TNG: Update UDP communicator structs to hide more metadata.

author: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-28 17:50:10 +0200
committer: Martin Schanzenbach <schanzen@gnunet.org> 2023-07-28 17:50:10 +0200
commit: 9ff4a49c0c72c11218180f83930b3879e5022207 (patch)
tree: 24d3d7be2b6291fdcceb49ba7c98f33034e8ed09 /src/transport/gnunet-communicator-udp.c
parent: 526a111bd9dc0c83def348ebed63d527b7bbb4f4 (diff)
download: gnunet-9ff4a49c0c72c11218180f83930b3879e5022207.tar.gz
gnunet-9ff4a49c0c72c11218180f83930b3879e5022207.zip
1 files changed, 59 insertions, 71 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index 1d80b5abc..c100194af 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -208,10 +208,6 @@ struct InitialKX
   */
  uint8_t gcm_tag[GCM_TAG_SIZE];
-  /**
-   * A flag indicating, if the sender is doing rekeying.
-   */
-  uint16_t rekeying;
 };
@@ -345,10 +341,6 @@ struct UDPBox
   */
  uint8_t gcm_tag[GCM_TAG_SIZE];
-  /**
-   * A flag indicating, if the sender is doing rekeying.
-   */
-  uint16_t rekeying;
 };
 /**
@@ -375,10 +367,6 @@ struct UDPRekey
   */
  uint8_t gcm_tag[GCM_TAG_SIZE];
-  /**
-   * Sender's identity
-   */
-  struct GNUNET_PeerIdentity sender;
 };
 GNUNET_NETWORK_STRUCT_END
@@ -1677,40 +1665,56 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
 * @param sender peer to process inbound plaintext for
 * @param buf buffer we received
 * @param buf_size number of bytes in @a buf
+ * @return rekey_indication GNUNET_YES if a rekey is signalled
 */
-static void
+static uint16_t
 try_handle_plaintext (struct SenderAddress *sender,
                      const void *buf,
                      size_t buf_size)
 {
-  const struct GNUNET_MessageHeader *hdr =
+  const struct GNUNET_MessageHeader *hdr;
-    (const struct GNUNET_MessageHeader *) buf;
+  const struct UDPAck *ack;
-  const struct UDPAck *ack = (const struct UDPAck *) buf;
+  const char *buf_pos = buf;
+  size_t bytes_remaining = buf_size;
  uint16_t type;
+  uint16_t rekey;
+  if (sizeof (uint16_t) > buf_size)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Plaintext too short, dropping...\n");
+    rekey = ntohs (*(uint16_t*) buf);
+    return GNUNET_NO;
+  }
+  bytes_remaining -= sizeof (uint16_t);
+  buf_pos += sizeof (uint16_t);
+  hdr = (struct GNUNET_MessageHeader*) buf_pos;
+  if (sizeof(*hdr) > bytes_remaining)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Plaintext too short, dropping...\n");
+    return rekey; /* no data left */
+  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "try_handle_plaintext of size %lu (%u %lu) and type %u\n",
-              buf_size,
+              bytes_remaining,
              ntohs (hdr->size),
              sizeof(*hdr),
              ntohs (hdr->type));
-  if (sizeof(*hdr) > buf_size)
+  if (ntohs (hdr->size) > bytes_remaining)
-    return; /* not even a header */
+    return GNUNET_NO; /* buffer too short for indicated message length */
-  if (ntohs (hdr->size) > buf_size)
-    return; /* not even a header */
  type = ntohs (hdr->type);
  switch (type)
  {
  case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:
    /* lookup master secret by 'cmac', then update sequence_max */
+    ack = (struct UDPAck*) buf_pos;
    GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
                                                &sender->target,
                                                &handle_ack,
                                                (void *) ack);
    /* There could be more messages after the ACK, handle those as well */
-    buf += ntohs (hdr->size);
+    buf_pos += ntohs (hdr->size);
-    buf_size -= ntohs (hdr->size);
+    bytes_remaining -= ntohs (hdr->size);
-    pass_plaintext_to_core (sender, buf, buf_size);
+    pass_plaintext_to_core (sender, buf_pos, bytes_remaining);
    break;
  case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD:
@@ -1718,8 +1722,9 @@ try_handle_plaintext (struct SenderAddress *sender,
    break;
  default:
-    pass_plaintext_to_core (sender, buf, buf_size);
+    pass_plaintext_to_core (sender, buf_pos, bytes_remaining);
  }
+  return rekey;
 }
@@ -1911,6 +1916,7 @@ decrypt_box (const struct UDPBox *box,
 {
  struct SharedSecret *ss = kce->ss;
  char out_buf[box_len - sizeof(*box)];
+  uint16_t rekeying;
  GNUNET_assert (NULL != ss->sender);
  if (GNUNET_OK != try_decrypt (ss,
@@ -1939,8 +1945,8 @@ decrypt_box (const struct UDPBox *box,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "decrypted UDPBox with kid %s\n",
              GNUNET_sh2s (&box->kid));
-  try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));
+  rekeying = try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));
-  if ((GNUNET_NO == box->rekeying) && (GNUNET_YES == ss->sender->rekeying))
+  if ((GNUNET_NO == rekeying) && (GNUNET_YES == ss->sender->rekeying))
  {
    ss->sender->rekeying = GNUNET_NO;
    ss->sender->ss_rekey = NULL;
@@ -1966,19 +1972,19 @@ decrypt_box (const struct UDPBox *box,
 static void
 decrypt_rekey (const struct UDPRekey *rekey,
               size_t rekey_len,
-               struct KeyCacheEntry *kce,
+               struct KeyCacheEntry *kce)
-               struct SenderAddress *sender)
 {
  struct SharedSecret *ss = kce->ss;
  struct SharedSecret *ss_rekey;
  char out_buf[rekey_len - sizeof(*rekey)];
  struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_pubkey;
+  struct SenderAddress *sender;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "decrypt_rekey.\n");
  GNUNET_assert (NULL != ss->sender);
+  sender = ss->sender;
  if (GNUNET_OK != try_decrypt (ss,
                                rekey->gcm_tag,
                                kce->sequence_number,
@@ -2239,34 +2245,17 @@ sock_read (void *cls)
      const struct UDPRekey *rekey;
      const struct UDPBox *box;
      struct KeyCacheEntry *kce;
-      struct SenderAddress *sender;
      int do_decrypt = GNUNET_NO;
      rekey = (const struct UDPRekey *) buf;
-      box = (const struct UDPBox *) buf;
      kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);
-      if ((GNUNET_YES == box->rekeying) || (GNUNET_NO == box->rekeying))
+      if ((NULL != kce) && (GNUNET_YES == kce->ss->sender->rekeying))
-        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                    "UDPRekey has rekeying %u\n",
-                    box->rekeying);
-      else
-        do_decrypt = GNUNET_YES;
-      if ((GNUNET_YES == do_decrypt) && (NULL != kce) && (GNUNET_YES ==
-                                                          kce->ss->sender->
-                                                          rekeying))
      {
        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                    "UDPRekey with kid %s\n",
                    GNUNET_sh2s (&rekey->kid));
-        sender = setup_sender (&rekey->sender, (const struct sockaddr *) &sa,
+        decrypt_rekey (rekey, (size_t) rcvd, kce);
-                               salen);
-        if (NULL != sender->ss_rekey)
-          return;
-        decrypt_rekey (rekey, (size_t) rcvd, kce, sender);
        return;
      }
    }
@@ -2372,6 +2361,7 @@ sock_read (void *cls)
      char pbuf[rcvd - sizeof(struct InitialKX)];
      const struct UDPConfirmation *uc;
      struct SenderAddress *sender;
+      uint16_t rekeying;
      kx = (const struct InitialKX *) buf;
      ss = setup_shared_secret_dec (&kx->ephemeral);
@@ -2422,8 +2412,9 @@ sock_read (void *cls)
                                "# messages decrypted without BOX",
                                1,
                                GNUNET_NO);
-      try_handle_plaintext (sender, &uc[1], sizeof(pbuf) - sizeof(*uc));
+      rekeying = try_handle_plaintext (sender, &uc[1], sizeof(pbuf)
-      if ((GNUNET_NO == kx->rekeying) && (GNUNET_YES == ss->sender->rekeying))
+                                       - sizeof(*uc));
+      if ((GNUNET_NO == rekeying) && (GNUNET_YES == ss->sender->rekeying))
      {
        ss->sender->rekeying = GNUNET_NO;
        sender->ss_rekey = NULL;
@@ -2431,7 +2422,7 @@ sock_read (void *cls)
        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                    "Receiver stopped rekeying.\n");
      }
-      else if (GNUNET_NO == kx->rekeying)
+      else if (GNUNET_NO == rekeying)
        consider_ss_ack (ss, GNUNET_YES);
      else
      {
@@ -2627,6 +2618,7 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
  char dgram[receiver->kx_mtu + sizeof(uc) + sizeof(kx)];
  size_t dpos;
  gcry_cipher_hd_t out_cipher;
+  uint16_t rekey_nbo;
  struct SharedSecret *ss;
  GNUNET_assert (mq == receiver->kx_mq);
@@ -2671,6 +2663,13 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
                                           &uc,
                                           sizeof(uc)));
  dpos += sizeof(uc);
+  rekey_nbo = htons (receiver->rekeying);
+  GNUNET_assert (0 == gcry_cipher_encrypt (out_cipher,
+                                           &dgram[dpos],
+                                           sizeof (uint16_t),
+                                           &rekey_nbo,
+                                           sizeof(uint16_t)));
+  dpos += sizeof (uint16_t);
  /* Append encrypted payload to dgram */
  GNUNET_assert (
    0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
@@ -2681,10 +2680,6 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
  GNUNET_assert (
    0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
  gcry_cipher_close (out_cipher);
-  if (GNUNET_NO == receiver->rekeying)
-    kx.rekeying = GNUNET_NO;
-  else
-    kx.rekeying = GNUNET_YES;
  memcpy (dgram, &kx, sizeof(kx));
  if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
                                          dgram,
@@ -2702,7 +2697,7 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
 static void
-check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
+check_for_rekeying (struct ReceiverAddress *receiver)
 {
  struct GNUNET_TIME_Relative rt;
@@ -2742,13 +2737,6 @@ check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
      // destroy_all_secrets (ss, GNUNET_NO);
      receiver->rekeying = GNUNET_YES;
      receiver->rekey_acks_available = receiver->acks_available;
-      box->rekeying = GNUNET_YES;
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Sender started rekeying.\n");
-      if (GNUNET_YES == box->rekeying)
-        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                    "Sending rekeying with kid %s\n",
-                    GNUNET_sh2s (&box->kid));
    }
  }
 }
@@ -2809,7 +2797,6 @@ send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
    if (NULL != ss)
    {
      rekey = (struct UDPRekey *) rekey_dgram;
-      rekey->sender = my_identity;
      ss->sequence_used++;
      get_kid (&ss->master, ss->sequence_used, &rekey->kid);
      receiver->number_rekeying_kce--;
@@ -2909,6 +2896,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
    struct UDPBox *box;
    gcry_cipher_hd_t out_cipher;
    size_t dpos;
+    uint16_t rekey_nbo;
    box = (struct UDPBox *) dgram;
    ss->sequence_used++;
@@ -2916,6 +2904,11 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
    setup_cipher (&ss->master, ss->sequence_used, &out_cipher);
    /* Append encrypted payload to dgram */
    dpos = sizeof(struct UDPBox);
+    rekey_nbo = htons (receiver->rekeying);
+    GNUNET_assert (
+      0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], sizeof (uint16_t),
+                                &rekey_nbo, sizeof (uint16_t)));
+    dpos += sizeof (uint16_t);
    GNUNET_assert (
      0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
    dpos += msize;
@@ -2927,11 +2920,6 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
    receiver->rekey_send_bytes += sizeof(struct UDPBox) + receiver->d_mtu;
-    if (GNUNET_NO == receiver->rekeying)
-      box->rekeying = GNUNET_NO;
-    else
-      box->rekeying = GNUNET_YES;
    if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
                                            dgram,
                                            sizeof(dgram),
@@ -2947,7 +2935,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "%u receiver->acks_available 2\n",
                receiver->acks_available);
-    check_for_rekeying (receiver, box);
+    check_for_rekeying (receiver);
    if (0 == receiver->acks_available - receiver->number_rekeying_kce)
    {
      /* We have no more ACKs */
author	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-28 17:50:10 +0200
committer	Martin Schanzenbach <schanzen@gnunet.org>	2023-07-28 17:50:10 +0200
commit	9ff4a49c0c72c11218180f83930b3879e5022207 (patch)
tree	24d3d7be2b6291fdcceb49ba7c98f33034e8ed09 /src/transport/gnunet-communicator-udp.c
parent	526a111bd9dc0c83def348ebed63d527b7bbb4f4 (diff)
download	gnunet-9ff4a49c0c72c11218180f83930b3879e5022207.tar.gz gnunet-9ff4a49c0c72c11218180f83930b3879e5022207.zip

diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index 1d80b5abc..c100194af 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c
@@ -208,10 +208,6 @@ struct InitialKX
208	*/	208	*/
209	uint8_t gcm_tag[GCM_TAG_SIZE];	209	uint8_t gcm_tag[GCM_TAG_SIZE];
210		210
211	/**
212	* A flag indicating, if the sender is doing rekeying.
213	*/
214	uint16_t rekeying;
215	};	211	};
216		212
217		213
@@ -345,10 +341,6 @@ struct UDPBox
345	*/	341	*/
346	uint8_t gcm_tag[GCM_TAG_SIZE];	342	uint8_t gcm_tag[GCM_TAG_SIZE];
347		343
348	/**
349	* A flag indicating, if the sender is doing rekeying.
350	*/
351	uint16_t rekeying;
352	};	344	};
353		345
354	/**	346	/**
@@ -375,10 +367,6 @@ struct UDPRekey
375	*/	367	*/
376	uint8_t gcm_tag[GCM_TAG_SIZE];	368	uint8_t gcm_tag[GCM_TAG_SIZE];
377		369
378	/**
379	* Sender's identity
380	*/
381	struct GNUNET_PeerIdentity sender;
382	};	370	};
383		371
384	GNUNET_NETWORK_STRUCT_END	372	GNUNET_NETWORK_STRUCT_END
@@ -1677,40 +1665,56 @@ handle_ack (void cls, const struct GNUNET_PeerIdentity pid, void *value)
1677	* @param sender peer to process inbound plaintext for	1665	* @param sender peer to process inbound plaintext for
1678	* @param buf buffer we received	1666	* @param buf buffer we received
1679	* @param buf_size number of bytes in @a buf	1667	* @param buf_size number of bytes in @a buf
		1668	* @return rekey_indication GNUNET_YES if a rekey is signalled
1680	*/	1669	*/
1681	static void	1670	static uint16_t
1682	try_handle_plaintext (struct SenderAddress *sender,	1671	try_handle_plaintext (struct SenderAddress *sender,
1683	const void *buf,	1672	const void *buf,
1684	size_t buf_size)	1673	size_t buf_size)
1685	{	1674	{
1686	const struct GNUNET_MessageHeader *hdr =	1675	const struct GNUNET_MessageHeader *hdr;
1687	(const struct GNUNET_MessageHeader *) buf;	1676	const struct UDPAck *ack;
1688	const struct UDPAck ack = (const struct UDPAck ) buf;	1677	const char *buf_pos = buf;
		1678	size_t bytes_remaining = buf_size;
1689	uint16_t type;	1679	uint16_t type;
		1680	uint16_t rekey;
1690		1681
		1682	if (sizeof (uint16_t) > buf_size)
		1683	{
		1684	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Plaintext too short, dropping...\n");
		1685	rekey = ntohs ((uint16_t) buf);
		1686	return GNUNET_NO;
		1687	}
		1688	bytes_remaining -= sizeof (uint16_t);
		1689	buf_pos += sizeof (uint16_t);
		1690	hdr = (struct GNUNET_MessageHeader*) buf_pos;
		1691	if (sizeof(*hdr) > bytes_remaining)
		1692	{
		1693	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Plaintext too short, dropping...\n");
		1694	return rekey; /* no data left */
		1695	}
1691	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1696	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1692	"try_handle_plaintext of size %lu (%u %lu) and type %u\n",	1697	"try_handle_plaintext of size %lu (%u %lu) and type %u\n",
1693	buf_size,	1698	bytes_remaining,
1694	ntohs (hdr->size),	1699	ntohs (hdr->size),
1695	sizeof(*hdr),	1700	sizeof(*hdr),
1696	ntohs (hdr->type));	1701	ntohs (hdr->type));
1697	if (sizeof(*hdr) > buf_size)	1702	if (ntohs (hdr->size) > bytes_remaining)
1698	return; /* not even a header */	1703	return GNUNET_NO; /* buffer too short for indicated message length */
1699	if (ntohs (hdr->size) > buf_size)
1700	return; /* not even a header */
1701	type = ntohs (hdr->type);	1704	type = ntohs (hdr->type);
1702	switch (type)	1705	switch (type)
1703	{	1706	{
1704	case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:	1707	case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:
1705	/* lookup master secret by 'cmac', then update sequence_max */	1708	/* lookup master secret by 'cmac', then update sequence_max */
		1709	ack = (struct UDPAck*) buf_pos;
1706	GNUNET_CONTAINER_multipeermap_get_multiple (receivers,	1710	GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
1707	&sender->target,	1711	&sender->target,
1708	&handle_ack,	1712	&handle_ack,
1709	(void *) ack);	1713	(void *) ack);
1710	/* There could be more messages after the ACK, handle those as well */	1714	/* There could be more messages after the ACK, handle those as well */
1711	buf += ntohs (hdr->size);	1715	buf_pos += ntohs (hdr->size);
1712	buf_size -= ntohs (hdr->size);	1716	bytes_remaining -= ntohs (hdr->size);
1713	pass_plaintext_to_core (sender, buf, buf_size);	1717	pass_plaintext_to_core (sender, buf_pos, bytes_remaining);
1714	break;	1718	break;
1715		1719
1716	case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD:	1720	case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD:
@@ -1718,8 +1722,9 @@ try_handle_plaintext (struct SenderAddress *sender,
1718	break;	1722	break;
1719		1723
1720	default:	1724	default:
1721	pass_plaintext_to_core (sender, buf, buf_size);	1725	pass_plaintext_to_core (sender, buf_pos, bytes_remaining);
1722	}	1726	}
		1727	return rekey;
1723	}	1728	}
1724		1729
1725		1730
@@ -1911,6 +1916,7 @@ decrypt_box (const struct UDPBox *box,
1911	{	1916	{
1912	struct SharedSecret *ss = kce->ss;	1917	struct SharedSecret *ss = kce->ss;
1913	char out_buf[box_len - sizeof(*box)];	1918	char out_buf[box_len - sizeof(*box)];
		1919	uint16_t rekeying;
1914		1920
1915	GNUNET_assert (NULL != ss->sender);	1921	GNUNET_assert (NULL != ss->sender);
1916	if (GNUNET_OK != try_decrypt (ss,	1922	if (GNUNET_OK != try_decrypt (ss,
@@ -1939,8 +1945,8 @@ decrypt_box (const struct UDPBox *box,
1939	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1945	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1940	"decrypted UDPBox with kid %s\n",	1946	"decrypted UDPBox with kid %s\n",
1941	GNUNET_sh2s (&box->kid));	1947	GNUNET_sh2s (&box->kid));
1942	try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));	1948	rekeying = try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));
1943	if ((GNUNET_NO == box->rekeying) && (GNUNET_YES == ss->sender->rekeying))	1949	if ((GNUNET_NO == rekeying) && (GNUNET_YES == ss->sender->rekeying))
1944	{	1950	{
1945	ss->sender->rekeying = GNUNET_NO;	1951	ss->sender->rekeying = GNUNET_NO;
1946	ss->sender->ss_rekey = NULL;	1952	ss->sender->ss_rekey = NULL;
@@ -1966,19 +1972,19 @@ decrypt_box (const struct UDPBox *box,
1966	static void	1972	static void
1967	decrypt_rekey (const struct UDPRekey *rekey,	1973	decrypt_rekey (const struct UDPRekey *rekey,
1968	size_t rekey_len,	1974	size_t rekey_len,
1969	struct KeyCacheEntry *kce,	1975	struct KeyCacheEntry *kce)
1970	struct SenderAddress *sender)
1971	{	1976	{
1972	struct SharedSecret *ss = kce->ss;	1977	struct SharedSecret *ss = kce->ss;
1973	struct SharedSecret *ss_rekey;	1978	struct SharedSecret *ss_rekey;
1974	char out_buf[rekey_len - sizeof(*rekey)];	1979	char out_buf[rekey_len - sizeof(*rekey)];
1975	struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_pubkey;	1980	struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_pubkey;
1976		1981	struct SenderAddress *sender;
1977		1982
1978	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1983	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1979	"decrypt_rekey.\n");	1984	"decrypt_rekey.\n");
1980		1985
1981	GNUNET_assert (NULL != ss->sender);	1986	GNUNET_assert (NULL != ss->sender);
		1987	sender = ss->sender;
1982	if (GNUNET_OK != try_decrypt (ss,	1988	if (GNUNET_OK != try_decrypt (ss,
1983	rekey->gcm_tag,	1989	rekey->gcm_tag,
1984	kce->sequence_number,	1990	kce->sequence_number,
@@ -2239,34 +2245,17 @@ sock_read (void *cls)
2239	const struct UDPRekey *rekey;	2245	const struct UDPRekey *rekey;
2240	const struct UDPBox *box;	2246	const struct UDPBox *box;
2241	struct KeyCacheEntry *kce;	2247	struct KeyCacheEntry *kce;
2242	struct SenderAddress *sender;
2243	int do_decrypt = GNUNET_NO;	2248	int do_decrypt = GNUNET_NO;
2244		2249
2245	rekey = (const struct UDPRekey *) buf;	2250	rekey = (const struct UDPRekey *) buf;
2246	box = (const struct UDPBox *) buf;
2247	kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);	2251	kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);
2248		2252
2249	if ((GNUNET_YES == box->rekeying) \|\| (GNUNET_NO == box->rekeying))	2253	if ((NULL != kce) && (GNUNET_YES == kce->ss->sender->rekeying))
2250	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2251	"UDPRekey has rekeying %u\n",
2252	box->rekeying);
2253	else
2254	do_decrypt = GNUNET_YES;
2255
2256	if ((GNUNET_YES == do_decrypt) && (NULL != kce) && (GNUNET_YES ==
2257	kce->ss->sender->
2258	rekeying))
2259	{	2254	{
2260	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2255	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2261	"UDPRekey with kid %s\n",	2256	"UDPRekey with kid %s\n",
2262	GNUNET_sh2s (&rekey->kid));	2257	GNUNET_sh2s (&rekey->kid));
2263	sender = setup_sender (&rekey->sender, (const struct sockaddr *) &sa,	2258	decrypt_rekey (rekey, (size_t) rcvd, kce);
2264	salen);
2265
2266	if (NULL != sender->ss_rekey)
2267	return;
2268
2269	decrypt_rekey (rekey, (size_t) rcvd, kce, sender);
2270	return;	2259	return;
2271	}	2260	}
2272	}	2261	}
@@ -2372,6 +2361,7 @@ sock_read (void *cls)
2372	char pbuf[rcvd - sizeof(struct InitialKX)];	2361	char pbuf[rcvd - sizeof(struct InitialKX)];
2373	const struct UDPConfirmation *uc;	2362	const struct UDPConfirmation *uc;
2374	struct SenderAddress *sender;	2363	struct SenderAddress *sender;
		2364	uint16_t rekeying;
2375		2365
2376	kx = (const struct InitialKX *) buf;	2366	kx = (const struct InitialKX *) buf;
2377	ss = setup_shared_secret_dec (&kx->ephemeral);	2367	ss = setup_shared_secret_dec (&kx->ephemeral);
@@ -2422,8 +2412,9 @@ sock_read (void *cls)
2422	"# messages decrypted without BOX",	2412	"# messages decrypted without BOX",
2423	1,	2413	1,
2424	GNUNET_NO);	2414	GNUNET_NO);
2425	try_handle_plaintext (sender, &uc[1], sizeof(pbuf) - sizeof(*uc));	2415	rekeying = try_handle_plaintext (sender, &uc[1], sizeof(pbuf)
2426	if ((GNUNET_NO == kx->rekeying) && (GNUNET_YES == ss->sender->rekeying))	2416	- sizeof(*uc));
		2417	if ((GNUNET_NO == rekeying) && (GNUNET_YES == ss->sender->rekeying))
2427	{	2418	{
2428	ss->sender->rekeying = GNUNET_NO;	2419	ss->sender->rekeying = GNUNET_NO;
2429	sender->ss_rekey = NULL;	2420	sender->ss_rekey = NULL;
@@ -2431,7 +2422,7 @@ sock_read (void *cls)
2431	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2422	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2432	"Receiver stopped rekeying.\n");	2423	"Receiver stopped rekeying.\n");
2433	}	2424	}
2434	else if (GNUNET_NO == kx->rekeying)	2425	else if (GNUNET_NO == rekeying)
2435	consider_ss_ack (ss, GNUNET_YES);	2426	consider_ss_ack (ss, GNUNET_YES);
2436	else	2427	else
2437	{	2428	{
@@ -2627,6 +2618,7 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
2627	char dgram[receiver->kx_mtu + sizeof(uc) + sizeof(kx)];	2618	char dgram[receiver->kx_mtu + sizeof(uc) + sizeof(kx)];
2628	size_t dpos;	2619	size_t dpos;
2629	gcry_cipher_hd_t out_cipher;	2620	gcry_cipher_hd_t out_cipher;
		2621	uint16_t rekey_nbo;
2630	struct SharedSecret *ss;	2622	struct SharedSecret *ss;
2631		2623
2632	GNUNET_assert (mq == receiver->kx_mq);	2624	GNUNET_assert (mq == receiver->kx_mq);
@@ -2671,6 +2663,13 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
2671	&uc,	2663	&uc,
2672	sizeof(uc)));	2664	sizeof(uc)));
2673	dpos += sizeof(uc);	2665	dpos += sizeof(uc);
		2666	rekey_nbo = htons (receiver->rekeying);
		2667	GNUNET_assert (0 == gcry_cipher_encrypt (out_cipher,
		2668	&dgram[dpos],
		2669	sizeof (uint16_t),
		2670	&rekey_nbo,
		2671	sizeof(uint16_t)));
		2672	dpos += sizeof (uint16_t);
2674	/* Append encrypted payload to dgram */	2673	/* Append encrypted payload to dgram */
2675	GNUNET_assert (	2674	GNUNET_assert (
2676	0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));	2675	0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
@@ -2681,10 +2680,6 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
2681	GNUNET_assert (	2680	GNUNET_assert (
2682	0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));	2681	0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
2683	gcry_cipher_close (out_cipher);	2682	gcry_cipher_close (out_cipher);
2684	if (GNUNET_NO == receiver->rekeying)
2685	kx.rekeying = GNUNET_NO;
2686	else
2687	kx.rekeying = GNUNET_YES;
2688	memcpy (dgram, &kx, sizeof(kx));	2683	memcpy (dgram, &kx, sizeof(kx));
2689	if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,	2684	if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
2690	dgram,	2685	dgram,
@@ -2702,7 +2697,7 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
2702		2697
2703		2698
2704	static void	2699	static void
2705	check_for_rekeying (struct ReceiverAddress receiver, struct UDPBox box)	2700	check_for_rekeying (struct ReceiverAddress *receiver)
2706	{	2701	{
2707		2702
2708	struct GNUNET_TIME_Relative rt;	2703	struct GNUNET_TIME_Relative rt;
@@ -2742,13 +2737,6 @@ check_for_rekeying (struct ReceiverAddress receiver, struct UDPBox box)
2742	// destroy_all_secrets (ss, GNUNET_NO);	2737	// destroy_all_secrets (ss, GNUNET_NO);
2743	receiver->rekeying = GNUNET_YES;	2738	receiver->rekeying = GNUNET_YES;
2744	receiver->rekey_acks_available = receiver->acks_available;	2739	receiver->rekey_acks_available = receiver->acks_available;
2745	box->rekeying = GNUNET_YES;
2746	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2747	"Sender started rekeying.\n");
2748	if (GNUNET_YES == box->rekeying)
2749	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2750	"Sending rekeying with kid %s\n",
2751	GNUNET_sh2s (&box->kid));
2752	}	2740	}
2753	}	2741	}
2754	}	2742	}
@@ -2809,7 +2797,6 @@ send_UDPRekey (struct ReceiverAddress receiver, struct SharedSecret ss)
2809	if (NULL != ss)	2797	if (NULL != ss)
2810	{	2798	{
2811	rekey = (struct UDPRekey *) rekey_dgram;	2799	rekey = (struct UDPRekey *) rekey_dgram;
2812	rekey->sender = my_identity;
2813	ss->sequence_used++;	2800	ss->sequence_used++;
2814	get_kid (&ss->master, ss->sequence_used, &rekey->kid);	2801	get_kid (&ss->master, ss->sequence_used, &rekey->kid);
2815	receiver->number_rekeying_kce--;	2802	receiver->number_rekeying_kce--;
@@ -2909,6 +2896,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
2909	struct UDPBox *box;	2896	struct UDPBox *box;
2910	gcry_cipher_hd_t out_cipher;	2897	gcry_cipher_hd_t out_cipher;
2911	size_t dpos;	2898	size_t dpos;
		2899	uint16_t rekey_nbo;
2912		2900
2913	box = (struct UDPBox *) dgram;	2901	box = (struct UDPBox *) dgram;
2914	ss->sequence_used++;	2902	ss->sequence_used++;
@@ -2916,6 +2904,11 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
2916	setup_cipher (&ss->master, ss->sequence_used, &out_cipher);	2904	setup_cipher (&ss->master, ss->sequence_used, &out_cipher);
2917	/* Append encrypted payload to dgram */	2905	/* Append encrypted payload to dgram */
2918	dpos = sizeof(struct UDPBox);	2906	dpos = sizeof(struct UDPBox);
		2907	rekey_nbo = htons (receiver->rekeying);
		2908	GNUNET_assert (
		2909	0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], sizeof (uint16_t),
		2910	&rekey_nbo, sizeof (uint16_t)));
		2911	dpos += sizeof (uint16_t);
2919	GNUNET_assert (	2912	GNUNET_assert (
2920	0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));	2913	0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
2921	dpos += msize;	2914	dpos += msize;
@@ -2927,11 +2920,6 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
2927		2920
2928	receiver->rekey_send_bytes += sizeof(struct UDPBox) + receiver->d_mtu;	2921	receiver->rekey_send_bytes += sizeof(struct UDPBox) + receiver->d_mtu;
2929		2922
2930	if (GNUNET_NO == receiver->rekeying)
2931	box->rekeying = GNUNET_NO;
2932	else
2933	box->rekeying = GNUNET_YES;
2934
2935	if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,	2923	if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
2936	dgram,	2924	dgram,
2937	sizeof(dgram),	2925	sizeof(dgram),
@@ -2947,7 +2935,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
2947	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2935	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2948	"%u receiver->acks_available 2\n",	2936	"%u receiver->acks_available 2\n",
2949	receiver->acks_available);	2937	receiver->acks_available);
2950	check_for_rekeying (receiver, box);	2938	check_for_rekeying (receiver);
2951	if (0 == receiver->acks_available - receiver->number_rekeying_kce)	2939	if (0 == receiver->acks_available - receiver->number_rekeying_kce)
2952	{	2940	{
2953	/* We have no more ACKs */	2941	/* We have no more ACKs */