TODO: More...
#include "platform.h"
#include "gnunet-service-core_kx.h"
#include "gnunet_transport_core_service.h"
#include "gnunet-service-core_sessions.h"
#include "gnunet-service-core.h"
#include "gnunet_constants.h"
#include "gnunet_protocols.h"
#include "gnunet_pils_service.h"
Go to the source code of this file.
Data Structures | |
struct | GSC_KeyExchangeInfo |
Information about the status of a key exchange with another peer. More... | |
struct | PilsRequest |
DLL. More... | |
struct | InitiatorHelloCtx |
struct | ResponderHelloCls |
Macros | |
#define | DEBUG_KX 1 |
Enable expensive (and possibly problematic for privacy!) logging of KX. | |
#define | RESEND_MAX_TRIES 4 |
Number of times we try to resend a handshake flight. | |
#define | AEAD_KEY_BYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES |
libsodium has very long symbol names | |
#define | AEAD_NONCE_BYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES |
libsodium has very long symbol names | |
#define | AEAD_TAG_BYTES crypto_aead_xchacha20poly1305_ietf_ABYTES |
libsodium has very long symbol names | |
#define | RESEND_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) |
#define | MIN_HEARTBEAT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
What is the minimum frequency for a heartbeat message? | |
#define | MIN_HEARTBEAT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
What is the minimum frequency for a heartbeat message? | |
#define | HEARTBEAT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
How often do we send a heartbeat? | |
#define | MAX_EPOCHS 10 |
Maximum number of epochs we keep on hand. | |
#define | EPOCH_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
How often do we rekey/switch to a new epoch? | |
#define | REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
What time difference do we tolerate? | |
#define | EARLY_DATA_STR "early data" |
String for expanding early transport secret (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | R_HS_TRAFFIC_STR "r hs traffic" |
String for expanding RHTS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | I_HS_TRAFFIC_STR "i hs traffic" |
String for expanding IHTS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | R_AP_TRAFFIC_STR "r ap traffic" |
String for expanding RATS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | I_AP_TRAFFIC_STR "i ap traffic" |
String for expanding IATS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | DERIVED_STR "derived" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | R_FINISHED_STR "r finished" |
String for expanding fk_R used for ResponderFinished field (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | I_FINISHED_STR "i finished" |
String for expanding fk_I used for InitiatorFinished field (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | CAKE_LABEL "cake10" |
Labeled expand label for CAKE. | |
#define | KEY_STR "key" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | TRAFFIC_UPD_STR "traffic upd" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
#define | IV_STR "iv" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html) | |
Enumerations | |
enum | GSC_KX_Role { ROLE_INITIATOR = 0 , ROLE_RESPONDER = 1 } |
Indicates whether a peer is in the initiating or receiving role. More... | |
Functions | |
static void | buffer_clear (void *buf, size_t len) |
static void | cleanup_handshake_secrets (struct GSC_KeyExchangeInfo *kx) |
static void | snapshot_transcript (const struct GNUNET_HashContext *ts_hash, struct GNUNET_HashCode *snapshot) |
static void | monitor_notify_all (struct GSC_KeyExchangeInfo *kx) |
Inform all monitors about the KX state of the given peer. | |
static void | restart_kx (struct GSC_KeyExchangeInfo *kx) |
static void | send_heartbeat (void *cls) |
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending an Ack in response to a heartbeat). | |
static void | update_timeout (struct GSC_KeyExchangeInfo *kx) |
We've seen a valid message from the other peer. | |
static void | send_initiator_hello (struct GSC_KeyExchangeInfo *kx) |
Send initiator hello. | |
static int | deliver_message (void *cls, const struct GNUNET_MessageHeader *m) |
Deliver P2P message to interested clients. | |
static void * | handle_transport_notify_connect (void *cls, const struct GNUNET_PeerIdentity *peer_id, struct GNUNET_MQ_Handle *mq) |
Function called by transport to notify us that a peer connected to us (on the network level). | |
static void | derive_es_ets (const struct GNUNET_HashCode *transcript, const struct GNUNET_ShortHashCode *ss_R, struct GNUNET_ShortHashCode *es, struct GNUNET_ShortHashCode *ets) |
TODO propose a new scheme: don't choose an initiator and responder based on hashing the peer ids, but: let each peer be their own initiator (and responder) when opening a channel towards another peer. | |
static void | derive_sn (const struct GNUNET_ShortHashCode *secret, unsigned char *sn, size_t sn_len) |
static void | derive_hs (const struct GNUNET_ShortHashCode *es, const struct GNUNET_ShortHashCode *ss_e, struct GNUNET_ShortHashCode *handshake_secret) |
Derive the handshake secret. | |
static void | derive_ihts (const struct GNUNET_HashCode *transcript, const struct GNUNET_ShortHashCode *hs, struct GNUNET_ShortHashCode *ihts) |
Derive the initiator handshake secret. | |
static void | derive_rhts (const struct GNUNET_HashCode *transcript, const struct GNUNET_ShortHashCode *hs, struct GNUNET_ShortHashCode *rhts) |
Derive the responder handshake secret. | |
static void | derive_ms (const struct GNUNET_ShortHashCode *hs, const struct GNUNET_ShortHashCode *ss_I, struct GNUNET_ShortHashCode *ms) |
Derive the master secret. | |
static void | generate_per_record_nonce (uint64_t seq, const uint8_t write_iv[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES], uint8_t per_record_write_iv[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES]) |
Generate per record nonce as per https://www.rfc-editor.org/rfc/rfc8446#section-5.3 using per key nonce and sequence number. | |
static void | derive_per_message_secrets (const struct GNUNET_ShortHashCode *ts, uint64_t seq, unsigned char key[crypto_aead_xchacha20poly1305_ietf_KEYBYTES], unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES]) |
key = HKDF-Expand [I,R][A,H]TS, "key", 32) nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 24) | |
static void | derive_next_ats (const struct GNUNET_ShortHashCode *old_ats, struct GNUNET_ShortHashCode *new_ats) |
Derive the next application secret. | |
static void | derive_initial_ats (const struct GNUNET_HashCode *transcript, const struct GNUNET_ShortHashCode *ms, enum GSC_KX_Role role, struct GNUNET_ShortHashCode *initial_ats) |
Derive the initiator application secret. | |
static void | generate_responder_finished (const struct GNUNET_HashCode *transcript, const struct GNUNET_ShortHashCode *ms, struct GNUNET_HashCode *result) |
Generate the responder finished field. | |
static void | generate_initiator_finished (const struct GNUNET_HashCode *transcript, const struct GNUNET_ShortHashCode *ms, struct GNUNET_HashCode *result) |
Generate the initiator finished field. | |
static void | resend_responder_hello (void *cls) |
void | send_responder_hello (struct GSC_KeyExchangeInfo *kx) |
static void | handle_initiator_hello_cont (void *cls, const struct GNUNET_ShortHashCode *ss_R) |
static int | check_initiator_hello (void *cls, const struct InitiatorHello *m) |
static void | handle_initiator_hello (void *cls, const struct InitiatorHello *ihm_e) |
Handle the InitiatorHello message. | |
static void | resend_initiator_done (void *cls) |
static void | handle_responder_hello_cont (void *cls, const struct GNUNET_ShortHashCode *ss_I) |
static int | check_responder_hello (void *cls, const struct ResponderHello *m) |
static void | handle_responder_hello (void *cls, const struct ResponderHello *rhm_e) |
Handle Responder Hello message. | |
static int | check_initiator_done (void *cls, const struct InitiatorDone *m) |
static void | handle_initiator_done (void *cls, const struct InitiatorDone *idm_e) |
Handle InitiatorDone message. | |
static int | check_encrypted_message (void *cls, const struct EncryptedMessage *m) |
Check an incoming encrypted message before handling it. | |
static void | handle_heartbeat (struct GSC_KeyExchangeInfo *kx, const struct Heartbeat *m) |
Handle a key update. | |
static enum GNUNET_GenericReturnValue | check_if_ack_or_heartbeat (struct GSC_KeyExchangeInfo *kx, const char *buf, size_t buf_len) |
static void | handle_encrypted_message (void *cls, const struct EncryptedMessage *m) |
handle an encrypted message | |
static void | handle_transport_notify_disconnect (void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls) |
Function called by transport telling us that a peer disconnected. | |
static void | resend_initiator_hello (void *cls) |
static void | check_rekey (struct GSC_KeyExchangeInfo *kx) |
void | GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, const void *payload, size_t payload_size) |
Encrypt and transmit payload. | |
static void | peer_id_change_cb (void *cls, const struct GNUNET_HELLO_Parser *parser, const struct GNUNET_HashCode *hash) |
Callback for PILS to be called once the peer id changes. | |
int | GSC_KX_init (void) |
Initialize KX subsystem. | |
void | GSC_KX_done () |
Shutdown KX subsystem. | |
unsigned int | GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *kxinfo) |
Check how many messages are queued for the given neighbour. | |
int | GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *kxinfo) |
Check if the given neighbour has excess bandwidth available. | |
void | GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq) |
Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request. | |
Variables | |
static struct PilsRequest * | pils_requests_head |
PILS Operation DLL. | |
static struct PilsRequest * | pils_requests_tail |
PILS Operation DLL. | |
static struct GNUNET_PILS_Handle * | pils |
Pils service. | |
static struct GNUNET_TRANSPORT_CoreHandle * | transport |
Transport service. | |
static struct GSC_KeyExchangeInfo * | kx_head |
DLL head. | |
static struct GSC_KeyExchangeInfo * | kx_tail |
DLL tail. | |
static struct GNUNET_SCHEDULER_Task * | rekey_task |
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key. | |
static struct GNUNET_NotificationContext * | nc |
Notification context for broadcasting to monitors. | |
static enum GNUNET_GenericReturnValue | init_phase |
Indicates whether we are still in the initialisation phase (waiting for our peer id). | |
static char * | my_services_info = "" |
Our services info string TODO. | |
TODO:
code for managing the key exchange (SET_KEY, PING, PONG) with other peers
Definition in file gnunet-service-core_kx.c.
#define DEBUG_KX 1 |
Enable expensive (and possibly problematic for privacy!) logging of KX.
Definition at line 49 of file gnunet-service-core_kx.c.
#define RESEND_MAX_TRIES 4 |
Number of times we try to resend a handshake flight.
Definition at line 54 of file gnunet-service-core_kx.c.
#define AEAD_KEY_BYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES |
libsodium has very long symbol names
Definition at line 59 of file gnunet-service-core_kx.c.
#define AEAD_NONCE_BYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES |
libsodium has very long symbol names
Definition at line 64 of file gnunet-service-core_kx.c.
#define AEAD_TAG_BYTES crypto_aead_xchacha20poly1305_ietf_ABYTES |
libsodium has very long symbol names
Definition at line 69 of file gnunet-service-core_kx.c.
#define RESEND_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) |
Definition at line 71 of file gnunet-service-core_kx.c.
#define MIN_HEARTBEAT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
What is the minimum frequency for a heartbeat message?
What is the minimum frequency for a HEARTBEAT message?
Definition at line 77 of file gnunet-service-core_kx.c.
#define MIN_HEARTBEAT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
What is the minimum frequency for a heartbeat message?
What is the minimum frequency for a HEARTBEAT message?
Definition at line 77 of file gnunet-service-core_kx.c.
#define HEARTBEAT_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
How often do we send a heartbeat?
Definition at line 89 of file gnunet-service-core_kx.c.
#define MAX_EPOCHS 10 |
Maximum number of epochs we keep on hand.
This implicitly defines the maximum age of messages we accept from other peers, depending on their rekey interval.
Definition at line 98 of file gnunet-service-core_kx.c.
#define EPOCH_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
How often do we rekey/switch to a new epoch?
Definition at line 103 of file gnunet-service-core_kx.c.
#define REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
What time difference do we tolerate?
Definition at line 109 of file gnunet-service-core_kx.c.
#define EARLY_DATA_STR "early data" |
String for expanding early transport secret (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 116 of file gnunet-service-core_kx.c.
#define R_HS_TRAFFIC_STR "r hs traffic" |
String for expanding RHTS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 122 of file gnunet-service-core_kx.c.
#define I_HS_TRAFFIC_STR "i hs traffic" |
String for expanding IHTS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 128 of file gnunet-service-core_kx.c.
#define R_AP_TRAFFIC_STR "r ap traffic" |
String for expanding RATS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 134 of file gnunet-service-core_kx.c.
#define I_AP_TRAFFIC_STR "i ap traffic" |
String for expanding IATS (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 140 of file gnunet-service-core_kx.c.
#define DERIVED_STR "derived" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 146 of file gnunet-service-core_kx.c.
#define R_FINISHED_STR "r finished" |
String for expanding fk_R used for ResponderFinished field (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 152 of file gnunet-service-core_kx.c.
#define I_FINISHED_STR "i finished" |
String for expanding fk_I used for InitiatorFinished field (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 158 of file gnunet-service-core_kx.c.
#define CAKE_LABEL "cake10" |
Labeled expand label for CAKE.
Definition at line 163 of file gnunet-service-core_kx.c.
#define KEY_STR "key" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 169 of file gnunet-service-core_kx.c.
#define TRAFFIC_UPD_STR "traffic upd" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 175 of file gnunet-service-core_kx.c.
#define IV_STR "iv" |
String for expanding derived keys (Handshake and Early) (See https://lsd.gnunet.org/lsd0012/draft-schanzen-cake.html)
Definition at line 181 of file gnunet-service-core_kx.c.
enum GSC_KX_Role |
Indicates whether a peer is in the initiating or receiving role.
Enumerator | |
---|---|
ROLE_INITIATOR | |
ROLE_RESPONDER |
Definition at line 187 of file gnunet-service-core_kx.c.
|
static |
Definition at line 454 of file gnunet-service-core_kx.c.
References p.
Referenced by cleanup_handshake_secrets().
|
static |
Definition at line 469 of file gnunet-service-core_kx.c.
References buffer_clear(), GSC_KeyExchangeInfo::early_secret_key, GSC_KeyExchangeInfo::early_traffic_secret, GSC_KeyExchangeInfo::handshake_secret, GSC_KeyExchangeInfo::ihts, GSC_KeyExchangeInfo::master_secret, GSC_KeyExchangeInfo::rhts, GSC_KeyExchangeInfo::sk_e, GSC_KeyExchangeInfo::ss_e, GSC_KeyExchangeInfo::ss_I, and GSC_KeyExchangeInfo::ss_R.
Referenced by check_if_ack_or_heartbeat(), and handle_initiator_done().
|
static |
Definition at line 495 of file gnunet-service-core_kx.c.
References GNUNET_CRYPTO_hash_context_copy(), and GNUNET_CRYPTO_hash_context_finish().
Referenced by handle_initiator_done(), handle_initiator_hello_cont(), handle_responder_hello(), handle_responder_hello_cont(), send_initiator_hello(), and send_responder_hello().
|
static |
Inform all monitors about the KX state of the given peer.
kx | key exchange state to inform about |
Definition at line 511 of file gnunet-service-core_kx.c.
References GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY, GNUNET_NO, GNUNET_notification_context_broadcast(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::last_notify_timeout, msg, nc, GSC_KeyExchangeInfo::peer, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::timeout, and GNUNET_MessageHeader::type.
Referenced by check_if_ack_or_heartbeat(), handle_encrypted_message(), handle_initiator_done(), handle_initiator_hello_cont(), handle_responder_hello_cont(), handle_transport_notify_disconnect(), restart_kx(), send_heartbeat(), send_initiator_hello(), send_responder_hello(), and update_timeout().
|
static |
Definition at line 649 of file gnunet-service-core_kx.c.
References gettext_noop, GNUNET_CORE_KX_STATE_AWAIT_INITIATION, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_CRYPTO_hash_context_abort(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_STATISTICS_update(), GSC_my_identity, GSC_stats, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::role, ROLE_INITIATOR, ROLE_RESPONDER, send_initiator_hello(), GSC_KeyExchangeInfo::status, and GSC_KeyExchangeInfo::transcript_hash_ctx.
Referenced by handle_encrypted_message(), handle_transport_notify_connect(), resend_initiator_done(), resend_responder_hello(), and send_heartbeat().
|
static |
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending an Ack in response to a heartbeat).
cls | the struct GSC_KeyExchangeInfo |
Definition at line 536 of file gnunet-service-core_kx.c.
References Heartbeat::flags, gettext_noop, GNUNET_CORE_KX_STATE_DOWN, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_HEARTBEAT, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_get_remaining(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_max(), GSC_KX_encrypt_and_transmit(), GSC_SESSIONS_end(), GSC_stats, Heartbeat::header, GSC_KeyExchangeInfo::heartbeat_task, MIN_HEARTBEAT_FREQUENCY, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GNUNET_TIME_Relative::rel_value_us, restart_kx(), send_heartbeat(), GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::timeout, and GNUNET_MessageHeader::type.
Referenced by handle_heartbeat(), send_heartbeat(), and update_timeout().
|
static |
We've seen a valid message from the other peer.
Update the time when the session would time out and delay sending our keep alive message further.
kx | key exchange where we saw activity |
Definition at line 584 of file gnunet-service-core_kx.c.
References delta, GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), GNUNET_TIME_absolute_get_difference(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_to_absolute(), GSC_KeyExchangeInfo::heartbeat_task, GSC_KeyExchangeInfo::last_notify_timeout, monitor_notify_all(), GNUNET_TIME_Relative::rel_value_us, send_heartbeat(), and GSC_KeyExchangeInfo::timeout.
Referenced by check_if_ack_or_heartbeat(), handle_encrypted_message(), handle_heartbeat(), and handle_initiator_done().
|
static |
Send initiator hello.
kx | key exchange context |
Definition at line 2592 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, AEAD_TAG_BYTES, InitiatorHello::c_R, derive_es_ets(), derive_per_message_secrets(), GSC_KeyExchangeInfo::early_secret_key, GSC_KeyExchangeInfo::early_traffic_secret, env, GNUNET_assert, GNUNET_CORE_CLASS_UNKNOWN, GNUNET_CORE_KX_STATE_INITIATOR_HELLO_SENT, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_kem_encaps(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_context_abort(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_u64(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_INITIATOR_HELLO, GNUNET_MQ_msg_extra, GNUNET_MQ_send_copy(), GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GSC_my_identity, InitiatorHello::h_pk_R, monitor_notify_all(), GSC_KeyExchangeInfo::mq, my_services_info, GSC_KeyExchangeInfo::peer, InitiatorHelloPayload::peer_class, GSC_KeyExchangeInfo::pk_e, InitiatorHello::pk_e, InitiatorHelloPayload::pk_I, GNUNET_PeerIdentity::public_key, InitiatorHello::r_I, GSC_KeyExchangeInfo::resend_env, resend_initiator_hello(), RESEND_MAX_TRIES, GSC_KeyExchangeInfo::resend_task, RESEND_TIMEOUT, GSC_KeyExchangeInfo::resend_tries_left, ret, GSC_KeyExchangeInfo::sk_e, snapshot_transcript(), GSC_KeyExchangeInfo::ss_R, GSC_KeyExchangeInfo::status, and GSC_KeyExchangeInfo::transcript_hash_ctx.
Referenced by restart_kx().
|
static |
Deliver P2P message to interested clients.
Invokes send twice, once for clients that want the full message, and once for clients that only want the header
cls | the struct GSC_KeyExchangeInfo |
m | the message |
Definition at line 628 of file gnunet-service-core_kx.c.
References GNUNET_CORE_OPTION_SEND_FULL_INBOUND, GNUNET_CORE_OPTION_SEND_HDR_INBOUND, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_OK, GSC_CLIENTS_deliver_message(), m, and GSC_KeyExchangeInfo::peer.
Referenced by handle_transport_notify_connect().
|
static |
Function called by transport to notify us that a peer connected to us (on the network level).
Starts the key exchange with the given peer.
cls | closure (NULL) |
mq | message queue towards peer |
peer_id | (optional, may be NULL) the peer id of the connecting peer |
Definition at line 710 of file gnunet-service-core_kx.c.
References deliver_message(), GNUNET_CONTAINER_DLL_insert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MST_create(), GNUNET_new, GSC_my_identity, kx_head, kx_tail, mq, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, peer_id, and restart_kx().
Referenced by GSC_KX_init().
|
static |
TODO propose a new scheme: don't choose an initiator and responder based on hashing the peer ids, but: let each peer be their own initiator (and responder) when opening a channel towards another peer.
It should be fine to have two channels in 'both directions' (one as responder, one as initiator) under the hood. This can be opaque to the upper layers. FIXME: (MSC) This is probably a bad idea in terms of security of the AKE! Schedule for
Forwarding: Deriving Messages -> pk_e -> c_R -> r_I -> H(pk_R) -> ETS -> {pk_I, svcinfo_I}ETS -------------------------------------------------— send InitiatorHello -> c_e -> r_R -> *HTS -> {svcinfo_R, c_I}RHTS -> finished_R -> {finished_R}RHTS -> finished_I -> RATS_0 -> [{payload}RATS] -------------------------------------------------— send ResponderHello -> {finished_I}IHTS -> IATS_0 -------------------------------------------------— send InitiatorDone
Definition at line 784 of file gnunet-service-core_kx.c.
References CAKE_LABEL, EARLY_DATA_STR, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_CRYPTO_hkdf_extract(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, ret, and GSC_KeyExchangeInfo::ss_R.
Referenced by handle_initiator_hello_cont(), and send_initiator_hello().
|
static |
Definition at line 825 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), and GNUNET_OK.
Referenced by GSC_KX_encrypt_and_transmit(), and handle_encrypted_message().
|
static |
Derive the handshake secret.
kx | key exchange info |
Definition at line 844 of file gnunet-service-core_kx.c.
References CAKE_LABEL, DERIVED_STR, GNUNET_assert, GNUNET_B2S, GNUNET_CRYPTO_hkdf_expand(), GNUNET_CRYPTO_hkdf_extract(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, and ret.
Referenced by handle_responder_hello(), and send_responder_hello().
|
static |
Derive the initiator handshake secret.
kx | key exchange info |
Definition at line 890 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_OK, and I_HS_TRAFFIC_STR.
Referenced by handle_responder_hello(), and send_responder_hello().
|
static |
Derive the responder handshake secret.
kx | key exchange info |
Definition at line 912 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_OK, and R_HS_TRAFFIC_STR.
Referenced by handle_responder_hello(), and send_responder_hello().
|
static |
Derive the master secret.
kx | key exchange info |
Definition at line 934 of file gnunet-service-core_kx.c.
References CAKE_LABEL, DERIVED_STR, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_CRYPTO_hkdf_extract(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, and ret.
Referenced by handle_responder_hello_cont(), and send_responder_hello().
|
static |
Generate per record nonce as per https://www.rfc-editor.org/rfc/rfc8446#section-5.3 using per key nonce and sequence number.
Definition at line 974 of file gnunet-service-core_kx.c.
References AEAD_NONCE_BYTES, and GNUNET_htonll().
Referenced by derive_per_message_secrets().
|
static |
key = HKDF-Expand [I,R][A,H]TS, "key", 32) nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 24)
Definition at line 999 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, CAKE_LABEL, generate_per_record_nonce(), GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_OK, IV_STR, key, and KEY_STR.
Referenced by GSC_KX_encrypt_and_transmit(), handle_encrypted_message(), handle_initiator_done(), handle_initiator_hello_cont(), handle_responder_hello(), handle_responder_hello_cont(), send_initiator_hello(), and send_responder_hello().
|
static |
Derive the next application secret.
kx | key exchange info |
Definition at line 1036 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, ret, and TRAFFIC_UPD_STR.
Referenced by check_rekey(), handle_encrypted_message(), handle_heartbeat(), handle_initiator_done(), and handle_responder_hello_cont().
|
static |
Derive the initiator application secret.
kx | key exchange info |
Definition at line 1062 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_OK, I_AP_TRAFFIC_STR, R_AP_TRAFFIC_STR, and ROLE_INITIATOR.
Referenced by handle_initiator_done(), handle_responder_hello_cont(), and send_responder_hello().
|
static |
Generate the responder finished field.
kx | key exchange info |
result | location to which the responder finished field will be written to |
Definition at line 1093 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, R_FINISHED_STR, result, and ret.
Referenced by handle_responder_hello_cont(), and send_responder_hello().
|
static |
Generate the initiator finished field.
kx | key exchange info |
result | location to which the initiator finished field will be written to |
Definition at line 1127 of file gnunet-service-core_kx.c.
References CAKE_LABEL, GNUNET_assert, GNUNET_CRYPTO_hkdf_expand(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, I_FINISHED_STR, result, and ret.
Referenced by handle_initiator_done(), and handle_responder_hello_cont().
|
static |
Definition at line 1161 of file gnunet-service-core_kx.c.
References GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_MQ_send_copy(), GNUNET_SCHEDULER_add_delayed(), GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::resend_env, resend_responder_hello(), GSC_KeyExchangeInfo::resend_task, RESEND_TIMEOUT, GSC_KeyExchangeInfo::resend_tries_left, and restart_kx().
Referenced by resend_responder_hello(), and send_responder_hello().
void send_responder_hello | ( | struct GSC_KeyExchangeInfo * | kx | ) |
Definition at line 1185 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, AEAD_TAG_BYTES, ResponderHello::c_e, ResponderHelloPayload::c_I, GSC_KeyExchangeInfo::current_ats, GSC_KeyExchangeInfo::current_epoch, GSC_KeyExchangeInfo::current_sqn, derive_hs(), derive_ihts(), derive_initial_ats(), derive_ms(), derive_per_message_secrets(), derive_rhts(), GSC_KeyExchangeInfo::early_secret_key, env, finished, generate_responder_finished(), GNUNET_assert, GNUNET_CORE_KX_STATE_RESPONDER_HELLO_SENT, GNUNET_CRYPTO_eddsa_kem_encaps(), GNUNET_CRYPTO_hash_context_abort(), GNUNET_CRYPTO_hash_context_copy(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hpke_kem_encaps(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_u64(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_h2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_RESPONDER_HELLO, GNUNET_MQ_msg_extra, GNUNET_MQ_send_copy(), GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GSC_KeyExchangeInfo::handshake_secret, GSC_KeyExchangeInfo::ihts, GSC_KeyExchangeInfo::master_secret, monitor_notify_all(), GSC_KeyExchangeInfo::mq, my_services_info, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::pk_e, GNUNET_PeerIdentity::public_key, ResponderHello::r_R, GSC_KeyExchangeInfo::resend_env, RESEND_MAX_TRIES, resend_responder_hello(), GSC_KeyExchangeInfo::resend_task, RESEND_TIMEOUT, GSC_KeyExchangeInfo::resend_tries_left, ret, GSC_KeyExchangeInfo::rhts, ROLE_RESPONDER, snapshot_transcript(), GSC_KeyExchangeInfo::ss_e, GSC_KeyExchangeInfo::ss_I, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::transcript_hash_ctx, and transport.
Referenced by handle_initiator_hello_cont().
|
static |
Definition at line 1406 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, AEAD_TAG_BYTES, derive_es_ets(), derive_per_message_secrets(), GSC_KeyExchangeInfo::early_secret_key, GSC_KeyExchangeInfo::early_traffic_secret, GNUNET_break_op, GNUNET_CONTAINER_DLL_remove, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_CRYPTO_hash_context_abort(), GNUNET_CRYPTO_hash_context_read(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, GNUNET_memcpy, GSC_my_identity, InitiatorHello::header, InitiatorHelloCtx::ihm_e, InitiatorHelloCtx::kx, monitor_notify_all(), PilsRequest::op, GSC_KeyExchangeInfo::peer, pils_requests_head, pils_requests_tail, GSC_KeyExchangeInfo::pk_e, InitiatorHello::pk_e, InitiatorHelloPayload::pk_I, InitiatorHelloCtx::req, ret, send_responder_hello(), GNUNET_MessageHeader::size, snapshot_transcript(), GSC_KeyExchangeInfo::ss_R, and GSC_KeyExchangeInfo::transcript_hash_ctx.
Referenced by handle_initiator_hello().
|
static |
Definition at line 1530 of file gnunet-service-core_kx.c.
References AEAD_TAG_BYTES, GNUNET_OK, GNUNET_SYSERR, m, and size.
|
static |
Handle the InitiatorHello message.
cls | the key exchange info |
ihm_e | InitiatorHello message |
Definition at line 1553 of file gnunet-service-core_kx.c.
References InitiatorHello::c_R, gettext_noop, GNUNET_assert, GNUNET_break_op, GNUNET_CONTAINER_DLL_insert, GNUNET_CORE_KX_STATE_INITIATOR_HELLO_RECEIVED, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_context_abort(), GNUNET_CRYPTO_hash_context_start(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_malloc, GNUNET_memcpy, GNUNET_new, GNUNET_NO, GNUNET_PILS_kem_decaps(), GNUNET_STATISTICS_update(), GSC_my_identity, GSC_stats, InitiatorHello::h_pk_R, handle_initiator_hello_cont(), InitiatorHello::header, InitiatorHelloCtx::ihm_e, InitiatorHelloCtx::kx, PilsRequest::op, pils, pils_requests_head, pils_requests_tail, InitiatorHelloCtx::req, GSC_KeyExchangeInfo::role, ROLE_INITIATOR, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, and GSC_KeyExchangeInfo::transcript_hash_ctx.
|
static |
Definition at line 1664 of file gnunet-service-core_kx.c.
References GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_MQ_send_copy(), GNUNET_SCHEDULER_add_delayed(), GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::resend_env, resend_initiator_done(), GSC_KeyExchangeInfo::resend_task, RESEND_TIMEOUT, GSC_KeyExchangeInfo::resend_tries_left, and restart_kx().
Referenced by handle_responder_hello_cont(), and resend_initiator_done().
|
static |
Definition at line 1688 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, AEAD_TAG_BYTES, GSC_KeyExchangeInfo::current_ats, GSC_KeyExchangeInfo::current_epoch, GSC_KeyExchangeInfo::current_sqn, ResponderHelloCls::decrypted_finish, derive_initial_ats(), derive_ms(), derive_next_ats(), derive_per_message_secrets(), env, InitiatorDone::finished, ResponderHelloCls::finished_enc, generate_initiator_finished(), generate_responder_finished(), GNUNET_assert, GNUNET_CONTAINER_DLL_remove, GNUNET_CORE_KX_STATE_INITIATOR_DONE_SENT, GNUNET_CRYPTO_hash_context_abort(), GNUNET_CRYPTO_hash_context_read(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_h2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ACK, GNUNET_MESSAGE_TYPE_CORE_INITIATOR_DONE, GNUNET_MQ_msg_extra, GNUNET_MQ_send_copy(), GNUNET_SCHEDULER_add_delayed(), GSC_KeyExchangeInfo::handshake_secret, ResponderHelloCls::hc, ConfirmationAck::header, ResponderHelloCls::hs, GSC_KeyExchangeInfo::ihts, ResponderHelloCls::ihts, ResponderHelloCls::kx, GSC_KeyExchangeInfo::master_secret, MAX_EPOCHS, monitor_notify_all(), GSC_KeyExchangeInfo::mq, PilsRequest::op, GSC_KeyExchangeInfo::peer, pils_requests_head, pils_requests_tail, ResponderHelloCls::req, GSC_KeyExchangeInfo::resend_env, resend_initiator_done(), RESEND_MAX_TRIES, GSC_KeyExchangeInfo::resend_task, RESEND_TIMEOUT, GSC_KeyExchangeInfo::resend_tries_left, ResponderHelloCls::rhp, GSC_KeyExchangeInfo::rhts, ResponderHelloCls::rhts, ROLE_INITIATOR, ROLE_RESPONDER, GNUNET_MessageHeader::size, snapshot_transcript(), GSC_KeyExchangeInfo::ss_e, ResponderHelloCls::ss_e, GSC_KeyExchangeInfo::ss_I, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::their_ats, GSC_KeyExchangeInfo::their_max_epoch, GSC_KeyExchangeInfo::transcript_hash_ctx, transport, and GNUNET_MessageHeader::type.
Referenced by handle_responder_hello().
|
static |
Definition at line 1868 of file gnunet-service-core_kx.c.
References AEAD_TAG_BYTES, GNUNET_OK, GNUNET_SYSERR, m, and size.
|
static |
Handle Responder Hello message.
cls | key exchange info |
rhm_e | ResponderHello message |
Definition at line 1889 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, AEAD_TAG_BYTES, ResponderHello::c_e, ResponderHelloPayload::c_I, ResponderHelloCls::decrypted_finish, derive_hs(), derive_ihts(), derive_per_message_secrets(), derive_rhts(), GSC_KeyExchangeInfo::early_secret_key, ResponderHelloCls::finished_enc, GNUNET_break_op, GNUNET_CONTAINER_DLL_insert, GNUNET_CRYPTO_hash_context_copy(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hpke_kem_decaps(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_h2s(), GNUNET_log, GNUNET_malloc, GNUNET_memcpy, GNUNET_new, GNUNET_OK, GNUNET_PILS_kem_decaps(), GNUNET_SCHEDULER_cancel(), handle_responder_hello_cont(), ResponderHelloCls::hc, ResponderHello::header, ResponderHelloCls::hs, ResponderHelloCls::ihts, ResponderHelloCls::kx, PilsRequest::op, pils, pils_requests_head, pils_requests_tail, ResponderHelloCls::req, GSC_KeyExchangeInfo::resend_env, GSC_KeyExchangeInfo::resend_task, ret, ResponderHelloCls::rhm_e, ResponderHelloCls::rhp, ResponderHelloCls::rhts, GSC_KeyExchangeInfo::role, ROLE_RESPONDER, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::sk_e, snapshot_transcript(), ResponderHelloCls::ss_e, and GSC_KeyExchangeInfo::transcript_hash_ctx.
|
static |
Definition at line 2049 of file gnunet-service-core_kx.c.
References GNUNET_OK, GNUNET_SYSERR, m, and size.
|
static |
Handle InitiatorDone message.
cls | key exchange info |
idm_e | InitiatorDone message |
FIXME we do not really have to calculate all this now
Definition at line 2067 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, AEAD_TAG_BYTES, GSC_KeyExchangeInfo::class, cleanup_handshake_secrets(), GSC_KeyExchangeInfo::current_epoch_expiration, GSC_KeyExchangeInfo::current_sqn, derive_initial_ats(), derive_next_ats(), derive_per_message_secrets(), EPOCH_EXPIRATION, InitiatorDone::finished, generate_initiator_finished(), GNUNET_assert, GNUNET_break_op, GNUNET_CORE_KX_STATE_RESPONDER_CONNECTED, GNUNET_CRYPTO_hash_context_abort(), GNUNET_CRYPTO_hash_context_copy(), GNUNET_CRYPTO_hash_context_read(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_h2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_ACK, GNUNET_SCHEDULER_cancel(), GNUNET_TIME_relative_to_absolute(), GSC_KX_encrypt_and_transmit(), GSC_SESSIONS_create(), ConfirmationAck::header, GSC_KeyExchangeInfo::heartbeat_task, GSC_KeyExchangeInfo::ihts, GSC_KeyExchangeInfo::master_secret, MAX_EPOCHS, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::resend_env, GSC_KeyExchangeInfo::resend_task, ret, GSC_KeyExchangeInfo::role, ROLE_INITIATOR, GNUNET_MessageHeader::size, snapshot_transcript(), GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::their_ats, GSC_KeyExchangeInfo::transcript_hash_ctx, transport, GNUNET_MessageHeader::type, and update_timeout().
|
static |
Check an incoming encrypted message before handling it.
cls | key exchange info |
m | the encrypted message |
Definition at line 2231 of file gnunet-service-core_kx.c.
References GNUNET_break_op, GNUNET_OK, GNUNET_SYSERR, m, and size.
|
static |
Handle a key update.
cls | key exchange info |
m | KeyUpdate message |
Definition at line 2253 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::current_ats, GSC_KeyExchangeInfo::current_epoch, GSC_KeyExchangeInfo::current_epoch_expiration, GSC_KeyExchangeInfo::current_sqn, derive_next_ats(), EPOCH_EXPIRATION, GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ACK, GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), GNUNET_TIME_relative_to_absolute(), GSC_HEARTBEAT_KEY_UPDATE_REQUESTED, GSC_KX_encrypt_and_transmit(), ConfirmationAck::header, GSC_KeyExchangeInfo::heartbeat_task, m, MIN_HEARTBEAT_FREQUENCY, GSC_KeyExchangeInfo::peer, send_heartbeat(), GNUNET_MessageHeader::size, transport, GNUNET_MessageHeader::type, and update_timeout().
Referenced by check_if_ack_or_heartbeat().
|
static |
Waiting for ACK or heartbeat
Definition at line 2297 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::class, cleanup_handshake_secrets(), GSC_KeyExchangeInfo::current_epoch_expiration, EPOCH_EXPIRATION, GNUNET_CORE_KX_STATE_INITIATOR_CONNECTED, GNUNET_CORE_KX_STATE_INITIATOR_DONE_SENT, GNUNET_free, GNUNET_MESSAGE_TYPE_CORE_ACK, GNUNET_MESSAGE_TYPE_CORE_HEARTBEAT, GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_TIME_relative_to_absolute(), GNUNET_YES, GSC_SESSIONS_create(), handle_heartbeat(), ConfirmationAck::header, Heartbeat::header, monitor_notify_all(), msg, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::resend_env, GSC_KeyExchangeInfo::resend_task, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, GNUNET_MessageHeader::type, and update_timeout().
Referenced by handle_encrypted_message().
|
static |
handle an encrypted message
cls | key exchange info |
m | encrypted message |
Derive temporarily as we want to discard on decryption failure(s)
Prevent DoS FIXME maybe requires its own limit.
Definition at line 2356 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, check_if_ack_or_heartbeat(), derive_next_ats(), derive_per_message_secrets(), derive_sn(), EncryptedMessage::epoch, GNUNET_ALIGN, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_INITIATOR_CONNECTED, GNUNET_CORE_KX_STATE_INITIATOR_DONE_SENT, GNUNET_CORE_KX_STATE_RESPONDER_CONNECTED, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_MST_from_buffer(), GNUNET_NO, GNUNET_ntohll(), GNUNET_OK, GNUNET_print_bytes(), GNUNET_YES, GSC_SESSIONS_end(), m, MAX_EPOCHS, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, restart_kx(), ret, size, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::their_ats, GSC_KeyExchangeInfo::their_max_epoch, transport, and update_timeout().
|
static |
Function called by transport telling us that a peer disconnected.
Stop key exchange with the given peer. Clean up key material.
cls | closure |
peer | the peer that disconnected |
handler_cls | the struct GSC_KeyExchangeInfo of the peer |
Definition at line 2532 of file gnunet-service-core_kx.c.
References gettext_noop, GNUNET_CONTAINER_DLL_remove, GNUNET_CORE_KX_PEER_DISCONNECT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_MST_destroy(), GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::heartbeat_task, kx_head, kx_tail, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::resend_env, GSC_KeyExchangeInfo::resend_task, and GSC_KeyExchangeInfo::status.
Referenced by GSC_KX_init().
|
static |
Definition at line 2571 of file gnunet-service-core_kx.c.
References GNUNET_ERROR_TYPE_WARNING, GNUNET_log, GNUNET_MQ_send_copy(), GNUNET_SCHEDULER_add_delayed(), GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::resend_env, resend_initiator_hello(), GSC_KeyExchangeInfo::resend_task, and RESEND_TIMEOUT.
Referenced by resend_initiator_hello(), and send_initiator_hello().
|
static |
Definition at line 2707 of file gnunet-service-core_kx.c.
References GNUNET_TIME_Absolute::abs_value_us, GSC_KeyExchangeInfo::current_ats, GSC_KeyExchangeInfo::current_epoch, GSC_KeyExchangeInfo::current_epoch_expiration, GSC_KeyExchangeInfo::current_sqn, derive_next_ats(), EPOCH_EXPIRATION, GNUNET_assert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_TIME_absolute_is_past(), and GNUNET_TIME_relative_to_absolute().
Referenced by GSC_KX_encrypt_and_transmit().
void GSC_KX_encrypt_and_transmit | ( | struct GSC_KeyExchangeInfo * | kx, |
const void * | payload, | ||
size_t | payload_size | ||
) |
Encrypt and transmit payload.
Encrypt and transmit a message with the given payload.
kx | key exchange info |
payload | the payload |
payload_size | size of the payload |
Definition at line 2741 of file gnunet-service-core_kx.c.
References AEAD_KEY_BYTES, AEAD_NONCE_BYTES, check_rekey(), GSC_KeyExchangeInfo::current_ats, GSC_KeyExchangeInfo::current_epoch, GSC_KeyExchangeInfo::current_sqn, derive_per_message_secrets(), derive_sn(), env, EncryptedMessage::epoch, GNUNET_assert, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_htonll(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE_CAKE, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_NO, GNUNET_print_bytes(), GSC_KeyExchangeInfo::mq, payload, ret, EncryptedMessage::sequence_number, and EncryptedMessage::tag.
Referenced by handle_heartbeat(), handle_initiator_done(), send_heartbeat(), and try_transmission().
|
static |
Callback for PILS to be called once the peer id changes.
cls | unused |
peer_id | the new peer id |
hash | the hash of the addresses corresponding to the fed addresses |
Definition at line 2838 of file gnunet-service-core_kx.c.
References GNUNET_ERROR_TYPE_INFO, GNUNET_HELLO_parser_get_id(), GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_YES, GSC_complete_initialization_cb(), GSC_my_identity, and init_phase.
Referenced by GSC_KX_init().
int GSC_KX_init | ( | void | ) |
Initialize KX subsystem.
Definition at line 2865 of file gnunet-service-core_kx.c.
References GNUNET_ERROR_TYPE_DEBUG, GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE_CAKE, GNUNET_MESSAGE_TYPE_CORE_INITIATOR_DONE, GNUNET_MESSAGE_TYPE_CORE_INITIATOR_HELLO, GNUNET_MESSAGE_TYPE_CORE_RESPONDER_HELLO, GNUNET_MQ_handler_end, GNUNET_MQ_hd_var_size, GNUNET_notification_context_create(), GNUNET_OK, GNUNET_PILS_connect(), GNUNET_SYSERR, GNUNET_TRANSPORT_core_connect(), GNUNET_YES, GSC_cfg, GSC_KX_done(), GSC_my_identity, handle_transport_notify_connect(), handle_transport_notify_disconnect(), handlers, init_phase, nc, peer_id_change_cb(), pils, and transport.
Referenced by run().
void GSC_KX_done | ( | void | ) |
Shutdown KX subsystem.
Definition at line 2928 of file gnunet-service-core_kx.c.
References GNUNET_CONTAINER_DLL_remove, GNUNET_free, GNUNET_notification_context_destroy(), GNUNET_PILS_cancel(), GNUNET_PILS_disconnect(), GNUNET_SCHEDULER_cancel(), GNUNET_TRANSPORT_core_disconnect(), nc, PilsRequest::op, pils, pils_requests_head, pils_requests_tail, rekey_task, and transport.
Referenced by GSC_KX_init(), and shutdown_task().
unsigned int GSC_NEIGHBOURS_get_queue_length | ( | const struct GSC_KeyExchangeInfo * | kxinfo | ) |
Check how many messages are queued for the given neighbour.
kxinfo | data about neighbour to check |
Definition at line 2970 of file gnunet-service-core_kx.c.
References GNUNET_MQ_get_length(), and GSC_KeyExchangeInfo::mq.
Referenced by try_transmission().
int GSC_NEIGHBOURS_check_excess_bandwidth | ( | const struct GSC_KeyExchangeInfo * | target | ) |
Check if the given neighbour has excess bandwidth available.
target | neighbour to check |
Definition at line 2977 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::has_excess_bandwidth.
Referenced by try_transmission().
void GSC_KX_handle_client_monitor_peers | ( | struct GNUNET_MQ_Handle * | mq | ) |
Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.
For this request type, the client does not have to have transmitted an INIT request. All current peers are returned, regardless of which message types they accept.
mq | message queue to add for monitoring |
Definition at line 2992 of file gnunet-service-core_kx.c.
References env, GNUNET_CORE_KX_ITERATION_FINISHED, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_notification_context_add(), GNUNET_TIME_absolute_hton(), GNUNET_TIME_UNIT_FOREVER_ABS, kx_head, mq, msg, nc, GSC_KeyExchangeInfo::next, GSC_KeyExchangeInfo::peer, MonitorNotifyMessage::state, GSC_KeyExchangeInfo::status, MonitorNotifyMessage::timeout, and GSC_KeyExchangeInfo::timeout.
Referenced by handle_client_monitor_peers().
|
static |
PILS Operation DLL.
Definition at line 402 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), handle_initiator_hello(), handle_initiator_hello_cont(), handle_responder_hello(), and handle_responder_hello_cont().
|
static |
PILS Operation DLL.
Definition at line 407 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), handle_initiator_hello(), handle_initiator_hello_cont(), handle_responder_hello(), and handle_responder_hello_cont().
|
static |
Pils service.
Definition at line 413 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), GSC_KX_init(), handle_initiator_hello(), and handle_responder_hello().
|
static |
Transport service.
Definition at line 419 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), GSC_KX_init(), handle_encrypted_message(), handle_heartbeat(), handle_initiator_done(), handle_responder_hello_cont(), and send_responder_hello().
|
static |
DLL head.
Definition at line 424 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_handle_client_monitor_peers(), handle_transport_notify_connect(), and handle_transport_notify_disconnect().
|
static |
DLL tail.
Definition at line 429 of file gnunet-service-core_kx.c.
Referenced by handle_transport_notify_connect(), and handle_transport_notify_disconnect().
|
static |
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
Definition at line 435 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done().
|
static |
Notification context for broadcasting to monitors.
Definition at line 440 of file gnunet-service-core_kx.c.
Referenced by client_connect_cb(), client_connect_cb(), client_disconnect_cb(), client_disconnect_cb(), GNS_resolver_init(), GNUNET_BANDWIDTH_tracker_consume(), GNUNET_CORE_UNDERLAY_DUMMY_connect(), GNUNET_notification_context_add(), GNUNET_notification_context_broadcast(), GNUNET_notification_context_create(), GNUNET_notification_context_destroy(), GNUNET_notification_context_get_size(), GNUNET_TRANSPORT_TESTING_start_peer(), GSC_KX_done(), GSC_KX_handle_client_monitor_peers(), GSC_KX_init(), handle_block_cache(), handle_edit_record_set(), handle_edit_record_set_cancel(), handle_iteration_next(), handle_iteration_start(), handle_iteration_stop(), handle_lookup_block(), handle_monitor_next(), handle_monitor_start(), handle_mq_destroy(), handle_record_lookup(), handle_record_store(), handle_zone_to_name(), monitor_iteration_next(), monitor_notify_all(), run_zone_iteration_round(), send_lookup_response_with_filter(), send_store_response(), and store_record_set().
|
static |
Indicates whether we are still in the initialisation phase (waiting for our peer id).
Definition at line 446 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_init(), and peer_id_change_cb().
|
static |
Our services info string TODO.
Definition at line 451 of file gnunet-service-core_kx.c.
Referenced by send_initiator_hello(), and send_responder_hello().