GNUnet  0.20.0
Data Structures | Macros | Functions | Variables
gnunet-service-core_kx.c File Reference

code for managing the key exchange (SET_KEY, PING, PONG) with other peers More...

#include "platform.h"
#include "gnunet-service-core_kx.h"
#include "gnunet-service-core.h"
#include "gnunet-service-core_sessions.h"
#include "gnunet_statistics_service.h"
#include "gnunet_transport_service.h"
#include "gnunet_constants.h"
#include "gnunet_signatures.h"
#include "gnunet_protocols.h"
#include "core.h"
Include dependency graph for gnunet-service-core_kx.c:

Go to the source code of this file.

Data Structures

struct  EncryptedMessage
 Encapsulation for encrypted messages exchanged between peers. More...
 
struct  GSC_KeyExchangeInfo
 Information about the status of a key exchange with another peer. More...
 

Macros

#define DEBUG_KX   0
 Enable expensive (and possibly problematic for privacy!) logging of KX. More...
 
#define INITIAL_SET_KEY_RETRY_FREQUENCY    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)
 How long do we wait for SET_KEY confirmation initially? More...
 
#define MIN_PING_FREQUENCY    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
 What is the minimum frequency for a PING message? More...
 
#define REKEY_FREQUENCY    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
 How often do we rekey? More...
 
#define REKEY_TOLERANCE    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
 What time difference do we tolerate? More...
 
#define MAX_MESSAGE_AGE   GNUNET_TIME_UNIT_DAYS
 What is the maximum age of a message for us to consider processing it? Note that this looks at the timestamp used by the other peer, so clock skew between machines does come into play here. More...
 
#define ENCRYPTED_HEADER_SIZE    (offsetof (struct EncryptedMessage, sequence_number))
 Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted. More...
 

Functions

static uint32_t calculate_seed (struct GSC_KeyExchangeInfo *kx)
 Calculate seed value we should use for a message. More...
 
static void monitor_notify_all (struct GSC_KeyExchangeInfo *kx)
 Inform all monitors about the KX state of the given peer. More...
 
static void derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed)
 Derive an authentication key from "set key" information. More...
 
static void derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity)
 Derive an IV from packet information. More...
 
static void derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, uint32_t challenge, const struct GNUNET_PeerIdentity *identity)
 Derive an IV from pong packet information. More...
 
static void derive_aes_key (const struct GNUNET_PeerIdentity *sender, const struct GNUNET_PeerIdentity *receiver, const struct GNUNET_HashCode *key_material, struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
 Derive an AES key from key material. More...
 
static int do_encrypt (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
 Encrypt size bytes from in and write the result to out. More...
 
static int do_decrypt (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
 Decrypt size bytes from in and write the result to out. More...
 
static void send_key (struct GSC_KeyExchangeInfo *kx)
 Send our key (and encrypted PING) to the other peer. More...
 
static void set_key_retry_task (void *cls)
 Task that will retry send_key() if our previous attempt failed. More...
 
static void setup_fresh_ping (struct GSC_KeyExchangeInfo *kx)
 Create a fresh PING message for transmission to the other peer. More...
 
static int deliver_message (void *cls, const struct GNUNET_MessageHeader *m)
 Deliver P2P message to interested clients. More...
 
static void * handle_transport_notify_connect (void *cls, const struct GNUNET_PeerIdentity *pid, struct GNUNET_MQ_Handle *mq)
 Function called by transport to notify us that a peer connected to us (on the network level). More...
 
static void handle_transport_notify_disconnect (void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls)
 Function called by transport telling us that a peer disconnected. More...
 
static void send_ping (struct GSC_KeyExchangeInfo *kx)
 Send our PING to the other peer. More...
 
static void derive_session_keys (struct GSC_KeyExchangeInfo *kx)
 Derive fresh session keys from the current ephemeral keys. More...
 
static void handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m)
 We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message. More...
 
static void handle_ping (void *cls, const struct PingMessage *m)
 We received a PING message. More...
 
static void send_keep_alive (void *cls)
 Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a PING). More...
 
static void update_timeout (struct GSC_KeyExchangeInfo *kx)
 We've seen a valid message from the other peer. More...
 
static void handle_pong (void *cls, const struct PongMessage *m)
 We received a PONG message. More...
 
void GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, const void *payload, size_t payload_size)
 Encrypt and transmit a message with the given payload. More...
 
static int check_encrypted (void *cls, const struct EncryptedMessage *m)
 We received an encrypted message. More...
 
static void handle_encrypted (void *cls, const struct EncryptedMessage *m)
 We received an encrypted message. More...
 
static void handle_transport_notify_excess_bw (void *cls, const struct GNUNET_PeerIdentity *pid, void *connect_cls)
 One of our neighbours has excess bandwidth, remember this. More...
 
static void sign_ephemeral_key ()
 Setup the message that links the ephemeral key to our persistent public key and generate the appropriate signature. More...
 
static void do_rekey (void *cls)
 Task run to trigger rekeying. More...
 
int GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Initialize KX subsystem. More...
 
void GSC_KX_done ()
 Shutdown KX subsystem. More...
 
unsigned int GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *kxinfo)
 Check how many messages are queued for the given neighbour. More...
 
int GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *kxinfo)
 Check if the given neighbour has excess bandwidth available. More...
 
void GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq)
 Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request. More...
 

Variables

static struct GNUNET_TRANSPORT_CoreHandletransport
 Transport service. More...
 
static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key
 Our private key. More...
 
static struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key
 Our ephemeral private key. More...
 
static struct EphemeralKeyMessage current_ekm
 Current message we send for a key exchange. More...
 
static struct GSC_KeyExchangeInfokx_head
 DLL head. More...
 
static struct GSC_KeyExchangeInfokx_tail
 DLL tail. More...
 
static struct GNUNET_SCHEDULER_Taskrekey_task
 Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key. More...
 
static struct GNUNET_NotificationContextnc
 Notification context for broadcasting to monitors. More...
 

Detailed Description

code for managing the key exchange (SET_KEY, PING, PONG) with other peers

Author
Christian Grothoff

Definition in file gnunet-service-core_kx.c.

Macro Definition Documentation

◆ DEBUG_KX

#define DEBUG_KX   0

Enable expensive (and possibly problematic for privacy!) logging of KX.

Definition at line 41 of file gnunet-service-core_kx.c.

◆ INITIAL_SET_KEY_RETRY_FREQUENCY

#define INITIAL_SET_KEY_RETRY_FREQUENCY    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)

How long do we wait for SET_KEY confirmation initially?

Definition at line 46 of file gnunet-service-core_kx.c.

◆ MIN_PING_FREQUENCY

#define MIN_PING_FREQUENCY    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)

What is the minimum frequency for a PING message?

Definition at line 52 of file gnunet-service-core_kx.c.

◆ REKEY_FREQUENCY

#define REKEY_FREQUENCY    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)

How often do we rekey?

Definition at line 58 of file gnunet-service-core_kx.c.

◆ REKEY_TOLERANCE

#define REKEY_TOLERANCE    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)

What time difference do we tolerate?

Definition at line 64 of file gnunet-service-core_kx.c.

◆ MAX_MESSAGE_AGE

#define MAX_MESSAGE_AGE   GNUNET_TIME_UNIT_DAYS

What is the maximum age of a message for us to consider processing it? Note that this looks at the timestamp used by the other peer, so clock skew between machines does come into play here.

So this should be picked high enough so that a little bit of clock skew does not prevent peers from connecting to us.

Definition at line 74 of file gnunet-service-core_kx.c.

◆ ENCRYPTED_HEADER_SIZE

#define ENCRYPTED_HEADER_SIZE    (offsetof (struct EncryptedMessage, sequence_number))

Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted.

Definition at line 128 of file gnunet-service-core_kx.c.

Function Documentation

◆ calculate_seed()

static uint32_t calculate_seed ( struct GSC_KeyExchangeInfo kx)
static

Calculate seed value we should use for a message.

Parameters
kxkey exchange context

Definition at line 296 of file gnunet-service-core_kx.c.

297 {
298  /* Note: may want to make this non-random and instead
299  derive from key material to avoid having an undetectable
300  side-channel */
301  return htonl (
302  GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX));
303 }
GNUNET_CRYPTO_random_u32
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random value.
Definition: crypto_random.c:178
GNUNET_CRYPTO_QUALITY_NONCE
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.
Definition: gnunet_crypto_lib.h:103

References GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_u32().

Referenced by GSC_KX_encrypt_and_transmit(), handle_ping(), and setup_fresh_ping().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ monitor_notify_all()

static void monitor_notify_all ( struct GSC_KeyExchangeInfo kx)
static

Inform all monitors about the KX state of the given peer.

Parameters
kxkey exchange state to inform about

Definition at line 312 of file gnunet-service-core_kx.c.

313 {
314  struct MonitorNotifyMessage msg;
315 
316  msg.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
317  msg.header.size = htons (sizeof(msg));
318  msg.state = htonl ((uint32_t) kx->status);
319  msg.peer = *kx->peer;
320  msg.timeout = GNUNET_TIME_absolute_hton (kx->timeout);
321  GNUNET_notification_context_broadcast (nc, &msg.header, GNUNET_NO);
322  kx->last_notify_timeout = kx->timeout;
323 }
msg
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
nc
static struct GNUNET_NotificationContext * nc
Notification context for broadcasting to monitors.
Definition: gnunet-service-core_kx.c:287
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_notification_context_broadcast
void GNUNET_notification_context_broadcast(struct GNUNET_NotificationContext *nc, const struct GNUNET_MessageHeader *msg, int can_drop)
Send a message to all subscribers of this context.
Definition: nc.c:190
GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY
#define GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY
Reply for monitor by CORE service.
Definition: gnunet_protocols.h:392
GNUNET_TIME_absolute_hton
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:638
GNUNET_MessageHeader::type
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
Definition: gnunet_common.h:330
GNUNET_MessageHeader::size
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format.
Definition: gnunet_common.h:325
GSC_KeyExchangeInfo::last_notify_timeout
struct GNUNET_TIME_Absolute last_notify_timeout
What was the last timeout we informed our monitors about?
Definition: gnunet-service-core_kx.c:197
GSC_KeyExchangeInfo::peer
const struct GNUNET_PeerIdentity * peer
Identity of the peer.
Definition: gnunet-service-core_kx.c:150
GSC_KeyExchangeInfo::timeout
struct GNUNET_TIME_Absolute timeout
When should the session time out (if there are no PONGs)?
Definition: gnunet-service-core_kx.c:192
GSC_KeyExchangeInfo::status
enum GNUNET_CORE_KxState status
What is our connection status?
Definition: gnunet-service-core_kx.c:244
MonitorNotifyMessage
Message sent by the service to monitor clients to notify them about a peer changing status.
Definition: core.h:302

References GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY, GNUNET_NO, GNUNET_notification_context_broadcast(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::last_notify_timeout, msg, nc, GSC_KeyExchangeInfo::peer, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::timeout, and GNUNET_MessageHeader::type.

Referenced by do_rekey(), handle_encrypted(), handle_ephemeral_key(), handle_pong(), handle_transport_notify_connect(), handle_transport_notify_disconnect(), send_keep_alive(), and update_timeout().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ derive_auth_key()

static void derive_auth_key ( struct GNUNET_CRYPTO_AuthKey akey,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
uint32_t  seed 
)
static

Derive an authentication key from "set key" information.

Parameters
akeyauthentication key to derive
skeysession key to use
seedseed to use

Definition at line 334 of file gnunet-service-core_kx.c.

337 {
338  static const char ctx[] = "authentication key";
339 
340 #if DEBUG_KX
341  struct GNUNET_HashCode sh;
342 
343  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
344  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
345  "Deriving Auth key from SKEY %s and seed %u\n",
346  GNUNET_h2s (&sh),
347  (unsigned int) seed);
348 #endif
349  GNUNET_CRYPTO_hmac_derive_key (akey,
350  skey,
351  &seed,
352  sizeof(seed),
353  skey,
354  sizeof(
355  struct GNUNET_CRYPTO_SymmetricSessionKey),
356  ctx,
357  sizeof(ctx),
358  NULL);
359 }
sh
static struct SolverHandle * sh
Definition: gnunet-ats-solver-eval.c:44
ctx
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
Definition: gnunet-zonewalk.c:84
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
GNUNET_CRYPTO_hmac_derive_key
void GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
Derive an authentication key.
Definition: crypto_hash.c:267
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:568
GNUNET_h2s
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
Definition: common_logging.c:1125
GNUNET_ERROR_TYPE_DEBUG
@ GNUNET_ERROR_TYPE_DEBUG
Definition: gnunet_common.h:444
GNUNET_CRYPTO_SymmetricSessionKey
type for session keys
Definition: gnunet_crypto_lib.h:356
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:284

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac_derive_key(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_log, and sh.

Referenced by GSC_KX_encrypt_and_transmit(), and handle_encrypted().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ derive_iv()

static void derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
uint32_t  seed,
const struct GNUNET_PeerIdentity identity 
)
static

Derive an IV from packet information.

Parameters
ivinitialization vector to initialize
skeysession key to use
seedseed to use
identityidentity of the other peer to use

Definition at line 371 of file gnunet-service-core_kx.c.

375 {
376  static const char ctx[] = "initialization vector";
377 
378 #if DEBUG_KX
379  struct GNUNET_HashCode sh;
380 
381  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
382  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
383  "Deriving IV from SKEY %s and seed %u for peer %s\n",
384  GNUNET_h2s (&sh),
385  (unsigned int) seed,
386  GNUNET_i2s (identity));
387 #endif
388  GNUNET_CRYPTO_symmetric_derive_iv (iv,
389  skey,
390  &seed,
391  sizeof(seed),
392  identity,
393  sizeof(struct GNUNET_PeerIdentity),
394  ctx,
395  sizeof(ctx),
396  NULL);
397 }
identity
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
Definition: gnunet-publish.c:142
GNUNET_CRYPTO_symmetric_derive_iv
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
Definition: crypto_symmetric.c:203
GNUNET_i2s
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Definition: common_logging.c:1275
GNUNET_PeerIdentity
The identity of the host (wraps the signing key of the peer).
Definition: gnunet_crypto_lib.h:229

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_symmetric_derive_iv(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, identity, and sh.

Referenced by GSC_KX_encrypt_and_transmit(), handle_encrypted(), handle_ping(), and setup_fresh_ping().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ derive_pong_iv()

static void derive_pong_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
uint32_t  seed,
uint32_t  challenge,
const struct GNUNET_PeerIdentity identity 
)
static

Derive an IV from pong packet information.

Parameters
ivinitialization vector to initialize
skeysession key to use
seedseed to use
challengenonce to use
identityidentity of the other peer to use

Definition at line 410 of file gnunet-service-core_kx.c.

415 {
416  static const char ctx[] = "pong initialization vector";
417 
418 #if DEBUG_KX
419  struct GNUNET_HashCode sh;
420 
421  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
422  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
423  "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
424  GNUNET_h2s (&sh),
425  (unsigned int) seed,
426  (unsigned int) challenge,
427  GNUNET_i2s (identity));
428 #endif
429  GNUNET_CRYPTO_symmetric_derive_iv (iv,
430  skey,
431  &seed,
432  sizeof(seed),
433  identity,
434  sizeof(struct GNUNET_PeerIdentity),
435  &challenge,
436  sizeof(challenge),
437  ctx,
438  sizeof(ctx),
439  NULL);
440 }

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_symmetric_derive_iv(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, identity, and sh.

Referenced by handle_ping(), and handle_pong().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ derive_aes_key()

static void derive_aes_key ( const struct GNUNET_PeerIdentity sender,
const struct GNUNET_PeerIdentity receiver,
const struct GNUNET_HashCode key_material,
struct GNUNET_CRYPTO_SymmetricSessionKey skey 
)
static

Derive an AES key from key material.

Parameters
senderpeer identity of the sender
receiverpeer identity of the sender
key_materialhigh entropy key material to use
skeyset to derived session key

Definition at line 452 of file gnunet-service-core_kx.c.

456 {
457  static const char ctx[] = "aes key generation vector";
458 
459 #if DEBUG_KX
460  struct GNUNET_HashCode sh;
461 
462  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
463  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
464  "Deriving AES Keys for %s to %s from %s\n",
465  GNUNET_i2s (sender),
466  GNUNET_i2s2 (receiver),
467  GNUNET_h2s (key_material));
468 #endif
469  GNUNET_CRYPTO_kdf (skey,
470  sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
471  ctx,
472  sizeof(ctx),
473  key_material,
474  sizeof(struct GNUNET_HashCode),
475  sender,
476  sizeof(struct GNUNET_PeerIdentity),
477  receiver,
478  sizeof(struct GNUNET_PeerIdentity),
479  NULL);
480 }
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:70
GNUNET_i2s2
const char * GNUNET_i2s2(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Definition: common_logging.c:1300
receiver
void receiver(void *cls, const void *buf, size_t available, const struct sockaddr *addr, socklen_t addrlen, int errCode)
Callback to read from the SOCKS5 proxy.
Definition: socks.c:330

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_kdf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_log, receiver(), and sh.

Referenced by derive_session_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_encrypt()

static int do_encrypt ( struct GSC_KeyExchangeInfo kx,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const void *  in,
void *  out,
size_t  size 
)
static

Encrypt size bytes from in and write the result to out.

Use the kx key for outbound traffic of the given neighbour.

Parameters
kxkey information context
ivinitialization vector to use
inciphertext
outplaintext
sizesize of in / out
Returns
GNUNET_OK on success

Definition at line 496 of file gnunet-service-core_kx.c.

501 {
502  if (size != (uint16_t) size)
503  {
504  GNUNET_break (0);
505  return GNUNET_NO;
506  }
507  GNUNET_assert (size == GNUNET_CRYPTO_symmetric_encrypt (in,
508  (uint16_t) size,
509  &kx->encrypt_key,
510  iv,
511  out));
512  GNUNET_STATISTICS_update (GSC_stats,
513  gettext_noop ("# bytes encrypted"),
514  size,
515  GNUNET_NO);
516  /* the following is too sensitive to write to log files by accident,
517  so we require manual intervention to get this one... */
518 #if DEBUG_KX
519  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
520  "Encrypted %u bytes for `%s' using key %u, IV %u\n",
521  (unsigned int) size,
522  GNUNET_i2s (kx->peer),
523  (unsigned int) kx->encrypt_key.crc32,
524  GNUNET_CRYPTO_crc32_n (iv, sizeof(iv)));
525 #endif
526  return GNUNET_OK;
527 }
gettext_noop
#define gettext_noop(String)
Definition: gettext.h:70
GSC_stats
struct GNUNET_STATISTICS_Handle * GSC_stats
For creating statistics.
Definition: gnunet-service-core.c:126
GNUNET_CRYPTO_symmetric_encrypt
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
Definition: crypto_symmetric.c:131
GNUNET_CRYPTO_crc32_n
int32_t GNUNET_CRYPTO_crc32_n(const void *buf, size_t len)
Compute the CRC32 checksum for the first len bytes of the buffer.
Definition: crypto_crc.c:99
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:943
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1024
GNUNET_STATISTICS_update
void GNUNET_STATISTICS_update(struct GNUNET_STATISTICS_Handle *handle, const char *name, int64_t delta, int make_persistent)
Set statistic value for the peer.
Definition: statistics_api.c:1324
size
static unsigned int size
Size of the "table".
Definition: peer.c:68
GSC_KeyExchangeInfo::encrypt_key
struct GNUNET_CRYPTO_SymmetricSessionKey encrypt_key
Key we use to encrypt our messages for the other peer (initialized by us when we do the handshake).
Definition: gnunet-service-core_kx.c:176

References GSC_KeyExchangeInfo::encrypt_key, gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_crc32_n(), GNUNET_CRYPTO_symmetric_encrypt(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_stats, GSC_KeyExchangeInfo::peer, and size.

Referenced by GSC_KX_encrypt_and_transmit(), handle_ping(), and setup_fresh_ping().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_decrypt()

static int do_decrypt ( struct GSC_KeyExchangeInfo kx,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const void *  in,
void *  out,
size_t  size 
)
static

Decrypt size bytes from in and write the result to out.

Use the kx key for inbound traffic of the given neighbour. This function does NOT do any integrity-checks on the result.

Parameters
kxkey information context
ivinitialization vector to use
inciphertext
outplaintext
sizesize of in / out
Returns
GNUNET_OK on success

Definition at line 543 of file gnunet-service-core_kx.c.

548 {
549  if (size != (uint16_t) size)
550  {
551  GNUNET_break (0);
552  return GNUNET_NO;
553  }
554  if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) &&
555  (kx->status != GNUNET_CORE_KX_STATE_UP) &&
556  (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT))
557  {
558  GNUNET_break_op (0);
559  return GNUNET_SYSERR;
560  }
561  if (size != GNUNET_CRYPTO_symmetric_decrypt (in,
562  (uint16_t) size,
563  &kx->decrypt_key,
564  iv,
565  out))
566  {
567  GNUNET_break (0);
568  return GNUNET_SYSERR;
569  }
570  GNUNET_STATISTICS_update (GSC_stats,
571  gettext_noop ("# bytes decrypted"),
572  size,
573  GNUNET_NO);
574  /* the following is too sensitive to write to log files by accident,
575  so we require manual intervention to get this one... */
576 #if DEBUG_KX
577  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
578  "Decrypted %u bytes from `%s' using key %u, IV %u\n",
579  (unsigned int) size,
580  GNUNET_i2s (kx->peer),
581  (unsigned int) kx->decrypt_key.crc32,
582  GNUNET_CRYPTO_crc32_n (iv, sizeof(*iv)));
583 #endif
584  return GNUNET_OK;
585 }
GNUNET_CORE_KX_STATE_UP
@ GNUNET_CORE_KX_STATE_UP
The other peer has confirmed our session key + PING with a PONG message encrypted with their session ...
Definition: gnunet_core_service.h:318
GNUNET_CORE_KX_STATE_KEY_RECEIVED
@ GNUNET_CORE_KX_STATE_KEY_RECEIVED
We've received the other peers session key.
Definition: gnunet_core_service.h:311
GNUNET_CORE_KX_STATE_REKEY_SENT
@ GNUNET_CORE_KX_STATE_REKEY_SENT
We're rekeying (or had a timeout), so we have sent the other peer our new ephemeral key,...
Definition: gnunet_core_service.h:328
GNUNET_CRYPTO_symmetric_decrypt
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
Definition: crypto_symmetric.c:169
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107
GNUNET_break_op
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
Definition: gnunet_common.h:1046
GSC_KeyExchangeInfo::decrypt_key
struct GNUNET_CRYPTO_SymmetricSessionKey decrypt_key
Key we use to decrypt messages from the other peer (given to us by the other peer during the handshak...
Definition: gnunet-service-core_kx.c:182

References GSC_KeyExchangeInfo::decrypt_key, gettext_noop, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_crc32_n(), GNUNET_CRYPTO_symmetric_decrypt(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GNUNET_SYSERR, GSC_stats, GSC_KeyExchangeInfo::peer, size, and GSC_KeyExchangeInfo::status.

Referenced by handle_encrypted(), handle_ping(), and handle_pong().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ send_key()

static void send_key ( struct GSC_KeyExchangeInfo kx)
static

Send our key (and encrypted PING) to the other peer.

Send our key to the other peer.

Parameters
kxkey exchange context

Definition at line 1359 of file gnunet-service-core_kx.c.

1360 {
1361  struct GNUNET_MQ_Envelope *env;
1362 
1363  GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status);
1364  if (NULL != kx->retry_set_key_task)
1365  {
1366  GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
1367  kx->retry_set_key_task = NULL;
1368  }
1369  /* always update sender status in SET KEY message */
1370 #if DEBUG_KX
1371  {
1372  struct GNUNET_HashCode hc;
1373 
1374  GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1375  sizeof(current_ekm.ephemeral_key),
1376  &hc);
1377  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1378  "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n",
1379  GNUNET_h2s (&hc),
1380  GNUNET_i2s (kx->peer),
1381  kx->status);
1382  }
1383 #endif
1384  current_ekm.sender_status = htonl ((int32_t) (kx->status));
1385  env = GNUNET_MQ_msg_copy (&current_ekm.header);
1386  GNUNET_MQ_send (kx->mq, env);
1387  if (GNUNET_CORE_KX_STATE_KEY_SENT != kx->status)
1388  send_ping (kx);
1389  kx->retry_set_key_task =
1390  GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency,
1391  &set_key_retry_task,
1392  kx);
1393 }
env
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
set_key_retry_task
static void set_key_retry_task(void *cls)
Task that will retry send_key() if our previous attempt failed.
Definition: gnunet-service-core_kx.c:603
current_ekm
static struct EphemeralKeyMessage current_ekm
Current message we send for a key exchange.
Definition: gnunet-service-core_kx.c:266
send_ping
static void send_ping(struct GSC_KeyExchangeInfo *kx)
Send our PING to the other peer.
Definition: gnunet-service-core_kx.c:803
GNUNET_CORE_KX_STATE_DOWN
@ GNUNET_CORE_KX_STATE_DOWN
No handshake yet.
Definition: gnunet_core_service.h:301
GNUNET_CORE_KX_STATE_KEY_SENT
@ GNUNET_CORE_KX_STATE_KEY_SENT
We've sent our session key.
Definition: gnunet_core_service.h:306
GNUNET_MQ_send
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:304
GNUNET_MQ_msg_copy
struct GNUNET_MQ_Envelope * GNUNET_MQ_msg_copy(const struct GNUNET_MessageHeader *hdr)
Create a new envelope by copying an existing message.
Definition: mq.c:533
GNUNET_SCHEDULER_cancel
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:975
GNUNET_SCHEDULER_add_delayed
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1272
EphemeralKeyMessage::header
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
Definition: gnunet_core_service.h:66
EphemeralKeyMessage::sender_status
int32_t sender_status
Status of the sender (should be in enum PeerStateMachine), nbo.
Definition: gnunet_core_service.h:71
EphemeralKeyMessage::ephemeral_key
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Ephemeral public ECC key.
Definition: gnunet_core_service.h:97
GNUNET_MQ_Envelope
Definition: mq.c:34
GSC_KeyExchangeInfo::retry_set_key_task
struct GNUNET_SCHEDULER_Task * retry_set_key_task
ID of task used for re-trying SET_KEY and PING message.
Definition: gnunet-service-core_kx.c:207
GSC_KeyExchangeInfo::set_key_retry_frequency
struct GNUNET_TIME_Relative set_key_retry_frequency
At what frequency are we currently re-trying SET_KEY messages?
Definition: gnunet-service-core_kx.c:202
GSC_KeyExchangeInfo::mq
struct GNUNET_MQ_Handle * mq
Message queue for sending messages to peer.
Definition: gnunet-service-core_kx.c:155

References current_ekm, env, EphemeralKeyMessage::ephemeral_key, GNUNET_assert, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, GNUNET_MQ_msg_copy(), GNUNET_MQ_send(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), EphemeralKeyMessage::header, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::retry_set_key_task, send_ping(), EphemeralKeyMessage::sender_status, GSC_KeyExchangeInfo::set_key_retry_frequency, set_key_retry_task(), and GSC_KeyExchangeInfo::status.

Referenced by do_rekey(), handle_encrypted(), handle_ephemeral_key(), handle_transport_notify_connect(), send_keep_alive(), and set_key_retry_task().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_key_retry_task()

static void set_key_retry_task ( void *  cls)
static

Task that will retry send_key() if our previous attempt failed.

Parameters
clsour struct GSC_KeyExchangeInfo

Definition at line 603 of file gnunet-service-core_kx.c.

604 {
605  struct GSC_KeyExchangeInfo *kx = cls;
606 
607  kx->retry_set_key_task = NULL;
608  kx->set_key_retry_frequency =
609  GNUNET_TIME_STD_BACKOFF (kx->set_key_retry_frequency);
610  GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status);
611  send_key (kx);
612 }
send_key
static void send_key(struct GSC_KeyExchangeInfo *kx)
Send our key (and encrypted PING) to the other peer.
Definition: gnunet-service-core_kx.c:1359
GNUNET_TIME_STD_BACKOFF
#define GNUNET_TIME_STD_BACKOFF(r)
Perform our standard exponential back-off calculation, starting at 1 ms and then going by a factor of...
Definition: gnunet_time_lib.h:221
GSC_KeyExchangeInfo
Information about the status of a key exchange with another peer.
Definition: gnunet-service-core_kx.c:136

References GNUNET_assert, GNUNET_CORE_KX_STATE_DOWN, GNUNET_TIME_STD_BACKOFF, GSC_KeyExchangeInfo::retry_set_key_task, send_key(), GSC_KeyExchangeInfo::set_key_retry_frequency, and GSC_KeyExchangeInfo::status.

Referenced by handle_transport_notify_connect(), and send_key().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ setup_fresh_ping()

static void setup_fresh_ping ( struct GSC_KeyExchangeInfo kx)
static

Create a fresh PING message for transmission to the other peer.

Parameters
kxkey exchange context to create PING for

Definition at line 621 of file gnunet-service-core_kx.c.

622 {
623  struct PingMessage pp;
624  struct PingMessage *pm;
625  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
626 
627  pm = &kx->ping;
628  kx->ping_challenge =
629  GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, UINT32_MAX);
630  pm->header.size = htons (sizeof(struct PingMessage));
631  pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING);
632  pm->iv_seed = calculate_seed (kx);
633  derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, kx->peer);
634  pp.challenge = kx->ping_challenge;
635  pp.target = *kx->peer;
636  do_encrypt (kx,
637  &iv,
638  &pp.target,
639  &pm->target,
640  sizeof(struct PingMessage)
641  - ((void *) &pm->target - (void *) pm));
642 }
calculate_seed
static uint32_t calculate_seed(struct GSC_KeyExchangeInfo *kx)
Calculate seed value we should use for a message.
Definition: gnunet-service-core_kx.c:296
derive_iv
static void derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity)
Derive an IV from packet information.
Definition: gnunet-service-core_kx.c:371
do_encrypt
static int do_encrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Encrypt size bytes from in and write the result to out.
Definition: gnunet-service-core_kx.c:496
pm
static struct GNUNET_TRANSPORT_PluginMonitor * pm
Handle if we are monitoring plugin session activity.
Definition: gnunet-transport.c:277
GNUNET_CRYPTO_QUALITY_WEAK
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
Definition: gnunet_crypto_lib.h:91
GNUNET_MESSAGE_TYPE_CORE_PING
#define GNUNET_MESSAGE_TYPE_CORE_PING
Check that other peer is alive (challenge).
Definition: gnunet_protocols.h:402
GNUNET_CRYPTO_SymmetricInitializationVector
IV for sym cipher.
Definition: gnunet_crypto_lib.h:388
GSC_KeyExchangeInfo::ping_challenge
uint32_t ping_challenge
What was our PING challenge number (for this peer)?
Definition: gnunet-service-core_kx.c:234
GSC_KeyExchangeInfo::ping
struct PingMessage ping
PING message we transmit to the other peer.
Definition: gnunet-service-core_kx.c:165
PingMessage
We're sending an (encrypted) PING to the other peer to check if it can decrypt.
Definition: gnunet_core_service.h:113

References calculate_seed(), PingMessage::challenge, derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_u32(), GNUNET_MESSAGE_TYPE_CORE_PING, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::ping, GSC_KeyExchangeInfo::ping_challenge, pm, and PingMessage::target.

Referenced by derive_session_keys(), and send_keep_alive().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ deliver_message()

static int deliver_message ( void *  cls,
const struct GNUNET_MessageHeader m 
)
static

Deliver P2P message to interested clients.

Invokes send twice, once for clients that want the full message, and once for clients that only want the header

Parameters
clsthe struct GSC_KeyExchangeInfo
mthe message
Returns
GNUNET_OK on success, GNUNET_NO to stop further processing (no error) GNUNET_SYSERR to stop further processing with error

Definition at line 657 of file gnunet-service-core_kx.c.

658 {
659  struct GSC_KeyExchangeInfo *kx = cls;
660 
661  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
662  "Decrypted message of type %d from %s\n",
663  ntohs (m->type),
664  GNUNET_i2s (kx->peer));
665  if (GNUNET_CORE_KX_STATE_UP != kx->status)
666  {
667  GNUNET_STATISTICS_update (GSC_stats,
668  gettext_noop ("# PAYLOAD dropped (out of order)"),
669  1,
670  GNUNET_NO);
671  return GNUNET_OK;
672  }
673  switch (ntohs (m->type))
674  {
675  case GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP:
676  case GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP:
677  GSC_SESSIONS_set_typemap (kx->peer, m);
678  return GNUNET_OK;
679 
680  case GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP:
681  GSC_SESSIONS_confirm_typemap (kx->peer, m);
682  return GNUNET_OK;
683 
684  default:
685  GSC_CLIENTS_deliver_message (kx->peer,
686  m,
687  ntohs (m->size),
688  GNUNET_CORE_OPTION_SEND_FULL_INBOUND);
689  GSC_CLIENTS_deliver_message (kx->peer,
690  m,
691  sizeof(struct GNUNET_MessageHeader),
692  GNUNET_CORE_OPTION_SEND_HDR_INBOUND);
693  }
694  return GNUNET_OK;
695 }
GNUNET_CORE_OPTION_SEND_FULL_INBOUND
#define GNUNET_CORE_OPTION_SEND_FULL_INBOUND
Client wants all inbound messages in full.
Definition: core.h:54
GNUNET_CORE_OPTION_SEND_HDR_INBOUND
#define GNUNET_CORE_OPTION_SEND_HDR_INBOUND
Client just wants the 4-byte message headers of all inbound messages.
Definition: core.h:60
m
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
GSC_CLIENTS_deliver_message
void GSC_CLIENTS_deliver_message(const struct GNUNET_PeerIdentity *sender, const struct GNUNET_MessageHeader *msg, uint16_t msize, uint32_t options)
Deliver P2P message to interested clients.
Definition: gnunet-service-core.c:751
GSC_SESSIONS_confirm_typemap
void GSC_SESSIONS_confirm_typemap(const struct GNUNET_PeerIdentity *peer, const struct GNUNET_MessageHeader *msg)
The other peer has confirmed receiving our type map, check if it is current and if so,...
Definition: gnunet-service-core_sessions.c:376
GSC_SESSIONS_set_typemap
void GSC_SESSIONS_set_typemap(const struct GNUNET_PeerIdentity *peer, const struct GNUNET_MessageHeader *msg)
We've received a typemap message from a peer, update ours.
Definition: gnunet-service-core_sessions.c:900
GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP
#define GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP
uncompressed type map of the sender
Definition: gnunet_protocols.h:422
GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP
#define GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP
gzip-compressed type map of the sender
Definition: gnunet_protocols.h:417
GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP
#define GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP
Other peer confirms having received the type map.
Definition: gnunet_protocols.h:432
GNUNET_MessageHeader
Header for all communications.
Definition: gnunet_common.h:320

References gettext_noop, GNUNET_CORE_KX_STATE_UP, GNUNET_CORE_OPTION_SEND_FULL_INBOUND, GNUNET_CORE_OPTION_SEND_HDR_INBOUND, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP, GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP, GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_CLIENTS_deliver_message(), GSC_SESSIONS_confirm_typemap(), GSC_SESSIONS_set_typemap(), GSC_stats, m, GSC_KeyExchangeInfo::peer, and GSC_KeyExchangeInfo::status.

Referenced by handle_transport_notify_connect().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_transport_notify_connect()

static void* handle_transport_notify_connect ( void *  cls,
const struct GNUNET_PeerIdentity pid,
struct GNUNET_MQ_Handle mq 
)
static

Function called by transport to notify us that a peer connected to us (on the network level).

Starts the key exchange with the given peer.

Parameters
clsclosure (NULL)
pididentity of the peer to do a key exchange with
Returns
key exchange information context

Definition at line 708 of file gnunet-service-core_kx.c.

711 {
712  struct GSC_KeyExchangeInfo *kx;
713  struct GNUNET_HashCode h1;
714  struct GNUNET_HashCode h2;
715 
716  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
717  "Initiating key exchange with `%s'\n",
718  GNUNET_i2s (pid));
719  GNUNET_STATISTICS_update (GSC_stats,
720  gettext_noop ("# key exchanges initiated"),
721  1,
722  GNUNET_NO);
723  kx = GNUNET_new (struct GSC_KeyExchangeInfo);
724  kx->mst = GNUNET_MST_create (&deliver_message, kx);
725  kx->mq = mq;
726  kx->peer = pid;
727  kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
728  GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
729  kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
730  monitor_notify_all (kx);
731  GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
732  GNUNET_CRYPTO_hash (&GSC_my_identity,
733  sizeof(struct GNUNET_PeerIdentity),
734  &h2);
735  if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
736  {
737  /* peer with "lower" identity starts KX, otherwise we typically end up
738  with both peers starting the exchange and transmit the 'set key'
739  message twice */
740  send_key (kx);
741  }
742  else
743  {
744  /* peer with "higher" identity starts a delayed KX, if the "lower" peer
745  * does not start a KX since it sees no reasons to do so */
746  kx->retry_set_key_task =
747  GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
748  &set_key_retry_task,
749  kx);
750  }
751  return kx;
752 }
mq
struct GNUNET_MQ_Handle * mq
Definition: 003.c:5
GSC_my_identity
struct GNUNET_PeerIdentity GSC_my_identity
Our identity.
Definition: gnunet-service-core.c:116
kx_tail
static struct GSC_KeyExchangeInfo * kx_tail
DLL tail.
Definition: gnunet-service-core_kx.c:276
kx_head
static struct GSC_KeyExchangeInfo * kx_head
DLL head.
Definition: gnunet-service-core_kx.c:271
INITIAL_SET_KEY_RETRY_FREQUENCY
#define INITIAL_SET_KEY_RETRY_FREQUENCY
How long do we wait for SET_KEY confirmation initially?
Definition: gnunet-service-core_kx.c:46
deliver_message
static int deliver_message(void *cls, const struct GNUNET_MessageHeader *m)
Deliver P2P message to interested clients.
Definition: gnunet-service-core_kx.c:657
monitor_notify_all
static void monitor_notify_all(struct GSC_KeyExchangeInfo *kx)
Inform all monitors about the KX state of the given peer.
Definition: gnunet-service-core_kx.c:312
pid
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
Definition: gnunet-transport-profiler.c:149
GNUNET_CONTAINER_DLL_insert
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
Definition: gnunet_container_lib.h:1797
GNUNET_CRYPTO_hash_cmp
int GNUNET_CRYPTO_hash_cmp(const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2)
Compare function for HashCodes, producing a total ordering of all hashcodes.
Definition: crypto_hash.c:221
GNUNET_new
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Definition: gnunet_common.h:1214
GNUNET_MST_create
struct GNUNET_MessageStreamTokenizer * GNUNET_MST_create(GNUNET_MessageTokenizerCallback cb, void *cb_cls)
Create a message stream tokenizer.
Definition: mst.c:86
GNUNET_TIME_UNIT_SECONDS
#define GNUNET_TIME_UNIT_SECONDS
One second.
Definition: gnunet_time_lib.h:150
GSC_KeyExchangeInfo::mst
struct GNUNET_MessageStreamTokenizer * mst
Our message stream tokenizer (for encrypted payload).
Definition: gnunet-service-core_kx.c:160

References deliver_message(), gettext_noop, GNUNET_CONTAINER_DLL_insert, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MST_create(), GNUNET_new, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_UNIT_SECONDS, GSC_my_identity, GSC_stats, INITIAL_SET_KEY_RETRY_FREQUENCY, kx_head, kx_tail, monitor_notify_all(), mq, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, pid, GSC_KeyExchangeInfo::retry_set_key_task, send_key(), GSC_KeyExchangeInfo::set_key_retry_frequency, set_key_retry_task(), and GSC_KeyExchangeInfo::status.

Referenced by GSC_KX_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_transport_notify_disconnect()

static void handle_transport_notify_disconnect ( void *  cls,
const struct GNUNET_PeerIdentity peer,
void *  handler_cls 
)
static

Function called by transport telling us that a peer disconnected.

Stop key exchange with the given peer. Clean up key material.

Parameters
clsclosure
peerthe peer that disconnected
handler_clsthe struct GSC_KeyExchangeInfo of the peer

Definition at line 765 of file gnunet-service-core_kx.c.

768 {
769  struct GSC_KeyExchangeInfo *kx = handler_cls;
770 
771  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
772  "Peer `%s' disconnected from us.\n",
773  GNUNET_i2s (peer));
774  GSC_SESSIONS_end (kx->peer);
775  GNUNET_STATISTICS_update (GSC_stats,
776  gettext_noop ("# key exchanges stopped"),
777  1,
778  GNUNET_NO);
779  if (NULL != kx->retry_set_key_task)
780  {
781  GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
782  kx->retry_set_key_task = NULL;
783  }
784  if (NULL != kx->keep_alive_task)
785  {
786  GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
787  kx->keep_alive_task = NULL;
788  }
789  kx->status = GNUNET_CORE_KX_PEER_DISCONNECT;
790  monitor_notify_all (kx);
791  GNUNET_CONTAINER_DLL_remove (kx_head, kx_tail, kx);
792  GNUNET_MST_destroy (kx->mst);
793  GNUNET_free (kx);
794 }
GSC_SESSIONS_end
void GSC_SESSIONS_end(const struct GNUNET_PeerIdentity *pid)
End the session with the given peer (we are no longer connected).
Definition: gnunet-service-core_sessions.c:211
GNUNET_CORE_KX_PEER_DISCONNECT
@ GNUNET_CORE_KX_PEER_DISCONNECT
Last state of a KX (when it is being terminated).
Definition: gnunet_core_service.h:334
GNUNET_CONTAINER_DLL_remove
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
Definition: gnunet_container_lib.h:1916
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1412
GNUNET_MST_destroy
void GNUNET_MST_destroy(struct GNUNET_MessageStreamTokenizer *mst)
Destroys a tokenizer.
Definition: mst.c:404
GSC_KeyExchangeInfo::keep_alive_task
struct GNUNET_SCHEDULER_Task * keep_alive_task
ID of task used for sending keep-alive pings.
Definition: gnunet-service-core_kx.c:212
peer
struct GNUNET_TESTBED_Peer * peer
The peer associated with this model.
Definition: testbed_api_underlay.c:118

References gettext_noop, GNUNET_CONTAINER_DLL_remove, GNUNET_CORE_KX_PEER_DISCONNECT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_MST_destroy(), GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, kx_head, kx_tail, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, peer, GSC_KeyExchangeInfo::retry_set_key_task, and GSC_KeyExchangeInfo::status.

Referenced by GSC_KX_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ send_ping()

static void send_ping ( struct GSC_KeyExchangeInfo kx)
static

Send our PING to the other peer.

Parameters
kxkey exchange context

Definition at line 803 of file gnunet-service-core_kx.c.

804 {
805  struct GNUNET_MQ_Envelope *env;
806 
807  GNUNET_STATISTICS_update (GSC_stats,
808  gettext_noop ("# PING messages transmitted"),
809  1,
810  GNUNET_NO);
811  env = GNUNET_MQ_msg_copy (&kx->ping.header);
812  GNUNET_MQ_send (kx->mq, env);
813 }
PingMessage::header
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_PING.
Definition: gnunet_core_service.h:117

References env, gettext_noop, GNUNET_MQ_msg_copy(), GNUNET_MQ_send(), GNUNET_NO, GNUNET_STATISTICS_update(), GSC_stats, PingMessage::header, GSC_KeyExchangeInfo::mq, and GSC_KeyExchangeInfo::ping.

Referenced by handle_ephemeral_key(), send_keep_alive(), and send_key().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ derive_session_keys()

static void derive_session_keys ( struct GSC_KeyExchangeInfo kx)
static

Derive fresh session keys from the current ephemeral keys.

Parameters
kxsession to derive keys for

Definition at line 822 of file gnunet-service-core_kx.c.

823 {
824  struct GNUNET_HashCode key_material;
825 
826  if (GNUNET_OK !=
827  GNUNET_CRYPTO_ecc_ecdh (&my_ephemeral_key,
828  &kx->other_ephemeral_key,
829  &key_material))
830  {
831  GNUNET_break (0);
832  return;
833  }
834  derive_aes_key (&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key);
835  derive_aes_key (kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key);
836  memset (&key_material, 0, sizeof(key_material));
837  /* fresh key, reset sequence numbers */
838  kx->last_sequence_number_received = 0;
839  kx->last_packets_bitmap = 0;
840  setup_fresh_ping (kx);
841 }
my_ephemeral_key
static struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key
Our ephemeral private key.
Definition: gnunet-service-core_kx.c:261
derive_aes_key
static void derive_aes_key(const struct GNUNET_PeerIdentity *sender, const struct GNUNET_PeerIdentity *receiver, const struct GNUNET_HashCode *key_material, struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
Derive an AES key from key material.
Definition: gnunet-service-core_kx.c:452
setup_fresh_ping
static void setup_fresh_ping(struct GSC_KeyExchangeInfo *kx)
Create a fresh PING message for transmission to the other peer.
Definition: gnunet-service-core_kx.c:621
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:714
GSC_KeyExchangeInfo::last_sequence_number_received
uint32_t last_sequence_number_received
last sequence number received on this connection (highest)
Definition: gnunet-service-core_kx.c:224
GSC_KeyExchangeInfo::other_ephemeral_key
struct GNUNET_CRYPTO_EcdhePublicKey other_ephemeral_key
Ephemeral public ECC key of the other peer.
Definition: gnunet-service-core_kx.c:170
GSC_KeyExchangeInfo::last_packets_bitmap
uint32_t last_packets_bitmap
Bit map indicating which of the 32 sequence numbers before the last were received (good for accepting...
Definition: gnunet-service-core_kx.c:219

References GSC_KeyExchangeInfo::decrypt_key, derive_aes_key(), GSC_KeyExchangeInfo::encrypt_key, GNUNET_break, GNUNET_CRYPTO_ecc_ecdh(), GNUNET_OK, GSC_my_identity, GSC_KeyExchangeInfo::last_packets_bitmap, GSC_KeyExchangeInfo::last_sequence_number_received, my_ephemeral_key, GSC_KeyExchangeInfo::other_ephemeral_key, GSC_KeyExchangeInfo::peer, and setup_fresh_ping().

Referenced by do_rekey(), and handle_ephemeral_key().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_ephemeral_key()

static void handle_ephemeral_key ( void *  cls,
const struct EphemeralKeyMessage m 
)
static

We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message.

Validate and update our key material and status.

Parameters
clskey exchange status for the corresponding peer
mthe set key message we received

Definition at line 852 of file gnunet-service-core_kx.c.

853 {
854  struct GSC_KeyExchangeInfo *kx = cls;
855  struct GNUNET_TIME_Absolute start_t;
856  struct GNUNET_TIME_Absolute end_t;
857  struct GNUNET_TIME_Absolute now;
858  enum GNUNET_CORE_KxState sender_status;
859 
860  end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time);
861  if (((GNUNET_CORE_KX_STATE_KEY_RECEIVED == kx->status) ||
862  (GNUNET_CORE_KX_STATE_UP == kx->status) ||
863  (GNUNET_CORE_KX_STATE_REKEY_SENT == kx->status)) &&
864  (end_t.abs_value_us < kx->foreign_key_expires.abs_value_us))
865  {
866  GNUNET_STATISTICS_update (GSC_stats,
867  gettext_noop ("# old ephemeral keys ignored"),
868  1,
869  GNUNET_NO);
870  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
871  "Received expired EPHEMERAL_KEY from %s\n",
872  GNUNET_i2s (&m->origin_identity));
873  return;
874  }
875  if (0 == memcmp (&m->ephemeral_key,
876  &kx->other_ephemeral_key,
877  sizeof(m->ephemeral_key)))
878  {
879  GNUNET_STATISTICS_update (GSC_stats,
880  gettext_noop (
881  "# duplicate ephemeral keys ignored"),
882  1,
883  GNUNET_NO);
884  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
885  "Ignoring duplicate EPHEMERAL_KEY from %s\n",
886  GNUNET_i2s (&m->origin_identity));
887  return;
888  }
889  if (0 != memcmp (&m->origin_identity,
890  kx->peer,
891  sizeof(struct GNUNET_PeerIdentity)))
892  {
893  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
894  "Received EPHEMERAL_KEY from %s, but expected %s\n",
895  GNUNET_i2s (&m->origin_identity),
896  GNUNET_i2s_full (kx->peer));
897  GNUNET_break_op (0);
898  return;
899  }
900  if ((ntohl (m->purpose.size) !=
901  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
902  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
903  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
904  + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
905  + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
906  (GNUNET_OK !=
907  GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
908  &m->purpose,
909  &m->signature,
910  &m->origin_identity.public_key)))
911  {
912  /* invalid signature */
913  GNUNET_break_op (0);
914  GNUNET_STATISTICS_update (GSC_stats,
915  gettext_noop (
916  "# EPHEMERAL_KEYs rejected (bad signature)"),
917  1,
918  GNUNET_NO);
919  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
920  "Received EPHEMERAL_KEY from %s with bad signature\n",
921  GNUNET_i2s (&m->origin_identity));
922  return;
923  }
924  now = GNUNET_TIME_absolute_get ();
925  start_t = GNUNET_TIME_absolute_ntoh (m->creation_time);
926  if ((end_t.abs_value_us <
927  GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value_us) ||
928  (start_t.abs_value_us >
929  GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value_us))
930  {
931  GNUNET_log (
932  GNUNET_ERROR_TYPE_WARNING,
933  _ (
934  "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"),
935  GNUNET_i2s (kx->peer),
936  (unsigned long long) now.abs_value_us,
937  (unsigned long long) start_t.abs_value_us,
938  (unsigned long long) end_t.abs_value_us);
939  GNUNET_STATISTICS_update (GSC_stats,
940  gettext_noop (
941  "# EPHEMERAL_KEY messages rejected due to time"),
942  1,
943  GNUNET_NO);
944  return;
945  }
946 #if DEBUG_KX
947  {
948  struct GNUNET_HashCode eh;
949 
950  GNUNET_CRYPTO_hash (&m->ephemeral_key, sizeof(m->ephemeral_key), &eh);
951  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
952  "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n",
953  GNUNET_h2s (&eh),
954  GNUNET_i2s (kx->peer),
955  kx->status);
956  }
957 #endif
958  GNUNET_STATISTICS_update (GSC_stats,
959  gettext_noop ("# valid ephemeral keys received"),
960  1,
961  GNUNET_NO);
962  kx->other_ephemeral_key = m->ephemeral_key;
963  kx->foreign_key_expires = end_t;
964  derive_session_keys (kx);
965 
966  /* check if we still need to send the sender our key */
967  sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status);
968  switch (sender_status)
969  {
970  case GNUNET_CORE_KX_STATE_DOWN:
971  GNUNET_break_op (0);
972  break;
973 
974  case GNUNET_CORE_KX_STATE_KEY_SENT:
975  /* fine, need to send our key after updating our status, see below */
976  GSC_SESSIONS_reinit (kx->peer);
977  break;
978 
979  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
980  /* other peer already got our key, but typemap did go down */
981  GSC_SESSIONS_reinit (kx->peer);
982  break;
983 
984  case GNUNET_CORE_KX_STATE_UP:
985  /* other peer already got our key, typemap NOT down */
986  break;
987 
988  case GNUNET_CORE_KX_STATE_REKEY_SENT:
989  /* other peer already got our key, typemap NOT down */
990  break;
991 
992  default:
993  GNUNET_break (0);
994  break;
995  }
996  /* check if we need to confirm everything is fine via PING + PONG */
997  switch (kx->status)
998  {
999  case GNUNET_CORE_KX_STATE_DOWN:
1000  GNUNET_assert (NULL == kx->keep_alive_task);
1001  kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED;
1002  monitor_notify_all (kx);
1003  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1004  send_key (kx);
1005  else
1006  send_ping (kx);
1007  break;
1008 
1009  case GNUNET_CORE_KX_STATE_KEY_SENT:
1010  GNUNET_assert (NULL == kx->keep_alive_task);
1011  kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED;
1012  monitor_notify_all (kx);
1013  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1014  send_key (kx);
1015  else
1016  send_ping (kx);
1017  break;
1018 
1019  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
1020  GNUNET_assert (NULL == kx->keep_alive_task);
1021  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1022  send_key (kx);
1023  else
1024  send_ping (kx);
1025  break;
1026 
1027  case GNUNET_CORE_KX_STATE_UP:
1028  kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
1029  monitor_notify_all (kx);
1030  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1031  send_key (kx);
1032  else
1033  send_ping (kx);
1034  break;
1035 
1036  case GNUNET_CORE_KX_STATE_REKEY_SENT:
1037  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1038  send_key (kx);
1039  else
1040  send_ping (kx);
1041  break;
1042 
1043  default:
1044  GNUNET_break (0);
1045  break;
1046  }
1047 }
GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY
#define GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY
Purpose is to set a session key.
Definition: gnunet_signatures.h:130
REKEY_TOLERANCE
#define REKEY_TOLERANCE
What time difference do we tolerate?
Definition: gnunet-service-core_kx.c:64
derive_session_keys
static void derive_session_keys(struct GSC_KeyExchangeInfo *kx)
Derive fresh session keys from the current ephemeral keys.
Definition: gnunet-service-core_kx.c:822
GSC_SESSIONS_reinit
void GSC_SESSIONS_reinit(const struct GNUNET_PeerIdentity *peer)
The other peer has indicated that it 'lost' the session (KX down), reinitialize the session on our en...
Definition: gnunet-service-core_sessions.c:353
GNUNET_CORE_KxState
GNUNET_CORE_KxState
State machine for our P2P encryption handshake.
Definition: gnunet_core_service.h:297
GNUNET_CRYPTO_eddsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:690
GNUNET_i2s_full
const char * GNUNET_i2s_full(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
Definition: common_logging.c:1322
GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_WARNING
Definition: gnunet_common.h:438
GNUNET_TIME_absolute_get
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
GNUNET_TIME_absolute_ntoh
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:737
GNUNET_TIME_absolute_subtract
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_subtract(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Subtract a given relative duration from the given start time.
Definition: time.c:469
GNUNET_TIME_absolute_add
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:450
_
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:201
GNUNET_TIME_AbsoluteNBO
Time for absolute time used by GNUnet, in microseconds and in network byte order.
Definition: gnunet_time_lib.h:102
GNUNET_TIME_Absolute
Time for absolute times used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:54
GNUNET_TIME_Absolute::abs_value_us
uint64_t abs_value_us
The actual value.
Definition: gnunet_time_lib.h:58
GSC_KeyExchangeInfo::foreign_key_expires
struct GNUNET_TIME_Absolute foreign_key_expires
At what time did the other peer generate the decryption key?
Definition: gnunet-service-core_kx.c:187

References _, GNUNET_TIME_Absolute::abs_value_us, derive_session_keys(), GSC_KeyExchangeInfo::foreign_key_expires, gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_eddsa_verify_(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_h2s(), GNUNET_i2s(), GNUNET_i2s_full(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_ntoh(), GNUNET_TIME_absolute_subtract(), GSC_SESSIONS_reinit(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, m, monitor_notify_all(), GSC_KeyExchangeInfo::other_ephemeral_key, GSC_KeyExchangeInfo::peer, REKEY_TOLERANCE, send_key(), send_ping(), and GSC_KeyExchangeInfo::status.

Here is the call graph for this function:

◆ handle_ping()

static void handle_ping ( void *  cls,
const struct PingMessage m 
)
static

We received a PING message.

Validate and transmit a PONG message.

Parameters
clskey exchange status for the corresponding peer
mthe encrypted PING message itself

Definition at line 1058 of file gnunet-service-core_kx.c.

1059 {
1060  struct GSC_KeyExchangeInfo *kx = cls;
1061  struct PingMessage t;
1062  struct PongMessage tx;
1063  struct PongMessage *tp;
1064  struct GNUNET_MQ_Envelope *env;
1065  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
1066 
1067  GNUNET_STATISTICS_update (GSC_stats,
1068  gettext_noop ("# PING messages received"),
1069  1,
1070  GNUNET_NO);
1071  if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) &&
1072  (kx->status != GNUNET_CORE_KX_STATE_UP) &&
1073  (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT))
1074  {
1075  /* ignore */
1076  GNUNET_STATISTICS_update (GSC_stats,
1077  gettext_noop (
1078  "# PING messages dropped (out of order)"),
1079  1,
1080  GNUNET_NO);
1081  return;
1082  }
1083  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1084  "Core service receives PING request from `%s'.\n",
1085  GNUNET_i2s (kx->peer));
1086  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
1087  if (GNUNET_OK != do_decrypt (kx,
1088  &iv,
1089  &m->target,
1090  &t.target,
1091  sizeof(struct PingMessage)
1092  - ((void *) &m->target - (void *) m)))
1093  {
1094  GNUNET_break_op (0);
1095  return;
1096  }
1097  if (0 !=
1098  memcmp (&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity)))
1099  {
1100  if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status)
1101  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1102  "Decryption of PING from peer `%s' failed, PING for `%s'?\n",
1103  GNUNET_i2s (kx->peer),
1104  GNUNET_i2s2 (&t.target));
1105  else
1106  GNUNET_log (
1107  GNUNET_ERROR_TYPE_DEBUG,
1108  "Decryption of PING from peer `%s' failed after rekey (harmless)\n",
1109  GNUNET_i2s (kx->peer));
1110  GNUNET_break_op (0);
1111  return;
1112  }
1113  /* construct PONG */
1114  tx.reserved = 0;
1115  tx.challenge = t.challenge;
1116  tx.target = t.target;
1117  env = GNUNET_MQ_msg (tp, GNUNET_MESSAGE_TYPE_CORE_PONG);
1118  tp->iv_seed = calculate_seed (kx);
1119  derive_pong_iv (&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer);
1120  do_encrypt (kx,
1121  &iv,
1122  &tx.challenge,
1123  &tp->challenge,
1124  sizeof(struct PongMessage)
1125  - ((void *) &tp->challenge - (void *) tp));
1126  GNUNET_STATISTICS_update (GSC_stats,
1127  gettext_noop ("# PONG messages created"),
1128  1,
1129  GNUNET_NO);
1130  GNUNET_MQ_send (kx->mq, env);
1131 }
do_decrypt
static int do_decrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Decrypt size bytes from in and write the result to out.
Definition: gnunet-service-core_kx.c:543
derive_pong_iv
static void derive_pong_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, uint32_t challenge, const struct GNUNET_PeerIdentity *identity)
Derive an IV from pong packet information.
Definition: gnunet-service-core_kx.c:410
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zonewalk.c:119
GNUNET_MQ_msg
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:78
GNUNET_MESSAGE_TYPE_CORE_PONG
#define GNUNET_MESSAGE_TYPE_CORE_PONG
Confirmation that other peer is alive.
Definition: gnunet_protocols.h:407
PongMessage
Response to a PING.
Definition: gnunet_core_service.h:141
PongMessage::challenge
uint32_t challenge
Random number to make replay attacks harder.
Definition: gnunet_core_service.h:155
PongMessage::iv_seed
uint32_t iv_seed
Seed for the IV.
Definition: gnunet_core_service.h:150

References calculate_seed(), PongMessage::challenge, GSC_KeyExchangeInfo::decrypt_key, derive_iv(), derive_pong_iv(), do_decrypt(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, env, gettext_noop, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_i2s2(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_my_identity, GSC_stats, PongMessage::iv_seed, m, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, PongMessage::reserved, GSC_KeyExchangeInfo::status, t, and PongMessage::target.

Here is the call graph for this function:

◆ send_keep_alive()

static void send_keep_alive ( void *  cls)
static

Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a PING).

Parameters
clsthe struct GSC_KeyExchangeInfo

Definition at line 1141 of file gnunet-service-core_kx.c.

1142 {
1143  struct GSC_KeyExchangeInfo *kx = cls;
1144  struct GNUNET_TIME_Relative retry;
1145  struct GNUNET_TIME_Relative left;
1146 
1147  kx->keep_alive_task = NULL;
1148  left = GNUNET_TIME_absolute_get_remaining (kx->timeout);
1149  if (0 == left.rel_value_us)
1150  {
1151  GNUNET_STATISTICS_update (GSC_stats,
1152  gettext_noop ("# sessions terminated by timeout"),
1153  1,
1154  GNUNET_NO);
1155  GSC_SESSIONS_end (kx->peer);
1156  kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
1157  monitor_notify_all (kx);
1158  send_key (kx);
1159  return;
1160  }
1161  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1162  "Sending KEEPALIVE to `%s'\n",
1163  GNUNET_i2s (kx->peer));
1164  GNUNET_STATISTICS_update (GSC_stats,
1165  gettext_noop ("# keepalive messages sent"),
1166  1,
1167  GNUNET_NO);
1168  setup_fresh_ping (kx);
1169  send_ping (kx);
1170  retry = GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2),
1171  MIN_PING_FREQUENCY);
1172  kx->keep_alive_task =
1173  GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx);
1174 }
MIN_PING_FREQUENCY
#define MIN_PING_FREQUENCY
What is the minimum frequency for a PING message?
Definition: gnunet-service-core_kx.c:52
send_keep_alive
static void send_keep_alive(void *cls)
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a P...
Definition: gnunet-service-core_kx.c:1141
GNUNET_TIME_relative_max
struct GNUNET_TIME_Relative GNUNET_TIME_relative_max(struct GNUNET_TIME_Relative t1, struct GNUNET_TIME_Relative t2)
Return the maximum of two relative time values.
Definition: time.c:351
GNUNET_TIME_absolute_get_remaining
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_remaining(struct GNUNET_TIME_Absolute future)
Given a timestamp in the future, how much time remains until then?
Definition: time.c:405
GNUNET_TIME_relative_divide
struct GNUNET_TIME_Relative GNUNET_TIME_relative_divide(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Divide relative time by a given factor.
Definition: time.c:550
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:77

References gettext_noop, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_get_remaining(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_max(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, MIN_PING_FREQUENCY, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GNUNET_TIME_Relative::rel_value_us, send_key(), send_ping(), setup_fresh_ping(), GSC_KeyExchangeInfo::status, and GSC_KeyExchangeInfo::timeout.

Referenced by update_timeout().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ update_timeout()

static void update_timeout ( struct GSC_KeyExchangeInfo kx)
static

We've seen a valid message from the other peer.

Update the time when the session would time out and delay sending our keep alive message further.

Parameters
kxkey exchange where we saw activity

Definition at line 1185 of file gnunet-service-core_kx.c.

1186 {
1187  struct GNUNET_TIME_Relative delta;
1188 
1189  kx->timeout =
1190  GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
1191  delta =
1192  GNUNET_TIME_absolute_get_difference (kx->last_notify_timeout, kx->timeout);
1193  if (delta.rel_value_us > 5LL * 1000LL * 1000LL)
1194  {
1195  /* we only notify monitors about timeout changes if those
1196  are bigger than the threshold (5s) */
1197  monitor_notify_all (kx);
1198  }
1199  if (NULL != kx->keep_alive_task)
1200  GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
1201  kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed (
1202  GNUNET_TIME_relative_divide (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, 2),
1203  &send_keep_alive,
1204  kx);
1205 }
GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT
#define GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT
After how long do we consider a connection to a peer dead if we don't receive messages from the peer?
Definition: gnunet_constants.h:57
GNUNET_TIME_relative_to_absolute
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:316
GNUNET_TIME_absolute_get_difference
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_difference(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end)
Compute the time difference between the given start and end times.
Definition: time.c:421
delta
static struct GNUNET_TIME_Relative delta
Definition: speedup.c:36
GNUNET_TIME_Relative::rel_value_us
uint64_t rel_value_us
The actual value.
Definition: gnunet_time_lib.h:81

References delta, GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), GNUNET_TIME_absolute_get_difference(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_to_absolute(), GSC_KeyExchangeInfo::keep_alive_task, GSC_KeyExchangeInfo::last_notify_timeout, monitor_notify_all(), GNUNET_TIME_Relative::rel_value_us, send_keep_alive(), and GSC_KeyExchangeInfo::timeout.

Referenced by handle_encrypted(), and handle_pong().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ handle_pong()

static void handle_pong ( void *  cls,
const struct PongMessage m 
)
static

We received a PONG message.

Validate and update our status.

Parameters
kxkey exchange context for the the PONG
mthe encrypted PONG message itself

Definition at line 1215 of file gnunet-service-core_kx.c.

1216 {
1217  struct GSC_KeyExchangeInfo *kx = cls;
1218  struct PongMessage t;
1219  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
1220 
1221  GNUNET_STATISTICS_update (GSC_stats,
1222  gettext_noop ("# PONG messages received"),
1223  1,
1224  GNUNET_NO);
1225  switch (kx->status)
1226  {
1227  case GNUNET_CORE_KX_STATE_DOWN:
1228  GNUNET_STATISTICS_update (GSC_stats,
1229  gettext_noop (
1230  "# PONG messages dropped (connection down)"),
1231  1,
1232  GNUNET_NO);
1233  return;
1234 
1235  case GNUNET_CORE_KX_STATE_KEY_SENT:
1236  GNUNET_STATISTICS_update (GSC_stats,
1237  gettext_noop (
1238  "# PONG messages dropped (out of order)"),
1239  1,
1240  GNUNET_NO);
1241  return;
1242 
1243  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
1244  break;
1245 
1246  case GNUNET_CORE_KX_STATE_UP:
1247  break;
1248 
1249  case GNUNET_CORE_KX_STATE_REKEY_SENT:
1250  break;
1251 
1252  default:
1253  GNUNET_break (0);
1254  return;
1255  }
1256  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1257  "Core service receives PONG response from `%s'.\n",
1258  GNUNET_i2s (kx->peer));
1259  /* mark as garbage, just to be sure */
1260  memset (&t, 255, sizeof(t));
1261  derive_pong_iv (&iv,
1262  &kx->decrypt_key,
1263  m->iv_seed,
1264  kx->ping_challenge,
1265  &GSC_my_identity);
1266  if (GNUNET_OK != do_decrypt (kx,
1267  &iv,
1268  &m->challenge,
1269  &t.challenge,
1270  sizeof(struct PongMessage)
1271  - ((void *) &m->challenge - (void *) m)))
1272  {
1273  GNUNET_break_op (0);
1274  return;
1275  }
1276  GNUNET_STATISTICS_update (GSC_stats,
1277  gettext_noop ("# PONG messages decrypted"),
1278  1,
1279  GNUNET_NO);
1280  if ((0 !=
1281  memcmp (&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) ||
1282  (kx->ping_challenge != t.challenge))
1283  {
1284  /* PONG malformed */
1285  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1286  "Received malformed PONG wanted sender `%s' with challenge %u\n",
1287  GNUNET_i2s (kx->peer),
1288  (unsigned int) kx->ping_challenge);
1289  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1290  "Received malformed PONG received from `%s' with challenge %u\n",
1291  GNUNET_i2s (&t.target),
1292  (unsigned int) t.challenge);
1293  return;
1294  }
1295  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1296  "Received valid PONG from `%s'\n",
1297  GNUNET_i2s (kx->peer));
1298  /* no need to resend key any longer */
1299  if (NULL != kx->retry_set_key_task)
1300  {
1301  GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
1302  kx->retry_set_key_task = NULL;
1303  }
1304  switch (kx->status)
1305  {
1306  case GNUNET_CORE_KX_STATE_DOWN:
1307  GNUNET_assert (0); /* should be impossible */
1308  return;
1309 
1310  case GNUNET_CORE_KX_STATE_KEY_SENT:
1311  GNUNET_assert (0); /* should be impossible */
1312  return;
1313 
1314  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
1315  GNUNET_STATISTICS_update (GSC_stats,
1316  gettext_noop (
1317  "# session keys confirmed via PONG"),
1318  1,
1319  GNUNET_NO);
1320  kx->status = GNUNET_CORE_KX_STATE_UP;
1321  monitor_notify_all (kx);
1322  GSC_SESSIONS_create (kx->peer, kx);
1323  GNUNET_assert (NULL == kx->keep_alive_task);
1324  update_timeout (kx);
1325  break;
1326 
1327  case GNUNET_CORE_KX_STATE_UP:
1328  GNUNET_STATISTICS_update (GSC_stats,
1329  gettext_noop ("# timeouts prevented via PONG"),
1330  1,
1331  GNUNET_NO);
1332  update_timeout (kx);
1333  break;
1334 
1335  case GNUNET_CORE_KX_STATE_REKEY_SENT:
1336  GNUNET_STATISTICS_update (GSC_stats,
1337  gettext_noop (
1338  "# rekey operations confirmed via PONG"),
1339  1,
1340  GNUNET_NO);
1341  kx->status = GNUNET_CORE_KX_STATE_UP;
1342  monitor_notify_all (kx);
1343  update_timeout (kx);
1344  break;
1345 
1346  default:
1347  GNUNET_break (0);
1348  break;
1349  }
1350 }
update_timeout
static void update_timeout(struct GSC_KeyExchangeInfo *kx)
We've seen a valid message from the other peer.
Definition: gnunet-service-core_kx.c:1185
GSC_SESSIONS_create
void GSC_SESSIONS_create(const struct GNUNET_PeerIdentity *peer, struct GSC_KeyExchangeInfo *kx)
Create a session, a key exchange was just completed.
Definition: gnunet-service-core_sessions.c:318

References GSC_KeyExchangeInfo::decrypt_key, derive_pong_iv(), do_decrypt(), gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_my_identity, GSC_SESSIONS_create(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, m, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::ping_challenge, GSC_KeyExchangeInfo::retry_set_key_task, GSC_KeyExchangeInfo::status, t, and update_timeout().

Here is the call graph for this function:

◆ GSC_KX_encrypt_and_transmit()

void GSC_KX_encrypt_and_transmit ( struct GSC_KeyExchangeInfo kx,
const void *  payload,
size_t  payload_size 
)

Encrypt and transmit a message with the given payload.

Parameters
kxkey exchange context
payloadpayload of the message
payload_sizenumber of bytes in 'payload'

Definition at line 1397 of file gnunet-service-core_kx.c.

1400 {
1401  size_t used = payload_size + sizeof(struct EncryptedMessage);
1402  char pbuf[used]; /* plaintext */
1403  struct EncryptedMessage *em; /* encrypted message */
1404  struct EncryptedMessage *ph; /* plaintext header */
1405  struct GNUNET_MQ_Envelope *env;
1406  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
1407  struct GNUNET_CRYPTO_AuthKey auth_key;
1408 
1409  ph = (struct EncryptedMessage *) pbuf;
1410  ph->sequence_number = htonl (++kx->last_sequence_number_sent);
1411  ph->iv_seed = calculate_seed (kx);
1412  ph->reserved = 0;
1413  ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
1414  GNUNET_memcpy (&ph[1], payload, payload_size);
1415  env = GNUNET_MQ_msg_extra (em,
1416  payload_size,
1417  GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE);
1418  em->iv_seed = ph->iv_seed;
1419  derive_iv (&iv, &kx->encrypt_key, ph->iv_seed, kx->peer);
1420  GNUNET_assert (GNUNET_OK == do_encrypt (kx,
1421  &iv,
1422  &ph->sequence_number,
1423  &em->sequence_number,
1424  used - ENCRYPTED_HEADER_SIZE));
1425 #if DEBUG_KX
1426  {
1427  struct GNUNET_HashCode hc;
1428 
1429  GNUNET_CRYPTO_hash (&ph->sequence_number,
1430  used - ENCRYPTED_HEADER_SIZE,
1431  &hc);
1432  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1433  "Encrypted payload `%s' of %u bytes for %s\n",
1434  GNUNET_h2s (&hc),
1435  (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
1436  GNUNET_i2s (kx->peer));
1437  }
1438 #endif
1439  derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed);
1440  GNUNET_CRYPTO_hmac (&auth_key,
1441  &em->sequence_number,
1442  used - ENCRYPTED_HEADER_SIZE,
1443  &em->hmac);
1444 #if DEBUG_KX
1445  {
1446  struct GNUNET_HashCode hc;
1447 
1448  GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
1449  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1450  "For peer %s, used AC %s to create hmac %s\n",
1451  GNUNET_i2s (kx->peer),
1452  GNUNET_h2s (&hc),
1453  GNUNET_h2s2 (&em->hmac));
1454  }
1455 #endif
1456  kx->has_excess_bandwidth = GNUNET_NO;
1457  GNUNET_MQ_send (kx->mq, env);
1458 }
ph
static struct GNUNET_ATS_PerformanceHandle * ph
ATS performance handle used.
Definition: gnunet-ats.c:116
ENCRYPTED_HEADER_SIZE
#define ENCRYPTED_HEADER_SIZE
Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted.
Definition: gnunet-service-core_kx.c:128
derive_auth_key
static void derive_auth_key(struct GNUNET_CRYPTO_AuthKey *akey, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed)
Derive an authentication key from "set key" information.
Definition: gnunet-service-core_kx.c:334
payload
static unsigned long long payload
How much data are we currently storing in the database?
Definition: gnunet-service-datastore.c:183
GNUNET_CRYPTO_hmac
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:330
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition: gnunet_common.h:1294
GNUNET_h2s2
const char * GNUNET_h2s2(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
Definition: common_logging.c:1146
GNUNET_MQ_msg_extra
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct.
Definition: gnunet_mq_lib.h:63
GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE
#define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE
Encapsulation for an encrypted message between peers.
Definition: gnunet_protocols.h:397
EncryptedMessage
Encapsulation for encrypted messages exchanged between peers.
Definition: gnunet-service-core_kx.c:84
EncryptedMessage::iv_seed
uint32_t iv_seed
Random value used for IV generation.
Definition: gnunet-service-core_kx.c:93
EncryptedMessage::sequence_number
uint32_t sequence_number
Sequence number, in network byte order.
Definition: gnunet-service-core_kx.c:108
EncryptedMessage::hmac
struct GNUNET_HashCode hmac
MAC of the encrypted message (starting at sequence_number), used to verify message integrity.
Definition: gnunet-service-core_kx.c:102
GNUNET_CRYPTO_AuthKey
type for (message) authentication keys
Definition: gnunet_crypto_lib.h:399
GSC_KeyExchangeInfo::last_sequence_number_sent
uint32_t last_sequence_number_sent
last sequence number transmitted
Definition: gnunet-service-core_kx.c:229
GSC_KeyExchangeInfo::has_excess_bandwidth
int has_excess_bandwidth
GNUNET_YES if this peer currently has excess bandwidth.
Definition: gnunet-service-core_kx.c:239

References calculate_seed(), derive_auth_key(), derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, ENCRYPTED_HEADER_SIZE, env, GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_h2s2(), GNUNET_i2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::has_excess_bandwidth, EncryptedMessage::hmac, EncryptedMessage::iv_seed, GSC_KeyExchangeInfo::last_sequence_number_sent, GSC_KeyExchangeInfo::mq, payload, GSC_KeyExchangeInfo::peer, ph, and EncryptedMessage::sequence_number.

Referenced by transmit_typemap_task(), and try_transmission().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_encrypted()

static int check_encrypted ( void *  cls,
const struct EncryptedMessage m 
)
static

We received an encrypted message.

Check that it is well-formed (size-wise).

Parameters
clskey exchange context for encrypting the message
mencrypted message
Returns
GNUNET_OK if msg is well-formed (size-wise)

Definition at line 1470 of file gnunet-service-core_kx.c.

1471 {
1472  uint16_t size = ntohs (m->header.size) - sizeof(*m);
1473 
1474  if (size < sizeof(struct GNUNET_MessageHeader))
1475  {
1476  GNUNET_break_op (0);
1477  return GNUNET_SYSERR;
1478  }
1479  return GNUNET_OK;
1480 }

References GNUNET_break_op, GNUNET_OK, GNUNET_SYSERR, m, and size.

◆ handle_encrypted()

static void handle_encrypted ( void *  cls,
const struct EncryptedMessage m 
)
static

We received an encrypted message.

Decrypt, validate and pass on to the appropriate clients.

Parameters
clskey exchange context for encrypting the message
mencrypted message

Definition at line 1491 of file gnunet-service-core_kx.c.

1492 {
1493  struct GSC_KeyExchangeInfo *kx = cls;
1494  struct EncryptedMessage *pt; /* plaintext */
1495  struct GNUNET_HashCode ph;
1496  uint32_t snum;
1497  struct GNUNET_TIME_Absolute t;
1498  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
1499  struct GNUNET_CRYPTO_AuthKey auth_key;
1500  uint16_t size = ntohs (m->header.size);
1501  char buf[size] GNUNET_ALIGN;
1502 
1503  if (GNUNET_CORE_KX_STATE_UP != kx->status)
1504  {
1505  GNUNET_STATISTICS_update (GSC_stats,
1506  gettext_noop (
1507  "# DATA message dropped (out of order)"),
1508  1,
1509  GNUNET_NO);
1510  return;
1511  }
1512  if (0 ==
1513  GNUNET_TIME_absolute_get_remaining (kx->foreign_key_expires).rel_value_us)
1514  {
1515  GNUNET_log (
1516  GNUNET_ERROR_TYPE_WARNING,
1517  _ (
1518  "Session to peer `%s' went down due to key expiration (should not happen)\n"),
1519  GNUNET_i2s (kx->peer));
1520  GNUNET_STATISTICS_update (GSC_stats,
1521  gettext_noop (
1522  "# sessions terminated by key expiration"),
1523  1,
1524  GNUNET_NO);
1525  GSC_SESSIONS_end (kx->peer);
1526  if (NULL != kx->keep_alive_task)
1527  {
1528  GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
1529  kx->keep_alive_task = NULL;
1530  }
1531  kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
1532  monitor_notify_all (kx);
1533  send_key (kx);
1534  return;
1535  }
1536 
1537  /* validate hash */
1538 #if DEBUG_KX
1539  {
1540  struct GNUNET_HashCode hc;
1541 
1542  GNUNET_CRYPTO_hash (&m->sequence_number, size - ENCRYPTED_HEADER_SIZE, &hc);
1543  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1544  "Received encrypted payload `%s' of %u bytes from %s\n",
1545  GNUNET_h2s (&hc),
1546  (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
1547  GNUNET_i2s (kx->peer));
1548  }
1549 #endif
1550  derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed);
1551  GNUNET_CRYPTO_hmac (&auth_key,
1552  &m->sequence_number,
1553  size - ENCRYPTED_HEADER_SIZE,
1554  &ph);
1555 #if DEBUG_KX
1556  {
1557  struct GNUNET_HashCode hc;
1558 
1559  GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
1560  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1561  "For peer %s, used AC %s to verify hmac %s\n",
1562  GNUNET_i2s (kx->peer),
1563  GNUNET_h2s (&hc),
1564  GNUNET_h2s2 (&m->hmac));
1565  }
1566 #endif
1567  if (0 != memcmp (&ph, &m->hmac, sizeof(struct GNUNET_HashCode)))
1568  {
1569  /* checksum failed */
1570  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1571  "Failed checksum validation for a message from `%s'\n",
1572  GNUNET_i2s (kx->peer));
1573  return;
1574  }
1575  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
1576  /* decrypt */
1577  if (GNUNET_OK != do_decrypt (kx,
1578  &iv,
1579  &m->sequence_number,
1580  &buf[ENCRYPTED_HEADER_SIZE],
1581  size - ENCRYPTED_HEADER_SIZE))
1582  {
1583  GNUNET_break_op (0);
1584  return;
1585  }
1586  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1587  "Decrypted %u bytes from %s\n",
1588  (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
1589  GNUNET_i2s (kx->peer));
1590  pt = (struct EncryptedMessage *) buf;
1591 
1592  /* validate sequence number */
1593  snum = ntohl (pt->sequence_number);
1594  if (kx->last_sequence_number_received == snum)
1595  {
1596  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1597  "Received duplicate message, ignoring.\n");
1598  /* duplicate, ignore */
1599  GNUNET_STATISTICS_update (GSC_stats,
1600  gettext_noop ("# bytes dropped (duplicates)"),
1601  size,
1602  GNUNET_NO);
1603  return;
1604  }
1605  if ((kx->last_sequence_number_received > snum) &&
1606  (kx->last_sequence_number_received - snum > 32))
1607  {
1608  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1609  "Received ancient out of sequence message, ignoring.\n");
1610  /* ancient out of sequence, ignore */
1611  GNUNET_STATISTICS_update (GSC_stats,
1612  gettext_noop (
1613  "# bytes dropped (out of sequence)"),
1614  size,
1615  GNUNET_NO);
1616  return;
1617  }
1618  if (kx->last_sequence_number_received > snum)
1619  {
1620  uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1);
1621 
1622  if ((kx->last_packets_bitmap & rotbit) != 0)
1623  {
1624  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1625  "Received duplicate message, ignoring.\n");
1626  GNUNET_STATISTICS_update (GSC_stats,
1627  gettext_noop ("# bytes dropped (duplicates)"),
1628  size,
1629  GNUNET_NO);
1630  /* duplicate, ignore */
1631  return;
1632  }
1633  kx->last_packets_bitmap |= rotbit;
1634  }
1635  if (kx->last_sequence_number_received < snum)
1636  {
1637  unsigned int shift = (snum - kx->last_sequence_number_received);
1638 
1639  if (shift >= 8 * sizeof(kx->last_packets_bitmap))
1640  kx->last_packets_bitmap = 0;
1641  else
1642  kx->last_packets_bitmap <<= shift;
1643  kx->last_sequence_number_received = snum;
1644  }
1645 
1646  /* check timestamp */
1647  t = GNUNET_TIME_absolute_ntoh (pt->timestamp);
1648  if (GNUNET_TIME_absolute_get_duration (t).rel_value_us >
1649  MAX_MESSAGE_AGE.rel_value_us)
1650  {
1651  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1652  "Message received far too old (%s). Content ignored.\n",
1653  GNUNET_STRINGS_relative_time_to_string (
1654  GNUNET_TIME_absolute_get_duration (t),
1655  GNUNET_YES));
1656  GNUNET_STATISTICS_update (GSC_stats,
1657  gettext_noop (
1658  "# bytes dropped (ancient message)"),
1659  size,
1660  GNUNET_NO);
1661  return;
1662  }
1663 
1664  /* process decrypted message(s) */
1665  update_timeout (kx);
1666  GNUNET_STATISTICS_update (GSC_stats,
1667  gettext_noop ("# bytes of payload decrypted"),
1668  size - sizeof(struct EncryptedMessage),
1669  GNUNET_NO);
1670  if (GNUNET_OK !=
1671  GNUNET_MST_from_buffer (kx->mst,
1672  &buf[sizeof(struct EncryptedMessage)],
1673  size - sizeof(struct EncryptedMessage),
1674  GNUNET_YES,
1675  GNUNET_NO))
1676  GNUNET_break_op (0);
1677 }
MAX_MESSAGE_AGE
#define MAX_MESSAGE_AGE
What is the maximum age of a message for us to consider processing it? Note that this looks at the ti...
Definition: gnunet-service-core_kx.c:74
buf
static char buf[2048]
Definition: gnunet-service-testbed_meminfo.c:64
GNUNET_ALIGN
#define GNUNET_ALIGN
gcc-ism to force alignment; we use this to align char-arrays that may then be cast to 'struct's.
Definition: gnunet_common.h:253
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_MST_from_buffer
enum GNUNET_GenericReturnValue GNUNET_MST_from_buffer(struct GNUNET_MessageStreamTokenizer *mst, const char *buf, size_t size, int purge, int one_shot)
Add incoming data to the receive buffer and call the callback for all complete messages.
Definition: mst.c:101
GNUNET_TIME_absolute_get_duration
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_duration(struct GNUNET_TIME_Absolute whence)
Get the duration of an operation as the difference of the current time and the given start time "henc...
Definition: time.c:436
GNUNET_STRINGS_relative_time_to_string
const char * GNUNET_STRINGS_relative_time_to_string(struct GNUNET_TIME_Relative delta, int do_round)
Give relative time in human-readable fancy format.
Definition: strings.c:569
EncryptedMessage::timestamp
struct GNUNET_TIME_AbsoluteNBO timestamp
Timestamp.
Definition: gnunet-service-core_kx.c:119

References _, buf, GSC_KeyExchangeInfo::decrypt_key, derive_auth_key(), derive_iv(), do_decrypt(), ENCRYPTED_HEADER_SIZE, GSC_KeyExchangeInfo::foreign_key_expires, gettext_noop, GNUNET_ALIGN, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_h2s(), GNUNET_h2s2(), GNUNET_i2s(), GNUNET_log, GNUNET_MST_from_buffer(), GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GNUNET_STRINGS_relative_time_to_string(), GNUNET_TIME_absolute_get_duration(), GNUNET_TIME_absolute_get_remaining(), GNUNET_TIME_absolute_ntoh(), GNUNET_YES, GSC_my_identity, GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, GSC_KeyExchangeInfo::last_packets_bitmap, GSC_KeyExchangeInfo::last_sequence_number_received, m, MAX_MESSAGE_AGE, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, ph, GNUNET_TIME_Relative::rel_value_us, send_key(), EncryptedMessage::sequence_number, size, GSC_KeyExchangeInfo::status, t, EncryptedMessage::timestamp, and update_timeout().

Here is the call graph for this function:

◆ handle_transport_notify_excess_bw()

static void handle_transport_notify_excess_bw ( void *  cls,
const struct GNUNET_PeerIdentity pid,
void *  connect_cls 
)
static

One of our neighbours has excess bandwidth, remember this.

Parameters
clsNULL
pididentity of the peer with excess bandwidth
connect_clsthe struct Neighbour

Definition at line 1688 of file gnunet-service-core_kx.c.

1691 {
1692  struct GSC_KeyExchangeInfo *kx = connect_cls;
1693 
1694  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1695  "Peer %s has excess bandwidth available\n",
1696  GNUNET_i2s (pid));
1697  kx->has_excess_bandwidth = GNUNET_YES;
1698  GSC_SESSIONS_solicit (pid);
1699 }
GSC_SESSIONS_solicit
void GSC_SESSIONS_solicit(const struct GNUNET_PeerIdentity *pid)
Traffic is being solicited for the given peer.
Definition: gnunet-service-core_sessions.c:844

References GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_YES, GSC_SESSIONS_solicit(), GSC_KeyExchangeInfo::has_excess_bandwidth, and pid.

Referenced by GSC_KX_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ sign_ephemeral_key()

static void sign_ephemeral_key ( )
static

Setup the message that links the ephemeral key to our persistent public key and generate the appropriate signature.

Definition at line 1707 of file gnunet-service-core_kx.c.

1708 {
1709  current_ekm.header.size = htons (sizeof(struct EphemeralKeyMessage));
1710  current_ekm.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY);
1711  current_ekm.sender_status = 0; /* to be set later */
1712  current_ekm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY);
1713  current_ekm.purpose.size =
1714  htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
1715  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
1716  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
1717  + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)
1718  + sizeof(struct GNUNET_PeerIdentity));
1719  current_ekm.creation_time =
1720  GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
1721  if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg,
1722  "core",
1723  "USE_EPHEMERAL_KEYS"))
1724  {
1725  current_ekm.expiration_time =
1726  GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (
1727  GNUNET_TIME_relative_add (REKEY_FREQUENCY,
1728  REKEY_TOLERANCE)));
1729  }
1730  else
1731  {
1732  current_ekm.expiration_time =
1733  GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
1734  }
1735  GNUNET_CRYPTO_ecdhe_key_get_public (&my_ephemeral_key,
1736  &current_ekm.ephemeral_key);
1737  current_ekm.origin_identity = GSC_my_identity;
1738  GNUNET_assert (GNUNET_OK ==
1739  GNUNET_CRYPTO_eddsa_sign_ (&my_private_key,
1740  &current_ekm.purpose,
1741  &current_ekm.signature));
1742 }
GSC_cfg
const struct GNUNET_CONFIGURATION_Handle * GSC_cfg
Our configuration.
Definition: gnunet-service-core.c:121
my_private_key
static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key
Our private key.
Definition: gnunet-service-core_kx.c:256
REKEY_FREQUENCY
#define REKEY_FREQUENCY
How often do we rekey?
Definition: gnunet-service-core_kx.c:58
GNUNET_CONFIGURATION_get_value_yesno
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_yesno(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option)
Get a configuration value that should be in a set of "YES" or "NO".
Definition: configuration.c:2067
GNUNET_CRYPTO_eddsa_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:607
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:214
GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY
#define GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY
Session key exchange between peers.
Definition: gnunet_protocols.h:427
GNUNET_TIME_relative_add
struct GNUNET_TIME_Relative GNUNET_TIME_relative_add(struct GNUNET_TIME_Relative a1, struct GNUNET_TIME_Relative a2)
Add relative times together.
Definition: time.c:585
GNUNET_TIME_UNIT_FOREVER_ABS
#define GNUNET_TIME_UNIT_FOREVER_ABS
Constant used to specify "forever".
Definition: gnunet_time_lib.h:197
EphemeralKeyMessage
Message transmitted with the signed ephemeral key of a peer.
Definition: gnunet_core_service.h:62
EphemeralKeyMessage::origin_identity
struct GNUNET_PeerIdentity origin_identity
Public key of the signing peer (persistent version, not the ephemeral public key).
Definition: gnunet_core_service.h:103
EphemeralKeyMessage::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
When does the given ephemeral key expire (end of validity).
Definition: gnunet_core_service.h:92
EphemeralKeyMessage::signature
struct GNUNET_CRYPTO_EddsaSignature signature
An ECC signature of the origin_identity asserting the validity of the given ephemeral key.
Definition: gnunet_core_service.h:77
EphemeralKeyMessage::creation_time
struct GNUNET_TIME_AbsoluteNBO creation_time
At what time was this key created (beginning of validity).
Definition: gnunet_core_service.h:87
EphemeralKeyMessage::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Information about what is being signed.
Definition: gnunet_core_service.h:82
GNUNET_CRYPTO_EccSignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition: gnunet_crypto_lib.h:147
GNUNET_CRYPTO_EccSignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition: gnunet_crypto_lib.h:155
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition: gnunet_crypto_lib.h:240

References EphemeralKeyMessage::creation_time, current_ekm, EphemeralKeyMessage::ephemeral_key, EphemeralKeyMessage::expiration_time, GNUNET_assert, GNUNET_CONFIGURATION_get_value_yesno(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GNUNET_TIME_relative_add(), GNUNET_TIME_relative_to_absolute(), GNUNET_TIME_UNIT_FOREVER_ABS, GNUNET_YES, GSC_cfg, GSC_my_identity, EphemeralKeyMessage::header, my_ephemeral_key, my_private_key, EphemeralKeyMessage::origin_identity, EphemeralKeyMessage::purpose, GNUNET_CRYPTO_EccSignaturePurpose::purpose, REKEY_FREQUENCY, REKEY_TOLERANCE, EphemeralKeyMessage::sender_status, EphemeralKeyMessage::signature, GNUNET_MessageHeader::size, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_MessageHeader::type.

Referenced by do_rekey(), and GSC_KX_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ do_rekey()

static void do_rekey ( void *  cls)
static

Task run to trigger rekeying.

Parameters
clsclosure, NULL

Definition at line 1751 of file gnunet-service-core_kx.c.

1752 {
1753  struct GSC_KeyExchangeInfo *pos;
1754 
1755  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
1756  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
1757  sign_ephemeral_key ();
1758  {
1759  struct GNUNET_HashCode eh;
1760 
1761  GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1762  sizeof(current_ekm.ephemeral_key),
1763  &eh);
1764  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s (&eh));
1765  }
1766  for (pos = kx_head; NULL != pos; pos = pos->next)
1767  {
1768  if (GNUNET_CORE_KX_STATE_UP == pos->status)
1769  {
1770  pos->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
1771  monitor_notify_all (pos);
1772  derive_session_keys (pos);
1773  }
1774  if (GNUNET_CORE_KX_STATE_DOWN == pos->status)
1775  {
1776  pos->status = GNUNET_CORE_KX_STATE_KEY_SENT;
1777  monitor_notify_all (pos);
1778  }
1779  monitor_notify_all (pos);
1780  send_key (pos);
1781  }
1782 }
sign_ephemeral_key
static void sign_ephemeral_key()
Setup the message that links the ephemeral key to our persistent public key and generate the appropri...
Definition: gnunet-service-core_kx.c:1707
do_rekey
static void do_rekey(void *cls)
Task run to trigger rekeying.
Definition: gnunet-service-core_kx.c:1751
rekey_task
static struct GNUNET_SCHEDULER_Task * rekey_task
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
Definition: gnunet-service-core_kx.c:282
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:436
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:443
GSC_KeyExchangeInfo::next
struct GSC_KeyExchangeInfo * next
DLL.
Definition: gnunet-service-core_kx.c:140

References current_ekm, derive_session_keys(), EphemeralKeyMessage::ephemeral_key, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_SCHEDULER_add_delayed(), kx_head, monitor_notify_all(), my_ephemeral_key, GSC_KeyExchangeInfo::next, REKEY_FREQUENCY, rekey_task, send_key(), sign_ephemeral_key(), and GSC_KeyExchangeInfo::status.

Referenced by GSC_KX_init().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_KX_init()

int GSC_KX_init ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Initialize KX subsystem.

Parameters
pkprivate key to use for the peer
Returns
GNUNET_OK on success, GNUNET_SYSERR on failure

Definition at line 1792 of file gnunet-service-core_kx.c.

1793 {
1794  struct GNUNET_MQ_MessageHandler handlers[] = {
1795  GNUNET_MQ_hd_fixed_size (ephemeral_key,
1796  GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY,
1797  struct EphemeralKeyMessage,
1798  NULL),
1799  GNUNET_MQ_hd_fixed_size (ping,
1800  GNUNET_MESSAGE_TYPE_CORE_PING,
1801  struct PingMessage,
1802  NULL),
1803  GNUNET_MQ_hd_fixed_size (pong,
1804  GNUNET_MESSAGE_TYPE_CORE_PONG,
1805  struct PongMessage,
1806  NULL),
1807  GNUNET_MQ_hd_var_size (encrypted,
1808  GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE,
1809  struct EncryptedMessage,
1810  NULL),
1811  GNUNET_MQ_handler_end ()
1812  };
1813 
1814  my_private_key = *pk;
1815  GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,
1816  &GSC_my_identity.public_key);
1817  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
1818  sign_ephemeral_key ();
1819  {
1820  struct GNUNET_HashCode eh;
1821 
1822  GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
1823  sizeof(current_ekm.ephemeral_key),
1824  &eh);
1825  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1826  "Starting with ephemeral key %s\n",
1827  GNUNET_h2s (&eh));
1828  }
1829 
1830  nc = GNUNET_notification_context_create (1);
1831  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
1832  transport =
1833  GNUNET_TRANSPORT_core_connect (GSC_cfg,
1834  &GSC_my_identity,
1835  handlers,
1836  NULL,
1837  &handle_transport_notify_connect,
1838  &handle_transport_notify_disconnect,
1839  &handle_transport_notify_excess_bw);
1840  if (NULL == transport)
1841  {
1842  GSC_KX_done ();
1843  return GNUNET_SYSERR;
1844  }
1845  return GNUNET_OK;
1846 }
pong
static void pong(struct GNUNET_CADET_Channel *channel, const struct CadetPingMessage *ping)
Reply with a pong to origin.
Definition: gnunet-cadet-profiler.c:664
ping
static void ping(void *cls)
Send a ping to destination.
Definition: gnunet-cadet-profiler.c:639
handlers
static struct GNUNET_CADET_MessageHandler handlers[]
Handlers, for diverse services.
Definition: gnunet-cadet-profiler.c:800
pk
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
Definition: gnunet-identity.c:126
handle_transport_notify_disconnect
static void handle_transport_notify_disconnect(void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls)
Function called by transport telling us that a peer disconnected.
Definition: gnunet-service-core_kx.c:765
GSC_KX_done
void GSC_KX_done()
Shutdown KX subsystem.
Definition: gnunet-service-core_kx.c:1853
handle_transport_notify_connect
static void * handle_transport_notify_connect(void *cls, const struct GNUNET_PeerIdentity *pid, struct GNUNET_MQ_Handle *mq)
Function called by transport to notify us that a peer connected to us (on the network level).
Definition: gnunet-service-core_kx.c:708
transport
static struct GNUNET_TRANSPORT_CoreHandle * transport
Transport service.
Definition: gnunet-service-core_kx.c:251
handle_transport_notify_excess_bw
static void handle_transport_notify_excess_bw(void *cls, const struct GNUNET_PeerIdentity *pid, void *connect_cls)
One of our neighbours has excess bandwidth, remember this.
Definition: gnunet-service-core_kx.c:1688
GNUNET_TRANSPORT_core_connect
struct GNUNET_TRANSPORT_CoreHandle * GNUNET_TRANSPORT_core_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_PeerIdentity *self, const struct GNUNET_MQ_MessageHandler *handlers, void *cls, GNUNET_TRANSPORT_NotifyConnect nc, GNUNET_TRANSPORT_NotifyDisconnect nd)
Connect to the transport service.
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:198
GNUNET_MQ_handler_end
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
Definition: gnunet_mq_lib.h:532
GNUNET_MQ_hd_var_size
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
Definition: gnunet_mq_lib.h:618
GNUNET_notification_context_create
struct GNUNET_NotificationContext * GNUNET_notification_context_create(unsigned int queue_length)
Create a new notification context.
Definition: nc.c:122
GNUNET_MQ_hd_fixed_size
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
Definition: gnunet_mq_lib.h:566
GNUNET_MQ_MessageHandler
Message handler for a specific message type.
Definition: gnunet_mq_lib.h:492
GNUNET_PeerIdentity::public_key
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Definition: gnunet_crypto_lib.h:230

References current_ekm, do_rekey(), EphemeralKeyMessage::ephemeral_key, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, GNUNET_MESSAGE_TYPE_CORE_PING, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_handler_end, GNUNET_MQ_hd_fixed_size, GNUNET_MQ_hd_var_size, GNUNET_notification_context_create(), GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GNUNET_SYSERR, GNUNET_TRANSPORT_core_connect(), GSC_cfg, GSC_KX_done(), GSC_my_identity, handle_transport_notify_connect(), handle_transport_notify_disconnect(), handle_transport_notify_excess_bw(), handlers, my_ephemeral_key, my_private_key, nc, ping(), pk, pong(), GNUNET_PeerIdentity::public_key, REKEY_FREQUENCY, rekey_task, sign_ephemeral_key(), and transport.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_KX_done()

void GSC_KX_done ( void  )

Shutdown KX subsystem.

Definition at line 1853 of file gnunet-service-core_kx.c.

1854 {
1855  if (NULL != transport)
1856  {
1857  GNUNET_TRANSPORT_core_disconnect (transport);
1858  transport = NULL;
1859  }
1860  if (NULL != rekey_task)
1861  {
1862  GNUNET_SCHEDULER_cancel (rekey_task);
1863  rekey_task = NULL;
1864  }
1865  memset (&my_ephemeral_key,
1866  0,
1867  sizeof (my_ephemeral_key));
1868  memset (&my_private_key,
1869  0,
1870  sizeof (my_private_key));
1871  if (NULL != nc)
1872  {
1873  GNUNET_notification_context_destroy (nc);
1874  nc = NULL;
1875  }
1876 }
GNUNET_TRANSPORT_core_disconnect
void GNUNET_TRANSPORT_core_disconnect(struct GNUNET_TRANSPORT_CoreHandle *handle)
Disconnect from the transport service.
Definition: transport_api_core.c:912
GNUNET_notification_context_destroy
void GNUNET_notification_context_destroy(struct GNUNET_NotificationContext *nc)
Destroy the context, force disconnect for all subscribers.
Definition: nc.c:138

References GNUNET_notification_context_destroy(), GNUNET_SCHEDULER_cancel(), GNUNET_TRANSPORT_core_disconnect(), my_ephemeral_key, my_private_key, nc, rekey_task, and transport.

Referenced by GSC_KX_init(), and shutdown_task().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_NEIGHBOURS_get_queue_length()

unsigned int GSC_NEIGHBOURS_get_queue_length ( const struct GSC_KeyExchangeInfo kxinfo)

Check how many messages are queued for the given neighbour.

Parameters
kxinfodata about neighbour to check
Returns
number of items in the message queue

Definition at line 1886 of file gnunet-service-core_kx.c.

1887 {
1888  return GNUNET_MQ_get_length (kxinfo->mq);
1889 }
GNUNET_MQ_get_length
unsigned int GNUNET_MQ_get_length(struct GNUNET_MQ_Handle *mq)
Obtain the current length of the message queue.
Definition: mq.c:293

References GNUNET_MQ_get_length(), and GSC_KeyExchangeInfo::mq.

Referenced by try_transmission().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_NEIGHBOURS_check_excess_bandwidth()

int GSC_NEIGHBOURS_check_excess_bandwidth ( const struct GSC_KeyExchangeInfo target)

Check if the given neighbour has excess bandwidth available.

Parameters
targetneighbour to check
Returns
GNUNET_YES if excess bandwidth is available, GNUNET_NO if not

Definition at line 1893 of file gnunet-service-core_kx.c.

1894 {
1895  return kxinfo->has_excess_bandwidth;
1896 }

References GSC_KeyExchangeInfo::has_excess_bandwidth.

Referenced by try_transmission().

Here is the caller graph for this function:

◆ GSC_KX_handle_client_monitor_peers()

void GSC_KX_handle_client_monitor_peers ( struct GNUNET_MQ_Handle mq)

Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.

For this request type, the client does not have to have transmitted an INIT request. All current peers are returned, regardless of which message types they accept.

Parameters
mqmessage queue to add for monitoring

Definition at line 1908 of file gnunet-service-core_kx.c.

1909 {
1910  struct GNUNET_MQ_Envelope *env;
1911  struct MonitorNotifyMessage *done_msg;
1912  struct GSC_KeyExchangeInfo *kx;
1913 
1914  GNUNET_notification_context_add (nc, mq);
1915  for (kx = kx_head; NULL != kx; kx = kx->next)
1916  {
1917  struct GNUNET_MQ_Envelope *env;
1918  struct MonitorNotifyMessage *msg;
1919 
1920  env = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
1921  msg->state = htonl ((uint32_t) kx->status);
1922  msg->peer = *kx->peer;
1923  msg->timeout = GNUNET_TIME_absolute_hton (kx->timeout);
1924  GNUNET_MQ_send (mq, env);
1925  }
1926  env = GNUNET_MQ_msg (done_msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
1927  done_msg->state = htonl ((uint32_t) GNUNET_CORE_KX_ITERATION_FINISHED);
1928  done_msg->timeout = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
1929  GNUNET_MQ_send (mq, env);
1930 }
GNUNET_CORE_KX_ITERATION_FINISHED
@ GNUNET_CORE_KX_ITERATION_FINISHED
This is not a state in a peer's state machine, but a special value used with the GNUNET_CORE_MonitorC...
Definition: gnunet_core_service.h:341
GNUNET_notification_context_add
void GNUNET_notification_context_add(struct GNUNET_NotificationContext *nc, struct GNUNET_MQ_Handle *mq)
Add a subscriber to the notification context.
Definition: nc.c:161
MonitorNotifyMessage::state
uint32_t state
New peer state, an enum GNUNET_CORE_KxState in NBO.
Definition: core.h:311
MonitorNotifyMessage::timeout
struct GNUNET_TIME_AbsoluteNBO timeout
How long will we stay in this state (if nothing else happens)?
Definition: core.h:321

Referenced by handle_client_monitor_peers().

Here is the caller graph for this function:

Variable Documentation

◆ transport

struct GNUNET_TRANSPORT_CoreHandle* transport
static

Transport service.

Definition at line 251 of file gnunet-service-core_kx.c.

Referenced by GSC_KX_done(), GSC_KX_init(), GST_blacklist_add_peer(), and print_info().

◆ my_private_key

struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key
static

Our private key.

Definition at line 251 of file gnunet-service-core_kx.c.

Referenced by GSC_KX_done(), GSC_KX_init(), and sign_ephemeral_key().

◆ my_ephemeral_key

struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key
static

Our ephemeral private key.

Definition at line 251 of file gnunet-service-core_kx.c.

Referenced by derive_session_keys(), do_rekey(), GSC_KX_done(), GSC_KX_init(), and sign_ephemeral_key().

◆ current_ekm

struct EphemeralKeyMessage current_ekm
static

Current message we send for a key exchange.

Definition at line 251 of file gnunet-service-core_kx.c.

Referenced by do_rekey(), GSC_KX_init(), send_key(), and sign_ephemeral_key().

◆ kx_head

struct GSC_KeyExchangeInfo* kx_head
static

DLL head.

Definition at line 271 of file gnunet-service-core_kx.c.

Referenced by do_rekey(), handle_transport_notify_connect(), and handle_transport_notify_disconnect().

◆ kx_tail

struct GSC_KeyExchangeInfo* kx_tail
static

DLL tail.

Definition at line 276 of file gnunet-service-core_kx.c.

Referenced by handle_transport_notify_connect(), and handle_transport_notify_disconnect().

◆ rekey_task

struct GNUNET_SCHEDULER_Task* rekey_task
static

Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.

Definition at line 282 of file gnunet-service-core_kx.c.

Referenced by do_rekey(), GSC_KX_done(), and GSC_KX_init().

◆ nc

struct GNUNET_NotificationContext* nc
static

Notification context for broadcasting to monitors.

Definition at line 287 of file gnunet-service-core_kx.c.

Referenced by GSC_KX_done(), GSC_KX_init(), and monitor_notify_all().