aboutsummaryrefslogtreecommitdiff
path: root/src/transport/gnunet-communicator-udp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/transport/gnunet-communicator-udp.c')
-rw-r--r--src/transport/gnunet-communicator-udp.c256
1 files changed, 140 insertions, 116 deletions
diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c
index f307f6052..8e070d414 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -46,16 +46,6 @@
46#include "gnunet_transport_communication_service.h" 46#include "gnunet_transport_communication_service.h"
47 47
48/** 48/**
49 * How many messages do we keep at most in the queue to the
50 * transport service before we start to drop (default,
51 * can be changed via the configuration file).
52 * Should be _below_ the level of the communicator API, as
53 * otherwise we may read messages just to have them dropped
54 * by the communicator API.
55 */
56#define DEFAULT_MAX_QUEUE_LENGTH 8
57
58/**
59 * How often do we rekey based on time (at least) 49 * How often do we rekey based on time (at least)
60 */ 50 */
61#define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS 51#define REKEY_TIME_INTERVAL GNUNET_TIME_UNIT_DAYS
@@ -66,6 +56,21 @@
66#define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES 56#define PROTO_QUEUE_TIMEOUT GNUNET_TIME_UNIT_MINUTES
67 57
68/** 58/**
59 * AES key size.
60 */
61#define AES_KEY_SIZE (256/8)
62
63/**
64 * AES (GCM) IV size.
65 */
66#define AES_IV_SIZE (96/8)
67
68/**
69 * Size of the GCM tag.
70 */
71#define GCM_TAG_SIZE (128/8)
72
73/**
69 * If we fall below this number of available KCNs, 74 * If we fall below this number of available KCNs,
70 * we generate additional ACKs until we reach 75 * we generate additional ACKs until we reach
71 * #KCN_TARGET. 76 * #KCN_TARGET.
@@ -96,6 +101,17 @@
96#define MAX_SQN_DELTA 160 101#define MAX_SQN_DELTA 160
97 102
98/** 103/**
104 * How many shared master secrets do we keep around
105 * at most per sender? Should be large enough so
106 * that we generally have a chance of sending an ACK
107 * before the sender already rotated out the master
108 * secret. Generally values around #KCN_TARGET make
109 * sense. Might make sense to adapt to RTT if we had
110 * a good measurement...
111 */
112#define MAX_SECRETS 128
113
114/**
99 * How often do we rekey based on number of bytes transmitted? 115 * How often do we rekey based on number of bytes transmitted?
100 * (additionally randomized). 116 * (additionally randomized).
101 */ 117 */
@@ -104,6 +120,7 @@
104/** 120/**
105 * Address prefix used by the communicator. 121 * Address prefix used by the communicator.
106 */ 122 */
123
107#define COMMUNICATOR_ADDRESS_PREFIX "udp" 124#define COMMUNICATOR_ADDRESS_PREFIX "udp"
108 125
109/** 126/**
@@ -159,13 +176,13 @@ struct InitialKX
159 /** 176 /**
160 * Ephemeral key for KX. 177 * Ephemeral key for KX.
161 */ 178 */
162 struct GNUNET_CRYPT_EddsaPublicKey ephemeral; 179 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
163 180
164 /** 181 /**
165 * HMAC for the following encrypted message, using GCM. HMAC uses 182 * HMAC for the following encrypted message, using GCM. HMAC uses
166 * key derived from the handshake with sequence number zero. 183 * key derived from the handshake with sequence number zero.
167 */ 184 */
168 uint8_t gcm_tag[128/8]; 185 char gcm_tag[GCM_TAG_SIZE];
169 186
170}; 187};
171 188
@@ -247,8 +264,7 @@ struct UDPBox
247 * wrong, the receiver should check if the message might be a 264 * wrong, the receiver should check if the message might be a
248 * `struct UdpHandshakeSignature`. 265 * `struct UdpHandshakeSignature`.
249 */ 266 */
250 uint8_t gcm_tag[128/8]; 267 char gcm_tag[GCM_TAG_SIZE];
251
252 268
253}; 269};
254 270
@@ -358,7 +374,7 @@ struct SharedSecret
358 374
359 /** 375 /**
360 * Up to which sequence number did we use this @e master already? 376 * Up to which sequence number did we use this @e master already?
361 * (for sending or receiving) 377 * (for encrypting only)
362 */ 378 */
363 uint32_t sequence_used; 379 uint32_t sequence_used;
364 380
@@ -464,6 +480,11 @@ struct ReceiverAddress
464 socklen_t address_len; 480 socklen_t address_len;
465 481
466 /** 482 /**
483 * Entry in sender expiration heap.
484 */
485 struct GNUNET_CONTAINER_HeapNode *hn;
486
487 /**
467 * Message queue we are providing for the #ch. 488 * Message queue we are providing for the #ch.
468 */ 489 */
469 struct GNUNET_MQ_Handle *mq; 490 struct GNUNET_MQ_Handle *mq;
@@ -479,6 +500,11 @@ struct ReceiverAddress
479 struct GNUNET_TIME_Absolute timeout; 500 struct GNUNET_TIME_Absolute timeout;
480 501
481 /** 502 /**
503 * MTU we allowed transport for this receiver right now.
504 */
505 size_t mtu;
506
507 /**
482 * Length of the DLL at @a ss_head. 508 * Length of the DLL at @a ss_head.
483 */ 509 */
484 unsigned int num_secrets; 510 unsigned int num_secrets;
@@ -494,7 +520,7 @@ struct ReceiverAddress
494/** 520/**
495 * Cache of pre-generated key IDs. 521 * Cache of pre-generated key IDs.
496 */ 522 */
497static struct GNUNET_CONTINER_MultiShortMap *key_cache; 523static struct GNUNET_CONTAINER_MultiShortmap *key_cache;
498 524
499/** 525/**
500 * ID of read task 526 * ID of read task
@@ -590,9 +616,8 @@ receiver_destroy (struct ReceiverAddress *receiver)
590 GNUNET_CONTAINER_multipeermap_remove (receivers, 616 GNUNET_CONTAINER_multipeermap_remove (receivers,
591 &receiver->target, 617 &receiver->target,
592 receiver)); 618 receiver));
593 GNUNET_assert (sender == 619 GNUNET_assert (receiver ==
594 GNUNET_CONTAINER_heap_remove_node (receivers_heap, 620 GNUNET_CONTAINER_heap_remove_node (receiver->hn));
595 receiver->hn));
596 GNUNET_STATISTICS_set (stats, 621 GNUNET_STATISTICS_set (stats,
597 "# receivers active", 622 "# receivers active",
598 GNUNET_CONTAINER_multipeermap_size (receivers), 623 GNUNET_CONTAINER_multipeermap_size (receivers),
@@ -681,7 +706,7 @@ kce_generate (struct SharedSecret *ss,
681 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE); 706 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
682 GNUNET_STATISTICS_set (stats, 707 GNUNET_STATISTICS_set (stats,
683 "# KIDs active", 708 "# KIDs active",
684 GNUNET_CONTAINER_multipeermap_size (key_cache), 709 GNUNET_CONTAINER_multishortmap_size (key_cache),
685 GNUNET_NO); 710 GNUNET_NO);
686} 711}
687 712
@@ -720,7 +745,7 @@ secret_destroy (struct SharedSecret *ss)
720 GNUNET_NO); 745 GNUNET_NO);
721 GNUNET_STATISTICS_set (stats, 746 GNUNET_STATISTICS_set (stats,
722 "# KIDs active", 747 "# KIDs active",
723 GNUNET_CONTAINER_multipeermap_size (key_cache), 748 GNUNET_CONTAINER_multishortmap_size (key_cache),
724 GNUNET_NO); 749 GNUNET_NO);
725 GNUNET_free (ss); 750 GNUNET_free (ss);
726} 751}
@@ -740,8 +765,7 @@ sender_destroy (struct SenderAddress *sender)
740 &sender->target, 765 &sender->target,
741 sender)); 766 sender));
742 GNUNET_assert (sender == 767 GNUNET_assert (sender ==
743 GNUNET_CONTAINER_heap_remove_node (senders_heap, 768 GNUNET_CONTAINER_heap_remove_node (sender->hn));
744 sender->hn));
745 GNUNET_STATISTICS_set (stats, 769 GNUNET_STATISTICS_set (stats,
746 "# senders active", 770 "# senders active",
747 GNUNET_CONTAINER_multipeermap_size (senders), 771 GNUNET_CONTAINER_multipeermap_size (senders),
@@ -752,38 +776,6 @@ sender_destroy (struct SenderAddress *sender)
752 776
753 777
754/** 778/**
755 * Compute @a smac over @a buf.
756 *
757 * @param msec master secret for HMAC calculation
758 * @param serial number for the @a smac calculation
759 * @param buf buffer to MAC
760 * @param buf_size number of bytes in @a buf
761 * @param smac[out] where to write the HMAC
762 */
763static void
764get_hmac (const struct GNUNET_HashCode *msec,
765 uint32_t serial,
766 const void *buf,
767 size_t buf_size,
768 struct GNUNET_ShortHashCode *smac)
769{
770 uint32_t sid = htonl (serial);
771
772 GNUNET_CRYPTO_hkdf (smac,
773 sizeof (*smac),
774 GCRY_MD_SHA512,
775 GCRY_MD_SHA256,
776 &sid,
777 sizeof (sid),
778 msec,
779 sizeof (*msec),
780 "UDP-HMAC",
781 strlen ("UDP-HMAC"),
782 NULL, 0);
783}
784
785
786/**
787 * Compute @a key and @a iv. 779 * Compute @a key and @a iv.
788 * 780 *
789 * @param msec master secret for calculation 781 * @param msec master secret for calculation
@@ -794,11 +786,11 @@ get_hmac (const struct GNUNET_HashCode *msec,
794static void 786static void
795get_iv_key (const struct GNUNET_HashCode *msec, 787get_iv_key (const struct GNUNET_HashCode *msec,
796 uint32_t serial, 788 uint32_t serial,
797 char key[256/8], 789 char key[AES_KEY_SIZE],
798 char iv[96/8]) 790 char iv[AES_IV_SIZE])
799{ 791{
800 uint32_t sid = htonl (serial); 792 uint32_t sid = htonl (serial);
801 char res[sizeof(key) + sizeof (iv)]; 793 char res[AES_KEY_SIZE + AES_IV_SIZE];
802 794
803 GNUNET_CRYPTO_hkdf (res, 795 GNUNET_CRYPTO_hkdf (res,
804 sizeof (res), 796 sizeof (res),
@@ -812,11 +804,11 @@ get_iv_key (const struct GNUNET_HashCode *msec,
812 strlen ("UDP-IV-KEY"), 804 strlen ("UDP-IV-KEY"),
813 NULL, 0); 805 NULL, 0);
814 memcpy (key, 806 memcpy (key,
815 sid, 807 res,
816 sizeof (key)); 808 AES_KEY_SIZE);
817 memcpy (iv, 809 memcpy (iv,
818 &sid[sizeof(key)], 810 &res[AES_KEY_SIZE],
819 sizeof (iv)); 811 AES_IV_SIZE);
820} 812}
821 813
822 814
@@ -831,7 +823,7 @@ reschedule_sender_timeout (struct SenderAddress *sender)
831 sender->timeout 823 sender->timeout
832 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); 824 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
833 GNUNET_CONTAINER_heap_update_cost (sender->hn, 825 GNUNET_CONTAINER_heap_update_cost (sender->hn,
834 sender.timeout.abs_value_us); 826 sender->timeout.abs_value_us);
835} 827}
836 828
837 829
@@ -846,7 +838,7 @@ reschedule_receiver_timeout (struct ReceiverAddress *receiver)
846 receiver->timeout 838 receiver->timeout
847 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); 839 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
848 GNUNET_CONTAINER_heap_update_cost (receiver->hn, 840 GNUNET_CONTAINER_heap_update_cost (receiver->hn,
849 receiver.timeout.abs_value_us); 841 receiver->timeout.abs_value_us);
850} 842}
851 843
852 844
@@ -935,7 +927,7 @@ pass_plaintext_to_core (struct SenderAddress *sender,
935 ntohs (hdr->size), 927 ntohs (hdr->size),
936 GNUNET_NO); 928 GNUNET_NO);
937 (void) GNUNET_TRANSPORT_communicator_receive (ch, 929 (void) GNUNET_TRANSPORT_communicator_receive (ch,
938 &queue->target, 930 &sender->target,
939 hdr, 931 hdr,
940 NULL /* no flow control possible */, 932 NULL /* no flow control possible */,
941 NULL); 933 NULL);
@@ -965,8 +957,8 @@ setup_cipher (const struct GNUNET_HashCode *msec,
965 uint32_t serial, 957 uint32_t serial,
966 gcry_cipher_hd_t *cipher) 958 gcry_cipher_hd_t *cipher)
967{ 959{
968 char key[256/8]; 960 char key[AES_KEY_SIZE];
969 char iv[96/8]; 961 char iv[AES_IV_SIZE];
970 962
971 gcry_cipher_open (cipher, 963 gcry_cipher_open (cipher,
972 GCRY_CIPHER_AES256 /* low level: go for speed */, 964 GCRY_CIPHER_AES256 /* low level: go for speed */,
@@ -999,7 +991,7 @@ setup_cipher (const struct GNUNET_HashCode *msec,
999 */ 991 */
1000static int 992static int
1001try_decrypt (const struct SharedSecret *ss, 993try_decrypt (const struct SharedSecret *ss,
1002 char tag[128/8], 994 const char tag[GCM_TAG_SIZE],
1003 uint32_t serial, 995 uint32_t serial,
1004 const char *in_buf, 996 const char *in_buf,
1005 size_t in_buf_size, 997 size_t in_buf_size,
@@ -1012,14 +1004,14 @@ try_decrypt (const struct SharedSecret *ss,
1012 &cipher); 1004 &cipher);
1013 GNUNET_assert (0 == 1005 GNUNET_assert (0 ==
1014 gcry_cipher_decrypt (cipher, 1006 gcry_cipher_decrypt (cipher,
1015 in_buf,
1016 in_buf_size,
1017 out_buf, 1007 out_buf,
1008 in_buf_size,
1009 in_buf,
1018 in_buf_size)); 1010 in_buf_size));
1019 if (0 != 1011 if (0 !=
1020 gcry_cipher_checktag (cipher, 1012 gcry_cipher_checktag (cipher,
1021 tag, 1013 tag,
1022 sizeof (tag))) 1014 GCM_TAG_SIZE))
1023 { 1015 {
1024 gcry_cipher_close (cipher); 1016 gcry_cipher_close (cipher);
1025 GNUNET_STATISTICS_update (stats, 1017 GNUNET_STATISTICS_update (stats,
@@ -1069,7 +1061,7 @@ setup_shared_secret_enc (const struct GNUNET_CRYPTO_EcdhePrivateKey *ephemeral,
1069 GNUNET_CRYPTO_ecdh_eddsa (ephemeral, 1061 GNUNET_CRYPTO_ecdh_eddsa (ephemeral,
1070 &receiver->target.public_key, 1062 &receiver->target.public_key,
1071 &ss->master); 1063 &ss->master);
1072 calculcate_cmac (ss); 1064 calculate_cmac (ss);
1073 ss->receiver = receiver; 1065 ss->receiver = receiver;
1074 GNUNET_CONTAINER_DLL_insert (receiver->ss_head, 1066 GNUNET_CONTAINER_DLL_insert (receiver->ss_head,
1075 receiver->ss_tail, 1067 receiver->ss_tail,
@@ -1113,11 +1105,11 @@ handle_ack (void *cls,
1113 ss->sequence_allowed = GNUNET_MAX (ss->sequence_allowed, 1105 ss->sequence_allowed = GNUNET_MAX (ss->sequence_allowed,
1114 ntohl (ack->sequence_max)); 1106 ntohl (ack->sequence_max));
1115 /* move ss to head to avoid discarding it anytime soon! */ 1107 /* move ss to head to avoid discarding it anytime soon! */
1116 GNUNET_CONTAINER_DLL_remove (sender->ss_head, 1108 GNUNET_CONTAINER_DLL_remove (receiver->ss_head,
1117 sender->ss_tail, 1109 receiver->ss_tail,
1118 ss); 1110 ss);
1119 GNUNET_CONTAINER_DLL_insert (sender->ss_head, 1111 GNUNET_CONTAINER_DLL_insert (receiver->ss_head,
1120 sender->ss_tail, 1112 receiver->ss_tail,
1121 ss); 1113 ss);
1122 /* FIXME: if this changed sequence_allowed, 1114 /* FIXME: if this changed sequence_allowed,
1123 update MTU / MQ of 'receiver'! */ 1115 update MTU / MQ of 'receiver'! */
@@ -1142,21 +1134,21 @@ try_handle_plaintext (struct SenderAddress *sender,
1142 size_t buf_size) 1134 size_t buf_size)
1143{ 1135{
1144 const struct GNUNET_MessageHeader *hdr 1136 const struct GNUNET_MessageHeader *hdr
1145 = (const struct GNUNET_MessageHeader *) queue->pread_buf; 1137 = (const struct GNUNET_MessageHeader *) buf;
1146 const struct UDPAck *ack 1138 const struct UDPAck *ack
1147 = (const struct UDPAck *) queue->pread_buf; 1139 = (const struct UDPAck *) buf;
1148 uint16_t type; 1140 uint16_t type;
1149 1141
1150 if (sizeof (*hdr) > buf_size) 1142 if (sizeof (*hdr) > buf_size)
1151 return; /* not even a header */ 1143 return; /* not even a header */
1152 if (ntohs (hdr->size) > buf_size) 1144 if (ntohs (hdr->size) > buf_size)
1153 return 0; /* not even a header */ 1145 return; /* not even a header */
1154 type = ntohs (hdr->type); 1146 type = ntohs (hdr->type);
1155 switch (type) 1147 switch (type)
1156 { 1148 {
1157 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK: 1149 case GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK:
1158 /* lookup master secret by 'cmac', then update sequence_max */ 1150 /* lookup master secret by 'cmac', then update sequence_max */
1159 GNUNET_CONTAINER_multihashmap_get_multiple (receivers, 1151 GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
1160 &sender->target, 1152 &sender->target,
1161 &handle_ack, 1153 &handle_ack,
1162 (void *) ack); 1154 (void *) ack);
@@ -1200,10 +1192,10 @@ consider_ss_ack (struct SharedSecret *ss)
1200 1192
1201 while (ss->active_kce_count < KCN_TARGET) 1193 while (ss->active_kce_count < KCN_TARGET)
1202 kce_generate (ss, 1194 kce_generate (ss,
1203 ++ss->sequence_used); 1195 ++ss->sequence_allowed);
1204 ack.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK); 1196 ack.header.type = htons (GNUNET_MESSAGE_TYPE_COMMUNICATOR_UDP_ACK);
1205 ack.header.size = htons (sizeof (ack)); 1197 ack.header.size = htons (sizeof (ack));
1206 ack.sequence_max = htonl (ss->sequence_max); 1198 ack.sequence_max = htonl (ss->sequence_allowed);
1207 ack.cmac = ss->cmac; 1199 ack.cmac = ss->cmac;
1208 GNUNET_TRANSPORT_communicator_notify (ch, 1200 GNUNET_TRANSPORT_communicator_notify (ch,
1209 &ss->sender->target, 1201 &ss->sender->target,
@@ -1226,7 +1218,6 @@ decrypt_box (const struct UDPBox *box,
1226 struct KeyCacheEntry *kce) 1218 struct KeyCacheEntry *kce)
1227{ 1219{
1228 struct SharedSecret *ss = kce->ss; 1220 struct SharedSecret *ss = kce->ss;
1229 gcry_cipher_hd_t cipher;
1230 char out_buf[box_len - sizeof (*box)]; 1221 char out_buf[box_len - sizeof (*box)];
1231 1222
1232 GNUNET_assert (NULL != ss->sender); 1223 GNUNET_assert (NULL != ss->sender);
@@ -1234,9 +1225,9 @@ decrypt_box (const struct UDPBox *box,
1234 try_decrypt (ss, 1225 try_decrypt (ss,
1235 box->gcm_tag, 1226 box->gcm_tag,
1236 kce->sequence_number, 1227 kce->sequence_number,
1237 box_len - sizeof (*box), 1228 (const char *) &box[1],
1238 out_buf, 1229 sizeof (out_buf),
1239 sizeof (out_buf))) 1230 out_buf))
1240 { 1231 {
1241 GNUNET_STATISTICS_update (stats, 1232 GNUNET_STATISTICS_update (stats,
1242 "# Decryption failures with valid KCE", 1233 "# Decryption failures with valid KCE",
@@ -1330,7 +1321,7 @@ setup_sender (const struct GNUNET_PeerIdentity *target,
1330 .sender = NULL 1321 .sender = NULL
1331 }; 1322 };
1332 1323
1333 GNUNET_CONTAINER_multihashmap_get_multiple (senders, 1324 GNUNET_CONTAINER_multipeermap_get_multiple (senders,
1334 target, 1325 target,
1335 &find_sender_by_address, 1326 &find_sender_by_address,
1336 &sc); 1327 &sc);
@@ -1344,7 +1335,7 @@ setup_sender (const struct GNUNET_PeerIdentity *target,
1344 sender->address = GNUNET_memdup (address, 1335 sender->address = GNUNET_memdup (address,
1345 address_len); 1336 address_len);
1346 sender->address_len = address_len; 1337 sender->address_len = address_len;
1347 (void) GNUNET_CONTAINER_multihashmap_put (senders, 1338 (void) GNUNET_CONTAINER_multipeermap_put (senders,
1348 &sender->target, 1339 &sender->target,
1349 sender, 1340 sender,
1350 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE); 1341 GNUNET_CONTAINER_MULTIHASHMAPOPTION_MULTIPLE);
@@ -1356,7 +1347,7 @@ setup_sender (const struct GNUNET_PeerIdentity *target,
1356 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); 1347 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1357 sender->hn = GNUNET_CONTAINER_heap_insert (senders_heap, 1348 sender->hn = GNUNET_CONTAINER_heap_insert (senders_heap,
1358 sender, 1349 sender,
1359 sender.timeout.abs_value_us); 1350 sender->timeout.abs_value_us);
1360 sender->nt = GNUNET_NT_scanner_get_type (is, 1351 sender->nt = GNUNET_NT_scanner_get_type (is,
1361 address, 1352 address,
1362 address_len); 1353 address_len);
@@ -1368,6 +1359,32 @@ setup_sender (const struct GNUNET_PeerIdentity *target,
1368 1359
1369 1360
1370/** 1361/**
1362 * Check signature from @a uc against @a ephemeral.
1363 *
1364 * @param ephermal key that is signed
1365 * @param uc signature of claimant
1366 * @return #GNUNET_OK if signature is valid
1367 */
1368static int
1369verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
1370 const struct UDPConfirmation *uc)
1371{
1372 struct UdpHandshakeSignature uhs;
1373
1374 uhs.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE);
1375 uhs.purpose.size = htonl (sizeof (uhs));
1376 uhs.sender = uc->sender;
1377 uhs.receiver = my_identity;
1378 uhs.ephemeral = *ephemeral;
1379 uhs.monotonic_time = uc->monotonic_time;
1380 return GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE,
1381 &uhs.purpose,
1382 &uc->sender_sig,
1383 &uc->sender.public_key);
1384}
1385
1386
1387/**
1371 * Socket read task. 1388 * Socket read task.
1372 * 1389 *
1373 * @param cls NULL 1390 * @param cls NULL
@@ -1404,8 +1421,8 @@ sock_read (void *cls)
1404 struct KeyCacheEntry *kce; 1421 struct KeyCacheEntry *kce;
1405 1422
1406 box = (const struct UDPBox *) buf; 1423 box = (const struct UDPBox *) buf;
1407 kce = GNUNET_CONTAINER_multihashmap_get (key_cache, 1424 kce = GNUNET_CONTAINER_multishortmap_get (key_cache,
1408 &box->kid); 1425 &box->kid);
1409 if (NULL != kce) 1426 if (NULL != kce)
1410 { 1427 {
1411 decrypt_box (box, 1428 decrypt_box (box,
@@ -1432,13 +1449,13 @@ sock_read (void *cls)
1432 struct SenderAddress *sender; 1449 struct SenderAddress *sender;
1433 1450
1434 kx = (const struct InitialKX *) buf; 1451 kx = (const struct InitialKX *) buf;
1435 ss = setup_shared_secret_dec (&kx->ephemral); 1452 ss = setup_shared_secret_dec (&kx->ephemeral);
1436 if (GNUNET_OK != 1453 if (GNUNET_OK !=
1437 try_decrypt (ss, 1454 try_decrypt (ss,
1438 0,
1439 kx->gcm_tag, 1455 kx->gcm_tag,
1456 0,
1440 &buf[sizeof (*kx)], 1457 &buf[sizeof (*kx)],
1441 (const struct GNUNET_CRYPTO_EcdhePublicKey *) buf, 1458 sizeof (pbuf),
1442 pbuf)) 1459 pbuf))
1443 { 1460 {
1444 GNUNET_free (ss); 1461 GNUNET_free (ss);
@@ -1461,7 +1478,7 @@ sock_read (void *cls)
1461 GNUNET_NO); 1478 GNUNET_NO);
1462 return; 1479 return;
1463 } 1480 }
1464 calculcate_cmac (ss); 1481 calculate_cmac (ss);
1465 sender = setup_sender (&uc->sender, 1482 sender = setup_sender (&uc->sender,
1466 (const struct sockaddr *) &sa, 1483 (const struct sockaddr *) &sa,
1467 salen); 1484 salen);
@@ -1648,22 +1665,32 @@ mq_send (struct GNUNET_MQ_Handle *mq,
1648 receiver_destroy (receiver); 1665 receiver_destroy (receiver);
1649 return; 1666 return;
1650 } 1667 }
1668 reschedule_receiver_timeout (receiver);
1651 1669
1652 // FIXME: add support for BOX encryption method! 1670 // FIXME: add support for BOX encryption method!
1653 1671
1654 /* KX encryption method */ 1672 /* KX encryption method */
1655 { 1673 {
1656 struct UdpHandshakeSignature uhs; 1674 struct UdpHandshakeSignature uhs;
1657 struct UdpConfirmation uc; 1675 struct UDPConfirmation uc;
1658 struct InitialKX kx; 1676 struct InitialKX kx;
1659 struct GNUNET_CRYPTO_EcdhePrivateKey epriv; 1677 struct GNUNET_CRYPTO_EcdhePrivateKey epriv;
1660 char dgram[receiver->mtu + 1678 char dgram[receiver->mtu +
1661 sizeof (uc) + 1679 sizeof (uc) +
1662 sizeof (kx)]; 1680 sizeof (kx)];
1663 size_t dpos; 1681 size_t dpos;
1682 gcry_cipher_hd_t out_cipher;
1683 struct SharedSecret *ss;
1664 1684
1685 /* setup key material */
1665 GNUNET_assert (GNUNET_OK == 1686 GNUNET_assert (GNUNET_OK ==
1666 GNUNET_CRYPTO_ecdhe_key_create2 (&epriv)); 1687 GNUNET_CRYPTO_ecdhe_key_create2 (&epriv));
1688
1689 ss = setup_shared_secret_enc (&epriv,
1690 receiver);
1691 setup_cipher (&ss->master,
1692 0,
1693 &out_cipher);
1667 /* compute 'uc' */ 1694 /* compute 'uc' */
1668 uc.sender = my_identity; 1695 uc.sender = my_identity;
1669 uc.monotonic_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg)); 1696 uc.monotonic_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
@@ -1698,7 +1725,7 @@ mq_send (struct GNUNET_MQ_Handle *mq,
1698 dpos += msize; 1725 dpos += msize;
1699 /* Pad to MTU */ 1726 /* Pad to MTU */
1700 { 1727 {
1701 char pad[sizeof (dgram) - pos]; 1728 char pad[sizeof (dgram) - dpos];
1702 1729
1703 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, 1730 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1704 pad, 1731 pad,
@@ -1727,6 +1754,7 @@ mq_send (struct GNUNET_MQ_Handle *mq,
1727 gcry_cipher_gettag (out_cipher, 1754 gcry_cipher_gettag (out_cipher,
1728 kx.gcm_tag, 1755 kx.gcm_tag,
1729 sizeof (kx.gcm_tag))); 1756 sizeof (kx.gcm_tag)));
1757 gcry_cipher_close (out_cipher);
1730 memcpy (dgram, 1758 memcpy (dgram,
1731 &kx, 1759 &kx,
1732 sizeof (kx)); 1760 sizeof (kx));
@@ -1811,7 +1839,7 @@ mq_error (void *cls,
1811 */ 1839 */
1812static struct ReceiverAddress * 1840static struct ReceiverAddress *
1813receiver_setup (const struct GNUNET_PeerIdentity *target, 1841receiver_setup (const struct GNUNET_PeerIdentity *target,
1814 const struct sockddr *address, 1842 const struct sockaddr *address,
1815 socklen_t address_len) 1843 socklen_t address_len)
1816{ 1844{
1817 struct ReceiverAddress *receiver; 1845 struct ReceiverAddress *receiver;
@@ -1832,7 +1860,7 @@ receiver_setup (const struct GNUNET_PeerIdentity *target,
1832 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT); 1860 = GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1833 receiver->hn = GNUNET_CONTAINER_heap_insert (receivers_heap, 1861 receiver->hn = GNUNET_CONTAINER_heap_insert (receivers_heap,
1834 receiver, 1862 receiver,
1835 receiver.timeout.abs_value_us); 1863 receiver->timeout.abs_value_us);
1836 receiver->mq 1864 receiver->mq
1837 = GNUNET_MQ_queue_for_callbacks (&mq_send, 1865 = GNUNET_MQ_queue_for_callbacks (&mq_send,
1838 &mq_destroy, 1866 &mq_destroy,
@@ -1858,15 +1886,15 @@ receiver_setup (const struct GNUNET_PeerIdentity *target,
1858 GNUNET_asprintf (&foreign_addr, 1886 GNUNET_asprintf (&foreign_addr,
1859 "%s-%s", 1887 "%s-%s",
1860 COMMUNICATOR_ADDRESS_PREFIX, 1888 COMMUNICATOR_ADDRESS_PREFIX,
1861 GNUNET_a2s(queue->address, 1889 GNUNET_a2s (receiver->address,
1862 queue->address_len)); 1890 receiver->address_len));
1863 break; 1891 break;
1864 case AF_INET6: 1892 case AF_INET6:
1865 GNUNET_asprintf (&foreign_addr, 1893 GNUNET_asprintf (&foreign_addr,
1866 "%s-%s", 1894 "%s-%s",
1867 COMMUNICATOR_ADDRESS_PREFIX, 1895 COMMUNICATOR_ADDRESS_PREFIX,
1868 GNUNET_a2s(queue->address, 1896 GNUNET_a2s (receiver->address,
1869 queue->address_len)); 1897 receiver->address_len));
1870 break; 1898 break;
1871 default: 1899 default:
1872 GNUNET_assert (0); 1900 GNUNET_assert (0);
@@ -1881,6 +1909,7 @@ receiver_setup (const struct GNUNET_PeerIdentity *target,
1881 receiver->mq); 1909 receiver->mq);
1882 GNUNET_free (foreign_addr); 1910 GNUNET_free (foreign_addr);
1883 } 1911 }
1912 return receiver;
1884} 1913}
1885 1914
1886 1915
@@ -1924,6 +1953,7 @@ mq_init (void *cls,
1924 receiver = receiver_setup (peer, 1953 receiver = receiver_setup (peer,
1925 in, 1954 in,
1926 in_len); 1955 in_len);
1956 (void) receiver;
1927 return GNUNET_OK; 1957 return GNUNET_OK;
1928} 1958}
1929 1959
@@ -1959,9 +1989,9 @@ get_receiver_delete_it (void *cls,
1959 * @return #GNUNET_OK to continue to iterate 1989 * @return #GNUNET_OK to continue to iterate
1960 */ 1990 */
1961static int 1991static int
1962get_receiver_delete_it (void *cls, 1992get_sender_delete_it (void *cls,
1963 const struct GNUNET_PeerIdentity *target, 1993 const struct GNUNET_PeerIdentity *target,
1964 void *value) 1994 void *value)
1965{ 1995{
1966 struct SenderAddress *sender = value; 1996 struct SenderAddress *sender = value;
1967 1997
@@ -2055,7 +2085,7 @@ enc_notify_cb (void *cls,
2055 return; 2085 return;
2056 } 2086 }
2057 ack = (const struct UDPAck *) msg; 2087 ack = (const struct UDPAck *) msg;
2058 GNUNET_CONTAINER_multihashmap_get_multiple (receivers, 2088 GNUNET_CONTAINER_multipeermap_get_multiple (receivers,
2059 sender, 2089 sender,
2060 &handle_ack, 2090 &handle_ack,
2061 (void *) ack); 2091 (void *) ack);
@@ -2147,12 +2177,6 @@ run (void *cls,
2147 "BINDTO"); 2177 "BINDTO");
2148 return; 2178 return;
2149 } 2179 }
2150 if (GNUNET_OK !=
2151 GNUNET_CONFIGURATION_get_value_number (cfg,
2152 COMMUNICATOR_CONFIG_SECTION,
2153 "MAX_QUEUE_LENGTH",
2154 &max_queue_length))
2155 max_queue_length = DEFAULT_MAX_QUEUE_LENGTH;
2156 2180
2157 in = udp_address_to_sockaddr (bindto, 2181 in = udp_address_to_sockaddr (bindto,
2158 &in_len); 2182 &in_len);
@@ -2184,7 +2208,7 @@ run (void *cls,
2184 "bind", 2208 "bind",
2185 bindto); 2209 bindto);
2186 GNUNET_NETWORK_socket_close (udp_sock); 2210 GNUNET_NETWORK_socket_close (udp_sock);
2187 listen_sock = NULL; 2211 udp_sock = NULL;
2188 GNUNET_free (in); 2212 GNUNET_free (in);
2189 GNUNET_free (bindto); 2213 GNUNET_free (bindto);
2190 return; 2214 return;
@@ -2232,7 +2256,7 @@ run (void *cls,
2232 } 2256 }
2233 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, 2257 GNUNET_CRYPTO_eddsa_key_get_public (my_private_key,
2234 &my_identity.public_key); 2258 &my_identity.public_key);
2235 /* start listening */ 2259 /* start reading */
2236 read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL, 2260 read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2237 udp_sock, 2261 udp_sock,
2238 &sock_read, 2262 &sock_read,