aboutsummaryrefslogtreecommitdiff
path: root/src/transport/gnunet-communicator-udp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/transport/gnunet-communicator-udp.c')
-rw-r--r--src/transport/gnunet-communicator-udp.c3942
1 files changed, 0 insertions, 3942 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
deleted file mode 100644
index 201e94e80..000000000
--- a/src/transport/gnunet-communicator-udp.c
+++ /dev/null
@@ -1,3942 +0,0 @@
1/*
2 This file is part of GNUnet
3 Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
21/**
22 * @file transport/gnunet-communicator-udp.c
23 * @brief Transport plugin using UDP.
24 * @author Christian Grothoff
25 *
26 * TODO:
27 * - consider imposing transmission limits in the absence
28 * of ACKs; or: maybe this should be done at TNG service level?
29 * (at least the receiver might want to enforce limits on
30 * KX/DH operations per sender in here) (#5552)
31 * - overall, we should look more into flow control support
32 * (either in backchannel, or general solution in TNG service)
33 * - handle addresses discovered from broadcasts (#5551)
34 * (think: what was the story again on address validation?
35 * where is the API for that!?!)
36 * - support DNS names in BINDTO option (#5528)
37 * - support NAT connection reversal method (#5529)
38 * - support other UDP-specific NAT traversal methods (#)
39 */
40#include "platform.h"
41#include "gnunet_util_lib.h"
42#include "gnunet_protocols.h"
43#include "gnunet_signatures.h"
44#include "gnunet_constants.h"
45#include "gnunet_nt_lib.h"
46#include "gnunet_nat_service.h"
47#include "gnunet_statistics_service.h"
48#include "gnunet_transport_application_service.h"
49#include "gnunet_transport_communication_service.h"
50
51/**
52 * How often do we rekey based on time (at least)
53 */
54#define DEFAULT_REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
55
56/**
57 * How long do we wait until we must have received the initial KX?
58 */
59#define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
60
61/**
62 * How often do we broadcast our presence on the LAN?
63 */
64#define BROADCAST_FREQUENCY GNUNET_TIME_UNIT_MINUTES
65
66/**
67 * How often do we scan for changes to our network interfaces?
68 */
69#define INTERFACE_SCAN_FREQUENCY \
70 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
71
72/**
73 * How long do we believe our addresses to remain up (before
74 * the other peer should revalidate).
75 */
76#define ADDRESS_VALIDITY_PERIOD GNUNET_TIME_UNIT_HOURS
77
78#define WORKING_QUEUE_INTERVALL \
79 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,1)
80
81/**
82 * AES key size.
83 */
84#define AES_KEY_SIZE (256 / 8)
85
86/**
87 * AES (GCM) IV size.
88 */
89#define AES_IV_SIZE (96 / 8)
90
91/**
92 * Size of the GCM tag.
93 */
94#define GCM_TAG_SIZE (128 / 8)
95
96#define GENERATE_AT_ONCE 2
97
98/**
99 * If we fall below this number of available KCNs,
100 * we generate additional ACKs until we reach
101 * #KCN_TARGET.
102 * Should be large enough that we don't generate ACKs all
103 * the time and still have enough time for the ACK to
104 * arrive before the sender runs out. So really this
105 * should ideally be based on the RTT.
106 */
107#define KCN_THRESHOLD 92
108
109/**
110 * How many KCNs do we keep around *after* we hit
111 * the #KCN_THRESHOLD? Should be larger than
112 * #KCN_THRESHOLD so we do not generate just one
113 * ACK at the time.
114 */
115#define KCN_TARGET 128
116
117/**
118 * What is the maximum delta between KCN sequence numbers
119 * that we allow. Used to expire 'ancient' KCNs that likely
120 * were dropped by the network. Must be larger than
121 * KCN_TARGET (otherwise we generate new KCNs all the time),
122 * but not too large (otherwise packet loss may cause
123 * sender to fall back to KX needlessly when sender runs
124 * out of ACK'ed KCNs due to losses).
125 */
126#define MAX_SQN_DELTA 160
127
128/**
129 * How many shared master secrets do we keep around
130 * at most per sender? Should be large enough so
131 * that we generally have a chance of sending an ACK
132 * before the sender already rotated out the master
133 * secret. Generally values around #KCN_TARGET make
134 * sense. Might make sense to adapt to RTT if we had
135 * a good measurement...
136 */
137#define MAX_SECRETS 128000
138
139/**
140 * Default value for how often we do rekey based on number of bytes transmitted?
141 * (additionally randomized).
142 */
143#define DEFAULT_REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
144
145/**
146 * Address prefix used by the communicator.
147 */
148
149#define COMMUNICATOR_ADDRESS_PREFIX "udp"
150
151/**
152 * Configuration section used by the communicator.
153 */
154#define COMMUNICATOR_CONFIG_SECTION "communicator-udp"
155
156GNUNET_NETWORK_STRUCT_BEGIN
157
158
159/**
160 * Signature we use to verify that the ephemeral key was really chosen by
161 * the specified sender. If possible, the receiver should respond with
162 * a `struct UDPAck` (possibly via backchannel).
163 */
164struct UdpHandshakeSignature
165{
166 /**
167 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE
168 */
169 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
170
171 /**
172 * Identity of the inititor of the UDP connection (UDP client).
173 */
174 struct GNUNET_PeerIdentity sender;
175
176 /**
177 * Presumed identity of the target of the UDP connection (UDP server)
178 */
179 struct GNUNET_PeerIdentity receiver;
180
181 /**
182 * Ephemeral key used by the @e sender.
183 */
184 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
185
186 /**
187 * Monotonic time of @e sender, to possibly help detect replay attacks
188 * (if receiver persists times by sender).
189 */
190 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
191};
192
193
194/**
195 * "Plaintext" header at beginning of KX message. Followed
196 * by encrypted `struct UDPConfirmation`.
197 */
198struct InitialKX
199{
200 /**
201 * Ephemeral key for KX.
202 */
203 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
204
205 /**
206 * HMAC for the following encrypted message, using GCM. HMAC uses
207 * key derived from the handshake with sequence number zero.
208 */
209 char gcm_tag[GCM_TAG_SIZE];
210
211 /**
212 * A flag indicating, if the sender is doing rekeying.
213 */
214 int rekeying;
215};
216
217
218/**
219 * Encrypted continuation of UDP initial handshake, followed
220 * by message header with payload.
221 */
222struct UDPConfirmation
223{
224 /**
225 * Sender's identity
226 */
227 struct GNUNET_PeerIdentity sender;
228
229 /**
230 * Sender's signature of type #GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE
231 */
232 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
233
234 /**
235 * Monotonic time of @e sender, to possibly help detect replay attacks
236 * (if receiver persists times by sender).
237 */
238 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
239
240 /* followed by messages */
241
242 /* padding may follow actual messages */
243};
244
245
246/**
247 * UDP key acknowledgement. May be sent via backchannel. Allows the
248 * sender to use `struct UDPBox` with the acknowledge key henceforth.
249 */
250struct UDPAck
251{
252 /**
253 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK.
254 */
255 struct GNUNET_MessageHeader header;
256
257 /**
258 * Sequence acknowledgement limit. Specifies current maximum sequence
259 * number supported by receiver.
260 */
261 uint32_t sequence_max GNUNET_PACKED;
262
263 /**
264 * Sequence acknowledgement limit. Specifies current maximum sequence
265 * number supported by receiver.
266 */
267 uint32_t acks_available GNUNET_PACKED;
268
269 /**
270 * CMAC of the base key being acknowledged.
271 */
272 struct GNUNET_HashCode cmac;
273};
274
275
276/**
277 * Signature we use to verify that the broadcast was really made by
278 * the peer that claims to have made it. Basically, affirms that the
279 * peer is really using this IP address (albeit possibly not in _our_
280 * LAN). Makes it difficult for peers in the LAN to claim to
281 * be just any global peer -- an attacker must have at least
282 * shared a LAN with the peer they're pretending to be here.
283 */
284struct UdpBroadcastSignature
285{
286 /**
287 * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST
288 */
289 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
290
291 /**
292 * Identity of the inititor of the UDP broadcast.
293 */
294 struct GNUNET_PeerIdentity sender;
295
296 /**
297 * Hash of the sender's UDP address.
298 */
299 struct GNUNET_HashCode h_address;
300};
301
302
303/**
304 * Broadcast by peer in LAN announcing its presence. Unusual in that
305 * we don't pad these to full MTU, as we cannot prevent being
306 * recognized in LAN as GNUnet peers if this feature is enabled
307 * anyway. Also, the entire message is in cleartext.
308 */
309struct UDPBroadcast
310{
311 /**
312 * Sender's peer identity.
313 */
314 struct GNUNET_PeerIdentity sender;
315
316 /**
317 * Sender's signature of type
318 * #GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST
319 */
320 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
321};
322
323
324/**
325 * UDP message box. Always sent encrypted, only allowed after
326 * the receiver sent a `struct UDPAck` for the base key!
327 */
328struct UDPBox
329{
330 /**
331 * Key and IV identification code. KDF applied to an acknowledged
332 * base key and a sequence number. Sequence numbers must be used
333 * monotonically increasing up to the maximum specified in
334 * `struct UDPAck`. Without further `struct UDPAck`s, the sender
335 * must fall back to sending handshakes!
336 */
337 struct GNUNET_ShortHashCode kid;
338
339 /**
340 * 128-bit authentication tag for the following encrypted message,
341 * from GCM. MAC starts at the @e body_start that follows and
342 * extends until the end of the UDP payload. If the @e hmac is
343 * wrong, the receiver should check if the message might be a
344 * `struct UdpHandshakeSignature`.
345 */
346 char gcm_tag[GCM_TAG_SIZE];
347
348 /**
349 * A flag indicating, if the sender is doing rekeying.
350 */
351 int rekeying;
352};
353
354/**
355 * UDP message box. Always sent encrypted, only allowed after
356 * the receiver sent a `struct UDPAck` for the base key!
357 */
358struct UDPRekey
359{
360 /**
361 * Key and IV identification code. KDF applied to an acknowledged
362 * base key and a sequence number. Sequence numbers must be used
363 * monotonically increasing up to the maximum specified in
364 * `struct UDPAck`. Without further `struct UDPAck`s, the sender
365 * must fall back to sending handshakes!
366 */
367 struct GNUNET_ShortHashCode kid;
368
369 /**
370 * 128-bit authentication tag for the following encrypted message,
371 * from GCM. MAC starts at the @e body_start that follows and
372 * extends until the end of the UDP payload. If the @e hmac is
373 * wrong, the receiver should check if the message might be a
374 * `struct UdpHandshakeSignature`.
375 */
376 char gcm_tag[GCM_TAG_SIZE];
377
378 /**
379 * Sender's identity
380 */
381 struct GNUNET_PeerIdentity sender;
382};
383
384GNUNET_NETWORK_STRUCT_END
385
386/**
387 * Shared secret we generated for a particular sender or receiver.
388 */
389struct SharedSecret;
390
391
392/**
393 * Pre-generated "kid" code (key and IV identification code) to
394 * quickly derive master key for a `struct UDPBox`.
395 */
396struct KeyCacheEntry
397{
398 /**
399 * Kept in a DLL.
400 */
401 struct KeyCacheEntry *next;
402
403 /**
404 * Kept in a DLL.
405 */
406 struct KeyCacheEntry *prev;
407
408 /**
409 * Key and IV identification code. KDF applied to an acknowledged
410 * base key and a sequence number. Sequence numbers must be used
411 * monotonically increasing up to the maximum specified in
412 * `struct UDPAck`. Without further `struct UDPAck`s, the sender
413 * must fall back to sending handshakes!
414 */
415 struct GNUNET_ShortHashCode kid;
416
417 /**
418 * Corresponding shared secret.
419 */
420 struct SharedSecret *ss;
421
422 /**
423 * Sequence number used to derive this entry from master key.
424 */
425 uint32_t sequence_number;
426};
427
428
429/**
430 * Information we track per sender address we have recently been
431 * in contact with (decryption from sender).
432 */
433struct SenderAddress;
434
435/**
436 * Information we track per receiving address we have recently been
437 * in contact with (encryption to receiver).
438 */
439struct ReceiverAddress;
440
441/**
442 * Shared secret we generated for a particular sender or receiver.
443 */
444struct SharedSecret
445{
446 /**
447 * Kept in a DLL.
448 */
449 struct SharedSecret *next;
450
451 /**
452 * Kept in a DLL.
453 */
454 struct SharedSecret *prev;
455
456 /**
457 * Kept in a DLL, sorted by sequence number. Only if we are decrypting.
458 */
459 struct KeyCacheEntry *kce_head;
460
461 /**
462 * Kept in a DLL, sorted by sequence number. Only if we are decrypting.
463 */
464 struct KeyCacheEntry *kce_tail;
465
466 /**
467 * Sender we use this shared secret with, or NULL.
468 */
469 struct SenderAddress *sender;
470
471 /**
472 * Receiver we use this shared secret with, or NULL.
473 */
474 struct ReceiverAddress *receiver;
475
476 /**
477 * Master shared secret.
478 */
479 struct GNUNET_HashCode master;
480
481 /**
482 * CMAC is used to identify @e master in ACKs.
483 */
484 struct GNUNET_HashCode cmac;
485
486 /**
487 * Up to which sequence number did we use this @e master already?
488 * (for encrypting only)
489 */
490 uint32_t sequence_used;
491
492 /**
493 * Up to which sequence number did the other peer allow us to use
494 * this key, or up to which number did we allow the other peer to
495 * use this key?
496 */
497 uint32_t sequence_allowed;
498
499 /**
500 * Number of active KCN entries.
501 */
502 unsigned int active_kce_count;
503};
504
505
506/**
507 * Information we track per sender address we have recently been
508 * in contact with (we decrypt messages from the sender).
509 */
510struct SenderAddress
511{
512 /**
513 * Shared secret we use with @e target for rekeying.
514 */
515 struct SharedSecret *ss_rekey;
516
517 /**
518 * Flag indicating sender is initiated rekeying for this receiver.
519 */
520 int rekeying;
521
522 /**
523 * To whom are we talking to.
524 */
525 struct GNUNET_PeerIdentity target;
526
527 /**
528 * Entry in sender expiration heap.
529 */
530 struct GNUNET_CONTAINER_HeapNode *hn;
531
532 /**
533 * Shared secrets we used with @e target, first used is head.
534 */
535 struct SharedSecret *ss_head;
536
537 /**
538 * Shared secrets we used with @e target, last used is tail.
539 */
540 struct SharedSecret *ss_tail;
541
542 /**
543 * Address of the other peer.
544 */
545 struct sockaddr *address;
546
547 /**
548 * Length of the address.
549 */
550 socklen_t address_len;
551
552 /**
553 * Timeout for this sender.
554 */
555 struct GNUNET_TIME_Absolute timeout;
556
557 /**
558 * Length of the DLL at @a ss_head.
559 */
560 unsigned int num_secrets;
561
562 /**
563 * Number of BOX keys from ACKs we have currently
564 * available for this sender.
565 */
566 unsigned int acks_available;
567
568 /**
569 * Which network type does this queue use?
570 */
571 enum GNUNET_NetworkType nt;
572
573 /**
574 * sender_destroy already called on sender.
575 */
576 int sender_destroy_called;
577
578
579 /**
580 * ID of kce working queue task
581 */
582 struct GNUNET_SCHEDULER_Task *kce_task;
583
584 /**
585 * ID of kce rekey working queue task
586 */
587 struct GNUNET_SCHEDULER_Task *kce_task_rekey;
588
589 /**
590 * Is the kce_task finished?
591 */
592 int kce_task_finished;
593};
594
595
596/**
597 * Information we track per receiving address we have recently been
598 * in contact with (encryption to receiver).
599 */
600struct ReceiverAddress
601{
602
603 /**
604 * Shared secret we use with @e target for rekeying.
605 */
606 struct SharedSecret *ss_rekey;
607
608 /**
609 * Acks available when we started rekeying.
610 */
611 unsigned int rekey_acks_available;
612
613 /**
614 * Send bytes for this receiver address.
615 */
616 uint64_t rekey_send_bytes;
617
618 /**
619 * Timeout for this receiver address.
620 */
621 struct GNUNET_TIME_Absolute rekey_timeout;
622
623 /**
624 * Flag indicating sender is initiated rekeying for this receiver.
625 */
626 int rekeying;
627
628 /**
629 * Number of kce we retain for sending the rekeying shared secret.
630 */
631 int number_rekeying_kce;
632
633 /**
634 * To whom are we talking to.
635 */
636 struct GNUNET_PeerIdentity target;
637
638 /**
639 * Shared secrets we received from @e target, first used is head.
640 */
641 struct SharedSecret *ss_head;
642
643 /**
644 * Shared secrets we received with @e target, last used is tail.
645 */
646 struct SharedSecret *ss_tail;
647
648 /**
649 * Address of the receiver in the human-readable format
650 * with the #COMMUNICATOR_ADDRESS_PREFIX.
651 */
652 char *foreign_addr;
653
654 /**
655 * Address of the other peer.
656 */
657 struct sockaddr *address;
658
659 /**
660 * Length of the address.
661 */
662 socklen_t address_len;
663
664 /**
665 * Entry in sender expiration heap.
666 */
667 struct GNUNET_CONTAINER_HeapNode *hn;
668
669 /**
670 * KX message queue we are providing for the #ch.
671 */
672 struct GNUNET_MQ_Handle *kx_mq;
673
674 /**
675 * Default message queue we are providing for the #ch.
676 */
677 struct GNUNET_MQ_Handle *d_mq;
678
679 /**
680 * handle for KX queue with the #ch.
681 */
682 struct GNUNET_TRANSPORT_QueueHandle *kx_qh;
683
684 /**
685 * handle for default queue with the #ch.
686 */
687 struct GNUNET_TRANSPORT_QueueHandle *d_qh;
688
689 /**
690 * Timeout for this receiver address.
691 */
692 struct GNUNET_TIME_Absolute timeout;
693
694 /**
695 * MTU we allowed transport for this receiver's KX queue.
696 */
697 size_t kx_mtu;
698
699 /**
700 * MTU we allowed transport for this receiver's default queue.
701 */
702 size_t d_mtu;
703
704 /**
705 * Length of the DLL at @a ss_head.
706 */
707 unsigned int num_secrets;
708
709 /**
710 * Number of BOX keys from ACKs we have currently
711 * available for this receiver.
712 */
713 unsigned int acks_available;
714
715 /**
716 * Which network type does this queue use?
717 */
718 enum GNUNET_NetworkType nt;
719
720 /**
721 * receiver_destroy already called on receiver.
722 */
723 int receiver_destroy_called;
724};
725
726/**
727 * Interface we broadcast our presence on.
728 */
729struct BroadcastInterface
730{
731 /**
732 * Kept in a DLL.
733 */
734 struct BroadcastInterface *next;
735
736 /**
737 * Kept in a DLL.
738 */
739 struct BroadcastInterface *prev;
740
741 /**
742 * Task for this broadcast interface.
743 */
744 struct GNUNET_SCHEDULER_Task *broadcast_task;
745
746 /**
747 * Sender's address of the interface.
748 */
749 struct sockaddr *sa;
750
751 /**
752 * Broadcast address to use on the interface.
753 */
754 struct sockaddr *ba;
755
756 /**
757 * Message we broadcast on this interface.
758 */
759 struct UDPBroadcast bcm;
760
761 /**
762 * If this is an IPv6 interface, this is the request
763 * we use to join/leave the group.
764 */
765 struct ipv6_mreq mcreq;
766
767 /**
768 * Number of bytes in @e sa.
769 */
770 socklen_t salen;
771
772 /**
773 * Was this interface found in the last #iface_proc() scan?
774 */
775 int found;
776};
777
778/**
779 * The rekey interval
780 */
781static struct GNUNET_TIME_Relative rekey_interval;
782
783/**
784 * How often we do rekey based on number of bytes transmitted
785 */
786static unsigned long long rekey_max_bytes;
787/**
788 * Shared secret we finished the last kce working queue for.
789 */
790struct SharedSecret *ss_finished;
791
792/**
793 * Cache of pre-generated key IDs.
794 */
795static struct GNUNET_CONTAINER_MultiShortmap *key_cache;
796
797/**
798 * ID of read task
799 */
800static struct GNUNET_SCHEDULER_Task *read_task;
801
802/**
803 * ID of timeout task
804 */
805static struct GNUNET_SCHEDULER_Task *timeout_task;
806
807/**
808 * ID of master broadcast task
809 */
810static struct GNUNET_SCHEDULER_Task *broadcast_task;
811
812/**
813 * For logging statistics.
814 */
815static struct GNUNET_STATISTICS_Handle *stats;
816
817/**
818 * Our environment.
819 */
820static struct GNUNET_TRANSPORT_CommunicatorHandle *ch;
821
822/**
823 * Receivers (map from peer identity to `struct ReceiverAddress`)
824 */
825static struct GNUNET_CONTAINER_MultiPeerMap *receivers;
826
827/**
828 * Senders (map from peer identity to `struct SenderAddress`)
829 */
830static struct GNUNET_CONTAINER_MultiPeerMap *senders;
831
832/**
833 * Expiration heap for senders (contains `struct SenderAddress`)
834 */
835static struct GNUNET_CONTAINER_Heap *senders_heap;
836
837/**
838 * Expiration heap for receivers (contains `struct ReceiverAddress`)
839 */
840static struct GNUNET_CONTAINER_Heap *receivers_heap;
841
842/**
843 * Broadcast interface tasks. Kept in a DLL.
844 */
845static struct BroadcastInterface *bi_head;
846
847/**
848 * Broadcast interface tasks. Kept in a DLL.
849 */
850static struct BroadcastInterface *bi_tail;
851
852/**
853 * Our socket.
854 */
855static struct GNUNET_NETWORK_Handle *udp_sock;
856
857/**
858 * #GNUNET_YES if #udp_sock supports IPv6.
859 */
860static int have_v6_socket;
861
862/**
863 * Our public key.
864 */
865static struct GNUNET_PeerIdentity my_identity;
866
867/**
868 * Our private key.
869 */
870static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
871
872/**
873 * Our configuration.
874 */
875static const struct GNUNET_CONFIGURATION_Handle *cfg;
876
877/**
878 * Our handle to report addresses for validation to TRANSPORT.
879 */
880static struct GNUNET_TRANSPORT_ApplicationHandle *ah;
881
882/**
883 * Network scanner to determine network types.
884 */
885static struct GNUNET_NT_InterfaceScanner *is;
886
887/**
888 * Connection to NAT service.
889 */
890static struct GNUNET_NAT_Handle *nat;
891
892/**
893 * Port number to which we are actually bound.
894 */
895static uint16_t my_port;
896
897
898/**
899 * An interface went away, stop broadcasting on it.
900 *
901 * @param bi entity to close down
902 */
903static void
904bi_destroy (struct BroadcastInterface *bi)
905{
906 if (AF_INET6 == bi->sa->sa_family)
907 {
908 /* Leave the multicast group */
909 if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
910 IPPROTO_IPV6,
911 IPV6_LEAVE_GROUP,
912 &bi->mcreq,
913 sizeof(bi->mcreq)))
914 {
915 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
916 }
917 }
918 GNUNET_CONTAINER_DLL_remove (bi_head, bi_tail, bi);
919 GNUNET_SCHEDULER_cancel (bi->broadcast_task);
920 GNUNET_free (bi->sa);
921 GNUNET_free (bi->ba);
922 GNUNET_free (bi);
923}
924
925
926/**
927 * Destroys a receiving state due to timeout or shutdown.
928 *
929 * @param receiver entity to close down
930 */
931static void
932receiver_destroy (struct ReceiverAddress *receiver)
933{
934
935 receiver->receiver_destroy_called = GNUNET_YES;
936
937 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
938 "Disconnecting receiver for peer `%s'\n",
939 GNUNET_i2s (&receiver->target));
940 /*if (NULL != (mq = receiver->kx_mq))
941 {
942 receiver->kx_mq = NULL;
943 GNUNET_MQ_destroy (mq);
944 }*/
945 if (NULL != receiver->kx_qh)
946 {
947 GNUNET_TRANSPORT_communicator_mq_del (receiver->kx_qh);
948 receiver->kx_qh = NULL;
949 receiver->kx_mq = NULL;
950 }
951 /*if (NULL != (mq = receiver->d_mq))
952 {
953 receiver->d_mq = NULL;
954 GNUNET_MQ_destroy (mq);
955 }*/
956 if (NULL != receiver->d_qh)
957 {
958 GNUNET_TRANSPORT_communicator_mq_del (receiver->d_qh);
959 receiver->d_qh = NULL;
960 }
961 GNUNET_assert (GNUNET_YES ==
962 GNUNET_CONTAINER_multipeermap_remove (receivers,
963 &receiver->target,
964 receiver));
965 GNUNET_assert (receiver == GNUNET_CONTAINER_heap_remove_node (receiver->hn));
966 GNUNET_STATISTICS_set (stats,
967 "# receivers active",
968 GNUNET_CONTAINER_multipeermap_size (receivers),
969 GNUNET_NO);
970 GNUNET_free (receiver->address);
971 GNUNET_free (receiver->foreign_addr);
972 GNUNET_free (receiver);
973}
974
975
976/**
977 * Free memory used by key cache entry.
978 *
979 * @param kce the key cache entry
980 */
981static void
982kce_destroy (struct KeyCacheEntry *kce)
983{
984 struct SharedSecret *ss = kce->ss;
985
986 ss->active_kce_count--;
987 ss->sender->acks_available--;
988 GNUNET_CONTAINER_DLL_remove (ss->kce_head, ss->kce_tail, kce);
989 GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multishortmap_remove (key_cache,
990 &kce->kid,
991 kce));
992 GNUNET_free (kce);
993}
994
995
996/**
997 * Compute @a kid.
998 *
999 * @param msec master secret for HMAC calculation
1000 * @param serial number for the @a smac calculation
1001 * @param kid[out] where to write the key ID
1002 */
1003static void
1004get_kid (const struct GNUNET_HashCode *msec,
1005 uint32_t serial,
1006 struct GNUNET_ShortHashCode *kid)
1007{
1008 uint32_t sid = htonl (serial);
1009
1010 GNUNET_CRYPTO_hkdf (kid,
1011 sizeof(*kid),
1012 GCRY_MD_SHA512,
1013 GCRY_MD_SHA256,
1014 &sid,
1015 sizeof(sid),
1016 msec,
1017 sizeof(*msec),
1018 "UDP-KID",
1019 strlen ("UDP-KID"),
1020 NULL,
1021 0);
1022}
1023
1024
1025/**
1026 * Setup key cache entry for sequence number @a seq and shared secret @a ss.
1027 *
1028 * @param ss shared secret
1029 * @param seq sequence number for the key cache entry
1030 */
1031static void
1032kce_generate (struct SharedSecret *ss, uint32_t seq)
1033{
1034 struct KeyCacheEntry *kce;
1035
1036 GNUNET_assert (0 < seq);
1037 kce = GNUNET_new (struct KeyCacheEntry);
1038 kce->ss = ss;
1039 kce->sequence_number = seq;
1040 get_kid (&ss->master, seq, &kce->kid);
1041 GNUNET_CONTAINER_DLL_insert (ss->kce_head, ss->kce_tail, kce);
1042 ss->active_kce_count++;
1043 ss->sender->acks_available++;
1044 (void) GNUNET_CONTAINER_multishortmap_put (
1045 key_cache,
1046 &kce->kid,
1047 kce,
1048 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1049 GNUNET_STATISTICS_set (stats,
1050 "# KIDs active",
1051 GNUNET_CONTAINER_multishortmap_size (key_cache),
1052 GNUNET_NO);
1053}
1054
1055
1056/**
1057 * Destroy @a ss and associated key cache entries.
1058 *
1059 * @param ss shared secret to destroy
1060 * @param withoutKce If GNUNET_YES shared secrets with kce will not be destroyed.
1061 */
1062static int
1063secret_destroy (struct SharedSecret *ss, int withoutKce)
1064{
1065 struct SenderAddress *sender;
1066 struct ReceiverAddress *receiver;
1067 struct KeyCacheEntry *kce;
1068
1069 if (withoutKce && (ss->sequence_allowed > 0))
1070 return GNUNET_NO;
1071
1072 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1073 "secret %s destroy %u %u\n",
1074 GNUNET_h2s (&ss->master),
1075 withoutKce,
1076 ss->sequence_allowed);
1077 if (NULL != (sender = ss->sender))
1078 {
1079 GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss);
1080 sender->num_secrets--;
1081 }
1082 if (NULL != (receiver = ss->receiver))
1083 {
1084 GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
1085 receiver->num_secrets--;
1086 // Uncomment this for alternativ 1 of backchannel functionality
1087 receiver->acks_available -= (ss->sequence_allowed - ss->sequence_used);
1088 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1089 "%u receiver->acks_available 3\n",
1090 receiver->acks_available);
1091 // Until here for alternativ 1
1092 }
1093 while (NULL != (kce = ss->kce_head))
1094 kce_destroy (kce);
1095 GNUNET_STATISTICS_update (stats, "# Secrets active", -1, GNUNET_NO);
1096 GNUNET_STATISTICS_set (stats,
1097 "# KIDs active",
1098 GNUNET_CONTAINER_multishortmap_size (key_cache),
1099 GNUNET_NO);
1100 GNUNET_free (ss);
1101 return GNUNET_YES;
1102}
1103
1104
1105/**
1106 * Functions with this signature are called whenever we need
1107 * to close a sender's state due to timeout.
1108 *
1109 * @param sender entity to close down
1110 */
1111static void
1112sender_destroy (struct SenderAddress *sender)
1113{
1114 sender->sender_destroy_called = GNUNET_YES;
1115 GNUNET_assert (
1116 GNUNET_YES ==
1117 GNUNET_CONTAINER_multipeermap_remove (senders, &sender->target, sender));
1118 GNUNET_assert (sender == GNUNET_CONTAINER_heap_remove_node (sender->hn));
1119 GNUNET_STATISTICS_set (stats,
1120 "# senders active",
1121 GNUNET_CONTAINER_multipeermap_size (senders),
1122 GNUNET_NO);
1123 GNUNET_free (sender->address);
1124 GNUNET_free (sender);
1125}
1126
1127
1128/**
1129 * Compute @a key and @a iv.
1130 *
1131 * @param msec master secret for calculation
1132 * @param serial number for the @a smac calculation
1133 * @param key[out] where to write the decryption key
1134 * @param iv[out] where to write the IV
1135 */
1136static void
1137get_iv_key (const struct GNUNET_HashCode *msec,
1138 uint32_t serial,
1139 char key[AES_KEY_SIZE],
1140 char iv[AES_IV_SIZE])
1141{
1142 uint32_t sid = htonl (serial);
1143 char res[AES_KEY_SIZE + AES_IV_SIZE];
1144
1145 GNUNET_CRYPTO_hkdf (res,
1146 sizeof(res),
1147 GCRY_MD_SHA512,
1148 GCRY_MD_SHA256,
1149 &sid,
1150 sizeof(sid),
1151 msec,
1152 sizeof(*msec),
1153 "UDP-IV-KEY",
1154 strlen ("UDP-IV-KEY"),
1155 NULL,
1156 0);
1157 memcpy (key, res, AES_KEY_SIZE);
1158 memcpy (iv, &res[AES_KEY_SIZE], AES_IV_SIZE);
1159}
1160
1161
1162/**
1163 * Increment sender timeout due to activity.
1164 *
1165 * @param sender address for which the timeout should be rescheduled
1166 */
1167static void
1168reschedule_sender_timeout (struct SenderAddress *sender)
1169{
1170 sender->timeout =
1171 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1172 GNUNET_CONTAINER_heap_update_cost (sender->hn, sender->timeout.abs_value_us);
1173}
1174
1175
1176/**
1177 * Increment receiver timeout due to activity.
1178 *
1179 * @param receiver address for which the timeout should be rescheduled
1180 */
1181static void
1182reschedule_receiver_timeout (struct ReceiverAddress *receiver)
1183{
1184 receiver->timeout =
1185 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1186 GNUNET_CONTAINER_heap_update_cost (receiver->hn,
1187 receiver->timeout.abs_value_us);
1188}
1189
1190
1191/**
1192 * Task run to check #receiver_heap and #sender_heap for timeouts.
1193 *
1194 * @param cls unused, NULL
1195 */
1196static void
1197check_timeouts (void *cls)
1198{
1199 struct GNUNET_TIME_Relative st;
1200 struct GNUNET_TIME_Relative rt;
1201 struct GNUNET_TIME_Relative delay;
1202 struct ReceiverAddress *receiver;
1203 struct SenderAddress *sender;
1204
1205 (void) cls;
1206 timeout_task = NULL;
1207 rt = GNUNET_TIME_UNIT_FOREVER_REL;
1208 while (NULL != (receiver = GNUNET_CONTAINER_heap_peek (receivers_heap)))
1209 {
1210 /* if (GNUNET_YES != receiver->receiver_destroy_called) */
1211 /* { */
1212 rt = GNUNET_TIME_absolute_get_remaining (receiver->timeout);
1213 if (0 != rt.rel_value_us)
1214 break;
1215 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1216 "Receiver timed out\n");
1217 receiver_destroy (receiver);
1218 // }
1219 }
1220 st = GNUNET_TIME_UNIT_FOREVER_REL;
1221 while (NULL != (sender = GNUNET_CONTAINER_heap_peek (senders_heap)))
1222 {
1223 if (GNUNET_YES != sender->sender_destroy_called)
1224 {
1225 st = GNUNET_TIME_absolute_get_remaining (sender->timeout);
1226 if (0 != st.rel_value_us)
1227 break;
1228 sender_destroy (sender);
1229 }
1230 }
1231 delay = GNUNET_TIME_relative_min (rt, st);
1232 if (delay.rel_value_us < GNUNET_TIME_UNIT_FOREVER_REL.rel_value_us)
1233 timeout_task = GNUNET_SCHEDULER_add_delayed (delay, &check_timeouts, NULL);
1234}
1235
1236
1237/**
1238 * Calculate cmac from master in @a ss.
1239 *
1240 * @param ss[in,out] data structure to complete
1241 */
1242static void
1243calculate_cmac (struct SharedSecret *ss)
1244{
1245 GNUNET_CRYPTO_hkdf (&ss->cmac,
1246 sizeof(ss->cmac),
1247 GCRY_MD_SHA512,
1248 GCRY_MD_SHA256,
1249 "CMAC",
1250 strlen ("CMAC"),
1251 &ss->master,
1252 sizeof(ss->master),
1253 "UDP-CMAC",
1254 strlen ("UDP-CMAC"),
1255 NULL,
1256 0);
1257}
1258
1259
1260/**
1261 * We received @a plaintext_len bytes of @a plaintext from a @a sender.
1262 * Pass it on to CORE.
1263 *
1264 * @param queue the queue that received the plaintext
1265 * @param plaintext the plaintext that was received
1266 * @param plaintext_len number of bytes of plaintext received
1267 */
1268static void
1269pass_plaintext_to_core (struct SenderAddress *sender,
1270 const void *plaintext,
1271 size_t plaintext_len)
1272{
1273 const struct GNUNET_MessageHeader *hdr = plaintext;
1274 const char *pos = plaintext;
1275
1276 while (ntohs (hdr->size) < plaintext_len)
1277 {
1278 GNUNET_STATISTICS_update (stats,
1279 "# bytes given to core",
1280 ntohs (hdr->size),
1281 GNUNET_NO);
1282 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1283 "Giving %u bytes to TNG\n", ntohs (hdr->size));
1284 GNUNET_assert (GNUNET_SYSERR !=
1285 GNUNET_TRANSPORT_communicator_receive (ch,
1286 &sender->target,
1287 hdr,
1288 ADDRESS_VALIDITY_PERIOD,
1289 NULL /* no flow control possible */
1290 ,
1291 NULL));
1292 /* move on to next message, if any */
1293 plaintext_len -= ntohs (hdr->size);
1294 if (plaintext_len < sizeof(*hdr))
1295 break;
1296 pos += ntohs (hdr->size);
1297 hdr = (const struct GNUNET_MessageHeader *) pos;
1298 // TODO for now..., we do not actually sen >1msg or have a way of telling
1299 // if we are done
1300 break;
1301 }
1302 GNUNET_STATISTICS_update (stats,
1303 "# bytes padding discarded",
1304 plaintext_len,
1305 GNUNET_NO);
1306}
1307
1308
1309/**
1310 * Setup @a cipher based on shared secret @a msec and
1311 * serial number @a serial.
1312 *
1313 * @param msec master shared secret
1314 * @param serial serial number of cipher to set up
1315 * @param cipher[out] cipher to initialize
1316 */
1317static void
1318setup_cipher (const struct GNUNET_HashCode *msec,
1319 uint32_t serial,
1320 gcry_cipher_hd_t *cipher)
1321{
1322 char key[AES_KEY_SIZE];
1323 char iv[AES_IV_SIZE];
1324 int rc;
1325
1326 GNUNET_assert (0 ==
1327 gcry_cipher_open (cipher,
1328 GCRY_CIPHER_AES256 /* low level: go for speed */,
1329 GCRY_CIPHER_MODE_GCM,
1330 0 /* flags */));
1331 get_iv_key (msec, serial, key, iv);
1332 rc = gcry_cipher_setkey (*cipher, key, sizeof(key));
1333 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
1334 rc = gcry_cipher_setiv (*cipher, iv, sizeof(iv));
1335 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
1336}
1337
1338
1339/**
1340 * Try to decrypt @a buf using shared secret @a ss and key/iv
1341 * derived using @a serial.
1342 *
1343 * @param ss shared secret
1344 * @param tag GCM authentication tag
1345 * @param serial serial number to use
1346 * @param in_buf input buffer to decrypt
1347 * @param in_buf_size number of bytes in @a in_buf and available in @a out_buf
1348 * @param out_buf where to write the result
1349 * @return #GNUNET_OK on success
1350 */
1351static int
1352try_decrypt (const struct SharedSecret *ss,
1353 const char tag[GCM_TAG_SIZE],
1354 uint32_t serial,
1355 const char *in_buf,
1356 size_t in_buf_size,
1357 char *out_buf)
1358{
1359 gcry_cipher_hd_t cipher;
1360
1361 setup_cipher (&ss->master, serial, &cipher);
1362 GNUNET_assert (
1363 0 ==
1364 gcry_cipher_decrypt (cipher, out_buf, in_buf_size, in_buf, in_buf_size));
1365 if (0 != gcry_cipher_checktag (cipher, tag, GCM_TAG_SIZE))
1366 {
1367 gcry_cipher_close (cipher);
1368 GNUNET_STATISTICS_update (stats,
1369 "# AEAD authentication failures",
1370 1,
1371 GNUNET_NO);
1372 return GNUNET_SYSERR;
1373 }
1374 gcry_cipher_close (cipher);
1375 return GNUNET_OK;
1376}
1377
1378
1379/**
1380 * Setup shared secret for decryption.
1381 *
1382 * @param ephemeral ephemeral key we received from the other peer
1383 * @return new shared secret
1384 */
1385static struct SharedSecret *
1386setup_shared_secret_dec (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
1387{
1388 struct SharedSecret *ss;
1389
1390 ss = GNUNET_new (struct SharedSecret);
1391 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &ss->master);
1392 return ss;
1393}
1394
1395
1396/**
1397 * Setup shared secret for encryption.
1398 *
1399 * @param ephemeral ephemeral key we are sending to the other peer
1400 * @param receiver[in,out] queue to initialize encryption key for
1401 * @return new shared secret
1402 */
1403static struct SharedSecret *
1404setup_shared_secret_enc (const struct GNUNET_CRYPTO_EcdhePrivateKey *ephemeral,
1405 struct ReceiverAddress *receiver, int add_to_receiver)
1406{
1407 struct SharedSecret *ss;
1408
1409 ss = GNUNET_new (struct SharedSecret);
1410 GNUNET_CRYPTO_ecdh_eddsa (ephemeral,
1411 &receiver->target.public_key,
1412 &ss->master);
1413 calculate_cmac (ss);
1414 ss->receiver = receiver;
1415 GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
1416 receiver->num_secrets++;
1417 GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
1418 return ss;
1419}
1420
1421
1422/**
1423 * Setup the MQ for the @a receiver. If a queue exists,
1424 * the existing one is destroyed. Then the MTU is
1425 * recalculated and a fresh queue is initialized.
1426 *
1427 * @param receiver receiver to setup MQ for
1428 */
1429static void
1430setup_receiver_mq (struct ReceiverAddress *receiver);
1431
1432/**
1433 * Destroying all secrets. Depending on parameter we keep those secrets having a kce.
1434 *
1435 * @param ss The secret we will not destroy.
1436 * @param withoutKce If GNUNET_YES shared secrets with kce will not be destroyed.
1437 */
1438static void
1439destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
1440{
1441 struct SenderAddress *sender;
1442 struct ReceiverAddress *receiver;
1443 struct SharedSecret *ss_to_destroy;
1444 struct SharedSecret *ss_start;
1445 struct SharedSecret *pos;
1446 int at_least_one_destroyed = GNUNET_NO;
1447
1448 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1449 "Starting destroy all withoutKce: %u.\n",
1450 withoutKce);
1451
1452 if (NULL != (sender = ss->sender))
1453 {
1454 ss_start = sender->ss_head;
1455 }
1456 else if (NULL != (receiver = ss->receiver))
1457 {
1458 ss_start = receiver->ss_head;
1459 }
1460 else
1461 {
1462 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1463 "Shared secret has no sender or receiver!\n");
1464 return;
1465 }
1466
1467 pos = ss_start;
1468 while (NULL != pos)
1469 {
1470 ss_to_destroy = pos;
1471 pos = pos->next;
1472
1473 if (ss != ss_to_destroy)
1474 at_least_one_destroyed = secret_destroy (ss_to_destroy, withoutKce);
1475 }
1476
1477 if ((ss != ss_start) && ! at_least_one_destroyed)
1478 {
1479 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1480 "Really destroying all.\n");
1481 destroy_all_secrets (ss_start, GNUNET_NO);
1482 }
1483
1484 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1485 "Finished destroy all.\n");
1486}
1487
1488
1489static void
1490add_acks (struct SharedSecret *ss, int acks_to_add)
1491{
1492
1493 struct ReceiverAddress *receiver = ss->receiver;
1494
1495 GNUNET_assert (NULL != ss);
1496 GNUNET_assert (NULL != receiver);
1497
1498 if (NULL == receiver->d_qh)
1499 {
1500 receiver->d_qh =
1501 GNUNET_TRANSPORT_communicator_mq_add (ch,
1502 &receiver->target,
1503 receiver->foreign_addr,
1504 receiver->d_mtu,
1505 acks_to_add,
1506 1, /* Priority */
1507 receiver->nt,
1508 GNUNET_TRANSPORT_CS_OUTBOUND,
1509 receiver->d_mq);
1510 }
1511 else
1512 {
1513 GNUNET_TRANSPORT_communicator_mq_update (ch,
1514 receiver->d_qh,
1515 acks_to_add,
1516 1);
1517 }
1518
1519 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1520 "Tell transport we have %u more acks!\n",
1521 acks_to_add);
1522 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1523 "%u kce for rekeying.\n",
1524 receiver->number_rekeying_kce);
1525
1526 // Until here for alternativ 1
1527
1528 /* move ss to head to avoid discarding it anytime soon! */
1529
1530 GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
1531 GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
1532 destroy_all_secrets (ss, GNUNET_YES);
1533}
1534
1535
1536static uint32_t
1537reset_rekey_kces (struct ReceiverAddress *receiver,
1538 uint32_t acks_to_add)
1539{
1540 int needed_for_rekeying;
1541
1542 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1543 "%u kce for rekeying and %u acks_to_add\n",
1544 receiver->number_rekeying_kce,
1545 acks_to_add);
1546
1547 needed_for_rekeying = (3 - receiver->number_rekeying_kce);
1548 if (acks_to_add <= needed_for_rekeying)
1549 {
1550 receiver->number_rekeying_kce += acks_to_add;
1551 acks_to_add = 0;
1552 }
1553 else
1554 {
1555 acks_to_add -= (3 - receiver->number_rekeying_kce);
1556 receiver->number_rekeying_kce = 3;
1557 }
1558
1559 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1560 "%u kce for rekeying and %u acks_to_add\n",
1561 receiver->number_rekeying_kce,
1562 acks_to_add);
1563 return acks_to_add;
1564}
1565
1566
1567static void
1568add_acks_rekey (struct ReceiverAddress *receiver)
1569{
1570 uint32_t acks_to_add = receiver->ss_rekey->sequence_allowed;
1571
1572 if (receiver->number_rekeying_kce < 3)
1573 acks_to_add = reset_rekey_kces (receiver, acks_to_add);
1574 receiver->acks_available = receiver->ss_rekey->sequence_allowed;
1575 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1576 "%u receiver->acks_available 4\n",
1577 receiver->acks_available);
1578 /* add_acks (receiver->ss_rekey, acks_to_add - 3); */
1579 if (0 != acks_to_add)
1580 {
1581 add_acks (receiver->ss_rekey, acks_to_add);
1582 }
1583 receiver->ss_rekey = NULL;
1584 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1585 "# rekeying successful\n");
1586 GNUNET_STATISTICS_update (stats,
1587 "# rekeying successful",
1588 1,
1589 GNUNET_NO);
1590}
1591
1592
1593/**
1594 * We received an ACK for @a pid. Check if it is for
1595 * the receiver in @a value and if so, handle it and
1596 * return #GNUNET_NO. Otherwise, return #GNUNET_YES.
1597 *
1598 * @param cls a `const struct UDPAck`
1599 * @param pid peer the ACK is from
1600 * @param value a `struct ReceiverAddress`
1601 * @return #GNUNET_YES to continue to iterate
1602 */
1603static int
1604handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
1605{
1606 const struct UDPAck *ack = cls;
1607 struct ReceiverAddress *receiver = value;
1608 uint32_t acks_to_add;
1609 uint32_t allowed;
1610 // int needed_for_rekeying;
1611
1612 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1613 "in handle ack with cmac %s\n",
1614 GNUNET_h2s (&ack->cmac));
1615
1616 if (NULL != receiver->ss_rekey)
1617 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1618 "We have rekey secret with cmac %s \n",
1619 GNUNET_h2s (&receiver->ss_rekey->cmac));
1620
1621 if ((NULL != receiver->ss_rekey) && (0 == memcmp (&ack->cmac,
1622 &receiver->ss_rekey->cmac,
1623 sizeof(struct
1624 GNUNET_HashCode))) )
1625 {
1626 allowed = ntohl (ack->sequence_max);
1627
1628 if (allowed > receiver->ss_rekey->sequence_allowed)
1629 {
1630 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1631 "%u > %u (%u %u) for rekey secrect %s\n", allowed,
1632 receiver->ss_rekey->sequence_allowed,
1633 receiver->acks_available,
1634 ack->acks_available,
1635 GNUNET_h2s (&receiver->ss_rekey->master));
1636
1637 receiver->ss_rekey->sequence_allowed = allowed;
1638
1639 if (GNUNET_NO == receiver->rekeying)
1640 add_acks_rekey (receiver);
1641
1642 return GNUNET_NO;
1643 }
1644 }
1645
1646 (void) pid;
1647 for (struct SharedSecret *ss = receiver->ss_head; NULL != ss; ss = ss->next)
1648 {
1649 if (0 == memcmp (&ack->cmac, &ss->cmac, sizeof(struct GNUNET_HashCode)))
1650 {
1651
1652 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1653 "Found matching mac\n");
1654
1655 allowed = ntohl (ack->sequence_max);
1656
1657 if (allowed > ss->sequence_allowed)
1658 {
1659 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1660 "%u > %u (%u %u) for secrect %s\n", allowed,
1661 ss->sequence_allowed,
1662 receiver->acks_available,
1663 ack->acks_available,
1664 GNUNET_h2s (&ss->master));
1665 // Uncomment this for alternativ 1 of backchannel functionality
1666 acks_to_add = (allowed - ss->sequence_allowed);
1667 if ((GNUNET_NO == receiver->rekeying) &&
1668 (receiver->number_rekeying_kce < 3) )
1669 acks_to_add = reset_rekey_kces (receiver, acks_to_add);
1670 /* if ((GNUNET_NO == receiver->rekeying) && */
1671 /* (receiver->number_rekeying_kce < */
1672 /* 3) ) */
1673 /* { */
1674 /* needed_for_rekeying = (3 - receiver->number_rekeying_kce); */
1675 /* if (acks_to_add <= needed_for_rekeying) */
1676 /* { */
1677 /* receiver->number_rekeying_kce += acks_to_add; */
1678 /* acks_to_add = 0; */
1679 /* } */
1680 /* else */
1681 /* { */
1682 /* acks_to_add -= (3 - receiver->number_rekeying_kce); */
1683 /* receiver->number_rekeying_kce = 3; */
1684 /* } */
1685 /* } */
1686 /* GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, */
1687 /* "%u kce for rekeying\n", */
1688 /* receiver->number_rekeying_kce); */
1689
1690 if ((0 != acks_to_add) && (GNUNET_NO == receiver->rekeying))
1691 {
1692 receiver->acks_available += (allowed - ss->sequence_allowed);
1693 ss->sequence_allowed = allowed;
1694 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1695 "%u receiver->acks_available 5\n",
1696 receiver->acks_available);
1697 add_acks (ss, acks_to_add);
1698 }
1699 }
1700 return GNUNET_NO;
1701 }
1702 }
1703 return GNUNET_YES;
1704}
1705
1706
1707/**
1708 * Test if we have received a valid message in plaintext.
1709 * If so, handle it.
1710 *
1711 * @param sender peer to process inbound plaintext for
1712 * @param buf buffer we received
1713 * @param buf_size number of bytes in @a buf
1714 */
1715static void
1716try_handle_plaintext (struct SenderAddress *sender,
1717 const void *buf,
1718 size_t buf_size)
1719{
1720 const struct GNUNET_MessageHeader *hdr =
1721 (const struct GNUNET_MessageHeader *) buf;
1722 const struct UDPAck *ack = (const struct UDPAck *) buf;
1723 uint16_t type;
1724
1725 if (sizeof(*hdr) > buf_size)
1726 return; /* not even a header */
1727 if (ntohs (hdr->size) > buf_size)
1728 return; /* not even a header */
1729 type = ntohs (hdr->type);
1730 switch (type)
1731 {
1732 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:
1733 /* lookup master secret by 'cmac', then update sequence_max */
1734 GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
1735 &sender->target,
1736 &handle_ack,
1737 (void *) ack);
1738 /* There could be more messages after the ACK, handle those as well */
1739 buf += ntohs (hdr->size);
1740 buf_size -= ntohs (hdr->size);
1741 pass_plaintext_to_core (sender, buf, buf_size);
1742 break;
1743
1744 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD:
1745 /* skip padding */
1746 break;
1747
1748 default:
1749 pass_plaintext_to_core (sender, buf, buf_size);
1750 }
1751}
1752
1753
1754static void
1755kce_generate_cb (void *cls)
1756{
1757 struct SharedSecret *ss = cls;
1758
1759 ss->sender->kce_task = NULL;
1760
1761 if (((GNUNET_NO == ss->sender->rekeying) && (ss->sender->acks_available <
1762 KCN_TARGET) ) ||
1763 ((ss->sender->ss_rekey == ss) && (GNUNET_YES == ss->sender->rekeying) &&
1764 (ss->sender->acks_available < KCN_TARGET)))
1765 {
1766
1767 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1768 "Precomputing keys for master %s\n",
1769 GNUNET_h2s (&(ss->master)));
1770
1771 for (int i = 0; i < GENERATE_AT_ONCE; i++)
1772 kce_generate (ss, ++ss->sequence_allowed);
1773
1774 if (KCN_TARGET > ss->sender->acks_available)
1775 {
1776 ss->sender->kce_task = GNUNET_SCHEDULER_add_delayed (
1777 WORKING_QUEUE_INTERVALL,
1778 kce_generate_cb,
1779 ss);
1780 }
1781 else
1782 {
1783 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1784 "We have enough keys.\n");
1785 ss_finished = ss;
1786 ss->sender->kce_task_finished = GNUNET_YES;
1787 }
1788 }
1789
1790
1791
1792}
1793
1794
1795static void
1796kce_generate_rekey_cb (void *cls)
1797{
1798 struct SharedSecret *ss = cls;
1799
1800 ss->sender->kce_task_rekey = NULL;
1801
1802 if (NULL == ss->sender->kce_task)
1803 {
1804
1805 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1806 "Precomputing keys for rekey master %s\n",
1807 GNUNET_h2s (&(ss->master)));
1808
1809 for (int i = 0; i < GENERATE_AT_ONCE; i++)
1810 kce_generate (ss, ++ss->sequence_allowed);
1811
1812 ss->sender->kce_task = GNUNET_SCHEDULER_add_delayed (
1813 WORKING_QUEUE_INTERVALL,
1814 kce_generate_cb,
1815 ss);
1816 ss->sender->kce_task_rekey = NULL;
1817 }
1818 else
1819 {
1820 ss->sender->kce_task_rekey = GNUNET_SCHEDULER_add_delayed (
1821 WORKING_QUEUE_INTERVALL,
1822 kce_generate_rekey_cb,
1823 ss);
1824 }
1825}
1826
1827
1828/**
1829 * We established a shared secret with a sender. We should try to send
1830 * the sender an `struct UDPAck` at the next opportunity to allow the
1831 * sender to use @a ss longer (assuming we did not yet already
1832 * recently).
1833 *
1834 * @param ss shared secret to generate ACKs for
1835 * @param initial The SharedSecret came with initial KX.
1836 */
1837static void
1838consider_ss_ack (struct SharedSecret *ss, int initial)
1839{
1840 struct GNUNET_SCHEDULER_Task *kce_task_rekey;
1841 struct GNUNET_SCHEDULER_Task *kce_task;
1842 int kce_task_finished;
1843
1844 kce_task_rekey = ss->sender->kce_task_rekey;
1845 kce_task_finished = ss->sender->kce_task_finished;
1846 kce_task = ss->sender->kce_task;
1847
1848 GNUNET_assert (NULL != ss->sender);
1849 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1850 "Considering SS UDPAck %s\n",
1851 GNUNET_i2s_full (&ss->sender->target));
1852
1853 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1854 "We have %u acks available.\n",
1855 ss->sender->acks_available);
1856 /* drop ancient KeyCacheEntries */
1857 while ((NULL != ss->kce_head) &&
1858 (MAX_SQN_DELTA <
1859 ss->kce_head->sequence_number - ss->kce_tail->sequence_number))
1860 kce_destroy (ss->kce_tail);
1861
1862
1863 if (GNUNET_NO == initial)
1864 kce_generate (ss, ++ss->sequence_allowed);
1865
1866 /*if (0 == ss->sender->acks_available)
1867 {
1868 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1869 "Generating keys\n");
1870 while (ss->active_kce_count < KCN_TARGET)
1871 kce_generate (ss, ++ss->sequence_allowed);
1872 }*/
1873
1874 if (NULL != kce_task)
1875 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1876 "kce_task is not NULL\n");
1877 if (kce_task_finished)
1878 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1879 "kce_task_finished: GNUNET_YES\n");
1880 if (initial)
1881 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1882 "initial: GNUNET_YES\n");
1883
1884 if ( kce_task_finished || (GNUNET_NO == initial))
1885 {
1886 struct UDPAck ack;
1887 struct SharedSecret *ss_tell;
1888
1889 if (GNUNET_NO != initial)
1890 ss_tell = ss_finished;
1891 else
1892 ss_tell = ss;
1893
1894 ack.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK);
1895 ack.header.size = htons (sizeof(ack));
1896 ack.sequence_max = htonl (ss_tell->sequence_allowed);
1897 ack.acks_available = ss->sender->acks_available;
1898 ack.cmac = ss_tell->cmac;
1899 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1900 "Notifying transport of UDPAck %s with initial %u and master %s\n",
1901 GNUNET_i2s_full (&ss_tell->sender->target),
1902 initial,
1903 GNUNET_h2s (&(ss_tell->master)));
1904 GNUNET_TRANSPORT_communicator_notify (ch,
1905 &ss_tell->sender->target,
1906 COMMUNICATOR_ADDRESS_PREFIX,
1907 &ack.header);
1908 if (GNUNET_NO != initial)
1909 {
1910 destroy_all_secrets (ss, GNUNET_YES);
1911 ss->sender->kce_task_finished = GNUNET_NO;
1912 }
1913 }
1914 else if ((NULL == kce_task) && ((KCN_THRESHOLD >
1915 ss->sender->acks_available) ||
1916 (GNUNET_YES == ss->sender->rekeying) ||
1917 (ss->sender->num_secrets > MAX_SECRETS) ))
1918 {
1919
1920 // kce_generate (ss, ++ss->sequence_allowed);
1921 // kce_generate (ss, ++ss->sequence_allowed);
1922 // TODO This task must be per sender!
1923 kce_task = GNUNET_SCHEDULER_add_delayed (WORKING_QUEUE_INTERVALL,
1924 kce_generate_cb,
1925 ss);
1926 kce_task_finished = GNUNET_NO;
1927
1928 }
1929 else if ((NULL == kce_task_rekey) && (GNUNET_YES ==
1930 ss->sender->rekeying) )
1931 {
1932 kce_task_rekey = GNUNET_SCHEDULER_add_delayed (WORKING_QUEUE_INTERVALL,
1933 kce_generate_rekey_cb,
1934 ss);
1935 }
1936}
1937
1938
1939/**
1940 * We received a @a box with matching @a kce. Decrypt and process it.
1941 *
1942 * @param box the data we received
1943 * @param box_len number of bytes in @a box
1944 * @param kce key index to decrypt @a box
1945 */
1946static void
1947decrypt_box (const struct UDPBox *box,
1948 size_t box_len,
1949 struct KeyCacheEntry *kce)
1950{
1951 struct SharedSecret *ss = kce->ss;
1952 char out_buf[box_len - sizeof(*box)];
1953
1954 GNUNET_assert (NULL != ss->sender);
1955 if (GNUNET_OK != try_decrypt (ss,
1956 box->gcm_tag,
1957 kce->sequence_number,
1958 (const char *) &box[1],
1959 sizeof(out_buf),
1960 out_buf))
1961 {
1962 GNUNET_STATISTICS_update (stats,
1963 "# Decryption failures with valid KCE",
1964 1,
1965 GNUNET_NO);
1966 kce_destroy (kce);
1967 return;
1968 }
1969 kce_destroy (kce);
1970 GNUNET_STATISTICS_update (stats,
1971 "# bytes decrypted with BOX",
1972 sizeof(out_buf),
1973 GNUNET_NO);
1974 GNUNET_STATISTICS_update (stats,
1975 "# messages decrypted with BOX",
1976 1,
1977 GNUNET_NO);
1978 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1979 "decrypted UDPBox with kid %s\n",
1980 GNUNET_sh2s (&box->kid));
1981 try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));
1982 if ((GNUNET_NO == box->rekeying) && (GNUNET_YES == ss->sender->rekeying))
1983 {
1984 ss->sender->rekeying = GNUNET_NO;
1985 ss->sender->ss_rekey = NULL;
1986 // destroy_all_secrets (ss, GNUNET_NO);
1987 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1988 "Receiver stopped rekeying.\n");
1989 }
1990 else if (GNUNET_NO == box->rekeying)
1991 consider_ss_ack (ss, GNUNET_NO);
1992 else
1993 {
1994 ss->sender->rekeying = GNUNET_YES;
1995 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1996 "Got Box: Receiver doing rekeying.\n");
1997 }
1998}
1999
2000
2001/**
2002 * We received a @a rekey with matching @a kce. Decrypt and process it.
2003 *
2004 * @param rekey the data we received
2005 * @param rekey_len number of bytes in @a rekey
2006 * @param kce key index to decrypt @a rekey
2007 */
2008static void
2009decrypt_rekey (const struct UDPRekey *rekey,
2010 size_t rekey_len,
2011 struct KeyCacheEntry *kce,
2012 struct SenderAddress *sender)
2013{
2014 struct SharedSecret *ss = kce->ss;
2015 struct SharedSecret *ss_rekey;
2016 char out_buf[rekey_len - sizeof(*rekey)];
2017 struct GNUNET_HashCode *master;
2018
2019
2020 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2021 "decrypt_rekey.\n");
2022
2023 GNUNET_assert (NULL != ss->sender);
2024 if (GNUNET_OK != try_decrypt (ss,
2025 rekey->gcm_tag,
2026 kce->sequence_number,
2027 (const char *) &rekey[1],
2028 sizeof(out_buf),
2029 out_buf))
2030 {
2031 GNUNET_STATISTICS_update (stats,
2032 "# Decryption failures with valid KCE",
2033 1,
2034 GNUNET_NO);
2035 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2036 "Decryption with kid %s failed\n",
2037 GNUNET_sh2s (&rekey->kid));
2038 kce_destroy (kce);
2039 return;
2040 }
2041 kce_destroy (kce);
2042 GNUNET_STATISTICS_update (stats,
2043 "# bytes decrypted with Rekey",
2044 sizeof(out_buf),
2045 GNUNET_NO);
2046 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2047 "decrypted UDPRekey with kid %s\n",
2048 GNUNET_sh2s (&rekey->kid));
2049 /*cmac = (struct GNUNET_HashCode *) out_buf;
2050 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2051 "Received secret with cmac %s \n",
2052 GNUNET_h2s (&cmac));*/
2053 // ss_rekey = (struct SharedSecret *) out_buf;
2054 master = (struct GNUNET_HashCode *) out_buf;
2055 ss_rekey = GNUNET_new (struct SharedSecret);
2056 ss_rekey->master = *master;
2057 calculate_cmac (ss_rekey);
2058 ss_rekey->sender = sender;
2059 // ss_rekey->sequence_used = 0;
2060 // ss_rekey->sequence_allowed = 0;
2061 /* ss_rekey->active_kce_count = 0; */
2062 /* ss_rekey->prev = NULL; */
2063 /* ss_rekey->next = NULL; */
2064 /* GNUNET_assert (ss_rekey->prev == NULL && sender->ss_head != ss_rekey); */
2065 /* GNUNET_assert (ss_rekey->next == NULL && sender->ss_tail != ss_rekey); */
2066 GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
2067 sender->ss_rekey = ss_rekey;
2068 sender->num_secrets++;
2069 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2070 "Received secret with cmac %s\n",
2071 GNUNET_h2s (&(ss_rekey->cmac)));
2072 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2073 "Received secret with master %s.\n",
2074 GNUNET_h2s (&(ss_rekey->master)));
2075 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2076 "We have %u sequence_allowed.\n",
2077 ss_rekey->sequence_allowed);
2078 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2079 "We have a sender %p\n",
2080 ss_rekey->sender);
2081 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2082 "We have %u acks available.\n",
2083 ss_rekey->sender->acks_available);
2084 consider_ss_ack (ss_rekey, GNUNET_YES);
2085
2086}
2087
2088
2089/**
2090 * Closure for #find_sender_by_address()
2091 */
2092struct SearchContext
2093{
2094 /**
2095 * Address we are looking for.
2096 */
2097 const struct sockaddr *address;
2098
2099 /**
2100 * Number of bytes in @e address.
2101 */
2102 socklen_t address_len;
2103
2104 /**
2105 * Return value to set if we found a match.
2106 */
2107 struct SenderAddress *sender;
2108};
2109
2110
2111/**
2112 * Find existing `struct SenderAddress` by matching addresses.
2113 *
2114 * @param cls a `struct SearchContext`
2115 * @param key ignored, must match already
2116 * @param value a `struct SenderAddress`
2117 * @return #GNUNET_YES if not found (continue to search), #GNUNET_NO if found
2118 */
2119static int
2120find_sender_by_address (void *cls,
2121 const struct GNUNET_PeerIdentity *key,
2122 void *value)
2123{
2124 struct SearchContext *sc = cls;
2125 struct SenderAddress *sender = value;
2126
2127 if ((sender->address_len == sc->address_len) &&
2128 (0 == memcmp (sender->address, sc->address, sender->address_len)))
2129 {
2130 sc->sender = sender;
2131 return GNUNET_NO; /* stop iterating! */
2132 }
2133 return GNUNET_YES;
2134}
2135
2136
2137/**
2138 * Create sender address for @a target. Note that we
2139 * might already have one, so a fresh one is only allocated
2140 * if one does not yet exist for @a address.
2141 *
2142 * @param target peer to generate address for
2143 * @param address target address
2144 * @param address_len number of bytes in @a address
2145 * @return data structure to keep track of key material for
2146 * decrypting data from @a target
2147 */
2148static struct SenderAddress *
2149setup_sender (const struct GNUNET_PeerIdentity *target,
2150 const struct sockaddr *address,
2151 socklen_t address_len)
2152{
2153 struct SenderAddress *sender;
2154 struct SearchContext sc = { .address = address,
2155 .address_len = address_len,
2156 .sender = NULL };
2157
2158 GNUNET_CONTAINER_multipeermap_get_multiple (senders,
2159 target,
2160 &find_sender_by_address,
2161 &sc);
2162 if (NULL != sc.sender)
2163 {
2164 reschedule_sender_timeout (sc.sender);
2165 return sc.sender;
2166 }
2167 sender = GNUNET_new (struct SenderAddress);
2168 sender->target = *target;
2169 sender->address = GNUNET_memdup (address, address_len);
2170 sender->address_len = address_len;
2171 (void) GNUNET_CONTAINER_multipeermap_put (
2172 senders,
2173 &sender->target,
2174 sender,
2175 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
2176 GNUNET_STATISTICS_set (stats,
2177 "# senders active",
2178 GNUNET_CONTAINER_multipeermap_size (receivers),
2179 GNUNET_NO);
2180 sender->timeout =
2181 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
2182 sender->hn = GNUNET_CONTAINER_heap_insert (senders_heap,
2183 sender,
2184 sender->timeout.abs_value_us);
2185 sender->nt = GNUNET_NT_scanner_get_type (is, address, address_len);
2186 if (NULL == timeout_task)
2187 timeout_task = GNUNET_SCHEDULER_add_now (&check_timeouts, NULL);
2188 return sender;
2189}
2190
2191
2192/**
2193 * Check signature from @a uc against @a ephemeral.
2194 *
2195 * @param ephermal key that is signed
2196 * @param uc signature of claimant
2197 * @return #GNUNET_OK if signature is valid
2198 */
2199static int
2200verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
2201 const struct UDPConfirmation *uc)
2202{
2203 struct UdpHandshakeSignature uhs;
2204
2205 uhs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE);
2206 uhs.purpose.size = htonl (sizeof(uhs));
2207 uhs.sender = uc->sender;
2208 uhs.receiver = my_identity;
2209 uhs.ephemeral = *ephemeral;
2210 uhs.monotonic_time = uc->monotonic_time;
2211 return GNUNET_CRYPTO_eddsa_verify (
2212 GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE,
2213 &uhs,
2214 &uc->sender_sig,
2215 &uc->sender.public_key);
2216}
2217
2218
2219/**
2220 * Converts @a address to the address string format used by this
2221 * communicator in HELLOs.
2222 *
2223 * @param address the address to convert, must be AF_INET or AF_INET6.
2224 * @param address_len number of bytes in @a address
2225 * @return string representation of @a address
2226 */
2227static char *
2228sockaddr_to_udpaddr_string (const struct sockaddr *address,
2229 socklen_t address_len)
2230{
2231 char *ret;
2232
2233 switch (address->sa_family)
2234 {
2235 case AF_INET:
2236 GNUNET_asprintf (&ret,
2237 "%s-%s",
2238 COMMUNICATOR_ADDRESS_PREFIX,
2239 GNUNET_a2s (address, address_len));
2240 break;
2241
2242 case AF_INET6:
2243 GNUNET_asprintf (&ret,
2244 "%s-%s",
2245 COMMUNICATOR_ADDRESS_PREFIX,
2246 GNUNET_a2s (address, address_len));
2247 break;
2248
2249 default:
2250 GNUNET_assert (0);
2251 }
2252 return ret;
2253}
2254
2255
2256/**
2257 * Socket read task.
2258 *
2259 * @param cls NULL
2260 */
2261static void
2262sock_read (void *cls)
2263{
2264 struct sockaddr_storage sa;
2265 struct sockaddr_in *addr_verify;
2266 socklen_t salen = sizeof(sa);
2267 char buf[UINT16_MAX];
2268 ssize_t rcvd;
2269
2270 (void) cls;
2271 read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2272 udp_sock,
2273 &sock_read,
2274 NULL);
2275 rcvd = GNUNET_NETWORK_socket_recvfrom (udp_sock,
2276 buf,
2277 sizeof(buf),
2278 (struct sockaddr *) &sa,
2279 &salen);
2280 if (-1 == rcvd)
2281 {
2282 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
2283 return;
2284 }
2285 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2286 "Read %lu bytes\n", rcvd);
2287
2288 if (rcvd > sizeof(struct UDPRekey))
2289 {
2290 const struct UDPRekey *rekey;
2291 const struct UDPBox *box;
2292 struct KeyCacheEntry *kce;
2293 struct SenderAddress *sender;
2294 int do_decrypt = GNUNET_NO;
2295
2296 rekey = (const struct UDPRekey *) buf;
2297 box = (const struct UDPBox *) buf;
2298 kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);
2299
2300 if ((GNUNET_YES == box->rekeying) || (GNUNET_NO == box->rekeying))
2301 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2302 "UDPRekey has rekeying %u\n",
2303 box->rekeying);
2304 else
2305 do_decrypt = GNUNET_YES;
2306
2307 if ((GNUNET_YES == do_decrypt) && (NULL != kce) && (GNUNET_YES ==
2308 kce->ss->sender->
2309 rekeying))
2310 {
2311 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2312 "UDPRekey with kid %s\n",
2313 GNUNET_sh2s (&rekey->kid));
2314 sender = setup_sender (&rekey->sender, (const struct sockaddr *) &sa,
2315 salen);
2316
2317 if (NULL != sender->ss_rekey)
2318 return;
2319
2320 decrypt_rekey (rekey, (size_t) rcvd, kce, sender);
2321 return;
2322 }
2323 }
2324
2325 /* first, see if it is a UDPBox */
2326 if (rcvd > sizeof(struct UDPBox))
2327 {
2328 const struct UDPBox *box;
2329 struct KeyCacheEntry *kce;
2330
2331 box = (const struct UDPBox *) buf;
2332 kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &box->kid);
2333 if (NULL != kce)
2334 {
2335 decrypt_box (box, (size_t) rcvd, kce);
2336 return;
2337 }
2338 }
2339
2340 /* next, check if it is a broadcast */
2341 if (sizeof(struct UDPBroadcast) == rcvd)
2342 {
2343 const struct UDPBroadcast *ub;
2344 struct UdpBroadcastSignature uhs;
2345 struct GNUNET_PeerIdentity sender;
2346
2347 addr_verify = GNUNET_memdup (&sa, salen);
2348 addr_verify->sin_port = 0;
2349 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2350 "received UDPBroadcast from %s\n",
2351 GNUNET_a2s ((const struct sockaddr *) addr_verify, salen));
2352 ub = (const struct UDPBroadcast *) buf;
2353 uhs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST);
2354 uhs.purpose.size = htonl (sizeof(uhs));
2355 uhs.sender = ub->sender;
2356 sender = ub->sender;
2357 if (0 == memcmp (&sender, &my_identity, sizeof (struct
2358 GNUNET_PeerIdentity)))
2359 {
2360 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2361 "Received our own broadcast\n");
2362 return;
2363 }
2364 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2365 "checking UDPBroadcastSignature for %s\n",
2366 GNUNET_i2s (&sender));
2367 GNUNET_CRYPTO_hash ((struct sockaddr *) addr_verify, salen, &uhs.h_address);
2368 if (GNUNET_OK ==
2369 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST,
2370 &uhs,
2371 &ub->sender_sig,
2372 &ub->sender.public_key))
2373 {
2374 char *addr_s;
2375 enum GNUNET_NetworkType nt;
2376
2377 addr_s =
2378 sockaddr_to_udpaddr_string ((const struct sockaddr *) &sa, salen);
2379 GNUNET_STATISTICS_update (stats, "# broadcasts received", 1, GNUNET_NO);
2380 /* use our own mechanism to determine network type */
2381 nt =
2382 GNUNET_NT_scanner_get_type (is, (const struct sockaddr *) &sa, salen);
2383 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2384 "validating address %s received from UDPBroadcast\n",
2385 GNUNET_i2s (&sender));
2386 GNUNET_TRANSPORT_application_validate (ah, &sender, nt, addr_s);
2387 GNUNET_free (addr_s);
2388 return;
2389 }
2390 else
2391 {
2392 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2393 "VerifyingPeer %s is verifying UDPBroadcast\n",
2394 GNUNET_i2s (&my_identity));
2395 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2396 "Verifying UDPBroadcast from %s failed\n",
2397 GNUNET_i2s (&ub->sender));
2398 }
2399 GNUNET_free (addr_verify);
2400 /* continue with KX, mostly for statistics... */
2401 }
2402
2403
2404 /* finally, test if it is a KX */
2405 if (rcvd < sizeof(struct UDPConfirmation) + sizeof(struct InitialKX))
2406 {
2407 GNUNET_STATISTICS_update (stats,
2408 "# messages dropped (no kid, too small for KX)",
2409 1,
2410 GNUNET_NO);
2411 return;
2412 }
2413 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2414 "Got KX\n");
2415 {
2416 const struct InitialKX *kx;
2417 struct SharedSecret *ss;
2418 char pbuf[rcvd - sizeof(struct InitialKX)];
2419 const struct UDPConfirmation *uc;
2420 struct SenderAddress *sender;
2421
2422 kx = (const struct InitialKX *) buf;
2423 ss = setup_shared_secret_dec (&kx->ephemeral);
2424 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2425 "Before DEC\n");
2426
2427 if (GNUNET_OK != try_decrypt (ss,
2428 kx->gcm_tag,
2429 0,
2430 &buf[sizeof(*kx)],
2431 sizeof(pbuf),
2432 pbuf))
2433 {
2434 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2435 "Unable to decrypt tag, dropping...\n");
2436 GNUNET_free (ss);
2437 GNUNET_STATISTICS_update (
2438 stats,
2439 "# messages dropped (no kid, AEAD decryption failed)",
2440 1,
2441 GNUNET_NO);
2442 return;
2443 }
2444 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2445 "Before VERIFY\n");
2446
2447 uc = (const struct UDPConfirmation *) pbuf;
2448 if (GNUNET_OK != verify_confirmation (&kx->ephemeral, uc))
2449 {
2450 GNUNET_break_op (0);
2451 GNUNET_free (ss);
2452 GNUNET_STATISTICS_update (stats,
2453 "# messages dropped (sender signature invalid)",
2454 1,
2455 GNUNET_NO);
2456 return;
2457 }
2458 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2459 "Before SETUP_SENDER\n");
2460
2461 calculate_cmac (ss);
2462 sender = setup_sender (&uc->sender, (const struct sockaddr *) &sa, salen);
2463 ss->sender = sender;
2464 GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss);
2465 sender->num_secrets++;
2466 GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
2467 GNUNET_STATISTICS_update (stats,
2468 "# messages decrypted without BOX",
2469 1,
2470 GNUNET_NO);
2471 try_handle_plaintext (sender, &uc[1], sizeof(pbuf) - sizeof(*uc));
2472 if ((GNUNET_NO == kx->rekeying) && (GNUNET_YES == ss->sender->rekeying))
2473 {
2474 ss->sender->rekeying = GNUNET_NO;
2475 sender->ss_rekey = NULL;
2476 // destroy_all_secrets (ss, GNUNET_NO);
2477 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2478 "Receiver stopped rekeying.\n");
2479 }
2480 else if (GNUNET_NO == kx->rekeying)
2481 consider_ss_ack (ss, GNUNET_YES);
2482 else
2483 {
2484 ss->sender->rekeying = GNUNET_YES;
2485 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2486 "Got KX: Receiver doing rekeying.\n");
2487 }
2488 /*if (sender->num_secrets > MAX_SECRETS)
2489 secret_destroy (sender->ss_tail);*/
2490 }
2491}
2492
2493
2494/**
2495 * Convert UDP bind specification to a `struct sockaddr *`
2496 *
2497 * @param bindto bind specification to convert
2498 * @param[out] sock_len set to the length of the address
2499 * @return converted bindto specification
2500 */
2501static struct sockaddr *
2502udp_address_to_sockaddr (const char *bindto, socklen_t *sock_len)
2503{
2504 struct sockaddr *in;
2505 unsigned int port;
2506 char dummy[2];
2507 char *colon;
2508 char *cp;
2509
2510 if (1 == sscanf (bindto, "%u%1s", &port, dummy))
2511 {
2512 /* interpreting value as just a PORT number */
2513 if (port > UINT16_MAX)
2514 {
2515 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2516 "BINDTO specification `%s' invalid: value too large for port\n",
2517 bindto);
2518 return NULL;
2519 }
2520 if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) ||
2521 (GNUNET_YES ==
2522 GNUNET_CONFIGURATION_get_value_yesno (cfg,
2523 COMMUNICATOR_CONFIG_SECTION,
2524 "DISABLE_V6")))
2525 {
2526 struct sockaddr_in *i4;
2527
2528 i4 = GNUNET_malloc (sizeof(struct sockaddr_in));
2529 i4->sin_family = AF_INET;
2530 i4->sin_port = htons ((uint16_t) port);
2531 *sock_len = sizeof(struct sockaddr_in);
2532 in = (struct sockaddr *) i4;
2533 }
2534 else
2535 {
2536 struct sockaddr_in6 *i6;
2537
2538 i6 = GNUNET_malloc (sizeof(struct sockaddr_in6));
2539 i6->sin6_family = AF_INET6;
2540 i6->sin6_port = htons ((uint16_t) port);
2541 *sock_len = sizeof(struct sockaddr_in6);
2542 in = (struct sockaddr *) i6;
2543 }
2544 return in;
2545 }
2546 cp = GNUNET_strdup (bindto);
2547 colon = strrchr (cp, ':');
2548 if (NULL != colon)
2549 {
2550 /* interpret value after colon as port */
2551 *colon = '\0';
2552 colon++;
2553 if (1 == sscanf (colon, "%u%1s", &port, dummy))
2554 {
2555 /* interpreting value as just a PORT number */
2556 if (port > UINT16_MAX)
2557 {
2558 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2559 "BINDTO specification `%s' invalid: value too large for port\n",
2560 bindto);
2561 GNUNET_free (cp);
2562 return NULL;
2563 }
2564 }
2565 else
2566 {
2567 GNUNET_log (
2568 GNUNET_ERROR_TYPE_ERROR,
2569 "BINDTO specification `%s' invalid: last ':' not followed by number\n",
2570 bindto);
2571 GNUNET_free (cp);
2572 return NULL;
2573 }
2574 }
2575 else
2576 {
2577 /* interpret missing port as 0, aka pick any free one */
2578 port = 0;
2579 }
2580 {
2581 /* try IPv4 */
2582 struct sockaddr_in v4;
2583 if (1 == inet_pton (AF_INET, cp, &v4.sin_addr))
2584 {
2585 v4.sin_family = AF_INET;
2586 v4.sin_port = htons ((uint16_t) port);
2587#if HAVE_SOCKADDR_IN_SIN_LEN
2588 v4.sin_len = sizeof(struct sockaddr_in);
2589#endif
2590 in = GNUNET_memdup (&v4, sizeof(struct sockaddr_in));
2591 *sock_len = sizeof(struct sockaddr_in);
2592 GNUNET_free (cp);
2593 return in;
2594 }
2595 }
2596 {
2597 /* try IPv6 */
2598 struct sockaddr_in6 v6;
2599 const char *start;
2600
2601 start = cp;
2602 if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
2603 {
2604 start++; /* skip over '[' */
2605 cp[strlen (cp) - 1] = '\0'; /* eat ']' */
2606 }
2607 if (1 == inet_pton (AF_INET6, start, &v6.sin6_addr))
2608 {
2609 v6.sin6_family = AF_INET6;
2610 v6.sin6_port = htons ((uint16_t) port);
2611#if HAVE_SOCKADDR_IN_SIN_LEN
2612 v6.sin6_len = sizeof(sizeof(struct sockaddr_in6));
2613#endif
2614 in = GNUNET_memdup (&v6, sizeof(v6));
2615 *sock_len = sizeof(v6);
2616 GNUNET_free (cp);
2617 return in;
2618 }
2619 }
2620 /* #5528 FIXME (feature!): maybe also try getnameinfo()? */
2621 GNUNET_free (cp);
2622 return NULL;
2623}
2624
2625
2626/**
2627 * Pad @a dgram by @a pad_size using @a out_cipher.
2628 *
2629 * @param out_cipher cipher to use
2630 * @param dgram datagram to pad
2631 * @param pad_size number of bytes of padding to append
2632 */
2633static void
2634do_pad (gcry_cipher_hd_t out_cipher, char *dgram, size_t pad_size)
2635{
2636 char pad[pad_size];
2637
2638 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, pad, sizeof(pad));
2639 if (sizeof(pad) > sizeof(struct GNUNET_MessageHeader))
2640 {
2641 struct GNUNET_MessageHeader hdr =
2642 { .size = htons (sizeof(pad)),
2643 .type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD) };
2644
2645 memcpy (pad, &hdr, sizeof(hdr));
2646 }
2647 GNUNET_assert (
2648 0 ==
2649 gcry_cipher_encrypt (out_cipher, dgram, sizeof(pad), pad, sizeof(pad)));
2650}
2651
2652
2653/**
2654 * Signature of functions implementing the sending functionality of a
2655 * message queue.
2656 *
2657 * @param mq the message queue
2658 * @param msg the message to send
2659 * @param impl_state our `struct ReceiverAddress`
2660 */
2661static void
2662mq_send_kx (struct GNUNET_MQ_Handle *mq,
2663 const struct GNUNET_MessageHeader *msg,
2664 void *impl_state)
2665{
2666 struct ReceiverAddress *receiver = impl_state;
2667 uint16_t msize = ntohs (msg->size);
2668 struct UdpHandshakeSignature uhs;
2669 struct UDPConfirmation uc;
2670 struct InitialKX kx;
2671 struct GNUNET_CRYPTO_EcdhePrivateKey epriv;
2672 char dgram[receiver->kx_mtu + sizeof(uc) + sizeof(kx)];
2673 size_t dpos;
2674 gcry_cipher_hd_t out_cipher;
2675 struct SharedSecret *ss;
2676
2677 GNUNET_assert (mq == receiver->kx_mq);
2678 if (msize > receiver->kx_mtu)
2679 {
2680 GNUNET_break (0);
2681 if (GNUNET_YES != receiver->receiver_destroy_called)
2682 receiver_destroy (receiver);
2683 return;
2684 }
2685 reschedule_receiver_timeout (receiver);
2686
2687 /* setup key material */
2688 GNUNET_CRYPTO_ecdhe_key_create (&epriv);
2689
2690 ss = setup_shared_secret_enc (&epriv, receiver, GNUNET_YES);
2691
2692 if (receiver->num_secrets > MAX_SECRETS)
2693 {
2694 destroy_all_secrets (ss, GNUNET_YES);
2695 }
2696
2697 setup_cipher (&ss->master, 0, &out_cipher);
2698 /* compute 'uc' */
2699 uc.sender = my_identity;
2700 uc.monotonic_time =
2701 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
2702 uhs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE);
2703 uhs.purpose.size = htonl (sizeof(uhs));
2704 uhs.sender = my_identity;
2705 uhs.receiver = receiver->target;
2706 GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral);
2707 uhs.monotonic_time = uc.monotonic_time;
2708 GNUNET_CRYPTO_eddsa_sign (my_private_key,
2709 &uhs,
2710 &uc.sender_sig);
2711 /* Leave space for kx */
2712 dpos = sizeof(kx);
2713 /* Append encrypted uc to dgram */
2714 GNUNET_assert (0 == gcry_cipher_encrypt (out_cipher,
2715 &dgram[dpos],
2716 sizeof(uc),
2717 &uc,
2718 sizeof(uc)));
2719 dpos += sizeof(uc);
2720 /* Append encrypted payload to dgram */
2721 GNUNET_assert (
2722 0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
2723 dpos += msize;
2724 do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
2725 /* Datagram starts with kx */
2726 kx.ephemeral = uhs.ephemeral;
2727 GNUNET_assert (
2728 0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
2729 gcry_cipher_close (out_cipher);
2730 if (GNUNET_NO == receiver->rekeying)
2731 kx.rekeying = GNUNET_NO;
2732 else
2733 kx.rekeying = GNUNET_YES;
2734 memcpy (dgram, &kx, sizeof(kx));
2735 if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
2736 dgram,
2737 sizeof(dgram),
2738 receiver->address,
2739 receiver->address_len))
2740 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
2741 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2742 "Sending KX with payload size %u to %s\n",
2743 msize,
2744 GNUNET_a2s (receiver->address,
2745 receiver->address_len));
2746 GNUNET_MQ_impl_send_continue (mq);
2747}
2748
2749
2750static void
2751check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
2752{
2753
2754 struct GNUNET_TIME_Relative rt;
2755
2756 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2757 "Timeout is %llu\n.",
2758 (unsigned long long) receiver->rekey_timeout.abs_value_us);
2759
2760 if (0 == receiver->rekey_timeout.abs_value_us)
2761 {
2762 receiver->rekey_timeout = GNUNET_TIME_relative_to_absolute (
2763 rekey_interval);
2764 }
2765 else
2766 {
2767 rt = GNUNET_TIME_absolute_get_remaining (receiver->rekey_timeout);
2768 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2769 "Relative time is %llu and timeout is %llu\n.",
2770 (unsigned long long) rt.rel_value_us,
2771 (unsigned long long) receiver->rekey_timeout.abs_value_us);
2772
2773 if ((0 == rt.rel_value_us) || (receiver->rekey_send_bytes >
2774 rekey_max_bytes) )
2775 {
2776 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2777 "Bytes send %llu greater than %llu max bytes\n.",
2778 (unsigned long long) receiver->rekey_send_bytes,
2779 rekey_max_bytes);
2780 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2781 "Relative time is %llu and timeout is %llu\n.",
2782 (unsigned long long) rt.rel_value_us,
2783 (unsigned long long) receiver->rekey_timeout.abs_value_us);
2784
2785 receiver->rekey_timeout.abs_value_us = 0;
2786 receiver->rekey_send_bytes = 0;
2787 receiver->ss_rekey = NULL;
2788 // destroy_all_secrets (ss, GNUNET_NO);
2789 receiver->rekeying = GNUNET_YES;
2790 receiver->rekey_acks_available = receiver->acks_available;
2791 box->rekeying = GNUNET_YES;
2792 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2793 "Sender started rekeying.\n");
2794 if (GNUNET_YES == box->rekeying)
2795 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2796 "Sending rekeying with kid %s\n",
2797 GNUNET_sh2s (&box->kid));
2798 }
2799 }
2800}
2801
2802
2803static void
2804send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
2805{
2806 uint8_t is_ss_rekey_sequence_allowed_zero = GNUNET_NO;
2807 uint8_t is_acks_available_below = GNUNET_NO;
2808 uint8_t send_rekey = GNUNET_NO;
2809 uint16_t not_below;
2810 struct GNUNET_CRYPTO_EcdhePrivateKey epriv;
2811 struct UDPRekey *rekey;
2812 size_t dpos;
2813
2814 char rekey_dgram[sizeof(struct UDPRekey) + receiver->d_mtu];
2815
2816 if (NULL != receiver->ss_rekey)
2817 {
2818 not_below = (receiver->rekey_acks_available
2819 - (receiver->rekey_acks_available % 3)) / 3;
2820 is_ss_rekey_sequence_allowed_zero = (0 ==
2821 receiver->ss_rekey->sequence_allowed);
2822 is_acks_available_below = (receiver->acks_available >= not_below);
2823 send_rekey = (0 == (receiver->acks_available - not_below) % not_below) &&
2824 is_acks_available_below && is_ss_rekey_sequence_allowed_zero;
2825 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2826 "send_rekey: %u, %u, %u\n",
2827 send_rekey,
2828 receiver->rekey_acks_available,
2829 receiver->acks_available);
2830 }
2831 else if (NULL == receiver->ss_rekey)
2832 {
2833 /* setup key material */
2834 GNUNET_CRYPTO_ecdhe_key_create (&epriv);
2835 receiver->ss_rekey = setup_shared_secret_enc (&epriv, receiver,
2836 GNUNET_NO);
2837 receiver->ss_rekey->sequence_allowed = 0;
2838 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2839 "Setup secret with cmac %s\n",
2840 GNUNET_h2s (&(receiver->ss_rekey->cmac)));
2841 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2842 "Setup secret with master %s.\n",
2843 GNUNET_h2s (&(receiver->ss_rekey->master)));
2844 }
2845
2846 if (send_rekey)
2847 {
2848 GNUNET_assert (0 != receiver->number_rekeying_kce);
2849 gcry_cipher_hd_t rekey_out_cipher;
2850
2851 while (NULL != ss && ss->sequence_used >= ss->sequence_allowed)
2852 {
2853 ss = ss->prev;
2854 }
2855
2856 if (NULL != ss)
2857 {
2858 rekey = (struct UDPRekey *) rekey_dgram;
2859 rekey->sender = my_identity;
2860 ss->sequence_used++;
2861 get_kid (&ss->master, ss->sequence_used, &rekey->kid);
2862 receiver->number_rekeying_kce--;
2863 setup_cipher (&ss->master, ss->sequence_used, &rekey_out_cipher);
2864 /* Append encrypted payload to dgram */
2865 dpos = sizeof(struct UDPRekey);
2866
2867 GNUNET_assert (
2868 0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos],
2869 sizeof(receiver->ss_rekey->master),
2870 &(receiver->ss_rekey->master),
2871 sizeof(receiver->ss_rekey->master)));
2872 dpos += sizeof(receiver->ss_rekey->master);
2873 /* GNUNET_assert ( */
2874 /* 0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos], */
2875 /* /\*sizeof(receiver->ss_rekey->cmac), */
2876 /* &(receiver->ss_rekey->cmac), */
2877 /* sizeof(receiver->ss_rekey->cmac))); */
2878 /* dpos += sizeof(receiver->ss_rekey->cmac);*\/ */
2879 /* sizeof(receiver->ss_rekey), */
2880 /* receiver->ss_rekey, */
2881 /* sizeof(receiver->ss_rekey))); */
2882 /* dpos += sizeof(receiver->ss_rekey); */
2883 do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram)
2884 - dpos);
2885 GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher,
2886 rekey->gcm_tag,
2887 sizeof(rekey->gcm_tag)));
2888 gcry_cipher_close (rekey_out_cipher);
2889
2890 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2891 "Sending rekey with kid %s and master %s\n",
2892 GNUNET_sh2s (&rekey->kid),
2893 GNUNET_h2s (&(receiver->ss_rekey->master)));
2894 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2895 "Sending rekey with cmac %s\n",
2896 GNUNET_h2s (&(receiver->ss_rekey->cmac)));
2897 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2898 "%u rekey kces left.\n",
2899 receiver->number_rekeying_kce);
2900
2901 if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
2902 rekey_dgram,
2903 sizeof(rekey_dgram),
2904 receiver->address,
2905 receiver->address_len))
2906 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
2907
2908 receiver->acks_available--;
2909 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2910 "%u receiver->acks_available 1\n",
2911 receiver->acks_available);
2912 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2913 "Sending UDPRekey to %s\n", GNUNET_a2s (receiver->address,
2914 receiver->
2915 address_len));
2916 }
2917 }
2918}
2919
2920
2921/**
2922 * Signature of functions implementing the sending functionality of a
2923 * message queue.
2924 *
2925 * @param mq the message queue
2926 * @param msg the message to send
2927 * @param impl_state our `struct ReceiverAddress`
2928 */
2929static void
2930mq_send_d (struct GNUNET_MQ_Handle *mq,
2931 const struct GNUNET_MessageHeader *msg,
2932 void *impl_state)
2933{
2934 struct ReceiverAddress *receiver = impl_state;
2935 uint16_t msize = ntohs (msg->size);
2936
2937 GNUNET_assert (mq == receiver->d_mq);
2938 if ((msize > receiver->d_mtu) ||
2939 (0 == receiver->acks_available))
2940 {
2941 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2942 "msize: %u, mtu: %lu, acks: %u\n",
2943 msize,
2944 receiver->d_mtu,
2945 receiver->acks_available);
2946
2947 GNUNET_break (0);
2948 if (GNUNET_YES != receiver->receiver_destroy_called)
2949 receiver_destroy (receiver);
2950 return;
2951 }
2952 reschedule_receiver_timeout (receiver);
2953
2954 /* begin "BOX" encryption method, scan for ACKs from tail! */
2955 for (struct SharedSecret *ss = receiver->ss_tail; NULL != ss; ss = ss->prev)
2956 {
2957 if (0 < ss->sequence_used)
2958 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2959 "Trying to send UDPBox with shared secrect %s sequence_used %u and ss->sequence_allowed %u\n",
2960 GNUNET_h2s (&ss->master),
2961 ss->sequence_used,
2962 ss->sequence_allowed);
2963 // Uncomment this for alternativ 1 of backchannel functionality
2964 if (ss->sequence_used >= ss->sequence_allowed)
2965 // Until here for alternativ 1
2966 // Uncomment this for alternativ 2 of backchannel functionality
2967 // if (0 == ss->sequence_allowed)
2968 // Until here for alternativ 2
2969 {
2970 continue;
2971 }
2972 char dgram[sizeof(struct UDPBox) + receiver->d_mtu];
2973 struct UDPBox *box;
2974 gcry_cipher_hd_t out_cipher;
2975 size_t dpos;
2976
2977 box = (struct UDPBox *) dgram;
2978 ss->sequence_used++;
2979 get_kid (&ss->master, ss->sequence_used, &box->kid);
2980 setup_cipher (&ss->master, ss->sequence_used, &out_cipher);
2981 /* Append encrypted payload to dgram */
2982 dpos = sizeof(struct UDPBox);
2983 GNUNET_assert (
2984 0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
2985 dpos += msize;
2986 do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
2987 GNUNET_assert (0 == gcry_cipher_gettag (out_cipher,
2988 box->gcm_tag,
2989 sizeof(box->gcm_tag)));
2990 gcry_cipher_close (out_cipher);
2991
2992 receiver->rekey_send_bytes += sizeof(struct UDPBox) + receiver->d_mtu;
2993
2994 if (GNUNET_NO == receiver->rekeying)
2995 box->rekeying = GNUNET_NO;
2996 else
2997 box->rekeying = GNUNET_YES;
2998
2999 if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
3000 dgram,
3001 sizeof(dgram),
3002 receiver->address,
3003 receiver->address_len))
3004 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
3005 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3006 "Sending UDPBox with payload size %u, %u acks left\n",
3007 msize,
3008 receiver->acks_available);
3009 GNUNET_MQ_impl_send_continue (mq);
3010 receiver->acks_available--;
3011 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3012 "%u receiver->acks_available 2\n",
3013 receiver->acks_available);
3014 check_for_rekeying (receiver, box);
3015 if (0 == receiver->acks_available - receiver->number_rekeying_kce)
3016 {
3017 /* We have no more ACKs */
3018 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3019 "No more acks\n");
3020 if (GNUNET_YES == receiver->rekeying)
3021 {
3022 receiver->rekeying = GNUNET_NO;
3023 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3024 "Sender stopped rekeying\n");
3025
3026 if ((NULL != receiver->ss_rekey) && (0 <
3027 receiver->ss_rekey->
3028 sequence_allowed) )
3029 add_acks_rekey (receiver);
3030 }
3031 }
3032 else if ((GNUNET_YES == receiver->rekeying) )
3033 {
3034 send_UDPRekey (receiver, ss);
3035 }
3036
3037 return;
3038 }
3039}
3040
3041
3042/**
3043 * Signature of functions implementing the destruction of a message
3044 * queue. Implementations must not free @a mq, but should take care
3045 * of @a impl_state.
3046 *
3047 * @param mq the message queue to destroy
3048 * @param impl_state our `struct ReceiverAddress`
3049 */
3050static void
3051mq_destroy_d (struct GNUNET_MQ_Handle *mq, void *impl_state)
3052{
3053 struct ReceiverAddress *receiver = impl_state;
3054 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3055 "Default MQ destroyed\n");
3056 if (mq == receiver->d_mq)
3057 {
3058 receiver->d_mq = NULL;
3059 if (GNUNET_YES != receiver->receiver_destroy_called)
3060 receiver_destroy (receiver);
3061 }
3062}
3063
3064
3065/**
3066 * Signature of functions implementing the destruction of a message
3067 * queue. Implementations must not free @a mq, but should take care
3068 * of @a impl_state.
3069 *
3070 * @param mq the message queue to destroy
3071 * @param impl_state our `struct ReceiverAddress`
3072 */
3073static void
3074mq_destroy_kx (struct GNUNET_MQ_Handle *mq, void *impl_state)
3075{
3076 struct ReceiverAddress *receiver = impl_state;
3077 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3078 "KX MQ destroyed\n");
3079 if (mq == receiver->kx_mq)
3080 {
3081 receiver->kx_mq = NULL;
3082 if (GNUNET_YES != receiver->receiver_destroy_called)
3083 receiver_destroy (receiver);
3084 }
3085}
3086
3087
3088/**
3089 * Implementation function that cancels the currently sent message.
3090 *
3091 * @param mq message queue
3092 * @param impl_state our `struct RecvierAddress`
3093 */
3094static void
3095mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state)
3096{
3097 /* Cancellation is impossible with UDP; bail */
3098 GNUNET_assert (0);
3099}
3100
3101
3102/**
3103 * Generic error handler, called with the appropriate
3104 * error code and the same closure specified at the creation of
3105 * the message queue.
3106 * Not every message queue implementation supports an error handler.
3107 *
3108 * @param cls our `struct ReceiverAddress`
3109 * @param error error code
3110 */
3111static void
3112mq_error (void *cls, enum GNUNET_MQ_Error error)
3113{
3114 struct ReceiverAddress *receiver = cls;
3115
3116 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3117 "MQ error in queue to %s: %d\n",
3118 GNUNET_i2s (&receiver->target),
3119 (int) error);
3120 receiver_destroy (receiver);
3121}
3122
3123
3124/**
3125 * Setup the MQ for the @a receiver. If a queue exists,
3126 * the existing one is destroyed. Then the MTU is
3127 * recalculated and a fresh queue is initialized.
3128 *
3129 * @param receiver receiver to setup MQ for
3130 */
3131static void
3132setup_receiver_mq (struct ReceiverAddress *receiver)
3133{
3134 size_t base_mtu;
3135
3136 /*if (NULL != receiver->kx_qh)
3137 {
3138 GNUNET_TRANSPORT_communicator_mq_del (receiver->kx_qh);
3139 receiver->kx_qh = NULL;
3140 }
3141 if (NULL != receiver->d_qh)
3142 {
3143 GNUNET_TRANSPORT_communicator_mq_del (receiver->d_qh);
3144 receiver->d_qh = NULL;
3145 }*/
3146 // GNUNET_assert (NULL == receiver->mq);
3147 switch (receiver->address->sa_family)
3148 {
3149 case AF_INET:
3150 base_mtu = 1480 /* Ethernet MTU, 1500 - Ethernet header - VLAN tag */
3151 - sizeof(struct GNUNET_TUN_IPv4Header) /* 20 */
3152 - sizeof(struct GNUNET_TUN_UdpHeader) /* 8 */;
3153 break;
3154
3155 case AF_INET6:
3156 base_mtu = 1280 /* Minimum MTU required by IPv6 */
3157 - sizeof(struct GNUNET_TUN_IPv6Header) /* 40 */
3158 - sizeof(struct GNUNET_TUN_UdpHeader) /* 8 */;
3159 break;
3160
3161 default:
3162 GNUNET_assert (0);
3163 break;
3164 }
3165 /* MTU based on full KX messages */
3166 receiver->kx_mtu = base_mtu - sizeof(struct InitialKX) /* 48 */
3167 - sizeof(struct UDPConfirmation); /* 104 */
3168 /* MTU based on BOXed messages */
3169 receiver->d_mtu = base_mtu - sizeof(struct UDPBox);
3170
3171 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3172 "Setting up MQs and QHs\n");
3173 /* => Effective MTU for CORE will range from 1080 (IPv6 + KX) to
3174 1404 (IPv4 + Box) bytes, depending on circumstances... */
3175 if (NULL == receiver->kx_mq)
3176 receiver->kx_mq = GNUNET_MQ_queue_for_callbacks (&mq_send_kx,
3177 &mq_destroy_kx,
3178 &mq_cancel,
3179 receiver,
3180 NULL,
3181 &mq_error,
3182 receiver);
3183 if (NULL == receiver->d_mq)
3184 receiver->d_mq = GNUNET_MQ_queue_for_callbacks (&mq_send_d,
3185 &mq_destroy_d,
3186 &mq_cancel,
3187 receiver,
3188 NULL,
3189 &mq_error,
3190 receiver);
3191
3192 receiver->kx_qh =
3193 GNUNET_TRANSPORT_communicator_mq_add (ch,
3194 &receiver->target,
3195 receiver->foreign_addr,
3196 receiver->kx_mtu,
3197 GNUNET_TRANSPORT_QUEUE_LENGTH_UNLIMITED,
3198 0, /* Priority */
3199 receiver->nt,
3200 GNUNET_TRANSPORT_CS_OUTBOUND,
3201 receiver->kx_mq);
3202}
3203
3204
3205/**
3206 * Function called by the transport service to initialize a
3207 * message queue given address information about another peer.
3208 * If and when the communication channel is established, the
3209 * communicator must call #GNUNET_TRANSPORT_communicator_mq_add()
3210 * to notify the service that the channel is now up. It is
3211 * the responsibility of the communicator to manage sane
3212 * retries and timeouts for any @a peer/@a address combination
3213 * provided by the transport service. Timeouts and retries
3214 * do not need to be signalled to the transport service.
3215 *
3216 * @param cls closure
3217 * @param peer identity of the other peer
3218 * @param address where to send the message, human-readable
3219 * communicator-specific format, 0-terminated, UTF-8
3220 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is
3221 * invalid
3222 */
3223static int
3224mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
3225{
3226 struct ReceiverAddress *receiver;
3227 const char *path;
3228 struct sockaddr *in;
3229 socklen_t in_len;
3230
3231 if (0 != strncmp (address,
3232 COMMUNICATOR_ADDRESS_PREFIX "-",
3233 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
3234 {
3235 GNUNET_break_op (0);
3236 return GNUNET_SYSERR;
3237 }
3238 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
3239 in = udp_address_to_sockaddr (path, &in_len);
3240
3241 receiver = GNUNET_new (struct ReceiverAddress);
3242 receiver->address = in;
3243 receiver->address_len = in_len;
3244 receiver->target = *peer;
3245 receiver->nt = GNUNET_NT_scanner_get_type (is, in, in_len);
3246 (void) GNUNET_CONTAINER_multipeermap_put (
3247 receivers,
3248 &receiver->target,
3249 receiver,
3250 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
3251 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3252 "Added %s to receivers\n",
3253 GNUNET_i2s_full (&receiver->target));
3254 receiver->timeout =
3255 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
3256 receiver->hn = GNUNET_CONTAINER_heap_insert (receivers_heap,
3257 receiver,
3258 receiver->timeout.abs_value_us);
3259 GNUNET_STATISTICS_set (stats,
3260 "# receivers active",
3261 GNUNET_CONTAINER_multipeermap_size (receivers),
3262 GNUNET_NO);
3263 receiver->foreign_addr =
3264 sockaddr_to_udpaddr_string (receiver->address, receiver->address_len);
3265 setup_receiver_mq (receiver);
3266 if (NULL == timeout_task)
3267 timeout_task = GNUNET_SCHEDULER_add_now (&check_timeouts, NULL);
3268 return GNUNET_OK;
3269}
3270
3271
3272/**
3273 * Iterator over all receivers to clean up.
3274 *
3275 * @param cls NULL
3276 * @param target unused
3277 * @param value the queue to destroy
3278 * @return #GNUNET_OK to continue to iterate
3279 */
3280static int
3281get_receiver_delete_it (void *cls,
3282 const struct GNUNET_PeerIdentity *target,
3283 void *value)
3284{
3285 struct ReceiverAddress *receiver = value;
3286
3287 (void) cls;
3288 (void) target;
3289 receiver_destroy (receiver);
3290 return GNUNET_OK;
3291}
3292
3293
3294/**
3295 * Iterator over all senders to clean up.
3296 *
3297 * @param cls NULL
3298 * @param target unused
3299 * @param value the queue to destroy
3300 * @return #GNUNET_OK to continue to iterate
3301 */
3302static int
3303get_sender_delete_it (void *cls,
3304 const struct GNUNET_PeerIdentity *target,
3305 void *value)
3306{
3307 struct SenderAddress *sender = value;
3308
3309 (void) cls;
3310 (void) target;
3311
3312 if (NULL != sender->kce_task_rekey)
3313 {
3314 GNUNET_SCHEDULER_cancel (sender->kce_task_rekey);
3315 sender->kce_task_rekey = NULL;
3316 }
3317 if (NULL != sender->kce_task)
3318 {
3319 GNUNET_SCHEDULER_cancel (sender->kce_task);
3320 sender->kce_task = NULL;
3321 }
3322
3323 sender_destroy (sender);
3324 return GNUNET_OK;
3325}
3326
3327
3328/**
3329 * Shutdown the UNIX communicator.
3330 *
3331 * @param cls NULL (always)
3332 */
3333static void
3334do_shutdown (void *cls)
3335{
3336 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3337 "do_shutdown\n");
3338 if (NULL != nat)
3339 {
3340 GNUNET_NAT_unregister (nat);
3341 nat = NULL;
3342 }
3343 while (NULL != bi_head)
3344 bi_destroy (bi_head);
3345 if (NULL != broadcast_task)
3346 {
3347 GNUNET_SCHEDULER_cancel (broadcast_task);
3348 broadcast_task = NULL;
3349 }
3350 if (NULL != timeout_task)
3351 {
3352 GNUNET_SCHEDULER_cancel (timeout_task);
3353 timeout_task = NULL;
3354 }
3355 if (NULL != read_task)
3356 {
3357 GNUNET_SCHEDULER_cancel (read_task);
3358 read_task = NULL;
3359 }
3360 if (NULL != udp_sock)
3361 {
3362 GNUNET_break (GNUNET_OK ==
3363 GNUNET_NETWORK_socket_close (udp_sock));
3364 udp_sock = NULL;
3365 }
3366 GNUNET_CONTAINER_multipeermap_iterate (receivers,
3367 &get_receiver_delete_it,
3368 NULL);
3369 GNUNET_CONTAINER_multipeermap_destroy (receivers);
3370 GNUNET_CONTAINER_multipeermap_iterate (senders,
3371 &get_sender_delete_it,
3372 NULL);
3373 GNUNET_CONTAINER_multipeermap_destroy (senders);
3374 GNUNET_CONTAINER_multishortmap_destroy (key_cache);
3375 GNUNET_CONTAINER_heap_destroy (senders_heap);
3376 GNUNET_CONTAINER_heap_destroy (receivers_heap);
3377 if (NULL != timeout_task)
3378 {
3379 GNUNET_SCHEDULER_cancel (timeout_task);
3380 timeout_task = NULL;
3381 }
3382 if (NULL != ch)
3383 {
3384 GNUNET_TRANSPORT_communicator_disconnect (ch);
3385 ch = NULL;
3386 }
3387 if (NULL != ah)
3388 {
3389 GNUNET_TRANSPORT_application_done (ah);
3390 ah = NULL;
3391 }
3392 if (NULL != stats)
3393 {
3394 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
3395 stats = NULL;
3396 }
3397 if (NULL != my_private_key)
3398 {
3399 GNUNET_free (my_private_key);
3400 my_private_key = NULL;
3401 }
3402 if (NULL != is)
3403 {
3404 GNUNET_NT_scanner_done (is);
3405 is = NULL;
3406 }
3407 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3408 "do_shutdown finished\n");
3409}
3410
3411
3412/**
3413 * Function called when the transport service has received a
3414 * backchannel message for this communicator (!) via a different return
3415 * path. Should be an acknowledgement.
3416 *
3417 * @param cls closure, NULL
3418 * @param sender which peer sent the notification
3419 * @param msg payload
3420 */
3421static void
3422enc_notify_cb (void *cls,
3423 const struct GNUNET_PeerIdentity *sender,
3424 const struct GNUNET_MessageHeader *msg)
3425{
3426 const struct UDPAck *ack;
3427
3428 (void) cls;
3429 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3430 "Storing UDPAck received from backchannel from %s\n",
3431 GNUNET_i2s_full (sender));
3432 if ((ntohs (msg->type) != GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK) ||
3433 (ntohs (msg->size) != sizeof(struct UDPAck)))
3434 {
3435 GNUNET_break_op (0);
3436 return;
3437 }
3438 ack = (const struct UDPAck *) msg;
3439 GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
3440 sender,
3441 &handle_ack,
3442 (void *) ack);
3443}
3444
3445
3446/**
3447 * Signature of the callback passed to #GNUNET_NAT_register() for
3448 * a function to call whenever our set of 'valid' addresses changes.
3449 *
3450 * @param cls closure
3451 * @param app_ctx[in,out] location where the app can store stuff
3452 * on add and retrieve it on remove
3453 * @param add_remove #GNUNET_YES to add a new public IP address,
3454 * #GNUNET_NO to remove a previous (now invalid) one
3455 * @param ac address class the address belongs to
3456 * @param addr either the previous or the new public IP address
3457 * @param addrlen actual length of the @a addr
3458 */
3459static void
3460nat_address_cb (void *cls,
3461 void **app_ctx,
3462 int add_remove,
3463 enum GNUNET_NAT_AddressClass ac,
3464 const struct sockaddr *addr,
3465 socklen_t addrlen)
3466{
3467 char *my_addr;
3468 struct GNUNET_TRANSPORT_AddressIdentifier *ai;
3469
3470 if (GNUNET_YES == add_remove)
3471 {
3472 enum GNUNET_NetworkType nt;
3473
3474 GNUNET_asprintf (&my_addr,
3475 "%s-%s",
3476 COMMUNICATOR_ADDRESS_PREFIX,
3477 GNUNET_a2s (addr, addrlen));
3478 nt = GNUNET_NT_scanner_get_type (is, addr, addrlen);
3479 ai =
3480 GNUNET_TRANSPORT_communicator_address_add (ch,
3481 my_addr,
3482 nt,
3483 GNUNET_TIME_UNIT_FOREVER_REL);
3484 GNUNET_free (my_addr);
3485 *app_ctx = ai;
3486 }
3487 else
3488 {
3489 ai = *app_ctx;
3490 GNUNET_TRANSPORT_communicator_address_remove (ai);
3491 *app_ctx = NULL;
3492 }
3493}
3494
3495
3496/**
3497 * Broadcast our presence on one of our interfaces.
3498 *
3499 * @param cls a `struct BroadcastInterface`
3500 */
3501static void
3502ifc_broadcast (void *cls)
3503{
3504 struct BroadcastInterface *bi = cls;
3505 struct GNUNET_TIME_Relative delay;
3506
3507 delay = BROADCAST_FREQUENCY;
3508 delay.rel_value_us =
3509 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, delay.rel_value_us);
3510 bi->broadcast_task =
3511 GNUNET_SCHEDULER_add_delayed (delay, &ifc_broadcast, bi);
3512
3513 switch (bi->sa->sa_family)
3514 {
3515 case AF_INET: {
3516 static int yes = 1;
3517 static int no = 0;
3518 ssize_t sent;
3519
3520 if (GNUNET_OK !=
3521 GNUNET_NETWORK_socket_setsockopt (udp_sock,
3522 SOL_SOCKET,
3523 SO_BROADCAST,
3524 &yes,
3525 sizeof(int)))
3526 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
3527 "setsockopt");
3528 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3529 "creating UDPBroadcast from %s\n",
3530 GNUNET_i2s (&(bi->bcm.sender)));
3531 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3532 "sending UDPBroadcast to add %s\n",
3533 GNUNET_a2s (bi->ba, bi->salen));
3534 sent = GNUNET_NETWORK_socket_sendto (udp_sock,
3535 &bi->bcm,
3536 sizeof(bi->bcm),
3537 bi->ba,
3538 bi->salen);
3539 if (-1 == sent)
3540 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
3541 "sendto");
3542 if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
3543 SOL_SOCKET,
3544 SO_BROADCAST,
3545 &no,
3546 sizeof(int)))
3547 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
3548 "setsockopt");
3549 break;
3550 }
3551
3552 case AF_INET6: {
3553 ssize_t sent;
3554 struct sockaddr_in6 dst;
3555
3556 dst.sin6_family = AF_INET6;
3557 dst.sin6_port = htons (my_port);
3558 dst.sin6_addr = bi->mcreq.ipv6mr_multiaddr;
3559 dst.sin6_scope_id = ((struct sockaddr_in6 *) bi->ba)->sin6_scope_id;
3560
3561 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3562 "sending UDPBroadcast\n");
3563 sent = GNUNET_NETWORK_socket_sendto (udp_sock,
3564 &bi->bcm,
3565 sizeof(bi->bcm),
3566 (const struct sockaddr *) &dst,
3567 sizeof(dst));
3568 if (-1 == sent)
3569 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "sendto");
3570 break;
3571 }
3572
3573 default:
3574 GNUNET_break (0);
3575 break;
3576 }
3577}
3578
3579
3580/**
3581 * Callback function invoked for each interface found.
3582 * Activates/deactivates broadcast interfaces.
3583 *
3584 * @param cls NULL
3585 * @param name name of the interface (can be NULL for unknown)
3586 * @param isDefault is this presumably the default interface
3587 * @param addr address of this interface (can be NULL for unknown or unassigned)
3588 * @param broadcast_addr the broadcast address (can be NULL for unknown or
3589 * unassigned)
3590 * @param netmask the network mask (can be NULL for unknown or unassigned)
3591 * @param addrlen length of the address
3592 * @return #GNUNET_OK to continue iteration, #GNUNET_SYSERR to abort
3593 */
3594static int
3595iface_proc (void *cls,
3596 const char *name,
3597 int isDefault,
3598 const struct sockaddr *addr,
3599 const struct sockaddr *broadcast_addr,
3600 const struct sockaddr *netmask,
3601 socklen_t addrlen)
3602{
3603 struct BroadcastInterface *bi;
3604 enum GNUNET_NetworkType network;
3605 struct UdpBroadcastSignature ubs;
3606
3607 (void) cls;
3608 (void) netmask;
3609 if (NULL == addr)
3610 return GNUNET_YES; /* need to know our address! */
3611 network = GNUNET_NT_scanner_get_type (is, addr, addrlen);
3612 if (GNUNET_NT_LOOPBACK == network)
3613 {
3614 /* Broadcasting on loopback does not make sense */
3615 return GNUNET_YES;
3616 }
3617 for (bi = bi_head; NULL != bi; bi = bi->next)
3618 {
3619 if ((bi->salen == addrlen) && (0 == memcmp (addr, bi->sa, addrlen)))
3620 {
3621 bi->found = GNUNET_YES;
3622 return GNUNET_OK;
3623 }
3624 }
3625
3626 if ((AF_INET6 == addr->sa_family) && (NULL == broadcast_addr))
3627 return GNUNET_OK; /* broadcast_addr is required for IPv6! */
3628 if ((AF_INET6 == addr->sa_family) && (GNUNET_YES != have_v6_socket))
3629 return GNUNET_OK; /* not using IPv6 */
3630
3631 bi = GNUNET_new (struct BroadcastInterface);
3632 bi->sa = GNUNET_memdup (addr,
3633 addrlen);
3634 if ( (NULL != broadcast_addr) &&
3635 (addrlen == sizeof (struct sockaddr_in)) )
3636 {
3637 struct sockaddr_in *ba;
3638
3639 ba = GNUNET_memdup (broadcast_addr,
3640 addrlen);
3641 ba->sin_port = htons (2086); /* always GNUnet port, ignore configuration! */
3642 bi->ba = (struct sockaddr *) ba;
3643 }
3644 bi->salen = addrlen;
3645 bi->found = GNUNET_YES;
3646 bi->bcm.sender = my_identity;
3647 ubs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST);
3648 ubs.purpose.size = htonl (sizeof(ubs));
3649 ubs.sender = my_identity;
3650 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3651 "creating UDPBroadcastSignature for %s\n",
3652 GNUNET_a2s (addr, addrlen));
3653 GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address);
3654 GNUNET_CRYPTO_eddsa_sign (my_private_key,
3655 &ubs,
3656 &bi->bcm.sender_sig);
3657 if (NULL != bi->ba)
3658 {
3659 bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi);
3660 GNUNET_CONTAINER_DLL_insert (bi_head, bi_tail, bi);
3661 }
3662 if ((AF_INET6 == addr->sa_family) && (NULL != broadcast_addr))
3663 {
3664 /* Create IPv6 multicast request */
3665 const struct sockaddr_in6 *s6 =
3666 (const struct sockaddr_in6 *) broadcast_addr;
3667
3668 GNUNET_assert (
3669 1 == inet_pton (AF_INET6, "FF05::13B", &bi->mcreq.ipv6mr_multiaddr));
3670
3671 /* http://tools.ietf.org/html/rfc2553#section-5.2:
3672 *
3673 * IPV6_JOIN_GROUP
3674 *
3675 * Join a multicast group on a specified local interface. If the
3676 * interface index is specified as 0, the kernel chooses the local
3677 * interface. For example, some kernels look up the multicast
3678 * group in the normal IPv6 routing table and using the resulting
3679 * interface; we do this for each interface, so no need to use
3680 * zero (anymore...).
3681 */bi->mcreq.ipv6mr_interface = s6->sin6_scope_id;
3682
3683 /* Join the multicast group */
3684 if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
3685 IPPROTO_IPV6,
3686 IPV6_JOIN_GROUP,
3687 &bi->mcreq,
3688 sizeof(bi->mcreq)))
3689 {
3690 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
3691 }
3692 }
3693 return GNUNET_OK;
3694}
3695
3696
3697/**
3698 * Scan interfaces to broadcast our presence on the LAN.
3699 *
3700 * @param cls NULL, unused
3701 */
3702static void
3703do_broadcast (void *cls)
3704{
3705 struct BroadcastInterface *bin;
3706
3707 (void) cls;
3708 for (struct BroadcastInterface *bi = bi_head; NULL != bi; bi = bi->next)
3709 bi->found = GNUNET_NO;
3710 GNUNET_OS_network_interfaces_list (&iface_proc, NULL);
3711 for (struct BroadcastInterface *bi = bi_head; NULL != bi; bi = bin)
3712 {
3713 bin = bi->next;
3714 if (GNUNET_NO == bi->found)
3715 bi_destroy (bi);
3716 }
3717 broadcast_task = GNUNET_SCHEDULER_add_delayed (INTERFACE_SCAN_FREQUENCY,
3718 &do_broadcast,
3719 NULL);
3720}
3721
3722
3723/**
3724 * Setup communicator and launch network interactions.
3725 *
3726 * @param cls NULL (always)
3727 * @param args remaining command-line arguments
3728 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3729 * @param c configuration
3730 */
3731static void
3732run (void *cls,
3733 char *const *args,
3734 const char *cfgfile,
3735 const struct GNUNET_CONFIGURATION_Handle *c)
3736{
3737 char *bindto;
3738 struct sockaddr *in;
3739 socklen_t in_len;
3740 struct sockaddr_storage in_sto;
3741 socklen_t sto_len;
3742
3743 (void) cls;
3744 cfg = c;
3745 if (GNUNET_OK !=
3746 GNUNET_CONFIGURATION_get_value_string (cfg,
3747 COMMUNICATOR_CONFIG_SECTION,
3748 "BINDTO",
3749 &bindto))
3750 {
3751 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3752 COMMUNICATOR_CONFIG_SECTION,
3753 "BINDTO");
3754 return;
3755 }
3756
3757 if (GNUNET_OK !=
3758 GNUNET_CONFIGURATION_get_value_time (cfg,
3759 COMMUNICATOR_CONFIG_SECTION,
3760 "REKEY_INTERVAL",
3761 &rekey_interval))
3762 rekey_interval = DEFAULT_REKEY_TIME_INTERVAL;
3763
3764 if (GNUNET_OK !=
3765 GNUNET_CONFIGURATION_get_value_size (cfg,
3766 COMMUNICATOR_CONFIG_SECTION,
3767 "REKEY_MAX_BYTES",
3768 &rekey_max_bytes))
3769 rekey_max_bytes = DEFAULT_REKEY_MAX_BYTES;
3770
3771 in = udp_address_to_sockaddr (bindto, &in_len);
3772 if (NULL == in)
3773 {
3774 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3775 "Failed to setup UDP socket address with path `%s'\n",
3776 bindto);
3777 GNUNET_free (bindto);
3778 return;
3779 }
3780 udp_sock =
3781 GNUNET_NETWORK_socket_create (in->sa_family,
3782 SOCK_DGRAM,
3783 IPPROTO_UDP);
3784 if (NULL == udp_sock)
3785 {
3786 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
3787 GNUNET_free (in);
3788 GNUNET_free (bindto);
3789 return;
3790 }
3791 if (AF_INET6 == in->sa_family)
3792 have_v6_socket = GNUNET_YES;
3793 if (GNUNET_OK !=
3794 GNUNET_NETWORK_socket_bind (udp_sock,
3795 in,
3796 in_len))
3797 {
3798 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
3799 "bind",
3800 bindto);
3801 GNUNET_NETWORK_socket_close (udp_sock);
3802 udp_sock = NULL;
3803 GNUNET_free (in);
3804 GNUNET_free (bindto);
3805 return;
3806 }
3807
3808 /* We might have bound to port 0, allowing the OS to figure it out;
3809 thus, get the real IN-address from the socket */
3810 sto_len = sizeof(in_sto);
3811 if (0 != getsockname (GNUNET_NETWORK_get_fd (udp_sock),
3812 (struct sockaddr *) &in_sto,
3813 &sto_len))
3814 {
3815 memcpy (&in_sto, in, in_len);
3816 sto_len = in_len;
3817 }
3818 GNUNET_free (in);
3819 GNUNET_free (bindto);
3820 in = (struct sockaddr *) &in_sto;
3821 in_len = sto_len;
3822 GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
3823 "transport",
3824 "Bound to `%s'\n",
3825 GNUNET_a2s ((const struct sockaddr *) &in_sto,
3826 sto_len));
3827 switch (in->sa_family)
3828 {
3829 case AF_INET:
3830 my_port = ntohs (((struct sockaddr_in *) in)->sin_port);
3831 break;
3832
3833 case AF_INET6:
3834 my_port = ntohs (((struct sockaddr_in6 *) in)->sin6_port);
3835 break;
3836
3837 default:
3838 GNUNET_break (0);
3839 my_port = 0;
3840 }
3841 stats = GNUNET_STATISTICS_create ("C-UDP", cfg);
3842 senders = GNUNET_CONTAINER_multipeermap_create (32, GNUNET_YES);
3843 receivers = GNUNET_CONTAINER_multipeermap_create (32, GNUNET_YES);
3844 senders_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3845 receivers_heap =
3846 GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3847 key_cache = GNUNET_CONTAINER_multishortmap_create (1024, GNUNET_YES);
3848 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
3849 is = GNUNET_NT_scanner_init ();
3850 my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
3851 if (NULL == my_private_key)
3852 {
3853 GNUNET_log (
3854 GNUNET_ERROR_TYPE_ERROR,
3855 _ (
3856 "Transport service is lacking key configuration settings. Exiting.\n"));
3857 GNUNET_SCHEDULER_shutdown ();
3858 return;
3859 }
3860 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
3861 /* start reading */
3862 read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3863 udp_sock,
3864 &sock_read,
3865 NULL);
3866 ch = GNUNET_TRANSPORT_communicator_connect (cfg,
3867 COMMUNICATOR_CONFIG_SECTION,
3868 COMMUNICATOR_ADDRESS_PREFIX,
3869 GNUNET_TRANSPORT_CC_UNRELIABLE,
3870 &mq_init,
3871 NULL,
3872 &enc_notify_cb,
3873 NULL);
3874 if (NULL == ch)
3875 {
3876 GNUNET_break (0);
3877 GNUNET_SCHEDULER_shutdown ();
3878 return;
3879 }
3880 ah = GNUNET_TRANSPORT_application_init (cfg);
3881 if (NULL == ah)
3882 {
3883 GNUNET_break (0);
3884 GNUNET_SCHEDULER_shutdown ();
3885 return;
3886 }
3887 /* start broadcasting */
3888 if (GNUNET_YES !=
3889 GNUNET_CONFIGURATION_get_value_yesno (cfg,
3890 COMMUNICATOR_CONFIG_SECTION,
3891 "DISABLE_BROADCAST"))
3892 {
3893 broadcast_task = GNUNET_SCHEDULER_add_now (&do_broadcast, NULL);
3894 }
3895 nat = GNUNET_NAT_register (cfg,
3896 COMMUNICATOR_CONFIG_SECTION,
3897 IPPROTO_UDP,
3898 1 /* one address */,
3899 (const struct sockaddr **) &in,
3900 &in_len,
3901 &nat_address_cb,
3902 NULL /* FIXME: support reversal: #5529 */,
3903 NULL /* closure */);
3904}
3905
3906
3907/**
3908 * The main function for the UNIX communicator.
3909 *
3910 * @param argc number of arguments from the command line
3911 * @param argv command line arguments
3912 * @return 0 ok, 1 on error
3913 */
3914int
3915main (int argc, char *const *argv)
3916{
3917 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3918 GNUNET_GETOPT_OPTION_END
3919 };
3920 int ret;
3921
3922 GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
3923 "transport",
3924 "Starting udp communicator\n");
3925 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
3926 return 2;
3927
3928 ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
3929 argv,
3930 "gnunet-communicator-udp",
3931 _ ("GNUnet UDP communicator"),
3932 options,
3933 &run,
3934 NULL))
3935 ? 0
3936 : 1;
3937 GNUNET_free_nz ((void *) argv);
3938 return ret;
3939}
3940
3941
3942/* end of gnunet-communicator-udp.c */
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-16 21:34:28 +0000