diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-30 16:20:24 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-30 16:20:24 +0200 |
commit | b96a52aaea0039b54fe711e24e0b44746457b438 (patch) | |
tree | 66aba716a1ffa80c64b7177c1d5cf36e99a02732 /src/transport/gnunet-communicator-udp.c | |
parent | 589b06c1bb7b8aeedde5db7b10ec4bc8778f8422 (diff) | |
download | gnunet-b96a52aaea0039b54fe711e24e0b44746457b438.tar.gz gnunet-b96a52aaea0039b54fe711e24e0b44746457b438.zip |
TNG: Make UDP communicator rekey work functionally.
Diffstat (limited to 'src/transport/gnunet-communicator-udp.c')
-rw-r--r-- | src/transport/gnunet-communicator-udp.c | 109 |
1 files changed, 19 insertions, 90 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index 2b014f890..9c2eddbdb 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c | |||
@@ -484,7 +484,10 @@ struct SharedSecret | |||
484 | */ | 484 | */ |
485 | int rekey_initiated; | 485 | int rekey_initiated; |
486 | 486 | ||
487 | 487 | /** | |
488 | * Also precompute keys despite sufficient acks (for rekey) | ||
489 | */ | ||
490 | int override_available_acks; | ||
488 | }; | 491 | }; |
489 | 492 | ||
490 | 493 | ||
@@ -1580,14 +1583,9 @@ kce_generate_cb (void *cls) | |||
1580 | "Precomputing %u keys for master %s\n", | 1583 | "Precomputing %u keys for master %s\n", |
1581 | GENERATE_AT_ONCE, | 1584 | GENERATE_AT_ONCE, |
1582 | GNUNET_h2s (&(ss->master))); | 1585 | GNUNET_h2s (&(ss->master))); |
1583 | if (KCN_TARGET < ss->sender->acks_available) | 1586 | if ((ss->override_available_acks != GNUNET_YES) && |
1584 | { | 1587 | (KCN_TARGET < ss->sender->acks_available)) |
1585 | ss->sender->kce_task = GNUNET_SCHEDULER_add_delayed ( | ||
1586 | WORKING_QUEUE_INTERVALL, | ||
1587 | kce_generate_cb, | ||
1588 | ss); | ||
1589 | return; | 1588 | return; |
1590 | } | ||
1591 | for (int i = 0; i < GENERATE_AT_ONCE; i++) | 1589 | for (int i = 0; i < GENERATE_AT_ONCE; i++) |
1592 | kce_generate (ss, ++ss->sequence_allowed); | 1590 | kce_generate (ss, ++ss->sequence_allowed); |
1593 | 1591 | ||
@@ -1606,6 +1604,7 @@ kce_generate_cb (void *cls) | |||
1606 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1604 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1607 | "We have enough keys (ACKs: %u).\n", ss->sender->acks_available); | 1605 | "We have enough keys (ACKs: %u).\n", ss->sender->acks_available); |
1608 | ss->sender->kce_task_finished = GNUNET_YES; | 1606 | ss->sender->kce_task_finished = GNUNET_YES; |
1607 | ss->override_available_acks = GNUNET_NO; | ||
1609 | if (ss->sender->kce_send_ack_on_finish == GNUNET_YES) | 1608 | if (ss->sender->kce_send_ack_on_finish == GNUNET_YES) |
1610 | consider_ss_ack (ss); | 1609 | consider_ss_ack (ss); |
1611 | } | 1610 | } |
@@ -1671,7 +1670,8 @@ try_handle_plaintext (struct SenderAddress *sender, | |||
1671 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1670 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1672 | "We have %u acks available.\n", | 1671 | "We have %u acks available.\n", |
1673 | ss_rekey->sender->acks_available); | 1672 | ss_rekey->sender->acks_available); |
1674 | ss_rekey->sender->kce_send_ack_on_finish = GNUNET_NO; | 1673 | ss_rekey->sender->kce_send_ack_on_finish = GNUNET_YES; |
1674 | ss_rekey->override_available_acks = GNUNET_YES; | ||
1675 | // FIXME | 1675 | // FIXME |
1676 | ss_rekey->sender->kce_task = GNUNET_SCHEDULER_add_delayed ( | 1676 | ss_rekey->sender->kce_task = GNUNET_SCHEDULER_add_delayed ( |
1677 | WORKING_QUEUE_INTERVALL, | 1677 | WORKING_QUEUE_INTERVALL, |
@@ -2430,84 +2430,6 @@ create_rekey (struct ReceiverAddress *receiver, struct SharedSecret *ss, struct | |||
2430 | } | 2430 | } |
2431 | 2431 | ||
2432 | 2432 | ||
2433 | static void | ||
2434 | send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss) | ||
2435 | { | ||
2436 | uint8_t is_ss_rekey_sequence_allowed_zero = GNUNET_NO; | ||
2437 | uint8_t is_acks_available_below = GNUNET_NO; | ||
2438 | uint8_t send_rekey = GNUNET_NO; | ||
2439 | uint16_t not_below; | ||
2440 | struct UDPBox *box; | ||
2441 | struct UDPRekey rekey; | ||
2442 | struct SharedSecret *ss_rekey; | ||
2443 | size_t dpos; | ||
2444 | |||
2445 | char rekey_dgram[sizeof (struct UDPBox) + sizeof(struct UDPRekey) | ||
2446 | + receiver->d_mtu]; | ||
2447 | if (GNUNET_YES == ss->rekey_initiated) | ||
2448 | { | ||
2449 | return; | ||
2450 | } | ||
2451 | ss->rekey_initiated = GNUNET_YES; | ||
2452 | /* setup key material */ | ||
2453 | ss_rekey = setup_shared_secret_ephemeral (&rekey.ephemeral, | ||
2454 | receiver); | ||
2455 | ss_rekey->sequence_allowed = 0; | ||
2456 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2457 | "Setup secret with k = %s\n", | ||
2458 | GNUNET_h2s (&(ss_rekey->master))); | ||
2459 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2460 | "Setup secret with H(k) = %s\n", | ||
2461 | GNUNET_h2s (&(ss_rekey->cmac))); | ||
2462 | |||
2463 | gcry_cipher_hd_t rekey_out_cipher; | ||
2464 | |||
2465 | /* Find suitable secret to encrypt this rekey message */ | ||
2466 | // while (NULL != ss && ss->sequence_used >= ss->sequence_allowed) | ||
2467 | // ss = ss->prev; | ||
2468 | |||
2469 | box = (struct UDPBox *) rekey_dgram; | ||
2470 | ss->sequence_used++; | ||
2471 | get_kid (&ss->master, ss->sequence_used, &box->kid); | ||
2472 | setup_cipher (&ss->master, ss->sequence_used, &rekey_out_cipher); | ||
2473 | /* Append encrypted payload to dgram */ | ||
2474 | rekey.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_REKEY); | ||
2475 | rekey.header.size = htons (sizeof (struct UDPRekey)); | ||
2476 | |||
2477 | GNUNET_assert ( | ||
2478 | 0 == gcry_cipher_encrypt (rekey_out_cipher, &box[1], | ||
2479 | sizeof(struct UDPRekey), | ||
2480 | &rekey, | ||
2481 | sizeof(struct UDPRekey))); | ||
2482 | dpos = sizeof(struct UDPRekey) + sizeof (struct UDPBox); | ||
2483 | do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram) | ||
2484 | - dpos); | ||
2485 | GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher, | ||
2486 | box->gcm_tag, | ||
2487 | sizeof(box->gcm_tag))); | ||
2488 | gcry_cipher_close (rekey_out_cipher); | ||
2489 | |||
2490 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2491 | "Sending rekey with kid %s and new pubkey\n", | ||
2492 | GNUNET_sh2s (&box->kid)); | ||
2493 | if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock, | ||
2494 | rekey_dgram, | ||
2495 | sizeof(rekey_dgram), | ||
2496 | receiver->address, | ||
2497 | receiver->address_len)) | ||
2498 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send"); | ||
2499 | |||
2500 | /* FIXME what is this */ | ||
2501 | receiver->acks_available--; | ||
2502 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2503 | "%u receiver->acks_available 1\n", | ||
2504 | receiver->acks_available); | ||
2505 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2506 | "Sending UDPRekey to %s\n", GNUNET_a2s (receiver->address, | ||
2507 | receiver->address_len)); | ||
2508 | } | ||
2509 | |||
2510 | |||
2511 | /** | 2433 | /** |
2512 | * Signature of functions implementing the sending functionality of a | 2434 | * Signature of functions implementing the sending functionality of a |
2513 | * message queue. | 2435 | * message queue. |
@@ -2523,6 +2445,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
2523 | { | 2445 | { |
2524 | struct ReceiverAddress *receiver = impl_state; | 2446 | struct ReceiverAddress *receiver = impl_state; |
2525 | struct UDPRekey rekey; | 2447 | struct UDPRekey rekey; |
2448 | struct SharedSecret *ss; | ||
2526 | int inject_rekey = GNUNET_NO; | 2449 | int inject_rekey = GNUNET_NO; |
2527 | uint16_t msize = ntohs (msg->size); | 2450 | uint16_t msize = ntohs (msg->size); |
2528 | 2451 | ||
@@ -2544,7 +2467,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
2544 | reschedule_receiver_timeout (receiver); | 2467 | reschedule_receiver_timeout (receiver); |
2545 | 2468 | ||
2546 | /* begin "BOX" encryption method, scan for ACKs from tail! */ | 2469 | /* begin "BOX" encryption method, scan for ACKs from tail! */ |
2547 | for (struct SharedSecret *ss = receiver->ss_tail; NULL != ss; ss = ss->prev) | 2470 | for (ss = receiver->ss_tail; NULL != ss; ss = ss->prev) |
2548 | { | 2471 | { |
2549 | size_t payload_len = sizeof(struct UDPBox) + receiver->d_mtu; | 2472 | size_t payload_len = sizeof(struct UDPBox) + receiver->d_mtu; |
2550 | if (ss->sequence_used >= ss->sequence_allowed) | 2473 | if (ss->sequence_used >= ss->sequence_allowed) |
@@ -2553,8 +2476,14 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
2553 | "Skipping ss because no acks to use.\n"); | 2476 | "Skipping ss because no acks to use.\n"); |
2554 | continue; | 2477 | continue; |
2555 | } | 2478 | } |
2556 | if (ss->bytes_sent > rekey_max_bytes - sizeof (struct UDPRekey) | 2479 | if (ss->bytes_sent >= rekey_max_bytes) |
2557 | - receiver->d_mtu) | 2480 | { |
2481 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2482 | "Skipping ss because rekey bytes reached.\n"); | ||
2483 | // FIXME cleanup ss with too many bytes sent! | ||
2484 | continue; | ||
2485 | } | ||
2486 | if (ss->bytes_sent > rekey_max_bytes * 0.7) | ||
2558 | { | 2487 | { |
2559 | if (ss->rekey_initiated == GNUNET_NO) | 2488 | if (ss->rekey_initiated == GNUNET_NO) |
2560 | { | 2489 | { |