aboutsummaryrefslogtreecommitdiff
path: root/src/cadet/gnunet-service-cadet_tunnels.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/cadet/gnunet-service-cadet_tunnels.c')
-rw-r--r--src/cadet/gnunet-service-cadet_tunnels.c3506
1 files changed, 1763 insertions, 1743 deletions
diff --git a/src/cadet/gnunet-service-cadet_tunnels.c b/src/cadet/gnunet-service-cadet_tunnels.c
index c73f8cdbe..6f2dd1d8d 100644
--- a/src/cadet/gnunet-service-cadet_tunnels.c
+++ b/src/cadet/gnunet-service-cadet_tunnels.c
@@ -42,7 +42,7 @@
42#include "gnunet-service-cadet_paths.h" 42#include "gnunet-service-cadet_paths.h"
43 43
44 44
45#define LOG(level, ...) GNUNET_log_from(level, "cadet-tun", __VA_ARGS__) 45#define LOG(level, ...) GNUNET_log_from (level, "cadet-tun", __VA_ARGS__)
46 46
47/** 47/**
48 * How often do we try to decrypt payload with unverified key 48 * How often do we try to decrypt payload with unverified key
@@ -54,13 +54,15 @@
54/** 54/**
55 * How long do we wait until tearing down an idle tunnel? 55 * How long do we wait until tearing down an idle tunnel?
56 */ 56 */
57#define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90) 57#define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply ( \
58 GNUNET_TIME_UNIT_SECONDS, 90)
58 59
59/** 60/**
60 * How long do we wait initially before retransmitting the KX? 61 * How long do we wait initially before retransmitting the KX?
61 * TODO: replace by 2 RTT if/once we have connection-level RTT data! 62 * TODO: replace by 2 RTT if/once we have connection-level RTT data!
62 */ 63 */
63#define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MILLISECONDS, 250) 64#define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply ( \
65 GNUNET_TIME_UNIT_MILLISECONDS, 250)
64 66
65/** 67/**
66 * Maximum number of skipped keys we keep in memory per tunnel. 68 * Maximum number of skipped keys we keep in memory per tunnel.
@@ -77,7 +79,8 @@
77/** 79/**
78 * Struct to old keys for skipped messages while advancing the Axolotl ratchet. 80 * Struct to old keys for skipped messages while advancing the Axolotl ratchet.
79 */ 81 */
80struct CadetTunnelSkippedKey { 82struct CadetTunnelSkippedKey
83{
81 /** 84 /**
82 * DLL next. 85 * DLL next.
83 */ 86 */
@@ -113,7 +116,8 @@ struct CadetTunnelSkippedKey {
113/** 116/**
114 * Axolotl data, according to https://github.com/trevp/axolotl/wiki . 117 * Axolotl data, according to https://github.com/trevp/axolotl/wiki .
115 */ 118 */
116struct CadetTunnelAxolotl { 119struct CadetTunnelAxolotl
120{
117 /** 121 /**
118 * A (double linked) list of stored message keys and associated header keys 122 * A (double linked) list of stored message keys and associated header keys
119 * for "skipped" messages, i.e. messages that have not been 123 * for "skipped" messages, i.e. messages that have not been
@@ -252,7 +256,8 @@ struct CadetTunnelAxolotl {
252/** 256/**
253 * Struct used to save messages in a non-ready tunnel to send once connected. 257 * Struct used to save messages in a non-ready tunnel to send once connected.
254 */ 258 */
255struct CadetTunnelQueueEntry { 259struct CadetTunnelQueueEntry
260{
256 /** 261 /**
257 * We are entries in a DLL 262 * We are entries in a DLL
258 */ 263 */
@@ -294,7 +299,8 @@ struct CadetTunnelQueueEntry {
294/** 299/**
295 * Struct containing all information regarding a tunnel to a peer. 300 * Struct containing all information regarding a tunnel to a peer.
296 */ 301 */
297struct CadetTunnel { 302struct CadetTunnel
303{
298 /** 304 /**
299 * Destination of the tunnel. 305 * Destination of the tunnel.
300 */ 306 */
@@ -459,19 +465,19 @@ struct CadetTunnel {
459 * @return #GNUNET_YES for Alice, #GNUNET_NO for Betty, #GNUNET_SYSERR if talking to myself 465 * @return #GNUNET_YES for Alice, #GNUNET_NO for Betty, #GNUNET_SYSERR if talking to myself
460 */ 466 */
461static int 467static int
462alice_or_betty(const struct GNUNET_PeerIdentity *other) 468alice_or_betty (const struct GNUNET_PeerIdentity *other)
463{ 469{
464 if (0 > GNUNET_memcmp(&my_full_id, 470 if (0 > GNUNET_memcmp (&my_full_id,
465 other)) 471 other))
466 return GNUNET_YES; 472 return GNUNET_YES;
467 else if (0 < GNUNET_memcmp(&my_full_id, 473 else if (0 < GNUNET_memcmp (&my_full_id,
468 other)) 474 other))
469 return GNUNET_NO; 475 return GNUNET_NO;
470 else 476 else
471 { 477 {
472 GNUNET_break_op(0); 478 GNUNET_break_op (0);
473 return GNUNET_SYSERR; 479 return GNUNET_SYSERR;
474 } 480 }
475} 481}
476 482
477 483
@@ -482,20 +488,20 @@ alice_or_betty(const struct GNUNET_PeerIdentity *other)
482 * @param ct connection to move to unready status 488 * @param ct connection to move to unready status
483 */ 489 */
484static void 490static void
485mark_connection_unready(struct CadetTConnection *ct) 491mark_connection_unready (struct CadetTConnection *ct)
486{ 492{
487 struct CadetTunnel *t = ct->t; 493 struct CadetTunnel *t = ct->t;
488 494
489 GNUNET_assert(GNUNET_YES == ct->is_ready); 495 GNUNET_assert (GNUNET_YES == ct->is_ready);
490 GNUNET_CONTAINER_DLL_remove(t->connection_ready_head, 496 GNUNET_CONTAINER_DLL_remove (t->connection_ready_head,
491 t->connection_ready_tail, 497 t->connection_ready_tail,
492 ct); 498 ct);
493 GNUNET_assert(0 < t->num_ready_connections); 499 GNUNET_assert (0 < t->num_ready_connections);
494 t->num_ready_connections--; 500 t->num_ready_connections--;
495 ct->is_ready = GNUNET_NO; 501 ct->is_ready = GNUNET_NO;
496 GNUNET_CONTAINER_DLL_insert(t->connection_busy_head, 502 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
497 t->connection_busy_tail, 503 t->connection_busy_tail,
498 ct); 504 ct);
499 t->num_busy_connections++; 505 t->num_busy_connections++;
500} 506}
501 507
@@ -508,16 +514,16 @@ mark_connection_unready(struct CadetTConnection *ct)
508 * @return Static string the destination peer's ID. 514 * @return Static string the destination peer's ID.
509 */ 515 */
510const char * 516const char *
511GCT_2s(const struct CadetTunnel *t) 517GCT_2s (const struct CadetTunnel *t)
512{ 518{
513 static char buf[64]; 519 static char buf[64];
514 520
515 if (NULL == t) 521 if (NULL == t)
516 return "Tunnel(NULL)"; 522 return "Tunnel(NULL)";
517 GNUNET_snprintf(buf, 523 GNUNET_snprintf (buf,
518 sizeof(buf), 524 sizeof(buf),
519 "Tunnel %s", 525 "Tunnel %s",
520 GNUNET_i2s(GCP_get_id(t->destination))); 526 GNUNET_i2s (GCP_get_id (t->destination)));
521 return buf; 527 return buf;
522} 528}
523 529
@@ -530,37 +536,37 @@ GCT_2s(const struct CadetTunnel *t)
530 * @return String representation. 536 * @return String representation.
531 */ 537 */
532static const char * 538static const char *
533estate2s(enum CadetTunnelEState es) 539estate2s (enum CadetTunnelEState es)
534{ 540{
535 static char buf[32]; 541 static char buf[32];
536 542
537 switch (es) 543 switch (es)
538 { 544 {
539 case CADET_TUNNEL_KEY_UNINITIALIZED: 545 case CADET_TUNNEL_KEY_UNINITIALIZED:
540 return "CADET_TUNNEL_KEY_UNINITIALIZED"; 546 return "CADET_TUNNEL_KEY_UNINITIALIZED";
541 547
542 case CADET_TUNNEL_KEY_AX_RECV: 548 case CADET_TUNNEL_KEY_AX_RECV:
543 return "CADET_TUNNEL_KEY_AX_RECV"; 549 return "CADET_TUNNEL_KEY_AX_RECV";
544 550
545 case CADET_TUNNEL_KEY_AX_SENT: 551 case CADET_TUNNEL_KEY_AX_SENT:
546 return "CADET_TUNNEL_KEY_AX_SENT"; 552 return "CADET_TUNNEL_KEY_AX_SENT";
547 553
548 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: 554 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
549 return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV"; 555 return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV";
550 556
551 case CADET_TUNNEL_KEY_AX_AUTH_SENT: 557 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
552 return "CADET_TUNNEL_KEY_AX_AUTH_SENT"; 558 return "CADET_TUNNEL_KEY_AX_AUTH_SENT";
553 559
554 case CADET_TUNNEL_KEY_OK: 560 case CADET_TUNNEL_KEY_OK:
555 return "CADET_TUNNEL_KEY_OK"; 561 return "CADET_TUNNEL_KEY_OK";
556 562
557 default: 563 default:
558 GNUNET_snprintf(buf, 564 GNUNET_snprintf (buf,
559 sizeof(buf), 565 sizeof(buf),
560 "%u (UNKNOWN STATE)", 566 "%u (UNKNOWN STATE)",
561 es); 567 es);
562 return buf; 568 return buf;
563 } 569 }
564} 570}
565 571
566 572
@@ -571,7 +577,7 @@ estate2s(enum CadetTunnelEState es)
571 * @return the destination of the tunnel 577 * @return the destination of the tunnel
572 */ 578 */
573struct CadetPeer * 579struct CadetPeer *
574GCT_get_destination(struct CadetTunnel *t) 580GCT_get_destination (struct CadetTunnel *t)
575{ 581{
576 return t->destination; 582 return t->destination;
577} 583}
@@ -585,9 +591,9 @@ GCT_get_destination(struct CadetTunnel *t)
585 * @return Number of channels. 591 * @return Number of channels.
586 */ 592 */
587unsigned int 593unsigned int
588GCT_count_channels(struct CadetTunnel *t) 594GCT_count_channels (struct CadetTunnel *t)
589{ 595{
590 return GNUNET_CONTAINER_multihashmap32_size(t->channels); 596 return GNUNET_CONTAINER_multihashmap32_size (t->channels);
591} 597}
592 598
593 599
@@ -599,11 +605,11 @@ GCT_count_channels(struct CadetTunnel *t)
599 * @return NULL if channel does not exist 605 * @return NULL if channel does not exist
600 */ 606 */
601struct CadetChannel * 607struct CadetChannel *
602lookup_channel(struct CadetTunnel *t, 608lookup_channel (struct CadetTunnel *t,
603 struct GNUNET_CADET_ChannelTunnelNumber ctn) 609 struct GNUNET_CADET_ChannelTunnelNumber ctn)
604{ 610{
605 return GNUNET_CONTAINER_multihashmap32_get(t->channels, 611 return GNUNET_CONTAINER_multihashmap32_get (t->channels,
606 ntohl(ctn.cn)); 612 ntohl (ctn.cn));
607} 613}
608 614
609 615
@@ -615,7 +621,7 @@ lookup_channel(struct CadetTunnel *t,
615 * @return Number of connections created, either being established or ready. 621 * @return Number of connections created, either being established or ready.
616 */ 622 */
617unsigned int 623unsigned int
618GCT_count_any_connections(const struct CadetTunnel *t) 624GCT_count_any_connections (const struct CadetTunnel *t)
619{ 625{
620 return t->num_ready_connections + t->num_busy_connections; 626 return t->num_ready_connections + t->num_busy_connections;
621} 627}
@@ -629,12 +635,12 @@ GCT_count_any_connections(const struct CadetTunnel *t)
629 * @return NULL if we have no connection that is ready 635 * @return NULL if we have no connection that is ready
630 */ 636 */
631static struct CadetTConnection * 637static struct CadetTConnection *
632get_ready_connection(struct CadetTunnel *t) 638get_ready_connection (struct CadetTunnel *t)
633{ 639{
634 struct CadetTConnection *hd = t->connection_ready_head; 640 struct CadetTConnection *hd = t->connection_ready_head;
635 641
636 GNUNET_assert((NULL == hd) || 642 GNUNET_assert ((NULL == hd) ||
637 (GNUNET_YES == hd->is_ready)); 643 (GNUNET_YES == hd->is_ready));
638 return hd; 644 return hd;
639} 645}
640 646
@@ -647,7 +653,7 @@ get_ready_connection(struct CadetTunnel *t)
647 * @return Tunnel's encryption state. 653 * @return Tunnel's encryption state.
648 */ 654 */
649enum CadetTunnelEState 655enum CadetTunnelEState
650GCT_get_estate(struct CadetTunnel *t) 656GCT_get_estate (struct CadetTunnel *t)
651{ 657{
652 return t->estate; 658 return t->estate;
653} 659}
@@ -662,7 +668,7 @@ GCT_get_estate(struct CadetTunnel *t)
662 * @param cls the `struct CadetTunnel` to process messages on 668 * @param cls the `struct CadetTunnel` to process messages on
663 */ 669 */
664static void 670static void
665trigger_transmissions(void *cls); 671trigger_transmissions (void *cls);
666 672
667 673
668/* ************************************** start core crypto ***************************** */ 674/* ************************************** start core crypto ***************************** */
@@ -674,12 +680,12 @@ trigger_transmissions(void *cls);
674 * @param ax key material to update 680 * @param ax key material to update
675 */ 681 */
676static void 682static void
677new_ephemeral(struct CadetTunnelAxolotl *ax) 683new_ephemeral (struct CadetTunnelAxolotl *ax)
678{ 684{
679 LOG(GNUNET_ERROR_TYPE_DEBUG, 685 LOG (GNUNET_ERROR_TYPE_DEBUG,
680 "Creating new ephemeral ratchet key (DHRs)\n"); 686 "Creating new ephemeral ratchet key (DHRs)\n");
681 GNUNET_assert(GNUNET_OK == 687 GNUNET_assert (GNUNET_OK ==
682 GNUNET_CRYPTO_ecdhe_key_create2(&ax->DHRs)); 688 GNUNET_CRYPTO_ecdhe_key_create2 (&ax->DHRs));
683} 689}
684 690
685 691
@@ -693,31 +699,31 @@ new_ephemeral(struct CadetTunnelAxolotl *ax)
693 * @param hmac[out] Destination to store the HMAC. 699 * @param hmac[out] Destination to store the HMAC.
694 */ 700 */
695static void 701static void
696t_hmac(const void *plaintext, 702t_hmac (const void *plaintext,
697 size_t size, 703 size_t size,
698 uint32_t iv, 704 uint32_t iv,
699 const struct GNUNET_CRYPTO_SymmetricSessionKey *key, 705 const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
700 struct GNUNET_ShortHashCode *hmac) 706 struct GNUNET_ShortHashCode *hmac)
701{ 707{
702 static const char ctx[] = "cadet authentication key"; 708 static const char ctx[] = "cadet authentication key";
703 struct GNUNET_CRYPTO_AuthKey auth_key; 709 struct GNUNET_CRYPTO_AuthKey auth_key;
704 struct GNUNET_HashCode hash; 710 struct GNUNET_HashCode hash;
705 711
706 GNUNET_CRYPTO_hmac_derive_key(&auth_key, 712 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
707 key, 713 key,
708 &iv, sizeof(iv), 714 &iv, sizeof(iv),
709 key, sizeof(*key), 715 key, sizeof(*key),
710 ctx, sizeof(ctx), 716 ctx, sizeof(ctx),
711 NULL); 717 NULL);
712 /* Two step: GNUNET_ShortHash is only 256 bits, 718 /* Two step: GNUNET_ShortHash is only 256 bits,
713 GNUNET_HashCode is 512, so we truncate. */ 719 GNUNET_HashCode is 512, so we truncate. */
714 GNUNET_CRYPTO_hmac(&auth_key, 720 GNUNET_CRYPTO_hmac (&auth_key,
715 plaintext, 721 plaintext,
716 size, 722 size,
717 &hash); 723 &hash);
718 GNUNET_memcpy(hmac, 724 GNUNET_memcpy (hmac,
719 &hash, 725 &hash,
720 sizeof(*hmac)); 726 sizeof(*hmac));
721} 727}
722 728
723 729
@@ -730,22 +736,22 @@ t_hmac(const void *plaintext,
730 * @param len Length of @a source. 736 * @param len Length of @a source.
731 */ 737 */
732static void 738static void
733t_ax_hmac_hash(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, 739t_ax_hmac_hash (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
734 struct GNUNET_HashCode *hash, 740 struct GNUNET_HashCode *hash,
735 const void *source, 741 const void *source,
736 unsigned int len) 742 unsigned int len)
737{ 743{
738 static const char ctx[] = "axolotl HMAC-HASH"; 744 static const char ctx[] = "axolotl HMAC-HASH";
739 struct GNUNET_CRYPTO_AuthKey auth_key; 745 struct GNUNET_CRYPTO_AuthKey auth_key;
740 746
741 GNUNET_CRYPTO_hmac_derive_key(&auth_key, 747 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
742 key, 748 key,
743 ctx, sizeof(ctx), 749 ctx, sizeof(ctx),
744 NULL); 750 NULL);
745 GNUNET_CRYPTO_hmac(&auth_key, 751 GNUNET_CRYPTO_hmac (&auth_key,
746 source, 752 source,
747 len, 753 len,
748 hash); 754 hash);
749} 755}
750 756
751 757
@@ -758,22 +764,22 @@ t_ax_hmac_hash(const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
758 * @param len Length of @a source. 764 * @param len Length of @a source.
759 */ 765 */
760static void 766static void
761t_hmac_derive_key(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, 767t_hmac_derive_key (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
762 struct GNUNET_CRYPTO_SymmetricSessionKey *out, 768 struct GNUNET_CRYPTO_SymmetricSessionKey *out,
763 const void *source, 769 const void *source,
764 unsigned int len) 770 unsigned int len)
765{ 771{
766 static const char ctx[] = "axolotl derive key"; 772 static const char ctx[] = "axolotl derive key";
767 struct GNUNET_HashCode h; 773 struct GNUNET_HashCode h;
768 774
769 t_ax_hmac_hash(key, 775 t_ax_hmac_hash (key,
770 &h, 776 &h,
771 source, 777 source,
772 len); 778 len);
773 GNUNET_CRYPTO_kdf(out, sizeof(*out), 779 GNUNET_CRYPTO_kdf (out, sizeof(*out),
774 ctx, sizeof(ctx), 780 ctx, sizeof(ctx),
775 &h, sizeof(h), 781 &h, sizeof(h),
776 NULL); 782 NULL);
777} 783}
778 784
779 785
@@ -786,10 +792,10 @@ t_hmac_derive_key(const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
786 * @param size Size of the buffers at @a src and @a dst 792 * @param size Size of the buffers at @a src and @a dst
787 */ 793 */
788static void 794static void
789t_ax_encrypt(struct CadetTunnelAxolotl *ax, 795t_ax_encrypt (struct CadetTunnelAxolotl *ax,
790 void *dst, 796 void *dst,
791 const void *src, 797 const void *src,
792 size_t size) 798 size_t size)
793{ 799{
794 struct GNUNET_CRYPTO_SymmetricSessionKey MK; 800 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
795 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 801 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -798,66 +804,67 @@ t_ax_encrypt(struct CadetTunnelAxolotl *ax,
798 ax->ratchet_counter++; 804 ax->ratchet_counter++;
799 if ((GNUNET_YES == ax->ratchet_allowed) && 805 if ((GNUNET_YES == ax->ratchet_allowed) &&
800 ((ratchet_messages <= ax->ratchet_counter) || 806 ((ratchet_messages <= ax->ratchet_counter) ||
801 (0 == GNUNET_TIME_absolute_get_remaining(ax->ratchet_expiration).rel_value_us))) 807 (0 == GNUNET_TIME_absolute_get_remaining (
802 { 808 ax->ratchet_expiration).rel_value_us)))
803 ax->ratchet_flag = GNUNET_YES; 809 {
804 } 810 ax->ratchet_flag = GNUNET_YES;
811 }
805 if (GNUNET_YES == ax->ratchet_flag) 812 if (GNUNET_YES == ax->ratchet_flag)
806 { 813 {
807 /* Advance ratchet */ 814 /* Advance ratchet */
808 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; 815 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
809 struct GNUNET_HashCode dh; 816 struct GNUNET_HashCode dh;
810 struct GNUNET_HashCode hmac; 817 struct GNUNET_HashCode hmac;
811 static const char ctx[] = "axolotl ratchet"; 818 static const char ctx[] = "axolotl ratchet";
812 819
813 new_ephemeral(ax); 820 new_ephemeral (ax);
814 ax->HKs = ax->NHKs; 821 ax->HKs = ax->NHKs;
815 822
816 /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */ 823 /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
817 GNUNET_CRYPTO_ecc_ecdh(&ax->DHRs, 824 GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
818 &ax->DHRr, 825 &ax->DHRr,
819 &dh); 826 &dh);
820 t_ax_hmac_hash(&ax->RK, 827 t_ax_hmac_hash (&ax->RK,
821 &hmac, 828 &hmac,
822 &dh, 829 &dh,
823 sizeof(dh)); 830 sizeof(dh));
824 GNUNET_CRYPTO_kdf(keys, sizeof(keys), 831 GNUNET_CRYPTO_kdf (keys, sizeof(keys),
825 ctx, sizeof(ctx), 832 ctx, sizeof(ctx),
826 &hmac, sizeof(hmac), 833 &hmac, sizeof(hmac),
827 NULL); 834 NULL);
828 ax->RK = keys[0]; 835 ax->RK = keys[0];
829 ax->NHKs = keys[1]; 836 ax->NHKs = keys[1];
830 ax->CKs = keys[2]; 837 ax->CKs = keys[2];
831 838
832 ax->PNs = ax->Ns; 839 ax->PNs = ax->Ns;
833 ax->Ns = 0; 840 ax->Ns = 0;
834 ax->ratchet_flag = GNUNET_NO; 841 ax->ratchet_flag = GNUNET_NO;
835 ax->ratchet_allowed = GNUNET_NO; 842 ax->ratchet_allowed = GNUNET_NO;
836 ax->ratchet_counter = 0; 843 ax->ratchet_counter = 0;
837 ax->ratchet_expiration 844 ax->ratchet_expiration
838 = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), 845 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (),
839 ratchet_time); 846 ratchet_time);
840 } 847 }
841 848
842 t_hmac_derive_key(&ax->CKs, 849 t_hmac_derive_key (&ax->CKs,
843 &MK, 850 &MK,
844 "0", 851 "0",
845 1); 852 1);
846 GNUNET_CRYPTO_symmetric_derive_iv(&iv, 853 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
847 &MK, 854 &MK,
848 NULL, 0, 855 NULL, 0,
849 NULL); 856 NULL);
850 857
851 out_size = GNUNET_CRYPTO_symmetric_encrypt(src, 858 out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
852 size, 859 size,
853 &MK, 860 &MK,
854 &iv, 861 &iv,
855 dst); 862 dst);
856 GNUNET_assert(size == out_size); 863 GNUNET_assert (size == out_size);
857 t_hmac_derive_key(&ax->CKs, 864 t_hmac_derive_key (&ax->CKs,
858 &ax->CKs, 865 &ax->CKs,
859 "1", 866 "1",
860 1); 867 1);
861} 868}
862 869
863 870
@@ -870,34 +877,34 @@ t_ax_encrypt(struct CadetTunnelAxolotl *ax,
870 * @param size Size of the @a src and @a dst buffers 877 * @param size Size of the @a src and @a dst buffers
871 */ 878 */
872static void 879static void
873t_ax_decrypt(struct CadetTunnelAxolotl *ax, 880t_ax_decrypt (struct CadetTunnelAxolotl *ax,
874 void *dst, 881 void *dst,
875 const void *src, 882 const void *src,
876 size_t size) 883 size_t size)
877{ 884{
878 struct GNUNET_CRYPTO_SymmetricSessionKey MK; 885 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
879 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 886 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
880 size_t out_size; 887 size_t out_size;
881 888
882 t_hmac_derive_key(&ax->CKr, 889 t_hmac_derive_key (&ax->CKr,
883 &MK, 890 &MK,
884 "0", 891 "0",
885 1); 892 1);
886 GNUNET_CRYPTO_symmetric_derive_iv(&iv, 893 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
887 &MK, 894 &MK,
888 NULL, 0, 895 NULL, 0,
889 NULL); 896 NULL);
890 GNUNET_assert(size >= sizeof(struct GNUNET_MessageHeader)); 897 GNUNET_assert (size >= sizeof(struct GNUNET_MessageHeader));
891 out_size = GNUNET_CRYPTO_symmetric_decrypt(src, 898 out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
892 size, 899 size,
893 &MK, 900 &MK,
894 &iv, 901 &iv,
895 dst); 902 dst);
896 GNUNET_assert(out_size == size); 903 GNUNET_assert (out_size == size);
897 t_hmac_derive_key(&ax->CKr, 904 t_hmac_derive_key (&ax->CKr,
898 &ax->CKr, 905 &ax->CKr,
899 "1", 906 "1",
900 1); 907 1);
901} 908}
902 909
903 910
@@ -908,22 +915,23 @@ t_ax_decrypt(struct CadetTunnelAxolotl *ax,
908 * @param[in|out] msg Message whose header to encrypt. 915 * @param[in|out] msg Message whose header to encrypt.
909 */ 916 */
910static void 917static void
911t_h_encrypt(struct CadetTunnelAxolotl *ax, 918t_h_encrypt (struct CadetTunnelAxolotl *ax,
912 struct GNUNET_CADET_TunnelEncryptedMessage *msg) 919 struct GNUNET_CADET_TunnelEncryptedMessage *msg)
913{ 920{
914 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 921 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
915 size_t out_size; 922 size_t out_size;
916 923
917 GNUNET_CRYPTO_symmetric_derive_iv(&iv, 924 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
918 &ax->HKs, 925 &ax->HKs,
919 NULL, 0, 926 NULL, 0,
920 NULL); 927 NULL);
921 out_size = GNUNET_CRYPTO_symmetric_encrypt(&msg->ax_header, 928 out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header,
922 sizeof(struct GNUNET_CADET_AxHeader), 929 sizeof(struct
923 &ax->HKs, 930 GNUNET_CADET_AxHeader),
924 &iv, 931 &ax->HKs,
925 &msg->ax_header); 932 &iv,
926 GNUNET_assert(sizeof(struct GNUNET_CADET_AxHeader) == out_size); 933 &msg->ax_header);
934 GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == out_size);
927} 935}
928 936
929 937
@@ -935,23 +943,24 @@ t_h_encrypt(struct CadetTunnelAxolotl *ax,
935 * @param dst Where to decrypt header to. 943 * @param dst Where to decrypt header to.
936 */ 944 */
937static void 945static void
938t_h_decrypt(struct CadetTunnelAxolotl *ax, 946t_h_decrypt (struct CadetTunnelAxolotl *ax,
939 const struct GNUNET_CADET_TunnelEncryptedMessage *src, 947 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
940 struct GNUNET_CADET_TunnelEncryptedMessage *dst) 948 struct GNUNET_CADET_TunnelEncryptedMessage *dst)
941{ 949{
942 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 950 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
943 size_t out_size; 951 size_t out_size;
944 952
945 GNUNET_CRYPTO_symmetric_derive_iv(&iv, 953 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
946 &ax->HKr, 954 &ax->HKr,
947 NULL, 0, 955 NULL, 0,
948 NULL); 956 NULL);
949 out_size = GNUNET_CRYPTO_symmetric_decrypt(&src->ax_header.Ns, 957 out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
950 sizeof(struct GNUNET_CADET_AxHeader), 958 sizeof(struct
951 &ax->HKr, 959 GNUNET_CADET_AxHeader),
952 &iv, 960 &ax->HKr,
953 &dst->ax_header.Ns); 961 &iv,
954 GNUNET_assert(sizeof(struct GNUNET_CADET_AxHeader) == out_size); 962 &dst->ax_header.Ns);
963 GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == out_size);
955} 964}
956 965
957 966
@@ -962,13 +971,13 @@ t_h_decrypt(struct CadetTunnelAxolotl *ax,
962 * @param key Key to delete. 971 * @param key Key to delete.
963 */ 972 */
964static void 973static void
965delete_skipped_key(struct CadetTunnelAxolotl *ax, 974delete_skipped_key (struct CadetTunnelAxolotl *ax,
966 struct CadetTunnelSkippedKey *key) 975 struct CadetTunnelSkippedKey *key)
967{ 976{
968 GNUNET_CONTAINER_DLL_remove(ax->skipped_head, 977 GNUNET_CONTAINER_DLL_remove (ax->skipped_head,
969 ax->skipped_tail, 978 ax->skipped_tail,
970 key); 979 key);
971 GNUNET_free(key); 980 GNUNET_free (key);
972 ax->skipped--; 981 ax->skipped--;
973} 982}
974 983
@@ -984,10 +993,10 @@ delete_skipped_key(struct CadetTunnelAxolotl *ax,
984 * @return Size of the decrypted data, -1 if an error was encountered. 993 * @return Size of the decrypted data, -1 if an error was encountered.
985 */ 994 */
986static ssize_t 995static ssize_t
987try_old_ax_keys(struct CadetTunnelAxolotl *ax, 996try_old_ax_keys (struct CadetTunnelAxolotl *ax,
988 void *dst, 997 void *dst,
989 const struct GNUNET_CADET_TunnelEncryptedMessage *src, 998 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
990 size_t size) 999 size_t size)
991{ 1000{
992 struct CadetTunnelSkippedKey *key; 1001 struct CadetTunnelSkippedKey *key;
993 struct GNUNET_ShortHashCode *hmac; 1002 struct GNUNET_ShortHashCode *hmac;
@@ -999,70 +1008,70 @@ try_old_ax_keys(struct CadetTunnelAxolotl *ax,
999 size_t len; 1008 size_t len;
1000 unsigned int N; 1009 unsigned int N;
1001 1010
1002 LOG(GNUNET_ERROR_TYPE_DEBUG, 1011 LOG (GNUNET_ERROR_TYPE_DEBUG,
1003 "Trying skipped keys\n"); 1012 "Trying skipped keys\n");
1004 hmac = &plaintext_header.hmac; 1013 hmac = &plaintext_header.hmac;
1005 esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage); 1014 esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1006 1015
1007 /* Find a correct Header Key */ 1016 /* Find a correct Header Key */
1008 valid_HK = NULL; 1017 valid_HK = NULL;
1009 for (key = ax->skipped_head; NULL != key; key = key->next) 1018 for (key = ax->skipped_head; NULL != key; key = key->next)
1010 { 1019 {
1011 t_hmac(&src->ax_header, 1020 t_hmac (&src->ax_header,
1012 sizeof(struct GNUNET_CADET_AxHeader) + esize, 1021 sizeof(struct GNUNET_CADET_AxHeader) + esize,
1013 0, 1022 0,
1014 &key->HK, 1023 &key->HK,
1015 hmac); 1024 hmac);
1016 if (0 == GNUNET_memcmp(hmac, 1025 if (0 == GNUNET_memcmp (hmac,
1017 &src->hmac)) 1026 &src->hmac))
1018 { 1027 {
1019 valid_HK = &key->HK; 1028 valid_HK = &key->HK;
1020 break; 1029 break;
1021 }
1022 } 1030 }
1031 }
1023 if (NULL == key) 1032 if (NULL == key)
1024 return -1; 1033 return -1;
1025 1034
1026 /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */ 1035 /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
1027 GNUNET_assert(size > sizeof(struct GNUNET_CADET_TunnelEncryptedMessage)); 1036 GNUNET_assert (size > sizeof(struct GNUNET_CADET_TunnelEncryptedMessage));
1028 len = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage); 1037 len = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1029 GNUNET_assert(len >= sizeof(struct GNUNET_MessageHeader)); 1038 GNUNET_assert (len >= sizeof(struct GNUNET_MessageHeader));
1030 1039
1031 /* Decrypt header */ 1040 /* Decrypt header */
1032 GNUNET_CRYPTO_symmetric_derive_iv(&iv, 1041 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
1033 &key->HK, 1042 &key->HK,
1034 NULL, 0, 1043 NULL, 0,
1035 NULL); 1044 NULL);
1036 res = GNUNET_CRYPTO_symmetric_decrypt(&src->ax_header.Ns, 1045 res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
1037 sizeof(struct GNUNET_CADET_AxHeader), 1046 sizeof(struct GNUNET_CADET_AxHeader),
1038 &key->HK, 1047 &key->HK,
1039 &iv, 1048 &iv,
1040 &plaintext_header.ax_header.Ns); 1049 &plaintext_header.ax_header.Ns);
1041 GNUNET_assert(sizeof(struct GNUNET_CADET_AxHeader) == res); 1050 GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == res);
1042 1051
1043 /* Find the correct message key */ 1052 /* Find the correct message key */
1044 N = ntohl(plaintext_header.ax_header.Ns); 1053 N = ntohl (plaintext_header.ax_header.Ns);
1045 while ((NULL != key) && 1054 while ((NULL != key) &&
1046 (N != key->Kn)) 1055 (N != key->Kn))
1047 key = key->next; 1056 key = key->next;
1048 if ((NULL == key) || 1057 if ((NULL == key) ||
1049 (0 != GNUNET_memcmp(&key->HK, 1058 (0 != GNUNET_memcmp (&key->HK,
1050 valid_HK))) 1059 valid_HK)))
1051 return -1; 1060 return -1;
1052 1061
1053 /* Decrypt payload */ 1062 /* Decrypt payload */
1054 GNUNET_CRYPTO_symmetric_derive_iv(&iv, 1063 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
1055 &key->MK, 1064 &key->MK,
1056 NULL, 1065 NULL,
1057 0, 1066 0,
1058 NULL); 1067 NULL);
1059 res = GNUNET_CRYPTO_symmetric_decrypt(&src[1], 1068 res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
1060 len, 1069 len,
1061 &key->MK, 1070 &key->MK,
1062 &iv, 1071 &iv,
1063 dst); 1072 dst);
1064 delete_skipped_key(ax, 1073 delete_skipped_key (ax,
1065 key); 1074 key);
1066 return res; 1075 return res;
1067} 1076}
1068 1077
@@ -1074,26 +1083,26 @@ try_old_ax_keys(struct CadetTunnelAxolotl *ax,
1074 * @param HKr Header Key to use. 1083 * @param HKr Header Key to use.
1075 */ 1084 */
1076static void 1085static void
1077store_skipped_key(struct CadetTunnelAxolotl *ax, 1086store_skipped_key (struct CadetTunnelAxolotl *ax,
1078 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr) 1087 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
1079{ 1088{
1080 struct CadetTunnelSkippedKey *key; 1089 struct CadetTunnelSkippedKey *key;
1081 1090
1082 key = GNUNET_new(struct CadetTunnelSkippedKey); 1091 key = GNUNET_new (struct CadetTunnelSkippedKey);
1083 key->timestamp = GNUNET_TIME_absolute_get(); 1092 key->timestamp = GNUNET_TIME_absolute_get ();
1084 key->Kn = ax->Nr; 1093 key->Kn = ax->Nr;
1085 key->HK = ax->HKr; 1094 key->HK = ax->HKr;
1086 t_hmac_derive_key(&ax->CKr, 1095 t_hmac_derive_key (&ax->CKr,
1087 &key->MK, 1096 &key->MK,
1088 "0", 1097 "0",
1089 1); 1098 1);
1090 t_hmac_derive_key(&ax->CKr, 1099 t_hmac_derive_key (&ax->CKr,
1091 &ax->CKr, 1100 &ax->CKr,
1092 "1", 1101 "1",
1093 1); 1102 1);
1094 GNUNET_CONTAINER_DLL_insert(ax->skipped_head, 1103 GNUNET_CONTAINER_DLL_insert (ax->skipped_head,
1095 ax->skipped_tail, 1104 ax->skipped_tail,
1096 key); 1105 key);
1097 ax->skipped++; 1106 ax->skipped++;
1098 ax->Nr++; 1107 ax->Nr++;
1099} 1108}
@@ -1110,41 +1119,41 @@ store_skipped_key(struct CadetTunnelAxolotl *ax,
1110 * #GNUNET_SYSERR if an error ocurred (@a Np not expected). 1119 * #GNUNET_SYSERR if an error ocurred (@a Np not expected).
1111 */ 1120 */
1112static int 1121static int
1113store_ax_keys(struct CadetTunnelAxolotl *ax, 1122store_ax_keys (struct CadetTunnelAxolotl *ax,
1114 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr, 1123 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
1115 uint32_t Np) 1124 uint32_t Np)
1116{ 1125{
1117 int gap; 1126 int gap;
1118 1127
1119 gap = Np - ax->Nr; 1128 gap = Np - ax->Nr;
1120 LOG(GNUNET_ERROR_TYPE_DEBUG, 1129 LOG (GNUNET_ERROR_TYPE_DEBUG,
1121 "Storing skipped keys [%u, %u)\n", 1130 "Storing skipped keys [%u, %u)\n",
1122 ax->Nr, 1131 ax->Nr,
1123 Np); 1132 Np);
1124 if (MAX_KEY_GAP < gap) 1133 if (MAX_KEY_GAP < gap)
1125 { 1134 {
1126 /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */ 1135 /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */
1127 /* TODO: start new key exchange on return */ 1136 /* TODO: start new key exchange on return */
1128 GNUNET_break_op(0); 1137 GNUNET_break_op (0);
1129 LOG(GNUNET_ERROR_TYPE_WARNING, 1138 LOG (GNUNET_ERROR_TYPE_WARNING,
1130 "Got message %u, expected %u+\n", 1139 "Got message %u, expected %u+\n",
1131 Np, 1140 Np,
1132 ax->Nr); 1141 ax->Nr);
1133 return GNUNET_SYSERR; 1142 return GNUNET_SYSERR;
1134 } 1143 }
1135 if (0 > gap) 1144 if (0 > gap)
1136 { 1145 {
1137 /* Delayed message: don't store keys, flag to try old keys. */ 1146 /* Delayed message: don't store keys, flag to try old keys. */
1138 return GNUNET_SYSERR; 1147 return GNUNET_SYSERR;
1139 } 1148 }
1140 1149
1141 while (ax->Nr < Np) 1150 while (ax->Nr < Np)
1142 store_skipped_key(ax, 1151 store_skipped_key (ax,
1143 HKr); 1152 HKr);
1144 1153
1145 while (ax->skipped > MAX_SKIPPED_KEYS) 1154 while (ax->skipped > MAX_SKIPPED_KEYS)
1146 delete_skipped_key(ax, 1155 delete_skipped_key (ax,
1147 ax->skipped_tail); 1156 ax->skipped_tail);
1148 return GNUNET_OK; 1157 return GNUNET_OK;
1149} 1158}
1150 1159
@@ -1160,10 +1169,11 @@ store_ax_keys(struct CadetTunnelAxolotl *ax,
1160 * @return Size of the decrypted data, -1 if an error was encountered. 1169 * @return Size of the decrypted data, -1 if an error was encountered.
1161 */ 1170 */
1162static ssize_t 1171static ssize_t
1163t_ax_decrypt_and_validate(struct CadetTunnelAxolotl *ax, 1172t_ax_decrypt_and_validate (struct CadetTunnelAxolotl *ax,
1164 void *dst, 1173 void *dst,
1165 const struct GNUNET_CADET_TunnelEncryptedMessage *src, 1174 const struct
1166 size_t size) 1175 GNUNET_CADET_TunnelEncryptedMessage *src,
1176 size_t size)
1167{ 1177{
1168 struct GNUNET_ShortHashCode msg_hmac; 1178 struct GNUNET_ShortHashCode msg_hmac;
1169 struct GNUNET_HashCode hmac; 1179 struct GNUNET_HashCode hmac;
@@ -1175,90 +1185,90 @@ t_ax_decrypt_and_validate(struct CadetTunnelAxolotl *ax,
1175 esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage); 1185 esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1176 1186
1177 /* Try current HK */ 1187 /* Try current HK */
1178 t_hmac(&src->ax_header, 1188 t_hmac (&src->ax_header,
1179 sizeof(struct GNUNET_CADET_AxHeader) + esize, 1189 sizeof(struct GNUNET_CADET_AxHeader) + esize,
1180 0, &ax->HKr, 1190 0, &ax->HKr,
1181 &msg_hmac); 1191 &msg_hmac);
1182 if (0 != GNUNET_memcmp(&msg_hmac, 1192 if (0 != GNUNET_memcmp (&msg_hmac,
1183 &src->hmac)) 1193 &src->hmac))
1194 {
1195 static const char ctx[] = "axolotl ratchet";
1196 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1197 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
1198 struct GNUNET_HashCode dh;
1199 struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1200
1201 /* Try Next HK */
1202 t_hmac (&src->ax_header,
1203 sizeof(struct GNUNET_CADET_AxHeader) + esize,
1204 0,
1205 &ax->NHKr,
1206 &msg_hmac);
1207 if (0 != GNUNET_memcmp (&msg_hmac,
1208 &src->hmac))
1184 { 1209 {
1185 static const char ctx[] = "axolotl ratchet"; 1210 /* Try the skipped keys, if that fails, we're out of luck. */
1186 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */ 1211 return try_old_ax_keys (ax,
1187 struct GNUNET_CRYPTO_SymmetricSessionKey HK; 1212 dst,
1188 struct GNUNET_HashCode dh; 1213 src,
1189 struct GNUNET_CRYPTO_EcdhePublicKey *DHRp; 1214 size);
1190 1215 }
1191 /* Try Next HK */ 1216 HK = ax->HKr;
1192 t_hmac(&src->ax_header, 1217 ax->HKr = ax->NHKr;
1193 sizeof(struct GNUNET_CADET_AxHeader) + esize, 1218 t_h_decrypt (ax,
1194 0, 1219 src,
1195 &ax->NHKr, 1220 &plaintext_header);
1196 &msg_hmac); 1221 Np = ntohl (plaintext_header.ax_header.Ns);
1197 if (0 != GNUNET_memcmp(&msg_hmac, 1222 PNp = ntohl (plaintext_header.ax_header.PNs);
1198 &src->hmac)) 1223 DHRp = &plaintext_header.ax_header.DHRs;
1199 { 1224 store_ax_keys (ax,
1200 /* Try the skipped keys, if that fails, we're out of luck. */ 1225 &HK,
1201 return try_old_ax_keys(ax, 1226 PNp);
1202 dst, 1227
1203 src, 1228 /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1204 size); 1229 GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
1205 } 1230 DHRp,
1206 HK = ax->HKr; 1231 &dh);
1207 ax->HKr = ax->NHKr; 1232 t_ax_hmac_hash (&ax->RK,
1208 t_h_decrypt(ax, 1233 &hmac,
1209 src, 1234 &dh, sizeof(dh));
1210 &plaintext_header); 1235 GNUNET_CRYPTO_kdf (keys, sizeof(keys),
1211 Np = ntohl(plaintext_header.ax_header.Ns); 1236 ctx, sizeof(ctx),
1212 PNp = ntohl(plaintext_header.ax_header.PNs); 1237 &hmac, sizeof(hmac),
1213 DHRp = &plaintext_header.ax_header.DHRs; 1238 NULL);
1214 store_ax_keys(ax, 1239
1215 &HK, 1240 /* Commit "purported" keys */
1216 PNp); 1241 ax->RK = keys[0];
1217 1242 ax->NHKr = keys[1];
1218 /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */ 1243 ax->CKr = keys[2];
1219 GNUNET_CRYPTO_ecc_ecdh(&ax->DHRs, 1244 ax->DHRr = *DHRp;
1220 DHRp, 1245 ax->Nr = 0;
1221 &dh); 1246 ax->ratchet_allowed = GNUNET_YES;
1222 t_ax_hmac_hash(&ax->RK, 1247 }
1223 &hmac,
1224 &dh, sizeof(dh));
1225 GNUNET_CRYPTO_kdf(keys, sizeof(keys),
1226 ctx, sizeof(ctx),
1227 &hmac, sizeof(hmac),
1228 NULL);
1229
1230 /* Commit "purported" keys */
1231 ax->RK = keys[0];
1232 ax->NHKr = keys[1];
1233 ax->CKr = keys[2];
1234 ax->DHRr = *DHRp;
1235 ax->Nr = 0;
1236 ax->ratchet_allowed = GNUNET_YES;
1237 }
1238 else 1248 else
1239 { 1249 {
1240 t_h_decrypt(ax, 1250 t_h_decrypt (ax,
1241 src, 1251 src,
1242 &plaintext_header); 1252 &plaintext_header);
1243 Np = ntohl(plaintext_header.ax_header.Ns); 1253 Np = ntohl (plaintext_header.ax_header.Ns);
1244 PNp = ntohl(plaintext_header.ax_header.PNs); 1254 PNp = ntohl (plaintext_header.ax_header.PNs);
1245 } 1255 }
1246 if ((Np != ax->Nr) && 1256 if ((Np != ax->Nr) &&
1247 (GNUNET_OK != store_ax_keys(ax, 1257 (GNUNET_OK != store_ax_keys (ax,
1248 &ax->HKr, 1258 &ax->HKr,
1249 Np))) 1259 Np)))
1250 { 1260 {
1251 /* Try the skipped keys, if that fails, we're out of luck. */ 1261 /* Try the skipped keys, if that fails, we're out of luck. */
1252 return try_old_ax_keys(ax, 1262 return try_old_ax_keys (ax,
1253 dst, 1263 dst,
1254 src, 1264 src,
1255 size); 1265 size);
1256 } 1266 }
1257 1267
1258 t_ax_decrypt(ax, 1268 t_ax_decrypt (ax,
1259 dst, 1269 dst,
1260 &src[1], 1270 &src[1],
1261 esize); 1271 esize);
1262 ax->Nr = Np + 1; 1272 ax->Nr = Np + 1;
1263 return esize; 1273 return esize;
1264} 1274}
@@ -1274,13 +1284,13 @@ t_ax_decrypt_and_validate(struct CadetTunnelAxolotl *ax,
1274 * @return #GNUNET_OK (continue to iterate) 1284 * @return #GNUNET_OK (continue to iterate)
1275 */ 1285 */
1276static int 1286static int
1277notify_tunnel_up_cb(void *cls, 1287notify_tunnel_up_cb (void *cls,
1278 uint32_t key, 1288 uint32_t key,
1279 void *value) 1289 void *value)
1280{ 1290{
1281 struct CadetChannel *ch = value; 1291 struct CadetChannel *ch = value;
1282 1292
1283 GCCH_tunnel_up(ch); 1293 GCCH_tunnel_up (ch);
1284 return GNUNET_OK; 1294 return GNUNET_OK;
1285} 1295}
1286 1296
@@ -1293,35 +1303,35 @@ notify_tunnel_up_cb(void *cls,
1293 * @param state New encryption state. 1303 * @param state New encryption state.
1294 */ 1304 */
1295void 1305void
1296GCT_change_estate(struct CadetTunnel *t, 1306GCT_change_estate (struct CadetTunnel *t,
1297 enum CadetTunnelEState state) 1307 enum CadetTunnelEState state)
1298{ 1308{
1299 enum CadetTunnelEState old = t->estate; 1309 enum CadetTunnelEState old = t->estate;
1300 1310
1301 t->estate = state; 1311 t->estate = state;
1302 LOG(GNUNET_ERROR_TYPE_DEBUG, 1312 LOG (GNUNET_ERROR_TYPE_DEBUG,
1303 "%s estate changed from %s to %s\n", 1313 "%s estate changed from %s to %s\n",
1304 GCT_2s(t), 1314 GCT_2s (t),
1305 estate2s(old), 1315 estate2s (old),
1306 estate2s(state)); 1316 estate2s (state));
1307 1317
1308 if ((CADET_TUNNEL_KEY_OK != old) && 1318 if ((CADET_TUNNEL_KEY_OK != old) &&
1309 (CADET_TUNNEL_KEY_OK == t->estate)) 1319 (CADET_TUNNEL_KEY_OK == t->estate))
1320 {
1321 if (NULL != t->kx_task)
1310 { 1322 {
1311 if (NULL != t->kx_task) 1323 GNUNET_SCHEDULER_cancel (t->kx_task);
1312 { 1324 t->kx_task = NULL;
1313 GNUNET_SCHEDULER_cancel(t->kx_task);
1314 t->kx_task = NULL;
1315 }
1316 /* notify all channels that have been waiting */
1317 GNUNET_CONTAINER_multihashmap32_iterate(t->channels,
1318 &notify_tunnel_up_cb,
1319 t);
1320 if (NULL != t->send_task)
1321 GNUNET_SCHEDULER_cancel(t->send_task);
1322 t->send_task = GNUNET_SCHEDULER_add_now(&trigger_transmissions,
1323 t);
1324 } 1325 }
1326 /* notify all channels that have been waiting */
1327 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
1328 &notify_tunnel_up_cb,
1329 t);
1330 if (NULL != t->send_task)
1331 GNUNET_SCHEDULER_cancel (t->send_task);
1332 t->send_task = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
1333 t);
1334 }
1325} 1335}
1326 1336
1327 1337
@@ -1334,63 +1344,63 @@ GCT_change_estate(struct CadetTunnel *t,
1334 * @param ax axolotl key context to use 1344 * @param ax axolotl key context to use
1335 */ 1345 */
1336static void 1346static void
1337send_kx(struct CadetTunnel *t, 1347send_kx (struct CadetTunnel *t,
1338 struct CadetTConnection *ct, 1348 struct CadetTConnection *ct,
1339 struct CadetTunnelAxolotl *ax) 1349 struct CadetTunnelAxolotl *ax)
1340{ 1350{
1341 struct CadetConnection *cc; 1351 struct CadetConnection *cc;
1342 struct GNUNET_MQ_Envelope *env; 1352 struct GNUNET_MQ_Envelope *env;
1343 struct GNUNET_CADET_TunnelKeyExchangeMessage *msg; 1353 struct GNUNET_CADET_TunnelKeyExchangeMessage *msg;
1344 enum GNUNET_CADET_KX_Flags flags; 1354 enum GNUNET_CADET_KX_Flags flags;
1345 1355
1346 if (GNUNET_YES != alice_or_betty(GCP_get_id(t->destination))) 1356 if (GNUNET_YES != alice_or_betty (GCP_get_id (t->destination)))
1347 return; /* only Alice may send KX */ 1357 return; /* only Alice may send KX */
1348 if ((NULL == ct) || 1358 if ((NULL == ct) ||
1349 (GNUNET_NO == ct->is_ready)) 1359 (GNUNET_NO == ct->is_ready))
1350 ct = get_ready_connection(t); 1360 ct = get_ready_connection (t);
1351 if (NULL == ct) 1361 if (NULL == ct)
1352 { 1362 {
1353 LOG(GNUNET_ERROR_TYPE_DEBUG, 1363 LOG (GNUNET_ERROR_TYPE_DEBUG,
1354 "Wanted to send %s in state %s, but no connection is ready, deferring\n", 1364 "Wanted to send %s in state %s, but no connection is ready, deferring\n",
1355 GCT_2s(t), 1365 GCT_2s (t),
1356 estate2s(t->estate)); 1366 estate2s (t->estate));
1357 t->next_kx_attempt = GNUNET_TIME_absolute_get(); 1367 t->next_kx_attempt = GNUNET_TIME_absolute_get ();
1358 return; 1368 return;
1359 } 1369 }
1360 cc = ct->cc; 1370 cc = ct->cc;
1361 env = GNUNET_MQ_msg(msg, 1371 env = GNUNET_MQ_msg (msg,
1362 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX); 1372 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX);
1363 flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */ 1373 flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
1364 msg->flags = htonl(flags); 1374 msg->flags = htonl (flags);
1365 msg->cid = *GCC_get_id(cc); 1375 msg->cid = *GCC_get_id (cc);
1366 GNUNET_CRYPTO_ecdhe_key_get_public(&ax->kx_0, 1376 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
1367 &msg->ephemeral_key); 1377 &msg->ephemeral_key);
1368#if DEBUG_KX 1378#if DEBUG_KX
1369 msg->ephemeral_key_XXX = ax->kx_0; 1379 msg->ephemeral_key_XXX = ax->kx_0;
1370 msg->private_key_XXX = *my_private_key; 1380 msg->private_key_XXX = *my_private_key;
1371#endif 1381#endif
1372 LOG(GNUNET_ERROR_TYPE_DEBUG, 1382 LOG (GNUNET_ERROR_TYPE_DEBUG,
1373 "Sending KX message to %s with ephemeral %s on CID %s\n", 1383 "Sending KX message to %s with ephemeral %s on CID %s\n",
1374 GCT_2s(t), 1384 GCT_2s (t),
1375 GNUNET_e2s(&msg->ephemeral_key), 1385 GNUNET_e2s (&msg->ephemeral_key),
1376 GNUNET_sh2s(&msg->cid.connection_of_tunnel)); 1386 GNUNET_sh2s (&msg->cid.connection_of_tunnel));
1377 GNUNET_CRYPTO_ecdhe_key_get_public(&ax->DHRs, 1387 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
1378 &msg->ratchet_key); 1388 &msg->ratchet_key);
1379 mark_connection_unready(ct); 1389 mark_connection_unready (ct);
1380 t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF(t->kx_retry_delay); 1390 t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
1381 t->next_kx_attempt = GNUNET_TIME_relative_to_absolute(t->kx_retry_delay); 1391 t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay);
1382 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) 1392 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1383 GCT_change_estate(t, 1393 GCT_change_estate (t,
1384 CADET_TUNNEL_KEY_AX_SENT); 1394 CADET_TUNNEL_KEY_AX_SENT);
1385 else if (CADET_TUNNEL_KEY_AX_RECV == t->estate) 1395 else if (CADET_TUNNEL_KEY_AX_RECV == t->estate)
1386 GCT_change_estate(t, 1396 GCT_change_estate (t,
1387 CADET_TUNNEL_KEY_AX_SENT_AND_RECV); 1397 CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
1388 GCC_transmit(cc, 1398 GCC_transmit (cc,
1389 env); 1399 env);
1390 GNUNET_STATISTICS_update(stats, 1400 GNUNET_STATISTICS_update (stats,
1391 "# KX transmitted", 1401 "# KX transmitted",
1392 1, 1402 1,
1393 GNUNET_NO); 1403 GNUNET_NO);
1394} 1404}
1395 1405
1396 1406
@@ -1405,10 +1415,10 @@ send_kx(struct CadetTunnel *t,
1405 * (set if we would like to transmit right now, but cannot) 1415 * (set if we would like to transmit right now, but cannot)
1406 */ 1416 */
1407static void 1417static void
1408send_kx_auth(struct CadetTunnel *t, 1418send_kx_auth (struct CadetTunnel *t,
1409 struct CadetTConnection *ct, 1419 struct CadetTConnection *ct,
1410 struct CadetTunnelAxolotl *ax, 1420 struct CadetTunnelAxolotl *ax,
1411 int force_reply) 1421 int force_reply)
1412{ 1422{
1413 struct CadetConnection *cc; 1423 struct CadetConnection *cc;
1414 struct GNUNET_MQ_Envelope *env; 1424 struct GNUNET_MQ_Envelope *env;
@@ -1417,64 +1427,64 @@ send_kx_auth(struct CadetTunnel *t,
1417 1427
1418 if ((NULL == ct) || 1428 if ((NULL == ct) ||
1419 (GNUNET_NO == ct->is_ready)) 1429 (GNUNET_NO == ct->is_ready))
1420 ct = get_ready_connection(t); 1430 ct = get_ready_connection (t);
1421 if (NULL == ct) 1431 if (NULL == ct)
1422 { 1432 {
1423 LOG(GNUNET_ERROR_TYPE_DEBUG, 1433 LOG (GNUNET_ERROR_TYPE_DEBUG,
1424 "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n", 1434 "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n",
1425 GCT_2s(t)); 1435 GCT_2s (t));
1426 t->next_kx_attempt = GNUNET_TIME_absolute_get(); 1436 t->next_kx_attempt = GNUNET_TIME_absolute_get ();
1427 t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */ 1437 t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */
1428 return; 1438 return;
1429 } 1439 }
1430 t->kx_auth_requested = GNUNET_NO; /* clear flag */ 1440 t->kx_auth_requested = GNUNET_NO; /* clear flag */
1431 cc = ct->cc; 1441 cc = ct->cc;
1432 env = GNUNET_MQ_msg(msg, 1442 env = GNUNET_MQ_msg (msg,
1433 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH); 1443 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH);
1434 flags = GNUNET_CADET_KX_FLAG_NONE; 1444 flags = GNUNET_CADET_KX_FLAG_NONE;
1435 if (GNUNET_YES == force_reply) 1445 if (GNUNET_YES == force_reply)
1436 flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY; 1446 flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY;
1437 msg->kx.flags = htonl(flags); 1447 msg->kx.flags = htonl (flags);
1438 msg->kx.cid = *GCC_get_id(cc); 1448 msg->kx.cid = *GCC_get_id (cc);
1439 GNUNET_CRYPTO_ecdhe_key_get_public(&ax->kx_0, 1449 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
1440 &msg->kx.ephemeral_key); 1450 &msg->kx.ephemeral_key);
1441 GNUNET_CRYPTO_ecdhe_key_get_public(&ax->DHRs, 1451 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
1442 &msg->kx.ratchet_key); 1452 &msg->kx.ratchet_key);
1443#if DEBUG_KX 1453#if DEBUG_KX
1444 msg->kx.ephemeral_key_XXX = ax->kx_0; 1454 msg->kx.ephemeral_key_XXX = ax->kx_0;
1445 msg->kx.private_key_XXX = *my_private_key; 1455 msg->kx.private_key_XXX = *my_private_key;
1446 msg->r_ephemeral_key_XXX = ax->last_ephemeral; 1456 msg->r_ephemeral_key_XXX = ax->last_ephemeral;
1447#endif 1457#endif
1448 LOG(GNUNET_ERROR_TYPE_DEBUG, 1458 LOG (GNUNET_ERROR_TYPE_DEBUG,
1449 "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n", 1459 "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n",
1450 GCT_2s(t), 1460 GCT_2s (t),
1451 GNUNET_e2s(&msg->kx.ephemeral_key), 1461 GNUNET_e2s (&msg->kx.ephemeral_key),
1452 GNUNET_sh2s(&msg->kx.cid.connection_of_tunnel)); 1462 GNUNET_sh2s (&msg->kx.cid.connection_of_tunnel));
1453 1463
1454 /* Compute authenticator (this is the main difference to #send_kx()) */ 1464 /* Compute authenticator (this is the main difference to #send_kx()) */
1455 GNUNET_CRYPTO_hash(&ax->RK, 1465 GNUNET_CRYPTO_hash (&ax->RK,
1456 sizeof(ax->RK), 1466 sizeof(ax->RK),
1457 &msg->auth); 1467 &msg->auth);
1458 /* Compute when to be triggered again; actual job will 1468 /* Compute when to be triggered again; actual job will
1459 be scheduled via #connection_ready_cb() */ 1469 be scheduled via #connection_ready_cb() */
1460 t->kx_retry_delay 1470 t->kx_retry_delay
1461 = GNUNET_TIME_STD_BACKOFF(t->kx_retry_delay); 1471 = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
1462 t->next_kx_attempt 1472 t->next_kx_attempt
1463 = GNUNET_TIME_relative_to_absolute(t->kx_retry_delay); 1473 = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay);
1464 1474
1465 /* Send via cc, mark it as unready */ 1475 /* Send via cc, mark it as unready */
1466 mark_connection_unready(ct); 1476 mark_connection_unready (ct);
1467 1477
1468 /* Update state machine, unless we are already OK */ 1478 /* Update state machine, unless we are already OK */
1469 if (CADET_TUNNEL_KEY_OK != t->estate) 1479 if (CADET_TUNNEL_KEY_OK != t->estate)
1470 GCT_change_estate(t, 1480 GCT_change_estate (t,
1471 CADET_TUNNEL_KEY_AX_AUTH_SENT); 1481 CADET_TUNNEL_KEY_AX_AUTH_SENT);
1472 GCC_transmit(cc, 1482 GCC_transmit (cc,
1473 env); 1483 env);
1474 GNUNET_STATISTICS_update(stats, 1484 GNUNET_STATISTICS_update (stats,
1475 "# KX_AUTH transmitted", 1485 "# KX_AUTH transmitted",
1476 1, 1486 1,
1477 GNUNET_NO); 1487 GNUNET_NO);
1478} 1488}
1479 1489
1480 1490
@@ -1484,14 +1494,14 @@ send_kx_auth(struct CadetTunnel *t,
1484 * @param ax state to free, but not memory of @a ax itself 1494 * @param ax state to free, but not memory of @a ax itself
1485 */ 1495 */
1486static void 1496static void
1487cleanup_ax(struct CadetTunnelAxolotl *ax) 1497cleanup_ax (struct CadetTunnelAxolotl *ax)
1488{ 1498{
1489 while (NULL != ax->skipped_head) 1499 while (NULL != ax->skipped_head)
1490 delete_skipped_key(ax, 1500 delete_skipped_key (ax,
1491 ax->skipped_head); 1501 ax->skipped_head);
1492 GNUNET_assert(0 == ax->skipped); 1502 GNUNET_assert (0 == ax->skipped);
1493 GNUNET_CRYPTO_ecdhe_key_clear(&ax->kx_0); 1503 GNUNET_CRYPTO_ecdhe_key_clear (&ax->kx_0);
1494 GNUNET_CRYPTO_ecdhe_key_clear(&ax->DHRs); 1504 GNUNET_CRYPTO_ecdhe_key_clear (&ax->DHRs);
1495} 1505}
1496 1506
1497 1507
@@ -1509,105 +1519,105 @@ cleanup_ax(struct CadetTunnelAxolotl *ax)
1509 * #GNUNET_SYSERR on hard errors (i.e. @a pid is #my_full_id) 1519 * #GNUNET_SYSERR on hard errors (i.e. @a pid is #my_full_id)
1510 */ 1520 */
1511static int 1521static int
1512update_ax_by_kx(struct CadetTunnelAxolotl *ax, 1522update_ax_by_kx (struct CadetTunnelAxolotl *ax,
1513 const struct GNUNET_PeerIdentity *pid, 1523 const struct GNUNET_PeerIdentity *pid,
1514 const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key, 1524 const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key,
1515 const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key) 1525 const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
1516{ 1526{
1517 struct GNUNET_HashCode key_material[3]; 1527 struct GNUNET_HashCode key_material[3];
1518 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5]; 1528 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1519 const char salt[] = "CADET Axolotl salt"; 1529 const char salt[] = "CADET Axolotl salt";
1520 int am_I_alice; 1530 int am_I_alice;
1521 1531
1522 if (GNUNET_SYSERR == (am_I_alice = alice_or_betty(pid))) 1532 if (GNUNET_SYSERR == (am_I_alice = alice_or_betty (pid)))
1523 { 1533 {
1524 GNUNET_break_op(0); 1534 GNUNET_break_op (0);
1525 return GNUNET_SYSERR; 1535 return GNUNET_SYSERR;
1526 } 1536 }
1527 if (0 == GNUNET_memcmp(&ax->DHRr, 1537 if (0 == GNUNET_memcmp (&ax->DHRr,
1528 ratchet_key)) 1538 ratchet_key))
1529 { 1539 {
1530 GNUNET_STATISTICS_update(stats, 1540 GNUNET_STATISTICS_update (stats,
1531 "# Ratchet key already known", 1541 "# Ratchet key already known",
1532 1, 1542 1,
1533 GNUNET_NO); 1543 GNUNET_NO);
1534 LOG(GNUNET_ERROR_TYPE_DEBUG, 1544 LOG (GNUNET_ERROR_TYPE_DEBUG,
1535 "Ratchet key already known. Ignoring KX.\n"); 1545 "Ratchet key already known. Ignoring KX.\n");
1536 return GNUNET_NO; 1546 return GNUNET_NO;
1537 } 1547 }
1538 1548
1539 ax->DHRr = *ratchet_key; 1549 ax->DHRr = *ratchet_key;
1540 ax->last_ephemeral = *ephemeral_key; 1550 ax->last_ephemeral = *ephemeral_key;
1541 /* ECDH A B0 */ 1551 /* ECDH A B0 */
1542 if (GNUNET_YES == am_I_alice) 1552 if (GNUNET_YES == am_I_alice)
1543 { 1553 {
1544 GNUNET_CRYPTO_eddsa_ecdh(my_private_key, /* a */ 1554 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* a */
1545 ephemeral_key, /* B0 */ 1555 ephemeral_key, /* B0 */
1546 &key_material[0]); 1556 &key_material[0]);
1547 } 1557 }
1548 else 1558 else
1549 { 1559 {
1550 GNUNET_CRYPTO_ecdh_eddsa(&ax->kx_0, /* b0 */ 1560 GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */
1551 &pid->public_key, /* A */ 1561 &pid->public_key, /* A */
1552 &key_material[0]); 1562 &key_material[0]);
1553 } 1563 }
1554 /* ECDH A0 B */ 1564 /* ECDH A0 B */
1555 if (GNUNET_YES == am_I_alice) 1565 if (GNUNET_YES == am_I_alice)
1556 { 1566 {
1557 GNUNET_CRYPTO_ecdh_eddsa(&ax->kx_0, /* a0 */ 1567 GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */
1558 &pid->public_key, /* B */ 1568 &pid->public_key, /* B */
1559 &key_material[1]); 1569 &key_material[1]);
1560 } 1570 }
1561 else 1571 else
1562 { 1572 {
1563 GNUNET_CRYPTO_eddsa_ecdh(my_private_key, /* b */ 1573 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* b */
1564 ephemeral_key, /* A0 */ 1574 ephemeral_key, /* A0 */
1565 &key_material[1]); 1575 &key_material[1]);
1566 } 1576 }
1567 1577
1568 /* ECDH A0 B0 */ 1578 /* ECDH A0 B0 */
1569 GNUNET_CRYPTO_ecc_ecdh(&ax->kx_0, /* a0 or b0 */ 1579 GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */
1570 ephemeral_key, /* B0 or A0 */ 1580 ephemeral_key, /* B0 or A0 */
1571 &key_material[2]); 1581 &key_material[2]);
1572 /* KDF */ 1582 /* KDF */
1573 GNUNET_CRYPTO_kdf(keys, sizeof(keys), 1583 GNUNET_CRYPTO_kdf (keys, sizeof(keys),
1574 salt, sizeof(salt), 1584 salt, sizeof(salt),
1575 &key_material, sizeof(key_material), 1585 &key_material, sizeof(key_material),
1576 NULL); 1586 NULL);
1577 1587
1578 if (0 == memcmp(&ax->RK, 1588 if (0 == memcmp (&ax->RK,
1579 &keys[0], 1589 &keys[0],
1580 sizeof(ax->RK))) 1590 sizeof(ax->RK)))
1581 { 1591 {
1582 LOG(GNUNET_ERROR_TYPE_DEBUG, 1592 LOG (GNUNET_ERROR_TYPE_DEBUG,
1583 "Root key already known. Ignoring KX.\n"); 1593 "Root key already known. Ignoring KX.\n");
1584 GNUNET_STATISTICS_update(stats, 1594 GNUNET_STATISTICS_update (stats,
1585 "# Root key already known", 1595 "# Root key already known",
1586 1, 1596 1,
1587 GNUNET_NO); 1597 GNUNET_NO);
1588 return GNUNET_NO; 1598 return GNUNET_NO;
1589 } 1599 }
1590 1600
1591 ax->RK = keys[0]; 1601 ax->RK = keys[0];
1592 if (GNUNET_YES == am_I_alice) 1602 if (GNUNET_YES == am_I_alice)
1593 { 1603 {
1594 ax->HKr = keys[1]; 1604 ax->HKr = keys[1];
1595 ax->NHKs = keys[2]; 1605 ax->NHKs = keys[2];
1596 ax->NHKr = keys[3]; 1606 ax->NHKr = keys[3];
1597 ax->CKr = keys[4]; 1607 ax->CKr = keys[4];
1598 ax->ratchet_flag = GNUNET_YES; 1608 ax->ratchet_flag = GNUNET_YES;
1599 } 1609 }
1600 else 1610 else
1601 { 1611 {
1602 ax->HKs = keys[1]; 1612 ax->HKs = keys[1];
1603 ax->NHKr = keys[2]; 1613 ax->NHKr = keys[2];
1604 ax->NHKs = keys[3]; 1614 ax->NHKs = keys[3];
1605 ax->CKs = keys[4]; 1615 ax->CKs = keys[4];
1606 ax->ratchet_flag = GNUNET_NO; 1616 ax->ratchet_flag = GNUNET_NO;
1607 ax->ratchet_expiration 1617 ax->ratchet_expiration
1608 = GNUNET_TIME_absolute_add(GNUNET_TIME_absolute_get(), 1618 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (),
1609 ratchet_time); 1619 ratchet_time);
1610 } 1620 }
1611 return GNUNET_OK; 1621 return GNUNET_OK;
1612} 1622}
1613 1623
@@ -1618,89 +1628,89 @@ update_ax_by_kx(struct CadetTunnelAxolotl *ax,
1618 * @param cls the `struct CadetTunnel` to do KX for. 1628 * @param cls the `struct CadetTunnel` to do KX for.
1619 */ 1629 */
1620static void 1630static void
1621retry_kx(void *cls) 1631retry_kx (void *cls)
1622{ 1632{
1623 struct CadetTunnel *t = cls; 1633 struct CadetTunnel *t = cls;
1624 struct CadetTunnelAxolotl *ax; 1634 struct CadetTunnelAxolotl *ax;
1625 1635
1626 t->kx_task = NULL; 1636 t->kx_task = NULL;
1627 LOG(GNUNET_ERROR_TYPE_DEBUG, 1637 LOG (GNUNET_ERROR_TYPE_DEBUG,
1628 "Trying to make KX progress on %s in state %s\n", 1638 "Trying to make KX progress on %s in state %s\n",
1629 GCT_2s(t), 1639 GCT_2s (t),
1630 estate2s(t->estate)); 1640 estate2s (t->estate));
1631 switch (t->estate) 1641 switch (t->estate)
1632 { 1642 {
1633 case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */ 1643 case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
1634 case CADET_TUNNEL_KEY_AX_SENT: /* trying again */ 1644 case CADET_TUNNEL_KEY_AX_SENT: /* trying again */
1635 send_kx(t, 1645 send_kx (t,
1636 NULL, 1646 NULL,
1637 &t->ax); 1647 &t->ax);
1638 break; 1648 break;
1639 1649
1640 case CADET_TUNNEL_KEY_AX_RECV: 1650 case CADET_TUNNEL_KEY_AX_RECV:
1641 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: 1651 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
1642 /* We are responding, so only require reply 1652 /* We are responding, so only require reply
1643 if WE have a channel waiting. */ 1653 if WE have a channel waiting. */
1644 if (NULL != t->unverified_ax) 1654 if (NULL != t->unverified_ax)
1645 { 1655 {
1646 /* Send AX_AUTH so we might get this one verified */ 1656 /* Send AX_AUTH so we might get this one verified */
1647 ax = t->unverified_ax; 1657 ax = t->unverified_ax;
1648 } 1658 }
1649 else 1659 else
1650 { 1660 {
1651 /* How can this be? */ 1661 /* How can this be? */
1652 GNUNET_break(0); 1662 GNUNET_break (0);
1653 ax = &t->ax; 1663 ax = &t->ax;
1654 } 1664 }
1655 send_kx_auth(t, 1665 send_kx_auth (t,
1656 NULL, 1666 NULL,
1657 ax, 1667 ax,
1658 (0 == GCT_count_channels(t)) 1668 (0 == GCT_count_channels (t))
1659 ? GNUNET_NO 1669 ? GNUNET_NO
1660 : GNUNET_YES); 1670 : GNUNET_YES);
1661 break; 1671 break;
1662 1672
1663 case CADET_TUNNEL_KEY_AX_AUTH_SENT: 1673 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
1664 /* We are responding, so only require reply 1674 /* We are responding, so only require reply
1665 if WE have a channel waiting. */ 1675 if WE have a channel waiting. */
1666 if (NULL != t->unverified_ax) 1676 if (NULL != t->unverified_ax)
1667 { 1677 {
1668 /* Send AX_AUTH so we might get this one verified */ 1678 /* Send AX_AUTH so we might get this one verified */
1669 ax = t->unverified_ax; 1679 ax = t->unverified_ax;
1670 } 1680 }
1671 else 1681 else
1672 { 1682 {
1673 /* How can this be? */ 1683 /* How can this be? */
1674 GNUNET_break(0); 1684 GNUNET_break (0);
1675 ax = &t->ax; 1685 ax = &t->ax;
1676 } 1686 }
1677 send_kx_auth(t, 1687 send_kx_auth (t,
1678 NULL, 1688 NULL,
1679 ax, 1689 ax,
1680 (0 == GCT_count_channels(t)) 1690 (0 == GCT_count_channels (t))
1681 ? GNUNET_NO 1691 ? GNUNET_NO
1682 : GNUNET_YES); 1692 : GNUNET_YES);
1683 break; 1693 break;
1684 1694
1685 case CADET_TUNNEL_KEY_OK: 1695 case CADET_TUNNEL_KEY_OK:
1686 /* Must have been the *other* peer asking us to 1696 /* Must have been the *other* peer asking us to
1687 respond with a KX_AUTH. */ 1697 respond with a KX_AUTH. */
1688 if (NULL != t->unverified_ax) 1698 if (NULL != t->unverified_ax)
1689 { 1699 {
1690 /* Sending AX_AUTH in response to AX so we might get this one verified */ 1700 /* Sending AX_AUTH in response to AX so we might get this one verified */
1691 ax = t->unverified_ax; 1701 ax = t->unverified_ax;
1692 }
1693 else
1694 {
1695 /* Sending AX_AUTH in response to AX_AUTH */
1696 ax = &t->ax;
1697 }
1698 send_kx_auth(t,
1699 NULL,
1700 ax,
1701 GNUNET_NO);
1702 break;
1703 } 1702 }
1703 else
1704 {
1705 /* Sending AX_AUTH in response to AX_AUTH */
1706 ax = &t->ax;
1707 }
1708 send_kx_auth (t,
1709 NULL,
1710 ax,
1711 GNUNET_NO);
1712 break;
1713 }
1704} 1714}
1705 1715
1706 1716
@@ -1713,98 +1723,98 @@ retry_kx(void *cls)
1713 * @param msg the key exchange message 1723 * @param msg the key exchange message
1714 */ 1724 */
1715void 1725void
1716GCT_handle_kx(struct CadetTConnection *ct, 1726GCT_handle_kx (struct CadetTConnection *ct,
1717 const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg) 1727 const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
1718{ 1728{
1719 struct CadetTunnel *t = ct->t; 1729 struct CadetTunnel *t = ct->t;
1720 int ret; 1730 int ret;
1721 1731
1722 GNUNET_STATISTICS_update(stats, 1732 GNUNET_STATISTICS_update (stats,
1723 "# KX received", 1733 "# KX received",
1724 1, 1734 1,
1725 GNUNET_NO); 1735 GNUNET_NO);
1726 if (GNUNET_YES == 1736 if (GNUNET_YES ==
1727 alice_or_betty(GCP_get_id(t->destination))) 1737 alice_or_betty (GCP_get_id (t->destination)))
1728 { 1738 {
1729 /* Betty/Bob is not allowed to send KX! */ 1739 /* Betty/Bob is not allowed to send KX! */
1730 GNUNET_break_op(0); 1740 GNUNET_break_op (0);
1731 return; 1741 return;
1732 } 1742 }
1733 LOG(GNUNET_ERROR_TYPE_DEBUG, 1743 LOG (GNUNET_ERROR_TYPE_DEBUG,
1734 "Received KX message from %s with ephemeral %s from %s on connection %s\n", 1744 "Received KX message from %s with ephemeral %s from %s on connection %s\n",
1735 GCT_2s(t), 1745 GCT_2s (t),
1736 GNUNET_e2s(&msg->ephemeral_key), 1746 GNUNET_e2s (&msg->ephemeral_key),
1737 GNUNET_i2s(GCP_get_id(t->destination)), 1747 GNUNET_i2s (GCP_get_id (t->destination)),
1738 GCC_2s(ct->cc)); 1748 GCC_2s (ct->cc));
1739#if 1 1749#if 1
1740 if ((0 == 1750 if ((0 ==
1741 memcmp(&t->ax.DHRr, 1751 memcmp (&t->ax.DHRr,
1742 &msg->ratchet_key, 1752 &msg->ratchet_key,
1743 sizeof(msg->ratchet_key))) && 1753 sizeof(msg->ratchet_key))) &&
1744 (0 == 1754 (0 ==
1745 memcmp(&t->ax.last_ephemeral, 1755 memcmp (&t->ax.last_ephemeral,
1746 &msg->ephemeral_key, 1756 &msg->ephemeral_key,
1747 sizeof(msg->ephemeral_key)))) 1757 sizeof(msg->ephemeral_key))))
1748 1758
1749 { 1759 {
1750 GNUNET_STATISTICS_update(stats, 1760 GNUNET_STATISTICS_update (stats,
1751 "# Duplicate KX received", 1761 "# Duplicate KX received",
1752 1, 1762 1,
1753 GNUNET_NO); 1763 GNUNET_NO);
1754 send_kx_auth(t, 1764 send_kx_auth (t,
1755 ct, 1765 ct,
1756 &t->ax, 1766 &t->ax,
1757 GNUNET_NO); 1767 GNUNET_NO);
1758 return; 1768 return;
1759 } 1769 }
1760#endif 1770#endif
1761 /* We only keep ONE unverified KX around, so if there is an existing one, 1771 /* We only keep ONE unverified KX around, so if there is an existing one,
1762 clean it up. */ 1772 clean it up. */
1763 if (NULL != t->unverified_ax) 1773 if (NULL != t->unverified_ax)
1764 { 1774 {
1765 if ((0 == 1775 if ((0 ==
1766 memcmp(&t->unverified_ax->DHRr, 1776 memcmp (&t->unverified_ax->DHRr,
1767 &msg->ratchet_key, 1777 &msg->ratchet_key,
1768 sizeof(msg->ratchet_key))) && 1778 sizeof(msg->ratchet_key))) &&
1769 (0 == 1779 (0 ==
1770 memcmp(&t->unverified_ax->last_ephemeral, 1780 memcmp (&t->unverified_ax->last_ephemeral,
1771 &msg->ephemeral_key, 1781 &msg->ephemeral_key,
1772 sizeof(msg->ephemeral_key)))) 1782 sizeof(msg->ephemeral_key))))
1773 { 1783 {
1774 GNUNET_STATISTICS_update(stats, 1784 GNUNET_STATISTICS_update (stats,
1775 "# Duplicate unverified KX received", 1785 "# Duplicate unverified KX received",
1776 1, 1786 1,
1777 GNUNET_NO); 1787 GNUNET_NO);
1778#if 1 1788#if 1
1779 send_kx_auth(t, 1789 send_kx_auth (t,
1780 ct, 1790 ct,
1781 t->unverified_ax, 1791 t->unverified_ax,
1782 GNUNET_NO); 1792 GNUNET_NO);
1783 return; 1793 return;
1784#endif 1794#endif
1785 }
1786 LOG(GNUNET_ERROR_TYPE_DEBUG,
1787 "Dropping old unverified KX state.\n");
1788 GNUNET_STATISTICS_update(stats,
1789 "# Unverified KX dropped for fresh KX",
1790 1,
1791 GNUNET_NO);
1792 GNUNET_break(NULL == t->unverified_ax->skipped_head);
1793 memset(t->unverified_ax,
1794 0,
1795 sizeof(struct CadetTunnelAxolotl));
1796 } 1795 }
1796 LOG (GNUNET_ERROR_TYPE_DEBUG,
1797 "Dropping old unverified KX state.\n");
1798 GNUNET_STATISTICS_update (stats,
1799 "# Unverified KX dropped for fresh KX",
1800 1,
1801 GNUNET_NO);
1802 GNUNET_break (NULL == t->unverified_ax->skipped_head);
1803 memset (t->unverified_ax,
1804 0,
1805 sizeof(struct CadetTunnelAxolotl));
1806 }
1797 else 1807 else
1798 { 1808 {
1799 LOG(GNUNET_ERROR_TYPE_DEBUG, 1809 LOG (GNUNET_ERROR_TYPE_DEBUG,
1800 "Creating fresh unverified KX for %s\n", 1810 "Creating fresh unverified KX for %s\n",
1801 GCT_2s(t)); 1811 GCT_2s (t));
1802 GNUNET_STATISTICS_update(stats, 1812 GNUNET_STATISTICS_update (stats,
1803 "# Fresh KX setup", 1813 "# Fresh KX setup",
1804 1, 1814 1,
1805 GNUNET_NO); 1815 GNUNET_NO);
1806 t->unverified_ax = GNUNET_new(struct CadetTunnelAxolotl); 1816 t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl);
1807 } 1817 }
1808 /* Set as the 'current' RK/DHRr the one we are currently using, 1818 /* Set as the 'current' RK/DHRr the one we are currently using,
1809 so that the duplicate-detection logic of 1819 so that the duplicate-detection logic of
1810 #update_ax_by_kx can work. */ 1820 #update_ax_by_kx can work. */
@@ -1815,101 +1825,101 @@ GCT_handle_kx(struct CadetTConnection *ct,
1815 t->unverified_attempts = 0; 1825 t->unverified_attempts = 0;
1816 1826
1817 /* Update 'ax' by the new key material */ 1827 /* Update 'ax' by the new key material */
1818 ret = update_ax_by_kx(t->unverified_ax, 1828 ret = update_ax_by_kx (t->unverified_ax,
1819 GCP_get_id(t->destination), 1829 GCP_get_id (t->destination),
1820 &msg->ephemeral_key, 1830 &msg->ephemeral_key,
1821 &msg->ratchet_key); 1831 &msg->ratchet_key);
1822 GNUNET_break(GNUNET_SYSERR != ret); 1832 GNUNET_break (GNUNET_SYSERR != ret);
1823 if (GNUNET_OK != ret) 1833 if (GNUNET_OK != ret)
1824 { 1834 {
1825 GNUNET_STATISTICS_update(stats, 1835 GNUNET_STATISTICS_update (stats,
1826 "# Useless KX", 1836 "# Useless KX",
1827 1, 1837 1,
1828 GNUNET_NO); 1838 GNUNET_NO);
1829 return; /* duplicate KX, nothing to do */ 1839 return; /* duplicate KX, nothing to do */
1830 } 1840 }
1831 /* move ahead in our state machine */ 1841 /* move ahead in our state machine */
1832 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) 1842 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1833 GCT_change_estate(t, 1843 GCT_change_estate (t,
1834 CADET_TUNNEL_KEY_AX_RECV); 1844 CADET_TUNNEL_KEY_AX_RECV);
1835 else if (CADET_TUNNEL_KEY_AX_SENT == t->estate) 1845 else if (CADET_TUNNEL_KEY_AX_SENT == t->estate)
1836 GCT_change_estate(t, 1846 GCT_change_estate (t,
1837 CADET_TUNNEL_KEY_AX_SENT_AND_RECV); 1847 CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
1838 1848
1839 /* KX is still not done, try again our end. */ 1849 /* KX is still not done, try again our end. */
1840 if (CADET_TUNNEL_KEY_OK != t->estate) 1850 if (CADET_TUNNEL_KEY_OK != t->estate)
1841 { 1851 {
1842 if (NULL != t->kx_task) 1852 if (NULL != t->kx_task)
1843 GNUNET_SCHEDULER_cancel(t->kx_task); 1853 GNUNET_SCHEDULER_cancel (t->kx_task);
1844 t->kx_task 1854 t->kx_task
1845 = GNUNET_SCHEDULER_add_now(&retry_kx, 1855 = GNUNET_SCHEDULER_add_now (&retry_kx,
1846 t); 1856 t);
1847 } 1857 }
1848} 1858}
1849 1859
1850 1860
1851#if DEBUG_KX 1861#if DEBUG_KX
1852static void 1862static void
1853check_ee(const struct GNUNET_CRYPTO_EcdhePrivateKey *e1, 1863check_ee (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1854 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2) 1864 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2)
1855{ 1865{
1856 struct GNUNET_CRYPTO_EcdhePublicKey p1; 1866 struct GNUNET_CRYPTO_EcdhePublicKey p1;
1857 struct GNUNET_CRYPTO_EcdhePublicKey p2; 1867 struct GNUNET_CRYPTO_EcdhePublicKey p2;
1858 struct GNUNET_HashCode hc1; 1868 struct GNUNET_HashCode hc1;
1859 struct GNUNET_HashCode hc2; 1869 struct GNUNET_HashCode hc2;
1860 1870
1861 GNUNET_CRYPTO_ecdhe_key_get_public(e1, 1871 GNUNET_CRYPTO_ecdhe_key_get_public (e1,
1862 &p1); 1872 &p1);
1863 GNUNET_CRYPTO_ecdhe_key_get_public(e2, 1873 GNUNET_CRYPTO_ecdhe_key_get_public (e2,
1864 &p2); 1874 &p2);
1865 GNUNET_assert(GNUNET_OK == 1875 GNUNET_assert (GNUNET_OK ==
1866 GNUNET_CRYPTO_ecc_ecdh(e1, 1876 GNUNET_CRYPTO_ecc_ecdh (e1,
1867 &p2, 1877 &p2,
1868 &hc1)); 1878 &hc1));
1869 GNUNET_assert(GNUNET_OK == 1879 GNUNET_assert (GNUNET_OK ==
1870 GNUNET_CRYPTO_ecc_ecdh(e2, 1880 GNUNET_CRYPTO_ecc_ecdh (e2,
1871 &p1, 1881 &p1,
1872 &hc2)); 1882 &hc2));
1873 GNUNET_break(0 == GNUNET_memcmp(&hc1, 1883 GNUNET_break (0 == GNUNET_memcmp (&hc1,
1874 &hc2)); 1884 &hc2));
1875} 1885}
1876 1886
1877 1887
1878static void 1888static void
1879check_ed(const struct GNUNET_CRYPTO_EcdhePrivateKey *e1, 1889check_ed (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1880 const struct GNUNET_CRYPTO_EddsaPrivateKey *e2) 1890 const struct GNUNET_CRYPTO_EddsaPrivateKey *e2)
1881{ 1891{
1882 struct GNUNET_CRYPTO_EcdhePublicKey p1; 1892 struct GNUNET_CRYPTO_EcdhePublicKey p1;
1883 struct GNUNET_CRYPTO_EddsaPublicKey p2; 1893 struct GNUNET_CRYPTO_EddsaPublicKey p2;
1884 struct GNUNET_HashCode hc1; 1894 struct GNUNET_HashCode hc1;
1885 struct GNUNET_HashCode hc2; 1895 struct GNUNET_HashCode hc2;
1886 1896
1887 GNUNET_CRYPTO_ecdhe_key_get_public(e1, 1897 GNUNET_CRYPTO_ecdhe_key_get_public (e1,
1888 &p1); 1898 &p1);
1889 GNUNET_CRYPTO_eddsa_key_get_public(e2, 1899 GNUNET_CRYPTO_eddsa_key_get_public (e2,
1890 &p2); 1900 &p2);
1891 GNUNET_assert(GNUNET_OK == 1901 GNUNET_assert (GNUNET_OK ==
1892 GNUNET_CRYPTO_ecdh_eddsa(e1, 1902 GNUNET_CRYPTO_ecdh_eddsa (e1,
1893 &p2, 1903 &p2,
1894 &hc1)); 1904 &hc1));
1895 GNUNET_assert(GNUNET_OK == 1905 GNUNET_assert (GNUNET_OK ==
1896 GNUNET_CRYPTO_eddsa_ecdh(e2, 1906 GNUNET_CRYPTO_eddsa_ecdh (e2,
1897 &p1, 1907 &p1,
1898 &hc2)); 1908 &hc2));
1899 GNUNET_break(0 == GNUNET_memcmp(&hc1, 1909 GNUNET_break (0 == GNUNET_memcmp (&hc1,
1900 &hc2)); 1910 &hc2));
1901} 1911}
1902 1912
1903 1913
1904static void 1914static void
1905test_crypto_bug(const struct GNUNET_CRYPTO_EcdhePrivateKey *e1, 1915test_crypto_bug (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1906 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2, 1916 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2,
1907 const struct GNUNET_CRYPTO_EddsaPrivateKey *d1, 1917 const struct GNUNET_CRYPTO_EddsaPrivateKey *d1,
1908 const struct GNUNET_CRYPTO_EddsaPrivateKey *d2) 1918 const struct GNUNET_CRYPTO_EddsaPrivateKey *d2)
1909{ 1919{
1910 check_ee(e1, e2); 1920 check_ee (e1, e2);
1911 check_ed(e1, d2); 1921 check_ed (e1, d2);
1912 check_ed(e2, d1); 1922 check_ed (e2, d1);
1913} 1923}
1914 1924
1915#endif 1925#endif
@@ -1922,135 +1932,135 @@ test_crypto_bug(const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1922 * @param msg the key exchange message 1932 * @param msg the key exchange message
1923 */ 1933 */
1924void 1934void
1925GCT_handle_kx_auth(struct CadetTConnection *ct, 1935GCT_handle_kx_auth (struct CadetTConnection *ct,
1926 const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg) 1936 const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg)
1927{ 1937{
1928 struct CadetTunnel *t = ct->t; 1938 struct CadetTunnel *t = ct->t;
1929 struct CadetTunnelAxolotl ax_tmp; 1939 struct CadetTunnelAxolotl ax_tmp;
1930 struct GNUNET_HashCode kx_auth; 1940 struct GNUNET_HashCode kx_auth;
1931 int ret; 1941 int ret;
1932 1942
1933 GNUNET_STATISTICS_update(stats, 1943 GNUNET_STATISTICS_update (stats,
1934 "# KX_AUTH received", 1944 "# KX_AUTH received",
1935 1, 1945 1,
1936 GNUNET_NO); 1946 GNUNET_NO);
1937 if ((CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) || 1947 if ((CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
1938 (CADET_TUNNEL_KEY_AX_RECV == t->estate)) 1948 (CADET_TUNNEL_KEY_AX_RECV == t->estate))
1939 { 1949 {
1940 /* Confusing, we got a KX_AUTH before we even send our own 1950 /* Confusing, we got a KX_AUTH before we even send our own
1941 KX. This should not happen. We'll send our own KX ASAP anyway, 1951 KX. This should not happen. We'll send our own KX ASAP anyway,
1942 so let's ignore this here. */ 1952 so let's ignore this here. */
1943 GNUNET_break_op(0); 1953 GNUNET_break_op (0);
1944 return; 1954 return;
1945 } 1955 }
1946 LOG(GNUNET_ERROR_TYPE_DEBUG, 1956 LOG (GNUNET_ERROR_TYPE_DEBUG,
1947 "Handling KX_AUTH message from %s with ephemeral %s\n", 1957 "Handling KX_AUTH message from %s with ephemeral %s\n",
1948 GCT_2s(t), 1958 GCT_2s (t),
1949 GNUNET_e2s(&msg->kx.ephemeral_key)); 1959 GNUNET_e2s (&msg->kx.ephemeral_key));
1950 /* We do everything in ax_tmp until we've checked the authentication 1960 /* We do everything in ax_tmp until we've checked the authentication
1951 so we don't clobber anything we care about by accident. */ 1961 so we don't clobber anything we care about by accident. */
1952 ax_tmp = t->ax; 1962 ax_tmp = t->ax;
1953 1963
1954 /* Update 'ax' by the new key material */ 1964 /* Update 'ax' by the new key material */
1955 ret = update_ax_by_kx(&ax_tmp, 1965 ret = update_ax_by_kx (&ax_tmp,
1956 GCP_get_id(t->destination), 1966 GCP_get_id (t->destination),
1957 &msg->kx.ephemeral_key, 1967 &msg->kx.ephemeral_key,
1958 &msg->kx.ratchet_key); 1968 &msg->kx.ratchet_key);
1959 if (GNUNET_OK != ret) 1969 if (GNUNET_OK != ret)
1970 {
1971 if (GNUNET_NO == ret)
1972 GNUNET_STATISTICS_update (stats,
1973 "# redundant KX_AUTH received",
1974 1,
1975 GNUNET_NO);
1976 else
1977 GNUNET_break (0); /* connect to self!? */
1978 return;
1979 }
1980 GNUNET_CRYPTO_hash (&ax_tmp.RK,
1981 sizeof(ax_tmp.RK),
1982 &kx_auth);
1983 if (0 != GNUNET_memcmp (&kx_auth,
1984 &msg->auth))
1985 {
1986 /* This KX_AUTH is not using the latest KX/KX_AUTH data
1987 we transmitted to the sender, refuse it, try KX again. */
1988 GNUNET_STATISTICS_update (stats,
1989 "# KX_AUTH not using our last KX received (auth failure)",
1990 1,
1991 GNUNET_NO);
1992 LOG (GNUNET_ERROR_TYPE_WARNING,
1993 "KX AUTH mismatch!\n");
1994#if DEBUG_KX
1960 { 1995 {
1961 if (GNUNET_NO == ret) 1996 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1962 GNUNET_STATISTICS_update(stats, 1997
1963 "# redundant KX_AUTH received", 1998 GNUNET_CRYPTO_ecdhe_key_get_public (&ax_tmp.kx_0,
1964 1, 1999 &ephemeral_key);
1965 GNUNET_NO); 2000 if (0 != GNUNET_memcmp (&ephemeral_key,
2001 &msg->r_ephemeral_key_XXX))
2002 {
2003 LOG (GNUNET_ERROR_TYPE_WARNING,
2004 "My ephemeral is %s!\n",
2005 GNUNET_e2s (&ephemeral_key));
2006 LOG (GNUNET_ERROR_TYPE_WARNING,
2007 "Response is for ephemeral %s!\n",
2008 GNUNET_e2s (&msg->r_ephemeral_key_XXX));
2009 }
1966 else 2010 else
1967 GNUNET_break(0); /* connect to self!? */
1968 return;
1969 }
1970 GNUNET_CRYPTO_hash(&ax_tmp.RK,
1971 sizeof(ax_tmp.RK),
1972 &kx_auth);
1973 if (0 != GNUNET_memcmp(&kx_auth,
1974 &msg->auth))
1975 {
1976 /* This KX_AUTH is not using the latest KX/KX_AUTH data
1977 we transmitted to the sender, refuse it, try KX again. */
1978 GNUNET_STATISTICS_update(stats,
1979 "# KX_AUTH not using our last KX received (auth failure)",
1980 1,
1981 GNUNET_NO);
1982 LOG(GNUNET_ERROR_TYPE_WARNING,
1983 "KX AUTH mismatch!\n");
1984#if DEBUG_KX
1985 { 2011 {
1986 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; 2012 test_crypto_bug (&ax_tmp.kx_0,
1987 2013 &msg->kx.ephemeral_key_XXX,
1988 GNUNET_CRYPTO_ecdhe_key_get_public(&ax_tmp.kx_0, 2014 my_private_key,
1989 &ephemeral_key); 2015 &msg->kx.private_key_XXX);
1990 if (0 != GNUNET_memcmp(&ephemeral_key,
1991 &msg->r_ephemeral_key_XXX))
1992 {
1993 LOG(GNUNET_ERROR_TYPE_WARNING,
1994 "My ephemeral is %s!\n",
1995 GNUNET_e2s(&ephemeral_key));
1996 LOG(GNUNET_ERROR_TYPE_WARNING,
1997 "Response is for ephemeral %s!\n",
1998 GNUNET_e2s(&msg->r_ephemeral_key_XXX));
1999 }
2000 else
2001 {
2002 test_crypto_bug(&ax_tmp.kx_0,
2003 &msg->kx.ephemeral_key_XXX,
2004 my_private_key,
2005 &msg->kx.private_key_XXX);
2006 }
2007 } 2016 }
2008#endif
2009 if (NULL == t->kx_task)
2010 t->kx_task
2011 = GNUNET_SCHEDULER_add_at(t->next_kx_attempt,
2012 &retry_kx,
2013 t);
2014 return;
2015 } 2017 }
2018#endif
2019 if (NULL == t->kx_task)
2020 t->kx_task
2021 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2022 &retry_kx,
2023 t);
2024 return;
2025 }
2016 /* Yep, we're good. */ 2026 /* Yep, we're good. */
2017 t->ax = ax_tmp; 2027 t->ax = ax_tmp;
2018 if (NULL != t->unverified_ax) 2028 if (NULL != t->unverified_ax)
2019 { 2029 {
2020 /* We got some "stale" KX before, drop that. */ 2030 /* We got some "stale" KX before, drop that. */
2021 cleanup_ax(t->unverified_ax); 2031 cleanup_ax (t->unverified_ax);
2022 GNUNET_free(t->unverified_ax); 2032 GNUNET_free (t->unverified_ax);
2023 t->unverified_ax = NULL; 2033 t->unverified_ax = NULL;
2024 } 2034 }
2025 2035
2026 /* move ahead in our state machine */ 2036 /* move ahead in our state machine */
2027 switch (t->estate) 2037 switch (t->estate)
2028 { 2038 {
2029 case CADET_TUNNEL_KEY_UNINITIALIZED: 2039 case CADET_TUNNEL_KEY_UNINITIALIZED:
2030 case CADET_TUNNEL_KEY_AX_RECV: 2040 case CADET_TUNNEL_KEY_AX_RECV:
2031 /* Checked above, this is impossible. */ 2041 /* Checked above, this is impossible. */
2032 GNUNET_assert(0); 2042 GNUNET_assert (0);
2033 break; 2043 break;
2034 2044
2035 case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */ 2045 case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */
2036 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */ 2046 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */
2037 case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */ 2047 case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */
2038 GCT_change_estate(t, 2048 GCT_change_estate (t,
2039 CADET_TUNNEL_KEY_OK); 2049 CADET_TUNNEL_KEY_OK);
2040 break; 2050 break;
2041 2051
2042 case CADET_TUNNEL_KEY_OK: 2052 case CADET_TUNNEL_KEY_OK:
2043 /* Did not expect another KX_AUTH, but so what, still acceptable. 2053 /* Did not expect another KX_AUTH, but so what, still acceptable.
2044 Nothing to do here. */ 2054 Nothing to do here. */
2045 break; 2055 break;
2046 } 2056 }
2047 if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl(msg->kx.flags))) 2057 if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->kx.flags)))
2048 { 2058 {
2049 send_kx_auth(t, 2059 send_kx_auth (t,
2050 NULL, 2060 NULL,
2051 &t->ax, 2061 &t->ax,
2052 GNUNET_NO); 2062 GNUNET_NO);
2053 } 2063 }
2054} 2064}
2055 2065
2056 2066
@@ -2065,7 +2075,7 @@ GCT_handle_kx_auth(struct CadetTConnection *ct,
2065 * @return unused number that can uniquely identify a channel in the tunnel 2075 * @return unused number that can uniquely identify a channel in the tunnel
2066 */ 2076 */
2067static struct GNUNET_CADET_ChannelTunnelNumber 2077static struct GNUNET_CADET_ChannelTunnelNumber
2068get_next_free_ctn(struct CadetTunnel *t) 2078get_next_free_ctn (struct CadetTunnel *t)
2069{ 2079{
2070#define HIGH_BIT 0x8000000 2080#define HIGH_BIT 0x8000000
2071 struct GNUNET_CADET_ChannelTunnelNumber ret; 2081 struct GNUNET_CADET_ChannelTunnelNumber ret;
@@ -2073,23 +2083,23 @@ get_next_free_ctn(struct CadetTunnel *t)
2073 int cmp; 2083 int cmp;
2074 uint32_t highbit; 2084 uint32_t highbit;
2075 2085
2076 cmp = GNUNET_memcmp(&my_full_id, 2086 cmp = GNUNET_memcmp (&my_full_id,
2077 GCP_get_id(GCT_get_destination(t))); 2087 GCP_get_id (GCT_get_destination (t)));
2078 if (0 < cmp) 2088 if (0 < cmp)
2079 highbit = HIGH_BIT; 2089 highbit = HIGH_BIT;
2080 else if (0 > cmp) 2090 else if (0 > cmp)
2081 highbit = 0; 2091 highbit = 0;
2082 else 2092 else
2083 GNUNET_assert(0); // loopback must never go here! 2093 GNUNET_assert (0); // loopback must never go here!
2084 ctn = ntohl(t->next_ctn.cn); 2094 ctn = ntohl (t->next_ctn.cn);
2085 while (NULL != 2095 while (NULL !=
2086 GNUNET_CONTAINER_multihashmap32_get(t->channels, 2096 GNUNET_CONTAINER_multihashmap32_get (t->channels,
2087 ctn | highbit)) 2097 ctn | highbit))
2088 { 2098 {
2089 ctn = ((ctn + 1) & (~HIGH_BIT)); 2099 ctn = ((ctn + 1) & (~HIGH_BIT));
2090 } 2100 }
2091 t->next_ctn.cn = htonl((ctn + 1) & (~HIGH_BIT)); 2101 t->next_ctn.cn = htonl ((ctn + 1) & (~HIGH_BIT));
2092 ret.cn = htonl(ctn | highbit); 2102 ret.cn = htonl (ctn | highbit);
2093 return ret; 2103 return ret;
2094} 2104}
2095 2105
@@ -2104,53 +2114,53 @@ get_next_free_ctn(struct CadetTunnel *t)
2104 * @return unique number identifying @a ch within @a t 2114 * @return unique number identifying @a ch within @a t
2105 */ 2115 */
2106struct GNUNET_CADET_ChannelTunnelNumber 2116struct GNUNET_CADET_ChannelTunnelNumber
2107GCT_add_channel(struct CadetTunnel *t, 2117GCT_add_channel (struct CadetTunnel *t,
2108 struct CadetChannel *ch) 2118 struct CadetChannel *ch)
2109{ 2119{
2110 struct GNUNET_CADET_ChannelTunnelNumber ctn; 2120 struct GNUNET_CADET_ChannelTunnelNumber ctn;
2111 2121
2112 ctn = get_next_free_ctn(t); 2122 ctn = get_next_free_ctn (t);
2113 if (NULL != t->destroy_task) 2123 if (NULL != t->destroy_task)
2114 { 2124 {
2115 GNUNET_SCHEDULER_cancel(t->destroy_task); 2125 GNUNET_SCHEDULER_cancel (t->destroy_task);
2116 t->destroy_task = NULL; 2126 t->destroy_task = NULL;
2117 } 2127 }
2118 GNUNET_assert(GNUNET_YES == 2128 GNUNET_assert (GNUNET_YES ==
2119 GNUNET_CONTAINER_multihashmap32_put(t->channels, 2129 GNUNET_CONTAINER_multihashmap32_put (t->channels,
2120 ntohl(ctn.cn), 2130 ntohl (ctn.cn),
2121 ch, 2131 ch,
2122 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); 2132 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
2123 LOG(GNUNET_ERROR_TYPE_DEBUG, 2133 LOG (GNUNET_ERROR_TYPE_DEBUG,
2124 "Adding %s to %s\n", 2134 "Adding %s to %s\n",
2125 GCCH_2s(ch), 2135 GCCH_2s (ch),
2126 GCT_2s(t)); 2136 GCT_2s (t));
2127 switch (t->estate) 2137 switch (t->estate)
2128 { 2138 {
2129 case CADET_TUNNEL_KEY_UNINITIALIZED: 2139 case CADET_TUNNEL_KEY_UNINITIALIZED:
2130 /* waiting for connection to start KX */ 2140 /* waiting for connection to start KX */
2131 break; 2141 break;
2132 2142
2133 case CADET_TUNNEL_KEY_AX_RECV: 2143 case CADET_TUNNEL_KEY_AX_RECV:
2134 case CADET_TUNNEL_KEY_AX_SENT: 2144 case CADET_TUNNEL_KEY_AX_SENT:
2135 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: 2145 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
2136 /* we're currently waiting for KX to complete */ 2146 /* we're currently waiting for KX to complete */
2137 break; 2147 break;
2138 2148
2139 case CADET_TUNNEL_KEY_AX_AUTH_SENT: 2149 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
2140 /* waiting for OTHER peer to send us data, 2150 /* waiting for OTHER peer to send us data,
2141 we might need to prompt more aggressively! */ 2151 we might need to prompt more aggressively! */
2142 if (NULL == t->kx_task) 2152 if (NULL == t->kx_task)
2143 t->kx_task 2153 t->kx_task
2144 = GNUNET_SCHEDULER_add_at(t->next_kx_attempt, 2154 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2145 &retry_kx, 2155 &retry_kx,
2146 t); 2156 t);
2147 break; 2157 break;
2148 2158
2149 case CADET_TUNNEL_KEY_OK: 2159 case CADET_TUNNEL_KEY_OK:
2150 /* We are ready. Tell the new channel that we are up. */ 2160 /* We are ready. Tell the new channel that we are up. */
2151 GCCH_tunnel_up(ch); 2161 GCCH_tunnel_up (ch);
2152 break; 2162 break;
2153 } 2163 }
2154 return ctn; 2164 return ctn;
2155} 2165}
2156 2166
@@ -2162,25 +2172,25 @@ GCT_add_channel(struct CadetTunnel *t,
2162 * @param ct binding of connection to tunnel of the connection that was lost. 2172 * @param ct binding of connection to tunnel of the connection that was lost.
2163 */ 2173 */
2164void 2174void
2165GCT_connection_lost(struct CadetTConnection *ct) 2175GCT_connection_lost (struct CadetTConnection *ct)
2166{ 2176{
2167 struct CadetTunnel *t = ct->t; 2177 struct CadetTunnel *t = ct->t;
2168 2178
2169 if (GNUNET_YES == ct->is_ready) 2179 if (GNUNET_YES == ct->is_ready)
2170 { 2180 {
2171 GNUNET_CONTAINER_DLL_remove(t->connection_ready_head, 2181 GNUNET_CONTAINER_DLL_remove (t->connection_ready_head,
2172 t->connection_ready_tail, 2182 t->connection_ready_tail,
2173 ct); 2183 ct);
2174 t->num_ready_connections--; 2184 t->num_ready_connections--;
2175 } 2185 }
2176 else 2186 else
2177 { 2187 {
2178 GNUNET_CONTAINER_DLL_remove(t->connection_busy_head, 2188 GNUNET_CONTAINER_DLL_remove (t->connection_busy_head,
2179 t->connection_busy_tail, 2189 t->connection_busy_tail,
2180 ct); 2190 ct);
2181 t->num_busy_connections--; 2191 t->num_busy_connections--;
2182 } 2192 }
2183 GNUNET_free(ct); 2193 GNUNET_free (ct);
2184} 2194}
2185 2195
2186 2196
@@ -2191,15 +2201,15 @@ GCT_connection_lost(struct CadetTConnection *ct)
2191 * @param ct connection to clean up 2201 * @param ct connection to clean up
2192 */ 2202 */
2193static void 2203static void
2194destroy_t_connection(void *cls, 2204destroy_t_connection (void *cls,
2195 struct CadetTConnection *ct) 2205 struct CadetTConnection *ct)
2196{ 2206{
2197 struct CadetTunnel *t = cls; 2207 struct CadetTunnel *t = cls;
2198 struct CadetConnection *cc = ct->cc; 2208 struct CadetConnection *cc = ct->cc;
2199 2209
2200 GNUNET_assert(ct->t == t); 2210 GNUNET_assert (ct->t == t);
2201 GCT_connection_lost(ct); 2211 GCT_connection_lost (ct);
2202 GCC_destroy_without_tunnel(cc); 2212 GCC_destroy_without_tunnel (cc);
2203} 2213}
2204 2214
2205 2215
@@ -2209,56 +2219,56 @@ destroy_t_connection(void *cls,
2209 * @param cls the idle tunnel 2219 * @param cls the idle tunnel
2210 */ 2220 */
2211static void 2221static void
2212destroy_tunnel(void *cls) 2222destroy_tunnel (void *cls)
2213{ 2223{
2214 struct CadetTunnel *t = cls; 2224 struct CadetTunnel *t = cls;
2215 struct CadetTunnelQueueEntry *tq; 2225 struct CadetTunnelQueueEntry *tq;
2216 2226
2217 t->destroy_task = NULL; 2227 t->destroy_task = NULL;
2218 LOG(GNUNET_ERROR_TYPE_DEBUG, 2228 LOG (GNUNET_ERROR_TYPE_DEBUG,
2219 "Destroying idle %s\n", 2229 "Destroying idle %s\n",
2220 GCT_2s(t)); 2230 GCT_2s (t));
2221 GNUNET_assert(0 == GCT_count_channels(t)); 2231 GNUNET_assert (0 == GCT_count_channels (t));
2222 GCT_iterate_connections(t, 2232 GCT_iterate_connections (t,
2223 &destroy_t_connection, 2233 &destroy_t_connection,
2224 t); 2234 t);
2225 GNUNET_assert(NULL == t->connection_ready_head); 2235 GNUNET_assert (NULL == t->connection_ready_head);
2226 GNUNET_assert(NULL == t->connection_busy_head); 2236 GNUNET_assert (NULL == t->connection_busy_head);
2227 while (NULL != (tq = t->tq_head)) 2237 while (NULL != (tq = t->tq_head))
2228 { 2238 {
2229 if (NULL != tq->cont) 2239 if (NULL != tq->cont)
2230 tq->cont(tq->cont_cls, 2240 tq->cont (tq->cont_cls,
2231 NULL); 2241 NULL);
2232 GCT_send_cancel(tq); 2242 GCT_send_cancel (tq);
2233 } 2243 }
2234 GCP_drop_tunnel(t->destination, 2244 GCP_drop_tunnel (t->destination,
2235 t); 2245 t);
2236 GNUNET_CONTAINER_multihashmap32_destroy(t->channels); 2246 GNUNET_CONTAINER_multihashmap32_destroy (t->channels);
2237 if (NULL != t->maintain_connections_task) 2247 if (NULL != t->maintain_connections_task)
2238 { 2248 {
2239 GNUNET_SCHEDULER_cancel(t->maintain_connections_task); 2249 GNUNET_SCHEDULER_cancel (t->maintain_connections_task);
2240 t->maintain_connections_task = NULL; 2250 t->maintain_connections_task = NULL;
2241 } 2251 }
2242 if (NULL != t->send_task) 2252 if (NULL != t->send_task)
2243 { 2253 {
2244 GNUNET_SCHEDULER_cancel(t->send_task); 2254 GNUNET_SCHEDULER_cancel (t->send_task);
2245 t->send_task = NULL; 2255 t->send_task = NULL;
2246 } 2256 }
2247 if (NULL != t->kx_task) 2257 if (NULL != t->kx_task)
2248 { 2258 {
2249 GNUNET_SCHEDULER_cancel(t->kx_task); 2259 GNUNET_SCHEDULER_cancel (t->kx_task);
2250 t->kx_task = NULL; 2260 t->kx_task = NULL;
2251 } 2261 }
2252 GNUNET_MST_destroy(t->mst); 2262 GNUNET_MST_destroy (t->mst);
2253 GNUNET_MQ_destroy(t->mq); 2263 GNUNET_MQ_destroy (t->mq);
2254 if (NULL != t->unverified_ax) 2264 if (NULL != t->unverified_ax)
2255 { 2265 {
2256 cleanup_ax(t->unverified_ax); 2266 cleanup_ax (t->unverified_ax);
2257 GNUNET_free(t->unverified_ax); 2267 GNUNET_free (t->unverified_ax);
2258 } 2268 }
2259 cleanup_ax(&t->ax); 2269 cleanup_ax (&t->ax);
2260 GNUNET_assert(NULL == t->destroy_task); 2270 GNUNET_assert (NULL == t->destroy_task);
2261 GNUNET_free(t); 2271 GNUNET_free (t);
2262} 2272}
2263 2273
2264 2274
@@ -2270,27 +2280,27 @@ destroy_tunnel(void *cls)
2270 * @param ctn unique number identifying @a ch within @a t 2280 * @param ctn unique number identifying @a ch within @a t
2271 */ 2281 */
2272void 2282void
2273GCT_remove_channel(struct CadetTunnel *t, 2283GCT_remove_channel (struct CadetTunnel *t,
2274 struct CadetChannel *ch, 2284 struct CadetChannel *ch,
2275 struct GNUNET_CADET_ChannelTunnelNumber ctn) 2285 struct GNUNET_CADET_ChannelTunnelNumber ctn)
2276{ 2286{
2277 LOG(GNUNET_ERROR_TYPE_DEBUG, 2287 LOG (GNUNET_ERROR_TYPE_DEBUG,
2278 "Removing %s from %s\n", 2288 "Removing %s from %s\n",
2279 GCCH_2s(ch), 2289 GCCH_2s (ch),
2280 GCT_2s(t)); 2290 GCT_2s (t));
2281 GNUNET_assert(GNUNET_YES == 2291 GNUNET_assert (GNUNET_YES ==
2282 GNUNET_CONTAINER_multihashmap32_remove(t->channels, 2292 GNUNET_CONTAINER_multihashmap32_remove (t->channels,
2283 ntohl(ctn.cn), 2293 ntohl (ctn.cn),
2284 ch)); 2294 ch));
2285 if ((0 == 2295 if ((0 ==
2286 GCT_count_channels(t)) && 2296 GCT_count_channels (t)) &&
2287 (NULL == t->destroy_task)) 2297 (NULL == t->destroy_task))
2288 { 2298 {
2289 t->destroy_task 2299 t->destroy_task
2290 = GNUNET_SCHEDULER_add_delayed(IDLE_DESTROY_DELAY, 2300 = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
2291 &destroy_tunnel, 2301 &destroy_tunnel,
2292 t); 2302 t);
2293 } 2303 }
2294} 2304}
2295 2305
2296 2306
@@ -2303,14 +2313,14 @@ GCT_remove_channel(struct CadetTunnel *t,
2303 * @return #GNUNET_OK (continue to iterate) 2313 * @return #GNUNET_OK (continue to iterate)
2304 */ 2314 */
2305static int 2315static int
2306destroy_remaining_channels(void *cls, 2316destroy_remaining_channels (void *cls,
2307 uint32_t key, 2317 uint32_t key,
2308 void *value) 2318 void *value)
2309{ 2319{
2310 struct CadetChannel *ch = value; 2320 struct CadetChannel *ch = value;
2311 2321
2312 GCCH_handle_remote_destroy(ch, 2322 GCCH_handle_remote_destroy (ch,
2313 NULL); 2323 NULL);
2314 return GNUNET_OK; 2324 return GNUNET_OK;
2315} 2325}
2316 2326
@@ -2321,20 +2331,20 @@ destroy_remaining_channels(void *cls,
2321 * @param t tunnel to destroy 2331 * @param t tunnel to destroy
2322 */ 2332 */
2323void 2333void
2324GCT_destroy_tunnel_now(struct CadetTunnel *t) 2334GCT_destroy_tunnel_now (struct CadetTunnel *t)
2325{ 2335{
2326 GNUNET_assert(GNUNET_YES == shutting_down); 2336 GNUNET_assert (GNUNET_YES == shutting_down);
2327 GNUNET_CONTAINER_multihashmap32_iterate(t->channels, 2337 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
2328 &destroy_remaining_channels, 2338 &destroy_remaining_channels,
2329 t); 2339 t);
2330 GNUNET_assert(0 == 2340 GNUNET_assert (0 ==
2331 GCT_count_channels(t)); 2341 GCT_count_channels (t));
2332 if (NULL != t->destroy_task) 2342 if (NULL != t->destroy_task)
2333 { 2343 {
2334 GNUNET_SCHEDULER_cancel(t->destroy_task); 2344 GNUNET_SCHEDULER_cancel (t->destroy_task);
2335 t->destroy_task = NULL; 2345 t->destroy_task = NULL;
2336 } 2346 }
2337 destroy_tunnel(t); 2347 destroy_tunnel (t);
2338} 2348}
2339 2349
2340 2350
@@ -2346,40 +2356,40 @@ GCT_destroy_tunnel_now(struct CadetTunnel *t)
2346 * @param ct connection to use for transmission (is ready) 2356 * @param ct connection to use for transmission (is ready)
2347 */ 2357 */
2348static void 2358static void
2349try_send_normal_payload(struct CadetTunnel *t, 2359try_send_normal_payload (struct CadetTunnel *t,
2350 struct CadetTConnection *ct) 2360 struct CadetTConnection *ct)
2351{ 2361{
2352 struct CadetTunnelQueueEntry *tq; 2362 struct CadetTunnelQueueEntry *tq;
2353 2363
2354 GNUNET_assert(GNUNET_YES == ct->is_ready); 2364 GNUNET_assert (GNUNET_YES == ct->is_ready);
2355 tq = t->tq_head; 2365 tq = t->tq_head;
2356 if (NULL == tq) 2366 if (NULL == tq)
2357 { 2367 {
2358 /* no messages pending right now */ 2368 /* no messages pending right now */
2359 LOG(GNUNET_ERROR_TYPE_DEBUG, 2369 LOG (GNUNET_ERROR_TYPE_DEBUG,
2360 "Not sending payload of %s on ready %s (nothing pending)\n", 2370 "Not sending payload of %s on ready %s (nothing pending)\n",
2361 GCT_2s(t), 2371 GCT_2s (t),
2362 GCC_2s(ct->cc)); 2372 GCC_2s (ct->cc));
2363 return; 2373 return;
2364 } 2374 }
2365 /* ready to send message 'tq' on tunnel 'ct' */ 2375 /* ready to send message 'tq' on tunnel 'ct' */
2366 GNUNET_assert(t == tq->t); 2376 GNUNET_assert (t == tq->t);
2367 GNUNET_CONTAINER_DLL_remove(t->tq_head, 2377 GNUNET_CONTAINER_DLL_remove (t->tq_head,
2368 t->tq_tail, 2378 t->tq_tail,
2369 tq); 2379 tq);
2370 if (NULL != tq->cid) 2380 if (NULL != tq->cid)
2371 *tq->cid = *GCC_get_id(ct->cc); 2381 *tq->cid = *GCC_get_id (ct->cc);
2372 mark_connection_unready(ct); 2382 mark_connection_unready (ct);
2373 LOG(GNUNET_ERROR_TYPE_DEBUG, 2383 LOG (GNUNET_ERROR_TYPE_DEBUG,
2374 "Sending payload of %s on %s\n", 2384 "Sending payload of %s on %s\n",
2375 GCT_2s(t), 2385 GCT_2s (t),
2376 GCC_2s(ct->cc)); 2386 GCC_2s (ct->cc));
2377 GCC_transmit(ct->cc, 2387 GCC_transmit (ct->cc,
2378 tq->env); 2388 tq->env);
2379 if (NULL != tq->cont) 2389 if (NULL != tq->cont)
2380 tq->cont(tq->cont_cls, 2390 tq->cont (tq->cont_cls,
2381 GCC_get_id(ct->cc)); 2391 GCC_get_id (ct->cc));
2382 GNUNET_free(tq); 2392 GNUNET_free (tq);
2383} 2393}
2384 2394
2385 2395
@@ -2392,97 +2402,99 @@ try_send_normal_payload(struct CadetTunnel *t,
2392 * #GNUNET_NO if connection are no longer ready 2402 * #GNUNET_NO if connection are no longer ready
2393 */ 2403 */
2394static void 2404static void
2395connection_ready_cb(void *cls, 2405connection_ready_cb (void *cls,
2396 int is_ready) 2406 int is_ready)
2397{ 2407{
2398 struct CadetTConnection *ct = cls; 2408 struct CadetTConnection *ct = cls;
2399 struct CadetTunnel *t = ct->t; 2409 struct CadetTunnel *t = ct->t;
2400 2410
2401 if (GNUNET_NO == is_ready) 2411 if (GNUNET_NO == is_ready)
2402 { 2412 {
2403 LOG(GNUNET_ERROR_TYPE_DEBUG, 2413 LOG (GNUNET_ERROR_TYPE_DEBUG,
2404 "%s no longer ready for %s\n", 2414 "%s no longer ready for %s\n",
2405 GCC_2s(ct->cc), 2415 GCC_2s (ct->cc),
2406 GCT_2s(t)); 2416 GCT_2s (t));
2407 mark_connection_unready(ct); 2417 mark_connection_unready (ct);
2408 return; 2418 return;
2409 } 2419 }
2410 GNUNET_assert(GNUNET_NO == ct->is_ready); 2420 GNUNET_assert (GNUNET_NO == ct->is_ready);
2411 GNUNET_CONTAINER_DLL_remove(t->connection_busy_head, 2421 GNUNET_CONTAINER_DLL_remove (t->connection_busy_head,
2412 t->connection_busy_tail, 2422 t->connection_busy_tail,
2413 ct); 2423 ct);
2414 GNUNET_assert(0 < t->num_busy_connections); 2424 GNUNET_assert (0 < t->num_busy_connections);
2415 t->num_busy_connections--; 2425 t->num_busy_connections--;
2416 ct->is_ready = GNUNET_YES; 2426 ct->is_ready = GNUNET_YES;
2417 GNUNET_CONTAINER_DLL_insert_tail(t->connection_ready_head, 2427 GNUNET_CONTAINER_DLL_insert_tail (t->connection_ready_head,
2418 t->connection_ready_tail, 2428 t->connection_ready_tail,
2419 ct); 2429 ct);
2420 t->num_ready_connections++; 2430 t->num_ready_connections++;
2421 2431
2422 LOG(GNUNET_ERROR_TYPE_DEBUG, 2432 LOG (GNUNET_ERROR_TYPE_DEBUG,
2423 "%s now ready for %s in state %s\n", 2433 "%s now ready for %s in state %s\n",
2424 GCC_2s(ct->cc), 2434 GCC_2s (ct->cc),
2425 GCT_2s(t), 2435 GCT_2s (t),
2426 estate2s(t->estate)); 2436 estate2s (t->estate));
2427 switch (t->estate) 2437 switch (t->estate)
2438 {
2439 case CADET_TUNNEL_KEY_UNINITIALIZED:
2440 /* Do not begin KX if WE have no channels waiting! */
2441 if (0 != GNUNET_TIME_absolute_get_remaining (
2442 t->next_kx_attempt).rel_value_us)
2443 return; /* wait for timeout before retrying */
2444 /* We are uninitialized, just transmit immediately,
2445 without undue delay. */
2446 if (NULL != t->kx_task)
2447 {
2448 GNUNET_SCHEDULER_cancel (t->kx_task);
2449 t->kx_task = NULL;
2450 }
2451 send_kx (t,
2452 ct,
2453 &t->ax);
2454 if ((0 ==
2455 GCT_count_channels (t)) &&
2456 (NULL == t->destroy_task))
2428 { 2457 {
2429 case CADET_TUNNEL_KEY_UNINITIALIZED: 2458 t->destroy_task
2430 /* Do not begin KX if WE have no channels waiting! */ 2459 = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
2431 if (0 != GNUNET_TIME_absolute_get_remaining(t->next_kx_attempt).rel_value_us) 2460 &destroy_tunnel,
2432 return; /* wait for timeout before retrying */ 2461 t);
2433 /* We are uninitialized, just transmit immediately, 2462 }
2434 without undue delay. */ 2463 break;
2435 if (NULL != t->kx_task)
2436 {
2437 GNUNET_SCHEDULER_cancel(t->kx_task);
2438 t->kx_task = NULL;
2439 }
2440 send_kx(t,
2441 ct,
2442 &t->ax);
2443 if ((0 ==
2444 GCT_count_channels(t)) &&
2445 (NULL == t->destroy_task))
2446 {
2447 t->destroy_task
2448 = GNUNET_SCHEDULER_add_delayed(IDLE_DESTROY_DELAY,
2449 &destroy_tunnel,
2450 t);
2451 }
2452 break;
2453 2464
2454 case CADET_TUNNEL_KEY_AX_RECV: 2465 case CADET_TUNNEL_KEY_AX_RECV:
2455 case CADET_TUNNEL_KEY_AX_SENT: 2466 case CADET_TUNNEL_KEY_AX_SENT:
2456 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: 2467 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
2457 case CADET_TUNNEL_KEY_AX_AUTH_SENT: 2468 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
2458 /* we're currently waiting for KX to complete, schedule job */ 2469 /* we're currently waiting for KX to complete, schedule job */
2459 if (NULL == t->kx_task) 2470 if (NULL == t->kx_task)
2460 t->kx_task 2471 t->kx_task
2461 = GNUNET_SCHEDULER_add_at(t->next_kx_attempt, 2472 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2462 &retry_kx, 2473 &retry_kx,
2463 t); 2474 t);
2464 break; 2475 break;
2465 2476
2466 case CADET_TUNNEL_KEY_OK: 2477 case CADET_TUNNEL_KEY_OK:
2467 if (GNUNET_YES == t->kx_auth_requested) 2478 if (GNUNET_YES == t->kx_auth_requested)
2468 { 2479 {
2469 if (0 != GNUNET_TIME_absolute_get_remaining(t->next_kx_attempt).rel_value_us) 2480 if (0 != GNUNET_TIME_absolute_get_remaining (
2470 return; /* wait for timeout */ 2481 t->next_kx_attempt).rel_value_us)
2471 if (NULL != t->kx_task) 2482 return; /* wait for timeout */
2472 { 2483 if (NULL != t->kx_task)
2473 GNUNET_SCHEDULER_cancel(t->kx_task); 2484 {
2474 t->kx_task = NULL; 2485 GNUNET_SCHEDULER_cancel (t->kx_task);
2475 } 2486 t->kx_task = NULL;
2476 send_kx_auth(t, 2487 }
2477 ct, 2488 send_kx_auth (t,
2478 &t->ax, 2489 ct,
2479 GNUNET_NO); 2490 &t->ax,
2480 return; 2491 GNUNET_NO);
2481 } 2492 return;
2482 try_send_normal_payload(t,
2483 ct);
2484 break;
2485 } 2493 }
2494 try_send_normal_payload (t,
2495 ct);
2496 break;
2497 }
2486} 2498}
2487 2499
2488 2500
@@ -2495,7 +2507,7 @@ connection_ready_cb(void *cls,
2495 * @param cls the `struct CadetTunnel` to process messages on 2507 * @param cls the `struct CadetTunnel` to process messages on
2496 */ 2508 */
2497static void 2509static void
2498trigger_transmissions(void *cls) 2510trigger_transmissions (void *cls)
2499{ 2511{
2500 struct CadetTunnel *t = cls; 2512 struct CadetTunnel *t = cls;
2501 struct CadetTConnection *ct; 2513 struct CadetTConnection *ct;
@@ -2503,11 +2515,11 @@ trigger_transmissions(void *cls)
2503 t->send_task = NULL; 2515 t->send_task = NULL;
2504 if (NULL == t->tq_head) 2516 if (NULL == t->tq_head)
2505 return; /* no messages pending right now */ 2517 return; /* no messages pending right now */
2506 ct = get_ready_connection(t); 2518 ct = get_ready_connection (t);
2507 if (NULL == ct) 2519 if (NULL == ct)
2508 return; /* no connections ready */ 2520 return; /* no connections ready */
2509 try_send_normal_payload(t, 2521 try_send_normal_payload (t,
2510 ct); 2522 ct);
2511} 2523}
2512 2524
2513 2525
@@ -2515,7 +2527,8 @@ trigger_transmissions(void *cls)
2515 * Closure for #evaluate_connection. Used to assemble summary information 2527 * Closure for #evaluate_connection. Used to assemble summary information
2516 * about the existing connections so we can evaluate a new path. 2528 * about the existing connections so we can evaluate a new path.
2517 */ 2529 */
2518struct EvaluationSummary { 2530struct EvaluationSummary
2531{
2519 /** 2532 /**
2520 * Minimum length of any of our connections, `UINT_MAX` if we have none. 2533 * Minimum length of any of our connections, `UINT_MAX` if we have none.
2521 */ 2534 */
@@ -2567,8 +2580,8 @@ struct EvaluationSummary {
2567 * @param ct a connection to include in the summary 2580 * @param ct a connection to include in the summary
2568 */ 2581 */
2569static void 2582static void
2570evaluate_connection(void *cls, 2583evaluate_connection (void *cls,
2571 struct CadetTConnection *ct) 2584 struct CadetTConnection *ct)
2572{ 2585{
2573 struct EvaluationSummary *es = cls; 2586 struct EvaluationSummary *es = cls;
2574 struct CadetConnection *cc = ct->cc; 2587 struct CadetConnection *cc = ct->cc;
@@ -2581,79 +2594,80 @@ evaluate_connection(void *cls,
2581 double score; 2594 double score;
2582 double success_rate; 2595 double success_rate;
2583 2596
2584 ps = GCC_get_path(cc, 2597 ps = GCC_get_path (cc,
2585 &ct_length); 2598 &ct_length);
2586 LOG(GNUNET_ERROR_TYPE_DEBUG, 2599 LOG (GNUNET_ERROR_TYPE_DEBUG,
2587 "Evaluating path %s of existing %s\n", 2600 "Evaluating path %s of existing %s\n",
2588 GCPP_2s(ps), 2601 GCPP_2s (ps),
2589 GCC_2s(cc)); 2602 GCC_2s (cc));
2590 if (ps == es->path) 2603 if (ps == es->path)
2604 {
2605 LOG (GNUNET_ERROR_TYPE_DEBUG,
2606 "Ignoring duplicate path %s.\n",
2607 GCPP_2s (es->path));
2608 es->duplicate = GNUNET_YES;
2609 return;
2610 }
2611 if (NULL != es->path)
2612 {
2613 int duplicate = GNUNET_YES;
2614
2615 for (unsigned int i = 0; i < ct_length; i++)
2616 {
2617 GNUNET_assert (GCPP_get_length (es->path) > i);
2618 if (GCPP_get_peer_at_offset (es->path,
2619 i) !=
2620 GCPP_get_peer_at_offset (ps,
2621 i))
2622 {
2623 duplicate = GNUNET_NO;
2624 break;
2625 }
2626 }
2627 if (GNUNET_YES == duplicate)
2591 { 2628 {
2592 LOG(GNUNET_ERROR_TYPE_DEBUG, 2629 LOG (GNUNET_ERROR_TYPE_DEBUG,
2593 "Ignoring duplicate path %s.\n", 2630 "Ignoring overlapping path %s.\n",
2594 GCPP_2s(es->path)); 2631 GCPP_2s (es->path));
2595 es->duplicate = GNUNET_YES; 2632 es->duplicate = GNUNET_YES;
2596 return; 2633 return;
2597 } 2634 }
2598 if (NULL != es->path) 2635 else
2599 { 2636 {
2600 int duplicate = GNUNET_YES; 2637 LOG (GNUNET_ERROR_TYPE_DEBUG,
2601 2638 "Known path %s differs from proposed path\n",
2602 for (unsigned int i = 0; i < ct_length; i++) 2639 GCPP_2s (ps));
2603 {
2604 GNUNET_assert(GCPP_get_length(es->path) > i);
2605 if (GCPP_get_peer_at_offset(es->path,
2606 i) !=
2607 GCPP_get_peer_at_offset(ps,
2608 i))
2609 {
2610 duplicate = GNUNET_NO;
2611 break;
2612 }
2613 }
2614 if (GNUNET_YES == duplicate)
2615 {
2616 LOG(GNUNET_ERROR_TYPE_DEBUG,
2617 "Ignoring overlapping path %s.\n",
2618 GCPP_2s(es->path));
2619 es->duplicate = GNUNET_YES;
2620 return;
2621 }
2622 else
2623 {
2624 LOG(GNUNET_ERROR_TYPE_DEBUG,
2625 "Known path %s differs from proposed path\n",
2626 GCPP_2s(ps));
2627 }
2628 } 2640 }
2641 }
2629 2642
2630 ct_desirability = GCPP_get_desirability(ps); 2643 ct_desirability = GCPP_get_desirability (ps);
2631 metrics = GCC_get_metrics(cc); 2644 metrics = GCC_get_metrics (cc);
2632 uptime = GNUNET_TIME_absolute_get_duration(metrics->age); 2645 uptime = GNUNET_TIME_absolute_get_duration (metrics->age);
2633 last_use = GNUNET_TIME_absolute_get_duration(metrics->last_use); 2646 last_use = GNUNET_TIME_absolute_get_duration (metrics->last_use);
2634 /* We add 1.0 here to avoid division by zero. */ 2647 /* We add 1.0 here to avoid division by zero. */
2635 success_rate = (metrics->num_acked_transmissions + 1.0) / (metrics->num_successes + 1.0); 2648 success_rate = (metrics->num_acked_transmissions + 1.0)
2649 / (metrics->num_successes + 1.0);
2636 score 2650 score
2637 = ct_desirability 2651 = ct_desirability
2638 + 100.0 / (1.0 + ct_length) /* longer paths = better */ 2652 + 100.0 / (1.0 + ct_length) /* longer paths = better */
2639 + sqrt(uptime.rel_value_us / 60000000LL) /* larger uptime = better */ 2653 + sqrt (uptime.rel_value_us / 60000000LL) /* larger uptime = better */
2640 - last_use.rel_value_us / 1000L; /* longer idle = worse */ 2654 - last_use.rel_value_us / 1000L; /* longer idle = worse */
2641 score *= success_rate; /* weigh overall by success rate */ 2655 score *= success_rate; /* weigh overall by success rate */
2642 2656
2643 if ((NULL == es->worst) || 2657 if ((NULL == es->worst) ||
2644 (score < es->worst_score)) 2658 (score < es->worst_score))
2645 { 2659 {
2646 es->worst = ct; 2660 es->worst = ct;
2647 es->worst_score = score; 2661 es->worst_score = score;
2648 } 2662 }
2649 es->min_length = GNUNET_MIN(es->min_length, 2663 es->min_length = GNUNET_MIN (es->min_length,
2650 ct_length); 2664 ct_length);
2651 es->max_length = GNUNET_MAX(es->max_length, 2665 es->max_length = GNUNET_MAX (es->max_length,
2652 ct_length); 2666 ct_length);
2653 es->min_desire = GNUNET_MIN(es->min_desire, 2667 es->min_desire = GNUNET_MIN (es->min_desire,
2654 ct_desirability); 2668 ct_desirability);
2655 es->max_desire = GNUNET_MAX(es->max_desire, 2669 es->max_desire = GNUNET_MAX (es->max_desire,
2656 ct_desirability); 2670 ct_desirability);
2657} 2671}
2658 2672
2659 2673
@@ -2667,17 +2681,17 @@ evaluate_connection(void *cls,
2667 * @return #GNUNET_YES (should keep iterating) 2681 * @return #GNUNET_YES (should keep iterating)
2668 */ 2682 */
2669static int 2683static int
2670consider_path_cb(void *cls, 2684consider_path_cb (void *cls,
2671 struct CadetPeerPath *path, 2685 struct CadetPeerPath *path,
2672 unsigned int off) 2686 unsigned int off)
2673{ 2687{
2674 struct CadetTunnel *t = cls; 2688 struct CadetTunnel *t = cls;
2675 struct EvaluationSummary es; 2689 struct EvaluationSummary es;
2676 struct CadetTConnection *ct; 2690 struct CadetTConnection *ct;
2677 2691
2678 GNUNET_assert(off < GCPP_get_length(path)); 2692 GNUNET_assert (off < GCPP_get_length (path));
2679 GNUNET_assert(GCPP_get_peer_at_offset(path, 2693 GNUNET_assert (GCPP_get_peer_at_offset (path,
2680 off) == t->destination); 2694 off) == t->destination);
2681 es.min_length = UINT_MAX; 2695 es.min_length = UINT_MAX;
2682 es.max_length = 0; 2696 es.max_length = 0;
2683 es.max_desire = 0; 2697 es.max_desire = 0;
@@ -2687,16 +2701,16 @@ consider_path_cb(void *cls,
2687 es.worst = NULL; 2701 es.worst = NULL;
2688 2702
2689 /* Compute evaluation summary over existing connections. */ 2703 /* Compute evaluation summary over existing connections. */
2690 LOG(GNUNET_ERROR_TYPE_DEBUG, 2704 LOG (GNUNET_ERROR_TYPE_DEBUG,
2691 "Evaluating proposed path %s for target %s\n", 2705 "Evaluating proposed path %s for target %s\n",
2692 GCPP_2s(path), 2706 GCPP_2s (path),
2693 GCT_2s(t)); 2707 GCT_2s (t));
2694 /* FIXME: suspect this does not ACTUALLY iterate 2708 /* FIXME: suspect this does not ACTUALLY iterate
2695 over all existing paths, otherwise dup detection 2709 over all existing paths, otherwise dup detection
2696 should work!!! */ 2710 should work!!! */
2697 GCT_iterate_connections(t, 2711 GCT_iterate_connections (t,
2698 &evaluate_connection, 2712 &evaluate_connection,
2699 &es); 2713 &es);
2700 if (GNUNET_YES == es.duplicate) 2714 if (GNUNET_YES == es.duplicate)
2701 return GNUNET_YES; 2715 return GNUNET_YES;
2702 2716
@@ -2707,54 +2721,54 @@ consider_path_cb(void *cls,
2707 /* We iterate by increasing path length; if we have enough paths and 2721 /* We iterate by increasing path length; if we have enough paths and
2708 this one is more than twice as long than what we are currently 2722 this one is more than twice as long than what we are currently
2709 using, then ignore all of these super-long ones! */ 2723 using, then ignore all of these super-long ones! */
2710 if ((GCT_count_any_connections(t) > DESIRED_CONNECTIONS_PER_TUNNEL) && 2724 if ((GCT_count_any_connections (t) > DESIRED_CONNECTIONS_PER_TUNNEL) &&
2711 (es.min_length * 2 < off) && 2725 (es.min_length * 2 < off) &&
2712 (es.max_length < off)) 2726 (es.max_length < off))
2713 { 2727 {
2714 LOG(GNUNET_ERROR_TYPE_DEBUG, 2728 LOG (GNUNET_ERROR_TYPE_DEBUG,
2715 "Ignoring paths of length %u, they are way too long.\n", 2729 "Ignoring paths of length %u, they are way too long.\n",
2716 es.min_length * 2); 2730 es.min_length * 2);
2717 return GNUNET_NO; 2731 return GNUNET_NO;
2718 } 2732 }
2719 /* If we have enough paths and this one looks no better, ignore it. */ 2733 /* If we have enough paths and this one looks no better, ignore it. */
2720 if ((GCT_count_any_connections(t) >= DESIRED_CONNECTIONS_PER_TUNNEL) && 2734 if ((GCT_count_any_connections (t) >= DESIRED_CONNECTIONS_PER_TUNNEL) &&
2721 (es.min_length < GCPP_get_length(path)) && 2735 (es.min_length < GCPP_get_length (path)) &&
2722 (es.min_desire > GCPP_get_desirability(path)) && 2736 (es.min_desire > GCPP_get_desirability (path)) &&
2723 (es.max_length < off)) 2737 (es.max_length < off))
2724 { 2738 {
2725 LOG(GNUNET_ERROR_TYPE_DEBUG, 2739 LOG (GNUNET_ERROR_TYPE_DEBUG,
2726 "Ignoring path (%u/%llu) to %s, got something better already.\n", 2740 "Ignoring path (%u/%llu) to %s, got something better already.\n",
2727 GCPP_get_length(path), 2741 GCPP_get_length (path),
2728 (unsigned long long)GCPP_get_desirability(path), 2742 (unsigned long long) GCPP_get_desirability (path),
2729 GCP_2s(t->destination)); 2743 GCP_2s (t->destination));
2730 return GNUNET_YES; 2744 return GNUNET_YES;
2731 } 2745 }
2732 2746
2733 /* Path is interesting (better by some metric, or we don't have 2747 /* Path is interesting (better by some metric, or we don't have
2734 enough paths yet). */ 2748 enough paths yet). */
2735 ct = GNUNET_new(struct CadetTConnection); 2749 ct = GNUNET_new (struct CadetTConnection);
2736 ct->created = GNUNET_TIME_absolute_get(); 2750 ct->created = GNUNET_TIME_absolute_get ();
2737 ct->t = t; 2751 ct->t = t;
2738 ct->cc = GCC_create(t->destination, 2752 ct->cc = GCC_create (t->destination,
2739 path, 2753 path,
2740 off, 2754 off,
2741 ct, 2755 ct,
2742 &connection_ready_cb, 2756 &connection_ready_cb,
2743 ct); 2757 ct);
2744 2758
2745 /* FIXME: schedule job to kill connection (and path?) if it takes 2759 /* FIXME: schedule job to kill connection (and path?) if it takes
2746 too long to get ready! (And track performance data on how long 2760 too long to get ready! (And track performance data on how long
2747 other connections took with the tunnel!) 2761 other connections took with the tunnel!)
2748 => Note: to be done within 'connection'-logic! */ 2762 => Note: to be done within 'connection'-logic! */
2749 GNUNET_CONTAINER_DLL_insert(t->connection_busy_head, 2763 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
2750 t->connection_busy_tail, 2764 t->connection_busy_tail,
2751 ct); 2765 ct);
2752 t->num_busy_connections++; 2766 t->num_busy_connections++;
2753 LOG(GNUNET_ERROR_TYPE_DEBUG, 2767 LOG (GNUNET_ERROR_TYPE_DEBUG,
2754 "Found interesting path %s for %s, created %s\n", 2768 "Found interesting path %s for %s, created %s\n",
2755 GCPP_2s(path), 2769 GCPP_2s (path),
2756 GCT_2s(t), 2770 GCT_2s (t),
2757 GCC_2s(ct->cc)); 2771 GCC_2s (ct->cc));
2758 return GNUNET_YES; 2772 return GNUNET_YES;
2759} 2773}
2760 2774
@@ -2773,16 +2787,16 @@ consider_path_cb(void *cls,
2773 * @param cls the `struct CadetTunnel` 2787 * @param cls the `struct CadetTunnel`
2774 */ 2788 */
2775static void 2789static void
2776maintain_connections_cb(void *cls) 2790maintain_connections_cb (void *cls)
2777{ 2791{
2778 struct CadetTunnel *t = cls; 2792 struct CadetTunnel *t = cls;
2779 struct GNUNET_TIME_Relative delay; 2793 struct GNUNET_TIME_Relative delay;
2780 struct EvaluationSummary es; 2794 struct EvaluationSummary es;
2781 2795
2782 t->maintain_connections_task = NULL; 2796 t->maintain_connections_task = NULL;
2783 LOG(GNUNET_ERROR_TYPE_DEBUG, 2797 LOG (GNUNET_ERROR_TYPE_DEBUG,
2784 "Performing connection maintenance for %s.\n", 2798 "Performing connection maintenance for %s.\n",
2785 GCT_2s(t)); 2799 GCT_2s (t));
2786 2800
2787 es.min_length = UINT_MAX; 2801 es.min_length = UINT_MAX;
2788 es.max_length = 0; 2802 es.max_length = 0;
@@ -2791,21 +2805,21 @@ maintain_connections_cb(void *cls)
2791 es.path = NULL; 2805 es.path = NULL;
2792 es.worst = NULL; 2806 es.worst = NULL;
2793 es.duplicate = GNUNET_NO; 2807 es.duplicate = GNUNET_NO;
2794 GCT_iterate_connections(t, 2808 GCT_iterate_connections (t,
2795 &evaluate_connection, 2809 &evaluate_connection,
2796 &es); 2810 &es);
2797 if ((NULL != es.worst) && 2811 if ((NULL != es.worst) &&
2798 (GCT_count_any_connections(t) > DESIRED_CONNECTIONS_PER_TUNNEL)) 2812 (GCT_count_any_connections (t) > DESIRED_CONNECTIONS_PER_TUNNEL))
2799 { 2813 {
2800 /* Clear out worst-performing connection 'es.worst'. */ 2814 /* Clear out worst-performing connection 'es.worst'. */
2801 destroy_t_connection(t, 2815 destroy_t_connection (t,
2802 es.worst); 2816 es.worst);
2803 } 2817 }
2804 2818
2805 /* Consider additional paths */ 2819 /* Consider additional paths */
2806 (void)GCP_iterate_paths(t->destination, 2820 (void) GCP_iterate_paths (t->destination,
2807 &consider_path_cb, 2821 &consider_path_cb,
2808 t); 2822 t);
2809 2823
2810 /* FIXME: calculate when to try again based on how well we are doing; 2824 /* FIXME: calculate when to try again based on how well we are doing;
2811 in particular, if we have to few connections, we might be able 2825 in particular, if we have to few connections, we might be able
@@ -2817,9 +2831,9 @@ maintain_connections_cb(void *cls)
2817 and then reduce the frequency accordingly. */ 2831 and then reduce the frequency accordingly. */
2818 delay = GNUNET_TIME_UNIT_MINUTES; 2832 delay = GNUNET_TIME_UNIT_MINUTES;
2819 t->maintain_connections_task 2833 t->maintain_connections_task
2820 = GNUNET_SCHEDULER_add_delayed(delay, 2834 = GNUNET_SCHEDULER_add_delayed (delay,
2821 &maintain_connections_cb, 2835 &maintain_connections_cb,
2822 t); 2836 t);
2823} 2837}
2824 2838
2825 2839
@@ -2832,18 +2846,18 @@ maintain_connections_cb(void *cls)
2832 * @param off offset of the destination on path @a path 2846 * @param off offset of the destination on path @a path
2833 */ 2847 */
2834void 2848void
2835GCT_consider_path(struct CadetTunnel *t, 2849GCT_consider_path (struct CadetTunnel *t,
2836 struct CadetPeerPath *p, 2850 struct CadetPeerPath *p,
2837 unsigned int off) 2851 unsigned int off)
2838{ 2852{
2839 LOG(GNUNET_ERROR_TYPE_DEBUG, 2853 LOG (GNUNET_ERROR_TYPE_DEBUG,
2840 "Considering %s for %s (offset %u)\n", 2854 "Considering %s for %s (offset %u)\n",
2841 GCPP_2s(p), 2855 GCPP_2s (p),
2842 GCT_2s(t), 2856 GCT_2s (t),
2843 off); 2857 off);
2844 (void)consider_path_cb(t, 2858 (void) consider_path_cb (t,
2845 p, 2859 p,
2846 off); 2860 off);
2847} 2861}
2848 2862
2849 2863
@@ -2854,18 +2868,18 @@ GCT_consider_path(struct CadetTunnel *t,
2854 * @param msg the message we received on the tunnel 2868 * @param msg the message we received on the tunnel
2855 */ 2869 */
2856static void 2870static void
2857handle_plaintext_keepalive(void *cls, 2871handle_plaintext_keepalive (void *cls,
2858 const struct GNUNET_MessageHeader *msg) 2872 const struct GNUNET_MessageHeader *msg)
2859{ 2873{
2860 struct CadetTunnel *t = cls; 2874 struct CadetTunnel *t = cls;
2861 2875
2862 LOG(GNUNET_ERROR_TYPE_DEBUG, 2876 LOG (GNUNET_ERROR_TYPE_DEBUG,
2863 "Received KEEPALIVE on %s\n", 2877 "Received KEEPALIVE on %s\n",
2864 GCT_2s(t)); 2878 GCT_2s (t));
2865 GNUNET_STATISTICS_update(stats, 2879 GNUNET_STATISTICS_update (stats,
2866 "# keepalives received", 2880 "# keepalives received",
2867 1, 2881 1,
2868 GNUNET_NO); 2882 GNUNET_NO);
2869} 2883}
2870 2884
2871 2885
@@ -2877,8 +2891,8 @@ handle_plaintext_keepalive(void *cls,
2877 * @return #GNUNET_OK (any variable-size payload goes) 2891 * @return #GNUNET_OK (any variable-size payload goes)
2878 */ 2892 */
2879static int 2893static int
2880check_plaintext_data(void *cls, 2894check_plaintext_data (void *cls,
2881 const struct GNUNET_CADET_ChannelAppDataMessage *msg) 2895 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
2882{ 2896{
2883 return GNUNET_OK; 2897 return GNUNET_OK;
2884} 2898}
@@ -2892,29 +2906,29 @@ check_plaintext_data(void *cls,
2892 * @param msg the message we received on the tunnel 2906 * @param msg the message we received on the tunnel
2893 */ 2907 */
2894static void 2908static void
2895handle_plaintext_data(void *cls, 2909handle_plaintext_data (void *cls,
2896 const struct GNUNET_CADET_ChannelAppDataMessage *msg) 2910 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
2897{ 2911{
2898 struct CadetTunnel *t = cls; 2912 struct CadetTunnel *t = cls;
2899 struct CadetChannel *ch; 2913 struct CadetChannel *ch;
2900 2914
2901 ch = lookup_channel(t, 2915 ch = lookup_channel (t,
2902 msg->ctn); 2916 msg->ctn);
2903 if (NULL == ch) 2917 if (NULL == ch)
2904 { 2918 {
2905 /* We don't know about such a channel, might have been destroyed on our 2919 /* We don't know about such a channel, might have been destroyed on our
2906 end in the meantime, or never existed. Send back a DESTROY. */ 2920 end in the meantime, or never existed. Send back a DESTROY. */
2907 LOG(GNUNET_ERROR_TYPE_DEBUG, 2921 LOG (GNUNET_ERROR_TYPE_DEBUG,
2908 "Received %u bytes of application data for unknown channel %u, sending DESTROY\n", 2922 "Received %u bytes of application data for unknown channel %u, sending DESTROY\n",
2909 (unsigned int)(ntohs(msg->header.size) - sizeof(*msg)), 2923 (unsigned int) (ntohs (msg->header.size) - sizeof(*msg)),
2910 ntohl(msg->ctn.cn)); 2924 ntohl (msg->ctn.cn));
2911 GCT_send_channel_destroy(t, 2925 GCT_send_channel_destroy (t,
2912 msg->ctn); 2926 msg->ctn);
2913 return; 2927 return;
2914 } 2928 }
2915 GCCH_handle_channel_plaintext_data(ch, 2929 GCCH_handle_channel_plaintext_data (ch,
2916 GCC_get_id(t->current_ct->cc), 2930 GCC_get_id (t->current_ct->cc),
2917 msg); 2931 msg);
2918} 2932}
2919 2933
2920 2934
@@ -2927,28 +2941,28 @@ handle_plaintext_data(void *cls,
2927 * @param ack the message we received on the tunnel 2941 * @param ack the message we received on the tunnel
2928 */ 2942 */
2929static void 2943static void
2930handle_plaintext_data_ack(void *cls, 2944handle_plaintext_data_ack (void *cls,
2931 const struct GNUNET_CADET_ChannelDataAckMessage *ack) 2945 const struct GNUNET_CADET_ChannelDataAckMessage *ack)
2932{ 2946{
2933 struct CadetTunnel *t = cls; 2947 struct CadetTunnel *t = cls;
2934 struct CadetChannel *ch; 2948 struct CadetChannel *ch;
2935 2949
2936 ch = lookup_channel(t, 2950 ch = lookup_channel (t,
2937 ack->ctn); 2951 ack->ctn);
2938 if (NULL == ch) 2952 if (NULL == ch)
2939 { 2953 {
2940 /* We don't know about such a channel, might have been destroyed on our 2954 /* We don't know about such a channel, might have been destroyed on our
2941 end in the meantime, or never existed. Send back a DESTROY. */ 2955 end in the meantime, or never existed. Send back a DESTROY. */
2942 LOG(GNUNET_ERROR_TYPE_DEBUG, 2956 LOG (GNUNET_ERROR_TYPE_DEBUG,
2943 "Received DATA_ACK for unknown channel %u, sending DESTROY\n", 2957 "Received DATA_ACK for unknown channel %u, sending DESTROY\n",
2944 ntohl(ack->ctn.cn)); 2958 ntohl (ack->ctn.cn));
2945 GCT_send_channel_destroy(t, 2959 GCT_send_channel_destroy (t,
2946 ack->ctn); 2960 ack->ctn);
2947 return; 2961 return;
2948 } 2962 }
2949 GCCH_handle_channel_plaintext_data_ack(ch, 2963 GCCH_handle_channel_plaintext_data_ack (ch,
2950 GCC_get_id(t->current_ct->cc), 2964 GCC_get_id (t->current_ct->cc),
2951 ack); 2965 ack);
2952} 2966}
2953 2967
2954 2968
@@ -2960,43 +2974,44 @@ handle_plaintext_data_ack(void *cls,
2960 * @param copen the message we received on the tunnel 2974 * @param copen the message we received on the tunnel
2961 */ 2975 */
2962static void 2976static void
2963handle_plaintext_channel_open(void *cls, 2977handle_plaintext_channel_open (void *cls,
2964 const struct GNUNET_CADET_ChannelOpenMessage *copen) 2978 const struct
2979 GNUNET_CADET_ChannelOpenMessage *copen)
2965{ 2980{
2966 struct CadetTunnel *t = cls; 2981 struct CadetTunnel *t = cls;
2967 struct CadetChannel *ch; 2982 struct CadetChannel *ch;
2968 2983
2969 ch = GNUNET_CONTAINER_multihashmap32_get(t->channels, 2984 ch = GNUNET_CONTAINER_multihashmap32_get (t->channels,
2970 ntohl(copen->ctn.cn)); 2985 ntohl (copen->ctn.cn));
2971 if (NULL != ch) 2986 if (NULL != ch)
2972 { 2987 {
2973 LOG(GNUNET_ERROR_TYPE_DEBUG, 2988 LOG (GNUNET_ERROR_TYPE_DEBUG,
2974 "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n", 2989 "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
2975 GNUNET_h2s(&copen->h_port), 2990 GNUNET_h2s (&copen->h_port),
2976 GCT_2s(t), 2991 GCT_2s (t),
2977 GCCH_2s(ch)); 2992 GCCH_2s (ch));
2978 GCCH_handle_duplicate_open(ch, 2993 GCCH_handle_duplicate_open (ch,
2979 GCC_get_id(t->current_ct->cc)); 2994 GCC_get_id (t->current_ct->cc));
2980 return; 2995 return;
2981 } 2996 }
2982 LOG(GNUNET_ERROR_TYPE_DEBUG, 2997 LOG (GNUNET_ERROR_TYPE_DEBUG,
2983 "Received CHANNEL_OPEN on h_port %s from %s\n", 2998 "Received CHANNEL_OPEN on h_port %s from %s\n",
2984 GNUNET_h2s(&copen->h_port), 2999 GNUNET_h2s (&copen->h_port),
2985 GCT_2s(t)); 3000 GCT_2s (t));
2986 ch = GCCH_channel_incoming_new(t, 3001 ch = GCCH_channel_incoming_new (t,
2987 copen->ctn, 3002 copen->ctn,
2988 &copen->h_port, 3003 &copen->h_port,
2989 ntohl(copen->opt)); 3004 ntohl (copen->opt));
2990 if (NULL != t->destroy_task) 3005 if (NULL != t->destroy_task)
2991 { 3006 {
2992 GNUNET_SCHEDULER_cancel(t->destroy_task); 3007 GNUNET_SCHEDULER_cancel (t->destroy_task);
2993 t->destroy_task = NULL; 3008 t->destroy_task = NULL;
2994 } 3009 }
2995 GNUNET_assert(GNUNET_OK == 3010 GNUNET_assert (GNUNET_OK ==
2996 GNUNET_CONTAINER_multihashmap32_put(t->channels, 3011 GNUNET_CONTAINER_multihashmap32_put (t->channels,
2997 ntohl(copen->ctn.cn), 3012 ntohl (copen->ctn.cn),
2998 ch, 3013 ch,
2999 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); 3014 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
3000} 3015}
3001 3016
3002 3017
@@ -3007,22 +3022,22 @@ handle_plaintext_channel_open(void *cls,
3007 * @param ctn ID of the channel to destroy 3022 * @param ctn ID of the channel to destroy
3008 */ 3023 */
3009void 3024void
3010GCT_send_channel_destroy(struct CadetTunnel *t, 3025GCT_send_channel_destroy (struct CadetTunnel *t,
3011 struct GNUNET_CADET_ChannelTunnelNumber ctn) 3026 struct GNUNET_CADET_ChannelTunnelNumber ctn)
3012{ 3027{
3013 struct GNUNET_CADET_ChannelDestroyMessage msg; 3028 struct GNUNET_CADET_ChannelDestroyMessage msg;
3014 3029
3015 LOG(GNUNET_ERROR_TYPE_DEBUG, 3030 LOG (GNUNET_ERROR_TYPE_DEBUG,
3016 "Sending DESTORY message for channel ID %u\n", 3031 "Sending DESTORY message for channel ID %u\n",
3017 ntohl(ctn.cn)); 3032 ntohl (ctn.cn));
3018 msg.header.size = htons(sizeof(msg)); 3033 msg.header.size = htons (sizeof(msg));
3019 msg.header.type = htons(GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY); 3034 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY);
3020 msg.reserved = htonl(0); 3035 msg.reserved = htonl (0);
3021 msg.ctn = ctn; 3036 msg.ctn = ctn;
3022 GCT_send(t, 3037 GCT_send (t,
3023 &msg.header, 3038 &msg.header,
3024 NULL, 3039 NULL,
3025 NULL); 3040 NULL);
3026} 3041}
3027 3042
3028 3043
@@ -3035,32 +3050,33 @@ GCT_send_channel_destroy(struct CadetTunnel *t,
3035 * @param cm the message we received on the tunnel 3050 * @param cm the message we received on the tunnel
3036 */ 3051 */
3037static void 3052static void
3038handle_plaintext_channel_open_ack(void *cls, 3053handle_plaintext_channel_open_ack (void *cls,
3039 const struct GNUNET_CADET_ChannelOpenAckMessage *cm) 3054 const struct
3055 GNUNET_CADET_ChannelOpenAckMessage *cm)
3040{ 3056{
3041 struct CadetTunnel *t = cls; 3057 struct CadetTunnel *t = cls;
3042 struct CadetChannel *ch; 3058 struct CadetChannel *ch;
3043 3059
3044 ch = lookup_channel(t, 3060 ch = lookup_channel (t,
3045 cm->ctn); 3061 cm->ctn);
3046 if (NULL == ch) 3062 if (NULL == ch)
3047 { 3063 {
3048 /* We don't know about such a channel, might have been destroyed on our 3064 /* We don't know about such a channel, might have been destroyed on our
3049 end in the meantime, or never existed. Send back a DESTROY. */ 3065 end in the meantime, or never existed. Send back a DESTROY. */
3050 LOG(GNUNET_ERROR_TYPE_DEBUG, 3066 LOG (GNUNET_ERROR_TYPE_DEBUG,
3051 "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n", 3067 "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n",
3052 ntohl(cm->ctn.cn)); 3068 ntohl (cm->ctn.cn));
3053 GCT_send_channel_destroy(t, 3069 GCT_send_channel_destroy (t,
3054 cm->ctn); 3070 cm->ctn);
3055 return; 3071 return;
3056 } 3072 }
3057 LOG(GNUNET_ERROR_TYPE_DEBUG, 3073 LOG (GNUNET_ERROR_TYPE_DEBUG,
3058 "Received channel OPEN_ACK on channel %s from %s\n", 3074 "Received channel OPEN_ACK on channel %s from %s\n",
3059 GCCH_2s(ch), 3075 GCCH_2s (ch),
3060 GCT_2s(t)); 3076 GCT_2s (t));
3061 GCCH_handle_channel_open_ack(ch, 3077 GCCH_handle_channel_open_ack (ch,
3062 GCC_get_id(t->current_ct->cc), 3078 GCC_get_id (t->current_ct->cc),
3063 &cm->port); 3079 &cm->port);
3064} 3080}
3065 3081
3066 3082
@@ -3072,29 +3088,30 @@ handle_plaintext_channel_open_ack(void *cls,
3072 * @param cm the message we received on the tunnel 3088 * @param cm the message we received on the tunnel
3073 */ 3089 */
3074static void 3090static void
3075handle_plaintext_channel_destroy(void *cls, 3091handle_plaintext_channel_destroy (void *cls,
3076 const struct GNUNET_CADET_ChannelDestroyMessage *cm) 3092 const struct
3093 GNUNET_CADET_ChannelDestroyMessage *cm)
3077{ 3094{
3078 struct CadetTunnel *t = cls; 3095 struct CadetTunnel *t = cls;
3079 struct CadetChannel *ch; 3096 struct CadetChannel *ch;
3080 3097
3081 ch = lookup_channel(t, 3098 ch = lookup_channel (t,
3082 cm->ctn); 3099 cm->ctn);
3083 if (NULL == ch) 3100 if (NULL == ch)
3084 { 3101 {
3085 /* We don't know about such a channel, might have been destroyed on our 3102 /* We don't know about such a channel, might have been destroyed on our
3086 end in the meantime, or never existed. */ 3103 end in the meantime, or never existed. */
3087 LOG(GNUNET_ERROR_TYPE_DEBUG, 3104 LOG (GNUNET_ERROR_TYPE_DEBUG,
3088 "Received channel DESTORY for unknown channel %u. Ignoring.\n", 3105 "Received channel DESTORY for unknown channel %u. Ignoring.\n",
3089 ntohl(cm->ctn.cn)); 3106 ntohl (cm->ctn.cn));
3090 return; 3107 return;
3091 } 3108 }
3092 LOG(GNUNET_ERROR_TYPE_DEBUG, 3109 LOG (GNUNET_ERROR_TYPE_DEBUG,
3093 "Received channel DESTROY on %s from %s\n", 3110 "Received channel DESTROY on %s from %s\n",
3094 GCCH_2s(ch), 3111 GCCH_2s (ch),
3095 GCT_2s(t)); 3112 GCT_2s (t));
3096 GCCH_handle_remote_destroy(ch, 3113 GCCH_handle_remote_destroy (ch,
3097 GCC_get_id(t->current_ct->cc)); 3114 GCC_get_id (t->current_ct->cc));
3098} 3115}
3099 3116
3100 3117
@@ -3109,14 +3126,14 @@ handle_plaintext_channel_destroy(void *cls,
3109 * #GNUNET_SYSERR to stop further processing with error 3126 * #GNUNET_SYSERR to stop further processing with error
3110 */ 3127 */
3111static int 3128static int
3112handle_decrypted(void *cls, 3129handle_decrypted (void *cls,
3113 const struct GNUNET_MessageHeader *msg) 3130 const struct GNUNET_MessageHeader *msg)
3114{ 3131{
3115 struct CadetTunnel *t = cls; 3132 struct CadetTunnel *t = cls;
3116 3133
3117 GNUNET_assert(NULL != t->current_ct); 3134 GNUNET_assert (NULL != t->current_ct);
3118 GNUNET_MQ_inject_message(t->mq, 3135 GNUNET_MQ_inject_message (t->mq,
3119 msg); 3136 msg);
3120 return GNUNET_OK; 3137 return GNUNET_OK;
3121} 3138}
3122 3139
@@ -3129,10 +3146,10 @@ handle_decrypted(void *cls,
3129 * @param error error code 3146 * @param error error code
3130 */ 3147 */
3131static void 3148static void
3132decrypted_error_cb(void *cls, 3149decrypted_error_cb (void *cls,
3133 enum GNUNET_MQ_Error error) 3150 enum GNUNET_MQ_Error error)
3134{ 3151{
3135 GNUNET_break_op(0); 3152 GNUNET_break_op (0);
3136} 3153}
3137 3154
3138 3155
@@ -3144,55 +3161,55 @@ decrypted_error_cb(void *cls,
3144 * @return new tunnel to @a destination 3161 * @return new tunnel to @a destination
3145 */ 3162 */
3146struct CadetTunnel * 3163struct CadetTunnel *
3147GCT_create_tunnel(struct CadetPeer *destination) 3164GCT_create_tunnel (struct CadetPeer *destination)
3148{ 3165{
3149 struct CadetTunnel *t = GNUNET_new(struct CadetTunnel); 3166 struct CadetTunnel *t = GNUNET_new (struct CadetTunnel);
3150 struct GNUNET_MQ_MessageHandler handlers[] = { 3167 struct GNUNET_MQ_MessageHandler handlers[] = {
3151 GNUNET_MQ_hd_fixed_size(plaintext_keepalive, 3168 GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
3152 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE, 3169 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE,
3153 struct GNUNET_MessageHeader, 3170 struct GNUNET_MessageHeader,
3154 t), 3171 t),
3155 GNUNET_MQ_hd_var_size(plaintext_data, 3172 GNUNET_MQ_hd_var_size (plaintext_data,
3156 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA, 3173 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA,
3157 struct GNUNET_CADET_ChannelAppDataMessage, 3174 struct GNUNET_CADET_ChannelAppDataMessage,
3158 t), 3175 t),
3159 GNUNET_MQ_hd_fixed_size(plaintext_data_ack, 3176 GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
3160 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK, 3177 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK,
3161 struct GNUNET_CADET_ChannelDataAckMessage, 3178 struct GNUNET_CADET_ChannelDataAckMessage,
3162 t), 3179 t),
3163 GNUNET_MQ_hd_fixed_size(plaintext_channel_open, 3180 GNUNET_MQ_hd_fixed_size (plaintext_channel_open,
3164 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN, 3181 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN,
3165 struct GNUNET_CADET_ChannelOpenMessage, 3182 struct GNUNET_CADET_ChannelOpenMessage,
3166 t), 3183 t),
3167 GNUNET_MQ_hd_fixed_size(plaintext_channel_open_ack, 3184 GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
3168 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK, 3185 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK,
3169 struct GNUNET_CADET_ChannelOpenAckMessage, 3186 struct GNUNET_CADET_ChannelOpenAckMessage,
3170 t), 3187 t),
3171 GNUNET_MQ_hd_fixed_size(plaintext_channel_destroy, 3188 GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
3172 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY, 3189 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY,
3173 struct GNUNET_CADET_ChannelDestroyMessage, 3190 struct GNUNET_CADET_ChannelDestroyMessage,
3174 t), 3191 t),
3175 GNUNET_MQ_handler_end() 3192 GNUNET_MQ_handler_end ()
3176 }; 3193 };
3177 3194
3178 t->kx_retry_delay = INITIAL_KX_RETRY_DELAY; 3195 t->kx_retry_delay = INITIAL_KX_RETRY_DELAY;
3179 new_ephemeral(&t->ax); 3196 new_ephemeral (&t->ax);
3180 GNUNET_assert(GNUNET_OK == 3197 GNUNET_assert (GNUNET_OK ==
3181 GNUNET_CRYPTO_ecdhe_key_create2(&t->ax.kx_0)); 3198 GNUNET_CRYPTO_ecdhe_key_create2 (&t->ax.kx_0));
3182 t->destination = destination; 3199 t->destination = destination;
3183 t->channels = GNUNET_CONTAINER_multihashmap32_create(8); 3200 t->channels = GNUNET_CONTAINER_multihashmap32_create (8);
3184 t->maintain_connections_task 3201 t->maintain_connections_task
3185 = GNUNET_SCHEDULER_add_now(&maintain_connections_cb, 3202 = GNUNET_SCHEDULER_add_now (&maintain_connections_cb,
3186 t); 3203 t);
3187 t->mq = GNUNET_MQ_queue_for_callbacks(NULL, 3204 t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
3188 NULL, 3205 NULL,
3189 NULL, 3206 NULL,
3190 NULL, 3207 NULL,
3191 handlers, 3208 handlers,
3192 &decrypted_error_cb, 3209 &decrypted_error_cb,
3193 t); 3210 t);
3194 t->mst = GNUNET_MST_create(&handle_decrypted, 3211 t->mst = GNUNET_MST_create (&handle_decrypted,
3195 t); 3212 t);
3196 return t; 3213 return t;
3197} 3214}
3198 3215
@@ -3208,42 +3225,43 @@ GCT_create_tunnel(struct CadetPeer *destination)
3208 * #GNUNET_SYSERR on failure (duplicate connection) 3225 * #GNUNET_SYSERR on failure (duplicate connection)
3209 */ 3226 */
3210int 3227int
3211GCT_add_inbound_connection(struct CadetTunnel *t, 3228GCT_add_inbound_connection (struct CadetTunnel *t,
3212 const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, 3229 const struct
3213 struct CadetPeerPath *path) 3230 GNUNET_CADET_ConnectionTunnelIdentifier *cid,
3231 struct CadetPeerPath *path)
3214{ 3232{
3215 struct CadetTConnection *ct; 3233 struct CadetTConnection *ct;
3216 3234
3217 ct = GNUNET_new(struct CadetTConnection); 3235 ct = GNUNET_new (struct CadetTConnection);
3218 ct->created = GNUNET_TIME_absolute_get(); 3236 ct->created = GNUNET_TIME_absolute_get ();
3219 ct->t = t; 3237 ct->t = t;
3220 ct->cc = GCC_create_inbound(t->destination, 3238 ct->cc = GCC_create_inbound (t->destination,
3221 path, 3239 path,
3222 ct, 3240 ct,
3223 cid, 3241 cid,
3224 &connection_ready_cb, 3242 &connection_ready_cb,
3225 ct); 3243 ct);
3226 if (NULL == ct->cc) 3244 if (NULL == ct->cc)
3227 { 3245 {
3228 LOG(GNUNET_ERROR_TYPE_DEBUG, 3246 LOG (GNUNET_ERROR_TYPE_DEBUG,
3229 "%s refused inbound %s (duplicate)\n", 3247 "%s refused inbound %s (duplicate)\n",
3230 GCT_2s(t), 3248 GCT_2s (t),
3231 GCC_2s(ct->cc)); 3249 GCC_2s (ct->cc));
3232 GNUNET_free(ct); 3250 GNUNET_free (ct);
3233 return GNUNET_SYSERR; 3251 return GNUNET_SYSERR;
3234 } 3252 }
3235 /* FIXME: schedule job to kill connection (and path?) if it takes 3253 /* FIXME: schedule job to kill connection (and path?) if it takes
3236 too long to get ready! (And track performance data on how long 3254 too long to get ready! (And track performance data on how long
3237 other connections took with the tunnel!) 3255 other connections took with the tunnel!)
3238 => Note: to be done within 'connection'-logic! */ 3256 => Note: to be done within 'connection'-logic! */
3239 GNUNET_CONTAINER_DLL_insert(t->connection_busy_head, 3257 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
3240 t->connection_busy_tail, 3258 t->connection_busy_tail,
3241 ct); 3259 ct);
3242 t->num_busy_connections++; 3260 t->num_busy_connections++;
3243 LOG(GNUNET_ERROR_TYPE_DEBUG, 3261 LOG (GNUNET_ERROR_TYPE_DEBUG,
3244 "%s has new %s\n", 3262 "%s has new %s\n",
3245 GCT_2s(t), 3263 GCT_2s (t),
3246 GCC_2s(ct->cc)); 3264 GCC_2s (ct->cc));
3247 return GNUNET_OK; 3265 return GNUNET_OK;
3248} 3266}
3249 3267
@@ -3255,177 +3273,177 @@ GCT_add_inbound_connection(struct CadetTunnel *t,
3255 * @param msg the encrypted message to decrypt 3273 * @param msg the encrypted message to decrypt
3256 */ 3274 */
3257void 3275void
3258GCT_handle_encrypted(struct CadetTConnection *ct, 3276GCT_handle_encrypted (struct CadetTConnection *ct,
3259 const struct GNUNET_CADET_TunnelEncryptedMessage *msg) 3277 const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
3260{ 3278{
3261 struct CadetTunnel *t = ct->t; 3279 struct CadetTunnel *t = ct->t;
3262 uint16_t size = ntohs(msg->header.size); 3280 uint16_t size = ntohs (msg->header.size);
3263 char cbuf [size] GNUNET_ALIGN; 3281 char cbuf [size] GNUNET_ALIGN;
3264 ssize_t decrypted_size; 3282 ssize_t decrypted_size;
3265 3283
3266 LOG(GNUNET_ERROR_TYPE_DEBUG, 3284 LOG (GNUNET_ERROR_TYPE_DEBUG,
3267 "%s received %u bytes of encrypted data in state %d\n", 3285 "%s received %u bytes of encrypted data in state %d\n",
3268 GCT_2s(t), 3286 GCT_2s (t),
3269 (unsigned int)size, 3287 (unsigned int) size,
3270 t->estate); 3288 t->estate);
3271 3289
3272 switch (t->estate) 3290 switch (t->estate)
3273 { 3291 {
3274 case CADET_TUNNEL_KEY_UNINITIALIZED: 3292 case CADET_TUNNEL_KEY_UNINITIALIZED:
3275 case CADET_TUNNEL_KEY_AX_RECV: 3293 case CADET_TUNNEL_KEY_AX_RECV:
3276 /* We did not even SEND our KX, how can the other peer 3294 /* We did not even SEND our KX, how can the other peer
3277 send us encrypted data? Must have been that we went 3295 send us encrypted data? Must have been that we went
3278 down and the other peer still things we are up. 3296 down and the other peer still things we are up.
3279 Let's send it KX back. */ 3297 Let's send it KX back. */
3280 GNUNET_STATISTICS_update(stats, 3298 GNUNET_STATISTICS_update (stats,
3281 "# received encrypted without any KX", 3299 "# received encrypted without any KX",
3282 1, 3300 1,
3283 GNUNET_NO); 3301 GNUNET_NO);
3284 if (NULL != t->kx_task) 3302 if (NULL != t->kx_task)
3285 { 3303 {
3286 GNUNET_SCHEDULER_cancel(t->kx_task); 3304 GNUNET_SCHEDULER_cancel (t->kx_task);
3287 t->kx_task = NULL; 3305 t->kx_task = NULL;
3288 } 3306 }
3289 send_kx(t, 3307 send_kx (t,
3290 ct, 3308 ct,
3291 &t->ax); 3309 &t->ax);
3292 return; 3310 return;
3293
3294 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
3295 /* We send KX, and other peer send KX to us at the same time.
3296 Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3297 GNUNET_STATISTICS_update(stats,
3298 "# received encrypted without KX_AUTH",
3299 1,
3300 GNUNET_NO);
3301 if (NULL != t->kx_task)
3302 {
3303 GNUNET_SCHEDULER_cancel(t->kx_task);
3304 t->kx_task = NULL;
3305 }
3306 send_kx_auth(t,
3307 ct,
3308 &t->ax,
3309 GNUNET_YES);
3310 return;
3311 3311
3312 case CADET_TUNNEL_KEY_AX_SENT: 3312 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
3313 /* We did not get the KX of the other peer, but that 3313 /* We send KX, and other peer send KX to us at the same time.
3314 might have been lost. Send our KX again immediately. */ 3314 Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3315 GNUNET_STATISTICS_update(stats, 3315 GNUNET_STATISTICS_update (stats,
3316 "# received encrypted without KX", 3316 "# received encrypted without KX_AUTH",
3317 1, 3317 1,
3318 GNUNET_NO); 3318 GNUNET_NO);
3319 if (NULL != t->kx_task) 3319 if (NULL != t->kx_task)
3320 { 3320 {
3321 GNUNET_SCHEDULER_cancel(t->kx_task); 3321 GNUNET_SCHEDULER_cancel (t->kx_task);
3322 t->kx_task = NULL; 3322 t->kx_task = NULL;
3323 } 3323 }
3324 send_kx(t, 3324 send_kx_auth (t,
3325 ct, 3325 ct,
3326 &t->ax); 3326 &t->ax,
3327 return; 3327 GNUNET_YES);
3328 return;
3328 3329
3329 case CADET_TUNNEL_KEY_AX_AUTH_SENT: 3330 case CADET_TUNNEL_KEY_AX_SENT:
3330 /* Great, first payload, we might graduate to OK! */ 3331 /* We did not get the KX of the other peer, but that
3331 case CADET_TUNNEL_KEY_OK: 3332 might have been lost. Send our KX again immediately. */
3332 /* We are up and running, all good. */ 3333 GNUNET_STATISTICS_update (stats,
3333 break; 3334 "# received encrypted without KX",
3335 1,
3336 GNUNET_NO);
3337 if (NULL != t->kx_task)
3338 {
3339 GNUNET_SCHEDULER_cancel (t->kx_task);
3340 t->kx_task = NULL;
3334 } 3341 }
3342 send_kx (t,
3343 ct,
3344 &t->ax);
3345 return;
3346
3347 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
3348 /* Great, first payload, we might graduate to OK! */
3349 case CADET_TUNNEL_KEY_OK:
3350 /* We are up and running, all good. */
3351 break;
3352 }
3335 3353
3336 decrypted_size = -1; 3354 decrypted_size = -1;
3337 if (CADET_TUNNEL_KEY_OK == t->estate) 3355 if (CADET_TUNNEL_KEY_OK == t->estate)
3338 { 3356 {
3339 /* We have well-established key material available, 3357 /* We have well-established key material available,
3340 try that. (This is the common case.) */ 3358 try that. (This is the common case.) */
3341 decrypted_size = t_ax_decrypt_and_validate(&t->ax, 3359 decrypted_size = t_ax_decrypt_and_validate (&t->ax,
3342 cbuf, 3360 cbuf,
3343 msg, 3361 msg,
3344 size); 3362 size);
3345 } 3363 }
3346 3364
3347 if ((-1 == decrypted_size) && 3365 if ((-1 == decrypted_size) &&
3348 (NULL != t->unverified_ax)) 3366 (NULL != t->unverified_ax))
3367 {
3368 /* We have un-authenticated KX material available. We should try
3369 this as a back-up option, in case the sender crashed and
3370 switched keys. */
3371 decrypted_size = t_ax_decrypt_and_validate (t->unverified_ax,
3372 cbuf,
3373 msg,
3374 size);
3375 if (-1 != decrypted_size)
3376 {
3377 /* It worked! Treat this as authentication of the AX data! */
3378 cleanup_ax (&t->ax);
3379 t->ax = *t->unverified_ax;
3380 GNUNET_free (t->unverified_ax);
3381 t->unverified_ax = NULL;
3382 }
3383 if (CADET_TUNNEL_KEY_AX_AUTH_SENT == t->estate)
3349 { 3384 {
3350 /* We have un-authenticated KX material available. We should try 3385 /* First time it worked, move tunnel into production! */
3351 this as a back-up option, in case the sender crashed and 3386 GCT_change_estate (t,
3352 switched keys. */ 3387 CADET_TUNNEL_KEY_OK);
3353 decrypted_size = t_ax_decrypt_and_validate(t->unverified_ax, 3388 if (NULL != t->send_task)
3354 cbuf, 3389 GNUNET_SCHEDULER_cancel (t->send_task);
3355 msg, 3390 t->send_task = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
3356 size); 3391 t);
3357 if (-1 != decrypted_size)
3358 {
3359 /* It worked! Treat this as authentication of the AX data! */
3360 cleanup_ax(&t->ax);
3361 t->ax = *t->unverified_ax;
3362 GNUNET_free(t->unverified_ax);
3363 t->unverified_ax = NULL;
3364 }
3365 if (CADET_TUNNEL_KEY_AX_AUTH_SENT == t->estate)
3366 {
3367 /* First time it worked, move tunnel into production! */
3368 GCT_change_estate(t,
3369 CADET_TUNNEL_KEY_OK);
3370 if (NULL != t->send_task)
3371 GNUNET_SCHEDULER_cancel(t->send_task);
3372 t->send_task = GNUNET_SCHEDULER_add_now(&trigger_transmissions,
3373 t);
3374 }
3375 } 3392 }
3393 }
3376 if (NULL != t->unverified_ax) 3394 if (NULL != t->unverified_ax)
3377 { 3395 {
3378 /* We had unverified KX material that was useless; so increment 3396 /* We had unverified KX material that was useless; so increment
3379 counter and eventually move to ignore it. Note that we even do 3397 counter and eventually move to ignore it. Note that we even do
3380 this increment if we successfully decrypted with the old KX 3398 this increment if we successfully decrypted with the old KX
3381 material and thus didn't even both with the new one. This is 3399 material and thus didn't even both with the new one. This is
3382 the ideal case, as a malicious injection of bogus KX data 3400 the ideal case, as a malicious injection of bogus KX data
3383 basically only causes us to increment a counter a few times. */ 3401 basically only causes us to increment a counter a few times. */
3384 t->unverified_attempts++; 3402 t->unverified_attempts++;
3385 LOG(GNUNET_ERROR_TYPE_DEBUG, 3403 LOG (GNUNET_ERROR_TYPE_DEBUG,
3386 "Failed to decrypt message with unverified KX data %u times\n", 3404 "Failed to decrypt message with unverified KX data %u times\n",
3387 t->unverified_attempts); 3405 t->unverified_attempts);
3388 if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS) 3406 if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS)
3389 { 3407 {
3390 cleanup_ax(t->unverified_ax); 3408 cleanup_ax (t->unverified_ax);
3391 GNUNET_free(t->unverified_ax); 3409 GNUNET_free (t->unverified_ax);
3392 t->unverified_ax = NULL; 3410 t->unverified_ax = NULL;
3393 }
3394 } 3411 }
3412 }
3395 3413
3396 if (-1 == decrypted_size) 3414 if (-1 == decrypted_size)
3397 { 3415 {
3398 /* Decryption failed for good, complain. */ 3416 /* Decryption failed for good, complain. */
3399 LOG(GNUNET_ERROR_TYPE_WARNING, 3417 LOG (GNUNET_ERROR_TYPE_WARNING,
3400 "%s failed to decrypt and validate encrypted data, retrying KX\n", 3418 "%s failed to decrypt and validate encrypted data, retrying KX\n",
3401 GCT_2s(t)); 3419 GCT_2s (t));
3402 GNUNET_STATISTICS_update(stats, 3420 GNUNET_STATISTICS_update (stats,
3403 "# unable to decrypt", 3421 "# unable to decrypt",
3404 1, 3422 1,
3405 GNUNET_NO); 3423 GNUNET_NO);
3406 if (NULL != t->kx_task) 3424 if (NULL != t->kx_task)
3407 { 3425 {
3408 GNUNET_SCHEDULER_cancel(t->kx_task); 3426 GNUNET_SCHEDULER_cancel (t->kx_task);
3409 t->kx_task = NULL; 3427 t->kx_task = NULL;
3410 }
3411 send_kx(t,
3412 ct,
3413 &t->ax);
3414 return;
3415 } 3428 }
3416 GNUNET_STATISTICS_update(stats, 3429 send_kx (t,
3417 "# decrypted bytes", 3430 ct,
3418 decrypted_size, 3431 &t->ax);
3419 GNUNET_NO); 3432 return;
3433 }
3434 GNUNET_STATISTICS_update (stats,
3435 "# decrypted bytes",
3436 decrypted_size,
3437 GNUNET_NO);
3420 3438
3421 /* The MST will ultimately call #handle_decrypted() on each message. */ 3439 /* The MST will ultimately call #handle_decrypted() on each message. */
3422 t->current_ct = ct; 3440 t->current_ct = ct;
3423 GNUNET_break_op(GNUNET_OK == 3441 GNUNET_break_op (GNUNET_OK ==
3424 GNUNET_MST_from_buffer(t->mst, 3442 GNUNET_MST_from_buffer (t->mst,
3425 cbuf, 3443 cbuf,
3426 decrypted_size, 3444 decrypted_size,
3427 GNUNET_YES, 3445 GNUNET_YES,
3428 GNUNET_NO)); 3446 GNUNET_NO));
3429 t->current_ct = NULL; 3447 t->current_ct = NULL;
3430} 3448}
3431 3449
@@ -3441,10 +3459,10 @@ GCT_handle_encrypted(struct CadetTConnection *ct,
3441 * @return Handle to cancel message 3459 * @return Handle to cancel message
3442 */ 3460 */
3443struct CadetTunnelQueueEntry * 3461struct CadetTunnelQueueEntry *
3444GCT_send(struct CadetTunnel *t, 3462GCT_send (struct CadetTunnel *t,
3445 const struct GNUNET_MessageHeader *message, 3463 const struct GNUNET_MessageHeader *message,
3446 GCT_SendContinuation cont, 3464 GCT_SendContinuation cont,
3447 void *cont_cls) 3465 void *cont_cls)
3448{ 3466{
3449 struct CadetTunnelQueueEntry *tq; 3467 struct CadetTunnelQueueEntry *tq;
3450 uint16_t payload_size; 3468 uint16_t payload_size;
@@ -3452,55 +3470,55 @@ GCT_send(struct CadetTunnel *t,
3452 struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg; 3470 struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
3453 3471
3454 if (CADET_TUNNEL_KEY_OK != t->estate) 3472 if (CADET_TUNNEL_KEY_OK != t->estate)
3455 { 3473 {
3456 GNUNET_break(0); 3474 GNUNET_break (0);
3457 return NULL; 3475 return NULL;
3458 } 3476 }
3459 payload_size = ntohs(message->size); 3477 payload_size = ntohs (message->size);
3460 LOG(GNUNET_ERROR_TYPE_DEBUG, 3478 LOG (GNUNET_ERROR_TYPE_DEBUG,
3461 "Encrypting %u bytes for %s\n", 3479 "Encrypting %u bytes for %s\n",
3462 (unsigned int)payload_size, 3480 (unsigned int) payload_size,
3463 GCT_2s(t)); 3481 GCT_2s (t));
3464 env = GNUNET_MQ_msg_extra(ax_msg, 3482 env = GNUNET_MQ_msg_extra (ax_msg,
3483 payload_size,
3484 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED);
3485 t_ax_encrypt (&t->ax,
3486 &ax_msg[1],
3487 message,
3488 payload_size);
3489 GNUNET_STATISTICS_update (stats,
3490 "# encrypted bytes",
3465 payload_size, 3491 payload_size,
3466 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED); 3492 GNUNET_NO);
3467 t_ax_encrypt(&t->ax, 3493 ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
3468 &ax_msg[1], 3494 ax_msg->ax_header.PNs = htonl (t->ax.PNs);
3469 message,
3470 payload_size);
3471 GNUNET_STATISTICS_update(stats,
3472 "# encrypted bytes",
3473 payload_size,
3474 GNUNET_NO);
3475 ax_msg->ax_header.Ns = htonl(t->ax.Ns++);
3476 ax_msg->ax_header.PNs = htonl(t->ax.PNs);
3477 /* FIXME: we should do this once, not once per message; 3495 /* FIXME: we should do this once, not once per message;
3478 this is a point multiplication, and DHRs does not 3496 this is a point multiplication, and DHRs does not
3479 change all the time. */ 3497 change all the time. */
3480 GNUNET_CRYPTO_ecdhe_key_get_public(&t->ax.DHRs, 3498 GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs,
3481 &ax_msg->ax_header.DHRs); 3499 &ax_msg->ax_header.DHRs);
3482 t_h_encrypt(&t->ax, 3500 t_h_encrypt (&t->ax,
3483 ax_msg); 3501 ax_msg);
3484 t_hmac(&ax_msg->ax_header, 3502 t_hmac (&ax_msg->ax_header,
3485 sizeof(struct GNUNET_CADET_AxHeader) + payload_size, 3503 sizeof(struct GNUNET_CADET_AxHeader) + payload_size,
3486 0, 3504 0,
3487 &t->ax.HKs, 3505 &t->ax.HKs,
3488 &ax_msg->hmac); 3506 &ax_msg->hmac);
3489 3507
3490 tq = GNUNET_malloc(sizeof(*tq)); 3508 tq = GNUNET_malloc (sizeof(*tq));
3491 tq->t = t; 3509 tq->t = t;
3492 tq->env = env; 3510 tq->env = env;
3493 tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */ 3511 tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */
3494 tq->cont = cont; 3512 tq->cont = cont;
3495 tq->cont_cls = cont_cls; 3513 tq->cont_cls = cont_cls;
3496 GNUNET_CONTAINER_DLL_insert_tail(t->tq_head, 3514 GNUNET_CONTAINER_DLL_insert_tail (t->tq_head,
3497 t->tq_tail, 3515 t->tq_tail,
3498 tq); 3516 tq);
3499 if (NULL != t->send_task) 3517 if (NULL != t->send_task)
3500 GNUNET_SCHEDULER_cancel(t->send_task); 3518 GNUNET_SCHEDULER_cancel (t->send_task);
3501 t->send_task 3519 t->send_task
3502 = GNUNET_SCHEDULER_add_now(&trigger_transmissions, 3520 = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
3503 t); 3521 t);
3504 return tq; 3522 return tq;
3505} 3523}
3506 3524
@@ -3515,15 +3533,15 @@ GCT_send(struct CadetTunnel *t,
3515 * @param tq Handle to the queue entry to cancel. 3533 * @param tq Handle to the queue entry to cancel.
3516 */ 3534 */
3517void 3535void
3518GCT_send_cancel(struct CadetTunnelQueueEntry *tq) 3536GCT_send_cancel (struct CadetTunnelQueueEntry *tq)
3519{ 3537{
3520 struct CadetTunnel *t = tq->t; 3538 struct CadetTunnel *t = tq->t;
3521 3539
3522 GNUNET_CONTAINER_DLL_remove(t->tq_head, 3540 GNUNET_CONTAINER_DLL_remove (t->tq_head,
3523 t->tq_tail, 3541 t->tq_tail,
3524 tq); 3542 tq);
3525 GNUNET_MQ_discard(tq->env); 3543 GNUNET_MQ_discard (tq->env);
3526 GNUNET_free(tq); 3544 GNUNET_free (tq);
3527} 3545}
3528 3546
3529 3547
@@ -3535,35 +3553,36 @@ GCT_send_cancel(struct CadetTunnelQueueEntry *tq)
3535 * @param iter_cls Closure for @c iter. 3553 * @param iter_cls Closure for @c iter.
3536 */ 3554 */
3537void 3555void
3538GCT_iterate_connections(struct CadetTunnel *t, 3556GCT_iterate_connections (struct CadetTunnel *t,
3539 GCT_ConnectionIterator iter, 3557 GCT_ConnectionIterator iter,
3540 void *iter_cls) 3558 void *iter_cls)
3541{ 3559{
3542 struct CadetTConnection *n; 3560 struct CadetTConnection *n;
3543 3561
3544 for (struct CadetTConnection *ct = t->connection_ready_head; 3562 for (struct CadetTConnection *ct = t->connection_ready_head;
3545 NULL != ct; 3563 NULL != ct;
3546 ct = n) 3564 ct = n)
3547 { 3565 {
3548 n = ct->next; 3566 n = ct->next;
3549 iter(iter_cls, 3567 iter (iter_cls,
3550 ct); 3568 ct);
3551 } 3569 }
3552 for (struct CadetTConnection *ct = t->connection_busy_head; 3570 for (struct CadetTConnection *ct = t->connection_busy_head;
3553 NULL != ct; 3571 NULL != ct;
3554 ct = n) 3572 ct = n)
3555 { 3573 {
3556 n = ct->next; 3574 n = ct->next;
3557 iter(iter_cls, 3575 iter (iter_cls,
3558 ct); 3576 ct);
3559 } 3577 }
3560} 3578}
3561 3579
3562 3580
3563/** 3581/**
3564 * Closure for #iterate_channels_cb. 3582 * Closure for #iterate_channels_cb.
3565 */ 3583 */
3566struct ChanIterCls { 3584struct ChanIterCls
3585{
3567 /** 3586 /**
3568 * Function to call. 3587 * Function to call.
3569 */ 3588 */
@@ -3585,15 +3604,15 @@ struct ChanIterCls {
3585 * @return #GNUNET_OK 3604 * @return #GNUNET_OK
3586 */ 3605 */
3587static int 3606static int
3588iterate_channels_cb(void *cls, 3607iterate_channels_cb (void *cls,
3589 uint32_t key, 3608 uint32_t key,
3590 void *value) 3609 void *value)
3591{ 3610{
3592 struct ChanIterCls *ctx = cls; 3611 struct ChanIterCls *ctx = cls;
3593 struct CadetChannel *ch = value; 3612 struct CadetChannel *ch = value;
3594 3613
3595 ctx->iter(ctx->iter_cls, 3614 ctx->iter (ctx->iter_cls,
3596 ch); 3615 ch);
3597 return GNUNET_OK; 3616 return GNUNET_OK;
3598} 3617}
3599 3618
@@ -3606,17 +3625,17 @@ iterate_channels_cb(void *cls,
3606 * @param iter_cls Closure for @c iter. 3625 * @param iter_cls Closure for @c iter.
3607 */ 3626 */
3608void 3627void
3609GCT_iterate_channels(struct CadetTunnel *t, 3628GCT_iterate_channels (struct CadetTunnel *t,
3610 GCT_ChannelIterator iter, 3629 GCT_ChannelIterator iter,
3611 void *iter_cls) 3630 void *iter_cls)
3612{ 3631{
3613 struct ChanIterCls ctx; 3632 struct ChanIterCls ctx;
3614 3633
3615 ctx.iter = iter; 3634 ctx.iter = iter;
3616 ctx.iter_cls = iter_cls; 3635 ctx.iter_cls = iter_cls;
3617 GNUNET_CONTAINER_multihashmap32_iterate(t->channels, 3636 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
3618 &iterate_channels_cb, 3637 &iterate_channels_cb,
3619 &ctx); 3638 &ctx);
3620} 3639}
3621 3640
3622 3641
@@ -3629,19 +3648,20 @@ GCT_iterate_channels(struct CadetTunnel *t,
3629 * @return #GNUNET_OK (continue iteration) 3648 * @return #GNUNET_OK (continue iteration)
3630 */ 3649 */
3631static int 3650static int
3632debug_channel(void *cls, 3651debug_channel (void *cls,
3633 uint32_t key, 3652 uint32_t key,
3634 void *value) 3653 void *value)
3635{ 3654{
3636 const enum GNUNET_ErrorType *level = cls; 3655 const enum GNUNET_ErrorType *level = cls;
3637 struct CadetChannel *ch = value; 3656 struct CadetChannel *ch = value;
3638 3657
3639 GCCH_debug(ch, *level); 3658 GCCH_debug (ch, *level);
3640 return GNUNET_OK; 3659 return GNUNET_OK;
3641} 3660}
3642 3661
3643 3662
3644#define LOG2(level, ...) GNUNET_log_from_nocheck(level, "cadet-tun", __VA_ARGS__) 3663#define LOG2(level, ...) GNUNET_log_from_nocheck (level, "cadet-tun", \
3664 __VA_ARGS__)
3645 3665
3646 3666
3647/** 3667/**
@@ -3651,41 +3671,41 @@ debug_channel(void *cls,
3651 * @param level Debug level to use. 3671 * @param level Debug level to use.
3652 */ 3672 */
3653void 3673void
3654GCT_debug(const struct CadetTunnel *t, 3674GCT_debug (const struct CadetTunnel *t,
3655 enum GNUNET_ErrorType level) 3675 enum GNUNET_ErrorType level)
3656{ 3676{
3657#if !defined(GNUNET_CULL_LOGGING) 3677#if ! defined(GNUNET_CULL_LOGGING)
3658 struct CadetTConnection *iter_c; 3678 struct CadetTConnection *iter_c;
3659 int do_log; 3679 int do_log;
3660 3680
3661 do_log = GNUNET_get_log_call_status(level & (~GNUNET_ERROR_TYPE_BULK), 3681 do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK),
3662 "cadet-tun", 3682 "cadet-tun",
3663 __FILE__, __FUNCTION__, __LINE__); 3683 __FILE__, __FUNCTION__, __LINE__);
3664 if (0 == do_log) 3684 if (0 == do_log)
3665 return; 3685 return;
3666 3686
3667 LOG2(level, 3687 LOG2 (level,
3668 "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n", 3688 "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n",
3669 GCT_2s(t), 3689 GCT_2s (t),
3670 estate2s(t->estate), 3690 estate2s (t->estate),
3671 t->tq_len, 3691 t->tq_len,
3672 GCT_count_any_connections(t)); 3692 GCT_count_any_connections (t));
3673 LOG2(level, 3693 LOG2 (level,
3674 "TTT channels:\n"); 3694 "TTT channels:\n");
3675 GNUNET_CONTAINER_multihashmap32_iterate(t->channels, 3695 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
3676 &debug_channel, 3696 &debug_channel,
3677 &level); 3697 &level);
3678 LOG2(level, 3698 LOG2 (level,
3679 "TTT connections:\n"); 3699 "TTT connections:\n");
3680 for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next) 3700 for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next)
3681 GCC_debug(iter_c->cc, 3701 GCC_debug (iter_c->cc,
3682 level); 3702 level);
3683 for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next) 3703 for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next)
3684 GCC_debug(iter_c->cc, 3704 GCC_debug (iter_c->cc,
3685 level); 3705 level);
3686 3706
3687 LOG2(level, 3707 LOG2 (level,
3688 "TTT TUNNEL END\n"); 3708 "TTT TUNNEL END\n");
3689#endif 3709#endif
3690} 3710}
3691 3711
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-24 11:52:14 +0000