GNUnet  0.19.3
gnunet-service-core_kx.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2009-2013, 2016 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
27 #include "platform.h"
28 #include "gnunet-service-core_kx.h"
29 #include "gnunet-service-core.h"
33 #include "gnunet_constants.h"
34 #include "gnunet_signatures.h"
35 #include "gnunet_protocols.h"
36 #include "core.h"
37 
41 #define DEBUG_KX 0
42 
46 #define INITIAL_SET_KEY_RETRY_FREQUENCY \
47  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10)
48 
52 #define MIN_PING_FREQUENCY \
53  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
54 
58 #define REKEY_FREQUENCY \
59  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 12)
60 
64 #define REKEY_TOLERANCE \
65  GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
66 
74 #define MAX_MESSAGE_AGE GNUNET_TIME_UNIT_DAYS
75 
76 
78 
84 {
89 
94 
102  struct GNUNET_HashCode hmac;
103 
109 
114 
120 };
122 
123 
128 #define ENCRYPTED_HEADER_SIZE \
129  (offsetof (struct EncryptedMessage, sequence_number))
130 
131 
136 {
141 
146 
150  const struct GNUNET_PeerIdentity *peer;
151 
156 
161 
165  struct PingMessage ping;
166 
171 
177 
183 
188 
193 
198 
203 
208 
213 
220 
225 
230 
234  uint32_t ping_challenge;
235 
240 
245 };
246 
247 
252 
257 
262 
266 static struct EphemeralKeyMessage current_ekm;
267 
272 
277 
283 
288 
289 
295 static uint32_t
297 {
298  /* Note: may want to make this non-random and instead
299  derive from key material to avoid having an undetectable
300  side-channel */
301  return htonl (
303 }
304 
305 
311 static void
313 {
314  struct MonitorNotifyMessage msg;
315 
317  msg.header.size = htons (sizeof(msg));
318  msg.state = htonl ((uint32_t) kx->status);
319  msg.peer = *kx->peer;
320  msg.timeout = GNUNET_TIME_absolute_hton (kx->timeout);
322  kx->last_notify_timeout = kx->timeout;
323 }
324 
325 
333 static void
335  const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
336  uint32_t seed)
337 {
338  static const char ctx[] = "authentication key";
339 
340 #if DEBUG_KX
341  struct GNUNET_HashCode sh;
342 
343  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
345  "Deriving Auth key from SKEY %s and seed %u\n",
346  GNUNET_h2s (&sh),
347  (unsigned int) seed);
348 #endif
350  skey,
351  &seed,
352  sizeof(seed),
353  skey,
354  sizeof(
356  ctx,
357  sizeof(ctx),
358  NULL);
359 }
360 
361 
370 static void
372  const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
373  uint32_t seed,
374  const struct GNUNET_PeerIdentity *identity)
375 {
376  static const char ctx[] = "initialization vector";
377 
378 #if DEBUG_KX
379  struct GNUNET_HashCode sh;
380 
381  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
383  "Deriving IV from SKEY %s and seed %u for peer %s\n",
384  GNUNET_h2s (&sh),
385  (unsigned int) seed,
386  GNUNET_i2s (identity));
387 #endif
389  skey,
390  &seed,
391  sizeof(seed),
392  identity,
393  sizeof(struct GNUNET_PeerIdentity),
394  ctx,
395  sizeof(ctx),
396  NULL);
397 }
398 
399 
409 static void
411  const struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
412  uint32_t seed,
413  uint32_t challenge,
414  const struct GNUNET_PeerIdentity *identity)
415 {
416  static const char ctx[] = "pong initialization vector";
417 
418 #if DEBUG_KX
419  struct GNUNET_HashCode sh;
420 
421  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
423  "Deriving PONG IV from SKEY %s and seed %u/%u for %s\n",
424  GNUNET_h2s (&sh),
425  (unsigned int) seed,
426  (unsigned int) challenge,
427  GNUNET_i2s (identity));
428 #endif
430  skey,
431  &seed,
432  sizeof(seed),
433  identity,
434  sizeof(struct GNUNET_PeerIdentity),
435  &challenge,
436  sizeof(challenge),
437  ctx,
438  sizeof(ctx),
439  NULL);
440 }
441 
442 
451 static void
452 derive_aes_key (const struct GNUNET_PeerIdentity *sender,
453  const struct GNUNET_PeerIdentity *receiver,
454  const struct GNUNET_HashCode *key_material,
456 {
457  static const char ctx[] = "aes key generation vector";
458 
459 #if DEBUG_KX
460  struct GNUNET_HashCode sh;
461 
462  GNUNET_CRYPTO_hash (skey, sizeof(*skey), &sh);
464  "Deriving AES Keys for %s to %s from %s\n",
465  GNUNET_i2s (sender),
467  GNUNET_h2s (key_material));
468 #endif
469  GNUNET_CRYPTO_kdf (skey,
470  sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
471  ctx,
472  sizeof(ctx),
473  key_material,
474  sizeof(struct GNUNET_HashCode),
475  sender,
476  sizeof(struct GNUNET_PeerIdentity),
477  receiver,
478  sizeof(struct GNUNET_PeerIdentity),
479  NULL);
480 }
481 
482 
495 static int
498  const void *in,
499  void *out,
500  size_t size)
501 {
502  if (size != (uint16_t) size)
503  {
504  GNUNET_break (0);
505  return GNUNET_NO;
506  }
508  (uint16_t) size,
509  &kx->encrypt_key,
510  iv,
511  out));
513  gettext_noop ("# bytes encrypted"),
514  size,
515  GNUNET_NO);
516  /* the following is too sensitive to write to log files by accident,
517  so we require manual intervention to get this one... */
518 #if DEBUG_KX
520  "Encrypted %u bytes for `%s' using key %u, IV %u\n",
521  (unsigned int) size,
522  GNUNET_i2s (kx->peer),
523  (unsigned int) kx->encrypt_key.crc32,
524  GNUNET_CRYPTO_crc32_n (iv, sizeof(iv)));
525 #endif
526  return GNUNET_OK;
527 }
528 
529 
542 static int
545  const void *in,
546  void *out,
547  size_t size)
548 {
549  if (size != (uint16_t) size)
550  {
551  GNUNET_break (0);
552  return GNUNET_NO;
553  }
555  (kx->status != GNUNET_CORE_KX_STATE_UP) &&
557  {
558  GNUNET_break_op (0);
559  return GNUNET_SYSERR;
560  }
562  (uint16_t) size,
563  &kx->decrypt_key,
564  iv,
565  out))
566  {
567  GNUNET_break (0);
568  return GNUNET_SYSERR;
569  }
571  gettext_noop ("# bytes decrypted"),
572  size,
573  GNUNET_NO);
574  /* the following is too sensitive to write to log files by accident,
575  so we require manual intervention to get this one... */
576 #if DEBUG_KX
578  "Decrypted %u bytes from `%s' using key %u, IV %u\n",
579  (unsigned int) size,
580  GNUNET_i2s (kx->peer),
581  (unsigned int) kx->decrypt_key.crc32,
582  GNUNET_CRYPTO_crc32_n (iv, sizeof(*iv)));
583 #endif
584  return GNUNET_OK;
585 }
586 
587 
593 static void
594 send_key (struct GSC_KeyExchangeInfo *kx);
595 
596 
602 static void
604 {
605  struct GSC_KeyExchangeInfo *kx = cls;
606 
607  kx->retry_set_key_task = NULL;
611  send_key (kx);
612 }
613 
614 
620 static void
622 {
623  struct PingMessage pp;
624  struct PingMessage *pm;
626 
627  pm = &kx->ping;
628  kx->ping_challenge =
630  pm->header.size = htons (sizeof(struct PingMessage));
631  pm->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_PING);
632  pm->iv_seed = calculate_seed (kx);
633  derive_iv (&iv, &kx->encrypt_key, pm->iv_seed, kx->peer);
634  pp.challenge = kx->ping_challenge;
635  pp.target = *kx->peer;
636  do_encrypt (kx,
637  &iv,
638  &pp.target,
639  &pm->target,
640  sizeof(struct PingMessage)
641  - ((void *) &pm->target - (void *) pm));
642 }
643 
644 
656 static int
657 deliver_message (void *cls, const struct GNUNET_MessageHeader *m)
658 {
659  struct GSC_KeyExchangeInfo *kx = cls;
660 
662  "Decrypted message of type %d from %s\n",
663  ntohs (m->type),
664  GNUNET_i2s (kx->peer));
665  if (GNUNET_CORE_KX_STATE_UP != kx->status)
666  {
668  gettext_noop ("# PAYLOAD dropped (out of order)"),
669  1,
670  GNUNET_NO);
671  return GNUNET_OK;
672  }
673  switch (ntohs (m->type))
674  {
678  return GNUNET_OK;
679 
682  return GNUNET_OK;
683 
684  default:
686  m,
687  ntohs (m->size),
690  m,
691  sizeof(struct GNUNET_MessageHeader),
693  }
694  return GNUNET_OK;
695 }
696 
697 
707 static void *
709  const struct GNUNET_PeerIdentity *pid,
710  struct GNUNET_MQ_Handle *mq)
711 {
712  struct GSC_KeyExchangeInfo *kx;
713  struct GNUNET_HashCode h1;
714  struct GNUNET_HashCode h2;
715 
717  "Initiating key exchange with `%s'\n",
718  GNUNET_i2s (pid));
720  gettext_noop ("# key exchanges initiated"),
721  1,
722  GNUNET_NO);
723  kx = GNUNET_new (struct GSC_KeyExchangeInfo);
725  kx->mq = mq;
726  kx->peer = pid;
730  monitor_notify_all (kx);
731  GNUNET_CRYPTO_hash (pid, sizeof(struct GNUNET_PeerIdentity), &h1);
733  sizeof(struct GNUNET_PeerIdentity),
734  &h2);
735  if (0 < GNUNET_CRYPTO_hash_cmp (&h1, &h2))
736  {
737  /* peer with "lower" identity starts KX, otherwise we typically end up
738  with both peers starting the exchange and transmit the 'set key'
739  message twice */
740  send_key (kx);
741  }
742  else
743  {
744  /* peer with "higher" identity starts a delayed KX, if the "lower" peer
745  * does not start a KX since it sees no reasons to do so */
746  kx->retry_set_key_task =
749  kx);
750  }
751  return kx;
752 }
753 
754 
764 static void
766  const struct GNUNET_PeerIdentity *peer,
767  void *handler_cls)
768 {
769  struct GSC_KeyExchangeInfo *kx = handler_cls;
770 
772  "Peer `%s' disconnected from us.\n",
773  GNUNET_i2s (peer));
774  GSC_SESSIONS_end (kx->peer);
776  gettext_noop ("# key exchanges stopped"),
777  1,
778  GNUNET_NO);
779  if (NULL != kx->retry_set_key_task)
780  {
782  kx->retry_set_key_task = NULL;
783  }
784  if (NULL != kx->keep_alive_task)
785  {
787  kx->keep_alive_task = NULL;
788  }
790  monitor_notify_all (kx);
792  GNUNET_MST_destroy (kx->mst);
793  GNUNET_free (kx);
794 }
795 
796 
802 static void
804 {
805  struct GNUNET_MQ_Envelope *env;
806 
808  gettext_noop ("# PING messages transmitted"),
809  1,
810  GNUNET_NO);
812  GNUNET_MQ_send (kx->mq, env);
813 }
814 
815 
821 static void
823 {
824  struct GNUNET_HashCode key_material;
825 
826  if (GNUNET_OK !=
828  &kx->other_ephemeral_key,
829  &key_material))
830  {
831  GNUNET_break (0);
832  return;
833  }
834  derive_aes_key (&GSC_my_identity, kx->peer, &key_material, &kx->encrypt_key);
835  derive_aes_key (kx->peer, &GSC_my_identity, &key_material, &kx->decrypt_key);
836  memset (&key_material, 0, sizeof(key_material));
837  /* fresh key, reset sequence numbers */
839  kx->last_packets_bitmap = 0;
840  setup_fresh_ping (kx);
841 }
842 
843 
851 static void
852 handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m)
853 {
854  struct GSC_KeyExchangeInfo *kx = cls;
855  struct GNUNET_TIME_Absolute start_t;
856  struct GNUNET_TIME_Absolute end_t;
857  struct GNUNET_TIME_Absolute now;
858  enum GNUNET_CORE_KxState sender_status;
859 
860  end_t = GNUNET_TIME_absolute_ntoh (m->expiration_time);
862  (GNUNET_CORE_KX_STATE_UP == kx->status) ||
865  {
867  gettext_noop ("# old ephemeral keys ignored"),
868  1,
869  GNUNET_NO);
871  "Received expired EPHEMERAL_KEY from %s\n",
872  GNUNET_i2s (&m->origin_identity));
873  return;
874  }
875  if (0 == memcmp (&m->ephemeral_key,
876  &kx->other_ephemeral_key,
877  sizeof(m->ephemeral_key)))
878  {
880  gettext_noop (
881  "# duplicate ephemeral keys ignored"),
882  1,
883  GNUNET_NO);
885  "Ignoring duplicate EPHEMERAL_KEY from %s\n",
886  GNUNET_i2s (&m->origin_identity));
887  return;
888  }
889  if (0 != memcmp (&m->origin_identity,
890  kx->peer,
891  sizeof(struct GNUNET_PeerIdentity)))
892  {
894  "Received EPHEMERAL_KEY from %s, but expected %s\n",
895  GNUNET_i2s (&m->origin_identity),
896  GNUNET_i2s_full (kx->peer));
897  GNUNET_break_op (0);
898  return;
899  }
900  if ((ntohl (m->purpose.size) !=
901  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
902  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
903  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
904  + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
905  + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) ||
906  (GNUNET_OK !=
908  &m->purpose,
909  &m->signature,
910  &m->origin_identity.public_key)))
911  {
912  /* invalid signature */
913  GNUNET_break_op (0);
915  gettext_noop (
916  "# EPHEMERAL_KEYs rejected (bad signature)"),
917  1,
918  GNUNET_NO);
920  "Received EPHEMERAL_KEY from %s with bad signature\n",
921  GNUNET_i2s (&m->origin_identity));
922  return;
923  }
924  now = GNUNET_TIME_absolute_get ();
925  start_t = GNUNET_TIME_absolute_ntoh (m->creation_time);
926  if ((end_t.abs_value_us <
928  (start_t.abs_value_us >
930  {
931  GNUNET_log (
933  _ (
934  "EPHEMERAL_KEY from peer `%s' rejected as its validity range does not match our system time (%llu not in [%llu,%llu]).\n"),
935  GNUNET_i2s (kx->peer),
936  (unsigned long long) now.abs_value_us,
937  (unsigned long long) start_t.abs_value_us,
938  (unsigned long long) end_t.abs_value_us);
940  gettext_noop (
941  "# EPHEMERAL_KEY messages rejected due to time"),
942  1,
943  GNUNET_NO);
944  return;
945  }
946 #if DEBUG_KX
947  {
948  struct GNUNET_HashCode eh;
949 
950  GNUNET_CRYPTO_hash (&m->ephemeral_key, sizeof(m->ephemeral_key), &eh);
952  "Received valid EPHEMERAL_KEY `%s' from `%s' in state %d.\n",
953  GNUNET_h2s (&eh),
954  GNUNET_i2s (kx->peer),
955  kx->status);
956  }
957 #endif
959  gettext_noop ("# valid ephemeral keys received"),
960  1,
961  GNUNET_NO);
962  kx->other_ephemeral_key = m->ephemeral_key;
963  kx->foreign_key_expires = end_t;
964  derive_session_keys (kx);
965 
966  /* check if we still need to send the sender our key */
967  sender_status = (enum GNUNET_CORE_KxState) ntohl (m->sender_status);
968  switch (sender_status)
969  {
971  GNUNET_break_op (0);
972  break;
973 
975  /* fine, need to send our key after updating our status, see below */
977  break;
978 
980  /* other peer already got our key, but typemap did go down */
982  break;
983 
985  /* other peer already got our key, typemap NOT down */
986  break;
987 
989  /* other peer already got our key, typemap NOT down */
990  break;
991 
992  default:
993  GNUNET_break (0);
994  break;
995  }
996  /* check if we need to confirm everything is fine via PING + PONG */
997  switch (kx->status)
998  {
1000  GNUNET_assert (NULL == kx->keep_alive_task);
1002  monitor_notify_all (kx);
1003  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1004  send_key (kx);
1005  else
1006  send_ping (kx);
1007  break;
1008 
1010  GNUNET_assert (NULL == kx->keep_alive_task);
1012  monitor_notify_all (kx);
1013  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1014  send_key (kx);
1015  else
1016  send_ping (kx);
1017  break;
1018 
1020  GNUNET_assert (NULL == kx->keep_alive_task);
1021  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1022  send_key (kx);
1023  else
1024  send_ping (kx);
1025  break;
1026 
1029  monitor_notify_all (kx);
1030  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1031  send_key (kx);
1032  else
1033  send_ping (kx);
1034  break;
1035 
1037  if (GNUNET_CORE_KX_STATE_KEY_SENT == sender_status)
1038  send_key (kx);
1039  else
1040  send_ping (kx);
1041  break;
1042 
1043  default:
1044  GNUNET_break (0);
1045  break;
1046  }
1047 }
1048 
1049 
1057 static void
1058 handle_ping (void *cls, const struct PingMessage *m)
1059 {
1060  struct GSC_KeyExchangeInfo *kx = cls;
1061  struct PingMessage t;
1062  struct PongMessage tx;
1063  struct PongMessage *tp;
1064  struct GNUNET_MQ_Envelope *env;
1066 
1068  gettext_noop ("# PING messages received"),
1069  1,
1070  GNUNET_NO);
1072  (kx->status != GNUNET_CORE_KX_STATE_UP) &&
1074  {
1075  /* ignore */
1077  gettext_noop (
1078  "# PING messages dropped (out of order)"),
1079  1,
1080  GNUNET_NO);
1081  return;
1082  }
1084  "Core service receives PING request from `%s'.\n",
1085  GNUNET_i2s (kx->peer));
1086  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
1087  if (GNUNET_OK != do_decrypt (kx,
1088  &iv,
1089  &m->target,
1090  &t.target,
1091  sizeof(struct PingMessage)
1092  - ((void *) &m->target - (void *) m)))
1093  {
1094  GNUNET_break_op (0);
1095  return;
1096  }
1097  if (0 !=
1098  memcmp (&t.target, &GSC_my_identity, sizeof(struct GNUNET_PeerIdentity)))
1099  {
1102  "Decryption of PING from peer `%s' failed, PING for `%s'?\n",
1103  GNUNET_i2s (kx->peer),
1104  GNUNET_i2s2 (&t.target));
1105  else
1106  GNUNET_log (
1108  "Decryption of PING from peer `%s' failed after rekey (harmless)\n",
1109  GNUNET_i2s (kx->peer));
1110  GNUNET_break_op (0);
1111  return;
1112  }
1113  /* construct PONG */
1114  tx.reserved = 0;
1115  tx.challenge = t.challenge;
1116  tx.target = t.target;
1118  tp->iv_seed = calculate_seed (kx);
1119  derive_pong_iv (&iv, &kx->encrypt_key, tp->iv_seed, t.challenge, kx->peer);
1120  do_encrypt (kx,
1121  &iv,
1122  &tx.challenge,
1123  &tp->challenge,
1124  sizeof(struct PongMessage)
1125  - ((void *) &tp->challenge - (void *) tp));
1127  gettext_noop ("# PONG messages created"),
1128  1,
1129  GNUNET_NO);
1130  GNUNET_MQ_send (kx->mq, env);
1131 }
1132 
1133 
1140 static void
1141 send_keep_alive (void *cls)
1142 {
1143  struct GSC_KeyExchangeInfo *kx = cls;
1144  struct GNUNET_TIME_Relative retry;
1145  struct GNUNET_TIME_Relative left;
1146 
1147  kx->keep_alive_task = NULL;
1149  if (0 == left.rel_value_us)
1150  {
1152  gettext_noop ("# sessions terminated by timeout"),
1153  1,
1154  GNUNET_NO);
1155  GSC_SESSIONS_end (kx->peer);
1157  monitor_notify_all (kx);
1158  send_key (kx);
1159  return;
1160  }
1162  "Sending KEEPALIVE to `%s'\n",
1163  GNUNET_i2s (kx->peer));
1165  gettext_noop ("# keepalive messages sent"),
1166  1,
1167  GNUNET_NO);
1168  setup_fresh_ping (kx);
1169  send_ping (kx);
1172  kx->keep_alive_task =
1174 }
1175 
1176 
1184 static void
1186 {
1187  struct GNUNET_TIME_Relative delta;
1188 
1189  kx->timeout =
1191  delta =
1193  if (delta.rel_value_us > 5LL * 1000LL * 1000LL)
1194  {
1195  /* we only notify monitors about timeout changes if those
1196  are bigger than the threshold (5s) */
1197  monitor_notify_all (kx);
1198  }
1199  if (NULL != kx->keep_alive_task)
1203  &send_keep_alive,
1204  kx);
1205 }
1206 
1207 
1214 static void
1215 handle_pong (void *cls, const struct PongMessage *m)
1216 {
1217  struct GSC_KeyExchangeInfo *kx = cls;
1218  struct PongMessage t;
1220 
1222  gettext_noop ("# PONG messages received"),
1223  1,
1224  GNUNET_NO);
1225  switch (kx->status)
1226  {
1229  gettext_noop (
1230  "# PONG messages dropped (connection down)"),
1231  1,
1232  GNUNET_NO);
1233  return;
1234 
1237  gettext_noop (
1238  "# PONG messages dropped (out of order)"),
1239  1,
1240  GNUNET_NO);
1241  return;
1242 
1244  break;
1245 
1247  break;
1248 
1250  break;
1251 
1252  default:
1253  GNUNET_break (0);
1254  return;
1255  }
1257  "Core service receives PONG response from `%s'.\n",
1258  GNUNET_i2s (kx->peer));
1259  /* mark as garbage, just to be sure */
1260  memset (&t, 255, sizeof(t));
1261  derive_pong_iv (&iv,
1262  &kx->decrypt_key,
1263  m->iv_seed,
1264  kx->ping_challenge,
1265  &GSC_my_identity);
1266  if (GNUNET_OK != do_decrypt (kx,
1267  &iv,
1268  &m->challenge,
1269  &t.challenge,
1270  sizeof(struct PongMessage)
1271  - ((void *) &m->challenge - (void *) m)))
1272  {
1273  GNUNET_break_op (0);
1274  return;
1275  }
1277  gettext_noop ("# PONG messages decrypted"),
1278  1,
1279  GNUNET_NO);
1280  if ((0 !=
1281  memcmp (&t.target, kx->peer, sizeof(struct GNUNET_PeerIdentity))) ||
1282  (kx->ping_challenge != t.challenge))
1283  {
1284  /* PONG malformed */
1286  "Received malformed PONG wanted sender `%s' with challenge %u\n",
1287  GNUNET_i2s (kx->peer),
1288  (unsigned int) kx->ping_challenge);
1290  "Received malformed PONG received from `%s' with challenge %u\n",
1291  GNUNET_i2s (&t.target),
1292  (unsigned int) t.challenge);
1293  return;
1294  }
1296  "Received valid PONG from `%s'\n",
1297  GNUNET_i2s (kx->peer));
1298  /* no need to resend key any longer */
1299  if (NULL != kx->retry_set_key_task)
1300  {
1302  kx->retry_set_key_task = NULL;
1303  }
1304  switch (kx->status)
1305  {
1307  GNUNET_assert (0); /* should be impossible */
1308  return;
1309 
1311  GNUNET_assert (0); /* should be impossible */
1312  return;
1313 
1316  gettext_noop (
1317  "# session keys confirmed via PONG"),
1318  1,
1319  GNUNET_NO);
1321  monitor_notify_all (kx);
1322  GSC_SESSIONS_create (kx->peer, kx);
1323  GNUNET_assert (NULL == kx->keep_alive_task);
1324  update_timeout (kx);
1325  break;
1326 
1329  gettext_noop ("# timeouts prevented via PONG"),
1330  1,
1331  GNUNET_NO);
1332  update_timeout (kx);
1333  break;
1334 
1337  gettext_noop (
1338  "# rekey operations confirmed via PONG"),
1339  1,
1340  GNUNET_NO);
1342  monitor_notify_all (kx);
1343  update_timeout (kx);
1344  break;
1345 
1346  default:
1347  GNUNET_break (0);
1348  break;
1349  }
1350 }
1351 
1352 
1358 static void
1360 {
1361  struct GNUNET_MQ_Envelope *env;
1362 
1364  if (NULL != kx->retry_set_key_task)
1365  {
1367  kx->retry_set_key_task = NULL;
1368  }
1369  /* always update sender status in SET KEY message */
1370 #if DEBUG_KX
1371  {
1372  struct GNUNET_HashCode hc;
1373 
1375  sizeof(current_ekm.ephemeral_key),
1376  &hc);
1378  "Sending EPHEMERAL_KEY %s to `%s' (my status: %d)\n",
1379  GNUNET_h2s (&hc),
1380  GNUNET_i2s (kx->peer),
1381  kx->status);
1382  }
1383 #endif
1384  current_ekm.sender_status = htonl ((int32_t) (kx->status));
1386  GNUNET_MQ_send (kx->mq, env);
1388  send_ping (kx);
1389  kx->retry_set_key_task =
1392  kx);
1393 }
1394 
1395 
1396 void
1398  const void *payload,
1399  size_t payload_size)
1400 {
1401  size_t used = payload_size + sizeof(struct EncryptedMessage);
1402  char pbuf[used]; /* plaintext */
1403  struct EncryptedMessage *em; /* encrypted message */
1404  struct EncryptedMessage *ph; /* plaintext header */
1405  struct GNUNET_MQ_Envelope *env;
1407  struct GNUNET_CRYPTO_AuthKey auth_key;
1408 
1409  ph = (struct EncryptedMessage *) pbuf;
1410  ph->sequence_number = htonl (++kx->last_sequence_number_sent);
1411  ph->iv_seed = calculate_seed (kx);
1412  ph->reserved = 0;
1414  GNUNET_memcpy (&ph[1], payload, payload_size);
1415  env = GNUNET_MQ_msg_extra (em,
1416  payload_size,
1418  em->iv_seed = ph->iv_seed;
1419  derive_iv (&iv, &kx->encrypt_key, ph->iv_seed, kx->peer);
1421  &iv,
1422  &ph->sequence_number,
1423  &em->sequence_number,
1424  used - ENCRYPTED_HEADER_SIZE));
1425 #if DEBUG_KX
1426  {
1427  struct GNUNET_HashCode hc;
1428 
1429  GNUNET_CRYPTO_hash (&ph->sequence_number,
1430  used - ENCRYPTED_HEADER_SIZE,
1431  &hc);
1433  "Encrypted payload `%s' of %u bytes for %s\n",
1434  GNUNET_h2s (&hc),
1435  (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
1436  GNUNET_i2s (kx->peer));
1437  }
1438 #endif
1439  derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed);
1440  GNUNET_CRYPTO_hmac (&auth_key,
1441  &em->sequence_number,
1442  used - ENCRYPTED_HEADER_SIZE,
1443  &em->hmac);
1444 #if DEBUG_KX
1445  {
1446  struct GNUNET_HashCode hc;
1447 
1448  GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
1450  "For peer %s, used AC %s to create hmac %s\n",
1451  GNUNET_i2s (kx->peer),
1452  GNUNET_h2s (&hc),
1453  GNUNET_h2s2 (&em->hmac));
1454  }
1455 #endif
1457  GNUNET_MQ_send (kx->mq, env);
1458 }
1459 
1460 
1469 static int
1470 check_encrypted (void *cls, const struct EncryptedMessage *m)
1471 {
1472  uint16_t size = ntohs (m->header.size) - sizeof(*m);
1473 
1474  if (size < sizeof(struct GNUNET_MessageHeader))
1475  {
1476  GNUNET_break_op (0);
1477  return GNUNET_SYSERR;
1478  }
1479  return GNUNET_OK;
1480 }
1481 
1482 
1490 static void
1491 handle_encrypted (void *cls, const struct EncryptedMessage *m)
1492 {
1493  struct GSC_KeyExchangeInfo *kx = cls;
1494  struct EncryptedMessage *pt; /* plaintext */
1495  struct GNUNET_HashCode ph;
1496  uint32_t snum;
1497  struct GNUNET_TIME_Absolute t;
1499  struct GNUNET_CRYPTO_AuthKey auth_key;
1500  uint16_t size = ntohs (m->header.size);
1501  char buf[size] GNUNET_ALIGN;
1502 
1503  if (GNUNET_CORE_KX_STATE_UP != kx->status)
1504  {
1506  gettext_noop (
1507  "# DATA message dropped (out of order)"),
1508  1,
1509  GNUNET_NO);
1510  return;
1511  }
1512  if (0 ==
1514  {
1515  GNUNET_log (
1517  _ (
1518  "Session to peer `%s' went down due to key expiration (should not happen)\n"),
1519  GNUNET_i2s (kx->peer));
1521  gettext_noop (
1522  "# sessions terminated by key expiration"),
1523  1,
1524  GNUNET_NO);
1525  GSC_SESSIONS_end (kx->peer);
1526  if (NULL != kx->keep_alive_task)
1527  {
1529  kx->keep_alive_task = NULL;
1530  }
1532  monitor_notify_all (kx);
1533  send_key (kx);
1534  return;
1535  }
1536 
1537  /* validate hash */
1538 #if DEBUG_KX
1539  {
1540  struct GNUNET_HashCode hc;
1541 
1542  GNUNET_CRYPTO_hash (&m->sequence_number, size - ENCRYPTED_HEADER_SIZE, &hc);
1544  "Received encrypted payload `%s' of %u bytes from %s\n",
1545  GNUNET_h2s (&hc),
1546  (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
1547  GNUNET_i2s (kx->peer));
1548  }
1549 #endif
1550  derive_auth_key (&auth_key, &kx->decrypt_key, m->iv_seed);
1551  GNUNET_CRYPTO_hmac (&auth_key,
1552  &m->sequence_number,
1554  &ph);
1555 #if DEBUG_KX
1556  {
1557  struct GNUNET_HashCode hc;
1558 
1559  GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
1561  "For peer %s, used AC %s to verify hmac %s\n",
1562  GNUNET_i2s (kx->peer),
1563  GNUNET_h2s (&hc),
1564  GNUNET_h2s2 (&m->hmac));
1565  }
1566 #endif
1567  if (0 != memcmp (&ph, &m->hmac, sizeof(struct GNUNET_HashCode)))
1568  {
1569  /* checksum failed */
1571  "Failed checksum validation for a message from `%s'\n",
1572  GNUNET_i2s (kx->peer));
1573  return;
1574  }
1575  derive_iv (&iv, &kx->decrypt_key, m->iv_seed, &GSC_my_identity);
1576  /* decrypt */
1577  if (GNUNET_OK != do_decrypt (kx,
1578  &iv,
1579  &m->sequence_number,
1582  {
1583  GNUNET_break_op (0);
1584  return;
1585  }
1587  "Decrypted %u bytes from %s\n",
1588  (unsigned int) (size - ENCRYPTED_HEADER_SIZE),
1589  GNUNET_i2s (kx->peer));
1590  pt = (struct EncryptedMessage *) buf;
1591 
1592  /* validate sequence number */
1593  snum = ntohl (pt->sequence_number);
1594  if (kx->last_sequence_number_received == snum)
1595  {
1597  "Received duplicate message, ignoring.\n");
1598  /* duplicate, ignore */
1600  gettext_noop ("# bytes dropped (duplicates)"),
1601  size,
1602  GNUNET_NO);
1603  return;
1604  }
1605  if ((kx->last_sequence_number_received > snum) &&
1606  (kx->last_sequence_number_received - snum > 32))
1607  {
1609  "Received ancient out of sequence message, ignoring.\n");
1610  /* ancient out of sequence, ignore */
1612  gettext_noop (
1613  "# bytes dropped (out of sequence)"),
1614  size,
1615  GNUNET_NO);
1616  return;
1617  }
1618  if (kx->last_sequence_number_received > snum)
1619  {
1620  uint32_t rotbit = 1U << (kx->last_sequence_number_received - snum - 1);
1621 
1622  if ((kx->last_packets_bitmap & rotbit) != 0)
1623  {
1625  "Received duplicate message, ignoring.\n");
1627  gettext_noop ("# bytes dropped (duplicates)"),
1628  size,
1629  GNUNET_NO);
1630  /* duplicate, ignore */
1631  return;
1632  }
1633  kx->last_packets_bitmap |= rotbit;
1634  }
1635  if (kx->last_sequence_number_received < snum)
1636  {
1637  unsigned int shift = (snum - kx->last_sequence_number_received);
1638 
1639  if (shift >= 8 * sizeof(kx->last_packets_bitmap))
1640  kx->last_packets_bitmap = 0;
1641  else
1642  kx->last_packets_bitmap <<= shift;
1643  kx->last_sequence_number_received = snum;
1644  }
1645 
1646  /* check timestamp */
1648  if (GNUNET_TIME_absolute_get_duration (t).rel_value_us >
1649  MAX_MESSAGE_AGE.rel_value_us)
1650  {
1652  "Message received far too old (%s). Content ignored.\n",
1655  GNUNET_YES));
1657  gettext_noop (
1658  "# bytes dropped (ancient message)"),
1659  size,
1660  GNUNET_NO);
1661  return;
1662  }
1663 
1664  /* process decrypted message(s) */
1665  update_timeout (kx);
1667  gettext_noop ("# bytes of payload decrypted"),
1668  size - sizeof(struct EncryptedMessage),
1669  GNUNET_NO);
1670  if (GNUNET_OK !=
1672  &buf[sizeof(struct EncryptedMessage)],
1673  size - sizeof(struct EncryptedMessage),
1674  GNUNET_YES,
1675  GNUNET_NO))
1676  GNUNET_break_op (0);
1677 }
1678 
1679 
1687 static void
1689  const struct GNUNET_PeerIdentity *pid,
1690  void *connect_cls)
1691 {
1692  struct GSC_KeyExchangeInfo *kx = connect_cls;
1693 
1695  "Peer %s has excess bandwidth available\n",
1696  GNUNET_i2s (pid));
1699 }
1700 
1701 
1706 static void
1708 {
1709  current_ekm.header.size = htons (sizeof(struct EphemeralKeyMessage));
1711  current_ekm.sender_status = 0; /* to be set later */
1714  htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
1715  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
1716  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
1717  + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey)
1718  + sizeof(struct GNUNET_PeerIdentity));
1722  "core",
1723  "USE_EPHEMERAL_KEYS"))
1724  {
1728  REKEY_TOLERANCE)));
1729  }
1730  else
1731  {
1734  }
1742 }
1743 
1744 
1750 static void
1751 do_rekey (void *cls)
1752 {
1753  struct GSC_KeyExchangeInfo *pos;
1754 
1757  sign_ephemeral_key ();
1758  {
1759  struct GNUNET_HashCode eh;
1760 
1762  sizeof(current_ekm.ephemeral_key),
1763  &eh);
1764  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Rekeying to %s\n", GNUNET_h2s (&eh));
1765  }
1766  for (pos = kx_head; NULL != pos; pos = pos->next)
1767  {
1768  if (GNUNET_CORE_KX_STATE_UP == pos->status)
1769  {
1771  monitor_notify_all (pos);
1772  derive_session_keys (pos);
1773  }
1774  if (GNUNET_CORE_KX_STATE_DOWN == pos->status)
1775  {
1777  monitor_notify_all (pos);
1778  }
1779  monitor_notify_all (pos);
1780  send_key (pos);
1781  }
1782 }
1783 
1784 
1791 int
1793 {
1794  struct GNUNET_MQ_MessageHandler handlers[] = {
1795  GNUNET_MQ_hd_fixed_size (ephemeral_key,
1797  struct EphemeralKeyMessage,
1798  NULL),
1801  struct PingMessage,
1802  NULL),
1805  struct PongMessage,
1806  NULL),
1807  GNUNET_MQ_hd_var_size (encrypted,
1809  struct EncryptedMessage,
1810  NULL),
1812  };
1813 
1814  my_private_key = *pk;
1818  sign_ephemeral_key ();
1819  {
1820  struct GNUNET_HashCode eh;
1821 
1823  sizeof(current_ekm.ephemeral_key),
1824  &eh);
1826  "Starting with ephemeral key %s\n",
1827  GNUNET_h2s (&eh));
1828  }
1829 
1832  transport =
1834  &GSC_my_identity,
1835  handlers,
1836  NULL,
1840  if (NULL == transport)
1841  {
1842  GSC_KX_done ();
1843  return GNUNET_SYSERR;
1844  }
1845  return GNUNET_OK;
1846 }
1847 
1848 
1852 void
1854 {
1855  if (NULL != transport)
1856  {
1858  transport = NULL;
1859  }
1860  if (NULL != rekey_task)
1861  {
1863  rekey_task = NULL;
1864  }
1865  memset (&my_ephemeral_key,
1866  0,
1867  sizeof (my_ephemeral_key));
1868  memset (&my_private_key,
1869  0,
1870  sizeof (my_private_key));
1871  if (NULL != nc)
1872  {
1874  nc = NULL;
1875  }
1876 }
1877 
1878 
1885 unsigned int
1887 {
1888  return GNUNET_MQ_get_length (kxinfo->mq);
1889 }
1890 
1891 
1892 int
1894 {
1895  return kxinfo->has_excess_bandwidth;
1896 }
1897 
1898 
1907 void
1909 {
1910  struct GNUNET_MQ_Envelope *env;
1911  struct MonitorNotifyMessage *done_msg;
1912  struct GSC_KeyExchangeInfo *kx;
1913 
1915  for (kx = kx_head; NULL != kx; kx = kx->next)
1916  {
1917  struct GNUNET_MQ_Envelope *env;
1918  struct MonitorNotifyMessage *msg;
1919 
1921  msg->state = htonl ((uint32_t) kx->status);
1922  msg->peer = *kx->peer;
1923  msg->timeout = GNUNET_TIME_absolute_hton (kx->timeout);
1924  GNUNET_MQ_send (mq, env);
1925  }
1927  done_msg->state = htonl ((uint32_t) GNUNET_CORE_KX_ITERATION_FINISHED);
1929  GNUNET_MQ_send (mq, env);
1930 }
1931 
1932 
1933 /* end of gnunet-service-core_kx.c */
struct GNUNET_MQ_Handle * mq
Definition: 003.c:5
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
#define GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY
Purpose is to set a session key.
common internal definitions for core service
#define GNUNET_CORE_OPTION_SEND_FULL_INBOUND
Client wants all inbound messages in full.
Definition: core.h:54
#define GNUNET_CORE_OPTION_SEND_HDR_INBOUND
Client just wants the 4-byte message headers of all inbound messages.
Definition: core.h:60
#define gettext_noop(String)
Definition: gettext.h:70
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
static struct SolverHandle * sh
static struct GNUNET_ATS_PerformanceHandle * ph
ATS performance handle used.
Definition: gnunet-ats.c:116
static void pong(struct GNUNET_CADET_Channel *channel, const struct CadetPingMessage *ping)
Reply with a pong to origin.
static void ping(void *cls)
Send a ping to destination.
static struct GNUNET_CADET_MessageHandler handlers[]
Handlers, for diverse services.
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
const struct GNUNET_CONFIGURATION_Handle * GSC_cfg
Our configuration.
struct GNUNET_PeerIdentity GSC_my_identity
Our identity.
void GSC_CLIENTS_deliver_message(const struct GNUNET_PeerIdentity *sender, const struct GNUNET_MessageHeader *msg, uint16_t msize, uint32_t options)
Deliver P2P message to interested clients.
struct GNUNET_STATISTICS_Handle * GSC_stats
For creating statistics.
Globals for gnunet-service-core.
static void handle_pong(void *cls, const struct PongMessage *m)
We received a PONG message.
static void handle_encrypted(void *cls, const struct EncryptedMessage *m)
We received an encrypted message.
static void set_key_retry_task(void *cls)
Task that will retry send_key() if our previous attempt failed.
#define REKEY_TOLERANCE
What time difference do we tolerate?
unsigned int GSC_NEIGHBOURS_get_queue_length(const struct GSC_KeyExchangeInfo *kxinfo)
Check how many messages are queued for the given neighbour.
static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key
Our private key.
static struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key
Our ephemeral private key.
int GSC_NEIGHBOURS_check_excess_bandwidth(const struct GSC_KeyExchangeInfo *kxinfo)
Check if the given neighbour has excess bandwidth available.
static void derive_aes_key(const struct GNUNET_PeerIdentity *sender, const struct GNUNET_PeerIdentity *receiver, const struct GNUNET_HashCode *key_material, struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
Derive an AES key from key material.
#define MIN_PING_FREQUENCY
What is the minimum frequency for a PING message?
static struct GSC_KeyExchangeInfo * kx_tail
DLL tail.
void GSC_KX_handle_client_monitor_peers(struct GNUNET_MQ_Handle *mq)
Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.
static void handle_ephemeral_key(void *cls, const struct EphemeralKeyMessage *m)
We received a GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY message.
#define REKEY_FREQUENCY
How often do we rekey?
static void sign_ephemeral_key()
Setup the message that links the ephemeral key to our persistent public key and generate the appropri...
static void handle_transport_notify_disconnect(void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls)
Function called by transport telling us that a peer disconnected.
static struct GNUNET_NotificationContext * nc
Notification context for broadcasting to monitors.
void GSC_KX_encrypt_and_transmit(struct GSC_KeyExchangeInfo *kx, const void *payload, size_t payload_size)
Encrypt and transmit a message with the given payload.
static int check_encrypted(void *cls, const struct EncryptedMessage *m)
We received an encrypted message.
static void send_key(struct GSC_KeyExchangeInfo *kx)
Send our key (and encrypted PING) to the other peer.
static uint32_t calculate_seed(struct GSC_KeyExchangeInfo *kx)
Calculate seed value we should use for a message.
static void handle_ping(void *cls, const struct PingMessage *m)
We received a PING message.
static struct GSC_KeyExchangeInfo * kx_head
DLL head.
static struct EphemeralKeyMessage current_ekm
Current message we send for a key exchange.
int GSC_KX_init(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Initialize KX subsystem.
static void do_rekey(void *cls)
Task run to trigger rekeying.
#define MAX_MESSAGE_AGE
What is the maximum age of a message for us to consider processing it? Note that this looks at the ti...
#define INITIAL_SET_KEY_RETRY_FREQUENCY
How long do we wait for SET_KEY confirmation initially?
void GSC_KX_done()
Shutdown KX subsystem.
#define ENCRYPTED_HEADER_SIZE
Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted.
static void derive_session_keys(struct GSC_KeyExchangeInfo *kx)
Derive fresh session keys from the current ephemeral keys.
static void derive_auth_key(struct GNUNET_CRYPTO_AuthKey *akey, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed)
Derive an authentication key from "set key" information.
static void * handle_transport_notify_connect(void *cls, const struct GNUNET_PeerIdentity *pid, struct GNUNET_MQ_Handle *mq)
Function called by transport to notify us that a peer connected to us (on the network level).
static void setup_fresh_ping(struct GSC_KeyExchangeInfo *kx)
Create a fresh PING message for transmission to the other peer.
static void update_timeout(struct GSC_KeyExchangeInfo *kx)
We've seen a valid message from the other peer.
static void send_ping(struct GSC_KeyExchangeInfo *kx)
Send our PING to the other peer.
static void derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity)
Derive an IV from packet information.
static void send_keep_alive(void *cls)
Task triggered when a neighbour entry is about to time out (and we should prevent this by sending a P...
static int do_decrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Decrypt size bytes from in and write the result to out.
static int deliver_message(void *cls, const struct GNUNET_MessageHeader *m)
Deliver P2P message to interested clients.
static void monitor_notify_all(struct GSC_KeyExchangeInfo *kx)
Inform all monitors about the KX state of the given peer.
static struct GNUNET_SCHEDULER_Task * rekey_task
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
static struct GNUNET_TRANSPORT_CoreHandle * transport
Transport service.
static void handle_transport_notify_excess_bw(void *cls, const struct GNUNET_PeerIdentity *pid, void *connect_cls)
One of our neighbours has excess bandwidth, remember this.
static int do_encrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Encrypt size bytes from in and write the result to out.
static void derive_pong_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, uint32_t challenge, const struct GNUNET_PeerIdentity *identity)
Derive an IV from pong packet information.
code for managing the key exchange (SET_KEY, PING, PONG) with other peers
void GSC_SESSIONS_reinit(const struct GNUNET_PeerIdentity *peer)
The other peer has indicated that it 'lost' the session (KX down), reinitialize the session on our en...
void GSC_SESSIONS_end(const struct GNUNET_PeerIdentity *pid)
End the session with the given peer (we are no longer connected).
void GSC_SESSIONS_confirm_typemap(const struct GNUNET_PeerIdentity *peer, const struct GNUNET_MessageHeader *msg)
The other peer has confirmed receiving our type map, check if it is current and if so,...
void GSC_SESSIONS_solicit(const struct GNUNET_PeerIdentity *pid)
Traffic is being solicited for the given peer.
void GSC_SESSIONS_create(const struct GNUNET_PeerIdentity *peer, struct GSC_KeyExchangeInfo *kx)
Create a session, a key exchange was just completed.
void GSC_SESSIONS_set_typemap(const struct GNUNET_PeerIdentity *peer, const struct GNUNET_MessageHeader *msg)
We've received a typemap message from a peer, update ours.
static unsigned long long payload
How much data are we currently storing in the database?
static char buf[2048]
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
static struct GNUNET_TRANSPORT_PluginMonitor * pm
Handle if we are monitoring plugin session activity.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_SCHEDULER_Task * t
Main task.
Constants for network protocols.
API to create, modify and access statistics.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_yesno(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option)
Get a configuration value that should be in a set of "YES" or "NO".
#define GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT
After how long do we consider a connection to a peer dead if we don't receive messages from the peer?
GNUNET_CORE_KxState
State machine for our P2P encryption handshake.
@ GNUNET_CORE_KX_PEER_DISCONNECT
Last state of a KX (when it is being terminated).
@ GNUNET_CORE_KX_STATE_UP
The other peer has confirmed our session key + PING with a PONG message encrypted with their session ...
@ GNUNET_CORE_KX_STATE_DOWN
No handshake yet.
@ GNUNET_CORE_KX_STATE_KEY_SENT
We've sent our session key.
@ GNUNET_CORE_KX_STATE_KEY_RECEIVED
We've received the other peers session key.
@ GNUNET_CORE_KX_ITERATION_FINISHED
This is not a state in a peer's state machine, but a special value used with the GNUNET_CORE_MonitorC...
@ GNUNET_CORE_KX_STATE_REKEY_SENT
We're rekeying (or had a timeout), so we have sent the other peer our new ephemeral key,...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:726
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:435
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:619
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random value.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:702
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:213
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
int32_t GNUNET_CRYPTO_crc32_n(const void *buf, size_t len)
Compute the CRC32 checksum for the first len bytes of the buffer.
Definition: crypto_crc.c:99
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:329
int GNUNET_CRYPTO_hash_cmp(const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2)
Compare function for HashCodes, producing a total ordering of all hashcodes.
Definition: crypto_hash.c:220
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:70
void GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
Derive an authentication key.
Definition: crypto_hash.c:266
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
#define GNUNET_log(kind,...)
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
#define GNUNET_ALIGN
gcc-ism to force alignment; we use this to align char-arrays that may then be cast to 'struct's.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_PACKED
gcc-ism to get packed structs.
@ GNUNET_OK
@ GNUNET_YES
@ GNUNET_NO
@ GNUNET_SYSERR
const char * GNUNET_h2s2(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
const char * GNUNET_i2s2(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
const char * GNUNET_i2s_full(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_DEBUG
@ GNUNET_ERROR_TYPE_INFO
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
void GNUNET_notification_context_destroy(struct GNUNET_NotificationContext *nc)
Destroy the context, force disconnect for all subscribers.
Definition: nc.c:138
unsigned int GNUNET_MQ_get_length(struct GNUNET_MQ_Handle *mq)
Obtain the current length of the message queue.
Definition: mq.c:293
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:304
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct.
Definition: gnunet_mq_lib.h:62
void GNUNET_notification_context_broadcast(struct GNUNET_NotificationContext *nc, const struct GNUNET_MessageHeader *msg, int can_drop)
Send a message to all subscribers of this context.
Definition: nc.c:190
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:77
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
struct GNUNET_MQ_Envelope * GNUNET_MQ_msg_copy(const struct GNUNET_MessageHeader *hdr)
Create a new envelope by copying an existing message.
Definition: mq.c:533
struct GNUNET_NotificationContext * GNUNET_notification_context_create(unsigned int queue_length)
Create a new notification context.
Definition: nc.c:122
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
void GNUNET_notification_context_add(struct GNUNET_NotificationContext *nc, struct GNUNET_MQ_Handle *mq)
Add a subscriber to the notification context.
Definition: nc.c:161
#define GNUNET_MESSAGE_TYPE_CORE_PING
Check that other peer is alive (challenge).
#define GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP
uncompressed type map of the sender
#define GNUNET_MESSAGE_TYPE_CORE_PONG
Confirmation that other peer is alive.
#define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE
Encapsulation for an encrypted message between peers.
#define GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP
gzip-compressed type map of the sender
#define GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY
Reply for monitor by CORE service.
#define GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP
Other peer confirms having received the type map.
#define GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY
Session key exchange between peers.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:975
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1272
enum GNUNET_GenericReturnValue GNUNET_MST_from_buffer(struct GNUNET_MessageStreamTokenizer *mst, const char *buf, size_t size, int purge, int one_shot)
Add incoming data to the receive buffer and call the callback for all complete messages.
Definition: mst.c:101
void GNUNET_MST_destroy(struct GNUNET_MessageStreamTokenizer *mst)
Destroys a tokenizer.
Definition: mst.c:404
struct GNUNET_MessageStreamTokenizer * GNUNET_MST_create(GNUNET_MessageTokenizerCallback cb, void *cb_cls)
Create a message stream tokenizer.
Definition: mst.c:86
void GNUNET_STATISTICS_update(struct GNUNET_STATISTICS_Handle *handle, const char *name, int64_t delta, int make_persistent)
Set statistic value for the peer.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_duration(struct GNUNET_TIME_Absolute whence)
Get the duration of an operation as the difference of the current time and the given start time "henc...
Definition: time.c:436
struct GNUNET_TIME_Relative GNUNET_TIME_relative_max(struct GNUNET_TIME_Relative t1, struct GNUNET_TIME_Relative t2)
Return the maximum of two relative time values.
Definition: time.c:351
#define GNUNET_TIME_UNIT_SECONDS
One second.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_remaining(struct GNUNET_TIME_Absolute future)
Given a timestamp in the future, how much time remains until then?
Definition: time.c:405
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh(struct GNUNET_TIME_AbsoluteNBO a)
Convert absolute time from network byte order.
Definition: time.c:737
struct GNUNET_TIME_Relative GNUNET_TIME_relative_add(struct GNUNET_TIME_Relative a1, struct GNUNET_TIME_Relative a2)
Add relative times together.
Definition: time.c:585
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_subtract(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Subtract a given relative duration from the given start time.
Definition: time.c:469
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:316
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:450
struct GNUNET_TIME_Relative GNUNET_TIME_relative_divide(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Divide relative time by a given factor.
Definition: time.c:550
const char * GNUNET_STRINGS_relative_time_to_string(struct GNUNET_TIME_Relative delta, int do_round)
Give relative time in human-readable fancy format.
Definition: strings.c:569
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_difference(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Absolute end)
Compute the time difference between the given start and end times.
Definition: time.c:421
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:638
#define GNUNET_TIME_UNIT_FOREVER_ABS
Constant used to specify "forever".
#define GNUNET_TIME_STD_BACKOFF(r)
Perform our standard exponential back-off calculation, starting at 1 ms and then going by a factor of...
struct GNUNET_TRANSPORT_CoreHandle * GNUNET_TRANSPORT_core_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_PeerIdentity *self, const struct GNUNET_MQ_MessageHandler *handlers, void *cls, GNUNET_TRANSPORT_NotifyConnect nc, GNUNET_TRANSPORT_NotifyDisconnect nd)
Connect to the transport service.
void GNUNET_TRANSPORT_core_disconnect(struct GNUNET_TRANSPORT_CoreHandle *handle)
Disconnect from the transport service.
static unsigned int size
Size of the "table".
Definition: peer.c:68
#define _(String)
GNU gettext support macro.
Definition: platform.h:177
void receiver(void *cls, const void *buf, size_t available, const struct sockaddr *addr, socklen_t addrlen, int errCode)
Callback to read from the SOCKS5 proxy.
Definition: socks.c:330
static struct GNUNET_TIME_Relative delta
Definition: speedup.c:36
Encapsulation for encrypted messages exchanged between peers.
uint32_t iv_seed
Random value used for IV generation.
struct GNUNET_TIME_AbsoluteNBO timestamp
Timestamp.
uint32_t sequence_number
Sequence number, in network byte order.
struct GNUNET_HashCode hmac
MAC of the encrypted message (starting at sequence_number), used to verify message integrity.
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE.
uint32_t reserved
Reserved, always zero.
Message transmitted with the signed ephemeral key of a peer.
struct GNUNET_PeerIdentity origin_identity
Public key of the signing peer (persistent version, not the ephemeral public key).
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
int32_t sender_status
Status of the sender (should be in enum PeerStateMachine), nbo.
struct GNUNET_TIME_AbsoluteNBO expiration_time
When does the given ephemeral key expire (end of validity).
struct GNUNET_CRYPTO_EddsaSignature signature
An ECC signature of the origin_identity asserting the validity of the given ephemeral key.
struct GNUNET_TIME_AbsoluteNBO creation_time
At what time was this key created (beginning of validity).
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Information about what is being signed.
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Ephemeral public ECC key.
type for (message) authentication keys
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
A 512-bit hashcode.
Handle to a message queue.
Definition: mq.c:87
Message handler for a specific message type.
Header for all communications.
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format.
Handle to a message stream tokenizer.
Definition: mst.c:45
The notification context is the key datastructure for a convenience API used for transmission of noti...
Definition: nc.c:77
The identity of the host (wraps the signing key of the peer).
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Entry in list of pending tasks.
Definition: scheduler.c:136
Time for absolute time used by GNUnet, in microseconds and in network byte order.
Time for absolute times used by GNUnet, in microseconds.
uint64_t abs_value_us
The actual value.
Time for relative time used by GNUnet, in microseconds.
uint64_t rel_value_us
The actual value.
Handle for the transport service (includes all of the state for the transport service).
Information about the status of a key exchange with another peer.
struct GSC_KeyExchangeInfo * prev
DLL.
struct GNUNET_CRYPTO_SymmetricSessionKey encrypt_key
Key we use to encrypt our messages for the other peer (initialized by us when we do the handshake).
struct GNUNET_SCHEDULER_Task * retry_set_key_task
ID of task used for re-trying SET_KEY and PING message.
struct GNUNET_TIME_Relative set_key_retry_frequency
At what frequency are we currently re-trying SET_KEY messages?
struct GNUNET_TIME_Absolute last_notify_timeout
What was the last timeout we informed our monitors about?
const struct GNUNET_PeerIdentity * peer
Identity of the peer.
uint32_t last_sequence_number_sent
last sequence number transmitted
struct GNUNET_MessageStreamTokenizer * mst
Our message stream tokenizer (for encrypted payload).
struct GSC_KeyExchangeInfo * next
DLL.
uint32_t ping_challenge
What was our PING challenge number (for this peer)?
struct GNUNET_MQ_Handle * mq
Message queue for sending messages to peer.
uint32_t last_sequence_number_received
last sequence number received on this connection (highest)
struct GNUNET_CRYPTO_EcdhePublicKey other_ephemeral_key
Ephemeral public ECC key of the other peer.
struct GNUNET_CRYPTO_SymmetricSessionKey decrypt_key
Key we use to decrypt messages from the other peer (given to us by the other peer during the handshak...
struct GNUNET_TIME_Absolute timeout
When should the session time out (if there are no PONGs)?
int has_excess_bandwidth
GNUNET_YES if this peer currently has excess bandwidth.
struct PingMessage ping
PING message we transmit to the other peer.
struct GNUNET_SCHEDULER_Task * keep_alive_task
ID of task used for sending keep-alive pings.
enum GNUNET_CORE_KxState status
What is our connection status?
struct GNUNET_TIME_Absolute foreign_key_expires
At what time did the other peer generate the decryption key?
uint32_t last_packets_bitmap
Bit map indicating which of the 32 sequence numbers before the last were received (good for accepting...
Message sent by the service to monitor clients to notify them about a peer changing status.
Definition: core.h:302
uint32_t state
New peer state, an enum GNUNET_CORE_KxState in NBO.
Definition: core.h:311
struct GNUNET_TIME_AbsoluteNBO timeout
How long will we stay in this state (if nothing else happens)?
Definition: core.h:321
We're sending an (encrypted) PING to the other peer to check if it can decrypt.
struct GNUNET_MessageHeader header
Message type is GNUNET_MESSAGE_TYPE_CORE_PING.
struct GNUNET_PeerIdentity target
Intended target of the PING, used primarily to check that decryption actually worked.
uint32_t challenge
Random number chosen to make replay harder.
Response to a PING.
uint32_t challenge
Random number to make replay attacks harder.
uint32_t reserved
Reserved, always zero.
uint32_t iv_seed
Seed for the IV.
struct GNUNET_PeerIdentity target
Intended target of the PING, used primarily to check that decryption actually worked.
struct GNUNET_TESTBED_Peer * peer
The peer associated with this model.