aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2011-10-07 10:00:05 +0000
committerChristian Grothoff <christian@grothoff.org>2011-10-07 10:00:05 +0000
commit9526b3f3f756fef898c750b960b9c89c7159cf1b (patch)
tree385fde3cfa8c0b3aa5f9d3626d95679e62a95d18 /src
parent145db4f07472ffd03b8872928c165a4a7ef46352 (diff)
downloadgnunet-9526b3f3f756fef898c750b960b9c89c7159cf1b.tar.gz
gnunet-9526b3f3f756fef898c750b960b9c89c7159cf1b.zip
hxing
Diffstat (limited to 'src')
-rw-r--r--src/core/gnunet-service-core_kx.c228
-rw-r--r--src/core/gnunet-service-core_kx.h1
2 files changed, 140 insertions, 89 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index 8c02eb2ea..16e5804c6 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -25,7 +25,41 @@
25 */ 25 */
26#include "platform.h" 26#include "platform.h"
27#include "gnunet-service-core_kx.h" 27#include "gnunet-service-core_kx.h"
28#include "gnunet-service-core.h"
29#include "gnunet-service-core_clients.h"
28#include "gnunet-service-core_neighbours.h" 30#include "gnunet-service-core_neighbours.h"
31#include "gnunet-service-core_sessions.h"
32#include "gnunet_statistics_service.h"
33#include "gnunet_peerinfo_service.h"
34#include "gnunet_hello_lib.h"
35#include "gnunet_constants.h"
36#include "gnunet_signatures.h"
37#include "gnunet_protocols.h"
38#include "core.h"
39
40/**
41 * How long do we wait for SET_KEY confirmation initially?
42 */
43#define INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (MAX_SET_KEY_DELAY, 1)
44
45/**
46 * What is the minimum frequency for a PING message?
47 */
48#define MIN_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
49
50/**
51 * What is the maximum age of a message for us to consider processing
52 * it? Note that this looks at the timestamp used by the other peer,
53 * so clock skew between machines does come into play here. So this
54 * should be picked high enough so that a little bit of clock skew
55 * does not prevent peers from connecting to us.
56 */
57#define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS
58
59/**
60 * What is the maximum delay for a SET_KEY message?
61 */
62#define MAX_SET_KEY_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)
29 63
30 64
31/** 65/**
@@ -183,6 +217,12 @@ struct EncryptedMessage
183 217
184}; 218};
185 219
220/**
221 * Number of bytes (at the beginning) of "struct EncryptedMessage"
222 * that are NOT encrypted.
223 */
224#define ENCRYPTED_HEADER_SIZE (offsetof(struct EncryptedMessage, sequence_number))
225
186 226
187/** 227/**
188 * State machine for our P2P encryption handshake. Everyone starts in 228 * State machine for our P2P encryption handshake. Everyone starts in
@@ -317,6 +357,23 @@ struct GSC_KeyExchangeInfo
317 GNUNET_SCHEDULER_TaskIdentifier keep_alive_task; 357 GNUNET_SCHEDULER_TaskIdentifier keep_alive_task;
318 358
319 /** 359 /**
360 * Bit map indicating which of the 32 sequence numbers before the last
361 * were received (good for accepting out-of-order packets and
362 * estimating reliability of the connection)
363 */
364 unsigned int last_packets_bitmap;
365
366 /**
367 * last sequence number received on this connection (highest)
368 */
369 uint32_t last_sequence_number_received;
370
371 /**
372 * last sequence number transmitted
373 */
374 uint32_t last_sequence_number_sent;
375
376 /**
320 * What was our PING challenge number (for this peer)? 377 * What was our PING challenge number (for this peer)?
321 */ 378 */
322 uint32_t ping_challenge; 379 uint32_t ping_challenge;
@@ -428,7 +485,7 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx,
428 GNUNET_assert (size == 485 GNUNET_assert (size ==
429 GNUNET_CRYPTO_aes_encrypt (in, (uint16_t) size, 486 GNUNET_CRYPTO_aes_encrypt (in, (uint16_t) size,
430 &kx->encrypt_key, iv, out)); 487 &kx->encrypt_key, iv, out));
431 GNUNET_STATISTICS_update (stats, gettext_noop ("# bytes encrypted"), size, 488 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# bytes encrypted"), size,
432 GNUNET_NO); 489 GNUNET_NO);
433#if DEBUG_CORE > 2 490#if DEBUG_CORE > 2
434 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 491 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -478,7 +535,7 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx,
478 GNUNET_break (0); 535 GNUNET_break (0);
479 return GNUNET_SYSERR; 536 return GNUNET_SYSERR;
480 } 537 }
481 GNUNET_STATISTICS_update (stats, gettext_noop ("# bytes decrypted"), size, 538 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# bytes decrypted"), size,
482 GNUNET_NO); 539 GNUNET_NO);
483#if DEBUG_CORE > 1 540#if DEBUG_CORE > 1
484 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 541 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -492,6 +549,14 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx,
492} 549}
493 550
494 551
552/**
553 * Send our key (and encrypted PING) to the other peer.
554 *
555 * @param kx key exchange context
556 */
557static void
558send_key (struct GSC_KeyExchangeInfo *kx);
559
495 560
496/** 561/**
497 * Task that will retry "send_key" if our previous attempt failed. 562 * Task that will retry "send_key" if our previous attempt failed.
@@ -528,7 +593,7 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
528 struct GSC_KeyExchangeInfo *kx = cls; 593 struct GSC_KeyExchangeInfo *kx = cls;
529 struct SetKeyMessage *skm; 594 struct SetKeyMessage *skm;
530 595
531 GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == n->retry_set_key_task); 596 GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == kx->retry_set_key_task);
532 if (err_msg != NULL) 597 if (err_msg != NULL)
533 { 598 {
534 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 599 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -546,7 +611,7 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
546 "Failed to obtain public key for peer `%4s', delaying processing of SET_KEY\n", 611 "Failed to obtain public key for peer `%4s', delaying processing of SET_KEY\n",
547 GNUNET_i2s (&kx->peer)); 612 GNUNET_i2s (&kx->peer));
548#endif 613#endif
549 GNUNET_STATISTICS_update (stats, 614 GNUNET_STATISTICS_update (GSC_stats,
550 gettext_noop 615 gettext_noop
551 ("# Delayed connecting due to lack of public key"), 616 ("# Delayed connecting due to lack of public key"),
552 1, GNUNET_NO); 617 1, GNUNET_NO);
@@ -563,7 +628,7 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
563 } 628 }
564 kx->public_key = 629 kx->public_key =
565 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)); 630 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded));
566 if (GNUNET_OK != GNUNET_HELLO_get_key (hello, n->public_key)) 631 if (GNUNET_OK != GNUNET_HELLO_get_key (hello, kx->public_key))
567 { 632 {
568 GNUNET_break (0); 633 GNUNET_break (0);
569 GNUNET_free (kx->public_key); 634 GNUNET_free (kx->public_key);
@@ -582,15 +647,6 @@ process_hello (void *cls, const struct GNUNET_PeerIdentity *peer,
582 647
583 648
584/** 649/**
585 * Send our key (and encrypted PING) to the other peer.
586 *
587 * @param kx key exchange context
588 */
589static void
590send_key (struct GSC_KeyExchangeInfo *kx);
591
592
593/**
594 * Start the key exchange with the given peer. 650 * Start the key exchange with the given peer.
595 * 651 *
596 * @param pid identity of the peer to do a key exchange with 652 * @param pid identity of the peer to do a key exchange with
@@ -603,7 +659,7 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid)
603 659
604 kx = GNUNET_malloc (sizeof (struct GSC_KeyExchangeInfo)); 660 kx = GNUNET_malloc (sizeof (struct GSC_KeyExchangeInfo));
605 kx->peer = *pid; 661 kx->peer = *pid;
606 n->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; 662 kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
607 kx->pitr = GNUNET_PEERINFO_iterate (peerinfo, 663 kx->pitr = GNUNET_PEERINFO_iterate (peerinfo,
608 pid, 664 pid,
609 GNUNET_TIME_UNIT_FOREVER_REL /* timeout? */, 665 GNUNET_TIME_UNIT_FOREVER_REL /* timeout? */,
@@ -633,7 +689,7 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx)
633 } 689 }
634 if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK) 690 if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK)
635 { 691 {
636 GNUNET_SCHEDULER_cancel (n->keep_alive_task); 692 GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
637 kx->keep_alive_task = GNUNET_SCHEDULER_NO_TASK; 693 kx->keep_alive_task = GNUNET_SCHEDULER_NO_TASK;
638 } 694 }
639 GNUNET_free_non_null (kx->skm_received); 695 GNUNET_free_non_null (kx->skm_received);
@@ -653,25 +709,24 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx)
653 */ 709 */
654void 710void
655GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, 711GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx,
656 const struct GNUNET_MessageHandler *msg) 712 const struct GNUNET_MessageHeader *msg)
657{ 713{
658 const struct SetKeyMessage *m; 714 const struct SetKeyMessage *m;
659 struct SetKeyMessage *m_cpy;
660 struct GNUNET_TIME_Absolute t; 715 struct GNUNET_TIME_Absolute t;
661 struct GNUNET_CRYPTO_AesSessionKey k; 716 struct GNUNET_CRYPTO_AesSessionKey k;
662 struct PingMessage *ping; 717 struct PingMessage *ping;
663 struct PongMessage *pong; 718 struct PongMessage *pong;
664 enum PeerStateMachine sender_status; 719 enum KxStateMachine sender_status;
665 uint16_t size; 720 uint16_t size;
666 721
667 size = ntohs (msg->header); 722 size = ntohs (msg->size);
668 if (size != sizeof (struct SetKeyMessage)) 723 if (size != sizeof (struct SetKeyMessage))
669 { 724 {
670 GNUNET_break_op (0); 725 GNUNET_break_op (0);
671 return; 726 return;
672 } 727 }
673 m = (const struct SetKeyMessage*) msg; 728 m = (const struct SetKeyMessage*) msg;
674 GNUNET_STATISTICS_update (stats, gettext_noop ("# session keys received"), 729 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# session keys received"),
675 1, GNUNET_NO); 730 1, GNUNET_NO);
676 731
677#if DEBUG_CORE 732#if DEBUG_CORE
@@ -727,7 +782,7 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx,
727 GNUNET_break_op (0); 782 GNUNET_break_op (0);
728 return; 783 return;
729 } 784 }
730 GNUNET_STATISTICS_update (stats, 785 GNUNET_STATISTICS_update (GSC_stats,
731 gettext_noop ("# SET_KEY messages decrypted"), 1, 786 gettext_noop ("# SET_KEY messages decrypted"), 1,
732 GNUNET_NO); 787 GNUNET_NO);
733 kx->decrypt_key = k; 788 kx->decrypt_key = k;
@@ -738,16 +793,16 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx,
738 kx->last_packets_bitmap = 0; 793 kx->last_packets_bitmap = 0;
739 kx->decrypt_key_created = t; 794 kx->decrypt_key_created = t;
740 } 795 }
741 sender_status = (enum PeerStateMachine) ntohl (m->sender_status); 796 sender_status = (enum KxStateMachine) ntohl (m->sender_status);
742 797
743 switch (kx->status) 798 switch (kx->status)
744 { 799 {
745 case KX_STATE_DOWN: 800 case KX_STATE_DOWN:
746 kx->status = PEER_STATE_KEY_RECEIVED; 801 kx->status = KX_STATE_KEY_RECEIVED;
747 /* we're not up, so we are already doing 'send_key' */ 802 /* we're not up, so we are already doing 'send_key' */
748 break; 803 break;
749 case KX_STATE_KEY_SENT: 804 case KX_STATE_KEY_SENT:
750 n->status = PEER_STATE_KEY_RECEIVED; 805 kx->status = KX_STATE_KEY_RECEIVED;
751 /* we're not up, so we are already doing 'send_key' */ 806 /* we're not up, so we are already doing 'send_key' */
752 break; 807 break;
753 case KX_STATE_KEY_RECEIVED: 808 case KX_STATE_KEY_RECEIVED:
@@ -755,7 +810,7 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx,
755 break; 810 break;
756 case KX_STATE_UP: 811 case KX_STATE_UP:
757 if ( (sender_status == KX_STATE_DOWN) || 812 if ( (sender_status == KX_STATE_DOWN) ||
758 (sender_status == KX_PEER_STATE_KEY_SENT) ) 813 (sender_status == KX_STATE_KEY_SENT) )
759 send_key (kx); /* we are up, but other peer is not! */ 814 send_key (kx); /* we are up, but other peer is not! */
760 break; 815 break;
761 default: 816 default:
@@ -787,7 +842,8 @@ GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx,
787 * @param msg the encrypted PING message itself 842 * @param msg the encrypted PING message itself
788 */ 843 */
789void 844void
790GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *n, const struct GNUNET_MessageHeader *msg) 845GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx,
846 const struct GNUNET_MessageHeader *msg)
791{ 847{
792 const struct PingMessage *m; 848 const struct PingMessage *m;
793 struct PingMessage t; 849 struct PingMessage t;
@@ -809,15 +865,15 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *n, const struct GNUNET_MessageHe
809 (kx->status != KX_STATE_UP) ) 865 (kx->status != KX_STATE_UP) )
810 { 866 {
811 /* defer */ 867 /* defer */
812 GNUNET_free_non_null (n->pending_ping); 868 GNUNET_free_non_null (kx->ping_received);
813 n->pending_ping = GNUNET_copy_message (msg); 869 kx->ping_received = GNUNET_copy_message (msg);
814 return; 870 return;
815 } 871 }
816 m = (const struct PingMessage*) msg; 872 m = (const struct PingMessage*) msg;
817#if DEBUG_CORE 873#if DEBUG_CORE
818 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 874 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
819 "Core service receives `%s' request from `%4s'.\n", "PING", 875 "Core service receives `%s' request from `%4s'.\n", "PING",
820 GNUNET_i2s (&n->peer)); 876 GNUNET_i2s (&kx->peer));
821#endif 877#endif
822 derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); 878 derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
823 if (GNUNET_OK != 879 if (GNUNET_OK !=
@@ -834,24 +890,24 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *n, const struct GNUNET_MessageHe
834 char sender[9]; 890 char sender[9];
835 char peer[9]; 891 char peer[9];
836 892
837 GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&n->peer)); 893 GNUNET_snprintf (sender, sizeof (sender), "%8s", GNUNET_i2s (&kx->peer));
838 GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target)); 894 GNUNET_snprintf (peer, sizeof (peer), "%8s", GNUNET_i2s (&t.target));
839 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 895 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
840 _("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"), 896 _("Received PING from `%s' for different identity: I am `%s', PONG identity: `%s'\n"),
841 sender, GNUNET_i2s (&my_identity), peer); 897 sender, GNUNET_i2s (&GSC_my_identity), peer);
842 GNUNET_break_op (0); 898 GNUNET_break_op (0);
843 return; 899 return;
844 } 900 }
845 /* construct PONG */ 901 /* construct PONG */
846 tx.inbound_bw_limit = n->bw_in; 902 tx.inbound_bw_limit = kx->bw_in; // FIXME!
847 tx.challenge = t.challenge; 903 tx.challenge = t.challenge;
848 tx.target = t.target; 904 tx.target = t.target;
849 tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); 905 tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG);
850 tp.header.size = htons (sizeof (struct PongMessage)); 906 tp.header.size = htons (sizeof (struct PongMessage));
851 tp.iv_seed = 907 tp.iv_seed =
852 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); 908 GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
853 derive_pong_iv (&iv, &n->encrypt_key, tp.iv_seed, t.challenge, &kx->peer); 909 derive_pong_iv (&iv, &kx->encrypt_key, tp.iv_seed, t.challenge, &kx->peer);
854 do_encrypt (n, &iv, &tx.challenge, &tp.challenge, 910 do_encrypt (kx, &iv, &tx.challenge, &tp.challenge,
855 sizeof (struct PongMessage) - ((void *) &tp.challenge - 911 sizeof (struct PongMessage) - ((void *) &tp.challenge -
856 (void *) tp)); 912 (void *) tp));
857 GNUNET_STATISTICS_update (GSC_stats, 913 GNUNET_STATISTICS_update (GSC_stats,
@@ -908,6 +964,7 @@ setup_fresh_ping (struct GSC_KeyExchangeInfo *kx)
908{ 964{
909 struct PingMessage pp; 965 struct PingMessage pp;
910 struct PingMessage *pm; 966 struct PingMessage *pm;
967 struct GNUNET_CRYPTO_AesInitializationVector iv;
911 968
912 pm = &kx->ping; 969 pm = &kx->ping;
913 pm->header.size = htons (sizeof (struct PingMessage)); 970 pm->header.size = htons (sizeof (struct PingMessage));
@@ -946,7 +1003,7 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
946 return; 1003 return;
947 } 1004 }
948 setup_fresh_ping (kx); 1005 setup_fresh_ping (kx);
949 GDS_NEIGHBOURS_transmit (&kx->peer, 1006 GSC_NEIGHBOURS_transmit (&kx->peer,
950 &kx->ping.header, 1007 &kx->ping.header,
951 kx->set_key_retry_frequency); 1008 kx->set_key_retry_frequency);
952 retry = 1009 retry =
@@ -954,7 +1011,26 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
954 MIN_PING_FREQUENCY); 1011 MIN_PING_FREQUENCY);
955 kx->keep_alive_task = 1012 kx->keep_alive_task =
956 GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx); 1013 GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx);
1014}
957 1015
1016
1017/**
1018 * We've seen a valid message from the other peer.
1019 * Update the time when the session would time out
1020 * and delay sending our keep alive message further.
1021 *
1022 * @param kx key exchange where we saw activity
1023 */
1024static void
1025update_timeout (struct GSC_KeyExchangeInfo *kx)
1026{
1027 kx->timeout = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1028 if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK)
1029 GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
1030 kx->keep_alive_task =
1031 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_divide
1032 (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1033 2), &send_keep_alive, kx);
958} 1034}
959 1035
960 1036
@@ -969,12 +1045,8 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
969{ 1045{
970 const struct PongMessage *m; 1046 const struct PongMessage *m;
971 struct PongMessage t; 1047 struct PongMessage t;
972 struct ConnectNotifyMessage *cnm;
973 struct GNUNET_CRYPTO_AesInitializationVector iv; 1048 struct GNUNET_CRYPTO_AesInitializationVector iv;
974 char buf[GNUNET_SERVER_MAX_MESSAGE_SIZE - 1];
975 struct GNUNET_TRANSPORT_ATS_Information *mats;
976 uint16_t msize; 1049 uint16_t msize;
977 size_t size;
978 1050
979 msize = ntohs (msg->size); 1051 msize = ntohs (msg->size);
980 if (msize != sizeof (struct PongMessage)) 1052 if (msize != sizeof (struct PongMessage))
@@ -990,8 +1062,8 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
990 { 1062 {
991 if (kx->status == KX_STATE_KEY_SENT) 1063 if (kx->status == KX_STATE_KEY_SENT)
992 { 1064 {
993 GNUNET_free_non_null (n->pending_pong); 1065 GNUNET_free_non_null (kx->pong_received);
994 n->pending_pong = GNUNET_copy_message (msg); 1066 kx->pong_received = GNUNET_copy_message (msg);
995 } 1067 }
996 return; 1068 return;
997 } 1069 }
@@ -1004,7 +1076,7 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
1004 /* mark as garbage, just to be sure */ 1076 /* mark as garbage, just to be sure */
1005 memset (&t, 255, sizeof (t)); 1077 memset (&t, 255, sizeof (t));
1006 derive_pong_iv (&iv, &kx->decrypt_key, m->iv_seed, kx->ping_challenge, 1078 derive_pong_iv (&iv, &kx->decrypt_key, m->iv_seed, kx->ping_challenge,
1007 &my_identity); 1079 &GSC_my_identity);
1008 if (GNUNET_OK != 1080 if (GNUNET_OK !=
1009 do_decrypt (kx, &iv, &m->challenge, &t.challenge, 1081 do_decrypt (kx, &iv, &m->challenge, &t.challenge,
1010 sizeof (struct PongMessage) - ((void *) &m->challenge - 1082 sizeof (struct PongMessage) - ((void *) &m->challenge -
@@ -1013,7 +1085,7 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
1013 GNUNET_break_op (0); 1085 GNUNET_break_op (0);
1014 return; 1086 return;
1015 } 1087 }
1016 GNUNET_STATISTICS_update (stats, gettext_noop ("# PONG messages decrypted"), 1088 GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# PONG messages decrypted"),
1017 1, GNUNET_NO); 1089 1, GNUNET_NO);
1018 if ((0 != memcmp (&t.target, &kx->peer, sizeof (struct GNUNET_PeerIdentity))) 1090 if ((0 != memcmp (&t.target, &kx->peer, sizeof (struct GNUNET_PeerIdentity)))
1019 || (kx->ping_challenge != t.challenge)) 1091 || (kx->ping_challenge != t.challenge))
@@ -1022,8 +1094,8 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
1022#if DEBUG_CORE 1094#if DEBUG_CORE
1023 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1095 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1024 "Received malformed `%s' wanted sender `%4s' with challenge %u\n", 1096 "Received malformed `%s' wanted sender `%4s' with challenge %u\n",
1025 "PONG", GNUNET_i2s (&n->peer), 1097 "PONG", GNUNET_i2s (&kx->peer),
1026 (unsigned int) n->ping_challenge); 1098 (unsigned int) kx->ping_challenge);
1027 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1099 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1028 "Received malformed `%s' received from `%4s' with challenge %u\n", 1100 "Received malformed `%s' received from `%4s' with challenge %u\n",
1029 "PONG", GNUNET_i2s (&t.target), (unsigned int) t.challenge); 1101 "PONG", GNUNET_i2s (&t.target), (unsigned int) t.challenge);
@@ -1039,19 +1111,19 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
1039 GNUNET_break (0); /* should be impossible */ 1111 GNUNET_break (0); /* should be impossible */
1040 return; 1112 return;
1041 case KX_STATE_KEY_RECEIVED: 1113 case KX_STATE_KEY_RECEIVED:
1042 GNUNET_STATISTICS_update (stats, 1114 GNUNET_STATISTICS_update (GSC_stats,
1043 gettext_noop 1115 gettext_noop
1044 ("# Session keys confirmed via PONG"), 1, 1116 ("# Session keys confirmed via PONG"), 1,
1045 GNUNET_NO); 1117 GNUNET_NO);
1046 kx->status = KX_STATE_UP; 1118 kx->status = KX_STATE_UP;
1047 GSC_SESSIONS_create (&kx->peer); 1119 GSC_SESSIONS_create (&kx->peer, kx);
1048 GNUNET_assert (kx->retry_set_key_task != GNUNET_SCHEDULER_NO_TASK); 1120 GNUNET_assert (kx->retry_set_key_task != GNUNET_SCHEDULER_NO_TASK);
1049 GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); 1121 GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
1050 kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; 1122 kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK;
1051 GNUNET_assert (kx->keep_alive_task == GNUNET_SCHEDULER_NO_TASK); 1123 GNUNET_assert (kx->keep_alive_task == GNUNET_SCHEDULER_NO_TASK);
1052 update_timeout (kx); 1124 update_timeout (kx);
1053 break; 1125 break;
1054 case PEER_STATE_KEY_CONFIRMED: 1126 case KX_STATE_UP:
1055 update_timeout (kx); 1127 update_timeout (kx);
1056 break; 1128 break;
1057 default: 1129 default:
@@ -1069,8 +1141,6 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_MessageH
1069static void 1141static void
1070send_key (struct GSC_KeyExchangeInfo *kx) 1142send_key (struct GSC_KeyExchangeInfo *kx)
1071{ 1143{
1072 struct GNUNET_CRYPTO_AesInitializationVector iv;
1073
1074 GNUNET_assert (kx->retry_set_key_task == GNUNET_SCHEDULER_NO_TASK); 1144 GNUNET_assert (kx->retry_set_key_task == GNUNET_SCHEDULER_NO_TASK);
1075 if (KX_STATE_UP == kx->status) 1145 if (KX_STATE_UP == kx->status)
1076 return; /* nothing to do */ 1146 return; /* nothing to do */
@@ -1085,14 +1155,14 @@ send_key (struct GSC_KeyExchangeInfo *kx)
1085 } 1155 }
1086 1156
1087 /* update status */ 1157 /* update status */
1088 switch (n->status) 1158 switch (kx->status)
1089 { 1159 {
1090 case KX_STATE_DOWN: 1160 case KX_STATE_DOWN:
1091 n->status = PEER_STATE_KEY_SENT; 1161 kx->status = KX_STATE_KEY_SENT;
1092 /* setup SET KEY message */ 1162 /* setup SET KEY message */
1093 setup_fresh_set_key (kx); 1163 setup_fresh_setkey (kx);
1094 setup_fresh_ping (kx); 1164 setup_fresh_ping (kx);
1095 GNUNET_STATISTICS_update (stats, 1165 GNUNET_STATISTICS_update (GSC_stats,
1096 gettext_noop 1166 gettext_noop
1097 ("# SET_KEY and PING messages created"), 1, 1167 ("# SET_KEY and PING messages created"), 1,
1098 GNUNET_NO); 1168 GNUNET_NO);
@@ -1101,7 +1171,7 @@ send_key (struct GSC_KeyExchangeInfo *kx)
1101 break; 1171 break;
1102 case KX_STATE_KEY_RECEIVED: 1172 case KX_STATE_KEY_RECEIVED:
1103 break; 1173 break;
1104 case KX_STATE_KEY_CONFIRMED: 1174 case KX_STATE_UP:
1105 GNUNET_break (0); 1175 GNUNET_break (0);
1106 return; 1176 return;
1107 default: 1177 default:
@@ -1112,10 +1182,10 @@ send_key (struct GSC_KeyExchangeInfo *kx)
1112 /* always update sender status in SET KEY message */ 1182 /* always update sender status in SET KEY message */
1113 kx->skm.sender_status = htonl ((int32_t) kx->status); 1183 kx->skm.sender_status = htonl ((int32_t) kx->status);
1114 1184
1115 GDS_NEIGHBOURS_transmit (&kx->peer, 1185 GSC_NEIGHBOURS_transmit (&kx->peer,
1116 &kx->skm.header, 1186 &kx->skm.header,
1117 kx->set_key_retry_frequency); 1187 kx->set_key_retry_frequency);
1118 GDS_NEIGHBOURS_transmit (&kx->peer, 1188 GSC_NEIGHBOURS_transmit (&kx->peer,
1119 &kx->ping.header, 1189 &kx->ping.header,
1120 kx->set_key_retry_frequency); 1190 kx->set_key_retry_frequency);
1121 kx->retry_set_key_task = 1191 kx->retry_set_key_task =
@@ -1175,33 +1245,13 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1175 kx->encrypt_key_created); 1245 kx->encrypt_key_created);
1176 GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, 1246 GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number,
1177 used - ENCRYPTED_HEADER_SIZE, &em->hmac); 1247 used - ENCRYPTED_HEADER_SIZE, &em->hmac);
1178 GDS_NEIGHBOURS_transmit (&kx->peer, 1248 GSC_NEIGHBOURS_transmit (&kx->peer,
1179 &em->header, 1249 &em->header,
1180 GNUNET_TIME_UNIT_FOREVER_REL); 1250 GNUNET_TIME_UNIT_FOREVER_REL);
1181} 1251}
1182 1252
1183 1253
1184/** 1254/**
1185 * We've seen a valid message from the other peer.
1186 * Update the time when the session would time out
1187 * and delay sending our keep alive message further.
1188 *
1189 * @param kx key exchange where we saw activity
1190 */
1191static void
1192update_timeout (struct GSC_KeyExchangeInfo *kx)
1193{
1194 kx->timeout = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1195 if (kx->keep_alive_task != GNUNET_SCHEDULER_NO_TASK)
1196 GNUNET_SCHEDULER_cancel (n->keep_alive_task);
1197 kx->keep_alive_task =
1198 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_divide
1199 (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT,
1200 2), &send_keep_alive, kx);
1201}
1202
1203
1204/**
1205 * Closure for 'deliver_message' 1255 * Closure for 'deliver_message'
1206 */ 1256 */
1207struct DeliverMessageContext 1257struct DeliverMessageContext
@@ -1221,20 +1271,20 @@ struct DeliverMessageContext
1221 * Number of entries in 'atsi' array. 1271 * Number of entries in 'atsi' array.
1222 */ 1272 */
1223 uint32_t atsi_count; 1273 uint32_t atsi_count;
1224} 1274};
1225
1226 1275
1276
1227/** 1277/**
1228 * We received an encrypted message. Decrypt, validate and 1278 * We received an encrypted message. Decrypt, validate and
1229 * pass on to the appropriate clients. 1279 * pass on to the appropriate clients.
1230 * 1280 *
1231 * @param n target of the message 1281 * @param kx key exchange context for encrypting the message
1232 * @param m encrypted message 1282 * @param m encrypted message
1233 * @param atsi performance data 1283 * @param atsi performance data
1234 * @param atsi_count number of entries in ats (excluding 0-termination) 1284 * @param atsi_count number of entries in ats (excluding 0-termination)
1235 */ 1285 */
1236void 1286void
1237GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n, 1287GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx,
1238 const struct GNUNET_MessageHeader *msg, 1288 const struct GNUNET_MessageHeader *msg,
1239 const struct GNUNET_TRANSPORT_ATS_Information *atsi, 1289 const struct GNUNET_TRANSPORT_ATS_Information *atsi,
1240 uint32_t atsi_count) 1290 uint32_t atsi_count)
@@ -1260,7 +1310,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n,
1260 if ( (kx->status != KX_STATE_KEY_RECEIVED) && 1310 if ( (kx->status != KX_STATE_KEY_RECEIVED) &&
1261 (kx->status != KX_STATE_UP) ) 1311 (kx->status != KX_STATE_UP) )
1262 { 1312 {
1263 GNUNET_STATISTICS_update (stats, 1313 GNUNET_STATISTICS_update (GSC_stats,
1264 gettext_noop 1314 gettext_noop
1265 ("# failed to decrypt message (no session key)"), 1315 ("# failed to decrypt message (no session key)"),
1266 1, GNUNET_NO); 1316 1, GNUNET_NO);
@@ -1317,7 +1367,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n,
1317 { 1367 {
1318 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1368 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1319 "Received duplicate message, ignoring.\n"); 1369 "Received duplicate message, ignoring.\n");
1320 GNUNET_STATISTICS_update (stats, 1370 GNUNET_STATISTICS_update (GSC_stats,
1321 gettext_noop ("# bytes dropped (duplicates)"), 1371 gettext_noop ("# bytes dropped (duplicates)"),
1322 size, GNUNET_NO); 1372 size, GNUNET_NO);
1323 /* duplicate, ignore */ 1373 /* duplicate, ignore */
@@ -1344,7 +1394,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n,
1344 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1394 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1345 _("Message received far too old (%llu ms). Content ignored.\n"), 1395 _("Message received far too old (%llu ms). Content ignored.\n"),
1346 GNUNET_TIME_absolute_get_duration (t).rel_value); 1396 GNUNET_TIME_absolute_get_duration (t).rel_value);
1347 GNUNET_STATISTICS_update (stats, 1397 GNUNET_STATISTICS_update (GSC_stats,
1348 gettext_noop 1398 gettext_noop
1349 ("# bytes dropped (ancient message)"), size, 1399 ("# bytes dropped (ancient message)"), size,
1350 GNUNET_NO); 1400 GNUNET_NO);
@@ -1355,7 +1405,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *n,
1355 update_timeout (kx); 1405 update_timeout (kx);
1356 GSC_SESSIONS_update (&kx->peer, 1406 GSC_SESSIONS_update (&kx->peer,
1357 pt->inbound_bw_limit); 1407 pt->inbound_bw_limit);
1358 GNUNET_STATISTICS_update (stats, 1408 GNUNET_STATISTICS_update (GSC_stats,
1359 gettext_noop ("# bytes of payload decrypted"), 1409 gettext_noop ("# bytes of payload decrypted"),
1360 size - sizeof (struct EncryptedMessage), GNUNET_NO); 1410 size - sizeof (struct EncryptedMessage), GNUNET_NO);
1361 dmc.atsi = atsi; 1411 dmc.atsi = atsi;
@@ -1424,8 +1474,8 @@ GSC_KX_init ()
1424 } 1474 }
1425 GNUNET_CRYPTO_rsa_key_get_public (my_private_key, &my_public_key); 1475 GNUNET_CRYPTO_rsa_key_get_public (my_private_key, &my_public_key);
1426 GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), 1476 GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key),
1427 &my_identity.hashPubKey); 1477 &GSC_my_identity.hashPubKey);
1428 peerinfo = GNUNET_PEERINFO_connect (cfg); 1478 peerinfo = GNUNET_PEERINFO_connect (GSC_cfg);
1429 if (NULL == peerinfo) 1479 if (NULL == peerinfo)
1430 { 1480 {
1431 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 1481 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
diff --git a/src/core/gnunet-service-core_kx.h b/src/core/gnunet-service-core_kx.h
index a7f4b9058..0395f68ed 100644
--- a/src/core/gnunet-service-core_kx.h
+++ b/src/core/gnunet-service-core_kx.h
@@ -27,6 +27,7 @@
27#define GNUNET_SERVICE_CORE_KX_H 27#define GNUNET_SERVICE_CORE_KX_H
28 28
29#include "gnunet_util_lib.h" 29#include "gnunet_util_lib.h"
30#include "gnunet_transport_service.h"
30 31
31 32
32/** 33/**
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 22:21:38 +0000