diff options
Diffstat (limited to 'src/transport/gnunet-service-tng.c')
-rw-r--r-- | src/transport/gnunet-service-tng.c | 126 |
1 files changed, 36 insertions, 90 deletions
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index c4711e6fe..f2ee685bc 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c | |||
@@ -187,20 +187,20 @@ | |||
187 | * the value chosen here might be too aggressively low! | 187 | * the value chosen here might be too aggressively low! |
188 | */ | 188 | */ |
189 | #define DELAY_WARN_THRESHOLD \ | 189 | #define DELAY_WARN_THRESHOLD \ |
190 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) | 190 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
191 | 191 | ||
192 | /** | 192 | /** |
193 | * If a DVBox could not be forwarded after this number of | 193 | * If a DVBox could not be forwarded after this number of |
194 | * seconds we drop it. | 194 | * seconds we drop it. |
195 | */ | 195 | */ |
196 | #define DV_FORWARD_TIMEOUT \ | 196 | #define DV_FORWARD_TIMEOUT \ |
197 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 60) | 197 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 60) |
198 | 198 | ||
199 | /** | 199 | /** |
200 | * Default value for how long we wait for reliability ack. | 200 | * Default value for how long we wait for reliability ack. |
201 | */ | 201 | */ |
202 | #define DEFAULT_ACK_WAIT_DURATION \ | 202 | #define DEFAULT_ACK_WAIT_DURATION \ |
203 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1) | 203 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1) |
204 | 204 | ||
205 | /** | 205 | /** |
206 | * We only consider queues as "quality" connections when | 206 | * We only consider queues as "quality" connections when |
@@ -208,53 +208,53 @@ | |||
208 | * the latency of the queue is below this threshold. | 208 | * the latency of the queue is below this threshold. |
209 | */ | 209 | */ |
210 | #define DV_QUALITY_RTT_THRESHOLD \ | 210 | #define DV_QUALITY_RTT_THRESHOLD \ |
211 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1) | 211 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 1) |
212 | 212 | ||
213 | /** | 213 | /** |
214 | * How long do we consider a DV path valid if we see no | 214 | * How long do we consider a DV path valid if we see no |
215 | * further updates on it? Note: the value chosen here might be too low! | 215 | * further updates on it? Note: the value chosen here might be too low! |
216 | */ | 216 | */ |
217 | #define DV_PATH_VALIDITY_TIMEOUT \ | 217 | #define DV_PATH_VALIDITY_TIMEOUT \ |
218 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) | 218 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
219 | 219 | ||
220 | /** | 220 | /** |
221 | * How long do we cache backchannel (struct Backtalker) information | 221 | * How long do we cache backchannel (struct Backtalker) information |
222 | * after a backchannel goes inactive? | 222 | * after a backchannel goes inactive? |
223 | */ | 223 | */ |
224 | #define BACKCHANNEL_INACTIVITY_TIMEOUT \ | 224 | #define BACKCHANNEL_INACTIVITY_TIMEOUT \ |
225 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) | 225 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
226 | 226 | ||
227 | /** | 227 | /** |
228 | * How long before paths expire would we like to (re)discover DV paths? Should | 228 | * How long before paths expire would we like to (re)discover DV paths? Should |
229 | * be below #DV_PATH_VALIDITY_TIMEOUT. | 229 | * be below #DV_PATH_VALIDITY_TIMEOUT. |
230 | */ | 230 | */ |
231 | #define DV_PATH_DISCOVERY_FREQUENCY \ | 231 | #define DV_PATH_DISCOVERY_FREQUENCY \ |
232 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) | 232 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) |
233 | 233 | ||
234 | /** | 234 | /** |
235 | * How long are ephemeral keys valid? | 235 | * How long are ephemeral keys valid? |
236 | */ | 236 | */ |
237 | #define EPHEMERAL_VALIDITY \ | 237 | #define EPHEMERAL_VALIDITY \ |
238 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) | 238 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) |
239 | 239 | ||
240 | /** | 240 | /** |
241 | * How long do we keep partially reassembled messages around before giving up? | 241 | * How long do we keep partially reassembled messages around before giving up? |
242 | */ | 242 | */ |
243 | #define REASSEMBLY_EXPIRATION \ | 243 | #define REASSEMBLY_EXPIRATION \ |
244 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) | 244 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) |
245 | 245 | ||
246 | /** | 246 | /** |
247 | * What is the fastest rate at which we send challenges *if* we keep learning | 247 | * What is the fastest rate at which we send challenges *if* we keep learning |
248 | * an address (gossip, DHT, etc.)? | 248 | * an address (gossip, DHT, etc.)? |
249 | */ | 249 | */ |
250 | #define FAST_VALIDATION_CHALLENGE_FREQ \ | 250 | #define FAST_VALIDATION_CHALLENGE_FREQ \ |
251 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1) | 251 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1) |
252 | 252 | ||
253 | /** | 253 | /** |
254 | * What is the slowest rate at which we send challenges? | 254 | * What is the slowest rate at which we send challenges? |
255 | */ | 255 | */ |
256 | #define MAX_VALIDATION_CHALLENGE_FREQ \ | 256 | #define MAX_VALIDATION_CHALLENGE_FREQ \ |
257 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1) | 257 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1) |
258 | 258 | ||
259 | /** | 259 | /** |
260 | * How long until we forget about historic accumulators and thus | 260 | * How long until we forget about historic accumulators and thus |
@@ -262,7 +262,7 @@ | |||
262 | * active connection experiences without an ACK. | 262 | * active connection experiences without an ACK. |
263 | */ | 263 | */ |
264 | #define ACK_CUMMULATOR_TIMEOUT \ | 264 | #define ACK_CUMMULATOR_TIMEOUT \ |
265 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) | 265 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) |
266 | 266 | ||
267 | /** | 267 | /** |
268 | * What is the non-randomized base frequency at which we | 268 | * What is the non-randomized base frequency at which we |
@@ -280,13 +280,13 @@ | |||
280 | * When do we forget an invalid address for sure? | 280 | * When do we forget an invalid address for sure? |
281 | */ | 281 | */ |
282 | #define MAX_ADDRESS_VALID_UNTIL \ | 282 | #define MAX_ADDRESS_VALID_UNTIL \ |
283 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1) | 283 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1) |
284 | 284 | ||
285 | /** | 285 | /** |
286 | * How long do we consider an address valid if we just checked? | 286 | * How long do we consider an address valid if we just checked? |
287 | */ | 287 | */ |
288 | #define ADDRESS_VALIDATION_LIFETIME \ | 288 | #define ADDRESS_VALIDATION_LIFETIME \ |
289 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) | 289 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 4) |
290 | 290 | ||
291 | /** | 291 | /** |
292 | * What is the maximum frequency at which we do address validation? | 292 | * What is the maximum frequency at which we do address validation? |
@@ -1774,10 +1774,6 @@ struct DistanceVector | |||
1774 | */ | 1774 | */ |
1775 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; | 1775 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; |
1776 | 1776 | ||
1777 | /** | ||
1778 | * Our private ephemeral key. | ||
1779 | */ | ||
1780 | struct GNUNET_CRYPTO_EcdhePrivateKey private_key; | ||
1781 | }; | 1777 | }; |
1782 | 1778 | ||
1783 | 1779 | ||
@@ -4411,24 +4407,18 @@ check_communicator_backchannel ( | |||
4411 | 4407 | ||
4412 | 4408 | ||
4413 | /** | 4409 | /** |
4414 | * Ensure ephemeral keys in our @a dv are current. If no current one exists, | 4410 | * Sign ephemeral keys in our @a dv are current. |
4415 | * set it up. | ||
4416 | * | 4411 | * |
4417 | * @param[in,out] dv virtual link to update ephemeral for | 4412 | * @param[in,out] dv virtual link to update ephemeral for |
4418 | */ | 4413 | */ |
4419 | static void | 4414 | static void |
4420 | update_ephemeral (struct DistanceVector *dv) | 4415 | sign_ephemeral (struct DistanceVector *dv) |
4421 | { | 4416 | { |
4422 | struct EphemeralConfirmationPS ec; | 4417 | struct EphemeralConfirmationPS ec; |
4423 | 4418 | ||
4424 | if (0 != | ||
4425 | GNUNET_TIME_absolute_get_remaining (dv->ephemeral_validity).rel_value_us) | ||
4426 | return; | ||
4427 | dv->monotime = GNUNET_TIME_absolute_get_monotonic (GST_cfg); | 4419 | dv->monotime = GNUNET_TIME_absolute_get_monotonic (GST_cfg); |
4428 | dv->ephemeral_validity = | 4420 | dv->ephemeral_validity = |
4429 | GNUNET_TIME_absolute_add (dv->monotime, EPHEMERAL_VALIDITY); | 4421 | GNUNET_TIME_absolute_add (dv->monotime, EPHEMERAL_VALIDITY); |
4430 | GNUNET_CRYPTO_ecdhe_key_create (&dv->private_key); | ||
4431 | GNUNET_CRYPTO_ecdhe_key_get_public (&dv->private_key, &dv->ephemeral_key); | ||
4432 | ec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL); | 4422 | ec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL); |
4433 | ec.target = dv->target; | 4423 | ec.target = dv->target; |
4434 | ec.ephemeral_key = dv->ephemeral_key; | 4424 | ec.ephemeral_key = dv->ephemeral_key; |
@@ -4681,7 +4671,7 @@ dv_setup_key_state_from_km (const struct GNUNET_HashCode *km, | |||
4681 | const struct GNUNET_ShortHashCode *iv, | 4671 | const struct GNUNET_ShortHashCode *iv, |
4682 | struct DVKeyState *key) | 4672 | struct DVKeyState *key) |
4683 | { | 4673 | { |
4684 | /* must match #dh_key_derive_eph_pub */ | 4674 | /* must match what we defive from decapsulated key */ |
4685 | GNUNET_assert (GNUNET_YES == | 4675 | GNUNET_assert (GNUNET_YES == |
4686 | GNUNET_CRYPTO_kdf (&key->material, | 4676 | GNUNET_CRYPTO_kdf (&key->material, |
4687 | sizeof(key->material), | 4677 | sizeof(key->material), |
@@ -4710,62 +4700,6 @@ dv_setup_key_state_from_km (const struct GNUNET_HashCode *km, | |||
4710 | 4700 | ||
4711 | 4701 | ||
4712 | /** | 4702 | /** |
4713 | * Derive backchannel encryption key material from @a priv_ephemeral | ||
4714 | * and @a target and @a iv. | ||
4715 | * | ||
4716 | * @param priv_ephemeral ephemeral private key to use | ||
4717 | * @param target the target peer to encrypt to | ||
4718 | * @param iv unique IV to use | ||
4719 | * @param[out] key set to the key material | ||
4720 | * @return GNUNET_OK on success | ||
4721 | */ | ||
4722 | static enum GNUNET_GenericReturnValue | ||
4723 | dh_key_derive_eph_pid ( | ||
4724 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ephemeral, | ||
4725 | const struct GNUNET_PeerIdentity *target, | ||
4726 | const struct GNUNET_ShortHashCode *iv, | ||
4727 | struct DVKeyState *key) | ||
4728 | { | ||
4729 | struct GNUNET_HashCode km; | ||
4730 | |||
4731 | if (GNUNET_YES != GNUNET_CRYPTO_ecdh_eddsa (priv_ephemeral, | ||
4732 | &target->public_key, | ||
4733 | &km)) | ||
4734 | return GNUNET_SYSERR; | ||
4735 | // FIXME: Possibly also add return values here. We are processing | ||
4736 | // Input from other peers... | ||
4737 | dv_setup_key_state_from_km (&km, iv, key); | ||
4738 | return GNUNET_OK; | ||
4739 | } | ||
4740 | |||
4741 | |||
4742 | /** | ||
4743 | * Derive backchannel encryption key material from #GST_my_private_key | ||
4744 | * and @a pub_ephemeral and @a iv. | ||
4745 | * | ||
4746 | * @param priv_ephemeral ephemeral private key to use | ||
4747 | * @param target the target peer to encrypt to | ||
4748 | * @param iv unique IV to use | ||
4749 | * @param[out] key set to the key material | ||
4750 | * @return GNUNET_OK on success | ||
4751 | */ | ||
4752 | static enum GNUNET_GenericReturnValue | ||
4753 | dh_key_derive_eph_pub (const struct GNUNET_CRYPTO_EcdhePublicKey *pub_ephemeral, | ||
4754 | const struct GNUNET_ShortHashCode *iv, | ||
4755 | struct DVKeyState *key) | ||
4756 | { | ||
4757 | struct GNUNET_HashCode km; | ||
4758 | |||
4759 | if (GNUNET_YES != GNUNET_CRYPTO_eddsa_ecdh (GST_my_private_key, | ||
4760 | pub_ephemeral, | ||
4761 | &km)) | ||
4762 | return GNUNET_SYSERR; | ||
4763 | dv_setup_key_state_from_km (&km, iv, key); | ||
4764 | return GNUNET_OK; | ||
4765 | } | ||
4766 | |||
4767 | |||
4768 | /** | ||
4769 | * Do HMAC calculation for backchannel messages over @a data using key | 4703 | * Do HMAC calculation for backchannel messages over @a data using key |
4770 | * material from @a key. | 4704 | * material from @a key. |
4771 | * | 4705 | * |
@@ -4882,13 +4816,22 @@ encapsulate_for_dv (struct DistanceVector *dv, | |||
4882 | char enc[sizeof(struct TransportDVBoxPayloadP) + enc_body_size] GNUNET_ALIGN; | 4816 | char enc[sizeof(struct TransportDVBoxPayloadP) + enc_body_size] GNUNET_ALIGN; |
4883 | struct DVKeyState *key; | 4817 | struct DVKeyState *key; |
4884 | struct GNUNET_TIME_Relative rtt; | 4818 | struct GNUNET_TIME_Relative rtt; |
4819 | struct GNUNET_HashCode k; | ||
4885 | 4820 | ||
4886 | key = GNUNET_new (struct DVKeyState); | 4821 | key = GNUNET_new (struct DVKeyState); |
4887 | /* Encrypt payload */ | 4822 | /* Encrypt payload */ |
4888 | box_hdr.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_DV_BOX); | 4823 | box_hdr.header.type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_DV_BOX); |
4889 | box_hdr.total_hops = htons (0); | 4824 | box_hdr.total_hops = htons (0); |
4890 | box_hdr.without_fc = htons (without_fc); | 4825 | box_hdr.without_fc = htons (without_fc); |
4891 | update_ephemeral (dv); | 4826 | // update_ephemeral (dv); |
4827 | if (0 == | ||
4828 | GNUNET_TIME_absolute_get_remaining (dv->ephemeral_validity).rel_value_us) | ||
4829 | { | ||
4830 | GNUNET_CRYPTO_eddsa_kem_encaps (&dv->target.public_key, | ||
4831 | &dv->ephemeral_key, | ||
4832 | &k); | ||
4833 | sign_ephemeral (dv); | ||
4834 | } | ||
4892 | box_hdr.ephemeral_key = dv->ephemeral_key; | 4835 | box_hdr.ephemeral_key = dv->ephemeral_key; |
4893 | payload_hdr.sender_sig = dv->sender_sig; | 4836 | payload_hdr.sender_sig = dv->sender_sig; |
4894 | 4837 | ||
@@ -4896,10 +4839,9 @@ encapsulate_for_dv (struct DistanceVector *dv, | |||
4896 | &box_hdr.iv, | 4839 | &box_hdr.iv, |
4897 | sizeof(box_hdr.iv)); | 4840 | sizeof(box_hdr.iv)); |
4898 | // We are creating this key, so this must work. | 4841 | // We are creating this key, so this must work. |
4899 | GNUNET_assert (GNUNET_OK == | 4842 | // FIXME: Possibly also add return values here. We are processing |
4900 | dh_key_derive_eph_pid (&dv->private_key, | 4843 | // Input from other peers... |
4901 | &dv->target, | 4844 | dv_setup_key_state_from_km (&k, &box_hdr.iv, key); |
4902 | &box_hdr.iv, key)); | ||
4903 | payload_hdr.sender = GST_my_identity; | 4845 | payload_hdr.sender = GST_my_identity; |
4904 | payload_hdr.monotonic_time = GNUNET_TIME_absolute_hton (dv->monotime); | 4846 | payload_hdr.monotonic_time = GNUNET_TIME_absolute_hton (dv->monotime); |
4905 | dv_encrypt (key, &payload_hdr, enc, sizeof(payload_hdr)); | 4847 | dv_encrypt (key, &payload_hdr, enc, sizeof(payload_hdr)); |
@@ -8322,13 +8264,17 @@ handle_dv_box (void *cls, const struct TransportDVBoxMessage *dvb) | |||
8322 | cmc->total_hops = ntohs (dvb->total_hops); | 8264 | cmc->total_hops = ntohs (dvb->total_hops); |
8323 | 8265 | ||
8324 | // DH key derivation with received DV, could be garbage. | 8266 | // DH key derivation with received DV, could be garbage. |
8325 | if (GNUNET_OK != | 8267 | struct GNUNET_HashCode km; |
8326 | dh_key_derive_eph_pub (&dvb->ephemeral_key, &dvb->iv, &key)) | 8268 | |
8269 | if (GNUNET_YES != GNUNET_CRYPTO_eddsa_kem_decaps (GST_my_private_key, | ||
8270 | &dvb->ephemeral_key, | ||
8271 | &km)) | ||
8327 | { | 8272 | { |
8328 | GNUNET_break_op (0); | 8273 | GNUNET_break_op (0); |
8329 | finish_cmc_handling (cmc); | 8274 | finish_cmc_handling (cmc); |
8330 | return; | 8275 | return; |
8331 | } | 8276 | } |
8277 | dv_setup_key_state_from_km (&km, &dvb->iv, &key); | ||
8332 | hdr = (const char *) &dvb[1]; | 8278 | hdr = (const char *) &dvb[1]; |
8333 | hdr_len = ntohs (dvb->orig_size) - sizeof(*dvb) - sizeof(struct | 8279 | hdr_len = ntohs (dvb->orig_size) - sizeof(*dvb) - sizeof(struct |
8334 | GNUNET_PeerIdentity) | 8280 | GNUNET_PeerIdentity) |