aboutsummaryrefslogtreecommitdiff
path: root/src/core/gnunet-service-core_kx.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/gnunet-service-core_kx.c')
-rw-r--r--src/core/gnunet-service-core_kx.c264
1 files changed, 215 insertions, 49 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index 944d1e692..c017e0c23 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -2,20 +2,18 @@
2 This file is part of GNUnet. 2 This file is part of GNUnet.
3 Copyright (C) 2009-2013, 2016 GNUnet e.V. 3 Copyright (C) 2009-2013, 2016 GNUnet e.V.
4 4
5 GNUnet is free software; you can redistribute it and/or modify 5 GNUnet is free software: you can redistribute it and/or modify it
6 it under the terms of the GNU General Public License as published 6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation; either version 3, or (at your 7 by the Free Software Foundation, either version 3 of the License,
8 option) any later version. 8 or (at your option) any later version.
9 9
10 GNUnet is distributed in the hope that it will be useful, but 10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with GNUnet; see the file COPYING. If not, write to the 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19*/ 17*/
20 18
21/** 19/**
@@ -34,6 +32,10 @@
34#include "gnunet_protocols.h" 32#include "gnunet_protocols.h"
35#include "core.h" 33#include "core.h"
36 34
35/**
36 * Enable expensive (and possibly problematic for privacy!) logging of KX.
37 */
38#define DEBUG_KX 0
37 39
38/** 40/**
39 * How long do we wait for SET_KEY confirmation initially? 41 * How long do we wait for SET_KEY confirmation initially?
@@ -121,7 +123,7 @@ struct EphemeralKeyMessage
121 123
122 124
123/** 125/**
124 * We're sending an (encrypted) PING to the other peer to check if he 126 * We're sending an (encrypted) PING to the other peer to check if it
125 * can decrypt. The other peer should respond with a PONG with the 127 * can decrypt. The other peer should respond with a PONG with the
126 * same content, except this time encrypted with the receiver's key. 128 * same content, except this time encrypted with the receiver's key.
127 */ 129 */
@@ -447,8 +449,19 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey,
447 uint32_t seed) 449 uint32_t seed)
448{ 450{
449 static const char ctx[] = "authentication key"; 451 static const char ctx[] = "authentication key";
450 452#if DEBUG_KX
451 GNUNET_CRYPTO_hmac_derive_key (akey, skey, 453 struct GNUNET_HashCode sh;
454
455 GNUNET_CRYPTO_hash (skey,
456 sizeof (*skey),
457 &sh);
458 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
459 "Deriving Auth key from SKEY %s and seed %u\n",
460 GNUNET_h2s (&sh),
461 (unsigned int) seed);
462#endif
463 GNUNET_CRYPTO_hmac_derive_key (akey,
464 skey,
452 &seed, sizeof (seed), 465 &seed, sizeof (seed),
453 skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), 466 skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
454 ctx, sizeof (ctx), 467 ctx, sizeof (ctx),
@@ -471,8 +484,20 @@ derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
471 const struct GNUNET_PeerIdentity *identity) 484 const struct GNUNET_PeerIdentity *identity)
472{ 485{
473 static const char ctx[] = "initialization vector"; 486 static const char ctx[] = "initialization vector";
474 487#if DEBUG_KX
475 GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, 488 struct GNUNET_HashCode sh;
489
490 GNUNET_CRYPTO_hash (skey,
491 sizeof (*skey),
492 &sh);
493 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
494 "Deriving IV from SKEY %s and seed %u for peer %s\n",
495 GNUNET_h2s (&sh),
496 (unsigned int) seed,
497 GNUNET_i2s (identity));
498#endif
499 GNUNET_CRYPTO_symmetric_derive_iv (iv,
500 skey,
476 &seed, sizeof (seed), 501 &seed, sizeof (seed),
477 identity, 502 identity,
478 sizeof (struct GNUNET_PeerIdentity), ctx, 503 sizeof (struct GNUNET_PeerIdentity), ctx,
@@ -497,8 +522,21 @@ derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
497 const struct GNUNET_PeerIdentity *identity) 522 const struct GNUNET_PeerIdentity *identity)
498{ 523{
499 static const char ctx[] = "pong initialization vector"; 524 static const char ctx[] = "pong initialization vector";
500 525#if DEBUG_KX
501 GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, 526 struct GNUNET_HashCode sh;
527
528 GNUNET_CRYPTO_hash (skey,
529 sizeof (*skey),
530 &sh);
531 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
532 "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
533 GNUNET_h2s (&sh),
534 (unsigned int) seed,
535 (unsigned int) challenge,
536 GNUNET_i2s (identity));
537#endif
538 GNUNET_CRYPTO_symmetric_derive_iv (iv,
539 skey,
502 &seed, sizeof (seed), 540 &seed, sizeof (seed),
503 identity, 541 identity,
504 sizeof (struct GNUNET_PeerIdentity), 542 sizeof (struct GNUNET_PeerIdentity),
@@ -523,7 +561,18 @@ derive_aes_key (const struct GNUNET_PeerIdentity *sender,
523 struct GNUNET_CRYPTO_SymmetricSessionKey *skey) 561 struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
524{ 562{
525 static const char ctx[] = "aes key generation vector"; 563 static const char ctx[] = "aes key generation vector";
526 564#if DEBUG_KX
565 struct GNUNET_HashCode sh;
566
567 GNUNET_CRYPTO_hash (skey,
568 sizeof (*skey),
569 &sh);
570 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
571 "Deriving AES Keys for %s to %s from %s\n",
572 GNUNET_i2s (sender),
573 GNUNET_i2s2 (receiver),
574 GNUNET_h2s (key_material));
575#endif
527 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), 576 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
528 ctx, sizeof (ctx), 577 ctx, sizeof (ctx),
529 key_material, sizeof (struct GNUNET_HashCode), 578 key_material, sizeof (struct GNUNET_HashCode),
@@ -568,7 +617,7 @@ do_encrypt (struct GSC_KeyExchangeInfo *kx,
568 GNUNET_NO); 617 GNUNET_NO);
569 /* the following is too sensitive to write to log files by accident, 618 /* the following is too sensitive to write to log files by accident,
570 so we require manual intervention to get this one... */ 619 so we require manual intervention to get this one... */
571#if 0 620#if DEBUG_KX
572 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 621 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
573 "Encrypted %u bytes for `%s' using key %u, IV %u\n", 622 "Encrypted %u bytes for `%s' using key %u, IV %u\n",
574 (unsigned int) size, 623 (unsigned int) size,
@@ -628,7 +677,7 @@ do_decrypt (struct GSC_KeyExchangeInfo *kx,
628 GNUNET_NO); 677 GNUNET_NO);
629 /* the following is too sensitive to write to log files by accident, 678 /* the following is too sensitive to write to log files by accident,
630 so we require manual intervention to get this one... */ 679 so we require manual intervention to get this one... */
631#if 0 680#if DEBUG_KX
632 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 681 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
633 "Decrypted %u bytes from `%s' using key %u, IV %u\n", 682 "Decrypted %u bytes from `%s' using key %u, IV %u\n",
634 (unsigned int) size, 683 (unsigned int) size,
@@ -805,8 +854,8 @@ handle_transport_notify_connect (void *cls,
805 } 854 }
806 else 855 else
807 { 856 {
808 /* peer with "higher" identity starts a delayed KX, if the "lower" peer 857 /* peer with "higher" identity starts a delayed KX, if the "lower" peer
809 * does not start a KX since he sees no reasons to do so */ 858 * does not start a KX since it sees no reasons to do so */
810 kx->retry_set_key_task 859 kx->retry_set_key_task
811 = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, 860 = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
812 &set_key_retry_task, 861 &set_key_retry_task,
@@ -939,15 +988,26 @@ handle_ephemeral_key (void *cls,
939 { 988 {
940 GNUNET_STATISTICS_update (GSC_stats, 989 GNUNET_STATISTICS_update (GSC_stats,
941 gettext_noop ("# old ephemeral keys ignored"), 990 gettext_noop ("# old ephemeral keys ignored"),
942 1, GNUNET_NO); 991 1,
992 GNUNET_NO);
993 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
994 "Received expired EPHEMERAL_KEY from %s\n",
995 GNUNET_i2s (&m->origin_identity));
996 return;
997 }
998 if (0 == memcmp (&m->ephemeral_key,
999 &kx->other_ephemeral_key,
1000 sizeof (m->ephemeral_key)))
1001 {
1002 GNUNET_STATISTICS_update (GSC_stats,
1003 gettext_noop ("# duplicate ephemeral keys ignored"),
1004 1,
1005 GNUNET_NO);
1006 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1007 "Ignoring duplicate EPHEMERAL_KEY from %s\n",
1008 GNUNET_i2s (&m->origin_identity));
943 return; 1009 return;
944 } 1010 }
945 start_t = GNUNET_TIME_absolute_ntoh (m->creation_time);
946
947 GNUNET_STATISTICS_update (GSC_stats,
948 gettext_noop ("# ephemeral keys received"),
949 1, GNUNET_NO);
950
951 if (0 != 1011 if (0 !=
952 memcmp (&m->origin_identity, 1012 memcmp (&m->origin_identity,
953 kx->peer, 1013 kx->peer,
@@ -960,9 +1020,6 @@ handle_ephemeral_key (void *cls,
960 GNUNET_break_op (0); 1020 GNUNET_break_op (0);
961 return; 1021 return;
962 } 1022 }
963 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
964 "Core service receives EPHEMERAL_KEY request from `%s'.\n",
965 GNUNET_i2s (kx->peer));
966 if ((ntohl (m->purpose.size) != 1023 if ((ntohl (m->purpose.size) !=
967 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + 1024 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
968 sizeof (struct GNUNET_TIME_AbsoluteNBO) + 1025 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
@@ -977,26 +1034,53 @@ handle_ephemeral_key (void *cls,
977 { 1034 {
978 /* invalid signature */ 1035 /* invalid signature */
979 GNUNET_break_op (0); 1036 GNUNET_break_op (0);
1037 GNUNET_STATISTICS_update (GSC_stats,
1038 gettext_noop ("# EPHEMERAL_KEYs rejected (bad signature)"),
1039 1,
1040 GNUNET_NO);
1041 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1042 "Received EPHEMERAL_KEY from %s with bad signature\n",
1043 GNUNET_i2s (&m->origin_identity));
980 return; 1044 return;
981 } 1045 }
982 now = GNUNET_TIME_absolute_get (); 1046 now = GNUNET_TIME_absolute_get ();
1047 start_t = GNUNET_TIME_absolute_ntoh (m->creation_time);
983 if ( (end_t.abs_value_us < GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value_us) || 1048 if ( (end_t.abs_value_us < GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value_us) ||
984 (start_t.abs_value_us > GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value_us) ) 1049 (start_t.abs_value_us > GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value_us) )
985 { 1050 {
986 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1051 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
987 _("Ephemeral key message from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"), 1052 _("EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"),
988 GNUNET_i2s (kx->peer), 1053 GNUNET_i2s (kx->peer),
989 (unsigned long long) now.abs_value_us, 1054 (unsigned long long) now.abs_value_us,
990 (unsigned long long) start_t.abs_value_us, 1055 (unsigned long long) start_t.abs_value_us,
991 (unsigned long long) end_t.abs_value_us); 1056 (unsigned long long) end_t.abs_value_us);
1057 GNUNET_STATISTICS_update (GSC_stats,
1058 gettext_noop ("# EPHEMERAL_KEY messages rejected due to time"),
1059 1,
1060 GNUNET_NO);
992 return; 1061 return;
993 } 1062 }
1063#if DEBUG_KX
1064 {
1065 struct GNUNET_HashCode eh;
1066
1067 GNUNET_CRYPTO_hash (&m->ephemeral_key,
1068 sizeof (m->ephemeral_key),
1069 &eh);
1070 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1071 "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n",
1072 GNUNET_h2s (&eh),
1073 GNUNET_i2s (kx->peer),
1074 kx->status);
1075 }
1076#endif
1077 GNUNET_STATISTICS_update (GSC_stats,
1078 gettext_noop ("# valid ephemeral keys received"),
1079 1,
1080 GNUNET_NO);
994 kx->other_ephemeral_key = m->ephemeral_key; 1081 kx->other_ephemeral_key = m->ephemeral_key;
995 kx->foreign_key_expires = end_t; 1082 kx->foreign_key_expires = end_t;
996 derive_session_keys (kx); 1083 derive_session_keys (kx);
997 GNUNET_STATISTICS_update (GSC_stats,
998 gettext_noop ("# EPHEMERAL_KEY messages received"), 1,
999 GNUNET_NO);
1000 1084
1001 /* check if we still need to send the sender our key */ 1085 /* check if we still need to send the sender our key */
1002 sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status); 1086 sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status);
@@ -1130,8 +1214,9 @@ handle_ping (void *cls,
1130 { 1214 {
1131 if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status) 1215 if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status)
1132 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 1216 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1133 "Decryption of PING from peer `%s' failed\n", 1217 "Decryption of PING from peer `%s' failed, PING for `%s'?\n",
1134 GNUNET_i2s (kx->peer)); 1218 GNUNET_i2s (kx->peer),
1219 GNUNET_i2s2 (&t.target));
1135 else 1220 else
1136 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1221 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1137 "Decryption of PING from peer `%s' failed after rekey (harmless)\n", 1222 "Decryption of PING from peer `%s' failed after rekey (harmless)\n",
@@ -1328,7 +1413,7 @@ handle_pong (void *cls,
1328 return; 1413 return;
1329 } 1414 }
1330 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1415 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1331 "Received PONG from `%s'\n", 1416 "Received valid PONG from `%s'\n",
1332 GNUNET_i2s (kx->peer)); 1417 GNUNET_i2s (kx->peer));
1333 /* no need to resend key any longer */ 1418 /* no need to resend key any longer */
1334 if (NULL != kx->retry_set_key_task) 1419 if (NULL != kx->retry_set_key_task)
@@ -1395,10 +1480,20 @@ send_key (struct GSC_KeyExchangeInfo *kx)
1395 kx->retry_set_key_task = NULL; 1480 kx->retry_set_key_task = NULL;
1396 } 1481 }
1397 /* always update sender status in SET KEY message */ 1482 /* always update sender status in SET KEY message */
1398 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1483#if DEBUG_KX
1399 "Sending key to `%s' (my status: %d)\n", 1484 {
1400 GNUNET_i2s (kx->peer), 1485 struct GNUNET_HashCode hc;
1401 kx->status); 1486
1487 GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1488 sizeof (current_ekm.ephemeral_key),
1489 &hc);
1490 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1491 "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n",
1492 GNUNET_h2s (&hc),
1493 GNUNET_i2s (kx->peer),
1494 kx->status);
1495 }
1496#endif
1402 current_ekm.sender_status = htonl ((int32_t) (kx->status)); 1497 current_ekm.sender_status = htonl ((int32_t) (kx->status));
1403 env = GNUNET_MQ_msg_copy (&current_ekm.header); 1498 env = GNUNET_MQ_msg_copy (&current_ekm.header);
1404 GNUNET_MQ_send (kx->mq, 1499 GNUNET_MQ_send (kx->mq,
@@ -1454,10 +1549,20 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1454 &ph->sequence_number, 1549 &ph->sequence_number,
1455 &em->sequence_number, 1550 &em->sequence_number,
1456 used - ENCRYPTED_HEADER_SIZE)); 1551 used - ENCRYPTED_HEADER_SIZE));
1457 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1552#if DEBUG_KX
1458 "Encrypted %u bytes for %s\n", 1553 {
1459 (unsigned int) (used - ENCRYPTED_HEADER_SIZE), 1554 struct GNUNET_HashCode hc;
1460 GNUNET_i2s (kx->peer)); 1555
1556 GNUNET_CRYPTO_hash (&ph->sequence_number,
1557 used - ENCRYPTED_HEADER_SIZE,
1558 &hc);
1559 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1560 "Encrypted payload `%s' of %u bytes for %s\n",
1561 GNUNET_h2s (&hc),
1562 (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
1563 GNUNET_i2s (kx->peer));
1564 }
1565#endif
1461 derive_auth_key (&auth_key, 1566 derive_auth_key (&auth_key,
1462 &kx->encrypt_key, 1567 &kx->encrypt_key,
1463 ph->iv_seed); 1568 ph->iv_seed);
@@ -1465,6 +1570,20 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx,
1465 &em->sequence_number, 1570 &em->sequence_number,
1466 used - ENCRYPTED_HEADER_SIZE, 1571 used - ENCRYPTED_HEADER_SIZE,
1467 &em->hmac); 1572 &em->hmac);
1573#if DEBUG_KX
1574 {
1575 struct GNUNET_HashCode hc;
1576
1577 GNUNET_CRYPTO_hash (&auth_key,
1578 sizeof (auth_key),
1579 &hc);
1580 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1581 "For peer %s, used AC %s to create hmac %s\n",
1582 GNUNET_i2s (kx->peer),
1583 GNUNET_h2s (&hc),
1584 GNUNET_h2s2 (&em->hmac));
1585 }
1586#endif
1468 kx->has_excess_bandwidth = GNUNET_NO; 1587 kx->has_excess_bandwidth = GNUNET_NO;
1469 GNUNET_MQ_send (kx->mq, 1588 GNUNET_MQ_send (kx->mq,
1470 env); 1589 env);
@@ -1544,6 +1663,20 @@ handle_encrypted (void *cls,
1544 } 1663 }
1545 1664
1546 /* validate hash */ 1665 /* validate hash */
1666#if DEBUG_KX
1667 {
1668 struct GNUNET_HashCode hc;
1669
1670 GNUNET_CRYPTO_hash (&m->sequence_number,
1671 size - ENCRYPTED_HEADER_SIZE,
1672 &hc);
1673 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1674 "Received encrypted payload `%s' of %u bytes from %s\n",
1675 GNUNET_h2s (&hc),
1676 (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
1677 GNUNET_i2s (kx->peer));
1678 }
1679#endif
1547 derive_auth_key (&auth_key, 1680 derive_auth_key (&auth_key,
1548 &kx->decrypt_key, 1681 &kx->decrypt_key,
1549 m->iv_seed); 1682 m->iv_seed);
@@ -1551,6 +1684,20 @@ handle_encrypted (void *cls,
1551 &m->sequence_number, 1684 &m->sequence_number,
1552 size - ENCRYPTED_HEADER_SIZE, 1685 size - ENCRYPTED_HEADER_SIZE,
1553 &ph); 1686 &ph);
1687#if DEBUG_KX
1688 {
1689 struct GNUNET_HashCode hc;
1690
1691 GNUNET_CRYPTO_hash (&auth_key,
1692 sizeof (auth_key),
1693 &hc);
1694 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1695 "For peer %s, used AC %s to verify hmac %s\n",
1696 GNUNET_i2s (kx->peer),
1697 GNUNET_h2s (&hc),
1698 GNUNET_h2s2 (&m->hmac));
1699 }
1700#endif
1554 if (0 != memcmp (&ph, 1701 if (0 != memcmp (&ph,
1555 &m->hmac, 1702 &m->hmac,
1556 sizeof (struct GNUNET_HashCode))) 1703 sizeof (struct GNUNET_HashCode)))
@@ -1742,11 +1889,19 @@ do_rekey (void *cls)
1742 NULL); 1889 NULL);
1743 if (NULL != my_ephemeral_key) 1890 if (NULL != my_ephemeral_key)
1744 GNUNET_free (my_ephemeral_key); 1891 GNUNET_free (my_ephemeral_key);
1745 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1746 "Rekeying\n");
1747 my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create (); 1892 my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create ();
1748 GNUNET_assert (NULL != my_ephemeral_key); 1893 GNUNET_assert (NULL != my_ephemeral_key);
1749 sign_ephemeral_key (); 1894 sign_ephemeral_key ();
1895 {
1896 struct GNUNET_HashCode eh;
1897
1898 GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1899 sizeof (current_ekm.ephemeral_key),
1900 &eh);
1901 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1902 "Rekeying to %s\n",
1903 GNUNET_h2s (&eh));
1904 }
1750 for (pos = kx_head; NULL != pos; pos = pos->next) 1905 for (pos = kx_head; NULL != pos; pos = pos->next)
1751 { 1906 {
1752 if (GNUNET_CORE_KX_STATE_UP == pos->status) 1907 if (GNUNET_CORE_KX_STATE_UP == pos->status)
@@ -1807,6 +1962,17 @@ GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
1807 return GNUNET_SYSERR; 1962 return GNUNET_SYSERR;
1808 } 1963 }
1809 sign_ephemeral_key (); 1964 sign_ephemeral_key ();
1965 {
1966 struct GNUNET_HashCode eh;
1967
1968 GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1969 sizeof (current_ekm.ephemeral_key),
1970 &eh);
1971 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1972 "Starting with ephemeral key %s\n",
1973 GNUNET_h2s (&eh));
1974 }
1975
1810 nc = GNUNET_notification_context_create (1); 1976 nc = GNUNET_notification_context_create (1);
1811 rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, 1977 rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY,
1812 &do_rekey, 1978 &do_rekey,
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-24 13:31:26 +0000