aboutsummaryrefslogtreecommitdiff
path: root/src/transport/gnunet-communicator-udp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/transport/gnunet-communicator-udp.c')
-rw-r--r--src/transport/gnunet-communicator-udp.c3965
1 files changed, 0 insertions, 3965 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
deleted file mode 100644
index 6b2985b59..000000000
--- a/src/transport/gnunet-communicator-udp.c
+++ /dev/null
@@ -1,3965 +0,0 @@
1/*
2 This file is part of GNUnet
3 Copyright (C) 2010-2014, 2018, 2019 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
21/**
22 * @file transport/gnunet-communicator-udp.c
23 * @brief Transport plugin using UDP.
24 * @author Christian Grothoff
25 *
26 * TODO:
27 * - consider imposing transmission limits in the absence
28 * of ACKs; or: maybe this should be done at TNG service level?
29 * (at least the receiver might want to enforce limits on
30 * KX/DH operations per sender in here) (#5552)
31 * - overall, we should look more into flow control support
32 * (either in backchannel, or general solution in TNG service)
33 * - handle addresses discovered from broadcasts (#5551)
34 * (think: what was the story again on address validation?
35 * where is the API for that!?!)
36 * - support DNS names in BINDTO option (#5528)
37 * - support NAT connection reversal method (#5529)
38 * - support other UDP-specific NAT traversal methods (#)
39 */
40#include "platform.h"
41#include "gnunet_util_lib.h"
42#include "gnunet_protocols.h"
43#include "gnunet_signatures.h"
44#include "gnunet_constants.h"
45#include "gnunet_nt_lib.h"
46#include "gnunet_nat_service.h"
47#include "gnunet_statistics_service.h"
48#include "gnunet_transport_application_service.h"
49#include "gnunet_transport_communication_service.h"
50
51/**
52 * How often do we rekey based on time (at least)
53 */
54#define DEFAULT_REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
55
56/**
57 * How long do we wait until we must have received the initial KX?
58 */
59#define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
60
61/**
62 * How often do we broadcast our presence on the LAN?
63 */
64#define BROADCAST_FREQUENCY GNUNET_TIME_UNIT_MINUTES
65
66/**
67 * How often do we scan for changes to our network interfaces?
68 */
69#define INTERFACE_SCAN_FREQUENCY \
70 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
71
72/**
73 * How long do we believe our addresses to remain up (before
74 * the other peer should revalidate).
75 */
76#define ADDRESS_VALIDITY_PERIOD GNUNET_TIME_UNIT_HOURS
77
78#define WORKING_QUEUE_INTERVALL \
79 GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,1)
80
81/**
82 * AES key size.
83 */
84#define AES_KEY_SIZE (256 / 8)
85
86/**
87 * AES (GCM) IV size.
88 */
89#define AES_IV_SIZE (96 / 8)
90
91/**
92 * Size of the GCM tag.
93 */
94#define GCM_TAG_SIZE (128 / 8)
95
96#define GENERATE_AT_ONCE 2
97
98/**
99 * If we fall below this number of available KCNs,
100 * we generate additional ACKs until we reach
101 * #KCN_TARGET.
102 * Should be large enough that we don't generate ACKs all
103 * the time and still have enough time for the ACK to
104 * arrive before the sender runs out. So really this
105 * should ideally be based on the RTT.
106 */
107#define KCN_THRESHOLD 92
108
109/**
110 * How many KCNs do we keep around *after* we hit
111 * the #KCN_THRESHOLD? Should be larger than
112 * #KCN_THRESHOLD so we do not generate just one
113 * ACK at the time.
114 */
115#define KCN_TARGET 128
116
117/**
118 * What is the maximum delta between KCN sequence numbers
119 * that we allow. Used to expire 'ancient' KCNs that likely
120 * were dropped by the network. Must be larger than
121 * KCN_TARGET (otherwise we generate new KCNs all the time),
122 * but not too large (otherwise packet loss may cause
123 * sender to fall back to KX needlessly when sender runs
124 * out of ACK'ed KCNs due to losses).
125 */
126#define MAX_SQN_DELTA 160
127
128/**
129 * How many shared master secrets do we keep around
130 * at most per sender? Should be large enough so
131 * that we generally have a chance of sending an ACK
132 * before the sender already rotated out the master
133 * secret. Generally values around #KCN_TARGET make
134 * sense. Might make sense to adapt to RTT if we had
135 * a good measurement...
136 */
137#define MAX_SECRETS 128000
138
139/**
140 * Default value for how often we do rekey based on number of bytes transmitted?
141 * (additionally randomized).
142 */
143#define DEFAULT_REKEY_MAX_BYTES (1024LLU * 1024 * 1024 * 4LLU)
144
145/**
146 * Address prefix used by the communicator.
147 */
148
149#define COMMUNICATOR_ADDRESS_PREFIX "udp"
150
151/**
152 * Configuration section used by the communicator.
153 */
154#define COMMUNICATOR_CONFIG_SECTION "communicator-udp"
155
156GNUNET_NETWORK_STRUCT_BEGIN
157
158
159/**
160 * Signature we use to verify that the ephemeral key was really chosen by
161 * the specified sender. If possible, the receiver should respond with
162 * a `struct UDPAck` (possibly via backchannel).
163 */
164struct UdpHandshakeSignature
165{
166 /**
167 * Purpose must be #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_HANDSHAKE
168 */
169 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
170
171 /**
172 * Identity of the inititor of the UDP connection (UDP client).
173 */
174 struct GNUNET_PeerIdentity sender;
175
176 /**
177 * Presumed identity of the target of the UDP connection (UDP server)
178 */
179 struct GNUNET_PeerIdentity receiver;
180
181 /**
182 * Ephemeral key used by the @e sender.
183 */
184 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
185
186 /**
187 * Monotonic time of @e sender, to possibly help detect replay attacks
188 * (if receiver persists times by sender).
189 */
190 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
191};
192
193
194/**
195 * "Plaintext" header at beginning of KX message. Followed
196 * by encrypted `struct UDPConfirmation`.
197 */
198struct InitialKX
199{
200 /**
201 * Ephemeral key for KX.
202 */
203 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
204
205 /**
206 * HMAC for the following encrypted message, using GCM. HMAC uses
207 * key derived from the handshake with sequence number zero.
208 */
209 char gcm_tag[GCM_TAG_SIZE];
210
211 /**
212 * A flag indicating, if the sender is doing rekeying.
213 */
214 int rekeying;
215};
216
217
218/**
219 * Encrypted continuation of UDP initial handshake, followed
220 * by message header with payload.
221 */
222struct UDPConfirmation
223{
224 /**
225 * Sender's identity
226 */
227 struct GNUNET_PeerIdentity sender;
228
229 /**
230 * Sender's signature of type #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_HANDSHAKE
231 */
232 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
233
234 /**
235 * Monotonic time of @e sender, to possibly help detect replay attacks
236 * (if receiver persists times by sender).
237 */
238 struct GNUNET_TIME_AbsoluteNBO monotonic_time;
239
240 /* followed by messages */
241
242 /* padding may follow actual messages */
243};
244
245
246/**
247 * UDP key acknowledgement. May be sent via backchannel. Allows the
248 * sender to use `struct UDPBox` with the acknowledge key henceforth.
249 */
250struct UDPAck
251{
252 /**
253 * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK.
254 */
255 struct GNUNET_MessageHeader header;
256
257 /**
258 * Sequence acknowledgement limit. Specifies current maximum sequence
259 * number supported by receiver.
260 */
261 uint32_t sequence_max GNUNET_PACKED;
262
263 /**
264 * Sequence acknowledgement limit. Specifies current maximum sequence
265 * number supported by receiver.
266 */
267 uint32_t acks_available GNUNET_PACKED;
268
269 /**
270 * CMAC of the base key being acknowledged.
271 */
272 struct GNUNET_HashCode cmac;
273};
274
275
276/**
277 * Signature we use to verify that the broadcast was really made by
278 * the peer that claims to have made it. Basically, affirms that the
279 * peer is really using this IP address (albeit possibly not in _our_
280 * LAN). Makes it difficult for peers in the LAN to claim to
281 * be just any global peer -- an attacker must have at least
282 * shared a LAN with the peer they're pretending to be here.
283 */
284struct UdpBroadcastSignature
285{
286 /**
287 * Purpose must be #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_BROADCAST
288 */
289 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
290
291 /**
292 * Identity of the inititor of the UDP broadcast.
293 */
294 struct GNUNET_PeerIdentity sender;
295
296 /**
297 * Hash of the sender's UDP address.
298 */
299 struct GNUNET_HashCode h_address;
300};
301
302
303/**
304 * Broadcast by peer in LAN announcing its presence. Unusual in that
305 * we don't pad these to full MTU, as we cannot prevent being
306 * recognized in LAN as GNUnet peers if this feature is enabled
307 * anyway. Also, the entire message is in cleartext.
308 */
309struct UDPBroadcast
310{
311 /**
312 * Sender's peer identity.
313 */
314 struct GNUNET_PeerIdentity sender;
315
316 /**
317 * Sender's signature of type
318 * #GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_BROADCAST
319 */
320 struct GNUNET_CRYPTO_EddsaSignature sender_sig;
321};
322
323
324/**
325 * UDP message box. Always sent encrypted, only allowed after
326 * the receiver sent a `struct UDPAck` for the base key!
327 */
328struct UDPBox
329{
330 /**
331 * Key and IV identification code. KDF applied to an acknowledged
332 * base key and a sequence number. Sequence numbers must be used
333 * monotonically increasing up to the maximum specified in
334 * `struct UDPAck`. Without further `struct UDPAck`s, the sender
335 * must fall back to sending handshakes!
336 */
337 struct GNUNET_ShortHashCode kid;
338
339 /**
340 * 128-bit authentication tag for the following encrypted message,
341 * from GCM. MAC starts at the @e body_start that follows and
342 * extends until the end of the UDP payload. If the @e hmac is
343 * wrong, the receiver should check if the message might be a
344 * `struct UdpHandshakeSignature`.
345 */
346 char gcm_tag[GCM_TAG_SIZE];
347
348 /**
349 * A flag indicating, if the sender is doing rekeying.
350 */
351 int rekeying;
352};
353
354/**
355 * UDP message box. Always sent encrypted, only allowed after
356 * the receiver sent a `struct UDPAck` for the base key!
357 */
358struct UDPRekey
359{
360 /**
361 * Key and IV identification code. KDF applied to an acknowledged
362 * base key and a sequence number. Sequence numbers must be used
363 * monotonically increasing up to the maximum specified in
364 * `struct UDPAck`. Without further `struct UDPAck`s, the sender
365 * must fall back to sending handshakes!
366 */
367 struct GNUNET_ShortHashCode kid;
368
369 /**
370 * 128-bit authentication tag for the following encrypted message,
371 * from GCM. MAC starts at the @e body_start that follows and
372 * extends until the end of the UDP payload. If the @e hmac is
373 * wrong, the receiver should check if the message might be a
374 * `struct UdpHandshakeSignature`.
375 */
376 char gcm_tag[GCM_TAG_SIZE];
377
378 /**
379 * Sender's identity
380 */
381 struct GNUNET_PeerIdentity sender;
382};
383
384GNUNET_NETWORK_STRUCT_END
385
386/**
387 * Shared secret we generated for a particular sender or receiver.
388 */
389struct SharedSecret;
390
391
392/**
393 * Pre-generated "kid" code (key and IV identification code) to
394 * quickly derive master key for a `struct UDPBox`.
395 */
396struct KeyCacheEntry
397{
398 /**
399 * Kept in a DLL.
400 */
401 struct KeyCacheEntry *next;
402
403 /**
404 * Kept in a DLL.
405 */
406 struct KeyCacheEntry *prev;
407
408 /**
409 * Key and IV identification code. KDF applied to an acknowledged
410 * base key and a sequence number. Sequence numbers must be used
411 * monotonically increasing up to the maximum specified in
412 * `struct UDPAck`. Without further `struct UDPAck`s, the sender
413 * must fall back to sending handshakes!
414 */
415 struct GNUNET_ShortHashCode kid;
416
417 /**
418 * Corresponding shared secret.
419 */
420 struct SharedSecret *ss;
421
422 /**
423 * Sequence number used to derive this entry from master key.
424 */
425 uint32_t sequence_number;
426};
427
428
429/**
430 * Information we track per sender address we have recently been
431 * in contact with (decryption from sender).
432 */
433struct SenderAddress;
434
435/**
436 * Information we track per receiving address we have recently been
437 * in contact with (encryption to receiver).
438 */
439struct ReceiverAddress;
440
441/**
442 * Shared secret we generated for a particular sender or receiver.
443 */
444struct SharedSecret
445{
446 /**
447 * Kept in a DLL.
448 */
449 struct SharedSecret *next;
450
451 /**
452 * Kept in a DLL.
453 */
454 struct SharedSecret *prev;
455
456 /**
457 * Kept in a DLL, sorted by sequence number. Only if we are decrypting.
458 */
459 struct KeyCacheEntry *kce_head;
460
461 /**
462 * Kept in a DLL, sorted by sequence number. Only if we are decrypting.
463 */
464 struct KeyCacheEntry *kce_tail;
465
466 /**
467 * Sender we use this shared secret with, or NULL.
468 */
469 struct SenderAddress *sender;
470
471 /**
472 * Receiver we use this shared secret with, or NULL.
473 */
474 struct ReceiverAddress *receiver;
475
476 /**
477 * Master shared secret.
478 */
479 struct GNUNET_HashCode master;
480
481 /**
482 * CMAC is used to identify @e master in ACKs.
483 */
484 struct GNUNET_HashCode cmac;
485
486 /**
487 * Up to which sequence number did we use this @e master already?
488 * (for encrypting only)
489 */
490 uint32_t sequence_used;
491
492 /**
493 * Up to which sequence number did the other peer allow us to use
494 * this key, or up to which number did we allow the other peer to
495 * use this key?
496 */
497 uint32_t sequence_allowed;
498
499 /**
500 * Number of active KCN entries.
501 */
502 unsigned int active_kce_count;
503};
504
505
506/**
507 * Information we track per sender address we have recently been
508 * in contact with (we decrypt messages from the sender).
509 */
510struct SenderAddress
511{
512 /**
513 * Shared secret we use with @e target for rekeying.
514 */
515 struct SharedSecret *ss_rekey;
516
517 /**
518 * Flag indicating sender is initiated rekeying for this receiver.
519 */
520 int rekeying;
521
522 /**
523 * To whom are we talking to.
524 */
525 struct GNUNET_PeerIdentity target;
526
527 /**
528 * Entry in sender expiration heap.
529 */
530 struct GNUNET_CONTAINER_HeapNode *hn;
531
532 /**
533 * Shared secrets we used with @e target, first used is head.
534 */
535 struct SharedSecret *ss_head;
536
537 /**
538 * Shared secrets we used with @e target, last used is tail.
539 */
540 struct SharedSecret *ss_tail;
541
542 /**
543 * Address of the other peer.
544 */
545 struct sockaddr *address;
546
547 /**
548 * Length of the address.
549 */
550 socklen_t address_len;
551
552 /**
553 * Timeout for this sender.
554 */
555 struct GNUNET_TIME_Absolute timeout;
556
557 /**
558 * Length of the DLL at @a ss_head.
559 */
560 unsigned int num_secrets;
561
562 /**
563 * Number of BOX keys from ACKs we have currently
564 * available for this sender.
565 */
566 unsigned int acks_available;
567
568 /**
569 * Which network type does this queue use?
570 */
571 enum GNUNET_NetworkType nt;
572
573 /**
574 * sender_destroy already called on sender.
575 */
576 int sender_destroy_called;
577
578
579 /**
580 * ID of kce working queue task
581 */
582 struct GNUNET_SCHEDULER_Task *kce_task;
583
584 /**
585 * ID of kce rekey working queue task
586 */
587 struct GNUNET_SCHEDULER_Task *kce_task_rekey;
588
589 /**
590 * Is the kce_task finished?
591 */
592 int kce_task_finished;
593};
594
595
596/**
597 * Information we track per receiving address we have recently been
598 * in contact with (encryption to receiver).
599 */
600struct ReceiverAddress
601{
602
603 /**
604 * Shared secret we use with @e target for rekeying.
605 */
606 struct SharedSecret *ss_rekey;
607
608 /**
609 * Acks available when we started rekeying.
610 */
611 unsigned int rekey_acks_available;
612
613 /**
614 * Send bytes for this receiver address.
615 */
616 uint64_t rekey_send_bytes;
617
618 /**
619 * Timeout for this receiver address.
620 */
621 struct GNUNET_TIME_Absolute rekey_timeout;
622
623 /**
624 * Flag indicating sender is initiated rekeying for this receiver.
625 */
626 int rekeying;
627
628 /**
629 * Number of kce we retain for sending the rekeying shared secret.
630 */
631 int number_rekeying_kce;
632
633 /**
634 * To whom are we talking to.
635 */
636 struct GNUNET_PeerIdentity target;
637
638 /**
639 * Shared secrets we received from @e target, first used is head.
640 */
641 struct SharedSecret *ss_head;
642
643 /**
644 * Shared secrets we received with @e target, last used is tail.
645 */
646 struct SharedSecret *ss_tail;
647
648 /**
649 * Address of the receiver in the human-readable format
650 * with the #COMMUNICATOR_ADDRESS_PREFIX.
651 */
652 char *foreign_addr;
653
654 /**
655 * Address of the other peer.
656 */
657 struct sockaddr *address;
658
659 /**
660 * Length of the address.
661 */
662 socklen_t address_len;
663
664 /**
665 * Entry in sender expiration heap.
666 */
667 struct GNUNET_CONTAINER_HeapNode *hn;
668
669 /**
670 * KX message queue we are providing for the #ch.
671 */
672 struct GNUNET_MQ_Handle *kx_mq;
673
674 /**
675 * Default message queue we are providing for the #ch.
676 */
677 struct GNUNET_MQ_Handle *d_mq;
678
679 /**
680 * handle for KX queue with the #ch.
681 */
682 struct GNUNET_TRANSPORT_QueueHandle *kx_qh;
683
684 /**
685 * handle for default queue with the #ch.
686 */
687 struct GNUNET_TRANSPORT_QueueHandle *d_qh;
688
689 /**
690 * Timeout for this receiver address.
691 */
692 struct GNUNET_TIME_Absolute timeout;
693
694 /**
695 * MTU we allowed transport for this receiver's KX queue.
696 */
697 size_t kx_mtu;
698
699 /**
700 * MTU we allowed transport for this receiver's default queue.
701 */
702 size_t d_mtu;
703
704 /**
705 * Length of the DLL at @a ss_head.
706 */
707 unsigned int num_secrets;
708
709 /**
710 * Number of BOX keys from ACKs we have currently
711 * available for this receiver.
712 */
713 unsigned int acks_available;
714
715 /**
716 * Which network type does this queue use?
717 */
718 enum GNUNET_NetworkType nt;
719
720 /**
721 * receiver_destroy already called on receiver.
722 */
723 int receiver_destroy_called;
724};
725
726/**
727 * Interface we broadcast our presence on.
728 */
729struct BroadcastInterface
730{
731 /**
732 * Kept in a DLL.
733 */
734 struct BroadcastInterface *next;
735
736 /**
737 * Kept in a DLL.
738 */
739 struct BroadcastInterface *prev;
740
741 /**
742 * Task for this broadcast interface.
743 */
744 struct GNUNET_SCHEDULER_Task *broadcast_task;
745
746 /**
747 * Sender's address of the interface.
748 */
749 struct sockaddr *sa;
750
751 /**
752 * Broadcast address to use on the interface.
753 */
754 struct sockaddr *ba;
755
756 /**
757 * Message we broadcast on this interface.
758 */
759 struct UDPBroadcast bcm;
760
761 /**
762 * If this is an IPv6 interface, this is the request
763 * we use to join/leave the group.
764 */
765 struct ipv6_mreq mcreq;
766
767 /**
768 * Number of bytes in @e sa.
769 */
770 socklen_t salen;
771
772 /**
773 * Was this interface found in the last #iface_proc() scan?
774 */
775 int found;
776};
777
778/**
779 * The rekey interval
780 */
781static struct GNUNET_TIME_Relative rekey_interval;
782
783/**
784 * How often we do rekey based on number of bytes transmitted
785 */
786static unsigned long long rekey_max_bytes;
787/**
788 * Shared secret we finished the last kce working queue for.
789 */
790struct SharedSecret *ss_finished;
791
792/**
793 * Cache of pre-generated key IDs.
794 */
795static struct GNUNET_CONTAINER_MultiShortmap *key_cache;
796
797/**
798 * ID of read task
799 */
800static struct GNUNET_SCHEDULER_Task *read_task;
801
802/**
803 * ID of timeout task
804 */
805static struct GNUNET_SCHEDULER_Task *timeout_task;
806
807/**
808 * ID of master broadcast task
809 */
810static struct GNUNET_SCHEDULER_Task *broadcast_task;
811
812/**
813 * For logging statistics.
814 */
815static struct GNUNET_STATISTICS_Handle *stats;
816
817/**
818 * Our environment.
819 */
820static struct GNUNET_TRANSPORT_CommunicatorHandle *ch;
821
822/**
823 * Receivers (map from peer identity to `struct ReceiverAddress`)
824 */
825static struct GNUNET_CONTAINER_MultiPeerMap *receivers;
826
827/**
828 * Senders (map from peer identity to `struct SenderAddress`)
829 */
830static struct GNUNET_CONTAINER_MultiPeerMap *senders;
831
832/**
833 * Expiration heap for senders (contains `struct SenderAddress`)
834 */
835static struct GNUNET_CONTAINER_Heap *senders_heap;
836
837/**
838 * Expiration heap for receivers (contains `struct ReceiverAddress`)
839 */
840static struct GNUNET_CONTAINER_Heap *receivers_heap;
841
842/**
843 * Broadcast interface tasks. Kept in a DLL.
844 */
845static struct BroadcastInterface *bi_head;
846
847/**
848 * Broadcast interface tasks. Kept in a DLL.
849 */
850static struct BroadcastInterface *bi_tail;
851
852/**
853 * Our socket.
854 */
855static struct GNUNET_NETWORK_Handle *udp_sock;
856
857/**
858 * #GNUNET_YES if #udp_sock supports IPv6.
859 */
860static int have_v6_socket;
861
862/**
863 * Our public key.
864 */
865static struct GNUNET_PeerIdentity my_identity;
866
867/**
868 * Our private key.
869 */
870static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
871
872/**
873 * Our configuration.
874 */
875static const struct GNUNET_CONFIGURATION_Handle *cfg;
876
877/**
878 * Our handle to report addresses for validation to TRANSPORT.
879 */
880static struct GNUNET_TRANSPORT_ApplicationHandle *ah;
881
882/**
883 * Network scanner to determine network types.
884 */
885static struct GNUNET_NT_InterfaceScanner *is;
886
887/**
888 * Connection to NAT service.
889 */
890static struct GNUNET_NAT_Handle *nat;
891
892/**
893 * Port number to which we are actually bound.
894 */
895static uint16_t my_port;
896
897
898/**
899 * An interface went away, stop broadcasting on it.
900 *
901 * @param bi entity to close down
902 */
903static void
904bi_destroy (struct BroadcastInterface *bi)
905{
906 if (AF_INET6 == bi->sa->sa_family)
907 {
908 /* Leave the multicast group */
909 if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
910 IPPROTO_IPV6,
911 IPV6_LEAVE_GROUP,
912 &bi->mcreq,
913 sizeof(bi->mcreq)))
914 {
915 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
916 }
917 }
918 GNUNET_CONTAINER_DLL_remove (bi_head, bi_tail, bi);
919 GNUNET_SCHEDULER_cancel (bi->broadcast_task);
920 GNUNET_free (bi->sa);
921 GNUNET_free (bi->ba);
922 GNUNET_free (bi);
923}
924
925
926/**
927 * Destroys a receiving state due to timeout or shutdown.
928 *
929 * @param receiver entity to close down
930 */
931static void
932receiver_destroy (struct ReceiverAddress *receiver)
933{
934
935 receiver->receiver_destroy_called = GNUNET_YES;
936
937 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
938 "Disconnecting receiver for peer `%s'\n",
939 GNUNET_i2s (&receiver->target));
940 /*if (NULL != (mq = receiver->kx_mq))
941 {
942 receiver->kx_mq = NULL;
943 GNUNET_MQ_destroy (mq);
944 }*/
945 if (NULL != receiver->kx_qh)
946 {
947 GNUNET_TRANSPORT_communicator_mq_del (receiver->kx_qh);
948 receiver->kx_qh = NULL;
949 receiver->kx_mq = NULL;
950 }
951 /*if (NULL != (mq = receiver->d_mq))
952 {
953 receiver->d_mq = NULL;
954 GNUNET_MQ_destroy (mq);
955 }*/
956 if (NULL != receiver->d_qh)
957 {
958 GNUNET_TRANSPORT_communicator_mq_del (receiver->d_qh);
959 receiver->d_qh = NULL;
960 }
961 GNUNET_assert (GNUNET_YES ==
962 GNUNET_CONTAINER_multipeermap_remove (receivers,
963 &receiver->target,
964 receiver));
965 GNUNET_assert (receiver == GNUNET_CONTAINER_heap_remove_node (receiver->hn));
966 GNUNET_STATISTICS_set (stats,
967 "# receivers active",
968 GNUNET_CONTAINER_multipeermap_size (receivers),
969 GNUNET_NO);
970 GNUNET_free (receiver->address);
971 GNUNET_free (receiver->foreign_addr);
972 GNUNET_free (receiver);
973}
974
975
976/**
977 * Free memory used by key cache entry.
978 *
979 * @param kce the key cache entry
980 */
981static void
982kce_destroy (struct KeyCacheEntry *kce)
983{
984 struct SharedSecret *ss = kce->ss;
985
986 ss->active_kce_count--;
987 ss->sender->acks_available--;
988 GNUNET_CONTAINER_DLL_remove (ss->kce_head, ss->kce_tail, kce);
989 GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multishortmap_remove (key_cache,
990 &kce->kid,
991 kce));
992 GNUNET_free (kce);
993}
994
995
996/**
997 * Compute @a kid.
998 *
999 * @param msec master secret for HMAC calculation
1000 * @param serial number for the @a smac calculation
1001 * @param[out] kid where to write the key ID
1002 */
1003static void
1004get_kid (const struct GNUNET_HashCode *msec,
1005 uint32_t serial,
1006 struct GNUNET_ShortHashCode *kid)
1007{
1008 uint32_t sid = htonl (serial);
1009
1010 GNUNET_CRYPTO_hkdf (kid,
1011 sizeof(*kid),
1012 GCRY_MD_SHA512,
1013 GCRY_MD_SHA256,
1014 &sid,
1015 sizeof(sid),
1016 msec,
1017 sizeof(*msec),
1018 "UDP-KID",
1019 strlen ("UDP-KID"),
1020 NULL,
1021 0);
1022}
1023
1024
1025/**
1026 * Setup key cache entry for sequence number @a seq and shared secret @a ss.
1027 *
1028 * @param ss shared secret
1029 * @param seq sequence number for the key cache entry
1030 */
1031static void
1032kce_generate (struct SharedSecret *ss, uint32_t seq)
1033{
1034 struct KeyCacheEntry *kce;
1035
1036 GNUNET_assert (0 < seq);
1037 kce = GNUNET_new (struct KeyCacheEntry);
1038 kce->ss = ss;
1039 kce->sequence_number = seq;
1040 get_kid (&ss->master, seq, &kce->kid);
1041 GNUNET_CONTAINER_DLL_insert (ss->kce_head, ss->kce_tail, kce);
1042 ss->active_kce_count++;
1043 ss->sender->acks_available++;
1044 (void) GNUNET_CONTAINER_multishortmap_put (
1045 key_cache,
1046 &kce->kid,
1047 kce,
1048 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
1049 GNUNET_STATISTICS_set (stats,
1050 "# KIDs active",
1051 GNUNET_CONTAINER_multishortmap_size (key_cache),
1052 GNUNET_NO);
1053}
1054
1055
1056/**
1057 * Destroy @a ss and associated key cache entries.
1058 *
1059 * @param ss shared secret to destroy
1060 * @param withoutKce If GNUNET_YES shared secrets with kce will not be destroyed.
1061 */
1062static int
1063secret_destroy (struct SharedSecret *ss, int withoutKce)
1064{
1065 struct SenderAddress *sender;
1066 struct ReceiverAddress *receiver;
1067 struct KeyCacheEntry *kce;
1068
1069 if (withoutKce && (ss->sequence_allowed > 0))
1070 return GNUNET_NO;
1071
1072 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1073 "secret %s destroy %u %u\n",
1074 GNUNET_h2s (&ss->master),
1075 withoutKce,
1076 ss->sequence_allowed);
1077 if (NULL != (sender = ss->sender))
1078 {
1079 GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss);
1080 sender->num_secrets--;
1081 }
1082 if (NULL != (receiver = ss->receiver))
1083 {
1084 GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
1085 receiver->num_secrets--;
1086 // Uncomment this for alternativ 1 of backchannel functionality
1087 receiver->acks_available -= (ss->sequence_allowed - ss->sequence_used);
1088 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1089 "%u receiver->acks_available 3\n",
1090 receiver->acks_available);
1091 // Until here for alternativ 1
1092 }
1093 while (NULL != (kce = ss->kce_head))
1094 kce_destroy (kce);
1095 GNUNET_STATISTICS_update (stats, "# Secrets active", -1, GNUNET_NO);
1096 GNUNET_STATISTICS_set (stats,
1097 "# KIDs active",
1098 GNUNET_CONTAINER_multishortmap_size (key_cache),
1099 GNUNET_NO);
1100 GNUNET_free (ss);
1101 return GNUNET_YES;
1102}
1103
1104
1105/**
1106 * Functions with this signature are called whenever we need
1107 * to close a sender's state due to timeout.
1108 *
1109 * @param sender entity to close down
1110 */
1111static void
1112sender_destroy (struct SenderAddress *sender)
1113{
1114 sender->sender_destroy_called = GNUNET_YES;
1115 GNUNET_assert (
1116 GNUNET_YES ==
1117 GNUNET_CONTAINER_multipeermap_remove (senders, &sender->target, sender));
1118 GNUNET_assert (sender == GNUNET_CONTAINER_heap_remove_node (sender->hn));
1119 GNUNET_STATISTICS_set (stats,
1120 "# senders active",
1121 GNUNET_CONTAINER_multipeermap_size (senders),
1122 GNUNET_NO);
1123 GNUNET_free (sender->address);
1124 GNUNET_free (sender);
1125}
1126
1127
1128/**
1129 * Compute @a key and @a iv.
1130 *
1131 * @param msec master secret for calculation
1132 * @param serial number for the @a smac calculation
1133 * @param[out] key where to write the decryption key
1134 * @param[out] iv where to write the IV
1135 */
1136static void
1137get_iv_key (const struct GNUNET_HashCode *msec,
1138 uint32_t serial,
1139 char key[AES_KEY_SIZE],
1140 char iv[AES_IV_SIZE])
1141{
1142 uint32_t sid = htonl (serial);
1143 char res[AES_KEY_SIZE + AES_IV_SIZE];
1144
1145 GNUNET_CRYPTO_hkdf (res,
1146 sizeof(res),
1147 GCRY_MD_SHA512,
1148 GCRY_MD_SHA256,
1149 &sid,
1150 sizeof(sid),
1151 msec,
1152 sizeof(*msec),
1153 "UDP-IV-KEY",
1154 strlen ("UDP-IV-KEY"),
1155 NULL,
1156 0);
1157 memcpy (key, res, AES_KEY_SIZE);
1158 memcpy (iv, &res[AES_KEY_SIZE], AES_IV_SIZE);
1159}
1160
1161
1162/**
1163 * Increment sender timeout due to activity.
1164 *
1165 * @param sender address for which the timeout should be rescheduled
1166 */
1167static void
1168reschedule_sender_timeout (struct SenderAddress *sender)
1169{
1170 sender->timeout =
1171 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1172 GNUNET_CONTAINER_heap_update_cost (sender->hn, sender->timeout.abs_value_us);
1173}
1174
1175
1176/**
1177 * Increment receiver timeout due to activity.
1178 *
1179 * @param receiver address for which the timeout should be rescheduled
1180 */
1181static void
1182reschedule_receiver_timeout (struct ReceiverAddress *receiver)
1183{
1184 receiver->timeout =
1185 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1186 GNUNET_CONTAINER_heap_update_cost (receiver->hn,
1187 receiver->timeout.abs_value_us);
1188}
1189
1190
1191/**
1192 * Task run to check #receiver_heap and #sender_heap for timeouts.
1193 *
1194 * @param cls unused, NULL
1195 */
1196static void
1197check_timeouts (void *cls)
1198{
1199 struct GNUNET_TIME_Relative st;
1200 struct GNUNET_TIME_Relative rt;
1201 struct GNUNET_TIME_Relative delay;
1202 struct ReceiverAddress *receiver;
1203 struct SenderAddress *sender;
1204
1205 (void) cls;
1206 timeout_task = NULL;
1207 rt = GNUNET_TIME_UNIT_FOREVER_REL;
1208 while (NULL != (receiver = GNUNET_CONTAINER_heap_peek (receivers_heap)))
1209 {
1210 /* if (GNUNET_YES != receiver->receiver_destroy_called) */
1211 /* { */
1212 rt = GNUNET_TIME_absolute_get_remaining (receiver->timeout);
1213 if (0 != rt.rel_value_us)
1214 break;
1215 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1216 "Receiver timed out\n");
1217 receiver_destroy (receiver);
1218 // }
1219 }
1220 st = GNUNET_TIME_UNIT_FOREVER_REL;
1221 while (NULL != (sender = GNUNET_CONTAINER_heap_peek (senders_heap)))
1222 {
1223 if (GNUNET_YES != sender->sender_destroy_called)
1224 {
1225 st = GNUNET_TIME_absolute_get_remaining (sender->timeout);
1226 if (0 != st.rel_value_us)
1227 break;
1228 sender_destroy (sender);
1229 }
1230 }
1231 delay = GNUNET_TIME_relative_min (rt, st);
1232 if (delay.rel_value_us < GNUNET_TIME_UNIT_FOREVER_REL.rel_value_us)
1233 timeout_task = GNUNET_SCHEDULER_add_delayed (delay, &check_timeouts, NULL);
1234}
1235
1236
1237/**
1238 * Calculate cmac from master in @a ss.
1239 *
1240 * @param[in,out] ss data structure to complete
1241 */
1242static void
1243calculate_cmac (struct SharedSecret *ss)
1244{
1245 GNUNET_CRYPTO_hkdf (&ss->cmac,
1246 sizeof(ss->cmac),
1247 GCRY_MD_SHA512,
1248 GCRY_MD_SHA256,
1249 "CMAC",
1250 strlen ("CMAC"),
1251 &ss->master,
1252 sizeof(ss->master),
1253 "UDP-CMAC",
1254 strlen ("UDP-CMAC"),
1255 NULL,
1256 0);
1257}
1258
1259
1260/**
1261 * We received @a plaintext_len bytes of @a plaintext from a @a sender.
1262 * Pass it on to CORE.
1263 *
1264 * @param queue the queue that received the plaintext
1265 * @param plaintext the plaintext that was received
1266 * @param plaintext_len number of bytes of plaintext received
1267 */
1268static void
1269pass_plaintext_to_core (struct SenderAddress *sender,
1270 const void *plaintext,
1271 size_t plaintext_len)
1272{
1273 const struct GNUNET_MessageHeader *hdr = plaintext;
1274 const char *pos = plaintext;
1275
1276 while (ntohs (hdr->size) <= plaintext_len)
1277 {
1278 GNUNET_STATISTICS_update (stats,
1279 "# bytes given to core",
1280 ntohs (hdr->size),
1281 GNUNET_NO);
1282 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1283 "Giving %u bytes to TNG\n", ntohs (hdr->size));
1284 GNUNET_assert (GNUNET_SYSERR !=
1285 GNUNET_TRANSPORT_communicator_receive (ch,
1286 &sender->target,
1287 hdr,
1288 ADDRESS_VALIDITY_PERIOD,
1289 NULL /* no flow control possible */
1290 ,
1291 NULL));
1292 /* move on to next message, if any */
1293 plaintext_len -= ntohs (hdr->size);
1294 if (plaintext_len < sizeof(*hdr))
1295 break;
1296 pos += ntohs (hdr->size);
1297 hdr = (const struct GNUNET_MessageHeader *) pos;
1298 // TODO for now..., we do not actually sen >1msg or have a way of telling
1299 // if we are done
1300 break;
1301 }
1302 GNUNET_STATISTICS_update (stats,
1303 "# bytes padding discarded",
1304 plaintext_len,
1305 GNUNET_NO);
1306}
1307
1308
1309/**
1310 * Setup @a cipher based on shared secret @a msec and
1311 * serial number @a serial.
1312 *
1313 * @param msec master shared secret
1314 * @param serial serial number of cipher to set up
1315 * @param cipher[out] cipher to initialize
1316 */
1317static void
1318setup_cipher (const struct GNUNET_HashCode *msec,
1319 uint32_t serial,
1320 gcry_cipher_hd_t *cipher)
1321{
1322 char key[AES_KEY_SIZE];
1323 char iv[AES_IV_SIZE];
1324 int rc;
1325
1326 GNUNET_assert (0 ==
1327 gcry_cipher_open (cipher,
1328 GCRY_CIPHER_AES256 /* low level: go for speed */,
1329 GCRY_CIPHER_MODE_GCM,
1330 0 /* flags */));
1331 get_iv_key (msec, serial, key, iv);
1332 rc = gcry_cipher_setkey (*cipher, key, sizeof(key));
1333 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
1334 rc = gcry_cipher_setiv (*cipher, iv, sizeof(iv));
1335 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
1336}
1337
1338
1339/**
1340 * Try to decrypt @a buf using shared secret @a ss and key/iv
1341 * derived using @a serial.
1342 *
1343 * @param ss shared secret
1344 * @param tag GCM authentication tag
1345 * @param serial serial number to use
1346 * @param in_buf input buffer to decrypt
1347 * @param in_buf_size number of bytes in @a in_buf and available in @a out_buf
1348 * @param out_buf where to write the result
1349 * @return #GNUNET_OK on success
1350 */
1351static int
1352try_decrypt (const struct SharedSecret *ss,
1353 const char tag[GCM_TAG_SIZE],
1354 uint32_t serial,
1355 const char *in_buf,
1356 size_t in_buf_size,
1357 char *out_buf)
1358{
1359 gcry_cipher_hd_t cipher;
1360
1361 setup_cipher (&ss->master, serial, &cipher);
1362 GNUNET_assert (
1363 0 ==
1364 gcry_cipher_decrypt (cipher, out_buf, in_buf_size, in_buf, in_buf_size));
1365 if (0 != gcry_cipher_checktag (cipher, tag, GCM_TAG_SIZE))
1366 {
1367 gcry_cipher_close (cipher);
1368 GNUNET_STATISTICS_update (stats,
1369 "# AEAD authentication failures",
1370 1,
1371 GNUNET_NO);
1372 return GNUNET_SYSERR;
1373 }
1374 gcry_cipher_close (cipher);
1375 return GNUNET_OK;
1376}
1377
1378
1379/**
1380 * Setup shared secret for decryption.
1381 *
1382 * @param ephemeral ephemeral key we received from the other peer
1383 * @return new shared secret
1384 */
1385static struct SharedSecret *
1386setup_shared_secret_dec (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
1387{
1388 struct SharedSecret *ss;
1389
1390 ss = GNUNET_new (struct SharedSecret);
1391 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, ephemeral, &ss->master);
1392 return ss;
1393}
1394
1395
1396/**
1397 * Setup shared secret for encryption.
1398 *
1399 * @param ephemeral ephemeral key we are sending to the other peer
1400 * @param[in,out] receiver queue to initialize encryption key for
1401 * @return new shared secret
1402 */
1403static struct SharedSecret *
1404setup_shared_secret_enc (const struct GNUNET_CRYPTO_EcdhePrivateKey *ephemeral,
1405 struct ReceiverAddress *receiver, int add_to_receiver)
1406{
1407 struct SharedSecret *ss;
1408
1409 ss = GNUNET_new (struct SharedSecret);
1410 GNUNET_CRYPTO_ecdh_eddsa (ephemeral,
1411 &receiver->target.public_key,
1412 &ss->master);
1413 calculate_cmac (ss);
1414 ss->receiver = receiver;
1415 GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
1416 receiver->num_secrets++;
1417 GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
1418 return ss;
1419}
1420
1421
1422/**
1423 * Setup the MQ for the @a receiver. If a queue exists,
1424 * the existing one is destroyed. Then the MTU is
1425 * recalculated and a fresh queue is initialized.
1426 *
1427 * @param receiver receiver to setup MQ for
1428 */
1429static void
1430setup_receiver_mq (struct ReceiverAddress *receiver);
1431
1432/**
1433 * Destroying all secrets. Depending on parameter we keep those secrets having a kce.
1434 *
1435 * @param ss The secret we will not destroy.
1436 * @param withoutKce If GNUNET_YES shared secrets with kce will not be destroyed.
1437 */
1438static void
1439destroy_all_secrets (struct SharedSecret *ss, int withoutKce)
1440{
1441 struct SenderAddress *sender;
1442 struct ReceiverAddress *receiver;
1443 struct SharedSecret *ss_to_destroy;
1444 struct SharedSecret *ss_start;
1445 struct SharedSecret *pos;
1446 int at_least_one_destroyed = GNUNET_NO;
1447
1448 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1449 "Starting destroy all withoutKce: %u.\n",
1450 withoutKce);
1451
1452 if (NULL != (sender = ss->sender))
1453 {
1454 ss_start = sender->ss_head;
1455 }
1456 else if (NULL != (receiver = ss->receiver))
1457 {
1458 ss_start = receiver->ss_head;
1459 }
1460 else
1461 {
1462 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1463 "Shared secret has no sender or receiver!\n");
1464 return;
1465 }
1466
1467 pos = ss_start;
1468 while (NULL != pos)
1469 {
1470 ss_to_destroy = pos;
1471 pos = pos->next;
1472
1473 if (ss != ss_to_destroy)
1474 at_least_one_destroyed = secret_destroy (ss_to_destroy, withoutKce);
1475 }
1476
1477 if ((ss != ss_start) && ! at_least_one_destroyed)
1478 {
1479 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1480 "Really destroying all.\n");
1481 destroy_all_secrets (ss_start, GNUNET_NO);
1482 }
1483
1484 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1485 "Finished destroy all.\n");
1486}
1487
1488
1489static void
1490add_acks (struct SharedSecret *ss, int acks_to_add)
1491{
1492
1493 struct ReceiverAddress *receiver = ss->receiver;
1494
1495 GNUNET_assert (NULL != ss);
1496 GNUNET_assert (NULL != receiver);
1497
1498 if (NULL == receiver->d_qh)
1499 {
1500 receiver->d_qh =
1501 GNUNET_TRANSPORT_communicator_mq_add (ch,
1502 &receiver->target,
1503 receiver->foreign_addr,
1504 receiver->d_mtu,
1505 acks_to_add,
1506 1, /* Priority */
1507 receiver->nt,
1508 GNUNET_TRANSPORT_CS_OUTBOUND,
1509 receiver->d_mq);
1510 }
1511 else
1512 {
1513 GNUNET_TRANSPORT_communicator_mq_update (ch,
1514 receiver->d_qh,
1515 acks_to_add,
1516 1);
1517 }
1518
1519 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1520 "Tell transport we have %u more acks!\n",
1521 acks_to_add);
1522 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1523 "%u kce for rekeying.\n",
1524 receiver->number_rekeying_kce);
1525
1526 // Until here for alternativ 1
1527
1528 /* move ss to head to avoid discarding it anytime soon! */
1529
1530 GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
1531 GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
1532 destroy_all_secrets (ss, GNUNET_YES);
1533}
1534
1535
1536static uint32_t
1537reset_rekey_kces (struct ReceiverAddress *receiver,
1538 uint32_t acks_to_add)
1539{
1540 int needed_for_rekeying;
1541
1542 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1543 "%u kce for rekeying and %u acks_to_add\n",
1544 receiver->number_rekeying_kce,
1545 acks_to_add);
1546
1547 needed_for_rekeying = (3 - receiver->number_rekeying_kce);
1548 if (acks_to_add <= needed_for_rekeying)
1549 {
1550 receiver->number_rekeying_kce += acks_to_add;
1551 acks_to_add = 0;
1552 }
1553 else
1554 {
1555 acks_to_add -= (3 - receiver->number_rekeying_kce);
1556 receiver->number_rekeying_kce = 3;
1557 }
1558
1559 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1560 "%u kce for rekeying and %u acks_to_add\n",
1561 receiver->number_rekeying_kce,
1562 acks_to_add);
1563 return acks_to_add;
1564}
1565
1566
1567static void
1568add_acks_rekey (struct ReceiverAddress *receiver)
1569{
1570 uint32_t acks_to_add = receiver->ss_rekey->sequence_allowed;
1571
1572 if (receiver->number_rekeying_kce < 3)
1573 acks_to_add = reset_rekey_kces (receiver, acks_to_add);
1574 receiver->acks_available = receiver->ss_rekey->sequence_allowed;
1575 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1576 "%u receiver->acks_available 4\n",
1577 receiver->acks_available);
1578 /* add_acks (receiver->ss_rekey, acks_to_add - 3); */
1579 if (0 != acks_to_add)
1580 {
1581 add_acks (receiver->ss_rekey, acks_to_add);
1582 }
1583 receiver->ss_rekey = NULL;
1584 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1585 "# rekeying successful\n");
1586 GNUNET_STATISTICS_update (stats,
1587 "# rekeying successful",
1588 1,
1589 GNUNET_NO);
1590}
1591
1592
1593/**
1594 * We received an ACK for @a pid. Check if it is for
1595 * the receiver in @a value and if so, handle it and
1596 * return #GNUNET_NO. Otherwise, return #GNUNET_YES.
1597 *
1598 * @param cls a `const struct UDPAck`
1599 * @param pid peer the ACK is from
1600 * @param value a `struct ReceiverAddress`
1601 * @return #GNUNET_YES to continue to iterate
1602 */
1603static int
1604handle_ack (void *cls, const struct GNUNET_PeerIdentity *pid, void *value)
1605{
1606 const struct UDPAck *ack = cls;
1607 struct ReceiverAddress *receiver = value;
1608 uint32_t acks_to_add;
1609 uint32_t allowed;
1610 // int needed_for_rekeying;
1611
1612 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1613 "in handle ack with cmac %s\n",
1614 GNUNET_h2s (&ack->cmac));
1615
1616 if (NULL != receiver->ss_rekey)
1617 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1618 "We have rekey secret with cmac %s \n",
1619 GNUNET_h2s (&receiver->ss_rekey->cmac));
1620
1621 if ((NULL != receiver->ss_rekey) && (0 == memcmp (&ack->cmac,
1622 &receiver->ss_rekey->cmac,
1623 sizeof(struct
1624 GNUNET_HashCode))) )
1625 {
1626 allowed = ntohl (ack->sequence_max);
1627
1628 if (allowed > receiver->ss_rekey->sequence_allowed)
1629 {
1630 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1631 "%u > %u (%u %u) for rekey secrect %s\n", allowed,
1632 receiver->ss_rekey->sequence_allowed,
1633 receiver->acks_available,
1634 ack->acks_available,
1635 GNUNET_h2s (&receiver->ss_rekey->master));
1636
1637 receiver->ss_rekey->sequence_allowed = allowed;
1638
1639 if (GNUNET_NO == receiver->rekeying)
1640 add_acks_rekey (receiver);
1641
1642 return GNUNET_NO;
1643 }
1644 }
1645
1646 (void) pid;
1647 for (struct SharedSecret *ss = receiver->ss_head; NULL != ss; ss = ss->next)
1648 {
1649 if (0 == memcmp (&ack->cmac, &ss->cmac, sizeof(struct GNUNET_HashCode)))
1650 {
1651
1652 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1653 "Found matching mac\n");
1654
1655 allowed = ntohl (ack->sequence_max);
1656
1657 if (allowed > ss->sequence_allowed)
1658 {
1659 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1660 "%u > %u (%u %u) for secrect %s\n", allowed,
1661 ss->sequence_allowed,
1662 receiver->acks_available,
1663 ack->acks_available,
1664 GNUNET_h2s (&ss->master));
1665 // Uncomment this for alternativ 1 of backchannel functionality
1666 acks_to_add = (allowed - ss->sequence_allowed);
1667 if ((GNUNET_NO == receiver->rekeying) &&
1668 (receiver->number_rekeying_kce < 3) )
1669 acks_to_add = reset_rekey_kces (receiver, acks_to_add);
1670 /* if ((GNUNET_NO == receiver->rekeying) && */
1671 /* (receiver->number_rekeying_kce < */
1672 /* 3) ) */
1673 /* { */
1674 /* needed_for_rekeying = (3 - receiver->number_rekeying_kce); */
1675 /* if (acks_to_add <= needed_for_rekeying) */
1676 /* { */
1677 /* receiver->number_rekeying_kce += acks_to_add; */
1678 /* acks_to_add = 0; */
1679 /* } */
1680 /* else */
1681 /* { */
1682 /* acks_to_add -= (3 - receiver->number_rekeying_kce); */
1683 /* receiver->number_rekeying_kce = 3; */
1684 /* } */
1685 /* } */
1686 /* GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, */
1687 /* "%u kce for rekeying\n", */
1688 /* receiver->number_rekeying_kce); */
1689
1690 if ((0 != acks_to_add) && (GNUNET_NO == receiver->rekeying))
1691 {
1692 receiver->acks_available += (allowed - ss->sequence_allowed);
1693 ss->sequence_allowed = allowed;
1694 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1695 "%u receiver->acks_available 5\n",
1696 receiver->acks_available);
1697 add_acks (ss, acks_to_add);
1698 }
1699 }
1700 return GNUNET_NO;
1701 }
1702 }
1703 return GNUNET_YES;
1704}
1705
1706
1707/**
1708 * Test if we have received a valid message in plaintext.
1709 * If so, handle it.
1710 *
1711 * @param sender peer to process inbound plaintext for
1712 * @param buf buffer we received
1713 * @param buf_size number of bytes in @a buf
1714 */
1715static void
1716try_handle_plaintext (struct SenderAddress *sender,
1717 const void *buf,
1718 size_t buf_size)
1719{
1720 const struct GNUNET_MessageHeader *hdr =
1721 (const struct GNUNET_MessageHeader *) buf;
1722 const struct UDPAck *ack = (const struct UDPAck *) buf;
1723 uint16_t type;
1724
1725 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1726 "try_handle_plaintext of size %lu (%u %lu) and type %u\n",
1727 buf_size,
1728 ntohs (hdr->size),
1729 sizeof(*hdr),
1730 ntohs (hdr->type));
1731 if (sizeof(*hdr) > buf_size)
1732 return; /* not even a header */
1733 if (ntohs (hdr->size) > buf_size)
1734 return; /* not even a header */
1735 type = ntohs (hdr->type);
1736 switch (type)
1737 {
1738 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:
1739 /* lookup master secret by 'cmac', then update sequence_max */
1740 GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
1741 &sender->target,
1742 &handle_ack,
1743 (void *) ack);
1744 /* There could be more messages after the ACK, handle those as well */
1745 buf += ntohs (hdr->size);
1746 buf_size -= ntohs (hdr->size);
1747 pass_plaintext_to_core (sender, buf, buf_size);
1748 break;
1749
1750 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD:
1751 /* skip padding */
1752 break;
1753
1754 default:
1755 pass_plaintext_to_core (sender, buf, buf_size);
1756 }
1757}
1758
1759
1760static void
1761kce_generate_cb (void *cls)
1762{
1763 struct SharedSecret *ss = cls;
1764
1765 ss->sender->kce_task = NULL;
1766
1767 if (((GNUNET_NO == ss->sender->rekeying) && (ss->sender->acks_available <
1768 KCN_TARGET) ) ||
1769 ((ss->sender->ss_rekey == ss) && (GNUNET_YES == ss->sender->rekeying) &&
1770 (ss->sender->acks_available < KCN_TARGET)))
1771 {
1772
1773 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1774 "Precomputing keys for master %s\n",
1775 GNUNET_h2s (&(ss->master)));
1776
1777 for (int i = 0; i < GENERATE_AT_ONCE; i++)
1778 kce_generate (ss, ++ss->sequence_allowed);
1779
1780 if (KCN_TARGET > ss->sender->acks_available)
1781 {
1782 ss->sender->kce_task = GNUNET_SCHEDULER_add_delayed (
1783 WORKING_QUEUE_INTERVALL,
1784 kce_generate_cb,
1785 ss);
1786 }
1787 else
1788 {
1789 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1790 "We have enough keys.\n");
1791 ss_finished = ss;
1792 ss->sender->kce_task_finished = GNUNET_YES;
1793 }
1794 }
1795
1796
1797
1798}
1799
1800
1801static void
1802kce_generate_rekey_cb (void *cls)
1803{
1804 struct SharedSecret *ss = cls;
1805
1806 ss->sender->kce_task_rekey = NULL;
1807
1808 if (NULL == ss->sender->kce_task)
1809 {
1810
1811 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1812 "Precomputing keys for rekey master %s\n",
1813 GNUNET_h2s (&(ss->master)));
1814
1815 for (int i = 0; i < GENERATE_AT_ONCE; i++)
1816 kce_generate (ss, ++ss->sequence_allowed);
1817
1818 ss->sender->kce_task = GNUNET_SCHEDULER_add_delayed (
1819 WORKING_QUEUE_INTERVALL,
1820 kce_generate_cb,
1821 ss);
1822 ss->sender->kce_task_rekey = NULL;
1823 }
1824 else
1825 {
1826 ss->sender->kce_task_rekey = GNUNET_SCHEDULER_add_delayed (
1827 WORKING_QUEUE_INTERVALL,
1828 kce_generate_rekey_cb,
1829 ss);
1830 }
1831}
1832
1833
1834/**
1835 * We established a shared secret with a sender. We should try to send
1836 * the sender an `struct UDPAck` at the next opportunity to allow the
1837 * sender to use @a ss longer (assuming we did not yet already
1838 * recently).
1839 *
1840 * @param ss shared secret to generate ACKs for
1841 * @param initial The SharedSecret came with initial KX.
1842 */
1843static void
1844consider_ss_ack (struct SharedSecret *ss, int initial)
1845{
1846 struct GNUNET_SCHEDULER_Task *kce_task_rekey;
1847 struct GNUNET_SCHEDULER_Task *kce_task;
1848 int kce_task_finished;
1849
1850 kce_task_rekey = ss->sender->kce_task_rekey;
1851 kce_task_finished = ss->sender->kce_task_finished;
1852 kce_task = ss->sender->kce_task;
1853
1854 GNUNET_assert (NULL != ss->sender);
1855 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1856 "Considering SS UDPAck %s\n",
1857 GNUNET_i2s_full (&ss->sender->target));
1858
1859 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1860 "We have %u acks available.\n",
1861 ss->sender->acks_available);
1862 /* drop ancient KeyCacheEntries */
1863 while ((NULL != ss->kce_head) &&
1864 (MAX_SQN_DELTA <
1865 ss->kce_head->sequence_number - ss->kce_tail->sequence_number))
1866 kce_destroy (ss->kce_tail);
1867
1868
1869 if (GNUNET_NO == initial)
1870 kce_generate (ss, ++ss->sequence_allowed);
1871
1872 /*if (0 == ss->sender->acks_available)
1873 {
1874 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1875 "Generating keys\n");
1876 while (ss->active_kce_count < KCN_TARGET)
1877 kce_generate (ss, ++ss->sequence_allowed);
1878 }*/
1879
1880 if (NULL != kce_task)
1881 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1882 "kce_task is not NULL\n");
1883 if (kce_task_finished)
1884 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1885 "kce_task_finished: GNUNET_YES\n");
1886 if (initial)
1887 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1888 "initial: GNUNET_YES\n");
1889
1890 if ( kce_task_finished || (GNUNET_NO == initial))
1891 {
1892 struct UDPAck ack;
1893 struct SharedSecret *ss_tell;
1894
1895 if (GNUNET_NO != initial)
1896 ss_tell = ss_finished;
1897 else
1898 ss_tell = ss;
1899
1900 ack.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK);
1901 ack.header.size = htons (sizeof(ack));
1902 ack.sequence_max = htonl (ss_tell->sequence_allowed);
1903 ack.acks_available = ss->sender->acks_available;
1904 ack.cmac = ss_tell->cmac;
1905 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1906 "Notifying transport of UDPAck %s with initial %u and master %s\n",
1907 GNUNET_i2s_full (&ss_tell->sender->target),
1908 initial,
1909 GNUNET_h2s (&(ss_tell->master)));
1910 GNUNET_TRANSPORT_communicator_notify (ch,
1911 &ss_tell->sender->target,
1912 COMMUNICATOR_ADDRESS_PREFIX,
1913 &ack.header);
1914 if (GNUNET_NO != initial)
1915 {
1916 destroy_all_secrets (ss, GNUNET_YES);
1917 ss->sender->kce_task_finished = GNUNET_NO;
1918 }
1919 }
1920 else if ((NULL == kce_task) && ((KCN_THRESHOLD >
1921 ss->sender->acks_available) ||
1922 (GNUNET_YES == ss->sender->rekeying) ||
1923 (ss->sender->num_secrets > MAX_SECRETS) ))
1924 {
1925
1926 // kce_generate (ss, ++ss->sequence_allowed);
1927 // kce_generate (ss, ++ss->sequence_allowed);
1928 // TODO This task must be per sender!
1929 kce_task = GNUNET_SCHEDULER_add_delayed (WORKING_QUEUE_INTERVALL,
1930 kce_generate_cb,
1931 ss);
1932 kce_task_finished = GNUNET_NO;
1933
1934 }
1935 else if ((NULL == kce_task_rekey) && (GNUNET_YES ==
1936 ss->sender->rekeying) )
1937 {
1938 kce_task_rekey = GNUNET_SCHEDULER_add_delayed (WORKING_QUEUE_INTERVALL,
1939 kce_generate_rekey_cb,
1940 ss);
1941 }
1942}
1943
1944
1945/**
1946 * We received a @a box with matching @a kce. Decrypt and process it.
1947 *
1948 * @param box the data we received
1949 * @param box_len number of bytes in @a box
1950 * @param kce key index to decrypt @a box
1951 */
1952static void
1953decrypt_box (const struct UDPBox *box,
1954 size_t box_len,
1955 struct KeyCacheEntry *kce)
1956{
1957 struct SharedSecret *ss = kce->ss;
1958 char out_buf[box_len - sizeof(*box)];
1959
1960 GNUNET_assert (NULL != ss->sender);
1961 if (GNUNET_OK != try_decrypt (ss,
1962 box->gcm_tag,
1963 kce->sequence_number,
1964 (const char *) &box[1],
1965 sizeof(out_buf),
1966 out_buf))
1967 {
1968 GNUNET_STATISTICS_update (stats,
1969 "# Decryption failures with valid KCE",
1970 1,
1971 GNUNET_NO);
1972 kce_destroy (kce);
1973 return;
1974 }
1975 kce_destroy (kce);
1976 GNUNET_STATISTICS_update (stats,
1977 "# bytes decrypted with BOX",
1978 sizeof(out_buf),
1979 GNUNET_NO);
1980 GNUNET_STATISTICS_update (stats,
1981 "# messages decrypted with BOX",
1982 1,
1983 GNUNET_NO);
1984 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1985 "decrypted UDPBox with kid %s\n",
1986 GNUNET_sh2s (&box->kid));
1987 try_handle_plaintext (ss->sender, out_buf, sizeof(out_buf));
1988 if ((GNUNET_NO == box->rekeying) && (GNUNET_YES == ss->sender->rekeying))
1989 {
1990 ss->sender->rekeying = GNUNET_NO;
1991 ss->sender->ss_rekey = NULL;
1992 // destroy_all_secrets (ss, GNUNET_NO);
1993 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1994 "Receiver stopped rekeying.\n");
1995 }
1996 else if (GNUNET_NO == box->rekeying)
1997 consider_ss_ack (ss, GNUNET_NO);
1998 else
1999 {
2000 ss->sender->rekeying = GNUNET_YES;
2001 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2002 "Got Box: Receiver doing rekeying.\n");
2003 }
2004}
2005
2006
2007/**
2008 * We received a @a rekey with matching @a kce. Decrypt and process it.
2009 *
2010 * @param rekey the data we received
2011 * @param rekey_len number of bytes in @a rekey
2012 * @param kce key index to decrypt @a rekey
2013 */
2014static void
2015decrypt_rekey (const struct UDPRekey *rekey,
2016 size_t rekey_len,
2017 struct KeyCacheEntry *kce,
2018 struct SenderAddress *sender)
2019{
2020 struct SharedSecret *ss = kce->ss;
2021 struct SharedSecret *ss_rekey;
2022 char out_buf[rekey_len - sizeof(*rekey)];
2023 struct GNUNET_HashCode *master;
2024
2025
2026 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2027 "decrypt_rekey.\n");
2028
2029 GNUNET_assert (NULL != ss->sender);
2030 if (GNUNET_OK != try_decrypt (ss,
2031 rekey->gcm_tag,
2032 kce->sequence_number,
2033 (const char *) &rekey[1],
2034 sizeof(out_buf),
2035 out_buf))
2036 {
2037 GNUNET_STATISTICS_update (stats,
2038 "# Decryption failures with valid KCE",
2039 1,
2040 GNUNET_NO);
2041 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2042 "Decryption with kid %s failed\n",
2043 GNUNET_sh2s (&rekey->kid));
2044 kce_destroy (kce);
2045 return;
2046 }
2047 kce_destroy (kce);
2048 GNUNET_STATISTICS_update (stats,
2049 "# bytes decrypted with Rekey",
2050 sizeof(out_buf),
2051 GNUNET_NO);
2052 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2053 "decrypted UDPRekey with kid %s\n",
2054 GNUNET_sh2s (&rekey->kid));
2055 /*cmac = (struct GNUNET_HashCode *) out_buf;
2056 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2057 "Received secret with cmac %s \n",
2058 GNUNET_h2s (&cmac));*/
2059 // ss_rekey = (struct SharedSecret *) out_buf;
2060 master = (struct GNUNET_HashCode *) out_buf;
2061 ss_rekey = GNUNET_new (struct SharedSecret);
2062 ss_rekey->master = *master;
2063 calculate_cmac (ss_rekey);
2064 ss_rekey->sender = sender;
2065 // ss_rekey->sequence_used = 0;
2066 // ss_rekey->sequence_allowed = 0;
2067 /* ss_rekey->active_kce_count = 0; */
2068 /* ss_rekey->prev = NULL; */
2069 /* ss_rekey->next = NULL; */
2070 /* GNUNET_assert (ss_rekey->prev == NULL && sender->ss_head != ss_rekey); */
2071 /* GNUNET_assert (ss_rekey->next == NULL && sender->ss_tail != ss_rekey); */
2072 GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss_rekey);
2073 sender->ss_rekey = ss_rekey;
2074 sender->num_secrets++;
2075 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2076 "Received secret with cmac %s\n",
2077 GNUNET_h2s (&(ss_rekey->cmac)));
2078 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2079 "Received secret with master %s.\n",
2080 GNUNET_h2s (&(ss_rekey->master)));
2081 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2082 "We have %u sequence_allowed.\n",
2083 ss_rekey->sequence_allowed);
2084 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2085 "We have a sender %p\n",
2086 ss_rekey->sender);
2087 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2088 "We have %u acks available.\n",
2089 ss_rekey->sender->acks_available);
2090 consider_ss_ack (ss_rekey, GNUNET_YES);
2091
2092}
2093
2094
2095/**
2096 * Closure for #find_sender_by_address()
2097 */
2098struct SearchContext
2099{
2100 /**
2101 * Address we are looking for.
2102 */
2103 const struct sockaddr *address;
2104
2105 /**
2106 * Number of bytes in @e address.
2107 */
2108 socklen_t address_len;
2109
2110 /**
2111 * Return value to set if we found a match.
2112 */
2113 struct SenderAddress *sender;
2114};
2115
2116
2117/**
2118 * Find existing `struct SenderAddress` by matching addresses.
2119 *
2120 * @param cls a `struct SearchContext`
2121 * @param key ignored, must match already
2122 * @param value a `struct SenderAddress`
2123 * @return #GNUNET_YES if not found (continue to search), #GNUNET_NO if found
2124 */
2125static int
2126find_sender_by_address (void *cls,
2127 const struct GNUNET_PeerIdentity *key,
2128 void *value)
2129{
2130 struct SearchContext *sc = cls;
2131 struct SenderAddress *sender = value;
2132
2133 if ((sender->address_len == sc->address_len) &&
2134 (0 == memcmp (sender->address, sc->address, sender->address_len)))
2135 {
2136 sc->sender = sender;
2137 return GNUNET_NO; /* stop iterating! */
2138 }
2139 return GNUNET_YES;
2140}
2141
2142
2143/**
2144 * Create sender address for @a target. Note that we
2145 * might already have one, so a fresh one is only allocated
2146 * if one does not yet exist for @a address.
2147 *
2148 * @param target peer to generate address for
2149 * @param address target address
2150 * @param address_len number of bytes in @a address
2151 * @return data structure to keep track of key material for
2152 * decrypting data from @a target
2153 */
2154static struct SenderAddress *
2155setup_sender (const struct GNUNET_PeerIdentity *target,
2156 const struct sockaddr *address,
2157 socklen_t address_len)
2158{
2159 struct SenderAddress *sender;
2160 struct SearchContext sc = { .address = address,
2161 .address_len = address_len,
2162 .sender = NULL };
2163
2164 GNUNET_CONTAINER_multipeermap_get_multiple (senders,
2165 target,
2166 &find_sender_by_address,
2167 &sc);
2168 if (NULL != sc.sender)
2169 {
2170 reschedule_sender_timeout (sc.sender);
2171 return sc.sender;
2172 }
2173 sender = GNUNET_new (struct SenderAddress);
2174 sender->target = *target;
2175 sender->address = GNUNET_memdup (address, address_len);
2176 sender->address_len = address_len;
2177 (void) GNUNET_CONTAINER_multipeermap_put (
2178 senders,
2179 &sender->target,
2180 sender,
2181 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
2182 GNUNET_STATISTICS_set (stats,
2183 "# senders active",
2184 GNUNET_CONTAINER_multipeermap_size (receivers),
2185 GNUNET_NO);
2186 sender->timeout =
2187 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
2188 sender->hn = GNUNET_CONTAINER_heap_insert (senders_heap,
2189 sender,
2190 sender->timeout.abs_value_us);
2191 sender->nt = GNUNET_NT_scanner_get_type (is, address, address_len);
2192 if (NULL == timeout_task)
2193 timeout_task = GNUNET_SCHEDULER_add_now (&check_timeouts, NULL);
2194 return sender;
2195}
2196
2197
2198/**
2199 * Check signature from @a uc against @a ephemeral.
2200 *
2201 * @param ephemeral key that is signed
2202 * @param uc signature of claimant
2203 * @return #GNUNET_OK if signature is valid
2204 */
2205static int
2206verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
2207 const struct UDPConfirmation *uc)
2208{
2209 struct UdpHandshakeSignature uhs;
2210
2211 uhs.purpose.purpose = htonl (
2212 GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_HANDSHAKE);
2213 uhs.purpose.size = htonl (sizeof(uhs));
2214 uhs.sender = uc->sender;
2215 uhs.receiver = my_identity;
2216 uhs.ephemeral = *ephemeral;
2217 uhs.monotonic_time = uc->monotonic_time;
2218 return GNUNET_CRYPTO_eddsa_verify (
2219 GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_HANDSHAKE,
2220 &uhs,
2221 &uc->sender_sig,
2222 &uc->sender.public_key);
2223}
2224
2225
2226/**
2227 * Converts @a address to the address string format used by this
2228 * communicator in HELLOs.
2229 *
2230 * @param address the address to convert, must be AF_INET or AF_INET6.
2231 * @param address_len number of bytes in @a address
2232 * @return string representation of @a address
2233 */
2234static char *
2235sockaddr_to_udpaddr_string (const struct sockaddr *address,
2236 socklen_t address_len)
2237{
2238 char *ret;
2239
2240 switch (address->sa_family)
2241 {
2242 case AF_INET:
2243 GNUNET_asprintf (&ret,
2244 "%s-%s",
2245 COMMUNICATOR_ADDRESS_PREFIX,
2246 GNUNET_a2s (address, address_len));
2247 break;
2248
2249 case AF_INET6:
2250 GNUNET_asprintf (&ret,
2251 "%s-%s",
2252 COMMUNICATOR_ADDRESS_PREFIX,
2253 GNUNET_a2s (address, address_len));
2254 break;
2255
2256 default:
2257 GNUNET_assert (0);
2258 }
2259 return ret;
2260}
2261
2262
2263/**
2264 * Socket read task.
2265 *
2266 * @param cls NULL
2267 */
2268static void
2269sock_read (void *cls)
2270{
2271 struct sockaddr_storage sa;
2272 struct sockaddr_in *addr_verify;
2273 socklen_t salen = sizeof(sa);
2274 char buf[UINT16_MAX];
2275 ssize_t rcvd;
2276
2277 (void) cls;
2278 read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2279 udp_sock,
2280 &sock_read,
2281 NULL);
2282 rcvd = GNUNET_NETWORK_socket_recvfrom (udp_sock,
2283 buf,
2284 sizeof(buf),
2285 (struct sockaddr *) &sa,
2286 &salen);
2287 if (-1 == rcvd)
2288 {
2289 GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG, "recv");
2290 return;
2291 }
2292 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2293 "Read %lu bytes\n", rcvd);
2294
2295 if (rcvd > sizeof(struct UDPRekey))
2296 {
2297 const struct UDPRekey *rekey;
2298 const struct UDPBox *box;
2299 struct KeyCacheEntry *kce;
2300 struct SenderAddress *sender;
2301 int do_decrypt = GNUNET_NO;
2302
2303 rekey = (const struct UDPRekey *) buf;
2304 box = (const struct UDPBox *) buf;
2305 kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &rekey->kid);
2306
2307 if ((GNUNET_YES == box->rekeying) || (GNUNET_NO == box->rekeying))
2308 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2309 "UDPRekey has rekeying %u\n",
2310 box->rekeying);
2311 else
2312 do_decrypt = GNUNET_YES;
2313
2314 if ((GNUNET_YES == do_decrypt) && (NULL != kce) && (GNUNET_YES ==
2315 kce->ss->sender->
2316 rekeying))
2317 {
2318 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2319 "UDPRekey with kid %s\n",
2320 GNUNET_sh2s (&rekey->kid));
2321 sender = setup_sender (&rekey->sender, (const struct sockaddr *) &sa,
2322 salen);
2323
2324 if (NULL != sender->ss_rekey)
2325 return;
2326
2327 decrypt_rekey (rekey, (size_t) rcvd, kce, sender);
2328 return;
2329 }
2330 }
2331
2332 /* first, see if it is a UDPBox */
2333 if (rcvd > sizeof(struct UDPBox))
2334 {
2335 const struct UDPBox *box;
2336 struct KeyCacheEntry *kce;
2337
2338 box = (const struct UDPBox *) buf;
2339 kce = GNUNET_CONTAINER_multishortmap_get (key_cache, &box->kid);
2340 if (NULL != kce)
2341 {
2342 decrypt_box (box, (size_t) rcvd, kce);
2343 return;
2344 }
2345 }
2346
2347 /* next, check if it is a broadcast */
2348 if (sizeof(struct UDPBroadcast) == rcvd)
2349 {
2350 const struct UDPBroadcast *ub;
2351 struct UdpBroadcastSignature uhs;
2352 struct GNUNET_PeerIdentity sender;
2353
2354 addr_verify = GNUNET_memdup (&sa, salen);
2355 addr_verify->sin_port = 0;
2356 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2357 "received UDPBroadcast from %s\n",
2358 GNUNET_a2s ((const struct sockaddr *) addr_verify, salen));
2359 ub = (const struct UDPBroadcast *) buf;
2360 uhs.purpose.purpose = htonl (
2361 GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_BROADCAST);
2362 uhs.purpose.size = htonl (sizeof(uhs));
2363 uhs.sender = ub->sender;
2364 sender = ub->sender;
2365 if (0 == memcmp (&sender, &my_identity, sizeof (struct
2366 GNUNET_PeerIdentity)))
2367 {
2368 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2369 "Received our own broadcast\n");
2370 GNUNET_free (addr_verify);
2371 return;
2372 }
2373 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2374 "checking UDPBroadcastSignature for %s\n",
2375 GNUNET_i2s (&sender));
2376 GNUNET_CRYPTO_hash ((struct sockaddr *) addr_verify, salen, &uhs.h_address);
2377 if (GNUNET_OK ==
2378 GNUNET_CRYPTO_eddsa_verify (
2379 GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_BROADCAST,
2380 &uhs,
2381 &ub->sender_sig,
2382 &ub->sender.public_key))
2383 {
2384 char *addr_s;
2385 enum GNUNET_NetworkType nt;
2386
2387 addr_s =
2388 sockaddr_to_udpaddr_string ((const struct sockaddr *) &sa, salen);
2389 GNUNET_STATISTICS_update (stats, "# broadcasts received", 1, GNUNET_NO);
2390 /* use our own mechanism to determine network type */
2391 nt =
2392 GNUNET_NT_scanner_get_type (is, (const struct sockaddr *) &sa, salen);
2393 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2394 "validating address %s received from UDPBroadcast\n",
2395 GNUNET_i2s (&sender));
2396 GNUNET_TRANSPORT_application_validate (ah, &sender, nt, addr_s);
2397 GNUNET_free (addr_s);
2398 GNUNET_free (addr_verify);
2399 return;
2400 }
2401 else
2402 {
2403 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2404 "VerifyingPeer %s is verifying UDPBroadcast\n",
2405 GNUNET_i2s (&my_identity));
2406 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2407 "Verifying UDPBroadcast from %s failed\n",
2408 GNUNET_i2s (&ub->sender));
2409 }
2410 GNUNET_free (addr_verify);
2411 /* continue with KX, mostly for statistics... */
2412 }
2413
2414
2415 /* finally, test if it is a KX */
2416 if (rcvd < sizeof(struct UDPConfirmation) + sizeof(struct InitialKX))
2417 {
2418 GNUNET_STATISTICS_update (stats,
2419 "# messages dropped (no kid, too small for KX)",
2420 1,
2421 GNUNET_NO);
2422 return;
2423 }
2424 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2425 "Got KX\n");
2426 {
2427 const struct InitialKX *kx;
2428 struct SharedSecret *ss;
2429 char pbuf[rcvd - sizeof(struct InitialKX)];
2430 const struct UDPConfirmation *uc;
2431 struct SenderAddress *sender;
2432
2433 kx = (const struct InitialKX *) buf;
2434 ss = setup_shared_secret_dec (&kx->ephemeral);
2435 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2436 "Before DEC\n");
2437
2438 if (GNUNET_OK != try_decrypt (ss,
2439 kx->gcm_tag,
2440 0,
2441 &buf[sizeof(*kx)],
2442 sizeof(pbuf),
2443 pbuf))
2444 {
2445 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2446 "Unable to decrypt tag, dropping...\n");
2447 GNUNET_free (ss);
2448 GNUNET_STATISTICS_update (
2449 stats,
2450 "# messages dropped (no kid, AEAD decryption failed)",
2451 1,
2452 GNUNET_NO);
2453 return;
2454 }
2455 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2456 "Before VERIFY\n");
2457
2458 uc = (const struct UDPConfirmation *) pbuf;
2459 if (GNUNET_OK != verify_confirmation (&kx->ephemeral, uc))
2460 {
2461 GNUNET_break_op (0);
2462 GNUNET_free (ss);
2463 GNUNET_STATISTICS_update (stats,
2464 "# messages dropped (sender signature invalid)",
2465 1,
2466 GNUNET_NO);
2467 return;
2468 }
2469 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2470 "Before SETUP_SENDER\n");
2471
2472 calculate_cmac (ss);
2473 sender = setup_sender (&uc->sender, (const struct sockaddr *) &sa, salen);
2474 ss->sender = sender;
2475 GNUNET_CONTAINER_DLL_insert (sender->ss_head, sender->ss_tail, ss);
2476 sender->num_secrets++;
2477 GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
2478 GNUNET_STATISTICS_update (stats,
2479 "# messages decrypted without BOX",
2480 1,
2481 GNUNET_NO);
2482 try_handle_plaintext (sender, &uc[1], sizeof(pbuf) - sizeof(*uc));
2483 if ((GNUNET_NO == kx->rekeying) && (GNUNET_YES == ss->sender->rekeying))
2484 {
2485 ss->sender->rekeying = GNUNET_NO;
2486 sender->ss_rekey = NULL;
2487 // destroy_all_secrets (ss, GNUNET_NO);
2488 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2489 "Receiver stopped rekeying.\n");
2490 }
2491 else if (GNUNET_NO == kx->rekeying)
2492 consider_ss_ack (ss, GNUNET_YES);
2493 else
2494 {
2495 ss->sender->rekeying = GNUNET_YES;
2496 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2497 "Got KX: Receiver doing rekeying.\n");
2498 }
2499 /*if (sender->num_secrets > MAX_SECRETS)
2500 secret_destroy (sender->ss_tail);*/
2501 }
2502}
2503
2504
2505/**
2506 * Convert UDP bind specification to a `struct sockaddr *`
2507 *
2508 * @param bindto bind specification to convert
2509 * @param[out] sock_len set to the length of the address
2510 * @return converted bindto specification
2511 */
2512static struct sockaddr *
2513udp_address_to_sockaddr (const char *bindto, socklen_t *sock_len)
2514{
2515 struct sockaddr *in;
2516 unsigned int port;
2517 char dummy[2];
2518 char *colon;
2519 char *cp;
2520
2521 if (1 == sscanf (bindto, "%u%1s", &port, dummy))
2522 {
2523 /* interpreting value as just a PORT number */
2524 if (port > UINT16_MAX)
2525 {
2526 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2527 "BINDTO specification `%s' invalid: value too large for port\n",
2528 bindto);
2529 return NULL;
2530 }
2531 if ((GNUNET_NO == GNUNET_NETWORK_test_pf (PF_INET6)) ||
2532 (GNUNET_YES ==
2533 GNUNET_CONFIGURATION_get_value_yesno (cfg,
2534 COMMUNICATOR_CONFIG_SECTION,
2535 "DISABLE_V6")))
2536 {
2537 struct sockaddr_in *i4;
2538
2539 i4 = GNUNET_malloc (sizeof(struct sockaddr_in));
2540 i4->sin_family = AF_INET;
2541 i4->sin_port = htons ((uint16_t) port);
2542 *sock_len = sizeof(struct sockaddr_in);
2543 in = (struct sockaddr *) i4;
2544 }
2545 else
2546 {
2547 struct sockaddr_in6 *i6;
2548
2549 i6 = GNUNET_malloc (sizeof(struct sockaddr_in6));
2550 i6->sin6_family = AF_INET6;
2551 i6->sin6_port = htons ((uint16_t) port);
2552 *sock_len = sizeof(struct sockaddr_in6);
2553 in = (struct sockaddr *) i6;
2554 }
2555 return in;
2556 }
2557 cp = GNUNET_strdup (bindto);
2558 colon = strrchr (cp, ':');
2559 if (NULL != colon)
2560 {
2561 /* interpret value after colon as port */
2562 *colon = '\0';
2563 colon++;
2564 if (1 == sscanf (colon, "%u%1s", &port, dummy))
2565 {
2566 /* interpreting value as just a PORT number */
2567 if (port > UINT16_MAX)
2568 {
2569 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2570 "BINDTO specification `%s' invalid: value too large for port\n",
2571 bindto);
2572 GNUNET_free (cp);
2573 return NULL;
2574 }
2575 }
2576 else
2577 {
2578 GNUNET_log (
2579 GNUNET_ERROR_TYPE_ERROR,
2580 "BINDTO specification `%s' invalid: last ':' not followed by number\n",
2581 bindto);
2582 GNUNET_free (cp);
2583 return NULL;
2584 }
2585 }
2586 else
2587 {
2588 /* interpret missing port as 0, aka pick any free one */
2589 port = 0;
2590 }
2591 {
2592 /* try IPv4 */
2593 struct sockaddr_in v4;
2594
2595 memset (&v4, 0, sizeof(v4));
2596 if (1 == inet_pton (AF_INET, cp, &v4.sin_addr))
2597 {
2598 v4.sin_family = AF_INET;
2599 v4.sin_port = htons ((uint16_t) port);
2600#if HAVE_SOCKADDR_IN_SIN_LEN
2601 v4.sin_len = sizeof(struct sockaddr_in);
2602#endif
2603 in = GNUNET_memdup (&v4, sizeof(struct sockaddr_in));
2604 *sock_len = sizeof(struct sockaddr_in);
2605 GNUNET_free (cp);
2606 return in;
2607 }
2608 }
2609 {
2610 /* try IPv6 */
2611 struct sockaddr_in6 v6;
2612 const char *start;
2613
2614 memset (&v6, 0, sizeof(v6));
2615 start = cp;
2616 if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
2617 {
2618 start++; /* skip over '[' */
2619 cp[strlen (cp) - 1] = '\0'; /* eat ']' */
2620 }
2621 if (1 == inet_pton (AF_INET6, start, &v6.sin6_addr))
2622 {
2623 v6.sin6_family = AF_INET6;
2624 v6.sin6_port = htons ((uint16_t) port);
2625#if HAVE_SOCKADDR_IN_SIN_LEN
2626 v6.sin6_len = sizeof(sizeof(struct sockaddr_in6));
2627#endif
2628 in = GNUNET_memdup (&v6, sizeof(v6));
2629 *sock_len = sizeof(v6);
2630 GNUNET_free (cp);
2631 return in;
2632 }
2633 }
2634 /* #5528 FIXME (feature!): maybe also try getnameinfo()? */
2635 GNUNET_free (cp);
2636 return NULL;
2637}
2638
2639
2640/**
2641 * Pad @a dgram by @a pad_size using @a out_cipher.
2642 *
2643 * @param out_cipher cipher to use
2644 * @param dgram datagram to pad
2645 * @param pad_size number of bytes of padding to append
2646 */
2647static void
2648do_pad (gcry_cipher_hd_t out_cipher, char *dgram, size_t pad_size)
2649{
2650 char pad[pad_size];
2651
2652 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, pad, sizeof(pad));
2653 if (sizeof(pad) > sizeof(struct GNUNET_MessageHeader))
2654 {
2655 struct GNUNET_MessageHeader hdr =
2656 { .size = htons (sizeof(pad)),
2657 .type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_PAD) };
2658
2659 memcpy (pad, &hdr, sizeof(hdr));
2660 }
2661 GNUNET_assert (
2662 0 ==
2663 gcry_cipher_encrypt (out_cipher, dgram, sizeof(pad), pad, sizeof(pad)));
2664}
2665
2666
2667/**
2668 * Signature of functions implementing the sending functionality of a
2669 * message queue.
2670 *
2671 * @param mq the message queue
2672 * @param msg the message to send
2673 * @param impl_state our `struct ReceiverAddress`
2674 */
2675static void
2676mq_send_kx (struct GNUNET_MQ_Handle *mq,
2677 const struct GNUNET_MessageHeader *msg,
2678 void *impl_state)
2679{
2680 struct ReceiverAddress *receiver = impl_state;
2681 uint16_t msize = ntohs (msg->size);
2682 struct UdpHandshakeSignature uhs;
2683 struct UDPConfirmation uc;
2684 struct InitialKX kx;
2685 struct GNUNET_CRYPTO_EcdhePrivateKey epriv;
2686 char dgram[receiver->kx_mtu + sizeof(uc) + sizeof(kx)];
2687 size_t dpos;
2688 gcry_cipher_hd_t out_cipher;
2689 struct SharedSecret *ss;
2690
2691 GNUNET_assert (mq == receiver->kx_mq);
2692 if (msize > receiver->kx_mtu)
2693 {
2694 GNUNET_break (0);
2695 if (GNUNET_YES != receiver->receiver_destroy_called)
2696 receiver_destroy (receiver);
2697 return;
2698 }
2699 reschedule_receiver_timeout (receiver);
2700
2701 /* setup key material */
2702 GNUNET_CRYPTO_ecdhe_key_create (&epriv);
2703
2704 ss = setup_shared_secret_enc (&epriv, receiver, GNUNET_YES);
2705
2706 if (receiver->num_secrets > MAX_SECRETS)
2707 {
2708 destroy_all_secrets (ss, GNUNET_YES);
2709 }
2710
2711 setup_cipher (&ss->master, 0, &out_cipher);
2712 /* compute 'uc' */
2713 uc.sender = my_identity;
2714 uc.monotonic_time =
2715 GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
2716 uhs.purpose.purpose = htonl (
2717 GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_HANDSHAKE);
2718 uhs.purpose.size = htonl (sizeof(uhs));
2719 uhs.sender = my_identity;
2720 uhs.receiver = receiver->target;
2721 GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral);
2722 uhs.monotonic_time = uc.monotonic_time;
2723 GNUNET_CRYPTO_eddsa_sign (my_private_key,
2724 &uhs,
2725 &uc.sender_sig);
2726 /* Leave space for kx */
2727 dpos = sizeof(kx);
2728 /* Append encrypted uc to dgram */
2729 GNUNET_assert (0 == gcry_cipher_encrypt (out_cipher,
2730 &dgram[dpos],
2731 sizeof(uc),
2732 &uc,
2733 sizeof(uc)));
2734 dpos += sizeof(uc);
2735 /* Append encrypted payload to dgram */
2736 GNUNET_assert (
2737 0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
2738 dpos += msize;
2739 do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
2740 /* Datagram starts with kx */
2741 kx.ephemeral = uhs.ephemeral;
2742 GNUNET_assert (
2743 0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
2744 gcry_cipher_close (out_cipher);
2745 if (GNUNET_NO == receiver->rekeying)
2746 kx.rekeying = GNUNET_NO;
2747 else
2748 kx.rekeying = GNUNET_YES;
2749 memcpy (dgram, &kx, sizeof(kx));
2750 if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
2751 dgram,
2752 sizeof(dgram),
2753 receiver->address,
2754 receiver->address_len))
2755 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
2756 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2757 "Sending KX with payload size %u to %s\n",
2758 msize,
2759 GNUNET_a2s (receiver->address,
2760 receiver->address_len));
2761 GNUNET_MQ_impl_send_continue (mq);
2762}
2763
2764
2765static void
2766check_for_rekeying (struct ReceiverAddress *receiver, struct UDPBox *box)
2767{
2768
2769 struct GNUNET_TIME_Relative rt;
2770
2771 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2772 "Timeout is %llu\n.",
2773 (unsigned long long) receiver->rekey_timeout.abs_value_us);
2774
2775 if (0 == receiver->rekey_timeout.abs_value_us)
2776 {
2777 receiver->rekey_timeout = GNUNET_TIME_relative_to_absolute (
2778 rekey_interval);
2779 }
2780 else
2781 {
2782 rt = GNUNET_TIME_absolute_get_remaining (receiver->rekey_timeout);
2783 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2784 "Relative time is %llu and timeout is %llu\n.",
2785 (unsigned long long) rt.rel_value_us,
2786 (unsigned long long) receiver->rekey_timeout.abs_value_us);
2787
2788 if ((0 == rt.rel_value_us) || (receiver->rekey_send_bytes >
2789 rekey_max_bytes) )
2790 {
2791 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2792 "Bytes send %llu greater than %llu max bytes\n.",
2793 (unsigned long long) receiver->rekey_send_bytes,
2794 rekey_max_bytes);
2795 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2796 "Relative time is %llu and timeout is %llu\n.",
2797 (unsigned long long) rt.rel_value_us,
2798 (unsigned long long) receiver->rekey_timeout.abs_value_us);
2799
2800 receiver->rekey_timeout.abs_value_us = 0;
2801 receiver->rekey_send_bytes = 0;
2802 receiver->ss_rekey = NULL;
2803 // destroy_all_secrets (ss, GNUNET_NO);
2804 receiver->rekeying = GNUNET_YES;
2805 receiver->rekey_acks_available = receiver->acks_available;
2806 box->rekeying = GNUNET_YES;
2807 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2808 "Sender started rekeying.\n");
2809 if (GNUNET_YES == box->rekeying)
2810 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2811 "Sending rekeying with kid %s\n",
2812 GNUNET_sh2s (&box->kid));
2813 }
2814 }
2815}
2816
2817
2818static void
2819send_UDPRekey (struct ReceiverAddress *receiver, struct SharedSecret *ss)
2820{
2821 uint8_t is_ss_rekey_sequence_allowed_zero = GNUNET_NO;
2822 uint8_t is_acks_available_below = GNUNET_NO;
2823 uint8_t send_rekey = GNUNET_NO;
2824 uint16_t not_below;
2825 struct GNUNET_CRYPTO_EcdhePrivateKey epriv;
2826 struct UDPRekey *rekey;
2827 size_t dpos;
2828
2829 char rekey_dgram[sizeof(struct UDPRekey) + receiver->d_mtu];
2830
2831 if (NULL != receiver->ss_rekey)
2832 {
2833 not_below = (receiver->rekey_acks_available
2834 - (receiver->rekey_acks_available % 3)) / 3;
2835 is_ss_rekey_sequence_allowed_zero = (0 ==
2836 receiver->ss_rekey->sequence_allowed);
2837 is_acks_available_below = (receiver->acks_available >= not_below);
2838 send_rekey = (0 == (receiver->acks_available - not_below) % not_below) &&
2839 is_acks_available_below && is_ss_rekey_sequence_allowed_zero;
2840 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2841 "send_rekey: %u, %u, %u\n",
2842 send_rekey,
2843 receiver->rekey_acks_available,
2844 receiver->acks_available);
2845 }
2846 else if (NULL == receiver->ss_rekey)
2847 {
2848 /* setup key material */
2849 GNUNET_CRYPTO_ecdhe_key_create (&epriv);
2850 receiver->ss_rekey = setup_shared_secret_enc (&epriv, receiver,
2851 GNUNET_NO);
2852 receiver->ss_rekey->sequence_allowed = 0;
2853 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2854 "Setup secret with cmac %s\n",
2855 GNUNET_h2s (&(receiver->ss_rekey->cmac)));
2856 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2857 "Setup secret with master %s.\n",
2858 GNUNET_h2s (&(receiver->ss_rekey->master)));
2859 }
2860
2861 if (send_rekey)
2862 {
2863 GNUNET_assert (0 != receiver->number_rekeying_kce);
2864 gcry_cipher_hd_t rekey_out_cipher;
2865
2866 while (NULL != ss && ss->sequence_used >= ss->sequence_allowed)
2867 {
2868 ss = ss->prev;
2869 }
2870
2871 if (NULL != ss)
2872 {
2873 rekey = (struct UDPRekey *) rekey_dgram;
2874 rekey->sender = my_identity;
2875 ss->sequence_used++;
2876 get_kid (&ss->master, ss->sequence_used, &rekey->kid);
2877 receiver->number_rekeying_kce--;
2878 setup_cipher (&ss->master, ss->sequence_used, &rekey_out_cipher);
2879 /* Append encrypted payload to dgram */
2880 dpos = sizeof(struct UDPRekey);
2881
2882 GNUNET_assert (
2883 0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos],
2884 sizeof(receiver->ss_rekey->master),
2885 &(receiver->ss_rekey->master),
2886 sizeof(receiver->ss_rekey->master)));
2887 dpos += sizeof(receiver->ss_rekey->master);
2888 /* GNUNET_assert ( */
2889 /* 0 == gcry_cipher_encrypt (rekey_out_cipher, &rekey_dgram[dpos], */
2890 /* /\*sizeof(receiver->ss_rekey->cmac), */
2891 /* &(receiver->ss_rekey->cmac), */
2892 /* sizeof(receiver->ss_rekey->cmac))); */
2893 /* dpos += sizeof(receiver->ss_rekey->cmac);*\/ */
2894 /* sizeof(receiver->ss_rekey), */
2895 /* receiver->ss_rekey, */
2896 /* sizeof(receiver->ss_rekey))); */
2897 /* dpos += sizeof(receiver->ss_rekey); */
2898 do_pad (rekey_out_cipher, &rekey_dgram[dpos], sizeof(rekey_dgram)
2899 - dpos);
2900 GNUNET_assert (0 == gcry_cipher_gettag (rekey_out_cipher,
2901 rekey->gcm_tag,
2902 sizeof(rekey->gcm_tag)));
2903 gcry_cipher_close (rekey_out_cipher);
2904
2905 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2906 "Sending rekey with kid %s and master %s\n",
2907 GNUNET_sh2s (&rekey->kid),
2908 GNUNET_h2s (&(receiver->ss_rekey->master)));
2909 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2910 "Sending rekey with cmac %s\n",
2911 GNUNET_h2s (&(receiver->ss_rekey->cmac)));
2912 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2913 "%u rekey kces left.\n",
2914 receiver->number_rekeying_kce);
2915
2916 if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
2917 rekey_dgram,
2918 sizeof(rekey_dgram),
2919 receiver->address,
2920 receiver->address_len))
2921 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
2922
2923 receiver->acks_available--;
2924 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2925 "%u receiver->acks_available 1\n",
2926 receiver->acks_available);
2927 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2928 "Sending UDPRekey to %s\n", GNUNET_a2s (receiver->address,
2929 receiver->
2930 address_len));
2931 }
2932 }
2933}
2934
2935
2936/**
2937 * Signature of functions implementing the sending functionality of a
2938 * message queue.
2939 *
2940 * @param mq the message queue
2941 * @param msg the message to send
2942 * @param impl_state our `struct ReceiverAddress`
2943 */
2944static void
2945mq_send_d (struct GNUNET_MQ_Handle *mq,
2946 const struct GNUNET_MessageHeader *msg,
2947 void *impl_state)
2948{
2949 struct ReceiverAddress *receiver = impl_state;
2950 uint16_t msize = ntohs (msg->size);
2951
2952 GNUNET_assert (mq == receiver->d_mq);
2953 if ((msize > receiver->d_mtu) ||
2954 (0 == receiver->acks_available))
2955 {
2956 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2957 "msize: %u, mtu: %lu, acks: %u\n",
2958 msize,
2959 receiver->d_mtu,
2960 receiver->acks_available);
2961
2962 GNUNET_break (0);
2963 if (GNUNET_YES != receiver->receiver_destroy_called)
2964 receiver_destroy (receiver);
2965 return;
2966 }
2967 reschedule_receiver_timeout (receiver);
2968
2969 /* begin "BOX" encryption method, scan for ACKs from tail! */
2970 for (struct SharedSecret *ss = receiver->ss_tail; NULL != ss; ss = ss->prev)
2971 {
2972 if (0 < ss->sequence_used)
2973 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2974 "Trying to send UDPBox with shared secrect %s sequence_used %u and ss->sequence_allowed %u\n",
2975 GNUNET_h2s (&ss->master),
2976 ss->sequence_used,
2977 ss->sequence_allowed);
2978 // Uncomment this for alternativ 1 of backchannel functionality
2979 if (ss->sequence_used >= ss->sequence_allowed)
2980 // Until here for alternativ 1
2981 // Uncomment this for alternativ 2 of backchannel functionality
2982 // if (0 == ss->sequence_allowed)
2983 // Until here for alternativ 2
2984 {
2985 continue;
2986 }
2987 char dgram[sizeof(struct UDPBox) + receiver->d_mtu];
2988 struct UDPBox *box;
2989 gcry_cipher_hd_t out_cipher;
2990 size_t dpos;
2991
2992 box = (struct UDPBox *) dgram;
2993 ss->sequence_used++;
2994 get_kid (&ss->master, ss->sequence_used, &box->kid);
2995 setup_cipher (&ss->master, ss->sequence_used, &out_cipher);
2996 /* Append encrypted payload to dgram */
2997 dpos = sizeof(struct UDPBox);
2998 GNUNET_assert (
2999 0 == gcry_cipher_encrypt (out_cipher, &dgram[dpos], msize, msg, msize));
3000 dpos += msize;
3001 do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
3002 GNUNET_assert (0 == gcry_cipher_gettag (out_cipher,
3003 box->gcm_tag,
3004 sizeof(box->gcm_tag)));
3005 gcry_cipher_close (out_cipher);
3006
3007 receiver->rekey_send_bytes += sizeof(struct UDPBox) + receiver->d_mtu;
3008
3009 if (GNUNET_NO == receiver->rekeying)
3010 box->rekeying = GNUNET_NO;
3011 else
3012 box->rekeying = GNUNET_YES;
3013
3014 if (-1 == GNUNET_NETWORK_socket_sendto (udp_sock,
3015 dgram,
3016 sizeof(dgram),
3017 receiver->address,
3018 receiver->address_len))
3019 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "send");
3020 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3021 "Sending UDPBox with payload size %u, %u acks left\n",
3022 msize,
3023 receiver->acks_available);
3024 GNUNET_MQ_impl_send_continue (mq);
3025 receiver->acks_available--;
3026 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3027 "%u receiver->acks_available 2\n",
3028 receiver->acks_available);
3029 check_for_rekeying (receiver, box);
3030 if (0 == receiver->acks_available - receiver->number_rekeying_kce)
3031 {
3032 /* We have no more ACKs */
3033 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3034 "No more acks\n");
3035 if (GNUNET_YES == receiver->rekeying)
3036 {
3037 receiver->rekeying = GNUNET_NO;
3038 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3039 "Sender stopped rekeying\n");
3040
3041 if ((NULL != receiver->ss_rekey) && (0 <
3042 receiver->ss_rekey->
3043 sequence_allowed) )
3044 add_acks_rekey (receiver);
3045 }
3046 }
3047 else if ((GNUNET_YES == receiver->rekeying) )
3048 {
3049 send_UDPRekey (receiver, ss);
3050 }
3051
3052 return;
3053 }
3054}
3055
3056
3057/**
3058 * Signature of functions implementing the destruction of a message
3059 * queue. Implementations must not free @a mq, but should take care
3060 * of @a impl_state.
3061 *
3062 * @param mq the message queue to destroy
3063 * @param impl_state our `struct ReceiverAddress`
3064 */
3065static void
3066mq_destroy_d (struct GNUNET_MQ_Handle *mq, void *impl_state)
3067{
3068 struct ReceiverAddress *receiver = impl_state;
3069 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3070 "Default MQ destroyed\n");
3071 if (mq == receiver->d_mq)
3072 {
3073 receiver->d_mq = NULL;
3074 if (GNUNET_YES != receiver->receiver_destroy_called)
3075 receiver_destroy (receiver);
3076 }
3077}
3078
3079
3080/**
3081 * Signature of functions implementing the destruction of a message
3082 * queue. Implementations must not free @a mq, but should take care
3083 * of @a impl_state.
3084 *
3085 * @param mq the message queue to destroy
3086 * @param impl_state our `struct ReceiverAddress`
3087 */
3088static void
3089mq_destroy_kx (struct GNUNET_MQ_Handle *mq, void *impl_state)
3090{
3091 struct ReceiverAddress *receiver = impl_state;
3092 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3093 "KX MQ destroyed\n");
3094 if (mq == receiver->kx_mq)
3095 {
3096 receiver->kx_mq = NULL;
3097 if (GNUNET_YES != receiver->receiver_destroy_called)
3098 receiver_destroy (receiver);
3099 }
3100}
3101
3102
3103/**
3104 * Implementation function that cancels the currently sent message.
3105 *
3106 * @param mq message queue
3107 * @param impl_state our `struct RecvierAddress`
3108 */
3109static void
3110mq_cancel (struct GNUNET_MQ_Handle *mq, void *impl_state)
3111{
3112 /* Cancellation is impossible with UDP; bail */
3113 GNUNET_assert (0);
3114}
3115
3116
3117/**
3118 * Generic error handler, called with the appropriate
3119 * error code and the same closure specified at the creation of
3120 * the message queue.
3121 * Not every message queue implementation supports an error handler.
3122 *
3123 * @param cls our `struct ReceiverAddress`
3124 * @param error error code
3125 */
3126static void
3127mq_error (void *cls, enum GNUNET_MQ_Error error)
3128{
3129 struct ReceiverAddress *receiver = cls;
3130
3131 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3132 "MQ error in queue to %s: %d\n",
3133 GNUNET_i2s (&receiver->target),
3134 (int) error);
3135 receiver_destroy (receiver);
3136}
3137
3138
3139/**
3140 * Setup the MQ for the @a receiver. If a queue exists,
3141 * the existing one is destroyed. Then the MTU is
3142 * recalculated and a fresh queue is initialized.
3143 *
3144 * @param receiver receiver to setup MQ for
3145 */
3146static void
3147setup_receiver_mq (struct ReceiverAddress *receiver)
3148{
3149 size_t base_mtu;
3150
3151 /*if (NULL != receiver->kx_qh)
3152 {
3153 GNUNET_TRANSPORT_communicator_mq_del (receiver->kx_qh);
3154 receiver->kx_qh = NULL;
3155 }
3156 if (NULL != receiver->d_qh)
3157 {
3158 GNUNET_TRANSPORT_communicator_mq_del (receiver->d_qh);
3159 receiver->d_qh = NULL;
3160 }*/
3161 // GNUNET_assert (NULL == receiver->mq);
3162 switch (receiver->address->sa_family)
3163 {
3164 case AF_INET:
3165 base_mtu = 1480 /* Ethernet MTU, 1500 - Ethernet header - VLAN tag */
3166 - sizeof(struct GNUNET_TUN_IPv4Header) /* 20 */
3167 - sizeof(struct GNUNET_TUN_UdpHeader) /* 8 */;
3168 break;
3169
3170 case AF_INET6:
3171 base_mtu = 1280 /* Minimum MTU required by IPv6 */
3172 - sizeof(struct GNUNET_TUN_IPv6Header) /* 40 */
3173 - sizeof(struct GNUNET_TUN_UdpHeader) /* 8 */;
3174 break;
3175
3176 default:
3177 GNUNET_assert (0);
3178 break;
3179 }
3180 /* MTU based on full KX messages */
3181 receiver->kx_mtu = base_mtu - sizeof(struct InitialKX) /* 48 */
3182 - sizeof(struct UDPConfirmation); /* 104 */
3183 /* MTU based on BOXed messages */
3184 receiver->d_mtu = base_mtu - sizeof(struct UDPBox);
3185
3186 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3187 "Setting up MQs and QHs\n");
3188 /* => Effective MTU for CORE will range from 1080 (IPv6 + KX) to
3189 1404 (IPv4 + Box) bytes, depending on circumstances... */
3190 if (NULL == receiver->kx_mq)
3191 receiver->kx_mq = GNUNET_MQ_queue_for_callbacks (&mq_send_kx,
3192 &mq_destroy_kx,
3193 &mq_cancel,
3194 receiver,
3195 NULL,
3196 &mq_error,
3197 receiver);
3198 if (NULL == receiver->d_mq)
3199 receiver->d_mq = GNUNET_MQ_queue_for_callbacks (&mq_send_d,
3200 &mq_destroy_d,
3201 &mq_cancel,
3202 receiver,
3203 NULL,
3204 &mq_error,
3205 receiver);
3206
3207 receiver->kx_qh =
3208 GNUNET_TRANSPORT_communicator_mq_add (ch,
3209 &receiver->target,
3210 receiver->foreign_addr,
3211 receiver->kx_mtu,
3212 GNUNET_TRANSPORT_QUEUE_LENGTH_UNLIMITED,
3213 0, /* Priority */
3214 receiver->nt,
3215 GNUNET_TRANSPORT_CS_OUTBOUND,
3216 receiver->kx_mq);
3217}
3218
3219
3220/**
3221 * Function called by the transport service to initialize a
3222 * message queue given address information about another peer.
3223 * If and when the communication channel is established, the
3224 * communicator must call #GNUNET_TRANSPORT_communicator_mq_add()
3225 * to notify the service that the channel is now up. It is
3226 * the responsibility of the communicator to manage sane
3227 * retries and timeouts for any @a peer/@a address combination
3228 * provided by the transport service. Timeouts and retries
3229 * do not need to be signalled to the transport service.
3230 *
3231 * @param cls closure
3232 * @param peer identity of the other peer
3233 * @param address where to send the message, human-readable
3234 * communicator-specific format, 0-terminated, UTF-8
3235 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the provided address is
3236 * invalid
3237 */
3238static int
3239mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address)
3240{
3241 struct ReceiverAddress *receiver;
3242 const char *path;
3243 struct sockaddr *in;
3244 socklen_t in_len;
3245
3246 if (0 != strncmp (address,
3247 COMMUNICATOR_ADDRESS_PREFIX "-",
3248 strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
3249 {
3250 GNUNET_break_op (0);
3251 return GNUNET_SYSERR;
3252 }
3253 path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
3254 in = udp_address_to_sockaddr (path, &in_len);
3255
3256 receiver = GNUNET_new (struct ReceiverAddress);
3257 receiver->address = in;
3258 receiver->address_len = in_len;
3259 receiver->target = *peer;
3260 receiver->nt = GNUNET_NT_scanner_get_type (is, in, in_len);
3261 (void) GNUNET_CONTAINER_multipeermap_put (
3262 receivers,
3263 &receiver->target,
3264 receiver,
3265 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
3266 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3267 "Added %s to receivers\n",
3268 GNUNET_i2s_full (&receiver->target));
3269 receiver->timeout =
3270 GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
3271 receiver->hn = GNUNET_CONTAINER_heap_insert (receivers_heap,
3272 receiver,
3273 receiver->timeout.abs_value_us);
3274 GNUNET_STATISTICS_set (stats,
3275 "# receivers active",
3276 GNUNET_CONTAINER_multipeermap_size (receivers),
3277 GNUNET_NO);
3278 receiver->foreign_addr =
3279 sockaddr_to_udpaddr_string (receiver->address, receiver->address_len);
3280 setup_receiver_mq (receiver);
3281 if (NULL == timeout_task)
3282 timeout_task = GNUNET_SCHEDULER_add_now (&check_timeouts, NULL);
3283 return GNUNET_OK;
3284}
3285
3286
3287/**
3288 * Iterator over all receivers to clean up.
3289 *
3290 * @param cls NULL
3291 * @param target unused
3292 * @param value the queue to destroy
3293 * @return #GNUNET_OK to continue to iterate
3294 */
3295static int
3296get_receiver_delete_it (void *cls,
3297 const struct GNUNET_PeerIdentity *target,
3298 void *value)
3299{
3300 struct ReceiverAddress *receiver = value;
3301
3302 (void) cls;
3303 (void) target;
3304 receiver_destroy (receiver);
3305 return GNUNET_OK;
3306}
3307
3308
3309/**
3310 * Iterator over all senders to clean up.
3311 *
3312 * @param cls NULL
3313 * @param target unused
3314 * @param value the queue to destroy
3315 * @return #GNUNET_OK to continue to iterate
3316 */
3317static int
3318get_sender_delete_it (void *cls,
3319 const struct GNUNET_PeerIdentity *target,
3320 void *value)
3321{
3322 struct SenderAddress *sender = value;
3323
3324 (void) cls;
3325 (void) target;
3326
3327 if (NULL != sender->kce_task_rekey)
3328 {
3329 GNUNET_SCHEDULER_cancel (sender->kce_task_rekey);
3330 sender->kce_task_rekey = NULL;
3331 }
3332 if (NULL != sender->kce_task)
3333 {
3334 GNUNET_SCHEDULER_cancel (sender->kce_task);
3335 sender->kce_task = NULL;
3336 }
3337
3338 sender_destroy (sender);
3339 return GNUNET_OK;
3340}
3341
3342
3343/**
3344 * Shutdown the UNIX communicator.
3345 *
3346 * @param cls NULL (always)
3347 */
3348static void
3349do_shutdown (void *cls)
3350{
3351 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3352 "do_shutdown\n");
3353 if (NULL != nat)
3354 {
3355 GNUNET_NAT_unregister (nat);
3356 nat = NULL;
3357 }
3358 while (NULL != bi_head)
3359 bi_destroy (bi_head);
3360 if (NULL != broadcast_task)
3361 {
3362 GNUNET_SCHEDULER_cancel (broadcast_task);
3363 broadcast_task = NULL;
3364 }
3365 if (NULL != timeout_task)
3366 {
3367 GNUNET_SCHEDULER_cancel (timeout_task);
3368 timeout_task = NULL;
3369 }
3370 if (NULL != read_task)
3371 {
3372 GNUNET_SCHEDULER_cancel (read_task);
3373 read_task = NULL;
3374 }
3375 if (NULL != udp_sock)
3376 {
3377 GNUNET_break (GNUNET_OK ==
3378 GNUNET_NETWORK_socket_close (udp_sock));
3379 udp_sock = NULL;
3380 }
3381 GNUNET_CONTAINER_multipeermap_iterate (receivers,
3382 &get_receiver_delete_it,
3383 NULL);
3384 GNUNET_CONTAINER_multipeermap_destroy (receivers);
3385 GNUNET_CONTAINER_multipeermap_iterate (senders,
3386 &get_sender_delete_it,
3387 NULL);
3388 GNUNET_CONTAINER_multipeermap_destroy (senders);
3389 GNUNET_CONTAINER_multishortmap_destroy (key_cache);
3390 GNUNET_CONTAINER_heap_destroy (senders_heap);
3391 GNUNET_CONTAINER_heap_destroy (receivers_heap);
3392 if (NULL != timeout_task)
3393 {
3394 GNUNET_SCHEDULER_cancel (timeout_task);
3395 timeout_task = NULL;
3396 }
3397 if (NULL != ch)
3398 {
3399 GNUNET_TRANSPORT_communicator_disconnect (ch);
3400 ch = NULL;
3401 }
3402 if (NULL != ah)
3403 {
3404 GNUNET_TRANSPORT_application_done (ah);
3405 ah = NULL;
3406 }
3407 if (NULL != stats)
3408 {
3409 GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
3410 stats = NULL;
3411 }
3412 if (NULL != my_private_key)
3413 {
3414 GNUNET_free (my_private_key);
3415 my_private_key = NULL;
3416 }
3417 if (NULL != is)
3418 {
3419 GNUNET_NT_scanner_done (is);
3420 is = NULL;
3421 }
3422 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3423 "do_shutdown finished\n");
3424}
3425
3426
3427/**
3428 * Function called when the transport service has received a
3429 * backchannel message for this communicator (!) via a different return
3430 * path. Should be an acknowledgement.
3431 *
3432 * @param cls closure, NULL
3433 * @param sender which peer sent the notification
3434 * @param msg payload
3435 */
3436static void
3437enc_notify_cb (void *cls,
3438 const struct GNUNET_PeerIdentity *sender,
3439 const struct GNUNET_MessageHeader *msg)
3440{
3441 const struct UDPAck *ack;
3442
3443 (void) cls;
3444 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3445 "Storing UDPAck received from backchannel from %s\n",
3446 GNUNET_i2s_full (sender));
3447 if ((ntohs (msg->type) != GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK) ||
3448 (ntohs (msg->size) != sizeof(struct UDPAck)))
3449 {
3450 GNUNET_break_op (0);
3451 return;
3452 }
3453 ack = (const struct UDPAck *) msg;
3454 GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
3455 sender,
3456 &handle_ack,
3457 (void *) ack);
3458}
3459
3460
3461/**
3462 * Signature of the callback passed to #GNUNET_NAT_register() for
3463 * a function to call whenever our set of 'valid' addresses changes.
3464 *
3465 * @param cls closure
3466 * @param app_ctx[in,out] location where the app can store stuff
3467 * on add and retrieve it on remove
3468 * @param add_remove #GNUNET_YES to add a new public IP address,
3469 * #GNUNET_NO to remove a previous (now invalid) one
3470 * @param ac address class the address belongs to
3471 * @param addr either the previous or the new public IP address
3472 * @param addrlen actual length of the @a addr
3473 */
3474static void
3475nat_address_cb (void *cls,
3476 void **app_ctx,
3477 int add_remove,
3478 enum GNUNET_NAT_AddressClass ac,
3479 const struct sockaddr *addr,
3480 socklen_t addrlen)
3481{
3482 char *my_addr;
3483 struct GNUNET_TRANSPORT_AddressIdentifier *ai;
3484
3485 if (GNUNET_YES == add_remove)
3486 {
3487 enum GNUNET_NetworkType nt;
3488
3489 GNUNET_asprintf (&my_addr,
3490 "%s-%s",
3491 COMMUNICATOR_ADDRESS_PREFIX,
3492 GNUNET_a2s (addr, addrlen));
3493 nt = GNUNET_NT_scanner_get_type (is, addr, addrlen);
3494 ai =
3495 GNUNET_TRANSPORT_communicator_address_add (ch,
3496 my_addr,
3497 nt,
3498 GNUNET_TIME_UNIT_FOREVER_REL);
3499 GNUNET_free (my_addr);
3500 *app_ctx = ai;
3501 }
3502 else
3503 {
3504 ai = *app_ctx;
3505 GNUNET_TRANSPORT_communicator_address_remove (ai);
3506 *app_ctx = NULL;
3507 }
3508}
3509
3510
3511/**
3512 * Broadcast our presence on one of our interfaces.
3513 *
3514 * @param cls a `struct BroadcastInterface`
3515 */
3516static void
3517ifc_broadcast (void *cls)
3518{
3519 struct BroadcastInterface *bi = cls;
3520 struct GNUNET_TIME_Relative delay;
3521
3522 delay = BROADCAST_FREQUENCY;
3523 delay.rel_value_us =
3524 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, delay.rel_value_us);
3525 bi->broadcast_task =
3526 GNUNET_SCHEDULER_add_delayed (delay, &ifc_broadcast, bi);
3527
3528 switch (bi->sa->sa_family)
3529 {
3530 case AF_INET: {
3531 static int yes = 1;
3532 static int no = 0;
3533 ssize_t sent;
3534
3535 if (GNUNET_OK !=
3536 GNUNET_NETWORK_socket_setsockopt (udp_sock,
3537 SOL_SOCKET,
3538 SO_BROADCAST,
3539 &yes,
3540 sizeof(int)))
3541 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
3542 "setsockopt");
3543 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3544 "creating UDPBroadcast from %s\n",
3545 GNUNET_i2s (&(bi->bcm.sender)));
3546 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3547 "sending UDPBroadcast to add %s\n",
3548 GNUNET_a2s (bi->ba, bi->salen));
3549 sent = GNUNET_NETWORK_socket_sendto (udp_sock,
3550 &bi->bcm,
3551 sizeof(bi->bcm),
3552 bi->ba,
3553 bi->salen);
3554 if (-1 == sent)
3555 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
3556 "sendto");
3557 if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
3558 SOL_SOCKET,
3559 SO_BROADCAST,
3560 &no,
3561 sizeof(int)))
3562 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
3563 "setsockopt");
3564 break;
3565 }
3566
3567 case AF_INET6: {
3568 ssize_t sent;
3569 struct sockaddr_in6 dst;
3570
3571 dst.sin6_family = AF_INET6;
3572 dst.sin6_port = htons (my_port);
3573 dst.sin6_addr = bi->mcreq.ipv6mr_multiaddr;
3574 dst.sin6_scope_id = ((struct sockaddr_in6 *) bi->ba)->sin6_scope_id;
3575
3576 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3577 "sending UDPBroadcast\n");
3578 sent = GNUNET_NETWORK_socket_sendto (udp_sock,
3579 &bi->bcm,
3580 sizeof(bi->bcm),
3581 (const struct sockaddr *) &dst,
3582 sizeof(dst));
3583 if (-1 == sent)
3584 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "sendto");
3585 break;
3586 }
3587
3588 default:
3589 GNUNET_break (0);
3590 break;
3591 }
3592}
3593
3594
3595/**
3596 * Callback function invoked for each interface found.
3597 * Activates/deactivates broadcast interfaces.
3598 *
3599 * @param cls NULL
3600 * @param name name of the interface (can be NULL for unknown)
3601 * @param isDefault is this presumably the default interface
3602 * @param addr address of this interface (can be NULL for unknown or unassigned)
3603 * @param broadcast_addr the broadcast address (can be NULL for unknown or
3604 * unassigned)
3605 * @param netmask the network mask (can be NULL for unknown or unassigned)
3606 * @param addrlen length of the address
3607 * @return #GNUNET_OK to continue iteration, #GNUNET_SYSERR to abort
3608 */
3609static int
3610iface_proc (void *cls,
3611 const char *name,
3612 int isDefault,
3613 const struct sockaddr *addr,
3614 const struct sockaddr *broadcast_addr,
3615 const struct sockaddr *netmask,
3616 socklen_t addrlen)
3617{
3618 struct BroadcastInterface *bi;
3619 enum GNUNET_NetworkType network;
3620 struct UdpBroadcastSignature ubs;
3621
3622 (void) cls;
3623 (void) netmask;
3624 if (NULL == addr)
3625 return GNUNET_YES; /* need to know our address! */
3626 network = GNUNET_NT_scanner_get_type (is, addr, addrlen);
3627 if (GNUNET_NT_LOOPBACK == network)
3628 {
3629 /* Broadcasting on loopback does not make sense */
3630 return GNUNET_YES;
3631 }
3632 for (bi = bi_head; NULL != bi; bi = bi->next)
3633 {
3634 if ((bi->salen == addrlen) && (0 == memcmp (addr, bi->sa, addrlen)))
3635 {
3636 bi->found = GNUNET_YES;
3637 return GNUNET_OK;
3638 }
3639 }
3640
3641 if ((AF_INET6 == addr->sa_family) && (NULL == broadcast_addr))
3642 return GNUNET_OK; /* broadcast_addr is required for IPv6! */
3643 if ((AF_INET6 == addr->sa_family) && (GNUNET_YES != have_v6_socket))
3644 return GNUNET_OK; /* not using IPv6 */
3645
3646 bi = GNUNET_new (struct BroadcastInterface);
3647 bi->sa = GNUNET_memdup (addr,
3648 addrlen);
3649 if ( (NULL != broadcast_addr) &&
3650 (addrlen == sizeof (struct sockaddr_in)) )
3651 {
3652 struct sockaddr_in *ba;
3653
3654 ba = GNUNET_memdup (broadcast_addr,
3655 addrlen);
3656 ba->sin_port = htons (2086); /* always GNUnet port, ignore configuration! */
3657 bi->ba = (struct sockaddr *) ba;
3658 }
3659 bi->salen = addrlen;
3660 bi->found = GNUNET_YES;
3661 bi->bcm.sender = my_identity;
3662 ubs.purpose.purpose = htonl (
3663 GNUNET_SIGNATURE_PURPOSE_COMMUNICATOR_UDP_BROADCAST);
3664 ubs.purpose.size = htonl (sizeof(ubs));
3665 ubs.sender = my_identity;
3666 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3667 "creating UDPBroadcastSignature for %s\n",
3668 GNUNET_a2s (addr, addrlen));
3669 GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address);
3670 GNUNET_CRYPTO_eddsa_sign (my_private_key,
3671 &ubs,
3672 &bi->bcm.sender_sig);
3673 if (NULL != bi->ba)
3674 {
3675 bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi);
3676 GNUNET_CONTAINER_DLL_insert (bi_head, bi_tail, bi);
3677 }
3678 if ((AF_INET6 == addr->sa_family) && (NULL != broadcast_addr))
3679 {
3680 /* Create IPv6 multicast request */
3681 const struct sockaddr_in6 *s6 =
3682 (const struct sockaddr_in6 *) broadcast_addr;
3683
3684 GNUNET_assert (
3685 1 == inet_pton (AF_INET6, "FF05::13B", &bi->mcreq.ipv6mr_multiaddr));
3686
3687 /* http://tools.ietf.org/html/rfc2553#section-5.2:
3688 *
3689 * IPV6_JOIN_GROUP
3690 *
3691 * Join a multicast group on a specified local interface. If the
3692 * interface index is specified as 0, the kernel chooses the local
3693 * interface. For example, some kernels look up the multicast
3694 * group in the normal IPv6 routing table and using the resulting
3695 * interface; we do this for each interface, so no need to use
3696 * zero (anymore...).
3697 */bi->mcreq.ipv6mr_interface = s6->sin6_scope_id;
3698
3699 /* Join the multicast group */
3700 if (GNUNET_OK != GNUNET_NETWORK_socket_setsockopt (udp_sock,
3701 IPPROTO_IPV6,
3702 IPV6_JOIN_GROUP,
3703 &bi->mcreq,
3704 sizeof(bi->mcreq)))
3705 {
3706 GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "setsockopt");
3707 }
3708 }
3709 return GNUNET_OK;
3710}
3711
3712
3713/**
3714 * Scan interfaces to broadcast our presence on the LAN.
3715 *
3716 * @param cls NULL, unused
3717 */
3718static void
3719do_broadcast (void *cls)
3720{
3721 struct BroadcastInterface *bin;
3722
3723 (void) cls;
3724 for (struct BroadcastInterface *bi = bi_head; NULL != bi; bi = bi->next)
3725 bi->found = GNUNET_NO;
3726 GNUNET_OS_network_interfaces_list (&iface_proc, NULL);
3727 for (struct BroadcastInterface *bi = bi_head; NULL != bi; bi = bin)
3728 {
3729 bin = bi->next;
3730 if (GNUNET_NO == bi->found)
3731 bi_destroy (bi);
3732 }
3733 broadcast_task = GNUNET_SCHEDULER_add_delayed (INTERFACE_SCAN_FREQUENCY,
3734 &do_broadcast,
3735 NULL);
3736}
3737
3738static void
3739try_connection_reversal (void *cls,
3740 const struct sockaddr *addr,
3741 socklen_t addrlen)
3742{
3743 /* FIXME: support reversal: #5529 */
3744}
3745
3746/**
3747 * Setup communicator and launch network interactions.
3748 *
3749 * @param cls NULL (always)
3750 * @param args remaining command-line arguments
3751 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3752 * @param c configuration
3753 */
3754static void
3755run (void *cls,
3756 char *const *args,
3757 const char *cfgfile,
3758 const struct GNUNET_CONFIGURATION_Handle *c)
3759{
3760 char *bindto;
3761 struct sockaddr *in;
3762 socklen_t in_len;
3763 struct sockaddr_storage in_sto;
3764 socklen_t sto_len;
3765
3766 (void) cls;
3767 cfg = c;
3768 if (GNUNET_OK !=
3769 GNUNET_CONFIGURATION_get_value_string (cfg,
3770 COMMUNICATOR_CONFIG_SECTION,
3771 "BINDTO",
3772 &bindto))
3773 {
3774 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3775 COMMUNICATOR_CONFIG_SECTION,
3776 "BINDTO");
3777 return;
3778 }
3779
3780 if (GNUNET_OK !=
3781 GNUNET_CONFIGURATION_get_value_time (cfg,
3782 COMMUNICATOR_CONFIG_SECTION,
3783 "REKEY_INTERVAL",
3784 &rekey_interval))
3785 rekey_interval = DEFAULT_REKEY_TIME_INTERVAL;
3786
3787 if (GNUNET_OK !=
3788 GNUNET_CONFIGURATION_get_value_size (cfg,
3789 COMMUNICATOR_CONFIG_SECTION,
3790 "REKEY_MAX_BYTES",
3791 &rekey_max_bytes))
3792 rekey_max_bytes = DEFAULT_REKEY_MAX_BYTES;
3793
3794 in = udp_address_to_sockaddr (bindto, &in_len);
3795 if (NULL == in)
3796 {
3797 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3798 "Failed to setup UDP socket address with path `%s'\n",
3799 bindto);
3800 GNUNET_free (bindto);
3801 return;
3802 }
3803 udp_sock =
3804 GNUNET_NETWORK_socket_create (in->sa_family,
3805 SOCK_DGRAM,
3806 IPPROTO_UDP);
3807 if (NULL == udp_sock)
3808 {
3809 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "socket");
3810 GNUNET_free (in);
3811 GNUNET_free (bindto);
3812 return;
3813 }
3814 if (AF_INET6 == in->sa_family)
3815 have_v6_socket = GNUNET_YES;
3816 if (GNUNET_OK !=
3817 GNUNET_NETWORK_socket_bind (udp_sock,
3818 in,
3819 in_len))
3820 {
3821 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
3822 "bind",
3823 bindto);
3824 GNUNET_NETWORK_socket_close (udp_sock);
3825 udp_sock = NULL;
3826 GNUNET_free (in);
3827 GNUNET_free (bindto);
3828 return;
3829 }
3830
3831 /* We might have bound to port 0, allowing the OS to figure it out;
3832 thus, get the real IN-address from the socket */
3833 sto_len = sizeof(in_sto);
3834 if (0 != getsockname (GNUNET_NETWORK_get_fd (udp_sock),
3835 (struct sockaddr *) &in_sto,
3836 &sto_len))
3837 {
3838 memcpy (&in_sto, in, in_len);
3839 sto_len = in_len;
3840 }
3841 GNUNET_free (in);
3842 GNUNET_free (bindto);
3843 in = (struct sockaddr *) &in_sto;
3844 in_len = sto_len;
3845 GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
3846 "transport",
3847 "Bound to `%s'\n",
3848 GNUNET_a2s ((const struct sockaddr *) &in_sto,
3849 sto_len));
3850 switch (in->sa_family)
3851 {
3852 case AF_INET:
3853 my_port = ntohs (((struct sockaddr_in *) in)->sin_port);
3854 break;
3855
3856 case AF_INET6:
3857 my_port = ntohs (((struct sockaddr_in6 *) in)->sin6_port);
3858 break;
3859
3860 default:
3861 GNUNET_break (0);
3862 my_port = 0;
3863 }
3864 stats = GNUNET_STATISTICS_create ("C-UDP", cfg);
3865 senders = GNUNET_CONTAINER_multipeermap_create (32, GNUNET_YES);
3866 receivers = GNUNET_CONTAINER_multipeermap_create (32, GNUNET_YES);
3867 senders_heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3868 receivers_heap =
3869 GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MIN);
3870 key_cache = GNUNET_CONTAINER_multishortmap_create (1024, GNUNET_YES);
3871 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
3872 is = GNUNET_NT_scanner_init ();
3873 my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
3874 if (NULL == my_private_key)
3875 {
3876 GNUNET_log (
3877 GNUNET_ERROR_TYPE_ERROR,
3878 _ (
3879 "Transport service is lacking key configuration settings. Exiting.\n"));
3880 GNUNET_SCHEDULER_shutdown ();
3881 return;
3882 }
3883 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_identity.public_key);
3884 /* start reading */
3885 read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3886 udp_sock,
3887 &sock_read,
3888 NULL);
3889 ch = GNUNET_TRANSPORT_communicator_connect (cfg,
3890 COMMUNICATOR_CONFIG_SECTION,
3891 COMMUNICATOR_ADDRESS_PREFIX,
3892 GNUNET_TRANSPORT_CC_UNRELIABLE,
3893 &mq_init,
3894 NULL,
3895 &enc_notify_cb,
3896 NULL);
3897 if (NULL == ch)
3898 {
3899 GNUNET_break (0);
3900 GNUNET_SCHEDULER_shutdown ();
3901 return;
3902 }
3903 ah = GNUNET_TRANSPORT_application_init (cfg);
3904 if (NULL == ah)
3905 {
3906 GNUNET_break (0);
3907 GNUNET_SCHEDULER_shutdown ();
3908 return;
3909 }
3910 /* start broadcasting */
3911 if (GNUNET_YES !=
3912 GNUNET_CONFIGURATION_get_value_yesno (cfg,
3913 COMMUNICATOR_CONFIG_SECTION,
3914 "DISABLE_BROADCAST"))
3915 {
3916 broadcast_task = GNUNET_SCHEDULER_add_now (&do_broadcast, NULL);
3917 }
3918 nat = GNUNET_NAT_register (cfg,
3919 COMMUNICATOR_CONFIG_SECTION,
3920 IPPROTO_UDP,
3921 1 /* one address */,
3922 (const struct sockaddr **) &in,
3923 &in_len,
3924 &nat_address_cb,
3925 try_connection_reversal,
3926 NULL /* closure */);
3927}
3928
3929
3930/**
3931 * The main function for the UNIX communicator.
3932 *
3933 * @param argc number of arguments from the command line
3934 * @param argv command line arguments
3935 * @return 0 ok, 1 on error
3936 */
3937int
3938main (int argc, char *const *argv)
3939{
3940 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3941 GNUNET_GETOPT_OPTION_END
3942 };
3943 int ret;
3944
3945 GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
3946 "transport",
3947 "Starting udp communicator\n");
3948 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
3949 return 2;
3950
3951 ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc,
3952 argv,
3953 "gnunet-communicator-udp",
3954 _ ("GNUnet UDP communicator"),
3955 options,
3956 &run,
3957 NULL))
3958 ? 0
3959 : 1;
3960 GNUNET_free_nz ((void *) argv);
3961 return ret;
3962}
3963
3964
3965/* end of gnunet-communicator-udp.c */
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-30 16:08:17 +0000