GNUnet  0.10.x
gnunet-service-cadet_tunnels.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2013, 2017, 2018 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19 */
33 #include "platform.h"
34 #include "gnunet_util_lib.h"
36 #include "gnunet_signatures.h"
37 #include "cadet_protocol.h"
43 
44 
45 #define LOG(level, ...) GNUNET_log_from(level,"cadet-tun",__VA_ARGS__)
46 
52 #define MAX_UNVERIFIED_ATTEMPTS 16
53 
57 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
58 
63 #define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MILLISECONDS, 250)
64 
68 #define MAX_SKIPPED_KEYS 64
69 
74 #define MAX_KEY_GAP 256
75 
76 
81 {
86 
91 
96 
101 
106 
110  unsigned int Kn;
111 };
112 
113 
118 {
125 
130 
135 
140 
145 
152 
159 
165 
173 
178 
183 
188 
193  struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral;
194 
199  struct GNUNET_TIME_Absolute ratchet_expiration;
200 
204  unsigned int skipped;
205 
209  uint32_t Ns;
210 
214  uint32_t Nr;
215 
219  uint32_t PNs;
220 
225 
237 
250  unsigned int ratchet_counter;
251 
252 };
253 
254 
259 {
264 
269 
273  struct CadetTunnel *t;
274 
279 
283  void *cont_cls;
284 
289 
295 };
296 
297 
302 {
307 
312  struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
313 
318 
323 
328 
337 
342 
347 
352 
357 
362 
367 
372 
377 
382 
387 
393 
398 
403 
408 
415 
419  struct GNUNET_TIME_Relative kx_retry_delay;
420 
424  struct GNUNET_TIME_Absolute next_kx_attempt;
425 
429  unsigned int num_ready_connections;
430 
434  unsigned int num_busy_connections;
435 
441  unsigned int unverified_attempts;
442 
446  unsigned int tq_len;
447 
451  enum CadetTunnelEState estate;
452 
457 
458 };
459 
460 
467 static int
468 alice_or_betty (const struct GNUNET_PeerIdentity *other)
469 {
470  if (0 > GNUNET_memcmp (&my_full_id,
471  other))
472  return GNUNET_YES;
473  else if (0 < GNUNET_memcmp (&my_full_id,
474  other))
475  return GNUNET_NO;
476  else
477  {
478  GNUNET_break_op (0);
479  return GNUNET_SYSERR;
480  }
481 }
482 
483 
490 static void
492 {
493  struct CadetTunnel *t = ct->t;
494 
498  ct);
501  ct->is_ready = GNUNET_NO;
504  ct);
506 }
507 
508 
516 const char *
517 GCT_2s (const struct CadetTunnel *t)
518 {
519  static char buf[64];
520 
521  if (NULL == t)
522  return "Tunnel(NULL)";
523  GNUNET_snprintf (buf,
524  sizeof (buf),
525  "Tunnel %s",
527  return buf;
528 }
529 
530 
538 static const char *
540 {
541  static char buf[32];
542 
543  switch (es)
544  {
546  return "CADET_TUNNEL_KEY_UNINITIALIZED";
548  return "CADET_TUNNEL_KEY_AX_RECV";
550  return "CADET_TUNNEL_KEY_AX_SENT";
552  return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV";
554  return "CADET_TUNNEL_KEY_AX_AUTH_SENT";
555  case CADET_TUNNEL_KEY_OK:
556  return "CADET_TUNNEL_KEY_OK";
557  default:
558  GNUNET_snprintf (buf,
559  sizeof (buf),
560  "%u (UNKNOWN STATE)",
561  es);
562  return buf;
563  }
564 }
565 
566 
573 struct CadetPeer *
575 {
576  return t->destination;
577 }
578 
579 
587 unsigned int
589 {
591 }
592 
593 
601 struct CadetChannel *
604 {
606  ntohl (ctn.cn));
607 }
608 
609 
617 unsigned int
619 {
621 }
622 
623 
631 static struct CadetTConnection *
633 {
634  struct CadetTConnection *hd = t->connection_ready_head;
635 
636  GNUNET_assert ( (NULL == hd) ||
637  (GNUNET_YES == hd->is_ready) );
638  return hd;
639 }
640 
641 
651 {
652  return t->estate;
653 }
654 
655 
664 static void
665 trigger_transmissions (void *cls);
666 
667 
668 /* ************************************** start core crypto ***************************** */
669 
670 
676 static void
678 {
680  "Creating new ephemeral ratchet key (DHRs)\n");
683 }
684 
685 
695 static void
696 t_hmac (const void *plaintext,
697  size_t size,
698  uint32_t iv,
700  struct GNUNET_ShortHashCode *hmac)
701 {
702  static const char ctx[] = "cadet authentication key";
703  struct GNUNET_CRYPTO_AuthKey auth_key;
704  struct GNUNET_HashCode hash;
705 
707  key,
708  &iv, sizeof (iv),
709  key, sizeof (*key),
710  ctx, sizeof (ctx),
711  NULL);
712  /* Two step: GNUNET_ShortHash is only 256 bits,
713  GNUNET_HashCode is 512, so we truncate. */
714  GNUNET_CRYPTO_hmac (&auth_key,
715  plaintext,
716  size,
717  &hash);
718  GNUNET_memcpy (hmac,
719  &hash,
720  sizeof (*hmac));
721 }
722 
723 
732 static void
734  struct GNUNET_HashCode *hash,
735  const void *source,
736  unsigned int len)
737 {
738  static const char ctx[] = "axolotl HMAC-HASH";
739  struct GNUNET_CRYPTO_AuthKey auth_key;
740 
742  key,
743  ctx, sizeof (ctx),
744  NULL);
745  GNUNET_CRYPTO_hmac (&auth_key,
746  source,
747  len,
748  hash);
749 }
750 
751 
760 static void
763  const void *source,
764  unsigned int len)
765 {
766  static const char ctx[] = "axolotl derive key";
767  struct GNUNET_HashCode h;
768 
769  t_ax_hmac_hash (key,
770  &h,
771  source,
772  len);
773  GNUNET_CRYPTO_kdf (out, sizeof (*out),
774  ctx, sizeof (ctx),
775  &h, sizeof (h),
776  NULL);
777 }
778 
779 
788 static void
790  void *dst,
791  const void *src,
792  size_t size)
793 {
796  size_t out_size;
797 
798  ax->ratchet_counter++;
799  if ( (GNUNET_YES == ax->ratchet_allowed) &&
800  ( (ratchet_messages <= ax->ratchet_counter) ||
802  {
803  ax->ratchet_flag = GNUNET_YES;
804  }
805  if (GNUNET_YES == ax->ratchet_flag)
806  {
807  /* Advance ratchet */
808  struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
809  struct GNUNET_HashCode dh;
810  struct GNUNET_HashCode hmac;
811  static const char ctx[] = "axolotl ratchet";
812 
813  new_ephemeral (ax);
814  ax->HKs = ax->NHKs;
815 
816  /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
818  &ax->DHRr,
819  &dh);
820  t_ax_hmac_hash (&ax->RK,
821  &hmac,
822  &dh,
823  sizeof (dh));
824  GNUNET_CRYPTO_kdf (keys, sizeof (keys),
825  ctx, sizeof (ctx),
826  &hmac, sizeof (hmac),
827  NULL);
828  ax->RK = keys[0];
829  ax->NHKs = keys[1];
830  ax->CKs = keys[2];
831 
832  ax->PNs = ax->Ns;
833  ax->Ns = 0;
834  ax->ratchet_flag = GNUNET_NO;
836  ax->ratchet_counter = 0;
839  ratchet_time);
840  }
841 
842  t_hmac_derive_key (&ax->CKs,
843  &MK,
844  "0",
845  1);
847  &MK,
848  NULL, 0,
849  NULL);
850 
851  out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
852  size,
853  &MK,
854  &iv,
855  dst);
856  GNUNET_assert (size == out_size);
857  t_hmac_derive_key (&ax->CKs,
858  &ax->CKs,
859  "1",
860  1);
861 }
862 
863 
872 static void
874  void *dst,
875  const void *src,
876  size_t size)
877 {
880  size_t out_size;
881 
882  t_hmac_derive_key (&ax->CKr,
883  &MK,
884  "0",
885  1);
887  &MK,
888  NULL, 0,
889  NULL);
890  GNUNET_assert (size >= sizeof (struct GNUNET_MessageHeader));
891  out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
892  size,
893  &MK,
894  &iv,
895  dst);
896  GNUNET_assert (out_size == size);
897  t_hmac_derive_key (&ax->CKr,
898  &ax->CKr,
899  "1",
900  1);
901 }
902 
903 
910 static void
913 {
915  size_t out_size;
916 
918  &ax->HKs,
919  NULL, 0,
920  NULL);
921  out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header,
922  sizeof (struct GNUNET_CADET_AxHeader),
923  &ax->HKs,
924  &iv,
925  &msg->ax_header);
926  GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
927 }
928 
929 
937 static void
939  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
941 {
943  size_t out_size;
944 
946  &ax->HKr,
947  NULL, 0,
948  NULL);
949  out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
950  sizeof (struct GNUNET_CADET_AxHeader),
951  &ax->HKr,
952  &iv,
953  &dst->ax_header.Ns);
954  GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
955 }
956 
957 
964 static void
966  struct CadetTunnelSkippedKey *key)
967 {
969  ax->skipped_tail,
970  key);
971  GNUNET_free (key);
972  ax->skipped--;
973 }
974 
975 
986 static ssize_t
988  void *dst,
989  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
990  size_t size)
991 {
992  struct CadetTunnelSkippedKey *key;
993  struct GNUNET_ShortHashCode *hmac;
995  struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
996  struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
997  size_t esize;
998  size_t res;
999  size_t len;
1000  unsigned int N;
1001 
1003  "Trying skipped keys\n");
1004  hmac = &plaintext_header.hmac;
1005  esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1006 
1007  /* Find a correct Header Key */
1008  valid_HK = NULL;
1009  for (key = ax->skipped_head; NULL != key; key = key->next)
1010  {
1011  t_hmac (&src->ax_header,
1012  sizeof (struct GNUNET_CADET_AxHeader) + esize,
1013  0,
1014  &key->HK,
1015  hmac);
1016  if (0 == GNUNET_memcmp (hmac,
1017  &src->hmac))
1018  {
1019  valid_HK = &key->HK;
1020  break;
1021  }
1022  }
1023  if (NULL == key)
1024  return -1;
1025 
1026  /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
1027  GNUNET_assert (size > sizeof (struct GNUNET_CADET_TunnelEncryptedMessage));
1028  len = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1029  GNUNET_assert (len >= sizeof (struct GNUNET_MessageHeader));
1030 
1031  /* Decrypt header */
1033  &key->HK,
1034  NULL, 0,
1035  NULL);
1037  sizeof (struct GNUNET_CADET_AxHeader),
1038  &key->HK,
1039  &iv,
1040  &plaintext_header.ax_header.Ns);
1041  GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res);
1042 
1043  /* Find the correct message key */
1044  N = ntohl (plaintext_header.ax_header.Ns);
1045  while ( (NULL != key) &&
1046  (N != key->Kn) )
1047  key = key->next;
1048  if ( (NULL == key) ||
1049  (0 != GNUNET_memcmp (&key->HK,
1050  valid_HK)) )
1051  return -1;
1052 
1053  /* Decrypt payload */
1055  &key->MK,
1056  NULL,
1057  0,
1058  NULL);
1059  res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
1060  len,
1061  &key->MK,
1062  &iv,
1063  dst);
1064  delete_skipped_key (ax,
1065  key);
1066  return res;
1067 }
1068 
1069 
1076 static void
1078  const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
1079 {
1080  struct CadetTunnelSkippedKey *key;
1081 
1082  key = GNUNET_new (struct CadetTunnelSkippedKey);
1084  key->Kn = ax->Nr;
1085  key->HK = ax->HKr;
1086  t_hmac_derive_key (&ax->CKr,
1087  &key->MK,
1088  "0",
1089  1);
1090  t_hmac_derive_key (&ax->CKr,
1091  &ax->CKr,
1092  "1",
1093  1);
1095  ax->skipped_tail,
1096  key);
1097  ax->skipped++;
1098  ax->Nr++;
1099 }
1100 
1101 
1112 static int
1114  const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
1115  uint32_t Np)
1116 {
1117  int gap;
1118 
1119  gap = Np - ax->Nr;
1121  "Storing skipped keys [%u, %u)\n",
1122  ax->Nr,
1123  Np);
1124  if (MAX_KEY_GAP < gap)
1125  {
1126  /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */
1127  /* TODO: start new key exchange on return */
1128  GNUNET_break_op (0);
1130  "Got message %u, expected %u+\n",
1131  Np,
1132  ax->Nr);
1133  return GNUNET_SYSERR;
1134  }
1135  if (0 > gap)
1136  {
1137  /* Delayed message: don't store keys, flag to try old keys. */
1138  return GNUNET_SYSERR;
1139  }
1140 
1141  while (ax->Nr < Np)
1142  store_skipped_key (ax,
1143  HKr);
1144 
1145  while (ax->skipped > MAX_SKIPPED_KEYS)
1146  delete_skipped_key (ax,
1147  ax->skipped_tail);
1148  return GNUNET_OK;
1149 }
1150 
1151 
1162 static ssize_t
1164  void *dst,
1165  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
1166  size_t size)
1167 {
1168  struct GNUNET_ShortHashCode msg_hmac;
1169  struct GNUNET_HashCode hmac;
1170  struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1171  uint32_t Np;
1172  uint32_t PNp;
1173  size_t esize; /* Size of encryped payload */
1174 
1175  esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1176 
1177  /* Try current HK */
1178  t_hmac (&src->ax_header,
1179  sizeof (struct GNUNET_CADET_AxHeader) + esize,
1180  0, &ax->HKr,
1181  &msg_hmac);
1182  if (0 != GNUNET_memcmp (&msg_hmac,
1183  &src->hmac))
1184  {
1185  static const char ctx[] = "axolotl ratchet";
1186  struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1188  struct GNUNET_HashCode dh;
1189  struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1190 
1191  /* Try Next HK */
1192  t_hmac (&src->ax_header,
1193  sizeof (struct GNUNET_CADET_AxHeader) + esize,
1194  0,
1195  &ax->NHKr,
1196  &msg_hmac);
1197  if (0 != GNUNET_memcmp (&msg_hmac,
1198  &src->hmac))
1199  {
1200  /* Try the skipped keys, if that fails, we're out of luck. */
1201  return try_old_ax_keys (ax,
1202  dst,
1203  src,
1204  size);
1205  }
1206  HK = ax->HKr;
1207  ax->HKr = ax->NHKr;
1208  t_h_decrypt (ax,
1209  src,
1210  &plaintext_header);
1211  Np = ntohl (plaintext_header.ax_header.Ns);
1212  PNp = ntohl (plaintext_header.ax_header.PNs);
1213  DHRp = &plaintext_header.ax_header.DHRs;
1214  store_ax_keys (ax,
1215  &HK,
1216  PNp);
1217 
1218  /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1220  DHRp,
1221  &dh);
1222  t_ax_hmac_hash (&ax->RK,
1223  &hmac,
1224  &dh, sizeof (dh));
1225  GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1226  ctx, sizeof (ctx),
1227  &hmac, sizeof (hmac),
1228  NULL);
1229 
1230  /* Commit "purported" keys */
1231  ax->RK = keys[0];
1232  ax->NHKr = keys[1];
1233  ax->CKr = keys[2];
1234  ax->DHRr = *DHRp;
1235  ax->Nr = 0;
1237  }
1238  else
1239  {
1240  t_h_decrypt (ax,
1241  src,
1242  &plaintext_header);
1243  Np = ntohl (plaintext_header.ax_header.Ns);
1244  PNp = ntohl (plaintext_header.ax_header.PNs);
1245  }
1246  if ( (Np != ax->Nr) &&
1247  (GNUNET_OK != store_ax_keys (ax,
1248  &ax->HKr,
1249  Np)) )
1250  {
1251  /* Try the skipped keys, if that fails, we're out of luck. */
1252  return try_old_ax_keys (ax,
1253  dst,
1254  src,
1255  size);
1256  }
1257 
1258  t_ax_decrypt (ax,
1259  dst,
1260  &src[1],
1261  esize);
1262  ax->Nr = Np + 1;
1263  return esize;
1264 }
1265 
1266 
1276 static int
1278  uint32_t key,
1279  void *value)
1280 {
1281  struct CadetChannel *ch = value;
1282 
1283  GCCH_tunnel_up (ch);
1284  return GNUNET_OK;
1285 }
1286 
1287 
1295 void
1297  enum CadetTunnelEState state)
1298 {
1299  enum CadetTunnelEState old = t->estate;
1300 
1301  t->estate = state;
1303  "%s estate changed from %s to %s\n",
1304  GCT_2s (t),
1305  estate2s (old),
1306  estate2s (state));
1307 
1308  if ( (CADET_TUNNEL_KEY_OK != old) &&
1309  (CADET_TUNNEL_KEY_OK == t->estate) )
1310  {
1311  if (NULL != t->kx_task)
1312  {
1314  t->kx_task = NULL;
1315  }
1316  /* notify all channels that have been waiting */
1319  t);
1320  if (NULL != t->send_task)
1323  t);
1324  }
1325 }
1326 
1327 
1336 static void
1338  struct CadetTConnection *ct,
1339  struct CadetTunnelAxolotl *ax)
1340 {
1341  struct CadetConnection *cc;
1342  struct GNUNET_MQ_Envelope *env;
1345 
1347  return; /* only Alice may send KX */
1348  if ( (NULL == ct) ||
1349  (GNUNET_NO == ct->is_ready) )
1350  ct = get_ready_connection (t);
1351  if (NULL == ct)
1352  {
1354  "Wanted to send %s in state %s, but no connection is ready, deferring\n",
1355  GCT_2s (t),
1356  estate2s (t->estate));
1358  return;
1359  }
1360  cc = ct->cc;
1361  env = GNUNET_MQ_msg (msg,
1363  flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
1364  msg->flags = htonl (flags);
1365  msg->cid = *GCC_get_id (cc);
1367  &msg->ephemeral_key);
1368 #if DEBUG_KX
1369  msg->ephemeral_key_XXX = ax->kx_0;
1370  msg->private_key_XXX = *my_private_key;
1371 #endif
1373  "Sending KX message to %s with ephemeral %s on CID %s\n",
1374  GCT_2s (t),
1375  GNUNET_e2s (&msg->ephemeral_key),
1378  &msg->ratchet_key);
1383  GCT_change_estate (t,
1385  else if (CADET_TUNNEL_KEY_AX_RECV == t->estate)
1386  GCT_change_estate (t,
1388  GCC_transmit (cc,
1389  env);
1391  "# KX transmitted",
1392  1,
1393  GNUNET_NO);
1394 }
1395 
1396 
1407 static void
1409  struct CadetTConnection *ct,
1410  struct CadetTunnelAxolotl *ax,
1411  int force_reply)
1412 {
1413  struct CadetConnection *cc;
1414  struct GNUNET_MQ_Envelope *env;
1416  enum GNUNET_CADET_KX_Flags flags;
1417 
1418  if ( (NULL == ct) ||
1419  (GNUNET_NO == ct->is_ready) )
1420  ct = get_ready_connection (t);
1421  if (NULL == ct)
1422  {
1424  "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n",
1425  GCT_2s (t));
1427  t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */
1428  return;
1429  }
1430  t->kx_auth_requested = GNUNET_NO; /* clear flag */
1431  cc = ct->cc;
1432  env = GNUNET_MQ_msg (msg,
1434  flags = GNUNET_CADET_KX_FLAG_NONE;
1435  if (GNUNET_YES == force_reply)
1437  msg->kx.flags = htonl (flags);
1438  msg->kx.cid = *GCC_get_id (cc);
1440  &msg->kx.ephemeral_key);
1442  &msg->kx.ratchet_key);
1443 #if DEBUG_KX
1444  msg->kx.ephemeral_key_XXX = ax->kx_0;
1445  msg->kx.private_key_XXX = *my_private_key;
1446  msg->r_ephemeral_key_XXX = ax->last_ephemeral;
1447 #endif
1449  "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n",
1450  GCT_2s (t),
1451  GNUNET_e2s (&msg->kx.ephemeral_key),
1453 
1454  /* Compute authenticator (this is the main difference to #send_kx()) */
1455  GNUNET_CRYPTO_hash (&ax->RK,
1456  sizeof (ax->RK),
1457  &msg->auth);
1458  /* Compute when to be triggered again; actual job will
1459  be scheduled via #connection_ready_cb() */
1460  t->kx_retry_delay
1462  t->next_kx_attempt
1464 
1465  /* Send via cc, mark it as unready */
1467 
1468  /* Update state machine, unless we are already OK */
1469  if (CADET_TUNNEL_KEY_OK != t->estate)
1470  GCT_change_estate (t,
1472  GCC_transmit (cc,
1473  env);
1475  "# KX_AUTH transmitted",
1476  1,
1477  GNUNET_NO);
1478 }
1479 
1480 
1486 static void
1488 {
1489  while (NULL != ax->skipped_head)
1490  delete_skipped_key (ax,
1491  ax->skipped_head);
1492  GNUNET_assert (0 == ax->skipped);
1495 }
1496 
1497 
1511 static int
1513  const struct GNUNET_PeerIdentity *pid,
1514  const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key,
1515  const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
1516 {
1517  struct GNUNET_HashCode key_material[3];
1518  struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1519  const char salt[] = "CADET Axolotl salt";
1520  int am_I_alice;
1521 
1522  if (GNUNET_SYSERR == (am_I_alice = alice_or_betty (pid)))
1523  {
1524  GNUNET_break_op (0);
1525  return GNUNET_SYSERR;
1526  }
1527  if (0 == GNUNET_memcmp (&ax->DHRr,
1528  ratchet_key))
1529  {
1531  "# Ratchet key already known",
1532  1,
1533  GNUNET_NO);
1535  "Ratchet key already known. Ignoring KX.\n");
1536  return GNUNET_NO;
1537  }
1538 
1539  ax->DHRr = *ratchet_key;
1540  ax->last_ephemeral = *ephemeral_key;
1541  /* ECDH A B0 */
1542  if (GNUNET_YES == am_I_alice)
1543  {
1545  ephemeral_key, /* B0 */
1546  &key_material[0]);
1547  }
1548  else
1549  {
1550  GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */
1551  &pid->public_key, /* A */
1552  &key_material[0]);
1553  }
1554  /* ECDH A0 B */
1555  if (GNUNET_YES == am_I_alice)
1556  {
1557  GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */
1558  &pid->public_key, /* B */
1559  &key_material[1]);
1560  }
1561  else
1562  {
1564  ephemeral_key, /* A0 */
1565  &key_material[1]);
1566  }
1567 
1568  /* ECDH A0 B0 */
1569  GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */
1570  ephemeral_key, /* B0 or A0 */
1571  &key_material[2]);
1572  /* KDF */
1573  GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1574  salt, sizeof (salt),
1575  &key_material, sizeof (key_material),
1576  NULL);
1577 
1578  if (0 == memcmp (&ax->RK,
1579  &keys[0],
1580  sizeof (ax->RK)))
1581  {
1583  "Root key already known. Ignoring KX.\n");
1585  "# Root key already known",
1586  1,
1587  GNUNET_NO);
1588  return GNUNET_NO;
1589  }
1590 
1591  ax->RK = keys[0];
1592  if (GNUNET_YES == am_I_alice)
1593  {
1594  ax->HKr = keys[1];
1595  ax->NHKs = keys[2];
1596  ax->NHKr = keys[3];
1597  ax->CKr = keys[4];
1598  ax->ratchet_flag = GNUNET_YES;
1599  }
1600  else
1601  {
1602  ax->HKs = keys[1];
1603  ax->NHKr = keys[2];
1604  ax->NHKs = keys[3];
1605  ax->CKs = keys[4];
1606  ax->ratchet_flag = GNUNET_NO;
1607  ax->ratchet_expiration
1609  ratchet_time);
1610  }
1611  return GNUNET_OK;
1612 }
1613 
1614 
1620 static void
1621 retry_kx (void *cls)
1622 {
1623  struct CadetTunnel *t = cls;
1624  struct CadetTunnelAxolotl *ax;
1625 
1626  t->kx_task = NULL;
1628  "Trying to make KX progress on %s in state %s\n",
1629  GCT_2s (t),
1630  estate2s (t->estate));
1631  switch (t->estate)
1632  {
1633  case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
1634  case CADET_TUNNEL_KEY_AX_SENT: /* trying again */
1635  send_kx (t,
1636  NULL,
1637  &t->ax);
1638  break;
1641  /* We are responding, so only require reply
1642  if WE have a channel waiting. */
1643  if (NULL != t->unverified_ax)
1644  {
1645  /* Send AX_AUTH so we might get this one verified */
1646  ax = t->unverified_ax;
1647  }
1648  else
1649  {
1650  /* How can this be? */
1651  GNUNET_break (0);
1652  ax = &t->ax;
1653  }
1654  send_kx_auth (t,
1655  NULL,
1656  ax,
1657  (0 == GCT_count_channels (t))
1658  ? GNUNET_NO
1659  : GNUNET_YES);
1660  break;
1662  /* We are responding, so only require reply
1663  if WE have a channel waiting. */
1664  if (NULL != t->unverified_ax)
1665  {
1666  /* Send AX_AUTH so we might get this one verified */
1667  ax = t->unverified_ax;
1668  }
1669  else
1670  {
1671  /* How can this be? */
1672  GNUNET_break (0);
1673  ax = &t->ax;
1674  }
1675  send_kx_auth (t,
1676  NULL,
1677  ax,
1678  (0 == GCT_count_channels (t))
1679  ? GNUNET_NO
1680  : GNUNET_YES);
1681  break;
1682  case CADET_TUNNEL_KEY_OK:
1683  /* Must have been the *other* peer asking us to
1684  respond with a KX_AUTH. */
1685  if (NULL != t->unverified_ax)
1686  {
1687  /* Sending AX_AUTH in response to AX so we might get this one verified */
1688  ax = t->unverified_ax;
1689  }
1690  else
1691  {
1692  /* Sending AX_AUTH in response to AX_AUTH */
1693  ax = &t->ax;
1694  }
1695  send_kx_auth (t,
1696  NULL,
1697  ax,
1698  GNUNET_NO);
1699  break;
1700  }
1701 }
1702 
1703 
1712 void
1715 {
1716  struct CadetTunnel *t = ct->t;
1717  int ret;
1718 
1720  "# KX received",
1721  1,
1722  GNUNET_NO);
1723  if (GNUNET_YES ==
1725  {
1726  /* Betty/Bob is not allowed to send KX! */
1727  GNUNET_break_op (0);
1728  return;
1729  }
1731  "Received KX message from %s with ephemeral %s from %s on connection %s\n",
1732  GCT_2s (t),
1733  GNUNET_e2s (&msg->ephemeral_key),
1735  GCC_2s (ct->cc));
1736 #if 1
1737  if ( (0 ==
1738  memcmp (&t->ax.DHRr,
1739  &msg->ratchet_key,
1740  sizeof (msg->ratchet_key))) &&
1741  (0 ==
1742  memcmp (&t->ax.last_ephemeral,
1743  &msg->ephemeral_key,
1744  sizeof (msg->ephemeral_key))) )
1745 
1746  {
1748  "# Duplicate KX received",
1749  1,
1750  GNUNET_NO);
1751  send_kx_auth (t,
1752  ct,
1753  &t->ax,
1754  GNUNET_NO);
1755  return;
1756  }
1757 #endif
1758  /* We only keep ONE unverified KX around, so if there is an existing one,
1759  clean it up. */
1760  if (NULL != t->unverified_ax)
1761  {
1762  if ( (0 ==
1763  memcmp (&t->unverified_ax->DHRr,
1764  &msg->ratchet_key,
1765  sizeof (msg->ratchet_key))) &&
1766  (0 ==
1767  memcmp (&t->unverified_ax->last_ephemeral,
1768  &msg->ephemeral_key,
1769  sizeof (msg->ephemeral_key))) )
1770  {
1772  "# Duplicate unverified KX received",
1773  1,
1774  GNUNET_NO);
1775 #if 1
1776  send_kx_auth (t,
1777  ct,
1778  t->unverified_ax,
1779  GNUNET_NO);
1780  return;
1781 #endif
1782  }
1784  "Dropping old unverified KX state.\n");
1786  "# Unverified KX dropped for fresh KX",
1787  1,
1788  GNUNET_NO);
1789  GNUNET_break (NULL == t->unverified_ax->skipped_head);
1790  memset (t->unverified_ax,
1791  0,
1792  sizeof (struct CadetTunnelAxolotl));
1793  }
1794  else
1795  {
1797  "Creating fresh unverified KX for %s\n",
1798  GCT_2s (t));
1800  "# Fresh KX setup",
1801  1,
1802  GNUNET_NO);
1804  }
1805  /* Set as the 'current' RK/DHRr the one we are currently using,
1806  so that the duplicate-detection logic of
1807  #update_ax_by_kx can work. */
1808  t->unverified_ax->RK = t->ax.RK;
1809  t->unverified_ax->DHRr = t->ax.DHRr;
1810  t->unverified_ax->DHRs = t->ax.DHRs;
1811  t->unverified_ax->kx_0 = t->ax.kx_0;
1812  t->unverified_attempts = 0;
1813 
1814  /* Update 'ax' by the new key material */
1815  ret = update_ax_by_kx (t->unverified_ax,
1816  GCP_get_id (t->destination),
1817  &msg->ephemeral_key,
1818  &msg->ratchet_key);
1819  GNUNET_break (GNUNET_SYSERR != ret);
1820  if (GNUNET_OK != ret)
1821  {
1823  "# Useless KX",
1824  1,
1825  GNUNET_NO);
1826  return; /* duplicate KX, nothing to do */
1827  }
1828  /* move ahead in our state machine */
1830  GCT_change_estate (t,
1832  else if (CADET_TUNNEL_KEY_AX_SENT == t->estate)
1833  GCT_change_estate (t,
1835 
1836  /* KX is still not done, try again our end. */
1837  if (CADET_TUNNEL_KEY_OK != t->estate)
1838  {
1839  if (NULL != t->kx_task)
1841  t->kx_task
1843  t);
1844  }
1845 }
1846 
1847 
1848 #if DEBUG_KX
1849 static void
1850 check_ee (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1851  const struct GNUNET_CRYPTO_EcdhePrivateKey *e2)
1852 {
1853  struct GNUNET_CRYPTO_EcdhePublicKey p1;
1854  struct GNUNET_CRYPTO_EcdhePublicKey p2;
1855  struct GNUNET_HashCode hc1;
1856  struct GNUNET_HashCode hc2;
1857 
1859  &p1);
1861  &p2);
1864  &p2,
1865  &hc1));
1868  &p1,
1869  &hc2));
1870  GNUNET_break (0 == GNUNET_memcmp (&hc1,
1871  &hc2));
1872 }
1873 
1874 
1875 static void
1876 check_ed (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1877  const struct GNUNET_CRYPTO_EddsaPrivateKey *e2)
1878 {
1879  struct GNUNET_CRYPTO_EcdhePublicKey p1;
1880  struct GNUNET_CRYPTO_EddsaPublicKey p2;
1881  struct GNUNET_HashCode hc1;
1882  struct GNUNET_HashCode hc2;
1883 
1885  &p1);
1887  &p2);
1890  &p2,
1891  &hc1));
1894  &p1,
1895  &hc2));
1896  GNUNET_break (0 == GNUNET_memcmp (&hc1,
1897  &hc2));
1898 }
1899 
1900 
1901 static void
1902 test_crypto_bug (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1903  const struct GNUNET_CRYPTO_EcdhePrivateKey *e2,
1904  const struct GNUNET_CRYPTO_EddsaPrivateKey *d1,
1905  const struct GNUNET_CRYPTO_EddsaPrivateKey *d2)
1906 {
1907  check_ee (e1, e2);
1908  check_ed (e1, d2);
1909  check_ed (e2, d1);
1910 }
1911 
1912 #endif
1913 
1914 
1921 void
1924 {
1925  struct CadetTunnel *t = ct->t;
1926  struct CadetTunnelAxolotl ax_tmp;
1927  struct GNUNET_HashCode kx_auth;
1928  int ret;
1929 
1931  "# KX_AUTH received",
1932  1,
1933  GNUNET_NO);
1934  if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
1936  {
1937  /* Confusing, we got a KX_AUTH before we even send our own
1938  KX. This should not happen. We'll send our own KX ASAP anyway,
1939  so let's ignore this here. */
1940  GNUNET_break_op (0);
1941  return;
1942  }
1944  "Handling KX_AUTH message from %s with ephemeral %s\n",
1945  GCT_2s (t),
1946  GNUNET_e2s (&msg->kx.ephemeral_key));
1947  /* We do everything in ax_tmp until we've checked the authentication
1948  so we don't clobber anything we care about by accident. */
1949  ax_tmp = t->ax;
1950 
1951  /* Update 'ax' by the new key material */
1952  ret = update_ax_by_kx (&ax_tmp,
1953  GCP_get_id (t->destination),
1954  &msg->kx.ephemeral_key,
1955  &msg->kx.ratchet_key);
1956  if (GNUNET_OK != ret)
1957  {
1958  if (GNUNET_NO == ret)
1960  "# redundant KX_AUTH received",
1961  1,
1962  GNUNET_NO);
1963  else
1964  GNUNET_break (0); /* connect to self!? */
1965  return;
1966  }
1967  GNUNET_CRYPTO_hash (&ax_tmp.RK,
1968  sizeof (ax_tmp.RK),
1969  &kx_auth);
1970  if (0 != GNUNET_memcmp (&kx_auth,
1971  &msg->auth))
1972  {
1973  /* This KX_AUTH is not using the latest KX/KX_AUTH data
1974  we transmitted to the sender, refuse it, try KX again. */
1976  "# KX_AUTH not using our last KX received (auth failure)",
1977  1,
1978  GNUNET_NO);
1980  "KX AUTH mismatch!\n");
1981 #if DEBUG_KX
1982  {
1983  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1984 
1986  &ephemeral_key);
1987  if (0 != GNUNET_memcmp (&ephemeral_key,
1988  &msg->r_ephemeral_key_XXX))
1989  {
1991  "My ephemeral is %s!\n",
1992  GNUNET_e2s (&ephemeral_key));
1994  "Response is for ephemeral %s!\n",
1995  GNUNET_e2s (&msg->r_ephemeral_key_XXX));
1996  }
1997  else
1998  {
1999  test_crypto_bug (&ax_tmp.kx_0,
2000  &msg->kx.ephemeral_key_XXX,
2002  &msg->kx.private_key_XXX);
2003  }
2004  }
2005 #endif
2006  if (NULL == t->kx_task)
2007  t->kx_task
2009  &retry_kx,
2010  t);
2011  return;
2012  }
2013  /* Yep, we're good. */
2014  t->ax = ax_tmp;
2015  if (NULL != t->unverified_ax)
2016  {
2017  /* We got some "stale" KX before, drop that. */
2020  t->unverified_ax = NULL;
2021  }
2022 
2023  /* move ahead in our state machine */
2024  switch (t->estate)
2025  {
2028  /* Checked above, this is impossible. */
2029  GNUNET_assert (0);
2030  break;
2031  case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */
2032  case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */
2033  case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */
2034  GCT_change_estate (t,
2036  break;
2037  case CADET_TUNNEL_KEY_OK:
2038  /* Did not expect another KX_AUTH, but so what, still acceptable.
2039  Nothing to do here. */
2040  break;
2041  }
2042  if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->kx.flags)))
2043  {
2044  send_kx_auth (t,
2045  NULL,
2046  &t->ax,
2047  GNUNET_NO);
2048  }
2049 }
2050 
2051 
2052 
2053 /* ************************************** end core crypto ***************************** */
2054 
2055 
2064 {
2065 #define HIGH_BIT 0x8000000
2067  uint32_t ctn;
2068  int cmp;
2069  uint32_t highbit;
2070 
2071  cmp = GNUNET_memcmp (&my_full_id,
2073  if (0 < cmp)
2074  highbit = HIGH_BIT;
2075  else if (0 > cmp)
2076  highbit = 0;
2077  else
2078  GNUNET_assert (0); // loopback must never go here!
2079  ctn = ntohl (t->next_ctn.cn);
2080  while (NULL !=
2082  ctn | highbit))
2083  {
2084  ctn = ((ctn + 1) & (~ HIGH_BIT));
2085  }
2086  t->next_ctn.cn = htonl ((ctn + 1) & (~ HIGH_BIT));
2087  ret.cn = htonl (ctn | highbit);
2088  return ret;
2089 }
2090 
2091 
2103  struct CadetChannel *ch)
2104 {
2106 
2107  ctn = get_next_free_ctn (t);
2108  if (NULL != t->destroy_task)
2109  {
2110  GNUNET_SCHEDULER_cancel (t->destroy_task);
2111  t->destroy_task = NULL;
2112  }
2115  ntohl (ctn.cn),
2116  ch,
2119  "Adding %s to %s\n",
2120  GCCH_2s (ch),
2121  GCT_2s (t));
2122  switch (t->estate)
2123  {
2125  /* waiting for connection to start KX */
2126  break;
2130  /* we're currently waiting for KX to complete */
2131  break;
2133  /* waiting for OTHER peer to send us data,
2134  we might need to prompt more aggressively! */
2135  if (NULL == t->kx_task)
2136  t->kx_task
2137  = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2138  &retry_kx,
2139  t);
2140  break;
2141  case CADET_TUNNEL_KEY_OK:
2142  /* We are ready. Tell the new channel that we are up. */
2143  GCCH_tunnel_up (ch);
2144  break;
2145  }
2146  return ctn;
2147 }
2148 
2149 
2156 void
2158 {
2159  struct CadetTunnel *t = ct->t;
2160 
2161  if (GNUNET_YES == ct->is_ready)
2162  {
2165  ct);
2166  t->num_ready_connections--;
2167  }
2168  else
2169  {
2172  ct);
2173  t->num_busy_connections--;
2174  }
2175  GNUNET_free (ct);
2176 }
2177 
2178 
2185 static void
2187  struct CadetTConnection *ct)
2188 {
2189  struct CadetTunnel *t = cls;
2190  struct CadetConnection *cc = ct->cc;
2191 
2192  GNUNET_assert (ct->t == t);
2193  GCT_connection_lost (ct);
2195 }
2196 
2197 
2203 static void
2204 destroy_tunnel (void *cls)
2205 {
2206  struct CadetTunnel *t = cls;
2207  struct CadetTunnelQueueEntry *tq;
2208 
2209  t->destroy_task = NULL;
2211  "Destroying idle %s\n",
2212  GCT_2s (t));
2213  GNUNET_assert (0 == GCT_count_channels (t));
2216  t);
2217  GNUNET_assert (NULL == t->connection_ready_head);
2218  GNUNET_assert (NULL == t->connection_busy_head);
2219  while (NULL != (tq = t->tq_head))
2220  {
2221  if (NULL != tq->cont)
2222  tq->cont (tq->cont_cls,
2223  NULL);
2224  GCT_send_cancel (tq);
2225  }
2227  t);
2229  if (NULL != t->maintain_connections_task)
2230  {
2232  t->maintain_connections_task = NULL;
2233  }
2234  if (NULL != t->send_task)
2235  {
2237  t->send_task = NULL;
2238  }
2239  if (NULL != t->kx_task)
2240  {
2242  t->kx_task = NULL;
2243  }
2244  GNUNET_MST_destroy (t->mst);
2245  GNUNET_MQ_destroy (t->mq);
2246  if (NULL != t->unverified_ax)
2247  {
2250  }
2251  cleanup_ax (&t->ax);
2252  GNUNET_assert (NULL == t->destroy_task);
2253  GNUNET_free (t);
2254 }
2255 
2256 
2264 void
2266  struct CadetChannel *ch,
2268 {
2270  "Removing %s from %s\n",
2271  GCCH_2s (ch),
2272  GCT_2s (t));
2275  ntohl (ctn.cn),
2276  ch));
2277  if ( (0 ==
2278  GCT_count_channels (t)) &&
2279  (NULL == t->destroy_task) )
2280  {
2281  t->destroy_task
2283  &destroy_tunnel,
2284  t);
2285  }
2286 }
2287 
2288 
2297 static int
2299  uint32_t key,
2300  void *value)
2301 {
2302  struct CadetChannel *ch = value;
2303 
2305  NULL);
2306  return GNUNET_OK;
2307 }
2308 
2309 
2315 void
2317 {
2321  t);
2322  GNUNET_assert (0 ==
2323  GCT_count_channels (t));
2324  if (NULL != t->destroy_task)
2325  {
2327  t->destroy_task = NULL;
2328  }
2329  destroy_tunnel (t);
2330 }
2331 
2332 
2340 static void
2342  struct CadetTConnection *ct)
2343 {
2344  struct CadetTunnelQueueEntry *tq;
2345 
2347  tq = t->tq_head;
2348  if (NULL == tq)
2349  {
2350  /* no messages pending right now */
2352  "Not sending payload of %s on ready %s (nothing pending)\n",
2353  GCT_2s (t),
2354  GCC_2s (ct->cc));
2355  return;
2356  }
2357  /* ready to send message 'tq' on tunnel 'ct' */
2358  GNUNET_assert (t == tq->t);
2360  t->tq_tail,
2361  tq);
2362  if (NULL != tq->cid)
2363  *tq->cid = *GCC_get_id (ct->cc);
2366  "Sending payload of %s on %s\n",
2367  GCT_2s (t),
2368  GCC_2s (ct->cc));
2369  GCC_transmit (ct->cc,
2370  tq->env);
2371  if (NULL != tq->cont)
2372  tq->cont (tq->cont_cls,
2373  GCC_get_id (ct->cc));
2374  GNUNET_free (tq);
2375 }
2376 
2377 
2386 static void
2388  int is_ready)
2389 {
2390  struct CadetTConnection *ct = cls;
2391  struct CadetTunnel *t = ct->t;
2392 
2393  if (GNUNET_NO == is_ready)
2394  {
2396  "%s no longer ready for %s\n",
2397  GCC_2s (ct->cc),
2398  GCT_2s (t));
2400  return;
2401  }
2402  GNUNET_assert (GNUNET_NO == ct->is_ready);
2405  ct);
2407  t->num_busy_connections--;
2408  ct->is_ready = GNUNET_YES;
2411  ct);
2412  t->num_ready_connections++;
2413 
2415  "%s now ready for %s in state %s\n",
2416  GCC_2s (ct->cc),
2417  GCT_2s (t),
2418  estate2s (t->estate));
2419  switch (t->estate)
2420  {
2422  /* Do not begin KX if WE have no channels waiting! */
2424  return; /* wait for timeout before retrying */
2425  /* We are uninitialized, just transmit immediately,
2426  without undue delay. */
2427  if (NULL != t->kx_task)
2428  {
2430  t->kx_task = NULL;
2431  }
2432  send_kx (t,
2433  ct,
2434  &t->ax);
2435  if ( (0 ==
2436  GCT_count_channels (t)) &&
2437  (NULL == t->destroy_task) )
2438  {
2439  t->destroy_task
2441  &destroy_tunnel,
2442  t);
2443  }
2444  break;
2449  /* we're currently waiting for KX to complete, schedule job */
2450  if (NULL == t->kx_task)
2451  t->kx_task
2453  &retry_kx,
2454  t);
2455  break;
2456  case CADET_TUNNEL_KEY_OK:
2457  if (GNUNET_YES == t->kx_auth_requested)
2458  {
2460  return; /* wait for timeout */
2461  if (NULL != t->kx_task)
2462  {
2464  t->kx_task = NULL;
2465  }
2466  send_kx_auth (t,
2467  ct,
2468  &t->ax,
2469  GNUNET_NO);
2470  return;
2471  }
2473  ct);
2474  break;
2475  }
2476 }
2477 
2478 
2487 static void
2489 {
2490  struct CadetTunnel *t = cls;
2491  struct CadetTConnection *ct;
2492 
2493  t->send_task = NULL;
2494  if (NULL == t->tq_head)
2495  return; /* no messages pending right now */
2496  ct = get_ready_connection (t);
2497  if (NULL == ct)
2498  return; /* no connections ready */
2500  ct);
2501 }
2502 
2503 
2509 {
2510 
2514  unsigned int min_length;
2515 
2519  unsigned int max_length;
2520 
2525 
2530 
2535 
2541 
2545  double worst_score;
2546 
2551 
2552 };
2553 
2554 
2562 static void
2564  struct CadetTConnection *ct)
2565 {
2566  struct EvaluationSummary *es = cls;
2567  struct CadetConnection *cc = ct->cc;
2568  unsigned int ct_length;
2569  struct CadetPeerPath *ps;
2570  const struct CadetConnectionMetrics *metrics;
2571  GNUNET_CONTAINER_HeapCostType ct_desirability;
2572  struct GNUNET_TIME_Relative uptime;
2573  struct GNUNET_TIME_Relative last_use;
2574  double score;
2575  double success_rate;
2576 
2577  ps = GCC_get_path (cc,
2578  &ct_length);
2580  "Evaluating path %s of existing %s\n",
2581  GCPP_2s (ps),
2582  GCC_2s (cc));
2583  if (ps == es->path)
2584  {
2586  "Ignoring duplicate path %s.\n",
2587  GCPP_2s (es->path));
2588  es->duplicate = GNUNET_YES;
2589  return;
2590  }
2591  if (NULL != es->path)
2592  {
2593  int duplicate = GNUNET_YES;
2594 
2595  for (unsigned int i=0;i<ct_length;i++)
2596  {
2597  GNUNET_assert (GCPP_get_length (es->path) > i);
2598  if (GCPP_get_peer_at_offset (es->path,
2599  i) !=
2601  i))
2602  {
2603  duplicate = GNUNET_NO;
2604  break;
2605  }
2606  }
2607  if (GNUNET_YES == duplicate)
2608  {
2610  "Ignoring overlapping path %s.\n",
2611  GCPP_2s (es->path));
2612  es->duplicate = GNUNET_YES;
2613  return;
2614  }
2615  else
2616  {
2618  "Known path %s differs from proposed path\n",
2619  GCPP_2s (ps));
2620  }
2621  }
2622 
2623  ct_desirability = GCPP_get_desirability (ps);
2624  metrics = GCC_get_metrics (cc);
2625  uptime = GNUNET_TIME_absolute_get_duration (metrics->age);
2626  last_use = GNUNET_TIME_absolute_get_duration (metrics->last_use);
2627  /* We add 1.0 here to avoid division by zero. */
2628  success_rate = (metrics->num_acked_transmissions + 1.0) / (metrics->num_successes + 1.0);
2629  score
2630  = ct_desirability
2631  + 100.0 / (1.0 + ct_length) /* longer paths = better */
2632  + sqrt (uptime.rel_value_us / 60000000LL) /* larger uptime = better */
2633  - last_use.rel_value_us / 1000L; /* longer idle = worse */
2634  score *= success_rate; /* weigh overall by success rate */
2635 
2636  if ( (NULL == es->worst) ||
2637  (score < es->worst_score) )
2638  {
2639  es->worst = ct;
2640  es->worst_score = score;
2641  }
2642  es->min_length = GNUNET_MIN (es->min_length,
2643  ct_length);
2644  es->max_length = GNUNET_MAX (es->max_length,
2645  ct_length);
2646  es->min_desire = GNUNET_MIN (es->min_desire,
2647  ct_desirability);
2648  es->max_desire = GNUNET_MAX (es->max_desire,
2649  ct_desirability);
2650 }
2651 
2652 
2662 static int
2663 consider_path_cb (void *cls,
2664  struct CadetPeerPath *path,
2665  unsigned int off)
2666 {
2667  struct CadetTunnel *t = cls;
2668  struct EvaluationSummary es;
2669  struct CadetTConnection *ct;
2670 
2671  GNUNET_assert (off < GCPP_get_length (path));
2673  off) == t->destination);
2674  es.min_length = UINT_MAX;
2675  es.max_length = 0;
2676  es.max_desire = 0;
2677  es.min_desire = UINT64_MAX;
2678  es.path = path;
2679  es.duplicate = GNUNET_NO;
2680  es.worst = NULL;
2681 
2682  /* Compute evaluation summary over existing connections. */
2684  "Evaluating proposed path %s for target %s\n",
2685  GCPP_2s (path),
2686  GCT_2s (t));
2687  /* FIXME: suspect this does not ACTUALLY iterate
2688  over all existing paths, otherwise dup detection
2689  should work!!! */
2692  &es);
2693  if (GNUNET_YES == es.duplicate)
2694  return GNUNET_YES;
2695 
2696  /* FIXME: not sure we should really just count
2697  'num_connections' here, as they may all have
2698  consistently failed to connect. */
2699 
2700  /* We iterate by increasing path length; if we have enough paths and
2701  this one is more than twice as long than what we are currently
2702  using, then ignore all of these super-long ones! */
2704  (es.min_length * 2 < off) &&
2705  (es.max_length < off) )
2706  {
2708  "Ignoring paths of length %u, they are way too long.\n",
2709  es.min_length * 2);
2710  return GNUNET_NO;
2711  }
2712  /* If we have enough paths and this one looks no better, ignore it. */
2714  (es.min_length < GCPP_get_length (path)) &&
2715  (es.min_desire > GCPP_get_desirability (path)) &&
2716  (es.max_length < off) )
2717  {
2719  "Ignoring path (%u/%llu) to %s, got something better already.\n",
2720  GCPP_get_length (path),
2721  (unsigned long long) GCPP_get_desirability (path),
2722  GCP_2s (t->destination));
2723  return GNUNET_YES;
2724  }
2725 
2726  /* Path is interesting (better by some metric, or we don't have
2727  enough paths yet). */
2728  ct = GNUNET_new (struct CadetTConnection);
2730  ct->t = t;
2731  ct->cc = GCC_create (t->destination,
2732  path,
2733  off,
2734  GNUNET_CADET_OPTION_DEFAULT, /* FIXME: set based on what channels want/need! */
2735  ct,
2737  ct);
2738 
2739  /* FIXME: schedule job to kill connection (and path?) if it takes
2740  too long to get ready! (And track performance data on how long
2741  other connections took with the tunnel!)
2742  => Note: to be done within 'connection'-logic! */
2745  ct);
2746  t->num_busy_connections++;
2748  "Found interesting path %s for %s, created %s\n",
2749  GCPP_2s (path),
2750  GCT_2s (t),
2751  GCC_2s (ct->cc));
2752  return GNUNET_YES;
2753 }
2754 
2755 
2769 static void
2771 {
2772  struct CadetTunnel *t = cls;
2773  struct GNUNET_TIME_Relative delay;
2774  struct EvaluationSummary es;
2775 
2776  t->maintain_connections_task = NULL;
2778  "Performing connection maintenance for %s.\n",
2779  GCT_2s (t));
2780 
2781  es.min_length = UINT_MAX;
2782  es.max_length = 0;
2783  es.max_desire = 0;
2784  es.min_desire = UINT64_MAX;
2785  es.path = NULL;
2786  es.worst = NULL;
2787  es.duplicate = GNUNET_NO;
2790  &es);
2791  if ( (NULL != es.worst) &&
2793  {
2794  /* Clear out worst-performing connection 'es.worst'. */
2796  es.worst);
2797  }
2798 
2799  /* Consider additional paths */
2800  (void) GCP_iterate_paths (t->destination,
2802  t);
2803 
2804  /* FIXME: calculate when to try again based on how well we are doing;
2805  in particular, if we have to few connections, we might be able
2806  to do without this (as PATHS should tell us whenever a new path
2807  is available instantly; however, need to make sure this job is
2808  restarted after that happens).
2809  Furthermore, if the paths we do know are in a reasonably narrow
2810  quality band and are plentyful, we might also consider us stabilized
2811  and then reduce the frequency accordingly. */
2812  delay = GNUNET_TIME_UNIT_MINUTES;
2816  t);
2817 }
2818 
2819 
2828 void
2830  struct CadetPeerPath *p,
2831  unsigned int off)
2832 {
2834  "Considering %s for %s (offset %u)\n",
2835  GCPP_2s (p),
2836  GCT_2s (t),
2837  off);
2838  (void) consider_path_cb (t,
2839  p,
2840  off);
2841 }
2842 
2843 
2850 static void
2852  const struct GNUNET_MessageHeader *msg)
2853 {
2854  struct CadetTunnel *t = cls;
2855 
2857  "Received KEEPALIVE on %s\n",
2858  GCT_2s (t));
2860  "# keepalives received",
2861  1,
2862  GNUNET_NO);
2863 }
2864 
2865 
2873 static int
2876 {
2877  return GNUNET_OK;
2878 }
2879 
2880 
2888 static void
2891 {
2892  struct CadetTunnel *t = cls;
2893  struct CadetChannel *ch;
2894 
2895  ch = lookup_channel (t,
2896  msg->ctn);
2897  if (NULL == ch)
2898  {
2899  /* We don't know about such a channel, might have been destroyed on our
2900  end in the meantime, or never existed. Send back a DESTROY. */
2902  "Received %u bytes of application data for unknown channel %u, sending DESTROY\n",
2903  (unsigned int) (ntohs (msg->header.size) - sizeof (*msg)),
2904  ntohl (msg->ctn.cn));
2906  msg->ctn);
2907  return;
2908  }
2910  GCC_get_id (t->current_ct->cc),
2911  msg);
2912 }
2913 
2914 
2923 static void
2925  const struct GNUNET_CADET_ChannelDataAckMessage *ack)
2926 {
2927  struct CadetTunnel *t = cls;
2928  struct CadetChannel *ch;
2929 
2930  ch = lookup_channel (t,
2931  ack->ctn);
2932  if (NULL == ch)
2933  {
2934  /* We don't know about such a channel, might have been destroyed on our
2935  end in the meantime, or never existed. Send back a DESTROY. */
2937  "Received DATA_ACK for unknown channel %u, sending DESTROY\n",
2938  ntohl (ack->ctn.cn));
2940  ack->ctn);
2941  return;
2942  }
2944  GCC_get_id (t->current_ct->cc),
2945  ack);
2946 }
2947 
2948 
2956 static void
2958  const struct GNUNET_CADET_ChannelOpenMessage *copen)
2959 {
2960  struct CadetTunnel *t = cls;
2961  struct CadetChannel *ch;
2962 
2964  ntohl (copen->ctn.cn));
2965  if (NULL != ch)
2966  {
2968  "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
2969  GNUNET_h2s (&copen->h_port),
2970  GCT_2s (t),
2971  GCCH_2s (ch));
2973  GCC_get_id (t->current_ct->cc));
2974  return;
2975  }
2977  "Received CHANNEL_OPEN on h_port %s from %s\n",
2978  GNUNET_h2s (&copen->h_port),
2979  GCT_2s (t));
2980  ch = GCCH_channel_incoming_new (t,
2981  copen->ctn,
2982  &copen->h_port,
2983  ntohl (copen->opt));
2984  if (NULL != t->destroy_task)
2985  {
2987  t->destroy_task = NULL;
2988  }
2991  ntohl (copen->ctn.cn),
2992  ch,
2994 }
2995 
2996 
3003 void
3006 {
3008 
3010  "Sending DESTORY message for channel ID %u\n",
3011  ntohl (ctn.cn));
3012  msg.header.size = htons (sizeof (msg));
3014  msg.reserved = htonl (0);
3015  msg.ctn = ctn;
3016  GCT_send (t,
3017  &msg.header,
3018  NULL,
3019  NULL);
3020 }
3021 
3022 
3031 static void
3033  const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
3034 {
3035  struct CadetTunnel *t = cls;
3036  struct CadetChannel *ch;
3037 
3038  ch = lookup_channel (t,
3039  cm->ctn);
3040  if (NULL == ch)
3041  {
3042  /* We don't know about such a channel, might have been destroyed on our
3043  end in the meantime, or never existed. Send back a DESTROY. */
3045  "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n",
3046  ntohl (cm->ctn.cn));
3048  cm->ctn);
3049  return;
3050  }
3052  "Received channel OPEN_ACK on channel %s from %s\n",
3053  GCCH_2s (ch),
3054  GCT_2s (t));
3056  GCC_get_id (t->current_ct->cc),
3057  &cm->port);
3058 }
3059 
3060 
3068 static void
3070  const struct GNUNET_CADET_ChannelDestroyMessage *cm)
3071 {
3072  struct CadetTunnel *t = cls;
3073  struct CadetChannel *ch;
3074 
3075  ch = lookup_channel (t,
3076  cm->ctn);
3077  if (NULL == ch)
3078  {
3079  /* We don't know about such a channel, might have been destroyed on our
3080  end in the meantime, or never existed. */
3082  "Received channel DESTORY for unknown channel %u. Ignoring.\n",
3083  ntohl (cm->ctn.cn));
3084  return;
3085  }
3087  "Received channel DESTROY on %s from %s\n",
3088  GCCH_2s (ch),
3089  GCT_2s (t));
3091  GCC_get_id (t->current_ct->cc));
3092 }
3093 
3094 
3105 static int
3106 handle_decrypted (void *cls,
3107  const struct GNUNET_MessageHeader *msg)
3108 {
3109  struct CadetTunnel *t = cls;
3110 
3111  GNUNET_assert (NULL != t->current_ct);
3113  msg);
3114  return GNUNET_OK;
3115 }
3116 
3117 
3125 static void
3127  enum GNUNET_MQ_Error error)
3128 {
3129  GNUNET_break_op (0);
3130 }
3131 
3132 
3140 struct CadetTunnel *
3142 {
3143  struct CadetTunnel *t = GNUNET_new (struct CadetTunnel);
3144  struct GNUNET_MQ_MessageHandler handlers[] = {
3145  GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
3147  struct GNUNET_MessageHeader,
3148  t),
3149  GNUNET_MQ_hd_var_size (plaintext_data,
3152  t),
3153  GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
3156  t),
3157  GNUNET_MQ_hd_fixed_size (plaintext_channel_open,
3160  t),
3161  GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
3164  t),
3165  GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
3168  t),
3170  };
3171 
3173  new_ephemeral (&t->ax);
3176  t->destination = destination;
3180  t);
3181  t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
3182  NULL,
3183  NULL,
3184  NULL,
3185  handlers,
3187  t);
3189  t);
3190  return t;
3191 }
3192 
3193 
3204 int
3206  const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid,
3208  struct CadetPeerPath *path)
3209 {
3210  struct CadetTConnection *ct;
3211 
3212  ct = GNUNET_new (struct CadetTConnection);
3214  ct->t = t;
3215  ct->cc = GCC_create_inbound (t->destination,
3216  path,
3217  options,
3218  ct,
3219  cid,
3221  ct);
3222  if (NULL == ct->cc)
3223  {
3225  "%s refused inbound %s (duplicate)\n",
3226  GCT_2s (t),
3227  GCC_2s (ct->cc));
3228  GNUNET_free (ct);
3229  return GNUNET_SYSERR;
3230  }
3231  /* FIXME: schedule job to kill connection (and path?) if it takes
3232  too long to get ready! (And track performance data on how long
3233  other connections took with the tunnel!)
3234  => Note: to be done within 'connection'-logic! */
3237  ct);
3238  t->num_busy_connections++;
3240  "%s has new %s\n",
3241  GCT_2s (t),
3242  GCC_2s (ct->cc));
3243  return GNUNET_OK;
3244 }
3245 
3246 
3253 void
3256 {
3257  struct CadetTunnel *t = ct->t;
3258  uint16_t size = ntohs (msg->header.size);
3259  char cbuf [size] GNUNET_ALIGN;
3260  ssize_t decrypted_size;
3261 
3263  "%s received %u bytes of encrypted data in state %d\n",
3264  GCT_2s (t),
3265  (unsigned int) size,
3266  t->estate);
3267 
3268  switch (t->estate)
3269  {
3272  /* We did not even SEND our KX, how can the other peer
3273  send us encrypted data? Must have been that we went
3274  down and the other peer still things we are up.
3275  Let's send it KX back. */
3277  "# received encrypted without any KX",
3278  1,
3279  GNUNET_NO);
3280  if (NULL != t->kx_task)
3281  {
3283  t->kx_task = NULL;
3284  }
3285  send_kx (t,
3286  ct,
3287  &t->ax);
3288  return;
3290  /* We send KX, and other peer send KX to us at the same time.
3291  Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3293  "# received encrypted without KX_AUTH",
3294  1,
3295  GNUNET_NO);
3296  if (NULL != t->kx_task)
3297  {
3299  t->kx_task = NULL;
3300  }
3301  send_kx_auth (t,
3302  ct,
3303  &t->ax,
3304  GNUNET_YES);
3305  return;
3307  /* We did not get the KX of the other peer, but that
3308  might have been lost. Send our KX again immediately. */
3310  "# received encrypted without KX",
3311  1,
3312  GNUNET_NO);
3313  if (NULL != t->kx_task)
3314  {
3316  t->kx_task = NULL;
3317  }
3318  send_kx (t,
3319  ct,
3320  &t->ax);
3321  return;
3323  /* Great, first payload, we might graduate to OK! */
3324  case CADET_TUNNEL_KEY_OK:
3325  /* We are up and running, all good. */
3326  break;
3327  }
3328 
3329  decrypted_size = -1;
3330  if (CADET_TUNNEL_KEY_OK == t->estate)
3331  {
3332  /* We have well-established key material available,
3333  try that. (This is the common case.) */
3334  decrypted_size = t_ax_decrypt_and_validate (&t->ax,
3335  cbuf,
3336  msg,
3337  size);
3338  }
3339 
3340  if ( (-1 == decrypted_size) &&
3341  (NULL != t->unverified_ax) )
3342  {
3343  /* We have un-authenticated KX material available. We should try
3344  this as a back-up option, in case the sender crashed and
3345  switched keys. */
3346  decrypted_size = t_ax_decrypt_and_validate (t->unverified_ax,
3347  cbuf,
3348  msg,
3349  size);
3350  if (-1 != decrypted_size)
3351  {
3352  /* It worked! Treat this as authentication of the AX data! */
3353  cleanup_ax (&t->ax);
3354  t->ax = *t->unverified_ax;
3356  t->unverified_ax = NULL;
3357  }
3359  {
3360  /* First time it worked, move tunnel into production! */
3361  GCT_change_estate (t,
3363  if (NULL != t->send_task)
3366  t);
3367  }
3368  }
3369  if (NULL != t->unverified_ax)
3370  {
3371  /* We had unverified KX material that was useless; so increment
3372  counter and eventually move to ignore it. Note that we even do
3373  this increment if we successfully decrypted with the old KX
3374  material and thus didn't even both with the new one. This is
3375  the ideal case, as a malicious injection of bogus KX data
3376  basically only causes us to increment a counter a few times. */
3377  t->unverified_attempts++;
3379  "Failed to decrypt message with unverified KX data %u times\n",
3380  t->unverified_attempts);
3382  {
3385  t->unverified_ax = NULL;
3386  }
3387  }
3388 
3389  if (-1 == decrypted_size)
3390  {
3391  /* Decryption failed for good, complain. */
3393  "%s failed to decrypt and validate encrypted data, retrying KX\n",
3394  GCT_2s (t));
3396  "# unable to decrypt",
3397  1,
3398  GNUNET_NO);
3399  if (NULL != t->kx_task)
3400  {
3402  t->kx_task = NULL;
3403  }
3404  send_kx (t,
3405  ct,
3406  &t->ax);
3407  return;
3408  }
3410  "# decrypted bytes",
3411  decrypted_size,
3412  GNUNET_NO);
3413 
3414  /* The MST will ultimately call #handle_decrypted() on each message. */
3415  t->current_ct = ct;
3418  cbuf,
3419  decrypted_size,
3420  GNUNET_YES,
3421  GNUNET_NO));
3422  t->current_ct = NULL;
3423 }
3424 
3425 
3436 struct CadetTunnelQueueEntry *
3438  const struct GNUNET_MessageHeader *message,
3440  void *cont_cls)
3441 {
3442  struct CadetTunnelQueueEntry *tq;
3443  uint16_t payload_size;
3444  struct GNUNET_MQ_Envelope *env;
3445  struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
3446 
3447  if (CADET_TUNNEL_KEY_OK != t->estate)
3448  {
3449  GNUNET_break (0);
3450  return NULL;
3451  }
3452  payload_size = ntohs (message->size);
3454  "Encrypting %u bytes for %s\n",
3455  (unsigned int) payload_size,
3456  GCT_2s (t));
3457  env = GNUNET_MQ_msg_extra (ax_msg,
3458  payload_size,
3460  t_ax_encrypt (&t->ax,
3461  &ax_msg[1],
3462  message,
3463  payload_size);
3465  "# encrypted bytes",
3466  payload_size,
3467  GNUNET_NO);
3468  ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
3469  ax_msg->ax_header.PNs = htonl (t->ax.PNs);
3470  /* FIXME: we should do this once, not once per message;
3471  this is a point multiplication, and DHRs does not
3472  change all the time. */
3474  &ax_msg->ax_header.DHRs);
3475  t_h_encrypt (&t->ax,
3476  ax_msg);
3477  t_hmac (&ax_msg->ax_header,
3478  sizeof (struct GNUNET_CADET_AxHeader) + payload_size,
3479  0,
3480  &t->ax.HKs,
3481  &ax_msg->hmac);
3482 
3483  tq = GNUNET_malloc (sizeof (*tq));
3484  tq->t = t;
3485  tq->env = env;
3486  tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */
3487  tq->cont = cont;
3488  tq->cont_cls = cont_cls;
3490  t->tq_tail,
3491  tq);
3492  if (NULL != t->send_task)
3494  t->send_task
3496  t);
3497  return tq;
3498 }
3499 
3500 
3510 void
3512 {
3513  struct CadetTunnel *t = tq->t;
3514 
3516  t->tq_tail,
3517  tq);
3518  GNUNET_MQ_discard (tq->env);
3519  GNUNET_free (tq);
3520 }
3521 
3522 
3530 void
3533  void *iter_cls)
3534 {
3535  struct CadetTConnection *n;
3536  for (struct CadetTConnection *ct = t->connection_ready_head;
3537  NULL != ct;
3538  ct = n)
3539  {
3540  n = ct->next;
3541  iter (iter_cls,
3542  ct);
3543  }
3544  for (struct CadetTConnection *ct = t->connection_busy_head;
3545  NULL != ct;
3546  ct = n)
3547  {
3548  n = ct->next;
3549  iter (iter_cls,
3550  ct);
3551  }
3552 }
3553 
3554 
3559 {
3564 
3568  void *iter_cls;
3569 };
3570 
3571 
3580 static int
3582  uint32_t key,
3583  void *value)
3584 {
3585  struct ChanIterCls *ctx = cls;
3586  struct CadetChannel *ch = value;
3587 
3588  ctx->iter (ctx->iter_cls,
3589  ch);
3590  return GNUNET_OK;
3591 }
3592 
3593 
3601 void
3603  GCT_ChannelIterator iter,
3604  void *iter_cls)
3605 {
3606  struct ChanIterCls ctx;
3607 
3608  ctx.iter = iter;
3609  ctx.iter_cls = iter_cls;
3612  &ctx);
3613 
3614 }
3615 
3616 
3625 static int
3626 debug_channel (void *cls,
3627  uint32_t key,
3628  void *value)
3629 {
3630  const enum GNUNET_ErrorType *level = cls;
3631  struct CadetChannel *ch = value;
3632 
3633  GCCH_debug (ch, *level);
3634  return GNUNET_OK;
3635 }
3636 
3637 
3638 #define LOG2(level, ...) GNUNET_log_from_nocheck(level,"cadet-tun",__VA_ARGS__)
3639 
3640 
3647 void
3648 GCT_debug (const struct CadetTunnel *t,
3649  enum GNUNET_ErrorType level)
3650 {
3651 #if !defined(GNUNET_CULL_LOGGING)
3652  struct CadetTConnection *iter_c;
3653  int do_log;
3654 
3656  "cadet-tun",
3657  __FILE__, __FUNCTION__, __LINE__);
3658  if (0 == do_log)
3659  return;
3660 
3661  LOG2 (level,
3662  "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n",
3663  GCT_2s (t),
3664  estate2s (t->estate),
3665  t->tq_len,
3667  LOG2 (level,
3668  "TTT channels:\n");
3670  &debug_channel,
3671  &level);
3672  LOG2 (level,
3673  "TTT connections:\n");
3674  for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next)
3675  GCC_debug (iter_c->cc,
3676  level);
3677  for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next)
3678  GCC_debug (iter_c->cc,
3679  level);
3680 
3681  LOG2 (level,
3682  "TTT TUNNEL END\n");
3683 #endif
3684 }
3685 
3686 
3687 /* end of gnunet-service-cadet_tunnels.c */
struct CadetTunnelAxolotl ax
Axolotl info.
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:632
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
Closure for evaluate_connection.
Axolotl-encrypted tunnel message with application payload.
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED
Axolotl encrypted data.
static struct GNUNET_STATISTICS_Handle * stats
Handle for statistics.
struct CadetChannel * lookup_channel(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Lookup a channel by its ctn.
Struct to old keys for skipped messages while advancing the Axolotl ratchet.
void GCT_remove_channel(struct CadetTunnel *t, struct CadetChannel *ch, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Remove a channel from a tunnel.
void GCCH_handle_remote_destroy(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
Destroy channel, based on the other peer closing the connection.
static struct GNUNET_CADET_Channel * ch
Channel handle.
Definition: gnunet-cadet.c:117
struct GNUNET_CONTAINER_MultiHashMap32 * channels
Channels inside this tunnel.
static void handle_plaintext_data_ack(void *cls, const struct GNUNET_CADET_ChannelDataAckMessage *ack)
We received an acknowledgement for data we sent on a channel.
void GCT_connection_lost(struct CadetTConnection *ct)
We lost a connection, remove it from our list and clean up the connection object itself.
struct GNUNET_HashCode h_port
Hash of destination port and listener.
uint32_t cn
Which number does this channel have that uniquely identfies it within its tunnel, in network byte ord...
const char * GNUNET_sh2s(const struct GNUNET_ShortHashCode *shc)
Convert a short hash value to a string (for printing debug messages).
const struct CadetConnectionMetrics * GCC_get_metrics(struct CadetConnection *cc)
Obtain performance metrics from cc.
struct CadetPeerPath * path
Path we are comparing against for evaluate_connection, can be NULL.
struct CadetTConnection * connection_ready_tail
DLL of ready connections that are actively used to reach the destination peer.
Peer description.
struct CadetPeer * GCT_get_destination(struct CadetTunnel *t)
Return the peer to which this tunnel goes.
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
static const char * estate2s(enum CadetTunnelEState es)
Get string description for tunnel encryption state.
int GCT_add_inbound_connection(struct CadetTunnel *t, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, enum GNUNET_CADET_ChannelOption options, struct CadetPeerPath *path)
Add a connection to the tunnel.
static void handle_plaintext_data(void *cls, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
We received payload data for a channel.
GNUnet CADET service with encryption.
uint32_t Ns
Number of messages sent with the current ratchet key.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
Low-level connection to a destination.
static void t_hmac(const void *plaintext, size_t size, uint32_t iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_ShortHashCode *hmac)
Calculate HMAC.
int duplicate
Set to GNUNET_YES if we have a connection over path already.
uint64_t rel_value_us
The actual value.
void(* GCT_SendContinuation)(void *cls, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid)
Function called when a transmission requested using GCT_send is done.
enum CadetTunnelEState GCT_get_estate(struct CadetTunnel *t)
Get the encryption state of a tunnel.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
unsigned int max_length
Maximum length of any of our connections, 0 if we have none.
struct CadetChannel * GCCH_channel_incoming_new(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn, const struct GNUNET_HashCode *h_port, uint32_t options)
Create a new channel based on a request coming in over the network.
struct CadetTunnelSkippedKey * skipped_tail
Skipped messages&#39; keys DLL, tail.
int is_ready
Is the connection currently ready for transmission?
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
struct GNUNET_TIME_Absolute timestamp
When was this key stored (for timeout).
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:572
A connection is a live end-to-end messaging mechanism where the peers are identified by a path and kn...
struct GNUNET_CRYPTO_SymmetricSessionKey HKr
32-byte header key (currently used for receiving)
void GCCH_tunnel_up(struct CadetChannel *ch)
Function called once and only once after a channel was bound to its tunnel via GCT_add_channel() is r...
const char * GCT_2s(const struct CadetTunnel *t)
Get the static string for the peer this tunnel is directed.
unsigned long long num_successes
Number of packets that were sent via this connection did actually receive an ACK? (Note: ACKs may be ...
int GNUNET_snprintf(char *buf, size_t size, const char *format,...)
Like snprintf, just aborts if the buffer is of insufficient size.
#define DESIRED_CONNECTIONS_PER_TUNNEL
How many connections would we like to have per tunnel?
unsigned int num_ready_connections
Number of connections in the connection_ready_head DLL.
void GCT_handle_encrypted(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
Handle encrypted message.
GNUNET_MQ_Error
Error codes for the queue.
const char * GCC_2s(const struct CadetConnection *cc)
Get a (static) string for a connection.
static int alice_or_betty(const struct GNUNET_PeerIdentity *other)
Am I Alice or Betty (some call her Bob), or talking to myself?
#define GNUNET_TIME_UNIT_MINUTES
One minute.
struct GNUNET_TIME_Absolute last_use
When was this connection last used? (by us sending or receiving a PAYLOAD message on it) ...
struct GNUNET_CADET_TunnelKeyExchangeMessage kx
Message header with key material.
struct GNUNET_PeerIdentity my_full_id
Local peer own ID.
int GNUNET_CONTAINER_multihashmap32_iterate(struct GNUNET_CONTAINER_MultiHashMap32 *map, GNUNET_CONTAINER_MulitHashMapIterator32Callback it, void *it_cls)
Iterate over all entries in the map.
uint32_t flags
Flags for the key exchange in NBO, based on enum GNUNET_CADET_KX_Flags.
struct CadetTunnel * GCT_create_tunnel(struct CadetPeer *destination)
Create a tunnel to destionation.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:245
struct GNUNET_MQ_Handle * mq
Dispatcher for decrypted messages only (do NOT use for sending!).
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct CadetTunnelQueueEntry * GCT_send(struct CadetTunnel *t, const struct GNUNET_MessageHeader *message, GCT_SendContinuation cont, void *cont_cls)
Sends an already built message on a tunnel, encrypting it and choosing the best connection if not pro...
void GCT_send_cancel(struct CadetTunnelQueueEntry *tq)
Cancel a previously sent message while it&#39;s in the queue.
const struct GNUNET_CADET_ConnectionTunnelIdentifier * GCC_get_id(struct CadetConnection *cc)
Obtain unique ID for the connection.
struct CadetTunnelQueueEntry * prev
We are entries in a DLL.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
struct GNUNET_TIME_Absolute ratchet_expiration
Time when the current ratchet expires and a new one is triggered (if ratchet_allowed is GNUNET_YES)...
uint32_t PNs
Previous message numbers (# of msgs sent under prev ratchet)
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK
Confirm the creation of a channel.
static void mark_connection_unready(struct CadetTConnection *ct)
Connection ct is now unready, clear it&#39;s ready flag and move it from the ready DLL to the busy DLL...
void GCCH_handle_duplicate_open(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
We got a GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN message again for this channel.
struct GNUNET_CRYPTO_EcdhePublicKey DHRs
Current ratchet key.
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY
Ask the cadet service to destroy a channel.
KX received and we sent KX_AUTH back, but we got no traffic yet, so we&#39;re waiting for either KX_AUTH ...
unsigned int GCT_count_any_connections(const struct CadetTunnel *t)
Count all created connections of a tunnel.
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
int GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:1184
struct CadetTConnection * connection_ready_head
DLL of ready connections that are actively used to reach the destination peer.
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
int kx_auth_requested
Force triggering KX_AUTH independent of estate.
static void send_kx(struct CadetTunnel *t, struct CadetTConnection *ct, struct CadetTunnelAxolotl *ax)
Send a KX message.
void * iter_cls
Closure for iter.
#define GNUNET_NO
Definition: gnunet_common.h:81
void GCT_iterate_channels(struct CadetTunnel *t, GCT_ChannelIterator iter, void *iter_cls)
Iterate over all channels of a tunnel.
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
Should the peer reply with its KX details?
Information we track per tunnel.
struct GNUNET_CRYPTO_SymmetricSessionKey NHKr
32-byte next header key (for receiving).
GNUNET_ErrorType
Types of errors.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:393
uint32_t opt
Channel options.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
KX message sent, waiting for other peer&#39;s KX_AUTH.
static struct CadetTConnection * get_ready_connection(struct CadetTunnel *t)
Find first connection that is ready in the list of our connections.
static void store_skipped_key(struct CadetTunnelAxolotl *ax, const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
Delete a key from the list of skipped keys.
struct GNUNET_CADET_AxHeader ax_header
Axolotl-header that specifies which keys to use in which ratchet to decrypt the body that follows...
Encrypted axolotl header with numbers that identify which keys in which ratchet are to be used to dec...
unsigned int GCP_iterate_paths(struct CadetPeer *cp, GCP_PathIterator callback, void *callback_cls)
Iterate over the paths to a peer.
static struct GNUNET_SCHEDULER_Task * t
Main task.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
void GNUNET_STATISTICS_update(struct GNUNET_STATISTICS_Handle *handle, const char *name, int64_t delta, int make_persistent)
Set statistic value for the peer.
static int ret
Final status code.
Definition: gnunet-arm.c:89
static void handle_plaintext_channel_destroy(void *cls, const struct GNUNET_CADET_ChannelDestroyMessage *cm)
We received a message saying that a channel should be destroyed.
struct GNUNET_SCHEDULER_Task * destroy_task
Task scheduled if there are no more channels using the tunnel.
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:418
int GNUNET_CONTAINER_multihashmap32_put(struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
void GCC_debug(struct CadetConnection *cc, enum GNUNET_ErrorType level)
Log connection info.
static int update_ax_by_kx(struct CadetTunnelAxolotl *ax, const struct GNUNET_PeerIdentity *pid, const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key, const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
Update our Axolotl key state based on the KX data we received.
struct CadetTConnection * connection_busy_head
DLL of connections that we maintain that might be used to reach the destination peer.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA
Payload data (inside an encrypted tunnel).
struct GNUNET_SCHEDULER_Task * kx_task
Task to trigger KX.
static void destroy_tunnel(void *cls)
This tunnel is no longer used, destroy it.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
struct CadetTunnelQueueEntry * tq_tail
Queued messages, to transmit once tunnel gets connected.
static int store_ax_keys(struct CadetTunnelAxolotl *ax, const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr, uint32_t Np)
Stage skipped AX keys and calculate the message key.
A 256-bit hashcode.
GCT_ChannelIterator iter
Function to call.
const char * GCP_2s(const struct CadetPeer *cp)
Get the static string for a peer ID.
void GCT_send_channel_destroy(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Send a DESTROY message via the tunnel.
static void t_ax_hmac_hash(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_HashCode *hash, const void *source, unsigned int len)
Perform a HMAC.
struct GNUNET_CRYPTO_SymmetricSessionKey HK
Header key.
struct CadetTunnel * t
Tunnel this connection belongs to.
struct CadetTunnelSkippedKey * prev
DLL prev.
static void trigger_transmissions(void *cls)
Called when either we have a new connection, or a new message in the queue, or some existing connecti...
static void handle_plaintext_channel_open_ack(void *cls, const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
We have received confirmation from the target peer that the given channel could be established (the p...
const char * GCPP_2s(struct CadetPeerPath *path)
Convert a path to a human-readable string.
GNUNET_CADET_KX_Flags
Flags to be used in GNUNET_CADET_KX.
static int destroy_remaining_channels(void *cls, uint32_t key, void *value)
Destroy remaining channels during shutdown.
struct GNUNET_CRYPTO_SymmetricSessionKey CKr
32-byte chain keys (used for forward-secrecy) for receiving messages.
Performance metrics for a connection.
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN
Ask the cadet service to create a new channel.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
struct GNUNET_TIME_Relative ratchet_time
How long until we trigger a ratched advance due to time.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1246
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
static ssize_t t_ax_decrypt_and_validate(struct CadetTunnelAxolotl *ax, void *dst, const struct GNUNET_CADET_TunnelEncryptedMessage *src, size_t size)
Decrypt and verify data with the appropriate tunnel key and verify that the data has not been altered...
void(* GCT_ConnectionIterator)(void *cls, struct CadetTConnection *ct)
Iterator over connections.
double worst_score
Numeric score of worst, only set if worst is non-NULL.
enum State state
current state of profiling
Information we track per peer.
struct GNUNET_MQ_Handle * GNUNET_MQ_queue_for_callbacks(GNUNET_MQ_SendImpl send, GNUNET_MQ_DestroyImpl destroy, GNUNET_MQ_CancelImpl cancel, void *impl_state, const struct GNUNET_MQ_MessageHandler *handlers, GNUNET_MQ_ErrorHandler error_handler, void *cls)
Create a message queue for the specified handlers.
Definition: mq.c:552
#define GNUNET_memcpy(dst, src, n)
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
struct CadetTunnelAxolotl * unverified_ax
Unverified Axolotl info, used only if we got a fresh KX (not a KX_AUTH) while our end of the tunnel w...
int GNUNET_CONTAINER_multihashmap32_remove(struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key, const void *value)
Remove the given key-value pair from the map.
int GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:1504
static char * value
Value of the record to add/remove.
CadetTunnelEState
All the encryption states a tunnel can be in.
GNUNET_CONTAINER_HeapCostType min_desire
Minimum desirability of any of our connections, UINT64_MAX if we have none.
void GNUNET_MST_destroy(struct GNUNET_MessageStreamTokenizer *mst)
Destroys a tokenizer.
Definition: mst.c:413
struct CadetTConnection * current_ct
Identification of the connection from which we are currently processing a message.
void * GNUNET_CONTAINER_multihashmap32_get(const struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key)
Given a key find a value in the map matching the key.
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
Struct containing all information regarding a channel to a remote client.
Message for a Key eXchange for a tunnel, with authentication.
struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral
Last ephemeral public key received from the other peer, for duplicate detection.
#define GNUNET_MAX(a, b)
Definition: gnunet_common.h:85
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1273
static void t_hmac_derive_key(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_CRYPTO_SymmetricSessionKey *out, const void *source, unsigned int len)
Derive a symmetric encryption key from an HMAC-HASH.
static void delete_skipped_key(struct CadetTunnelAxolotl *ax, struct CadetTunnelSkippedKey *key)
Delete a key from the list of skipped keys.
Handle to a message stream tokenizer.
Definition: mst.c:43
#define GNUNET_MIN(a, b)
Definition: gnunet_common.h:83
#define INITIAL_KX_RETRY_DELAY
How long do we wait initially before retransmitting the KX? TODO: replace by 2 RTT if/once we have co...
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
unsigned int GNUNET_CONTAINER_multihashmap32_size(const struct GNUNET_CONTAINER_MultiHashMap32 *map)
Get the number of key-value pairs in the map.
static char buf[2048]
struct GNUNET_CADET_ConnectionTunnelIdentifier cid
ID of the connection.
unsigned int unverified_attempts
How often have we tried and failed to decrypt a message using the unverified KX material from unverif...
struct CadetConnection * GCC_create_inbound(struct CadetPeer *destination, struct CadetPeerPath *path, enum GNUNET_CADET_ChannelOption options, struct CadetTConnection *ct, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, GCC_ReadyCallback ready_cb, void *ready_cb_cls)
Create a connection to destination via path and notify cb whenever we are ready for more data...
struct GNUNET_MessageStreamTokenizer * GNUNET_MST_create(GNUNET_MessageTokenizerCallback cb, void *cb_cls)
Create a message stream tokenizer.
Definition: mst.c:87
struct GNUNET_MessageStreamTokenizer * mst
Tokenizer for decrypted messages.
struct GNUNET_CADET_ConnectionTunnelIdentifier cid
ID of the connection.
Message for cadet data traffic.
Default options: unreliable, default buffering, not out of order.
struct CadetConnection * GCC_create(struct CadetPeer *destination, struct CadetPeerPath *path, unsigned int off, enum GNUNET_CADET_ChannelOption options, struct CadetTConnection *ct, GCC_ReadyCallback ready_cb, void *ready_cb_cls)
Create a connection to destination via path and notify cb whenever we are ready for more data...
void GCC_destroy_without_tunnel(struct CadetConnection *cc)
Destroy a connection, called if the tunnel association with the connection was already broken...
uint32_t PNs
Number of messages sent with the previous ratchet key.
int GNUNET_MST_from_buffer(struct GNUNET_MessageStreamTokenizer *mst, const char *buf, size_t size, int purge, int one_shot)
Add incoming data to the receive buffer and call the callback for all complete messages.
Definition: mst.c:116
void GNUNET_MQ_inject_message(struct GNUNET_MQ_Handle *mq, const struct GNUNET_MessageHeader *mh)
Call the message message handler that was registered for the type of the given message in the given m...
Definition: mq.c:202
void GCCH_handle_channel_plaintext_data_ack(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_CADET_ChannelDataAckMessage *ack)
We got an acknowledgement for payload data for a channel.
struct GNUNET_CADET_ChannelTunnelNumber GCT_add_channel(struct CadetTunnel *t, struct CadetChannel *ch)
Add a channel to a tunnel, and notify channel that we are ready for transmission if we are already up...
Internal representation of the hash map.
void GCT_debug(const struct CadetTunnel *t, enum GNUNET_ErrorType level)
Log all possible info about the tunnel state.
static ssize_t try_old_ax_keys(struct CadetTunnelAxolotl *ax, void *dst, const struct GNUNET_CADET_TunnelEncryptedMessage *src, size_t size)
Decrypt and verify data with the appropriate tunnel key and verify that the data has not been altered...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE
Announce connection is still alive (direction sensitive).
Closure for iterate_channels_cb.
A 512-bit hashcode.
uint32_t reserved
For alignment.
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1614
Message handler for a specific message type.
struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key
Sender&#39;s next ephemeral public ECC key encoded in a format suitable for network transmission, as created using &#39;gcry_sexp_sprint&#39;.
static int consider_path_cb(void *cls, struct CadetPeerPath *path, unsigned int off)
Consider using the path p for the tunnel t.
void GCT_handle_kx(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
Handle KX message that lacks authentication (and which will thus only be considered authenticated aft...
static int res
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
struct GNUNET_CONTAINER_MultiHashMap32 * GNUNET_CONTAINER_multihashmap32_create(unsigned int len)
Create a 32-bit key multi hash map.
struct CadetConnection * cc
Connection handle.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA.
void GNUNET_CONTAINER_multihashmap32_destroy(struct GNUNET_CONTAINER_MultiHashMap32 *map)
Destroy a 32-bit key hash map.
void GNUNET_MQ_discard(struct GNUNET_MQ_Envelope *mqm)
Discard the message queue message, free all allocated resources.
Definition: mq.c:321
#define LOG2(level,...)
static GstElement * source
Appsrc instance into which we write data for the pipeline.
struct GNUNET_CADET_ChannelTunnelNumber ctn
Number identifying this channel in its tunnel.
Private ECC key encoded for transmission.
Struct containing all information regarding a tunnel to a peer.
Message to acknowledge end-to-end data.
void GCCH_handle_channel_open_ack(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_HashCode *port)
We got an acknowledgement for the creation of the channel (the port is open on the other side)...
There must only be one value per key; storing a value should fail if a value under the same key alrea...
int ratchet_allowed
True (GNUNET_YES) if we have received a message from the other peer that uses the keys from our last ...
static int iterate_channels_cb(void *cls, uint32_t key, void *value)
Helper function for GCT_iterate_channels.
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_get_log_call_status(int caller_level, const char *comp, const char *file, const char *function, int line)
Decides whether a particular logging call should or should not be allowed to be made.
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
static unsigned int size
Size of the "table".
Definition: peer.c:67
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:303
static void decrypted_error_cb(void *cls, enum GNUNET_MQ_Error error)
Function called if we had an error processing an incoming decrypted message.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel within the tunnel.
uint64_t GNUNET_CONTAINER_HeapCostType
Cost by which elements in a heap can be ordered.
struct GNUNET_TIME_Absolute next_kx_attempt
When do we try the next KX?
uint32_t Nr
Message number (reset to 0 with each new ratchet, next message to recv).
Message to acknowledge opening a channel of type GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
Struct used to save messages in a non-ready tunnel to send once connected.
GNUNET_CONTAINER_HeapCostType GCPP_get_desirability(const struct CadetPeerPath *path)
Return how much we like keeping the path.
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
void GCCH_debug(struct CadetChannel *ch, enum GNUNET_ErrorType level)
Log channel info.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
void GCT_destroy_tunnel_now(struct CadetTunnel *t)
Destroys the tunnel t now, without delay.
struct CadetTunnelQueueEntry * tq_head
Queued messages, to transmit once tunnel gets connected.
#define GNUNET_TIME_STD_BACKOFF(r)
Perform our standard exponential back-off calculation, starting at 1 ms and then going by a factor of...
Handshake completed: session key available.
struct CadetPeerPath * GCC_get_path(struct CadetConnection *cc, unsigned int *off)
Obtain the path used by this connection.
Message to create a Channel.
static void evaluate_connection(void *cls, struct CadetTConnection *ct)
Evaluate a connection, updating our summary information in cls about what kinds of connections we hav...
struct CadetTunnel * t
Tunnel these messages belong in.
void GCT_consider_path(struct CadetTunnel *t, struct CadetPeerPath *p, unsigned int off)
Consider using the path p for the tunnel t.
void * cont_cls
Closure for cont.
struct GNUNET_ShortHashCode hmac
MAC of the encrypted message, used to verify message integrity.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
P2P messages used by CADET.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:272
struct CadetTunnelQueueEntry * next
We are entries in a DLL.
const char * GCCH_2s(const struct CadetChannel *ch)
Get the static string for identification of the channel.
int shutting_down
Signal that shutdown is happening: prevent recovery measures.
#define HIGH_BIT
Message to destroy a channel of type GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
static int notify_tunnel_up_cb(void *cls, uint32_t key, void *value)
Our tunnel became ready for the first time, notify channels that have been waiting.
static void handle_plaintext_keepalive(void *cls, const struct GNUNET_MessageHeader *msg)
We got a keepalive.
struct GNUNET_CRYPTO_EddsaPrivateKey * my_private_key
Own private key.
struct GNUNET_MQ_Envelope * env
Envelope of message to send follows.
void GCT_handle_kx_auth(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg)
Handle KX_AUTH message.
void GCT_change_estate(struct CadetTunnel *t, enum CadetTunnelEState state)
Change the tunnel encryption state.
Handle to a message queue.
Definition: mq.c:85
struct GNUNET_CRYPTO_SymmetricSessionKey RK
32-byte root key which gets updated by DH ratchet.
void GCC_transmit(struct CadetConnection *cc, struct GNUNET_MQ_Envelope *env)
Transmit message msg via connection cc.
Private ECC key encoded for transmission.
unsigned int Kn
Key number for a given HK.
#define N
static void maintain_connections_cb(void *cls)
Function called to maintain the connections underlying our tunnel.
struct GNUNET_CRYPTO_EcdhePublicKey DHRr
ECDH Ratchet key (other peer&#39;s public key in the current DH).
Entry in list of connections used by tunnel, with metadata.
The identity of the host (wraps the signing key of the peer).
void GCP_drop_tunnel(struct CadetPeer *cp, struct CadetTunnel *t)
The tunnel to the given peer no longer exists, remove it from our data structures, and possibly clean up the peer itself.
GNUNET_CONTAINER_HeapCostType max_desire
Maximum desirability of any of our connections, 0 if we have none.
unsigned int min_length
Minimum length of any of our connections, UINT_MAX if we have none.
struct GNUNET_HashCode port
Port number of the channel, used to prove to the initiator that the receiver knows the port...
KX message sent and received, trying to send back KX_AUTH.
static int check_plaintext_data(void *cls, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
Check that msg is well-formed.
#define GNUNET_ALIGN
gcc-ism to force alignment; we use this to align char-arrays that may then be cast to &#39;struct&#39;s...
struct CadetPeer * destination
Destination of the tunnel.
#define MAX_SKIPPED_KEYS
Maximum number of skipped keys we keep in memory per tunnel.
The peer should reply with its KX details?
struct GNUNET_CRYPTO_EcdhePrivateKey DHRs
ECDH Ratchet key (our private key in the current DH).
#define MAX_UNVERIFIED_ATTEMPTS
How often do we try to decrypt payload with unverified key material? Used to limit CPU increase upon ...
Hash uniquely identifying a connection below a tunnel.
Axolotl data, according to https://github.com/trevp/axolotl/wiki .
struct GNUNET_HashCode auth
KDF-proof that sender could compute the 3-DH, used in lieu of a signature or payload data...
static void connection_ready_cb(void *cls, int is_ready)
A connection is is_ready for transmission.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_duration(struct GNUNET_TIME_Absolute whence)
Get the duration of an operation as the difference of the current time and the given start time "henc...
Definition: time.c:373
struct CadetTunnelSkippedKey * skipped_head
A (double linked) list of stored message keys and associated header keys for "skipped" messages...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK
Confirm payload data end-to-end.
Message for a Key eXchange for a tunnel.
static void send_kx_auth(struct CadetTunnel *t, struct CadetTConnection *ct, struct CadetTunnelAxolotl *ax, int force_reply)
Send a KX_AUTH message.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
unsigned int GCT_count_channels(struct CadetTunnel *t)
Count channels of a tunnel.
Number identifying a CADET channel within a tunnel.
Entry in list of pending tasks.
Definition: scheduler.c:134
static void handle_plaintext_channel_open(void *cls, const struct GNUNET_CADET_ChannelOpenMessage *copen)
We have received a request to open a channel to a port from another peer.
struct GNUNET_TIME_Absolute created
Creation time, to keep oldest connection alive.
static void retry_kx(void *cls)
Try to redo the KX or KX_AUTH handshake, if we can.
unsigned long long num_acked_transmissions
How many packets that ought to generate an ACK did we send via this connection?
struct GNUNET_CRYPTO_SymmetricSessionKey HKs
32-byte header key (currently used for sending).
void GCCH_handle_channel_plaintext_data(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
We got payload data for a channel.
struct GNUNET_SCHEDULER_Task * maintain_connections_task
Task to trim connections if too many are present.
static int handle_decrypted(void *cls, const struct GNUNET_MessageHeader *msg)
Handles a message we decrypted, by injecting it into our message queue (which will do the dispatching...
static int debug_channel(void *cls, uint32_t key, void *value)
Call GCCH_debug() on a channel.
static void t_h_encrypt(struct CadetTunnelAxolotl *ax, struct GNUNET_CADET_TunnelEncryptedMessage *msg)
Encrypt header with the axolotl header key.
struct CadetPeer * GCPP_get_peer_at_offset(struct CadetPeerPath *path, unsigned int off)
Obtain the peer at offset off in path.
void GCT_iterate_connections(struct CadetTunnel *t, GCT_ConnectionIterator iter, void *iter_cls)
Iterate over all connections of a tunnel.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
static void destroy_t_connection(void *cls, struct CadetTConnection *ct)
Clean up connection ct of a tunnel.
static void cleanup_ax(struct CadetTunnelAxolotl *ax)
Cleanup state used by ax.
Uninitialized status, we need to send KX.
#define LOG(level,...)
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH
Axolotl key exchange response with authentication.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_remaining(struct GNUNET_TIME_Absolute future)
Given a timestamp in the future, how much time remains until then?
Definition: time.c:331
KX message received, trying to send back KX_AUTH.
static void t_h_decrypt(struct CadetTunnelAxolotl *ax, const struct GNUNET_CADET_TunnelEncryptedMessage *src, struct GNUNET_CADET_TunnelEncryptedMessage *dst)
Decrypt header with the current axolotl header key.
struct GNUNET_SCHEDULER_Task * send_task
Task to send messages from queue (if possible).
struct GNUNET_TIME_Relative kx_retry_delay
How long do we wait until we retry the KX?
Header for all communications.
struct CadetTunnelSkippedKey * next
DLL next.
Time for absolute times used by GNUnet, in microseconds.
void GNUNET_MQ_destroy(struct GNUNET_MQ_Handle *mq)
Destroy the message queue.
Definition: mq.c:824
#define GNUNET_YES
Definition: gnunet_common.h:80
static void t_ax_encrypt(struct CadetTunnelAxolotl *ax, void *dst, const void *src, size_t size)
Encrypt data with the axolotl tunnel key.
void(* GCT_ChannelIterator)(void *cls, struct CadetChannel *ch)
Iterator over channels.
#define MAX_KEY_GAP
Maximum number of keys (and thus ratchet steps) we are willing to skip before we decide this is eithe...
unsigned int ratchet_counter
Number of messages recieved since our last ratchet advance.
struct CadetTConnection * next
Next in DLL.
unsigned int tq_len
Number of entries in the tq_head DLL.
GCT_SendContinuation cont
Continuation to call once sent (on the channel layer).
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Sender&#39;s ephemeral public ECC key encoded in a format suitable for network transmission, as created using &#39;gcry_sexp_sprint&#39;.
const char * GNUNET_e2s(const struct GNUNET_CRYPTO_EcdhePublicKey *p)
Convert a public key value to a string (for printing debug messages).
unsigned int num_busy_connections
Number of connections in the connection_busy_head DLL.
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
struct GNUNET_CRYPTO_SymmetricSessionKey CKs
32-byte chain keys (used for forward-secrecy) for sending messages.
struct GNUNET_TIME_Absolute age
When was this connection first established? (by us sending or receiving the CREATE_ACK for the first ...
static void new_ephemeral(struct CadetTunnelAxolotl *ax)
Create a new Axolotl ephemeral (ratchet) key.
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_at(struct GNUNET_TIME_Absolute at, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run at the specified time.
Definition: scheduler.c:1223
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
unsigned int skipped
Number of elements in skipped_head <-> skipped_tail.
void GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
Derive an authentication key.
Definition: crypto_hash.c:338
Information regarding a possible path to reach a peer.
static void t_ax_decrypt(struct CadetTunnelAxolotl *ax, void *dst, const void *src, size_t size)
Decrypt data with the axolotl tunnel key.
struct CadetTConnection * connection_busy_tail
DLL of connections that we maintain that might be used to reach the destination peer.
struct GNUNET_ShortHashCode connection_of_tunnel
GNUNET_CADET_ChannelOption
Channel options.
unsigned int GCPP_get_length(struct CadetPeerPath *path)
Return the length of the path.
int ratchet_flag
True (GNUNET_YES) if we have to send a new ratchet key in next msg.
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:91
enum CadetTunnelEState estate
State of the tunnel encryption.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
static void try_send_normal_payload(struct CadetTunnel *t, struct CadetTConnection *ct)
Send normal payload from queue in t via connection ct.
type for (message) authentication keys
struct GNUNET_CRYPTO_SymmetricSessionKey NHKs
32-byte next header key (for sending), used once the ratchet advances.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define IDLE_DESTROY_DELAY
How long do we wait until tearing down an idle tunnel?
uint32_t Ns
Message number (reset to 0 with each new ratchet, next message to send).
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX
Axolotl key exchange.
#define GNUNET_free(ptr)
Wrapper around free.
const struct GNUNET_PeerIdentity * GCP_get_id(struct CadetPeer *cp)
Obtain the peer identity for a struct CadetPeer.
Time for relative time used by GNUnet, in microseconds.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
struct GNUNET_CADET_ConnectionTunnelIdentifier * cid
Where to put the connection identifier into the payload of the message in env once we have it...
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
struct GNUNET_CRYPTO_SymmetricSessionKey MK
Message key.
struct GNUNET_CRYPTO_EcdhePrivateKey kx_0
ECDH for key exchange (A0 / B0).
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:965
static struct GNUNET_CADET_ChannelTunnelNumber get_next_free_ctn(struct CadetTunnel *t)
Compute the next free channel tunnel number for this tunnel.
struct CadetTConnection * worst
Connection deemed the "worst" so far encountered by evaluate_connection, NULL if we did not yet encou...
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...