diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-05-17 00:09:07 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-05-17 00:09:07 +0200 |
commit | 7cab5e7bd71c7f6e72833c12a4853db121dce581 (patch) | |
tree | 74170ed9c9e20744c0f883136ad2080fc3b197bd /src/cadet | |
parent | da393a04d06d488bc3b424a8baa24676b53e6352 (diff) | |
download | gnunet-7cab5e7bd71c7f6e72833c12a4853db121dce581.tar.gz gnunet-7cab5e7bd71c7f6e72833c12a4853db121dce581.zip |
sanitize KX logic by always having the same peer go first
Diffstat (limited to 'src/cadet')
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnels.c | 341 |
1 files changed, 157 insertions, 184 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c index 6b4bda08d..2565b8f18 100644 --- a/src/cadet/gnunet-service-cadet_tunnels.c +++ b/src/cadet/gnunet-service-cadet_tunnels.c | |||
@@ -459,6 +459,29 @@ struct CadetTunnel | |||
459 | 459 | ||
460 | 460 | ||
461 | /** | 461 | /** |
462 | * Am I Alice or Bob, or talking to myself? | ||
463 | * | ||
464 | * @param other the other peer | ||
465 | * @return #GNUNET_YES for Alice, #GNUNET_NO for Bob, #GNUNET_SYSERR if talking to myself | ||
466 | */ | ||
467 | static int | ||
468 | alice_or_bob (const struct GNUNET_PeerIdentity *other) | ||
469 | { | ||
470 | if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, | ||
471 | other)) | ||
472 | return GNUNET_YES; | ||
473 | else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, | ||
474 | other)) | ||
475 | return GNUNET_NO; | ||
476 | else | ||
477 | { | ||
478 | GNUNET_break_op (0); | ||
479 | return GNUNET_SYSERR; | ||
480 | } | ||
481 | } | ||
482 | |||
483 | |||
484 | /** | ||
462 | * Connection @a ct is now unready, clear it's ready flag | 485 | * Connection @a ct is now unready, clear it's ready flag |
463 | * and move it from the ready DLL to the busy DLL. | 486 | * and move it from the ready DLL to the busy DLL. |
464 | * | 487 | * |
@@ -1324,6 +1347,8 @@ send_kx (struct CadetTunnel *t, | |||
1324 | struct GNUNET_CADET_TunnelKeyExchangeMessage *msg; | 1347 | struct GNUNET_CADET_TunnelKeyExchangeMessage *msg; |
1325 | enum GNUNET_CADET_KX_Flags flags; | 1348 | enum GNUNET_CADET_KX_Flags flags; |
1326 | 1349 | ||
1350 | if (GNUNET_YES != alice_or_bob (GCP_get_id (t->destination))) | ||
1351 | return; /* only Alice may send KX */ | ||
1327 | if ( (NULL == ct) || | 1352 | if ( (NULL == ct) || |
1328 | (GNUNET_NO == ct->is_ready) ) | 1353 | (GNUNET_NO == ct->is_ready) ) |
1329 | ct = get_ready_connection (t); | 1354 | ct = get_ready_connection (t); |
@@ -1346,13 +1371,6 @@ send_kx (struct CadetTunnel *t, | |||
1346 | &msg->ephemeral_key); | 1371 | &msg->ephemeral_key); |
1347 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs, | 1372 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs, |
1348 | &msg->ratchet_key); | 1373 | &msg->ratchet_key); |
1349 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1350 | "Sending KX with E=%s and R=%s on %s via %s in state %s\n", | ||
1351 | GNUNET_e2s (&msg->ephemeral_key), | ||
1352 | GNUNET_e2s2 (&msg->ratchet_key), | ||
1353 | GCT_2s (t), | ||
1354 | GCC_2s (cc), | ||
1355 | estate2s (t->estate)); | ||
1356 | mark_connection_unready (ct); | 1374 | mark_connection_unready (ct); |
1357 | t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay); | 1375 | t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay); |
1358 | t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay); | 1376 | t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay); |
@@ -1421,18 +1439,6 @@ send_kx_auth (struct CadetTunnel *t, | |||
1421 | GNUNET_CRYPTO_hash (&ax->RK, | 1439 | GNUNET_CRYPTO_hash (&ax->RK, |
1422 | sizeof (ax->RK), | 1440 | sizeof (ax->RK), |
1423 | &msg->auth); | 1441 | &msg->auth); |
1424 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1425 | "Sending KX_AUTH with E=%s and R=%s and A=%s on %s using %s\n", | ||
1426 | GNUNET_e2s (&msg->kx.ephemeral_key), | ||
1427 | GNUNET_e2s2 (&msg->kx.ratchet_key), | ||
1428 | GNUNET_h2s (&msg->auth), | ||
1429 | GCT_2s (t), | ||
1430 | GCC_2s (ct->cc)); | ||
1431 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1432 | "... this is in response to foreign E=%s and R=%s\n", | ||
1433 | GNUNET_e2s2 (&ax->last_ephemeral), | ||
1434 | GNUNET_e2s (&ax->DHRr)); | ||
1435 | |||
1436 | /* Compute when to be triggered again; actual job will | 1442 | /* Compute when to be triggered again; actual job will |
1437 | be scheduled via #connection_ready_cb() */ | 1443 | be scheduled via #connection_ready_cb() */ |
1438 | t->kx_retry_delay | 1444 | t->kx_retry_delay |
@@ -1497,66 +1503,57 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1497 | const char salt[] = "CADET Axolotl salt"; | 1503 | const char salt[] = "CADET Axolotl salt"; |
1498 | int am_I_alice; | 1504 | int am_I_alice; |
1499 | 1505 | ||
1500 | if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, | 1506 | if (GNUNET_SYSERR == (am_I_alice = alice_or_bob (pid))) |
1501 | pid)) | 1507 | { |
1502 | am_I_alice = GNUNET_YES; | 1508 | GNUNET_break_op (0); |
1503 | else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, | 1509 | return GNUNET_SYSERR; |
1504 | pid)) | 1510 | } |
1505 | am_I_alice = GNUNET_NO; | ||
1506 | else | ||
1507 | { | ||
1508 | GNUNET_break_op (0); | ||
1509 | return GNUNET_SYSERR; | ||
1510 | } | ||
1511 | |||
1512 | if (0 == memcmp (&ax->DHRr, | 1511 | if (0 == memcmp (&ax->DHRr, |
1513 | ratchet_key, | 1512 | ratchet_key, |
1514 | sizeof (*ratchet_key))) | 1513 | sizeof (*ratchet_key))) |
1515 | { | 1514 | { |
1516 | GNUNET_STATISTICS_update (stats, | 1515 | GNUNET_STATISTICS_update (stats, |
1517 | "# Ratchet key already known", | 1516 | "# Ratchet key already known", |
1518 | 1, | 1517 | 1, |
1519 | GNUNET_NO); | 1518 | GNUNET_NO); |
1520 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1519 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1521 | "Ratchet key already known. Ignoring KX.\n"); | 1520 | "Ratchet key already known. Ignoring KX.\n"); |
1522 | return GNUNET_NO; | 1521 | return GNUNET_NO; |
1523 | } | 1522 | } |
1524 | 1523 | ||
1525 | ax->DHRr = *ratchet_key; | 1524 | ax->DHRr = *ratchet_key; |
1526 | ax->last_ephemeral = *ephemeral_key; | 1525 | ax->last_ephemeral = *ephemeral_key; |
1527 | /* ECDH A B0 */ | 1526 | /* ECDH A B0 */ |
1528 | if (GNUNET_YES == am_I_alice) | 1527 | if (GNUNET_YES == am_I_alice) |
1529 | { | 1528 | { |
1530 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1529 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* a */ |
1531 | ephemeral_key, /* B0 */ | 1530 | ephemeral_key, /* B0 */ |
1532 | &key_material[0]); | 1531 | &key_material[0]); |
1533 | } | 1532 | } |
1534 | else | 1533 | else |
1535 | { | 1534 | { |
1536 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ | 1535 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */ |
1537 | &pid->public_key, /* A */ | 1536 | &pid->public_key, /* A */ |
1538 | &key_material[0]); | 1537 | &key_material[0]); |
1539 | } | 1538 | } |
1540 | |||
1541 | /* ECDH A0 B */ | 1539 | /* ECDH A0 B */ |
1542 | if (GNUNET_YES == am_I_alice) | 1540 | if (GNUNET_YES == am_I_alice) |
1543 | { | 1541 | { |
1544 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ | 1542 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */ |
1545 | &pid->public_key, /* B */ | 1543 | &pid->public_key, /* B */ |
1546 | &key_material[1]); | 1544 | &key_material[1]); |
1547 | } | 1545 | } |
1548 | else | 1546 | else |
1549 | { | 1547 | { |
1550 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1548 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* b */ |
1551 | ephemeral_key, /* B0 */ | 1549 | ephemeral_key, /* A0 */ |
1552 | &key_material[1]); | 1550 | &key_material[1]); |
1553 | } | 1551 | } |
1554 | 1552 | ||
1555 | /* ECDH A0 B0 */ | 1553 | /* ECDH A0 B0 */ |
1556 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ | 1554 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */ |
1557 | ephemeral_key, /* B0 or A0 */ | 1555 | ephemeral_key, /* B0 or A0 */ |
1558 | &key_material[2]); | 1556 | &key_material[2]); |
1559 | |||
1560 | /* KDF */ | 1557 | /* KDF */ |
1561 | GNUNET_CRYPTO_kdf (keys, sizeof (keys), | 1558 | GNUNET_CRYPTO_kdf (keys, sizeof (keys), |
1562 | salt, sizeof (salt), | 1559 | salt, sizeof (salt), |
@@ -1566,36 +1563,36 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1566 | if (0 == memcmp (&ax->RK, | 1563 | if (0 == memcmp (&ax->RK, |
1567 | &keys[0], | 1564 | &keys[0], |
1568 | sizeof (ax->RK))) | 1565 | sizeof (ax->RK))) |
1569 | { | 1566 | { |
1570 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1567 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1571 | "Root key of handshake already known. Ignoring KX.\n"); | 1568 | "Root key already known. Ignoring KX.\n"); |
1572 | GNUNET_STATISTICS_update (stats, | 1569 | GNUNET_STATISTICS_update (stats, |
1573 | "# Root key already known", | 1570 | "# Root key already known", |
1574 | 1, | 1571 | 1, |
1575 | GNUNET_NO); | 1572 | GNUNET_NO); |
1576 | return GNUNET_NO; | 1573 | return GNUNET_NO; |
1577 | } | 1574 | } |
1578 | 1575 | ||
1579 | ax->RK = keys[0]; | 1576 | ax->RK = keys[0]; |
1580 | if (GNUNET_YES == am_I_alice) | 1577 | if (GNUNET_YES == am_I_alice) |
1581 | { | 1578 | { |
1582 | ax->HKr = keys[1]; | 1579 | ax->HKr = keys[1]; |
1583 | ax->NHKs = keys[2]; | 1580 | ax->NHKs = keys[2]; |
1584 | ax->NHKr = keys[3]; | 1581 | ax->NHKr = keys[3]; |
1585 | ax->CKr = keys[4]; | 1582 | ax->CKr = keys[4]; |
1586 | ax->ratchet_flag = GNUNET_YES; | 1583 | ax->ratchet_flag = GNUNET_YES; |
1587 | } | 1584 | } |
1588 | else | 1585 | else |
1589 | { | 1586 | { |
1590 | ax->HKs = keys[1]; | 1587 | ax->HKs = keys[1]; |
1591 | ax->NHKr = keys[2]; | 1588 | ax->NHKr = keys[2]; |
1592 | ax->NHKs = keys[3]; | 1589 | ax->NHKs = keys[3]; |
1593 | ax->CKs = keys[4]; | 1590 | ax->CKs = keys[4]; |
1594 | ax->ratchet_flag = GNUNET_NO; | 1591 | ax->ratchet_flag = GNUNET_NO; |
1595 | ax->ratchet_expiration | 1592 | ax->ratchet_expiration |
1596 | = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), | 1593 | = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), |
1597 | ratchet_time); | 1594 | ratchet_time); |
1598 | } | 1595 | } |
1599 | return GNUNET_OK; | 1596 | return GNUNET_OK; |
1600 | } | 1597 | } |
1601 | 1598 | ||
@@ -1702,13 +1699,18 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1702 | const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg) | 1699 | const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg) |
1703 | { | 1700 | { |
1704 | struct CadetTunnel *t = ct->t; | 1701 | struct CadetTunnel *t = ct->t; |
1705 | struct CadetTunnelAxolotl *ax; | ||
1706 | int ret; | 1702 | int ret; |
1707 | 1703 | ||
1708 | GNUNET_STATISTICS_update (stats, | 1704 | GNUNET_STATISTICS_update (stats, |
1709 | "# KX received", | 1705 | "# KX received", |
1710 | 1, | 1706 | 1, |
1711 | GNUNET_NO); | 1707 | GNUNET_NO); |
1708 | if (GNUNET_YES == alice_or_bob (GCP_get_id (t->destination))) | ||
1709 | { | ||
1710 | /* Bob is not allowed to send KX! */ | ||
1711 | GNUNET_break_op (0); | ||
1712 | return; | ||
1713 | } | ||
1712 | #if 1 | 1714 | #if 1 |
1713 | if ( (0 == | 1715 | if ( (0 == |
1714 | memcmp (&t->ax.DHRr, | 1716 | memcmp (&t->ax.DHRr, |
@@ -1720,8 +1722,6 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1720 | sizeof (msg->ephemeral_key))) ) | 1722 | sizeof (msg->ephemeral_key))) ) |
1721 | 1723 | ||
1722 | { | 1724 | { |
1723 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1724 | "Got duplicate KX. Firing back KX_AUTH.\n"); | ||
1725 | GNUNET_STATISTICS_update (stats, | 1725 | GNUNET_STATISTICS_update (stats, |
1726 | "# Duplicate KX received", | 1726 | "# Duplicate KX received", |
1727 | 1, | 1727 | 1, |
@@ -1736,80 +1736,73 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1736 | /* We only keep ONE unverified KX around, so if there is an existing one, | 1736 | /* We only keep ONE unverified KX around, so if there is an existing one, |
1737 | clean it up. */ | 1737 | clean it up. */ |
1738 | if (NULL != t->unverified_ax) | 1738 | if (NULL != t->unverified_ax) |
1739 | { | ||
1740 | if ( (0 == | ||
1741 | memcmp (&t->unverified_ax->DHRr, | ||
1742 | &msg->ratchet_key, | ||
1743 | sizeof (msg->ratchet_key))) && | ||
1744 | (0 == | ||
1745 | memcmp (&t->unverified_ax->last_ephemeral, | ||
1746 | &msg->ephemeral_key, | ||
1747 | sizeof (msg->ephemeral_key))) ) | ||
1739 | { | 1748 | { |
1740 | if ( (0 == | ||
1741 | memcmp (&t->unverified_ax->DHRr, | ||
1742 | &msg->ratchet_key, | ||
1743 | sizeof (msg->ratchet_key))) && | ||
1744 | (0 == | ||
1745 | memcmp (&t->unverified_ax->last_ephemeral, | ||
1746 | &msg->ephemeral_key, | ||
1747 | sizeof (msg->ephemeral_key))) ) | ||
1748 | { | ||
1749 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1750 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", | ||
1751 | GCT_2s (t)); | ||
1752 | GNUNET_STATISTICS_update (stats, | ||
1753 | "# Duplicate unverified KX received", | ||
1754 | 1, | ||
1755 | GNUNET_NO); | ||
1756 | #if 1 | ||
1757 | send_kx_auth (t, | ||
1758 | ct, | ||
1759 | t->unverified_ax, | ||
1760 | GNUNET_NO); | ||
1761 | return; | ||
1762 | #endif | ||
1763 | } | ||
1764 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1765 | "Dropping old unverified KX state. Got a fresh KX for %s.\n", | ||
1766 | GCT_2s (t)); | ||
1767 | GNUNET_STATISTICS_update (stats, | 1749 | GNUNET_STATISTICS_update (stats, |
1768 | "# Unverified KX dropped for fresh KX", | 1750 | "# Duplicate unverified KX received", |
1769 | 1, | 1751 | 1, |
1770 | GNUNET_NO); | 1752 | GNUNET_NO); |
1771 | GNUNET_break (NULL == t->unverified_ax->skipped_head); | 1753 | #if 1 |
1772 | memset (t->unverified_ax, | 1754 | send_kx_auth (t, |
1773 | 0, | 1755 | ct, |
1774 | sizeof (struct CadetTunnelAxolotl)); | 1756 | t->unverified_ax, |
1775 | t->unverified_ax->DHRs = t->ax.DHRs; | 1757 | GNUNET_NO); |
1776 | t->unverified_ax->kx_0 = t->ax.kx_0; | 1758 | return; |
1759 | #endif | ||
1777 | } | 1760 | } |
1761 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1762 | "Dropping old unverified KX state.\n"); | ||
1763 | GNUNET_STATISTICS_update (stats, | ||
1764 | "# Unverified KX dropped for fresh KX", | ||
1765 | 1, | ||
1766 | GNUNET_NO); | ||
1767 | GNUNET_break (NULL == t->unverified_ax->skipped_head); | ||
1768 | memset (t->unverified_ax, | ||
1769 | 0, | ||
1770 | sizeof (struct CadetTunnelAxolotl)); | ||
1771 | } | ||
1778 | else | 1772 | else |
1779 | { | 1773 | { |
1780 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1774 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1781 | "Creating fresh unverified KX for %s.\n", | 1775 | "Creating fresh unverified KX for %s\n", |
1782 | GCT_2s (t)); | 1776 | GCT_2s (t)); |
1783 | GNUNET_STATISTICS_update (stats, | 1777 | GNUNET_STATISTICS_update (stats, |
1784 | "# Fresh KX setup", | 1778 | "# Fresh KX setup", |
1785 | 1, | 1779 | 1, |
1786 | GNUNET_NO); | 1780 | GNUNET_NO); |
1787 | t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl); | 1781 | t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl); |
1788 | t->unverified_ax->DHRs = t->ax.DHRs; | 1782 | } |
1789 | t->unverified_ax->kx_0 = t->ax.kx_0; | ||
1790 | } | ||
1791 | /* Set as the 'current' RK/DHRr the one we are currently using, | 1783 | /* Set as the 'current' RK/DHRr the one we are currently using, |
1792 | so that the duplicate-detection logic of | 1784 | so that the duplicate-detection logic of |
1793 | #update_ax_by_kx can work. */ | 1785 | #update_ax_by_kx can work. */ |
1794 | t->unverified_ax->RK = t->ax.RK; | 1786 | t->unverified_ax->RK = t->ax.RK; |
1795 | t->unverified_ax->DHRr = t->ax.DHRr; | 1787 | t->unverified_ax->DHRr = t->ax.DHRr; |
1788 | t->unverified_ax->DHRs = t->ax.DHRs; | ||
1789 | t->unverified_ax->kx_0 = t->ax.kx_0; | ||
1796 | t->unverified_attempts = 0; | 1790 | t->unverified_attempts = 0; |
1797 | ax = t->unverified_ax; | ||
1798 | 1791 | ||
1799 | /* Update 'ax' by the new key material */ | 1792 | /* Update 'ax' by the new key material */ |
1800 | ret = update_ax_by_kx (ax, | 1793 | ret = update_ax_by_kx (t->unverified_ax, |
1801 | GCP_get_id (t->destination), | 1794 | GCP_get_id (t->destination), |
1802 | &msg->ephemeral_key, | 1795 | &msg->ephemeral_key, |
1803 | &msg->ratchet_key); | 1796 | &msg->ratchet_key); |
1804 | GNUNET_break (GNUNET_SYSERR != ret); | 1797 | GNUNET_break (GNUNET_SYSERR != ret); |
1805 | if (GNUNET_OK != ret) | 1798 | if (GNUNET_OK != ret) |
1806 | { | 1799 | { |
1807 | GNUNET_STATISTICS_update (stats, | 1800 | GNUNET_STATISTICS_update (stats, |
1808 | "# Useless KX", | 1801 | "# Useless KX", |
1809 | 1, | 1802 | 1, |
1810 | GNUNET_NO); | 1803 | GNUNET_NO); |
1811 | return; /* duplicate KX, nothing to do */ | 1804 | return; /* duplicate KX, nothing to do */ |
1812 | } | 1805 | } |
1813 | /* move ahead in our state machine */ | 1806 | /* move ahead in our state machine */ |
1814 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) | 1807 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) |
1815 | GCT_change_estate (t, | 1808 | GCT_change_estate (t, |
@@ -1820,13 +1813,13 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1820 | 1813 | ||
1821 | /* KX is still not done, try again our end. */ | 1814 | /* KX is still not done, try again our end. */ |
1822 | if (CADET_TUNNEL_KEY_OK != t->estate) | 1815 | if (CADET_TUNNEL_KEY_OK != t->estate) |
1823 | { | 1816 | { |
1824 | if (NULL != t->kx_task) | 1817 | if (NULL != t->kx_task) |
1825 | GNUNET_SCHEDULER_cancel (t->kx_task); | 1818 | GNUNET_SCHEDULER_cancel (t->kx_task); |
1826 | t->kx_task | 1819 | t->kx_task |
1827 | = GNUNET_SCHEDULER_add_now (&retry_kx, | 1820 | = GNUNET_SCHEDULER_add_now (&retry_kx, |
1828 | t); | 1821 | t); |
1829 | } | 1822 | } |
1830 | } | 1823 | } |
1831 | 1824 | ||
1832 | 1825 | ||
@@ -1851,34 +1844,16 @@ GCT_handle_kx_auth (struct CadetTConnection *ct, | |||
1851 | GNUNET_NO); | 1844 | GNUNET_NO); |
1852 | if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) || | 1845 | if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) || |
1853 | (CADET_TUNNEL_KEY_AX_RECV == t->estate) ) | 1846 | (CADET_TUNNEL_KEY_AX_RECV == t->estate) ) |
1854 | { | ||
1855 | /* Confusing, we got a KX_AUTH before we even send our own | ||
1856 | KX. This should not happen. We'll send our own KX ASAP anyway, | ||
1857 | so let's ignore this here. */ | ||
1858 | GNUNET_break_op (0); | ||
1859 | return; | ||
1860 | } | ||
1861 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1862 | "Handling KX_AUTH message for %s with E=%s and R=%s and A=%s\n", | ||
1863 | GCT_2s (t), | ||
1864 | GNUNET_e2s (&msg->kx.ephemeral_key), | ||
1865 | GNUNET_e2s2 (&msg->kx.ratchet_key), | ||
1866 | GNUNET_h2s (&msg->auth)); | ||
1867 | { | 1847 | { |
1868 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | 1848 | /* Confusing, we got a KX_AUTH before we even send our own |
1869 | struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key; | 1849 | KX. This should not happen. We'll send our own KX ASAP anyway, |
1870 | 1850 | so let's ignore this here. */ | |
1871 | GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.kx_0, | 1851 | GNUNET_break_op (0); |
1872 | &ephemeral_key); | 1852 | return; |
1873 | GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs, | ||
1874 | &ratchet_key); | ||
1875 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1876 | "... my E=%s and R=%s\n", | ||
1877 | GNUNET_e2s2 (&ephemeral_key), | ||
1878 | GNUNET_e2s (&ratchet_key)); | ||
1879 | } | 1853 | } |
1880 | 1854 | LOG (GNUNET_ERROR_TYPE_DEBUG, | |
1881 | 1855 | "Handling KX_AUTH message for %s\n", | |
1856 | GCT_2s (t)); | ||
1882 | /* We do everything in ax_tmp until we've checked the authentication | 1857 | /* We do everything in ax_tmp until we've checked the authentication |
1883 | so we don't clobber anything we care about by accident. */ | 1858 | so we don't clobber anything we care about by accident. */ |
1884 | ax_tmp = t->ax; | 1859 | ax_tmp = t->ax; |
@@ -1912,10 +1887,8 @@ GCT_handle_kx_auth (struct CadetTConnection *ct, | |||
1912 | "# KX_AUTH not using our last KX received (auth failure)", | 1887 | "# KX_AUTH not using our last KX received (auth failure)", |
1913 | 1, | 1888 | 1, |
1914 | GNUNET_NO); | 1889 | GNUNET_NO); |
1915 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1890 | LOG (GNUNET_ERROR_TYPE_WARNING, |
1916 | "AUTH missmatch: got %s, expected %s\n", | 1891 | "KX AUTH missmatch!\n"); |
1917 | GNUNET_h2s (&msg->auth), | ||
1918 | GNUNET_h2s2 (&kx_auth)); | ||
1919 | send_kx (t, | 1892 | send_kx (t, |
1920 | ct, | 1893 | ct, |
1921 | &t->ax); | 1894 | &t->ax); |