diff options
author | Bart Polot <bart@net.in.tum.de> | 2014-12-15 07:18:29 +0000 |
---|---|---|
committer | Bart Polot <bart@net.in.tum.de> | 2014-12-15 07:18:29 +0000 |
commit | 741b7d67133cc07d77b069217ca717b2e3bcbcfa (patch) | |
tree | a10b104c2d645393675ed03c3afaca9b1ada9efa /src/cadet | |
parent | 01d34009ff06462df2ced8045565adff5cb21bde (diff) | |
download | gnunet-741b7d67133cc07d77b069217ca717b2e3bcbcfa.tar.gz gnunet-741b7d67133cc07d77b069217ca717b2e3bcbcfa.zip |
- refactor kx_ctx management
Diffstat (limited to 'src/cadet')
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnel.c | 93 |
1 files changed, 44 insertions, 49 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index 80b116035..44816b16c 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c | |||
@@ -861,6 +861,33 @@ derive_symmertic (struct GNUNET_CRYPTO_SymmetricSessionKey *key, | |||
861 | 861 | ||
862 | 862 | ||
863 | /** | 863 | /** |
864 | * Derive the tunnel's keys using our own and the peer's ephemeral keys. | ||
865 | * | ||
866 | * @param t Tunnel for which to create the keys. | ||
867 | */ | ||
868 | static void | ||
869 | create_keys (struct CadetTunnel *t) | ||
870 | { | ||
871 | struct GNUNET_HashCode km; | ||
872 | |||
873 | derive_key_material (&km, &t->peers_ephemeral_key); | ||
874 | derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km); | ||
875 | derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km); | ||
876 | #if DUMP_KEYS_TO_STDERR | ||
877 | LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n", | ||
878 | GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key)); | ||
879 | LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n", | ||
880 | GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key)); | ||
881 | LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km)); | ||
882 | LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n", | ||
883 | GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key)); | ||
884 | LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n", | ||
885 | GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key)); | ||
886 | #endif | ||
887 | } | ||
888 | |||
889 | |||
890 | /** | ||
864 | * Create a new Key eXchange context for the tunnel. | 891 | * Create a new Key eXchange context for the tunnel. |
865 | * | 892 | * |
866 | * If the old keys were verified, keep them for old traffic. Create a new KX | 893 | * If the old keys were verified, keep them for old traffic. Create a new KX |
@@ -891,10 +918,12 @@ create_kx_ctx (struct CadetTunnel *t) | |||
891 | 918 | ||
892 | if (CADET_TUNNEL_KEY_OK == t->estate) | 919 | if (CADET_TUNNEL_KEY_OK == t->estate) |
893 | { | 920 | { |
921 | LOG (GNUNET_ERROR_TYPE_INFO, " backing up keys\n"); | ||
894 | t->kx_ctx->d_key_old = t->d_key; | 922 | t->kx_ctx->d_key_old = t->d_key; |
895 | t->kx_ctx->e_key_old = t->e_key; | 923 | t->kx_ctx->e_key_old = t->e_key; |
896 | } | 924 | } |
897 | t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get (); | 925 | t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get (); |
926 | create_keys (t); | ||
898 | } | 927 | } |
899 | 928 | ||
900 | 929 | ||
@@ -950,32 +979,6 @@ destroy_kx_ctx (struct CadetTunnel *t) | |||
950 | } | 979 | } |
951 | 980 | ||
952 | 981 | ||
953 | /** | ||
954 | * Derive the tunnel's keys using our own and the peer's ephemeral keys. | ||
955 | * | ||
956 | * @param t Tunnel for which to create the keys. | ||
957 | */ | ||
958 | static void | ||
959 | create_keys (struct CadetTunnel *t) | ||
960 | { | ||
961 | struct GNUNET_HashCode km; | ||
962 | |||
963 | derive_key_material (&km, &t->peers_ephemeral_key); | ||
964 | derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km); | ||
965 | derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km); | ||
966 | #if DUMP_KEYS_TO_STDERR | ||
967 | LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n", | ||
968 | GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key)); | ||
969 | LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n", | ||
970 | GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key)); | ||
971 | LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km)); | ||
972 | LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n", | ||
973 | GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key)); | ||
974 | LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n", | ||
975 | GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key)); | ||
976 | #endif | ||
977 | } | ||
978 | |||
979 | 982 | ||
980 | /** | 983 | /** |
981 | * Pick a connection on which send the next data message. | 984 | * Pick a connection on which send the next data message. |
@@ -1420,27 +1423,19 @@ rekey_tunnel (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
1420 | if (NULL != tc && 0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason)) | 1423 | if (NULL != tc && 0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason)) |
1421 | return; | 1424 | return; |
1422 | 1425 | ||
1423 | create_kx_ctx (t); | 1426 | GNUNET_assert (NULL != t->kx_ctx); |
1424 | 1427 | struct GNUNET_TIME_Relative duration; | |
1425 | if (NULL == t->kx_ctx) | ||
1426 | { | ||
1427 | create_keys (t); | ||
1428 | } | ||
1429 | else | ||
1430 | { | ||
1431 | struct GNUNET_TIME_Relative duration; | ||
1432 | 1428 | ||
1433 | duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time); | 1429 | duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time); |
1434 | LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n", | 1430 | LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n", |
1435 | GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES)); | 1431 | GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES)); |
1436 | 1432 | ||
1437 | // FIXME make duration of old keys configurable | 1433 | // FIXME make duration of old keys configurable |
1438 | if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us) | 1434 | if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us) |
1439 | { | 1435 | { |
1440 | LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n"); | 1436 | LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n"); |
1441 | memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old)); | 1437 | memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old)); |
1442 | memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old)); | 1438 | memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old)); |
1443 | } | ||
1444 | } | 1439 | } |
1445 | 1440 | ||
1446 | send_ephemeral (t); | 1441 | send_ephemeral (t); |
@@ -1509,9 +1504,7 @@ rekey_iterator (void *cls, | |||
1509 | r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100); | 1504 | r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100); |
1510 | delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r); | 1505 | delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r); |
1511 | t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t); | 1506 | t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t); |
1512 | if (NULL != t->kx_ctx) | 1507 | create_kx_ctx (t); |
1513 | t->kx_ctx->challenge = | ||
1514 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, INT32_MAX); | ||
1515 | 1508 | ||
1516 | return GNUNET_YES; | 1509 | return GNUNET_YES; |
1517 | } | 1510 | } |
@@ -1872,8 +1865,9 @@ handle_ephemeral (struct CadetTunnel *t, | |||
1872 | GNUNET_h2s ((struct GNUNET_HashCode *) &msg->ephemeral_key)); | 1865 | GNUNET_h2s ((struct GNUNET_HashCode *) &msg->ephemeral_key)); |
1873 | #endif | 1866 | #endif |
1874 | t->peers_ephemeral_key = msg->ephemeral_key; | 1867 | t->peers_ephemeral_key = msg->ephemeral_key; |
1868 | |||
1875 | create_kx_ctx (t); | 1869 | create_kx_ctx (t); |
1876 | create_keys (t); | 1870 | |
1877 | if (CADET_TUNNEL_KEY_OK == t->estate) | 1871 | if (CADET_TUNNEL_KEY_OK == t->estate) |
1878 | { | 1872 | { |
1879 | GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY); | 1873 | GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY); |
@@ -2214,6 +2208,7 @@ GCT_change_cstate (struct CadetTunnel* t, enum CadetTunnelCState cstate) | |||
2214 | LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered rekey\n"); | 2208 | LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered rekey\n"); |
2215 | if (GNUNET_SCHEDULER_NO_TASK != t->rekey_task) | 2209 | if (GNUNET_SCHEDULER_NO_TASK != t->rekey_task) |
2216 | GNUNET_SCHEDULER_cancel (t->rekey_task); | 2210 | GNUNET_SCHEDULER_cancel (t->rekey_task); |
2211 | create_kx_ctx (t); | ||
2217 | rekey_tunnel (t, NULL); | 2212 | rekey_tunnel (t, NULL); |
2218 | } | 2213 | } |
2219 | } | 2214 | } |