diff options
Diffstat (limited to 'src/cadet/gnunet-service-cadet_tunnel.c')
-rw-r--r-- | src/cadet/gnunet-service-cadet_tunnel.c | 554 |
1 files changed, 208 insertions, 346 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index 26c1ea3d4..249974d81 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c | |||
@@ -96,18 +96,6 @@ struct CadetTConnection | |||
96 | 96 | ||
97 | 97 | ||
98 | /** | 98 | /** |
99 | * Encryption systems possible. | ||
100 | */ | ||
101 | enum CadetTunnelEncryption | ||
102 | { | ||
103 | /** | ||
104 | * Default Axolotl system. | ||
105 | */ | ||
106 | CADET_Axolotl | ||
107 | |||
108 | }; | ||
109 | |||
110 | /** | ||
111 | * Struct to old keys for skipped messages while advancing the Axolotl ratchet. | 99 | * Struct to old keys for skipped messages while advancing the Axolotl ratchet. |
112 | */ | 100 | */ |
113 | struct CadetTunnelSkippedKey | 101 | struct CadetTunnelSkippedKey |
@@ -267,11 +255,6 @@ struct CadetTunnel | |||
267 | struct CadetPeer *peer; | 255 | struct CadetPeer *peer; |
268 | 256 | ||
269 | /** | 257 | /** |
270 | * Type of encryption used in the tunnel. | ||
271 | */ | ||
272 | enum CadetTunnelEncryption enc_type; | ||
273 | |||
274 | /** | ||
275 | * Axolotl info. | 258 | * Axolotl info. |
276 | */ | 259 | */ |
277 | struct CadetTunnelAxolotl *ax; | 260 | struct CadetTunnelAxolotl *ax; |
@@ -550,8 +533,7 @@ is_ready (struct CadetTunnel *t) | |||
550 | conn_ok = CADET_TUNNEL_READY == t->cstate; | 533 | conn_ok = CADET_TUNNEL_READY == t->cstate; |
551 | enc_ok = CADET_TUNNEL_KEY_OK == t->estate | 534 | enc_ok = CADET_TUNNEL_KEY_OK == t->estate |
552 | || CADET_TUNNEL_KEY_REKEY == t->estate | 535 | || CADET_TUNNEL_KEY_REKEY == t->estate |
553 | || (CADET_TUNNEL_KEY_PING == t->estate | 536 | || CADET_TUNNEL_KEY_PING == t->estate; |
554 | && CADET_Axolotl == t->enc_type); | ||
555 | ready = conn_ok && enc_ok; | 537 | ready = conn_ok && enc_ok; |
556 | ready = ready || GCT_is_loopback (t); | 538 | ready = ready || GCT_is_loopback (t); |
557 | return ready; | 539 | return ready; |
@@ -869,7 +851,7 @@ t_ax_decrypt (struct CadetTunnel *t, void *dst, const void *src, size_t size) | |||
869 | * @param msg Message whose header to encrypt. | 851 | * @param msg Message whose header to encrypt. |
870 | */ | 852 | */ |
871 | static void | 853 | static void |
872 | t_h_encrypt (struct CadetTunnel *t, struct GNUNET_CADET_AX *msg) | 854 | t_h_encrypt (struct CadetTunnel *t, struct GNUNET_CADET_Encrypted *msg) |
873 | { | 855 | { |
874 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 856 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
875 | struct CadetTunnelAxolotl *ax; | 857 | struct CadetTunnelAxolotl *ax; |
@@ -902,8 +884,8 @@ t_h_encrypt (struct CadetTunnel *t, struct GNUNET_CADET_AX *msg) | |||
902 | * @param dst Where to decrypt header to. | 884 | * @param dst Where to decrypt header to. |
903 | */ | 885 | */ |
904 | static void | 886 | static void |
905 | t_h_decrypt (struct CadetTunnel *t, const struct GNUNET_CADET_AX *src, | 887 | t_h_decrypt (struct CadetTunnel *t, const struct GNUNET_CADET_Encrypted *src, |
906 | struct GNUNET_CADET_AX *dst) | 888 | struct GNUNET_CADET_Encrypted *dst) |
907 | { | 889 | { |
908 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 890 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
909 | struct CadetTunnelAxolotl *ax; | 891 | struct CadetTunnelAxolotl *ax; |
@@ -941,12 +923,12 @@ t_h_decrypt (struct CadetTunnel *t, const struct GNUNET_CADET_AX *src, | |||
941 | */ | 923 | */ |
942 | static int | 924 | static int |
943 | try_old_ax_keys (struct CadetTunnel *t, void *dst, | 925 | try_old_ax_keys (struct CadetTunnel *t, void *dst, |
944 | const struct GNUNET_CADET_AX *src, size_t size) | 926 | const struct GNUNET_CADET_Encrypted *src, size_t size) |
945 | { | 927 | { |
946 | struct CadetTunnelSkippedKey *key; | 928 | struct CadetTunnelSkippedKey *key; |
947 | struct GNUNET_CADET_Hash *hmac; | 929 | struct GNUNET_CADET_Hash *hmac; |
948 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 930 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
949 | struct GNUNET_CADET_AX plaintext_header; | 931 | struct GNUNET_CADET_Encrypted plaintext_header; |
950 | struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK; | 932 | struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK; |
951 | size_t esize; | 933 | size_t esize; |
952 | size_t res; | 934 | size_t res; |
@@ -955,7 +937,7 @@ try_old_ax_keys (struct CadetTunnel *t, void *dst, | |||
955 | 937 | ||
956 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying old keys\n"); | 938 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Trying old keys\n"); |
957 | hmac = &plaintext_header.hmac; | 939 | hmac = &plaintext_header.hmac; |
958 | esize = size - sizeof (struct GNUNET_CADET_AX); | 940 | esize = size - sizeof (struct GNUNET_CADET_Encrypted); |
959 | 941 | ||
960 | /* Find a correct Header Key */ | 942 | /* Find a correct Header Key */ |
961 | for (key = t->ax->skipped_head; NULL != key; key = key->next) | 943 | for (key = t->ax->skipped_head; NULL != key; key = key->next) |
@@ -976,8 +958,8 @@ try_old_ax_keys (struct CadetTunnel *t, void *dst, | |||
976 | return -1; | 958 | return -1; |
977 | 959 | ||
978 | /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */ | 960 | /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */ |
979 | GNUNET_assert (size > sizeof (struct GNUNET_CADET_AX)); | 961 | GNUNET_assert (size > sizeof (struct GNUNET_CADET_Encrypted)); |
980 | len = size - sizeof (struct GNUNET_CADET_AX); | 962 | len = size - sizeof (struct GNUNET_CADET_Encrypted); |
981 | GNUNET_assert (len >= sizeof (struct GNUNET_MessageHeader)); | 963 | GNUNET_assert (len >= sizeof (struct GNUNET_MessageHeader)); |
982 | 964 | ||
983 | /* Decrypt header */ | 965 | /* Decrypt header */ |
@@ -1120,20 +1102,20 @@ store_ax_keys (struct CadetTunnel *t, | |||
1120 | */ | 1102 | */ |
1121 | static int | 1103 | static int |
1122 | t_ax_decrypt_and_validate (struct CadetTunnel *t, void *dst, | 1104 | t_ax_decrypt_and_validate (struct CadetTunnel *t, void *dst, |
1123 | const struct GNUNET_CADET_AX *src, size_t size) | 1105 | const struct GNUNET_CADET_Encrypted *src, |
1106 | size_t size) | ||
1124 | { | 1107 | { |
1125 | struct CadetTunnelAxolotl *ax; | 1108 | struct CadetTunnelAxolotl *ax; |
1126 | struct GNUNET_CADET_Hash msg_hmac; | 1109 | struct GNUNET_CADET_Hash msg_hmac; |
1127 | struct GNUNET_HashCode hmac; | 1110 | struct GNUNET_HashCode hmac; |
1128 | struct GNUNET_CADET_AX plaintext_header; | 1111 | struct GNUNET_CADET_Encrypted plaintext_header; |
1129 | uint32_t Np; | 1112 | uint32_t Np; |
1130 | uint32_t PNp; | 1113 | uint32_t PNp; |
1131 | size_t esize; | 1114 | size_t esize; /* Size of encryped payload */ |
1132 | size_t osize; | 1115 | size_t osize; /* Size of output (decrypted payload) */ |
1133 | 1116 | ||
1117 | esize = size - sizeof (struct GNUNET_CADET_Encrypted); | ||
1134 | ax = t->ax; | 1118 | ax = t->ax; |
1135 | esize = size - sizeof (struct GNUNET_CADET_AX); | ||
1136 | |||
1137 | if (NULL == ax) | 1119 | if (NULL == ax) |
1138 | return -1; | 1120 | return -1; |
1139 | 1121 | ||
@@ -1350,10 +1332,10 @@ send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
1350 | struct CadetTunnelQueue *existing_q) | 1332 | struct CadetTunnelQueue *existing_q) |
1351 | { | 1333 | { |
1352 | struct GNUNET_MessageHeader *msg; | 1334 | struct GNUNET_MessageHeader *msg; |
1353 | struct GNUNET_CADET_AX *ax_msg; | 1335 | struct GNUNET_CADET_Encrypted *ax_msg; |
1354 | struct CadetTunnelQueue *tq; | 1336 | struct CadetTunnelQueue *tq; |
1355 | size_t size = ntohs (message->size); | 1337 | size_t size = ntohs (message->size); |
1356 | char cbuf[sizeof (struct GNUNET_CADET_AX) + size] GNUNET_ALIGN; | 1338 | char cbuf[sizeof (struct GNUNET_CADET_Encrypted) + size] GNUNET_ALIGN; |
1357 | size_t esize; | 1339 | size_t esize; |
1358 | uint32_t mid; | 1340 | uint32_t mid; |
1359 | uint16_t type; | 1341 | uint16_t type; |
@@ -1381,11 +1363,10 @@ send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
1381 | 1363 | ||
1382 | GNUNET_assert (GNUNET_NO == GCT_is_loopback (t)); | 1364 | GNUNET_assert (GNUNET_NO == GCT_is_loopback (t)); |
1383 | 1365 | ||
1384 | GNUNET_assert (CADET_Axolotl == t->enc_type); | 1366 | ax_msg = (struct GNUNET_CADET_Encrypted *) cbuf; |
1385 | ax_msg = (struct GNUNET_CADET_AX *) cbuf; | ||
1386 | msg = &ax_msg->header; | 1367 | msg = &ax_msg->header; |
1387 | msg->size = htons (sizeof (struct GNUNET_CADET_AX) + size); | 1368 | msg->size = htons (sizeof (struct GNUNET_CADET_Encrypted) + size); |
1388 | msg->type = htons (GNUNET_MESSAGE_TYPE_CADET_AX); | 1369 | msg->type = htons (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED); |
1389 | esize = t_ax_encrypt (t, &ax_msg[1], message, size); | 1370 | esize = t_ax_encrypt (t, &ax_msg[1], message, size); |
1390 | ax_msg->Ns = htonl (t->ax->Ns++); | 1371 | ax_msg->Ns = htonl (t->ax->Ns++); |
1391 | ax_msg->PNs = htonl (t->ax->PNs); | 1372 | ax_msg->PNs = htonl (t->ax->PNs); |
@@ -1505,12 +1486,12 @@ send_queued_data (struct CadetTunnel *t) | |||
1505 | 1486 | ||
1506 | 1487 | ||
1507 | /** | 1488 | /** |
1508 | * @brief Resend the AX KX until we complete the handshake. | 1489 | * @brief Resend the KX until we complete the handshake. |
1509 | * | 1490 | * |
1510 | * @param cls Closure (tunnel). | 1491 | * @param cls Closure (tunnel). |
1511 | */ | 1492 | */ |
1512 | static void | 1493 | static void |
1513 | ax_kx_resend (void *cls) | 1494 | kx_resend (void *cls) |
1514 | { | 1495 | { |
1515 | struct CadetTunnel *t = cls; | 1496 | struct CadetTunnel *t = cls; |
1516 | 1497 | ||
@@ -1522,7 +1503,7 @@ ax_kx_resend (void *cls) | |||
1522 | return; | 1503 | return; |
1523 | } | 1504 | } |
1524 | 1505 | ||
1525 | GCT_send_ax_kx (t, CADET_TUNNEL_KEY_SENT >= t->estate); | 1506 | GCT_send_kx (t, CADET_TUNNEL_KEY_SENT >= t->estate); |
1526 | } | 1507 | } |
1527 | 1508 | ||
1528 | 1509 | ||
@@ -1549,98 +1530,15 @@ ephm_sent (void *cls, | |||
1549 | if (CADET_TUNNEL_KEY_OK == t->estate) | 1530 | if (CADET_TUNNEL_KEY_OK == t->estate) |
1550 | return; | 1531 | return; |
1551 | 1532 | ||
1552 | if (CADET_Axolotl == t->enc_type) | 1533 | if (NULL != t->rekey_task) |
1553 | { | ||
1554 | if (NULL != t->rekey_task) | ||
1555 | { | ||
1556 | GNUNET_break (0); | ||
1557 | GCT_debug (t, GNUNET_ERROR_TYPE_WARNING); | ||
1558 | GNUNET_SCHEDULER_cancel (t->rekey_task); | ||
1559 | } | ||
1560 | t->rekey_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, | ||
1561 | &ax_kx_resend, t); | ||
1562 | } | ||
1563 | } | ||
1564 | |||
1565 | |||
1566 | /** | ||
1567 | * Sends key exchange message on a tunnel, choosing the best connection. | ||
1568 | * Should not be called on loopback tunnels. | ||
1569 | * | ||
1570 | * @param t Tunnel on which this message is transmitted. | ||
1571 | * @param message Message to send. Function modifies it. | ||
1572 | * | ||
1573 | * @return Handle to the message in the connection queue. | ||
1574 | */ | ||
1575 | static struct CadetConnectionQueue * | ||
1576 | send_kx (struct CadetTunnel *t, | ||
1577 | const struct GNUNET_MessageHeader *message) | ||
1578 | { | ||
1579 | struct CadetConnection *c; | ||
1580 | struct GNUNET_CADET_KX *msg; | ||
1581 | size_t size = ntohs (message->size); | ||
1582 | char cbuf[sizeof (struct GNUNET_CADET_KX) + size]; | ||
1583 | uint16_t type; | ||
1584 | int fwd; | ||
1585 | |||
1586 | LOG (GNUNET_ERROR_TYPE_DEBUG, "GMT KX on Tunnel %s\n", GCT_2s (t)); | ||
1587 | |||
1588 | /* Avoid loopback. */ | ||
1589 | if (GCT_is_loopback (t)) | ||
1590 | { | 1534 | { |
1591 | GNUNET_break (0); | 1535 | GNUNET_break (0); |
1592 | return NULL; | 1536 | GCT_debug (t, GNUNET_ERROR_TYPE_WARNING); |
1593 | } | 1537 | GNUNET_SCHEDULER_cancel (t->rekey_task); |
1594 | type = ntohs (message->type); | ||
1595 | |||
1596 | /* Even if tunnel is "being destroyed", send anyway. | ||
1597 | * Could be a response to a rekey initiated by remote peer, | ||
1598 | * who is trying to create a new channel! | ||
1599 | */ | ||
1600 | |||
1601 | /* Must have a connection, or be looking for one. */ | ||
1602 | if (NULL == t->connection_head) | ||
1603 | { | ||
1604 | LOG (GNUNET_ERROR_TYPE_DEBUG, "%s with no connection\n", GC_m2s (type)); | ||
1605 | if (CADET_TUNNEL_SEARCHING != t->cstate) | ||
1606 | { | ||
1607 | GNUNET_break (0); | ||
1608 | GCT_debug (t, GNUNET_ERROR_TYPE_ERROR); | ||
1609 | } | ||
1610 | return NULL; | ||
1611 | } | ||
1612 | |||
1613 | msg = (struct GNUNET_CADET_KX *) cbuf; | ||
1614 | msg->header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX); | ||
1615 | msg->header.size = htons (sizeof (struct GNUNET_CADET_KX) + size); | ||
1616 | msg->reserved = htonl (0); | ||
1617 | c = tunnel_get_connection (t); | ||
1618 | if (NULL == c) | ||
1619 | { | ||
1620 | if (NULL == t->destroy_task && CADET_TUNNEL_READY == t->cstate) | ||
1621 | { | ||
1622 | GNUNET_break (0); | ||
1623 | GCT_debug (t, GNUNET_ERROR_TYPE_ERROR); | ||
1624 | } | ||
1625 | return NULL; | ||
1626 | } | ||
1627 | msg->cid = *GCC_get_id (c); | ||
1628 | switch (type) | ||
1629 | { | ||
1630 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: | ||
1631 | GNUNET_assert (NULL == t->ephm_h); | ||
1632 | break; | ||
1633 | default: | ||
1634 | LOG (GNUNET_ERROR_TYPE_DEBUG, "unkown type %s\n", GC_m2s (type)); | ||
1635 | GNUNET_assert (0); | ||
1636 | } | 1538 | } |
1637 | GNUNET_memcpy (&msg[1], message, size); | 1539 | t->rekey_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, |
1638 | 1540 | &kx_resend, t); | |
1639 | fwd = GCC_is_origin (c, GNUNET_YES); | ||
1640 | 1541 | ||
1641 | return GCC_send_prebuilt_message (&msg->header, type, 0, c, | ||
1642 | fwd, GNUNET_YES, | ||
1643 | &ephm_sent, t); | ||
1644 | } | 1542 | } |
1645 | 1543 | ||
1646 | 1544 | ||
@@ -1965,148 +1863,6 @@ destroy_ax (struct CadetTunnel *t) | |||
1965 | 1863 | ||
1966 | 1864 | ||
1967 | /** | 1865 | /** |
1968 | * Handle Axolotl handshake. | ||
1969 | * | ||
1970 | * @param t Tunnel this message came on. | ||
1971 | * @param msg Key eXchange Pong message. | ||
1972 | */ | ||
1973 | static void | ||
1974 | handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg) | ||
1975 | { | ||
1976 | struct CadetTunnelAxolotl *ax; | ||
1977 | struct GNUNET_HashCode key_material[3]; | ||
1978 | struct GNUNET_CRYPTO_SymmetricSessionKey keys[5]; | ||
1979 | const char salt[] = "CADET Axolotl salt"; | ||
1980 | const struct GNUNET_PeerIdentity *pid; | ||
1981 | int am_I_alice; | ||
1982 | |||
1983 | LOG (GNUNET_ERROR_TYPE_INFO, "<== { AX_KX} on %s\n", GCT_2s (t)); | ||
1984 | |||
1985 | if (NULL == t->ax) | ||
1986 | { | ||
1987 | /* Something is wrong if ax is NULL. Whose fault it is? */ | ||
1988 | GNUNET_break (CADET_Axolotl == t->enc_type); | ||
1989 | return; | ||
1990 | } | ||
1991 | ax = t->ax; | ||
1992 | |||
1993 | pid = GCT_get_destination (t); | ||
1994 | if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, pid)) | ||
1995 | am_I_alice = GNUNET_YES; | ||
1996 | else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, pid)) | ||
1997 | am_I_alice = GNUNET_NO; | ||
1998 | else | ||
1999 | { | ||
2000 | GNUNET_break_op (0); | ||
2001 | return; | ||
2002 | } | ||
2003 | |||
2004 | if (0 != (GNUNET_CADET_AX_KX_FLAG_FORCE_REPLY & ntohl (msg->flags))) | ||
2005 | { | ||
2006 | if (NULL != t->rekey_task) | ||
2007 | { | ||
2008 | GNUNET_SCHEDULER_cancel (t->rekey_task); | ||
2009 | t->rekey_task = NULL; | ||
2010 | } | ||
2011 | GCT_send_ax_kx (t, GNUNET_NO); | ||
2012 | } | ||
2013 | |||
2014 | if (0 == memcmp (&ax->DHRr, &msg->ratchet_key, sizeof(msg->ratchet_key))) | ||
2015 | { | ||
2016 | LOG (GNUNET_ERROR_TYPE_INFO, " known ratchet key, exit\n"); | ||
2017 | return; | ||
2018 | } | ||
2019 | |||
2020 | LOG (GNUNET_ERROR_TYPE_INFO, " is Alice? %s\n", am_I_alice ? "YES" : "NO"); | ||
2021 | |||
2022 | ax->DHRr = msg->ratchet_key; | ||
2023 | |||
2024 | /* ECDH A B0 */ | ||
2025 | if (GNUNET_YES == am_I_alice) | ||
2026 | { | ||
2027 | GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */ | ||
2028 | &msg->ephemeral_key, /* B0 */ | ||
2029 | &key_material[0]); | ||
2030 | } | ||
2031 | else | ||
2032 | { | ||
2033 | GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */ | ||
2034 | &pid->public_key, /* A */ | ||
2035 | &key_material[0]); | ||
2036 | } | ||
2037 | |||
2038 | /* ECDH A0 B */ | ||
2039 | if (GNUNET_YES == am_I_alice) | ||
2040 | { | ||
2041 | GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */ | ||
2042 | &pid->public_key, /* B */ | ||
2043 | &key_material[1]); | ||
2044 | } | ||
2045 | else | ||
2046 | { | ||
2047 | GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */ | ||
2048 | &msg->ephemeral_key, /* B0 */ | ||
2049 | &key_material[1]); | ||
2050 | |||
2051 | |||
2052 | } | ||
2053 | |||
2054 | /* ECDH A0 B0 */ | ||
2055 | /* (This is the triple-DH, we could probably safely skip this, | ||
2056 | as A0/B0 are already in the key material.) */ | ||
2057 | GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */ | ||
2058 | &msg->ephemeral_key, /* B0 or A0 */ | ||
2059 | &key_material[2]); | ||
2060 | |||
2061 | #if DUMP_KEYS_TO_STDERR | ||
2062 | { | ||
2063 | unsigned int i; | ||
2064 | for (i = 0; i < 3; i++) | ||
2065 | LOG (GNUNET_ERROR_TYPE_INFO, "km[%u]: %s\n", | ||
2066 | i, GNUNET_h2s (&key_material[i])); | ||
2067 | } | ||
2068 | #endif | ||
2069 | |||
2070 | /* KDF */ | ||
2071 | GNUNET_CRYPTO_kdf (keys, sizeof (keys), | ||
2072 | salt, sizeof (salt), | ||
2073 | &key_material, sizeof (key_material), NULL); | ||
2074 | |||
2075 | if (0 == memcmp (&ax->RK, &keys[0], sizeof(ax->RK))) | ||
2076 | { | ||
2077 | LOG (GNUNET_ERROR_TYPE_INFO, " known handshake key, exit\n"); | ||
2078 | return; | ||
2079 | } | ||
2080 | ax->RK = keys[0]; | ||
2081 | if (GNUNET_YES == am_I_alice) | ||
2082 | { | ||
2083 | ax->HKr = keys[1]; | ||
2084 | ax->NHKs = keys[2]; | ||
2085 | ax->NHKr = keys[3]; | ||
2086 | ax->CKr = keys[4]; | ||
2087 | ax->ratchet_flag = GNUNET_YES; | ||
2088 | } | ||
2089 | else | ||
2090 | { | ||
2091 | ax->HKs = keys[1]; | ||
2092 | ax->NHKr = keys[2]; | ||
2093 | ax->NHKs = keys[3]; | ||
2094 | ax->CKs = keys[4]; | ||
2095 | ax->ratchet_flag = GNUNET_NO; | ||
2096 | ax->ratchet_allowed = GNUNET_NO; | ||
2097 | ax->ratchet_counter = 0; | ||
2098 | ax->ratchet_expiration = | ||
2099 | GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), ratchet_time); | ||
2100 | } | ||
2101 | ax->PNs = 0; | ||
2102 | ax->Nr = 0; | ||
2103 | ax->Ns = 0; | ||
2104 | GCT_change_estate (t, CADET_TUNNEL_KEY_PING); | ||
2105 | send_queued_data (t); | ||
2106 | } | ||
2107 | |||
2108 | |||
2109 | /** | ||
2110 | * Demultiplex by message type and call appropriate handler for a message | 1866 | * Demultiplex by message type and call appropriate handler for a message |
2111 | * towards a channel of a local tunnel. | 1867 | * towards a channel of a local tunnel. |
2112 | * | 1868 | * |
@@ -2175,40 +1931,28 @@ handle_decrypted (struct CadetTunnel *t, | |||
2175 | /******************************************************************************/ | 1931 | /******************************************************************************/ |
2176 | /******************************** API ***********************************/ | 1932 | /******************************** API ***********************************/ |
2177 | /******************************************************************************/ | 1933 | /******************************************************************************/ |
1934 | |||
2178 | /** | 1935 | /** |
2179 | * Decrypt old format and demultiplex by message type. Call appropriate handler | 1936 | * Decrypt and process an encrypted message. |
2180 | * for a message towards a channel of a local tunnel. | 1937 | * |
1938 | * Calls the appropriate handler for a message in a channel of a local tunnel. | ||
2181 | * | 1939 | * |
2182 | * @param t Tunnel this message came on. | 1940 | * @param t Tunnel this message came on. |
2183 | * @param msg Message header. | 1941 | * @param msg Message header. |
2184 | */ | 1942 | */ |
2185 | void | 1943 | void |
2186 | GCT_handle_encrypted (struct CadetTunnel *t, | 1944 | GCT_handle_encrypted (struct CadetTunnel *t, |
2187 | const struct GNUNET_MessageHeader *msg) | 1945 | const struct GNUNET_CADET_Encrypted *msg) |
2188 | { | 1946 | { |
2189 | uint16_t size = ntohs (msg->size); | 1947 | uint16_t size = ntohs (msg->header.size); |
2190 | char cbuf [size]; | 1948 | char cbuf [size]; |
2191 | int decrypted_size; | 1949 | int decrypted_size; |
2192 | uint16_t type; | ||
2193 | const struct GNUNET_MessageHeader *msgh; | 1950 | const struct GNUNET_MessageHeader *msgh; |
2194 | unsigned int off; | 1951 | unsigned int off; |
2195 | 1952 | ||
2196 | type = ntohs (msg->type); | 1953 | GNUNET_STATISTICS_update (stats, "# received encrypted", 1, GNUNET_NO); |
2197 | switch (type) | ||
2198 | { | ||
2199 | case GNUNET_MESSAGE_TYPE_CADET_AX: | ||
2200 | { | ||
2201 | const struct GNUNET_CADET_AX *emsg; | ||
2202 | 1954 | ||
2203 | GNUNET_STATISTICS_update (stats, "# received Axolotl", 1, GNUNET_NO); | 1955 | decrypted_size = t_ax_decrypt_and_validate (t, cbuf, msg, size); |
2204 | emsg = (const struct GNUNET_CADET_AX *) msg; | ||
2205 | decrypted_size = t_ax_decrypt_and_validate (t, cbuf, emsg, size); | ||
2206 | } | ||
2207 | break; | ||
2208 | default: | ||
2209 | GNUNET_break_op (0); | ||
2210 | return; | ||
2211 | } | ||
2212 | 1956 | ||
2213 | if (-1 == decrypted_size) | 1957 | if (-1 == decrypted_size) |
2214 | { | 1958 | { |
@@ -2250,35 +1994,144 @@ GCT_handle_encrypted (struct CadetTunnel *t, | |||
2250 | 1994 | ||
2251 | 1995 | ||
2252 | /** | 1996 | /** |
2253 | * Demultiplex an encapsulated KX message by message type. | 1997 | * Handle a Key eXchange message. |
2254 | * | 1998 | * |
2255 | * @param t Tunnel on which the message came. | 1999 | * @param t Tunnel on which the message came. |
2256 | * @param message Payload of KX message. | 2000 | * @param msg KX message itself. |
2257 | * | ||
2258 | * FIXME: not needed anymore | ||
2259 | * - substitute with call to kx_ax | ||
2260 | * - eliminate encapsulation | ||
2261 | */ | 2001 | */ |
2262 | void | 2002 | void |
2263 | GCT_handle_kx (struct CadetTunnel *t, | 2003 | GCT_handle_kx (struct CadetTunnel *t, |
2264 | const struct GNUNET_MessageHeader *message) | 2004 | const struct GNUNET_CADET_KX *msg) |
2265 | { | 2005 | { |
2266 | uint16_t type; | 2006 | struct CadetTunnelAxolotl *ax; |
2267 | char buf[256]; | 2007 | struct GNUNET_HashCode key_material[3]; |
2008 | struct GNUNET_CRYPTO_SymmetricSessionKey keys[5]; | ||
2009 | const char salt[] = "CADET Axolotl salt"; | ||
2010 | const struct GNUNET_PeerIdentity *pid; | ||
2011 | int am_I_alice; | ||
2268 | 2012 | ||
2269 | type = ntohs (message->type); | 2013 | LOG (GNUNET_ERROR_TYPE_INFO, "<== { KX} on %s\n", GCT_2s (t)); |
2270 | LOG (GNUNET_ERROR_TYPE_DEBUG, "kx message received: %s\n", GC_m2s (type)); | 2014 | |
2271 | sprintf (buf, "# received KX of type %hu (%s)", type, GC_m2s (type)); | 2015 | if (NULL == t->ax) |
2272 | GNUNET_STATISTICS_update (stats, buf, 1, GNUNET_NO); | ||
2273 | switch (type) | ||
2274 | { | 2016 | { |
2275 | case GNUNET_MESSAGE_TYPE_CADET_AX_KX: | 2017 | /* Something is wrong if ax is NULL. Whose fault it is? */ |
2276 | handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message); | 2018 | return; |
2277 | break; | 2019 | } |
2278 | default: | 2020 | ax = t->ax; |
2279 | GNUNET_break_op (0); | 2021 | |
2280 | LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type)); | 2022 | pid = GCT_get_destination (t); |
2023 | if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, pid)) | ||
2024 | am_I_alice = GNUNET_YES; | ||
2025 | else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, pid)) | ||
2026 | am_I_alice = GNUNET_NO; | ||
2027 | else | ||
2028 | { | ||
2029 | GNUNET_break_op (0); | ||
2030 | return; | ||
2031 | } | ||
2032 | |||
2033 | if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->flags))) | ||
2034 | { | ||
2035 | if (NULL != t->rekey_task) | ||
2036 | { | ||
2037 | GNUNET_SCHEDULER_cancel (t->rekey_task); | ||
2038 | t->rekey_task = NULL; | ||
2039 | } | ||
2040 | GCT_send_kx (t, GNUNET_NO); | ||
2041 | } | ||
2042 | |||
2043 | if (0 == memcmp (&ax->DHRr, &msg->ratchet_key, sizeof(msg->ratchet_key))) | ||
2044 | { | ||
2045 | LOG (GNUNET_ERROR_TYPE_INFO, " known ratchet key, exit\n"); | ||
2046 | return; | ||
2047 | } | ||
2048 | |||
2049 | LOG (GNUNET_ERROR_TYPE_INFO, " is Alice? %s\n", am_I_alice ? "YES" : "NO"); | ||
2050 | |||
2051 | ax->DHRr = msg->ratchet_key; | ||
2052 | |||
2053 | /* ECDH A B0 */ | ||
2054 | if (GNUNET_YES == am_I_alice) | ||
2055 | { | ||
2056 | GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */ | ||
2057 | &msg->ephemeral_key, /* B0 */ | ||
2058 | &key_material[0]); | ||
2059 | } | ||
2060 | else | ||
2061 | { | ||
2062 | GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */ | ||
2063 | &pid->public_key, /* A */ | ||
2064 | &key_material[0]); | ||
2065 | } | ||
2066 | |||
2067 | /* ECDH A0 B */ | ||
2068 | if (GNUNET_YES == am_I_alice) | ||
2069 | { | ||
2070 | GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */ | ||
2071 | &pid->public_key, /* B */ | ||
2072 | &key_material[1]); | ||
2073 | } | ||
2074 | else | ||
2075 | { | ||
2076 | GNUNET_CRYPTO_eddsa_ecdh (id_key, /* A */ | ||
2077 | &msg->ephemeral_key, /* B0 */ | ||
2078 | &key_material[1]); | ||
2079 | |||
2080 | |||
2081 | } | ||
2082 | |||
2083 | /* ECDH A0 B0 */ | ||
2084 | /* (This is the triple-DH, we could probably safely skip this, | ||
2085 | as A0/B0 are already in the key material.) */ | ||
2086 | GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */ | ||
2087 | &msg->ephemeral_key, /* B0 or A0 */ | ||
2088 | &key_material[2]); | ||
2089 | |||
2090 | #if DUMP_KEYS_TO_STDERR | ||
2091 | { | ||
2092 | unsigned int i; | ||
2093 | for (i = 0; i < 3; i++) | ||
2094 | LOG (GNUNET_ERROR_TYPE_INFO, "km[%u]: %s\n", | ||
2095 | i, GNUNET_h2s (&key_material[i])); | ||
2096 | } | ||
2097 | #endif | ||
2098 | |||
2099 | /* KDF */ | ||
2100 | GNUNET_CRYPTO_kdf (keys, sizeof (keys), | ||
2101 | salt, sizeof (salt), | ||
2102 | &key_material, sizeof (key_material), NULL); | ||
2103 | |||
2104 | if (0 == memcmp (&ax->RK, &keys[0], sizeof(ax->RK))) | ||
2105 | { | ||
2106 | LOG (GNUNET_ERROR_TYPE_INFO, " known handshake key, exit\n"); | ||
2107 | return; | ||
2108 | } | ||
2109 | ax->RK = keys[0]; | ||
2110 | if (GNUNET_YES == am_I_alice) | ||
2111 | { | ||
2112 | ax->HKr = keys[1]; | ||
2113 | ax->NHKs = keys[2]; | ||
2114 | ax->NHKr = keys[3]; | ||
2115 | ax->CKr = keys[4]; | ||
2116 | ax->ratchet_flag = GNUNET_YES; | ||
2117 | } | ||
2118 | else | ||
2119 | { | ||
2120 | ax->HKs = keys[1]; | ||
2121 | ax->NHKr = keys[2]; | ||
2122 | ax->NHKs = keys[3]; | ||
2123 | ax->CKs = keys[4]; | ||
2124 | ax->ratchet_flag = GNUNET_NO; | ||
2125 | ax->ratchet_allowed = GNUNET_NO; | ||
2126 | ax->ratchet_counter = 0; | ||
2127 | ax->ratchet_expiration = | ||
2128 | GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(), ratchet_time); | ||
2281 | } | 2129 | } |
2130 | ax->PNs = 0; | ||
2131 | ax->Nr = 0; | ||
2132 | ax->Ns = 0; | ||
2133 | GCT_change_estate (t, CADET_TUNNEL_KEY_PING); | ||
2134 | send_queued_data (t); | ||
2282 | } | 2135 | } |
2283 | 2136 | ||
2284 | /** | 2137 | /** |
@@ -2296,7 +2149,7 @@ GCT_init (const struct GNUNET_CONFIGURATION_Handle *c, | |||
2296 | LOG (GNUNET_ERROR_TYPE_DEBUG, "init\n"); | 2149 | LOG (GNUNET_ERROR_TYPE_DEBUG, "init\n"); |
2297 | 2150 | ||
2298 | expected_overhead = 0; | 2151 | expected_overhead = 0; |
2299 | expected_overhead += sizeof (struct GNUNET_CADET_AX); | 2152 | expected_overhead += sizeof (struct GNUNET_CADET_Encrypted); |
2300 | expected_overhead += sizeof (struct GNUNET_CADET_Data); | 2153 | expected_overhead += sizeof (struct GNUNET_CADET_Data); |
2301 | expected_overhead += sizeof (struct GNUNET_CADET_ACK); | 2154 | expected_overhead += sizeof (struct GNUNET_CADET_ACK); |
2302 | GNUNET_assert (GNUNET_CONSTANTS_CADET_P2P_OVERHEAD == expected_overhead); | 2155 | GNUNET_assert (GNUNET_CONSTANTS_CADET_P2P_OVERHEAD == expected_overhead); |
@@ -2396,8 +2249,8 @@ GCT_change_cstate (struct CadetTunnel* t, enum CadetTunnelCState cstate) | |||
2396 | } | 2249 | } |
2397 | else if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) | 2250 | else if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) |
2398 | { | 2251 | { |
2399 | LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered kx\n"); | 2252 | LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered KX\n"); |
2400 | GCT_send_ax_kx (t, GNUNET_NO); | 2253 | GCT_send_kx (t, GNUNET_NO); |
2401 | } | 2254 | } |
2402 | else | 2255 | else |
2403 | { | 2256 | { |
@@ -3346,34 +3199,55 @@ GCT_send_prebuilt_message (const struct GNUNET_MessageHeader *message, | |||
3346 | 3199 | ||
3347 | 3200 | ||
3348 | /** | 3201 | /** |
3349 | * Send an Axolotl KX message. | 3202 | * Send a KX message. |
3350 | * | 3203 | * |
3351 | * @param t Tunnel on which to send it. | 3204 | * @param t Tunnel on which to send it. |
3352 | * @param force_reply Force the other peer to reply with a KX message. | 3205 | * @param force_reply Force the other peer to reply with a KX message. |
3353 | */ | 3206 | */ |
3354 | void | 3207 | void |
3355 | GCT_send_ax_kx (struct CadetTunnel *t, int force_reply) | 3208 | GCT_send_kx (struct CadetTunnel *t, int force_reply) |
3356 | { | 3209 | { |
3357 | struct GNUNET_CADET_AX_KX msg; | 3210 | struct CadetConnection *c; |
3358 | enum GNUNET_CADET_AX_KX_Flags flags; | 3211 | struct GNUNET_CADET_KX msg; |
3212 | enum GNUNET_CADET_KX_Flags flags; | ||
3359 | 3213 | ||
3360 | LOG (GNUNET_ERROR_TYPE_INFO, "==> { AX_KX} on %s\n", GCT_2s (t)); | 3214 | LOG (GNUNET_ERROR_TYPE_INFO, "==> { KX} on %s\n", GCT_2s (t)); |
3361 | if (NULL != t->ephm_h) | 3215 | if (NULL != t->ephm_h) |
3362 | { | 3216 | { |
3363 | LOG (GNUNET_ERROR_TYPE_INFO, " already queued\n"); | 3217 | LOG (GNUNET_ERROR_TYPE_INFO, " already queued, nop\n"); |
3218 | return; | ||
3219 | } | ||
3220 | |||
3221 | /* Avoid loopback. */ | ||
3222 | if (GCT_is_loopback (t)) | ||
3223 | { | ||
3224 | GNUNET_break (0); | ||
3225 | return; | ||
3226 | } | ||
3227 | c = tunnel_get_connection (t); | ||
3228 | if (NULL == c) | ||
3229 | { | ||
3230 | if (NULL == t->destroy_task && CADET_TUNNEL_READY == t->cstate) | ||
3231 | { | ||
3232 | GNUNET_break (0); | ||
3233 | GCT_debug (t, GNUNET_ERROR_TYPE_ERROR); | ||
3234 | } | ||
3364 | return; | 3235 | return; |
3365 | } | 3236 | } |
3366 | 3237 | ||
3367 | msg.header.size = htons (sizeof (msg)); | 3238 | msg.header.size = htons (sizeof (msg)); |
3368 | msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_AX_KX); | 3239 | msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX); |
3369 | flags = GNUNET_CADET_AX_KX_FLAG_NONE; | 3240 | flags = GNUNET_CADET_KX_FLAG_NONE; |
3370 | if (force_reply) | 3241 | if (GNUNET_YES == force_reply) |
3371 | flags |= GNUNET_CADET_AX_KX_FLAG_FORCE_REPLY; | 3242 | flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY; |
3372 | msg.flags = htonl (flags); | 3243 | msg.flags = htonl (flags); |
3244 | msg.cid = *GCC_get_id (c); | ||
3373 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->kx_0, &msg.ephemeral_key); | 3245 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->kx_0, &msg.ephemeral_key); |
3374 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->DHRs, &msg.ratchet_key); | 3246 | GNUNET_CRYPTO_ecdhe_key_get_public (t->ax->DHRs, &msg.ratchet_key); |
3375 | 3247 | ||
3376 | t->ephm_h = send_kx (t, &msg.header); | 3248 | t->ephm_h = GCC_send_prebuilt_message (&msg.header, 0, 0, |
3249 | c, GCC_is_origin (c, GNUNET_YES), | ||
3250 | GNUNET_YES, &ephm_sent, t); | ||
3377 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) | 3251 | if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) |
3378 | GCT_change_estate (t, CADET_TUNNEL_KEY_SENT); | 3252 | GCT_change_estate (t, CADET_TUNNEL_KEY_SENT); |
3379 | } | 3253 | } |
@@ -3532,8 +3406,8 @@ ax_debug (const struct CadetTunnelAxolotl *ax, enum GNUNET_ErrorType level) | |||
3532 | void | 3406 | void |
3533 | GCT_debug (const struct CadetTunnel *t, enum GNUNET_ErrorType level) | 3407 | GCT_debug (const struct CadetTunnel *t, enum GNUNET_ErrorType level) |
3534 | { | 3408 | { |
3535 | struct CadetTChannel *iterch; | 3409 | struct CadetTChannel *iter_ch; |
3536 | struct CadetTConnection *iterc; | 3410 | struct CadetTConnection *iter_c; |
3537 | int do_log; | 3411 | int do_log; |
3538 | 3412 | ||
3539 | do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK), | 3413 | do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK), |
@@ -3546,33 +3420,20 @@ GCT_debug (const struct CadetTunnel *t, enum GNUNET_ErrorType level) | |||
3546 | LOG2 (level, "TTT cstate %s, estate %s\n", | 3420 | LOG2 (level, "TTT cstate %s, estate %s\n", |
3547 | cstate2s (t->cstate), estate2s (t->estate)); | 3421 | cstate2s (t->cstate), estate2s (t->estate)); |
3548 | #if DUMP_KEYS_TO_STDERR | 3422 | #if DUMP_KEYS_TO_STDERR |
3549 | if (CADET_Axolotl == t->enc_type) | 3423 | ax_debug (t->ax, level); |
3550 | { | ||
3551 | ax_debug (t->ax, level); | ||
3552 | } | ||
3553 | else | ||
3554 | { | ||
3555 | LOG2 (level, "TTT peers EPHM:\t %s\n", | ||
3556 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->peers_ephemeral_key)); | ||
3557 | LOG2 (level, "TTT ENC key:\t %s\n", | ||
3558 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->e_key)); | ||
3559 | LOG2 (level, "TTT DEC key:\t %s\n", | ||
3560 | GNUNET_i2s ((struct GNUNET_PeerIdentity *) &t->d_key)); | ||
3561 | } | ||
3562 | #endif | 3424 | #endif |
3563 | LOG2 (level, "TTT tq_head %p, tq_tail %p\n", t->tq_head, t->tq_tail); | 3425 | LOG2 (level, "TTT tq_head %p, tq_tail %p\n", t->tq_head, t->tq_tail); |
3564 | LOG2 (level, "TTT destroy %p\n", t->destroy_task); | 3426 | LOG2 (level, "TTT destroy %p\n", t->destroy_task); |
3565 | |||
3566 | LOG2 (level, "TTT channels:\n"); | 3427 | LOG2 (level, "TTT channels:\n"); |
3567 | for (iterch = t->channel_head; NULL != iterch; iterch = iterch->next) | 3428 | for (iter_ch = t->channel_head; NULL != iter_ch; iter_ch = iter_ch->next) |
3568 | { | 3429 | { |
3569 | GCCH_debug (iterch->ch, level); | 3430 | GCCH_debug (iter_ch->ch, level); |
3570 | } | 3431 | } |
3571 | 3432 | ||
3572 | LOG2 (level, "TTT connections:\n"); | 3433 | LOG2 (level, "TTT connections:\n"); |
3573 | for (iterc = t->connection_head; NULL != iterc; iterc = iterc->next) | 3434 | for (iter_c = t->connection_head; NULL != iter_c; iter_c = iter_c->next) |
3574 | { | 3435 | { |
3575 | GCC_debug (iterc->c, level); | 3436 | GCC_debug (iter_c->c, level); |
3576 | } | 3437 | } |
3577 | 3438 | ||
3578 | LOG2 (level, "TTT DEBUG TUNNEL END\n"); | 3439 | LOG2 (level, "TTT DEBUG TUNNEL END\n"); |
@@ -3636,3 +3497,4 @@ GCT_iterate_channels (struct CadetTunnel *t, GCT_chan_iter iter, void *cls) | |||
3636 | for (cht = t->channel_head; NULL != cht; cht = cht->next) | 3497 | for (cht = t->channel_head; NULL != cht; cht = cht->next) |
3637 | iter (cls, cht->ch); | 3498 | iter (cls, cht->ch); |
3638 | } | 3499 | } |
3500 | |||