diff options
author | Christian Grothoff <christian@grothoff.org> | 2018-06-04 19:24:00 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2018-06-04 19:24:00 +0200 |
commit | d7aa2a805cea33cb1b37c2bb65be1fd4cf367d21 (patch) | |
tree | 128dabbed44cf17fd5a464a741a7452fa41422d4 /src/core | |
parent | b670eec1c0ea387ae31b52dd0d51c1422949a55c (diff) | |
download | gnunet-d7aa2a805cea33cb1b37c2bb65be1fd4cf367d21.tar.gz gnunet-d7aa2a805cea33cb1b37c2bb65be1fd4cf367d21.zip |
use DEBUG_KX for new core log messages
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 53 |
1 files changed, 42 insertions, 11 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index c29e46997..21f1308f7 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -34,6 +34,10 @@ | |||
34 | #include "gnunet_protocols.h" | 34 | #include "gnunet_protocols.h" |
35 | #include "core.h" | 35 | #include "core.h" |
36 | 36 | ||
37 | /** | ||
38 | * Enable expensive (and possibly problematic for privacy!) logging of KX. | ||
39 | */ | ||
40 | #define DEBUG_KX 0 | ||
37 | 41 | ||
38 | /** | 42 | /** |
39 | * How long do we wait for SET_KEY confirmation initially? | 43 | * How long do we wait for SET_KEY confirmation initially? |
@@ -447,13 +451,17 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, | |||
447 | uint32_t seed) | 451 | uint32_t seed) |
448 | { | 452 | { |
449 | static const char ctx[] = "authentication key"; | 453 | static const char ctx[] = "authentication key"; |
450 | 454 | #if DEBUG_KX | |
451 | struct GNUNET_HashCode sh; | 455 | struct GNUNET_HashCode sh; |
452 | GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); | 456 | |
457 | GNUNET_CRYPTO_hash (skey, | ||
458 | sizeof (*skey), | ||
459 | &sh); | ||
453 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 460 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
454 | "Deriving Auth key from SKEY %s and seed %u\n", | 461 | "Deriving Auth key from SKEY %s and seed %u\n", |
455 | GNUNET_h2s (&sh), | 462 | GNUNET_h2s (&sh), |
456 | (unsigned int) seed); | 463 | (unsigned int) seed); |
464 | #endif | ||
457 | GNUNET_CRYPTO_hmac_derive_key (akey, | 465 | GNUNET_CRYPTO_hmac_derive_key (akey, |
458 | skey, | 466 | skey, |
459 | &seed, sizeof (seed), | 467 | &seed, sizeof (seed), |
@@ -478,14 +486,18 @@ derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
478 | const struct GNUNET_PeerIdentity *identity) | 486 | const struct GNUNET_PeerIdentity *identity) |
479 | { | 487 | { |
480 | static const char ctx[] = "initialization vector"; | 488 | static const char ctx[] = "initialization vector"; |
481 | 489 | #if DEBUG_KX | |
482 | struct GNUNET_HashCode sh; | 490 | struct GNUNET_HashCode sh; |
483 | GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); | 491 | |
492 | GNUNET_CRYPTO_hash (skey, | ||
493 | sizeof (*skey), | ||
494 | &sh); | ||
484 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 495 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
485 | "Deriving IV from SKEY %s and seed %u for peer %s\n", | 496 | "Deriving IV from SKEY %s and seed %u for peer %s\n", |
486 | GNUNET_h2s (&sh), | 497 | GNUNET_h2s (&sh), |
487 | (unsigned int) seed, | 498 | (unsigned int) seed, |
488 | GNUNET_i2s (identity)); | 499 | GNUNET_i2s (identity)); |
500 | #endif | ||
489 | GNUNET_CRYPTO_symmetric_derive_iv (iv, | 501 | GNUNET_CRYPTO_symmetric_derive_iv (iv, |
490 | skey, | 502 | skey, |
491 | &seed, sizeof (seed), | 503 | &seed, sizeof (seed), |
@@ -512,15 +524,19 @@ derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
512 | const struct GNUNET_PeerIdentity *identity) | 524 | const struct GNUNET_PeerIdentity *identity) |
513 | { | 525 | { |
514 | static const char ctx[] = "pong initialization vector"; | 526 | static const char ctx[] = "pong initialization vector"; |
515 | 527 | #if DEBUG_KX | |
516 | struct GNUNET_HashCode sh; | 528 | struct GNUNET_HashCode sh; |
517 | GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); | 529 | |
530 | GNUNET_CRYPTO_hash (skey, | ||
531 | sizeof (*skey), | ||
532 | &sh); | ||
518 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 533 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
519 | "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n", | 534 | "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n", |
520 | GNUNET_h2s (&sh), | 535 | GNUNET_h2s (&sh), |
521 | (unsigned int) seed, | 536 | (unsigned int) seed, |
522 | (unsigned int) challenge, | 537 | (unsigned int) challenge, |
523 | GNUNET_i2s (identity)); | 538 | GNUNET_i2s (identity)); |
539 | #endif | ||
524 | GNUNET_CRYPTO_symmetric_derive_iv (iv, | 540 | GNUNET_CRYPTO_symmetric_derive_iv (iv, |
525 | skey, | 541 | skey, |
526 | &seed, sizeof (seed), | 542 | &seed, sizeof (seed), |
@@ -547,14 +563,18 @@ derive_aes_key (const struct GNUNET_PeerIdentity *sender, | |||
547 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | 563 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) |
548 | { | 564 | { |
549 | static const char ctx[] = "aes key generation vector"; | 565 | static const char ctx[] = "aes key generation vector"; |
550 | 566 | #if DEBUG_KX | |
551 | struct GNUNET_HashCode sh; | 567 | struct GNUNET_HashCode sh; |
552 | GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); | 568 | |
569 | GNUNET_CRYPTO_hash (skey, | ||
570 | sizeof (*skey), | ||
571 | &sh); | ||
553 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 572 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
554 | "Deriving AES Keys for %s to %s from %s\n", | 573 | "Deriving AES Keys for %s to %s from %s\n", |
555 | GNUNET_i2s (sender), | 574 | GNUNET_i2s (sender), |
556 | GNUNET_i2s2 (receiver), | 575 | GNUNET_i2s2 (receiver), |
557 | GNUNET_h2s (key_material)); | 576 | GNUNET_h2s (key_material)); |
577 | #endif | ||
558 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | 578 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), |
559 | ctx, sizeof (ctx), | 579 | ctx, sizeof (ctx), |
560 | key_material, sizeof (struct GNUNET_HashCode), | 580 | key_material, sizeof (struct GNUNET_HashCode), |
@@ -599,7 +619,7 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx, | |||
599 | GNUNET_NO); | 619 | GNUNET_NO); |
600 | /* the following is too sensitive to write to log files by accident, | 620 | /* the following is too sensitive to write to log files by accident, |
601 | so we require manual intervention to get this one... */ | 621 | so we require manual intervention to get this one... */ |
602 | #if 0 | 622 | #if DEBUG_KX |
603 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 623 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
604 | "Encrypted %u bytes for `%s' using key %u, IV %u\n", | 624 | "Encrypted %u bytes for `%s' using key %u, IV %u\n", |
605 | (unsigned int) size, | 625 | (unsigned int) size, |
@@ -659,7 +679,7 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx, | |||
659 | GNUNET_NO); | 679 | GNUNET_NO); |
660 | /* the following is too sensitive to write to log files by accident, | 680 | /* the following is too sensitive to write to log files by accident, |
661 | so we require manual intervention to get this one... */ | 681 | so we require manual intervention to get this one... */ |
662 | #if 0 | 682 | #if DEBUG_KX |
663 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 683 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
664 | "Decrypted %u bytes from `%s' using key %u, IV %u\n", | 684 | "Decrypted %u bytes from `%s' using key %u, IV %u\n", |
665 | (unsigned int) size, | 685 | (unsigned int) size, |
@@ -1042,6 +1062,7 @@ handle_ephemeral_key (void *cls, | |||
1042 | GNUNET_NO); | 1062 | GNUNET_NO); |
1043 | return; | 1063 | return; |
1044 | } | 1064 | } |
1065 | #if DEBUG_KX | ||
1045 | { | 1066 | { |
1046 | struct GNUNET_HashCode eh; | 1067 | struct GNUNET_HashCode eh; |
1047 | 1068 | ||
@@ -1054,6 +1075,7 @@ handle_ephemeral_key (void *cls, | |||
1054 | GNUNET_i2s (kx->peer), | 1075 | GNUNET_i2s (kx->peer), |
1055 | kx->status); | 1076 | kx->status); |
1056 | } | 1077 | } |
1078 | #endif | ||
1057 | GNUNET_STATISTICS_update (GSC_stats, | 1079 | GNUNET_STATISTICS_update (GSC_stats, |
1058 | gettext_noop ("# valid ephemeral keys received"), | 1080 | gettext_noop ("# valid ephemeral keys received"), |
1059 | 1, | 1081 | 1, |
@@ -1460,6 +1482,7 @@ send_key (struct GSC_KeyExchangeInfo *kx) | |||
1460 | kx->retry_set_key_task = NULL; | 1482 | kx->retry_set_key_task = NULL; |
1461 | } | 1483 | } |
1462 | /* always update sender status in SET KEY message */ | 1484 | /* always update sender status in SET KEY message */ |
1485 | #if DEBUG_KX | ||
1463 | { | 1486 | { |
1464 | struct GNUNET_HashCode hc; | 1487 | struct GNUNET_HashCode hc; |
1465 | 1488 | ||
@@ -1472,6 +1495,7 @@ send_key (struct GSC_KeyExchangeInfo *kx) | |||
1472 | GNUNET_i2s (kx->peer), | 1495 | GNUNET_i2s (kx->peer), |
1473 | kx->status); | 1496 | kx->status); |
1474 | } | 1497 | } |
1498 | #endif | ||
1475 | current_ekm.sender_status = htonl ((int32_t) (kx->status)); | 1499 | current_ekm.sender_status = htonl ((int32_t) (kx->status)); |
1476 | env = GNUNET_MQ_msg_copy (¤t_ekm.header); | 1500 | env = GNUNET_MQ_msg_copy (¤t_ekm.header); |
1477 | GNUNET_MQ_send (kx->mq, | 1501 | GNUNET_MQ_send (kx->mq, |
@@ -1527,6 +1551,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1527 | &ph->sequence_number, | 1551 | &ph->sequence_number, |
1528 | &em->sequence_number, | 1552 | &em->sequence_number, |
1529 | used - ENCRYPTED_HEADER_SIZE)); | 1553 | used - ENCRYPTED_HEADER_SIZE)); |
1554 | #if DEBUG_KX | ||
1530 | { | 1555 | { |
1531 | struct GNUNET_HashCode hc; | 1556 | struct GNUNET_HashCode hc; |
1532 | 1557 | ||
@@ -1539,6 +1564,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1539 | (unsigned int) (used - ENCRYPTED_HEADER_SIZE), | 1564 | (unsigned int) (used - ENCRYPTED_HEADER_SIZE), |
1540 | GNUNET_i2s (kx->peer)); | 1565 | GNUNET_i2s (kx->peer)); |
1541 | } | 1566 | } |
1567 | #endif | ||
1542 | derive_auth_key (&auth_key, | 1568 | derive_auth_key (&auth_key, |
1543 | &kx->encrypt_key, | 1569 | &kx->encrypt_key, |
1544 | ph->iv_seed); | 1570 | ph->iv_seed); |
@@ -1546,6 +1572,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1546 | &em->sequence_number, | 1572 | &em->sequence_number, |
1547 | used - ENCRYPTED_HEADER_SIZE, | 1573 | used - ENCRYPTED_HEADER_SIZE, |
1548 | &em->hmac); | 1574 | &em->hmac); |
1575 | #if DEBUG_KX | ||
1549 | { | 1576 | { |
1550 | struct GNUNET_HashCode hc; | 1577 | struct GNUNET_HashCode hc; |
1551 | 1578 | ||
@@ -1558,6 +1585,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1558 | GNUNET_h2s (&hc), | 1585 | GNUNET_h2s (&hc), |
1559 | GNUNET_h2s2 (&em->hmac)); | 1586 | GNUNET_h2s2 (&em->hmac)); |
1560 | } | 1587 | } |
1588 | #endif | ||
1561 | kx->has_excess_bandwidth = GNUNET_NO; | 1589 | kx->has_excess_bandwidth = GNUNET_NO; |
1562 | GNUNET_MQ_send (kx->mq, | 1590 | GNUNET_MQ_send (kx->mq, |
1563 | env); | 1591 | env); |
@@ -1637,6 +1665,7 @@ handle_encrypted (void *cls, | |||
1637 | } | 1665 | } |
1638 | 1666 | ||
1639 | /* validate hash */ | 1667 | /* validate hash */ |
1668 | #if DEBUG_KX | ||
1640 | { | 1669 | { |
1641 | struct GNUNET_HashCode hc; | 1670 | struct GNUNET_HashCode hc; |
1642 | 1671 | ||
@@ -1649,7 +1678,7 @@ handle_encrypted (void *cls, | |||
1649 | (unsigned int) (size - ENCRYPTED_HEADER_SIZE), | 1678 | (unsigned int) (size - ENCRYPTED_HEADER_SIZE), |
1650 | GNUNET_i2s (kx->peer)); | 1679 | GNUNET_i2s (kx->peer)); |
1651 | } | 1680 | } |
1652 | 1681 | #endif | |
1653 | derive_auth_key (&auth_key, | 1682 | derive_auth_key (&auth_key, |
1654 | &kx->decrypt_key, | 1683 | &kx->decrypt_key, |
1655 | m->iv_seed); | 1684 | m->iv_seed); |
@@ -1657,6 +1686,7 @@ handle_encrypted (void *cls, | |||
1657 | &m->sequence_number, | 1686 | &m->sequence_number, |
1658 | size - ENCRYPTED_HEADER_SIZE, | 1687 | size - ENCRYPTED_HEADER_SIZE, |
1659 | &ph); | 1688 | &ph); |
1689 | #if DEBUG_KX | ||
1660 | { | 1690 | { |
1661 | struct GNUNET_HashCode hc; | 1691 | struct GNUNET_HashCode hc; |
1662 | 1692 | ||
@@ -1669,6 +1699,7 @@ handle_encrypted (void *cls, | |||
1669 | GNUNET_h2s (&hc), | 1699 | GNUNET_h2s (&hc), |
1670 | GNUNET_h2s2 (&m->hmac)); | 1700 | GNUNET_h2s2 (&m->hmac)); |
1671 | } | 1701 | } |
1702 | #endif | ||
1672 | if (0 != memcmp (&ph, | 1703 | if (0 != memcmp (&ph, |
1673 | &m->hmac, | 1704 | &m->hmac, |
1674 | sizeof (struct GNUNET_HashCode))) | 1705 | sizeof (struct GNUNET_HashCode))) |