code for managing the key exchange (SET_KEY, PING, PONG) with other peers More...
#include "platform.h"
#include "gnunet-service-core_kx.h"
#include "gnunet-service-core.h"
#include "gnunet-service-core_sessions.h"
#include "gnunet_statistics_service.h"
#include "gnunet_transport_service.h"
#include "gnunet_constants.h"
#include "gnunet_signatures.h"
#include "gnunet_protocols.h"
#include "core.h"
Go to the source code of this file.
Data Structures | |
struct | EncryptedMessage |
Encapsulation for encrypted messages exchanged between peers. More... | |
struct | GSC_KeyExchangeInfo |
Information about the status of a key exchange with another peer. More... | |
Macros | |
#define | DEBUG_KX 0 |
Enable expensive (and possibly problematic for privacy!) logging of KX. More... | |
#define | INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) |
How long do we wait for SET_KEY confirmation initially? More... | |
#define | MIN_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
What is the minimum frequency for a PING message? More... | |
#define | REKEY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
How often do we rekey? More... | |
#define | REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
What time difference do we tolerate? More... | |
#define | MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS |
What is the maximum age of a message for us to consider processing it? Note that this looks at the timestamp used by the other peer, so clock skew between machines does come into play here. More... | |
#define | ENCRYPTED_HEADER_SIZE (offsetof (struct EncryptedMessage, sequence_number)) |
Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted. More... | |
Functions | |
static uint32_t | calculate_seed (struct GSC_KeyExchangeInfo *kx) |
Calculate seed value we should use for a message. More... | |
static void | monitor_notify_all (struct GSC_KeyExchangeInfo *kx) |
Inform all monitors about the KX state of the given peer. More... | |
static void | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed) |
Derive an authentication key from "set key" information. More... | |
static void | derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity) |
Derive an IV from packet information. More... | |
static void | derive_pong_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, uint32_t challenge, const struct GNUNET_PeerIdentity *identity) |
Derive an IV from pong packet information. More... | |
static void | derive_aes_key (const struct GNUNET_PeerIdentity *sender, const struct GNUNET_PeerIdentity *receiver, const struct GNUNET_HashCode *key_material, struct GNUNET_CRYPTO_SymmetricSessionKey *skey) |
Derive an AES key from key material. More... | |
static int | do_encrypt (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size) |
Encrypt size bytes from in and write the result to out. More... | |
static int | do_decrypt (struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size) |
Decrypt size bytes from in and write the result to out. More... | |
static void | send_key (struct GSC_KeyExchangeInfo *kx) |
Send our key (and encrypted PING) to the other peer. More... | |
static void | set_key_retry_task (void *cls) |
Task that will retry send_key() if our previous attempt failed. More... | |
static void | setup_fresh_ping (struct GSC_KeyExchangeInfo *kx) |
Create a fresh PING message for transmission to the other peer. More... | |
static int | deliver_message (void *cls, const struct GNUNET_MessageHeader *m) |
Deliver P2P message to interested clients. More... | |
static void * | handle_transport_notify_connect (void *cls, const struct GNUNET_PeerIdentity *pid, struct GNUNET_MQ_Handle *mq) |
Function called by transport to notify us that a peer connected to us (on the network level). More... | |
static void | handle_transport_notify_disconnect (void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls) |
Function called by transport telling us that a peer disconnected. More... | |
static void | send_ping (struct GSC_KeyExchangeInfo *kx) |
Send our PING to the other peer. More... | |
static void | derive_session_keys (struct GSC_KeyExchangeInfo *kx) |
Derive fresh session keys from the current ephemeral keys. More... | |
static void | handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m) |
We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message. More... | |
static void | handle_ping (void *cls, const struct PingMessage *m) |
We received a PING message. More... | |
static void | send_keep_alive (void *cls) |
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a PING). More... | |
static void | update_timeout (struct GSC_KeyExchangeInfo *kx) |
We've seen a valid message from the other peer. More... | |
static void | handle_pong (void *cls, const struct PongMessage *m) |
We received a PONG message. More... | |
void | GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, const void *payload, size_t payload_size) |
Encrypt and transmit a message with the given payload. More... | |
static int | check_encrypted (void *cls, const struct EncryptedMessage *m) |
We received an encrypted message. More... | |
static void | handle_encrypted (void *cls, const struct EncryptedMessage *m) |
We received an encrypted message. More... | |
static void | handle_transport_notify_excess_bw (void *cls, const struct GNUNET_PeerIdentity *pid, void *connect_cls) |
One of our neighbours has excess bandwidth, remember this. More... | |
static void | sign_ephemeral_key () |
Setup the message that links the ephemeral key to our persistent public key and generate the appropriate signature. More... | |
static void | do_rekey (void *cls) |
Task run to trigger rekeying. More... | |
int | GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) |
Initialize KX subsystem. More... | |
void | GSC_KX_done () |
Shutdown KX subsystem. More... | |
unsigned int | GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *kxinfo) |
Check how many messages are queued for the given neighbour. More... | |
int | GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *kxinfo) |
Check if the given neighbour has excess bandwidth available. More... | |
void | GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq) |
Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request. More... | |
Variables | |
static struct GNUNET_TRANSPORT_CoreHandle * | transport |
Transport service. More... | |
static struct GNUNET_CRYPTO_EddsaPrivateKey | my_private_key |
Our private key. More... | |
static struct GNUNET_CRYPTO_EcdhePrivateKey | my_ephemeral_key |
Our ephemeral private key. More... | |
static struct EphemeralKeyMessage | current_ekm |
Current message we send for a key exchange. More... | |
static struct GSC_KeyExchangeInfo * | kx_head |
DLL head. More... | |
static struct GSC_KeyExchangeInfo * | kx_tail |
DLL tail. More... | |
static struct GNUNET_SCHEDULER_Task * | rekey_task |
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key. More... | |
static struct GNUNET_NotificationContext * | nc |
Notification context for broadcasting to monitors. More... | |
code for managing the key exchange (SET_KEY, PING, PONG) with other peers
Definition in file gnunet-service-core_kx.c.
#define DEBUG_KX 0 |
Enable expensive (and possibly problematic for privacy!) logging of KX.
Definition at line 41 of file gnunet-service-core_kx.c.
#define INITIAL_SET_KEY_RETRY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10) |
How long do we wait for SET_KEY confirmation initially?
Definition at line 46 of file gnunet-service-core_kx.c.
#define MIN_PING_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5) |
What is the minimum frequency for a PING message?
Definition at line 52 of file gnunet-service-core_kx.c.
#define REKEY_FREQUENCY GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12) |
How often do we rekey?
Definition at line 58 of file gnunet-service-core_kx.c.
#define REKEY_TOLERANCE GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5) |
What time difference do we tolerate?
Definition at line 64 of file gnunet-service-core_kx.c.
#define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS |
What is the maximum age of a message for us to consider processing it? Note that this looks at the timestamp used by the other peer, so clock skew between machines does come into play here.
So this should be picked high enough so that a little bit of clock skew does not prevent peers from connecting to us.
Definition at line 74 of file gnunet-service-core_kx.c.
#define ENCRYPTED_HEADER_SIZE (offsetof (struct EncryptedMessage, sequence_number)) |
Number of bytes (at the beginning) of struct EncryptedMessage
that are NOT encrypted.
Definition at line 128 of file gnunet-service-core_kx.c.
|
static |
Calculate seed value we should use for a message.
kx | key exchange context |
Definition at line 296 of file gnunet-service-core_kx.c.
References GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_u32().
Referenced by GSC_KX_encrypt_and_transmit(), handle_ping(), and setup_fresh_ping().
|
static |
Inform all monitors about the KX state of the given peer.
kx | key exchange state to inform about |
Definition at line 312 of file gnunet-service-core_kx.c.
References GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY, GNUNET_NO, GNUNET_notification_context_broadcast(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::last_notify_timeout, msg, nc, GSC_KeyExchangeInfo::peer, GNUNET_MessageHeader::size, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::timeout, and GNUNET_MessageHeader::type.
Referenced by do_rekey(), handle_encrypted(), handle_ephemeral_key(), handle_pong(), handle_transport_notify_connect(), handle_transport_notify_disconnect(), send_keep_alive(), and update_timeout().
|
static |
Derive an authentication key from "set key" information.
akey | authentication key to derive |
skey | session key to use |
seed | seed to use |
Definition at line 334 of file gnunet-service-core_kx.c.
References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac_derive_key(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_log, and sh.
Referenced by GSC_KX_encrypt_and_transmit(), and handle_encrypted().
|
static |
Derive an IV from packet information.
iv | initialization vector to initialize |
skey | session key to use |
seed | seed to use |
identity | identity of the other peer to use |
Definition at line 371 of file gnunet-service-core_kx.c.
References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_symmetric_derive_iv(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, identity, and sh.
Referenced by GSC_KX_encrypt_and_transmit(), handle_encrypted(), handle_ping(), and setup_fresh_ping().
|
static |
Derive an IV from pong packet information.
iv | initialization vector to initialize |
skey | session key to use |
seed | seed to use |
challenge | nonce to use |
identity | identity of the other peer to use |
Definition at line 410 of file gnunet-service-core_kx.c.
References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_symmetric_derive_iv(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, identity, and sh.
Referenced by handle_ping(), and handle_pong().
|
static |
Derive an AES key from key material.
sender | peer identity of the sender |
receiver | peer identity of the sender |
key_material | high entropy key material to use |
skey | set to derived session key |
Definition at line 452 of file gnunet-service-core_kx.c.
References ctx, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_kdf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_log, receiver(), and sh.
Referenced by derive_session_keys().
|
static |
Encrypt size bytes from in and write the result to out.
Use the kx key for outbound traffic of the given neighbour.
kx | key information context |
iv | initialization vector to use |
in | ciphertext |
out | plaintext |
size | size of in / out |
Definition at line 496 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::encrypt_key, gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_crc32_n(), GNUNET_CRYPTO_symmetric_encrypt(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_stats, GSC_KeyExchangeInfo::peer, and size.
Referenced by GSC_KX_encrypt_and_transmit(), handle_ping(), and setup_fresh_ping().
|
static |
Decrypt size bytes from in and write the result to out.
Use the kx key for inbound traffic of the given neighbour. This function does NOT do any integrity-checks on the result.
kx | key information context |
iv | initialization vector to use |
in | ciphertext |
out | plaintext |
size | size of in / out |
Definition at line 543 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::decrypt_key, gettext_noop, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_crc32_n(), GNUNET_CRYPTO_symmetric_decrypt(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GNUNET_SYSERR, GSC_stats, GSC_KeyExchangeInfo::peer, size, and GSC_KeyExchangeInfo::status.
Referenced by handle_encrypted(), handle_ping(), and handle_pong().
|
static |
Send our key (and encrypted PING) to the other peer.
Send our key to the other peer.
kx | key exchange context |
Definition at line 1359 of file gnunet-service-core_kx.c.
References current_ekm, env, EphemeralKeyMessage::ephemeral_key, GNUNET_assert, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_i2s(), GNUNET_log, GNUNET_MQ_msg_copy(), GNUNET_MQ_send(), GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), EphemeralKeyMessage::header, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::retry_set_key_task, send_ping(), EphemeralKeyMessage::sender_status, GSC_KeyExchangeInfo::set_key_retry_frequency, set_key_retry_task(), and GSC_KeyExchangeInfo::status.
Referenced by do_rekey(), handle_encrypted(), handle_ephemeral_key(), handle_transport_notify_connect(), send_keep_alive(), and set_key_retry_task().
|
static |
Task that will retry send_key() if our previous attempt failed.
cls | our struct GSC_KeyExchangeInfo |
Definition at line 603 of file gnunet-service-core_kx.c.
References GNUNET_assert, GNUNET_CORE_KX_STATE_DOWN, GNUNET_TIME_STD_BACKOFF, GSC_KeyExchangeInfo::retry_set_key_task, send_key(), GSC_KeyExchangeInfo::set_key_retry_frequency, and GSC_KeyExchangeInfo::status.
Referenced by handle_transport_notify_connect(), and send_key().
|
static |
Create a fresh PING message for transmission to the other peer.
kx | key exchange context to create PING for |
Definition at line 621 of file gnunet-service-core_kx.c.
References calculate_seed(), PingMessage::challenge, derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_u32(), GNUNET_MESSAGE_TYPE_CORE_PING, GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::ping, GSC_KeyExchangeInfo::ping_challenge, pm, and PingMessage::target.
Referenced by derive_session_keys(), and send_keep_alive().
|
static |
Deliver P2P message to interested clients.
Invokes send twice, once for clients that want the full message, and once for clients that only want the header
cls | the struct GSC_KeyExchangeInfo |
m | the message |
Definition at line 657 of file gnunet-service-core_kx.c.
References gettext_noop, GNUNET_CORE_KX_STATE_UP, GNUNET_CORE_OPTION_SEND_FULL_INBOUND, GNUNET_CORE_OPTION_SEND_HDR_INBOUND, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP, GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP, GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP, GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_CLIENTS_deliver_message(), GSC_SESSIONS_confirm_typemap(), GSC_SESSIONS_set_typemap(), GSC_stats, m, GSC_KeyExchangeInfo::peer, and GSC_KeyExchangeInfo::status.
Referenced by handle_transport_notify_connect().
|
static |
Function called by transport to notify us that a peer connected to us (on the network level).
Starts the key exchange with the given peer.
cls | closure (NULL) |
pid | identity of the peer to do a key exchange with |
Definition at line 708 of file gnunet-service-core_kx.c.
References deliver_message(), gettext_noop, GNUNET_CONTAINER_DLL_insert, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_cmp(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_MST_create(), GNUNET_new, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_UNIT_SECONDS, GSC_my_identity, GSC_stats, INITIAL_SET_KEY_RETRY_FREQUENCY, kx_head, kx_tail, monitor_notify_all(), mq, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, pid, GSC_KeyExchangeInfo::retry_set_key_task, send_key(), GSC_KeyExchangeInfo::set_key_retry_frequency, set_key_retry_task(), and GSC_KeyExchangeInfo::status.
Referenced by GSC_KX_init().
|
static |
Function called by transport telling us that a peer disconnected.
Stop key exchange with the given peer. Clean up key material.
cls | closure |
peer | the peer that disconnected |
handler_cls | the struct GSC_KeyExchangeInfo of the peer |
Definition at line 765 of file gnunet-service-core_kx.c.
References gettext_noop, GNUNET_CONTAINER_DLL_remove, GNUNET_CORE_KX_PEER_DISCONNECT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_i2s(), GNUNET_log, GNUNET_MST_destroy(), GNUNET_NO, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, kx_head, kx_tail, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, peer, GSC_KeyExchangeInfo::retry_set_key_task, and GSC_KeyExchangeInfo::status.
Referenced by GSC_KX_init().
|
static |
Send our PING to the other peer.
kx | key exchange context |
Definition at line 803 of file gnunet-service-core_kx.c.
References env, gettext_noop, GNUNET_MQ_msg_copy(), GNUNET_MQ_send(), GNUNET_NO, GNUNET_STATISTICS_update(), GSC_stats, PingMessage::header, GSC_KeyExchangeInfo::mq, and GSC_KeyExchangeInfo::ping.
Referenced by handle_ephemeral_key(), send_keep_alive(), and send_key().
|
static |
Derive fresh session keys from the current ephemeral keys.
kx | session to derive keys for |
Definition at line 822 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::decrypt_key, derive_aes_key(), GSC_KeyExchangeInfo::encrypt_key, GNUNET_break, GNUNET_CRYPTO_ecc_ecdh(), GNUNET_OK, GSC_my_identity, GSC_KeyExchangeInfo::last_packets_bitmap, GSC_KeyExchangeInfo::last_sequence_number_received, my_ephemeral_key, GSC_KeyExchangeInfo::other_ephemeral_key, GSC_KeyExchangeInfo::peer, and setup_fresh_ping().
Referenced by do_rekey(), and handle_ephemeral_key().
|
static |
We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message.
Validate and update our key material and status.
cls | key exchange status for the corresponding peer |
m | the set key message we received |
Definition at line 852 of file gnunet-service-core_kx.c.
References _, GNUNET_TIME_Absolute::abs_value_us, derive_session_keys(), GSC_KeyExchangeInfo::foreign_key_expires, gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_eddsa_verify_(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_h2s(), GNUNET_i2s(), GNUNET_i2s_full(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_ntoh(), GNUNET_TIME_absolute_subtract(), GSC_SESSIONS_reinit(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, m, monitor_notify_all(), GSC_KeyExchangeInfo::other_ephemeral_key, GSC_KeyExchangeInfo::peer, REKEY_TOLERANCE, send_key(), send_ping(), and GSC_KeyExchangeInfo::status.
|
static |
We received a PING message.
Validate and transmit a PONG message.
cls | key exchange status for the corresponding peer |
m | the encrypted PING message itself |
Definition at line 1058 of file gnunet-service-core_kx.c.
References calculate_seed(), PongMessage::challenge, GSC_KeyExchangeInfo::decrypt_key, derive_iv(), derive_pong_iv(), do_decrypt(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, env, gettext_noop, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_i2s(), GNUNET_i2s2(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_STATISTICS_update(), GSC_my_identity, GSC_stats, PongMessage::iv_seed, m, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, PongMessage::reserved, GSC_KeyExchangeInfo::status, t, and PongMessage::target.
|
static |
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a PING).
cls | the struct GSC_KeyExchangeInfo |
Definition at line 1141 of file gnunet-service-core_kx.c.
References gettext_noop, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_SCHEDULER_add_delayed(), GNUNET_STATISTICS_update(), GNUNET_TIME_absolute_get_remaining(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_max(), GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, MIN_PING_FREQUENCY, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GNUNET_TIME_Relative::rel_value_us, send_key(), send_ping(), setup_fresh_ping(), GSC_KeyExchangeInfo::status, and GSC_KeyExchangeInfo::timeout.
Referenced by update_timeout().
|
static |
We've seen a valid message from the other peer.
Update the time when the session would time out and delay sending our keep alive message further.
kx | key exchange where we saw activity |
Definition at line 1185 of file gnunet-service-core_kx.c.
References delta, GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, GNUNET_SCHEDULER_add_delayed(), GNUNET_SCHEDULER_cancel(), GNUNET_TIME_absolute_get_difference(), GNUNET_TIME_relative_divide(), GNUNET_TIME_relative_to_absolute(), GSC_KeyExchangeInfo::keep_alive_task, GSC_KeyExchangeInfo::last_notify_timeout, monitor_notify_all(), GNUNET_TIME_Relative::rel_value_us, send_keep_alive(), and GSC_KeyExchangeInfo::timeout.
Referenced by handle_encrypted(), and handle_pong().
|
static |
We received a PONG message.
Validate and update our status.
kx | key exchange context for the the PONG |
m | the encrypted PONG message itself |
Definition at line 1215 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::decrypt_key, derive_pong_iv(), do_decrypt(), gettext_noop, GNUNET_assert, GNUNET_break, GNUNET_break_op, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_RECEIVED, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GSC_my_identity, GSC_SESSIONS_create(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, m, monitor_notify_all(), GSC_KeyExchangeInfo::peer, GSC_KeyExchangeInfo::ping_challenge, GSC_KeyExchangeInfo::retry_set_key_task, GSC_KeyExchangeInfo::status, t, and update_timeout().
void GSC_KX_encrypt_and_transmit | ( | struct GSC_KeyExchangeInfo * | kx, |
const void * | payload, | ||
size_t | payload_size | ||
) |
Encrypt and transmit a message with the given payload.
kx | key exchange context |
payload | payload of the message |
payload_size | number of bytes in 'payload' |
Definition at line 1397 of file gnunet-service-core_kx.c.
References calculate_seed(), derive_auth_key(), derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, ENCRYPTED_HEADER_SIZE, env, GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_h2s2(), GNUNET_i2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::has_excess_bandwidth, EncryptedMessage::hmac, EncryptedMessage::iv_seed, GSC_KeyExchangeInfo::last_sequence_number_sent, GSC_KeyExchangeInfo::mq, payload, GSC_KeyExchangeInfo::peer, ph, and EncryptedMessage::sequence_number.
Referenced by transmit_typemap_task(), and try_transmission().
|
static |
We received an encrypted message.
Check that it is well-formed (size-wise).
cls | key exchange context for encrypting the message |
m | encrypted message |
Definition at line 1470 of file gnunet-service-core_kx.c.
References GNUNET_break_op, GNUNET_OK, GNUNET_SYSERR, m, and size.
|
static |
We received an encrypted message.
Decrypt, validate and pass on to the appropriate clients.
cls | key exchange context for encrypting the message |
m | encrypted message |
Definition at line 1491 of file gnunet-service-core_kx.c.
References _, buf, GSC_KeyExchangeInfo::decrypt_key, derive_auth_key(), derive_iv(), do_decrypt(), ENCRYPTED_HEADER_SIZE, GSC_KeyExchangeInfo::foreign_key_expires, gettext_noop, GNUNET_ALIGN, GNUNET_break_op, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_h2s(), GNUNET_h2s2(), GNUNET_i2s(), GNUNET_log, GNUNET_MST_from_buffer(), GNUNET_NO, GNUNET_OK, GNUNET_SCHEDULER_cancel(), GNUNET_STATISTICS_update(), GNUNET_STRINGS_relative_time_to_string(), GNUNET_TIME_absolute_get_duration(), GNUNET_TIME_absolute_get_remaining(), GNUNET_TIME_absolute_ntoh(), GNUNET_YES, GSC_my_identity, GSC_SESSIONS_end(), GSC_stats, GSC_KeyExchangeInfo::keep_alive_task, GSC_KeyExchangeInfo::last_packets_bitmap, GSC_KeyExchangeInfo::last_sequence_number_received, m, MAX_MESSAGE_AGE, monitor_notify_all(), GSC_KeyExchangeInfo::mst, GSC_KeyExchangeInfo::peer, ph, GNUNET_TIME_Relative::rel_value_us, send_key(), EncryptedMessage::sequence_number, size, GSC_KeyExchangeInfo::status, t, EncryptedMessage::timestamp, and update_timeout().
|
static |
One of our neighbours has excess bandwidth, remember this.
cls | NULL |
pid | identity of the peer with excess bandwidth |
connect_cls | the struct Neighbour |
Definition at line 1688 of file gnunet-service-core_kx.c.
References GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_YES, GSC_SESSIONS_solicit(), GSC_KeyExchangeInfo::has_excess_bandwidth, and pid.
Referenced by GSC_KX_init().
|
static |
Setup the message that links the ephemeral key to our persistent public key and generate the appropriate signature.
Definition at line 1707 of file gnunet-service-core_kx.c.
References EphemeralKeyMessage::creation_time, current_ekm, EphemeralKeyMessage::ephemeral_key, EphemeralKeyMessage::expiration_time, GNUNET_assert, GNUNET_CONFIGURATION_get_value_yesno(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GNUNET_TIME_relative_add(), GNUNET_TIME_relative_to_absolute(), GNUNET_TIME_UNIT_FOREVER_ABS, GNUNET_YES, GSC_cfg, GSC_my_identity, EphemeralKeyMessage::header, my_ephemeral_key, my_private_key, EphemeralKeyMessage::origin_identity, EphemeralKeyMessage::purpose, GNUNET_CRYPTO_EccSignaturePurpose::purpose, REKEY_FREQUENCY, REKEY_TOLERANCE, EphemeralKeyMessage::sender_status, EphemeralKeyMessage::signature, GNUNET_MessageHeader::size, GNUNET_CRYPTO_EccSignaturePurpose::size, and GNUNET_MessageHeader::type.
Referenced by do_rekey(), and GSC_KX_init().
|
static |
Task run to trigger rekeying.
cls | closure, NULL |
Definition at line 1751 of file gnunet-service-core_kx.c.
References current_ekm, derive_session_keys(), EphemeralKeyMessage::ephemeral_key, GNUNET_CORE_KX_STATE_DOWN, GNUNET_CORE_KX_STATE_KEY_SENT, GNUNET_CORE_KX_STATE_REKEY_SENT, GNUNET_CORE_KX_STATE_UP, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_SCHEDULER_add_delayed(), kx_head, monitor_notify_all(), my_ephemeral_key, GSC_KeyExchangeInfo::next, REKEY_FREQUENCY, rekey_task, send_key(), sign_ephemeral_key(), and GSC_KeyExchangeInfo::status.
Referenced by GSC_KX_init().
int GSC_KX_init | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Initialize KX subsystem.
pk | private key to use for the peer |
Definition at line 1792 of file gnunet-service-core_kx.c.
References current_ekm, do_rekey(), EphemeralKeyMessage::ephemeral_key, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, GNUNET_MESSAGE_TYPE_CORE_PING, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_handler_end, GNUNET_MQ_hd_fixed_size, GNUNET_MQ_hd_var_size, GNUNET_notification_context_create(), GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GNUNET_SYSERR, GNUNET_TRANSPORT_core_connect(), GSC_cfg, GSC_KX_done(), GSC_my_identity, handle_transport_notify_connect(), handle_transport_notify_disconnect(), handle_transport_notify_excess_bw(), handlers, my_ephemeral_key, my_private_key, nc, ping(), pk, pong(), GNUNET_PeerIdentity::public_key, REKEY_FREQUENCY, rekey_task, sign_ephemeral_key(), and transport.
Referenced by run().
void GSC_KX_done | ( | void | ) |
Shutdown KX subsystem.
Definition at line 1853 of file gnunet-service-core_kx.c.
References GNUNET_notification_context_destroy(), GNUNET_SCHEDULER_cancel(), GNUNET_TRANSPORT_core_disconnect(), my_ephemeral_key, my_private_key, nc, rekey_task, and transport.
Referenced by GSC_KX_init(), and shutdown_task().
unsigned int GSC_NEIGHBOURS_get_queue_length | ( | const struct GSC_KeyExchangeInfo * | kxinfo | ) |
Check how many messages are queued for the given neighbour.
kxinfo | data about neighbour to check |
Definition at line 1886 of file gnunet-service-core_kx.c.
References GNUNET_MQ_get_length(), and GSC_KeyExchangeInfo::mq.
Referenced by try_transmission().
int GSC_NEIGHBOURS_check_excess_bandwidth | ( | const struct GSC_KeyExchangeInfo * | target | ) |
Check if the given neighbour has excess bandwidth available.
target | neighbour to check |
Definition at line 1893 of file gnunet-service-core_kx.c.
References GSC_KeyExchangeInfo::has_excess_bandwidth.
Referenced by try_transmission().
void GSC_KX_handle_client_monitor_peers | ( | struct GNUNET_MQ_Handle * | mq | ) |
Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.
For this request type, the client does not have to have transmitted an INIT request. All current peers are returned, regardless of which message types they accept.
mq | message queue to add for monitoring |
Definition at line 1908 of file gnunet-service-core_kx.c.
Referenced by handle_client_monitor_peers().
|
static |
Transport service.
Definition at line 251 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), GSC_KX_init(), GST_blacklist_add_peer(), and print_info().
|
static |
Our private key.
Definition at line 251 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), GSC_KX_init(), and sign_ephemeral_key().
|
static |
Our ephemeral private key.
Definition at line 251 of file gnunet-service-core_kx.c.
Referenced by derive_session_keys(), do_rekey(), GSC_KX_done(), GSC_KX_init(), and sign_ephemeral_key().
|
static |
Current message we send for a key exchange.
Definition at line 251 of file gnunet-service-core_kx.c.
Referenced by do_rekey(), GSC_KX_init(), send_key(), and sign_ephemeral_key().
|
static |
DLL head.
Definition at line 271 of file gnunet-service-core_kx.c.
Referenced by do_rekey(), handle_transport_notify_connect(), and handle_transport_notify_disconnect().
|
static |
DLL tail.
Definition at line 276 of file gnunet-service-core_kx.c.
Referenced by handle_transport_notify_connect(), and handle_transport_notify_disconnect().
|
static |
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
Definition at line 282 of file gnunet-service-core_kx.c.
Referenced by do_rekey(), GSC_KX_done(), and GSC_KX_init().
|
static |
Notification context for broadcasting to monitors.
Definition at line 287 of file gnunet-service-core_kx.c.
Referenced by GSC_KX_done(), GSC_KX_init(), and monitor_notify_all().