GNUnet  0.10.x
gnunet-service-core_kx.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2009-2013, 2016 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
27 #include "platform.h"
28 #include "gnunet-service-core_kx.h"
29 #include "gnunet-service-core.h"
33 #include "gnunet_constants.h"
34 #include "gnunet_signatures.h"
35 #include "gnunet_protocols.h"
36 #include "core.h"
37 
41 #define DEBUG_KX 0
42 
46 #define INITIAL_SET_KEY_RETRY_FREQUENCY \
47  GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10)
48 
52 #define MIN_PING_FREQUENCY \
53  GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 5)
54 
58 #define REKEY_FREQUENCY \
59  GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_HOURS, 12)
60 
64 #define REKEY_TOLERANCE \
65  GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES, 5)
66 
74 #define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS
75 
76 
78 
88 
93 
99 
104 
109 
114 
119 
125 };
126 
127 
133 struct PingMessage {
138 
142  uint32_t iv_seed GNUNET_PACKED;
143 
148  struct GNUNET_PeerIdentity target;
149 
153  uint32_t challenge GNUNET_PACKED;
154 };
155 
156 
160 struct PongMessage {
165 
169  uint32_t iv_seed GNUNET_PACKED;
170 
174  uint32_t challenge GNUNET_PACKED;
175 
179  uint32_t reserved;
180 
185  struct GNUNET_PeerIdentity target;
186 };
187 
188 
198 
202  uint32_t iv_seed GNUNET_PACKED;
203 
211  struct GNUNET_HashCode hmac;
212 
217  uint32_t sequence_number GNUNET_PACKED;
218 
223 
228  struct GNUNET_TIME_AbsoluteNBO timestamp;
229 };
231 
232 
237 #define ENCRYPTED_HEADER_SIZE \
238  (offsetof(struct EncryptedMessage, sequence_number))
239 
240 
249 
254 
258  const struct GNUNET_PeerIdentity *peer;
259 
264 
269 
274 
278  struct GNUNET_CRYPTO_EcdhePublicKey other_ephemeral_key;
279 
285 
291 
295  struct GNUNET_TIME_Absolute foreign_key_expires;
296 
301 
305  struct GNUNET_TIME_Absolute last_notify_timeout;
306 
310  struct GNUNET_TIME_Relative set_key_retry_frequency;
311 
316 
321 
328 
333 
338 
342  uint32_t ping_challenge;
343 
348 
353 };
354 
355 
360 
365 
370 
375 
380 
385 
391 
396 
397 
403 static uint32_t
405 {
406  /* Note: may want to make this non-random and instead
407  derive from key material to avoid having an undetectable
408  side-channel */
409  return htonl(
411 }
412 
413 
419 static void
421 {
422  struct MonitorNotifyMessage msg;
423 
425  msg.header.size = htons(sizeof(msg));
426  msg.state = htonl((uint32_t)kx->status);
427  msg.peer = *kx->peer;
430  kx->last_notify_timeout = kx->timeout;
431 }
432 
433 
441 static void
443  const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
444  uint32_t seed)
445 {
446  static const char ctx[] = "authentication key";
447 
448 #if DEBUG_KX
449  struct GNUNET_HashCode sh;
450 
451  GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh);
453  "Deriving Auth key from SKEY %s and seed %u\n",
454  GNUNET_h2s(&sh),
455  (unsigned int)seed);
456 #endif
458  skey,
459  &seed,
460  sizeof(seed),
461  skey,
462  sizeof(
464  ctx,
465  sizeof(ctx),
466  NULL);
467 }
468 
469 
478 static void
480  const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
481  uint32_t seed,
482  const struct GNUNET_PeerIdentity *identity)
483 {
484  static const char ctx[] = "initialization vector";
485 
486 #if DEBUG_KX
487  struct GNUNET_HashCode sh;
488 
489  GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh);
491  "Deriving IV from SKEY %s and seed %u for peer %s\n",
492  GNUNET_h2s(&sh),
493  (unsigned int)seed,
494  GNUNET_i2s(identity));
495 #endif
497  skey,
498  &seed,
499  sizeof(seed),
500  identity,
501  sizeof(struct GNUNET_PeerIdentity),
502  ctx,
503  sizeof(ctx),
504  NULL);
505 }
506 
507 
517 static void
519  const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
520  uint32_t seed,
521  uint32_t challenge,
522  const struct GNUNET_PeerIdentity *identity)
523 {
524  static const char ctx[] = "pong initialization vector";
525 
526 #if DEBUG_KX
527  struct GNUNET_HashCode sh;
528 
529  GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh);
531  "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
532  GNUNET_h2s(&sh),
533  (unsigned int)seed,
534  (unsigned int)challenge,
535  GNUNET_i2s(identity));
536 #endif
538  skey,
539  &seed,
540  sizeof(seed),
541  identity,
542  sizeof(struct GNUNET_PeerIdentity),
543  &challenge,
544  sizeof(challenge),
545  ctx,
546  sizeof(ctx),
547  NULL);
548 }
549 
550 
559 static void
560 derive_aes_key(const struct GNUNET_PeerIdentity *sender,
561  const struct GNUNET_PeerIdentity *receiver,
562  const struct GNUNET_HashCode *key_material,
564 {
565  static const char ctx[] = "aes key generation vector";
566 
567 #if DEBUG_KX
568  struct GNUNET_HashCode sh;
569 
570  GNUNET_CRYPTO_hash(skey, sizeof(*skey), &sh);
572  "Deriving AES Keys for %s to %s from %s\n",
573  GNUNET_i2s(sender),
574  GNUNET_i2s2(receiver),
575  GNUNET_h2s(key_material));
576 #endif
577  GNUNET_CRYPTO_kdf(skey,
578  sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
579  ctx,
580  sizeof(ctx),
581  key_material,
582  sizeof(struct GNUNET_HashCode),
583  sender,
584  sizeof(struct GNUNET_PeerIdentity),
585  receiver,
586  sizeof(struct GNUNET_PeerIdentity),
587  NULL);
588 }
589 
590 
602 static int
605  const void *in,
606  void *out,
607  size_t size)
608 {
609  if (size != (uint16_t)size)
610  {
611  GNUNET_break(0);
612  return GNUNET_NO;
613  }
615  (uint16_t)size,
616  &kx->encrypt_key,
617  iv,
618  out));
620  gettext_noop("# bytes encrypted"),
621  size,
622  GNUNET_NO);
623  /* the following is too sensitive to write to log files by accident,
624  so we require manual intervention to get this one... */
625 #if DEBUG_KX
627  "Encrypted %u bytes for `%s' using key %u, IV %u\n",
628  (unsigned int)size,
629  GNUNET_i2s(kx->peer),
630  (unsigned int)kx->encrypt_key.crc32,
631  GNUNET_CRYPTO_crc32_n(iv, sizeof(iv)));
632 #endif
633  return GNUNET_OK;
634 }
635 
636 
649 static int
652  const void *in,
653  void *out,
654  size_t size)
655 {
656  if (size != (uint16_t)size)
657  {
658  GNUNET_break(0);
659  return GNUNET_NO;
660  }
662  (kx->status != GNUNET_CORE_KX_STATE_UP) &&
664  {
665  GNUNET_break_op(0);
666  return GNUNET_SYSERR;
667  }
668  if (size != GNUNET_CRYPTO_symmetric_decrypt(in,
669  (uint16_t)size,
670  &kx->decrypt_key,
671  iv,
672  out))
673  {
674  GNUNET_break(0);
675  return GNUNET_SYSERR;
676  }
678  gettext_noop("# bytes decrypted"),
679  size,
680  GNUNET_NO);
681  /* the following is too sensitive to write to log files by accident,
682  so we require manual intervention to get this one... */
683 #if DEBUG_KX
685  "Decrypted %u bytes from `%s' using key %u, IV %u\n",
686  (unsigned int)size,
687  GNUNET_i2s(kx->peer),
688  (unsigned int)kx->decrypt_key.crc32,
689  GNUNET_CRYPTO_crc32_n(iv, sizeof(*iv)));
690 #endif
691  return GNUNET_OK;
692 }
693 
694 
700 static void
701 send_key(struct GSC_KeyExchangeInfo *kx);
702 
703 
709 static void
711 {
712  struct GSC_KeyExchangeInfo *kx = cls;
713 
714  kx->retry_set_key_task = NULL;
718  send_key(kx);
719 }
720 
721 
727 static void
729 {
730  struct PingMessage pp;
731  struct PingMessage *pm;
733 
734  pm = &kx->ping;
735  kx->ping_challenge =
737  pm->header.size = htons(sizeof(struct PingMessage));
738  pm->header.type = htons(GNUNET_MESSAGE_TYPE_CORE_PING);
739  pm->iv_seed = calculate_seed(kx);
740  derive_iv(&iv, &kx->encrypt_key, pm->iv_seed, kx->peer);
741  pp.challenge = kx->ping_challenge;
742  pp.target = *kx->peer;
743  do_encrypt(kx,
744  &iv,
745  &pp.target,
746  &pm->target,
747  sizeof(struct PingMessage) -
748  ((void *)&pm->target - (void *)pm));
749 }
750 
751 
763 static int
764 deliver_message(void *cls, const struct GNUNET_MessageHeader *m)
765 {
766  struct GSC_KeyExchangeInfo *kx = cls;
767 
769  "Decrypted message of type %d from %s\n",
770  ntohs(m->type),
771  GNUNET_i2s(kx->peer));
772  if (GNUNET_CORE_KX_STATE_UP != kx->status)
773  {
775  gettext_noop("# PAYLOAD dropped (out of order)"),
776  1,
777  GNUNET_NO);
778  return GNUNET_OK;
779  }
780  switch (ntohs(m->type))
781  {
785  return GNUNET_OK;
786 
789  return GNUNET_OK;
790 
791  default:
793  m,
794  ntohs(m->size),
797  m,
798  sizeof(struct GNUNET_MessageHeader),
800  }
801  return GNUNET_OK;
802 }
803 
804 
814 static void *
816  const struct GNUNET_PeerIdentity *pid,
817  struct GNUNET_MQ_Handle *mq)
818 {
819  struct GSC_KeyExchangeInfo *kx;
820  struct GNUNET_HashCode h1;
821  struct GNUNET_HashCode h2;
822 
824  "Initiating key exchange with `%s'\n",
825  GNUNET_i2s(pid));
827  gettext_noop("# key exchanges initiated"),
828  1,
829  GNUNET_NO);
830  kx = GNUNET_new(struct GSC_KeyExchangeInfo);
832  kx->mq = mq;
833  kx->peer = pid;
835  GNUNET_CONTAINER_DLL_insert(kx_head, kx_tail, kx);
837  monitor_notify_all(kx);
838  GNUNET_CRYPTO_hash(pid, sizeof(struct GNUNET_PeerIdentity), &h1);
840  sizeof(struct GNUNET_PeerIdentity),
841  &h2);
842  if (0 < GNUNET_CRYPTO_hash_cmp(&h1, &h2))
843  {
844  /* peer with "lower" identity starts KX, otherwise we typically end up
845  with both peers starting the exchange and transmit the 'set key'
846  message twice */
847  send_key(kx);
848  }
849  else
850  {
851  /* peer with "higher" identity starts a delayed KX, if the "lower" peer
852  * does not start a KX since it sees no reasons to do so */
853  kx->retry_set_key_task =
856  kx);
857  }
858  return kx;
859 }
860 
861 
871 static void
873  const struct GNUNET_PeerIdentity *peer,
874  void *handler_cls)
875 {
876  struct GSC_KeyExchangeInfo *kx = handler_cls;
877 
879  "Peer `%s' disconnected from us.\n",
880  GNUNET_i2s(peer));
881  GSC_SESSIONS_end(kx->peer);
883  gettext_noop("# key exchanges stopped"),
884  1,
885  GNUNET_NO);
886  if (NULL != kx->retry_set_key_task)
887  {
889  kx->retry_set_key_task = NULL;
890  }
891  if (NULL != kx->keep_alive_task)
892  {
894  kx->keep_alive_task = NULL;
895  }
897  monitor_notify_all(kx);
898  GNUNET_CONTAINER_DLL_remove(kx_head, kx_tail, kx);
899  GNUNET_MST_destroy(kx->mst);
900  GNUNET_free(kx);
901 }
902 
903 
909 static void
911 {
912  struct GNUNET_MQ_Envelope *env;
913 
915  gettext_noop("# PING messages transmitted"),
916  1,
917  GNUNET_NO);
918  env = GNUNET_MQ_msg_copy(&kx->ping.header);
919  GNUNET_MQ_send(kx->mq, env);
920 }
921 
922 
928 static void
930 {
931  struct GNUNET_HashCode key_material;
932 
933  if (GNUNET_OK != GNUNET_CRYPTO_ecc_ecdh(my_ephemeral_key,
934  &kx->other_ephemeral_key,
935  &key_material))
936  {
937  GNUNET_break(0);
938  return;
939  }
940  derive_aes_key(&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key);
941  derive_aes_key(kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key);
942  memset(&key_material, 0, sizeof(key_material));
943  /* fresh key, reset sequence numbers */
945  kx->last_packets_bitmap = 0;
946  setup_fresh_ping(kx);
947 }
948 
949 
957 static void
958 handle_ephemeral_key(void *cls, const struct EphemeralKeyMessage *m)
959 {
960  struct GSC_KeyExchangeInfo *kx = cls;
961  struct GNUNET_TIME_Absolute start_t;
962  struct GNUNET_TIME_Absolute end_t;
963  struct GNUNET_TIME_Absolute now;
965 
968  (GNUNET_CORE_KX_STATE_UP == kx->status) ||
971  {
973  gettext_noop("# old ephemeral keys ignored"),
974  1,
975  GNUNET_NO);
977  "Received expired EPHEMERAL_KEY from %s\n",
979  return;
980  }
981  if (0 == memcmp(&m->ephemeral_key,
982  &kx->other_ephemeral_key,
983  sizeof(m->ephemeral_key)))
984  {
986  gettext_noop(
987  "# duplicate ephemeral keys ignored"),
988  1,
989  GNUNET_NO);
991  "Ignoring duplicate EPHEMERAL_KEY from %s\n",
993  return;
994  }
995  if (0 != memcmp(&m->origin_identity,
996  kx->peer,
997  sizeof(struct GNUNET_PeerIdentity)))
998  {
1000  "Received EPHEMERAL_KEY from %s, but expected %s\n",
1002  GNUNET_i2s_full(kx->peer));
1003  GNUNET_break_op(0);
1004  return;
1005  }
1006  if ((ntohl(m->purpose.size) !=
1007  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
1008  sizeof(struct GNUNET_TIME_AbsoluteNBO) +
1009  sizeof(struct GNUNET_TIME_AbsoluteNBO) +
1010  sizeof(struct GNUNET_CRYPTO_EddsaPublicKey) +
1011  sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
1012  (GNUNET_OK !=
1014  &m->purpose,
1015  &m->signature,
1017  {
1018  /* invalid signature */
1019  GNUNET_break_op(0);
1021  gettext_noop(
1022  "# EPHEMERAL_KEYs rejected (bad signature)"),
1023  1,
1024  GNUNET_NO);
1026  "Received EPHEMERAL_KEY from %s with bad signature\n",
1028  return;
1029  }
1030  now = GNUNET_TIME_absolute_get();
1032  if ((end_t.abs_value_us <
1034  (start_t.abs_value_us >
1035  GNUNET_TIME_absolute_add(now, REKEY_TOLERANCE).abs_value_us))
1036  {
1037  GNUNET_log(
1039  _(
1040  "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"),
1041  GNUNET_i2s(kx->peer),
1042  (unsigned long long)now.abs_value_us,
1043  (unsigned long long)start_t.abs_value_us,
1044  (unsigned long long)end_t.abs_value_us);
1046  gettext_noop(
1047  "# EPHEMERAL_KEY messages rejected due to time"),
1048  1,
1049  GNUNET_NO);
1050  return;
1051  }
1052 #if DEBUG_KX
1053  {
1054  struct GNUNET_HashCode eh;
1055 
1056  GNUNET_CRYPTO_hash(&m->ephemeral_key, sizeof(m->ephemeral_key), &eh);
1058  "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n",
1059  GNUNET_h2s(&eh),
1060  GNUNET_i2s(kx->peer),
1061  kx->status);
1062  }
1063 #endif
1065  gettext_noop("# valid ephemeral keys received"),
1066  1,
1067  GNUNET_NO);
1069  kx->foreign_key_expires = end_t;
1070  derive_session_keys(kx);
1071 
1072  /* check if we still need to send the sender our key */
1073  sender_status = (enum GNUNET_CORE_KxState)ntohl(m->sender_status);
1074  switch (sender_status)
1075  {
1077  GNUNET_break_op(0);
1078  break;
1079 
1081  /* fine, need to send our key after updating our status, see below */
1083  break;
1084 
1086  /* other peer already got our key, but typemap did go down */
1088  break;
1089 
1091  /* other peer already got our key, typemap NOT down */
1092  break;
1093 
1095  /* other peer already got our key, typemap NOT down */
1096  break;
1097 
1098  default:
1099  GNUNET_break(0);
1100  break;
1101  }
1102  /* check if we need to confirm everything is fine via PING + PONG */
1103  switch (kx->status)
1104  {
1106  GNUNET_assert(NULL == kx->keep_alive_task);
1108  monitor_notify_all(kx);
1109  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1110  send_key(kx);
1111  else
1112  send_ping(kx);
1113  break;
1114 
1116  GNUNET_assert(NULL == kx->keep_alive_task);
1118  monitor_notify_all(kx);
1119  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1120  send_key(kx);
1121  else
1122  send_ping(kx);
1123  break;
1124 
1126  GNUNET_assert(NULL == kx->keep_alive_task);
1127  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1128  send_key(kx);
1129  else
1130  send_ping(kx);
1131  break;
1132 
1135  monitor_notify_all(kx);
1136  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1137  send_key(kx);
1138  else
1139  send_ping(kx);
1140  break;
1141 
1143  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1144  send_key(kx);
1145  else
1146  send_ping(kx);
1147  break;
1148 
1149  default:
1150  GNUNET_break(0);
1151  break;
1152  }
1153 }
1154 
1155 
1163 static void
1164 handle_ping(void *cls, const struct PingMessage *m)
1165 {
1166  struct GSC_KeyExchangeInfo *kx = cls;
1167  struct PingMessage t;
1168  struct PongMessage tx;
1169  struct PongMessage *tp;
1170  struct GNUNET_MQ_Envelope *env;
1172 
1174  gettext_noop("# PING messages received"),
1175  1,
1176  GNUNET_NO);
1178  (kx->status != GNUNET_CORE_KX_STATE_UP) &&
1180  {
1181  /* ignore */
1183  gettext_noop(
1184  "# PING messages dropped (out of order)"),
1185  1,
1186  GNUNET_NO);
1187  return;
1188  }
1190  "Core service receives PING request from `%s'.\n",
1191  GNUNET_i2s(kx->peer));
1192  derive_iv(&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
1193  if (GNUNET_OK != do_decrypt(kx,
1194  &iv,
1195  &m->target,
1196  &t.target,
1197  sizeof(struct PingMessage) -
1198  ((void *)&m->target - (void *)m)))
1199  {
1200  GNUNET_break_op(0);
1201  return;
1202  }
1203  if (0 !=
1204  memcmp(&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity)))
1205  {
1208  "Decryption of PING from peer `%s' failed, PING for `%s'?\n",
1209  GNUNET_i2s(kx->peer),
1210  GNUNET_i2s2(&t.target));
1211  else
1212  GNUNET_log(
1214  "Decryption of PING from peer `%s' failed after rekey (harmless)\n",
1215  GNUNET_i2s(kx->peer));
1216  GNUNET_break_op(0);
1217  return;
1218  }
1219  /* construct PONG */
1220  tx.reserved = 0;
1221  tx.challenge = t.challenge;
1222  tx.target = t.target;
1224  tp->iv_seed = calculate_seed(kx);
1225  derive_pong_iv(&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer);
1226  do_encrypt(kx,
1227  &iv,
1228  &tx.challenge,
1229  &tp->challenge,
1230  sizeof(struct PongMessage) -
1231  ((void *)&tp->challenge - (void *)tp));
1233  gettext_noop("# PONG messages created"),
1234  1,
1235  GNUNET_NO);
1236  GNUNET_MQ_send(kx->mq, env);
1237 }
1238 
1239 
1246 static void
1248 {
1249  struct GSC_KeyExchangeInfo *kx = cls;
1250  struct GNUNET_TIME_Relative retry;
1251  struct GNUNET_TIME_Relative left;
1252 
1253  kx->keep_alive_task = NULL;
1255  if (0 == left.rel_value_us)
1256  {
1258  gettext_noop("# sessions terminated by timeout"),
1259  1,
1260  GNUNET_NO);
1261  GSC_SESSIONS_end(kx->peer);
1263  monitor_notify_all(kx);
1264  send_key(kx);
1265  return;
1266  }
1268  "Sending KEEPALIVE to `%s'\n",
1269  GNUNET_i2s(kx->peer));
1271  gettext_noop("# keepalive messages sent"),
1272  1,
1273  GNUNET_NO);
1274  setup_fresh_ping(kx);
1275  send_ping(kx);
1278  kx->keep_alive_task =
1280 }
1281 
1282 
1290 static void
1292 {
1293  struct GNUNET_TIME_Relative delta;
1294 
1295  kx->timeout =
1297  delta =
1299  if (delta.rel_value_us > 5LL * 1000LL * 1000LL)
1300  {
1301  /* we only notify monitors about timeout changes if those
1302  are bigger than the threshold (5s) */
1303  monitor_notify_all(kx);
1304  }
1305  if (NULL != kx->keep_alive_task)
1309  &send_keep_alive,
1310  kx);
1311 }
1312 
1313 
1320 static void
1321 handle_pong(void *cls, const struct PongMessage *m)
1322 {
1323  struct GSC_KeyExchangeInfo *kx = cls;
1324  struct PongMessage t;
1326 
1328  gettext_noop("# PONG messages received"),
1329  1,
1330  GNUNET_NO);
1331  switch (kx->status)
1332  {
1335  gettext_noop(
1336  "# PONG messages dropped (connection down)"),
1337  1,
1338  GNUNET_NO);
1339  return;
1340 
1343  gettext_noop(
1344  "# PONG messages dropped (out of order)"),
1345  1,
1346  GNUNET_NO);
1347  return;
1348 
1350  break;
1351 
1353  break;
1354 
1356  break;
1357 
1358  default:
1359  GNUNET_break(0);
1360  return;
1361  }
1363  "Core service receives PONG response from `%s'.\n",
1364  GNUNET_i2s(kx->peer));
1365  /* mark as garbage, just to be sure */
1366  memset(&t, 255, sizeof(t));
1367  derive_pong_iv(&iv,
1368  &kx->decrypt_key,
1369  m->iv_seed,
1370  kx->ping_challenge,
1371  &GSC_my_identity);
1372  if (GNUNET_OK != do_decrypt(kx,
1373  &iv,
1374  &m->challenge,
1375  &t.challenge,
1376  sizeof(struct PongMessage) -
1377  ((void *)&m->challenge - (void *)m)))
1378  {
1379  GNUNET_break_op(0);
1380  return;
1381  }
1383  gettext_noop("# PONG messages decrypted"),
1384  1,
1385  GNUNET_NO);
1386  if ((0 !=
1387  memcmp(&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) ||
1388  (kx->ping_challenge != t.challenge))
1389  {
1390  /* PONG malformed */
1392  "Received malformed PONG wanted sender `%s' with challenge %u\n",
1393  GNUNET_i2s(kx->peer),
1394  (unsigned int)kx->ping_challenge);
1396  "Received malformed PONG received from `%s' with challenge %u\n",
1397  GNUNET_i2s(&t.target),
1398  (unsigned int)t.challenge);
1399  return;
1400  }
1402  "Received valid PONG from `%s'\n",
1403  GNUNET_i2s(kx->peer));
1404  /* no need to resend key any longer */
1405  if (NULL != kx->retry_set_key_task)
1406  {
1408  kx->retry_set_key_task = NULL;
1409  }
1410  switch (kx->status)
1411  {
1413  GNUNET_assert(0); /* should be impossible */
1414  return;
1415 
1417  GNUNET_assert(0); /* should be impossible */
1418  return;
1419 
1422  gettext_noop(
1423  "# session keys confirmed via PONG"),
1424  1,
1425  GNUNET_NO);
1427  monitor_notify_all(kx);
1428  GSC_SESSIONS_create(kx->peer, kx);
1429  GNUNET_assert(NULL == kx->keep_alive_task);
1430  update_timeout(kx);
1431  break;
1432 
1435  gettext_noop("# timeouts prevented via PONG"),
1436  1,
1437  GNUNET_NO);
1438  update_timeout(kx);
1439  break;
1440 
1443  gettext_noop(
1444  "# rekey operations confirmed via PONG"),
1445  1,
1446  GNUNET_NO);
1448  monitor_notify_all(kx);
1449  update_timeout(kx);
1450  break;
1451 
1452  default:
1453  GNUNET_break(0);
1454  break;
1455  }
1456 }
1457 
1458 
1464 static void
1466 {
1467  struct GNUNET_MQ_Envelope *env;
1468 
1470  if (NULL != kx->retry_set_key_task)
1471  {
1473  kx->retry_set_key_task = NULL;
1474  }
1475  /* always update sender status in SET KEY message */
1476 #if DEBUG_KX
1477  {
1478  struct GNUNET_HashCode hc;
1479 
1481  sizeof(current_ekm.ephemeral_key),
1482  &hc);
1484  "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n",
1485  GNUNET_h2s(&hc),
1486  GNUNET_i2s(kx->peer),
1487  kx->status);
1488  }
1489 #endif
1490  current_ekm.sender_status = htonl((int32_t)(kx->status));
1492  GNUNET_MQ_send(kx->mq, env);
1494  send_ping(kx);
1495  kx->retry_set_key_task =
1498  kx);
1499 }
1500 
1501 
1509 void
1511  const void *payload,
1512  size_t payload_size)
1513 {
1514  size_t used = payload_size + sizeof(struct EncryptedMessage);
1515  char pbuf[used]; /* plaintext */
1516  struct EncryptedMessage *em; /* encrypted message */
1517  struct EncryptedMessage *ph; /* plaintext header */
1518  struct GNUNET_MQ_Envelope *env;
1520  struct GNUNET_CRYPTO_AuthKey auth_key;
1521 
1522  ph = (struct EncryptedMessage *)pbuf;
1523  ph->sequence_number = htonl(++kx->last_sequence_number_sent);
1524  ph->iv_seed = calculate_seed(kx);
1525  ph->reserved = 0;
1527  GNUNET_memcpy(&ph[1], payload, payload_size);
1528  env = GNUNET_MQ_msg_extra(em,
1529  payload_size,
1531  em->iv_seed = ph->iv_seed;
1532  derive_iv(&iv, &kx->encrypt_key, ph->iv_seed, kx->peer);
1534  &iv,
1535  &ph->sequence_number,
1536  &em->sequence_number,
1537  used - ENCRYPTED_HEADER_SIZE));
1538 #if DEBUG_KX
1539  {
1540  struct GNUNET_HashCode hc;
1541 
1542  GNUNET_CRYPTO_hash(&ph->sequence_number,
1543  used - ENCRYPTED_HEADER_SIZE,
1544  &hc);
1546  "Encrypted payload `%s' of %u bytes for %s\n",
1547  GNUNET_h2s(&hc),
1548  (unsigned int)(used - ENCRYPTED_HEADER_SIZE),
1549  GNUNET_i2s(kx->peer));
1550  }
1551 #endif
1552  derive_auth_key(&auth_key, &kx->encrypt_key, ph->iv_seed);
1553  GNUNET_CRYPTO_hmac(&auth_key,
1554  &em->sequence_number,
1555  used - ENCRYPTED_HEADER_SIZE,
1556  &em->hmac);
1557 #if DEBUG_KX
1558  {
1559  struct GNUNET_HashCode hc;
1560 
1561  GNUNET_CRYPTO_hash(&auth_key, sizeof(auth_key), &hc);
1563  "For peer %s, used AC %s to create hmac %s\n",
1564  GNUNET_i2s(kx->peer),
1565  GNUNET_h2s(&hc),
1566  GNUNET_h2s2(&em->hmac));
1567  }
1568 #endif
1570  GNUNET_MQ_send(kx->mq, env);
1571 }
1572 
1573 
1582 static int
1583 check_encrypted(void *cls, const struct EncryptedMessage *m)
1584 {
1585  uint16_t size = ntohs(m->header.size) - sizeof(*m);
1586 
1587  if (size < sizeof(struct GNUNET_MessageHeader))
1588  {
1589  GNUNET_break_op(0);
1590  return GNUNET_SYSERR;
1591  }
1592  return GNUNET_OK;
1593 }
1594 
1595 
1603 static void
1604 handle_encrypted(void *cls, const struct EncryptedMessage *m)
1605 {
1606  struct GSC_KeyExchangeInfo *kx = cls;
1607  struct EncryptedMessage *pt; /* plaintext */
1608  struct GNUNET_HashCode ph;
1609  uint32_t snum;
1610  struct GNUNET_TIME_Absolute t;
1612  struct GNUNET_CRYPTO_AuthKey auth_key;
1613  uint16_t size = ntohs(m->header.size);
1614  char buf[size] GNUNET_ALIGN;
1615 
1616  if (GNUNET_CORE_KX_STATE_UP != kx->status)
1617  {
1619  gettext_noop(
1620  "# DATA message dropped (out of order)"),
1621  1,
1622  GNUNET_NO);
1623  return;
1624  }
1625  if (0 ==
1627  {
1628  GNUNET_log(
1630  _(
1631  "Session to peer `%s' went down due to key expiration (should not happen)\n"),
1632  GNUNET_i2s(kx->peer));
1634  gettext_noop(
1635  "# sessions terminated by key expiration"),
1636  1,
1637  GNUNET_NO);
1638  GSC_SESSIONS_end(kx->peer);
1639  if (NULL != kx->keep_alive_task)
1640  {
1642  kx->keep_alive_task = NULL;
1643  }
1645  monitor_notify_all(kx);
1646  send_key(kx);
1647  return;
1648  }
1649 
1650  /* validate hash */
1651 #if DEBUG_KX
1652  {
1653  struct GNUNET_HashCode hc;
1654 
1657  "Received encrypted payload `%s' of %u bytes from %s\n",
1658  GNUNET_h2s(&hc),
1659  (unsigned int)(size - ENCRYPTED_HEADER_SIZE),
1660  GNUNET_i2s(kx->peer));
1661  }
1662 #endif
1663  derive_auth_key(&auth_key, &kx->decrypt_key, m->iv_seed);
1664  GNUNET_CRYPTO_hmac(&auth_key,
1665  &m->sequence_number,
1666  size - ENCRYPTED_HEADER_SIZE,
1667  &ph);
1668 #if DEBUG_KX
1669  {
1670  struct GNUNET_HashCode hc;
1671 
1672  GNUNET_CRYPTO_hash(&auth_key, sizeof(auth_key), &hc);
1674  "For peer %s, used AC %s to verify hmac %s\n",
1675  GNUNET_i2s(kx->peer),
1676  GNUNET_h2s(&hc),
1677  GNUNET_h2s2(&m->hmac));
1678  }
1679 #endif
1680  if (0 != memcmp(&ph, &m->hmac, sizeof(struct GNUNET_HashCode)))
1681  {
1682  /* checksum failed */
1684  "Failed checksum validation for a message from `%s'\n",
1685  GNUNET_i2s(kx->peer));
1686  return;
1687  }
1688  derive_iv(&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
1689  /* decrypt */
1690  if (GNUNET_OK != do_decrypt(kx,
1691  &iv,
1692  &m->sequence_number,
1694  size - ENCRYPTED_HEADER_SIZE))
1695  {
1696  GNUNET_break_op(0);
1697  return;
1698  }
1700  "Decrypted %u bytes from %s\n",
1701  (unsigned int)(size - ENCRYPTED_HEADER_SIZE),
1702  GNUNET_i2s(kx->peer));
1703  pt = (struct EncryptedMessage *)buf;
1704 
1705  /* validate sequence number */
1706  snum = ntohl(pt->sequence_number);
1707  if (kx->last_sequence_number_received == snum)
1708  {
1710  "Received duplicate message, ignoring.\n");
1711  /* duplicate, ignore */
1713  gettext_noop("# bytes dropped (duplicates)"),
1714  size,
1715  GNUNET_NO);
1716  return;
1717  }
1718  if ((kx->last_sequence_number_received > snum) &&
1719  (kx->last_sequence_number_received - snum > 32))
1720  {
1722  "Received ancient out of sequence message, ignoring.\n");
1723  /* ancient out of sequence, ignore */
1725  gettext_noop(
1726  "# bytes dropped (out of sequence)"),
1727  size,
1728  GNUNET_NO);
1729  return;
1730  }
1731  if (kx->last_sequence_number_received > snum)
1732  {
1733  uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1);
1734 
1735  if ((kx->last_packets_bitmap & rotbit) != 0)
1736  {
1738  "Received duplicate message, ignoring.\n");
1740  gettext_noop("# bytes dropped (duplicates)"),
1741  size,
1742  GNUNET_NO);
1743  /* duplicate, ignore */
1744  return;
1745  }
1746  kx->last_packets_bitmap |= rotbit;
1747  }
1748  if (kx->last_sequence_number_received < snum)
1749  {
1750  unsigned int shift = (snum - kx->last_sequence_number_received);
1751 
1752  if (shift >= 8 * sizeof(kx->last_packets_bitmap))
1753  kx->last_packets_bitmap = 0;
1754  else
1755  kx->last_packets_bitmap <<= shift;
1756  kx->last_sequence_number_received = snum;
1757  }
1758 
1759  /* check timestamp */
1761  if (GNUNET_TIME_absolute_get_duration(t).rel_value_us >
1762  MAX_MESSAGE_AGE.rel_value_us)
1763  {
1765  "Message received far too old (%s). Content ignored.\n",
1768  GNUNET_YES));
1770  gettext_noop(
1771  "# bytes dropped (ancient message)"),
1772  size,
1773  GNUNET_NO);
1774  return;
1775  }
1776 
1777  /* process decrypted message(s) */
1778  update_timeout(kx);
1780  gettext_noop("# bytes of payload decrypted"),
1781  size - sizeof(struct EncryptedMessage),
1782  GNUNET_NO);
1783  if (GNUNET_OK !=
1785  &buf[sizeof(struct EncryptedMessage)],
1786  size - sizeof(struct EncryptedMessage),
1787  GNUNET_YES,
1788  GNUNET_NO))
1789  GNUNET_break_op(0);
1790 }
1791 
1792 
1800 static void
1802  const struct GNUNET_PeerIdentity *pid,
1803  void *connect_cls)
1804 {
1805  struct GSC_KeyExchangeInfo *kx = connect_cls;
1806 
1808  "Peer %s has excess bandwidth available\n",
1809  GNUNET_i2s(pid));
1811  GSC_SESSIONS_solicit(pid);
1812 }
1813 
1814 
1819 static void
1821 {
1822  current_ekm.header.size = htons(sizeof(struct EphemeralKeyMessage));
1824  current_ekm.sender_status = 0; /* to be set later */
1827  htonl(sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
1828  sizeof(struct GNUNET_TIME_AbsoluteNBO) +
1829  sizeof(struct GNUNET_TIME_AbsoluteNBO) +
1830  sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) +
1831  sizeof(struct GNUNET_PeerIdentity));
1835  "core",
1836  "USE_EPHEMERAL_KEYS"))
1837  {
1841  }
1842  else
1843  {
1846  }
1847  GNUNET_CRYPTO_ecdhe_key_get_public(my_ephemeral_key,
1851  GNUNET_CRYPTO_eddsa_sign(my_private_key,
1854 }
1855 
1856 
1862 static void
1863 do_rekey(void *cls)
1864 {
1865  struct GSC_KeyExchangeInfo *pos;
1866 
1868  if (NULL != my_ephemeral_key)
1869  GNUNET_free(my_ephemeral_key);
1870  my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create();
1871  GNUNET_assert(NULL != my_ephemeral_key);
1873  {
1874  struct GNUNET_HashCode eh;
1875 
1877  sizeof(current_ekm.ephemeral_key),
1878  &eh);
1879  GNUNET_log(GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s(&eh));
1880  }
1881  for (pos = kx_head; NULL != pos; pos = pos->next)
1882  {
1883  if (GNUNET_CORE_KX_STATE_UP == pos->status)
1884  {
1886  monitor_notify_all(pos);
1887  derive_session_keys(pos);
1888  }
1889  if (GNUNET_CORE_KX_STATE_DOWN == pos->status)
1890  {
1892  monitor_notify_all(pos);
1893  }
1894  monitor_notify_all(pos);
1895  send_key(pos);
1896  }
1897 }
1898 
1899 
1906 int
1908 {
1909  struct GNUNET_MQ_MessageHandler handlers[] =
1912  struct EphemeralKeyMessage,
1913  NULL),
1916  struct PingMessage,
1917  NULL),
1920  struct PongMessage,
1921  NULL),
1922  GNUNET_MQ_hd_var_size(encrypted,
1924  struct EncryptedMessage,
1925  NULL),
1927 
1928  my_private_key = pk;
1929  GNUNET_CRYPTO_eddsa_key_get_public(my_private_key,
1931  my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create();
1932  if (NULL == my_ephemeral_key)
1933  {
1934  GNUNET_break(0);
1935  GNUNET_free(my_private_key);
1936  my_private_key = NULL;
1937  return GNUNET_SYSERR;
1938  }
1940  {
1941  struct GNUNET_HashCode eh;
1942 
1944  sizeof(current_ekm.ephemeral_key),
1945  &eh);
1947  "Starting with ephemeral key %s\n",
1948  GNUNET_h2s(&eh));
1949  }
1950 
1953  transport =
1955  &GSC_my_identity,
1956  handlers,
1957  NULL,
1961  if (NULL == transport)
1962  {
1963  GSC_KX_done();
1964  return GNUNET_SYSERR;
1965  }
1966  return GNUNET_OK;
1967 }
1968 
1969 
1973 void
1975 {
1976  if (NULL != transport)
1977  {
1979  transport = NULL;
1980  }
1981  if (NULL != rekey_task)
1982  {
1983  GNUNET_SCHEDULER_cancel(rekey_task);
1984  rekey_task = NULL;
1985  }
1986  if (NULL != my_ephemeral_key)
1987  {
1988  GNUNET_free(my_ephemeral_key);
1989  my_ephemeral_key = NULL;
1990  }
1991  if (NULL != my_private_key)
1992  {
1993  GNUNET_free(my_private_key);
1994  my_private_key = NULL;
1995  }
1996  if (NULL != nc)
1997  {
1999  nc = NULL;
2000  }
2001 }
2002 
2003 
2010 unsigned int
2012 {
2013  return GNUNET_MQ_get_length(kxinfo->mq);
2014 }
2015 
2016 
2023 int
2025 {
2026  return kxinfo->has_excess_bandwidth;
2027 }
2028 
2029 
2038 void
2040 {
2041  struct GNUNET_MQ_Envelope *env;
2042  struct MonitorNotifyMessage *done_msg;
2043  struct GSC_KeyExchangeInfo *kx;
2044 
2046  for (kx = kx_head; NULL != kx; kx = kx->next)
2047  {
2048  struct GNUNET_MQ_Envelope *env;
2049  struct MonitorNotifyMessage *msg;
2050 
2052  msg->state = htonl((uint32_t)kx->status);
2053  msg->peer = *kx->peer;
2055  GNUNET_MQ_send(mq, env);
2056  }
2058  done_msg->state = htonl((uint32_t)GNUNET_CORE_KX_ITERATION_FINISHED);
2060  GNUNET_MQ_send(mq, env);
2061 }
2062 
2063 
2064 /* end of gnunet-service-core_kx.c */
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
#define GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY
Purpose is to set a session key.
#define REKEY_TOLERANCE
What time difference do we tolerate?
void GSC_SESSIONS_confirm_typemap(const struct GNUNET_PeerIdentity *peer, const struct GNUNET_MessageHeader *msg)
The other peer has confirmed receiving our type map, check if it is current and if so...
struct GNUNET_MQ_Envelope * GNUNET_MQ_msg_copy(const struct GNUNET_MessageHeader *hdr)
Create a new envelope by copying an existing message.
Definition: mq.c:651
The notification context is the key datastructure for a convenience API used for transmission of noti...
Definition: nc.c:74
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
const char * GNUNET_i2s2(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
static void ping(void *cls)
Send a ping to destination.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_subtract(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Subtract a given relative duration from the given start time.
Definition: time.c:420
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:671
static void derive_aes_key(const struct GNUNET_PeerIdentity *sender, const struct GNUNET_PeerIdentity *receiver, const struct GNUNET_HashCode *key_material, struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
Derive an AES key from key material.
const struct GNUNET_PeerIdentity * peer
Identity of the peer.
void GSC_KX_handle_client_monitor_peers(struct GNUNET_MQ_Handle *mq)
Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.
uint64_t rel_value_us
The actual value.
struct GNUNET_TIME_Relative set_key_retry_frequency
At what frequency are we currently re-trying SET_KEY messages?
uint32_t iv_seed
Seed for the IV.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
enum GNUNET_CORE_KxState status
What is our connection status?
uint32_t last_packets_bitmap
Bit map indicating which of the 32 sequence numbers before the last were received (good for accepting...
struct GNUNET_PeerIdentity target
Intended target of the PING, used primarily to check that decryption actually worked.
int32_t GNUNET_CRYPTO_crc32_n(const void *buf, size_t len)
Compute the CRC32 checksum for the first len bytes of the buffer.
Definition: crypto_crc.c:105
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
struct PingMessage ping
PING message we transmit to the other peer.
uint32_t sequence_number
Sequence number, in network byte order.
static struct GNUNET_CRYPTO_EcdhePrivateKey * my_ephemeral_key
Our ephemeral private key.
static void do_rekey(void *cls)
Task run to trigger rekeying.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_max(struct GNUNET_TIME_Relative t1, struct GNUNET_TIME_Relative t2)
Return the maximum of two relative time values.
Definition: time.c:287
static void handle_ephemeral_key(void *cls, const struct EphemeralKeyMessage *m)
We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:246
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random value.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Response to a PING.
static struct GNUNET_ATS_PerformanceHandle * ph
ATS performance handle used.
Definition: gnunet-ats.c:116
static void send_key(struct GSC_KeyExchangeInfo *kx)
Send our key (and encrypted PING) to the other peer.
#define GNUNET_TIME_UNIT_SECONDS
One second.
uint32_t last_sequence_number_sent
last sequence number transmitted
struct GNUNET_TIME_AbsoluteNBO timeout
How long will we stay in this state (if nothing else happens)?
Definition: core.h:313
static int do_encrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Encrypt size bytes from in and write the result to out.
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:989
static struct GNUNET_TRANSPORT_CoreHandle * transport
Transport service.
static void derive_session_keys(struct GSC_KeyExchangeInfo *kx)
Derive fresh session keys from the current ephemeral keys.
unsigned int GSC_NEIGHBOURS_get_queue_length(const struct GSC_KeyExchangeInfo *kxinfo)
Check how many messages are queued for the given neighbour.
common internal definitions for core service
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
int GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:1185
static struct GNUNET_CRYPTO_EddsaPrivateKey * my_private_key
Our private key.
static void handle_transport_notify_excess_bw(void *cls, const struct GNUNET_PeerIdentity *pid, void *connect_cls)
One of our neighbours has excess bandwidth, remember this.
struct GNUNET_CRYPTO_EcdhePrivateKey * GNUNET_CRYPTO_ecdhe_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:610
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
#define GNUNET_NO
Definition: gnunet_common.h:78
const char * GNUNET_i2s_full(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
static void sign_ephemeral_key()
Setup the message that links the ephemeral key to our persistent public key and generate the appropri...
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:393
GNUNET_CORE_KxState
State machine for our P2P encryption handshake.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static void handle_encrypted(void *cls, const struct EncryptedMessage *m)
We received an encrypted message.
static struct GSC_KeyExchangeInfo * kx_head
DLL head.
struct GNUNET_TRANSPORT_CoreHandle * GNUNET_TRANSPORT_core_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_PeerIdentity *self, const struct GNUNET_MQ_MessageHandler *handlers, void *cls, GNUNET_TRANSPORT_NotifyConnect nc, GNUNET_TRANSPORT_NotifyDisconnect nd)
Connect to the transport service.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
static void handle_ping(void *cls, const struct PingMessage *m)
We received a PING message.
void GNUNET_STATISTICS_update(struct GNUNET_STATISTICS_Handle *handle, const char *name, int64_t delta, int make_persistent)
Set statistic value for the peer.
struct GNUNET_HashCode hmac
MAC of the encrypted message (starting at sequence_number), used to verify message integrity...
struct GNUNET_STATISTICS_Handle * GSC_stats
For creating statistics.
We&#39;ve received the other peers session key.
struct GNUNET_MessageStreamTokenizer * mst
Our message stream tokenizer (for encrypted payload).
Time for absolute time used by GNUnet, in microseconds and in network byte order. ...
static void derive_auth_key(struct GNUNET_CRYPTO_AuthKey *akey, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed)
Derive an authentication key from "set key" information.
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:418
void GNUNET_notification_context_add(struct GNUNET_NotificationContext *nc, struct GNUNET_MQ_Handle *mq)
Add a subscriber to the notification context.
Definition: nc.c:158
uint64_t abs_value_us
The actual value.
struct GNUNET_TIME_Absolute last_notify_timeout
What was the last timeout we informed our monitors about?
#define GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP
gzip-compressed type map of the sender
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_MESSAGE_TYPE_CORE_PONG
Confirmation that other peer is alive.
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won&#39;t work on W32.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
#define GNUNET_TIME_UNIT_FOREVER_ABS
Constant used to specify "forever".
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
struct GNUNET_TIME_AbsoluteNBO expiration_time
When does the given ephemeral key expire (end of validity).
struct GNUNET_MessageHeader header
Header with type GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY.
Definition: core.h:298
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
static int deliver_message(void *cls, const struct GNUNET_MessageHeader *m)
Deliver P2P message to interested clients.
struct GNUNET_SCHEDULER_Task * retry_set_key_task
ID of task used for re-trying SET_KEY and PING message.
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
struct GNUNET_CRYPTO_EddsaSignature signature
An ECC signature of the origin_identity asserting the validity of the given ephemeral key...
struct GNUNET_TIME_AbsoluteNBO creation_time
At what time was this key created (beginning of validity).
struct GNUNET_MQ_Handle * mq
Message queue for sending messages to peer.
const char * GNUNET_h2s2(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
static void monitor_notify_all(struct GSC_KeyExchangeInfo *kx)
Inform all monitors about the KX state of the given peer.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1237
static int do_decrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Decrypt size bytes from in and write the result to out.
uint32_t challenge
Random number to make replay attacks harder.
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
static struct GNUNET_TIME_Relative timeout
User defined timestamp for completing operations.
Definition: gnunet-arm.c:114
int GNUNET_CRYPTO_eddsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:1116
void GSC_KX_encrypt_and_transmit(struct GSC_KeyExchangeInfo *kx, const void *payload, size_t payload_size)
Encrypt and transmit a message with the given payload.
static int check_encrypted(void *cls, const struct EncryptedMessage *m)
We received an encrypted message.
static void send_ping(struct GSC_KeyExchangeInfo *kx)
Send our PING to the other peer.
We&#39;re sending an (encrypted) PING to the other peer to check if it can decrypt.
static void send_keep_alive(void *cls)
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a P...
void GNUNET_MST_destroy(struct GNUNET_MessageStreamTokenizer *mst)
Destroys a tokenizer.
Definition: mst.c:410
uint32_t challenge
Random number chosen to make replay harder.
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
#define GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP
Other peer confirms having received the type map.
unsigned int GNUNET_MQ_get_length(struct GNUNET_MQ_Handle *mq)
Obtain the current length of the message queue.
Definition: mq.c:333
Encapsulation for encrypted messages exchanged between peers.
struct GSC_KeyExchangeInfo * next
DLL.
static struct GSC_KeyExchangeInfo * kx_tail
DLL tail.
struct GNUNET_CRYPTO_EcdhePublicKey other_ephemeral_key
Ephemeral public ECC key of the other peer.
uint32_t iv_seed
Seed for the IV.
void GSC_SESSIONS_set_typemap(const struct GNUNET_PeerIdentity *peer, const struct GNUNET_MessageHeader *msg)
We have received a typemap message from a peer, update ours.
Handle to a message stream tokenizer.
Definition: mst.c:43
const char * GNUNET_STRINGS_relative_time_to_string(struct GNUNET_TIME_Relative delta, int do_round)
Give relative time in human-readable fancy format.
Definition: strings.c:686
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
#define GNUNET_CORE_OPTION_SEND_FULL_INBOUND
Client wants all inbound messages in full.
Definition: core.h:55
Randomness for IVs etc.
uint16_t status
See PRISM_STATUS_*-constants.
static char buf[2048]
#define MIN_PING_FREQUENCY
What is the minimum frequency for a PING message?
uint32_t ping_challenge
What was our PING challenge number (for this peer)?
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_PING.
struct GNUNET_MessageStreamTokenizer * GNUNET_MST_create(GNUNET_MessageTokenizerCallback cb, void *cb_cls)
Create a message stream tokenizer.
Definition: mst.c:84
int GNUNET_MST_from_buffer(struct GNUNET_MessageStreamTokenizer *mst, const char *buf, size_t size, int purge, int one_shot)
Add incoming data to the receive buffer and call the callback for all complete messages.
Definition: mst.c:113
int GSC_KX_init(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Initialize KX subsystem.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
Information about the status of a key exchange with another peer.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Information about what is being signed.
void GSC_CLIENTS_deliver_message(const struct GNUNET_PeerIdentity *sender, const struct GNUNET_MessageHeader *msg, uint16_t msize, uint32_t options)
Deliver P2P message to interested clients.
A 512-bit hashcode.
Globals for gnunet-service-core.
Message handler for a specific message type.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
struct GNUNET_CRYPTO_SymmetricSessionKey decrypt_key
Key we use to decrypt messages from the other peer (given to us by the other peer during the handshak...
#define GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY
Session key exchange between peers.
struct GNUNET_PeerIdentity GSC_my_identity
Our identity.
Private ECC key encoded for transmission.
static void pong(struct GNUNET_CADET_Channel *channel, const struct CadetPingMessage *ping)
Reply with a pong to origin.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
struct GNUNET_SCHEDULER_Task * keep_alive_task
ID of task used for sending keep-alive pings.
static void update_timeout(struct GSC_KeyExchangeInfo *kx)
We&#39;ve seen a valid message from the other peer.
static void setup_fresh_ping(struct GSC_KeyExchangeInfo *kx)
Create a fresh PING message for transmission to the other peer.
struct GNUNET_TESTBED_Peer * peer
The peer associated with this model.
void GSC_SESSIONS_solicit(const struct GNUNET_PeerIdentity *pid)
Traffic is being solicited for the given peer.
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
static unsigned int size
Size of the "table".
Definition: peer.c:66
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:303
This is not a state in a peer&#39;s state machine, but a special value used with the GNUNET_CORE_MonitorC...
void GSC_SESSIONS_create(const struct GNUNET_PeerIdentity *peer, struct GSC_KeyExchangeInfo *kx)
Create a session, a key exchange was just completed.
uint32_t iv_seed
Random value used for IV generation.
#define MAX_MESSAGE_AGE
What is the maximum age of a message for us to consider processing it? Note that this looks at the ti...
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Ephemeral public ECC key.
static void set_key_retry_task(void *cls)
Task that will retry send_key() if our previous attempt failed.
static uint32_t calculate_seed(struct GSC_KeyExchangeInfo *kx)
Calculate seed value we should use for a message.
#define GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP
uncompressed type map of the sender
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
static void * handle_transport_notify_connect(void *cls, const struct GNUNET_PeerIdentity *pid, struct GNUNET_MQ_Handle *mq)
Function called by transport to notify us that a peer connected to us (on the network level)...
#define GNUNET_MESSAGE_TYPE_CORE_PING
Check that other peer is alive (challenge).
The other peer has confirmed our session key + PING with a PONG message encrypted with their session ...
static struct GNUNET_NotificationContext * nc
Notification context for broadcasting to monitors.
#define GNUNET_TIME_STD_BACKOFF(r)
Perform our standard exponential back-off calculation, starting at 1 ms and then going by a factor of...
struct GSC_KeyExchangeInfo * prev
DLL.
static unsigned long long payload
How much data are we currently storing in the database?
code for managing the key exchange (SET_KEY, PING, PONG) with other peers
struct GNUNET_PeerIdentity target
Intended target of the PING, used primarily to check that decryption actually worked.
#define ENCRYPTED_HEADER_SIZE
Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted.
an ECC signature using EdDSA.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:272
struct GNUNET_NotificationContext * GNUNET_notification_context_create(unsigned int queue_length)
Create a new notification context.
Definition: nc.c:119
static void derive_pong_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, uint32_t challenge, const struct GNUNET_PeerIdentity *identity)
Derive an IV from pong packet information.
#define GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT
After how long do we consider a connection to a peer dead if we don&#39;t receive messages from the peer...
Handle to a message queue.
Definition: mq.c:84
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won&#39;t work on W32;.
Private ECC key encoded for transmission.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_add(struct GNUNET_TIME_Relative a1, struct GNUNET_TIME_Relative a2)
Add relative times together.
Definition: time.c:577
#define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE
Encapsulation for an encrypted message between peers.
void GNUNET_notification_context_broadcast(struct GNUNET_NotificationContext *nc, const struct GNUNET_MessageHeader *msg, int can_drop)
Send a message to all subscribers of this context.
Definition: nc.c:187
The identity of the host (wraps the signing key of the peer).
static void derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity)
Derive an IV from packet information.
#define GNUNET_ALIGN
gcc-ism to force alignment; we use this to align char-arrays that may then be cast to &#39;struct&#39;s...
uint32_t last_sequence_number_received
last sequence number received on this connection (highest)
static struct GNUNET_SCHEDULER_Task * rekey_task
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
#define GNUNET_PACKED
gcc-ism to get packed structs.
int has_excess_bandwidth
GNUNET_YES if this peer currently has excess bandwidth.
#define REKEY_FREQUENCY
How often do we rekey?
uint32_t reserved
Reserved, always zero.
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_duration(struct GNUNET_TIME_Absolute whence)
Get the duration of an operation as the difference of the current time and the given start time "henc...
Definition: time.c:373
int GNUNET_CRYPTO_hash_cmp(const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2)
Compare function for HashCodes, producing a total ordering of all hashcodes.
Definition: crypto_hash.c:278
struct GNUNET_TIME_Absolute foreign_key_expires
At what time did the other peer generate the decryption key?
void GNUNET_TRANSPORT_core_disconnect(struct GNUNET_TRANSPORT_CoreHandle *handle)
Disconnect from the transport service.
uint32_t state
New peer state, an enum GNUNET_CORE_KxState in NBO.
Definition: core.h:303
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
struct GNUNET_MQ_Handle * mq
Definition: 003.c:5
#define GNUNET_log(kind,...)
Entry in list of pending tasks.
Definition: scheduler.c:131
struct GNUNET_CRYPTO_SymmetricSessionKey encrypt_key
Key we use to encrypt our messages for the other peer (initialized by us when we do the handshake)...
int32_t sender_status
Status of the sender (should be in enum PeerStateMachine), nbo.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_remaining(struct GNUNET_TIME_Absolute future)
Given a timestamp in the future, how much time remains until then?
Definition: time.c:331
struct GNUNET_TIME_Absolute timeout
When should the session time out (if there are no PONGs)?
Last state of a KX (when it is being terminated).
Header for all communications.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_divide(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Divide relative time by a given factor.
Definition: time.c:525
Time for absolute times used by GNUnet, in microseconds.
#define GNUNET_YES
Definition: gnunet_common.h:77
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_difference(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end)
Compute the time difference between the given start and end times.
Definition: time.c:353
void GNUNET_notification_context_destroy(struct GNUNET_NotificationContext *nc)
Destroy the context, force disconnect for all subscribers.
Definition: nc.c:135
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:351
static struct EphemeralKeyMessage current_ekm
Current message we send for a key exchange.
Message sent by the service to monitor clients to notify them about a peer changing status...
Definition: core.h:294
We&#39;ve sent our session key.
static unsigned long long reserved
How much space have we currently reserved?
static void handle_transport_notify_disconnect(void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls)
Function called by transport telling us that a peer disconnected.
int GSC_NEIGHBOURS_check_excess_bandwidth(const struct GSC_KeyExchangeInfo *kxinfo)
Check if the given neighbour has excess bandwidth available.
Message transmitted with the signed ephemeral key of a peer.
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
struct GNUNET_PeerIdentity origin_identity
Public key of the signing peer (persistent version, not the ephemeral public key).
int GNUNET_CONFIGURATION_get_value_yesno(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option)
Get a configuration value that should be in a set of "YES" or "NO".
Handle for the transport service (includes all of the state for the transport service).
void GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
Derive an authentication key.
Definition: crypto_hash.c:338
#define GNUNET_CORE_OPTION_SEND_HDR_INBOUND
Client just wants the 4-byte message headers of all inbound messages.
Definition: core.h:61
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:655
void GSC_SESSIONS_end(const struct GNUNET_PeerIdentity *pid)
End the session with the given peer (we are no longer connected).
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:91
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define INITIAL_SET_KEY_RETRY_FREQUENCY
How long do we wait for SET_KEY confirmation initially?
void GSC_KX_done()
Shutdown KX subsystem.
struct GNUNET_TIME_AbsoluteNBO timestamp
Timestamp.
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
const struct GNUNET_CONFIGURATION_Handle * GSC_cfg
Our configuration.
type for (message) authentication keys
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
void GSC_SESSIONS_reinit(const struct GNUNET_PeerIdentity *peer)
The other peer has indicated that it &#39;lost&#39; the session (KX down), reinitialize the session on our en...
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY
Reply for monitor by CORE service.
Time for relative time used by GNUnet, in microseconds.
static void handle_pong(void *cls, const struct PongMessage *m)
We received a PONG message.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
static struct GNUNET_TRANSPORT_PluginMonitor * pm
Handle if we are monitoring plugin session activity.
#define gettext_noop(String)
Definition: gettext.h:69
struct GNUNET_PeerIdentity peer
Identity of the peer.
Definition: core.h:308
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:956
We&#39;re rekeying (or had a timeout), so we have sent the other peer our new ephemeral key...
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...