diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-30 16:20:24 +0200 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-07-30 16:20:24 +0200 |
| commit | b96a52aaea0039b54fe711e24e0b44746457b438 (patch) | |
| tree | 66aba716a1ffa80c64b7177c1d5cf36e99a02732 /src/transport/gnunet-communicator-udp.c | |
| parent | 589b06c1bb7b8aeedde5db7b10ec4bc8778f8422 (diff) | |
| download | gnunet-b96a52aaea0039b54fe711e24e0b44746457b438.tar.gz gnunet-b96a52aaea0039b54fe711e24e0b44746457b438.zip | |
TNG: Make UDP communicator rekey work functionally.
Diffstat (limited to 'src/transport/gnunet-communicator-udp.c')
| -rw-r--r-- | src/transport/gnunet-communicator-udp.c | 109 |
1 files changed, 19 insertions, 90 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index 2b014f890..9c2eddbdb 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c | |||
| @@ -484,7 +484,10 @@ struct SharedSecret | |||
| 484 | */ | 484 | */ |
| 485 | int rekey_initiated; | 485 | int rekey_initiated; |
| 486 | 486 | ||
| 487 | 487 | /** | |
| 488 | * Also precompute keys despite sufficient acks (for rekey) | ||
| 489 | */ | ||
| 490 | int override_available_acks; | ||
| 488 | }; | 491 | }; |
| 489 | 492 | ||
| 490 | 493 | ||
| @@ -1580,14 +1583,9 @@ kce_generate_cb (void *cls) | |||
| 1580 | "Precomputing %u keys for master %s\n", | 1583 | "Precomputing %u keys for master %s\n", |
| 1581 | GENERATE_AT_ONCE, | 1584 | GENERATE_AT_ONCE, |
| 1582 | GNUNET_h2s (&(ss->master))); | 1585 | GNUNET_h2s (&(ss->master))); |
| 1583 | if (KCN_TARGET < ss->sender->acks_available) | 1586 | if ((ss->override_available_acks != GNUNET_YES) && |
| 1584 | { | 1587 | (KCN_TARGET < ss->sender->acks_available)) |
| 1585 | ss->sender->kce_task = GNUNET_SCHEDULER_add_delayed ( | ||
| 1586 | WORKING_QUEUE_INTERVALL, | ||
| 1587 | kce_generate_cb, | ||
| 1588 | ss); | ||
| 1589 | return; | 1588 | return; |
| 1590 | } | ||
| 1591 | for (int i = 0; i < GENERATE_AT_ONCE; i++) | 1589 | for (int i = 0; i < GENERATE_AT_ONCE; i++) |
| 1592 | kce_generate (ss, ++ss->sequence_allowed); | 1590 | kce_generate (ss, ++ss->sequence_allowed); |
| 1593 | 1591 | ||
| @@ -1606,6 +1604,7 @@ kce_generate_cb (void *cls) | |||
| 1606 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1604 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 1607 | "We have enough keys (ACKs: %u).\n", ss->sender->acks_available); | 1605 | "We have enough keys (ACKs: %u).\n", ss->sender->acks_available); |
| 1608 | ss->sender->kce_task_finished = GNUNET_YES; | 1606 | ss->sender->kce_task_finished = GNUNET_YES; |
| 1607 | ss->override_available_acks = GNUNET_NO; | ||
| 1609 | if (ss->sender->kce_send_ack_on_finish == GNUNET_YES) | 1608 | if (ss->sender->kce_send_ack_on_finish == GNUNET_YES) |
| 1610 | consider_ss_ack (ss); | 1609 | consider_ss_ack (ss); |
| 1611 | } | 1610 | } |
| @@ -1671,7 +1670,8 @@ try_handle_plaintext (struct SenderAddress *sender, | |||
| 1671 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1670 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 1672 | "We have %u acks available.\n", | 1671 | "We have %u acks available.\n", |
| 1673 | ss_rekey->sender->acks_available); | 1672 | ss_rekey->sender->acks_available); |
| 1674 | ss_rekey->sender->kce_send_ack_on_finish = GNUNET_NO; | 1673 | ss_rekey->sender->kce_send_ack_on_finish = GNUNET_YES; |
| 1674 | ss_rekey->override_available_acks = GNUNET_YES; | ||
| 1675 | // FIXME | 1675 | // FIXME |
| 1676 | ss_rekey->sender->kce_task = GNUNET_SCHEDULER_add_delayed ( | 1676 | ss_rekey->sender->kce_task = GNUNET_SCHEDULER_add_delayed ( |
| 1677 | WORKING_QUEUE_INTERVALL, | 1677 | WORKING_QUEUE_INTERVALL, |
| @@ -2430,84 +2430,6 @@ create_rekey (struct ReceiverAddress *receiver, struct SharedSecret *ss, struct | |||
| 2430 | } | 2430 | } |
| 2431 | 2431 | ||
| 2432 | 2432 | ||
| 2433 | static void | ||
| 2434 | send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss) | ||
| 2435 | { | ||
| 2436 | uint8_t is_ss_rekey_sequence_allowed_zero = GNUNET_NO; | ||
| 2437 | uint8_t is_acks_available_below = GNUNET_NO; | ||
| 2438 | uint8_t send_rekey = GNUNET_NO; | ||
| 2439 | uint16_t not_below; | ||
| 2440 | struct UDPBox *box; | ||
| 2441 | struct UDPRekey rekey; | ||
| 2442 | struct SharedSecret *ss_rekey; | ||
| 2443 | size_t dpos; | ||
| 2444 | |||
| 2445 | char rekey_dgram[sizeof (struct UDPBox) + sizeof(struct UDPRekey) | ||
| 2446 | + receiver->d_mtu]; | ||
| 2447 | if (GNUNET_YES == ss->rekey_initiated) | ||
| 2448 | { | ||
| 2449 | return; | ||
| 2450 | } | ||
| 2451 | ss->rekey_initiated = GNUNET_YES; | ||
| 2452 | /* setup key material */ | ||
| 2453 | ss_rekey = setup_shared_secret_ephemeral (&rekey.ephemeral, | ||
| 2454 | receiver); | ||
| 2455 | ss_rekey->sequence_allowed = 0; | ||
| 2456 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2457 | "Setup secret with k = %s\n", | ||
| 2458 | GNUNET_h2s (&(ss_rekey->master))); | ||
| 2459 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2460 | "Setup secret with H(k) = %s\n", | ||
| 2461 | GNUNET_h2s (&(ss_rekey->cmac))); | ||
| 2462 | |||
| 2463 | gcry_cipher_hd_t rekey_out_cipher; | ||
| 2464 | |||
| 2465 | /* Find suitable secret to encrypt this rekey message */ | ||
| 2466 | // while (NULL != ss && ss->sequence_used >= ss->sequence_allowed) | ||
| 2467 | // ss = ss->prev; | ||
| 2468 | |||
| 2469 | box = (struct UDPBox *) rekey_dgram; | ||
| 2470 | ss->sequence_used++; | ||
| 2471 | get_kid (&ss->master, ss->sequence_used, &box->kid); | ||
| 2472 | setup_cipher (&ss->master, ss->sequence_used, &rekey_out_cipher); | ||
| 2473 | /* Append encrypted payload to dgram */ | ||
| 2474 | rekey.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_REKEY); | ||
| 2475 | rekey.header.size = htons (sizeof (struct UDPRekey)); | ||
| 2476 | |||
| 2477 | GNUNET_assert ( | ||
| 2478 | 0 == gcry_cipher_encrypt (rekey_out_cipher, &box[1], | ||
| 2479 | sizeof(struct UDPRekey), | ||
| 2480 | &rekey, | ||
| 2481 | sizeof(struct UDPRekey))); | ||
| 2482 | dpos = sizeof(struct UDPRekey) + sizeof (struct UDPBox); | ||
| 2483 | do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram) | ||
| 2484 | - dpos); | ||
| 2485 | GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher, | ||
| 2486 | box->gcm_tag, | ||
| 2487 | sizeof(box->gcm_tag))); | ||
| 2488 | gcry_cipher_close (rekey_out_cipher); | ||
| 2489 | |||
| 2490 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 2491 | "Sending rekey with kid %s and new pubkey\n", | ||
| 2492 | GNUNET_sh2s (&box->kid)); | ||
| 2493 | if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock, | ||
| 2494 | rekey_dgram, | ||
| 2495 | sizeof(rekey_dgram), | ||
| 2496 | receiver->address, | ||
| 2497 | receiver->address_len)) | ||
| 2498 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send"); | ||
| 2499 | |||
| 2500 | /* FIXME what is this */ | ||
| 2501 | receiver->acks_available--; | ||
| 2502 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2503 | "%u receiver->acks_available 1\n", | ||
| 2504 | receiver->acks_available); | ||
| 2505 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2506 | "Sending UDPRekey to %s\n", GNUNET_a2s (receiver->address, | ||
| 2507 | receiver->address_len)); | ||
| 2508 | } | ||
| 2509 | |||
| 2510 | |||
| 2511 | /** | 2433 | /** |
| 2512 | * Signature of functions implementing the sending functionality of a | 2434 | * Signature of functions implementing the sending functionality of a |
| 2513 | * message queue. | 2435 | * message queue. |
| @@ -2523,6 +2445,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
| 2523 | { | 2445 | { |
| 2524 | struct ReceiverAddress *receiver = impl_state; | 2446 | struct ReceiverAddress *receiver = impl_state; |
| 2525 | struct UDPRekey rekey; | 2447 | struct UDPRekey rekey; |
| 2448 | struct SharedSecret *ss; | ||
| 2526 | int inject_rekey = GNUNET_NO; | 2449 | int inject_rekey = GNUNET_NO; |
| 2527 | uint16_t msize = ntohs (msg->size); | 2450 | uint16_t msize = ntohs (msg->size); |
| 2528 | 2451 | ||
| @@ -2544,7 +2467,7 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
| 2544 | reschedule_receiver_timeout (receiver); | 2467 | reschedule_receiver_timeout (receiver); |
| 2545 | 2468 | ||
| 2546 | /* begin "BOX" encryption method, scan for ACKs from tail! */ | 2469 | /* begin "BOX" encryption method, scan for ACKs from tail! */ |
| 2547 | for (struct SharedSecret *ss = receiver->ss_tail; NULL != ss; ss = ss->prev) | 2470 | for (ss = receiver->ss_tail; NULL != ss; ss = ss->prev) |
| 2548 | { | 2471 | { |
| 2549 | size_t payload_len = sizeof(struct UDPBox) + receiver->d_mtu; | 2472 | size_t payload_len = sizeof(struct UDPBox) + receiver->d_mtu; |
| 2550 | if (ss->sequence_used >= ss->sequence_allowed) | 2473 | if (ss->sequence_used >= ss->sequence_allowed) |
| @@ -2553,8 +2476,14 @@ mq_send_d (struct GNUNET_MQ_Handle *mq, | |||
| 2553 | "Skipping ss because no acks to use.\n"); | 2476 | "Skipping ss because no acks to use.\n"); |
| 2554 | continue; | 2477 | continue; |
| 2555 | } | 2478 | } |
| 2556 | if (ss->bytes_sent > rekey_max_bytes - sizeof (struct UDPRekey) | 2479 | if (ss->bytes_sent >= rekey_max_bytes) |
| 2557 | - receiver->d_mtu) | 2480 | { |
| 2481 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 2482 | "Skipping ss because rekey bytes reached.\n"); | ||
| 2483 | // FIXME cleanup ss with too many bytes sent! | ||
| 2484 | continue; | ||
| 2485 | } | ||
| 2486 | if (ss->bytes_sent > rekey_max_bytes * 0.7) | ||
| 2558 | { | 2487 | { |
| 2559 | if (ss->rekey_initiated == GNUNET_NO) | 2488 | if (ss->rekey_initiated == GNUNET_NO) |
| 2560 | { | 2489 | { |