diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-05-16 21:36:22 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-05-16 21:36:38 +0200 |
commit | da393a04d06d488bc3b424a8baa24676b53e6352 (patch) | |
tree | 1791dfd7a18919c065f0b945c65dd62d1a7727bf /src/cadet | |
parent | 215e607f63847c77bd26d4c97eae8c7d6ca7f4a0 (diff) | |
download | gnunet-da393a04d06d488bc3b424a8baa24676b53e6352.tar.gz gnunet-da393a04d06d488bc3b424a8baa24676b53e6352.zip |
log key material hashes
Diffstat (limited to 'src/cadet')
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnels.c | 461 |
1 files changed, 245 insertions, 216 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c index 97c50dc90..6b4bda08d 100644 --- a/src/cadet/gnunet-service-cadet_tunnels.c +++ b/src/cadet/gnunet-service-cadet_tunnels.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet. | 2 | This file is part of GNUnet. |
3 | Copyright (C) 2013, 2017 GNUnet e.V. | 3 | Copyright (C) 2013, 2017, 2018 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software; you can redistribute it and/or modify | 5 | GNUnet is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published | 6 | it under the terms of the GNU General Public License as published |
@@ -1337,11 +1337,6 @@ send_kx (struct CadetTunnel *t, | |||
1337 | return; | 1337 | return; |
1338 | } | 1338 | } |
1339 | cc = ct->cc; | 1339 | cc = ct->cc; |
1340 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1341 | "Sending KX on %s via %s in state %s\n", | ||
1342 | GCT_2s (t), | ||
1343 | GCC_2s (cc), | ||
1344 | estate2s (t->estate)); | ||
1345 | env = GNUNET_MQ_msg (msg, | 1340 | env = GNUNET_MQ_msg (msg, |
1346 | GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX); | 1341 | GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX); |
1347 | flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */ | 1342 | flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */ |
@@ -1351,6 +1346,13 @@ send_kx (struct CadetTunnel *t, | |||
1351 | &msg->ephemeral_key); | 1346 | &msg->ephemeral_key); |
1352 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs, | 1347 | GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs, |
1353 | &msg->ratchet_key); | 1348 | &msg->ratchet_key); |
1349 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1350 | "Sending KX with E=%s and R=%s on %s via %s in state %s\n", | ||
1351 | GNUNET_e2s (&msg->ephemeral_key), | ||
1352 | GNUNET_e2s2 (&msg->ratchet_key), | ||
1353 | GCT_2s (t), | ||
1354 | GCC_2s (cc), | ||
1355 | estate2s (t->estate)); | ||
1354 | mark_connection_unready (ct); | 1356 | mark_connection_unready (ct); |
1355 | t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay); | 1357 | t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay); |
1356 | t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay); | 1358 | t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay); |
@@ -1404,11 +1406,6 @@ send_kx_auth (struct CadetTunnel *t, | |||
1404 | } | 1406 | } |
1405 | t->kx_auth_requested = GNUNET_NO; /* clear flag */ | 1407 | t->kx_auth_requested = GNUNET_NO; /* clear flag */ |
1406 | cc = ct->cc; | 1408 | cc = ct->cc; |
1407 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1408 | "Sending KX_AUTH on %s using %s\n", | ||
1409 | GCT_2s (t), | ||
1410 | GCC_2s (ct->cc)); | ||
1411 | |||
1412 | env = GNUNET_MQ_msg (msg, | 1409 | env = GNUNET_MQ_msg (msg, |
1413 | GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH); | 1410 | GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH); |
1414 | flags = GNUNET_CADET_KX_FLAG_NONE; | 1411 | flags = GNUNET_CADET_KX_FLAG_NONE; |
@@ -1424,6 +1421,17 @@ send_kx_auth (struct CadetTunnel *t, | |||
1424 | GNUNET_CRYPTO_hash (&ax->RK, | 1421 | GNUNET_CRYPTO_hash (&ax->RK, |
1425 | sizeof (ax->RK), | 1422 | sizeof (ax->RK), |
1426 | &msg->auth); | 1423 | &msg->auth); |
1424 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1425 | "Sending KX_AUTH with E=%s and R=%s and A=%s on %s using %s\n", | ||
1426 | GNUNET_e2s (&msg->kx.ephemeral_key), | ||
1427 | GNUNET_e2s2 (&msg->kx.ratchet_key), | ||
1428 | GNUNET_h2s (&msg->auth), | ||
1429 | GCT_2s (t), | ||
1430 | GCC_2s (ct->cc)); | ||
1431 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1432 | "... this is in response to foreign E=%s and R=%s\n", | ||
1433 | GNUNET_e2s2 (&ax->last_ephemeral), | ||
1434 | GNUNET_e2s (&ax->DHRr)); | ||
1427 | 1435 | ||
1428 | /* Compute when to be triggered again; actual job will | 1436 | /* Compute when to be triggered again; actual job will |
1429 | be scheduled via #connection_ready_cb() */ | 1437 | be scheduled via #connection_ready_cb() */ |
@@ -1496,53 +1504,53 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1496 | pid)) | 1504 | pid)) |
1497 | am_I_alice = GNUNET_NO; | 1505 | am_I_alice = GNUNET_NO; |
1498 | else | 1506 | else |
1499 | { | 1507 | { |
1500 | GNUNET_break_op (0); | 1508 | GNUNET_break_op (0); |
1501 | return GNUNET_SYSERR; | 1509 | return GNUNET_SYSERR; |
1502 | } | 1510 | } |
1503 | 1511 | ||
1504 | if (0 == memcmp (&ax->DHRr, | 1512 | if (0 == memcmp (&ax->DHRr, |
1505 | ratchet_key, | 1513 | ratchet_key, |
1506 | sizeof (*ratchet_key))) | 1514 | sizeof (*ratchet_key))) |
1507 | { | 1515 | { |
1508 | GNUNET_STATISTICS_update (stats, | 1516 | GNUNET_STATISTICS_update (stats, |
1509 | "# Ratchet key already known", | 1517 | "# Ratchet key already known", |
1510 | 1, | 1518 | 1, |
1511 | GNUNET_NO); | 1519 | GNUNET_NO); |
1512 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1520 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1513 | "Ratchet key already known. Ignoring KX.\n"); | 1521 | "Ratchet key already known. Ignoring KX.\n"); |
1514 | return GNUNET_NO; | 1522 | return GNUNET_NO; |
1515 | } | 1523 | } |
1516 | 1524 | ||
1517 | ax->DHRr = *ratchet_key; | 1525 | ax->DHRr = *ratchet_key; |
1518 | ax->last_ephemeral = *ephemeral_key; | 1526 | ax->last_ephemeral = *ephemeral_key; |
1519 | /* ECDH A B0 */ | 1527 | /* ECDH A B0 */ |
1520 | if (GNUNET_YES == am_I_alice) | 1528 | if (GNUNET_YES == am_I_alice) |
1521 | { | 1529 | { |
1522 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1530 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ |
1523 | ephemeral_key, /* B0 */ | 1531 | ephemeral_key, /* B0 */ |
1524 | &key_material[0]); | 1532 | &key_material[0]); |
1525 | } | 1533 | } |
1526 | else | 1534 | else |
1527 | { | 1535 | { |
1528 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ | 1536 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */ |
1529 | &pid->public_key, /* A */ | 1537 | &pid->public_key, /* A */ |
1530 | &key_material[0]); | 1538 | &key_material[0]); |
1531 | } | 1539 | } |
1532 | 1540 | ||
1533 | /* ECDH A0 B */ | 1541 | /* ECDH A0 B */ |
1534 | if (GNUNET_YES == am_I_alice) | 1542 | if (GNUNET_YES == am_I_alice) |
1535 | { | 1543 | { |
1536 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ | 1544 | GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */ |
1537 | &pid->public_key, /* B */ | 1545 | &pid->public_key, /* B */ |
1538 | &key_material[1]); | 1546 | &key_material[1]); |
1539 | } | 1547 | } |
1540 | else | 1548 | else |
1541 | { | 1549 | { |
1542 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ | 1550 | GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */ |
1543 | ephemeral_key, /* B0 */ | 1551 | ephemeral_key, /* B0 */ |
1544 | &key_material[1]); | 1552 | &key_material[1]); |
1545 | } | 1553 | } |
1546 | 1554 | ||
1547 | /* ECDH A0 B0 */ | 1555 | /* ECDH A0 B0 */ |
1548 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ | 1556 | GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */ |
@@ -1558,36 +1566,36 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax, | |||
1558 | if (0 == memcmp (&ax->RK, | 1566 | if (0 == memcmp (&ax->RK, |
1559 | &keys[0], | 1567 | &keys[0], |
1560 | sizeof (ax->RK))) | 1568 | sizeof (ax->RK))) |
1561 | { | 1569 | { |
1562 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1570 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1563 | "Root key of handshake already known. Ignoring KX.\n"); | 1571 | "Root key of handshake already known. Ignoring KX.\n"); |
1564 | GNUNET_STATISTICS_update (stats, | 1572 | GNUNET_STATISTICS_update (stats, |
1565 | "# Root key already known", | 1573 | "# Root key already known", |
1566 | 1, | 1574 | 1, |
1567 | GNUNET_NO); | 1575 | GNUNET_NO); |
1568 | return GNUNET_NO; | 1576 | return GNUNET_NO; |
1569 | } | 1577 | } |
1570 | 1578 | ||
1571 | ax->RK = keys[0]; | 1579 | ax->RK = keys[0]; |
1572 | if (GNUNET_YES == am_I_alice) | 1580 | if (GNUNET_YES == am_I_alice) |
1573 | { | 1581 | { |
1574 | ax->HKr = keys[1]; | 1582 | ax->HKr = keys[1]; |
1575 | ax->NHKs = keys[2]; | 1583 | ax->NHKs = keys[2]; |
1576 | ax->NHKr = keys[3]; | 1584 | ax->NHKr = keys[3]; |
1577 | ax->CKr = keys[4]; | 1585 | ax->CKr = keys[4]; |
1578 | ax->ratchet_flag = GNUNET_YES; | 1586 | ax->ratchet_flag = GNUNET_YES; |
1579 | } | 1587 | } |
1580 | else | 1588 | else |
1581 | { | 1589 | { |
1582 | ax->HKs = keys[1]; | 1590 | ax->HKs = keys[1]; |
1583 | ax->NHKr = keys[2]; | 1591 | ax->NHKr = keys[2]; |
1584 | ax->NHKs = keys[3]; | 1592 | ax->NHKs = keys[3]; |
1585 | ax->CKs = keys[4]; | 1593 | ax->CKs = keys[4]; |
1586 | ax->ratchet_flag = GNUNET_NO; | 1594 | ax->ratchet_flag = GNUNET_NO; |
1587 | ax->ratchet_expiration | 1595 | ax->ratchet_expiration |
1588 | = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), | 1596 | = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), |
1589 | ratchet_time); | 1597 | ratchet_time); |
1590 | } | 1598 | } |
1591 | return GNUNET_OK; | 1599 | return GNUNET_OK; |
1592 | } | 1600 | } |
1593 | 1601 | ||
@@ -1609,75 +1617,75 @@ retry_kx (void *cls) | |||
1609 | GCT_2s (t), | 1617 | GCT_2s (t), |
1610 | estate2s (t->estate)); | 1618 | estate2s (t->estate)); |
1611 | switch (t->estate) | 1619 | switch (t->estate) |
1612 | { | ||
1613 | case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */ | ||
1614 | case CADET_TUNNEL_KEY_AX_SENT: /* trying again */ | ||
1615 | send_kx (t, | ||
1616 | NULL, | ||
1617 | &t->ax); | ||
1618 | break; | ||
1619 | case CADET_TUNNEL_KEY_AX_RECV: | ||
1620 | case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: | ||
1621 | /* We are responding, so only require reply | ||
1622 | if WE have a channel waiting. */ | ||
1623 | if (NULL != t->unverified_ax) | ||
1624 | { | ||
1625 | /* Send AX_AUTH so we might get this one verified */ | ||
1626 | ax = t->unverified_ax; | ||
1627 | } | ||
1628 | else | ||
1629 | { | ||
1630 | /* How can this be? */ | ||
1631 | GNUNET_break (0); | ||
1632 | ax = &t->ax; | ||
1633 | } | ||
1634 | send_kx_auth (t, | ||
1635 | NULL, | ||
1636 | ax, | ||
1637 | (0 == GCT_count_channels (t)) | ||
1638 | ? GNUNET_NO | ||
1639 | : GNUNET_YES); | ||
1640 | break; | ||
1641 | case CADET_TUNNEL_KEY_AX_AUTH_SENT: | ||
1642 | /* We are responding, so only require reply | ||
1643 | if WE have a channel waiting. */ | ||
1644 | if (NULL != t->unverified_ax) | ||
1645 | { | ||
1646 | /* Send AX_AUTH so we might get this one verified */ | ||
1647 | ax = t->unverified_ax; | ||
1648 | } | ||
1649 | else | ||
1650 | { | ||
1651 | /* How can this be? */ | ||
1652 | GNUNET_break (0); | ||
1653 | ax = &t->ax; | ||
1654 | } | ||
1655 | send_kx_auth (t, | ||
1656 | NULL, | ||
1657 | ax, | ||
1658 | (0 == GCT_count_channels (t)) | ||
1659 | ? GNUNET_NO | ||
1660 | : GNUNET_YES); | ||
1661 | break; | ||
1662 | case CADET_TUNNEL_KEY_OK: | ||
1663 | /* Must have been the *other* peer asking us to | ||
1664 | respond with a KX_AUTH. */ | ||
1665 | if (NULL != t->unverified_ax) | ||
1666 | { | 1620 | { |
1667 | /* Sending AX_AUTH in response to AX so we might get this one verified */ | 1621 | case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */ |
1668 | ax = t->unverified_ax; | 1622 | case CADET_TUNNEL_KEY_AX_SENT: /* trying again */ |
1669 | } | 1623 | send_kx (t, |
1670 | else | 1624 | NULL, |
1671 | { | 1625 | &t->ax); |
1672 | /* Sending AX_AUTH in response to AX_AUTH */ | 1626 | break; |
1673 | ax = &t->ax; | 1627 | case CADET_TUNNEL_KEY_AX_RECV: |
1628 | case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: | ||
1629 | /* We are responding, so only require reply | ||
1630 | if WE have a channel waiting. */ | ||
1631 | if (NULL != t->unverified_ax) | ||
1632 | { | ||
1633 | /* Send AX_AUTH so we might get this one verified */ | ||
1634 | ax = t->unverified_ax; | ||
1635 | } | ||
1636 | else | ||
1637 | { | ||
1638 | /* How can this be? */ | ||
1639 | GNUNET_break (0); | ||
1640 | ax = &t->ax; | ||
1641 | } | ||
1642 | send_kx_auth (t, | ||
1643 | NULL, | ||
1644 | ax, | ||
1645 | (0 == GCT_count_channels (t)) | ||
1646 | ? GNUNET_NO | ||
1647 | : GNUNET_YES); | ||
1648 | break; | ||
1649 | case CADET_TUNNEL_KEY_AX_AUTH_SENT: | ||
1650 | /* We are responding, so only require reply | ||
1651 | if WE have a channel waiting. */ | ||
1652 | if (NULL != t->unverified_ax) | ||
1653 | { | ||
1654 | /* Send AX_AUTH so we might get this one verified */ | ||
1655 | ax = t->unverified_ax; | ||
1656 | } | ||
1657 | else | ||
1658 | { | ||
1659 | /* How can this be? */ | ||
1660 | GNUNET_break (0); | ||
1661 | ax = &t->ax; | ||
1662 | } | ||
1663 | send_kx_auth (t, | ||
1664 | NULL, | ||
1665 | ax, | ||
1666 | (0 == GCT_count_channels (t)) | ||
1667 | ? GNUNET_NO | ||
1668 | : GNUNET_YES); | ||
1669 | break; | ||
1670 | case CADET_TUNNEL_KEY_OK: | ||
1671 | /* Must have been the *other* peer asking us to | ||
1672 | respond with a KX_AUTH. */ | ||
1673 | if (NULL != t->unverified_ax) | ||
1674 | { | ||
1675 | /* Sending AX_AUTH in response to AX so we might get this one verified */ | ||
1676 | ax = t->unverified_ax; | ||
1677 | } | ||
1678 | else | ||
1679 | { | ||
1680 | /* Sending AX_AUTH in response to AX_AUTH */ | ||
1681 | ax = &t->ax; | ||
1682 | } | ||
1683 | send_kx_auth (t, | ||
1684 | NULL, | ||
1685 | ax, | ||
1686 | GNUNET_NO); | ||
1687 | break; | ||
1674 | } | 1688 | } |
1675 | send_kx_auth (t, | ||
1676 | NULL, | ||
1677 | ax, | ||
1678 | GNUNET_NO); | ||
1679 | break; | ||
1680 | } | ||
1681 | } | 1689 | } |
1682 | 1690 | ||
1683 | 1691 | ||
@@ -1711,75 +1719,75 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1711 | &msg->ephemeral_key, | 1719 | &msg->ephemeral_key, |
1712 | sizeof (msg->ephemeral_key))) ) | 1720 | sizeof (msg->ephemeral_key))) ) |
1713 | 1721 | ||
1714 | { | ||
1715 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1716 | "Got duplicate KX. Firing back KX_AUTH.\n"); | ||
1717 | GNUNET_STATISTICS_update (stats, | ||
1718 | "# Duplicate KX received", | ||
1719 | 1, | ||
1720 | GNUNET_NO); | ||
1721 | send_kx_auth (t, | ||
1722 | ct, | ||
1723 | &t->ax, | ||
1724 | GNUNET_NO); | ||
1725 | return; | ||
1726 | } | ||
1727 | #endif | ||
1728 | /* We only keep ONE unverified KX around, so if there is an existing one, | ||
1729 | clean it up. */ | ||
1730 | if (NULL != t->unverified_ax) | ||
1731 | { | ||
1732 | if ( (0 == | ||
1733 | memcmp (&t->unverified_ax->DHRr, | ||
1734 | &msg->ratchet_key, | ||
1735 | sizeof (msg->ratchet_key))) && | ||
1736 | (0 == | ||
1737 | memcmp (&t->unverified_ax->last_ephemeral, | ||
1738 | &msg->ephemeral_key, | ||
1739 | sizeof (msg->ephemeral_key))) ) | ||
1740 | { | 1722 | { |
1741 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1723 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1742 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", | 1724 | "Got duplicate KX. Firing back KX_AUTH.\n"); |
1743 | GCT_2s (t)); | ||
1744 | GNUNET_STATISTICS_update (stats, | 1725 | GNUNET_STATISTICS_update (stats, |
1745 | "# Duplicate unverified KX received", | 1726 | "# Duplicate KX received", |
1746 | 1, | 1727 | 1, |
1747 | GNUNET_NO); | 1728 | GNUNET_NO); |
1748 | #if 1 | ||
1749 | send_kx_auth (t, | 1729 | send_kx_auth (t, |
1750 | ct, | 1730 | ct, |
1751 | t->unverified_ax, | 1731 | &t->ax, |
1752 | GNUNET_NO); | 1732 | GNUNET_NO); |
1753 | return; | 1733 | return; |
1734 | } | ||
1735 | #endif | ||
1736 | /* We only keep ONE unverified KX around, so if there is an existing one, | ||
1737 | clean it up. */ | ||
1738 | if (NULL != t->unverified_ax) | ||
1739 | { | ||
1740 | if ( (0 == | ||
1741 | memcmp (&t->unverified_ax->DHRr, | ||
1742 | &msg->ratchet_key, | ||
1743 | sizeof (msg->ratchet_key))) && | ||
1744 | (0 == | ||
1745 | memcmp (&t->unverified_ax->last_ephemeral, | ||
1746 | &msg->ephemeral_key, | ||
1747 | sizeof (msg->ephemeral_key))) ) | ||
1748 | { | ||
1749 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1750 | "Got duplicate unverified KX on %s. Fire back KX_AUTH again.\n", | ||
1751 | GCT_2s (t)); | ||
1752 | GNUNET_STATISTICS_update (stats, | ||
1753 | "# Duplicate unverified KX received", | ||
1754 | 1, | ||
1755 | GNUNET_NO); | ||
1756 | #if 1 | ||
1757 | send_kx_auth (t, | ||
1758 | ct, | ||
1759 | t->unverified_ax, | ||
1760 | GNUNET_NO); | ||
1761 | return; | ||
1754 | #endif | 1762 | #endif |
1763 | } | ||
1764 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1765 | "Dropping old unverified KX state. Got a fresh KX for %s.\n", | ||
1766 | GCT_2s (t)); | ||
1767 | GNUNET_STATISTICS_update (stats, | ||
1768 | "# Unverified KX dropped for fresh KX", | ||
1769 | 1, | ||
1770 | GNUNET_NO); | ||
1771 | GNUNET_break (NULL == t->unverified_ax->skipped_head); | ||
1772 | memset (t->unverified_ax, | ||
1773 | 0, | ||
1774 | sizeof (struct CadetTunnelAxolotl)); | ||
1775 | t->unverified_ax->DHRs = t->ax.DHRs; | ||
1776 | t->unverified_ax->kx_0 = t->ax.kx_0; | ||
1755 | } | 1777 | } |
1756 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1757 | "Dropping old unverified KX state. Got a fresh KX for %s.\n", | ||
1758 | GCT_2s (t)); | ||
1759 | GNUNET_STATISTICS_update (stats, | ||
1760 | "# Unverified KX dropped for fresh KX", | ||
1761 | 1, | ||
1762 | GNUNET_NO); | ||
1763 | GNUNET_break (NULL == t->unverified_ax->skipped_head); | ||
1764 | memset (t->unverified_ax, | ||
1765 | 0, | ||
1766 | sizeof (struct CadetTunnelAxolotl)); | ||
1767 | t->unverified_ax->DHRs = t->ax.DHRs; | ||
1768 | t->unverified_ax->kx_0 = t->ax.kx_0; | ||
1769 | } | ||
1770 | else | 1778 | else |
1771 | { | 1779 | { |
1772 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1780 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
1773 | "Creating fresh unverified KX for %s.\n", | 1781 | "Creating fresh unverified KX for %s.\n", |
1774 | GCT_2s (t)); | 1782 | GCT_2s (t)); |
1775 | GNUNET_STATISTICS_update (stats, | 1783 | GNUNET_STATISTICS_update (stats, |
1776 | "# Fresh KX setup", | 1784 | "# Fresh KX setup", |
1777 | 1, | 1785 | 1, |
1778 | GNUNET_NO); | 1786 | GNUNET_NO); |
1779 | t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl); | 1787 | t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl); |
1780 | t->unverified_ax->DHRs = t->ax.DHRs; | 1788 | t->unverified_ax->DHRs = t->ax.DHRs; |
1781 | t->unverified_ax->kx_0 = t->ax.kx_0; | 1789 | t->unverified_ax->kx_0 = t->ax.kx_0; |
1782 | } | 1790 | } |
1783 | /* Set as the 'current' RK/DHRr the one we are currently using, | 1791 | /* Set as the 'current' RK/DHRr the one we are currently using, |
1784 | so that the duplicate-detection logic of | 1792 | so that the duplicate-detection logic of |
1785 | #update_ax_by_kx can work. */ | 1793 | #update_ax_by_kx can work. */ |
@@ -1795,13 +1803,13 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1795 | &msg->ratchet_key); | 1803 | &msg->ratchet_key); |
1796 | GNUNET_break (GNUNET_SYSERR != ret); | 1804 | GNUNET_break (GNUNET_SYSERR != ret); |
1797 | if (GNUNET_OK != ret) | 1805 | if (GNUNET_OK != ret) |
1798 | { | 1806 | { |
1799 | GNUNET_STATISTICS_update (stats, | 1807 | GNUNET_STATISTICS_update (stats, |
1800 | "# Useless KX", | 1808 | "# Useless KX", |
1801 | 1, | 1809 | 1, |
1802 | GNUNET_NO); | 1810 | GNUNET_NO); |
1803 | return; /* duplicate KX, nothing to do */ | 1811 | return; /* duplicate KX, nothing to do */ |
1804 | } | 1812 | } |
1805 | /* move ahead in our state machine */ | 1813 | /* move ahead in our state machine */ |
1806 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) | 1814 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) |
1807 | GCT_change_estate (t, | 1815 | GCT_change_estate (t, |
@@ -1812,13 +1820,13 @@ GCT_handle_kx (struct CadetTConnection *ct, | |||
1812 | 1820 | ||
1813 | /* KX is still not done, try again our end. */ | 1821 | /* KX is still not done, try again our end. */ |
1814 | if (CADET_TUNNEL_KEY_OK != t->estate) | 1822 | if (CADET_TUNNEL_KEY_OK != t->estate) |
1815 | { | 1823 | { |
1816 | if (NULL != t->kx_task) | 1824 | if (NULL != t->kx_task) |
1817 | GNUNET_SCHEDULER_cancel (t->kx_task); | 1825 | GNUNET_SCHEDULER_cancel (t->kx_task); |
1818 | t->kx_task | 1826 | t->kx_task |
1819 | = GNUNET_SCHEDULER_add_now (&retry_kx, | 1827 | = GNUNET_SCHEDULER_add_now (&retry_kx, |
1820 | t); | 1828 | t); |
1821 | } | 1829 | } |
1822 | } | 1830 | } |
1823 | 1831 | ||
1824 | 1832 | ||
@@ -1843,16 +1851,33 @@ GCT_handle_kx_auth (struct CadetTConnection *ct, | |||
1843 | GNUNET_NO); | 1851 | GNUNET_NO); |
1844 | if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) || | 1852 | if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) || |
1845 | (CADET_TUNNEL_KEY_AX_RECV == t->estate) ) | 1853 | (CADET_TUNNEL_KEY_AX_RECV == t->estate) ) |
1854 | { | ||
1855 | /* Confusing, we got a KX_AUTH before we even send our own | ||
1856 | KX. This should not happen. We'll send our own KX ASAP anyway, | ||
1857 | so let's ignore this here. */ | ||
1858 | GNUNET_break_op (0); | ||
1859 | return; | ||
1860 | } | ||
1861 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1862 | "Handling KX_AUTH message for %s with E=%s and R=%s and A=%s\n", | ||
1863 | GCT_2s (t), | ||
1864 | GNUNET_e2s (&msg->kx.ephemeral_key), | ||
1865 | GNUNET_e2s2 (&msg->kx.ratchet_key), | ||
1866 | GNUNET_h2s (&msg->auth)); | ||
1846 | { | 1867 | { |
1847 | /* Confusing, we got a KX_AUTH before we even send our own | 1868 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; |
1848 | KX. This should not happen. We'll send our own KX ASAP anyway, | 1869 | struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key; |
1849 | so let's ignore this here. */ | 1870 | |
1850 | GNUNET_break_op (0); | 1871 | GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.kx_0, |
1851 | return; | 1872 | &ephemeral_key); |
1873 | GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs, | ||
1874 | &ratchet_key); | ||
1875 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1876 | "... my E=%s and R=%s\n", | ||
1877 | GNUNET_e2s2 (&ephemeral_key), | ||
1878 | GNUNET_e2s (&ratchet_key)); | ||
1852 | } | 1879 | } |
1853 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 1880 | |
1854 | "Handling KX_AUTH message for %s\n", | ||
1855 | GCT_2s (t)); | ||
1856 | 1881 | ||
1857 | /* We do everything in ax_tmp until we've checked the authentication | 1882 | /* We do everything in ax_tmp until we've checked the authentication |
1858 | so we don't clobber anything we care about by accident. */ | 1883 | so we don't clobber anything we care about by accident. */ |
@@ -1887,6 +1912,10 @@ GCT_handle_kx_auth (struct CadetTConnection *ct, | |||
1887 | "# KX_AUTH not using our last KX received (auth failure)", | 1912 | "# KX_AUTH not using our last KX received (auth failure)", |
1888 | 1, | 1913 | 1, |
1889 | GNUNET_NO); | 1914 | GNUNET_NO); |
1915 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
1916 | "AUTH missmatch: got %s, expected %s\n", | ||
1917 | GNUNET_h2s (&msg->auth), | ||
1918 | GNUNET_h2s2 (&kx_auth)); | ||
1890 | send_kx (t, | 1919 | send_kx (t, |
1891 | ct, | 1920 | ct, |
1892 | &t->ax); | 1921 | &t->ax); |