- refactor kx_ctx management

author: Bart Polot <bart@net.in.tum.de> 2014-12-15 07:18:29 +0000
committer: Bart Polot <bart@net.in.tum.de> 2014-12-15 07:18:29 +0000
commit: 741b7d67133cc07d77b069217ca717b2e3bcbcfa (patch)
tree: a10b104c2d645393675ed03c3afaca9b1ada9efa /src/cadet
parent: 01d34009ff06462df2ced8045565adff5cb21bde (diff)
download: gnunet-741b7d67133cc07d77b069217ca717b2e3bcbcfa.tar.gz
gnunet-741b7d67133cc07d77b069217ca717b2e3bcbcfa.zip
1 files changed, 44 insertions, 49 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c
index 80b116035..44816b16c 100644
--- a/src/cadet/gnunet-service-cadet_tunnel.c
+++ b/src/cadet/gnunet-service-cadet_tunnel.c
@@ -861,6 +861,33 @@ derive_symmertic (struct GNUNET_CRYPTO_SymmetricSessionKey *key,
 /**
+ * Derive the tunnel's keys using our own and the peer's ephemeral keys.
+ *
+ * @param t Tunnel for which to create the keys.
+ */
+static void
+create_keys (struct CadetTunnel *t)
+{
+  struct GNUNET_HashCode km;
+  derive_key_material (&km, &t->peers_ephemeral_key);
+  derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km);
+  derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km);
+  #if DUMP_KEYS_TO_STDERR
+  LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n",
+       GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
+  LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n",
+       GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
+  LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km));
+  LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n",
+       GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key));
+  LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n",
+       GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
+  #endif
+}
+/**
 * Create a new Key eXchange context for the tunnel.
 *
 * If the old keys were verified, keep them for old traffic. Create a new KX
@@ -891,10 +918,12 @@ create_kx_ctx (struct CadetTunnel *t)
  if (CADET_TUNNEL_KEY_OK == t->estate)
  {
+    LOG (GNUNET_ERROR_TYPE_INFO, "  backing up keys\n");
    t->kx_ctx->d_key_old = t->d_key;
    t->kx_ctx->e_key_old = t->e_key;
  }
  t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get ();
+  create_keys (t);
 }
@@ -950,32 +979,6 @@ destroy_kx_ctx (struct CadetTunnel *t)
 }
-/**
- * Derive the tunnel's keys using our own and the peer's ephemeral keys.
- *
- * @param t Tunnel for which to create the keys.
- */
-static void
-create_keys (struct CadetTunnel *t)
-{
-  struct GNUNET_HashCode km;
-  derive_key_material (&km, &t->peers_ephemeral_key);
-  derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km);
-  derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km);
-#if DUMP_KEYS_TO_STDERR
-  LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n",
-       GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
-  LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n",
-       GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
-  LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km));
-  LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n",
-       GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key));
-  LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n",
-       GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
-#endif
-}
 /**
 * Pick a connection on which send the next data message.
@@ -1420,27 +1423,19 @@ rekey_tunnel (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  if (NULL != tc && 0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason))
    return;
-  create_kx_ctx (t);
+  GNUNET_assert (NULL != t->kx_ctx);
+  struct GNUNET_TIME_Relative duration;
-  if (NULL == t->kx_ctx)
-  {
-    create_keys (t);
-  }
-  else
-  {
-    struct GNUNET_TIME_Relative duration;
-    duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time);
+  duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time);
-    LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n",
+  LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n",
-         GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES));
+        GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES));
-    // FIXME make duration of old keys configurable
+  // FIXME make duration of old keys configurable
-    if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us)
+  if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us)
-    {
+  {
-      LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n");
+    LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n");
-      memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old));
+    memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old));
-      memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old));
+    memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old));
-    }
  }
  send_ephemeral (t);
@@ -1509,9 +1504,7 @@ rekey_iterator (void *cls,
  r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100);
  delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r);
  t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t);
-  if (NULL != t->kx_ctx)
+  create_kx_ctx (t);
-    t->kx_ctx->challenge =
-        GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, INT32_MAX);
  return GNUNET_YES;
 }
@@ -1872,8 +1865,9 @@ handle_ephemeral (struct CadetTunnel *t,
         GNUNET_h2s ((struct GNUNET_HashCode *) &msg->ephemeral_key));
    #endif
    t->peers_ephemeral_key = msg->ephemeral_key;
    create_kx_ctx (t);
-    create_keys (t);
    if (CADET_TUNNEL_KEY_OK == t->estate)
    {
      GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY);
@@ -2214,6 +2208,7 @@ GCT_change_cstate (struct CadetTunnel* t, enum CadetTunnelCState cstate)
      LOG (GNUNET_ERROR_TYPE_DEBUG, "  cstate triggered rekey\n");
      if (GNUNET_SCHEDULER_NO_TASK != t->rekey_task)
        GNUNET_SCHEDULER_cancel (t->rekey_task);
+      create_kx_ctx (t);
      rekey_tunnel (t, NULL);
    }
  }
author	Bart Polot <bart@net.in.tum.de>	2014-12-15 07:18:29 +0000
committer	Bart Polot <bart@net.in.tum.de>	2014-12-15 07:18:29 +0000
commit	741b7d67133cc07d77b069217ca717b2e3bcbcfa (patch)
tree	a10b104c2d645393675ed03c3afaca9b1ada9efa /src/cadet
parent	01d34009ff06462df2ced8045565adff5cb21bde (diff)
download	gnunet-741b7d67133cc07d77b069217ca717b2e3bcbcfa.tar.gz gnunet-741b7d67133cc07d77b069217ca717b2e3bcbcfa.zip

diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index 80b116035..44816b16c 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c
@@ -861,6 +861,33 @@ derive_symmertic (struct GNUNET_CRYPTO_SymmetricSessionKey *key,
861		861
862		862
863	/**	863	/**
		864	* Derive the tunnel's keys using our own and the peer's ephemeral keys.
		865	*
		866	* @param t Tunnel for which to create the keys.
		867	*/
		868	static void
		869	create_keys (struct CadetTunnel *t)
		870	{
		871	struct GNUNET_HashCode km;
		872
		873	derive_key_material (&km, &t->peers_ephemeral_key);
		874	derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km);
		875	derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km);
		876	#if DUMP_KEYS_TO_STDERR
		877	LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n",
		878	GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
		879	LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n",
		880	GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
		881	LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km));
		882	LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n",
		883	GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key));
		884	LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n",
		885	GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
		886	#endif
		887	}
		888
		889
		890	/**
864	* Create a new Key eXchange context for the tunnel.	891	* Create a new Key eXchange context for the tunnel.
865	*	892	*
866	* If the old keys were verified, keep them for old traffic. Create a new KX	893	* If the old keys were verified, keep them for old traffic. Create a new KX
@@ -891,10 +918,12 @@ create_kx_ctx (struct CadetTunnel *t)
891		918
892	if (CADET_TUNNEL_KEY_OK == t->estate)	919	if (CADET_TUNNEL_KEY_OK == t->estate)
893	{	920	{
		921	LOG (GNUNET_ERROR_TYPE_INFO, " backing up keys\n");
894	t->kx_ctx->d_key_old = t->d_key;	922	t->kx_ctx->d_key_old = t->d_key;
895	t->kx_ctx->e_key_old = t->e_key;	923	t->kx_ctx->e_key_old = t->e_key;
896	}	924	}
897	t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get ();	925	t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get ();
		926	create_keys (t);
898	}	927	}
899		928
900		929
@@ -950,32 +979,6 @@ destroy_kx_ctx (struct CadetTunnel *t)
950	}	979	}
951		980
952		981
953	/**
954	* Derive the tunnel's keys using our own and the peer's ephemeral keys.
955	*
956	* @param t Tunnel for which to create the keys.
957	*/
958	static void
959	create_keys (struct CadetTunnel *t)
960	{
961	struct GNUNET_HashCode km;
962
963	derive_key_material (&km, &t->peers_ephemeral_key);
964	derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km);
965	derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km);
966	#if DUMP_KEYS_TO_STDERR
967	LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n",
968	GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
969	LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n",
970	GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
971	LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km));
972	LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n",
973	GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key));
974	LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n",
975	GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
976	#endif
977	}
978
979		982
980	/**	983	/**
981	* Pick a connection on which send the next data message.	984	* Pick a connection on which send the next data message.
@@ -1420,27 +1423,19 @@ rekey_tunnel (void cls, const struct GNUNET_SCHEDULER_TaskContext tc)
1420	if (NULL != tc && 0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason))	1423	if (NULL != tc && 0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason))
1421	return;	1424	return;
1422		1425
1423	create_kx_ctx (t);	1426	GNUNET_assert (NULL != t->kx_ctx);
1424		1427	struct GNUNET_TIME_Relative duration;
1425	if (NULL == t->kx_ctx)
1426	{
1427	create_keys (t);
1428	}
1429	else
1430	{
1431	struct GNUNET_TIME_Relative duration;
1432		1428
1433	duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time);	1429	duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time);
1434	LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n",	1430	LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n",
1435	GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES));	1431	GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES));
1436		1432
1437	// FIXME make duration of old keys configurable	1433	// FIXME make duration of old keys configurable
1438	if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us)	1434	if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us)
1439	{	1435	{
1440	LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n");	1436	LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n");
1441	memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old));	1437	memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old));
1442	memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old));	1438	memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old));
1443	}
1444	}	1439	}
1445		1440
1446	send_ephemeral (t);	1441	send_ephemeral (t);
@@ -1509,9 +1504,7 @@ rekey_iterator (void *cls,
1509	r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100);	1504	r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100);
1510	delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r);	1505	delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r);
1511	t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t);	1506	t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t);
1512	if (NULL != t->kx_ctx)	1507	create_kx_ctx (t);
1513	t->kx_ctx->challenge =
1514	GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, INT32_MAX);
1515		1508
1516	return GNUNET_YES;	1509	return GNUNET_YES;
1517	}	1510	}
@@ -1872,8 +1865,9 @@ handle_ephemeral (struct CadetTunnel *t,
1872	GNUNET_h2s ((struct GNUNET_HashCode *) &msg->ephemeral_key));	1865	GNUNET_h2s ((struct GNUNET_HashCode *) &msg->ephemeral_key));
1873	#endif	1866	#endif
1874	t->peers_ephemeral_key = msg->ephemeral_key;	1867	t->peers_ephemeral_key = msg->ephemeral_key;
		1868
1875	create_kx_ctx (t);	1869	create_kx_ctx (t);
1876	create_keys (t);	1870
1877	if (CADET_TUNNEL_KEY_OK == t->estate)	1871	if (CADET_TUNNEL_KEY_OK == t->estate)
1878	{	1872	{
1879	GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY);	1873	GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY);
@@ -2214,6 +2208,7 @@ GCT_change_cstate (struct CadetTunnel* t, enum CadetTunnelCState cstate)
2214	LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered rekey\n");	2208	LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered rekey\n");
2215	if (GNUNET_SCHEDULER_NO_TASK != t->rekey_task)	2209	if (GNUNET_SCHEDULER_NO_TASK != t->rekey_task)
2216	GNUNET_SCHEDULER_cancel (t->rekey_task);	2210	GNUNET_SCHEDULER_cancel (t->rekey_task);
		2211	create_kx_ctx (t);
2217	rekey_tunnel (t, NULL);	2212	rekey_tunnel (t, NULL);
2218	}	2213	}
2219	}	2214	}