diff options
33 files changed, 567 insertions, 906 deletions
@@ -1 +1,12 @@ | |||
1 | See ChangeLog. | 1 | ====================================================================== |
2 | |||
3 | THIS SVN VERSION OF GNUNET IS INCOMPATIBLE TO ALL PREVIOUS RELEASES. | ||
4 | WE ARE WORKING ON CHANGING FUNDAMENTAL PARTS OF THE CRYPTOGRAPHIC | ||
5 | PARTS OF THE SYSTEM. | ||
6 | |||
7 | THE CURRENT IMPLEMENTATION DOES NOT GIVE YOU ANY SECURITY (AS SOME | ||
8 | CRYPTO IS DISABLED/INCOMPLETE) AND WILL LIKELY NOT BE COMPATIBLE WITH | ||
9 | YESTERDAYS OR TOMORROWS VERSION. AS SUCH, DO NOT USE IT, OTHER THAN | ||
10 | FOR DEVELOPMENT! | ||
11 | |||
12 | ======================================================================= | ||
@@ -1,3 +1,16 @@ | |||
1 | ====================================================================== | ||
2 | |||
3 | THIS SVN VERSION OF GNUNET IS INCOMPATIBLE TO ALL PREVIOUS RELEASES. | ||
4 | WE ARE WORKING ON CHANGING FUNDAMENTAL PARTS OF THE CRYPTOGRAPHIC | ||
5 | PARTS OF THE SYSTEM. | ||
6 | |||
7 | THE CURRENT IMPLEMENTATION DOES NOT GIVE YOU ANY SECURITY (AS SOME | ||
8 | CRYPTO IS DISABLED/INCOMPLETE) AND WILL LIKELY NOT BE COMPATIBLE WITH | ||
9 | YESTERDAYS OR TOMORROWS VERSION. AS SUCH, DO NOT USE IT, OTHER THAN | ||
10 | FOR DEVELOPMENT! | ||
11 | |||
12 | ======================================================================= | ||
13 | |||
1 | Welcome to GNUnet | 14 | Welcome to GNUnet |
2 | 15 | ||
3 | 16 | ||
diff --git a/README.1st b/README.1st new file mode 100644 index 000000000..c13106bbe --- /dev/null +++ b/README.1st | |||
@@ -0,0 +1,12 @@ | |||
1 | ====================================================================== | ||
2 | |||
3 | THIS SVN VERSION OF GNUNET IS INCOMPATIBLE TO ALL PREVIOUS RELEASES. | ||
4 | WE ARE WORKING ON CHANGING FUNDAMENTAL PARTS OF THE CRYPTOGRAPHIC | ||
5 | PARTS OF THE SYSTEM. | ||
6 | |||
7 | THE CURRENT IMPLEMENTATION DOES NOT GIVE YOU ANY SECURITY (AS SOME | ||
8 | CRYPTO IS DISABLED/INCOMPLETE) AND WILL LIKELY NOT BE COMPATIBLE WITH | ||
9 | YESTERDAYS OR TOMORROWS VERSION. AS SUCH, DO NOT USE IT, OTHER THAN | ||
10 | FOR DEVELOPMENT! | ||
11 | |||
12 | ======================================================================= | ||
diff --git a/src/core/Makefile.am b/src/core/Makefile.am index 6d073da1f..a3ef13f5a 100644 --- a/src/core/Makefile.am +++ b/src/core/Makefile.am | |||
@@ -46,8 +46,6 @@ gnunet_service_core_SOURCES = \ | |||
46 | gnunet-service-core_sessions.c gnunet-service-core_sessions.h \ | 46 | gnunet-service-core_sessions.c gnunet-service-core_sessions.h \ |
47 | gnunet-service-core_typemap.c gnunet-service-core_typemap.h | 47 | gnunet-service-core_typemap.c gnunet-service-core_typemap.h |
48 | gnunet_service_core_LDADD = \ | 48 | gnunet_service_core_LDADD = \ |
49 | $(top_builddir)/src/hello/libgnunethello.la \ | ||
50 | $(top_builddir)/src/peerinfo/libgnunetpeerinfo.la \ | ||
51 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | 49 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ |
52 | $(top_builddir)/src/transport/libgnunettransport.la \ | 50 | $(top_builddir)/src/transport/libgnunettransport.la \ |
53 | $(top_builddir)/src/util/libgnunetutil.la \ | 51 | $(top_builddir)/src/util/libgnunetutil.la \ |
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c index 095e12405..2be833fa0 100644 --- a/src/core/gnunet-service-core.c +++ b/src/core/gnunet-service-core.c | |||
@@ -56,7 +56,7 @@ static struct GNUNET_SERVER_Handle *GSC_server; | |||
56 | /** | 56 | /** |
57 | * Hostkey generation context | 57 | * Hostkey generation context |
58 | */ | 58 | */ |
59 | static struct GNUNET_CRYPTO_RsaKeyGenerationContext *keygen; | 59 | static struct GNUNET_CRYPTO_EccKeyGenerationContext *keygen; |
60 | 60 | ||
61 | 61 | ||
62 | /** | 62 | /** |
@@ -72,7 +72,7 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
72 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Core service shutting down.\n"); | 72 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Core service shutting down.\n"); |
73 | if (NULL != keygen) | 73 | if (NULL != keygen) |
74 | { | 74 | { |
75 | GNUNET_CRYPTO_rsa_key_create_stop (keygen); | 75 | GNUNET_CRYPTO_ecc_key_create_stop (keygen); |
76 | keygen = NULL; | 76 | keygen = NULL; |
77 | } | 77 | } |
78 | GSC_CLIENTS_done (); | 78 | GSC_CLIENTS_done (); |
@@ -99,14 +99,14 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
99 | */ | 99 | */ |
100 | static void | 100 | static void |
101 | key_generation_cb (void *cls, | 101 | key_generation_cb (void *cls, |
102 | struct GNUNET_CRYPTO_RsaPrivateKey *pk, | 102 | struct GNUNET_CRYPTO_EccPrivateKey *pk, |
103 | const char *emsg) | 103 | const char *emsg) |
104 | { | 104 | { |
105 | keygen = NULL; | 105 | keygen = NULL; |
106 | if (NULL == pk) | 106 | if (NULL == pk) |
107 | { | 107 | { |
108 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 108 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
109 | _("Failed to read hostkey: %s\n"), | 109 | _("Failed to read or generate private key: %s\n"), |
110 | emsg); | 110 | emsg); |
111 | GNUNET_SCHEDULER_shutdown (); | 111 | GNUNET_SCHEDULER_shutdown (); |
112 | return; | 112 | return; |
@@ -141,7 +141,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
141 | GSC_cfg = c; | 141 | GSC_cfg = c; |
142 | GSC_server = server; | 142 | GSC_server = server; |
143 | if (GNUNET_OK != | 143 | if (GNUNET_OK != |
144 | GNUNET_CONFIGURATION_get_value_filename (GSC_cfg, "GNUNETD", "HOSTKEY", | 144 | GNUNET_CONFIGURATION_get_value_filename (GSC_cfg, "PEER", "PRIVATE_KEY", |
145 | &keyfile)) | 145 | &keyfile)) |
146 | { | 146 | { |
147 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 147 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -155,7 +155,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
155 | NULL); | 155 | NULL); |
156 | GNUNET_SERVER_suspend (server); | 156 | GNUNET_SERVER_suspend (server); |
157 | GSC_TYPEMAP_init (); | 157 | GSC_TYPEMAP_init (); |
158 | keygen = GNUNET_CRYPTO_rsa_key_create_start (keyfile, &key_generation_cb, NULL); | 158 | keygen = GNUNET_CRYPTO_ecc_key_create_start (keyfile, &key_generation_cb, NULL); |
159 | GNUNET_free (keyfile); | 159 | GNUNET_free (keyfile); |
160 | if (NULL == keygen) | 160 | if (NULL == keygen) |
161 | { | 161 | { |
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index b2fc2a971..f7fbfcf68 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -30,8 +30,6 @@ | |||
30 | #include "gnunet-service-core_neighbours.h" | 30 | #include "gnunet-service-core_neighbours.h" |
31 | #include "gnunet-service-core_sessions.h" | 31 | #include "gnunet-service-core_sessions.h" |
32 | #include "gnunet_statistics_service.h" | 32 | #include "gnunet_statistics_service.h" |
33 | #include "gnunet_peerinfo_service.h" | ||
34 | #include "gnunet_hello_lib.h" | ||
35 | #include "gnunet_constants.h" | 33 | #include "gnunet_constants.h" |
36 | #include "gnunet_signatures.h" | 34 | #include "gnunet_signatures.h" |
37 | #include "gnunet_protocols.h" | 35 | #include "gnunet_protocols.h" |
@@ -39,14 +37,9 @@ | |||
39 | 37 | ||
40 | 38 | ||
41 | /** | 39 | /** |
42 | * Set to GNUNET_YES to perform some slightly expensive internal invariant checks. | ||
43 | */ | ||
44 | #define EXTRA_CHECKS GNUNET_YES | ||
45 | |||
46 | /** | ||
47 | * How long do we wait for SET_KEY confirmation initially? | 40 | * How long do we wait for SET_KEY confirmation initially? |
48 | */ | 41 | */ |
49 | #define INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (MAX_SET_KEY_DELAY, 1) | 42 | #define INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) |
50 | 43 | ||
51 | /** | 44 | /** |
52 | * What is the minimum frequency for a PING message? | 45 | * What is the minimum frequency for a PING message? |
@@ -56,8 +49,12 @@ | |||
56 | /** | 49 | /** |
57 | * How often do we rekey? | 50 | * How often do we rekey? |
58 | */ | 51 | */ |
59 | #define REKEY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 90) | 52 | #define REKEY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
60 | 53 | ||
54 | /** | ||
55 | * What time difference do we tolerate? | ||
56 | */ | ||
57 | #define REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) | ||
61 | 58 | ||
62 | /** | 59 | /** |
63 | * What is the maximum age of a message for us to consider processing | 60 | * What is the maximum age of a message for us to consider processing |
@@ -68,13 +65,61 @@ | |||
68 | */ | 65 | */ |
69 | #define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS | 66 | #define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS |
70 | 67 | ||
68 | |||
69 | |||
70 | GNUNET_NETWORK_STRUCT_BEGIN | ||
71 | |||
71 | /** | 72 | /** |
72 | * What is the maximum delay for a SET_KEY message? | 73 | * Message transmitted with the signed ephemeral key of a peer. The |
74 | * session key is then derived from the two ephemeral keys (ECDHE). | ||
73 | */ | 75 | */ |
74 | #define MAX_SET_KEY_DELAY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) | 76 | struct EphemeralKeyMessage |
77 | { | ||
78 | |||
79 | /** | ||
80 | * Message type is CORE_EPHEMERAL_KEY. | ||
81 | */ | ||
82 | struct GNUNET_MessageHeader header; | ||
83 | |||
84 | /** | ||
85 | * Status of the sender (should be in "enum PeerStateMachine"), nbo. | ||
86 | */ | ||
87 | int32_t sender_status GNUNET_PACKED; | ||
75 | 88 | ||
89 | /** | ||
90 | * An ECC signature of the 'origin' asserting the validity of | ||
91 | * the given ephemeral key. | ||
92 | */ | ||
93 | struct GNUNET_CRYPTO_EccSignature signature; | ||
94 | |||
95 | /** | ||
96 | * Information about what is being signed. | ||
97 | */ | ||
98 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
99 | |||
100 | /** | ||
101 | * At what time was this key created (beginning of validity). | ||
102 | */ | ||
103 | struct GNUNET_TIME_AbsoluteNBO creation_time; | ||
104 | |||
105 | /** | ||
106 | * When does the given ephemeral key expire (end of validity). | ||
107 | */ | ||
108 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | ||
109 | |||
110 | /** | ||
111 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format suitable | ||
112 | * for network transmission as created using 'gcry_sexp_sprint'. | ||
113 | */ | ||
114 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded ephemeral_key; | ||
115 | |||
116 | /** | ||
117 | * Public key of the signing peer (persistent version, not the ephemeral public key). | ||
118 | */ | ||
119 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded origin_public_key; | ||
120 | |||
121 | }; | ||
76 | 122 | ||
77 | GNUNET_NETWORK_STRUCT_BEGIN | ||
78 | 123 | ||
79 | /** | 124 | /** |
80 | * We're sending an (encrypted) PING to the other peer to check if he | 125 | * We're sending an (encrypted) PING to the other peer to check if he |
@@ -128,9 +173,9 @@ struct PongMessage | |||
128 | uint32_t challenge GNUNET_PACKED; | 173 | uint32_t challenge GNUNET_PACKED; |
129 | 174 | ||
130 | /** | 175 | /** |
131 | * Reserved, always 'GNUNET_BANDWIDTH_VALUE_MAX'. | 176 | * Reserved, always zero. |
132 | */ | 177 | */ |
133 | struct GNUNET_BANDWIDTH_Value32NBO reserved; | 178 | uint32_t reserved; |
134 | 179 | ||
135 | /** | 180 | /** |
136 | * Intended target of the PING, used primarily to check | 181 | * Intended target of the PING, used primarily to check |
@@ -141,51 +186,6 @@ struct PongMessage | |||
141 | 186 | ||
142 | 187 | ||
143 | /** | 188 | /** |
144 | * Message transmitted to set (or update) a session key. | ||
145 | */ | ||
146 | struct SetKeyMessage | ||
147 | { | ||
148 | |||
149 | /** | ||
150 | * Message type is either CORE_SET_KEY. | ||
151 | */ | ||
152 | struct GNUNET_MessageHeader header; | ||
153 | |||
154 | /** | ||
155 | * Status of the sender (should be in "enum PeerStateMachine"), nbo. | ||
156 | */ | ||
157 | int32_t sender_status GNUNET_PACKED; | ||
158 | |||
159 | /** | ||
160 | * Purpose of the signature, will be | ||
161 | * GNUNET_SIGNATURE_PURPOSE_SET_KEY. | ||
162 | */ | ||
163 | struct GNUNET_CRYPTO_RsaSignaturePurpose purpose; | ||
164 | |||
165 | /** | ||
166 | * At what time was this key created? | ||
167 | */ | ||
168 | struct GNUNET_TIME_AbsoluteNBO creation_time; | ||
169 | |||
170 | /** | ||
171 | * The encrypted session key. | ||
172 | */ | ||
173 | struct GNUNET_CRYPTO_RsaEncryptedData encrypted_key; | ||
174 | |||
175 | /** | ||
176 | * Who is the intended recipient? | ||
177 | */ | ||
178 | struct GNUNET_PeerIdentity target; | ||
179 | |||
180 | /** | ||
181 | * Signature of the stuff above (starting at purpose). | ||
182 | */ | ||
183 | struct GNUNET_CRYPTO_RsaSignature signature; | ||
184 | |||
185 | }; | ||
186 | |||
187 | |||
188 | /** | ||
189 | * Encapsulation for encrypted messages exchanged between | 189 | * Encapsulation for encrypted messages exchanged between |
190 | * peers. Followed by the actual encrypted data. | 190 | * peers. Followed by the actual encrypted data. |
191 | */ | 191 | */ |
@@ -216,9 +216,9 @@ struct EncryptedMessage | |||
216 | uint32_t sequence_number GNUNET_PACKED; | 216 | uint32_t sequence_number GNUNET_PACKED; |
217 | 217 | ||
218 | /** | 218 | /** |
219 | * Reserved, always 'GNUNET_BANDWIDTH_VALUE_MAX'. | 219 | * Reserved, always zero. |
220 | */ | 220 | */ |
221 | struct GNUNET_BANDWIDTH_Value32NBO reserved; | 221 | uint32_t reserved; |
222 | 222 | ||
223 | /** | 223 | /** |
224 | * Timestamp. Used to prevent reply of ancient messages | 224 | * Timestamp. Used to prevent reply of ancient messages |
@@ -263,23 +263,18 @@ enum KxStateMachine | |||
263 | KX_STATE_KEY_RECEIVED, | 263 | KX_STATE_KEY_RECEIVED, |
264 | 264 | ||
265 | /** | 265 | /** |
266 | * The other peer has confirmed our session key with a message | 266 | * The other peer has confirmed our session key + PING with a PONG |
267 | * encrypted with his session key (which we got). Key exchange | 267 | * message encrypted with his session key (which we got). Key |
268 | * is done. | 268 | * exchange is done. |
269 | */ | 269 | */ |
270 | KX_STATE_UP, | 270 | KX_STATE_UP, |
271 | 271 | ||
272 | /** | 272 | /** |
273 | * We're rekeying, so we have received the other peer's session | 273 | * We're rekeying, so we have sent the other peer our new ephemeral |
274 | * key, but he didn't get ours yet. | 274 | * key, but we did not get a matching PONG yet. |
275 | */ | ||
276 | KX_STATE_REKEY, | ||
277 | |||
278 | /** | ||
279 | * We're rekeying but have not yet received confirmation for our new | ||
280 | * key from the other peer. | ||
281 | */ | 275 | */ |
282 | KX_STATE_REKEY_SENT | 276 | KX_STATE_REKEY_SENT |
277 | |||
283 | }; | 278 | }; |
284 | 279 | ||
285 | 280 | ||
@@ -288,62 +283,26 @@ enum KxStateMachine | |||
288 | */ | 283 | */ |
289 | struct GSC_KeyExchangeInfo | 284 | struct GSC_KeyExchangeInfo |
290 | { | 285 | { |
291 | /** | ||
292 | * Identity of the peer. | ||
293 | */ | ||
294 | struct GNUNET_PeerIdentity peer; | ||
295 | 286 | ||
296 | /** | 287 | /** |
297 | * SetKeyMessage to transmit (initialized the first | 288 | * DLL. |
298 | * time our status goes past 'KX_STATE_KEY_SENT'). | ||
299 | */ | 289 | */ |
300 | struct SetKeyMessage skm; | 290 | struct GSC_KeyExchangeInfo *next; |
301 | 291 | ||
302 | /** | 292 | /** |
303 | * PING message we transmit to the other peer. | 293 | * DLL. |
304 | */ | 294 | */ |
305 | struct PingMessage ping; | 295 | struct GSC_KeyExchangeInfo *prev; |
306 | |||
307 | /** | ||
308 | * SetKeyMessage we received and did not process yet. | ||
309 | */ | ||
310 | struct SetKeyMessage *skm_received; | ||
311 | 296 | ||
312 | /** | 297 | /** |
313 | * PING message we received from the other peer and | 298 | * Identity of the peer. |
314 | * did not process yet (or NULL). | ||
315 | */ | ||
316 | struct PingMessage *ping_received; | ||
317 | |||
318 | /** | ||
319 | * PONG message we received from the other peer and | ||
320 | * did not process yet (or NULL). | ||
321 | */ | ||
322 | struct PongMessage *pong_received; | ||
323 | |||
324 | /** | ||
325 | * Encrypted message we received from the other peer and | ||
326 | * did not process yet (or NULL). | ||
327 | */ | ||
328 | struct EncryptedMessage *emsg_received; | ||
329 | |||
330 | /** | ||
331 | * Non-NULL if we are currently looking up HELLOs for this peer. | ||
332 | * for this peer. | ||
333 | */ | ||
334 | struct GNUNET_PEERINFO_IteratorContext *pitr; | ||
335 | |||
336 | /** | ||
337 | * Public key of the neighbour, NULL if we don't have it yet. | ||
338 | */ | 299 | */ |
339 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key; | 300 | struct GNUNET_PeerIdentity peer; |
340 | 301 | ||
341 | /** | 302 | /** |
342 | * We received a PONG message before we got the "public_key" | 303 | * PING message we transmit to the other peer. |
343 | * (or the SET_KEY). We keep it here until we have a key | ||
344 | * to decrypt it. NULL if no PONG is pending. | ||
345 | */ | 304 | */ |
346 | struct PongMessage *pending_pong; | 305 | struct PingMessage ping; |
347 | 306 | ||
348 | /** | 307 | /** |
349 | * Key we use to encrypt our messages for the other peer | 308 | * Key we use to encrypt our messages for the other peer |
@@ -358,14 +317,9 @@ struct GSC_KeyExchangeInfo | |||
358 | struct GNUNET_CRYPTO_AesSessionKey decrypt_key; | 317 | struct GNUNET_CRYPTO_AesSessionKey decrypt_key; |
359 | 318 | ||
360 | /** | 319 | /** |
361 | * At what time did we generate our encryption key? | ||
362 | */ | ||
363 | struct GNUNET_TIME_Absolute encrypt_key_created; | ||
364 | |||
365 | /** | ||
366 | * At what time did the other peer generate the decryption key? | 320 | * At what time did the other peer generate the decryption key? |
367 | */ | 321 | */ |
368 | struct GNUNET_TIME_Absolute decrypt_key_created; | 322 | struct GNUNET_TIME_Absolute foreign_key_expires; |
369 | 323 | ||
370 | /** | 324 | /** |
371 | * When should the session time out (if there are no PONGs)? | 325 | * When should the session time out (if there are no PONGs)? |
@@ -418,57 +372,46 @@ struct GSC_KeyExchangeInfo | |||
418 | 372 | ||
419 | 373 | ||
420 | /** | 374 | /** |
421 | * Handle to peerinfo service. | 375 | * Our private key. |
422 | */ | 376 | */ |
423 | static struct GNUNET_PEERINFO_Handle *peerinfo; | 377 | static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key; |
424 | 378 | ||
425 | /** | 379 | /** |
426 | * Our private key. | 380 | * Our ephemeral private key. |
381 | */ | ||
382 | static struct GNUNET_CRYPTO_EccPrivateKey *my_ephemeral_key; | ||
383 | |||
384 | /** | ||
385 | * Current message we send for a key exchange. | ||
427 | */ | 386 | */ |
428 | static struct GNUNET_CRYPTO_RsaPrivateKey *my_private_key; | 387 | static struct EphemeralKeyMessage current_ekm; |
429 | 388 | ||
430 | /** | 389 | /** |
431 | * Our public key. | 390 | * Our public key. |
432 | */ | 391 | */ |
433 | static struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded my_public_key; | 392 | static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key; |
434 | 393 | ||
435 | /** | 394 | /** |
436 | * Our message stream tokenizer (for encrypted payload). | 395 | * Our message stream tokenizer (for encrypted payload). |
437 | */ | 396 | */ |
438 | static struct GNUNET_SERVER_MessageStreamTokenizer *mst; | 397 | static struct GNUNET_SERVER_MessageStreamTokenizer *mst; |
439 | 398 | ||
440 | |||
441 | #if EXTRA_CHECKS | ||
442 | /** | 399 | /** |
443 | * Check internal invariants of the given KX record. | 400 | * DLL head. |
444 | * | 401 | */ |
445 | * @param kx record to check | 402 | static struct GSC_KeyExchangeInfo *kx_head; |
446 | * @param file filename for error reporting | ||
447 | * @param line line number for error reporting | ||
448 | */ | ||
449 | static void | ||
450 | check_kx_record (struct GSC_KeyExchangeInfo *kx, | ||
451 | const char *file, | ||
452 | int line) | ||
453 | { | ||
454 | struct GNUNET_HashCode hc; | ||
455 | |||
456 | if (NULL == kx->public_key) | ||
457 | return; | ||
458 | GNUNET_CRYPTO_hash (kx->public_key, sizeof (*kx->public_key), &hc); | ||
459 | GNUNET_assert_at (0 == memcmp (&hc, &kx->peer, sizeof (struct GNUNET_HashCode)), file, line); | ||
460 | } | ||
461 | |||
462 | 403 | ||
463 | /** | 404 | /** |
464 | * Check internal invariants of the given KX record. | 405 | * DLL tail. |
465 | * | ||
466 | * @param kx record to check | ||
467 | */ | 406 | */ |
468 | #define CHECK_KX(kx) check_kx_record(kx, __FILE__, __LINE__) | 407 | static struct GSC_KeyExchangeInfo *kx_tail; |
469 | #else | 408 | |
470 | #define CHECK_KX(kx) | 409 | /** |
471 | #endif | 410 | * Task scheduled for periodic re-generation (and thus rekeying) of our |
411 | * ephemeral key. | ||
412 | */ | ||
413 | static GNUNET_SCHEDULER_TaskIdentifier rekey_task; | ||
414 | |||
472 | 415 | ||
473 | /** | 416 | /** |
474 | * Derive an authentication key from "set key" information | 417 | * Derive an authentication key from "set key" information |
@@ -476,19 +419,15 @@ check_kx_record (struct GSC_KeyExchangeInfo *kx, | |||
476 | * @param akey authentication key to derive | 419 | * @param akey authentication key to derive |
477 | * @param skey session key to use | 420 | * @param skey session key to use |
478 | * @param seed seed to use | 421 | * @param seed seed to use |
479 | * @param creation_time creation time to use | ||
480 | */ | 422 | */ |
481 | static void | 423 | static void |
482 | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, | 424 | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, |
483 | const struct GNUNET_CRYPTO_AesSessionKey *skey, uint32_t seed, | 425 | const struct GNUNET_CRYPTO_AesSessionKey *skey, uint32_t seed) |
484 | struct GNUNET_TIME_Absolute creation_time) | ||
485 | { | 426 | { |
486 | static const char ctx[] = "authentication key"; | 427 | static const char ctx[] = "authentication key"; |
487 | struct GNUNET_TIME_AbsoluteNBO ctbe; | ||
488 | 428 | ||
489 | ctbe = GNUNET_TIME_absolute_hton (creation_time); | ||
490 | GNUNET_CRYPTO_hmac_derive_key (akey, skey, &seed, sizeof (seed), &skey->key, | 429 | GNUNET_CRYPTO_hmac_derive_key (akey, skey, &seed, sizeof (seed), &skey->key, |
491 | sizeof (skey->key), &ctbe, sizeof (ctbe), ctx, | 430 | sizeof (skey->key), ctx, |
492 | sizeof (ctx), NULL); | 431 | sizeof (ctx), NULL); |
493 | } | 432 | } |
494 | 433 | ||
@@ -539,6 +478,31 @@ derive_pong_iv (struct GNUNET_CRYPTO_AesInitializationVector *iv, | |||
539 | 478 | ||
540 | 479 | ||
541 | /** | 480 | /** |
481 | * Derive an AES key from key material | ||
482 | * | ||
483 | * @param sender peer identity of the sender | ||
484 | * @param receiver peer identity of the sender | ||
485 | * @param key_material high entropy key material to use | ||
486 | * @param skey set to derived session key | ||
487 | */ | ||
488 | static void | ||
489 | derive_aes_key (const struct GNUNET_PeerIdentity *sender, | ||
490 | const struct GNUNET_PeerIdentity *receiver, | ||
491 | const struct GNUNET_HashCode *key_material, | ||
492 | struct GNUNET_CRYPTO_AesSessionKey *skey) | ||
493 | { | ||
494 | static const char ctx[] = "aes key generation vector"; | ||
495 | |||
496 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_AesSessionKey), | ||
497 | ctx, sizeof (ctx), | ||
498 | skey, sizeof (struct GNUNET_CRYPTO_AesSessionKey), | ||
499 | sender, sizeof (struct GNUNET_PeerIdentity), | ||
500 | receiver, sizeof (struct GNUNET_PeerIdentity), | ||
501 | NULL); | ||
502 | } | ||
503 | |||
504 | |||
505 | /** | ||
542 | * Encrypt size bytes from in and write the result to out. Use the | 506 | * Encrypt size bytes from in and write the result to out. Use the |
543 | * key for outbound traffic of the given neighbour. | 507 | * key for outbound traffic of the given neighbour. |
544 | * | 508 | * |
@@ -601,8 +565,7 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx, | |||
601 | return GNUNET_NO; | 565 | return GNUNET_NO; |
602 | } | 566 | } |
603 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && (kx->status != KX_STATE_UP) && | 567 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && (kx->status != KX_STATE_UP) && |
604 | (kx->status != KX_STATE_REKEY_SENT) && | 568 | (kx->status != KX_STATE_REKEY_SENT) ) |
605 | (kx->status != KX_STATE_REKEY) ) | ||
606 | { | 569 | { |
607 | GNUNET_break_op (0); | 570 | GNUNET_break_op (0); |
608 | return GNUNET_SYSERR; | 571 | return GNUNET_SYSERR; |
@@ -651,88 +614,34 @@ set_key_retry_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
651 | struct GSC_KeyExchangeInfo *kx = cls; | 614 | struct GSC_KeyExchangeInfo *kx = cls; |
652 | 615 | ||
653 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; | 616 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; |
654 | kx->set_key_retry_frequency = | 617 | kx->set_key_retry_frequency = GNUNET_TIME_STD_BACKOFF (kx->set_key_retry_frequency); |
655 | GNUNET_TIME_relative_multiply (kx->set_key_retry_frequency, 2); | ||
656 | send_key (kx); | 618 | send_key (kx); |
657 | } | 619 | } |
658 | 620 | ||
659 | 621 | ||
660 | /** | 622 | /** |
661 | * PEERINFO is giving us a HELLO for a peer. Add the public key to | 623 | * Create a fresh PING message for transmission to the other peer. |
662 | * the neighbour's struct and continue with the key exchange. Or, if | ||
663 | * we did not get a HELLO, just do nothing. | ||
664 | * | 624 | * |
665 | * @param cls the 'struct GSC_KeyExchangeInfo' to retry sending the key for | 625 | * @param kx key exchange context to create PING for |
666 | * @param peer the peer for which this is the HELLO | ||
667 | * @param hello HELLO message of that peer | ||
668 | * @param err_msg NULL if successful, otherwise contains error message | ||
669 | */ | 626 | */ |
670 | static void | 627 | static void |
671 | process_hello (void *cls, const struct GNUNET_PeerIdentity *peer, | 628 | setup_fresh_ping (struct GSC_KeyExchangeInfo *kx) |
672 | const struct GNUNET_HELLO_Message *hello, const char *err_msg) | ||
673 | { | 629 | { |
674 | struct GSC_KeyExchangeInfo *kx = cls; | 630 | struct PingMessage pp; |
675 | struct SetKeyMessage *skm; | 631 | struct PingMessage *pm; |
632 | struct GNUNET_CRYPTO_AesInitializationVector iv; | ||
676 | 633 | ||
677 | CHECK_KX (kx); | 634 | pm = &kx->ping; |
678 | if (NULL != err_msg) | 635 | pm->header.size = htons (sizeof (struct PingMessage)); |
679 | { | 636 | pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING); |
680 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 637 | pm->iv_seed = |
681 | _("Error in communication with PEERINFO service\n")); | 638 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); |
682 | kx->pitr = NULL; | 639 | derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, &kx->peer); |
683 | if (GNUNET_SCHEDULER_NO_TASK != kx->retry_set_key_task) | 640 | pp.challenge = kx->ping_challenge; |
684 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | 641 | pp.target = kx->peer; |
685 | kx->retry_set_key_task = | 642 | do_encrypt (kx, &iv, &pp.target, &pm->target, |
686 | GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency, | 643 | sizeof (struct PingMessage) - ((void *) &pm->target - |
687 | &set_key_retry_task, kx); | 644 | (void *) pm)); |
688 | return; | ||
689 | } | ||
690 | if (NULL == peer) | ||
691 | { | ||
692 | kx->pitr = NULL; | ||
693 | if (NULL != kx->public_key) | ||
694 | return; /* done here */ | ||
695 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
696 | "Failed to obtain public key for peer `%4s', delaying processing of SET_KEY\n", | ||
697 | GNUNET_i2s (&kx->peer)); | ||
698 | GNUNET_STATISTICS_update (GSC_stats, | ||
699 | gettext_noop | ||
700 | ("# Delayed connecting due to lack of public key"), | ||
701 | 1, GNUNET_NO); | ||
702 | if (GNUNET_SCHEDULER_NO_TASK != kx->retry_set_key_task) | ||
703 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | ||
704 | kx->retry_set_key_task = | ||
705 | GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency, | ||
706 | &set_key_retry_task, kx); | ||
707 | return; | ||
708 | } | ||
709 | GNUNET_break (0 == memcmp (peer, &kx->peer, sizeof (struct GNUNET_PeerIdentity))); | ||
710 | if (NULL != kx->public_key) | ||
711 | { | ||
712 | /* already have public key, why are we here? */ | ||
713 | GNUNET_break (0); | ||
714 | return; | ||
715 | } | ||
716 | GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == kx->retry_set_key_task); | ||
717 | kx->public_key = | ||
718 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)); | ||
719 | if (GNUNET_OK != GNUNET_HELLO_get_key (hello, kx->public_key)) | ||
720 | { | ||
721 | GNUNET_break (0); | ||
722 | GNUNET_free (kx->public_key); | ||
723 | kx->public_key = NULL; | ||
724 | CHECK_KX (kx); | ||
725 | return; | ||
726 | } | ||
727 | CHECK_KX (kx); | ||
728 | send_key (kx); | ||
729 | if (NULL != kx->skm_received) | ||
730 | { | ||
731 | skm = kx->skm_received; | ||
732 | kx->skm_received = NULL; | ||
733 | GSC_KX_handle_set_key (kx, &skm->header); | ||
734 | GNUNET_free (skm); | ||
735 | } | ||
736 | } | 645 | } |
737 | 646 | ||
738 | 647 | ||
@@ -747,7 +656,8 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid) | |||
747 | { | 656 | { |
748 | struct GSC_KeyExchangeInfo *kx; | 657 | struct GSC_KeyExchangeInfo *kx; |
749 | 658 | ||
750 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Initiating key exchange with `%s'\n", | 659 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
660 | "Initiating key exchange with `%s'\n", | ||
751 | GNUNET_i2s (pid)); | 661 | GNUNET_i2s (pid)); |
752 | GNUNET_STATISTICS_update (GSC_stats, | 662 | GNUNET_STATISTICS_update (GSC_stats, |
753 | gettext_noop ("# key exchanges initiated"), 1, | 663 | gettext_noop ("# key exchanges initiated"), 1, |
@@ -755,11 +665,11 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid) | |||
755 | kx = GNUNET_malloc (sizeof (struct GSC_KeyExchangeInfo)); | 665 | kx = GNUNET_malloc (sizeof (struct GSC_KeyExchangeInfo)); |
756 | kx->peer = *pid; | 666 | kx->peer = *pid; |
757 | kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; | 667 | kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; |
758 | kx->pitr = | 668 | GNUNET_CONTAINER_DLL_insert (kx_head, |
759 | GNUNET_PEERINFO_iterate (peerinfo, pid, | 669 | kx_tail, |
760 | GNUNET_TIME_UNIT_FOREVER_REL /* timeout? */ , | 670 | kx); |
761 | &process_hello, kx); | 671 | kx->status = KX_STATE_KEY_SENT; |
762 | CHECK_KX (kx); | 672 | send_key (kx); |
763 | return kx; | 673 | return kx; |
764 | } | 674 | } |
765 | 675 | ||
@@ -774,11 +684,6 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx) | |||
774 | { | 684 | { |
775 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# key exchanges stopped"), | 685 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# key exchanges stopped"), |
776 | 1, GNUNET_NO); | 686 | 1, GNUNET_NO); |
777 | if (NULL != kx->pitr) | ||
778 | { | ||
779 | GNUNET_PEERINFO_iterate_cancel (kx->pitr); | ||
780 | kx->pitr = NULL; | ||
781 | } | ||
782 | if (kx->retry_set_key_task != GNUNET_SCHEDULER_NO_TASK) | 687 | if (kx->retry_set_key_task != GNUNET_SCHEDULER_NO_TASK) |
783 | { | 688 | { |
784 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | 689 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
@@ -789,16 +694,26 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx) | |||
789 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); | 694 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); |
790 | kx->keep_alive_task = GNUNET_SCHEDULER_NO_TASK; | 695 | kx->keep_alive_task = GNUNET_SCHEDULER_NO_TASK; |
791 | } | 696 | } |
792 | GNUNET_free_non_null (kx->skm_received); | 697 | GNUNET_CONTAINER_DLL_remove (kx_head, |
793 | GNUNET_free_non_null (kx->ping_received); | 698 | kx_tail, |
794 | GNUNET_free_non_null (kx->pong_received); | 699 | kx); |
795 | GNUNET_free_non_null (kx->emsg_received); | ||
796 | GNUNET_free_non_null (kx->public_key); | ||
797 | GNUNET_free (kx); | 700 | GNUNET_free (kx); |
798 | } | 701 | } |
799 | 702 | ||
800 | 703 | ||
801 | /** | 704 | /** |
705 | * Send our PING to the other peer. | ||
706 | * | ||
707 | * @param kx key exchange context | ||
708 | */ | ||
709 | static void | ||
710 | send_ping (struct GSC_KeyExchangeInfo *kx) | ||
711 | { | ||
712 | GSC_NEIGHBOURS_transmit (&kx->peer, &kx->ping.header, | ||
713 | MIN_PING_FREQUENCY); | ||
714 | } | ||
715 | |||
716 | /** | ||
802 | * We received a SET_KEY message. Validate and update | 717 | * We received a SET_KEY message. Validate and update |
803 | * our key material and status. | 718 | * our key material and status. |
804 | * | 719 | * |
@@ -806,146 +721,142 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx) | |||
806 | * @param msg the set key message we received | 721 | * @param msg the set key message we received |
807 | */ | 722 | */ |
808 | void | 723 | void |
809 | GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | 724 | GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, |
810 | const struct GNUNET_MessageHeader *msg) | 725 | const struct GNUNET_MessageHeader *msg) |
811 | { | 726 | { |
812 | const struct SetKeyMessage *m; | 727 | const struct EphemeralKeyMessage *m; |
813 | struct GNUNET_TIME_Absolute t; | 728 | struct GNUNET_TIME_Absolute start_t; |
814 | struct GNUNET_CRYPTO_AesSessionKey k; | 729 | struct GNUNET_TIME_Absolute end_t; |
815 | struct PingMessage *ping; | 730 | struct GNUNET_TIME_Absolute now; |
816 | struct PongMessage *pong; | 731 | struct GNUNET_PeerIdentity signer_id; |
817 | enum KxStateMachine sender_status; | 732 | enum KxStateMachine sender_status; |
818 | uint16_t size; | 733 | uint16_t size; |
734 | struct GNUNET_HashCode key_material; | ||
819 | 735 | ||
820 | CHECK_KX (kx); | ||
821 | size = ntohs (msg->size); | 736 | size = ntohs (msg->size); |
822 | if (size != sizeof (struct SetKeyMessage)) | 737 | if (sizeof (struct EphemeralKeyMessage) != size) |
823 | { | 738 | { |
824 | GNUNET_break_op (0); | 739 | GNUNET_break_op (0); |
825 | return; | 740 | return; |
826 | } | 741 | } |
827 | m = (const struct SetKeyMessage *) msg; | 742 | m = (const struct EphemeralKeyMessage *) msg; |
828 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# session keys received"), | 743 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# ephemeral keys received"), |
829 | 1, GNUNET_NO); | 744 | 1, GNUNET_NO); |
830 | 745 | ||
831 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 746 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
832 | "Core service receives `%s' request from `%4s'.\n", "SET_KEY", | 747 | "Core service receives `%s' request from `%4s'.\n", "EPHEMERAL_KEY", |
833 | GNUNET_i2s (&kx->peer)); | 748 | GNUNET_i2s (&kx->peer)); |
834 | if (NULL == kx->public_key) | 749 | GNUNET_CRYPTO_hash (&m->origin_public_key, |
835 | { | 750 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), |
836 | GNUNET_free_non_null (kx->skm_received); | 751 | &signer_id.hashPubKey); |
837 | kx->skm_received = (struct SetKeyMessage *) GNUNET_copy_message (msg); | ||
838 | return; | ||
839 | } | ||
840 | if (0 != | 752 | if (0 != |
841 | memcmp (&m->target, &GSC_my_identity, | 753 | memcmp (&signer_id, &kx->peer, |
842 | sizeof (struct GNUNET_PeerIdentity))) | 754 | sizeof (struct GNUNET_PeerIdentity))) |
843 | { | 755 | { |
844 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 756 | GNUNET_break_op (0); |
845 | _("`%s' is for `%s', not for me. Ignoring.\n"), "SET_KEY", | ||
846 | GNUNET_i2s (&m->target)); | ||
847 | return; | 757 | return; |
848 | } | 758 | } |
849 | if ((ntohl (m->purpose.size) != | 759 | if ((ntohl (m->purpose.size) != |
850 | sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | 760 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
761 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
851 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | 762 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + |
852 | sizeof (struct GNUNET_CRYPTO_RsaEncryptedData) + | 763 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) + |
853 | sizeof (struct GNUNET_PeerIdentity)) || | 764 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) || |
854 | (GNUNET_OK != | 765 | (GNUNET_OK != |
855 | GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_SET_KEY, &m->purpose, | 766 | GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, |
856 | &m->signature, kx->public_key))) | 767 | &m->purpose, |
768 | &m->signature, &m->origin_public_key))) | ||
857 | { | 769 | { |
858 | /* invalid signature */ | 770 | /* invalid signature */ |
859 | CHECK_KX (kx); | ||
860 | GNUNET_break_op (0); | 771 | GNUNET_break_op (0); |
861 | return; | 772 | return; |
862 | } | 773 | } |
863 | t = GNUNET_TIME_absolute_ntoh (m->creation_time); | 774 | start_t = GNUNET_TIME_absolute_ntoh (m->creation_time); |
864 | if (((kx->status == KX_STATE_KEY_RECEIVED) || (kx->status == KX_STATE_UP)) && | 775 | end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time); |
865 | (t.abs_value < kx->decrypt_key_created.abs_value)) | 776 | now = GNUNET_TIME_absolute_get (); |
777 | if ( (end_t.abs_value < GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value) || | ||
778 | (start_t.abs_value > GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value) ) | ||
866 | { | 779 | { |
867 | /* this could rarely happen due to massive re-ordering of | 780 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
868 | * messages on the network level, but is most likely either | 781 | _("Ephemeral key message rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"), |
869 | * a bug or some adversary messing with us. Report. */ | 782 | now.abs_value, |
870 | GNUNET_break_op (0); | 783 | start_t.abs_value, |
784 | end_t.abs_value); | ||
871 | return; | 785 | return; |
872 | } | 786 | } |
873 | if ((GNUNET_CRYPTO_rsa_decrypt | 787 | if (GNUNET_OK != |
874 | (my_private_key, &m->encrypted_key, &k, | 788 | GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key, |
875 | sizeof (struct GNUNET_CRYPTO_AesSessionKey)) != | 789 | &m->ephemeral_key, |
876 | sizeof (struct GNUNET_CRYPTO_AesSessionKey)) || | 790 | &key_material)) |
877 | (GNUNET_OK != GNUNET_CRYPTO_aes_check_session_key (&k))) | ||
878 | { | 791 | { |
879 | /* failed to decrypt !? */ | 792 | GNUNET_break (0); |
880 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
881 | "Invalid key %x decrypted by %s from message %u (origin: %s)\n", | ||
882 | (unsigned int) GNUNET_CRYPTO_crc32_n (&k, sizeof (struct GNUNET_CRYPTO_AesSessionKey)), | ||
883 | GNUNET_i2s (&GSC_my_identity), | ||
884 | (unsigned int) GNUNET_CRYPTO_crc32_n (&m->encrypted_key, sizeof (struct GNUNET_CRYPTO_RsaEncryptedData)), | ||
885 | GNUNET_h2s (&kx->peer.hashPubKey)); | ||
886 | GNUNET_break_op (0); | ||
887 | return; | 793 | return; |
888 | } | 794 | } |
889 | GNUNET_STATISTICS_update (GSC_stats, | 795 | GNUNET_STATISTICS_update (GSC_stats, |
890 | gettext_noop ("# SET_KEY messages decrypted"), 1, | 796 | gettext_noop ("# EPHEMERAL_KEY messages decrypted"), 1, |
891 | GNUNET_NO); | 797 | GNUNET_NO); |
892 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received SET_KEY from `%s'\n", | 798 | derive_aes_key (&GSC_my_identity, |
893 | GNUNET_i2s (&kx->peer)); | 799 | &kx->peer, |
894 | kx->decrypt_key = k; | 800 | &key_material, |
895 | if (kx->decrypt_key_created.abs_value != t.abs_value) | 801 | &kx->encrypt_key); |
802 | derive_aes_key (&kx->peer, | ||
803 | &GSC_my_identity, | ||
804 | &key_material, | ||
805 | &kx->decrypt_key); | ||
806 | /* fresh key, reset sequence numbers */ | ||
807 | kx->last_sequence_number_received = 0; | ||
808 | kx->last_packets_bitmap = 0; | ||
809 | kx->foreign_key_expires = end_t; | ||
810 | setup_fresh_ping (kx); | ||
811 | |||
812 | /* check if we still need to send the sender our key */ | ||
813 | sender_status = (enum KxStateMachine) ntohl (m->sender_status); | ||
814 | switch (sender_status) | ||
896 | { | 815 | { |
897 | /* fresh key, reset sequence numbers */ | 816 | case KX_STATE_DOWN: |
898 | kx->last_sequence_number_received = 0; | 817 | /* makes no sense, should be at least KX_STATE_KEY_SENT */ |
899 | kx->last_packets_bitmap = 0; | 818 | GNUNET_break_op (0); |
900 | kx->decrypt_key_created = t; | 819 | break; |
820 | case KX_STATE_KEY_SENT: | ||
821 | send_key (kx); | ||
822 | break; | ||
823 | case KX_STATE_KEY_RECEIVED: | ||
824 | case KX_STATE_UP: | ||
825 | case KX_STATE_REKEY_SENT: | ||
826 | /* other peer already got our key */ | ||
827 | break; | ||
828 | default: | ||
829 | GNUNET_break (0); | ||
830 | break; | ||
901 | } | 831 | } |
902 | sender_status = (enum KxStateMachine) ntohl (m->sender_status); | 832 | /* check if we need to confirm everything is fine via PING + PONG */ |
903 | switch (kx->status) | 833 | switch (kx->status) |
904 | { | 834 | { |
905 | case KX_STATE_DOWN: | 835 | case KX_STATE_DOWN: |
906 | kx->status = KX_STATE_KEY_RECEIVED; | 836 | kx->status = KX_STATE_KEY_RECEIVED; |
907 | /* we're not up, so we are already doing 'send_key' */ | 837 | send_ping (kx); |
908 | break; | 838 | break; |
909 | case KX_STATE_KEY_SENT: | 839 | case KX_STATE_KEY_SENT: |
910 | kx->status = KX_STATE_KEY_RECEIVED; | 840 | kx->status = KX_STATE_KEY_RECEIVED; |
911 | /* we're not up, so we are already doing 'send_key' */ | 841 | send_ping (kx); |
912 | break; | 842 | break; |
913 | case KX_STATE_KEY_RECEIVED: | 843 | case KX_STATE_KEY_RECEIVED: |
914 | /* we're not up, so we are already doing 'send_key' */ | 844 | send_ping (kx); |
915 | break; | 845 | break; |
916 | case KX_STATE_UP: | 846 | case KX_STATE_UP: |
917 | if ((sender_status == KX_STATE_DOWN) || | 847 | kx->status = KX_STATE_KEY_RECEIVED; |
918 | (sender_status == KX_STATE_KEY_SENT)) | 848 | /* we got a new key, need to reconfirm! */ |
919 | send_key (kx); /* we are up, but other peer is not! */ | 849 | send_ping (kx); |
920 | break; | ||
921 | case KX_STATE_REKEY: | ||
922 | if ((sender_status == KX_STATE_DOWN) || | ||
923 | (sender_status == KX_STATE_KEY_SENT)) | ||
924 | send_key (kx); /* we are up, but other peer is not! */ | ||
925 | break; | 850 | break; |
926 | case KX_STATE_REKEY_SENT: | 851 | case KX_STATE_REKEY_SENT: |
927 | if ((sender_status == KX_STATE_DOWN) || | 852 | kx->status = KX_STATE_KEY_RECEIVED; |
928 | (sender_status == KX_STATE_KEY_SENT)) | 853 | /* we got a new key, need to reconfirm! */ |
929 | send_key (kx); /* we are up, but other peer is not! */ | 854 | send_ping (kx); |
930 | break; | 855 | break; |
931 | default: | 856 | default: |
932 | GNUNET_break (0); | 857 | GNUNET_break (0); |
933 | break; | 858 | break; |
934 | } | 859 | } |
935 | if (NULL != kx->ping_received) | ||
936 | { | ||
937 | ping = kx->ping_received; | ||
938 | kx->ping_received = NULL; | ||
939 | GSC_KX_handle_ping (kx, &ping->header); | ||
940 | GNUNET_free (ping); | ||
941 | } | ||
942 | if (NULL != kx->pong_received) | ||
943 | { | ||
944 | pong = kx->pong_received; | ||
945 | kx->pong_received = NULL; | ||
946 | GSC_KX_handle_pong (kx, &pong->header); | ||
947 | GNUNET_free (pong); | ||
948 | } | ||
949 | } | 860 | } |
950 | 861 | ||
951 | 862 | ||
@@ -976,12 +887,14 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
976 | GNUNET_STATISTICS_update (GSC_stats, | 887 | GNUNET_STATISTICS_update (GSC_stats, |
977 | gettext_noop ("# PING messages received"), 1, | 888 | gettext_noop ("# PING messages received"), 1, |
978 | GNUNET_NO); | 889 | GNUNET_NO); |
979 | if ((kx->status != KX_STATE_KEY_RECEIVED) && (kx->status != KX_STATE_UP) && | 890 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && |
980 | (kx->status != KX_STATE_REKEY_SENT)) | 891 | (kx->status != KX_STATE_UP) && |
892 | (kx->status != KX_STATE_REKEY_SENT)) | ||
981 | { | 893 | { |
982 | /* defer */ | 894 | /* ignore */ |
983 | GNUNET_free_non_null (kx->ping_received); | 895 | GNUNET_STATISTICS_update (GSC_stats, |
984 | kx->ping_received = (struct PingMessage *) GNUNET_copy_message (msg); | 896 | gettext_noop ("# PING messages dropped (out of order)"), 1, |
897 | GNUNET_NO); | ||
985 | return; | 898 | return; |
986 | } | 899 | } |
987 | m = (const struct PingMessage *) msg; | 900 | m = (const struct PingMessage *) msg; |
@@ -1012,10 +925,8 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
1012 | GNUNET_break_op (0); | 925 | GNUNET_break_op (0); |
1013 | return; | 926 | return; |
1014 | } | 927 | } |
1015 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received PING from `%s'\n", | ||
1016 | GNUNET_i2s (&kx->peer)); | ||
1017 | /* construct PONG */ | 928 | /* construct PONG */ |
1018 | tx.reserved = GNUNET_BANDWIDTH_VALUE_MAX; | 929 | tx.reserved = 0; |
1019 | tx.challenge = t.challenge; | 930 | tx.challenge = t.challenge; |
1020 | tx.target = t.target; | 931 | tx.target = t.target; |
1021 | tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); | 932 | tp.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PONG); |
@@ -1034,76 +945,6 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
1034 | 945 | ||
1035 | 946 | ||
1036 | /** | 947 | /** |
1037 | * Create a fresh SET KEY message for transmission to the other peer. | ||
1038 | * Also creates a new key. | ||
1039 | * | ||
1040 | * @param kx key exchange context to create SET KEY message for | ||
1041 | */ | ||
1042 | static void | ||
1043 | setup_fresh_setkey (struct GSC_KeyExchangeInfo *kx) | ||
1044 | { | ||
1045 | struct SetKeyMessage *skm; | ||
1046 | |||
1047 | GNUNET_CRYPTO_aes_create_session_key (&kx->encrypt_key); | ||
1048 | kx->encrypt_key_created = GNUNET_TIME_absolute_get (); | ||
1049 | skm = &kx->skm; | ||
1050 | skm->header.size = htons (sizeof (struct SetKeyMessage)); | ||
1051 | skm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_SET_KEY); | ||
1052 | skm->purpose.size = | ||
1053 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | ||
1054 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
1055 | sizeof (struct GNUNET_CRYPTO_RsaEncryptedData) + | ||
1056 | sizeof (struct GNUNET_PeerIdentity)); | ||
1057 | skm->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SET_KEY); | ||
1058 | skm->creation_time = GNUNET_TIME_absolute_hton (kx->encrypt_key_created); | ||
1059 | skm->target = kx->peer; | ||
1060 | CHECK_KX (kx); | ||
1061 | GNUNET_assert (GNUNET_OK == | ||
1062 | GNUNET_CRYPTO_rsa_encrypt (&kx->encrypt_key, | ||
1063 | sizeof (struct | ||
1064 | GNUNET_CRYPTO_AesSessionKey), | ||
1065 | kx->public_key, | ||
1066 | &skm->encrypted_key)); | ||
1067 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1068 | "Encrypting key %x for %s resulting in message %u (origin: %s)\n", | ||
1069 | (unsigned int) GNUNET_CRYPTO_crc32_n (&kx->encrypt_key, sizeof (struct GNUNET_CRYPTO_AesSessionKey)), | ||
1070 | GNUNET_i2s (&kx->peer), | ||
1071 | (unsigned int) GNUNET_CRYPTO_crc32_n (&skm->encrypted_key, sizeof (struct GNUNET_CRYPTO_RsaEncryptedData)), | ||
1072 | GNUNET_h2s (&GSC_my_identity.hashPubKey)); | ||
1073 | |||
1074 | GNUNET_assert (GNUNET_OK == | ||
1075 | GNUNET_CRYPTO_rsa_sign (my_private_key, &skm->purpose, | ||
1076 | &skm->signature)); | ||
1077 | } | ||
1078 | |||
1079 | |||
1080 | /** | ||
1081 | * Create a fresh PING message for transmission to the other peer. | ||
1082 | * | ||
1083 | * @param kx key exchange context to create PING for | ||
1084 | */ | ||
1085 | static void | ||
1086 | setup_fresh_ping (struct GSC_KeyExchangeInfo *kx) | ||
1087 | { | ||
1088 | struct PingMessage pp; | ||
1089 | struct PingMessage *pm; | ||
1090 | struct GNUNET_CRYPTO_AesInitializationVector iv; | ||
1091 | |||
1092 | pm = &kx->ping; | ||
1093 | pm->header.size = htons (sizeof (struct PingMessage)); | ||
1094 | pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING); | ||
1095 | pm->iv_seed = | ||
1096 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX); | ||
1097 | derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, &kx->peer); | ||
1098 | pp.challenge = kx->ping_challenge; | ||
1099 | pp.target = kx->peer; | ||
1100 | do_encrypt (kx, &iv, &pp.target, &pm->target, | ||
1101 | sizeof (struct PingMessage) - ((void *) &pm->target - | ||
1102 | (void *) pm)); | ||
1103 | } | ||
1104 | |||
1105 | |||
1106 | /** | ||
1107 | * Task triggered when a neighbour entry is about to time out | 948 | * Task triggered when a neighbour entry is about to time out |
1108 | * (and we should prevent this by sending a PING). | 949 | * (and we should prevent this by sending a PING). |
1109 | * | 950 | * |
@@ -1125,7 +966,7 @@ send_keep_alive (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
1125 | gettext_noop ("# sessions terminated by timeout"), | 966 | gettext_noop ("# sessions terminated by timeout"), |
1126 | 1, GNUNET_NO); | 967 | 1, GNUNET_NO); |
1127 | GSC_SESSIONS_end (&kx->peer); | 968 | GSC_SESSIONS_end (&kx->peer); |
1128 | kx->status = KX_STATE_DOWN; | 969 | kx->status = KX_STATE_KEY_SENT; |
1129 | send_key (kx); | 970 | send_key (kx); |
1130 | return; | 971 | return; |
1131 | } | 972 | } |
@@ -1168,49 +1009,6 @@ update_timeout (struct GSC_KeyExchangeInfo *kx) | |||
1168 | 1009 | ||
1169 | 1010 | ||
1170 | /** | 1011 | /** |
1171 | * Trigger rekeying event. | ||
1172 | * | ||
1173 | * @param cls the 'struct GSC_KeyExchangeInfo' | ||
1174 | * @param tc schedule context (unused) | ||
1175 | */ | ||
1176 | static void | ||
1177 | trigger_rekey (void *cls, | ||
1178 | const struct GNUNET_SCHEDULER_TaskContext *tc) | ||
1179 | { | ||
1180 | struct GSC_KeyExchangeInfo *kx = cls; | ||
1181 | |||
1182 | GNUNET_break (KX_STATE_UP == kx->status); | ||
1183 | kx->status = KX_STATE_REKEY; | ||
1184 | kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; | ||
1185 | kx->retry_set_key_task = | ||
1186 | GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency, | ||
1187 | &set_key_retry_task, kx); | ||
1188 | } | ||
1189 | |||
1190 | |||
1191 | /** | ||
1192 | * Schedule rekey operation. | ||
1193 | * | ||
1194 | * @param kx key exchange to schedule rekey for | ||
1195 | */ | ||
1196 | static void | ||
1197 | schedule_rekey (struct GSC_KeyExchangeInfo *kx) | ||
1198 | { | ||
1199 | struct GNUNET_TIME_Relative rdelay; | ||
1200 | |||
1201 | if (GNUNET_SCHEDULER_NO_TASK != kx->retry_set_key_task) | ||
1202 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | ||
1203 | rdelay = REKEY_FREQUENCY; | ||
1204 | /* randomize rekey frequency by one minute to avoid synchronization */ | ||
1205 | rdelay.rel_value += GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1206 | 60 * 1000); | ||
1207 | kx->retry_set_key_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, | ||
1208 | &trigger_rekey, | ||
1209 | kx); | ||
1210 | } | ||
1211 | |||
1212 | |||
1213 | /** | ||
1214 | * We received a PONG message. Validate and update our status. | 1012 | * We received a PONG message. Validate and update our status. |
1215 | * | 1013 | * |
1216 | * @param kx key exchange context for the the PONG | 1014 | * @param kx key exchange context for the the PONG |
@@ -1222,7 +1020,6 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1222 | { | 1020 | { |
1223 | const struct PongMessage *m; | 1021 | const struct PongMessage *m; |
1224 | struct PongMessage t; | 1022 | struct PongMessage t; |
1225 | struct EncryptedMessage *emsg; | ||
1226 | struct GNUNET_CRYPTO_AesInitializationVector iv; | 1023 | struct GNUNET_CRYPTO_AesInitializationVector iv; |
1227 | uint16_t msize; | 1024 | uint16_t msize; |
1228 | 1025 | ||
@@ -1238,17 +1035,19 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1238 | switch (kx->status) | 1035 | switch (kx->status) |
1239 | { | 1036 | { |
1240 | case KX_STATE_DOWN: | 1037 | case KX_STATE_DOWN: |
1038 | GNUNET_STATISTICS_update (GSC_stats, | ||
1039 | gettext_noop ("# PONG messages dropped (connection down)"), 1, | ||
1040 | GNUNET_NO); | ||
1241 | return; | 1041 | return; |
1242 | case KX_STATE_KEY_SENT: | 1042 | case KX_STATE_KEY_SENT: |
1243 | GNUNET_free_non_null (kx->pong_received); | 1043 | GNUNET_STATISTICS_update (GSC_stats, |
1244 | kx->pong_received = (struct PongMessage *) GNUNET_copy_message (msg); | 1044 | gettext_noop ("# PONG messages dropped (out of order)"), 1, |
1045 | GNUNET_NO); | ||
1245 | return; | 1046 | return; |
1246 | case KX_STATE_KEY_RECEIVED: | 1047 | case KX_STATE_KEY_RECEIVED: |
1247 | break; | 1048 | break; |
1248 | case KX_STATE_UP: | 1049 | case KX_STATE_UP: |
1249 | break; | 1050 | break; |
1250 | case KX_STATE_REKEY: | ||
1251 | break; | ||
1252 | case KX_STATE_REKEY_SENT: | 1051 | case KX_STATE_REKEY_SENT: |
1253 | break; | 1052 | break; |
1254 | default: | 1053 | default: |
@@ -1289,13 +1088,19 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1289 | } | 1088 | } |
1290 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received PONG from `%s'\n", | 1089 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received PONG from `%s'\n", |
1291 | GNUNET_i2s (&kx->peer)); | 1090 | GNUNET_i2s (&kx->peer)); |
1091 | /* no need to resend key any longer */ | ||
1092 | if (GNUNET_SCHEDULER_NO_TASK != kx->retry_set_key_task) | ||
1093 | { | ||
1094 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | ||
1095 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; | ||
1096 | } | ||
1292 | switch (kx->status) | 1097 | switch (kx->status) |
1293 | { | 1098 | { |
1294 | case KX_STATE_DOWN: | 1099 | case KX_STATE_DOWN: |
1295 | GNUNET_break (0); /* should be impossible */ | 1100 | GNUNET_assert (0); /* should be impossible */ |
1296 | return; | 1101 | return; |
1297 | case KX_STATE_KEY_SENT: | 1102 | case KX_STATE_KEY_SENT: |
1298 | GNUNET_break (0); /* should be impossible */ | 1103 | GNUNET_assert (0); /* should be impossible */ |
1299 | return; | 1104 | return; |
1300 | case KX_STATE_KEY_RECEIVED: | 1105 | case KX_STATE_KEY_RECEIVED: |
1301 | GNUNET_STATISTICS_update (GSC_stats, | 1106 | GNUNET_STATISTICS_update (GSC_stats, |
@@ -1304,23 +1109,14 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1304 | GNUNET_NO); | 1109 | GNUNET_NO); |
1305 | kx->status = KX_STATE_UP; | 1110 | kx->status = KX_STATE_UP; |
1306 | GSC_SESSIONS_create (&kx->peer, kx); | 1111 | GSC_SESSIONS_create (&kx->peer, kx); |
1307 | CHECK_KX (kx); | ||
1308 | schedule_rekey (kx); | ||
1309 | GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == kx->keep_alive_task); | 1112 | GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == kx->keep_alive_task); |
1310 | if (NULL != kx->emsg_received) | ||
1311 | { | ||
1312 | emsg = kx->emsg_received; | ||
1313 | kx->emsg_received = NULL; | ||
1314 | GSC_KX_handle_encrypted_message (kx, &emsg->header, NULL, | ||
1315 | 0 /* FIXME: ATSI */ ); | ||
1316 | GNUNET_free (emsg); | ||
1317 | } | ||
1318 | update_timeout (kx); | 1113 | update_timeout (kx); |
1319 | break; | 1114 | break; |
1320 | case KX_STATE_UP: | 1115 | case KX_STATE_UP: |
1321 | update_timeout (kx); | 1116 | GNUNET_STATISTICS_update (GSC_stats, |
1322 | break; | 1117 | gettext_noop |
1323 | case KX_STATE_REKEY: | 1118 | ("# timeouts prevented via PONG"), 1, |
1119 | GNUNET_NO); | ||
1324 | update_timeout (kx); | 1120 | update_timeout (kx); |
1325 | break; | 1121 | break; |
1326 | case KX_STATE_REKEY_SENT: | 1122 | case KX_STATE_REKEY_SENT: |
@@ -1329,7 +1125,6 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1329 | ("# rekey operations confirmed via PONG"), 1, | 1125 | ("# rekey operations confirmed via PONG"), 1, |
1330 | GNUNET_NO); | 1126 | GNUNET_NO); |
1331 | kx->status = KX_STATE_UP; | 1127 | kx->status = KX_STATE_UP; |
1332 | schedule_rekey (kx); | ||
1333 | update_timeout (kx); | 1128 | update_timeout (kx); |
1334 | break; | 1129 | break; |
1335 | default: | 1130 | default: |
@@ -1340,86 +1135,25 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1340 | 1135 | ||
1341 | 1136 | ||
1342 | /** | 1137 | /** |
1343 | * Send our key (and encrypted PING) to the other peer. | 1138 | * Send our key to the other peer. |
1344 | * | 1139 | * |
1345 | * @param kx key exchange context | 1140 | * @param kx key exchange context |
1346 | */ | 1141 | */ |
1347 | static void | 1142 | static void |
1348 | send_key (struct GSC_KeyExchangeInfo *kx) | 1143 | send_key (struct GSC_KeyExchangeInfo *kx) |
1349 | { | 1144 | { |
1350 | CHECK_KX (kx); | ||
1351 | if (GNUNET_SCHEDULER_NO_TASK != kx->retry_set_key_task) | 1145 | if (GNUNET_SCHEDULER_NO_TASK != kx->retry_set_key_task) |
1352 | { | 1146 | { |
1353 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | 1147 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
1354 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; | 1148 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; |
1355 | } | 1149 | } |
1356 | if (KX_STATE_UP == kx->status) | ||
1357 | return; /* nothing to do */ | ||
1358 | if (NULL == kx->public_key) | ||
1359 | { | ||
1360 | if (NULL != kx->pitr) | ||
1361 | return; | ||
1362 | /* lookup public key, then try again */ | ||
1363 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1364 | "Trying to obtain public key for `%s'\n", | ||
1365 | GNUNET_i2s (&kx->peer)); | ||
1366 | kx->pitr = | ||
1367 | GNUNET_PEERINFO_iterate (peerinfo, &kx->peer, | ||
1368 | GNUNET_TIME_UNIT_FOREVER_REL /* timeout? */ , | ||
1369 | &process_hello, kx); | ||
1370 | return; | ||
1371 | } | ||
1372 | |||
1373 | /* update status */ | ||
1374 | switch (kx->status) | ||
1375 | { | ||
1376 | case KX_STATE_DOWN: | ||
1377 | kx->status = KX_STATE_KEY_SENT; | ||
1378 | /* setup SET KEY message */ | ||
1379 | setup_fresh_setkey (kx); | ||
1380 | setup_fresh_ping (kx); | ||
1381 | GNUNET_STATISTICS_update (GSC_stats, | ||
1382 | gettext_noop | ||
1383 | ("# SET_KEY and PING messages created"), 1, | ||
1384 | GNUNET_NO); | ||
1385 | break; | ||
1386 | case KX_STATE_KEY_SENT: | ||
1387 | break; | ||
1388 | case KX_STATE_KEY_RECEIVED: | ||
1389 | break; | ||
1390 | case KX_STATE_UP: | ||
1391 | GNUNET_break (0); | ||
1392 | return; | ||
1393 | case KX_STATE_REKEY: | ||
1394 | kx->status = KX_STATE_REKEY_SENT; | ||
1395 | /* setup fresh SET KEY message */ | ||
1396 | setup_fresh_setkey (kx); | ||
1397 | setup_fresh_ping (kx); | ||
1398 | GNUNET_STATISTICS_update (GSC_stats, | ||
1399 | gettext_noop | ||
1400 | ("# SET_KEY and PING messages created"), 1, | ||
1401 | GNUNET_NO); | ||
1402 | GNUNET_STATISTICS_update (GSC_stats, | ||
1403 | gettext_noop | ||
1404 | ("# REKEY operations performed"), 1, | ||
1405 | GNUNET_NO); | ||
1406 | break; | ||
1407 | case KX_STATE_REKEY_SENT: | ||
1408 | break; | ||
1409 | default: | ||
1410 | GNUNET_break (0); | ||
1411 | return; | ||
1412 | } | ||
1413 | |||
1414 | /* always update sender status in SET KEY message */ | 1150 | /* always update sender status in SET KEY message */ |
1415 | /* Not sending rekey sent state to be compatible with GNUnet 0.9.2 */ | 1151 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1416 | kx->skm.sender_status = htonl ((int32_t) ((kx->status == KX_STATE_REKEY_SENT) ? | 1152 | "Sending key to `%s' (my status: %d)\n", |
1417 | KX_STATE_KEY_RECEIVED : kx->status)); | 1153 | GNUNET_i2s (&kx->peer), |
1418 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending SET_KEY and PING to `%s'\n", | 1154 | kx->status); |
1419 | GNUNET_i2s (&kx->peer)); | 1155 | current_ekm.sender_status = htonl ((int32_t) (kx->status)); |
1420 | GSC_NEIGHBOURS_transmit (&kx->peer, &kx->skm.header, | 1156 | GSC_NEIGHBOURS_transmit (&kx->peer, ¤t_ekm.header, |
1421 | kx->set_key_retry_frequency); | ||
1422 | GSC_NEIGHBOURS_transmit (&kx->peer, &kx->ping.header, | ||
1423 | kx->set_key_retry_frequency); | 1157 | kx->set_key_retry_frequency); |
1424 | kx->retry_set_key_task = | 1158 | kx->retry_set_key_task = |
1425 | GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency, | 1159 | GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency, |
@@ -1451,7 +1185,7 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1451 | htonl (GNUNET_CRYPTO_random_u32 | 1185 | htonl (GNUNET_CRYPTO_random_u32 |
1452 | (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX)); | 1186 | (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX)); |
1453 | ph->sequence_number = htonl (++kx->last_sequence_number_sent); | 1187 | ph->sequence_number = htonl (++kx->last_sequence_number_sent); |
1454 | ph->reserved = GNUNET_BANDWIDTH_VALUE_MAX; | 1188 | ph->reserved = 0; |
1455 | ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); | 1189 | ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); |
1456 | memcpy (&ph[1], payload, payload_size); | 1190 | memcpy (&ph[1], payload, payload_size); |
1457 | 1191 | ||
@@ -1466,8 +1200,9 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1466 | used - ENCRYPTED_HEADER_SIZE)); | 1200 | used - ENCRYPTED_HEADER_SIZE)); |
1467 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted %u bytes for %s\n", | 1201 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted %u bytes for %s\n", |
1468 | used - ENCRYPTED_HEADER_SIZE, GNUNET_i2s (&kx->peer)); | 1202 | used - ENCRYPTED_HEADER_SIZE, GNUNET_i2s (&kx->peer)); |
1469 | derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed, | 1203 | derive_auth_key (&auth_key, |
1470 | kx->encrypt_key_created); | 1204 | &kx->encrypt_key, |
1205 | ph->iv_seed); | ||
1471 | GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, | 1206 | GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, |
1472 | used - ENCRYPTED_HEADER_SIZE, &em->hmac); | 1207 | used - ENCRYPTED_HEADER_SIZE, &em->hmac); |
1473 | GSC_NEIGHBOURS_transmit (&kx->peer, &em->header, | 1208 | GSC_NEIGHBOURS_transmit (&kx->peer, &em->header, |
@@ -1531,31 +1266,35 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, | |||
1531 | return; | 1266 | return; |
1532 | } | 1267 | } |
1533 | m = (const struct EncryptedMessage *) msg; | 1268 | m = (const struct EncryptedMessage *) msg; |
1534 | if ((kx->status != KX_STATE_KEY_RECEIVED) && (kx->status != KX_STATE_UP) && | 1269 | if (kx->status != KX_STATE_UP) |
1535 | (kx->status != KX_STATE_REKEY_SENT) ) | ||
1536 | { | 1270 | { |
1537 | GNUNET_STATISTICS_update (GSC_stats, | 1271 | GNUNET_STATISTICS_update (GSC_stats, |
1538 | gettext_noop | 1272 | gettext_noop |
1539 | ("# failed to decrypt message (no session key)"), | 1273 | ("# DATA message dropped (out of order)"), |
1540 | 1, GNUNET_NO); | 1274 | 1, GNUNET_NO); |
1541 | return; | 1275 | return; |
1542 | } | 1276 | } |
1543 | if (KX_STATE_KEY_RECEIVED == kx->status) | 1277 | if (0 == GNUNET_TIME_absolute_get_remaining (kx->foreign_key_expires).rel_value) |
1544 | { | 1278 | { |
1545 | /* defer */ | 1279 | kx->status = KX_STATE_KEY_SENT; |
1546 | GNUNET_free_non_null (kx->emsg_received); | 1280 | GNUNET_STATISTICS_update (GSC_stats, |
1547 | kx->emsg_received = (struct EncryptedMessage *) GNUNET_copy_message (msg); | 1281 | gettext_noop |
1282 | ("# DATA message dropped (session key expired)"), | ||
1283 | 1, GNUNET_NO); | ||
1284 | send_key (kx); | ||
1548 | return; | 1285 | return; |
1549 | } | 1286 | } |
1287 | |||
1550 | /* validate hash */ | 1288 | /* validate hash */ |
1551 | derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed, | 1289 | derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed); |
1552 | kx->decrypt_key_created); | ||
1553 | GNUNET_CRYPTO_hmac (&auth_key, &m->sequence_number, | 1290 | GNUNET_CRYPTO_hmac (&auth_key, &m->sequence_number, |
1554 | size - ENCRYPTED_HEADER_SIZE, &ph); | 1291 | size - ENCRYPTED_HEADER_SIZE, &ph); |
1555 | if (0 != memcmp (&ph, &m->hmac, sizeof (struct GNUNET_HashCode))) | 1292 | if (0 != memcmp (&ph, &m->hmac, sizeof (struct GNUNET_HashCode))) |
1556 | { | 1293 | { |
1557 | /* checksum failed */ | 1294 | /* checksum failed */ |
1558 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Failed checksum validation for a message from `%s'\n", GNUNET_i2s (&kx->peer)); | 1295 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1296 | "Failed checksum validation for a message from `%s'\n", | ||
1297 | GNUNET_i2s (&kx->peer)); | ||
1559 | return; | 1298 | return; |
1560 | } | 1299 | } |
1561 | derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); | 1300 | derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); |
@@ -1572,7 +1311,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, | |||
1572 | snum = ntohl (pt->sequence_number); | 1311 | snum = ntohl (pt->sequence_number); |
1573 | if (kx->last_sequence_number_received == snum) | 1312 | if (kx->last_sequence_number_received == snum) |
1574 | { | 1313 | { |
1575 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1314 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1576 | "Received duplicate message, ignoring.\n"); | 1315 | "Received duplicate message, ignoring.\n"); |
1577 | /* duplicate, ignore */ | 1316 | /* duplicate, ignore */ |
1578 | GNUNET_STATISTICS_update (GSC_stats, | 1317 | GNUNET_STATISTICS_update (GSC_stats, |
@@ -1583,7 +1322,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, | |||
1583 | if ((kx->last_sequence_number_received > snum) && | 1322 | if ((kx->last_sequence_number_received > snum) && |
1584 | (kx->last_sequence_number_received - snum > 32)) | 1323 | (kx->last_sequence_number_received - snum > 32)) |
1585 | { | 1324 | { |
1586 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1325 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1587 | "Received ancient out of sequence message, ignoring.\n"); | 1326 | "Received ancient out of sequence message, ignoring.\n"); |
1588 | /* ancient out of sequence, ignore */ | 1327 | /* ancient out of sequence, ignore */ |
1589 | GNUNET_STATISTICS_update (GSC_stats, | 1328 | GNUNET_STATISTICS_update (GSC_stats, |
@@ -1598,7 +1337,7 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, | |||
1598 | 1337 | ||
1599 | if ((kx->last_packets_bitmap & rotbit) != 0) | 1338 | if ((kx->last_packets_bitmap & rotbit) != 0) |
1600 | { | 1339 | { |
1601 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1340 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1602 | "Received duplicate message, ignoring.\n"); | 1341 | "Received duplicate message, ignoring.\n"); |
1603 | GNUNET_STATISTICS_update (GSC_stats, | 1342 | GNUNET_STATISTICS_update (GSC_stats, |
1604 | gettext_noop ("# bytes dropped (duplicates)"), | 1343 | gettext_noop ("# bytes dropped (duplicates)"), |
@@ -1624,8 +1363,8 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, | |||
1624 | if (GNUNET_TIME_absolute_get_duration (t).rel_value > | 1363 | if (GNUNET_TIME_absolute_get_duration (t).rel_value > |
1625 | MAX_MESSAGE_AGE.rel_value) | 1364 | MAX_MESSAGE_AGE.rel_value) |
1626 | { | 1365 | { |
1627 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 1366 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1628 | _("Message received far too old (%s). Content ignored.\n"), | 1367 | "Message received far too old (%s). Content ignored.\n", |
1629 | GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (t), GNUNET_YES)); | 1368 | GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (t), GNUNET_YES)); |
1630 | GNUNET_STATISTICS_update (GSC_stats, | 1369 | GNUNET_STATISTICS_update (GSC_stats, |
1631 | gettext_noop | 1370 | gettext_noop |
@@ -1684,28 +1423,89 @@ deliver_message (void *cls, void *client, const struct GNUNET_MessageHeader *m) | |||
1684 | 1423 | ||
1685 | 1424 | ||
1686 | /** | 1425 | /** |
1426 | * Setup the message that links the ephemeral key to our persistent | ||
1427 | * public key and generate the appropriate signature. | ||
1428 | */ | ||
1429 | static void | ||
1430 | sign_ephemeral_key () | ||
1431 | { | ||
1432 | current_ekm.header.size = htons (sizeof (struct EphemeralKeyMessage)); | ||
1433 | current_ekm.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY); | ||
1434 | current_ekm.sender_status = 0; /* to be set later */ | ||
1435 | current_ekm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY); | ||
1436 | current_ekm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
1437 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
1438 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
1439 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) + | ||
1440 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)); | ||
1441 | current_ekm.creation_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); | ||
1442 | current_ekm.expiration_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (GNUNET_TIME_relative_add (REKEY_FREQUENCY, | ||
1443 | REKEY_TOLERANCE))); | ||
1444 | GNUNET_CRYPTO_ecc_key_get_public (my_ephemeral_key, | ||
1445 | ¤t_ekm.ephemeral_key); | ||
1446 | current_ekm.origin_public_key = my_public_key; | ||
1447 | GNUNET_assert (GNUNET_OK == | ||
1448 | GNUNET_CRYPTO_ecc_sign (my_private_key, | ||
1449 | ¤t_ekm.purpose, | ||
1450 | ¤t_ekm.signature)); | ||
1451 | } | ||
1452 | |||
1453 | |||
1454 | /** | ||
1455 | * Task run to trigger rekeying. | ||
1456 | * | ||
1457 | * @param cls closure, NULL | ||
1458 | * @param tc scheduler context | ||
1459 | */ | ||
1460 | static void | ||
1461 | do_rekey (void *cls, | ||
1462 | const struct GNUNET_SCHEDULER_TaskContext *tc) | ||
1463 | { | ||
1464 | struct GSC_KeyExchangeInfo *pos; | ||
1465 | |||
1466 | rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, | ||
1467 | &do_rekey, | ||
1468 | NULL); | ||
1469 | if (NULL != my_ephemeral_key) | ||
1470 | GNUNET_CRYPTO_ecc_key_free (my_ephemeral_key); | ||
1471 | my_ephemeral_key = GNUNET_CRYPTO_ecc_key_create (); | ||
1472 | GNUNET_assert (NULL != my_ephemeral_key); | ||
1473 | sign_ephemeral_key (); | ||
1474 | for (pos = kx_head; NULL != pos; pos = pos->next) | ||
1475 | { | ||
1476 | pos->status = KX_STATE_REKEY_SENT; | ||
1477 | send_key (pos); | ||
1478 | } | ||
1479 | } | ||
1480 | |||
1481 | |||
1482 | /** | ||
1687 | * Initialize KX subsystem. | 1483 | * Initialize KX subsystem. |
1688 | * | 1484 | * |
1689 | * @param pk private key to use for the peer | 1485 | * @param pk private key to use for the peer |
1690 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | 1486 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure |
1691 | */ | 1487 | */ |
1692 | int | 1488 | int |
1693 | GSC_KX_init (struct GNUNET_CRYPTO_RsaPrivateKey *pk) | 1489 | GSC_KX_init (struct GNUNET_CRYPTO_EccPrivateKey *pk) |
1694 | { | 1490 | { |
1491 | GNUNET_assert (NULL != pk); | ||
1695 | my_private_key = pk; | 1492 | my_private_key = pk; |
1696 | GNUNET_CRYPTO_rsa_key_get_public (my_private_key, &my_public_key); | 1493 | GNUNET_CRYPTO_ecc_key_get_public (my_private_key, &my_public_key); |
1697 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), | 1494 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), |
1698 | &GSC_my_identity.hashPubKey); | 1495 | &GSC_my_identity.hashPubKey); |
1699 | peerinfo = GNUNET_PEERINFO_connect (GSC_cfg); | 1496 | my_ephemeral_key = GNUNET_CRYPTO_ecc_key_create (); |
1700 | if (NULL == peerinfo) | 1497 | if (NULL == my_ephemeral_key) |
1701 | { | 1498 | { |
1702 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1499 | GNUNET_break (0); |
1703 | _("Could not access PEERINFO service. Exiting.\n")); | 1500 | GNUNET_CRYPTO_ecc_key_free (my_private_key); |
1704 | GNUNET_CRYPTO_rsa_key_free (my_private_key); | ||
1705 | my_private_key = NULL; | 1501 | my_private_key = NULL; |
1706 | return GNUNET_SYSERR; | 1502 | return GNUNET_SYSERR; |
1707 | } | 1503 | } |
1504 | sign_ephemeral_key (); | ||
1708 | mst = GNUNET_SERVER_mst_create (&deliver_message, NULL); | 1505 | mst = GNUNET_SERVER_mst_create (&deliver_message, NULL); |
1506 | rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, | ||
1507 | &do_rekey, | ||
1508 | NULL); | ||
1709 | return GNUNET_OK; | 1509 | return GNUNET_OK; |
1710 | } | 1510 | } |
1711 | 1511 | ||
@@ -1716,15 +1516,20 @@ GSC_KX_init (struct GNUNET_CRYPTO_RsaPrivateKey *pk) | |||
1716 | void | 1516 | void |
1717 | GSC_KX_done () | 1517 | GSC_KX_done () |
1718 | { | 1518 | { |
1519 | if (GNUNET_SCHEDULER_NO_TASK != rekey_task) | ||
1520 | { | ||
1521 | GNUNET_SCHEDULER_cancel (rekey_task); | ||
1522 | rekey_task = GNUNET_SCHEDULER_NO_TASK; | ||
1523 | } | ||
1719 | if (NULL != my_private_key) | 1524 | if (NULL != my_private_key) |
1720 | { | 1525 | { |
1721 | GNUNET_CRYPTO_rsa_key_free (my_private_key); | 1526 | GNUNET_CRYPTO_ecc_key_free (my_private_key); |
1722 | my_private_key = NULL; | 1527 | my_private_key = NULL; |
1723 | } | 1528 | } |
1724 | if (NULL != peerinfo) | 1529 | if (NULL != my_ephemeral_key) |
1725 | { | 1530 | { |
1726 | GNUNET_PEERINFO_disconnect (peerinfo); | 1531 | GNUNET_CRYPTO_ecc_key_free (my_ephemeral_key); |
1727 | peerinfo = NULL; | 1532 | my_ephemeral_key = NULL; |
1728 | } | 1533 | } |
1729 | if (NULL != mst) | 1534 | if (NULL != mst) |
1730 | { | 1535 | { |
diff --git a/src/core/gnunet-service-core_kx.h b/src/core/gnunet-service-core_kx.h index fcb561e01..6e6d30d8d 100644 --- a/src/core/gnunet-service-core_kx.h +++ b/src/core/gnunet-service-core_kx.h | |||
@@ -37,15 +37,15 @@ struct GSC_KeyExchangeInfo; | |||
37 | 37 | ||
38 | 38 | ||
39 | /** | 39 | /** |
40 | * We received a SET_KEY message. Validate and update | 40 | * We received a EPHEMERAL_KEY message. Validate and update |
41 | * our key material and status. | 41 | * our key material and status. |
42 | * | 42 | * |
43 | * @param kx key exchange status for the corresponding peer | 43 | * @param kx key exchange status for the corresponding peer |
44 | * @param msg the set key message we received | 44 | * @param msg the set key message we received |
45 | */ | 45 | */ |
46 | void | 46 | void |
47 | GSC_KX_handle_set_key (struct GSC_KeyExchangeInfo *kx, | 47 | GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, |
48 | const struct GNUNET_MessageHeader *msg); | 48 | const struct GNUNET_MessageHeader *msg); |
49 | 49 | ||
50 | 50 | ||
51 | /** | 51 | /** |
@@ -125,7 +125,7 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx); | |||
125 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | 125 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure |
126 | */ | 126 | */ |
127 | int | 127 | int |
128 | GSC_KX_init (struct GNUNET_CRYPTO_RsaPrivateKey *pk); | 128 | GSC_KX_init (struct GNUNET_CRYPTO_EccPrivateKey *pk); |
129 | 129 | ||
130 | 130 | ||
131 | /** | 131 | /** |
diff --git a/src/core/gnunet-service-core_neighbours.c b/src/core/gnunet-service-core_neighbours.c index aa77fe47e..7e0086fd6 100644 --- a/src/core/gnunet-service-core_neighbours.c +++ b/src/core/gnunet-service-core_neighbours.c | |||
@@ -400,8 +400,8 @@ handle_transport_receive (void *cls, const struct GNUNET_PeerIdentity *peer, | |||
400 | type = ntohs (message->type); | 400 | type = ntohs (message->type); |
401 | switch (type) | 401 | switch (type) |
402 | { | 402 | { |
403 | case GNUNET_MESSAGE_TYPE_CORE_SET_KEY: | 403 | case GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY: |
404 | GSC_KX_handle_set_key (n->kxinfo, message); | 404 | GSC_KX_handle_ephemeral_key (n->kxinfo, message); |
405 | break; | 405 | break; |
406 | case GNUNET_MESSAGE_TYPE_CORE_PING: | 406 | case GNUNET_MESSAGE_TYPE_CORE_PING: |
407 | GSC_KX_handle_ping (n->kxinfo, message); | 407 | GSC_KX_handle_ping (n->kxinfo, message); |
diff --git a/src/hello/gnunet-hello.c b/src/hello/gnunet-hello.c index eae16a90b..fa250d7a1 100644 --- a/src/hello/gnunet-hello.c +++ b/src/hello/gnunet-hello.c | |||
@@ -107,7 +107,7 @@ main (int argc, char *argv[]) | |||
107 | struct GNUNET_DISK_FileHandle *fh; | 107 | struct GNUNET_DISK_FileHandle *fh; |
108 | struct GNUNET_HELLO_Message *orig; | 108 | struct GNUNET_HELLO_Message *orig; |
109 | struct GNUNET_HELLO_Message *result; | 109 | struct GNUNET_HELLO_Message *result; |
110 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pk; | 110 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pk; |
111 | uint64_t fsize; | 111 | uint64_t fsize; |
112 | 112 | ||
113 | GNUNET_log_setup ("gnunet-hello", "INFO", NULL); | 113 | GNUNET_log_setup ("gnunet-hello", "INFO", NULL); |
diff --git a/src/hello/hello.c b/src/hello/hello.c index becc4da96..a20e8992c 100644 --- a/src/hello/hello.c +++ b/src/hello/hello.c | |||
@@ -59,7 +59,7 @@ struct GNUNET_HELLO_Message | |||
59 | /** | 59 | /** |
60 | * The public key of the peer. | 60 | * The public key of the peer. |
61 | */ | 61 | */ |
62 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded publicKey; | 62 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded publicKey; |
63 | 63 | ||
64 | }; | 64 | }; |
65 | GNUNET_NETWORK_STRUCT_END | 65 | GNUNET_NETWORK_STRUCT_END |
@@ -201,7 +201,7 @@ get_hello_address_size (const char *buf, size_t max, uint16_t * ralen) | |||
201 | * @return the hello message | 201 | * @return the hello message |
202 | */ | 202 | */ |
203 | struct GNUNET_HELLO_Message * | 203 | struct GNUNET_HELLO_Message * |
204 | GNUNET_HELLO_create (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | 204 | GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded |
205 | *publicKey, | 205 | *publicKey, |
206 | GNUNET_HELLO_GenerateAddressListCallback addrgen, | 206 | GNUNET_HELLO_GenerateAddressListCallback addrgen, |
207 | void *addrgen_cls) | 207 | void *addrgen_cls) |
@@ -227,7 +227,7 @@ GNUNET_HELLO_create (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | |||
227 | hello->header.type = htons (GNUNET_MESSAGE_TYPE_HELLO); | 227 | hello->header.type = htons (GNUNET_MESSAGE_TYPE_HELLO); |
228 | hello->header.size = htons (sizeof (struct GNUNET_HELLO_Message) + used); | 228 | hello->header.size = htons (sizeof (struct GNUNET_HELLO_Message) + used); |
229 | memcpy (&hello->publicKey, publicKey, | 229 | memcpy (&hello->publicKey, publicKey, |
230 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)); | 230 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)); |
231 | memcpy (&hello[1], buffer, used); | 231 | memcpy (&hello[1], buffer, used); |
232 | return hello; | 232 | return hello; |
233 | } | 233 | } |
@@ -274,7 +274,7 @@ GNUNET_HELLO_iterate_addresses (const struct GNUNET_HELLO_Message *msg, | |||
274 | wpos = 0; | 274 | wpos = 0; |
275 | woff = (ret != NULL) ? (char *) &ret[1] : NULL; | 275 | woff = (ret != NULL) ? (char *) &ret[1] : NULL; |
276 | GNUNET_CRYPTO_hash (&msg->publicKey, | 276 | GNUNET_CRYPTO_hash (&msg->publicKey, |
277 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), | 277 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), |
278 | &address.peer.hashPubKey); | 278 | &address.peer.hashPubKey); |
279 | while (insize > 0) | 279 | while (insize > 0) |
280 | { | 280 | { |
@@ -503,7 +503,7 @@ GNUNET_HELLO_size (const struct GNUNET_HELLO_Message *hello) | |||
503 | */ | 503 | */ |
504 | int | 504 | int |
505 | GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello, | 505 | GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello, |
506 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *publicKey) | 506 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicKey) |
507 | { | 507 | { |
508 | uint16_t ret = ntohs (hello->header.size); | 508 | uint16_t ret = ntohs (hello->header.size); |
509 | 509 | ||
@@ -532,7 +532,7 @@ GNUNET_HELLO_get_id (const struct GNUNET_HELLO_Message *hello, | |||
532 | (ntohs (hello->header.type) != GNUNET_MESSAGE_TYPE_HELLO)) | 532 | (ntohs (hello->header.type) != GNUNET_MESSAGE_TYPE_HELLO)) |
533 | return GNUNET_SYSERR; | 533 | return GNUNET_SYSERR; |
534 | GNUNET_CRYPTO_hash (&hello->publicKey, | 534 | GNUNET_CRYPTO_hash (&hello->publicKey, |
535 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), | 535 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), |
536 | &peer->hashPubKey); | 536 | &peer->hashPubKey); |
537 | return GNUNET_OK; | 537 | return GNUNET_OK; |
538 | } | 538 | } |
@@ -641,7 +641,7 @@ GNUNET_HELLO_equals (const struct GNUNET_HELLO_Message *h1, | |||
641 | 641 | ||
642 | if (0 != | 642 | if (0 != |
643 | memcmp (&h1->publicKey, &h2->publicKey, | 643 | memcmp (&h1->publicKey, &h2->publicKey, |
644 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded))) | 644 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) |
645 | return GNUNET_TIME_UNIT_ZERO_ABS; | 645 | return GNUNET_TIME_UNIT_ZERO_ABS; |
646 | ec.expiration_limit = now; | 646 | ec.expiration_limit = now; |
647 | ec.result = GNUNET_TIME_UNIT_FOREVER_ABS; | 647 | ec.result = GNUNET_TIME_UNIT_FOREVER_ABS; |
@@ -833,7 +833,7 @@ GNUNET_HELLO_compose_uri (const struct GNUNET_HELLO_Message *hello, | |||
833 | struct GNUNET_HELLO_ComposeUriContext ctx; | 833 | struct GNUNET_HELLO_ComposeUriContext ctx; |
834 | ctx.plugins_find = plugins_find; | 834 | ctx.plugins_find = plugins_find; |
835 | 835 | ||
836 | char *pkey = GNUNET_CRYPTO_rsa_public_key_to_string (&(hello->publicKey)); | 836 | char *pkey = GNUNET_CRYPTO_ecc_public_key_to_string (&(hello->publicKey)); |
837 | GNUNET_asprintf (&(ctx.uri), | 837 | GNUNET_asprintf (&(ctx.uri), |
838 | "%s%s", | 838 | "%s%s", |
839 | GNUNET_HELLO_URI_PREFIX, | 839 | GNUNET_HELLO_URI_PREFIX, |
@@ -1005,7 +1005,7 @@ add_address_to_hello (void *cls, size_t max, void *buffer) | |||
1005 | */ | 1005 | */ |
1006 | int | 1006 | int |
1007 | GNUNET_HELLO_parse_uri (const char *uri, | 1007 | GNUNET_HELLO_parse_uri (const char *uri, |
1008 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pubkey, | 1008 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pubkey, |
1009 | struct GNUNET_HELLO_Message **hello, | 1009 | struct GNUNET_HELLO_Message **hello, |
1010 | GNUNET_HELLO_TransportPluginsFind plugins_find) | 1010 | GNUNET_HELLO_TransportPluginsFind plugins_find) |
1011 | { | 1011 | { |
diff --git a/src/hello/test_hello.c b/src/hello/test_hello.c index 28d4aecbe..67335ab95 100644 --- a/src/hello/test_hello.c +++ b/src/hello/test_hello.c | |||
@@ -93,8 +93,8 @@ main (int argc, char *argv[]) | |||
93 | struct GNUNET_HELLO_Message *msg1; | 93 | struct GNUNET_HELLO_Message *msg1; |
94 | struct GNUNET_HELLO_Message *msg2; | 94 | struct GNUNET_HELLO_Message *msg2; |
95 | struct GNUNET_HELLO_Message *msg3; | 95 | struct GNUNET_HELLO_Message *msg3; |
96 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded publicKey; | 96 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded publicKey; |
97 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pk; | 97 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pk; |
98 | struct GNUNET_TIME_Absolute startup_time; | 98 | struct GNUNET_TIME_Absolute startup_time; |
99 | unsigned int i; | 99 | unsigned int i; |
100 | 100 | ||
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 6120b48d8..fb299267b 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -323,10 +323,6 @@ struct GNUNET_CRYPTO_AesSessionKey | |||
323 | */ | 323 | */ |
324 | unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; | 324 | unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; |
325 | 325 | ||
326 | /** | ||
327 | * checksum! | ||
328 | */ | ||
329 | uint32_t crc32 GNUNET_PACKED; | ||
330 | }; | 326 | }; |
331 | GNUNET_NETWORK_STRUCT_END | 327 | GNUNET_NETWORK_STRUCT_END |
332 | 328 | ||
@@ -451,17 +447,6 @@ GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key); | |||
451 | 447 | ||
452 | 448 | ||
453 | /** | 449 | /** |
454 | * Check that a new session key is well-formed. | ||
455 | * | ||
456 | * @param key key to check | ||
457 | * @return GNUNET_OK if the key is valid | ||
458 | */ | ||
459 | int | ||
460 | GNUNET_CRYPTO_aes_check_session_key (const struct GNUNET_CRYPTO_AesSessionKey | ||
461 | *key); | ||
462 | |||
463 | |||
464 | /** | ||
465 | * Encrypt a block with the public key of another | 450 | * Encrypt a block with the public key of another |
466 | * host that uses the same cyper. | 451 | * host that uses the same cyper. |
467 | * | 452 | * |
@@ -1199,7 +1184,7 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv | |||
1199 | * @return string representing 'pub' | 1184 | * @return string representing 'pub' |
1200 | */ | 1185 | */ |
1201 | char * | 1186 | char * |
1202 | GNUNET_CRYPTO_ecc_public_key_to_string (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub); | 1187 | GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub); |
1203 | 1188 | ||
1204 | 1189 | ||
1205 | /** | 1190 | /** |
diff --git a/src/include/gnunet_hello_lib.h b/src/include/gnunet_hello_lib.h index 7be30cf8f..867ff686d 100644 --- a/src/include/gnunet_hello_lib.h +++ b/src/include/gnunet_hello_lib.h | |||
@@ -183,7 +183,7 @@ typedef size_t (*GNUNET_HELLO_GenerateAddressListCallback) (void *cls, | |||
183 | * @return the hello message | 183 | * @return the hello message |
184 | */ | 184 | */ |
185 | struct GNUNET_HELLO_Message * | 185 | struct GNUNET_HELLO_Message * |
186 | GNUNET_HELLO_create (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | 186 | GNUNET_HELLO_create (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded |
187 | *publicKey, | 187 | *publicKey, |
188 | GNUNET_HELLO_GenerateAddressListCallback addrgen, | 188 | GNUNET_HELLO_GenerateAddressListCallback addrgen, |
189 | void *addrgen_cls); | 189 | void *addrgen_cls); |
@@ -310,7 +310,7 @@ GNUNET_HELLO_iterate_new_addresses (const struct GNUNET_HELLO_Message | |||
310 | */ | 310 | */ |
311 | int | 311 | int |
312 | GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello, | 312 | GNUNET_HELLO_get_key (const struct GNUNET_HELLO_Message *hello, |
313 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | 313 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded |
314 | *publicKey); | 314 | *publicKey); |
315 | 315 | ||
316 | 316 | ||
@@ -364,7 +364,7 @@ GNUNET_HELLO_compose_uri (const struct GNUNET_HELLO_Message *hello, | |||
364 | */ | 364 | */ |
365 | int | 365 | int |
366 | GNUNET_HELLO_parse_uri (const char *uri, | 366 | GNUNET_HELLO_parse_uri (const char *uri, |
367 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pubkey, | 367 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pubkey, |
368 | struct GNUNET_HELLO_Message **hello, | 368 | struct GNUNET_HELLO_Message **hello, |
369 | GNUNET_HELLO_TransportPluginsFind plugins_find); | 369 | GNUNET_HELLO_TransportPluginsFind plugins_find); |
370 | 370 | ||
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 2ccc3e5b7..af94ebeb5 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -313,11 +313,6 @@ extern "C" | |||
313 | #define GNUNET_MESSAGE_TYPE_CORE_PEER_CONNECTED 80 | 313 | #define GNUNET_MESSAGE_TYPE_CORE_PEER_CONNECTED 80 |
314 | 314 | ||
315 | /** | 315 | /** |
316 | * Session key exchange between peers. | ||
317 | */ | ||
318 | #define GNUNET_MESSAGE_TYPE_CORE_SET_KEY 81 | ||
319 | |||
320 | /** | ||
321 | * Encapsulation for an encrypted message between peers. | 316 | * Encapsulation for an encrypted message between peers. |
322 | */ | 317 | */ |
323 | #define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE 82 | 318 | #define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE 82 |
@@ -347,6 +342,12 @@ extern "C" | |||
347 | */ | 342 | */ |
348 | #define GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP 87 | 343 | #define GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP 87 |
349 | 344 | ||
345 | /** | ||
346 | * Session key exchange between peers. | ||
347 | */ | ||
348 | #define GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY 88 | ||
349 | |||
350 | |||
350 | /******************************************************************************* | 351 | /******************************************************************************* |
351 | * DATASTORE message types | 352 | * DATASTORE message types |
352 | ******************************************************************************/ | 353 | ******************************************************************************/ |
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index ee105c62a..2a2ba4755 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h | |||
@@ -53,11 +53,6 @@ extern "C" | |||
53 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT 2 | 53 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT 2 |
54 | 54 | ||
55 | /** | 55 | /** |
56 | * Purpose is to set a session key. | ||
57 | */ | ||
58 | #define GNUNET_SIGNATURE_PURPOSE_SET_KEY 3 | ||
59 | |||
60 | /** | ||
61 | * Signature for a namespace/pseudonym advertisement (by | 56 | * Signature for a namespace/pseudonym advertisement (by |
62 | * the namespace owner). | 57 | * the namespace owner). |
63 | */ | 58 | */ |
@@ -115,12 +110,18 @@ extern "C" | |||
115 | */ | 110 | */ |
116 | #define GNUNET_SIGNATURE_PURPOSE_NSE_SEND 14 | 111 | #define GNUNET_SIGNATURE_PURPOSE_NSE_SEND 14 |
117 | 112 | ||
118 | |||
119 | /** | 113 | /** |
120 | * Signature of a gnunet naming system record block | 114 | * Signature of a gnunet naming system record block |
121 | */ | 115 | */ |
122 | #define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN 15 | 116 | #define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN 15 |
123 | 117 | ||
118 | /** | ||
119 | * Purpose is to set a session key. | ||
120 | */ | ||
121 | #define GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY 16 | ||
122 | |||
123 | |||
124 | |||
124 | #if 0 /* keep Emacsens' auto-indent happy */ | 125 | #if 0 /* keep Emacsens' auto-indent happy */ |
125 | { | 126 | { |
126 | #endif | 127 | #endif |
diff --git a/src/include/gnunet_testing_lib.h b/src/include/gnunet_testing_lib.h index 04a3e9942..47f05d49d 100644 --- a/src/include/gnunet_testing_lib.h +++ b/src/include/gnunet_testing_lib.h | |||
@@ -44,7 +44,13 @@ extern "C" | |||
44 | #endif | 44 | #endif |
45 | #endif | 45 | #endif |
46 | 46 | ||
47 | #define GNUNET_TESTING_HOSTKEYFILESIZE 914 | 47 | /** |
48 | * Size of each hostkey in the hostkey file (in BYTES). This is the | ||
49 | * maximum length of the S-expressions generated by libgcrypt for the | ||
50 | * curves (rounded up to the next full KB to make IO nicer); it is NOT | ||
51 | * the number of bits in the key. | ||
52 | */ | ||
53 | #define GNUNET_TESTING_HOSTKEYFILESIZE 2048 | ||
48 | 54 | ||
49 | /** | 55 | /** |
50 | * Handle for a system on which GNUnet peers are executed; | 56 | * Handle for a system on which GNUnet peers are executed; |
@@ -138,7 +144,7 @@ GNUNET_TESTING_system_destroy (struct GNUNET_TESTING_System *system, | |||
138 | * key; if NULL, GNUNET_SYSERR is returned immediately | 144 | * key; if NULL, GNUNET_SYSERR is returned immediately |
139 | * @return NULL on error (not enough keys) | 145 | * @return NULL on error (not enough keys) |
140 | */ | 146 | */ |
141 | struct GNUNET_CRYPTO_RsaPrivateKey * | 147 | struct GNUNET_CRYPTO_EccPrivateKey * |
142 | GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, | 148 | GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, |
143 | uint32_t key_number, | 149 | uint32_t key_number, |
144 | struct GNUNET_PeerIdentity *id); | 150 | struct GNUNET_PeerIdentity *id); |
diff --git a/src/peerinfo-tool/gnunet-peerinfo.c b/src/peerinfo-tool/gnunet-peerinfo.c index 61185bc04..809b2a592 100644 --- a/src/peerinfo-tool/gnunet-peerinfo.c +++ b/src/peerinfo-tool/gnunet-peerinfo.c | |||
@@ -167,7 +167,7 @@ static struct GNUNET_PeerIdentity my_peer_identity; | |||
167 | /** | 167 | /** |
168 | * My public key. | 168 | * My public key. |
169 | */ | 169 | */ |
170 | static struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded my_public_key; | 170 | static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key; |
171 | 171 | ||
172 | /** | 172 | /** |
173 | * Head of list of print contexts. | 173 | * Head of list of print contexts. |
@@ -524,7 +524,7 @@ static void | |||
524 | run (void *cls, char *const *args, const char *cfgfile, | 524 | run (void *cls, char *const *args, const char *cfgfile, |
525 | const struct GNUNET_CONFIGURATION_Handle *c) | 525 | const struct GNUNET_CONFIGURATION_Handle *c) |
526 | { | 526 | { |
527 | struct GNUNET_CRYPTO_RsaPrivateKey *priv; | 527 | struct GNUNET_CRYPTO_EccPrivateKey *priv; |
528 | char *fn; | 528 | char *fn; |
529 | 529 | ||
530 | cfg = c; | 530 | cfg = c; |
@@ -551,22 +551,22 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
551 | { | 551 | { |
552 | /* load private key */ | 552 | /* load private key */ |
553 | if (GNUNET_OK != | 553 | if (GNUNET_OK != |
554 | GNUNET_CONFIGURATION_get_value_filename (cfg, "GNUNETD", "HOSTKEY", | 554 | GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", |
555 | &fn)) | 555 | &fn)) |
556 | { | 556 | { |
557 | FPRINTF (stderr, _("Could not find option `%s:%s' in configuration.\n"), | 557 | FPRINTF (stderr, _("Could not find option `%s:%s' in configuration.\n"), |
558 | "GNUNETD", "HOSTKEYFILE"); | 558 | "GNUNETD", "HOSTKEYFILE"); |
559 | return; | 559 | return; |
560 | } | 560 | } |
561 | if (NULL == (priv = GNUNET_CRYPTO_rsa_key_create_from_file (fn))) | 561 | if (NULL == (priv = GNUNET_CRYPTO_ecc_key_create_from_file (fn))) |
562 | { | 562 | { |
563 | FPRINTF (stderr, _("Loading hostkey from `%s' failed.\n"), fn); | 563 | FPRINTF (stderr, _("Loading hostkey from `%s' failed.\n"), fn); |
564 | GNUNET_free (fn); | 564 | GNUNET_free (fn); |
565 | return; | 565 | return; |
566 | } | 566 | } |
567 | GNUNET_free (fn); | 567 | GNUNET_free (fn); |
568 | GNUNET_CRYPTO_rsa_key_get_public (priv, &my_public_key); | 568 | GNUNET_CRYPTO_ecc_key_get_public (priv, &my_public_key); |
569 | GNUNET_CRYPTO_rsa_key_free (priv); | 569 | GNUNET_CRYPTO_ecc_key_free (priv); |
570 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), &my_peer_identity.hashPubKey); | 570 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), &my_peer_identity.hashPubKey); |
571 | } | 571 | } |
572 | 572 | ||
diff --git a/src/testing/gnunet-testing.c b/src/testing/gnunet-testing.c index 28c5be965..eb85e155e 100644 --- a/src/testing/gnunet-testing.c +++ b/src/testing/gnunet-testing.c | |||
@@ -28,7 +28,7 @@ | |||
28 | #include "gnunet_testing_lib.h" | 28 | #include "gnunet_testing_lib.h" |
29 | 29 | ||
30 | 30 | ||
31 | #define HOSTKEYFILESIZE 914 | 31 | #define HOSTKEYFILESIZE 1024 |
32 | 32 | ||
33 | /** | 33 | /** |
34 | * Final status code. | 34 | * Final status code. |
@@ -119,11 +119,13 @@ create_unique_cfgs (const char * template, const unsigned int no) | |||
119 | static int | 119 | static int |
120 | create_hostkeys (const unsigned int no) | 120 | create_hostkeys (const unsigned int no) |
121 | { | 121 | { |
122 | static char pad[HOSTKEYFILESIZE]; | ||
122 | struct GNUNET_TESTING_System *system; | 123 | struct GNUNET_TESTING_System *system; |
123 | struct GNUNET_PeerIdentity id; | 124 | struct GNUNET_PeerIdentity id; |
124 | struct GNUNET_DISK_FileHandle *fd; | 125 | struct GNUNET_DISK_FileHandle *fd; |
125 | struct GNUNET_CRYPTO_RsaPrivateKey *pk; | 126 | struct GNUNET_CRYPTO_EccPrivateKey *pk; |
126 | struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *pkb; | 127 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *pkb; |
128 | ssize_t ret; | ||
127 | 129 | ||
128 | system = GNUNET_TESTING_system_create ("testing", NULL, NULL); | 130 | system = GNUNET_TESTING_system_create ("testing", NULL, NULL); |
129 | pk = GNUNET_TESTING_hostkey_get (system, create_no, &id); | 131 | pk = GNUNET_TESTING_hostkey_get (system, create_no, &id); |
@@ -140,14 +142,20 @@ create_hostkeys (const unsigned int no) | |||
140 | GNUNET_DISK_PERM_USER_READ | | 142 | GNUNET_DISK_PERM_USER_READ | |
141 | GNUNET_DISK_PERM_USER_WRITE); | 143 | GNUNET_DISK_PERM_USER_WRITE); |
142 | GNUNET_assert (fd != NULL); | 144 | GNUNET_assert (fd != NULL); |
143 | pkb = GNUNET_CRYPTO_rsa_encode_key (pk); | 145 | pkb = GNUNET_CRYPTO_ecc_encode_key (pk); |
144 | GNUNET_assert (HOSTKEYFILESIZE == | 146 | ret = GNUNET_DISK_file_write (fd, pkb, |
145 | GNUNET_DISK_file_write (fd, pkb, ntohs (pkb->len))); | 147 | ntohs (pkb->size)); |
148 | GNUNET_assert (ntohs (pkb->size) == ret); | ||
149 | GNUNET_assert (ntohs (pkb->size) < HOSTKEYFILESIZE); | ||
150 | GNUNET_assert (HOSTKEYFILESIZE - ret == | ||
151 | GNUNET_DISK_file_write (fd, pad, | ||
152 | HOSTKEYFILESIZE - ret)); | ||
153 | |||
146 | GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd)); | 154 | GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd)); |
147 | GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, "transport-testing", | 155 | GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG, "transport-testing", |
148 | "Wrote hostkey to file: `%s'\n", create_hostkey); | 156 | "Wrote hostkey to file: `%s'\n", create_hostkey); |
149 | GNUNET_free (pkb); | 157 | GNUNET_free (pkb); |
150 | GNUNET_CRYPTO_rsa_key_free (pk); | 158 | GNUNET_CRYPTO_ecc_key_free (pk); |
151 | GNUNET_TESTING_system_destroy (system, GNUNET_YES); | 159 | GNUNET_TESTING_system_destroy (system, GNUNET_YES); |
152 | return 0; | 160 | return 0; |
153 | } | 161 | } |
diff --git a/src/testing/testing.c b/src/testing/testing.c index dd80f6ea5..16f902890 100644 --- a/src/testing/testing.c +++ b/src/testing/testing.c | |||
@@ -202,7 +202,7 @@ hostkeys_load (struct GNUNET_TESTING_System *system) | |||
202 | 202 | ||
203 | GNUNET_assert (NULL == system->hostkeys_data); | 203 | GNUNET_assert (NULL == system->hostkeys_data); |
204 | data_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_DATADIR); | 204 | data_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_DATADIR); |
205 | GNUNET_asprintf (&filename, "%s/testing_hostkeys.dat", data_dir); | 205 | GNUNET_asprintf (&filename, "%s/testing_hostkeys.ecc", data_dir); |
206 | GNUNET_free (data_dir); | 206 | GNUNET_free (data_dir); |
207 | 207 | ||
208 | if (GNUNET_YES != GNUNET_DISK_file_test (filename)) | 208 | if (GNUNET_YES != GNUNET_DISK_file_test (filename)) |
@@ -525,13 +525,13 @@ reserve_path (struct GNUNET_TESTING_System *system) | |||
525 | * key; if NULL, GNUNET_SYSERR is returned immediately | 525 | * key; if NULL, GNUNET_SYSERR is returned immediately |
526 | * @return NULL on error (not enough keys) | 526 | * @return NULL on error (not enough keys) |
527 | */ | 527 | */ |
528 | struct GNUNET_CRYPTO_RsaPrivateKey * | 528 | struct GNUNET_CRYPTO_EccPrivateKey * |
529 | GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, | 529 | GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, |
530 | uint32_t key_number, | 530 | uint32_t key_number, |
531 | struct GNUNET_PeerIdentity *id) | 531 | struct GNUNET_PeerIdentity *id) |
532 | { | 532 | { |
533 | struct GNUNET_CRYPTO_RsaPrivateKey *private_key; | 533 | struct GNUNET_CRYPTO_EccPrivateKey *private_key; |
534 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key; | 534 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key; |
535 | 535 | ||
536 | if ((NULL == id) || (NULL == system->hostkeys_data)) | 536 | if ((NULL == id) || (NULL == system->hostkeys_data)) |
537 | return NULL; | 537 | return NULL; |
@@ -541,7 +541,7 @@ GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, | |||
541 | _("Key number %u does not exist\n"), key_number); | 541 | _("Key number %u does not exist\n"), key_number); |
542 | return NULL; | 542 | return NULL; |
543 | } | 543 | } |
544 | private_key = GNUNET_CRYPTO_rsa_decode_key (system->hostkeys_data + | 544 | private_key = GNUNET_CRYPTO_ecc_decode_key (system->hostkeys_data + |
545 | (key_number * | 545 | (key_number * |
546 | GNUNET_TESTING_HOSTKEYFILESIZE), | 546 | GNUNET_TESTING_HOSTKEYFILESIZE), |
547 | GNUNET_TESTING_HOSTKEYFILESIZE); | 547 | GNUNET_TESTING_HOSTKEYFILESIZE); |
@@ -551,9 +551,9 @@ GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, | |||
551 | _("Error while decoding key %u\n"), key_number); | 551 | _("Error while decoding key %u\n"), key_number); |
552 | return NULL; | 552 | return NULL; |
553 | } | 553 | } |
554 | GNUNET_CRYPTO_rsa_key_get_public (private_key, &public_key); | 554 | GNUNET_CRYPTO_ecc_key_get_public (private_key, &public_key); |
555 | GNUNET_CRYPTO_hash (&public_key, | 555 | GNUNET_CRYPTO_hash (&public_key, |
556 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), | 556 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), |
557 | &(id->hashPubKey)); | 557 | &(id->hashPubKey)); |
558 | return private_key; | 558 | return private_key; |
559 | } | 559 | } |
@@ -855,7 +855,7 @@ GNUNET_TESTING_peer_configure (struct GNUNET_TESTING_System *system, | |||
855 | char *config_filename; | 855 | char *config_filename; |
856 | char *libexec_binary; | 856 | char *libexec_binary; |
857 | char *emsg_; | 857 | char *emsg_; |
858 | struct GNUNET_CRYPTO_RsaPrivateKey *pk; | 858 | struct GNUNET_CRYPTO_EccPrivateKey *pk; |
859 | 859 | ||
860 | if (NULL != emsg) | 860 | if (NULL != emsg) |
861 | *emsg = NULL; | 861 | *emsg = NULL; |
@@ -897,12 +897,13 @@ GNUNET_TESTING_peer_configure (struct GNUNET_TESTING_System *system, | |||
897 | return NULL; | 897 | return NULL; |
898 | } | 898 | } |
899 | if (NULL != pk) | 899 | if (NULL != pk) |
900 | GNUNET_CRYPTO_rsa_key_free (pk); | 900 | GNUNET_CRYPTO_ecc_key_free (pk); |
901 | GNUNET_assert (GNUNET_OK == | 901 | GNUNET_assert (GNUNET_OK == |
902 | GNUNET_CONFIGURATION_get_value_string (cfg, "PATHS", | 902 | GNUNET_CONFIGURATION_get_value_string (cfg, "PATHS", |
903 | "SERVICEHOME", | 903 | "SERVICEHOME", |
904 | &service_home)); | 904 | &service_home)); |
905 | GNUNET_snprintf (hostkey_filename, sizeof (hostkey_filename), "%s/.hostkey", | 905 | /* FIXME: might be better to evaluate actual configuration option here... */ |
906 | GNUNET_snprintf (hostkey_filename, sizeof (hostkey_filename), "%s/private.ecc", | ||
906 | service_home); | 907 | service_home); |
907 | GNUNET_free (service_home); | 908 | GNUNET_free (service_home); |
908 | fd = GNUNET_DISK_file_open (hostkey_filename, | 909 | fd = GNUNET_DISK_file_open (hostkey_filename, |
@@ -978,7 +979,7 @@ void | |||
978 | GNUNET_TESTING_peer_get_identity (const struct GNUNET_TESTING_Peer *peer, | 979 | GNUNET_TESTING_peer_get_identity (const struct GNUNET_TESTING_Peer *peer, |
979 | struct GNUNET_PeerIdentity *id) | 980 | struct GNUNET_PeerIdentity *id) |
980 | { | 981 | { |
981 | GNUNET_CRYPTO_rsa_key_free (GNUNET_TESTING_hostkey_get (peer->system, | 982 | GNUNET_CRYPTO_ecc_key_free (GNUNET_TESTING_hostkey_get (peer->system, |
982 | peer->key_number, | 983 | peer->key_number, |
983 | id)); | 984 | id)); |
984 | } | 985 | } |
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c index e64cbfbfe..513a660ac 100644 --- a/src/transport/gnunet-service-transport.c +++ b/src/transport/gnunet-service-transport.c | |||
@@ -65,7 +65,7 @@ struct GNUNET_PEERINFO_Handle *GST_peerinfo; | |||
65 | /** | 65 | /** |
66 | * Hostkey generation context | 66 | * Hostkey generation context |
67 | */ | 67 | */ |
68 | struct GNUNET_CRYPTO_RsaKeyGenerationContext *GST_keygen; | 68 | struct GNUNET_CRYPTO_EccKeyGenerationContext *GST_keygen; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Handle to our service's server. | 71 | * Handle to our service's server. |
@@ -75,12 +75,12 @@ static struct GNUNET_SERVER_Handle *GST_server; | |||
75 | /** | 75 | /** |
76 | * Our public key. | 76 | * Our public key. |
77 | */ | 77 | */ |
78 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded GST_my_public_key; | 78 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded GST_my_public_key; |
79 | 79 | ||
80 | /** | 80 | /** |
81 | * Our private key. | 81 | * Our private key. |
82 | */ | 82 | */ |
83 | struct GNUNET_CRYPTO_RsaPrivateKey *GST_my_private_key; | 83 | struct GNUNET_CRYPTO_EccPrivateKey *GST_my_private_key; |
84 | 84 | ||
85 | /** | 85 | /** |
86 | * ATS handle. | 86 | * ATS handle. |
@@ -557,7 +557,7 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
557 | { | 557 | { |
558 | if (NULL != GST_keygen) | 558 | if (NULL != GST_keygen) |
559 | { | 559 | { |
560 | GNUNET_CRYPTO_rsa_key_create_stop (GST_keygen); | 560 | GNUNET_CRYPTO_ecc_key_create_stop (GST_keygen); |
561 | GST_keygen = NULL; | 561 | GST_keygen = NULL; |
562 | } | 562 | } |
563 | GST_neighbours_stop (); | 563 | GST_neighbours_stop (); |
@@ -583,7 +583,7 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
583 | } | 583 | } |
584 | if (NULL != GST_my_private_key) | 584 | if (NULL != GST_my_private_key) |
585 | { | 585 | { |
586 | GNUNET_CRYPTO_rsa_key_free (GST_my_private_key); | 586 | GNUNET_CRYPTO_ecc_key_free (GST_my_private_key); |
587 | GST_my_private_key = NULL; | 587 | GST_my_private_key = NULL; |
588 | } | 588 | } |
589 | GST_server = NULL; | 589 | GST_server = NULL; |
@@ -599,10 +599,9 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
599 | */ | 599 | */ |
600 | static void | 600 | static void |
601 | key_generation_cb (void *cls, | 601 | key_generation_cb (void *cls, |
602 | struct GNUNET_CRYPTO_RsaPrivateKey *pk, | 602 | struct GNUNET_CRYPTO_EccPrivateKey *pk, |
603 | const char *emsg) | 603 | const char *emsg) |
604 | { | 604 | { |
605 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded tmp; | ||
606 | long long unsigned int max_fd_cfg; | 605 | long long unsigned int max_fd_cfg; |
607 | int max_fd_rlimit; | 606 | int max_fd_rlimit; |
608 | int max_fd; | 607 | int max_fd; |
@@ -627,14 +626,10 @@ key_generation_cb (void *cls, | |||
627 | return; | 626 | return; |
628 | } | 627 | } |
629 | GST_peerinfo = GNUNET_PEERINFO_connect (GST_cfg); | 628 | GST_peerinfo = GNUNET_PEERINFO_connect (GST_cfg); |
630 | memset (&GST_my_public_key, '\0', sizeof (GST_my_public_key)); | 629 | GNUNET_CRYPTO_ecc_key_get_public (GST_my_private_key, &GST_my_public_key); |
631 | memset (&tmp, '\0', sizeof (tmp)); | ||
632 | GNUNET_CRYPTO_rsa_key_get_public (GST_my_private_key, &GST_my_public_key); | ||
633 | GNUNET_CRYPTO_hash (&GST_my_public_key, sizeof (GST_my_public_key), | 630 | GNUNET_CRYPTO_hash (&GST_my_public_key, sizeof (GST_my_public_key), |
634 | &GST_my_identity.hashPubKey); | 631 | &GST_my_identity.hashPubKey); |
635 | |||
636 | GNUNET_assert (NULL != GST_my_private_key); | 632 | GNUNET_assert (NULL != GST_my_private_key); |
637 | GNUNET_assert (0 != memcmp (&GST_my_public_key, &tmp, sizeof (GST_my_public_key))); | ||
638 | 633 | ||
639 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &shutdown_task, | 634 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL, &shutdown_task, |
640 | NULL); | 635 | NULL); |
@@ -712,7 +707,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
712 | /* setup globals */ | 707 | /* setup globals */ |
713 | GST_cfg = c; | 708 | GST_cfg = c; |
714 | if (GNUNET_OK != | 709 | if (GNUNET_OK != |
715 | GNUNET_CONFIGURATION_get_value_filename (c, "GNUNETD", "HOSTKEY", | 710 | GNUNET_CONFIGURATION_get_value_filename (c, "PEER", "PRIVATE_KEY", |
716 | &keyfile)) | 711 | &keyfile)) |
717 | { | 712 | { |
718 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 713 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -729,7 +724,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
729 | } | 724 | } |
730 | GST_server = server; | 725 | GST_server = server; |
731 | GNUNET_SERVER_suspend (server); | 726 | GNUNET_SERVER_suspend (server); |
732 | GST_keygen = GNUNET_CRYPTO_rsa_key_create_start (keyfile, &key_generation_cb, NULL); | 727 | GST_keygen = GNUNET_CRYPTO_ecc_key_create_start (keyfile, &key_generation_cb, NULL); |
733 | GNUNET_free (keyfile); | 728 | GNUNET_free (keyfile); |
734 | if (NULL == GST_keygen) | 729 | if (NULL == GST_keygen) |
735 | { | 730 | { |
diff --git a/src/transport/gnunet-service-transport.h b/src/transport/gnunet-service-transport.h index abc473e21..1cbc14c6c 100644 --- a/src/transport/gnunet-service-transport.h +++ b/src/transport/gnunet-service-transport.h | |||
@@ -55,12 +55,12 @@ extern struct GNUNET_PEERINFO_Handle *GST_peerinfo; | |||
55 | /** | 55 | /** |
56 | * Our public key. | 56 | * Our public key. |
57 | */ | 57 | */ |
58 | extern struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded GST_my_public_key; | 58 | extern struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded GST_my_public_key; |
59 | 59 | ||
60 | /** | 60 | /** |
61 | * Our private key. | 61 | * Our private key. |
62 | */ | 62 | */ |
63 | extern struct GNUNET_CRYPTO_RsaPrivateKey *GST_my_private_key; | 63 | extern struct GNUNET_CRYPTO_EccPrivateKey *GST_my_private_key; |
64 | 64 | ||
65 | /** | 65 | /** |
66 | * ATS handle. | 66 | * ATS handle. |
diff --git a/src/transport/gnunet-service-transport_hello.c b/src/transport/gnunet-service-transport_hello.c index 247fbc882..c04d2e1dd 100644 --- a/src/transport/gnunet-service-transport_hello.c +++ b/src/transport/gnunet-service-transport_hello.c | |||
@@ -74,7 +74,7 @@ struct OwnAddressList | |||
74 | /** | 74 | /** |
75 | * Signature for a 'struct TransportPongMessage' for this address. | 75 | * Signature for a 'struct TransportPongMessage' for this address. |
76 | */ | 76 | */ |
77 | struct GNUNET_CRYPTO_RsaSignature pong_signature; | 77 | struct GNUNET_CRYPTO_EccSignature pong_signature; |
78 | 78 | ||
79 | }; | 79 | }; |
80 | 80 | ||
@@ -299,7 +299,7 @@ GST_hello_modify_addresses (int addremove, | |||
299 | */ | 299 | */ |
300 | int | 300 | int |
301 | GST_hello_test_address (const struct GNUNET_HELLO_Address *address, | 301 | GST_hello_test_address (const struct GNUNET_HELLO_Address *address, |
302 | struct GNUNET_CRYPTO_RsaSignature **sig, | 302 | struct GNUNET_CRYPTO_EccSignature **sig, |
303 | struct GNUNET_TIME_Absolute **sig_expiration) | 303 | struct GNUNET_TIME_Absolute **sig_expiration) |
304 | { | 304 | { |
305 | struct OwnAddressList *al; | 305 | struct OwnAddressList *al; |
diff --git a/src/transport/gnunet-service-transport_hello.h b/src/transport/gnunet-service-transport_hello.h index 605d19861..9927408d2 100644 --- a/src/transport/gnunet-service-transport_hello.h +++ b/src/transport/gnunet-service-transport_hello.h | |||
@@ -92,7 +92,7 @@ GST_hello_modify_addresses (int addremove, | |||
92 | */ | 92 | */ |
93 | int | 93 | int |
94 | GST_hello_test_address (const struct GNUNET_HELLO_Address *address, | 94 | GST_hello_test_address (const struct GNUNET_HELLO_Address *address, |
95 | struct GNUNET_CRYPTO_RsaSignature **sig, | 95 | struct GNUNET_CRYPTO_EccSignature **sig, |
96 | struct GNUNET_TIME_Absolute **sig_expiration); | 96 | struct GNUNET_TIME_Absolute **sig_expiration); |
97 | 97 | ||
98 | 98 | ||
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index cad325d98..8c8397ee2 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c | |||
@@ -318,7 +318,7 @@ struct SessionDisconnectMessage | |||
318 | * Purpose of the signature. Extends over the timestamp. | 318 | * Purpose of the signature. Extends over the timestamp. |
319 | * Purpose should be GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT. | 319 | * Purpose should be GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT. |
320 | */ | 320 | */ |
321 | struct GNUNET_CRYPTO_RsaSignaturePurpose purpose; | 321 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; |
322 | 322 | ||
323 | /** | 323 | /** |
324 | * Absolute time at the sender. Only the most recent connect | 324 | * Absolute time at the sender. Only the most recent connect |
@@ -329,14 +329,14 @@ struct SessionDisconnectMessage | |||
329 | /** | 329 | /** |
330 | * Public key of the sender. | 330 | * Public key of the sender. |
331 | */ | 331 | */ |
332 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key; | 332 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key; |
333 | 333 | ||
334 | /** | 334 | /** |
335 | * Signature of the peer that sends us the disconnect. Only | 335 | * Signature of the peer that sends us the disconnect. Only |
336 | * valid if the timestamp is AFTER the timestamp from the | 336 | * valid if the timestamp is AFTER the timestamp from the |
337 | * corresponding 'CONNECT' message. | 337 | * corresponding 'CONNECT' message. |
338 | */ | 338 | */ |
339 | struct GNUNET_CRYPTO_RsaSignature signature; | 339 | struct GNUNET_CRYPTO_EccSignature signature; |
340 | 340 | ||
341 | }; | 341 | }; |
342 | 342 | ||
@@ -1205,8 +1205,8 @@ send_disconnect (struct NeighbourMapEntry *n) | |||
1205 | htons (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT); | 1205 | htons (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT); |
1206 | disconnect_msg.reserved = htonl (0); | 1206 | disconnect_msg.reserved = htonl (0); |
1207 | disconnect_msg.purpose.size = | 1207 | disconnect_msg.purpose.size = |
1208 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | 1208 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
1209 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + | 1209 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) + |
1210 | sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 1210 | sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
1211 | disconnect_msg.purpose.purpose = | 1211 | disconnect_msg.purpose.purpose = |
1212 | htonl (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT); | 1212 | htonl (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT); |
@@ -1214,7 +1214,7 @@ send_disconnect (struct NeighbourMapEntry *n) | |||
1214 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); | 1214 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); |
1215 | disconnect_msg.public_key = GST_my_public_key; | 1215 | disconnect_msg.public_key = GST_my_public_key; |
1216 | GNUNET_assert (GNUNET_OK == | 1216 | GNUNET_assert (GNUNET_OK == |
1217 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, | 1217 | GNUNET_CRYPTO_ecc_sign (GST_my_private_key, |
1218 | &disconnect_msg.purpose, | 1218 | &disconnect_msg.purpose, |
1219 | &disconnect_msg.signature)); | 1219 | &disconnect_msg.signature)); |
1220 | 1220 | ||
@@ -3195,7 +3195,7 @@ GST_neighbours_handle_disconnect_message (const struct GNUNET_PeerIdentity | |||
3195 | return; | 3195 | return; |
3196 | } | 3196 | } |
3197 | GNUNET_CRYPTO_hash (&sdm->public_key, | 3197 | GNUNET_CRYPTO_hash (&sdm->public_key, |
3198 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), | 3198 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), |
3199 | &hc); | 3199 | &hc); |
3200 | if (0 != memcmp (peer, &hc, sizeof (struct GNUNET_PeerIdentity))) | 3200 | if (0 != memcmp (peer, &hc, sizeof (struct GNUNET_PeerIdentity))) |
3201 | { | 3201 | { |
@@ -3203,15 +3203,15 @@ GST_neighbours_handle_disconnect_message (const struct GNUNET_PeerIdentity | |||
3203 | return; | 3203 | return; |
3204 | } | 3204 | } |
3205 | if (ntohl (sdm->purpose.size) != | 3205 | if (ntohl (sdm->purpose.size) != |
3206 | sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | 3206 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
3207 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + | 3207 | sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded) + |
3208 | sizeof (struct GNUNET_TIME_AbsoluteNBO)) | 3208 | sizeof (struct GNUNET_TIME_AbsoluteNBO)) |
3209 | { | 3209 | { |
3210 | GNUNET_break_op (0); | 3210 | GNUNET_break_op (0); |
3211 | return; | 3211 | return; |
3212 | } | 3212 | } |
3213 | if (GNUNET_OK != | 3213 | if (GNUNET_OK != |
3214 | GNUNET_CRYPTO_rsa_verify | 3214 | GNUNET_CRYPTO_ecc_verify |
3215 | (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT, &sdm->purpose, | 3215 | (GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT, &sdm->purpose, |
3216 | &sdm->signature, &sdm->public_key)) | 3216 | &sdm->signature, &sdm->public_key)) |
3217 | { | 3217 | { |
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 3598a3494..c38a5022c 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -149,13 +149,13 @@ struct TransportPongMessage | |||
149 | /** | 149 | /** |
150 | * Signature. | 150 | * Signature. |
151 | */ | 151 | */ |
152 | struct GNUNET_CRYPTO_RsaSignature signature; | 152 | struct GNUNET_CRYPTO_EccSignature signature; |
153 | 153 | ||
154 | /** | 154 | /** |
155 | * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a | 155 | * GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN to confirm that this is a |
156 | * plausible address for the signing peer. | 156 | * plausible address for the signing peer. |
157 | */ | 157 | */ |
158 | struct GNUNET_CRYPTO_RsaSignaturePurpose purpose; | 158 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; |
159 | 159 | ||
160 | /** | 160 | /** |
161 | * When does this signature expire? | 161 | * When does this signature expire? |
@@ -190,7 +190,7 @@ struct ValidationEntry | |||
190 | /** | 190 | /** |
191 | * Public key of the peer. | 191 | * Public key of the peer. |
192 | */ | 192 | */ |
193 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key; | 193 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key; |
194 | 194 | ||
195 | /** | 195 | /** |
196 | * The identity of the peer. FIXME: duplicated (also in 'address') | 196 | * The identity of the peer. FIXME: duplicated (also in 'address') |
@@ -636,7 +636,7 @@ revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
636 | * if we don't have an existing entry and no public key was given | 636 | * if we don't have an existing entry and no public key was given |
637 | */ | 637 | */ |
638 | static struct ValidationEntry * | 638 | static struct ValidationEntry * |
639 | find_validation_entry (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | 639 | find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded |
640 | *public_key, const struct GNUNET_HELLO_Address *address) | 640 | *public_key, const struct GNUNET_HELLO_Address *address) |
641 | { | 641 | { |
642 | struct ValidationEntryMatchContext vemc; | 642 | struct ValidationEntryMatchContext vemc; |
@@ -688,7 +688,7 @@ add_valid_address (void *cls, const struct GNUNET_HELLO_Address *address, | |||
688 | const struct GNUNET_HELLO_Message *hello = cls; | 688 | const struct GNUNET_HELLO_Message *hello = cls; |
689 | struct ValidationEntry *ve; | 689 | struct ValidationEntry *ve; |
690 | struct GNUNET_PeerIdentity pid; | 690 | struct GNUNET_PeerIdentity pid; |
691 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key; | 691 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key; |
692 | 692 | ||
693 | if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0) | 693 | if (GNUNET_TIME_absolute_get_remaining (expiration).rel_value == 0) |
694 | return GNUNET_OK; /* expired */ | 694 | return GNUNET_OK; /* expired */ |
@@ -789,7 +789,7 @@ GST_validation_stop () | |||
789 | */ | 789 | */ |
790 | static void | 790 | static void |
791 | multicast_pong (void *cls, | 791 | multicast_pong (void *cls, |
792 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | 792 | const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded |
793 | *public_key, struct GNUNET_TIME_Absolute valid_until, | 793 | *public_key, struct GNUNET_TIME_Absolute valid_until, |
794 | struct GNUNET_TIME_Absolute validation_block, | 794 | struct GNUNET_TIME_Absolute validation_block, |
795 | const struct GNUNET_HELLO_Address *address) | 795 | const struct GNUNET_HELLO_Address *address) |
@@ -835,7 +835,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
835 | const struct TransportPingMessage *ping; | 835 | const struct TransportPingMessage *ping; |
836 | struct TransportPongMessage *pong; | 836 | struct TransportPongMessage *pong; |
837 | struct GNUNET_TRANSPORT_PluginFunctions *papi; | 837 | struct GNUNET_TRANSPORT_PluginFunctions *papi; |
838 | struct GNUNET_CRYPTO_RsaSignature *sig_cache; | 838 | struct GNUNET_CRYPTO_EccSignature *sig_cache; |
839 | struct GNUNET_TIME_Absolute *sig_cache_exp; | 839 | struct GNUNET_TIME_Absolute *sig_cache_exp; |
840 | const char *addr; | 840 | const char *addr; |
841 | const char *addrend; | 841 | const char *addrend; |
@@ -931,7 +931,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
931 | { | 931 | { |
932 | addrend = NULL; /* make gcc happy */ | 932 | addrend = NULL; /* make gcc happy */ |
933 | slen = 0; | 933 | slen = 0; |
934 | static struct GNUNET_CRYPTO_RsaSignature no_address_signature; | 934 | static struct GNUNET_CRYPTO_EccSignature no_address_signature; |
935 | static struct GNUNET_TIME_Absolute no_address_signature_expiration; | 935 | static struct GNUNET_TIME_Absolute no_address_signature_expiration; |
936 | 936 | ||
937 | sig_cache = &no_address_signature; | 937 | sig_cache = &no_address_signature; |
@@ -951,7 +951,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
951 | htons (sizeof (struct TransportPongMessage) + alen + slen); | 951 | htons (sizeof (struct TransportPongMessage) + alen + slen); |
952 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); | 952 | pong->header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_PONG); |
953 | pong->purpose.size = | 953 | pong->purpose.size = |
954 | htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + | 954 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
955 | sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) + | 955 | sizeof (uint32_t) + sizeof (struct GNUNET_TIME_AbsoluteNBO) + |
956 | alen + slen); | 956 | alen + slen); |
957 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN); | 957 | pong->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN); |
@@ -981,7 +981,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
981 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n"); | 981 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n"); |
982 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); | 982 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); |
983 | GNUNET_assert (GNUNET_OK == | 983 | GNUNET_assert (GNUNET_OK == |
984 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose, | 984 | GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose, |
985 | &pong->signature)); | 985 | &pong->signature)); |
986 | } | 986 | } |
987 | else | 987 | else |
@@ -1001,7 +1001,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
1001 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | 1001 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); |
1002 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | 1002 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
1003 | GNUNET_assert (GNUNET_OK == | 1003 | GNUNET_assert (GNUNET_OK == |
1004 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose, | 1004 | GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose, |
1005 | sig_cache)); | 1005 | sig_cache)); |
1006 | } | 1006 | } |
1007 | else | 1007 | else |
@@ -1080,7 +1080,7 @@ struct ValidateAddressContext | |||
1080 | /** | 1080 | /** |
1081 | * Public key of the peer whose address is being validated. | 1081 | * Public key of the peer whose address is being validated. |
1082 | */ | 1082 | */ |
1083 | struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded public_key; | 1083 | struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded public_key; |
1084 | }; | 1084 | }; |
1085 | 1085 | ||
1086 | 1086 | ||
@@ -1197,7 +1197,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1197 | } | 1197 | } |
1198 | 1198 | ||
1199 | if (GNUNET_OK != | 1199 | if (GNUNET_OK != |
1200 | GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, | 1200 | GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, |
1201 | &pong->purpose, &pong->signature, | 1201 | &pong->purpose, &pong->signature, |
1202 | &ve->public_key)) | 1202 | &ve->public_key)) |
1203 | { | 1203 | { |
diff --git a/src/transport/gnunet-service-transport_validation.h b/src/transport/gnunet-service-transport_validation.h index 6f1206f65..929e97a5c 100644 --- a/src/transport/gnunet-service-transport_validation.h +++ b/src/transport/gnunet-service-transport_validation.h | |||
@@ -134,7 +134,7 @@ GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello); | |||
134 | */ | 134 | */ |
135 | typedef void (*GST_ValidationAddressCallback) (void *cls, | 135 | typedef void (*GST_ValidationAddressCallback) (void *cls, |
136 | const struct | 136 | const struct |
137 | GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | 137 | GNUNET_CRYPTO_EccPublicKeyBinaryEncoded |
138 | * public_key, | 138 | * public_key, |
139 | struct GNUNET_TIME_Absolute | 139 | struct GNUNET_TIME_Absolute |
140 | valid_until, | 140 | valid_until, |
diff --git a/src/transport/test_plugin_transport.c b/src/transport/test_plugin_transport.c index f0dbc411b..7fcbe9d63 100644 --- a/src/transport/test_plugin_transport.c +++ b/src/transport/test_plugin_transport.c | |||
@@ -43,12 +43,12 @@ | |||
43 | #define WAIT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) | 43 | #define WAIT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
44 | #define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30) | 44 | #define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30) |
45 | 45 | ||
46 | #define HOSTKEY_FILE "test_plugin_hostkey" | 46 | #define HOSTKEY_FILE "test_plugin_hostkey.ecc" |
47 | 47 | ||
48 | /** | 48 | /** |
49 | * Our public key. | 49 | * Our public key. |
50 | */ | 50 | */ |
51 | static struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded my_public_key; | 51 | static struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key; |
52 | 52 | ||
53 | /** | 53 | /** |
54 | * Our identity. | 54 | * Our identity. |
@@ -58,7 +58,7 @@ static struct GNUNET_PeerIdentity my_identity; | |||
58 | /** | 58 | /** |
59 | * Our private key. | 59 | * Our private key. |
60 | */ | 60 | */ |
61 | static struct GNUNET_CRYPTO_RsaPrivateKey *my_private_key; | 61 | static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key; |
62 | 62 | ||
63 | /** | 63 | /** |
64 | * Our configuration. | 64 | * Our configuration. |
@@ -533,7 +533,7 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
533 | "NEIGHBOUR_LIMIT", | 533 | "NEIGHBOUR_LIMIT", |
534 | &tneigh)) || | 534 | &tneigh)) || |
535 | (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, | 535 | (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (c, |
536 | "GNUNETD", "HOSTKEY", | 536 | "PEER", "PRIVATE_KEY", |
537 | &keyfile))) | 537 | &keyfile))) |
538 | { | 538 | { |
539 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 539 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -576,7 +576,7 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
576 | 576 | ||
577 | 577 | ||
578 | max_connect_per_transport = (uint32_t) tneigh; | 578 | max_connect_per_transport = (uint32_t) tneigh; |
579 | my_private_key = GNUNET_CRYPTO_rsa_key_create_from_file (keyfile); | 579 | my_private_key = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile); |
580 | GNUNET_free (keyfile); | 580 | GNUNET_free (keyfile); |
581 | if (NULL == my_private_key) | 581 | if (NULL == my_private_key) |
582 | { | 582 | { |
@@ -585,7 +585,7 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
585 | end_badly_now (); | 585 | end_badly_now (); |
586 | return; | 586 | return; |
587 | } | 587 | } |
588 | GNUNET_CRYPTO_rsa_key_get_public (my_private_key, &my_public_key); | 588 | GNUNET_CRYPTO_ecc_key_get_public (my_private_key, &my_public_key); |
589 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), | 589 | GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), |
590 | &my_identity.hashPubKey); | 590 | &my_identity.hashPubKey); |
591 | 591 | ||
diff --git a/src/util/crypto_aes.c b/src/util/crypto_aes.c index d5c36d703..11b894f69 100644 --- a/src/util/crypto_aes.c +++ b/src/util/crypto_aes.c | |||
@@ -42,29 +42,6 @@ GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key) | |||
42 | { | 42 | { |
43 | gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, | 43 | gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, |
44 | GCRY_STRONG_RANDOM); | 44 | GCRY_STRONG_RANDOM); |
45 | key->crc32 = | ||
46 | htonl (GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
47 | } | ||
48 | |||
49 | |||
50 | /** | ||
51 | * Check that a new session key is well-formed. | ||
52 | * | ||
53 | * @return GNUNET_OK if the key is valid | ||
54 | */ | ||
55 | int | ||
56 | GNUNET_CRYPTO_aes_check_session_key (const struct GNUNET_CRYPTO_AesSessionKey | ||
57 | *key) | ||
58 | { | ||
59 | uint32_t crc; | ||
60 | |||
61 | crc = GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH); | ||
62 | if (ntohl (key->crc32) != crc) | ||
63 | { | ||
64 | GNUNET_break_op (0); | ||
65 | return GNUNET_SYSERR; | ||
66 | } | ||
67 | return GNUNET_OK; | ||
68 | } | 45 | } |
69 | 46 | ||
70 | 47 | ||
@@ -85,12 +62,6 @@ setup_cipher (gcry_cipher_hd_t *handle, | |||
85 | { | 62 | { |
86 | int rc; | 63 | int rc; |
87 | 64 | ||
88 | if (GNUNET_OK != | ||
89 | GNUNET_CRYPTO_aes_check_session_key (sessionkey)) | ||
90 | { | ||
91 | GNUNET_break (0); | ||
92 | return GNUNET_SYSERR; | ||
93 | } | ||
94 | GNUNET_assert (0 == | 65 | GNUNET_assert (0 == |
95 | gcry_cipher_open (handle, GCRY_CIPHER_AES256, | 66 | gcry_cipher_open (handle, GCRY_CIPHER_AES256, |
96 | GCRY_CIPHER_MODE_CFB, 0)); | 67 | GCRY_CIPHER_MODE_CFB, 0)); |
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c index 04225b3dc..fca66aed4 100644 --- a/src/util/crypto_hash.c +++ b/src/util/crypto_hash.c | |||
@@ -419,8 +419,6 @@ GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc, | |||
419 | GNUNET_CRYPTO_AES_KEY_LENGTH + | 419 | GNUNET_CRYPTO_AES_KEY_LENGTH + |
420 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); | 420 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); |
421 | memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH); | 421 | memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH); |
422 | skey->crc32 = | ||
423 | htonl (GNUNET_CRYPTO_crc32_n (skey, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
424 | memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH], | 422 | memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH], |
425 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); | 423 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); |
426 | } | 424 | } |
diff --git a/src/util/gnunet-ecc.c b/src/util/gnunet-ecc.c index b19fc1998..d7f1dd58d 100644 --- a/src/util/gnunet-ecc.c +++ b/src/util/gnunet-ecc.c | |||
@@ -65,38 +65,12 @@ struct GNUNET_CRYPTO_EccPrivateKey | |||
65 | 65 | ||
66 | 66 | ||
67 | /** | 67 | /** |
68 | * Create a new private key. Caller must free return value. | ||
69 | * | ||
70 | * @return fresh private key | ||
71 | */ | ||
72 | static struct GNUNET_CRYPTO_EccPrivateKey * | ||
73 | ecc_key_create () | ||
74 | { | ||
75 | struct GNUNET_CRYPTO_EccPrivateKey *ret; | ||
76 | gcry_sexp_t s_key; | ||
77 | gcry_sexp_t s_keyparam; | ||
78 | |||
79 | GNUNET_assert (0 == | ||
80 | gcry_sexp_build (&s_keyparam, NULL, | ||
81 | "(genkey(ecc(nbits %d)(ecc-use-e 3:257)))", | ||
82 | 2048)); | ||
83 | GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); | ||
84 | gcry_sexp_release (s_keyparam); | ||
85 | #if EXTRA_CHECKS | ||
86 | GNUNET_assert (0 == gcry_pk_testkey (s_key)); | ||
87 | #endif | ||
88 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey)); | ||
89 | ret->sexp = s_key; | ||
90 | return ret; | ||
91 | } | ||
92 | |||
93 | |||
94 | /** | ||
95 | * Create a flat file with a large number of key pairs for testing. | 68 | * Create a flat file with a large number of key pairs for testing. |
96 | */ | 69 | */ |
97 | static void | 70 | static void |
98 | create_keys (const char *fn) | 71 | create_keys (const char *fn) |
99 | { | 72 | { |
73 | static char pad[GNUNET_TESTING_HOSTKEYFILESIZE]; | ||
100 | FILE *f; | 74 | FILE *f; |
101 | struct GNUNET_CRYPTO_EccPrivateKey *pk; | 75 | struct GNUNET_CRYPTO_EccPrivateKey *pk; |
102 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc; | 76 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc; |
@@ -116,28 +90,34 @@ create_keys (const char *fn) | |||
116 | { | 90 | { |
117 | fprintf (stderr, | 91 | fprintf (stderr, |
118 | "."); | 92 | "."); |
119 | if (NULL == (pk = ecc_key_create ())) | 93 | if (NULL == (pk = GNUNET_CRYPTO_ecc_key_create ())) |
120 | { | 94 | { |
121 | GNUNET_break (0); | 95 | GNUNET_break (0); |
122 | break; | 96 | break; |
123 | } | 97 | } |
124 | enc = GNUNET_CRYPTO_ecc_encode_key (pk); | 98 | enc = GNUNET_CRYPTO_ecc_encode_key (pk); |
125 | if (htons (enc->size) != fwrite (enc, 1, htons (enc->size), f)) | 99 | GNUNET_assert (ntohs (enc->size) <= GNUNET_TESTING_HOSTKEYFILESIZE); |
126 | { | 100 | if ( (ntohs (enc->size) != fwrite (enc, 1, ntohs (enc->size), f)) || |
127 | fprintf (stderr, | 101 | (GNUNET_TESTING_HOSTKEYFILESIZE - ntohs (enc->size) |
128 | _("\nFailed to write to `%s': %s\n"), | 102 | != fwrite (pad, 1, GNUNET_TESTING_HOSTKEYFILESIZE - ntohs (enc->size), f)) ) |
129 | fn, | 103 | { |
130 | STRERROR (errno)); | 104 | fprintf (stderr, |
131 | GNUNET_CRYPTO_ecc_key_free (pk); | 105 | _("\nFailed to write to `%s': %s\n"), |
132 | GNUNET_free (enc); | 106 | fn, |
133 | break; | 107 | STRERROR (errno)); |
134 | } | 108 | GNUNET_CRYPTO_ecc_key_free (pk); |
109 | GNUNET_free (enc); | ||
110 | break; | ||
111 | } | ||
135 | GNUNET_CRYPTO_ecc_key_free (pk); | 112 | GNUNET_CRYPTO_ecc_key_free (pk); |
136 | GNUNET_free (enc); | 113 | GNUNET_free (enc); |
137 | } | 114 | } |
138 | if (0 == make_keys) | 115 | if (UINT_MAX == make_keys) |
116 | fprintf (stderr, | ||
117 | _("\nFinished!\n")); | ||
118 | else | ||
139 | fprintf (stderr, | 119 | fprintf (stderr, |
140 | _("Finished!\n")); | 120 | _("\nError, %u keys not generated\n"), make_keys); |
141 | fclose (f); | 121 | fclose (f); |
142 | } | 122 | } |
143 | 123 | ||
diff --git a/src/util/gnunet-rsa.c b/src/util/gnunet-rsa.c index 917ee50f4..1e7132d3f 100644 --- a/src/util/gnunet-rsa.c +++ b/src/util/gnunet-rsa.c | |||
@@ -25,7 +25,6 @@ | |||
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet_util_lib.h" | 27 | #include "gnunet_util_lib.h" |
28 | #include "gnunet_testing_lib.h" | ||
29 | #include <gcrypt.h> | 28 | #include <gcrypt.h> |
30 | 29 | ||
31 | 30 | ||
@@ -49,107 +48,6 @@ static int print_short_identity; | |||
49 | */ | 48 | */ |
50 | static int weak_random; | 49 | static int weak_random; |
51 | 50 | ||
52 | /** | ||
53 | * Option set to create a bunch of keys at once. | ||
54 | */ | ||
55 | static unsigned int make_keys; | ||
56 | |||
57 | /** | ||
58 | * The private information of an RSA key pair. | ||
59 | * NOTE: this must match the definition in crypto_ksk.c and crypto_rsa.c! | ||
60 | */ | ||
61 | struct GNUNET_CRYPTO_RsaPrivateKey | ||
62 | { | ||
63 | gcry_sexp_t sexp; | ||
64 | }; | ||
65 | |||
66 | |||
67 | /** | ||
68 | * Create a new private key. Caller must free return value. | ||
69 | * | ||
70 | * @return fresh private key | ||
71 | */ | ||
72 | static struct GNUNET_CRYPTO_RsaPrivateKey * | ||
73 | rsa_key_create () | ||
74 | { | ||
75 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
76 | gcry_sexp_t s_key; | ||
77 | gcry_sexp_t s_keyparam; | ||
78 | |||
79 | GNUNET_assert (0 == | ||
80 | gcry_sexp_build (&s_keyparam, NULL, | ||
81 | "(genkey(rsa(nbits %d)(rsa-use-e 3:257)))", | ||
82 | 2048)); | ||
83 | GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); | ||
84 | gcry_sexp_release (s_keyparam); | ||
85 | #if EXTRA_CHECKS | ||
86 | GNUNET_assert (0 == gcry_pk_testkey (s_key)); | ||
87 | #endif | ||
88 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | ||
89 | ret->sexp = s_key; | ||
90 | return ret; | ||
91 | } | ||
92 | |||
93 | |||
94 | /** | ||
95 | * Create a flat file with a large number of key pairs for testing. | ||
96 | */ | ||
97 | static void | ||
98 | create_keys (const char *fn) | ||
99 | { | ||
100 | FILE *f; | ||
101 | struct GNUNET_CRYPTO_RsaPrivateKey *pk; | ||
102 | struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *enc; | ||
103 | |||
104 | if (NULL == (f = fopen (fn, "w+"))) | ||
105 | { | ||
106 | fprintf (stderr, | ||
107 | _("Failed to open `%s': %s\n"), | ||
108 | fn, | ||
109 | STRERROR (errno)); | ||
110 | return; | ||
111 | } | ||
112 | fprintf (stderr, | ||
113 | _("Generating %u keys, please wait"), | ||
114 | make_keys); | ||
115 | while (0 < make_keys--) | ||
116 | { | ||
117 | fprintf (stderr, | ||
118 | "."); | ||
119 | if (NULL == (pk = rsa_key_create ())) | ||
120 | { | ||
121 | GNUNET_break (0); | ||
122 | break; | ||
123 | } | ||
124 | enc = GNUNET_CRYPTO_rsa_encode_key (pk); | ||
125 | if (GNUNET_TESTING_HOSTKEYFILESIZE != htons (enc->len)) | ||
126 | { | ||
127 | /* sometimes we get a different key length because 'd' or 'u' start | ||
128 | with leading bits; skip those... */ | ||
129 | GNUNET_CRYPTO_rsa_key_free (pk); | ||
130 | GNUNET_free (enc); | ||
131 | make_keys++; | ||
132 | continue; | ||
133 | } | ||
134 | if (htons (enc->len) != fwrite (enc, 1, htons (enc->len), f)) | ||
135 | { | ||
136 | fprintf (stderr, | ||
137 | _("\nFailed to write to `%s': %s\n"), | ||
138 | fn, | ||
139 | STRERROR (errno)); | ||
140 | GNUNET_CRYPTO_rsa_key_free (pk); | ||
141 | GNUNET_free (enc); | ||
142 | break; | ||
143 | } | ||
144 | GNUNET_CRYPTO_rsa_key_free (pk); | ||
145 | GNUNET_free (enc); | ||
146 | } | ||
147 | if (0 == make_keys) | ||
148 | fprintf (stderr, | ||
149 | _("Finished!\n")); | ||
150 | fclose (f); | ||
151 | } | ||
152 | |||
153 | 51 | ||
154 | /** | 52 | /** |
155 | * Main function that will be run by the scheduler. | 53 | * Main function that will be run by the scheduler. |
@@ -174,11 +72,6 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
174 | } | 72 | } |
175 | if (0 != weak_random) | 73 | if (0 != weak_random) |
176 | GNUNET_CRYPTO_random_disable_entropy_gathering (); | 74 | GNUNET_CRYPTO_random_disable_entropy_gathering (); |
177 | if (make_keys > 0) | ||
178 | { | ||
179 | create_keys (args[0]); | ||
180 | return; | ||
181 | } | ||
182 | pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]); | 75 | pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]); |
183 | if (NULL == pk) | 76 | if (NULL == pk) |
184 | return; | 77 | return; |
@@ -225,9 +118,6 @@ int | |||
225 | main (int argc, char *const*argv) | 118 | main (int argc, char *const*argv) |
226 | { | 119 | { |
227 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { | 120 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { |
228 | { 'g', "generate-keys", "COUNT", | ||
229 | gettext_noop ("create COUNT public-private key pairs (for testing)"), | ||
230 | 1, &GNUNET_GETOPT_set_uint, &make_keys }, | ||
231 | { 'p', "print-public-key", NULL, | 121 | { 'p', "print-public-key", NULL, |
232 | gettext_noop ("print the public key in ASCII format"), | 122 | gettext_noop ("print the public key in ASCII format"), |
233 | 0, &GNUNET_GETOPT_set_one, &print_public_key }, | 123 | 0, &GNUNET_GETOPT_set_one, &print_public_key }, |
diff --git a/src/util/test_crypto_aes.c b/src/util/test_crypto_aes.c index 971e9afbe..88b51188e 100644 --- a/src/util/test_crypto_aes.c +++ b/src/util/test_crypto_aes.c | |||
@@ -95,17 +95,6 @@ verifyCrypto () | |||
95 | ret = 0; | 95 | ret = 0; |
96 | 96 | ||
97 | memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH); | 97 | memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH); |
98 | key.crc32 = | ||
99 | htonl (GNUNET_CRYPTO_crc32_n (&key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
100 | |||
101 | if (ntohl (key.crc32) != (unsigned int) 38125195LL) | ||
102 | { | ||
103 | printf ("Static key has different CRC: %u - %u\n", ntohl (key.crc32), | ||
104 | key.crc32); | ||
105 | |||
106 | ret = 1; | ||
107 | goto error; | ||
108 | } | ||
109 | 98 | ||
110 | if (GNUNET_CRYPTO_AES_KEY_LENGTH != | 99 | if (GNUNET_CRYPTO_AES_KEY_LENGTH != |
111 | GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key, | 100 | GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key, |
diff --git a/src/util/test_crypto_aes_weak.c b/src/util/test_crypto_aes_weak.c index 0b7ba5c54..201bfeb5d 100644 --- a/src/util/test_crypto_aes_weak.c +++ b/src/util/test_crypto_aes_weak.c | |||
@@ -91,9 +91,6 @@ testWeakKey () | |||
91 | weak_key.key[30] = (char) (0xaa); | 91 | weak_key.key[30] = (char) (0xaa); |
92 | weak_key.key[31] = (char) (0xaa); | 92 | weak_key.key[31] = (char) (0xaa); |
93 | /* memset(&weak_key, 0, 32); */ | 93 | /* memset(&weak_key, 0, 32); */ |
94 | weak_key.crc32 = | ||
95 | htonl (GNUNET_CRYPTO_crc32_n (&weak_key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
96 | |||
97 | size = | 94 | size = |
98 | GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING, | 95 | GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING, |
99 | strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key, | 96 | strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key, |