighbor = get_prev_hop (c); | ||
2333 | peer_id = GNUNET_PEER_search (peer); | ||
2334 | if (peer_id == GCP_get_short_id (neighbor)) | ||
2335 | { | ||
2336 | fwd = GNUNET_YES; | ||
2337 | } | ||
2338 | else | ||
2339 | { | ||
2340 | neighbor = get_next_hop (c); | ||
2341 | if (peer_id == GCP_get_short_id (neighbor)) | ||
2342 | { | ||
2343 | fwd = GNUNET_NO; | ||
2344 | } | ||
2345 | else | ||
2346 | { | ||
2347 | /* Unexpected peer sending traffic on a connection. */ | ||
2348 | GNUNET_break_op (0); | ||
2349 | return GNUNET_OK; | ||
2350 | } | ||
2351 | } | ||
2352 | 2308 | ||
2353 | /* Count as connection confirmation. */ | 2309 | expected_size = sizeof (struct GNUNET_CADET_KX) |
2354 | if (CADET_CONNECTION_SENT == c->state || CADET_CONNECTION_ACK == c->state) | 2310 | + sizeof (struct GNUNET_MessageHeader); |
2355 | { | 2311 | c = connection_get (cid); |
2356 | connection_change_state (c, CADET_CONNECTION_READY); | 2312 | fwd = check_message (&msg->header, expected_size, cid, c, peer, 0); |
2357 | if (NULL != c->t) | ||
2358 | { | ||
2359 | if (CADET_TUNNEL_WAITING == GCT_get_cstate (c->t)) | ||
2360 | GCT_change_cstate (c->t, CADET_TUNNEL_READY); | ||
2361 | } | ||
2362 | } | ||
2363 | connection_reset_timeout (c, fwd); | ||
2364 | 2313 | ||
2365 | /* Is this message for us? */ | 2314 | /* Is this message for us? */ |
2366 | if (GCC_is_terminal (c, fwd)) | 2315 | if (GCC_is_terminal (c, fwd)) |
@@ -2423,93 +2372,6 @@ GCC_handle_encrypted (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
2423 | 2372 | ||
2424 | 2373 | ||
2425 | /** | 2374 | /** |
2426 | * Core handler for axolotl key exchange traffic. | ||
2427 | * | ||
2428 | * @param cls Closure (unused). | ||
2429 | * @param message Message received. | ||
2430 | * @param peer Neighbor who sent the message. | ||
2431 | * | ||
2432 | * @return GNUNET_OK, to keep the connection open. | ||
2433 | */ | ||
2434 | int | ||
2435 | GCC_handle_ax_kx (void *cls, const struct GNUNET_PeerIdentity *peer, | ||
2436 | const struct GNUNET_MessageHeader *message) | ||
2437 | { | ||
2438 | const struct GNUNET_CADET_AX *msg; | ||
2439 | struct CadetConnection *c; | ||
2440 | size_t expected_size; | ||
2441 | uint32_t pid; | ||
2442 | uint32_t ttl; | ||
2443 | int fwd; | ||
2444 | |||
2445 | msg = (struct GNUNET_CADET_AX *) message; | ||
2446 | log_message (message, peer, &msg->cid); | ||
2447 | |||
2448 | expected_size = sizeof (struct GNUNET_CADET_AX) | ||
2449 | + sizeof (struct GNUNET_MessageHeader); | ||
2450 | c = connection_get (&msg->cid); | ||
2451 | pid = ntohl (msg->pid); | ||
2452 | fwd = check_message (message, expected_size, c, peer, pid); | ||
2453 | |||
2454 | /* If something went wrong, discard message. */ | ||
2455 | if (GNUNET_SYSERR == fwd) | ||
2456 | return GNUNET_OK; | ||
2457 | |||
2458 | /* Is this message for us? */ | ||
2459 | if (GCC_is_terminal (c, fwd)) | ||
2460 | { | ||
2461 | GNUNET_STATISTICS_update (stats, "# messages received", 1, GNUNET_NO); | ||
2462 | |||
2463 | if (NULL == c->t) | ||
2464 | { | ||
2465 | GNUNET_break (GNUNET_NO != c->destroy); | ||
2466 | return GNUNET_OK; | ||
2467 | } | ||
2468 | GCT_handle_encrypted (c->t, message); | ||
2469 | GCC_send_ack (c, fwd, GNUNET_NO); | ||
2470 | return GNUNET_OK; | ||
2471 | } | ||
2472 | |||
2473 | /* Message not for us: forward to next hop */ | ||
2474 | ttl = ntohl (msg->ttl); | ||
2475 | LOG (GNUNET_ERROR_TYPE_DEBUG, " forwarding, ttl: %u\n", ttl); | ||
2476 | if (ttl == 0) | ||
2477 | { | ||
2478 | GNUNET_STATISTICS_update (stats, "# TTL drops", 1, GNUNET_NO); | ||
2479 | LOG (GNUNET_ERROR_TYPE_WARNING, " TTL is 0, DROPPING!\n"); | ||
2480 | GCC_send_ack (c, fwd, GNUNET_NO); | ||
2481 | return GNUNET_OK; | ||
2482 | } | ||
2483 | |||
2484 | GNUNET_STATISTICS_update (stats, "# messages forwarded", 1, GNUNET_NO); | ||
2485 | GNUNET_assert (NULL == GCC_send_prebuilt_message (&msg->header, 0, 0, c, fwd, | ||
2486 | GNUNET_NO, NULL, NULL)); | ||
2487 | |||
2488 | |||
2489 | |||
2490 | return GNUNET_OK; | ||
2491 | } | ||
2492 | |||
2493 | |||
2494 | |||
2495 | /** | ||
2496 | * Core handler for axolotl encrypted cadet network traffic. | ||
2497 | * | ||
2498 | * @param cls Closure (unused). | ||
2499 | * @param message Message received. | ||
2500 | * @param peer Neighbor who sent the message. | ||
2501 | * | ||
2502 | * @return GNUNET_OK, to keep the connection open. | ||
2503 | */ | ||
2504 | int | ||
2505 | GCC_handle_ax (void *cls, const struct GNUNET_PeerIdentity *peer, | ||
2506 | struct GNUNET_MessageHeader *message) | ||
2507 | { | ||
2508 | return handle_cadet_encrypted (peer, message); | ||
2509 | } | ||
2510 | |||
2511 | |||
2512 | /** | ||
2513 | * Core handler for cadet network traffic point-to-point acks. | 2375 | * Core handler for cadet network traffic point-to-point acks. |
2514 | * | 2376 | * |
2515 | * @param cls closure | 2377 | * @param cls closure |
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c index 1462c5daa..272da9b4e 100644 --- a/src/cadet/gnunet-service-cadet_peer.c +++ b/src/cadet/gnunet-service-cadet_peer.c | |||
@@ -483,9 +483,7 @@ static struct GNUNET_CORE_MessageHandler core_handlers[] = { | |||
483 | {&GCC_handle_poll, GNUNET_MESSAGE_TYPE_CADET_POLL, | 483 | {&GCC_handle_poll, GNUNET_MESSAGE_TYPE_CADET_POLL, |
484 | sizeof (struct GNUNET_CADET_Poll)}, | 484 | sizeof (struct GNUNET_CADET_Poll)}, |
485 | {&GCC_handle_kx, GNUNET_MESSAGE_TYPE_CADET_KX, 0}, | 485 | {&GCC_handle_kx, GNUNET_MESSAGE_TYPE_CADET_KX, 0}, |
486 | {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0}, | 486 | {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0} |
487 | {&GCC_handle_ax_kx, GNUNET_MESSAGE_TYPE_CADET_AX_KX, 0}, {NULL, 0, 0}, | ||
488 | {&GCC_handle_ax, GNUNET_MESSAGE_TYPE_CADET_AX, 0} | ||
489 | }; | 487 | }; |
490 | 488 | ||
491 | 489 | ||
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index ac49a5cad..577549f06 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c | |||
@@ -135,6 +135,21 @@ struct CadetTunnelKXCtx | |||
135 | struct GNUNET_SCHEDULER_Task * finish_task; | 135 | struct GNUNET_SCHEDULER_Task * finish_task; |
136 | }; | 136 | }; |
137 | 137 | ||
138 | /** | ||
139 | * Encryption systems possible. | ||
140 | */ | ||
141 | enum CadetTunnelEncryption | ||
142 | { | ||
143 | /** | ||
144 | * Default Axolotl system. | ||
145 | */ | ||
146 | CADET_Axolotl, | ||
147 | |||
148 | /** | ||
149 | * Fallback OTR-style encryption. | ||
150 | */ | ||
151 | CADET_Fallback | ||
152 | }; | ||
138 | 153 | ||
139 | struct CadetTunnelSkippedKey | 154 | struct CadetTunnelSkippedKey |
140 | { | 155 | { |
@@ -177,14 +192,24 @@ struct CadetTunnelAxolotl | |||
177 | */ | 192 | */ |
178 | struct CadetTunnel | 193 | struct CadetTunnel |
179 | { | 194 | { |
180 | /** | 195 | /** |
181 | * Endpoint of the tunnel. | 196 | * Endpoint of the tunnel. |
182 | */ | 197 | */ |
183 | struct CadetPeer *peer; | 198 | struct CadetPeer *peer; |
184 | 199 | ||
185 | /** | 200 | /** |
186 | * State of the tunnel connectivity. | 201 | * Type of encryption used in the tunnel. |
187 | */ | 202 | */ |
203 | enum CadetTunnelEncryption enc_type; | ||
204 | |||
205 | /** | ||
206 | * Axolotl info. | ||
207 | */ | ||
208 | struct CadetTunnelAxolotl *ax; | ||
209 | |||
210 | /** | ||
211 | * State of the tunnel connectivity. | ||
212 | */ | ||
188 | enum CadetTunnelCState cstate; | 213 | enum CadetTunnelCState cstate; |
189 | 214 | ||
190 | /** | 215 | /** |
@@ -899,6 +924,13 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, | |||
899 | void *dst, const void *src, size_t size, | 924 | void *dst, const void *src, size_t size, |
900 | const struct GNUNET_CADET_Hash *msg_hmac) | 925 | const struct GNUNET_CADET_Hash *msg_hmac) |
901 | { | 926 | { |
927 | struct CadetTunnelAxolotl *ax; | ||
928 | |||
929 | ax = t->ax; | ||
930 | |||
931 | if (NULL == ax) | ||
932 | return -1; | ||
933 | |||
902 | return 0; | 934 | return 0; |
903 | } | 935 | } |
904 | 936 | ||
@@ -2005,6 +2037,14 @@ handle_ephemeral (struct CadetTunnel *t, | |||
2005 | return; | 2037 | return; |
2006 | } | 2038 | } |
2007 | 2039 | ||
2040 | /* If we get a proper OTR-style ephemeral, fallback to old crypto. */ | ||
2041 | if (NULL != t->ax) | ||
2042 | { | ||
2043 | GNUNET_free (t->ax); | ||
2044 | t->ax = NULL; | ||
2045 | t->enc_type = CADET_Fallback; | ||
2046 | } | ||
2047 | |||
2008 | /** | 2048 | /** |
2009 | * If the key is different from what we know, derive the new E/D keys. | 2049 | * If the key is different from what we know, derive the new E/D keys. |
2010 | * Else destroy the rekey ctx (duplicate EPHM after successful KX). | 2050 | * Else destroy the rekey ctx (duplicate EPHM after successful KX). |
@@ -2099,6 +2139,23 @@ handle_pong (struct CadetTunnel *t, const struct GNUNET_CADET_KX_Pong *msg) | |||
2099 | 2139 | ||
2100 | 2140 | ||
2101 | /** | 2141 | /** |
2142 | * . | ||
2143 | * | ||
2144 | * @param t Tunnel this message came on. | ||
2145 | * @param msg Key eXchange Pong message. | ||
2146 | */ | ||
2147 | static void | ||
2148 | handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg) | ||
2149 | { | ||
2150 | |||
2151 | if (NULL == t->ax) | ||
2152 | { | ||
2153 | t->ax = GNUNET_new (struct CadetTunnelAxolotl); | ||
2154 | } | ||
2155 | } | ||
2156 | |||
2157 | |||
2158 | /** | ||
2102 | * Demultiplex by message type and call appropriate handler for a message | 2159 | * Demultiplex by message type and call appropriate handler for a message |
2103 | * towards a channel of a local tunnel. | 2160 | * towards a channel of a local tunnel. |
2104 | * | 2161 | * |
@@ -2255,9 +2312,13 @@ GCT_handle_kx (struct CadetTunnel *t, | |||
2255 | handle_pong (t, (const struct GNUNET_CADET_KX_Pong *) message); | 2312 | handle_pong (t, (const struct GNUNET_CADET_KX_Pong *) message); |
2256 | break; | 2313 | break; |
2257 | 2314 | ||
2315 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: | ||
2316 | handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message); | ||
2317 | break; | ||
2318 | |||
2258 | default: | 2319 | default: |
2259 | GNUNET_break_op (0); | 2320 | GNUNET_break_op (0); |
2260 | LOG (GNUNET_ERROR_TYPE_DEBUG, "kx message not known (%u)\n", type); | 2321 | LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type)); |
2261 | } | 2322 | } |
2262 | } | 2323 | } |
2263 | 2324 | ||