diff options
author | Christian Grothoff <christian@grothoff.org> | 2011-10-06 21:38:21 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2011-10-06 21:38:21 +0000 |
commit | fb40065c4ef973b7fee53473c1a383007a0abf50 (patch) | |
tree | 78b87172ddf31aee66a2aebb6305e5352a8c9cc7 /src | |
parent | ca1cd117f6a59c0d19f841f72ac37340284ada57 (diff) | |
download | gnunet-fb40065c4ef973b7fee53473c1a383007a0abf50.tar.gz gnunet-fb40065c4ef973b7fee53473c1a383007a0abf50.zip |
make opaque
Diffstat (limited to 'src')
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 146 | ||||
-rw-r--r-- | src/core/gnunet-service-core_kx.h | 141 | ||||
-rw-r--r-- | src/core/gnunet-service-core_neighbours.c | 6 | ||||
-rw-r--r-- | src/core/gnunet-service-core_sessions.c | 7 | ||||
-rw-r--r-- | src/core/gnunet-service-core_sessions.h | 7 |
5 files changed, 161 insertions, 146 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index efc6ca1c2..8f6d19652 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -185,6 +185,152 @@ struct EncryptedMessage | |||
185 | 185 | ||
186 | 186 | ||
187 | /** | 187 | /** |
188 | * State machine for our P2P encryption handshake. Everyone starts in | ||
189 | * "DOWN", if we receive the other peer's key (other peer initiated) | ||
190 | * we start in state RECEIVED (since we will immediately send our | ||
191 | * own); otherwise we start in SENT. If we get back a PONG from | ||
192 | * within either state, we move up to CONFIRMED (the PONG will always | ||
193 | * be sent back encrypted with the key we sent to the other peer). | ||
194 | */ | ||
195 | enum KxStateMachine | ||
196 | { | ||
197 | /** | ||
198 | * No handshake yet. | ||
199 | */ | ||
200 | KX_STATE_DOWN, | ||
201 | |||
202 | /** | ||
203 | * We've sent our session key. | ||
204 | */ | ||
205 | KX_STATE_KEY_SENT, | ||
206 | |||
207 | /** | ||
208 | * We've received the other peers session key. | ||
209 | */ | ||
210 | KX_STATE_KEY_RECEIVED, | ||
211 | |||
212 | /** | ||
213 | * The other peer has confirmed our session key with a message | ||
214 | * encrypted with his session key (which we got). Key exchange | ||
215 | * is done. | ||
216 | */ | ||
217 | KX_STATE_UP | ||
218 | }; | ||
219 | |||
220 | |||
221 | /** | ||
222 | * Information about the status of a key exchange with another peer. | ||
223 | */ | ||
224 | struct GSC_KeyExchangeInfo | ||
225 | { | ||
226 | /** | ||
227 | * Identity of the peer. | ||
228 | */ | ||
229 | struct GNUNET_PeerIdentity peer; | ||
230 | |||
231 | /** | ||
232 | * SetKeyMessage to transmit (initialized the first | ||
233 | * time our status goes past 'KX_STATE_KEY_SENT'). | ||
234 | */ | ||
235 | struct SetKeyMessage skm; | ||
236 | |||
237 | /** | ||
238 | * PING message we transmit to the other peer. | ||
239 | */ | ||
240 | struct PingMessage ping; | ||
241 | |||
242 | /** | ||
243 | * SetKeyMessage we received and did not process yet. | ||
244 | */ | ||
245 | struct SetKeyMessage *skm_received; | ||
246 | |||
247 | /** | ||
248 | * PING message we received from the other peer and | ||
249 | * did not process yet (or NULL). | ||
250 | */ | ||
251 | struct PingMessage *ping_received; | ||
252 | |||
253 | /** | ||
254 | * PONG message we received from the other peer and | ||
255 | * did not process yet (or NULL). | ||
256 | */ | ||
257 | struct PongMessage *pong_received; | ||
258 | |||
259 | /** | ||
260 | * Non-NULL if we are currently looking up HELLOs for this peer. | ||
261 | * for this peer. | ||
262 | */ | ||
263 | struct GNUNET_PEERINFO_IteratorContext *pitr; | ||
264 | |||
265 | /** | ||
266 | * Public key of the neighbour, NULL if we don't have it yet. | ||
267 | */ | ||
268 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key; | ||
269 | |||
270 | /** | ||
271 | * We received a PONG message before we got the "public_key" | ||
272 | * (or the SET_KEY). We keep it here until we have a key | ||
273 | * to decrypt it. NULL if no PONG is pending. | ||
274 | */ | ||
275 | struct PongMessage *pending_pong; | ||
276 | |||
277 | /** | ||
278 | * Key we use to encrypt our messages for the other peer | ||
279 | * (initialized by us when we do the handshake). | ||
280 | */ | ||
281 | struct GNUNET_CRYPTO_AesSessionKey encrypt_key; | ||
282 | |||
283 | /** | ||
284 | * Key we use to decrypt messages from the other peer | ||
285 | * (given to us by the other peer during the handshake). | ||
286 | */ | ||
287 | struct GNUNET_CRYPTO_AesSessionKey decrypt_key; | ||
288 | |||
289 | /** | ||
290 | * At what time did we generate our encryption key? | ||
291 | */ | ||
292 | struct GNUNET_TIME_Absolute encrypt_key_created; | ||
293 | |||
294 | /** | ||
295 | * At what time did the other peer generate the decryption key? | ||
296 | */ | ||
297 | struct GNUNET_TIME_Absolute decrypt_key_created; | ||
298 | |||
299 | /** | ||
300 | * When should the session time out (if there are no PONGs)? | ||
301 | */ | ||
302 | struct GNUNET_TIME_Absolute timeout; | ||
303 | |||
304 | /** | ||
305 | * At what frequency are we currently re-trying SET_KEY messages? | ||
306 | */ | ||
307 | struct GNUNET_TIME_Relative set_key_retry_frequency; | ||
308 | |||
309 | /** | ||
310 | * ID of task used for re-trying SET_KEY and PING message. | ||
311 | */ | ||
312 | GNUNET_SCHEDULER_TaskIdentifier retry_set_key_task; | ||
313 | |||
314 | /** | ||
315 | * ID of task used for sending keep-alive pings. | ||
316 | */ | ||
317 | GNUNET_SCHEDULER_TaskIdentifier keep_alive_task; | ||
318 | |||
319 | /** | ||
320 | * What was our PING challenge number (for this peer)? | ||
321 | */ | ||
322 | uint32_t ping_challenge; | ||
323 | |||
324 | /** | ||
325 | * What is our connection status? | ||
326 | */ | ||
327 | enum KxStateMachine status; | ||
328 | |||
329 | }; | ||
330 | |||
331 | |||
332 | |||
333 | /** | ||
188 | * Handle to peerinfo service. | 334 | * Handle to peerinfo service. |
189 | */ | 335 | */ |
190 | static struct GNUNET_PEERINFO_Handle *peerinfo; | 336 | static struct GNUNET_PEERINFO_Handle *peerinfo; |
diff --git a/src/core/gnunet-service-core_kx.h b/src/core/gnunet-service-core_kx.h index 071665a19..5517001da 100644 --- a/src/core/gnunet-service-core_kx.h +++ b/src/core/gnunet-service-core_kx.h | |||
@@ -30,148 +30,9 @@ | |||
30 | 30 | ||
31 | 31 | ||
32 | /** | 32 | /** |
33 | * State machine for our P2P encryption handshake. Everyone starts in | ||
34 | * "DOWN", if we receive the other peer's key (other peer initiated) | ||
35 | * we start in state RECEIVED (since we will immediately send our | ||
36 | * own); otherwise we start in SENT. If we get back a PONG from | ||
37 | * within either state, we move up to CONFIRMED (the PONG will always | ||
38 | * be sent back encrypted with the key we sent to the other peer). | ||
39 | */ | ||
40 | enum KxStateMachine | ||
41 | { | ||
42 | /** | ||
43 | * No handshake yet. | ||
44 | */ | ||
45 | KX_STATE_DOWN, | ||
46 | |||
47 | /** | ||
48 | * We've sent our session key. | ||
49 | */ | ||
50 | KX_STATE_KEY_SENT, | ||
51 | |||
52 | /** | ||
53 | * We've received the other peers session key. | ||
54 | */ | ||
55 | KX_STATE_KEY_RECEIVED, | ||
56 | |||
57 | /** | ||
58 | * The other peer has confirmed our session key with a message | ||
59 | * encrypted with his session key (which we got). Key exchange | ||
60 | * is done. | ||
61 | */ | ||
62 | KX_STATE_UP | ||
63 | }; | ||
64 | |||
65 | |||
66 | /** | ||
67 | * Information about the status of a key exchange with another peer. | 33 | * Information about the status of a key exchange with another peer. |
68 | */ | 34 | */ |
69 | struct GSC_KeyExchangeInfo | 35 | struct GSC_KeyExchangeInfo; |
70 | { | ||
71 | /** | ||
72 | * Identity of the peer. | ||
73 | */ | ||
74 | struct GNUNET_PeerIdentity peer; | ||
75 | |||
76 | /** | ||
77 | * SetKeyMessage to transmit (initialized the first | ||
78 | * time our status goes past 'KX_STATE_KEY_SENT'). | ||
79 | */ | ||
80 | struct SetKeyMessage skm; | ||
81 | |||
82 | /** | ||
83 | * PING message we transmit to the other peer. | ||
84 | */ | ||
85 | struct PingMessage ping; | ||
86 | |||
87 | /** | ||
88 | * SetKeyMessage we received and did not process yet. | ||
89 | */ | ||
90 | struct SetKeyMessage *skm_received; | ||
91 | |||
92 | /** | ||
93 | * PING message we received from the other peer and | ||
94 | * did not process yet (or NULL). | ||
95 | */ | ||
96 | struct PingMessage *ping_received; | ||
97 | |||
98 | /** | ||
99 | * PONG message we received from the other peer and | ||
100 | * did not process yet (or NULL). | ||
101 | */ | ||
102 | struct PongMessage *pong_received; | ||
103 | |||
104 | /** | ||
105 | * Non-NULL if we are currently looking up HELLOs for this peer. | ||
106 | * for this peer. | ||
107 | */ | ||
108 | struct GNUNET_PEERINFO_IteratorContext *pitr; | ||
109 | |||
110 | /** | ||
111 | * Public key of the neighbour, NULL if we don't have it yet. | ||
112 | */ | ||
113 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key; | ||
114 | |||
115 | /** | ||
116 | * We received a PONG message before we got the "public_key" | ||
117 | * (or the SET_KEY). We keep it here until we have a key | ||
118 | * to decrypt it. NULL if no PONG is pending. | ||
119 | */ | ||
120 | struct PongMessage *pending_pong; | ||
121 | |||
122 | /** | ||
123 | * Key we use to encrypt our messages for the other peer | ||
124 | * (initialized by us when we do the handshake). | ||
125 | */ | ||
126 | struct GNUNET_CRYPTO_AesSessionKey encrypt_key; | ||
127 | |||
128 | /** | ||
129 | * Key we use to decrypt messages from the other peer | ||
130 | * (given to us by the other peer during the handshake). | ||
131 | */ | ||
132 | struct GNUNET_CRYPTO_AesSessionKey decrypt_key; | ||
133 | |||
134 | /** | ||
135 | * At what time did we generate our encryption key? | ||
136 | */ | ||
137 | struct GNUNET_TIME_Absolute encrypt_key_created; | ||
138 | |||
139 | /** | ||
140 | * At what time did the other peer generate the decryption key? | ||
141 | */ | ||
142 | struct GNUNET_TIME_Absolute decrypt_key_created; | ||
143 | |||
144 | /** | ||
145 | * When should the session time out (if there are no PONGs)? | ||
146 | */ | ||
147 | struct GNUNET_TIME_Absolute timeout; | ||
148 | |||
149 | /** | ||
150 | * At what frequency are we currently re-trying SET_KEY messages? | ||
151 | */ | ||
152 | struct GNUNET_TIME_Relative set_key_retry_frequency; | ||
153 | |||
154 | /** | ||
155 | * ID of task used for re-trying SET_KEY and PING message. | ||
156 | */ | ||
157 | GNUNET_SCHEDULER_TaskIdentifier retry_set_key_task; | ||
158 | |||
159 | /** | ||
160 | * ID of task used for sending keep-alive pings. | ||
161 | */ | ||
162 | GNUNET_SCHEDULER_TaskIdentifier keep_alive_task; | ||
163 | |||
164 | /** | ||
165 | * What was our PING challenge number (for this peer)? | ||
166 | */ | ||
167 | uint32_t ping_challenge; | ||
168 | |||
169 | /** | ||
170 | * What is our connection status? | ||
171 | */ | ||
172 | enum KxStateMachine status; | ||
173 | |||
174 | }; | ||
175 | 36 | ||
176 | 37 | ||
177 | /** | 38 | /** |
diff --git a/src/core/gnunet-service-core_neighbours.c b/src/core/gnunet-service-core_neighbours.c index d78f696e6..636c24b9f 100644 --- a/src/core/gnunet-service-core_neighbours.c +++ b/src/core/gnunet-service-core_neighbours.c | |||
@@ -169,8 +169,8 @@ free_neighbour (struct Neighbour *n) | |||
169 | GSC_SESSIONS_end (&n->peer); | 169 | GSC_SESSIONS_end (&n->peer); |
170 | if (NULL != n->kx) | 170 | if (NULL != n->kx) |
171 | { | 171 | { |
172 | GSC_KX_stop (n->kx); | 172 | GSC_KX_stop (n->kxinfo); |
173 | n->kx = NULL; | 173 | n->kxinfo = NULL; |
174 | } | 174 | } |
175 | if (n->retry_plaintext_task != GNUNET_SCHEDULER_NO_TASK) | 175 | if (n->retry_plaintext_task != GNUNET_SCHEDULER_NO_TASK) |
176 | { | 176 | { |
@@ -357,7 +357,7 @@ handle_transport_notify_connect (void *cls, | |||
357 | GNUNET_TRANSPORT_set_quota (transport, peer, | 357 | GNUNET_TRANSPORT_set_quota (transport, peer, |
358 | GNUNET_CONSTANTS_DEFAULT_BW_IN_OUT, | 358 | GNUNET_CONSTANTS_DEFAULT_BW_IN_OUT, |
359 | GNUNET_CONSTANTS_DEFAULT_BW_IN_OUT); | 359 | GNUNET_CONSTANTS_DEFAULT_BW_IN_OUT); |
360 | n->kx = GSC_KX_start (pid); | 360 | n->kxinfo = GSC_KX_start (pid); |
361 | } | 361 | } |
362 | 362 | ||
363 | 363 | ||
diff --git a/src/core/gnunet-service-core_sessions.c b/src/core/gnunet-service-core_sessions.c index a2b662252..3f97532bd 100644 --- a/src/core/gnunet-service-core_sessions.c +++ b/src/core/gnunet-service-core_sessions.c | |||
@@ -67,7 +67,6 @@ struct Session | |||
67 | */ | 67 | */ |
68 | struct GSC_KeyExchangeInfo *kxinfo; | 68 | struct GSC_KeyExchangeInfo *kxinfo; |
69 | 69 | ||
70 | |||
71 | /** | 70 | /** |
72 | * ID of task used for cleaning up dead neighbour entries. | 71 | * ID of task used for cleaning up dead neighbour entries. |
73 | */ | 72 | */ |
@@ -1671,9 +1670,13 @@ GSC_SESSIONS_handle_client_request_info (void *cls, struct GNUNET_SERVER_Client | |||
1671 | 1670 | ||
1672 | /** | 1671 | /** |
1673 | * Create a session, a key exchange was just completed. | 1672 | * Create a session, a key exchange was just completed. |
1673 | * | ||
1674 | * @param peer peer that is now connected | ||
1675 | * @param kx key exchange that completed | ||
1674 | */ | 1676 | */ |
1675 | void | 1677 | void |
1676 | GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer) | 1678 | GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer, |
1679 | struct GSC_KeyExchangeInfo *kx) | ||
1677 | { | 1680 | { |
1678 | { | 1681 | { |
1679 | struct GNUNET_MessageHeader *hdr; | 1682 | struct GNUNET_MessageHeader *hdr; |
diff --git a/src/core/gnunet-service-core_sessions.h b/src/core/gnunet-service-core_sessions.h index 781398d44..fa85bc05a 100644 --- a/src/core/gnunet-service-core_sessions.h +++ b/src/core/gnunet-service-core_sessions.h | |||
@@ -148,9 +148,14 @@ GSC_SESSIONS_handle_client_request_info (void *cls, struct GNUNET_SERVER_Client | |||
148 | 148 | ||
149 | /** | 149 | /** |
150 | * Create a session, a key exchange was just completed. | 150 | * Create a session, a key exchange was just completed. |
151 | * | ||
152 | * @param peer peer that is now connected | ||
153 | * @param kx key exchange that completed | ||
151 | */ | 154 | */ |
152 | void | 155 | void |
153 | GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer); | 156 | GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer, |
157 | struct GSC_KeyExchangeInfo *kx); | ||
158 | |||
154 | 159 | ||
155 | /** | 160 | /** |
156 | * Update information about a session. | 161 | * Update information about a session. |