diff options
Diffstat (limited to 'src/core/gnunet-service-core_kx.c')
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 2040 |
1 files changed, 1023 insertions, 1017 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index e73dc2430..2f43f7d13 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -44,25 +44,25 @@ | |||
44 | * How long do we wait for SET_KEY confirmation initially? | 44 | * How long do we wait for SET_KEY confirmation initially? |
45 | */ | 45 | */ |
46 | #define INITIAL_SET_KEY_RETRY_FREQUENCY \ | 46 | #define INITIAL_SET_KEY_RETRY_FREQUENCY \ |
47 | GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10) | 47 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) |
48 | 48 | ||
49 | /** | 49 | /** |
50 | * What is the minimum frequency for a PING message? | 50 | * What is the minimum frequency for a PING message? |
51 | */ | 51 | */ |
52 | #define MIN_PING_FREQUENCY \ | 52 | #define MIN_PING_FREQUENCY \ |
53 | GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 5) | 53 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
54 | 54 | ||
55 | /** | 55 | /** |
56 | * How often do we rekey? | 56 | * How often do we rekey? |
57 | */ | 57 | */ |
58 | #define REKEY_FREQUENCY \ | 58 | #define REKEY_FREQUENCY \ |
59 | GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_HOURS, 12) | 59 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
60 | 60 | ||
61 | /** | 61 | /** |
62 | * What time difference do we tolerate? | 62 | * What time difference do we tolerate? |
63 | */ | 63 | */ |
64 | #define REKEY_TOLERANCE \ | 64 | #define REKEY_TOLERANCE \ |
65 | GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES, 5) | 65 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
66 | 66 | ||
67 | /** | 67 | /** |
68 | * What is the maximum age of a message for us to consider processing | 68 | * What is the maximum age of a message for us to consider processing |
@@ -80,7 +80,8 @@ GNUNET_NETWORK_STRUCT_BEGIN | |||
80 | * Message transmitted with the signed ephemeral key of a peer. The | 80 | * Message transmitted with the signed ephemeral key of a peer. The |
81 | * session key is then derived from the two ephemeral keys (ECDHE). | 81 | * session key is then derived from the two ephemeral keys (ECDHE). |
82 | */ | 82 | */ |
83 | struct EphemeralKeyMessage { | 83 | struct EphemeralKeyMessage |
84 | { | ||
84 | /** | 85 | /** |
85 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY. | 86 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY. |
86 | */ | 87 | */ |
@@ -130,7 +131,8 @@ struct EphemeralKeyMessage { | |||
130 | * can decrypt. The other peer should respond with a PONG with the | 131 | * can decrypt. The other peer should respond with a PONG with the |
131 | * same content, except this time encrypted with the receiver's key. | 132 | * same content, except this time encrypted with the receiver's key. |
132 | */ | 133 | */ |
133 | struct PingMessage { | 134 | struct PingMessage |
135 | { | ||
134 | /** | 136 | /** |
135 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING. | 137 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING. |
136 | */ | 138 | */ |
@@ -157,7 +159,8 @@ struct PingMessage { | |||
157 | /** | 159 | /** |
158 | * Response to a PING. Includes data from the original PING. | 160 | * Response to a PING. Includes data from the original PING. |
159 | */ | 161 | */ |
160 | struct PongMessage { | 162 | struct PongMessage |
163 | { | ||
161 | /** | 164 | /** |
162 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG. | 165 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG. |
163 | */ | 166 | */ |
@@ -190,7 +193,8 @@ struct PongMessage { | |||
190 | * Encapsulation for encrypted messages exchanged between | 193 | * Encapsulation for encrypted messages exchanged between |
191 | * peers. Followed by the actual encrypted data. | 194 | * peers. Followed by the actual encrypted data. |
192 | */ | 195 | */ |
193 | struct EncryptedMessage { | 196 | struct EncryptedMessage |
197 | { | ||
194 | /** | 198 | /** |
195 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE. | 199 | * Message type is #GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE. |
196 | */ | 200 | */ |
@@ -235,13 +239,14 @@ GNUNET_NETWORK_STRUCT_END | |||
235 | * that are NOT encrypted. | 239 | * that are NOT encrypted. |
236 | */ | 240 | */ |
237 | #define ENCRYPTED_HEADER_SIZE \ | 241 | #define ENCRYPTED_HEADER_SIZE \ |
238 | (offsetof(struct EncryptedMessage, sequence_number)) | 242 | (offsetof (struct EncryptedMessage, sequence_number)) |
239 | 243 | ||
240 | 244 | ||
241 | /** | 245 | /** |
242 | * Information about the status of a key exchange with another peer. | 246 | * Information about the status of a key exchange with another peer. |
243 | */ | 247 | */ |
244 | struct GSC_KeyExchangeInfo { | 248 | struct GSC_KeyExchangeInfo |
249 | { | ||
245 | /** | 250 | /** |
246 | * DLL. | 251 | * DLL. |
247 | */ | 252 | */ |
@@ -401,13 +406,13 @@ static struct GNUNET_NotificationContext *nc; | |||
401 | * @param kx key exchange context | 406 | * @param kx key exchange context |
402 | */ | 407 | */ |
403 | static uint32_t | 408 | static uint32_t |
404 | calculate_seed(struct GSC_KeyExchangeInfo *kx) | 409 | calculate_seed (struct GSC_KeyExchangeInfo *kx) |
405 | { | 410 | { |
406 | /* Note: may want to make this non-random and instead | 411 | /* Note: may want to make this non-random and instead |
407 | derive from key material to avoid having an undetectable | 412 | derive from key material to avoid having an undetectable |
408 | side-channel */ | 413 | side-channel */ |
409 | return htonl( | 414 | return htonl ( |
410 | GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX)); | 415 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX)); |
411 | } | 416 | } |
412 | 417 | ||
413 | 418 | ||
@@ -417,16 +422,16 @@ calculate_seed(struct GSC_KeyExchangeInfo *kx) | |||
417 | * @param kx key exchange state to inform about | 422 | * @param kx key exchange state to inform about |
418 | */ | 423 | */ |
419 | static void | 424 | static void |
420 | monitor_notify_all(struct GSC_KeyExchangeInfo *kx) | 425 | monitor_notify_all (struct GSC_KeyExchangeInfo *kx) |
421 | { | 426 | { |
422 | struct MonitorNotifyMessage msg; | 427 | struct MonitorNotifyMessage msg; |
423 | 428 | ||
424 | msg.header.type = htons(GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY); | 429 | msg.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY); |
425 | msg.header.size = htons(sizeof(msg)); | 430 | msg.header.size = htons (sizeof(msg)); |
426 | msg.state = htonl((uint32_t)kx->status); | 431 | msg.state = htonl ((uint32_t) kx->status); |
427 | msg.peer = *kx->peer; | 432 | msg.peer = *kx->peer; |
428 | msg.timeout = GNUNET_TIME_absolute_hton(kx->timeout); | 433 | msg.timeout = GNUNET_TIME_absolute_hton (kx->timeout); |
429 | GNUNET_notification_context_broadcast(nc, &msg.header, GNUNET_NO); | 434 | GNUNET_notification_context_broadcast (nc, &msg.header, GNUNET_NO); |
430 | kx->last_notify_timeout = kx->timeout; | 435 | kx->last_notify_timeout = kx->timeout; |
431 | } | 436 | } |
432 | 437 | ||
@@ -439,31 +444,31 @@ monitor_notify_all(struct GSC_KeyExchangeInfo *kx) | |||
439 | * @param seed seed to use | 444 | * @param seed seed to use |
440 | */ | 445 | */ |
441 | static void | 446 | static void |
442 | derive_auth_key(struct GNUNET_CRYPTO_AuthKey *akey, | 447 | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, |
443 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 448 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
444 | uint32_t seed) | 449 | uint32_t seed) |
445 | { | 450 | { |
446 | static const char ctx[] = "authentication key"; | 451 | static const char ctx[] = "authentication key"; |
447 | 452 | ||
448 | #if DEBUG_KX | 453 | #if DEBUG_KX |
449 | struct GNUNET_HashCode sh; | 454 | struct GNUNET_HashCode sh; |
450 | 455 | ||
451 | GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh); | 456 | GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh); |
452 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 457 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
453 | "Deriving Auth key from SKEY %s and seed %u\n", | 458 | "Deriving Auth key from SKEY %s and seed %u\n", |
454 | GNUNET_h2s(&sh), | 459 | GNUNET_h2s (&sh), |
455 | (unsigned int)seed); | 460 | (unsigned int) seed); |
456 | #endif | 461 | #endif |
457 | GNUNET_CRYPTO_hmac_derive_key(akey, | 462 | GNUNET_CRYPTO_hmac_derive_key (akey, |
458 | skey, | 463 | skey, |
459 | &seed, | 464 | &seed, |
460 | sizeof(seed), | 465 | sizeof(seed), |
461 | skey, | 466 | skey, |
462 | sizeof( | 467 | sizeof( |
463 | struct GNUNET_CRYPTO_SymmetricSessionKey), | 468 | struct GNUNET_CRYPTO_SymmetricSessionKey), |
464 | ctx, | 469 | ctx, |
465 | sizeof(ctx), | 470 | sizeof(ctx), |
466 | NULL); | 471 | NULL); |
467 | } | 472 | } |
468 | 473 | ||
469 | 474 | ||
@@ -476,32 +481,32 @@ derive_auth_key(struct GNUNET_CRYPTO_AuthKey *akey, | |||
476 | * @param identity identity of the other peer to use | 481 | * @param identity identity of the other peer to use |
477 | */ | 482 | */ |
478 | static void | 483 | static void |
479 | derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 484 | derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
480 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 485 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
481 | uint32_t seed, | 486 | uint32_t seed, |
482 | const struct GNUNET_PeerIdentity *identity) | 487 | const struct GNUNET_PeerIdentity *identity) |
483 | { | 488 | { |
484 | static const char ctx[] = "initialization vector"; | 489 | static const char ctx[] = "initialization vector"; |
485 | 490 | ||
486 | #if DEBUG_KX | 491 | #if DEBUG_KX |
487 | struct GNUNET_HashCode sh; | 492 | struct GNUNET_HashCode sh; |
488 | 493 | ||
489 | GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh); | 494 | GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh); |
490 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 495 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
491 | "Deriving IV from SKEY %s and seed %u for peer %s\n", | 496 | "Deriving IV from SKEY %s and seed %u for peer %s\n", |
492 | GNUNET_h2s(&sh), | 497 | GNUNET_h2s (&sh), |
493 | (unsigned int)seed, | 498 | (unsigned int) seed, |
494 | GNUNET_i2s(identity)); | 499 | GNUNET_i2s (identity)); |
495 | #endif | 500 | #endif |
496 | GNUNET_CRYPTO_symmetric_derive_iv(iv, | 501 | GNUNET_CRYPTO_symmetric_derive_iv (iv, |
497 | skey, | 502 | skey, |
498 | &seed, | 503 | &seed, |
499 | sizeof(seed), | 504 | sizeof(seed), |
500 | identity, | 505 | identity, |
501 | sizeof(struct GNUNET_PeerIdentity), | 506 | sizeof(struct GNUNET_PeerIdentity), |
502 | ctx, | 507 | ctx, |
503 | sizeof(ctx), | 508 | sizeof(ctx), |
504 | NULL); | 509 | NULL); |
505 | } | 510 | } |
506 | 511 | ||
507 | 512 | ||
@@ -515,36 +520,36 @@ derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
515 | * @param identity identity of the other peer to use | 520 | * @param identity identity of the other peer to use |
516 | */ | 521 | */ |
517 | static void | 522 | static void |
518 | derive_pong_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 523 | derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
519 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 524 | const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
520 | uint32_t seed, | 525 | uint32_t seed, |
521 | uint32_t challenge, | 526 | uint32_t challenge, |
522 | const struct GNUNET_PeerIdentity *identity) | 527 | const struct GNUNET_PeerIdentity *identity) |
523 | { | 528 | { |
524 | static const char ctx[] = "pong initialization vector"; | 529 | static const char ctx[] = "pong initialization vector"; |
525 | 530 | ||
526 | #if DEBUG_KX | 531 | #if DEBUG_KX |
527 | struct GNUNET_HashCode sh; | 532 | struct GNUNET_HashCode sh; |
528 | 533 | ||
529 | GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh); | 534 | GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh); |
530 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 535 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
531 | "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n", | 536 | "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n", |
532 | GNUNET_h2s(&sh), | 537 | GNUNET_h2s (&sh), |
533 | (unsigned int)seed, | 538 | (unsigned int) seed, |
534 | (unsigned int)challenge, | 539 | (unsigned int) challenge, |
535 | GNUNET_i2s(identity)); | 540 | GNUNET_i2s (identity)); |
536 | #endif | 541 | #endif |
537 | GNUNET_CRYPTO_symmetric_derive_iv(iv, | 542 | GNUNET_CRYPTO_symmetric_derive_iv (iv, |
538 | skey, | 543 | skey, |
539 | &seed, | 544 | &seed, |
540 | sizeof(seed), | 545 | sizeof(seed), |
541 | identity, | 546 | identity, |
542 | sizeof(struct GNUNET_PeerIdentity), | 547 | sizeof(struct GNUNET_PeerIdentity), |
543 | &challenge, | 548 | &challenge, |
544 | sizeof(challenge), | 549 | sizeof(challenge), |
545 | ctx, | 550 | ctx, |
546 | sizeof(ctx), | 551 | sizeof(ctx), |
547 | NULL); | 552 | NULL); |
548 | } | 553 | } |
549 | 554 | ||
550 | 555 | ||
@@ -557,34 +562,34 @@ derive_pong_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
557 | * @param skey set to derived session key | 562 | * @param skey set to derived session key |
558 | */ | 563 | */ |
559 | static void | 564 | static void |
560 | derive_aes_key(const struct GNUNET_PeerIdentity *sender, | 565 | derive_aes_key (const struct GNUNET_PeerIdentity *sender, |
561 | const struct GNUNET_PeerIdentity *receiver, | 566 | const struct GNUNET_PeerIdentity *receiver, |
562 | const struct GNUNET_HashCode *key_material, | 567 | const struct GNUNET_HashCode *key_material, |
563 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | 568 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) |
564 | { | 569 | { |
565 | static const char ctx[] = "aes key generation vector"; | 570 | static const char ctx[] = "aes key generation vector"; |
566 | 571 | ||
567 | #if DEBUG_KX | 572 | #if DEBUG_KX |
568 | struct GNUNET_HashCode sh; | 573 | struct GNUNET_HashCode sh; |
569 | 574 | ||
570 | GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh); | 575 | GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh); |
571 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 576 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
572 | "Deriving AES Keys for %s to %s from %s\n", | 577 | "Deriving AES Keys for %s to %s from %s\n", |
573 | GNUNET_i2s(sender), | 578 | GNUNET_i2s (sender), |
574 | GNUNET_i2s2(receiver), | 579 | GNUNET_i2s2 (receiver), |
575 | GNUNET_h2s(key_material)); | 580 | GNUNET_h2s (key_material)); |
576 | #endif | 581 | #endif |
577 | GNUNET_CRYPTO_kdf(skey, | 582 | GNUNET_CRYPTO_kdf (skey, |
578 | sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), | 583 | sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), |
579 | ctx, | 584 | ctx, |
580 | sizeof(ctx), | 585 | sizeof(ctx), |
581 | key_material, | 586 | key_material, |
582 | sizeof(struct GNUNET_HashCode), | 587 | sizeof(struct GNUNET_HashCode), |
583 | sender, | 588 | sender, |
584 | sizeof(struct GNUNET_PeerIdentity), | 589 | sizeof(struct GNUNET_PeerIdentity), |
585 | receiver, | 590 | receiver, |
586 | sizeof(struct GNUNET_PeerIdentity), | 591 | sizeof(struct GNUNET_PeerIdentity), |
587 | NULL); | 592 | NULL); |
588 | } | 593 | } |
589 | 594 | ||
590 | 595 | ||
@@ -600,35 +605,35 @@ derive_aes_key(const struct GNUNET_PeerIdentity *sender, | |||
600 | * @return #GNUNET_OK on success | 605 | * @return #GNUNET_OK on success |
601 | */ | 606 | */ |
602 | static int | 607 | static int |
603 | do_encrypt(struct GSC_KeyExchangeInfo *kx, | 608 | do_encrypt (struct GSC_KeyExchangeInfo *kx, |
604 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 609 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
605 | const void *in, | 610 | const void *in, |
606 | void *out, | 611 | void *out, |
607 | size_t size) | 612 | size_t size) |
608 | { | 613 | { |
609 | if (size != (uint16_t)size) | 614 | if (size != (uint16_t) size) |
610 | { | 615 | { |
611 | GNUNET_break(0); | 616 | GNUNET_break (0); |
612 | return GNUNET_NO; | 617 | return GNUNET_NO; |
613 | } | 618 | } |
614 | GNUNET_assert(size == GNUNET_CRYPTO_symmetric_encrypt(in, | 619 | GNUNET_assert (size == GNUNET_CRYPTO_symmetric_encrypt (in, |
615 | (uint16_t)size, | 620 | (uint16_t) size, |
616 | &kx->encrypt_key, | 621 | &kx->encrypt_key, |
617 | iv, | 622 | iv, |
618 | out)); | 623 | out)); |
619 | GNUNET_STATISTICS_update(GSC_stats, | 624 | GNUNET_STATISTICS_update (GSC_stats, |
620 | gettext_noop("# bytes encrypted"), | 625 | gettext_noop ("# bytes encrypted"), |
621 | size, | 626 | size, |
622 | GNUNET_NO); | 627 | GNUNET_NO); |
623 | /* the following is too sensitive to write to log files by accident, | 628 | /* the following is too sensitive to write to log files by accident, |
624 | so we require manual intervention to get this one... */ | 629 | so we require manual intervention to get this one... */ |
625 | #if DEBUG_KX | 630 | #if DEBUG_KX |
626 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 631 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
627 | "Encrypted %u bytes for `%s' using key %u, IV %u\n", | 632 | "Encrypted %u bytes for `%s' using key %u, IV %u\n", |
628 | (unsigned int)size, | 633 | (unsigned int) size, |
629 | GNUNET_i2s(kx->peer), | 634 | GNUNET_i2s (kx->peer), |
630 | (unsigned int)kx->encrypt_key.crc32, | 635 | (unsigned int) kx->encrypt_key.crc32, |
631 | GNUNET_CRYPTO_crc32_n(iv, sizeof(iv))); | 636 | GNUNET_CRYPTO_crc32_n (iv, sizeof(iv))); |
632 | #endif | 637 | #endif |
633 | return GNUNET_OK; | 638 | return GNUNET_OK; |
634 | } | 639 | } |
@@ -647,46 +652,46 @@ do_encrypt(struct GSC_KeyExchangeInfo *kx, | |||
647 | * @return #GNUNET_OK on success | 652 | * @return #GNUNET_OK on success |
648 | */ | 653 | */ |
649 | static int | 654 | static int |
650 | do_decrypt(struct GSC_KeyExchangeInfo *kx, | 655 | do_decrypt (struct GSC_KeyExchangeInfo *kx, |
651 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 656 | const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
652 | const void *in, | 657 | const void *in, |
653 | void *out, | 658 | void *out, |
654 | size_t size) | 659 | size_t size) |
655 | { | 660 | { |
656 | if (size != (uint16_t)size) | 661 | if (size != (uint16_t) size) |
657 | { | 662 | { |
658 | GNUNET_break(0); | 663 | GNUNET_break (0); |
659 | return GNUNET_NO; | 664 | return GNUNET_NO; |
660 | } | 665 | } |
661 | if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) && | 666 | if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) && |
662 | (kx->status != GNUNET_CORE_KX_STATE_UP) && | 667 | (kx->status != GNUNET_CORE_KX_STATE_UP) && |
663 | (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT)) | 668 | (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT)) |
664 | { | 669 | { |
665 | GNUNET_break_op(0); | 670 | GNUNET_break_op (0); |
666 | return GNUNET_SYSERR; | 671 | return GNUNET_SYSERR; |
667 | } | 672 | } |
668 | if (size != GNUNET_CRYPTO_symmetric_decrypt(in, | 673 | if (size != GNUNET_CRYPTO_symmetric_decrypt (in, |
669 | (uint16_t)size, | 674 | (uint16_t) size, |
670 | &kx->decrypt_key, | 675 | &kx->decrypt_key, |
671 | iv, | 676 | iv, |
672 | out)) | 677 | out)) |
673 | { | 678 | { |
674 | GNUNET_break(0); | 679 | GNUNET_break (0); |
675 | return GNUNET_SYSERR; | 680 | return GNUNET_SYSERR; |
676 | } | 681 | } |
677 | GNUNET_STATISTICS_update(GSC_stats, | 682 | GNUNET_STATISTICS_update (GSC_stats, |
678 | gettext_noop("# bytes decrypted"), | 683 | gettext_noop ("# bytes decrypted"), |
679 | size, | 684 | size, |
680 | GNUNET_NO); | 685 | GNUNET_NO); |
681 | /* the following is too sensitive to write to log files by accident, | 686 | /* the following is too sensitive to write to log files by accident, |
682 | so we require manual intervention to get this one... */ | 687 | so we require manual intervention to get this one... */ |
683 | #if DEBUG_KX | 688 | #if DEBUG_KX |
684 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 689 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
685 | "Decrypted %u bytes from `%s' using key %u, IV %u\n", | 690 | "Decrypted %u bytes from `%s' using key %u, IV %u\n", |
686 | (unsigned int)size, | 691 | (unsigned int) size, |
687 | GNUNET_i2s(kx->peer), | 692 | GNUNET_i2s (kx->peer), |
688 | (unsigned int)kx->decrypt_key.crc32, | 693 | (unsigned int) kx->decrypt_key.crc32, |
689 | GNUNET_CRYPTO_crc32_n(iv, sizeof(*iv))); | 694 | GNUNET_CRYPTO_crc32_n (iv, sizeof(*iv))); |
690 | #endif | 695 | #endif |
691 | return GNUNET_OK; | 696 | return GNUNET_OK; |
692 | } | 697 | } |
@@ -698,7 +703,7 @@ do_decrypt(struct GSC_KeyExchangeInfo *kx, | |||
698 | * @param kx key exchange context | 703 | * @param kx key exchange context |
699 | */ | 704 | */ |
700 | static void | 705 | static void |
701 | send_key(struct GSC_KeyExchangeInfo *kx); | 706 | send_key (struct GSC_KeyExchangeInfo *kx); |
702 | 707 | ||
703 | 708 | ||
704 | /** | 709 | /** |
@@ -707,15 +712,15 @@ send_key(struct GSC_KeyExchangeInfo *kx); | |||
707 | * @param cls our `struct GSC_KeyExchangeInfo` | 712 | * @param cls our `struct GSC_KeyExchangeInfo` |
708 | */ | 713 | */ |
709 | static void | 714 | static void |
710 | set_key_retry_task(void *cls) | 715 | set_key_retry_task (void *cls) |
711 | { | 716 | { |
712 | struct GSC_KeyExchangeInfo *kx = cls; | 717 | struct GSC_KeyExchangeInfo *kx = cls; |
713 | 718 | ||
714 | kx->retry_set_key_task = NULL; | 719 | kx->retry_set_key_task = NULL; |
715 | kx->set_key_retry_frequency = | 720 | kx->set_key_retry_frequency = |
716 | GNUNET_TIME_STD_BACKOFF(kx->set_key_retry_frequency); | 721 | GNUNET_TIME_STD_BACKOFF (kx->set_key_retry_frequency); |
717 | GNUNET_assert(GNUNET_CORE_KX_STATE_DOWN != kx->status); | 722 | GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status); |
718 | send_key(kx); | 723 | send_key (kx); |
719 | } | 724 | } |
720 | 725 | ||
721 | 726 | ||
@@ -725,7 +730,7 @@ set_key_retry_task(void *cls) | |||
725 | * @param kx key exchange context to create PING for | 730 | * @param kx key exchange context to create PING for |
726 | */ | 731 | */ |
727 | static void | 732 | static void |
728 | setup_fresh_ping(struct GSC_KeyExchangeInfo *kx) | 733 | setup_fresh_ping (struct GSC_KeyExchangeInfo *kx) |
729 | { | 734 | { |
730 | struct PingMessage pp; | 735 | struct PingMessage pp; |
731 | struct PingMessage *pm; | 736 | struct PingMessage *pm; |
@@ -733,19 +738,19 @@ setup_fresh_ping(struct GSC_KeyExchangeInfo *kx) | |||
733 | 738 | ||
734 | pm = &kx->ping; | 739 | pm = &kx->ping; |
735 | kx->ping_challenge = | 740 | kx->ping_challenge = |
736 | GNUNET_CRYPTO_random_u32(GNUNET_CRYPTO_QUALITY_WEAK, UINT32_MAX); | 741 | GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, UINT32_MAX); |
737 | pm->header.size = htons(sizeof(struct PingMessage)); | 742 | pm->header.size = htons (sizeof(struct PingMessage)); |
738 | pm->header.type = htons(GNUNET_MESSAGE_TYPE_CORE_PING); | 743 | pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING); |
739 | pm->iv_seed = calculate_seed(kx); | 744 | pm->iv_seed = calculate_seed (kx); |
740 | derive_iv(&iv, &kx->encrypt_key, pm->iv_seed, kx->peer); | 745 | derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, kx->peer); |
741 | pp.challenge = kx->ping_challenge; | 746 | pp.challenge = kx->ping_challenge; |
742 | pp.target = *kx->peer; | 747 | pp.target = *kx->peer; |
743 | do_encrypt(kx, | 748 | do_encrypt (kx, |
744 | &iv, | 749 | &iv, |
745 | &pp.target, | 750 | &pp.target, |
746 | &pm->target, | 751 | &pm->target, |
747 | sizeof(struct PingMessage) - | 752 | sizeof(struct PingMessage) |
748 | ((void *)&pm->target - (void *)pm)); | 753 | - ((void *) &pm->target - (void *) pm)); |
749 | } | 754 | } |
750 | 755 | ||
751 | 756 | ||
@@ -761,43 +766,43 @@ setup_fresh_ping(struct GSC_KeyExchangeInfo *kx) | |||
761 | * #GNUNET_SYSERR to stop further processing with error | 766 | * #GNUNET_SYSERR to stop further processing with error |
762 | */ | 767 | */ |
763 | static int | 768 | static int |
764 | deliver_message(void *cls, const struct GNUNET_MessageHeader *m) | 769 | deliver_message (void *cls, const struct GNUNET_MessageHeader *m) |
765 | { | 770 | { |
766 | struct GSC_KeyExchangeInfo *kx = cls; | 771 | struct GSC_KeyExchangeInfo *kx = cls; |
767 | 772 | ||
768 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 773 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
769 | "Decrypted message of type %d from %s\n", | 774 | "Decrypted message of type %d from %s\n", |
770 | ntohs(m->type), | 775 | ntohs (m->type), |
771 | GNUNET_i2s(kx->peer)); | 776 | GNUNET_i2s (kx->peer)); |
772 | if (GNUNET_CORE_KX_STATE_UP != kx->status) | 777 | if (GNUNET_CORE_KX_STATE_UP != kx->status) |
773 | { | 778 | { |
774 | GNUNET_STATISTICS_update(GSC_stats, | 779 | GNUNET_STATISTICS_update (GSC_stats, |
775 | gettext_noop("# PAYLOAD dropped (out of order)"), | 780 | gettext_noop ("# PAYLOAD dropped (out of order)"), |
776 | 1, | 781 | 1, |
777 | GNUNET_NO); | 782 | GNUNET_NO); |
778 | return GNUNET_OK; | 783 | return GNUNET_OK; |
779 | } | 784 | } |
780 | switch (ntohs(m->type)) | 785 | switch (ntohs (m->type)) |
781 | { | 786 | { |
782 | case GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP: | 787 | case GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP: |
783 | case GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP: | 788 | case GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP: |
784 | GSC_SESSIONS_set_typemap(kx->peer, m); | 789 | GSC_SESSIONS_set_typemap (kx->peer, m); |
785 | return GNUNET_OK; | 790 | return GNUNET_OK; |
786 | 791 | ||
787 | case GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP: | 792 | case GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP: |
788 | GSC_SESSIONS_confirm_typemap(kx->peer, m); | 793 | GSC_SESSIONS_confirm_typemap (kx->peer, m); |
789 | return GNUNET_OK; | 794 | return GNUNET_OK; |
790 | 795 | ||
791 | default: | 796 | default: |
792 | GSC_CLIENTS_deliver_message(kx->peer, | 797 | GSC_CLIENTS_deliver_message (kx->peer, |
793 | m, | 798 | m, |
794 | ntohs(m->size), | 799 | ntohs (m->size), |
795 | GNUNET_CORE_OPTION_SEND_FULL_INBOUND); | 800 | GNUNET_CORE_OPTION_SEND_FULL_INBOUND); |
796 | GSC_CLIENTS_deliver_message(kx->peer, | 801 | GSC_CLIENTS_deliver_message (kx->peer, |
797 | m, | 802 | m, |
798 | sizeof(struct GNUNET_MessageHeader), | 803 | sizeof(struct GNUNET_MessageHeader), |
799 | GNUNET_CORE_OPTION_SEND_HDR_INBOUND); | 804 | GNUNET_CORE_OPTION_SEND_HDR_INBOUND); |
800 | } | 805 | } |
801 | return GNUNET_OK; | 806 | return GNUNET_OK; |
802 | } | 807 | } |
803 | 808 | ||
@@ -812,49 +817,49 @@ deliver_message(void *cls, const struct GNUNET_MessageHeader *m) | |||
812 | * @return key exchange information context | 817 | * @return key exchange information context |
813 | */ | 818 | */ |
814 | static void * | 819 | static void * |
815 | handle_transport_notify_connect(void *cls, | 820 | handle_transport_notify_connect (void *cls, |
816 | const struct GNUNET_PeerIdentity *pid, | 821 | const struct GNUNET_PeerIdentity *pid, |
817 | struct GNUNET_MQ_Handle *mq) | 822 | struct GNUNET_MQ_Handle *mq) |
818 | { | 823 | { |
819 | struct GSC_KeyExchangeInfo *kx; | 824 | struct GSC_KeyExchangeInfo *kx; |
820 | struct GNUNET_HashCode h1; | 825 | struct GNUNET_HashCode h1; |
821 | struct GNUNET_HashCode h2; | 826 | struct GNUNET_HashCode h2; |
822 | 827 | ||
823 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 828 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
824 | "Initiating key exchange with `%s'\n", | 829 | "Initiating key exchange with `%s'\n", |
825 | GNUNET_i2s(pid)); | 830 | GNUNET_i2s (pid)); |
826 | GNUNET_STATISTICS_update(GSC_stats, | 831 | GNUNET_STATISTICS_update (GSC_stats, |
827 | gettext_noop("# key exchanges initiated"), | 832 | gettext_noop ("# key exchanges initiated"), |
828 | 1, | 833 | 1, |
829 | GNUNET_NO); | 834 | GNUNET_NO); |
830 | kx = GNUNET_new(struct GSC_KeyExchangeInfo); | 835 | kx = GNUNET_new (struct GSC_KeyExchangeInfo); |
831 | kx->mst = GNUNET_MST_create(&deliver_message, kx); | 836 | kx->mst = GNUNET_MST_create (&deliver_message, kx); |
832 | kx->mq = mq; | 837 | kx->mq = mq; |
833 | kx->peer = pid; | 838 | kx->peer = pid; |
834 | kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; | 839 | kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY; |
835 | GNUNET_CONTAINER_DLL_insert(kx_head, kx_tail, kx); | 840 | GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx); |
836 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; | 841 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; |
837 | monitor_notify_all(kx); | 842 | monitor_notify_all (kx); |
838 | GNUNET_CRYPTO_hash(pid, sizeof(struct GNUNET_PeerIdentity), &h1); | 843 | GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1); |
839 | GNUNET_CRYPTO_hash(&GSC_my_identity, | 844 | GNUNET_CRYPTO_hash (&GSC_my_identity, |
840 | sizeof(struct GNUNET_PeerIdentity), | 845 | sizeof(struct GNUNET_PeerIdentity), |
841 | &h2); | 846 | &h2); |
842 | if (0 < GNUNET_CRYPTO_hash_cmp(&h1, &h2)) | 847 | if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2)) |
843 | { | 848 | { |
844 | /* peer with "lower" identity starts KX, otherwise we typically end up | 849 | /* peer with "lower" identity starts KX, otherwise we typically end up |
845 | with both peers starting the exchange and transmit the 'set key' | 850 | with both peers starting the exchange and transmit the 'set key' |
846 | message twice */ | 851 | message twice */ |
847 | send_key(kx); | 852 | send_key (kx); |
848 | } | 853 | } |
849 | else | 854 | else |
850 | { | 855 | { |
851 | /* peer with "higher" identity starts a delayed KX, if the "lower" peer | 856 | /* peer with "higher" identity starts a delayed KX, if the "lower" peer |
852 | * does not start a KX since it sees no reasons to do so */ | 857 | * does not start a KX since it sees no reasons to do so */ |
853 | kx->retry_set_key_task = | 858 | kx->retry_set_key_task = |
854 | GNUNET_SCHEDULER_add_delayed(GNUNET_TIME_UNIT_SECONDS, | 859 | GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, |
855 | &set_key_retry_task, | 860 | &set_key_retry_task, |
856 | kx); | 861 | kx); |
857 | } | 862 | } |
858 | return kx; | 863 | return kx; |
859 | } | 864 | } |
860 | 865 | ||
@@ -869,35 +874,35 @@ handle_transport_notify_connect(void *cls, | |||
869 | * @param handler_cls the `struct GSC_KeyExchangeInfo` of the peer | 874 | * @param handler_cls the `struct GSC_KeyExchangeInfo` of the peer |
870 | */ | 875 | */ |
871 | static void | 876 | static void |
872 | handle_transport_notify_disconnect(void *cls, | 877 | handle_transport_notify_disconnect (void *cls, |
873 | const struct GNUNET_PeerIdentity *peer, | 878 | const struct GNUNET_PeerIdentity *peer, |
874 | void *handler_cls) | 879 | void *handler_cls) |
875 | { | 880 | { |
876 | struct GSC_KeyExchangeInfo *kx = handler_cls; | 881 | struct GSC_KeyExchangeInfo *kx = handler_cls; |
877 | 882 | ||
878 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 883 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
879 | "Peer `%s' disconnected from us.\n", | 884 | "Peer `%s' disconnected from us.\n", |
880 | GNUNET_i2s(peer)); | 885 | GNUNET_i2s (peer)); |
881 | GSC_SESSIONS_end(kx->peer); | 886 | GSC_SESSIONS_end (kx->peer); |
882 | GNUNET_STATISTICS_update(GSC_stats, | 887 | GNUNET_STATISTICS_update (GSC_stats, |
883 | gettext_noop("# key exchanges stopped"), | 888 | gettext_noop ("# key exchanges stopped"), |
884 | 1, | 889 | 1, |
885 | GNUNET_NO); | 890 | GNUNET_NO); |
886 | if (NULL != kx->retry_set_key_task) | 891 | if (NULL != kx->retry_set_key_task) |
887 | { | 892 | { |
888 | GNUNET_SCHEDULER_cancel(kx->retry_set_key_task); | 893 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
889 | kx->retry_set_key_task = NULL; | 894 | kx->retry_set_key_task = NULL; |
890 | } | 895 | } |
891 | if (NULL != kx->keep_alive_task) | 896 | if (NULL != kx->keep_alive_task) |
892 | { | 897 | { |
893 | GNUNET_SCHEDULER_cancel(kx->keep_alive_task); | 898 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); |
894 | kx->keep_alive_task = NULL; | 899 | kx->keep_alive_task = NULL; |
895 | } | 900 | } |
896 | kx->status = GNUNET_CORE_KX_PEER_DISCONNECT; | 901 | kx->status = GNUNET_CORE_KX_PEER_DISCONNECT; |
897 | monitor_notify_all(kx); | 902 | monitor_notify_all (kx); |
898 | GNUNET_CONTAINER_DLL_remove(kx_head, kx_tail, kx); | 903 | GNUNET_CONTAINER_DLL_remove (kx_head, kx_tail, kx); |
899 | GNUNET_MST_destroy(kx->mst); | 904 | GNUNET_MST_destroy (kx->mst); |
900 | GNUNET_free(kx); | 905 | GNUNET_free (kx); |
901 | } | 906 | } |
902 | 907 | ||
903 | 908 | ||
@@ -907,16 +912,16 @@ handle_transport_notify_disconnect(void *cls, | |||
907 | * @param kx key exchange context | 912 | * @param kx key exchange context |
908 | */ | 913 | */ |
909 | static void | 914 | static void |
910 | send_ping(struct GSC_KeyExchangeInfo *kx) | 915 | send_ping (struct GSC_KeyExchangeInfo *kx) |
911 | { | 916 | { |
912 | struct GNUNET_MQ_Envelope *env; | 917 | struct GNUNET_MQ_Envelope *env; |
913 | 918 | ||
914 | GNUNET_STATISTICS_update(GSC_stats, | 919 | GNUNET_STATISTICS_update (GSC_stats, |
915 | gettext_noop("# PING messages transmitted"), | 920 | gettext_noop ("# PING messages transmitted"), |
916 | 1, | 921 | 1, |
917 | GNUNET_NO); | 922 | GNUNET_NO); |
918 | env = GNUNET_MQ_msg_copy(&kx->ping.header); | 923 | env = GNUNET_MQ_msg_copy (&kx->ping.header); |
919 | GNUNET_MQ_send(kx->mq, env); | 924 | GNUNET_MQ_send (kx->mq, env); |
920 | } | 925 | } |
921 | 926 | ||
922 | 927 | ||
@@ -926,24 +931,24 @@ send_ping(struct GSC_KeyExchangeInfo *kx) | |||
926 | * @param kx session to derive keys for | 931 | * @param kx session to derive keys for |
927 | */ | 932 | */ |
928 | static void | 933 | static void |
929 | derive_session_keys(struct GSC_KeyExchangeInfo *kx) | 934 | derive_session_keys (struct GSC_KeyExchangeInfo *kx) |
930 | { | 935 | { |
931 | struct GNUNET_HashCode key_material; | 936 | struct GNUNET_HashCode key_material; |
932 | 937 | ||
933 | if (GNUNET_OK != GNUNET_CRYPTO_ecc_ecdh(my_ephemeral_key, | 938 | if (GNUNET_OK != GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key, |
934 | &kx->other_ephemeral_key, | 939 | &kx->other_ephemeral_key, |
935 | &key_material)) | 940 | &key_material)) |
936 | { | 941 | { |
937 | GNUNET_break(0); | 942 | GNUNET_break (0); |
938 | return; | 943 | return; |
939 | } | 944 | } |
940 | derive_aes_key(&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key); | 945 | derive_aes_key (&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key); |
941 | derive_aes_key(kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key); | 946 | derive_aes_key (kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key); |
942 | memset(&key_material, 0, sizeof(key_material)); | 947 | memset (&key_material, 0, sizeof(key_material)); |
943 | /* fresh key, reset sequence numbers */ | 948 | /* fresh key, reset sequence numbers */ |
944 | kx->last_sequence_number_received = 0; | 949 | kx->last_sequence_number_received = 0; |
945 | kx->last_packets_bitmap = 0; | 950 | kx->last_packets_bitmap = 0; |
946 | setup_fresh_ping(kx); | 951 | setup_fresh_ping (kx); |
947 | } | 952 | } |
948 | 953 | ||
949 | 954 | ||
@@ -955,7 +960,7 @@ derive_session_keys(struct GSC_KeyExchangeInfo *kx) | |||
955 | * @param m the set key message we received | 960 | * @param m the set key message we received |
956 | */ | 961 | */ |
957 | static void | 962 | static void |
958 | handle_ephemeral_key(void *cls, const struct EphemeralKeyMessage *m) | 963 | handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m) |
959 | { | 964 | { |
960 | struct GSC_KeyExchangeInfo *kx = cls; | 965 | struct GSC_KeyExchangeInfo *kx = cls; |
961 | struct GNUNET_TIME_Absolute start_t; | 966 | struct GNUNET_TIME_Absolute start_t; |
@@ -963,193 +968,193 @@ handle_ephemeral_key(void *cls, const struct EphemeralKeyMessage *m) | |||
963 | struct GNUNET_TIME_Absolute now; | 968 | struct GNUNET_TIME_Absolute now; |
964 | enum GNUNET_CORE_KxState sender_status; | 969 | enum GNUNET_CORE_KxState sender_status; |
965 | 970 | ||
966 | end_t = GNUNET_TIME_absolute_ntoh(m->expiration_time); | 971 | end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time); |
967 | if (((GNUNET_CORE_KX_STATE_KEY_RECEIVED == kx->status) || | 972 | if (((GNUNET_CORE_KX_STATE_KEY_RECEIVED == kx->status) || |
968 | (GNUNET_CORE_KX_STATE_UP == kx->status) || | 973 | (GNUNET_CORE_KX_STATE_UP == kx->status) || |
969 | (GNUNET_CORE_KX_STATE_REKEY_SENT == kx->status)) && | 974 | (GNUNET_CORE_KX_STATE_REKEY_SENT == kx->status)) && |
970 | (end_t.abs_value_us < kx->foreign_key_expires.abs_value_us)) | 975 | (end_t.abs_value_us < kx->foreign_key_expires.abs_value_us)) |
971 | { | 976 | { |
972 | GNUNET_STATISTICS_update(GSC_stats, | 977 | GNUNET_STATISTICS_update (GSC_stats, |
973 | gettext_noop("# old ephemeral keys ignored"), | 978 | gettext_noop ("# old ephemeral keys ignored"), |
974 | 1, | 979 | 1, |
975 | GNUNET_NO); | 980 | GNUNET_NO); |
976 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 981 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
977 | "Received expired EPHEMERAL_KEY from %s\n", | 982 | "Received expired EPHEMERAL_KEY from %s\n", |
978 | GNUNET_i2s(&m->origin_identity)); | 983 | GNUNET_i2s (&m->origin_identity)); |
979 | return; | 984 | return; |
980 | } | 985 | } |
981 | if (0 == memcmp(&m->ephemeral_key, | 986 | if (0 == memcmp (&m->ephemeral_key, |
982 | &kx->other_ephemeral_key, | 987 | &kx->other_ephemeral_key, |
983 | sizeof(m->ephemeral_key))) | 988 | sizeof(m->ephemeral_key))) |
984 | { | 989 | { |
985 | GNUNET_STATISTICS_update(GSC_stats, | 990 | GNUNET_STATISTICS_update (GSC_stats, |
986 | gettext_noop( | 991 | gettext_noop ( |
987 | "# duplicate ephemeral keys ignored"), | 992 | "# duplicate ephemeral keys ignored"), |
988 | 1, | 993 | 1, |
989 | GNUNET_NO); | 994 | GNUNET_NO); |
990 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 995 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
991 | "Ignoring duplicate EPHEMERAL_KEY from %s\n", | 996 | "Ignoring duplicate EPHEMERAL_KEY from %s\n", |
992 | GNUNET_i2s(&m->origin_identity)); | 997 | GNUNET_i2s (&m->origin_identity)); |
993 | return; | 998 | return; |
994 | } | 999 | } |
995 | if (0 != memcmp(&m->origin_identity, | 1000 | if (0 != memcmp (&m->origin_identity, |
996 | kx->peer, | 1001 | kx->peer, |
997 | sizeof(struct GNUNET_PeerIdentity))) | 1002 | sizeof(struct GNUNET_PeerIdentity))) |
998 | { | 1003 | { |
999 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1004 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1000 | "Received EPHEMERAL_KEY from %s, but expected %s\n", | 1005 | "Received EPHEMERAL_KEY from %s, but expected %s\n", |
1001 | GNUNET_i2s(&m->origin_identity), | 1006 | GNUNET_i2s (&m->origin_identity), |
1002 | GNUNET_i2s_full(kx->peer)); | 1007 | GNUNET_i2s_full (kx->peer)); |
1003 | GNUNET_break_op(0); | 1008 | GNUNET_break_op (0); |
1004 | return; | 1009 | return; |
1005 | } | 1010 | } |
1006 | if ((ntohl(m->purpose.size) != | 1011 | if ((ntohl (m->purpose.size) != |
1007 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + | 1012 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
1008 | sizeof(struct GNUNET_TIME_AbsoluteNBO) + | 1013 | + sizeof(struct GNUNET_TIME_AbsoluteNBO) |
1009 | sizeof(struct GNUNET_TIME_AbsoluteNBO) + | 1014 | + sizeof(struct GNUNET_TIME_AbsoluteNBO) |
1010 | sizeof(struct GNUNET_CRYPTO_EddsaPublicKey) + | 1015 | + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey) |
1011 | sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) || | 1016 | + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) || |
1012 | (GNUNET_OK != | 1017 | (GNUNET_OK != |
1013 | GNUNET_CRYPTO_eddsa_verify(GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, | 1018 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, |
1014 | &m->purpose, | 1019 | &m->purpose, |
1015 | &m->signature, | 1020 | &m->signature, |
1016 | &m->origin_identity.public_key))) | 1021 | &m->origin_identity.public_key))) |
1017 | { | 1022 | { |
1018 | /* invalid signature */ | 1023 | /* invalid signature */ |
1019 | GNUNET_break_op(0); | 1024 | GNUNET_break_op (0); |
1020 | GNUNET_STATISTICS_update(GSC_stats, | 1025 | GNUNET_STATISTICS_update (GSC_stats, |
1021 | gettext_noop( | 1026 | gettext_noop ( |
1022 | "# EPHEMERAL_KEYs rejected (bad signature)"), | 1027 | "# EPHEMERAL_KEYs rejected (bad signature)"), |
1023 | 1, | 1028 | 1, |
1024 | GNUNET_NO); | 1029 | GNUNET_NO); |
1025 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1030 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1026 | "Received EPHEMERAL_KEY from %s with bad signature\n", | 1031 | "Received EPHEMERAL_KEY from %s with bad signature\n", |
1027 | GNUNET_i2s(&m->origin_identity)); | 1032 | GNUNET_i2s (&m->origin_identity)); |
1028 | return; | 1033 | return; |
1029 | } | 1034 | } |
1030 | now = GNUNET_TIME_absolute_get(); | 1035 | now = GNUNET_TIME_absolute_get (); |
1031 | start_t = GNUNET_TIME_absolute_ntoh(m->creation_time); | 1036 | start_t = GNUNET_TIME_absolute_ntoh (m->creation_time); |
1032 | if ((end_t.abs_value_us < | 1037 | if ((end_t.abs_value_us < |
1033 | GNUNET_TIME_absolute_subtract(now, REKEY_TOLERANCE).abs_value_us) || | 1038 | GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value_us) || |
1034 | (start_t.abs_value_us > | 1039 | (start_t.abs_value_us > |
1035 | GNUNET_TIME_absolute_add(now, REKEY_TOLERANCE).abs_value_us)) | 1040 | GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value_us)) |
1036 | { | 1041 | { |
1037 | GNUNET_log( | 1042 | GNUNET_log ( |
1038 | GNUNET_ERROR_TYPE_WARNING, | 1043 | GNUNET_ERROR_TYPE_WARNING, |
1039 | _( | 1044 | _ ( |
1040 | "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"), | 1045 | "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"), |
1041 | GNUNET_i2s(kx->peer), | 1046 | GNUNET_i2s (kx->peer), |
1042 | (unsigned long long)now.abs_value_us, | 1047 | (unsigned long long) now.abs_value_us, |
1043 | (unsigned long long)start_t.abs_value_us, | 1048 | (unsigned long long) start_t.abs_value_us, |
1044 | (unsigned long long)end_t.abs_value_us); | 1049 | (unsigned long long) end_t.abs_value_us); |
1045 | GNUNET_STATISTICS_update(GSC_stats, | 1050 | GNUNET_STATISTICS_update (GSC_stats, |
1046 | gettext_noop( | 1051 | gettext_noop ( |
1047 | "# EPHEMERAL_KEY messages rejected due to time"), | 1052 | "# EPHEMERAL_KEY messages rejected due to time"), |
1048 | 1, | 1053 | 1, |
1049 | GNUNET_NO); | 1054 | GNUNET_NO); |
1050 | return; | 1055 | return; |
1051 | } | 1056 | } |
1052 | #if DEBUG_KX | 1057 | #if DEBUG_KX |
1053 | { | 1058 | { |
1054 | struct GNUNET_HashCode eh; | 1059 | struct GNUNET_HashCode eh; |
1055 | 1060 | ||
1056 | GNUNET_CRYPTO_hash(&m->ephemeral_key, sizeof(m->ephemeral_key), &eh); | 1061 | GNUNET_CRYPTO_hash (&m->ephemeral_key, sizeof(m->ephemeral_key), &eh); |
1057 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1062 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1058 | "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n", | 1063 | "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n", |
1059 | GNUNET_h2s(&eh), | 1064 | GNUNET_h2s (&eh), |
1060 | GNUNET_i2s(kx->peer), | 1065 | GNUNET_i2s (kx->peer), |
1061 | kx->status); | 1066 | kx->status); |
1062 | } | 1067 | } |
1063 | #endif | 1068 | #endif |
1064 | GNUNET_STATISTICS_update(GSC_stats, | 1069 | GNUNET_STATISTICS_update (GSC_stats, |
1065 | gettext_noop("# valid ephemeral keys received"), | 1070 | gettext_noop ("# valid ephemeral keys received"), |
1066 | 1, | 1071 | 1, |
1067 | GNUNET_NO); | 1072 | GNUNET_NO); |
1068 | kx->other_ephemeral_key = m->ephemeral_key; | 1073 | kx->other_ephemeral_key = m->ephemeral_key; |
1069 | kx->foreign_key_expires = end_t; | 1074 | kx->foreign_key_expires = end_t; |
1070 | derive_session_keys(kx); | 1075 | derive_session_keys (kx); |
1071 | 1076 | ||
1072 | /* check if we still need to send the sender our key */ | 1077 | /* check if we still need to send the sender our key */ |
1073 | sender_status = (enum GNUNET_CORE_KxState)ntohl(m->sender_status); | 1078 | sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status); |
1074 | switch (sender_status) | 1079 | switch (sender_status) |
1075 | { | 1080 | { |
1076 | case GNUNET_CORE_KX_STATE_DOWN: | 1081 | case GNUNET_CORE_KX_STATE_DOWN: |
1077 | GNUNET_break_op(0); | 1082 | GNUNET_break_op (0); |
1078 | break; | 1083 | break; |
1079 | 1084 | ||
1080 | case GNUNET_CORE_KX_STATE_KEY_SENT: | 1085 | case GNUNET_CORE_KX_STATE_KEY_SENT: |
1081 | /* fine, need to send our key after updating our status, see below */ | 1086 | /* fine, need to send our key after updating our status, see below */ |
1082 | GSC_SESSIONS_reinit(kx->peer); | 1087 | GSC_SESSIONS_reinit (kx->peer); |
1083 | break; | 1088 | break; |
1084 | 1089 | ||
1085 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: | 1090 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: |
1086 | /* other peer already got our key, but typemap did go down */ | 1091 | /* other peer already got our key, but typemap did go down */ |
1087 | GSC_SESSIONS_reinit(kx->peer); | 1092 | GSC_SESSIONS_reinit (kx->peer); |
1088 | break; | 1093 | break; |
1089 | 1094 | ||
1090 | case GNUNET_CORE_KX_STATE_UP: | 1095 | case GNUNET_CORE_KX_STATE_UP: |
1091 | /* other peer already got our key, typemap NOT down */ | 1096 | /* other peer already got our key, typemap NOT down */ |
1092 | break; | 1097 | break; |
1093 | 1098 | ||
1094 | case GNUNET_CORE_KX_STATE_REKEY_SENT: | 1099 | case GNUNET_CORE_KX_STATE_REKEY_SENT: |
1095 | /* other peer already got our key, typemap NOT down */ | 1100 | /* other peer already got our key, typemap NOT down */ |
1096 | break; | 1101 | break; |
1097 | 1102 | ||
1098 | default: | 1103 | default: |
1099 | GNUNET_break(0); | 1104 | GNUNET_break (0); |
1100 | break; | 1105 | break; |
1101 | } | 1106 | } |
1102 | /* check if we need to confirm everything is fine via PING + PONG */ | 1107 | /* check if we need to confirm everything is fine via PING + PONG */ |
1103 | switch (kx->status) | 1108 | switch (kx->status) |
1104 | { | 1109 | { |
1105 | case GNUNET_CORE_KX_STATE_DOWN: | 1110 | case GNUNET_CORE_KX_STATE_DOWN: |
1106 | GNUNET_assert(NULL == kx->keep_alive_task); | 1111 | GNUNET_assert (NULL == kx->keep_alive_task); |
1107 | kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED; | 1112 | kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED; |
1108 | monitor_notify_all(kx); | 1113 | monitor_notify_all (kx); |
1109 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) | 1114 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) |
1110 | send_key(kx); | 1115 | send_key (kx); |
1111 | else | 1116 | else |
1112 | send_ping(kx); | 1117 | send_ping (kx); |
1113 | break; | 1118 | break; |
1114 | 1119 | ||
1115 | case GNUNET_CORE_KX_STATE_KEY_SENT: | 1120 | case GNUNET_CORE_KX_STATE_KEY_SENT: |
1116 | GNUNET_assert(NULL == kx->keep_alive_task); | 1121 | GNUNET_assert (NULL == kx->keep_alive_task); |
1117 | kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED; | 1122 | kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED; |
1118 | monitor_notify_all(kx); | 1123 | monitor_notify_all (kx); |
1119 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) | 1124 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) |
1120 | send_key(kx); | 1125 | send_key (kx); |
1121 | else | 1126 | else |
1122 | send_ping(kx); | 1127 | send_ping (kx); |
1123 | break; | 1128 | break; |
1124 | 1129 | ||
1125 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: | 1130 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: |
1126 | GNUNET_assert(NULL == kx->keep_alive_task); | 1131 | GNUNET_assert (NULL == kx->keep_alive_task); |
1127 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) | 1132 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) |
1128 | send_key(kx); | 1133 | send_key (kx); |
1129 | else | 1134 | else |
1130 | send_ping(kx); | 1135 | send_ping (kx); |
1131 | break; | 1136 | break; |
1132 | 1137 | ||
1133 | case GNUNET_CORE_KX_STATE_UP: | 1138 | case GNUNET_CORE_KX_STATE_UP: |
1134 | kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT; | 1139 | kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT; |
1135 | monitor_notify_all(kx); | 1140 | monitor_notify_all (kx); |
1136 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) | 1141 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) |
1137 | send_key(kx); | 1142 | send_key (kx); |
1138 | else | 1143 | else |
1139 | send_ping(kx); | 1144 | send_ping (kx); |
1140 | break; | 1145 | break; |
1141 | 1146 | ||
1142 | case GNUNET_CORE_KX_STATE_REKEY_SENT: | 1147 | case GNUNET_CORE_KX_STATE_REKEY_SENT: |
1143 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) | 1148 | if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status) |
1144 | send_key(kx); | 1149 | send_key (kx); |
1145 | else | 1150 | else |
1146 | send_ping(kx); | 1151 | send_ping (kx); |
1147 | break; | 1152 | break; |
1148 | 1153 | ||
1149 | default: | 1154 | default: |
1150 | GNUNET_break(0); | 1155 | GNUNET_break (0); |
1151 | break; | 1156 | break; |
1152 | } | 1157 | } |
1153 | } | 1158 | } |
1154 | 1159 | ||
1155 | 1160 | ||
@@ -1161,7 +1166,7 @@ handle_ephemeral_key(void *cls, const struct EphemeralKeyMessage *m) | |||
1161 | * @param m the encrypted PING message itself | 1166 | * @param m the encrypted PING message itself |
1162 | */ | 1167 | */ |
1163 | static void | 1168 | static void |
1164 | handle_ping(void *cls, const struct PingMessage *m) | 1169 | handle_ping (void *cls, const struct PingMessage *m) |
1165 | { | 1170 | { |
1166 | struct GSC_KeyExchangeInfo *kx = cls; | 1171 | struct GSC_KeyExchangeInfo *kx = cls; |
1167 | struct PingMessage t; | 1172 | struct PingMessage t; |
@@ -1170,70 +1175,70 @@ handle_ping(void *cls, const struct PingMessage *m) | |||
1170 | struct GNUNET_MQ_Envelope *env; | 1175 | struct GNUNET_MQ_Envelope *env; |
1171 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 1176 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
1172 | 1177 | ||
1173 | GNUNET_STATISTICS_update(GSC_stats, | 1178 | GNUNET_STATISTICS_update (GSC_stats, |
1174 | gettext_noop("# PING messages received"), | 1179 | gettext_noop ("# PING messages received"), |
1175 | 1, | 1180 | 1, |
1176 | GNUNET_NO); | 1181 | GNUNET_NO); |
1177 | if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) && | 1182 | if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) && |
1178 | (kx->status != GNUNET_CORE_KX_STATE_UP) && | 1183 | (kx->status != GNUNET_CORE_KX_STATE_UP) && |
1179 | (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT)) | 1184 | (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT)) |
1180 | { | 1185 | { |
1181 | /* ignore */ | 1186 | /* ignore */ |
1182 | GNUNET_STATISTICS_update(GSC_stats, | 1187 | GNUNET_STATISTICS_update (GSC_stats, |
1183 | gettext_noop( | 1188 | gettext_noop ( |
1184 | "# PING messages dropped (out of order)"), | 1189 | "# PING messages dropped (out of order)"), |
1185 | 1, | 1190 | 1, |
1186 | GNUNET_NO); | 1191 | GNUNET_NO); |
1187 | return; | 1192 | return; |
1188 | } | 1193 | } |
1189 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1194 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1190 | "Core service receives PING request from `%s'.\n", | 1195 | "Core service receives PING request from `%s'.\n", |
1191 | GNUNET_i2s(kx->peer)); | 1196 | GNUNET_i2s (kx->peer)); |
1192 | derive_iv(&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); | 1197 | derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); |
1193 | if (GNUNET_OK != do_decrypt(kx, | 1198 | if (GNUNET_OK != do_decrypt (kx, |
1194 | &iv, | 1199 | &iv, |
1195 | &m->target, | 1200 | &m->target, |
1196 | &t.target, | 1201 | &t.target, |
1197 | sizeof(struct PingMessage) - | 1202 | sizeof(struct PingMessage) |
1198 | ((void *)&m->target - (void *)m))) | 1203 | - ((void *) &m->target - (void *) m))) |
1199 | { | 1204 | { |
1200 | GNUNET_break_op(0); | 1205 | GNUNET_break_op (0); |
1201 | return; | 1206 | return; |
1202 | } | 1207 | } |
1203 | if (0 != | 1208 | if (0 != |
1204 | memcmp(&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity))) | 1209 | memcmp (&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity))) |
1205 | { | 1210 | { |
1206 | if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status) | 1211 | if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status) |
1207 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1212 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1208 | "Decryption of PING from peer `%s' failed, PING for `%s'?\n", | 1213 | "Decryption of PING from peer `%s' failed, PING for `%s'?\n", |
1209 | GNUNET_i2s(kx->peer), | 1214 | GNUNET_i2s (kx->peer), |
1210 | GNUNET_i2s2(&t.target)); | 1215 | GNUNET_i2s2 (&t.target)); |
1211 | else | 1216 | else |
1212 | GNUNET_log( | 1217 | GNUNET_log ( |
1213 | GNUNET_ERROR_TYPE_DEBUG, | 1218 | GNUNET_ERROR_TYPE_DEBUG, |
1214 | "Decryption of PING from peer `%s' failed after rekey (harmless)\n", | 1219 | "Decryption of PING from peer `%s' failed after rekey (harmless)\n", |
1215 | GNUNET_i2s(kx->peer)); | 1220 | GNUNET_i2s (kx->peer)); |
1216 | GNUNET_break_op(0); | 1221 | GNUNET_break_op (0); |
1217 | return; | 1222 | return; |
1218 | } | 1223 | } |
1219 | /* construct PONG */ | 1224 | /* construct PONG */ |
1220 | tx.reserved = 0; | 1225 | tx.reserved = 0; |
1221 | tx.challenge = t.challenge; | 1226 | tx.challenge = t.challenge; |
1222 | tx.target = t.target; | 1227 | tx.target = t.target; |
1223 | env = GNUNET_MQ_msg(tp, GNUNET_MESSAGE_TYPE_CORE_PONG); | 1228 | env = GNUNET_MQ_msg (tp, GNUNET_MESSAGE_TYPE_CORE_PONG); |
1224 | tp->iv_seed = calculate_seed(kx); | 1229 | tp->iv_seed = calculate_seed (kx); |
1225 | derive_pong_iv(&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer); | 1230 | derive_pong_iv (&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer); |
1226 | do_encrypt(kx, | 1231 | do_encrypt (kx, |
1227 | &iv, | 1232 | &iv, |
1228 | &tx.challenge, | 1233 | &tx.challenge, |
1229 | &tp->challenge, | 1234 | &tp->challenge, |
1230 | sizeof(struct PongMessage) - | 1235 | sizeof(struct PongMessage) |
1231 | ((void *)&tp->challenge - (void *)tp)); | 1236 | - ((void *) &tp->challenge - (void *) tp)); |
1232 | GNUNET_STATISTICS_update(GSC_stats, | 1237 | GNUNET_STATISTICS_update (GSC_stats, |
1233 | gettext_noop("# PONG messages created"), | 1238 | gettext_noop ("# PONG messages created"), |
1234 | 1, | 1239 | 1, |
1235 | GNUNET_NO); | 1240 | GNUNET_NO); |
1236 | GNUNET_MQ_send(kx->mq, env); | 1241 | GNUNET_MQ_send (kx->mq, env); |
1237 | } | 1242 | } |
1238 | 1243 | ||
1239 | 1244 | ||
@@ -1244,39 +1249,39 @@ handle_ping(void *cls, const struct PingMessage *m) | |||
1244 | * @param cls the `struct GSC_KeyExchangeInfo` | 1249 | * @param cls the `struct GSC_KeyExchangeInfo` |
1245 | */ | 1250 | */ |
1246 | static void | 1251 | static void |
1247 | send_keep_alive(void *cls) | 1252 | send_keep_alive (void *cls) |
1248 | { | 1253 | { |
1249 | struct GSC_KeyExchangeInfo *kx = cls; | 1254 | struct GSC_KeyExchangeInfo *kx = cls; |
1250 | struct GNUNET_TIME_Relative retry; | 1255 | struct GNUNET_TIME_Relative retry; |
1251 | struct GNUNET_TIME_Relative left; | 1256 | struct GNUNET_TIME_Relative left; |
1252 | 1257 | ||
1253 | kx->keep_alive_task = NULL; | 1258 | kx->keep_alive_task = NULL; |
1254 | left = GNUNET_TIME_absolute_get_remaining(kx->timeout); | 1259 | left = GNUNET_TIME_absolute_get_remaining (kx->timeout); |
1255 | if (0 == left.rel_value_us) | 1260 | if (0 == left.rel_value_us) |
1256 | { | 1261 | { |
1257 | GNUNET_STATISTICS_update(GSC_stats, | 1262 | GNUNET_STATISTICS_update (GSC_stats, |
1258 | gettext_noop("# sessions terminated by timeout"), | 1263 | gettext_noop ("# sessions terminated by timeout"), |
1259 | 1, | 1264 | 1, |
1260 | GNUNET_NO); | 1265 | GNUNET_NO); |
1261 | GSC_SESSIONS_end(kx->peer); | 1266 | GSC_SESSIONS_end (kx->peer); |
1262 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; | 1267 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; |
1263 | monitor_notify_all(kx); | 1268 | monitor_notify_all (kx); |
1264 | send_key(kx); | 1269 | send_key (kx); |
1265 | return; | 1270 | return; |
1266 | } | 1271 | } |
1267 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1272 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1268 | "Sending KEEPALIVE to `%s'\n", | 1273 | "Sending KEEPALIVE to `%s'\n", |
1269 | GNUNET_i2s(kx->peer)); | 1274 | GNUNET_i2s (kx->peer)); |
1270 | GNUNET_STATISTICS_update(GSC_stats, | 1275 | GNUNET_STATISTICS_update (GSC_stats, |
1271 | gettext_noop("# keepalive messages sent"), | 1276 | gettext_noop ("# keepalive messages sent"), |
1272 | 1, | 1277 | 1, |
1273 | GNUNET_NO); | 1278 | GNUNET_NO); |
1274 | setup_fresh_ping(kx); | 1279 | setup_fresh_ping (kx); |
1275 | send_ping(kx); | 1280 | send_ping (kx); |
1276 | retry = GNUNET_TIME_relative_max(GNUNET_TIME_relative_divide(left, 2), | 1281 | retry = GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2), |
1277 | MIN_PING_FREQUENCY); | 1282 | MIN_PING_FREQUENCY); |
1278 | kx->keep_alive_task = | 1283 | kx->keep_alive_task = |
1279 | GNUNET_SCHEDULER_add_delayed(retry, &send_keep_alive, kx); | 1284 | GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx); |
1280 | } | 1285 | } |
1281 | 1286 | ||
1282 | 1287 | ||
@@ -1288,24 +1293,24 @@ send_keep_alive(void *cls) | |||
1288 | * @param kx key exchange where we saw activity | 1293 | * @param kx key exchange where we saw activity |
1289 | */ | 1294 | */ |
1290 | static void | 1295 | static void |
1291 | update_timeout(struct GSC_KeyExchangeInfo *kx) | 1296 | update_timeout (struct GSC_KeyExchangeInfo *kx) |
1292 | { | 1297 | { |
1293 | struct GNUNET_TIME_Relative delta; | 1298 | struct GNUNET_TIME_Relative delta; |
1294 | 1299 | ||
1295 | kx->timeout = | 1300 | kx->timeout = |
1296 | GNUNET_TIME_relative_to_absolute(GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); | 1301 | GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); |
1297 | delta = | 1302 | delta = |
1298 | GNUNET_TIME_absolute_get_difference(kx->last_notify_timeout, kx->timeout); | 1303 | GNUNET_TIME_absolute_get_difference (kx->last_notify_timeout, kx->timeout); |
1299 | if (delta.rel_value_us > 5LL * 1000LL * 1000LL) | 1304 | if (delta.rel_value_us > 5LL * 1000LL * 1000LL) |
1300 | { | 1305 | { |
1301 | /* we only notify monitors about timeout changes if those | 1306 | /* we only notify monitors about timeout changes if those |
1302 | are bigger than the threshold (5s) */ | 1307 | are bigger than the threshold (5s) */ |
1303 | monitor_notify_all(kx); | 1308 | monitor_notify_all (kx); |
1304 | } | 1309 | } |
1305 | if (NULL != kx->keep_alive_task) | 1310 | if (NULL != kx->keep_alive_task) |
1306 | GNUNET_SCHEDULER_cancel(kx->keep_alive_task); | 1311 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); |
1307 | kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed( | 1312 | kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed ( |
1308 | GNUNET_TIME_relative_divide(GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, 2), | 1313 | GNUNET_TIME_relative_divide (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, 2), |
1309 | &send_keep_alive, | 1314 | &send_keep_alive, |
1310 | kx); | 1315 | kx); |
1311 | } | 1316 | } |
@@ -1318,141 +1323,141 @@ update_timeout(struct GSC_KeyExchangeInfo *kx) | |||
1318 | * @param m the encrypted PONG message itself | 1323 | * @param m the encrypted PONG message itself |
1319 | */ | 1324 | */ |
1320 | static void | 1325 | static void |
1321 | handle_pong(void *cls, const struct PongMessage *m) | 1326 | handle_pong (void *cls, const struct PongMessage *m) |
1322 | { | 1327 | { |
1323 | struct GSC_KeyExchangeInfo *kx = cls; | 1328 | struct GSC_KeyExchangeInfo *kx = cls; |
1324 | struct PongMessage t; | 1329 | struct PongMessage t; |
1325 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 1330 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
1326 | 1331 | ||
1327 | GNUNET_STATISTICS_update(GSC_stats, | 1332 | GNUNET_STATISTICS_update (GSC_stats, |
1328 | gettext_noop("# PONG messages received"), | 1333 | gettext_noop ("# PONG messages received"), |
1329 | 1, | 1334 | 1, |
1330 | GNUNET_NO); | 1335 | GNUNET_NO); |
1331 | switch (kx->status) | 1336 | switch (kx->status) |
1332 | { | 1337 | { |
1333 | case GNUNET_CORE_KX_STATE_DOWN: | 1338 | case GNUNET_CORE_KX_STATE_DOWN: |
1334 | GNUNET_STATISTICS_update(GSC_stats, | 1339 | GNUNET_STATISTICS_update (GSC_stats, |
1335 | gettext_noop( | 1340 | gettext_noop ( |
1336 | "# PONG messages dropped (connection down)"), | 1341 | "# PONG messages dropped (connection down)"), |
1337 | 1, | 1342 | 1, |
1338 | GNUNET_NO); | 1343 | GNUNET_NO); |
1339 | return; | 1344 | return; |
1340 | 1345 | ||
1341 | case GNUNET_CORE_KX_STATE_KEY_SENT: | 1346 | case GNUNET_CORE_KX_STATE_KEY_SENT: |
1342 | GNUNET_STATISTICS_update(GSC_stats, | 1347 | GNUNET_STATISTICS_update (GSC_stats, |
1343 | gettext_noop( | 1348 | gettext_noop ( |
1344 | "# PONG messages dropped (out of order)"), | 1349 | "# PONG messages dropped (out of order)"), |
1345 | 1, | 1350 | 1, |
1346 | GNUNET_NO); | 1351 | GNUNET_NO); |
1347 | return; | 1352 | return; |
1348 | 1353 | ||
1349 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: | 1354 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: |
1350 | break; | 1355 | break; |
1351 | 1356 | ||
1352 | case GNUNET_CORE_KX_STATE_UP: | 1357 | case GNUNET_CORE_KX_STATE_UP: |
1353 | break; | 1358 | break; |
1354 | 1359 | ||
1355 | case GNUNET_CORE_KX_STATE_REKEY_SENT: | 1360 | case GNUNET_CORE_KX_STATE_REKEY_SENT: |
1356 | break; | 1361 | break; |
1357 | 1362 | ||
1358 | default: | 1363 | default: |
1359 | GNUNET_break(0); | 1364 | GNUNET_break (0); |
1360 | return; | 1365 | return; |
1361 | } | 1366 | } |
1362 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1367 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1363 | "Core service receives PONG response from `%s'.\n", | 1368 | "Core service receives PONG response from `%s'.\n", |
1364 | GNUNET_i2s(kx->peer)); | 1369 | GNUNET_i2s (kx->peer)); |
1365 | /* mark as garbage, just to be sure */ | 1370 | /* mark as garbage, just to be sure */ |
1366 | memset(&t, 255, sizeof(t)); | 1371 | memset (&t, 255, sizeof(t)); |
1367 | derive_pong_iv(&iv, | 1372 | derive_pong_iv (&iv, |
1368 | &kx->decrypt_key, | 1373 | &kx->decrypt_key, |
1369 | m->iv_seed, | 1374 | m->iv_seed, |
1370 | kx->ping_challenge, | 1375 | kx->ping_challenge, |
1371 | &GSC_my_identity); | 1376 | &GSC_my_identity); |
1372 | if (GNUNET_OK != do_decrypt(kx, | 1377 | if (GNUNET_OK != do_decrypt (kx, |
1373 | &iv, | 1378 | &iv, |
1374 | &m->challenge, | 1379 | &m->challenge, |
1375 | &t.challenge, | 1380 | &t.challenge, |
1376 | sizeof(struct PongMessage) - | 1381 | sizeof(struct PongMessage) |
1377 | ((void *)&m->challenge - (void *)m))) | 1382 | - ((void *) &m->challenge - (void *) m))) |
1378 | { | 1383 | { |
1379 | GNUNET_break_op(0); | 1384 | GNUNET_break_op (0); |
1380 | return; | 1385 | return; |
1381 | } | 1386 | } |
1382 | GNUNET_STATISTICS_update(GSC_stats, | 1387 | GNUNET_STATISTICS_update (GSC_stats, |
1383 | gettext_noop("# PONG messages decrypted"), | 1388 | gettext_noop ("# PONG messages decrypted"), |
1384 | 1, | 1389 | 1, |
1385 | GNUNET_NO); | 1390 | GNUNET_NO); |
1386 | if ((0 != | 1391 | if ((0 != |
1387 | memcmp(&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) || | 1392 | memcmp (&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) || |
1388 | (kx->ping_challenge != t.challenge)) | 1393 | (kx->ping_challenge != t.challenge)) |
1389 | { | 1394 | { |
1390 | /* PONG malformed */ | 1395 | /* PONG malformed */ |
1391 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1396 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1392 | "Received malformed PONG wanted sender `%s' with challenge %u\n", | 1397 | "Received malformed PONG wanted sender `%s' with challenge %u\n", |
1393 | GNUNET_i2s(kx->peer), | 1398 | GNUNET_i2s (kx->peer), |
1394 | (unsigned int)kx->ping_challenge); | 1399 | (unsigned int) kx->ping_challenge); |
1395 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1400 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1396 | "Received malformed PONG received from `%s' with challenge %u\n", | 1401 | "Received malformed PONG received from `%s' with challenge %u\n", |
1397 | GNUNET_i2s(&t.target), | 1402 | GNUNET_i2s (&t.target), |
1398 | (unsigned int)t.challenge); | 1403 | (unsigned int) t.challenge); |
1399 | return; | 1404 | return; |
1400 | } | 1405 | } |
1401 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1406 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1402 | "Received valid PONG from `%s'\n", | 1407 | "Received valid PONG from `%s'\n", |
1403 | GNUNET_i2s(kx->peer)); | 1408 | GNUNET_i2s (kx->peer)); |
1404 | /* no need to resend key any longer */ | 1409 | /* no need to resend key any longer */ |
1405 | if (NULL != kx->retry_set_key_task) | 1410 | if (NULL != kx->retry_set_key_task) |
1406 | { | 1411 | { |
1407 | GNUNET_SCHEDULER_cancel(kx->retry_set_key_task); | 1412 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
1408 | kx->retry_set_key_task = NULL; | 1413 | kx->retry_set_key_task = NULL; |
1409 | } | 1414 | } |
1410 | switch (kx->status) | 1415 | switch (kx->status) |
1411 | { | 1416 | { |
1412 | case GNUNET_CORE_KX_STATE_DOWN: | 1417 | case GNUNET_CORE_KX_STATE_DOWN: |
1413 | GNUNET_assert(0); /* should be impossible */ | 1418 | GNUNET_assert (0); /* should be impossible */ |
1414 | return; | 1419 | return; |
1415 | 1420 | ||
1416 | case GNUNET_CORE_KX_STATE_KEY_SENT: | 1421 | case GNUNET_CORE_KX_STATE_KEY_SENT: |
1417 | GNUNET_assert(0); /* should be impossible */ | 1422 | GNUNET_assert (0); /* should be impossible */ |
1418 | return; | 1423 | return; |
1419 | 1424 | ||
1420 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: | 1425 | case GNUNET_CORE_KX_STATE_KEY_RECEIVED: |
1421 | GNUNET_STATISTICS_update(GSC_stats, | 1426 | GNUNET_STATISTICS_update (GSC_stats, |
1422 | gettext_noop( | 1427 | gettext_noop ( |
1423 | "# session keys confirmed via PONG"), | 1428 | "# session keys confirmed via PONG"), |
1424 | 1, | 1429 | 1, |
1425 | GNUNET_NO); | 1430 | GNUNET_NO); |
1426 | kx->status = GNUNET_CORE_KX_STATE_UP; | 1431 | kx->status = GNUNET_CORE_KX_STATE_UP; |
1427 | monitor_notify_all(kx); | 1432 | monitor_notify_all (kx); |
1428 | GSC_SESSIONS_create(kx->peer, kx); | 1433 | GSC_SESSIONS_create (kx->peer, kx); |
1429 | GNUNET_assert(NULL == kx->keep_alive_task); | 1434 | GNUNET_assert (NULL == kx->keep_alive_task); |
1430 | update_timeout(kx); | 1435 | update_timeout (kx); |
1431 | break; | 1436 | break; |
1432 | 1437 | ||
1433 | case GNUNET_CORE_KX_STATE_UP: | 1438 | case GNUNET_CORE_KX_STATE_UP: |
1434 | GNUNET_STATISTICS_update(GSC_stats, | 1439 | GNUNET_STATISTICS_update (GSC_stats, |
1435 | gettext_noop("# timeouts prevented via PONG"), | 1440 | gettext_noop ("# timeouts prevented via PONG"), |
1436 | 1, | 1441 | 1, |
1437 | GNUNET_NO); | 1442 | GNUNET_NO); |
1438 | update_timeout(kx); | 1443 | update_timeout (kx); |
1439 | break; | 1444 | break; |
1440 | 1445 | ||
1441 | case GNUNET_CORE_KX_STATE_REKEY_SENT: | 1446 | case GNUNET_CORE_KX_STATE_REKEY_SENT: |
1442 | GNUNET_STATISTICS_update(GSC_stats, | 1447 | GNUNET_STATISTICS_update (GSC_stats, |
1443 | gettext_noop( | 1448 | gettext_noop ( |
1444 | "# rekey operations confirmed via PONG"), | 1449 | "# rekey operations confirmed via PONG"), |
1445 | 1, | 1450 | 1, |
1446 | GNUNET_NO); | 1451 | GNUNET_NO); |
1447 | kx->status = GNUNET_CORE_KX_STATE_UP; | 1452 | kx->status = GNUNET_CORE_KX_STATE_UP; |
1448 | monitor_notify_all(kx); | 1453 | monitor_notify_all (kx); |
1449 | update_timeout(kx); | 1454 | update_timeout (kx); |
1450 | break; | 1455 | break; |
1451 | 1456 | ||
1452 | default: | 1457 | default: |
1453 | GNUNET_break(0); | 1458 | GNUNET_break (0); |
1454 | break; | 1459 | break; |
1455 | } | 1460 | } |
1456 | } | 1461 | } |
1457 | 1462 | ||
1458 | 1463 | ||
@@ -1462,40 +1467,40 @@ handle_pong(void *cls, const struct PongMessage *m) | |||
1462 | * @param kx key exchange context | 1467 | * @param kx key exchange context |
1463 | */ | 1468 | */ |
1464 | static void | 1469 | static void |
1465 | send_key(struct GSC_KeyExchangeInfo *kx) | 1470 | send_key (struct GSC_KeyExchangeInfo *kx) |
1466 | { | 1471 | { |
1467 | struct GNUNET_MQ_Envelope *env; | 1472 | struct GNUNET_MQ_Envelope *env; |
1468 | 1473 | ||
1469 | GNUNET_assert(GNUNET_CORE_KX_STATE_DOWN != kx->status); | 1474 | GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status); |
1470 | if (NULL != kx->retry_set_key_task) | 1475 | if (NULL != kx->retry_set_key_task) |
1471 | { | 1476 | { |
1472 | GNUNET_SCHEDULER_cancel(kx->retry_set_key_task); | 1477 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
1473 | kx->retry_set_key_task = NULL; | 1478 | kx->retry_set_key_task = NULL; |
1474 | } | 1479 | } |
1475 | /* always update sender status in SET KEY message */ | 1480 | /* always update sender status in SET KEY message */ |
1476 | #if DEBUG_KX | 1481 | #if DEBUG_KX |
1477 | { | 1482 | { |
1478 | struct GNUNET_HashCode hc; | 1483 | struct GNUNET_HashCode hc; |
1479 | 1484 | ||
1480 | GNUNET_CRYPTO_hash(¤t_ekm.ephemeral_key, | 1485 | GNUNET_CRYPTO_hash (¤t_ekm.ephemeral_key, |
1481 | sizeof(current_ekm.ephemeral_key), | 1486 | sizeof(current_ekm.ephemeral_key), |
1482 | &hc); | 1487 | &hc); |
1483 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1488 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1484 | "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n", | 1489 | "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n", |
1485 | GNUNET_h2s(&hc), | 1490 | GNUNET_h2s (&hc), |
1486 | GNUNET_i2s(kx->peer), | 1491 | GNUNET_i2s (kx->peer), |
1487 | kx->status); | 1492 | kx->status); |
1488 | } | 1493 | } |
1489 | #endif | 1494 | #endif |
1490 | current_ekm.sender_status = htonl((int32_t)(kx->status)); | 1495 | current_ekm.sender_status = htonl ((int32_t) (kx->status)); |
1491 | env = GNUNET_MQ_msg_copy(¤t_ekm.header); | 1496 | env = GNUNET_MQ_msg_copy (¤t_ekm.header); |
1492 | GNUNET_MQ_send(kx->mq, env); | 1497 | GNUNET_MQ_send (kx->mq, env); |
1493 | if (GNUNET_CORE_KX_STATE_KEY_SENT != kx->status) | 1498 | if (GNUNET_CORE_KX_STATE_KEY_SENT != kx->status) |
1494 | send_ping(kx); | 1499 | send_ping (kx); |
1495 | kx->retry_set_key_task = | 1500 | kx->retry_set_key_task = |
1496 | GNUNET_SCHEDULER_add_delayed(kx->set_key_retry_frequency, | 1501 | GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency, |
1497 | &set_key_retry_task, | 1502 | &set_key_retry_task, |
1498 | kx); | 1503 | kx); |
1499 | } | 1504 | } |
1500 | 1505 | ||
1501 | 1506 | ||
@@ -1507,9 +1512,9 @@ send_key(struct GSC_KeyExchangeInfo *kx) | |||
1507 | * @param payload_size number of bytes in @a payload | 1512 | * @param payload_size number of bytes in @a payload |
1508 | */ | 1513 | */ |
1509 | void | 1514 | void |
1510 | GSC_KX_encrypt_and_transmit(struct GSC_KeyExchangeInfo *kx, | 1515 | GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, |
1511 | const void *payload, | 1516 | const void *payload, |
1512 | size_t payload_size) | 1517 | size_t payload_size) |
1513 | { | 1518 | { |
1514 | size_t used = payload_size + sizeof(struct EncryptedMessage); | 1519 | size_t used = payload_size + sizeof(struct EncryptedMessage); |
1515 | char pbuf[used]; /* plaintext */ | 1520 | char pbuf[used]; /* plaintext */ |
@@ -1519,55 +1524,55 @@ GSC_KX_encrypt_and_transmit(struct GSC_KeyExchangeInfo *kx, | |||
1519 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 1524 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
1520 | struct GNUNET_CRYPTO_AuthKey auth_key; | 1525 | struct GNUNET_CRYPTO_AuthKey auth_key; |
1521 | 1526 | ||
1522 | ph = (struct EncryptedMessage *)pbuf; | 1527 | ph = (struct EncryptedMessage *) pbuf; |
1523 | ph->sequence_number = htonl(++kx->last_sequence_number_sent); | 1528 | ph->sequence_number = htonl (++kx->last_sequence_number_sent); |
1524 | ph->iv_seed = calculate_seed(kx); | 1529 | ph->iv_seed = calculate_seed (kx); |
1525 | ph->reserved = 0; | 1530 | ph->reserved = 0; |
1526 | ph->timestamp = GNUNET_TIME_absolute_hton(GNUNET_TIME_absolute_get()); | 1531 | ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); |
1527 | GNUNET_memcpy(&ph[1], payload, payload_size); | 1532 | GNUNET_memcpy (&ph[1], payload, payload_size); |
1528 | env = GNUNET_MQ_msg_extra(em, | 1533 | env = GNUNET_MQ_msg_extra (em, |
1529 | payload_size, | 1534 | payload_size, |
1530 | GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE); | 1535 | GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE); |
1531 | em->iv_seed = ph->iv_seed; | 1536 | em->iv_seed = ph->iv_seed; |
1532 | derive_iv(&iv, &kx->encrypt_key, ph->iv_seed, kx->peer); | 1537 | derive_iv (&iv, &kx->encrypt_key, ph->iv_seed, kx->peer); |
1533 | GNUNET_assert(GNUNET_OK == do_encrypt(kx, | 1538 | GNUNET_assert (GNUNET_OK == do_encrypt (kx, |
1534 | &iv, | 1539 | &iv, |
1535 | &ph->sequence_number, | 1540 | &ph->sequence_number, |
1536 | &em->sequence_number, | 1541 | &em->sequence_number, |
1537 | used - ENCRYPTED_HEADER_SIZE)); | 1542 | used - ENCRYPTED_HEADER_SIZE)); |
1538 | #if DEBUG_KX | 1543 | #if DEBUG_KX |
1539 | { | 1544 | { |
1540 | struct GNUNET_HashCode hc; | 1545 | struct GNUNET_HashCode hc; |
1541 | 1546 | ||
1542 | GNUNET_CRYPTO_hash(&ph->sequence_number, | 1547 | GNUNET_CRYPTO_hash (&ph->sequence_number, |
1543 | used - ENCRYPTED_HEADER_SIZE, | 1548 | used - ENCRYPTED_HEADER_SIZE, |
1544 | &hc); | 1549 | &hc); |
1545 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1550 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1546 | "Encrypted payload `%s' of %u bytes for %s\n", | 1551 | "Encrypted payload `%s' of %u bytes for %s\n", |
1547 | GNUNET_h2s(&hc), | 1552 | GNUNET_h2s (&hc), |
1548 | (unsigned int)(used - ENCRYPTED_HEADER_SIZE), | 1553 | (unsigned int) (used - ENCRYPTED_HEADER_SIZE), |
1549 | GNUNET_i2s(kx->peer)); | 1554 | GNUNET_i2s (kx->peer)); |
1550 | } | 1555 | } |
1551 | #endif | 1556 | #endif |
1552 | derive_auth_key(&auth_key, &kx->encrypt_key, ph->iv_seed); | 1557 | derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed); |
1553 | GNUNET_CRYPTO_hmac(&auth_key, | 1558 | GNUNET_CRYPTO_hmac (&auth_key, |
1554 | &em->sequence_number, | 1559 | &em->sequence_number, |
1555 | used - ENCRYPTED_HEADER_SIZE, | 1560 | used - ENCRYPTED_HEADER_SIZE, |
1556 | &em->hmac); | 1561 | &em->hmac); |
1557 | #if DEBUG_KX | 1562 | #if DEBUG_KX |
1558 | { | 1563 | { |
1559 | struct GNUNET_HashCode hc; | 1564 | struct GNUNET_HashCode hc; |
1560 | 1565 | ||
1561 | GNUNET_CRYPTO_hash(&auth_key, sizeof(auth_key), &hc); | 1566 | GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc); |
1562 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1567 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1563 | "For peer %s, used AC %s to create hmac %s\n", | 1568 | "For peer %s, used AC %s to create hmac %s\n", |
1564 | GNUNET_i2s(kx->peer), | 1569 | GNUNET_i2s (kx->peer), |
1565 | GNUNET_h2s(&hc), | 1570 | GNUNET_h2s (&hc), |
1566 | GNUNET_h2s2(&em->hmac)); | 1571 | GNUNET_h2s2 (&em->hmac)); |
1567 | } | 1572 | } |
1568 | #endif | 1573 | #endif |
1569 | kx->has_excess_bandwidth = GNUNET_NO; | 1574 | kx->has_excess_bandwidth = GNUNET_NO; |
1570 | GNUNET_MQ_send(kx->mq, env); | 1575 | GNUNET_MQ_send (kx->mq, env); |
1571 | } | 1576 | } |
1572 | 1577 | ||
1573 | 1578 | ||
@@ -1580,15 +1585,15 @@ GSC_KX_encrypt_and_transmit(struct GSC_KeyExchangeInfo *kx, | |||
1580 | * @return #GNUNET_OK if @a msg is well-formed (size-wise) | 1585 | * @return #GNUNET_OK if @a msg is well-formed (size-wise) |
1581 | */ | 1586 | */ |
1582 | static int | 1587 | static int |
1583 | check_encrypted(void *cls, const struct EncryptedMessage *m) | 1588 | check_encrypted (void *cls, const struct EncryptedMessage *m) |
1584 | { | 1589 | { |
1585 | uint16_t size = ntohs(m->header.size) - sizeof(*m); | 1590 | uint16_t size = ntohs (m->header.size) - sizeof(*m); |
1586 | 1591 | ||
1587 | if (size < sizeof(struct GNUNET_MessageHeader)) | 1592 | if (size < sizeof(struct GNUNET_MessageHeader)) |
1588 | { | 1593 | { |
1589 | GNUNET_break_op(0); | 1594 | GNUNET_break_op (0); |
1590 | return GNUNET_SYSERR; | 1595 | return GNUNET_SYSERR; |
1591 | } | 1596 | } |
1592 | return GNUNET_OK; | 1597 | return GNUNET_OK; |
1593 | } | 1598 | } |
1594 | 1599 | ||
@@ -1601,7 +1606,7 @@ check_encrypted(void *cls, const struct EncryptedMessage *m) | |||
1601 | * @param m encrypted message | 1606 | * @param m encrypted message |
1602 | */ | 1607 | */ |
1603 | static void | 1608 | static void |
1604 | handle_encrypted(void *cls, const struct EncryptedMessage *m) | 1609 | handle_encrypted (void *cls, const struct EncryptedMessage *m) |
1605 | { | 1610 | { |
1606 | struct GSC_KeyExchangeInfo *kx = cls; | 1611 | struct GSC_KeyExchangeInfo *kx = cls; |
1607 | struct EncryptedMessage *pt; /* plaintext */ | 1612 | struct EncryptedMessage *pt; /* plaintext */ |
@@ -1610,183 +1615,183 @@ handle_encrypted(void *cls, const struct EncryptedMessage *m) | |||
1610 | struct GNUNET_TIME_Absolute t; | 1615 | struct GNUNET_TIME_Absolute t; |
1611 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 1616 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
1612 | struct GNUNET_CRYPTO_AuthKey auth_key; | 1617 | struct GNUNET_CRYPTO_AuthKey auth_key; |
1613 | uint16_t size = ntohs(m->header.size); | 1618 | uint16_t size = ntohs (m->header.size); |
1614 | char buf[size] GNUNET_ALIGN; | 1619 | char buf[size] GNUNET_ALIGN; |
1615 | 1620 | ||
1616 | if (GNUNET_CORE_KX_STATE_UP != kx->status) | 1621 | if (GNUNET_CORE_KX_STATE_UP != kx->status) |
1617 | { | 1622 | { |
1618 | GNUNET_STATISTICS_update(GSC_stats, | 1623 | GNUNET_STATISTICS_update (GSC_stats, |
1619 | gettext_noop( | 1624 | gettext_noop ( |
1620 | "# DATA message dropped (out of order)"), | 1625 | "# DATA message dropped (out of order)"), |
1621 | 1, | 1626 | 1, |
1622 | GNUNET_NO); | 1627 | GNUNET_NO); |
1623 | return; | 1628 | return; |
1624 | } | 1629 | } |
1625 | if (0 == | 1630 | if (0 == |
1626 | GNUNET_TIME_absolute_get_remaining(kx->foreign_key_expires).rel_value_us) | 1631 | GNUNET_TIME_absolute_get_remaining (kx->foreign_key_expires).rel_value_us) |
1632 | { | ||
1633 | GNUNET_log ( | ||
1634 | GNUNET_ERROR_TYPE_WARNING, | ||
1635 | _ ( | ||
1636 | "Session to peer `%s' went down due to key expiration (should not happen)\n"), | ||
1637 | GNUNET_i2s (kx->peer)); | ||
1638 | GNUNET_STATISTICS_update (GSC_stats, | ||
1639 | gettext_noop ( | ||
1640 | "# sessions terminated by key expiration"), | ||
1641 | 1, | ||
1642 | GNUNET_NO); | ||
1643 | GSC_SESSIONS_end (kx->peer); | ||
1644 | if (NULL != kx->keep_alive_task) | ||
1627 | { | 1645 | { |
1628 | GNUNET_log( | 1646 | GNUNET_SCHEDULER_cancel (kx->keep_alive_task); |
1629 | GNUNET_ERROR_TYPE_WARNING, | 1647 | kx->keep_alive_task = NULL; |
1630 | _( | ||
1631 | "Session to peer `%s' went down due to key expiration (should not happen)\n"), | ||
1632 | GNUNET_i2s(kx->peer)); | ||
1633 | GNUNET_STATISTICS_update(GSC_stats, | ||
1634 | gettext_noop( | ||
1635 | "# sessions terminated by key expiration"), | ||
1636 | 1, | ||
1637 | GNUNET_NO); | ||
1638 | GSC_SESSIONS_end(kx->peer); | ||
1639 | if (NULL != kx->keep_alive_task) | ||
1640 | { | ||
1641 | GNUNET_SCHEDULER_cancel(kx->keep_alive_task); | ||
1642 | kx->keep_alive_task = NULL; | ||
1643 | } | ||
1644 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; | ||
1645 | monitor_notify_all(kx); | ||
1646 | send_key(kx); | ||
1647 | return; | ||
1648 | } | 1648 | } |
1649 | kx->status = GNUNET_CORE_KX_STATE_KEY_SENT; | ||
1650 | monitor_notify_all (kx); | ||
1651 | send_key (kx); | ||
1652 | return; | ||
1653 | } | ||
1649 | 1654 | ||
1650 | /* validate hash */ | 1655 | /* validate hash */ |
1651 | #if DEBUG_KX | 1656 | #if DEBUG_KX |
1652 | { | 1657 | { |
1653 | struct GNUNET_HashCode hc; | 1658 | struct GNUNET_HashCode hc; |
1654 | 1659 | ||
1655 | GNUNET_CRYPTO_hash(&m->sequence_number, size - ENCRYPTED_HEADER_SIZE, &hc); | 1660 | GNUNET_CRYPTO_hash (&m->sequence_number, size - ENCRYPTED_HEADER_SIZE, &hc); |
1656 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1661 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1657 | "Received encrypted payload `%s' of %u bytes from %s\n", | 1662 | "Received encrypted payload `%s' of %u bytes from %s\n", |
1658 | GNUNET_h2s(&hc), | 1663 | GNUNET_h2s (&hc), |
1659 | (unsigned int)(size - ENCRYPTED_HEADER_SIZE), | 1664 | (unsigned int) (size - ENCRYPTED_HEADER_SIZE), |
1660 | GNUNET_i2s(kx->peer)); | 1665 | GNUNET_i2s (kx->peer)); |
1661 | } | 1666 | } |
1662 | #endif | 1667 | #endif |
1663 | derive_auth_key(&auth_key, &kx->decrypt_key, m->iv_seed); | 1668 | derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed); |
1664 | GNUNET_CRYPTO_hmac(&auth_key, | 1669 | GNUNET_CRYPTO_hmac (&auth_key, |
1665 | &m->sequence_number, | 1670 | &m->sequence_number, |
1666 | size - ENCRYPTED_HEADER_SIZE, | 1671 | size - ENCRYPTED_HEADER_SIZE, |
1667 | &ph); | 1672 | &ph); |
1668 | #if DEBUG_KX | 1673 | #if DEBUG_KX |
1669 | { | 1674 | { |
1670 | struct GNUNET_HashCode hc; | 1675 | struct GNUNET_HashCode hc; |
1671 | 1676 | ||
1672 | GNUNET_CRYPTO_hash(&auth_key, sizeof(auth_key), &hc); | 1677 | GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc); |
1673 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1678 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1674 | "For peer %s, used AC %s to verify hmac %s\n", | 1679 | "For peer %s, used AC %s to verify hmac %s\n", |
1675 | GNUNET_i2s(kx->peer), | 1680 | GNUNET_i2s (kx->peer), |
1676 | GNUNET_h2s(&hc), | 1681 | GNUNET_h2s (&hc), |
1677 | GNUNET_h2s2(&m->hmac)); | 1682 | GNUNET_h2s2 (&m->hmac)); |
1678 | } | 1683 | } |
1679 | #endif | 1684 | #endif |
1680 | if (0 != memcmp(&ph, &m->hmac, sizeof(struct GNUNET_HashCode))) | 1685 | if (0 != memcmp (&ph, &m->hmac, sizeof(struct GNUNET_HashCode))) |
1681 | { | 1686 | { |
1682 | /* checksum failed */ | 1687 | /* checksum failed */ |
1683 | GNUNET_log(GNUNET_ERROR_TYPE_WARNING, | 1688 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
1684 | "Failed checksum validation for a message from `%s'\n", | 1689 | "Failed checksum validation for a message from `%s'\n", |
1685 | GNUNET_i2s(kx->peer)); | 1690 | GNUNET_i2s (kx->peer)); |
1686 | return; | 1691 | return; |
1687 | } | 1692 | } |
1688 | derive_iv(&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); | 1693 | derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity); |
1689 | /* decrypt */ | 1694 | /* decrypt */ |
1690 | if (GNUNET_OK != do_decrypt(kx, | 1695 | if (GNUNET_OK != do_decrypt (kx, |
1691 | &iv, | 1696 | &iv, |
1692 | &m->sequence_number, | 1697 | &m->sequence_number, |
1693 | &buf[ENCRYPTED_HEADER_SIZE], | 1698 | &buf[ENCRYPTED_HEADER_SIZE], |
1694 | size - ENCRYPTED_HEADER_SIZE)) | 1699 | size - ENCRYPTED_HEADER_SIZE)) |
1695 | { | 1700 | { |
1696 | GNUNET_break_op(0); | 1701 | GNUNET_break_op (0); |
1697 | return; | 1702 | return; |
1698 | } | 1703 | } |
1699 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1704 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1700 | "Decrypted %u bytes from %s\n", | 1705 | "Decrypted %u bytes from %s\n", |
1701 | (unsigned int)(size - ENCRYPTED_HEADER_SIZE), | 1706 | (unsigned int) (size - ENCRYPTED_HEADER_SIZE), |
1702 | GNUNET_i2s(kx->peer)); | 1707 | GNUNET_i2s (kx->peer)); |
1703 | pt = (struct EncryptedMessage *)buf; | 1708 | pt = (struct EncryptedMessage *) buf; |
1704 | 1709 | ||
1705 | /* validate sequence number */ | 1710 | /* validate sequence number */ |
1706 | snum = ntohl(pt->sequence_number); | 1711 | snum = ntohl (pt->sequence_number); |
1707 | if (kx->last_sequence_number_received == snum) | 1712 | if (kx->last_sequence_number_received == snum) |
1708 | { | 1713 | { |
1709 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1714 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1710 | "Received duplicate message, ignoring.\n"); | 1715 | "Received duplicate message, ignoring.\n"); |
1711 | /* duplicate, ignore */ | 1716 | /* duplicate, ignore */ |
1712 | GNUNET_STATISTICS_update(GSC_stats, | 1717 | GNUNET_STATISTICS_update (GSC_stats, |
1713 | gettext_noop("# bytes dropped (duplicates)"), | 1718 | gettext_noop ("# bytes dropped (duplicates)"), |
1714 | size, | 1719 | size, |
1715 | GNUNET_NO); | 1720 | GNUNET_NO); |
1716 | return; | 1721 | return; |
1717 | } | 1722 | } |
1718 | if ((kx->last_sequence_number_received > snum) && | 1723 | if ((kx->last_sequence_number_received > snum) && |
1719 | (kx->last_sequence_number_received - snum > 32)) | 1724 | (kx->last_sequence_number_received - snum > 32)) |
1720 | { | 1725 | { |
1721 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1726 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1722 | "Received ancient out of sequence message, ignoring.\n"); | 1727 | "Received ancient out of sequence message, ignoring.\n"); |
1723 | /* ancient out of sequence, ignore */ | 1728 | /* ancient out of sequence, ignore */ |
1724 | GNUNET_STATISTICS_update(GSC_stats, | 1729 | GNUNET_STATISTICS_update (GSC_stats, |
1725 | gettext_noop( | 1730 | gettext_noop ( |
1726 | "# bytes dropped (out of sequence)"), | 1731 | "# bytes dropped (out of sequence)"), |
1727 | size, | 1732 | size, |
1728 | GNUNET_NO); | 1733 | GNUNET_NO); |
1729 | return; | 1734 | return; |
1730 | } | 1735 | } |
1731 | if (kx->last_sequence_number_received > snum) | 1736 | if (kx->last_sequence_number_received > snum) |
1737 | { | ||
1738 | uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1); | ||
1739 | |||
1740 | if ((kx->last_packets_bitmap & rotbit) != 0) | ||
1732 | { | 1741 | { |
1733 | uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1); | 1742 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1734 | 1743 | "Received duplicate message, ignoring.\n"); | |
1735 | if ((kx->last_packets_bitmap & rotbit) != 0) | 1744 | GNUNET_STATISTICS_update (GSC_stats, |
1736 | { | 1745 | gettext_noop ("# bytes dropped (duplicates)"), |
1737 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1746 | size, |
1738 | "Received duplicate message, ignoring.\n"); | 1747 | GNUNET_NO); |
1739 | GNUNET_STATISTICS_update(GSC_stats, | 1748 | /* duplicate, ignore */ |
1740 | gettext_noop("# bytes dropped (duplicates)"), | 1749 | return; |
1741 | size, | ||
1742 | GNUNET_NO); | ||
1743 | /* duplicate, ignore */ | ||
1744 | return; | ||
1745 | } | ||
1746 | kx->last_packets_bitmap |= rotbit; | ||
1747 | } | 1750 | } |
1751 | kx->last_packets_bitmap |= rotbit; | ||
1752 | } | ||
1748 | if (kx->last_sequence_number_received < snum) | 1753 | if (kx->last_sequence_number_received < snum) |
1749 | { | 1754 | { |
1750 | unsigned int shift = (snum - kx->last_sequence_number_received); | 1755 | unsigned int shift = (snum - kx->last_sequence_number_received); |
1751 | 1756 | ||
1752 | if (shift >= 8 * sizeof(kx->last_packets_bitmap)) | 1757 | if (shift >= 8 * sizeof(kx->last_packets_bitmap)) |
1753 | kx->last_packets_bitmap = 0; | 1758 | kx->last_packets_bitmap = 0; |
1754 | else | 1759 | else |
1755 | kx->last_packets_bitmap <<= shift; | 1760 | kx->last_packets_bitmap <<= shift; |
1756 | kx->last_sequence_number_received = snum; | 1761 | kx->last_sequence_number_received = snum; |
1757 | } | 1762 | } |
1758 | 1763 | ||
1759 | /* check timestamp */ | 1764 | /* check timestamp */ |
1760 | t = GNUNET_TIME_absolute_ntoh(pt->timestamp); | 1765 | t = GNUNET_TIME_absolute_ntoh (pt->timestamp); |
1761 | if (GNUNET_TIME_absolute_get_duration(t).rel_value_us > | 1766 | if (GNUNET_TIME_absolute_get_duration (t).rel_value_us > |
1762 | MAX_MESSAGE_AGE.rel_value_us) | 1767 | MAX_MESSAGE_AGE.rel_value_us) |
1763 | { | 1768 | { |
1764 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1769 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1765 | "Message received far too old (%s). Content ignored.\n", | 1770 | "Message received far too old (%s). Content ignored.\n", |
1766 | GNUNET_STRINGS_relative_time_to_string( | 1771 | GNUNET_STRINGS_relative_time_to_string ( |
1767 | GNUNET_TIME_absolute_get_duration(t), | 1772 | GNUNET_TIME_absolute_get_duration (t), |
1768 | GNUNET_YES)); | 1773 | GNUNET_YES)); |
1769 | GNUNET_STATISTICS_update(GSC_stats, | 1774 | GNUNET_STATISTICS_update (GSC_stats, |
1770 | gettext_noop( | 1775 | gettext_noop ( |
1771 | "# bytes dropped (ancient message)"), | 1776 | "# bytes dropped (ancient message)"), |
1772 | size, | 1777 | size, |
1773 | GNUNET_NO); | 1778 | GNUNET_NO); |
1774 | return; | 1779 | return; |
1775 | } | 1780 | } |
1776 | 1781 | ||
1777 | /* process decrypted message(s) */ | 1782 | /* process decrypted message(s) */ |
1778 | update_timeout(kx); | 1783 | update_timeout (kx); |
1779 | GNUNET_STATISTICS_update(GSC_stats, | 1784 | GNUNET_STATISTICS_update (GSC_stats, |
1780 | gettext_noop("# bytes of payload decrypted"), | 1785 | gettext_noop ("# bytes of payload decrypted"), |
1781 | size - sizeof(struct EncryptedMessage), | 1786 | size - sizeof(struct EncryptedMessage), |
1782 | GNUNET_NO); | 1787 | GNUNET_NO); |
1783 | if (GNUNET_OK != | 1788 | if (GNUNET_OK != |
1784 | GNUNET_MST_from_buffer(kx->mst, | 1789 | GNUNET_MST_from_buffer (kx->mst, |
1785 | &buf[sizeof(struct EncryptedMessage)], | 1790 | &buf[sizeof(struct EncryptedMessage)], |
1786 | size - sizeof(struct EncryptedMessage), | 1791 | size - sizeof(struct EncryptedMessage), |
1787 | GNUNET_YES, | 1792 | GNUNET_YES, |
1788 | GNUNET_NO)) | 1793 | GNUNET_NO)) |
1789 | GNUNET_break_op(0); | 1794 | GNUNET_break_op (0); |
1790 | } | 1795 | } |
1791 | 1796 | ||
1792 | 1797 | ||
@@ -1798,17 +1803,17 @@ handle_encrypted(void *cls, const struct EncryptedMessage *m) | |||
1798 | * @param connect_cls the `struct Neighbour` | 1803 | * @param connect_cls the `struct Neighbour` |
1799 | */ | 1804 | */ |
1800 | static void | 1805 | static void |
1801 | handle_transport_notify_excess_bw(void *cls, | 1806 | handle_transport_notify_excess_bw (void *cls, |
1802 | const struct GNUNET_PeerIdentity *pid, | 1807 | const struct GNUNET_PeerIdentity *pid, |
1803 | void *connect_cls) | 1808 | void *connect_cls) |
1804 | { | 1809 | { |
1805 | struct GSC_KeyExchangeInfo *kx = connect_cls; | 1810 | struct GSC_KeyExchangeInfo *kx = connect_cls; |
1806 | 1811 | ||
1807 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 1812 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1808 | "Peer %s has excess bandwidth available\n", | 1813 | "Peer %s has excess bandwidth available\n", |
1809 | GNUNET_i2s(pid)); | 1814 | GNUNET_i2s (pid)); |
1810 | kx->has_excess_bandwidth = GNUNET_YES; | 1815 | kx->has_excess_bandwidth = GNUNET_YES; |
1811 | GSC_SESSIONS_solicit(pid); | 1816 | GSC_SESSIONS_solicit (pid); |
1812 | } | 1817 | } |
1813 | 1818 | ||
1814 | 1819 | ||
@@ -1817,40 +1822,41 @@ handle_transport_notify_excess_bw(void *cls, | |||
1817 | * public key and generate the appropriate signature. | 1822 | * public key and generate the appropriate signature. |
1818 | */ | 1823 | */ |
1819 | static void | 1824 | static void |
1820 | sign_ephemeral_key() | 1825 | sign_ephemeral_key () |
1821 | { | 1826 | { |
1822 | current_ekm.header.size = htons(sizeof(struct EphemeralKeyMessage)); | 1827 | current_ekm.header.size = htons (sizeof(struct EphemeralKeyMessage)); |
1823 | current_ekm.header.type = htons(GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY); | 1828 | current_ekm.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY); |
1824 | current_ekm.sender_status = 0; /* to be set later */ | 1829 | current_ekm.sender_status = 0; /* to be set later */ |
1825 | current_ekm.purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY); | 1830 | current_ekm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY); |
1826 | current_ekm.purpose.size = | 1831 | current_ekm.purpose.size = |
1827 | htonl(sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + | 1832 | htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
1828 | sizeof(struct GNUNET_TIME_AbsoluteNBO) + | 1833 | + sizeof(struct GNUNET_TIME_AbsoluteNBO) |
1829 | sizeof(struct GNUNET_TIME_AbsoluteNBO) + | 1834 | + sizeof(struct GNUNET_TIME_AbsoluteNBO) |
1830 | sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) + | 1835 | + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) |
1831 | sizeof(struct GNUNET_PeerIdentity)); | 1836 | + sizeof(struct GNUNET_PeerIdentity)); |
1832 | current_ekm.creation_time = | 1837 | current_ekm.creation_time = |
1833 | GNUNET_TIME_absolute_hton(GNUNET_TIME_absolute_get()); | 1838 | GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); |
1834 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno(GSC_cfg, | 1839 | if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg, |
1835 | "core", | 1840 | "core", |
1836 | "USE_EPHEMERAL_KEYS")) | 1841 | "USE_EPHEMERAL_KEYS")) |
1837 | { | 1842 | { |
1838 | current_ekm.expiration_time = | 1843 | current_ekm.expiration_time = |
1839 | GNUNET_TIME_absolute_hton(GNUNET_TIME_relative_to_absolute( | 1844 | GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute ( |
1840 | GNUNET_TIME_relative_add(REKEY_FREQUENCY, REKEY_TOLERANCE))); | 1845 | GNUNET_TIME_relative_add (REKEY_FREQUENCY, |
1841 | } | 1846 | REKEY_TOLERANCE))); |
1847 | } | ||
1842 | else | 1848 | else |
1843 | { | 1849 | { |
1844 | current_ekm.expiration_time = | 1850 | current_ekm.expiration_time = |
1845 | GNUNET_TIME_absolute_hton(GNUNET_TIME_UNIT_FOREVER_ABS); | 1851 | GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS); |
1846 | } | 1852 | } |
1847 | GNUNET_CRYPTO_ecdhe_key_get_public(my_ephemeral_key, | 1853 | GNUNET_CRYPTO_ecdhe_key_get_public (my_ephemeral_key, |
1848 | ¤t_ekm.ephemeral_key); | 1854 | ¤t_ekm.ephemeral_key); |
1849 | current_ekm.origin_identity = GSC_my_identity; | 1855 | current_ekm.origin_identity = GSC_my_identity; |
1850 | GNUNET_assert(GNUNET_OK == | 1856 | GNUNET_assert (GNUNET_OK == |
1851 | GNUNET_CRYPTO_eddsa_sign(my_private_key, | 1857 | GNUNET_CRYPTO_eddsa_sign (my_private_key, |
1852 | ¤t_ekm.purpose, | 1858 | ¤t_ekm.purpose, |
1853 | ¤t_ekm.signature)); | 1859 | ¤t_ekm.signature)); |
1854 | } | 1860 | } |
1855 | 1861 | ||
1856 | 1862 | ||
@@ -1860,40 +1866,40 @@ sign_ephemeral_key() | |||
1860 | * @param cls closure, NULL | 1866 | * @param cls closure, NULL |
1861 | */ | 1867 | */ |
1862 | static void | 1868 | static void |
1863 | do_rekey(void *cls) | 1869 | do_rekey (void *cls) |
1864 | { | 1870 | { |
1865 | struct GSC_KeyExchangeInfo *pos; | 1871 | struct GSC_KeyExchangeInfo *pos; |
1866 | 1872 | ||
1867 | rekey_task = GNUNET_SCHEDULER_add_delayed(REKEY_FREQUENCY, &do_rekey, NULL); | 1873 | rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL); |
1868 | if (NULL != my_ephemeral_key) | 1874 | if (NULL != my_ephemeral_key) |
1869 | GNUNET_free(my_ephemeral_key); | 1875 | GNUNET_free (my_ephemeral_key); |
1870 | my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create(); | 1876 | my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create (); |
1871 | GNUNET_assert(NULL != my_ephemeral_key); | 1877 | GNUNET_assert (NULL != my_ephemeral_key); |
1872 | sign_ephemeral_key(); | 1878 | sign_ephemeral_key (); |
1873 | { | 1879 | { |
1874 | struct GNUNET_HashCode eh; | 1880 | struct GNUNET_HashCode eh; |
1875 | 1881 | ||
1876 | GNUNET_CRYPTO_hash(¤t_ekm.ephemeral_key, | 1882 | GNUNET_CRYPTO_hash (¤t_ekm.ephemeral_key, |
1877 | sizeof(current_ekm.ephemeral_key), | 1883 | sizeof(current_ekm.ephemeral_key), |
1878 | &eh); | 1884 | &eh); |
1879 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s(&eh)); | 1885 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s (&eh)); |
1880 | } | 1886 | } |
1881 | for (pos = kx_head; NULL != pos; pos = pos->next) | 1887 | for (pos = kx_head; NULL != pos; pos = pos->next) |
1888 | { | ||
1889 | if (GNUNET_CORE_KX_STATE_UP == pos->status) | ||
1890 | { | ||
1891 | pos->status = GNUNET_CORE_KX_STATE_REKEY_SENT; | ||
1892 | monitor_notify_all (pos); | ||
1893 | derive_session_keys (pos); | ||
1894 | } | ||
1895 | if (GNUNET_CORE_KX_STATE_DOWN == pos->status) | ||
1882 | { | 1896 | { |
1883 | if (GNUNET_CORE_KX_STATE_UP == pos->status) | 1897 | pos->status = GNUNET_CORE_KX_STATE_KEY_SENT; |
1884 | { | 1898 | monitor_notify_all (pos); |
1885 | pos->status = GNUNET_CORE_KX_STATE_REKEY_SENT; | ||
1886 | monitor_notify_all(pos); | ||
1887 | derive_session_keys(pos); | ||
1888 | } | ||
1889 | if (GNUNET_CORE_KX_STATE_DOWN == pos->status) | ||
1890 | { | ||
1891 | pos->status = GNUNET_CORE_KX_STATE_KEY_SENT; | ||
1892 | monitor_notify_all(pos); | ||
1893 | } | ||
1894 | monitor_notify_all(pos); | ||
1895 | send_key(pos); | ||
1896 | } | 1899 | } |
1900 | monitor_notify_all (pos); | ||
1901 | send_key (pos); | ||
1902 | } | ||
1897 | } | 1903 | } |
1898 | 1904 | ||
1899 | 1905 | ||
@@ -1904,65 +1910,65 @@ do_rekey(void *cls) | |||
1904 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure | 1910 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure |
1905 | */ | 1911 | */ |
1906 | int | 1912 | int |
1907 | GSC_KX_init(struct GNUNET_CRYPTO_EddsaPrivateKey *pk) | 1913 | GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) |
1908 | { | 1914 | { |
1909 | struct GNUNET_MQ_MessageHandler handlers[] = | 1915 | struct GNUNET_MQ_MessageHandler handlers[] = |
1910 | { GNUNET_MQ_hd_fixed_size(ephemeral_key, | 1916 | { GNUNET_MQ_hd_fixed_size (ephemeral_key, |
1911 | GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, | 1917 | GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, |
1912 | struct EphemeralKeyMessage, | 1918 | struct EphemeralKeyMessage, |
1913 | NULL), | 1919 | NULL), |
1914 | GNUNET_MQ_hd_fixed_size(ping, | 1920 | GNUNET_MQ_hd_fixed_size (ping, |
1915 | GNUNET_MESSAGE_TYPE_CORE_PING, | 1921 | GNUNET_MESSAGE_TYPE_CORE_PING, |
1916 | struct PingMessage, | 1922 | struct PingMessage, |
1917 | NULL), | 1923 | NULL), |
1918 | GNUNET_MQ_hd_fixed_size(pong, | 1924 | GNUNET_MQ_hd_fixed_size (pong, |
1919 | GNUNET_MESSAGE_TYPE_CORE_PONG, | 1925 | GNUNET_MESSAGE_TYPE_CORE_PONG, |
1920 | struct PongMessage, | 1926 | struct PongMessage, |
1921 | NULL), | 1927 | NULL), |
1922 | GNUNET_MQ_hd_var_size(encrypted, | 1928 | GNUNET_MQ_hd_var_size (encrypted, |
1923 | GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, | 1929 | GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, |
1924 | struct EncryptedMessage, | 1930 | struct EncryptedMessage, |
1925 | NULL), | 1931 | NULL), |
1926 | GNUNET_MQ_handler_end() }; | 1932 | GNUNET_MQ_handler_end () }; |
1927 | 1933 | ||
1928 | my_private_key = pk; | 1934 | my_private_key = pk; |
1929 | GNUNET_CRYPTO_eddsa_key_get_public(my_private_key, | 1935 | GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, |
1930 | &GSC_my_identity.public_key); | 1936 | &GSC_my_identity.public_key); |
1931 | my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create(); | 1937 | my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create (); |
1932 | if (NULL == my_ephemeral_key) | 1938 | if (NULL == my_ephemeral_key) |
1933 | { | 1939 | { |
1934 | GNUNET_break(0); | 1940 | GNUNET_break (0); |
1935 | GNUNET_free(my_private_key); | 1941 | GNUNET_free (my_private_key); |
1936 | my_private_key = NULL; | 1942 | my_private_key = NULL; |
1937 | return GNUNET_SYSERR; | 1943 | return GNUNET_SYSERR; |
1938 | } | 1944 | } |
1939 | sign_ephemeral_key(); | 1945 | sign_ephemeral_key (); |
1940 | { | 1946 | { |
1941 | struct GNUNET_HashCode eh; | 1947 | struct GNUNET_HashCode eh; |
1942 | 1948 | ||
1943 | GNUNET_CRYPTO_hash(¤t_ekm.ephemeral_key, | 1949 | GNUNET_CRYPTO_hash (¤t_ekm.ephemeral_key, |
1944 | sizeof(current_ekm.ephemeral_key), | 1950 | sizeof(current_ekm.ephemeral_key), |
1945 | &eh); | 1951 | &eh); |
1946 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | 1952 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
1947 | "Starting with ephemeral key %s\n", | 1953 | "Starting with ephemeral key %s\n", |
1948 | GNUNET_h2s(&eh)); | 1954 | GNUNET_h2s (&eh)); |
1949 | } | 1955 | } |
1950 | 1956 | ||
1951 | nc = GNUNET_notification_context_create(1); | 1957 | nc = GNUNET_notification_context_create (1); |
1952 | rekey_task = GNUNET_SCHEDULER_add_delayed(REKEY_FREQUENCY, &do_rekey, NULL); | 1958 | rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL); |
1953 | transport = | 1959 | transport = |
1954 | GNUNET_TRANSPORT_core_connect(GSC_cfg, | 1960 | GNUNET_TRANSPORT_core_connect (GSC_cfg, |
1955 | &GSC_my_identity, | 1961 | &GSC_my_identity, |
1956 | handlers, | 1962 | handlers, |
1957 | NULL, | 1963 | NULL, |
1958 | &handle_transport_notify_connect, | 1964 | &handle_transport_notify_connect, |
1959 | &handle_transport_notify_disconnect, | 1965 | &handle_transport_notify_disconnect, |
1960 | &handle_transport_notify_excess_bw); | 1966 | &handle_transport_notify_excess_bw); |
1961 | if (NULL == transport) | 1967 | if (NULL == transport) |
1962 | { | 1968 | { |
1963 | GSC_KX_done(); | 1969 | GSC_KX_done (); |
1964 | return GNUNET_SYSERR; | 1970 | return GNUNET_SYSERR; |
1965 | } | 1971 | } |
1966 | return GNUNET_OK; | 1972 | return GNUNET_OK; |
1967 | } | 1973 | } |
1968 | 1974 | ||
@@ -1971,33 +1977,33 @@ GSC_KX_init(struct GNUNET_CRYPTO_EddsaPrivateKey *pk) | |||
1971 | * Shutdown KX subsystem. | 1977 | * Shutdown KX subsystem. |
1972 | */ | 1978 | */ |
1973 | void | 1979 | void |
1974 | GSC_KX_done() | 1980 | GSC_KX_done () |
1975 | { | 1981 | { |
1976 | if (NULL != transport) | 1982 | if (NULL != transport) |
1977 | { | 1983 | { |
1978 | GNUNET_TRANSPORT_core_disconnect(transport); | 1984 | GNUNET_TRANSPORT_core_disconnect (transport); |
1979 | transport = NULL; | 1985 | transport = NULL; |
1980 | } | 1986 | } |
1981 | if (NULL != rekey_task) | 1987 | if (NULL != rekey_task) |
1982 | { | 1988 | { |
1983 | GNUNET_SCHEDULER_cancel(rekey_task); | 1989 | GNUNET_SCHEDULER_cancel (rekey_task); |
1984 | rekey_task = NULL; | 1990 | rekey_task = NULL; |
1985 | } | 1991 | } |
1986 | if (NULL != my_ephemeral_key) | 1992 | if (NULL != my_ephemeral_key) |
1987 | { | 1993 | { |
1988 | GNUNET_free(my_ephemeral_key); | 1994 | GNUNET_free (my_ephemeral_key); |
1989 | my_ephemeral_key = NULL; | 1995 | my_ephemeral_key = NULL; |
1990 | } | 1996 | } |
1991 | if (NULL != my_private_key) | 1997 | if (NULL != my_private_key) |
1992 | { | 1998 | { |
1993 | GNUNET_free(my_private_key); | 1999 | GNUNET_free (my_private_key); |
1994 | my_private_key = NULL; | 2000 | my_private_key = NULL; |
1995 | } | 2001 | } |
1996 | if (NULL != nc) | 2002 | if (NULL != nc) |
1997 | { | 2003 | { |
1998 | GNUNET_notification_context_destroy(nc); | 2004 | GNUNET_notification_context_destroy (nc); |
1999 | nc = NULL; | 2005 | nc = NULL; |
2000 | } | 2006 | } |
2001 | } | 2007 | } |
2002 | 2008 | ||
2003 | 2009 | ||
@@ -2008,9 +2014,9 @@ GSC_KX_done() | |||
2008 | * @return number of items in the message queue | 2014 | * @return number of items in the message queue |
2009 | */ | 2015 | */ |
2010 | unsigned int | 2016 | unsigned int |
2011 | GSC_NEIGHBOURS_get_queue_length(const struct GSC_KeyExchangeInfo *kxinfo) | 2017 | GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *kxinfo) |
2012 | { | 2018 | { |
2013 | return GNUNET_MQ_get_length(kxinfo->mq); | 2019 | return GNUNET_MQ_get_length (kxinfo->mq); |
2014 | } | 2020 | } |
2015 | 2021 | ||
2016 | 2022 | ||
@@ -2021,7 +2027,7 @@ GSC_NEIGHBOURS_get_queue_length(const struct GSC_KeyExchangeInfo *kxinfo) | |||
2021 | * @return #GNUNET_YES if excess bandwidth is available, #GNUNET_NO if not | 2027 | * @return #GNUNET_YES if excess bandwidth is available, #GNUNET_NO if not |
2022 | */ | 2028 | */ |
2023 | int | 2029 | int |
2024 | GSC_NEIGHBOURS_check_excess_bandwidth(const struct GSC_KeyExchangeInfo *kxinfo) | 2030 | GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *kxinfo) |
2025 | { | 2031 | { |
2026 | return kxinfo->has_excess_bandwidth; | 2032 | return kxinfo->has_excess_bandwidth; |
2027 | } | 2033 | } |
@@ -2036,28 +2042,28 @@ GSC_NEIGHBOURS_check_excess_bandwidth(const struct GSC_KeyExchangeInfo *kxinfo) | |||
2036 | * @param mq message queue to add for monitoring | 2042 | * @param mq message queue to add for monitoring |
2037 | */ | 2043 | */ |
2038 | void | 2044 | void |
2039 | GSC_KX_handle_client_monitor_peers(struct GNUNET_MQ_Handle *mq) | 2045 | GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq) |
2040 | { | 2046 | { |
2041 | struct GNUNET_MQ_Envelope *env; | 2047 | struct GNUNET_MQ_Envelope *env; |
2042 | struct MonitorNotifyMessage *done_msg; | 2048 | struct MonitorNotifyMessage *done_msg; |
2043 | struct GSC_KeyExchangeInfo *kx; | 2049 | struct GSC_KeyExchangeInfo *kx; |
2044 | 2050 | ||
2045 | GNUNET_notification_context_add(nc, mq); | 2051 | GNUNET_notification_context_add (nc, mq); |
2046 | for (kx = kx_head; NULL != kx; kx = kx->next) | 2052 | for (kx = kx_head; NULL != kx; kx = kx->next) |
2047 | { | 2053 | { |
2048 | struct GNUNET_MQ_Envelope *env; | 2054 | struct GNUNET_MQ_Envelope *env; |
2049 | struct MonitorNotifyMessage *msg; | 2055 | struct MonitorNotifyMessage *msg; |
2050 | 2056 | ||
2051 | env = GNUNET_MQ_msg(msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY); | 2057 | env = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY); |
2052 | msg->state = htonl((uint32_t)kx->status); | 2058 | msg->state = htonl ((uint32_t) kx->status); |
2053 | msg->peer = *kx->peer; | 2059 | msg->peer = *kx->peer; |
2054 | msg->timeout = GNUNET_TIME_absolute_hton(kx->timeout); | 2060 | msg->timeout = GNUNET_TIME_absolute_hton (kx->timeout); |
2055 | GNUNET_MQ_send(mq, env); | 2061 | GNUNET_MQ_send (mq, env); |
2056 | } | 2062 | } |
2057 | env = GNUNET_MQ_msg(done_msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY); | 2063 | env = GNUNET_MQ_msg (done_msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY); |
2058 | done_msg->state = htonl((uint32_t)GNUNET_CORE_KX_ITERATION_FINISHED); | 2064 | done_msg->state = htonl ((uint32_t) GNUNET_CORE_KX_ITERATION_FINISHED); |
2059 | done_msg->timeout = GNUNET_TIME_absolute_hton(GNUNET_TIME_UNIT_FOREVER_ABS); | 2065 | done_msg->timeout = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS); |
2060 | GNUNET_MQ_send(mq, env); | 2066 | GNUNET_MQ_send (mq, env); |
2061 | } | 2067 | } |
2062 | 2068 | ||
2063 | 2069 | ||