diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-03-01 23:53:16 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-03-01 23:53:16 +0000 |
commit | 4bee6d11ba8ac5554e906d60b0fce0ed2a737a97 (patch) | |
tree | e6c4a7b1107243bb24ba4040968208016e2f7ea2 /src/core/gnunet-service-core_kx.c | |
parent | 5d014c83b064bcbe43f035feb575f8af84ea8261 (diff) | |
download | gnunet-4bee6d11ba8ac5554e906d60b0fce0ed2a737a97.tar.gz gnunet-4bee6d11ba8ac5554e906d60b0fce0ed2a737a97.zip |
-doxygen, comments, indentation
Diffstat (limited to 'src/core/gnunet-service-core_kx.c')
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 92 |
1 files changed, 59 insertions, 33 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index f64d2c066..0fc5ecf25 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -144,7 +144,7 @@ struct PingMessage | |||
144 | struct GNUNET_PeerIdentity target; | 144 | struct GNUNET_PeerIdentity target; |
145 | 145 | ||
146 | /** | 146 | /** |
147 | * Random number chosen to make reply harder. | 147 | * Random number chosen to make replay harder. |
148 | */ | 148 | */ |
149 | uint32_t challenge GNUNET_PACKED; | 149 | uint32_t challenge GNUNET_PACKED; |
150 | }; | 150 | }; |
@@ -166,8 +166,7 @@ struct PongMessage | |||
166 | uint32_t iv_seed GNUNET_PACKED; | 166 | uint32_t iv_seed GNUNET_PACKED; |
167 | 167 | ||
168 | /** | 168 | /** |
169 | * Random number to make faking the reply harder. Must be | 169 | * Random number to make replay attacks harder. |
170 | * first field after header (this is where we start to encrypt!). | ||
171 | */ | 170 | */ |
172 | uint32_t challenge GNUNET_PACKED; | 171 | uint32_t challenge GNUNET_PACKED; |
173 | 172 | ||
@@ -191,7 +190,7 @@ struct PongMessage | |||
191 | struct EncryptedMessage | 190 | struct EncryptedMessage |
192 | { | 191 | { |
193 | /** | 192 | /** |
194 | * Message type is either #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE. | 193 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE. |
195 | */ | 194 | */ |
196 | struct GNUNET_MessageHeader header; | 195 | struct GNUNET_MessageHeader header; |
197 | 196 | ||
@@ -201,10 +200,10 @@ struct EncryptedMessage | |||
201 | uint32_t iv_seed GNUNET_PACKED; | 200 | uint32_t iv_seed GNUNET_PACKED; |
202 | 201 | ||
203 | /** | 202 | /** |
204 | * MAC of the encrypted message (starting at 'sequence_number'), | 203 | * MAC of the encrypted message (starting at @e sequence_number), |
205 | * used to verify message integrity. Everything after this value | 204 | * used to verify message integrity. Everything after this value |
206 | * (excluding this value itself) will be encrypted and authenticated. | 205 | * (excluding this value itself) will be encrypted and authenticated. |
207 | * ENCRYPTED_HEADER_SIZE must be set to the offset of the *next* field. | 206 | * #ENCRYPTED_HEADER_SIZE must be set to the offset of the *next* field. |
208 | */ | 207 | */ |
209 | struct GNUNET_HashCode hmac; | 208 | struct GNUNET_HashCode hmac; |
210 | 209 | ||
@@ -220,7 +219,7 @@ struct EncryptedMessage | |||
220 | uint32_t reserved; | 219 | uint32_t reserved; |
221 | 220 | ||
222 | /** | 221 | /** |
223 | * Timestamp. Used to prevent reply of ancient messages | 222 | * Timestamp. Used to prevent replay of ancient messages |
224 | * (recent messages are caught with the sequence number). | 223 | * (recent messages are caught with the sequence number). |
225 | */ | 224 | */ |
226 | struct GNUNET_TIME_AbsoluteNBO timestamp; | 225 | struct GNUNET_TIME_AbsoluteNBO timestamp; |
@@ -302,12 +301,12 @@ struct GSC_KeyExchangeInfo | |||
302 | /** | 301 | /** |
303 | * ID of task used for re-trying SET_KEY and PING message. | 302 | * ID of task used for re-trying SET_KEY and PING message. |
304 | */ | 303 | */ |
305 | struct GNUNET_SCHEDULER_Task * retry_set_key_task; | 304 | struct GNUNET_SCHEDULER_Task *retry_set_key_task; |
306 | 305 | ||
307 | /** | 306 | /** |
308 | * ID of task used for sending keep-alive pings. | 307 | * ID of task used for sending keep-alive pings. |
309 | */ | 308 | */ |
310 | struct GNUNET_SCHEDULER_Task * keep_alive_task; | 309 | struct GNUNET_SCHEDULER_Task *keep_alive_task; |
311 | 310 | ||
312 | /** | 311 | /** |
313 | * Bit map indicating which of the 32 sequence numbers before the last | 312 | * Bit map indicating which of the 32 sequence numbers before the last |
@@ -373,7 +372,7 @@ static struct GSC_KeyExchangeInfo *kx_tail; | |||
373 | * Task scheduled for periodic re-generation (and thus rekeying) of our | 372 | * Task scheduled for periodic re-generation (and thus rekeying) of our |
374 | * ephemeral key. | 373 | * ephemeral key. |
375 | */ | 374 | */ |
376 | static struct GNUNET_SCHEDULER_Task * rekey_task; | 375 | static struct GNUNET_SCHEDULER_Task *rekey_task; |
377 | 376 | ||
378 | /** | 377 | /** |
379 | * Notification context for all monitors. | 378 | * Notification context for all monitors. |
@@ -476,12 +475,14 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, | |||
476 | */ | 475 | */ |
477 | static void | 476 | static void |
478 | derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 477 | derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
479 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, | 478 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
479 | uint32_t seed, | ||
480 | const struct GNUNET_PeerIdentity *identity) | 480 | const struct GNUNET_PeerIdentity *identity) |
481 | { | 481 | { |
482 | static const char ctx[] = "initialization vector"; | 482 | static const char ctx[] = "initialization vector"; |
483 | 483 | ||
484 | GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, &seed, sizeof (seed), | 484 | GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, |
485 | &seed, sizeof (seed), | ||
485 | identity, | 486 | identity, |
486 | sizeof (struct GNUNET_PeerIdentity), ctx, | 487 | sizeof (struct GNUNET_PeerIdentity), ctx, |
487 | sizeof (ctx), NULL); | 488 | sizeof (ctx), NULL); |
@@ -499,12 +500,15 @@ derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
499 | */ | 500 | */ |
500 | static void | 501 | static void |
501 | derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 502 | derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
502 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, | 503 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
503 | uint32_t challenge, const struct GNUNET_PeerIdentity *identity) | 504 | uint32_t seed, |
505 | uint32_t challenge, | ||
506 | const struct GNUNET_PeerIdentity *identity) | ||
504 | { | 507 | { |
505 | static const char ctx[] = "pong initialization vector"; | 508 | static const char ctx[] = "pong initialization vector"; |
506 | 509 | ||
507 | GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, &seed, sizeof (seed), | 510 | GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, |
511 | &seed, sizeof (seed), | ||
508 | identity, | 512 | identity, |
509 | sizeof (struct GNUNET_PeerIdentity), | 513 | sizeof (struct GNUNET_PeerIdentity), |
510 | &challenge, sizeof (challenge), | 514 | &challenge, sizeof (challenge), |
@@ -552,7 +556,9 @@ derive_aes_key (const struct GNUNET_PeerIdentity *sender, | |||
552 | static int | 556 | static int |
553 | do_encrypt (struct GSC_KeyExchangeInfo *kx, | 557 | do_encrypt (struct GSC_KeyExchangeInfo *kx, |
554 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 558 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
555 | const void *in, void *out, size_t size) | 559 | const void *in, |
560 | void *out, | ||
561 | size_t size) | ||
556 | { | 562 | { |
557 | if (size != (uint16_t) size) | 563 | if (size != (uint16_t) size) |
558 | { | 564 | { |
@@ -594,7 +600,9 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx, | |||
594 | static int | 600 | static int |
595 | do_decrypt (struct GSC_KeyExchangeInfo *kx, | 601 | do_decrypt (struct GSC_KeyExchangeInfo *kx, |
596 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 602 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
597 | const void *in, void *out, size_t size) | 603 | const void *in, |
604 | void *out, | ||
605 | size_t size) | ||
598 | { | 606 | { |
599 | if (size != (uint16_t) size) | 607 | if (size != (uint16_t) size) |
600 | { | 608 | { |
@@ -754,12 +762,12 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx) | |||
754 | GSC_SESSIONS_end (&kx->peer); | 762 | GSC_SESSIONS_end (&kx->peer); |
755 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# key exchanges stopped"), | 763 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# key exchanges stopped"), |
756 | 1, GNUNET_NO); | 764 | 1, GNUNET_NO); |
757 | if (kx->retry_set_key_task != NULL) | 765 | if (NULL != kx->retry_set_key_task) |
758 | { | 766 | { |
759 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | 767 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
760 | kx->retry_set_key_task = NULL; | 768 | kx->retry_set_key_task = NULL; |
761 | } | 769 | } |
762 | if (kx->keep_alive_task != NULL) | 770 | if (NULL != kx->keep_alive_task) |
763 | { | 771 | { |
764 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); | 772 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); |
765 | kx->keep_alive_task = NULL; | 773 | kx->keep_alive_task = NULL; |
@@ -1035,7 +1043,9 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
1035 | return; | 1043 | return; |
1036 | } | 1044 | } |
1037 | if (0 != | 1045 | if (0 != |
1038 | memcmp (&t.target, &GSC_my_identity, sizeof (struct GNUNET_PeerIdentity))) | 1046 | memcmp (&t.target, |
1047 | &GSC_my_identity, | ||
1048 | sizeof (struct GNUNET_PeerIdentity))) | ||
1039 | { | 1049 | { |
1040 | char sender[9]; | 1050 | char sender[9]; |
1041 | char peer[9]; | 1051 | char peer[9]; |
@@ -1043,9 +1053,10 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
1043 | GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&kx->peer)); | 1053 | GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&kx->peer)); |
1044 | GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target)); | 1054 | GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target)); |
1045 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1055 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1046 | _ | 1056 | _("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"), |
1047 | ("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"), | 1057 | sender, |
1048 | sender, GNUNET_i2s (&GSC_my_identity), peer); | 1058 | GNUNET_i2s (&GSC_my_identity), |
1059 | peer); | ||
1049 | GNUNET_break_op (0); | 1060 | GNUNET_break_op (0); |
1050 | return; | 1061 | return; |
1051 | } | 1062 | } |
@@ -1056,12 +1067,21 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
1056 | tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); | 1067 | tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); |
1057 | tp.header.size = htons (sizeof (struct PongMessage)); | 1068 | tp.header.size = htons (sizeof (struct PongMessage)); |
1058 | tp.iv_seed = calculate_seed (kx); | 1069 | tp.iv_seed = calculate_seed (kx); |
1059 | derive_pong_iv (&iv, &kx->encrypt_key, tp.iv_seed, t.challenge, &kx->peer); | 1070 | derive_pong_iv (&iv, |
1060 | do_encrypt (kx, &iv, &tx.challenge, &tp.challenge, | 1071 | &kx->encrypt_key, |
1072 | tp.iv_seed, | ||
1073 | t.challenge, | ||
1074 | &kx->peer); | ||
1075 | do_encrypt (kx, | ||
1076 | &iv, | ||
1077 | &tx.challenge, | ||
1078 | &tp.challenge, | ||
1061 | sizeof (struct PongMessage) - ((void *) &tp.challenge - | 1079 | sizeof (struct PongMessage) - ((void *) &tp.challenge - |
1062 | (void *) &tp)); | 1080 | (void *) &tp)); |
1063 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# PONG messages created"), | 1081 | GNUNET_STATISTICS_update (GSC_stats, |
1064 | 1, GNUNET_NO); | 1082 | gettext_noop ("# PONG messages created"), |
1083 | 1, | ||
1084 | GNUNET_NO); | ||
1065 | GSC_NEIGHBOURS_transmit (&kx->peer, | 1085 | GSC_NEIGHBOURS_transmit (&kx->peer, |
1066 | &tp.header, | 1086 | &tp.header, |
1067 | GNUNET_TIME_UNIT_FOREVER_REL /* FIXME: timeout */ ); | 1087 | GNUNET_TIME_UNIT_FOREVER_REL /* FIXME: timeout */ ); |
@@ -1072,11 +1092,12 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
1072 | * Task triggered when a neighbour entry is about to time out | 1092 | * Task triggered when a neighbour entry is about to time out |
1073 | * (and we should prevent this by sending a PING). | 1093 | * (and we should prevent this by sending a PING). |
1074 | * | 1094 | * |
1075 | * @param cls the 'struct GSC_KeyExchangeInfo' | 1095 | * @param cls the `struct GSC_KeyExchangeInfo` |
1076 | * @param tc scheduler context (not used) | 1096 | * @param tc scheduler context (not used) |
1077 | */ | 1097 | */ |
1078 | static void | 1098 | static void |
1079 | send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | 1099 | send_keep_alive (void *cls, |
1100 | const struct GNUNET_SCHEDULER_TaskContext *tc) | ||
1080 | { | 1101 | { |
1081 | struct GSC_KeyExchangeInfo *kx = cls; | 1102 | struct GSC_KeyExchangeInfo *kx = cls; |
1082 | struct GNUNET_TIME_Relative retry; | 1103 | struct GNUNET_TIME_Relative retry; |
@@ -1088,17 +1109,20 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
1088 | { | 1109 | { |
1089 | GNUNET_STATISTICS_update (GSC_stats, | 1110 | GNUNET_STATISTICS_update (GSC_stats, |
1090 | gettext_noop ("# sessions terminated by timeout"), | 1111 | gettext_noop ("# sessions terminated by timeout"), |
1091 | 1, GNUNET_NO); | 1112 | 1, |
1113 | GNUNET_NO); | ||
1092 | GSC_SESSIONS_end (&kx->peer); | 1114 | GSC_SESSIONS_end (&kx->peer); |
1093 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; | 1115 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; |
1094 | monitor_notify_all (kx); | 1116 | monitor_notify_all (kx); |
1095 | send_key (kx); | 1117 | send_key (kx); |
1096 | return; | 1118 | return; |
1097 | } | 1119 | } |
1098 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending KEEPALIVE to `%s'\n", | 1120 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1121 | "Sending KEEPALIVE to `%s'\n", | ||
1099 | GNUNET_i2s (&kx->peer)); | 1122 | GNUNET_i2s (&kx->peer)); |
1100 | GNUNET_STATISTICS_update (GSC_stats, | 1123 | GNUNET_STATISTICS_update (GSC_stats, |
1101 | gettext_noop ("# keepalive messages sent"), 1, | 1124 | gettext_noop ("# keepalive messages sent"), |
1125 | 1, | ||
1102 | GNUNET_NO); | 1126 | GNUNET_NO); |
1103 | setup_fresh_ping (kx); | 1127 | setup_fresh_ping (kx); |
1104 | GSC_NEIGHBOURS_transmit (&kx->peer, | 1128 | GSC_NEIGHBOURS_transmit (&kx->peer, |
@@ -1108,7 +1132,9 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
1108 | GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2), | 1132 | GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2), |
1109 | MIN_PING_FREQUENCY); | 1133 | MIN_PING_FREQUENCY); |
1110 | kx->keep_alive_task = | 1134 | kx->keep_alive_task = |
1111 | GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx); | 1135 | GNUNET_SCHEDULER_add_delayed (retry, |
1136 | &send_keep_alive, | ||
1137 | kx); | ||
1112 | } | 1138 | } |
1113 | 1139 | ||
1114 | 1140 | ||