aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-06-04 19:24:00 +0200
committerChristian Grothoff <christian@grothoff.org>2018-06-04 19:24:00 +0200
commitd7aa2a805cea33cb1b37c2bb65be1fd4cf367d21 (patch)
tree128dabbed44cf17fd5a464a741a7452fa41422d4 /src
parentb670eec1c0ea387ae31b52dd0d51c1422949a55c (diff)
downloadgnunet-d7aa2a805cea33cb1b37c2bb65be1fd4cf367d21.tar.gz
gnunet-d7aa2a805cea33cb1b37c2bb65be1fd4cf367d21.zip
use DEBUG_KX for new core log messages
Diffstat (limited to 'src')
-rw-r--r--src/core/gnunet-service-core_kx.c53
1 files changed, 42 insertions, 11 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index c29e46997..21f1308f7 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -34,6 +34,10 @@
34#include "gnunet_protocols.h" 34#include "gnunet_protocols.h"
35#include "core.h" 35#include "core.h"
36 36
37/**
38 * Enable expensive (and possibly problematic for privacy!) logging of KX.
39 */
40#define DEBUG_KX 0
37 41
38/** 42/**
39 * How long do we wait for SET_KEY confirmation initially? 43 * How long do we wait for SET_KEY confirmation initially?
@@ -447,13 +451,17 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey,
447 uint32_t seed) 451 uint32_t seed)
448{ 452{
449 static const char ctx[] = "authentication key"; 453 static const char ctx[] = "authentication key";
450 454#if DEBUG_KX
451 struct GNUNET_HashCode sh; 455 struct GNUNET_HashCode sh;
452 GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); 456
457 GNUNET_CRYPTO_hash (skey,
458 sizeof (*skey),
459 &sh);
453 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 460 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
454 "Deriving Auth key from SKEY %s and seed %u\n", 461 "Deriving Auth key from SKEY %s and seed %u\n",
455 GNUNET_h2s (&sh), 462 GNUNET_h2s (&sh),
456 (unsigned int) seed); 463 (unsigned int) seed);
464#endif
457 GNUNET_CRYPTO_hmac_derive_key (akey, 465 GNUNET_CRYPTO_hmac_derive_key (akey,
458 skey, 466 skey,
459 &seed, sizeof (seed), 467 &seed, sizeof (seed),
@@ -478,14 +486,18 @@ derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
478 const struct GNUNET_PeerIdentity *identity) 486 const struct GNUNET_PeerIdentity *identity)
479{ 487{
480 static const char ctx[] = "initialization vector"; 488 static const char ctx[] = "initialization vector";
481 489#if DEBUG_KX
482 struct GNUNET_HashCode sh; 490 struct GNUNET_HashCode sh;
483 GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); 491
492 GNUNET_CRYPTO_hash (skey,
493 sizeof (*skey),
494 &sh);
484 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 495 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
485 "Deriving IV from SKEY %s and seed %u for peer %s\n", 496 "Deriving IV from SKEY %s and seed %u for peer %s\n",
486 GNUNET_h2s (&sh), 497 GNUNET_h2s (&sh),
487 (unsigned int) seed, 498 (unsigned int) seed,
488 GNUNET_i2s (identity)); 499 GNUNET_i2s (identity));
500#endif
489 GNUNET_CRYPTO_symmetric_derive_iv (iv, 501 GNUNET_CRYPTO_symmetric_derive_iv (iv,
490 skey, 502 skey,
491 &seed, sizeof (seed), 503 &seed, sizeof (seed),
@@ -512,15 +524,19 @@ derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
512 const struct GNUNET_PeerIdentity *identity) 524 const struct GNUNET_PeerIdentity *identity)
513{ 525{
514 static const char ctx[] = "pong initialization vector"; 526 static const char ctx[] = "pong initialization vector";
515 527#if DEBUG_KX
516 struct GNUNET_HashCode sh; 528 struct GNUNET_HashCode sh;
517 GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); 529
530 GNUNET_CRYPTO_hash (skey,
531 sizeof (*skey),
532 &sh);
518 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 533 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
519 "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n", 534 "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
520 GNUNET_h2s (&sh), 535 GNUNET_h2s (&sh),
521 (unsigned int) seed, 536 (unsigned int) seed,
522 (unsigned int) challenge, 537 (unsigned int) challenge,
523 GNUNET_i2s (identity)); 538 GNUNET_i2s (identity));
539#endif
524 GNUNET_CRYPTO_symmetric_derive_iv (iv, 540 GNUNET_CRYPTO_symmetric_derive_iv (iv,
525 skey, 541 skey,
526 &seed, sizeof (seed), 542 &seed, sizeof (seed),
@@ -547,14 +563,18 @@ derive_aes_key (const struct GNUNET_PeerIdentity *sender,
547 struct GNUNET_CRYPTO_SymmetricSessionKey *skey) 563 struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
548{ 564{
549 static const char ctx[] = "aes key generation vector"; 565 static const char ctx[] = "aes key generation vector";
550 566#if DEBUG_KX
551 struct GNUNET_HashCode sh; 567 struct GNUNET_HashCode sh;
552 GNUNET_CRYPTO_hash (skey, sizeof (*skey), &sh); 568
569 GNUNET_CRYPTO_hash (skey,
570 sizeof (*skey),
571 &sh);
553 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 572 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
554 "Deriving AES Keys for %s to %s from %s\n", 573 "Deriving AES Keys for %s to %s from %s\n",
555 GNUNET_i2s (sender), 574 GNUNET_i2s (sender),
556 GNUNET_i2s2 (receiver), 575 GNUNET_i2s2 (receiver),
557 GNUNET_h2s (key_material)); 576 GNUNET_h2s (key_material));
577#endif
558 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), 578 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
559 ctx, sizeof (ctx), 579 ctx, sizeof (ctx),
560 key_material, sizeof (struct GNUNET_HashCode), 580 key_material, sizeof (struct GNUNET_HashCode),
@@ -599,7 +619,7 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx,
599 GNUNET_NO); 619 GNUNET_NO);
600 /* the following is too sensitive to write to log files by accident, 620 /* the following is too sensitive to write to log files by accident,
601 so we require manual intervention to get this one... */ 621 so we require manual intervention to get this one... */
602#if 0 622#if DEBUG_KX
603 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 623 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
604 "Encrypted %u bytes for `%s' using key %u, IV %u\n", 624 "Encrypted %u bytes for `%s' using key %u, IV %u\n",
605 (unsigned int) size, 625 (unsigned int) size,
@@ -659,7 +679,7 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx,
659 GNUNET_NO); 679 GNUNET_NO);
660 /* the following is too sensitive to write to log files by accident, 680 /* the following is too sensitive to write to log files by accident,
661 so we require manual intervention to get this one... */ 681 so we require manual intervention to get this one... */
662#if 0 682#if DEBUG_KX
663 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 683 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
664 "Decrypted %u bytes from `%s' using key %u, IV %u\n", 684 "Decrypted %u bytes from `%s' using key %u, IV %u\n",
665 (unsigned int) size, 685 (unsigned int) size,
@@ -1042,6 +1062,7 @@ handle_ephemeral_key (void *cls,
1042 GNUNET_NO); 1062 GNUNET_NO);
1043 return; 1063 return;
1044 } 1064 }
1065#if DEBUG_KX
1045 { 1066 {
1046 struct GNUNET_HashCode eh; 1067 struct GNUNET_HashCode eh;
1047 1068
@@ -1054,6 +1075,7 @@ handle_ephemeral_key (void *cls,
1054 GNUNET_i2s (kx->peer), 1075 GNUNET_i2s (kx->peer),
1055 kx->status); 1076 kx->status);
1056 } 1077 }
1078#endif
1057 GNUNET_STATISTICS_update (GSC_stats, 1079 GNUNET_STATISTICS_update (GSC_stats,
1058 gettext_noop ("# valid ephemeral keys received"), 1080 gettext_noop ("# valid ephemeral keys received"),
1059 1, 1081 1,
@@ -1460,6 +1482,7 @@ send_key (struct GSC_KeyExchangeInfo *kx)
1460 kx->retry_set_key_task = NULL; 1482 kx->retry_set_key_task = NULL;
1461 } 1483 }
1462 /* always update sender status in SET KEY message */ 1484 /* always update sender status in SET KEY message */
1485#if DEBUG_KX
1463 { 1486 {
1464 struct GNUNET_HashCode hc; 1487 struct GNUNET_HashCode hc;
1465 1488
@@ -1472,6 +1495,7 @@ send_key (struct GSC_KeyExchangeInfo *kx)
1472 GNUNET_i2s (kx->peer), 1495 GNUNET_i2s (kx->peer),
1473 kx->status); 1496 kx->status);
1474 } 1497 }
1498#endif
1475 current_ekm.sender_status = htonl ((int32_t) (kx->status)); 1499 current_ekm.sender_status = htonl ((int32_t) (kx->status));
1476 env = GNUNET_MQ_msg_copy (&current_ekm.header); 1500 env = GNUNET_MQ_msg_copy (&current_ekm.header);
1477 GNUNET_MQ_send (kx->mq, 1501 GNUNET_MQ_send (kx->mq,
@@ -1527,6 +1551,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1527 &ph->sequence_number, 1551 &ph->sequence_number,
1528 &em->sequence_number, 1552 &em->sequence_number,
1529 used - ENCRYPTED_HEADER_SIZE)); 1553 used - ENCRYPTED_HEADER_SIZE));
1554#if DEBUG_KX
1530 { 1555 {
1531 struct GNUNET_HashCode hc; 1556 struct GNUNET_HashCode hc;
1532 1557
@@ -1539,6 +1564,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1539 (unsigned int) (used - ENCRYPTED_HEADER_SIZE), 1564 (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
1540 GNUNET_i2s (kx->peer)); 1565 GNUNET_i2s (kx->peer));
1541 } 1566 }
1567#endif
1542 derive_auth_key (&auth_key, 1568 derive_auth_key (&auth_key,
1543 &kx->encrypt_key, 1569 &kx->encrypt_key,
1544 ph->iv_seed); 1570 ph->iv_seed);
@@ -1546,6 +1572,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1546 &em->sequence_number, 1572 &em->sequence_number,
1547 used - ENCRYPTED_HEADER_SIZE, 1573 used - ENCRYPTED_HEADER_SIZE,
1548 &em->hmac); 1574 &em->hmac);
1575#if DEBUG_KX
1549 { 1576 {
1550 struct GNUNET_HashCode hc; 1577 struct GNUNET_HashCode hc;
1551 1578
@@ -1558,6 +1585,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1558 GNUNET_h2s (&hc), 1585 GNUNET_h2s (&hc),
1559 GNUNET_h2s2 (&em->hmac)); 1586 GNUNET_h2s2 (&em->hmac));
1560 } 1587 }
1588#endif
1561 kx->has_excess_bandwidth = GNUNET_NO; 1589 kx->has_excess_bandwidth = GNUNET_NO;
1562 GNUNET_MQ_send (kx->mq, 1590 GNUNET_MQ_send (kx->mq,
1563 env); 1591 env);
@@ -1637,6 +1665,7 @@ handle_encrypted (void *cls,
1637 } 1665 }
1638 1666
1639 /* validate hash */ 1667 /* validate hash */
1668#if DEBUG_KX
1640 { 1669 {
1641 struct GNUNET_HashCode hc; 1670 struct GNUNET_HashCode hc;
1642 1671
@@ -1649,7 +1678,7 @@ handle_encrypted (void *cls,
1649 (unsigned int) (size - ENCRYPTED_HEADER_SIZE), 1678 (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
1650 GNUNET_i2s (kx->peer)); 1679 GNUNET_i2s (kx->peer));
1651 } 1680 }
1652 1681#endif
1653 derive_auth_key (&auth_key, 1682 derive_auth_key (&auth_key,
1654 &kx->decrypt_key, 1683 &kx->decrypt_key,
1655 m->iv_seed); 1684 m->iv_seed);
@@ -1657,6 +1686,7 @@ handle_encrypted (void *cls,
1657 &m->sequence_number, 1686 &m->sequence_number,
1658 size - ENCRYPTED_HEADER_SIZE, 1687 size - ENCRYPTED_HEADER_SIZE,
1659 &ph); 1688 &ph);
1689#if DEBUG_KX
1660 { 1690 {
1661 struct GNUNET_HashCode hc; 1691 struct GNUNET_HashCode hc;
1662 1692
@@ -1669,6 +1699,7 @@ handle_encrypted (void *cls,
1669 GNUNET_h2s (&hc), 1699 GNUNET_h2s (&hc),
1670 GNUNET_h2s2 (&m->hmac)); 1700 GNUNET_h2s2 (&m->hmac));
1671 } 1701 }
1702#endif
1672 if (0 != memcmp (&ph, 1703 if (0 != memcmp (&ph,
1673 &m->hmac, 1704 &m->hmac,
1674 sizeof (struct GNUNET_HashCode))) 1705 sizeof (struct GNUNET_HashCode)))