code for managing the key exchange (SET_KEY, PING, PONG) with other peers More...

#include "platform.h"
#include "gnunet-service-core_kx.h"
#include "gnunet_transport_core_service.h"
#include "gnunet-service-core_sessions.h"
#include "gnunet-service-core.h"
#include "gnunet_constants.h"
#include "gnunet_signatures.h"
#include "gnunet_protocols.h"

Include dependency graph for gnunet-service-core_kx.c:

Data Structures
struct	EncryptedMessage
	Encapsulation for encrypted messages exchanged between peers. More...

struct	GSC_KeyExchangeInfo
	Information about the status of a key exchange with another peer. More...

Macros
#define	DEBUG_KX 0
	Enable expensive (and possibly problematic for privacy!) logging of KX. More...

#define	INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)
	How long do we wait for SET_KEY confirmation initially? More...

#define	MIN_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
	What is the minimum frequency for a PING message? More...

#define	REKEY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
	How often do we rekey? More...

#define	REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
	What time difference do we tolerate? More...

#define	MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS
	What is the maximum age of a message for us to consider processing it? Note that this looks at the timestamp used by the other peer, so clock skew between machines does come into play here. More...

#define	ENCRYPTED_HEADER_SIZE (offsetof (struct EncryptedMessage, sequence_number))
	Number of bytes (at the beginning) of `struct EncryptedMessage` that are NOT encrypted. More...

Functions
static uint32_t	calculate_seed (struct GSC_KeyExchangeInfo *kx)
	Calculate seed value we should use for a message. More...

static void	monitor_notify_all (struct GSC_KeyExchangeInfo *kx)
	Inform all monitors about the KX state of the given peer. More...

static void	derive_auth_key (struct GNUNET_CRYPTO_AuthKey akey, const struct GNUNET_CRYPTO_SymmetricSessionKey skey, uint32_t seed)
	Derive an authentication key from "set key" information. More...

static void	derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector iv, const struct GNUNET_CRYPTO_SymmetricSessionKey skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity)
	Derive an IV from packet information. More...

static void	derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector iv, const struct GNUNET_CRYPTO_SymmetricSessionKey skey, uint32_t seed, uint32_t challenge, const struct GNUNET_PeerIdentity *identity)
	Derive an IV from pong packet information. More...

static void	derive_aes_key (const struct GNUNET_PeerIdentity sender, const struct GNUNET_PeerIdentity receiver, const struct GNUNET_HashCode key_material, struct GNUNET_CRYPTO_SymmetricSessionKey skey)
	Derive an AES key from key material. More...

static int	do_encrypt (struct GSC_KeyExchangeInfo kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector iv, const void in, void out, size_t size)
	Encrypt size bytes from in and write the result to out. More...

static int	do_decrypt (struct GSC_KeyExchangeInfo kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector iv, const void in, void out, size_t size)
	Decrypt size bytes from in and write the result to out. More...

static void	send_key (struct GSC_KeyExchangeInfo *kx)
	Send our key (and encrypted PING) to the other peer. More...

static void	set_key_retry_task (void *cls)
	Task that will retry send_key() if our previous attempt failed. More...

static void	setup_fresh_ping (struct GSC_KeyExchangeInfo *kx)
	Create a fresh PING message for transmission to the other peer. More...

static int	deliver_message (void cls, const struct GNUNET_MessageHeader m)
	Deliver P2P message to interested clients. More...

static void *	handle_transport_notify_connect (void cls, const struct GNUNET_PeerIdentity pid, struct GNUNET_MQ_Handle *mq)
	Function called by transport to notify us that a peer connected to us (on the network level). More...

static void	handle_transport_notify_disconnect (void cls, const struct GNUNET_PeerIdentity peer, void *handler_cls)
	Function called by transport telling us that a peer disconnected. More...

static void	send_ping (struct GSC_KeyExchangeInfo *kx)
	Send our PING to the other peer. More...

static void	derive_session_keys (struct GSC_KeyExchangeInfo *kx)
	Derive fresh session keys from the current ephemeral keys. More...

static void	handle_ephemeral_key (void cls, const struct EphemeralKeyMessage m)
	We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message. More...

static void	send_keep_alive (void *cls)
	Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a PING). More...

static void	handle_ping (void cls, const struct PingMessage m)
	We received a PING message. More...

static void	update_timeout (struct GSC_KeyExchangeInfo *kx)
	We've seen a valid message from the other peer. More...

static void	handle_pong (void cls, const struct PongMessage m)
	We received a PONG message. More...

void	GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo kx, const void payload, size_t payload_size)
	Encrypt and transmit a message with the given payload. More...

static int	check_encrypted (void cls, const struct EncryptedMessage m)
	We received an encrypted message. More...

static void	handle_encrypted (void cls, const struct EncryptedMessage m)
	We received an encrypted message. More...

static void	sign_ephemeral_key ()
	Setup the message that links the ephemeral key to our persistent public key and generate the appropriate signature. More...

static void	do_rekey (void *cls)
	Task run to trigger rekeying. More...

int	GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
	Initialize KX subsystem. More...

void	GSC_KX_done ()
	Shutdown KX subsystem. More...

unsigned int	GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *kxinfo)
	Check how many messages are queued for the given neighbour. More...

int	GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *kxinfo)
	Check if the given neighbour has excess bandwidth available. More...

void	GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq)
	Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request. More...

Variables
static struct GNUNET_TRANSPORT_CoreHandle *	transport
	Transport service. More...

static struct GNUNET_CRYPTO_EddsaPrivateKey	my_private_key
	Our private key. More...

static struct GNUNET_CRYPTO_EcdhePrivateKey	my_ephemeral_key
	Our ephemeral private key. More...

static struct EphemeralKeyMessage	current_ekm
	Current message we send for a key exchange. More...

static struct GSC_KeyExchangeInfo *	kx_head
	DLL head. More...

static struct GSC_KeyExchangeInfo *	kx_tail
	DLL tail. More...

static struct GNUNET_SCHEDULER_Task *	rekey_task
	Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key. More...

static struct GNUNET_NotificationContext *	nc
	Notification context for broadcasting to monitors. More...

Detailed Description

code for managing the key exchange (SET_KEY, PING, PONG) with other peers

Author: Christian Grothoff

Definition in file gnunet-service-core_kx.c.

Macro Definition Documentation

◆ DEBUG_KX

#define DEBUG_KX 0

Enable expensive (and possibly problematic for privacy!) logging of KX.

Definition at line 39 of file gnunet-service-core_kx.c.

◆ INITIAL_SET_KEY_RETRY_FREQUENCY

#define INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)

How long do we wait for SET_KEY confirmation initially?

Definition at line 44 of file gnunet-service-core_kx.c.

◆ MIN_PING_FREQUENCY

#define MIN_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)

What is the minimum frequency for a PING message?

Definition at line 50 of file gnunet-service-core_kx.c.

◆ REKEY_FREQUENCY

#define REKEY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)

How often do we rekey?

Definition at line 56 of file gnunet-service-core_kx.c.

◆ REKEY_TOLERANCE

#define REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)

What time difference do we tolerate?

Definition at line 62 of file gnunet-service-core_kx.c.

◆ MAX_MESSAGE_AGE

#define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS

What is the maximum age of a message for us to consider processing it? Note that this looks at the timestamp used by the other peer, so clock skew between machines does come into play here.

So this should be picked high enough so that a little bit of clock skew does not prevent peers from connecting to us.

Definition at line 72 of file gnunet-service-core_kx.c.

◆ ENCRYPTED_HEADER_SIZE

#define ENCRYPTED_HEADER_SIZE (offsetof (struct EncryptedMessage, sequence_number))

Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted.

Definition at line 126 of file gnunet-service-core_kx.c.

Function Documentation

◆ calculate_seed()

static uint32_t calculate_seed ( struct GSC_KeyExchangeInfo * kx )

static

Calculate seed value we should use for a message.

Parameters

kx	key exchange context

Definition at line 294 of file gnunet-service-core_kx.c.

{
  /* Note: may want to make this non-random and instead
     derive from key material to avoid having an undetectable
     side-channel */
  return htonl (
    GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX));
}

References GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_u32().

Referenced by GSC_KX_encrypt_and_transmit(), handle_ping(), and setup_fresh_ping().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ monitor_notify_all()

static void monitor_notify_all ( struct GSC_KeyExchangeInfo * kx )

static

Inform all monitors about the KX state of the given peer.

Parameters

kx	key exchange state to inform about

Definition at line 310 of file gnunet-service-core_kx.c.

{
  struct MonitorNotifyMessage msg;
 
  msg.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
  msg.header.size = htons (sizeof(msg));
  msg.state = htonl ((uint32_t) kx->status);
  msg.peer = *kx->peer;
  msg.timeout = GNUNET_TIME_absolute_hton (kx->timeout);
  GNUNET_notification_context_broadcast (nc, &msg.header, GNUNET_NO);
  kx->last_notify_timeout = kx->timeout;
}

References GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY, GNUNET_NO, GNUNET_notification_context_broadcast(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::last_notify_timeout, msg, nc, GSC_KeyExchangeInfo::peer, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::timeout, and GNUNET_MessageHeader::type.

Referenced by do_rekey(), handle_encrypted(), handle_ephemeral_key(), handle_pong(), handle_transport_notify_connect(), handle_transport_notify_disconnect(), send_keep_alive(), and update_timeout().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ derive_auth_key()

static void derive_auth_key	(	struct GNUNET_CRYPTO_AuthKey *	akey,
		const struct GNUNET_CRYPTO_SymmetricSessionKey *	skey,
		uint32_t	seed
	)

static

Derive an authentication key from "set key" information.

Parameters

akey	authentication key to derive
skey	session key to use
seed	seed to use

Definition at line 332 of file gnunet-service-core_kx.c.

{
  static const char ctx[] = "authentication key";
 
#if DEBUG_KX
  struct GNUNET_HashCode sh;
 
  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Deriving Auth key from SKEY %s and seed %u\n",
              GNUNET_h2s (&sh),
              (unsigned int) seed);
#endif
  GNUNET_CRYPTO_hmac_derive_key (akey,
                                 skey,
                                 &seed,
                                 sizeof(seed),
                                 skey,
                                 sizeof(
                                   struct GNUNET_CRYPTO_SymmetricSessionKey),
                                 ctx,
                                 sizeof(ctx),
                                 NULL);
}

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac_derive_key(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_log, and sh.

Referenced by GSC_KX_encrypt_and_transmit(), and handle_encrypted().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ derive_iv()

static void derive_iv	(	struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv,
		const struct GNUNET_CRYPTO_SymmetricSessionKey *	skey,
		uint32_t	seed,
		const struct GNUNET_PeerIdentity *	identity
	)

static

Derive an IV from packet information.

Parameters

iv	initialization vector to initialize
skey	session key to use
seed	seed to use
identity	identity of the other peer to use

Definition at line 369 of file gnunet-service-core_kx.c.

{
  static const char ctx[] = "initialization vector";
 
#if DEBUG_KX
  struct GNUNET_HashCode sh;
 
  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Deriving IV from SKEY %s and seed %u for peer %s\n",
              GNUNET_h2s (&sh),
              (unsigned int) seed,
              GNUNET_i2s (identity));
#endif
  GNUNET_CRYPTO_symmetric_derive_iv (iv,
                                     skey,
                                     &seed,
                                     sizeof(seed),
                                     identity,
                                     sizeof(struct GNUNET_PeerIdentity),
                                     ctx,
                                     sizeof(ctx),
                                     NULL);
}

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_symmetric_derive_iv(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, identity, and sh.

Referenced by GSC_KX_encrypt_and_transmit(), handle_encrypted(), handle_ping(), and setup_fresh_ping().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ derive_pong_iv()

static void derive_pong_iv	(	struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv,
		const struct GNUNET_CRYPTO_SymmetricSessionKey *	skey,
		uint32_t	seed,
		uint32_t	challenge,
		const struct GNUNET_PeerIdentity *	identity
	)

static

Derive an IV from pong packet information.

Parameters

iv	initialization vector to initialize
skey	session key to use
seed	seed to use
challenge	nonce to use
identity	identity of the other peer to use

Definition at line 408 of file gnunet-service-core_kx.c.

{
  static const char ctx[] = "pong initialization vector";
 
#if DEBUG_KX
  struct GNUNET_HashCode sh;
 
  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
              GNUNET_h2s (&sh),
              (unsigned int) seed,
              (unsigned int) challenge,
              GNUNET_i2s (identity));
#endif
  GNUNET_CRYPTO_symmetric_derive_iv (iv,
                                     skey,
                                     &seed,
                                     sizeof(seed),
                                     identity,
                                     sizeof(struct GNUNET_PeerIdentity),
                                     &challenge,
                                     sizeof(challenge),
                                     ctx,
                                     sizeof(ctx),
                                     NULL);
}

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_symmetric_derive_iv(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, identity, and sh.

Referenced by handle_ping(), and handle_pong().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ derive_aes_key()

static void derive_aes_key	(	const struct GNUNET_PeerIdentity *	sender,
		const struct GNUNET_PeerIdentity *	receiver,
		const struct GNUNET_HashCode *	key_material,
		struct GNUNET_CRYPTO_SymmetricSessionKey *	skey
	)

static

Derive an AES key from key material.

Parameters

sender	peer identity of the sender
receiver	peer identity of the sender
key_material	high entropy key material to use
skey	set to derived session key

Definition at line 450 of file gnunet-service-core_kx.c.

{
  static const char ctx[] = "aes key generation vector";
 
#if DEBUG_KX
  struct GNUNET_HashCode sh;
 
  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Deriving AES Keys for %s to %s from %s\n",
              GNUNET_i2s (sender),
              GNUNET_i2s2 (receiver),
              GNUNET_h2s (key_material));
#endif
  GNUNET_CRYPTO_kdf (skey,
                     sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
                     ctx,
                     sizeof(ctx),
                     key_material,
                     sizeof(struct GNUNET_HashCode),
                     sender,
                     sizeof(struct GNUNET_PeerIdentity),
                     receiver,
                     sizeof(struct GNUNET_PeerIdentity),
                     NULL);
}

References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_kdf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_log, receiver(), and sh.

Referenced by derive_session_keys().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ do_encrypt()

static int do_encrypt	(	struct GSC_KeyExchangeInfo *	kx,
		const struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv,
		const void *	in,
		void *	out,
		size_t	size
	)

static

Encrypt size bytes from in and write the result to out.

Use the kx key for outbound traffic of the given neighbour.

Parameters

kx	key information context
iv	initialization vector to use
in	ciphertext
out	plaintext
size	size of in / out

Returns: GNUNET_OK on success

Definition at line 494 of file gnunet-service-core_kx.c.

{
  if (size != (uint16_t) size)
  {
    GNUNET_break (0);
    return GNUNET_NO;
  }
  GNUNET_assert (size == GNUNET_CRYPTO_symmetric_encrypt (in,
                                                          (uint16_t) size,
                                                          &kx->encrypt_key,
                                                          iv,
                                                          out));
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# bytes encrypted"),
                            size,
                            GNUNET_NO);
  /* the following is too sensitive to write to log files by accident,
     so we require manual intervention to get this one... */
#if DEBUG_KX
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Encrypted %u bytes for `%s' using key %s, IV %u\n",
              (unsigned int) size,
              GNUNET_i2s (kx->peer),
              kx->encrypt_key.aes_key,
              GNUNET_CRYPTO_crc32_n (iv, sizeof(iv)));
#endif
  return GNUNET_OK;
}

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GSC_KeyExchangeInfo::encrypt_key, gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_crc32_n(), GNUNET_CRYPTO_symmetric_encrypt(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_stats, GSC_KeyExchangeInfo::peer, and size.

Referenced by GSC_KX_encrypt_and_transmit(), handle_ping(), and setup_fresh_ping().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ do_decrypt()

static int do_decrypt	(	struct GSC_KeyExchangeInfo *	kx,
		const struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv,
		const void *	in,
		void *	out,
		size_t	size
	)

static

Decrypt size bytes from in and write the result to out.

Use the kx key for inbound traffic of the given neighbour. This function does NOT do any integrity-checks on the result.

Parameters

kx	key information context
iv	initialization vector to use
in	ciphertext
out	plaintext
size	size of in / out

Returns: GNUNET_OK on success

Definition at line 541 of file gnunet-service-core_kx.c.

{
  if (size != (uint16_t) size)
  {
    GNUNET_break (0);
    return GNUNET_NO;
  }
  if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) &&
      (kx->status != GNUNET_CORE_KX_STATE_UP) &&
      (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT))
  {
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }
  if (size != GNUNET_CRYPTO_symmetric_decrypt (in,
                                               (uint16_t) size,
                                               &kx->decrypt_key,
                                               iv,
                                               out))
  {
    GNUNET_break (0);
    return GNUNET_SYSERR;
  }
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# bytes decrypted"),
                            size,
                            GNUNET_NO);
  /* the following is too sensitive to write to log files by accident,
     so we require manual intervention to get this one... */
#if DEBUG_KX
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Decrypted %u bytes from `%s' using key %s, IV %u\n",
              (unsigned int) size,
              GNUNET_i2s (kx->peer),
              kx->decrypt_key.aes_key,
              GNUNET_CRYPTO_crc32_n (iv, sizeof(*iv)));
#endif
  return GNUNET_OK;
}

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GSC_KeyExchangeInfo::decrypt_key, gettext_noop, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_crc32_n(), GNUNET_CRYPTO_symmetric_decrypt(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GNUNET_SYSERR, GSC_stats, GSC_KeyExchangeInfo::peer, size, and GSC_KeyExchangeInfo::status.

Referenced by handle_encrypted(), handle_ping(), and handle_pong().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ send_key()

static void send_key ( struct GSC_KeyExchangeInfo * kx )

static

Send our key (and encrypted PING) to the other peer.

Send our key to the other peer.

Parameters

kx	key exchange context

Definition at line 1385 of file gnunet-service-core_kx.c.

{
  struct GNUNET_MQ_Envelope *env;
 
  GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status);
  if (NULL != kx->retry_set_key_task)
  {
    GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
    kx->retry_set_key_task = NULL;
  }
  /* always update sender status in SET KEY message */
#if DEBUG_KX
  {
    struct GNUNET_HashCode hc;
 
    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
                        sizeof(current_ekm.ephemeral_key),
                        &hc);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n",
                GNUNET_h2s (&hc),
                GNUNET_i2s (kx->peer),
                kx->status);
  }
#endif
  current_ekm.sender_status = htonl ((int32_t) (kx->status));
  env = GNUNET_MQ_msg_copy (&current_ekm.header);
  GNUNET_MQ_send (kx->mq, env);
  if (GNUNET_CORE_KX_STATE_KEY_SENT != kx->status)
    send_ping (kx);
  kx->retry_set_key_task =
    GNUNET_SCHEDULER_add_delayed (kx->set_key_retry_frequency,
                                  &set_key_retry_task,
                                  kx);
}

References current_ekm, env, EphemeralKeyMessage::ephemeral_key, GNUNET_assert, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, GNUNET_MQ_msg_copy(), GNUNET_MQ_send(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), EphemeralKeyMessage::header, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::retry_set_key_task, send_ping(), EphemeralKeyMessage::sender_status, GSC_KeyExchangeInfo::set_key_retry_frequency, set_key_retry_task(), and GSC_KeyExchangeInfo::status.

Referenced by do_rekey(), handle_encrypted(), handle_ephemeral_key(), handle_transport_notify_connect(), send_keep_alive(), and set_key_retry_task().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ set_key_retry_task()

static void set_key_retry_task ( void * cls )

static

Task that will retry send_key() if our previous attempt failed.

Parameters

cls	our `struct GSC_KeyExchangeInfo`

Definition at line 601 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
 
  kx->retry_set_key_task = NULL;
  kx->set_key_retry_frequency =
    GNUNET_TIME_STD_BACKOFF (kx->set_key_retry_frequency);
  GNUNET_assert (GNUNET_CORE_KX_STATE_DOWN != kx->status);
  send_key (kx);
}

References GNUNET_assert, GNUNET_CORE_KX_STATE_DOWN, GNUNET_TIME_STD_BACKOFF, GSC_KeyExchangeInfo::retry_set_key_task, send_key(), GSC_KeyExchangeInfo::set_key_retry_frequency, and GSC_KeyExchangeInfo::status.

Referenced by handle_transport_notify_connect(), and send_key().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setup_fresh_ping()

static void setup_fresh_ping ( struct GSC_KeyExchangeInfo * kx )

static

Create a fresh PING message for transmission to the other peer.

Parameters

kx	key exchange context to create PING for

Definition at line 619 of file gnunet-service-core_kx.c.

{
  struct PingMessage pp;
  struct PingMessage *pm;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
 
  pm = &kx->ping;
  kx->ping_challenge =
    GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, UINT32_MAX);
  pm->header.size = htons (sizeof(struct PingMessage));
  pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING);
  pm->iv_seed = calculate_seed (kx);
  derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, kx->peer);
  pp.challenge = kx->ping_challenge;
  pp.target = *kx->peer;
  do_encrypt (kx,
              &iv,
              &pp.target,
              &pm->target,
              sizeof(struct PingMessage)
              - ((void *) &pm->target - (void *) pm));
}

References calculate_seed(), PingMessage::challenge, derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_u32(), GNUNET_MESSAGE_TYPE_CORE_PING, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::ping, GSC_KeyExchangeInfo::ping_challenge, pm, and PingMessage::target.

Referenced by derive_session_keys(), and send_keep_alive().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ deliver_message()

static int deliver_message	(	void *	cls,
		const struct GNUNET_MessageHeader *	m
	)

static

Deliver P2P message to interested clients.

Invokes send twice, once for clients that want the full message, and once for clients that only want the header

Parameters

cls	the `struct GSC_KeyExchangeInfo`
m	the message

Returns: GNUNET_OK on success, GNUNET_NO to stop further processing (no error) GNUNET_SYSERR to stop further processing with error

Definition at line 655 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Decrypted message of type %d from %s\n",
              ntohs (m->type),
              GNUNET_i2s (kx->peer));
  if (GNUNET_CORE_KX_STATE_UP != kx->status)
  {
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop ("# PAYLOAD dropped (out of order)"),
                              1,
                              GNUNET_NO);
    return GNUNET_OK;
  }
  switch (ntohs (m->type))
  {
  case GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP:
  case GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP:
    GSC_SESSIONS_set_typemap (kx->peer, m);
    return GNUNET_OK;
 
  case GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP:
    GSC_SESSIONS_confirm_typemap (kx->peer, m);
    return GNUNET_OK;
 
  default:
    GSC_CLIENTS_deliver_message (kx->peer,
                                 m,
                                 ntohs (m->size),
                                 GNUNET_CORE_OPTION_SEND_FULL_INBOUND);
    GSC_CLIENTS_deliver_message (kx->peer,
                                 m,
                                 sizeof(struct GNUNET_MessageHeader),
                                 GNUNET_CORE_OPTION_SEND_HDR_INBOUND);
  }
  return GNUNET_OK;
}

References gettext_noop, GNUNET_CORE_KX_STATE_UP, GNUNET_CORE_OPTION_SEND_FULL_INBOUND, GNUNET_CORE_OPTION_SEND_HDR_INBOUND, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP, GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP, GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_CLIENTS_deliver_message(), GSC_SESSIONS_confirm_typemap(), GSC_SESSIONS_set_typemap(), GSC_stats, m, GSC_KeyExchangeInfo::peer, and GSC_KeyExchangeInfo::status.

Referenced by handle_transport_notify_connect().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handle_transport_notify_connect()

static void * handle_transport_notify_connect	(	void *	cls,
		const struct GNUNET_PeerIdentity *	pid,
		struct GNUNET_MQ_Handle *	mq
	)

static

Function called by transport to notify us that a peer connected to us (on the network level).

Starts the key exchange with the given peer.

Parameters

cls	closure (NULL)
pid	identity of the peer to do a key exchange with

Returns: key exchange information context

Definition at line 706 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx;
  struct GNUNET_HashCode h1;
  struct GNUNET_HashCode h2;
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Initiating key exchange with `%s'\n",
              GNUNET_i2s (pid));
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# key exchanges initiated"),
                            1,
                            GNUNET_NO);
  
  kx = GNUNET_new (struct GSC_KeyExchangeInfo);
  kx->mst = GNUNET_MST_create (&deliver_message, kx);
  kx->mq = mq;
  kx->peer = pid;
  kx->set_key_retry_frequency = INITIAL_SET_KEY_RETRY_FREQUENCY;
  GNUNET_CONTAINER_DLL_insert (kx_head, kx_tail, kx);
  kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
  monitor_notify_all (kx);
  GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
  GNUNET_CRYPTO_hash (&GSC_my_identity,
                      sizeof(struct GNUNET_PeerIdentity),
                      &h2);
  if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
  {
    /* peer with "lower" identity starts KX, otherwise we typically end up
       with both peers starting the exchange and transmit the 'set key'
       message twice */
    send_key (kx);
  }
  else
  {
    /* peer with "higher" identity starts a delayed KX, if the "lower" peer
     * does not start a KX since it sees no reasons to do so  */
    kx->retry_set_key_task =
      GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
                                    &set_key_retry_task,
                                    kx);
  }
  return kx;
}

References deliver_message(), gettext_noop, GNUNET_CONTAINER_DLL_insert, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MST_create(), GNUNET_new, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_UNIT_SECONDS, GSC_my_identity, GSC_stats, INITIAL_SET_KEY_RETRY_FREQUENCY, kx_head, kx_tail, monitor_notify_all(), mq, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, pid, GSC_KeyExchangeInfo::retry_set_key_task, send_key(), GSC_KeyExchangeInfo::set_key_retry_frequency, set_key_retry_task(), and GSC_KeyExchangeInfo::status.

Referenced by GSC_KX_init().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handle_transport_notify_disconnect()

static void handle_transport_notify_disconnect	(	void *	cls,
		const struct GNUNET_PeerIdentity *	peer,
		void *	handler_cls
	)

static

Function called by transport telling us that a peer disconnected.

Stop key exchange with the given peer. Clean up key material.

Parameters

cls	closure
peer	the peer that disconnected
handler_cls	the `struct GSC_KeyExchangeInfo` of the peer

Definition at line 764 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = handler_cls;
 
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Peer `%s' disconnected from us.\n",
              GNUNET_i2s (peer));
  GSC_SESSIONS_end (kx->peer);
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# key exchanges stopped"),
                            1,
                            GNUNET_NO);
  if (NULL != kx->retry_set_key_task)
  {
    GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
    kx->retry_set_key_task = NULL;
  }
  if (NULL != kx->keep_alive_task)
  {
    GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
    kx->keep_alive_task = NULL;
  }
  kx->status = GNUNET_CORE_KX_PEER_DISCONNECT;
  monitor_notify_all (kx);
  GNUNET_CONTAINER_DLL_remove (kx_head, kx_tail, kx);
  GNUNET_MST_destroy (kx->mst);
  GNUNET_free (kx);
}

References gettext_noop, GNUNET_CONTAINER_DLL_remove, GNUNET_CORE_KX_PEER_DISCONNECT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_MST_destroy(), GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, kx_head, kx_tail, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::retry_set_key_task, and GSC_KeyExchangeInfo::status.

Referenced by GSC_KX_init().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ send_ping()

static void send_ping ( struct GSC_KeyExchangeInfo * kx )

static

Send our PING to the other peer.

Parameters

kx	key exchange context

Definition at line 802 of file gnunet-service-core_kx.c.

{
  struct GNUNET_MQ_Envelope *env;
 
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# PING messages transmitted"),
                            1,
                            GNUNET_NO);
  env = GNUNET_MQ_msg_copy (&kx->ping.header);
  GNUNET_MQ_send (kx->mq, env);
}

References env, gettext_noop, GNUNET_MQ_msg_copy(), GNUNET_MQ_send(), GNUNET_NO, GNUNET_STATISTICS_update(), GSC_stats, PingMessage::header, GSC_KeyExchangeInfo::mq, and GSC_KeyExchangeInfo::ping.

Referenced by handle_ephemeral_key(), send_keep_alive(), and send_key().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ derive_session_keys()

static void derive_session_keys ( struct GSC_KeyExchangeInfo * kx )

static

Derive fresh session keys from the current ephemeral keys.

Parameters

kx	session to derive keys for

Definition at line 821 of file gnunet-service-core_kx.c.

{
  struct GNUNET_HashCode key_material;
 
  if (GNUNET_OK !=
      GNUNET_CRYPTO_ecc_ecdh (&my_ephemeral_key,
                              &kx->other_ephemeral_key,
                              &key_material))
  {
    GNUNET_break (0);
    return;
  }
  derive_aes_key (&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key);
  derive_aes_key (kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key);
  memset (&key_material, 0, sizeof(key_material));
  /* fresh key, reset sequence numbers */
  kx->last_sequence_number_received = 0;
  kx->last_packets_bitmap = 0;
  setup_fresh_ping (kx);
}

References GSC_KeyExchangeInfo::decrypt_key, derive_aes_key(), GSC_KeyExchangeInfo::encrypt_key, GNUNET_break, GNUNET_CRYPTO_ecc_ecdh(), GNUNET_OK, GSC_my_identity, GSC_KeyExchangeInfo::last_packets_bitmap, GSC_KeyExchangeInfo::last_sequence_number_received, my_ephemeral_key, GSC_KeyExchangeInfo::other_ephemeral_key, GSC_KeyExchangeInfo::peer, and setup_fresh_ping().

Referenced by do_rekey(), and handle_ephemeral_key().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handle_ephemeral_key()

static void handle_ephemeral_key	(	void *	cls,
		const struct EphemeralKeyMessage *	m
	)

static

We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message.

Validate and update our key material and status.

Parameters

cls	key exchange status for the corresponding peer
m	the set key message we received

Definition at line 851 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
  struct GNUNET_TIME_Absolute start_t;
  struct GNUNET_TIME_Absolute end_t;
  struct GNUNET_TIME_Absolute now;
  enum GNUNET_CORE_KxState sender_status;
  enum GNUNET_GenericReturnValue do_verify = GNUNET_YES;
 
  end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time);
  if (((GNUNET_CORE_KX_STATE_KEY_RECEIVED == kx->status) ||
       (GNUNET_CORE_KX_STATE_UP == kx->status) ||
       (GNUNET_CORE_KX_STATE_REKEY_SENT == kx->status)) &&
      (end_t.abs_value_us < kx->foreign_key_expires.abs_value_us))
  {
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop ("# old ephemeral keys ignored"),
                              1,
                              GNUNET_NO);
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Received expired EPHEMERAL_KEY from %s\n",
                GNUNET_i2s (&m->origin_identity));
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  if (0 == memcmp (&m->ephemeral_key,
                   &kx->other_ephemeral_key,
                   sizeof(m->ephemeral_key)))
  {
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# duplicate ephemeral keys. Not verifying."),
                              1,
                              GNUNET_NO);
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Duplicate EPHEMERAL_KEY from %s, do not verify\n",
                GNUNET_i2s (&m->origin_identity));
    do_verify = GNUNET_NO;
  }
  if (0 != memcmp (&m->origin_identity,
                   kx->peer,
                   sizeof(struct GNUNET_PeerIdentity)))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Received EPHEMERAL_KEY from %s, but expected %s\n",
                GNUNET_i2s (&m->origin_identity),
                GNUNET_i2s_full (kx->peer));
    GNUNET_break_op (0);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  if (do_verify && ((ntohl (m->purpose.size) !=
       sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
       + sizeof(struct GNUNET_TIME_AbsoluteNBO)
       + sizeof(struct GNUNET_TIME_AbsoluteNBO)
       + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
       + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
      (GNUNET_OK !=
       GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY,
                                    &m->purpose,
                                    &m->signature,
                                    &m->origin_identity.public_key))))
  {
    /* invalid signature */
    GNUNET_break_op (0);
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# EPHEMERAL_KEYs rejected (bad signature)"),
                              1,
                              GNUNET_NO);
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Received EPHEMERAL_KEY from %s with bad signature\n",
                GNUNET_i2s (&m->origin_identity));
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  now = GNUNET_TIME_absolute_get ();
  start_t = GNUNET_TIME_absolute_ntoh (m->creation_time);
  if ((end_t.abs_value_us <
       GNUNET_TIME_absolute_subtract (now, REKEY_TOLERANCE).abs_value_us) ||
      (start_t.abs_value_us >
       GNUNET_TIME_absolute_add (now, REKEY_TOLERANCE).abs_value_us))
  {
    GNUNET_log (
      GNUNET_ERROR_TYPE_WARNING,
      _ (
        "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"),
      GNUNET_i2s (kx->peer),
      (unsigned long long) now.abs_value_us,
      (unsigned long long) start_t.abs_value_us,
      (unsigned long long) end_t.abs_value_us);
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# EPHEMERAL_KEY messages rejected due to time"),
                              1,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
#if DEBUG_KX
  {
    struct GNUNET_HashCode eh;
 
    GNUNET_CRYPTO_hash (&m->ephemeral_key, sizeof(m->ephemeral_key), &eh);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n",
                GNUNET_h2s (&eh),
                GNUNET_i2s (kx->peer),
                kx->status);
  }
#endif
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# valid ephemeral keys received"),
                            1,
                            GNUNET_NO);
  kx->other_ephemeral_key = m->ephemeral_key;
  kx->foreign_key_expires = end_t;
  derive_session_keys (kx);
 
  /* check if we still need to send the sender our key */
  sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status);
  switch (sender_status)
  {
  case GNUNET_CORE_KX_STATE_DOWN:
    GNUNET_break_op (0);
    break;
 
  case GNUNET_CORE_KX_STATE_KEY_SENT:
    /* fine, need to send our key after updating our status, see below */
    GSC_SESSIONS_reinit (kx->peer);
    break;
 
  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
    /* other peer already got our key, but typemap did go down */
    GSC_SESSIONS_reinit (kx->peer);
    break;
 
  case GNUNET_CORE_KX_STATE_UP:
    /* other peer already got our key, typemap NOT down */
    break;
 
  case GNUNET_CORE_KX_STATE_REKEY_SENT:
    /* other peer already got our key, typemap NOT down */
    break;
 
  default:
    GNUNET_break (0);
    break;
  }
  /* check if we need to confirm everything is fine via PING + PONG */
  switch (kx->status)
  {
  case GNUNET_CORE_KX_STATE_DOWN:
    GNUNET_assert (NULL == kx->keep_alive_task);
    kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED;
    monitor_notify_all (kx);
    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
      send_key (kx);
    else
      send_ping (kx);
    break;
 
  case GNUNET_CORE_KX_STATE_KEY_SENT:
    GNUNET_assert (NULL == kx->keep_alive_task);
    kx->status = GNUNET_CORE_KX_STATE_KEY_RECEIVED;
    monitor_notify_all (kx);
    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
      send_key (kx);
    else
      send_ping (kx);
    break;
 
  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
    GNUNET_assert (NULL == kx->keep_alive_task);
    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
      send_key (kx);
    else
      send_ping (kx);
    break;
 
  case GNUNET_CORE_KX_STATE_UP:
    kx->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
    monitor_notify_all (kx);
    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
      send_key (kx);
    else
      send_ping (kx);
    break;
 
  case GNUNET_CORE_KX_STATE_REKEY_SENT:
    if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
      send_key (kx);
    else
      send_ping (kx);
    break;
 
  default:
    GNUNET_break (0);
    break;
  }
  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
}

References _, GNUNET_TIME_Absolute::abs_value_us, derive_session_keys(), GSC_KeyExchangeInfo::foreign_key_expires, gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_eddsa_verify_(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_h2s(), GNUNET_i2s(), GNUNET_i2s_full(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_ntoh(), GNUNET_TIME_absolute_subtract(), GNUNET_YES, GSC_SESSIONS_reinit(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, m, monitor_notify_all(), GSC_KeyExchangeInfo::other_ephemeral_key, GSC_KeyExchangeInfo::peer, REKEY_TOLERANCE, send_key(), send_ping(), GSC_KeyExchangeInfo::status, and transport.

Here is the call graph for this function:

◆ send_keep_alive()

static void send_keep_alive ( void * cls )

static

Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a PING).

Parameters

cls	the `struct GSC_KeyExchangeInfo`

Definition at line 1159 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
  struct GNUNET_TIME_Relative retry;
  struct GNUNET_TIME_Relative left;
 
  kx->keep_alive_task = NULL;
  left = GNUNET_TIME_absolute_get_remaining (kx->timeout);
  if (0 == left.rel_value_us)
  {
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop ("# sessions terminated by timeout"),
                              1,
                              GNUNET_NO);
    GSC_SESSIONS_end (kx->peer);
    kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
    monitor_notify_all (kx);
    send_key (kx);
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Sending KEEPALIVE to `%s'\n",
              GNUNET_i2s (kx->peer));
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# keepalive messages sent"),
                            1,
                            GNUNET_NO);
  setup_fresh_ping (kx);
  send_ping (kx);
  retry = GNUNET_TIME_relative_max (GNUNET_TIME_relative_divide (left, 2),
                                    MIN_PING_FREQUENCY);
  kx->keep_alive_task =
    GNUNET_SCHEDULER_add_delayed (retry, &send_keep_alive, kx);
}

References gettext_noop, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_get_remaining(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_max(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, MIN_PING_FREQUENCY, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GNUNET_TIME_Relative::rel_value_us, send_keep_alive(), send_key(), send_ping(), setup_fresh_ping(), GSC_KeyExchangeInfo::status, and GSC_KeyExchangeInfo::timeout.

Referenced by handle_ping(), send_keep_alive(), and update_timeout().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handle_ping()

static void handle_ping	(	void *	cls,
		const struct PingMessage *	m
	)

static

We received a PING message.

Validate and transmit a PONG message.

Parameters

cls	key exchange status for the corresponding peer
m	the encrypted PING message itself

Definition at line 1067 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
  struct PingMessage t;
  struct PongMessage tx;
  struct PongMessage *tp;
  struct GNUNET_MQ_Envelope *env;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
 
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# PING messages received"),
                            1,
                            GNUNET_NO);
  if ((kx->status != GNUNET_CORE_KX_STATE_KEY_RECEIVED) &&
      (kx->status != GNUNET_CORE_KX_STATE_UP) &&
      (kx->status != GNUNET_CORE_KX_STATE_REKEY_SENT))
  {
    /* ignore */
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# PING messages dropped (out of order)"),
                              1,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Core service receives PING request from `%s'.\n",
              GNUNET_i2s (kx->peer));
  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
  if (GNUNET_OK != do_decrypt (kx,
                               &iv,
                               &m->target,
                               &t.target,
                               sizeof(struct PingMessage)
                               - ((void *) &m->target - (void *) m)))
  {
    GNUNET_break_op (0);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  if (0 !=
      memcmp (&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity)))
  {
    if (GNUNET_CORE_KX_STATE_REKEY_SENT != kx->status)
      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                  "Decryption of PING from peer `%s' failed, PING for `%s'?\n",
                  GNUNET_i2s (kx->peer),
                  GNUNET_i2s2 (&t.target));
    else
      GNUNET_log (
        GNUNET_ERROR_TYPE_DEBUG,
        "Decryption of PING from peer `%s' failed after rekey (harmless)\n",
        GNUNET_i2s (kx->peer));
    GNUNET_break_op (0);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  /* construct PONG */
  tx.reserved = 0;
  tx.challenge = t.challenge;
  tx.target = t.target;
  env = GNUNET_MQ_msg (tp, GNUNET_MESSAGE_TYPE_CORE_PONG);
  tp->iv_seed = calculate_seed (kx);
  derive_pong_iv (&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer);
  do_encrypt (kx,
              &iv,
              &tx.challenge,
              &tp->challenge,
              sizeof(struct PongMessage)
              - ((void *) &tp->challenge - (void *) tp));
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# PONG messages created"),
                            1,
                            GNUNET_NO);
  GNUNET_MQ_send (kx->mq, env);
  if (NULL != kx->keep_alive_task)
  {
    GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
    kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed (MIN_PING_FREQUENCY, &send_keep_alive, kx);
  }
  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
}

References calculate_seed(), PongMessage::challenge, GSC_KeyExchangeInfo::decrypt_key, derive_iv(), derive_pong_iv(), do_decrypt(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, env, gettext_noop, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_i2s2(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_my_identity, GSC_stats, PongMessage::iv_seed, GSC_KeyExchangeInfo::keep_alive_task, m, MIN_PING_FREQUENCY, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, PongMessage::reserved, send_keep_alive(), GSC_KeyExchangeInfo::status, t, PongMessage::target, and transport.

Here is the call graph for this function:

◆ update_timeout()

static void update_timeout ( struct GSC_KeyExchangeInfo * kx )

static

We've seen a valid message from the other peer.

Update the time when the session would time out and delay sending our keep alive message further.

Parameters

kx	key exchange where we saw activity

Definition at line 1203 of file gnunet-service-core_kx.c.

{
  struct GNUNET_TIME_Relative delta;
 
  kx->timeout =
    GNUNET_TIME_relative_to_absolute (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT);
  delta =
    GNUNET_TIME_absolute_get_difference (kx->last_notify_timeout, kx->timeout);
  if (delta.rel_value_us > 5LL * 1000LL * 1000LL)
  {
    /* we only notify monitors about timeout changes if those
       are bigger than the threshold (5s) */
    monitor_notify_all (kx);
  }
  if (NULL != kx->keep_alive_task)
    GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
  kx->keep_alive_task = GNUNET_SCHEDULER_add_delayed (
    GNUNET_TIME_relative_divide (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, 2),
    &send_keep_alive,
    kx);
}

References delta, GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), GNUNET_TIME_absolute_get_difference(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_to_absolute(), GSC_KeyExchangeInfo::keep_alive_task, GSC_KeyExchangeInfo::last_notify_timeout, monitor_notify_all(), GNUNET_TIME_Relative::rel_value_us, send_keep_alive(), and GSC_KeyExchangeInfo::timeout.

Referenced by handle_encrypted(), and handle_pong().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handle_pong()

static void handle_pong	(	void *	cls,
		const struct PongMessage *	m
	)

static

We received a PONG message.

Validate and update our status.

Parameters

kx	key exchange context for the the PONG
m	the encrypted PONG message itself

Definition at line 1233 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
  struct PongMessage t;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
 
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# PONG messages received"),
                            1,
                            GNUNET_NO);
  switch (kx->status)
  {
  case GNUNET_CORE_KX_STATE_DOWN:
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# PONG messages dropped (connection down)"),
                              1,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
 
  case GNUNET_CORE_KX_STATE_KEY_SENT:
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# PONG messages dropped (out of order)"),
                              1,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
 
  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
    break;
 
  case GNUNET_CORE_KX_STATE_UP:
    break;
 
  case GNUNET_CORE_KX_STATE_REKEY_SENT:
    break;
 
  default:
    GNUNET_break (0);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Core service receives PONG response from `%s'.\n",
              GNUNET_i2s (kx->peer));
  /* mark as garbage, just to be sure */
  memset (&t, 255, sizeof(t));
  derive_pong_iv (&iv,
                  &kx->decrypt_key,
                  m->iv_seed,
                  kx->ping_challenge,
                  &GSC_my_identity);
  if (GNUNET_OK != do_decrypt (kx,
                               &iv,
                               &m->challenge,
                               &t.challenge,
                               sizeof(struct PongMessage)
                               - ((void *) &m->challenge - (void *) m)))
  {
    GNUNET_break_op (0);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# PONG messages decrypted"),
                            1,
                            GNUNET_NO);
  if ((0 !=
       memcmp (&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) ||
      (kx->ping_challenge != t.challenge))
  {
    /* PONG malformed */
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Received malformed PONG wanted sender `%s' with challenge %u\n",
                GNUNET_i2s (kx->peer),
                (unsigned int) kx->ping_challenge);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Received malformed PONG received from `%s' with challenge %u\n",
                GNUNET_i2s (&t.target),
                (unsigned int) t.challenge);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received valid PONG from `%s'\n",
              GNUNET_i2s (kx->peer));
  /* no need to resend key any longer */
  if (NULL != kx->retry_set_key_task)
  {
    GNUNET_SCHEDULER_cancel (kx->retry_set_key_task);
    kx->retry_set_key_task = NULL;
  }
  switch (kx->status)
  {
  case GNUNET_CORE_KX_STATE_DOWN:
    GNUNET_assert (0);  /* should be impossible */
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
 
  case GNUNET_CORE_KX_STATE_KEY_SENT:
    GNUNET_assert (0);  /* should be impossible */
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
 
  case GNUNET_CORE_KX_STATE_KEY_RECEIVED:
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# session keys confirmed via PONG"),
                              1,
                              GNUNET_NO);
    kx->status = GNUNET_CORE_KX_STATE_UP;
    monitor_notify_all (kx);
    GSC_SESSIONS_create (kx->peer, kx);
    GNUNET_assert (NULL == kx->keep_alive_task);
    update_timeout (kx);
    break;
 
  case GNUNET_CORE_KX_STATE_UP:
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop ("# timeouts prevented via PONG"),
                              1,
                              GNUNET_NO);
    update_timeout (kx);
    break;
 
  case GNUNET_CORE_KX_STATE_REKEY_SENT:
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# rekey operations confirmed via PONG"),
                              1,
                              GNUNET_NO);
    kx->status = GNUNET_CORE_KX_STATE_UP;
    monitor_notify_all (kx);
    update_timeout (kx);
    break;
 
  default:
    GNUNET_break (0);
    break;
  }
  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
}

References GSC_KeyExchangeInfo::decrypt_key, derive_pong_iv(), do_decrypt(), gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_my_identity, GSC_SESSIONS_create(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, m, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::ping_challenge, GSC_KeyExchangeInfo::retry_set_key_task, GSC_KeyExchangeInfo::status, t, transport, and update_timeout().

Here is the call graph for this function:

◆ GSC_KX_encrypt_and_transmit()

void GSC_KX_encrypt_and_transmit	(	struct GSC_KeyExchangeInfo *	kx,
		const void *	payload,
		size_t	payload_size
	)

Encrypt and transmit a message with the given payload.

Parameters

kx	key exchange context
payload	payload of the message
payload_size	number of bytes in 'payload'

Definition at line 1423 of file gnunet-service-core_kx.c.

{
  size_t used = payload_size + sizeof(struct EncryptedMessage);
  char pbuf[used]; /* plaintext */
  struct EncryptedMessage *em; /* encrypted message */
  struct EncryptedMessage *ph; /* plaintext header */
  struct GNUNET_MQ_Envelope *env;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
  struct GNUNET_CRYPTO_AuthKey auth_key;
 
  ph = (struct EncryptedMessage *) pbuf;
  ph->sequence_number = htonl (++kx->last_sequence_number_sent);
  ph->iv_seed = calculate_seed (kx);
  ph->reserved = 0;
  ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
  GNUNET_memcpy (&ph[1], payload, payload_size);
  env = GNUNET_MQ_msg_extra (em,
                             payload_size,
                             GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE);
  em->iv_seed = ph->iv_seed;
  derive_iv (&iv, &kx->encrypt_key, ph->iv_seed, kx->peer);
  GNUNET_assert (GNUNET_OK == do_encrypt (kx,
                                          &iv,
                                          &ph->sequence_number,
                                          &em->sequence_number,
                                          used - ENCRYPTED_HEADER_SIZE));
#if DEBUG_KX
  {
    struct GNUNET_HashCode hc;
 
    GNUNET_CRYPTO_hash (&ph->sequence_number,
                        used - ENCRYPTED_HEADER_SIZE,
                        &hc);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Encrypted payload `%s' of %u bytes for %s\n",
                GNUNET_h2s (&hc),
                (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
                GNUNET_i2s (kx->peer));
  }
#endif
  derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed);
  GNUNET_CRYPTO_hmac (&auth_key,
                      &em->sequence_number,
                      used - ENCRYPTED_HEADER_SIZE,
                      &em->hmac);
#if DEBUG_KX
  {
    struct GNUNET_HashCode hc;
 
    GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "For peer %s, used AC %s to create hmac %s\n",
                GNUNET_i2s (kx->peer),
                GNUNET_h2s (&hc),
                GNUNET_h2s2 (&em->hmac));
  }
#endif
  kx->has_excess_bandwidth = GNUNET_NO;
  GNUNET_MQ_send (kx->mq, env);
}

References calculate_seed(), derive_auth_key(), derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, ENCRYPTED_HEADER_SIZE, env, GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_h2s2(), GNUNET_i2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::has_excess_bandwidth, EncryptedMessage::hmac, EncryptedMessage::iv_seed, GSC_KeyExchangeInfo::last_sequence_number_sent, GSC_KeyExchangeInfo::mq, payload, GSC_KeyExchangeInfo::peer, EncryptedMessage::reserved, EncryptedMessage::sequence_number, and EncryptedMessage::timestamp.

Referenced by transmit_typemap_task(), and try_transmission().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ check_encrypted()

static int check_encrypted	(	void *	cls,
		const struct EncryptedMessage *	m
	)

static

We received an encrypted message.

Check that it is well-formed (size-wise).

Parameters

cls	key exchange context for encrypting the message
m	encrypted message

Returns: GNUNET_OK if msg is well-formed (size-wise)

Definition at line 1496 of file gnunet-service-core_kx.c.

{
  uint16_t size = ntohs (m->header.size) - sizeof(*m);
 
  if (size < sizeof(struct GNUNET_MessageHeader))
  {
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }
  return GNUNET_OK;
}

References GNUNET_break_op, GNUNET_OK, GNUNET_SYSERR, m, and size.

◆ handle_encrypted()

static void handle_encrypted	(	void *	cls,
		const struct EncryptedMessage *	m
	)

static

We received an encrypted message.

Decrypt, validate and pass on to the appropriate clients.

Parameters

cls	key exchange context for encrypting the message
m	encrypted message

Definition at line 1517 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *kx = cls;
  struct EncryptedMessage *pt; /* plaintext */
  struct GNUNET_HashCode ph;
  uint32_t snum;
  struct GNUNET_TIME_Absolute t;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
  struct GNUNET_CRYPTO_AuthKey auth_key;
  uint16_t size = ntohs (m->header.size);
  char buf[size] GNUNET_ALIGN;
 
  if (GNUNET_CORE_KX_STATE_UP != kx->status)
  {
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# DATA message dropped (out of order)"),
                              1,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  if (0 ==
      GNUNET_TIME_absolute_get_remaining (kx->foreign_key_expires).rel_value_us)
  {
    GNUNET_log (
      GNUNET_ERROR_TYPE_WARNING,
      _ (
        "Session to peer `%s' went down due to key expiration (should not happen)\n"),
      GNUNET_i2s (kx->peer));
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# sessions terminated by key expiration"),
                              1,
                              GNUNET_NO);
    GSC_SESSIONS_end (kx->peer);
    if (NULL != kx->keep_alive_task)
    {
      GNUNET_SCHEDULER_cancel (kx->keep_alive_task);
      kx->keep_alive_task = NULL;
    }
    kx->status = GNUNET_CORE_KX_STATE_KEY_SENT;
    monitor_notify_all (kx);
    send_key (kx);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
 
  /* validate hash */
#if DEBUG_KX
  {
    struct GNUNET_HashCode hc;
 
    GNUNET_CRYPTO_hash (&m->sequence_number, size - ENCRYPTED_HEADER_SIZE, &hc);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Received encrypted payload `%s' of %u bytes from %s\n",
                GNUNET_h2s (&hc),
                (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
                GNUNET_i2s (kx->peer));
  }
#endif
  derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed);
  GNUNET_CRYPTO_hmac (&auth_key,
                      &m->sequence_number,
                      size - ENCRYPTED_HEADER_SIZE,
                      &ph);
#if DEBUG_KX
  {
    struct GNUNET_HashCode hc;
 
    GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "For peer %s, used AC %s to verify hmac %s\n",
                GNUNET_i2s (kx->peer),
                GNUNET_h2s (&hc),
                GNUNET_h2s2 (&m->hmac));
  }
#endif
  if (0 != memcmp (&ph, &m->hmac, sizeof(struct GNUNET_HashCode)))
  {
    /* checksum failed */
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Failed checksum validation for a message from `%s'\n",
                GNUNET_i2s (kx->peer));
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
  /* decrypt */
  if (GNUNET_OK != do_decrypt (kx,
                               &iv,
                               &m->sequence_number,
                               &buf[ENCRYPTED_HEADER_SIZE],
                               size - ENCRYPTED_HEADER_SIZE))
  {
    GNUNET_break_op (0);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Decrypted %u bytes from %s\n",
              (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
              GNUNET_i2s (kx->peer));
  pt = (struct EncryptedMessage *) buf;
 
  /* validate sequence number */
  snum = ntohl (pt->sequence_number);
  if (kx->last_sequence_number_received == snum)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Received duplicate message, ignoring.\n");
    /* duplicate, ignore */
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop ("# bytes dropped (duplicates)"),
                              size,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  if ((kx->last_sequence_number_received > snum) &&
      (kx->last_sequence_number_received - snum > 32))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Received ancient out of sequence message, ignoring.\n");
    /* ancient out of sequence, ignore */
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# bytes dropped (out of sequence)"),
                              size,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
  if (kx->last_sequence_number_received > snum)
  {
    uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1);
 
    if ((kx->last_packets_bitmap & rotbit) != 0)
    {
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                  "Received duplicate message, ignoring.\n");
      GNUNET_STATISTICS_update (GSC_stats,
                                gettext_noop ("# bytes dropped (duplicates)"),
                                size,
                                GNUNET_NO);
      /* duplicate, ignore */
      GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
      return;
    }
    kx->last_packets_bitmap |= rotbit;
  }
  if (kx->last_sequence_number_received < snum)
  {
    unsigned int shift = (snum - kx->last_sequence_number_received);
 
    if (shift >= 8 * sizeof(kx->last_packets_bitmap))
      kx->last_packets_bitmap = 0;
    else
      kx->last_packets_bitmap <<= shift;
    kx->last_sequence_number_received = snum;
  }
 
  /* check timestamp */
  t = GNUNET_TIME_absolute_ntoh (pt->timestamp);
  if (GNUNET_TIME_absolute_get_duration (t).rel_value_us >
      MAX_MESSAGE_AGE.rel_value_us)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Message received far too old (%s). Content ignored.\n",
                GNUNET_STRINGS_relative_time_to_string (
                  GNUNET_TIME_absolute_get_duration (t),
                  GNUNET_YES));
    GNUNET_STATISTICS_update (GSC_stats,
                              gettext_noop (
                                "# bytes dropped (ancient message)"),
                              size,
                              GNUNET_NO);
    GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
    return;
  }
 
  /* process decrypted message(s) */
  update_timeout (kx);
  GNUNET_STATISTICS_update (GSC_stats,
                            gettext_noop ("# bytes of payload decrypted"),
                            size - sizeof(struct EncryptedMessage),
                            GNUNET_NO);
  if (GNUNET_OK !=
      GNUNET_MST_from_buffer (kx->mst,
                              &buf[sizeof(struct EncryptedMessage)],
                              size - sizeof(struct EncryptedMessage),
                              GNUNET_YES,
                              GNUNET_NO))
    GNUNET_break_op (0);
  
  GNUNET_TRANSPORT_core_receive_continue (transport, kx->peer);
}

Here is the call graph for this function:

◆ sign_ephemeral_key()

static void sign_ephemeral_key ( )

static

Setup the message that links the ephemeral key to our persistent public key and generate the appropriate signature.

Definition at line 1721 of file gnunet-service-core_kx.c.

{
  current_ekm.header.size = htons (sizeof(struct EphemeralKeyMessage));
  current_ekm.header.type = htons (GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY);
  current_ekm.sender_status = 0; /* to be set later */
  current_ekm.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY);
  current_ekm.purpose.size =
    htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
           + sizeof(struct GNUNET_TIME_AbsoluteNBO)
           + sizeof(struct GNUNET_TIME_AbsoluteNBO)
           + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)
           + sizeof(struct GNUNET_PeerIdentity));
  current_ekm.creation_time =
    GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
  if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg,
                                                          "core",
                                                          "USE_EPHEMERAL_KEYS"))
  {
    current_ekm.expiration_time =
      GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (
                                   GNUNET_TIME_relative_add (REKEY_FREQUENCY,
                                                             REKEY_TOLERANCE)));
  }
  else
  {
    current_ekm.expiration_time =
      GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
  }
  GNUNET_CRYPTO_ecdhe_key_get_public (&my_ephemeral_key,
                                      &current_ekm.ephemeral_key);
  current_ekm.origin_identity = GSC_my_identity;
  GNUNET_assert (GNUNET_OK ==
                 GNUNET_CRYPTO_eddsa_sign_ (&my_private_key,
                                            &current_ekm.purpose,
                                            &current_ekm.signature));
}

Referenced by do_rekey(), and GSC_KX_init().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ do_rekey()

static void do_rekey ( void * cls )

static

Task run to trigger rekeying.

Parameters

cls	closure, NULL

Definition at line 1765 of file gnunet-service-core_kx.c.

{
  struct GSC_KeyExchangeInfo *pos;
 
  (void) cls;
  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
  sign_ephemeral_key ();
  {
    struct GNUNET_HashCode eh;
 
    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
                        sizeof(current_ekm.ephemeral_key),
                        &eh);
    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s (&eh));
  }
  for (pos = kx_head; NULL != pos; pos = pos->next)
  {
    if (GNUNET_CORE_KX_STATE_UP == pos->status)
    {
      pos->status = GNUNET_CORE_KX_STATE_REKEY_SENT;
      derive_session_keys (pos);
    }
    else if (GNUNET_CORE_KX_STATE_DOWN == pos->status)
    {
      pos->status = GNUNET_CORE_KX_STATE_KEY_SENT;
    }
    monitor_notify_all (pos);
    send_key (pos);
  }
}

References current_ekm, derive_session_keys(), do_rekey(), EphemeralKeyMessage::ephemeral_key, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_SCHEDULER_add_delayed(), kx_head, monitor_notify_all(), my_ephemeral_key, GSC_KeyExchangeInfo::next, REKEY_FREQUENCY, rekey_task, send_key(), sign_ephemeral_key(), and GSC_KeyExchangeInfo::status.

Referenced by do_rekey(), and GSC_KX_init().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GSC_KX_init()

int GSC_KX_init ( struct GNUNET_CRYPTO_EddsaPrivateKey * pk )

Initialize KX subsystem.

Parameters

pk	private key to use for the peer

Returns: GNUNET_OK on success, GNUNET_SYSERR on failure

Definition at line 1805 of file gnunet-service-core_kx.c.

{
  struct GNUNET_MQ_MessageHandler handlers[] = {
    GNUNET_MQ_hd_fixed_size (ephemeral_key,
                             GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY,
                             struct EphemeralKeyMessage,
                             NULL),
    GNUNET_MQ_hd_fixed_size (ping,
                             GNUNET_MESSAGE_TYPE_CORE_PING,
                             struct PingMessage,
                             NULL),
    GNUNET_MQ_hd_fixed_size (pong,
                             GNUNET_MESSAGE_TYPE_CORE_PONG,
                             struct PongMessage,
                             NULL),
    GNUNET_MQ_hd_var_size (encrypted,
                           GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE,
                           struct EncryptedMessage,
                           NULL),
    GNUNET_MQ_handler_end ()
  };
 
  my_private_key = *pk;
  GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,
                                      &GSC_my_identity.public_key);
  GNUNET_CRYPTO_ecdhe_key_create (&my_ephemeral_key);
  sign_ephemeral_key ();
  {
    struct GNUNET_HashCode eh;
 
    GNUNET_CRYPTO_hash (&current_ekm.ephemeral_key,
                        sizeof(current_ekm.ephemeral_key),
                        &eh);
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                "Starting with ephemeral key %s\n",
                GNUNET_h2s (&eh));
  }
 
  nc = GNUNET_notification_context_create (1);
  rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, &do_rekey, NULL);
  transport =
    GNUNET_TRANSPORT_core_connect (GSC_cfg,
                                   &GSC_my_identity,
                                   handlers,
                                   NULL,
                                   &handle_transport_notify_connect,
                                   &handle_transport_notify_disconnect);
  if (NULL == transport)
  {
    GSC_KX_done ();
    return GNUNET_SYSERR;
  }
  return GNUNET_OK;
}

References current_ekm, do_rekey(), EphemeralKeyMessage::ephemeral_key, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, GNUNET_MESSAGE_TYPE_CORE_PING, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_handler_end, GNUNET_MQ_hd_fixed_size, GNUNET_MQ_hd_var_size, GNUNET_notification_context_create(), GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GNUNET_SYSERR, GNUNET_TRANSPORT_core_connect(), GSC_cfg, GSC_KX_done(), GSC_my_identity, handle_transport_notify_connect(), handle_transport_notify_disconnect(), handlers, my_ephemeral_key, my_private_key, nc, pk, GNUNET_PeerIdentity::public_key, REKEY_FREQUENCY, rekey_task, sign_ephemeral_key(), and transport.

Referenced by run().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GSC_KX_done()

void GSC_KX_done ( void )

Shutdown KX subsystem.

Definition at line 1865 of file gnunet-service-core_kx.c.

{
  if (NULL != transport)
  {
    GNUNET_TRANSPORT_core_disconnect (transport);
    transport = NULL;
  }
  if (NULL != rekey_task)
  {
    GNUNET_SCHEDULER_cancel (rekey_task);
    rekey_task = NULL;
  }
  memset (&my_ephemeral_key,
          0,
          sizeof (my_ephemeral_key));
  memset (&my_private_key,
          0,
          sizeof (my_private_key));
  if (NULL != nc)
  {
    GNUNET_notification_context_destroy (nc);
    nc = NULL;
  }
}

References GNUNET_notification_context_destroy(), GNUNET_SCHEDULER_cancel(), GNUNET_TRANSPORT_core_disconnect(), my_ephemeral_key, my_private_key, nc, rekey_task, and transport.

Referenced by GSC_KX_init(), and shutdown_task().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GSC_NEIGHBOURS_get_queue_length()

unsigned int GSC_NEIGHBOURS_get_queue_length ( const struct GSC_KeyExchangeInfo * kxinfo )

Check how many messages are queued for the given neighbour.

Parameters

kxinfo data about neighbour to check

Returns: number of items in the message queue

Definition at line 1898 of file gnunet-service-core_kx.c.

{
  return GNUNET_MQ_get_length (kxinfo->mq);
}

References GNUNET_MQ_get_length(), and GSC_KeyExchangeInfo::mq.

Referenced by try_transmission().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GSC_NEIGHBOURS_check_excess_bandwidth()

int GSC_NEIGHBOURS_check_excess_bandwidth ( const struct GSC_KeyExchangeInfo * target )

Check if the given neighbour has excess bandwidth available.

Parameters

target neighbour to check

Returns: GNUNET_YES if excess bandwidth is available, GNUNET_NO if not

Definition at line 1905 of file gnunet-service-core_kx.c.

{
  return kxinfo->has_excess_bandwidth;
}

References GSC_KeyExchangeInfo::has_excess_bandwidth.

Referenced by try_transmission().

Here is the caller graph for this function:

◆ GSC_KX_handle_client_monitor_peers()

void GSC_KX_handle_client_monitor_peers ( struct GNUNET_MQ_Handle * mq )

Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.

For this request type, the client does not have to have transmitted an INIT request. All current peers are returned, regardless of which message types they accept.

Parameters

mq	message queue to add for monitoring

Definition at line 1920 of file gnunet-service-core_kx.c.

{
  struct GNUNET_MQ_Envelope *env;
  struct MonitorNotifyMessage *done_msg;
  struct GSC_KeyExchangeInfo *kx;
 
  GNUNET_notification_context_add (nc, mq);
  for (kx = kx_head; NULL != kx; kx = kx->next)
  {
    struct GNUNET_MQ_Envelope *env;
    struct MonitorNotifyMessage *msg;
 
    env = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
    msg->state = htonl ((uint32_t) kx->status);
    msg->peer = *kx->peer;
    msg->timeout = GNUNET_TIME_absolute_hton (kx->timeout);
    GNUNET_MQ_send (mq, env);
  }
  env = GNUNET_MQ_msg (done_msg, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY);
  done_msg->state = htonl ((uint32_t) GNUNET_CORE_KX_ITERATION_FINISHED);
  done_msg->timeout = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS);
  GNUNET_MQ_send (mq, env);
}