aboutsummaryrefslogtreecommitdiff
path: root/src/core/gnunet-service-core_kx.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-03-01 23:53:16 +0000
committerChristian Grothoff <christian@grothoff.org>2015-03-01 23:53:16 +0000
commit4bee6d11ba8ac5554e906d60b0fce0ed2a737a97 (patch)
treee6c4a7b1107243bb24ba4040968208016e2f7ea2 /src/core/gnunet-service-core_kx.c
parent5d014c83b064bcbe43f035feb575f8af84ea8261 (diff)
downloadgnunet-4bee6d11ba8ac5554e906d60b0fce0ed2a737a97.tar.gz
gnunet-4bee6d11ba8ac5554e906d60b0fce0ed2a737a97.zip
-doxygen, comments, indentation
Diffstat (limited to 'src/core/gnunet-service-core_kx.c')
-rw-r--r--src/core/gnunet-service-core_kx.c92
1 files changed, 59 insertions, 33 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index f64d2c066..0fc5ecf25 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -144,7 +144,7 @@ struct PingMessage
144 struct GNUNET_PeerIdentity target; 144 struct GNUNET_PeerIdentity target;
145 145
146 /** 146 /**
147 * Random number chosen to make reply harder. 147 * Random number chosen to make replay harder.
148 */ 148 */
149 uint32_t challenge GNUNET_PACKED; 149 uint32_t challenge GNUNET_PACKED;
150}; 150};
@@ -166,8 +166,7 @@ struct PongMessage
166 uint32_t iv_seed GNUNET_PACKED; 166 uint32_t iv_seed GNUNET_PACKED;
167 167
168 /** 168 /**
169 * Random number to make faking the reply harder. Must be 169 * Random number to make replay attacks harder.
170 * first field after header (this is where we start to encrypt!).
171 */ 170 */
172 uint32_t challenge GNUNET_PACKED; 171 uint32_t challenge GNUNET_PACKED;
173 172
@@ -191,7 +190,7 @@ struct PongMessage
191struct EncryptedMessage 190struct EncryptedMessage
192{ 191{
193 /** 192 /**
194 * Message type is either #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE. 193 * Message type is #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE.
195 */ 194 */
196 struct GNUNET_MessageHeader header; 195 struct GNUNET_MessageHeader header;
197 196
@@ -201,10 +200,10 @@ struct EncryptedMessage
201 uint32_t iv_seed GNUNET_PACKED; 200 uint32_t iv_seed GNUNET_PACKED;
202 201
203 /** 202 /**
204 * MAC of the encrypted message (starting at 'sequence_number'), 203 * MAC of the encrypted message (starting at @e sequence_number),
205 * used to verify message integrity. Everything after this value 204 * used to verify message integrity. Everything after this value
206 * (excluding this value itself) will be encrypted and authenticated. 205 * (excluding this value itself) will be encrypted and authenticated.
207 * ENCRYPTED_HEADER_SIZE must be set to the offset of the *next* field. 206 * #ENCRYPTED_HEADER_SIZE must be set to the offset of the *next* field.
208 */ 207 */
209 struct GNUNET_HashCode hmac; 208 struct GNUNET_HashCode hmac;
210 209
@@ -220,7 +219,7 @@ struct EncryptedMessage
220 uint32_t reserved; 219 uint32_t reserved;
221 220
222 /** 221 /**
223 * Timestamp. Used to prevent reply of ancient messages 222 * Timestamp. Used to prevent replay of ancient messages
224 * (recent messages are caught with the sequence number). 223 * (recent messages are caught with the sequence number).
225 */ 224 */
226 struct GNUNET_TIME_AbsoluteNBO timestamp; 225 struct GNUNET_TIME_AbsoluteNBO timestamp;
@@ -302,12 +301,12 @@ struct GSC_KeyExchangeInfo
302 /** 301 /**
303 * ID of task used for re-trying SET_KEY and PING message. 302 * ID of task used for re-trying SET_KEY and PING message.
304 */ 303 */
305 struct GNUNET_SCHEDULER_Task * retry_set_key_task; 304 struct GNUNET_SCHEDULER_Task *retry_set_key_task;
306 305
307 /** 306 /**
308 * ID of task used for sending keep-alive pings. 307 * ID of task used for sending keep-alive pings.
309 */ 308 */
310 struct GNUNET_SCHEDULER_Task * keep_alive_task; 309 struct GNUNET_SCHEDULER_Task *keep_alive_task;
311 310
312 /** 311 /**
313 * Bit map indicating which of the 32 sequence numbers before the last 312 * Bit map indicating which of the 32 sequence numbers before the last
@@ -373,7 +372,7 @@ static struct GSC_KeyExchangeInfo *kx_tail;
373 * Task scheduled for periodic re-generation (and thus rekeying) of our 372 * Task scheduled for periodic re-generation (and thus rekeying) of our
374 * ephemeral key. 373 * ephemeral key.
375 */ 374 */
376static struct GNUNET_SCHEDULER_Task * rekey_task; 375static struct GNUNET_SCHEDULER_Task *rekey_task;
377 376
378/** 377/**
379 * Notification context for all monitors. 378 * Notification context for all monitors.
@@ -476,12 +475,14 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey,
476 */ 475 */
477static void 476static void
478derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 477derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
479 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, 478 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
479 uint32_t seed,
480 const struct GNUNET_PeerIdentity *identity) 480 const struct GNUNET_PeerIdentity *identity)
481{ 481{
482 static const char ctx[] = "initialization vector"; 482 static const char ctx[] = "initialization vector";
483 483
484 GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, &seed, sizeof (seed), 484 GNUNET_CRYPTO_symmetric_derive_iv (iv, skey,
485 &seed, sizeof (seed),
485 identity, 486 identity,
486 sizeof (struct GNUNET_PeerIdentity), ctx, 487 sizeof (struct GNUNET_PeerIdentity), ctx,
487 sizeof (ctx), NULL); 488 sizeof (ctx), NULL);
@@ -499,12 +500,15 @@ derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
499 */ 500 */
500static void 501static void
501derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 502derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
502 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, 503 const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
503 uint32_t challenge, const struct GNUNET_PeerIdentity *identity) 504 uint32_t seed,
505 uint32_t challenge,
506 const struct GNUNET_PeerIdentity *identity)
504{ 507{
505 static const char ctx[] = "pong initialization vector"; 508 static const char ctx[] = "pong initialization vector";
506 509
507 GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, &seed, sizeof (seed), 510 GNUNET_CRYPTO_symmetric_derive_iv (iv, skey,
511 &seed, sizeof (seed),
508 identity, 512 identity,
509 sizeof (struct GNUNET_PeerIdentity), 513 sizeof (struct GNUNET_PeerIdentity),
510 &challenge, sizeof (challenge), 514 &challenge, sizeof (challenge),
@@ -552,7 +556,9 @@ derive_aes_key (const struct GNUNET_PeerIdentity *sender,
552static int 556static int
553do_encrypt (struct GSC_KeyExchangeInfo *kx, 557do_encrypt (struct GSC_KeyExchangeInfo *kx,
554 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 558 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
555 const void *in, void *out, size_t size) 559 const void *in,
560 void *out,
561 size_t size)
556{ 562{
557 if (size != (uint16_t) size) 563 if (size != (uint16_t) size)
558 { 564 {
@@ -594,7 +600,9 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx,
594static int 600static int
595do_decrypt (struct GSC_KeyExchangeInfo *kx, 601do_decrypt (struct GSC_KeyExchangeInfo *kx,
596 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 602 const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
597 const void *in, void *out, size_t size) 603 const void *in,
604 void *out,
605 size_t size)
598{ 606{
599 if (size != (uint16_t) size) 607 if (size != (uint16_t) size)
600 { 608 {
@@ -754,12 +762,12 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx)
754 GSC_SESSIONS_end (&kx->peer); 762 GSC_SESSIONS_end (&kx->peer);
755 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# key exchanges stopped"), 763 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# key exchanges stopped"),
756 1, GNUNET_NO); 764 1, GNUNET_NO);
757 if (kx->retry_set_key_task != NULL) 765 if (NULL != kx->retry_set_key_task)
758 { 766 {
759 GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); 767 GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
760 kx->retry_set_key_task = NULL; 768 kx->retry_set_key_task = NULL;
761 } 769 }
762 if (kx->keep_alive_task != NULL) 770 if (NULL != kx->keep_alive_task)
763 { 771 {
764 GNUNET_SCHEDULER_cancel (kx->keep_alive_task); 772 GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
765 kx->keep_alive_task = NULL; 773 kx->keep_alive_task = NULL;
@@ -1035,7 +1043,9 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx,
1035 return; 1043 return;
1036 } 1044 }
1037 if (0 != 1045 if (0 !=
1038 memcmp (&t.target, &GSC_my_identity, sizeof (struct GNUNET_PeerIdentity))) 1046 memcmp (&t.target,
1047 &GSC_my_identity,
1048 sizeof (struct GNUNET_PeerIdentity)))
1039 { 1049 {
1040 char sender[9]; 1050 char sender[9];
1041 char peer[9]; 1051 char peer[9];
@@ -1043,9 +1053,10 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx,
1043 GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&kx->peer)); 1053 GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&kx->peer));
1044 GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target)); 1054 GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target));
1045 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 1055 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1046 _ 1056 _("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"),
1047 ("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"), 1057 sender,
1048 sender, GNUNET_i2s (&GSC_my_identity), peer); 1058 GNUNET_i2s (&GSC_my_identity),
1059 peer);
1049 GNUNET_break_op (0); 1060 GNUNET_break_op (0);
1050 return; 1061 return;
1051 } 1062 }
@@ -1056,12 +1067,21 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx,
1056 tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); 1067 tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG);
1057 tp.header.size = htons (sizeof (struct PongMessage)); 1068 tp.header.size = htons (sizeof (struct PongMessage));
1058 tp.iv_seed = calculate_seed (kx); 1069 tp.iv_seed = calculate_seed (kx);
1059 derive_pong_iv (&iv, &kx->encrypt_key, tp.iv_seed, t.challenge, &kx->peer); 1070 derive_pong_iv (&iv,
1060 do_encrypt (kx, &iv, &tx.challenge, &tp.challenge, 1071 &kx->encrypt_key,
1072 tp.iv_seed,
1073 t.challenge,
1074 &kx->peer);
1075 do_encrypt (kx,
1076 &iv,
1077 &tx.challenge,
1078 &tp.challenge,
1061 sizeof (struct PongMessage) - ((void *) &tp.challenge - 1079 sizeof (struct PongMessage) - ((void *) &tp.challenge -
1062 (void *) &tp)); 1080 (void *) &tp));
1063 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# PONG messages created"), 1081 GNUNET_STATISTICS_update (GSC_stats,
1064 1, GNUNET_NO); 1082 gettext_noop ("# PONG messages created"),
1083 1,
1084 GNUNET_NO);
1065 GSC_NEIGHBOURS_transmit (&kx->peer, 1085 GSC_NEIGHBOURS_transmit (&kx->peer,
1066 &tp.header, 1086 &tp.header,
1067 GNUNET_TIME_UNIT_FOREVER_REL /* FIXME: timeout */ ); 1087 GNUNET_TIME_UNIT_FOREVER_REL /* FIXME: timeout */ );
@@ -1072,11 +1092,12 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx,
1072 * Task triggered when a neighbour entry is about to time out 1092 * Task triggered when a neighbour entry is about to time out
1073 * (and we should prevent this by sending a PING). 1093 * (and we should prevent this by sending a PING).
1074 * 1094 *
1075 * @param cls the 'struct GSC_KeyExchangeInfo' 1095 * @param cls the `struct GSC_KeyExchangeInfo`
1076 * @param tc scheduler context (not used) 1096 * @param tc scheduler context (not used)
1077 */ 1097 */
1078static void 1098static void
1079send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) 1099send_keep_alive (void *cls,
1100 const struct GNUNET_SCHEDULER_TaskContext *tc)
1080{ 1101{
1081 struct GSC_KeyExchangeInfo *kx = cls; 1102 struct GSC_KeyExchangeInfo *kx = cls;
1082 struct GNUNET_TIME_Relative retry; 1103 struct GNUNET_TIME_Relative retry;
@@ -1088,17 +1109,20 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
1088 { 1109 {
1089 GNUNET_STATISTICS_update (GSC_stats, 1110 GNUNET_STATISTICS_update (GSC_stats,
1090 gettext_noop ("# sessions terminated by timeout"), 1111 gettext_noop ("# sessions terminated by timeout"),
1091 1, GNUNET_NO); 1112 1,
1113 GNUNET_NO);
1092 GSC_SESSIONS_end (&kx->peer); 1114 GSC_SESSIONS_end (&kx->peer);
1093 kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; 1115 kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
1094 monitor_notify_all (kx); 1116 monitor_notify_all (kx);
1095 send_key (kx); 1117 send_key (kx);
1096 return; 1118 return;
1097 } 1119 }
1098 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending KEEPALIVE to `%s'\n", 1120 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1121 "Sending KEEPALIVE to `%s'\n",
1099 GNUNET_i2s (&kx->peer)); 1122 GNUNET_i2s (&kx->peer));
1100 GNUNET_STATISTICS_update (GSC_stats, 1123 GNUNET_STATISTICS_update (GSC_stats,
1101 gettext_noop ("# keepalive messages sent"), 1, 1124 gettext_noop ("# keepalive messages sent"),
1125 1,
1102 GNUNET_NO); 1126 GNUNET_NO);
1103 setup_fresh_ping (kx); 1127 setup_fresh_ping (kx);
1104 GSC_NEIGHBOURS_transmit (&kx->peer, 1128 GSC_NEIGHBOURS_transmit (&kx->peer,
@@ -1108,7 +1132,9 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
1108 GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2), 1132 GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2),
1109 MIN_PING_FREQUENCY); 1133 MIN_PING_FREQUENCY);
1110 kx->keep_alive_task = 1134 kx->keep_alive_task =
1111 GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx); 1135 GNUNET_SCHEDULER_add_delayed (retry,
1136 &send_keep_alive,
1137 kx);
1112} 1138}
1113 1139
1114 1140