diff options
22 files changed, 859 insertions, 180 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index cafe658e8..a79ef075b 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -77,119 +77,6 @@ | |||
77 | GNUNET_NETWORK_STRUCT_BEGIN | 77 | GNUNET_NETWORK_STRUCT_BEGIN |
78 | 78 | ||
79 | /** | 79 | /** |
80 | * Message transmitted with the signed ephemeral key of a peer. The | ||
81 | * session key is then derived from the two ephemeral keys (ECDHE). | ||
82 | */ | ||
83 | struct EphemeralKeyMessage | ||
84 | { | ||
85 | /** | ||
86 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY. | ||
87 | */ | ||
88 | struct GNUNET_MessageHeader header; | ||
89 | |||
90 | /** | ||
91 | * Status of the sender (should be in `enum PeerStateMachine`), nbo. | ||
92 | */ | ||
93 | int32_t sender_status GNUNET_PACKED; | ||
94 | |||
95 | /** | ||
96 | * An ECC signature of the @e origin_identity asserting the validity | ||
97 | * of the given ephemeral key. | ||
98 | */ | ||
99 | struct GNUNET_CRYPTO_EddsaSignature signature; | ||
100 | |||
101 | /** | ||
102 | * Information about what is being signed. | ||
103 | */ | ||
104 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
105 | |||
106 | /** | ||
107 | * At what time was this key created (beginning of validity). | ||
108 | */ | ||
109 | struct GNUNET_TIME_AbsoluteNBO creation_time; | ||
110 | |||
111 | /** | ||
112 | * When does the given ephemeral key expire (end of validity). | ||
113 | */ | ||
114 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | ||
115 | |||
116 | /** | ||
117 | * Ephemeral public ECC key. | ||
118 | */ | ||
119 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | ||
120 | |||
121 | /** | ||
122 | * Public key of the signing peer (persistent version, not the | ||
123 | * ephemeral public key). | ||
124 | */ | ||
125 | struct GNUNET_PeerIdentity origin_identity; | ||
126 | }; | ||
127 | |||
128 | |||
129 | /** | ||
130 | * We're sending an (encrypted) PING to the other peer to check if it | ||
131 | * can decrypt. The other peer should respond with a PONG with the | ||
132 | * same content, except this time encrypted with the receiver's key. | ||
133 | */ | ||
134 | struct PingMessage | ||
135 | { | ||
136 | /** | ||
137 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING. | ||
138 | */ | ||
139 | struct GNUNET_MessageHeader header; | ||
140 | |||
141 | /** | ||
142 | * Seed for the IV | ||
143 | */ | ||
144 | uint32_t iv_seed GNUNET_PACKED; | ||
145 | |||
146 | /** | ||
147 | * Intended target of the PING, used primarily to check | ||
148 | * that decryption actually worked. | ||
149 | */ | ||
150 | struct GNUNET_PeerIdentity target; | ||
151 | |||
152 | /** | ||
153 | * Random number chosen to make replay harder. | ||
154 | */ | ||
155 | uint32_t challenge GNUNET_PACKED; | ||
156 | }; | ||
157 | |||
158 | |||
159 | /** | ||
160 | * Response to a PING. Includes data from the original PING. | ||
161 | */ | ||
162 | struct PongMessage | ||
163 | { | ||
164 | /** | ||
165 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG. | ||
166 | */ | ||
167 | struct GNUNET_MessageHeader header; | ||
168 | |||
169 | /** | ||
170 | * Seed for the IV | ||
171 | */ | ||
172 | uint32_t iv_seed GNUNET_PACKED; | ||
173 | |||
174 | /** | ||
175 | * Random number to make replay attacks harder. | ||
176 | */ | ||
177 | uint32_t challenge GNUNET_PACKED; | ||
178 | |||
179 | /** | ||
180 | * Reserved, always zero. | ||
181 | */ | ||
182 | uint32_t reserved; | ||
183 | |||
184 | /** | ||
185 | * Intended target of the PING, used primarily to check | ||
186 | * that decryption actually worked. | ||
187 | */ | ||
188 | struct GNUNET_PeerIdentity target; | ||
189 | }; | ||
190 | |||
191 | |||
192 | /** | ||
193 | * Encapsulation for encrypted messages exchanged between | 80 | * Encapsulation for encrypted messages exchanged between |
194 | * peers. Followed by the actual encrypted data. | 81 | * peers. Followed by the actual encrypted data. |
195 | */ | 82 | */ |
diff --git a/src/include/gnunet_core_service.h b/src/include/gnunet_core_service.h index 66b292c3c..60bc3c2a6 100644 --- a/src/include/gnunet_core_service.h +++ b/src/include/gnunet_core_service.h | |||
@@ -48,6 +48,122 @@ extern "C" { | |||
48 | */ | 48 | */ |
49 | #define GNUNET_CORE_VERSION 0x00000001 | 49 | #define GNUNET_CORE_VERSION 0x00000001 |
50 | 50 | ||
51 | GNUNET_NETWORK_STRUCT_BEGIN | ||
52 | |||
53 | /** | ||
54 | * Message transmitted with the signed ephemeral key of a peer. The | ||
55 | * session key is then derived from the two ephemeral keys (ECDHE). | ||
56 | */ | ||
57 | struct EphemeralKeyMessage | ||
58 | { | ||
59 | /** | ||
60 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY. | ||
61 | */ | ||
62 | struct GNUNET_MessageHeader header; | ||
63 | |||
64 | /** | ||
65 | * Status of the sender (should be in `enum PeerStateMachine`), nbo. | ||
66 | */ | ||
67 | int32_t sender_status GNUNET_PACKED; | ||
68 | |||
69 | /** | ||
70 | * An ECC signature of the @e origin_identity asserting the validity | ||
71 | * of the given ephemeral key. | ||
72 | */ | ||
73 | struct GNUNET_CRYPTO_EddsaSignature signature; | ||
74 | |||
75 | /** | ||
76 | * Information about what is being signed. | ||
77 | */ | ||
78 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
79 | |||
80 | /** | ||
81 | * At what time was this key created (beginning of validity). | ||
82 | */ | ||
83 | struct GNUNET_TIME_AbsoluteNBO creation_time; | ||
84 | |||
85 | /** | ||
86 | * When does the given ephemeral key expire (end of validity). | ||
87 | */ | ||
88 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | ||
89 | |||
90 | /** | ||
91 | * Ephemeral public ECC key. | ||
92 | */ | ||
93 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | ||
94 | |||
95 | /** | ||
96 | * Public key of the signing peer (persistent version, not the | ||
97 | * ephemeral public key). | ||
98 | */ | ||
99 | struct GNUNET_PeerIdentity origin_identity; | ||
100 | }; | ||
101 | |||
102 | |||
103 | /** | ||
104 | * We're sending an (encrypted) PING to the other peer to check if it | ||
105 | * can decrypt. The other peer should respond with a PONG with the | ||
106 | * same content, except this time encrypted with the receiver's key. | ||
107 | */ | ||
108 | struct PingMessage | ||
109 | { | ||
110 | /** | ||
111 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING. | ||
112 | */ | ||
113 | struct GNUNET_MessageHeader header; | ||
114 | |||
115 | /** | ||
116 | * Seed for the IV | ||
117 | */ | ||
118 | uint32_t iv_seed GNUNET_PACKED; | ||
119 | |||
120 | /** | ||
121 | * Intended target of the PING, used primarily to check | ||
122 | * that decryption actually worked. | ||
123 | */ | ||
124 | struct GNUNET_PeerIdentity target; | ||
125 | |||
126 | /** | ||
127 | * Random number chosen to make replay harder. | ||
128 | */ | ||
129 | uint32_t challenge GNUNET_PACKED; | ||
130 | }; | ||
131 | |||
132 | |||
133 | /** | ||
134 | * Response to a PING. Includes data from the original PING. | ||
135 | */ | ||
136 | struct PongMessage | ||
137 | { | ||
138 | /** | ||
139 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG. | ||
140 | */ | ||
141 | struct GNUNET_MessageHeader header; | ||
142 | |||
143 | /** | ||
144 | * Seed for the IV | ||
145 | */ | ||
146 | uint32_t iv_seed GNUNET_PACKED; | ||
147 | |||
148 | /** | ||
149 | * Random number to make replay attacks harder. | ||
150 | */ | ||
151 | uint32_t challenge GNUNET_PACKED; | ||
152 | |||
153 | /** | ||
154 | * Reserved, always zero. | ||
155 | */ | ||
156 | uint32_t reserved; | ||
157 | |||
158 | /** | ||
159 | * Intended target of the PING, used primarily to check | ||
160 | * that decryption actually worked. | ||
161 | */ | ||
162 | struct GNUNET_PeerIdentity target; | ||
163 | }; | ||
164 | |||
165 | |||
166 | GNUNET_NETWORK_STRUCT_END | ||
51 | 167 | ||
52 | /** | 168 | /** |
53 | * Opaque handle to the service. | 169 | * Opaque handle to the service. |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 320701643..c1b0b3b1b 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -289,6 +289,17 @@ struct GNUNET_CRYPTO_SymmetricSessionKey | |||
289 | unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH]; | 289 | unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH]; |
290 | }; | 290 | }; |
291 | 291 | ||
292 | /** | ||
293 | * Type of a nonce used for challenges. | ||
294 | */ | ||
295 | struct ChallengeNonceP | ||
296 | { | ||
297 | /** | ||
298 | * The value of the nonce. Note that this is NOT a hash. | ||
299 | */ | ||
300 | struct GNUNET_ShortHashCode value; | ||
301 | }; | ||
302 | |||
292 | GNUNET_NETWORK_STRUCT_END | 303 | GNUNET_NETWORK_STRUCT_END |
293 | 304 | ||
294 | /** | 305 | /** |
diff --git a/src/include/gnunet_peerstore_service.h b/src/include/gnunet_peerstore_service.h index cd68dad66..91a8f2e66 100644 --- a/src/include/gnunet_peerstore_service.h +++ b/src/include/gnunet_peerstore_service.h | |||
@@ -67,6 +67,24 @@ extern "C" { | |||
67 | #define GNUNET_PEERSTORE_TRANSPORT_DVLEARN_MONOTIME \ | 67 | #define GNUNET_PEERSTORE_TRANSPORT_DVLEARN_MONOTIME \ |
68 | "transport-dv-learn-monotonic-time" | 68 | "transport-dv-learn-monotonic-time" |
69 | 69 | ||
70 | /** | ||
71 | * Key used to store sender's monotonic time from handshake message. | ||
72 | */ | ||
73 | #define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE \ | ||
74 | "transport-tcp-communicator-handshake" | ||
75 | |||
76 | /** | ||
77 | * Key used to store sender's monotonic time from handshake ack message. | ||
78 | */ | ||
79 | #define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK \ | ||
80 | "transport-tcp-communicator-handshake-ack" | ||
81 | |||
82 | /** | ||
83 | * Key used to store sender's monotonic time from rekey message. | ||
84 | */ | ||
85 | #define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY \ | ||
86 | "transport-tcp-communicator-rekey" | ||
87 | |||
70 | 88 | ||
71 | /** | 89 | /** |
72 | * Options for storing values in PEERSTORE | 90 | * Options for storing values in PEERSTORE |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 0db6150aa..5af58664f 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -3293,6 +3293,11 @@ extern "C" { | |||
3293 | #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH 1452 | 3293 | #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH 1452 |
3294 | 3294 | ||
3295 | /** | 3295 | /** |
3296 | * TCP communicator confirmation ack. | ||
3297 | */ | ||
3298 | #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK 1453 | ||
3299 | |||
3300 | /** | ||
3296 | * UDP KX acknowledgement. | 3301 | * UDP KX acknowledgement. |
3297 | */ | 3302 | */ |
3298 | #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK 1460 | 3303 | #define GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK 1460 |
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index 503113770..7c0c1d104 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h | |||
@@ -246,6 +246,11 @@ extern "C" | |||
246 | */ | 246 | */ |
247 | #define GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR 38 | 247 | #define GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR 38 |
248 | 248 | ||
249 | /** | ||
250 | * Signature by a peer sending back the nonce received at initial handshake. | ||
251 | */ | ||
252 | #define GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK 39 | ||
253 | |||
249 | #if 0 /* keep Emacsens' auto-indent happy */ | 254 | #if 0 /* keep Emacsens' auto-indent happy */ |
250 | { | 255 | { |
251 | #endif | 256 | #endif |
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index eadb601ef..127ba9516 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am | |||
@@ -266,6 +266,7 @@ gnunet_communicator_tcp_SOURCES = \ | |||
266 | gnunet-communicator-tcp.c | 266 | gnunet-communicator-tcp.c |
267 | gnunet_communicator_tcp_LDADD = \ | 267 | gnunet_communicator_tcp_LDADD = \ |
268 | libgnunettransportcommunicator.la \ | 268 | libgnunettransportcommunicator.la \ |
269 | $(top_builddir)/src/peerstore/libgnunetpeerstore.la \ | ||
269 | $(top_builddir)/src/nat/libgnunetnatnew.la \ | 270 | $(top_builddir)/src/nat/libgnunetnatnew.la \ |
270 | $(top_builddir)/src/nt/libgnunetnt.la \ | 271 | $(top_builddir)/src/nt/libgnunetnt.la \ |
271 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ | 272 | $(top_builddir)/src/statistics/libgnunetstatistics.la \ |
diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c index e25cdf139..fff699415 100644 --- a/src/transport/gnunet-communicator-tcp.c +++ b/src/transport/gnunet-communicator-tcp.c | |||
@@ -24,26 +24,22 @@ | |||
24 | * @author Christian Grothoff | 24 | * @author Christian Grothoff |
25 | * | 25 | * |
26 | * TODO: | 26 | * TODO: |
27 | * - support DNS names in BINDTO option (#5528) | ||
28 | * - support NAT connection reversal method (#5529) | 27 | * - support NAT connection reversal method (#5529) |
29 | * - support other TCP-specific NAT traversal methods (#5531) | 28 | * - support other TCP-specific NAT traversal methods (#5531) |
30 | * - add replay protection support to the protocol by | ||
31 | * adding a nonce in the KX and requiring (!) a | ||
32 | * nounce ACK to be send within the first X bytes of | ||
33 | * data (#5530) | ||
34 | */ | 29 | */ |
35 | #include "platform.h" | 30 | #include "platform.h" |
36 | #include "gnunet_util_lib.h" | 31 | #include "gnunet_util_lib.h" |
32 | #include "gnunet_core_service.h" | ||
33 | #include "gnunet_peerstore_service.h" | ||
37 | #include "gnunet_protocols.h" | 34 | #include "gnunet_protocols.h" |
38 | #include "gnunet_signatures.h" | 35 | #include "gnunet_signatures.h" |
39 | #include "gnunet_constants.h" | 36 | #include "gnunet_constants.h" |
40 | #include "gnunet_nt_lib.h" | 37 | #include "gnunet_nt_lib.h" |
41 | #include "gnunet_nat_service.h" | 38 | #include "gnunet_nat_service.h" |
42 | #include "gnunet_statistics_service.h" | 39 | #include "gnunet_statistics_service.h" |
43 | #include "gnunet_ats_transport_service.h" | ||
44 | #include "transport.h" | ||
45 | #include "gnunet_transport_communication_service.h" | 40 | #include "gnunet_transport_communication_service.h" |
46 | #include "gnunet_resolver_service.h" | 41 | #include "gnunet_resolver_service.h" |
42 | |||
47 | /** | 43 | /** |
48 | * How long do we believe our addresses to remain up (before | 44 | * How long do we believe our addresses to remain up (before |
49 | * the other peer should revalidate). | 45 | * the other peer should revalidate). |
@@ -91,6 +87,13 @@ | |||
91 | (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \ | 87 | (sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \ |
92 | + sizeof(struct TCPConfirmation)) | 88 | + sizeof(struct TCPConfirmation)) |
93 | 89 | ||
90 | /** | ||
91 | * Size of the initial core key exchange messages. | ||
92 | */ | ||
93 | #define INITIAL_CORE_KX_SIZE \ | ||
94 | (sizeof(struct EphemeralKeyMessage) \ | ||
95 | + sizeof(struct PingMessage) \ | ||
96 | + sizeof(struct PongMessage)) | ||
94 | 97 | ||
95 | /** | 98 | /** |
96 | * Address prefix used by the communicator. | 99 | * Address prefix used by the communicator. |
@@ -136,8 +139,45 @@ struct TcpHandshakeSignature | |||
136 | * (if receiver persists times by sender). | 139 | * (if receiver persists times by sender). |
137 | */ | 140 | */ |
138 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | 141 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; |
142 | |||
143 | /** | ||
144 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
145 | */ | ||
146 | struct ChallengeNonceP challenge; | ||
139 | }; | 147 | }; |
140 | 148 | ||
149 | /** | ||
150 | * Signature we use to verify that the ack from the receiver of the ephemeral key was really send by | ||
151 | * the specified sender. | ||
152 | */ | ||
153 | struct TcpHandshakeAckSignature | ||
154 | { | ||
155 | /** | ||
156 | * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK | ||
157 | */ | ||
158 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
159 | |||
160 | /** | ||
161 | * Identity of the inititor of the TCP connection (TCP client). | ||
162 | */ | ||
163 | struct GNUNET_PeerIdentity sender; | ||
164 | |||
165 | /** | ||
166 | * Presumed identity of the target of the TCP connection (TCP server) | ||
167 | */ | ||
168 | struct GNUNET_PeerIdentity receiver; | ||
169 | |||
170 | /** | ||
171 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
172 | * (if receiver persists times by sender). | ||
173 | */ | ||
174 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
175 | |||
176 | /** | ||
177 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
178 | */ | ||
179 | struct ChallengeNonceP challenge; | ||
180 | }; | ||
141 | 181 | ||
142 | /** | 182 | /** |
143 | * Encrypted continuation of TCP initial handshake. | 183 | * Encrypted continuation of TCP initial handshake. |
@@ -159,8 +199,48 @@ struct TCPConfirmation | |||
159 | * (if receiver persists times by sender). | 199 | * (if receiver persists times by sender). |
160 | */ | 200 | */ |
161 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | 201 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; |
202 | |||
203 | /** | ||
204 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
205 | */ | ||
206 | struct ChallengeNonceP challenge; | ||
207 | |||
162 | }; | 208 | }; |
163 | 209 | ||
210 | /** | ||
211 | * Ack for the encrypted continuation of TCP initial handshake. | ||
212 | */ | ||
213 | struct TCPConfirmationAck | ||
214 | { | ||
215 | |||
216 | |||
217 | /** | ||
218 | * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK. | ||
219 | */ | ||
220 | struct GNUNET_MessageHeader header; | ||
221 | |||
222 | /** | ||
223 | * Sender's identity | ||
224 | */ | ||
225 | struct GNUNET_PeerIdentity sender; | ||
226 | |||
227 | /** | ||
228 | * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK | ||
229 | */ | ||
230 | struct GNUNET_CRYPTO_EddsaSignature sender_sig; | ||
231 | |||
232 | /** | ||
233 | * Monotonic time of @e sender, to possibly help detect replay attacks | ||
234 | * (if receiver persists times by sender). | ||
235 | */ | ||
236 | struct GNUNET_TIME_AbsoluteNBO monotonic_time; | ||
237 | |||
238 | /** | ||
239 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
240 | */ | ||
241 | struct ChallengeNonceP challenge; | ||
242 | |||
243 | }; | ||
164 | 244 | ||
165 | /** | 245 | /** |
166 | * TCP message box. Always sent encrypted! | 246 | * TCP message box. Always sent encrypted! |
@@ -456,6 +536,56 @@ struct Queue | |||
456 | * re-decrypt ciphertext. | 536 | * re-decrypt ciphertext. |
457 | */ | 537 | */ |
458 | int rekeyed; | 538 | int rekeyed; |
539 | |||
540 | /** | ||
541 | * Monotonic time value for rekey message. | ||
542 | */ | ||
543 | struct GNUNET_TIME_AbsoluteNBO rekey_monotonic_time; | ||
544 | |||
545 | /** | ||
546 | * Monotonic time value for handshake message. | ||
547 | */ | ||
548 | struct GNUNET_TIME_AbsoluteNBO handshake_monotonic_time; | ||
549 | |||
550 | /** | ||
551 | * Monotonic time value for handshake ack message. | ||
552 | */ | ||
553 | struct GNUNET_TIME_AbsoluteNBO handshake_ack_monotonic_time; | ||
554 | |||
555 | /** | ||
556 | * Challenge value used to protect against replay attack, if there is no stored monotonic time value. | ||
557 | */ | ||
558 | struct ChallengeNonceP challenge; | ||
559 | |||
560 | /** | ||
561 | * Iteration Context for retrieving the monotonic time send with key for rekeying. | ||
562 | */ | ||
563 | struct GNUNET_PEERSTORE_IterateContext *rekey_monotime_get; | ||
564 | |||
565 | /** | ||
566 | * Iteration Context for retrieving the monotonic time send with the handshake. | ||
567 | */ | ||
568 | struct GNUNET_PEERSTORE_IterateContext *handshake_monotime_get; | ||
569 | |||
570 | /** | ||
571 | * Iteration Context for retrieving the monotonic time send with the handshake ack. | ||
572 | */ | ||
573 | struct GNUNET_PEERSTORE_IterateContext *handshake_ack_monotime_get; | ||
574 | |||
575 | /** | ||
576 | * Store Context for retrieving the monotonic time send with key for rekeying. | ||
577 | */ | ||
578 | struct GNUNET_PEERSTORE_StoreContext *rekey_monotime_sc; | ||
579 | |||
580 | /** | ||
581 | * Store Context for retrieving the monotonic time send with the handshake. | ||
582 | */ | ||
583 | struct GNUNET_PEERSTORE_StoreContext *handshake_monotime_sc; | ||
584 | |||
585 | /** | ||
586 | * Store Context for retrieving the monotonic time send with the handshake ack. | ||
587 | */ | ||
588 | struct GNUNET_PEERSTORE_StoreContext *handshake_ack_monotime_sc; | ||
459 | }; | 589 | }; |
460 | 590 | ||
461 | 591 | ||
@@ -659,6 +789,16 @@ struct Addresses *addrs_tail; | |||
659 | int addrs_lens; | 789 | int addrs_lens; |
660 | 790 | ||
661 | /** | 791 | /** |
792 | * Size of data received without KX challenge played back. | ||
793 | */ | ||
794 | size_t unverified_size; | ||
795 | |||
796 | /** | ||
797 | * Database for peer's HELLOs. | ||
798 | */ | ||
799 | static struct GNUNET_PEERSTORE_Handle *peerstore; | ||
800 | |||
801 | /** | ||
662 | * We have been notified that our listen socket has something to | 802 | * We have been notified that our listen socket has something to |
663 | * read. Do the read and reschedule this function to be called again | 803 | * read. Do the read and reschedule this function to be called again |
664 | * once more is available. | 804 | * once more is available. |
@@ -688,6 +828,36 @@ queue_destroy (struct Queue *queue) | |||
688 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 828 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
689 | "Disconnecting queue for peer `%s'\n", | 829 | "Disconnecting queue for peer `%s'\n", |
690 | GNUNET_i2s (&queue->target)); | 830 | GNUNET_i2s (&queue->target)); |
831 | if (NULL != queue->rekey_monotime_sc) | ||
832 | { | ||
833 | GNUNET_PEERSTORE_store_cancel (queue->rekey_monotime_sc); | ||
834 | queue->rekey_monotime_sc = NULL; | ||
835 | } | ||
836 | if (NULL != queue->handshake_monotime_sc) | ||
837 | { | ||
838 | GNUNET_PEERSTORE_store_cancel (queue->handshake_monotime_sc); | ||
839 | queue->handshake_monotime_sc = NULL; | ||
840 | } | ||
841 | if (NULL != queue->handshake_ack_monotime_sc) | ||
842 | { | ||
843 | GNUNET_PEERSTORE_store_cancel (queue->handshake_ack_monotime_sc); | ||
844 | queue->handshake_ack_monotime_sc = NULL; | ||
845 | } | ||
846 | if (NULL != queue->rekey_monotime_get) | ||
847 | { | ||
848 | GNUNET_PEERSTORE_iterate_cancel (queue->rekey_monotime_get); | ||
849 | queue->rekey_monotime_get = NULL; | ||
850 | } | ||
851 | if (NULL != queue->handshake_monotime_get) | ||
852 | { | ||
853 | GNUNET_PEERSTORE_iterate_cancel (queue->handshake_monotime_get); | ||
854 | queue->handshake_monotime_get = NULL; | ||
855 | } | ||
856 | if (NULL != queue->handshake_ack_monotime_get) | ||
857 | { | ||
858 | GNUNET_PEERSTORE_iterate_cancel (queue->handshake_ack_monotime_get); | ||
859 | queue->handshake_ack_monotime_get = NULL; | ||
860 | } | ||
691 | if (NULL != (mq = queue->mq)) | 861 | if (NULL != (mq = queue->mq)) |
692 | { | 862 | { |
693 | queue->mq = NULL; | 863 | queue->mq = NULL; |
@@ -965,6 +1135,78 @@ setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral, | |||
965 | setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac); | 1135 | setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac); |
966 | } | 1136 | } |
967 | 1137 | ||
1138 | /** | ||
1139 | * Callback called when peerstore store operation for rekey monotime value is finished. | ||
1140 | * @param cls Queue context the store operation was executed. | ||
1141 | * @param success Store operation was successful (GNUNET_OK) or not. | ||
1142 | */ | ||
1143 | static void | ||
1144 | rekey_monotime_store_cb (void *cls, int success) | ||
1145 | { | ||
1146 | struct Queue *queue = cls; | ||
1147 | if (GNUNET_OK != success) | ||
1148 | { | ||
1149 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1150 | "Failed to store rekey monotonic time in PEERSTORE!\n"); | ||
1151 | } | ||
1152 | queue->rekey_monotime_sc = NULL; | ||
1153 | } | ||
1154 | |||
1155 | /** | ||
1156 | * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY | ||
1157 | * where found. | ||
1158 | * @param cls Queue context the store operation was executed. | ||
1159 | * @param record The record found or NULL if there is no record left. | ||
1160 | * @param emsg Message from peerstore. | ||
1161 | */ | ||
1162 | static void | ||
1163 | rekey_monotime_cb (void *cls, | ||
1164 | const struct GNUNET_PEERSTORE_Record *record, | ||
1165 | const char *emsg) | ||
1166 | { | ||
1167 | struct Queue *queue = cls; | ||
1168 | struct GNUNET_TIME_AbsoluteNBO *mtbe; | ||
1169 | struct GNUNET_TIME_Absolute mt; | ||
1170 | const struct GNUNET_PeerIdentity *pid; | ||
1171 | struct GNUNET_TIME_AbsoluteNBO *rekey_monotonic_time; | ||
1172 | |||
1173 | (void) emsg; | ||
1174 | |||
1175 | rekey_monotonic_time = &queue->rekey_monotonic_time; | ||
1176 | pid = &queue->target; | ||
1177 | if (NULL == record) | ||
1178 | { | ||
1179 | queue->rekey_monotime_get = NULL; | ||
1180 | return; | ||
1181 | } | ||
1182 | if (sizeof(*mtbe) != record->value_size) | ||
1183 | { | ||
1184 | GNUNET_break (0); | ||
1185 | return; | ||
1186 | } | ||
1187 | mtbe = record->value; | ||
1188 | mt = GNUNET_TIME_absolute_ntoh (*mtbe); | ||
1189 | if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh ( | ||
1190 | queue->rekey_monotonic_time).abs_value_us) | ||
1191 | { | ||
1192 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1193 | "Queue from %s dropped, rekey monotime in the past\n", | ||
1194 | GNUNET_i2s (&queue->target)); | ||
1195 | GNUNET_break (0); | ||
1196 | queue_finish (queue); | ||
1197 | return; | ||
1198 | } | ||
1199 | queue->rekey_monotime_sc = GNUNET_PEERSTORE_store (peerstore, | ||
1200 | "transport_tcp_communicator", | ||
1201 | pid, | ||
1202 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY, | ||
1203 | rekey_monotonic_time, | ||
1204 | sizeof(rekey_monotonic_time), | ||
1205 | GNUNET_TIME_UNIT_FOREVER_ABS, | ||
1206 | GNUNET_PEERSTORE_STOREOPTION_REPLACE, | ||
1207 | &rekey_monotime_store_cb, | ||
1208 | queue); | ||
1209 | } | ||
968 | 1210 | ||
969 | /** | 1211 | /** |
970 | * Handle @a rekey message on @a queue. The message was already | 1212 | * Handle @a rekey message on @a queue. The message was already |
@@ -984,7 +1226,6 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey) | |||
984 | thp.receiver = my_identity; | 1226 | thp.receiver = my_identity; |
985 | thp.ephemeral = rekey->ephemeral; | 1227 | thp.ephemeral = rekey->ephemeral; |
986 | thp.monotonic_time = rekey->monotonic_time; | 1228 | thp.monotonic_time = rekey->monotonic_time; |
987 | /* FIXME: check monotonic time is monotonic... */ | ||
988 | if (GNUNET_OK != | 1229 | if (GNUNET_OK != |
989 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY, | 1230 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY, |
990 | &thp, | 1231 | &thp, |
@@ -995,11 +1236,93 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey) | |||
995 | queue_finish (queue); | 1236 | queue_finish (queue); |
996 | return; | 1237 | return; |
997 | } | 1238 | } |
1239 | queue->rekey_monotonic_time = rekey->monotonic_time; | ||
1240 | queue->rekey_monotime_get = GNUNET_PEERSTORE_iterate (peerstore, | ||
1241 | "transport_tcp_communicator", | ||
1242 | &queue->target, | ||
1243 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY, | ||
1244 | &rekey_monotime_cb, | ||
1245 | queue); | ||
998 | gcry_cipher_close (queue->in_cipher); | 1246 | gcry_cipher_close (queue->in_cipher); |
999 | queue->rekeyed = GNUNET_YES; | 1247 | queue->rekeyed = GNUNET_YES; |
1000 | setup_in_cipher (&rekey->ephemeral, queue); | 1248 | setup_in_cipher (&rekey->ephemeral, queue); |
1001 | } | 1249 | } |
1002 | 1250 | ||
1251 | /** | ||
1252 | * Callback called when peerstore store operation for handshake ack monotime value is finished. | ||
1253 | * @param cls Queue context the store operation was executed. | ||
1254 | * @param success Store operation was successful (GNUNET_OK) or not. | ||
1255 | */ | ||
1256 | static void | ||
1257 | handshake_ack_monotime_store_cb (void *cls, int success) | ||
1258 | { | ||
1259 | struct Queue *queue = cls; | ||
1260 | |||
1261 | if (GNUNET_OK != success) | ||
1262 | { | ||
1263 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1264 | "Failed to store handshake ack monotonic time in PEERSTORE!\n"); | ||
1265 | } | ||
1266 | queue->handshake_ack_monotime_sc = NULL; | ||
1267 | } | ||
1268 | |||
1269 | /** | ||
1270 | * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK | ||
1271 | * where found. | ||
1272 | * @param cls Queue context the store operation was executed. | ||
1273 | * @param record The record found or NULL if there is no record left. | ||
1274 | * @param emsg Message from peerstore. | ||
1275 | */ | ||
1276 | static void | ||
1277 | handshake_ack_monotime_cb (void *cls, | ||
1278 | const struct GNUNET_PEERSTORE_Record *record, | ||
1279 | const char *emsg) | ||
1280 | { | ||
1281 | struct Queue *queue = cls; | ||
1282 | struct GNUNET_TIME_AbsoluteNBO *mtbe; | ||
1283 | struct GNUNET_TIME_Absolute mt; | ||
1284 | const struct GNUNET_PeerIdentity *pid; | ||
1285 | struct GNUNET_TIME_AbsoluteNBO *handshake_ack_monotonic_time; | ||
1286 | |||
1287 | (void) emsg; | ||
1288 | |||
1289 | handshake_ack_monotonic_time = &queue->handshake_ack_monotonic_time; | ||
1290 | pid = &queue->target; | ||
1291 | if (NULL == record) | ||
1292 | { | ||
1293 | queue->handshake_ack_monotime_get = NULL; | ||
1294 | return; | ||
1295 | } | ||
1296 | if (sizeof(*mtbe) != record->value_size) | ||
1297 | { | ||
1298 | GNUNET_break (0); | ||
1299 | return; | ||
1300 | } | ||
1301 | mtbe = record->value; | ||
1302 | mt = GNUNET_TIME_absolute_ntoh (*mtbe); | ||
1303 | if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh ( | ||
1304 | queue->handshake_ack_monotonic_time).abs_value_us) | ||
1305 | { | ||
1306 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1307 | "Queue from %s dropped, handshake ack monotime in the past\n", | ||
1308 | GNUNET_i2s (&queue->target)); | ||
1309 | GNUNET_break (0); | ||
1310 | queue_finish (queue); | ||
1311 | return; | ||
1312 | } | ||
1313 | queue->handshake_ack_monotime_sc = GNUNET_PEERSTORE_store (peerstore, | ||
1314 | "transport_tcp_communicator", | ||
1315 | pid, | ||
1316 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK, | ||
1317 | handshake_ack_monotonic_time, | ||
1318 | sizeof( | ||
1319 | handshake_ack_monotonic_time), | ||
1320 | GNUNET_TIME_UNIT_FOREVER_ABS, | ||
1321 | GNUNET_PEERSTORE_STOREOPTION_REPLACE, | ||
1322 | & | ||
1323 | handshake_ack_monotime_store_cb, | ||
1324 | queue); | ||
1325 | } | ||
1003 | 1326 | ||
1004 | /** | 1327 | /** |
1005 | * Test if we have received a full message in plaintext. | 1328 | * Test if we have received a full message in plaintext. |
@@ -1013,6 +1336,8 @@ try_handle_plaintext (struct Queue *queue) | |||
1013 | { | 1336 | { |
1014 | const struct GNUNET_MessageHeader *hdr = | 1337 | const struct GNUNET_MessageHeader *hdr = |
1015 | (const struct GNUNET_MessageHeader *) queue->pread_buf; | 1338 | (const struct GNUNET_MessageHeader *) queue->pread_buf; |
1339 | const struct TCPConfirmationAck *tca = (const struct | ||
1340 | TCPConfirmationAck *) queue->pread_buf; | ||
1016 | const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf; | 1341 | const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf; |
1017 | const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf; | 1342 | const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf; |
1018 | const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf; | 1343 | const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf; |
@@ -1021,12 +1346,92 @@ try_handle_plaintext (struct Queue *queue) | |||
1021 | struct GNUNET_ShortHashCode tmac; | 1346 | struct GNUNET_ShortHashCode tmac; |
1022 | uint16_t type; | 1347 | uint16_t type; |
1023 | size_t size = 0; /* make compiler happy */ | 1348 | size_t size = 0; /* make compiler happy */ |
1349 | struct TcpHandshakeAckSignature thas; | ||
1350 | const struct ChallengeNonceP challenge = queue->challenge; | ||
1024 | 1351 | ||
1025 | if (sizeof(*hdr) > queue->pread_off) | 1352 | if ((sizeof(*hdr) > queue->pread_off)) |
1353 | { | ||
1354 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1355 | "Handling plaintext, not even a header!\n"); | ||
1026 | return 0; /* not even a header */ | 1356 | return 0; /* not even a header */ |
1357 | } | ||
1358 | |||
1359 | if ((-1 != unverified_size) && (unverified_size > INITIAL_CORE_KX_SIZE)) | ||
1360 | { | ||
1361 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1362 | "Already received data of size %u bigger than KX size %u!\n", | ||
1363 | unverified_size, | ||
1364 | INITIAL_CORE_KX_SIZE); | ||
1365 | GNUNET_break_op (0); | ||
1366 | queue_finish (queue); | ||
1367 | return 0; | ||
1368 | } | ||
1369 | |||
1027 | type = ntohs (hdr->type); | 1370 | type = ntohs (hdr->type); |
1028 | switch (type) | 1371 | switch (type) |
1029 | { | 1372 | { |
1373 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK: | ||
1374 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1375 | "start processing ack\n"); | ||
1376 | if (sizeof(*tca) > queue->pread_off) | ||
1377 | { | ||
1378 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1379 | "Handling plaintext size of tca greater than pread offset.\n"); | ||
1380 | return 0; | ||
1381 | } | ||
1382 | if (ntohs (hdr->size) != sizeof(*tca)) | ||
1383 | { | ||
1384 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1385 | "Handling plaintext size does not match message type.\n"); | ||
1386 | GNUNET_break_op (0); | ||
1387 | queue_finish (queue); | ||
1388 | return 0; | ||
1389 | } | ||
1390 | |||
1391 | thas.purpose.purpose = htonl ( | ||
1392 | GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK); | ||
1393 | thas.purpose.size = htonl (sizeof(thas)); | ||
1394 | thas.sender = tca->sender; | ||
1395 | thas.receiver = my_identity; | ||
1396 | thas.monotonic_time = tca->monotonic_time; | ||
1397 | thas.challenge = tca->challenge; | ||
1398 | |||
1399 | if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_verify ( | ||
1400 | GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK, | ||
1401 | &thas, | ||
1402 | &tca->sender_sig, | ||
1403 | &tca->sender.public_key)) | ||
1404 | { | ||
1405 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1406 | "Verification of signature failed!\n"); | ||
1407 | GNUNET_break (0); | ||
1408 | queue_finish (queue); | ||
1409 | return 0; | ||
1410 | } | ||
1411 | if (0 != GNUNET_memcmp (&tca->challenge, &challenge)) | ||
1412 | { | ||
1413 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1414 | "Challenge in TCPConfirmationAck not correct!\n"); | ||
1415 | GNUNET_break (0); | ||
1416 | queue_finish (queue); | ||
1417 | return 0; | ||
1418 | } | ||
1419 | |||
1420 | queue->handshake_ack_monotime_get = GNUNET_PEERSTORE_iterate (peerstore, | ||
1421 | "transport_tcp_communicator", | ||
1422 | &queue->target, | ||
1423 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK, | ||
1424 | & | ||
1425 | handshake_ack_monotime_cb, | ||
1426 | queue); | ||
1427 | |||
1428 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1429 | "Handling plaintext, ack processed!"); | ||
1430 | |||
1431 | unverified_size = -1; | ||
1432 | |||
1433 | size = ntohs (hdr->size); | ||
1434 | break; | ||
1030 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX: | 1435 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX: |
1031 | /* Special case: header size excludes box itself! */ | 1436 | /* Special case: header size excludes box itself! */ |
1032 | if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off) | 1437 | if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off) |
@@ -1040,6 +1445,8 @@ try_handle_plaintext (struct Queue *queue) | |||
1040 | } | 1445 | } |
1041 | pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size)); | 1446 | pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size)); |
1042 | size = ntohs (hdr->size) + sizeof(*box); | 1447 | size = ntohs (hdr->size) + sizeof(*box); |
1448 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1449 | "Handling plaintext, box processed!\n"); | ||
1043 | break; | 1450 | break; |
1044 | 1451 | ||
1045 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY: | 1452 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY: |
@@ -1062,6 +1469,8 @@ try_handle_plaintext (struct Queue *queue) | |||
1062 | } | 1469 | } |
1063 | do_rekey (queue, rekey); | 1470 | do_rekey (queue, rekey); |
1064 | size = ntohs (hdr->size); | 1471 | size = ntohs (hdr->size); |
1472 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1473 | "Handling plaintext, rekey processed!\n"); | ||
1065 | break; | 1474 | break; |
1066 | 1475 | ||
1067 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH: | 1476 | case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH: |
@@ -1084,14 +1493,20 @@ try_handle_plaintext (struct Queue *queue) | |||
1084 | } | 1493 | } |
1085 | /* handle FINISH by destroying queue */ | 1494 | /* handle FINISH by destroying queue */ |
1086 | queue_destroy (queue); | 1495 | queue_destroy (queue); |
1496 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1497 | "Handling plaintext, finish processed!\n"); | ||
1087 | break; | 1498 | break; |
1088 | 1499 | ||
1089 | default: | 1500 | default: |
1501 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1502 | "Handling plaintext, nothing processed!\n"); | ||
1090 | GNUNET_break_op (0); | 1503 | GNUNET_break_op (0); |
1091 | queue_finish (queue); | 1504 | queue_finish (queue); |
1092 | return 0; | 1505 | return 0; |
1093 | } | 1506 | } |
1094 | GNUNET_assert (0 != size); | 1507 | GNUNET_assert (0 != size); |
1508 | if (-1 != unverified_size) | ||
1509 | unverified_size += size; | ||
1095 | return size; | 1510 | return size; |
1096 | } | 1511 | } |
1097 | 1512 | ||
@@ -1216,10 +1631,6 @@ tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len, struct sockaddr_in6 v6, | |||
1216 | { | 1631 | { |
1217 | struct sockaddr *in; | 1632 | struct sockaddr *in; |
1218 | 1633 | ||
1219 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1220 | "1 address %s\n", | ||
1221 | GNUNET_a2s (in, *sock_len)); | ||
1222 | |||
1223 | v6.sin6_family = AF_INET6; | 1634 | v6.sin6_family = AF_INET6; |
1224 | v6.sin6_port = htons ((uint16_t) port); | 1635 | v6.sin6_port = htons ((uint16_t) port); |
1225 | #if HAVE_SOCKADDR_IN_SIN_LEN | 1636 | #if HAVE_SOCKADDR_IN_SIN_LEN |
@@ -1227,9 +1638,6 @@ tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len, struct sockaddr_in6 v6, | |||
1227 | #endif | 1638 | #endif |
1228 | in = GNUNET_memdup (&v6, sizeof(v6)); | 1639 | in = GNUNET_memdup (&v6, sizeof(v6)); |
1229 | *sock_len = sizeof(struct sockaddr_in6); | 1640 | *sock_len = sizeof(struct sockaddr_in6); |
1230 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1231 | "address %s\n", | ||
1232 | GNUNET_a2s (in, *sock_len)); | ||
1233 | 1641 | ||
1234 | return in; | 1642 | return in; |
1235 | } | 1643 | } |
@@ -1302,16 +1710,9 @@ tcp_address_to_sockaddr_port_only (const char *bindto, unsigned int *port) | |||
1302 | *port); | 1710 | *port); |
1303 | po->addr_len_ipv4 = &sock_len_ipv4; | 1711 | po->addr_len_ipv4 = &sock_len_ipv4; |
1304 | 1712 | ||
1305 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1306 | "3.5 address %s\n", | ||
1307 | GNUNET_a2s (po->addr_ipv4, sock_len_ipv4)); | ||
1308 | |||
1309 | i6 = GNUNET_malloc (sizeof(struct sockaddr_in6)); | 1713 | i6 = GNUNET_malloc (sizeof(struct sockaddr_in6)); |
1310 | po->addr_ipv6 = tcp_address_to_sockaddr_numeric_v6 (&sock_len_ipv6, *i6, | 1714 | po->addr_ipv6 = tcp_address_to_sockaddr_numeric_v6 (&sock_len_ipv6, *i6, |
1311 | *port); | 1715 | *port); |
1312 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1313 | "3 address %s\n", | ||
1314 | GNUNET_a2s (po->addr_ipv6, sock_len_ipv6)); | ||
1315 | 1716 | ||
1316 | po->addr_len_ipv6 = &sock_len_ipv6; | 1717 | po->addr_len_ipv6 = &sock_len_ipv6; |
1317 | } | 1718 | } |
@@ -1821,12 +2222,16 @@ transmit_kx (struct Queue *queue, | |||
1821 | tc.sender = my_identity; | 2222 | tc.sender = my_identity; |
1822 | tc.monotonic_time = | 2223 | tc.monotonic_time = |
1823 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); | 2224 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); |
2225 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | ||
2226 | &tc.challenge, | ||
2227 | sizeof(tc.challenge)); | ||
1824 | ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE); | 2228 | ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE); |
1825 | ths.purpose.size = htonl (sizeof(ths)); | 2229 | ths.purpose.size = htonl (sizeof(ths)); |
1826 | ths.sender = my_identity; | 2230 | ths.sender = my_identity; |
1827 | ths.receiver = queue->target; | 2231 | ths.receiver = queue->target; |
1828 | ths.ephemeral = *epub; | 2232 | ths.ephemeral = *epub; |
1829 | ths.monotonic_time = tc.monotonic_time; | 2233 | ths.monotonic_time = tc.monotonic_time; |
2234 | ths.challenge = tc.challenge; | ||
1830 | GNUNET_CRYPTO_eddsa_sign (my_private_key, | 2235 | GNUNET_CRYPTO_eddsa_sign (my_private_key, |
1831 | &ths, | 2236 | &ths, |
1832 | &tc.sender_sig); | 2237 | &tc.sender_sig); |
@@ -1836,7 +2241,12 @@ transmit_kx (struct Queue *queue, | |||
1836 | sizeof(tc), | 2241 | sizeof(tc), |
1837 | &tc, | 2242 | &tc, |
1838 | sizeof(tc))); | 2243 | sizeof(tc))); |
2244 | queue->challenge = tc.challenge; | ||
1839 | queue->cwrite_off += sizeof(tc); | 2245 | queue->cwrite_off += sizeof(tc); |
2246 | |||
2247 | GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG, | ||
2248 | "transport", | ||
2249 | "handshake written\n"); | ||
1840 | } | 2250 | } |
1841 | 2251 | ||
1842 | 2252 | ||
@@ -1858,6 +2268,80 @@ start_initial_kx_out (struct Queue *queue) | |||
1858 | transmit_kx (queue, &epub); | 2268 | transmit_kx (queue, &epub); |
1859 | } | 2269 | } |
1860 | 2270 | ||
2271 | /** | ||
2272 | * Callback called when peerstore store operation for handshake monotime is finished. | ||
2273 | * @param cls Queue context the store operation was executed. | ||
2274 | * @param success Store operation was successful (GNUNET_OK) or not. | ||
2275 | */ | ||
2276 | static void | ||
2277 | handshake_monotime_store_cb (void *cls, int success) | ||
2278 | { | ||
2279 | struct Queue *queue = cls; | ||
2280 | if (GNUNET_OK != success) | ||
2281 | { | ||
2282 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2283 | "Failed to store handshake monotonic time in PEERSTORE!\n"); | ||
2284 | } | ||
2285 | queue->handshake_monotime_sc = NULL; | ||
2286 | } | ||
2287 | |||
2288 | /** | ||
2289 | * Callback called by peerstore when records for GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE | ||
2290 | * where found. | ||
2291 | * @param cls Queue context the store operation was executed. | ||
2292 | * @param record The record found or NULL if there is no record left. | ||
2293 | * @param emsg Message from peerstore. | ||
2294 | */ | ||
2295 | static void | ||
2296 | handshake_monotime_cb (void *cls, | ||
2297 | const struct GNUNET_PEERSTORE_Record *record, | ||
2298 | const char *emsg) | ||
2299 | { | ||
2300 | struct Queue *queue = cls; | ||
2301 | struct GNUNET_TIME_AbsoluteNBO *mtbe; | ||
2302 | struct GNUNET_TIME_Absolute mt; | ||
2303 | const struct GNUNET_PeerIdentity *pid; | ||
2304 | struct GNUNET_TIME_AbsoluteNBO *handshake_monotonic_time; | ||
2305 | |||
2306 | (void) emsg; | ||
2307 | |||
2308 | handshake_monotonic_time = &queue->handshake_monotonic_time; | ||
2309 | pid = &queue->target; | ||
2310 | if (NULL == record) | ||
2311 | { | ||
2312 | queue->handshake_monotime_get = NULL; | ||
2313 | return; | ||
2314 | } | ||
2315 | if (sizeof(*mtbe) != record->value_size) | ||
2316 | { | ||
2317 | GNUNET_break (0); | ||
2318 | return; | ||
2319 | } | ||
2320 | mtbe = record->value; | ||
2321 | mt = GNUNET_TIME_absolute_ntoh (*mtbe); | ||
2322 | if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh ( | ||
2323 | queue->handshake_monotonic_time).abs_value_us) | ||
2324 | { | ||
2325 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2326 | "Queue from %s dropped, handshake monotime in the past\n", | ||
2327 | GNUNET_i2s (&queue->target)); | ||
2328 | GNUNET_break (0); | ||
2329 | queue_finish (queue); | ||
2330 | return; | ||
2331 | } | ||
2332 | queue->handshake_monotime_sc = GNUNET_PEERSTORE_store (peerstore, | ||
2333 | "transport_tcp_communicator", | ||
2334 | pid, | ||
2335 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE, | ||
2336 | handshake_monotonic_time, | ||
2337 | sizeof( | ||
2338 | handshake_monotonic_time), | ||
2339 | GNUNET_TIME_UNIT_FOREVER_ABS, | ||
2340 | GNUNET_PEERSTORE_STOREOPTION_REPLACE, | ||
2341 | & | ||
2342 | handshake_monotime_store_cb, | ||
2343 | queue); | ||
2344 | } | ||
1861 | 2345 | ||
1862 | /** | 2346 | /** |
1863 | * We have received the first bytes from the other side on a @a queue. | 2347 | * We have received the first bytes from the other side on a @a queue. |
@@ -1890,13 +2374,19 @@ decrypt_and_check_tc (struct Queue *queue, | |||
1890 | ths.receiver = my_identity; | 2374 | ths.receiver = my_identity; |
1891 | memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)); | 2375 | memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)); |
1892 | ths.monotonic_time = tc->monotonic_time; | 2376 | ths.monotonic_time = tc->monotonic_time; |
1893 | /* FIXME: check monotonic time against previous mono times | 2377 | ths.challenge = tc->challenge; |
1894 | from this sender! */ | ||
1895 | return GNUNET_CRYPTO_eddsa_verify ( | 2378 | return GNUNET_CRYPTO_eddsa_verify ( |
1896 | GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE, | 2379 | GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE, |
1897 | &ths, | 2380 | &ths, |
1898 | &tc->sender_sig, | 2381 | &tc->sender_sig, |
1899 | &tc->sender.public_key); | 2382 | &tc->sender.public_key); |
2383 | queue->handshake_monotime_get = GNUNET_PEERSTORE_iterate (peerstore, | ||
2384 | "transport_tcp_communicator", | ||
2385 | &queue->target, | ||
2386 | GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE, | ||
2387 | & | ||
2388 | handshake_monotime_cb, | ||
2389 | queue); | ||
1900 | } | 2390 | } |
1901 | 2391 | ||
1902 | 2392 | ||
@@ -1924,6 +2414,47 @@ free_proto_queue (struct ProtoQueue *pq) | |||
1924 | GNUNET_free (pq); | 2414 | GNUNET_free (pq); |
1925 | } | 2415 | } |
1926 | 2416 | ||
2417 | /** | ||
2418 | * Sending challenge with TcpConfirmationAck back to sender of ephemeral key. | ||
2419 | * | ||
2420 | * @param tc The TCPConfirmation originally send. | ||
2421 | * @param queue The queue context. | ||
2422 | */ | ||
2423 | static void | ||
2424 | send_challenge (struct TCPConfirmation tc, struct Queue *queue) | ||
2425 | { | ||
2426 | struct TCPConfirmationAck tca; | ||
2427 | struct TcpHandshakeAckSignature thas; | ||
2428 | |||
2429 | GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG, | ||
2430 | "transport", | ||
2431 | "sending challenge\n"); | ||
2432 | |||
2433 | tca.header.type = ntohs ( | ||
2434 | GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK); | ||
2435 | tca.header.size = ntohs (sizeof(tca)); | ||
2436 | tca.challenge = tc.challenge; | ||
2437 | tca.sender = my_identity; | ||
2438 | tca.monotonic_time = | ||
2439 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); | ||
2440 | thas.purpose.purpose = htonl ( | ||
2441 | GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK); | ||
2442 | thas.purpose.size = htonl (sizeof(thas)); | ||
2443 | thas.sender = my_identity; | ||
2444 | thas.receiver = queue->target; | ||
2445 | thas.monotonic_time = tca.monotonic_time; | ||
2446 | thas.challenge = tca.challenge; | ||
2447 | GNUNET_CRYPTO_eddsa_sign (my_private_key, | ||
2448 | &thas, | ||
2449 | &tca.sender_sig); | ||
2450 | GNUNET_assert (0 == | ||
2451 | gcry_cipher_encrypt (queue->out_cipher, | ||
2452 | &queue->cwrite_buf[queue->cwrite_off], | ||
2453 | sizeof(tca), | ||
2454 | &tca, | ||
2455 | sizeof(tca))); | ||
2456 | queue->cwrite_off += sizeof(tca); | ||
2457 | } | ||
1927 | 2458 | ||
1928 | /** | 2459 | /** |
1929 | * Read from the socket of the proto queue until we have enough data | 2460 | * Read from the socket of the proto queue until we have enough data |
@@ -1993,6 +2524,11 @@ proto_read_kx (void *cls) | |||
1993 | queue->listen_task = pq->listen_task; | 2524 | queue->listen_task = pq->listen_task; |
1994 | queue->listen_sock = pq->listen_sock; | 2525 | queue->listen_sock = pq->listen_sock; |
1995 | queue->sock = pq->sock; | 2526 | queue->sock = pq->sock; |
2527 | |||
2528 | |||
2529 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2530 | "start kx proto\n"); | ||
2531 | |||
1996 | start_initial_kx_out (queue); | 2532 | start_initial_kx_out (queue); |
1997 | boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND); | 2533 | boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND); |
1998 | queue->read_task = | 2534 | queue->read_task = |
@@ -2005,6 +2541,8 @@ proto_read_kx (void *cls) | |||
2005 | queue->sock, | 2541 | queue->sock, |
2006 | &queue_write, | 2542 | &queue_write, |
2007 | queue); | 2543 | queue); |
2544 | send_challenge (tc, queue); | ||
2545 | |||
2008 | GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq); | 2546 | GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq); |
2009 | GNUNET_free (pq); | 2547 | GNUNET_free (pq); |
2010 | } | 2548 | } |
@@ -2128,7 +2666,7 @@ queue_read_kx (void *cls) | |||
2128 | queue_destroy (queue); | 2666 | queue_destroy (queue); |
2129 | return; | 2667 | return; |
2130 | } | 2668 | } |
2131 | 2669 | send_challenge (tc, queue); | |
2132 | /* update queue timeout */ | 2670 | /* update queue timeout */ |
2133 | reschedule_queue_timeout (queue); | 2671 | reschedule_queue_timeout (queue); |
2134 | /* prepare to continue with regular read task immediately */ | 2672 | /* prepare to continue with regular read task immediately */ |
@@ -2220,6 +2758,11 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address) | |||
2220 | queue->sock, | 2758 | queue->sock, |
2221 | &queue_read_kx, | 2759 | &queue_read_kx, |
2222 | queue); | 2760 | queue); |
2761 | |||
2762 | |||
2763 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2764 | "start kx mq_init\n"); | ||
2765 | |||
2223 | start_initial_kx_out (queue); | 2766 | start_initial_kx_out (queue); |
2224 | queue->write_task = | 2767 | queue->write_task = |
2225 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, | 2768 | GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL, |
@@ -2338,10 +2881,6 @@ nat_address_cb (void *cls, | |||
2338 | char *my_addr; | 2881 | char *my_addr; |
2339 | struct GNUNET_TRANSPORT_AddressIdentifier *ai; | 2882 | struct GNUNET_TRANSPORT_AddressIdentifier *ai; |
2340 | 2883 | ||
2341 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2342 | "1 nat_address %s\n", | ||
2343 | GNUNET_a2s (addr, addrlen)); | ||
2344 | |||
2345 | if (GNUNET_YES == add_remove) | 2884 | if (GNUNET_YES == add_remove) |
2346 | { | 2885 | { |
2347 | enum GNUNET_NetworkType nt; | 2886 | enum GNUNET_NetworkType nt; |
@@ -2390,10 +2929,6 @@ init_socket (const struct sockaddr *addr, | |||
2390 | return GNUNET_SYSERR; | 2929 | return GNUNET_SYSERR; |
2391 | } | 2930 | } |
2392 | 2931 | ||
2393 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2394 | "4 address %s\n", | ||
2395 | GNUNET_a2s (addr, in_len)); | ||
2396 | |||
2397 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2932 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2398 | "address %s\n", | 2933 | "address %s\n", |
2399 | GNUNET_a2s (addr, in_len)); | 2934 | GNUNET_a2s (addr, in_len)); |
@@ -2508,35 +3043,20 @@ nat_register () | |||
2508 | int i; | 3043 | int i; |
2509 | struct Addresses *pos; | 3044 | struct Addresses *pos; |
2510 | 3045 | ||
2511 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2512 | "nat here\n"); | ||
2513 | |||
2514 | i = 0; | 3046 | i = 0; |
2515 | saddrs = GNUNET_malloc ((addrs_lens + 1) * sizeof(struct sockaddr *)); | 3047 | saddrs = GNUNET_malloc ((addrs_lens + 1) * sizeof(struct sockaddr *)); |
2516 | 3048 | ||
2517 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2518 | "2 nat here\n"); | ||
2519 | |||
2520 | saddr_lens = GNUNET_malloc ((addrs_lens + 1) * sizeof(socklen_t)); | 3049 | saddr_lens = GNUNET_malloc ((addrs_lens + 1) * sizeof(socklen_t)); |
2521 | 3050 | ||
2522 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2523 | "3 nat here\n"); | ||
2524 | |||
2525 | for (pos = addrs_head; NULL != pos; pos = pos->next) | 3051 | for (pos = addrs_head; NULL != pos; pos = pos->next) |
2526 | { | 3052 | { |
2527 | 3053 | ||
2528 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2529 | "5 nat here\n"); | ||
2530 | |||
2531 | saddr_lens[i] = addrs_head->addr_len; | 3054 | saddr_lens[i] = addrs_head->addr_len; |
2532 | saddrs[i] = GNUNET_malloc (saddr_lens[i]); | 3055 | saddrs[i] = GNUNET_malloc (saddr_lens[i]); |
2533 | saddrs[i] = addrs_head->addr; | 3056 | saddrs[i] = addrs_head->addr; |
2534 | 3057 | ||
2535 | i++; | 3058 | i++; |
2536 | 3059 | ||
2537 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2538 | "6 nat here\n"); | ||
2539 | |||
2540 | } | 3060 | } |
2541 | 3061 | ||
2542 | nat = GNUNET_NAT_register (cfg, | 3062 | nat = GNUNET_NAT_register (cfg, |
@@ -2676,6 +3196,13 @@ run (void *cls, | |||
2676 | &rekey_interval)) | 3196 | &rekey_interval)) |
2677 | rekey_interval = DEFAULT_REKEY_INTERVAL; | 3197 | rekey_interval = DEFAULT_REKEY_INTERVAL; |
2678 | 3198 | ||
3199 | peerstore = GNUNET_PEERSTORE_connect (cfg); | ||
3200 | if (NULL == peerstore) | ||
3201 | { | ||
3202 | GNUNET_break (0); | ||
3203 | GNUNET_SCHEDULER_shutdown (); | ||
3204 | return; | ||
3205 | } | ||
2679 | 3206 | ||
2680 | // cp = GNUNET_strdup (bindto); | 3207 | // cp = GNUNET_strdup (bindto); |
2681 | start = extract_address (bindto); | 3208 | start = extract_address (bindto); |
@@ -2690,11 +3217,11 @@ run (void *cls, | |||
2690 | add_addr (po->addr_ipv4, *po->addr_len_ipv4); | 3217 | add_addr (po->addr_ipv4, *po->addr_len_ipv4); |
2691 | } | 3218 | } |
2692 | 3219 | ||
2693 | if (NULL != &po->addr_ipv6) | 3220 | /*if (NULL != &po->addr_ipv6) |
2694 | { | 3221 | { |
2695 | init_socket (po->addr_ipv6, *po->addr_len_ipv6); | 3222 | init_socket (po->addr_ipv6, *po->addr_len_ipv6); |
2696 | add_addr (po->addr_ipv6, *po->addr_len_ipv6); | 3223 | add_addr (po->addr_ipv6, *po->addr_len_ipv6); |
2697 | } | 3224 | }*/ |
2698 | 3225 | ||
2699 | nat_register (); | 3226 | nat_register (); |
2700 | } | 3227 | } |
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index 5f3178939..baefdfa88 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c | |||
@@ -329,19 +329,6 @@ struct AcknowledgementUUIDP | |||
329 | struct GNUNET_Uuid value; | 329 | struct GNUNET_Uuid value; |
330 | }; | 330 | }; |
331 | 331 | ||
332 | |||
333 | /** | ||
334 | * Type of a nonce used for challenges. | ||
335 | */ | ||
336 | struct ChallengeNonceP | ||
337 | { | ||
338 | /** | ||
339 | * The value of the nonce. Note that this is NOT a hash. | ||
340 | */ | ||
341 | struct GNUNET_ShortHashCode value; | ||
342 | }; | ||
343 | |||
344 | |||
345 | /** | 332 | /** |
346 | * Outer layer of an encapsulated backchannel message. | 333 | * Outer layer of an encapsulated backchannel message. |
347 | */ | 334 | */ |
diff --git a/src/transport/test_communicator_tcp_basic_peer1.conf b/src/transport/test_communicator_tcp_basic_peer1.conf index d0293ff51..31568fd0d 100644 --- a/src/transport/test_communicator_tcp_basic_peer1.conf +++ b/src/transport/test_communicator_tcp_basic_peer1.conf | |||
@@ -19,6 +19,9 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock | |||
19 | [nat] | 19 | [nat] |
20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock | 20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock |
21 | 21 | ||
22 | [peerstore] | ||
23 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock | ||
24 | |||
22 | [communicator-unix] | 25 | [communicator-unix] |
23 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock | 26 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock |
24 | 27 | ||
diff --git a/src/transport/test_communicator_tcp_basic_peer2.conf b/src/transport/test_communicator_tcp_basic_peer2.conf index 5b9050547..44037d47f 100644 --- a/src/transport/test_communicator_tcp_basic_peer2.conf +++ b/src/transport/test_communicator_tcp_basic_peer2.conf | |||
@@ -20,6 +20,9 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock | |||
20 | [nat] | 20 | [nat] |
21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock | 21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock | ||
25 | |||
23 | [communicator-unix] | 26 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock | 27 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock |
25 | 28 | ||
diff --git a/src/transport/test_communicator_tcp_rekey_peer1.conf b/src/transport/test_communicator_tcp_rekey_peer1.conf index 18028cd48..e7161e488 100644 --- a/src/transport/test_communicator_tcp_rekey_peer1.conf +++ b/src/transport/test_communicator_tcp_rekey_peer1.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock | |||
20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock | 20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock |
21 | ENABLE_IPSCAN = YES | 21 | ENABLE_IPSCAN = YES |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62089 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_tcp_rekey_peer2.conf b/src/transport/test_communicator_tcp_rekey_peer2.conf index 7d7179578..8f175a405 100644 --- a/src/transport/test_communicator_tcp_rekey_peer2.conf +++ b/src/transport/test_communicator_tcp_rekey_peer2.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock | |||
20 | [nat] | 20 | [nat] |
21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock | 21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62090 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_udp_backchannel_peer1.conf b/src/transport/test_communicator_udp_backchannel_peer1.conf index 0c595b77b..b99a76d6c 100644 --- a/src/transport/test_communicator_udp_backchannel_peer1.conf +++ b/src/transport/test_communicator_udp_backchannel_peer1.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock | |||
20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock | 20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock |
21 | ENABLE_IPSCAN = YES | 21 | ENABLE_IPSCAN = YES |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62089 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_udp_backchannel_peer2.conf b/src/transport/test_communicator_udp_backchannel_peer2.conf index d29f37ec9..48bd54c8b 100644 --- a/src/transport/test_communicator_udp_backchannel_peer2.conf +++ b/src/transport/test_communicator_udp_backchannel_peer2.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock | |||
20 | [nat] | 20 | [nat] |
21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock | 21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62090 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_udp_basic_peer1.conf b/src/transport/test_communicator_udp_basic_peer1.conf index 4cfb6f72f..d53a55210 100644 --- a/src/transport/test_communicator_udp_basic_peer1.conf +++ b/src/transport/test_communicator_udp_basic_peer1.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock | |||
20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock | 20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock |
21 | ENABLE_IPSCAN = YES | 21 | ENABLE_IPSCAN = YES |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62089 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock | ||
29 | |||
23 | [communicator-udp] | 30 | [communicator-udp] |
24 | BINDTO = 60002 | 31 | BINDTO = 60002 |
25 | DISABLE_V6 = YES | 32 | DISABLE_V6 = YES |
diff --git a/src/transport/test_communicator_udp_basic_peer2.conf b/src/transport/test_communicator_udp_basic_peer2.conf index b9bed2756..f05ebc5cb 100644 --- a/src/transport/test_communicator_udp_basic_peer2.conf +++ b/src/transport/test_communicator_udp_basic_peer2.conf | |||
@@ -20,6 +20,14 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock | |||
20 | [nat] | 20 | [nat] |
21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock | 21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock |
22 | 22 | ||
23 | |||
24 | [peerstore] | ||
25 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock | ||
26 | |||
27 | [resolver] | ||
28 | PORT = 62090 | ||
29 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock | ||
30 | |||
23 | [communicator-udp] | 31 | [communicator-udp] |
24 | BINDTO = 60003 | 32 | BINDTO = 60003 |
25 | DISABLE_V6 = YES | 33 | DISABLE_V6 = YES |
diff --git a/src/transport/test_communicator_udp_rekey_peer1.conf b/src/transport/test_communicator_udp_rekey_peer1.conf index 18028cd48..e7161e488 100644 --- a/src/transport/test_communicator_udp_rekey_peer1.conf +++ b/src/transport/test_communicator_udp_rekey_peer1.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock | |||
20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock | 20 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock |
21 | ENABLE_IPSCAN = YES | 21 | ENABLE_IPSCAN = YES |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62089 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_udp_rekey_peer2.conf b/src/transport/test_communicator_udp_rekey_peer2.conf index 7d7179578..8f175a405 100644 --- a/src/transport/test_communicator_udp_rekey_peer2.conf +++ b/src/transport/test_communicator_udp_rekey_peer2.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock | |||
20 | [nat] | 20 | [nat] |
21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock | 21 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62090 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_unix_basic_peer1.conf b/src/transport/test_communicator_unix_basic_peer1.conf index d50588007..71283e381 100644 --- a/src/transport/test_communicator_unix_basic_peer1.conf +++ b/src/transport/test_communicator_unix_basic_peer1.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock | |||
20 | UNIXPATH = $GNUNET_TMP/communicator-unix-1/nat.sock | 20 | UNIXPATH = $GNUNET_TMP/communicator-unix-1/nat.sock |
21 | ENABLE_IPSCAN = YES | 21 | ENABLE_IPSCAN = YES |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62089 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-1.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-1.sock |
25 | 32 | ||
diff --git a/src/transport/test_communicator_unix_basic_peer2.conf b/src/transport/test_communicator_unix_basic_peer2.conf index fe27ef1a6..ac95845b2 100644 --- a/src/transport/test_communicator_unix_basic_peer2.conf +++ b/src/transport/test_communicator_unix_basic_peer2.conf | |||
@@ -20,6 +20,13 @@ UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock | |||
20 | [nat] | 20 | [nat] |
21 | UNIXPATH = $GNUNET_TMP/communicator-unix-2/nat.sock | 21 | UNIXPATH = $GNUNET_TMP/communicator-unix-2/nat.sock |
22 | 22 | ||
23 | [peerstore] | ||
24 | UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock | ||
25 | |||
26 | [resolver] | ||
27 | PORT = 62090 | ||
28 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock | ||
29 | |||
23 | [communicator-unix] | 30 | [communicator-unix] |
24 | UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-2.sock | 31 | UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-2.sock |
25 | 32 | ||
diff --git a/src/transport/transport-testing2.c b/src/transport/transport-testing2.c index 0dc1bb331..974dc56c1 100644 --- a/src/transport/transport-testing2.c +++ b/src/transport/transport-testing2.c | |||
@@ -114,6 +114,11 @@ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle | |||
114 | struct GNUNET_OS_Process *resolver_proc; | 114 | struct GNUNET_OS_Process *resolver_proc; |
115 | 115 | ||
116 | /** | 116 | /** |
117 | * peerstore service process | ||
118 | */ | ||
119 | struct GNUNET_OS_Process *ps_proc; | ||
120 | |||
121 | /** | ||
117 | * @brief Task that will be run on shutdown to stop and clean communicator | 122 | * @brief Task that will be run on shutdown to stop and clean communicator |
118 | */ | 123 | */ |
119 | struct GNUNET_SCHEDULER_Task *c_shutdown_task; | 124 | struct GNUNET_SCHEDULER_Task *c_shutdown_task; |
@@ -671,8 +676,8 @@ handle_update_queue_message (void *cls, | |||
671 | struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorQueue *tc_queue; | 676 | struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorQueue *tc_queue; |
672 | 677 | ||
673 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 678 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
674 | "Received queue update message for %u with q_len %"PRIu64"\n", | 679 | "Received queue update message for %u with q_len %" PRIu64 "\n", |
675 | msg->qid, GNUNET_ntohll(msg->q_len)); | 680 | msg->qid, GNUNET_ntohll (msg->q_len)); |
676 | tc_queue = tc_h->queue_head; | 681 | tc_queue = tc_h->queue_head; |
677 | if (NULL != tc_queue) | 682 | if (NULL != tc_queue) |
678 | { | 683 | { |
@@ -892,6 +897,12 @@ shutdown_process (struct GNUNET_OS_Process *proc) | |||
892 | GNUNET_OS_process_destroy (proc); | 897 | GNUNET_OS_process_destroy (proc); |
893 | } | 898 | } |
894 | 899 | ||
900 | static void | ||
901 | shutdown_peerstore (void *cls) | ||
902 | { | ||
903 | struct GNUNET_OS_Process *proc = cls; | ||
904 | shutdown_process (proc); | ||
905 | } | ||
895 | 906 | ||
896 | static void | 907 | static void |
897 | shutdown_communicator (void *cls) | 908 | shutdown_communicator (void *cls) |
@@ -987,6 +998,38 @@ resolver_start (struct | |||
987 | 998 | ||
988 | } | 999 | } |
989 | 1000 | ||
1001 | |||
1002 | /** | ||
1003 | * @brief Start Peerstore | ||
1004 | * | ||
1005 | */ | ||
1006 | static void | ||
1007 | peerstore_start ( | ||
1008 | struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h) | ||
1009 | { | ||
1010 | char *binary; | ||
1011 | |||
1012 | LOG (GNUNET_ERROR_TYPE_DEBUG, "peerstore_start\n"); | ||
1013 | binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-peerstore"); | ||
1014 | tc_h->ps_proc = GNUNET_OS_start_process (GNUNET_YES, | ||
1015 | GNUNET_OS_INHERIT_STD_OUT_AND_ERR, | ||
1016 | NULL, | ||
1017 | NULL, | ||
1018 | NULL, | ||
1019 | binary, | ||
1020 | "gnunet-service-peerstore", | ||
1021 | "-c", | ||
1022 | tc_h->cfg_filename, | ||
1023 | NULL); | ||
1024 | if (NULL == tc_h->ps_proc) | ||
1025 | { | ||
1026 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start Peerstore!"); | ||
1027 | return; | ||
1028 | } | ||
1029 | LOG (GNUNET_ERROR_TYPE_INFO, "started Peerstore\n"); | ||
1030 | GNUNET_free (binary); | ||
1031 | } | ||
1032 | |||
990 | /** | 1033 | /** |
991 | * @brief Start NAT | 1034 | * @brief Start NAT |
992 | * | 1035 | * |
@@ -1018,7 +1061,6 @@ nat_start ( | |||
1018 | GNUNET_free (binary); | 1061 | GNUNET_free (binary); |
1019 | } | 1062 | } |
1020 | 1063 | ||
1021 | |||
1022 | /** | 1064 | /** |
1023 | * @brief Start communicator part of transport service and communicator | 1065 | * @brief Start communicator part of transport service and communicator |
1024 | * | 1066 | * |
@@ -1083,6 +1125,8 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_start ( | |||
1083 | nat_start (tc_h); | 1125 | nat_start (tc_h); |
1084 | /* Start resolver service */ | 1126 | /* Start resolver service */ |
1085 | resolver_start (tc_h); | 1127 | resolver_start (tc_h); |
1128 | /* Start peerstore service */ | ||
1129 | peerstore_start (tc_h); | ||
1086 | /* Schedule start communicator */ | 1130 | /* Schedule start communicator */ |
1087 | communicator_start (tc_h, | 1131 | communicator_start (tc_h, |
1088 | binary_name); | 1132 | binary_name); |
@@ -1098,6 +1142,7 @@ GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop ( | |||
1098 | shutdown_service (tc_h->sh); | 1142 | shutdown_service (tc_h->sh); |
1099 | shutdown_nat (tc_h->nat_proc); | 1143 | shutdown_nat (tc_h->nat_proc); |
1100 | shutdown_resolver (tc_h->resolver_proc); | 1144 | shutdown_resolver (tc_h->resolver_proc); |
1145 | shutdown_peerstore (tc_h->ps_proc); | ||
1101 | GNUNET_CONFIGURATION_destroy (tc_h->cfg); | 1146 | GNUNET_CONFIGURATION_destroy (tc_h->cfg); |
1102 | GNUNET_free (tc_h); | 1147 | GNUNET_free (tc_h); |
1103 | } | 1148 | } |