diff options
Diffstat (limited to 'src/core/gnunet-service-core_kx.c')
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 62 |
1 files changed, 31 insertions, 31 deletions
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index bf3c5cdaf..a74b3ae74 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -101,7 +101,7 @@ struct EphemeralKeyMessage | |||
101 | * At what time was this key created (beginning of validity). | 101 | * At what time was this key created (beginning of validity). |
102 | */ | 102 | */ |
103 | struct GNUNET_TIME_AbsoluteNBO creation_time; | 103 | struct GNUNET_TIME_AbsoluteNBO creation_time; |
104 | 104 | ||
105 | /** | 105 | /** |
106 | * When does the given ephemeral key expire (end of validity). | 106 | * When does the given ephemeral key expire (end of validity). |
107 | */ | 107 | */ |
@@ -111,7 +111,7 @@ struct EphemeralKeyMessage | |||
111 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format suitable | 111 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format suitable |
112 | * for network transmission as created using 'gcry_sexp_sprint'. | 112 | * for network transmission as created using 'gcry_sexp_sprint'. |
113 | */ | 113 | */ |
114 | struct GNUNET_CRYPTO_EccPublicEncryptKey ephemeral_key; | 114 | struct GNUNET_CRYPTO_EccPublicEncryptKey ephemeral_key; |
115 | 115 | ||
116 | /** | 116 | /** |
117 | * Public key of the signing peer (persistent version, not the ephemeral public key). | 117 | * Public key of the signing peer (persistent version, not the ephemeral public key). |
@@ -407,7 +407,7 @@ static struct GSC_KeyExchangeInfo *kx_tail; | |||
407 | /** | 407 | /** |
408 | * Task scheduled for periodic re-generation (and thus rekeying) of our | 408 | * Task scheduled for periodic re-generation (and thus rekeying) of our |
409 | * ephemeral key. | 409 | * ephemeral key. |
410 | */ | 410 | */ |
411 | static GNUNET_SCHEDULER_TaskIdentifier rekey_task; | 411 | static GNUNET_SCHEDULER_TaskIdentifier rekey_task; |
412 | 412 | ||
413 | 413 | ||
@@ -424,10 +424,10 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, | |||
424 | { | 424 | { |
425 | static const char ctx[] = "authentication key"; | 425 | static const char ctx[] = "authentication key"; |
426 | 426 | ||
427 | GNUNET_CRYPTO_hmac_derive_key (akey, skey, | 427 | GNUNET_CRYPTO_hmac_derive_key (akey, skey, |
428 | &seed, sizeof (seed), | 428 | &seed, sizeof (seed), |
429 | skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | 429 | skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), |
430 | ctx, sizeof (ctx), | 430 | ctx, sizeof (ctx), |
431 | NULL); | 431 | NULL); |
432 | } | 432 | } |
433 | 433 | ||
@@ -473,8 +473,8 @@ derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
473 | GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, &seed, sizeof (seed), | 473 | GNUNET_CRYPTO_symmetric_derive_iv (iv, skey, &seed, sizeof (seed), |
474 | identity, | 474 | identity, |
475 | sizeof (struct GNUNET_PeerIdentity), | 475 | sizeof (struct GNUNET_PeerIdentity), |
476 | &challenge, sizeof (challenge), | 476 | &challenge, sizeof (challenge), |
477 | ctx, sizeof (ctx), | 477 | ctx, sizeof (ctx), |
478 | NULL); | 478 | NULL); |
479 | } | 479 | } |
480 | 480 | ||
@@ -485,7 +485,7 @@ derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
485 | * @param sender peer identity of the sender | 485 | * @param sender peer identity of the sender |
486 | * @param receiver peer identity of the sender | 486 | * @param receiver peer identity of the sender |
487 | * @param key_material high entropy key material to use | 487 | * @param key_material high entropy key material to use |
488 | * @param skey set to derived session key | 488 | * @param skey set to derived session key |
489 | */ | 489 | */ |
490 | static void | 490 | static void |
491 | derive_aes_key (const struct GNUNET_PeerIdentity *sender, | 491 | derive_aes_key (const struct GNUNET_PeerIdentity *sender, |
@@ -661,7 +661,7 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid) | |||
661 | struct GNUNET_HashCode h1; | 661 | struct GNUNET_HashCode h1; |
662 | struct GNUNET_HashCode h2; | 662 | struct GNUNET_HashCode h2; |
663 | 663 | ||
664 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 664 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
665 | "Initiating key exchange with `%s'\n", | 665 | "Initiating key exchange with `%s'\n", |
666 | GNUNET_i2s (pid)); | 666 | GNUNET_i2s (pid)); |
667 | GNUNET_STATISTICS_update (GSC_stats, | 667 | GNUNET_STATISTICS_update (GSC_stats, |
@@ -675,12 +675,12 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid) | |||
675 | kx); | 675 | kx); |
676 | GNUNET_CRYPTO_hash (pid, sizeof (struct GNUNET_PeerIdentity), &h1); | 676 | GNUNET_CRYPTO_hash (pid, sizeof (struct GNUNET_PeerIdentity), &h1); |
677 | GNUNET_CRYPTO_hash (&GSC_my_identity, sizeof (struct GNUNET_PeerIdentity), &h2); | 677 | GNUNET_CRYPTO_hash (&GSC_my_identity, sizeof (struct GNUNET_PeerIdentity), &h2); |
678 | 678 | ||
679 | if (0 < GNUNET_CRYPTO_hash_cmp (&h1, | 679 | if (0 < GNUNET_CRYPTO_hash_cmp (&h1, |
680 | &h2)) | 680 | &h2)) |
681 | { | 681 | { |
682 | /* peer with "lower" identity starts KX, otherwise we typically end up | 682 | /* peer with "lower" identity starts KX, otherwise we typically end up |
683 | with both peers starting the exchange and transmit the 'set key' | 683 | with both peers starting the exchange and transmit the 'set key' |
684 | message twice */ | 684 | message twice */ |
685 | kx->status = KX_STATE_KEY_SENT; | 685 | kx->status = KX_STATE_KEY_SENT; |
686 | send_key (kx); | 686 | send_key (kx); |
@@ -744,10 +744,10 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
744 | struct GNUNET_TIME_Absolute start_t; | 744 | struct GNUNET_TIME_Absolute start_t; |
745 | struct GNUNET_TIME_Absolute end_t; | 745 | struct GNUNET_TIME_Absolute end_t; |
746 | struct GNUNET_TIME_Absolute now; | 746 | struct GNUNET_TIME_Absolute now; |
747 | enum KxStateMachine sender_status; | 747 | enum KxStateMachine sender_status; |
748 | uint16_t size; | 748 | uint16_t size; |
749 | struct GNUNET_HashCode key_material; | 749 | struct GNUNET_HashCode key_material; |
750 | 750 | ||
751 | size = ntohs (msg->size); | 751 | size = ntohs (msg->size); |
752 | if (sizeof (struct EphemeralKeyMessage) != size) | 752 | if (sizeof (struct EphemeralKeyMessage) != size) |
753 | { | 753 | { |
@@ -758,7 +758,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
758 | end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time); | 758 | end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time); |
759 | if ( ( (KX_STATE_KEY_RECEIVED == kx->status) || | 759 | if ( ( (KX_STATE_KEY_RECEIVED == kx->status) || |
760 | (KX_STATE_UP == kx->status) || | 760 | (KX_STATE_UP == kx->status) || |
761 | (KX_STATE_REKEY_SENT == kx->status) ) && | 761 | (KX_STATE_REKEY_SENT == kx->status) ) && |
762 | (end_t.abs_value_us <= kx->foreign_key_expires.abs_value_us) ) | 762 | (end_t.abs_value_us <= kx->foreign_key_expires.abs_value_us) ) |
763 | { | 763 | { |
764 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# old ephemeral keys ignored"), | 764 | GNUNET_STATISTICS_update (GSC_stats, gettext_noop ("# old ephemeral keys ignored"), |
@@ -777,7 +777,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
777 | memcmp (&m->origin_identity, | 777 | memcmp (&m->origin_identity, |
778 | &kx->peer.public_key, | 778 | &kx->peer.public_key, |
779 | sizeof (struct GNUNET_PeerIdentity))) | 779 | sizeof (struct GNUNET_PeerIdentity))) |
780 | { | 780 | { |
781 | GNUNET_break_op (0); | 781 | GNUNET_break_op (0); |
782 | return; | 782 | return; |
783 | } | 783 | } |
@@ -810,7 +810,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
810 | } | 810 | } |
811 | if (GNUNET_OK != | 811 | if (GNUNET_OK != |
812 | GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key, | 812 | GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key, |
813 | &m->ephemeral_key, | 813 | &m->ephemeral_key, |
814 | &key_material)) | 814 | &key_material)) |
815 | { | 815 | { |
816 | GNUNET_break (0); | 816 | GNUNET_break (0); |
@@ -834,7 +834,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
834 | setup_fresh_ping (kx); | 834 | setup_fresh_ping (kx); |
835 | 835 | ||
836 | /* check if we still need to send the sender our key */ | 836 | /* check if we still need to send the sender our key */ |
837 | sender_status = (enum KxStateMachine) ntohl (m->sender_status); | 837 | sender_status = (enum KxStateMachine) ntohl (m->sender_status); |
838 | switch (sender_status) | 838 | switch (sender_status) |
839 | { | 839 | { |
840 | case KX_STATE_DOWN: | 840 | case KX_STATE_DOWN: |
@@ -844,7 +844,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
844 | /* fine, need to send our key after updating our status, see below */ | 844 | /* fine, need to send our key after updating our status, see below */ |
845 | break; | 845 | break; |
846 | case KX_STATE_KEY_RECEIVED: | 846 | case KX_STATE_KEY_RECEIVED: |
847 | case KX_STATE_UP: | 847 | case KX_STATE_UP: |
848 | case KX_STATE_REKEY_SENT: | 848 | case KX_STATE_REKEY_SENT: |
849 | /* other peer already got our key */ | 849 | /* other peer already got our key */ |
850 | break; | 850 | break; |
@@ -875,7 +875,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
875 | send_key (kx); | 875 | send_key (kx); |
876 | send_ping (kx); | 876 | send_ping (kx); |
877 | break; | 877 | break; |
878 | case KX_STATE_UP: | 878 | case KX_STATE_UP: |
879 | kx->status = KX_STATE_REKEY_SENT; | 879 | kx->status = KX_STATE_REKEY_SENT; |
880 | if (KX_STATE_KEY_SENT == sender_status) | 880 | if (KX_STATE_KEY_SENT == sender_status) |
881 | send_key (kx); | 881 | send_key (kx); |
@@ -922,7 +922,7 @@ GSC_KX_handle_ping (struct GSC_KeyExchangeInfo *kx, | |||
922 | GNUNET_STATISTICS_update (GSC_stats, | 922 | GNUNET_STATISTICS_update (GSC_stats, |
923 | gettext_noop ("# PING messages received"), 1, | 923 | gettext_noop ("# PING messages received"), 1, |
924 | GNUNET_NO); | 924 | GNUNET_NO); |
925 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && | 925 | if ( (kx->status != KX_STATE_KEY_RECEIVED) && |
926 | (kx->status != KX_STATE_UP) && | 926 | (kx->status != KX_STATE_UP) && |
927 | (kx->status != KX_STATE_REKEY_SENT)) | 927 | (kx->status != KX_STATE_REKEY_SENT)) |
928 | { | 928 | { |
@@ -1128,7 +1128,7 @@ GSC_KX_handle_pong (struct GSC_KeyExchangeInfo *kx, | |||
1128 | { | 1128 | { |
1129 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); | 1129 | GNUNET_SCHEDULER_cancel (kx->retry_set_key_task); |
1130 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; | 1130 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; |
1131 | } | 1131 | } |
1132 | switch (kx->status) | 1132 | switch (kx->status) |
1133 | { | 1133 | { |
1134 | case KX_STATE_DOWN: | 1134 | case KX_STATE_DOWN: |
@@ -1184,11 +1184,11 @@ send_key (struct GSC_KeyExchangeInfo *kx) | |||
1184 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; | 1184 | kx->retry_set_key_task = GNUNET_SCHEDULER_NO_TASK; |
1185 | } | 1185 | } |
1186 | /* always update sender status in SET KEY message */ | 1186 | /* always update sender status in SET KEY message */ |
1187 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1187 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1188 | "Sending key to `%s' (my status: %d)\n", | 1188 | "Sending key to `%s' (my status: %d)\n", |
1189 | GNUNET_i2s (&kx->peer), | 1189 | GNUNET_i2s (&kx->peer), |
1190 | kx->status); | 1190 | kx->status); |
1191 | current_ekm.sender_status = htonl ((int32_t) (kx->status)); | 1191 | current_ekm.sender_status = htonl ((int32_t) (kx->status)); |
1192 | GSC_NEIGHBOURS_transmit (&kx->peer, ¤t_ekm.header, | 1192 | GSC_NEIGHBOURS_transmit (&kx->peer, ¤t_ekm.header, |
1193 | kx->set_key_retry_frequency); | 1193 | kx->set_key_retry_frequency); |
1194 | kx->retry_set_key_task = | 1194 | kx->retry_set_key_task = |
@@ -1236,8 +1236,8 @@ GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, | |||
1236 | used - ENCRYPTED_HEADER_SIZE)); | 1236 | used - ENCRYPTED_HEADER_SIZE)); |
1237 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted %u bytes for %s\n", | 1237 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted %u bytes for %s\n", |
1238 | used - ENCRYPTED_HEADER_SIZE, GNUNET_i2s (&kx->peer)); | 1238 | used - ENCRYPTED_HEADER_SIZE, GNUNET_i2s (&kx->peer)); |
1239 | derive_auth_key (&auth_key, | 1239 | derive_auth_key (&auth_key, |
1240 | &kx->encrypt_key, | 1240 | &kx->encrypt_key, |
1241 | ph->iv_seed); | 1241 | ph->iv_seed); |
1242 | GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, | 1242 | GNUNET_CRYPTO_hmac (&auth_key, &em->sequence_number, |
1243 | used - ENCRYPTED_HEADER_SIZE, &em->hmac); | 1243 | used - ENCRYPTED_HEADER_SIZE, &em->hmac); |
@@ -1327,8 +1327,8 @@ GSC_KX_handle_encrypted_message (struct GSC_KeyExchangeInfo *kx, | |||
1327 | if (0 != memcmp (&ph, &m->hmac, sizeof (struct GNUNET_HashCode))) | 1327 | if (0 != memcmp (&ph, &m->hmac, sizeof (struct GNUNET_HashCode))) |
1328 | { | 1328 | { |
1329 | /* checksum failed */ | 1329 | /* checksum failed */ |
1330 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1330 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1331 | "Failed checksum validation for a message from `%s'\n", | 1331 | "Failed checksum validation for a message from `%s'\n", |
1332 | GNUNET_i2s (&kx->peer)); | 1332 | GNUNET_i2s (&kx->peer)); |
1333 | return; | 1333 | return; |
1334 | } | 1334 | } |
@@ -1542,7 +1542,7 @@ GSC_KX_init (struct GNUNET_CRYPTO_EccPrivateKey *pk) | |||
1542 | { | 1542 | { |
1543 | GNUNET_assert (NULL != pk); | 1543 | GNUNET_assert (NULL != pk); |
1544 | my_private_key = pk; | 1544 | my_private_key = pk; |
1545 | GNUNET_CRYPTO_ecc_key_get_public_for_signature (my_private_key, | 1545 | GNUNET_CRYPTO_ecc_key_get_public_for_signature (my_private_key, |
1546 | &GSC_my_identity.public_key); | 1546 | &GSC_my_identity.public_key); |
1547 | if (GNUNET_YES == | 1547 | if (GNUNET_YES == |
1548 | GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg, | 1548 | GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg, |