GNUnet  0.11.x
gnunet-service-cadet_tunnels.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2013, 2017, 2018 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
33 #include "platform.h"
34 #include "gnunet_util_lib.h"
36 #include "gnunet_signatures.h"
37 #include "cadet_protocol.h"
43 
44 
45 #define LOG(level, ...) GNUNET_log_from (level, "cadet-tun", __VA_ARGS__)
46 
52 #define MAX_UNVERIFIED_ATTEMPTS 16
53 
57 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply ( \
58  GNUNET_TIME_UNIT_SECONDS, 90)
59 
64 #define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply ( \
65  GNUNET_TIME_UNIT_MILLISECONDS, 250)
66 
70 #define MAX_SKIPPED_KEYS 64
71 
76 #define MAX_KEY_GAP 256
77 
78 
83 {
88 
93 
98 
103 
108 
112  unsigned int Kn;
113 };
114 
115 
120 {
127 
132 
137 
142 
147 
154 
161 
167 
175 
180 
185 
190 
195  struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral;
196 
201  struct GNUNET_TIME_Absolute ratchet_expiration;
202 
206  unsigned int skipped;
207 
211  uint32_t Ns;
212 
216  uint32_t Nr;
217 
221  uint32_t PNs;
222 
227 
239 
252  unsigned int ratchet_counter;
253 };
254 
255 
260 {
265 
270 
274  struct CadetTunnel *t;
275 
280 
284  void *cont_cls;
285 
290 
296 };
297 
298 
303 {
308 
313  struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
314 
319 
324 
329 
338 
343 
348 
353 
358 
363 
368 
373 
378 
383 
388 
394 
399 
404 
409 
416 
420  struct GNUNET_TIME_Relative kx_retry_delay;
421 
425  struct GNUNET_TIME_Absolute next_kx_attempt;
426 
430  unsigned int num_ready_connections;
431 
435  unsigned int num_busy_connections;
436 
442  unsigned int unverified_attempts;
443 
447  unsigned int tq_len;
448 
452  enum CadetTunnelEState estate;
453 
458 };
459 
460 
467 static int
468 alice_or_betty (const struct GNUNET_PeerIdentity *other)
469 {
470  if (0 > GNUNET_memcmp (&my_full_id,
471  other))
472  return GNUNET_YES;
473  else if (0 < GNUNET_memcmp (&my_full_id,
474  other))
475  return GNUNET_NO;
476  else
477  {
478  GNUNET_break_op (0);
479  return GNUNET_SYSERR;
480  }
481 }
482 
483 
490 static void
492 {
493  struct CadetTunnel *t = ct->t;
494 
498  ct);
501  ct->is_ready = GNUNET_NO;
504  ct);
506 }
507 
508 
516 const char *
517 GCT_2s (const struct CadetTunnel *t)
518 {
519  static char buf[64];
520 
521  if (NULL == t)
522  return "Tunnel(NULL)";
523  GNUNET_snprintf (buf,
524  sizeof(buf),
525  "Tunnel %s",
527  return buf;
528 }
529 
530 
538 static const char *
540 {
541  static char buf[32];
542 
543  switch (es)
544  {
546  return "CADET_TUNNEL_KEY_UNINITIALIZED";
547 
549  return "CADET_TUNNEL_KEY_AX_RECV";
550 
552  return "CADET_TUNNEL_KEY_AX_SENT";
553 
555  return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV";
556 
558  return "CADET_TUNNEL_KEY_AX_AUTH_SENT";
559 
560  case CADET_TUNNEL_KEY_OK:
561  return "CADET_TUNNEL_KEY_OK";
562 
563  default:
564  GNUNET_snprintf (buf,
565  sizeof(buf),
566  "%u (UNKNOWN STATE)",
567  es);
568  return buf;
569  }
570 }
571 
572 
579 struct CadetPeer *
581 {
582  return t->destination;
583 }
584 
585 
593 unsigned int
595 {
597 }
598 
599 
607 struct CadetChannel *
610 {
612  ntohl (ctn.cn));
613 }
614 
615 
623 unsigned int
625 {
627 }
628 
629 
637 static struct CadetTConnection *
639 {
640  struct CadetTConnection *hd = t->connection_ready_head;
641 
642  GNUNET_assert ((NULL == hd) ||
643  (GNUNET_YES == hd->is_ready));
644  return hd;
645 }
646 
647 
657 {
658  return t->estate;
659 }
660 
661 
670 static void
671 trigger_transmissions (void *cls);
672 
673 
674 /* ************************************** start core crypto ***************************** */
675 
676 
682 static void
684 {
686  "Creating new ephemeral ratchet key (DHRs)\n");
689 }
690 
691 
701 static void
702 t_hmac (const void *plaintext,
703  size_t size,
704  uint32_t iv,
706  struct GNUNET_ShortHashCode *hmac)
707 {
708  static const char ctx[] = "cadet authentication key";
709  struct GNUNET_CRYPTO_AuthKey auth_key;
710  struct GNUNET_HashCode hash;
711 
713  key,
714  &iv, sizeof(iv),
715  key, sizeof(*key),
716  ctx, sizeof(ctx),
717  NULL);
718  /* Two step: GNUNET_ShortHash is only 256 bits,
719  GNUNET_HashCode is 512, so we truncate. */
720  GNUNET_CRYPTO_hmac (&auth_key,
721  plaintext,
722  size,
723  &hash);
724  GNUNET_memcpy (hmac,
725  &hash,
726  sizeof(*hmac));
727 }
728 
729 
738 static void
740  struct GNUNET_HashCode *hash,
741  const void *source,
742  unsigned int len)
743 {
744  static const char ctx[] = "axolotl HMAC-HASH";
745  struct GNUNET_CRYPTO_AuthKey auth_key;
746 
748  key,
749  ctx, sizeof(ctx),
750  NULL);
751  GNUNET_CRYPTO_hmac (&auth_key,
752  source,
753  len,
754  hash);
755 }
756 
757 
766 static void
769  const void *source,
770  unsigned int len)
771 {
772  static const char ctx[] = "axolotl derive key";
773  struct GNUNET_HashCode h;
774 
775  t_ax_hmac_hash (key,
776  &h,
777  source,
778  len);
779  GNUNET_CRYPTO_kdf (out, sizeof(*out),
780  ctx, sizeof(ctx),
781  &h, sizeof(h),
782  NULL);
783 }
784 
785 
794 static void
796  void *dst,
797  const void *src,
798  size_t size)
799 {
802  size_t out_size;
803 
804  ax->ratchet_counter++;
805  if ((GNUNET_YES == ax->ratchet_allowed) &&
806  ((ratchet_messages <= ax->ratchet_counter) ||
809  {
810  ax->ratchet_flag = GNUNET_YES;
811  }
812  if (GNUNET_YES == ax->ratchet_flag)
813  {
814  /* Advance ratchet */
815  struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
816  struct GNUNET_HashCode dh;
817  struct GNUNET_HashCode hmac;
818  static const char ctx[] = "axolotl ratchet";
819 
820  new_ephemeral (ax);
821  ax->HKs = ax->NHKs;
822 
823  /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
825  &ax->DHRr,
826  &dh);
827  t_ax_hmac_hash (&ax->RK,
828  &hmac,
829  &dh,
830  sizeof(dh));
831  GNUNET_CRYPTO_kdf (keys, sizeof(keys),
832  ctx, sizeof(ctx),
833  &hmac, sizeof(hmac),
834  NULL);
835  ax->RK = keys[0];
836  ax->NHKs = keys[1];
837  ax->CKs = keys[2];
838 
839  ax->PNs = ax->Ns;
840  ax->Ns = 0;
841  ax->ratchet_flag = GNUNET_NO;
843  ax->ratchet_counter = 0;
846  ratchet_time);
847  }
848 
849  t_hmac_derive_key (&ax->CKs,
850  &MK,
851  "0",
852  1);
854  &MK,
855  NULL, 0,
856  NULL);
857 
858  out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
859  size,
860  &MK,
861  &iv,
862  dst);
863  GNUNET_assert (size == out_size);
864  t_hmac_derive_key (&ax->CKs,
865  &ax->CKs,
866  "1",
867  1);
868 }
869 
870 
879 static void
881  void *dst,
882  const void *src,
883  size_t size)
884 {
887  size_t out_size;
888 
889  t_hmac_derive_key (&ax->CKr,
890  &MK,
891  "0",
892  1);
894  &MK,
895  NULL, 0,
896  NULL);
897  GNUNET_assert (size >= sizeof(struct GNUNET_MessageHeader));
898  out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
899  size,
900  &MK,
901  &iv,
902  dst);
903  GNUNET_assert (out_size == size);
904  t_hmac_derive_key (&ax->CKr,
905  &ax->CKr,
906  "1",
907  1);
908 }
909 
910 
917 static void
920 {
922  size_t out_size;
923 
925  &ax->HKs,
926  NULL, 0,
927  NULL);
928  out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header,
929  sizeof(struct
931  &ax->HKs,
932  &iv,
933  &msg->ax_header);
934  GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == out_size);
935 }
936 
937 
945 static void
947  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
949 {
951  size_t out_size;
952 
954  &ax->HKr,
955  NULL, 0,
956  NULL);
957  out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
958  sizeof(struct
960  &ax->HKr,
961  &iv,
962  &dst->ax_header.Ns);
963  GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == out_size);
964 }
965 
966 
973 static void
975  struct CadetTunnelSkippedKey *key)
976 {
978  ax->skipped_tail,
979  key);
980  GNUNET_free (key);
981  ax->skipped--;
982 }
983 
984 
995 static ssize_t
997  void *dst,
998  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
999  size_t size)
1000 {
1001  struct CadetTunnelSkippedKey *key;
1002  struct GNUNET_ShortHashCode *hmac;
1004  struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1005  struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
1006  size_t esize;
1007  size_t res;
1008  size_t len;
1009  unsigned int N;
1010 
1012  "Trying skipped keys\n");
1013  hmac = &plaintext_header.hmac;
1014  esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1015 
1016  /* Find a correct Header Key */
1017  valid_HK = NULL;
1018  for (key = ax->skipped_head; NULL != key; key = key->next)
1019  {
1020  t_hmac (&src->ax_header,
1021  sizeof(struct GNUNET_CADET_AxHeader) + esize,
1022  0,
1023  &key->HK,
1024  hmac);
1025  if (0 == GNUNET_memcmp (hmac,
1026  &src->hmac))
1027  {
1028  valid_HK = &key->HK;
1029  break;
1030  }
1031  }
1032  if (NULL == key)
1033  return -1;
1034 
1035  /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
1036  GNUNET_assert (size > sizeof(struct GNUNET_CADET_TunnelEncryptedMessage));
1037  len = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1038  GNUNET_assert (len >= sizeof(struct GNUNET_MessageHeader));
1039 
1040  /* Decrypt header */
1042  &key->HK,
1043  NULL, 0,
1044  NULL);
1046  sizeof(struct GNUNET_CADET_AxHeader),
1047  &key->HK,
1048  &iv,
1049  &plaintext_header.ax_header.Ns);
1050  GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == res);
1051 
1052  /* Find the correct message key */
1053  N = ntohl (plaintext_header.ax_header.Ns);
1054  while ((NULL != key) &&
1055  (N != key->Kn))
1056  key = key->next;
1057  if ((NULL == key) ||
1058  (0 != GNUNET_memcmp (&key->HK,
1059  valid_HK)))
1060  return -1;
1061 
1062  /* Decrypt payload */
1064  &key->MK,
1065  NULL,
1066  0,
1067  NULL);
1068  res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
1069  len,
1070  &key->MK,
1071  &iv,
1072  dst);
1073  delete_skipped_key (ax,
1074  key);
1075  return res;
1076 }
1077 
1078 
1085 static void
1087  const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
1088 {
1089  struct CadetTunnelSkippedKey *key;
1090 
1091  key = GNUNET_new (struct CadetTunnelSkippedKey);
1093  key->Kn = ax->Nr;
1094  key->HK = ax->HKr;
1095  t_hmac_derive_key (&ax->CKr,
1096  &key->MK,
1097  "0",
1098  1);
1099  t_hmac_derive_key (&ax->CKr,
1100  &ax->CKr,
1101  "1",
1102  1);
1104  ax->skipped_tail,
1105  key);
1106  ax->skipped++;
1107  ax->Nr++;
1108 }
1109 
1110 
1121 static int
1123  const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
1124  uint32_t Np)
1125 {
1126  int gap;
1127 
1128  gap = Np - ax->Nr;
1130  "Storing skipped keys [%u, %u)\n",
1131  ax->Nr,
1132  Np);
1133  if (MAX_KEY_GAP < gap)
1134  {
1135  /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */
1136  /* TODO: start new key exchange on return */
1137  GNUNET_break_op (0);
1139  "Got message %u, expected %u+\n",
1140  Np,
1141  ax->Nr);
1142  return GNUNET_SYSERR;
1143  }
1144  if (0 > gap)
1145  {
1146  /* Delayed message: don't store keys, flag to try old keys. */
1147  return GNUNET_SYSERR;
1148  }
1149 
1150  while (ax->Nr < Np)
1151  store_skipped_key (ax,
1152  HKr);
1153 
1154  while (ax->skipped > MAX_SKIPPED_KEYS)
1155  delete_skipped_key (ax,
1156  ax->skipped_tail);
1157  return GNUNET_OK;
1158 }
1159 
1160 
1171 static ssize_t
1173  void *dst,
1174  const struct
1176  size_t size)
1177 {
1178  struct GNUNET_ShortHashCode msg_hmac;
1179  struct GNUNET_HashCode hmac;
1180  struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1181  uint32_t Np;
1182  uint32_t PNp;
1183  size_t esize; /* Size of encryped payload */
1184 
1185  esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1186 
1187  /* Try current HK */
1188  t_hmac (&src->ax_header,
1189  sizeof(struct GNUNET_CADET_AxHeader) + esize,
1190  0, &ax->HKr,
1191  &msg_hmac);
1192  if (0 != GNUNET_memcmp (&msg_hmac,
1193  &src->hmac))
1194  {
1195  static const char ctx[] = "axolotl ratchet";
1196  struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1198  struct GNUNET_HashCode dh;
1199  struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1200 
1201  /* Try Next HK */
1202  t_hmac (&src->ax_header,
1203  sizeof(struct GNUNET_CADET_AxHeader) + esize,
1204  0,
1205  &ax->NHKr,
1206  &msg_hmac);
1207  if (0 != GNUNET_memcmp (&msg_hmac,
1208  &src->hmac))
1209  {
1210  /* Try the skipped keys, if that fails, we're out of luck. */
1211  return try_old_ax_keys (ax,
1212  dst,
1213  src,
1214  size);
1215  }
1216  HK = ax->HKr;
1217  ax->HKr = ax->NHKr;
1218  t_h_decrypt (ax,
1219  src,
1220  &plaintext_header);
1221  Np = ntohl (plaintext_header.ax_header.Ns);
1222  PNp = ntohl (plaintext_header.ax_header.PNs);
1223  DHRp = &plaintext_header.ax_header.DHRs;
1224  store_ax_keys (ax,
1225  &HK,
1226  PNp);
1227 
1228  /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1230  DHRp,
1231  &dh);
1232  t_ax_hmac_hash (&ax->RK,
1233  &hmac,
1234  &dh, sizeof(dh));
1235  GNUNET_CRYPTO_kdf (keys, sizeof(keys),
1236  ctx, sizeof(ctx),
1237  &hmac, sizeof(hmac),
1238  NULL);
1239 
1240  /* Commit "purported" keys */
1241  ax->RK = keys[0];
1242  ax->NHKr = keys[1];
1243  ax->CKr = keys[2];
1244  ax->DHRr = *DHRp;
1245  ax->Nr = 0;
1247  }
1248  else
1249  {
1250  t_h_decrypt (ax,
1251  src,
1252  &plaintext_header);
1253  Np = ntohl (plaintext_header.ax_header.Ns);
1254  PNp = ntohl (plaintext_header.ax_header.PNs);
1255  }
1256  if ((Np != ax->Nr) &&
1257  (GNUNET_OK != store_ax_keys (ax,
1258  &ax->HKr,
1259  Np)))
1260  {
1261  /* Try the skipped keys, if that fails, we're out of luck. */
1262  return try_old_ax_keys (ax,
1263  dst,
1264  src,
1265  size);
1266  }
1267 
1268  t_ax_decrypt (ax,
1269  dst,
1270  &src[1],
1271  esize);
1272  ax->Nr = Np + 1;
1273  return esize;
1274 }
1275 
1276 
1286 static int
1288  uint32_t key,
1289  void *value)
1290 {
1291  struct CadetChannel *ch = value;
1292 
1293  GCCH_tunnel_up (ch);
1294  return GNUNET_OK;
1295 }
1296 
1297 
1305 void
1307  enum CadetTunnelEState state)
1308 {
1309  enum CadetTunnelEState old = t->estate;
1310 
1311  t->estate = state;
1313  "%s estate changed from %s to %s\n",
1314  GCT_2s (t),
1315  estate2s (old),
1316  estate2s (state));
1317 
1318  if ((CADET_TUNNEL_KEY_OK != old) &&
1319  (CADET_TUNNEL_KEY_OK == t->estate))
1320  {
1321  if (NULL != t->kx_task)
1322  {
1324  t->kx_task = NULL;
1325  }
1326  /* notify all channels that have been waiting */
1329  t);
1330  if (NULL != t->send_task)
1333  t);
1334  }
1335 }
1336 
1337 
1346 static void
1348  struct CadetTConnection *ct,
1349  struct CadetTunnelAxolotl *ax)
1350 {
1351  struct CadetConnection *cc;
1352  struct GNUNET_MQ_Envelope *env;
1355 
1357  return; /* only Alice may send KX */
1358  if ((NULL == ct) ||
1359  (GNUNET_NO == ct->is_ready))
1360  ct = get_ready_connection (t);
1361  if (NULL == ct)
1362  {
1364  "Wanted to send %s in state %s, but no connection is ready, deferring\n",
1365  GCT_2s (t),
1366  estate2s (t->estate));
1368  return;
1369  }
1370  cc = ct->cc;
1371  env = GNUNET_MQ_msg (msg,
1373  flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
1374  msg->flags = htonl (flags);
1375  msg->cid = *GCC_get_id (cc);
1377  &msg->ephemeral_key);
1378 #if DEBUG_KX
1379  msg->ephemeral_key_XXX = ax->kx_0;
1380  msg->private_key_XXX = *my_private_key;
1381 #endif
1383  "Sending KX message to %s with ephemeral %s on CID %s\n",
1384  GCT_2s (t),
1385  GNUNET_e2s (&msg->ephemeral_key),
1388  &msg->ratchet_key);
1393  GCT_change_estate (t,
1395  else if (CADET_TUNNEL_KEY_AX_RECV == t->estate)
1396  GCT_change_estate (t,
1398  GCC_transmit (cc,
1399  env);
1401  "# KX transmitted",
1402  1,
1403  GNUNET_NO);
1404 }
1405 
1406 
1417 static void
1419  struct CadetTConnection *ct,
1420  struct CadetTunnelAxolotl *ax,
1421  int force_reply)
1422 {
1423  struct CadetConnection *cc;
1424  struct GNUNET_MQ_Envelope *env;
1426  enum GNUNET_CADET_KX_Flags flags;
1427 
1428  if ((NULL == ct) ||
1429  (GNUNET_NO == ct->is_ready))
1430  ct = get_ready_connection (t);
1431  if (NULL == ct)
1432  {
1434  "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n",
1435  GCT_2s (t));
1437  t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */
1438  return;
1439  }
1440  t->kx_auth_requested = GNUNET_NO; /* clear flag */
1441  cc = ct->cc;
1442  env = GNUNET_MQ_msg (msg,
1444  flags = GNUNET_CADET_KX_FLAG_NONE;
1445  if (GNUNET_YES == force_reply)
1447  msg->kx.flags = htonl (flags);
1448  msg->kx.cid = *GCC_get_id (cc);
1450  &msg->kx.ephemeral_key);
1452  &msg->kx.ratchet_key);
1453 #if DEBUG_KX
1454  msg->kx.ephemeral_key_XXX = ax->kx_0;
1455  msg->kx.private_key_XXX = *my_private_key;
1456  msg->r_ephemeral_key_XXX = ax->last_ephemeral;
1457 #endif
1459  "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n",
1460  GCT_2s (t),
1461  GNUNET_e2s (&msg->kx.ephemeral_key),
1463 
1464  /* Compute authenticator (this is the main difference to #send_kx()) */
1465  GNUNET_CRYPTO_hash (&ax->RK,
1466  sizeof(ax->RK),
1467  &msg->auth);
1468  /* Compute when to be triggered again; actual job will
1469  be scheduled via #connection_ready_cb() */
1470  t->kx_retry_delay
1472  t->next_kx_attempt
1474 
1475  /* Send via cc, mark it as unready */
1477 
1478  /* Update state machine, unless we are already OK */
1479  if (CADET_TUNNEL_KEY_OK != t->estate)
1480  GCT_change_estate (t,
1482  GCC_transmit (cc,
1483  env);
1485  "# KX_AUTH transmitted",
1486  1,
1487  GNUNET_NO);
1488 }
1489 
1490 
1496 static void
1498 {
1499  while (NULL != ax->skipped_head)
1500  delete_skipped_key (ax,
1501  ax->skipped_head);
1502  GNUNET_assert (0 == ax->skipped);
1505 }
1506 
1507 
1521 static int
1523  const struct GNUNET_PeerIdentity *pid,
1524  const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key,
1525  const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
1526 {
1527  struct GNUNET_HashCode key_material[3];
1528  struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1529  const char salt[] = "CADET Axolotl salt";
1530  int am_I_alice;
1531 
1532  if (GNUNET_SYSERR == (am_I_alice = alice_or_betty (pid)))
1533  {
1534  GNUNET_break_op (0);
1535  return GNUNET_SYSERR;
1536  }
1537  if (0 == GNUNET_memcmp (&ax->DHRr,
1538  ratchet_key))
1539  {
1541  "# Ratchet key already known",
1542  1,
1543  GNUNET_NO);
1545  "Ratchet key already known. Ignoring KX.\n");
1546  return GNUNET_NO;
1547  }
1548 
1549  ax->DHRr = *ratchet_key;
1550  ax->last_ephemeral = *ephemeral_key;
1551  /* ECDH A B0 */
1552  if (GNUNET_YES == am_I_alice)
1553  {
1555  ephemeral_key, /* B0 */
1556  &key_material[0]);
1557  }
1558  else
1559  {
1560  GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */
1561  &pid->public_key, /* A */
1562  &key_material[0]);
1563  }
1564  /* ECDH A0 B */
1565  if (GNUNET_YES == am_I_alice)
1566  {
1567  GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */
1568  &pid->public_key, /* B */
1569  &key_material[1]);
1570  }
1571  else
1572  {
1574  ephemeral_key, /* A0 */
1575  &key_material[1]);
1576  }
1577 
1578  /* ECDH A0 B0 */
1579  GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */
1580  ephemeral_key, /* B0 or A0 */
1581  &key_material[2]);
1582  /* KDF */
1583  GNUNET_CRYPTO_kdf (keys, sizeof(keys),
1584  salt, sizeof(salt),
1585  &key_material, sizeof(key_material),
1586  NULL);
1587 
1588  if (0 == memcmp (&ax->RK,
1589  &keys[0],
1590  sizeof(ax->RK)))
1591  {
1593  "Root key already known. Ignoring KX.\n");
1595  "# Root key already known",
1596  1,
1597  GNUNET_NO);
1598  return GNUNET_NO;
1599  }
1600 
1601  ax->RK = keys[0];
1602  if (GNUNET_YES == am_I_alice)
1603  {
1604  ax->HKr = keys[1];
1605  ax->NHKs = keys[2];
1606  ax->NHKr = keys[3];
1607  ax->CKr = keys[4];
1608  ax->ratchet_flag = GNUNET_YES;
1609  }
1610  else
1611  {
1612  ax->HKs = keys[1];
1613  ax->NHKr = keys[2];
1614  ax->NHKs = keys[3];
1615  ax->CKs = keys[4];
1616  ax->ratchet_flag = GNUNET_NO;
1617  ax->ratchet_expiration
1619  ratchet_time);
1620  }
1621  return GNUNET_OK;
1622 }
1623 
1624 
1630 static void
1631 retry_kx (void *cls)
1632 {
1633  struct CadetTunnel *t = cls;
1634  struct CadetTunnelAxolotl *ax;
1635 
1636  t->kx_task = NULL;
1638  "Trying to make KX progress on %s in state %s\n",
1639  GCT_2s (t),
1640  estate2s (t->estate));
1641  switch (t->estate)
1642  {
1643  case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
1644  case CADET_TUNNEL_KEY_AX_SENT: /* trying again */
1645  send_kx (t,
1646  NULL,
1647  &t->ax);
1648  break;
1649 
1652  /* We are responding, so only require reply
1653  if WE have a channel waiting. */
1654  if (NULL != t->unverified_ax)
1655  {
1656  /* Send AX_AUTH so we might get this one verified */
1657  ax = t->unverified_ax;
1658  }
1659  else
1660  {
1661  /* How can this be? */
1662  GNUNET_break (0);
1663  ax = &t->ax;
1664  }
1665  send_kx_auth (t,
1666  NULL,
1667  ax,
1668  (0 == GCT_count_channels (t))
1669  ? GNUNET_NO
1670  : GNUNET_YES);
1671  break;
1672 
1674  /* We are responding, so only require reply
1675  if WE have a channel waiting. */
1676  if (NULL != t->unverified_ax)
1677  {
1678  /* Send AX_AUTH so we might get this one verified */
1679  ax = t->unverified_ax;
1680  }
1681  else
1682  {
1683  /* How can this be? */
1684  GNUNET_break (0);
1685  ax = &t->ax;
1686  }
1687  send_kx_auth (t,
1688  NULL,
1689  ax,
1690  (0 == GCT_count_channels (t))
1691  ? GNUNET_NO
1692  : GNUNET_YES);
1693  break;
1694 
1695  case CADET_TUNNEL_KEY_OK:
1696  /* Must have been the *other* peer asking us to
1697  respond with a KX_AUTH. */
1698  if (NULL != t->unverified_ax)
1699  {
1700  /* Sending AX_AUTH in response to AX so we might get this one verified */
1701  ax = t->unverified_ax;
1702  }
1703  else
1704  {
1705  /* Sending AX_AUTH in response to AX_AUTH */
1706  ax = &t->ax;
1707  }
1708  send_kx_auth (t,
1709  NULL,
1710  ax,
1711  GNUNET_NO);
1712  break;
1713  }
1714 }
1715 
1716 
1725 void
1728 {
1729  struct CadetTunnel *t = ct->t;
1730  int ret;
1731 
1733  "# KX received",
1734  1,
1735  GNUNET_NO);
1736  if (GNUNET_YES ==
1738  {
1739  /* Betty/Bob is not allowed to send KX! */
1740  GNUNET_break_op (0);
1741  return;
1742  }
1744  "Received KX message from %s with ephemeral %s from %s on connection %s\n",
1745  GCT_2s (t),
1746  GNUNET_e2s (&msg->ephemeral_key),
1748  GCC_2s (ct->cc));
1749 #if 1
1750  if ((0 ==
1751  memcmp (&t->ax.DHRr,
1752  &msg->ratchet_key,
1753  sizeof(msg->ratchet_key))) &&
1754  (0 ==
1755  memcmp (&t->ax.last_ephemeral,
1756  &msg->ephemeral_key,
1757  sizeof(msg->ephemeral_key))))
1758 
1759  {
1761  "# Duplicate KX received",
1762  1,
1763  GNUNET_NO);
1764  send_kx_auth (t,
1765  ct,
1766  &t->ax,
1767  GNUNET_NO);
1768  return;
1769  }
1770 #endif
1771  /* We only keep ONE unverified KX around, so if there is an existing one,
1772  clean it up. */
1773  if (NULL != t->unverified_ax)
1774  {
1775  if ((0 ==
1776  memcmp (&t->unverified_ax->DHRr,
1777  &msg->ratchet_key,
1778  sizeof(msg->ratchet_key))) &&
1779  (0 ==
1780  memcmp (&t->unverified_ax->last_ephemeral,
1781  &msg->ephemeral_key,
1782  sizeof(msg->ephemeral_key))))
1783  {
1785  "# Duplicate unverified KX received",
1786  1,
1787  GNUNET_NO);
1788 #if 1
1789  send_kx_auth (t,
1790  ct,
1791  t->unverified_ax,
1792  GNUNET_NO);
1793  return;
1794 #endif
1795  }
1797  "Dropping old unverified KX state.\n");
1799  "# Unverified KX dropped for fresh KX",
1800  1,
1801  GNUNET_NO);
1802  GNUNET_break (NULL == t->unverified_ax->skipped_head);
1803  memset (t->unverified_ax,
1804  0,
1805  sizeof(struct CadetTunnelAxolotl));
1806  }
1807  else
1808  {
1810  "Creating fresh unverified KX for %s\n",
1811  GCT_2s (t));
1813  "# Fresh KX setup",
1814  1,
1815  GNUNET_NO);
1817  }
1818  /* Set as the 'current' RK/DHRr the one we are currently using,
1819  so that the duplicate-detection logic of
1820  #update_ax_by_kx can work. */
1821  t->unverified_ax->RK = t->ax.RK;
1822  t->unverified_ax->DHRr = t->ax.DHRr;
1823  t->unverified_ax->DHRs = t->ax.DHRs;
1824  t->unverified_ax->kx_0 = t->ax.kx_0;
1825  t->unverified_attempts = 0;
1826 
1827  /* Update 'ax' by the new key material */
1828  ret = update_ax_by_kx (t->unverified_ax,
1829  GCP_get_id (t->destination),
1830  &msg->ephemeral_key,
1831  &msg->ratchet_key);
1832  GNUNET_break (GNUNET_SYSERR != ret);
1833  if (GNUNET_OK != ret)
1834  {
1836  "# Useless KX",
1837  1,
1838  GNUNET_NO);
1839  return; /* duplicate KX, nothing to do */
1840  }
1841  /* move ahead in our state machine */
1843  GCT_change_estate (t,
1845  else if (CADET_TUNNEL_KEY_AX_SENT == t->estate)
1846  GCT_change_estate (t,
1848 
1849  /* KX is still not done, try again our end. */
1850  if (CADET_TUNNEL_KEY_OK != t->estate)
1851  {
1852  if (NULL != t->kx_task)
1854  t->kx_task
1856  t);
1857  }
1858 }
1859 
1860 
1861 #if DEBUG_KX
1862 static void
1863 check_ee (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1864  const struct GNUNET_CRYPTO_EcdhePrivateKey *e2)
1865 {
1866  struct GNUNET_CRYPTO_EcdhePublicKey p1;
1867  struct GNUNET_CRYPTO_EcdhePublicKey p2;
1868  struct GNUNET_HashCode hc1;
1869  struct GNUNET_HashCode hc2;
1870 
1872  &p1);
1874  &p2);
1877  &p2,
1878  &hc1));
1881  &p1,
1882  &hc2));
1883  GNUNET_break (0 == GNUNET_memcmp (&hc1,
1884  &hc2));
1885 }
1886 
1887 
1888 static void
1889 check_ed (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1890  const struct GNUNET_CRYPTO_EddsaPrivateKey *e2)
1891 {
1892  struct GNUNET_CRYPTO_EcdhePublicKey p1;
1893  struct GNUNET_CRYPTO_EddsaPublicKey p2;
1894  struct GNUNET_HashCode hc1;
1895  struct GNUNET_HashCode hc2;
1896 
1898  &p1);
1900  &p2);
1903  &p2,
1904  &hc1));
1907  &p1,
1908  &hc2));
1909  GNUNET_break (0 == GNUNET_memcmp (&hc1,
1910  &hc2));
1911 }
1912 
1913 
1914 static void
1915 test_crypto_bug (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1916  const struct GNUNET_CRYPTO_EcdhePrivateKey *e2,
1917  const struct GNUNET_CRYPTO_EddsaPrivateKey *d1,
1918  const struct GNUNET_CRYPTO_EddsaPrivateKey *d2)
1919 {
1920  check_ee (e1, e2);
1921  check_ed (e1, d2);
1922  check_ed (e2, d1);
1923 }
1924 
1925 
1926 #endif
1927 
1928 
1935 void
1938 {
1939  struct CadetTunnel *t = ct->t;
1940  struct CadetTunnelAxolotl ax_tmp;
1941  struct GNUNET_HashCode kx_auth;
1942  int ret;
1943 
1945  "# KX_AUTH received",
1946  1,
1947  GNUNET_NO);
1948  if ((CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
1950  {
1951  /* Confusing, we got a KX_AUTH before we even send our own
1952  KX. This should not happen. We'll send our own KX ASAP anyway,
1953  so let's ignore this here. */
1954  GNUNET_break_op (0);
1955  return;
1956  }
1958  "Handling KX_AUTH message from %s with ephemeral %s\n",
1959  GCT_2s (t),
1960  GNUNET_e2s (&msg->kx.ephemeral_key));
1961  /* We do everything in ax_tmp until we've checked the authentication
1962  so we don't clobber anything we care about by accident. */
1963  ax_tmp = t->ax;
1964 
1965  /* Update 'ax' by the new key material */
1966  ret = update_ax_by_kx (&ax_tmp,
1967  GCP_get_id (t->destination),
1968  &msg->kx.ephemeral_key,
1969  &msg->kx.ratchet_key);
1970  if (GNUNET_OK != ret)
1971  {
1972  if (GNUNET_NO == ret)
1974  "# redundant KX_AUTH received",
1975  1,
1976  GNUNET_NO);
1977  else
1978  GNUNET_break (0); /* connect to self!? */
1979  return;
1980  }
1981  GNUNET_CRYPTO_hash (&ax_tmp.RK,
1982  sizeof(ax_tmp.RK),
1983  &kx_auth);
1984  if (0 != GNUNET_memcmp (&kx_auth,
1985  &msg->auth))
1986  {
1987  /* This KX_AUTH is not using the latest KX/KX_AUTH data
1988  we transmitted to the sender, refuse it, try KX again. */
1990  "# KX_AUTH not using our last KX received (auth failure)",
1991  1,
1992  GNUNET_NO);
1994  "KX AUTH mismatch!\n");
1995 #if DEBUG_KX
1996  {
1997  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1998 
2000  &ephemeral_key);
2001  if (0 != GNUNET_memcmp (&ephemeral_key,
2002  &msg->r_ephemeral_key_XXX))
2003  {
2005  "My ephemeral is %s!\n",
2006  GNUNET_e2s (&ephemeral_key));
2008  "Response is for ephemeral %s!\n",
2009  GNUNET_e2s (&msg->r_ephemeral_key_XXX));
2010  }
2011  else
2012  {
2013  test_crypto_bug (&ax_tmp.kx_0,
2014  &msg->kx.ephemeral_key_XXX,
2016  &msg->kx.private_key_XXX);
2017  }
2018  }
2019 #endif
2020  if (NULL == t->kx_task)
2021  t->kx_task
2023  &retry_kx,
2024  t);
2025  return;
2026  }
2027  /* Yep, we're good. */
2028  t->ax = ax_tmp;
2029  if (NULL != t->unverified_ax)
2030  {
2031  /* We got some "stale" KX before, drop that. */
2034  t->unverified_ax = NULL;
2035  }
2036 
2037  /* move ahead in our state machine */
2038  switch (t->estate)
2039  {
2042  /* Checked above, this is impossible. */
2043  GNUNET_assert (0);
2044  break;
2045 
2046  case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */
2047  case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */
2048  case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */
2049  GCT_change_estate (t,
2051  break;
2052 
2053  case CADET_TUNNEL_KEY_OK:
2054  /* Did not expect another KX_AUTH, but so what, still acceptable.
2055  Nothing to do here. */
2056  break;
2057  }
2058  if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->kx.flags)))
2059  {
2060  send_kx_auth (t,
2061  NULL,
2062  &t->ax,
2063  GNUNET_NO);
2064  }
2065 }
2066 
2067 
2068 /* ************************************** end core crypto ***************************** */
2069 
2070 
2079 {
2080 #define HIGH_BIT 0x8000000
2082  uint32_t ctn;
2083  int cmp;
2084  uint32_t highbit;
2085 
2086  cmp = GNUNET_memcmp (&my_full_id,
2088  if (0 < cmp)
2089  highbit = HIGH_BIT;
2090  else if (0 > cmp)
2091  highbit = 0;
2092  else
2093  GNUNET_assert (0); // loopback must never go here!
2094  ctn = ntohl (t->next_ctn.cn);
2095  while (NULL !=
2097  ctn | highbit))
2098  {
2099  ctn = ((ctn + 1) & (~HIGH_BIT));
2100  }
2101  t->next_ctn.cn = htonl ((ctn + 1) & (~HIGH_BIT));
2102  ret.cn = htonl (ctn | highbit);
2103  return ret;
2104 }
2105 
2106 
2118  struct CadetChannel *ch)
2119 {
2121 
2122  ctn = get_next_free_ctn (t);
2123  if (NULL != t->destroy_task)
2124  {
2125  GNUNET_SCHEDULER_cancel (t->destroy_task);
2126  t->destroy_task = NULL;
2127  }
2130  ntohl (ctn.cn),
2131  ch,
2134  "Adding %s to %s\n",
2135  GCCH_2s (ch),
2136  GCT_2s (t));
2137  switch (t->estate)
2138  {
2140  /* waiting for connection to start KX */
2141  break;
2142 
2146  /* we're currently waiting for KX to complete */
2147  break;
2148 
2150  /* waiting for OTHER peer to send us data,
2151  we might need to prompt more aggressively! */
2152  if (NULL == t->kx_task)
2153  t->kx_task
2154  = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2155  &retry_kx,
2156  t);
2157  break;
2158 
2159  case CADET_TUNNEL_KEY_OK:
2160  /* We are ready. Tell the new channel that we are up. */
2161  GCCH_tunnel_up (ch);
2162  break;
2163  }
2164  return ctn;
2165 }
2166 
2167 
2174 void
2176 {
2177  struct CadetTunnel *t = ct->t;
2178 
2179  if (GNUNET_YES == ct->is_ready)
2180  {
2183  ct);
2184  t->num_ready_connections--;
2185  }
2186  else
2187  {
2190  ct);
2191  t->num_busy_connections--;
2192  }
2193  GNUNET_free (ct);
2194 }
2195 
2196 
2203 static void
2205  struct CadetTConnection *ct)
2206 {
2207  struct CadetTunnel *t = cls;
2208  struct CadetConnection *cc = ct->cc;
2209 
2210  GNUNET_assert (ct->t == t);
2211  GCT_connection_lost (ct);
2213 }
2214 
2215 
2221 static void
2222 destroy_tunnel (void *cls)
2223 {
2224  struct CadetTunnel *t = cls;
2225  struct CadetTunnelQueueEntry *tq;
2226 
2227  t->destroy_task = NULL;
2229  "Destroying idle %s\n",
2230  GCT_2s (t));
2231  GNUNET_assert (0 == GCT_count_channels (t));
2234  t);
2235  GNUNET_assert (NULL == t->connection_ready_head);
2236  GNUNET_assert (NULL == t->connection_busy_head);
2237  while (NULL != (tq = t->tq_head))
2238  {
2239  if (NULL != tq->cont)
2240  tq->cont (tq->cont_cls,
2241  NULL);
2242  GCT_send_cancel (tq);
2243  }
2245  t);
2247  if (NULL != t->maintain_connections_task)
2248  {
2250  t->maintain_connections_task = NULL;
2251  }
2252  if (NULL != t->send_task)
2253  {
2255  t->send_task = NULL;
2256  }
2257  if (NULL != t->kx_task)
2258  {
2260  t->kx_task = NULL;
2261  }
2262  GNUNET_MST_destroy (t->mst);
2263  GNUNET_MQ_destroy (t->mq);
2264  if (NULL != t->unverified_ax)
2265  {
2268  }
2269  cleanup_ax (&t->ax);
2270  GNUNET_assert (NULL == t->destroy_task);
2271  GNUNET_free (t);
2272 }
2273 
2274 
2282 void
2284  struct CadetChannel *ch,
2286 {
2288  "Removing %s from %s\n",
2289  GCCH_2s (ch),
2290  GCT_2s (t));
2293  ntohl (ctn.cn),
2294  ch));
2295  if ((0 ==
2296  GCT_count_channels (t)) &&
2297  (NULL == t->destroy_task))
2298  {
2299  t->destroy_task
2301  &destroy_tunnel,
2302  t);
2303  }
2304 }
2305 
2306 
2315 static int
2317  uint32_t key,
2318  void *value)
2319 {
2320  struct CadetChannel *ch = value;
2321 
2323  NULL);
2324  return GNUNET_OK;
2325 }
2326 
2327 
2333 void
2335 {
2339  t);
2340  GNUNET_assert (0 ==
2341  GCT_count_channels (t));
2342  if (NULL != t->destroy_task)
2343  {
2345  t->destroy_task = NULL;
2346  }
2347  destroy_tunnel (t);
2348 }
2349 
2350 
2358 static void
2360  struct CadetTConnection *ct)
2361 {
2362  struct CadetTunnelQueueEntry *tq;
2363 
2365  tq = t->tq_head;
2366  if (NULL == tq)
2367  {
2368  /* no messages pending right now */
2370  "Not sending payload of %s on ready %s (nothing pending)\n",
2371  GCT_2s (t),
2372  GCC_2s (ct->cc));
2373  return;
2374  }
2375  /* ready to send message 'tq' on tunnel 'ct' */
2376  GNUNET_assert (t == tq->t);
2378  t->tq_tail,
2379  tq);
2380  if (NULL != tq->cid)
2381  *tq->cid = *GCC_get_id (ct->cc);
2384  "Sending payload of %s on %s\n",
2385  GCT_2s (t),
2386  GCC_2s (ct->cc));
2387  GCC_transmit (ct->cc,
2388  tq->env);
2389  if (NULL != tq->cont)
2390  tq->cont (tq->cont_cls,
2391  GCC_get_id (ct->cc));
2392  GNUNET_free (tq);
2393 }
2394 
2395 
2404 static void
2406  int is_ready)
2407 {
2408  struct CadetTConnection *ct = cls;
2409  struct CadetTunnel *t = ct->t;
2410 
2411  if (GNUNET_NO == is_ready)
2412  {
2414  "%s no longer ready for %s\n",
2415  GCC_2s (ct->cc),
2416  GCT_2s (t));
2418  return;
2419  }
2420  GNUNET_assert (GNUNET_NO == ct->is_ready);
2423  ct);
2425  t->num_busy_connections--;
2426  ct->is_ready = GNUNET_YES;
2429  ct);
2430  t->num_ready_connections++;
2431 
2433  "%s now ready for %s in state %s\n",
2434  GCC_2s (ct->cc),
2435  GCT_2s (t),
2436  estate2s (t->estate));
2437  switch (t->estate)
2438  {
2440  /* Do not begin KX if WE have no channels waiting! */
2443  return; /* wait for timeout before retrying */
2444  /* We are uninitialized, just transmit immediately,
2445  without undue delay. */
2446  if (NULL != t->kx_task)
2447  {
2449  t->kx_task = NULL;
2450  }
2451  send_kx (t,
2452  ct,
2453  &t->ax);
2454  if ((0 ==
2455  GCT_count_channels (t)) &&
2456  (NULL == t->destroy_task))
2457  {
2458  t->destroy_task
2460  &destroy_tunnel,
2461  t);
2462  }
2463  break;
2464 
2469  /* we're currently waiting for KX to complete, schedule job */
2470  if (NULL == t->kx_task)
2471  t->kx_task
2473  &retry_kx,
2474  t);
2475  break;
2476 
2477  case CADET_TUNNEL_KEY_OK:
2478  if (GNUNET_YES == t->kx_auth_requested)
2479  {
2482  return; /* wait for timeout */
2483  if (NULL != t->kx_task)
2484  {
2486  t->kx_task = NULL;
2487  }
2488  send_kx_auth (t,
2489  ct,
2490  &t->ax,
2491  GNUNET_NO);
2492  return;
2493  }
2495  ct);
2496  break;
2497  }
2498 }
2499 
2500 
2509 static void
2511 {
2512  struct CadetTunnel *t = cls;
2513  struct CadetTConnection *ct;
2514 
2515  t->send_task = NULL;
2516  if (NULL == t->tq_head)
2517  return; /* no messages pending right now */
2518  ct = get_ready_connection (t);
2519  if (NULL == ct)
2520  return; /* no connections ready */
2522  ct);
2523 }
2524 
2525 
2531 {
2535  unsigned int min_length;
2536 
2540  unsigned int max_length;
2541 
2546 
2551 
2556 
2562 
2566  double worst_score;
2567 
2572 };
2573 
2574 
2582 static void
2584  struct CadetTConnection *ct)
2585 {
2586  struct EvaluationSummary *es = cls;
2587  struct CadetConnection *cc = ct->cc;
2588  unsigned int ct_length;
2589  struct CadetPeerPath *ps;
2590  const struct CadetConnectionMetrics *metrics;
2591  GNUNET_CONTAINER_HeapCostType ct_desirability;
2592  struct GNUNET_TIME_Relative uptime;
2593  struct GNUNET_TIME_Relative last_use;
2594  double score;
2595  double success_rate;
2596 
2597  ps = GCC_get_path (cc,
2598  &ct_length);
2600  "Evaluating path %s of existing %s\n",
2601  GCPP_2s (ps),
2602  GCC_2s (cc));
2603  if (ps == es->path)
2604  {
2606  "Ignoring duplicate path %s.\n",
2607  GCPP_2s (es->path));
2608  es->duplicate = GNUNET_YES;
2609  return;
2610  }
2611  if (NULL != es->path)
2612  {
2613  int duplicate = GNUNET_YES;
2614 
2615  for (unsigned int i = 0; i < ct_length; i++)
2616  {
2617  GNUNET_assert (GCPP_get_length (es->path) > i);
2618  if (GCPP_get_peer_at_offset (es->path,
2619  i) !=
2621  i))
2622  {
2623  duplicate = GNUNET_NO;
2624  break;
2625  }
2626  }
2627  if (GNUNET_YES == duplicate)
2628  {
2630  "Ignoring overlapping path %s.\n",
2631  GCPP_2s (es->path));
2632  es->duplicate = GNUNET_YES;
2633  return;
2634  }
2635  else
2636  {
2638  "Known path %s differs from proposed path\n",
2639  GCPP_2s (ps));
2640  }
2641  }
2642 
2643  ct_desirability = GCPP_get_desirability (ps);
2644  metrics = GCC_get_metrics (cc);
2645  uptime = GNUNET_TIME_absolute_get_duration (metrics->age);
2646  last_use = GNUNET_TIME_absolute_get_duration (metrics->last_use);
2647  /* We add 1.0 here to avoid division by zero. */
2648  success_rate = (metrics->num_acked_transmissions + 1.0)
2649  / (metrics->num_successes + 1.0);
2650  score
2651  = ct_desirability
2652  + 100.0 / (1.0 + ct_length) /* longer paths = better */
2653  + sqrt (uptime.rel_value_us / 60000000LL) /* larger uptime = better */
2654  - last_use.rel_value_us / 1000L; /* longer idle = worse */
2655  score *= success_rate; /* weigh overall by success rate */
2656 
2657  if ((NULL == es->worst) ||
2658  (score < es->worst_score))
2659  {
2660  es->worst = ct;
2661  es->worst_score = score;
2662  }
2663  es->min_length = GNUNET_MIN (es->min_length,
2664  ct_length);
2665  es->max_length = GNUNET_MAX (es->max_length,
2666  ct_length);
2667  es->min_desire = GNUNET_MIN (es->min_desire,
2668  ct_desirability);
2669  es->max_desire = GNUNET_MAX (es->max_desire,
2670  ct_desirability);
2671 }
2672 
2673 
2683 static int
2684 consider_path_cb (void *cls,
2685  struct CadetPeerPath *path,
2686  unsigned int off)
2687 {
2688  struct CadetTunnel *t = cls;
2689  struct EvaluationSummary es;
2690  struct CadetTConnection *ct;
2691 
2692  GNUNET_assert (off < GCPP_get_length (path));
2694  off) == t->destination);
2695  es.min_length = UINT_MAX;
2696  es.max_length = 0;
2697  es.max_desire = 0;
2698  es.min_desire = UINT64_MAX;
2699  es.path = path;
2700  es.duplicate = GNUNET_NO;
2701  es.worst = NULL;
2702 
2703  /* Compute evaluation summary over existing connections. */
2705  "Evaluating proposed path %s for target %s\n",
2706  GCPP_2s (path),
2707  GCT_2s (t));
2708  /* FIXME: suspect this does not ACTUALLY iterate
2709  over all existing paths, otherwise dup detection
2710  should work!!! */
2713  &es);
2714  if (GNUNET_YES == es.duplicate)
2715  return GNUNET_YES;
2716 
2717  /* FIXME: not sure we should really just count
2718  'num_connections' here, as they may all have
2719  consistently failed to connect. */
2720 
2721  /* We iterate by increasing path length; if we have enough paths and
2722  this one is more than twice as long than what we are currently
2723  using, then ignore all of these super-long ones! */
2725  (es.min_length * 2 < off) &&
2726  (es.max_length < off))
2727  {
2729  "Ignoring paths of length %u, they are way too long.\n",
2730  es.min_length * 2);
2731  return GNUNET_NO;
2732  }
2733  /* If we have enough paths and this one looks no better, ignore it. */
2735  (es.min_length < GCPP_get_length (path)) &&
2736  (es.min_desire > GCPP_get_desirability (path)) &&
2737  (es.max_length < off))
2738  {
2740  "Ignoring path (%u/%llu) to %s, got something better already.\n",
2741  GCPP_get_length (path),
2742  (unsigned long long) GCPP_get_desirability (path),
2743  GCP_2s (t->destination));
2744  return GNUNET_YES;
2745  }
2746 
2747  /* Path is interesting (better by some metric, or we don't have
2748  enough paths yet). */
2749  ct = GNUNET_new (struct CadetTConnection);
2751  ct->t = t;
2752  ct->cc = GCC_create (t->destination,
2753  path,
2754  off,
2755  ct,
2757  ct);
2758 
2759  /* FIXME: schedule job to kill connection (and path?) if it takes
2760  too long to get ready! (And track performance data on how long
2761  other connections took with the tunnel!)
2762  => Note: to be done within 'connection'-logic! */
2765  ct);
2766  t->num_busy_connections++;
2768  "Found interesting path %s for %s, created %s\n",
2769  GCPP_2s (path),
2770  GCT_2s (t),
2771  GCC_2s (ct->cc));
2772  return GNUNET_YES;
2773 }
2774 
2775 
2789 static void
2791 {
2792  struct CadetTunnel *t = cls;
2793  struct GNUNET_TIME_Relative delay;
2794  struct EvaluationSummary es;
2795 
2796  t->maintain_connections_task = NULL;
2798  "Performing connection maintenance for %s.\n",
2799  GCT_2s (t));
2800 
2801  es.min_length = UINT_MAX;
2802  es.max_length = 0;
2803  es.max_desire = 0;
2804  es.min_desire = UINT64_MAX;
2805  es.path = NULL;
2806  es.worst = NULL;
2807  es.duplicate = GNUNET_NO;
2810  &es);
2811  if ((NULL != es.worst) &&
2813  {
2814  /* Clear out worst-performing connection 'es.worst'. */
2816  es.worst);
2817  }
2818 
2819  /* Consider additional paths */
2820  (void) GCP_iterate_paths (t->destination,
2822  t);
2823 
2824  /* FIXME: calculate when to try again based on how well we are doing;
2825  in particular, if we have to few connections, we might be able
2826  to do without this (as PATHS should tell us whenever a new path
2827  is available instantly; however, need to make sure this job is
2828  restarted after that happens).
2829  Furthermore, if the paths we do know are in a reasonably narrow
2830  quality band and are plentyful, we might also consider us stabilized
2831  and then reduce the frequency accordingly. */delay = GNUNET_TIME_UNIT_MINUTES;
2835  t);
2836 }
2837 
2838 
2847 void
2849  struct CadetPeerPath *p,
2850  unsigned int off)
2851 {
2853  "Considering %s for %s (offset %u)\n",
2854  GCPP_2s (p),
2855  GCT_2s (t),
2856  off);
2857  (void) consider_path_cb (t,
2858  p,
2859  off);
2860 }
2861 
2862 
2869 static void
2871  const struct GNUNET_MessageHeader *msg)
2872 {
2873  struct CadetTunnel *t = cls;
2874 
2876  "Received KEEPALIVE on %s\n",
2877  GCT_2s (t));
2879  "# keepalives received",
2880  1,
2881  GNUNET_NO);
2882 }
2883 
2884 
2892 static int
2895 {
2896  return GNUNET_OK;
2897 }
2898 
2899 
2907 static void
2910 {
2911  struct CadetTunnel *t = cls;
2912  struct CadetChannel *ch;
2913 
2914  ch = lookup_channel (t,
2915  msg->ctn);
2916  if (NULL == ch)
2917  {
2918  /* We don't know about such a channel, might have been destroyed on our
2919  end in the meantime, or never existed. Send back a DESTROY. */
2921  "Received %u bytes of application data for unknown channel %u, sending DESTROY\n",
2922  (unsigned int) (ntohs (msg->header.size) - sizeof(*msg)),
2923  ntohl (msg->ctn.cn));
2925  msg->ctn);
2926  return;
2927  }
2929  GCC_get_id (t->current_ct->cc),
2930  msg);
2931 }
2932 
2933 
2942 static void
2944  const struct GNUNET_CADET_ChannelDataAckMessage *ack)
2945 {
2946  struct CadetTunnel *t = cls;
2947  struct CadetChannel *ch;
2948 
2949  ch = lookup_channel (t,
2950  ack->ctn);
2951  if (NULL == ch)
2952  {
2953  /* We don't know about such a channel, might have been destroyed on our
2954  end in the meantime, or never existed. Send back a DESTROY. */
2956  "Received DATA_ACK for unknown channel %u, sending DESTROY\n",
2957  ntohl (ack->ctn.cn));
2959  ack->ctn);
2960  return;
2961  }
2963  GCC_get_id (t->current_ct->cc),
2964  ack);
2965 }
2966 
2967 
2975 static void
2977  const struct
2979 {
2980  struct CadetTunnel *t = cls;
2981  struct CadetChannel *ch;
2982 
2984  ntohl (copen->ctn.cn));
2985  if (NULL != ch)
2986  {
2988  "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
2989  GNUNET_h2s (&copen->h_port),
2990  GCT_2s (t),
2991  GCCH_2s (ch));
2993  GCC_get_id (t->current_ct->cc));
2994  return;
2995  }
2997  "Received CHANNEL_OPEN on h_port %s from %s\n",
2998  GNUNET_h2s (&copen->h_port),
2999  GCT_2s (t));
3000  ch = GCCH_channel_incoming_new (t,
3001  copen->ctn,
3002  &copen->h_port,
3003  ntohl (copen->opt));
3004  if (NULL != t->destroy_task)
3005  {
3007  t->destroy_task = NULL;
3008  }
3011  ntohl (copen->ctn.cn),
3012  ch,
3014 }
3015 
3016 
3023 void
3026 {
3028 
3030  "Sending DESTORY message for channel ID %u\n",
3031  ntohl (ctn.cn));
3032  msg.header.size = htons (sizeof(msg));
3034  msg.reserved = htonl (0);
3035  msg.ctn = ctn;
3036  GCT_send (t,
3037  &msg.header,
3038  NULL,
3039  NULL);
3040 }
3041 
3042 
3051 static void
3053  const struct
3055 {
3056  struct CadetTunnel *t = cls;
3057  struct CadetChannel *ch;
3058 
3059  ch = lookup_channel (t,
3060  cm->ctn);
3061  if (NULL == ch)
3062  {
3063  /* We don't know about such a channel, might have been destroyed on our
3064  end in the meantime, or never existed. Send back a DESTROY. */
3066  "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n",
3067  ntohl (cm->ctn.cn));
3069  cm->ctn);
3070  return;
3071  }
3073  "Received channel OPEN_ACK on channel %s from %s\n",
3074  GCCH_2s (ch),
3075  GCT_2s (t));
3077  GCC_get_id (t->current_ct->cc),
3078  &cm->port);
3079 }
3080 
3081 
3089 static void
3091  const struct
3093 {
3094  struct CadetTunnel *t = cls;
3095  struct CadetChannel *ch;
3096 
3097  ch = lookup_channel (t,
3098  cm->ctn);
3099  if (NULL == ch)
3100  {
3101  /* We don't know about such a channel, might have been destroyed on our
3102  end in the meantime, or never existed. */
3104  "Received channel DESTORY for unknown channel %u. Ignoring.\n",
3105  ntohl (cm->ctn.cn));
3106  return;
3107  }
3109  "Received channel DESTROY on %s from %s\n",
3110  GCCH_2s (ch),
3111  GCT_2s (t));
3113  GCC_get_id (t->current_ct->cc));
3114 }
3115 
3116 
3127 static int
3128 handle_decrypted (void *cls,
3129  const struct GNUNET_MessageHeader *msg)
3130 {
3131  struct CadetTunnel *t = cls;
3132 
3133  GNUNET_assert (NULL != t->current_ct);
3135  msg);
3136  return GNUNET_OK;
3137 }
3138 
3139 
3147 static void
3149  enum GNUNET_MQ_Error error)
3150 {
3151  GNUNET_break_op (0);
3152 }
3153 
3154 
3162 struct CadetTunnel *
3164 {
3165  struct CadetTunnel *t = GNUNET_new (struct CadetTunnel);
3166  struct GNUNET_MQ_MessageHandler handlers[] = {
3167  GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
3169  struct GNUNET_MessageHeader,
3170  t),
3171  GNUNET_MQ_hd_var_size (plaintext_data,
3174  t),
3175  GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
3178  t),
3179  GNUNET_MQ_hd_fixed_size (plaintext_channel_open,
3182  t),
3183  GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
3186  t),
3187  GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
3190  t),
3192  };
3193 
3195  new_ephemeral (&t->ax);
3198  t->destination = destination;
3202  t);
3203  t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
3204  NULL,
3205  NULL,
3206  NULL,
3207  handlers,
3209  t);
3211  t);
3212  return t;
3213 }
3214 
3215 
3226 int
3228  const struct
3230  struct CadetPeerPath *path)
3231 {
3232  struct CadetTConnection *ct;
3233 
3234  ct = GNUNET_new (struct CadetTConnection);
3236  ct->t = t;
3237  ct->cc = GCC_create_inbound (t->destination,
3238  path,
3239  ct,
3240  cid,
3242  ct);
3243  if (NULL == ct->cc)
3244  {
3246  "%s refused inbound %s (duplicate)\n",
3247  GCT_2s (t),
3248  GCC_2s (ct->cc));
3249  GNUNET_free (ct);
3250  return GNUNET_SYSERR;
3251  }
3252  /* FIXME: schedule job to kill connection (and path?) if it takes
3253  too long to get ready! (And track performance data on how long
3254  other connections took with the tunnel!)
3255  => Note: to be done within 'connection'-logic! */
3258  ct);
3259  t->num_busy_connections++;
3261  "%s has new %s\n",
3262  GCT_2s (t),
3263  GCC_2s (ct->cc));
3264  return GNUNET_OK;
3265 }
3266 
3267 
3274 void
3277 {
3278  struct CadetTunnel *t = ct->t;
3279  uint16_t size = ntohs (msg->header.size);
3280  char cbuf [size] GNUNET_ALIGN;
3281  ssize_t decrypted_size;
3282 
3284  "%s received %u bytes of encrypted data in state %d\n",
3285  GCT_2s (t),
3286  (unsigned int) size,
3287  t->estate);
3288 
3289  switch (t->estate)
3290  {
3293  /* We did not even SEND our KX, how can the other peer
3294  send us encrypted data? Must have been that we went
3295  down and the other peer still things we are up.
3296  Let's send it KX back. */
3298  "# received encrypted without any KX",
3299  1,
3300  GNUNET_NO);
3301  if (NULL != t->kx_task)
3302  {
3304  t->kx_task = NULL;
3305  }
3306  send_kx (t,
3307  ct,
3308  &t->ax);
3309  return;
3310 
3312  /* We send KX, and other peer send KX to us at the same time.
3313  Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3315  "# received encrypted without KX_AUTH",
3316  1,
3317  GNUNET_NO);
3318  if (NULL != t->kx_task)
3319  {
3321  t->kx_task = NULL;
3322  }
3323  send_kx_auth (t,
3324  ct,
3325  &t->ax,
3326  GNUNET_YES);
3327  return;
3328 
3330  /* We did not get the KX of the other peer, but that
3331  might have been lost. Send our KX again immediately. */
3333  "# received encrypted without KX",
3334  1,
3335  GNUNET_NO);
3336  if (NULL != t->kx_task)
3337  {
3339  t->kx_task = NULL;
3340  }
3341  send_kx (t,
3342  ct,
3343  &t->ax);
3344  return;
3345 
3347  /* Great, first payload, we might graduate to OK! */
3348  case CADET_TUNNEL_KEY_OK:
3349  /* We are up and running, all good. */
3350  break;
3351  }
3352 
3353  decrypted_size = -1;
3354  if (CADET_TUNNEL_KEY_OK == t->estate)
3355  {
3356  /* We have well-established key material available,
3357  try that. (This is the common case.) */
3358  decrypted_size = t_ax_decrypt_and_validate (&t->ax,
3359  cbuf,
3360  msg,
3361  size);
3362  }
3363 
3364  if ((-1 == decrypted_size) &&
3365  (NULL != t->unverified_ax))
3366  {
3367  /* We have un-authenticated KX material available. We should try
3368  this as a back-up option, in case the sender crashed and
3369  switched keys. */
3370  decrypted_size = t_ax_decrypt_and_validate (t->unverified_ax,
3371  cbuf,
3372  msg,
3373  size);
3374  if (-1 != decrypted_size)
3375  {
3376  /* It worked! Treat this as authentication of the AX data! */
3377  cleanup_ax (&t->ax);
3378  t->ax = *t->unverified_ax;
3380  t->unverified_ax = NULL;
3381  }
3383  {
3384  /* First time it worked, move tunnel into production! */
3385  GCT_change_estate (t,
3387  if (NULL != t->send_task)
3390  t);
3391  }
3392  }
3393  if (NULL != t->unverified_ax)
3394  {
3395  /* We had unverified KX material that was useless; so increment
3396  counter and eventually move to ignore it. Note that we even do
3397  this increment if we successfully decrypted with the old KX
3398  material and thus didn't even both with the new one. This is
3399  the ideal case, as a malicious injection of bogus KX data
3400  basically only causes us to increment a counter a few times. */t->unverified_attempts++;
3402  "Failed to decrypt message with unverified KX data %u times\n",
3403  t->unverified_attempts);
3405  {
3408  t->unverified_ax = NULL;
3409  }
3410  }
3411 
3412  if (-1 == decrypted_size)
3413  {
3414  /* Decryption failed for good, complain. */
3416  "%s failed to decrypt and validate encrypted data, retrying KX\n",
3417  GCT_2s (t));
3419  "# unable to decrypt",
3420  1,
3421  GNUNET_NO);
3422  if (NULL != t->kx_task)
3423  {
3425  t->kx_task = NULL;
3426  }
3427  send_kx (t,
3428  ct,
3429  &t->ax);
3430  return;
3431  }
3433  "# decrypted bytes",
3434  decrypted_size,
3435  GNUNET_NO);
3436 
3437  /* The MST will ultimately call #handle_decrypted() on each message. */
3438  t->current_ct = ct;
3441  cbuf,
3442  decrypted_size,
3443  GNUNET_YES,
3444  GNUNET_NO));
3445  t->current_ct = NULL;
3446 }
3447 
3448 
3459 struct CadetTunnelQueueEntry *
3461  const struct GNUNET_MessageHeader *message,
3463  void *cont_cls)
3464 {
3465  struct CadetTunnelQueueEntry *tq;
3466  uint16_t payload_size;
3467  struct GNUNET_MQ_Envelope *env;
3468  struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
3469 
3470  if (CADET_TUNNEL_KEY_OK != t->estate)
3471  {
3472  GNUNET_break (0);
3473  return NULL;
3474  }
3475  payload_size = ntohs (message->size);
3477  "Encrypting %u bytes for %s\n",
3478  (unsigned int) payload_size,
3479  GCT_2s (t));
3480  env = GNUNET_MQ_msg_extra (ax_msg,
3481  payload_size,
3483  t_ax_encrypt (&t->ax,
3484  &ax_msg[1],
3485  message,
3486  payload_size);
3488  "# encrypted bytes",
3489  payload_size,
3490  GNUNET_NO);
3491  ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
3492  ax_msg->ax_header.PNs = htonl (t->ax.PNs);
3493  /* FIXME: we should do this once, not once per message;
3494  this is a point multiplication, and DHRs does not
3495  change all the time. */
3497  &ax_msg->ax_header.DHRs);
3498  t_h_encrypt (&t->ax,
3499  ax_msg);
3500  t_hmac (&ax_msg->ax_header,
3501  sizeof(struct GNUNET_CADET_AxHeader) + payload_size,
3502  0,
3503  &t->ax.HKs,
3504  &ax_msg->hmac);
3505 
3506  tq = GNUNET_malloc (sizeof(*tq));
3507  tq->t = t;
3508  tq->env = env;
3509  tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */
3510  tq->cont = cont;
3511  tq->cont_cls = cont_cls;
3513  t->tq_tail,
3514  tq);
3515  if (NULL != t->send_task)
3517  t->send_task
3519  t);
3520  return tq;
3521 }
3522 
3523 
3533 void
3535 {
3536  struct CadetTunnel *t = tq->t;
3537 
3539  t->tq_tail,
3540  tq);
3541  GNUNET_MQ_discard (tq->env);
3542  GNUNET_free (tq);
3543 }
3544 
3545 
3553 void
3556  void *iter_cls)
3557 {
3558  struct CadetTConnection *n;
3559 
3560  for (struct CadetTConnection *ct = t->connection_ready_head;
3561  NULL != ct;
3562  ct = n)
3563  {
3564  n = ct->next;
3565  iter (iter_cls,
3566  ct);
3567  }
3568  for (struct CadetTConnection *ct = t->connection_busy_head;
3569  NULL != ct;
3570  ct = n)
3571  {
3572  n = ct->next;
3573  iter (iter_cls,
3574  ct);
3575  }
3576 }
3577 
3578 
3583 {
3588 
3592  void *iter_cls;
3593 };
3594 
3595 
3604 static int
3606  uint32_t key,
3607  void *value)
3608 {
3609  struct ChanIterCls *ctx = cls;
3610  struct CadetChannel *ch = value;
3611 
3612  ctx->iter (ctx->iter_cls,
3613  ch);
3614  return GNUNET_OK;
3615 }
3616 
3617 
3625 void
3627  GCT_ChannelIterator iter,
3628  void *iter_cls)
3629 {
3630  struct ChanIterCls ctx;
3631 
3632  ctx.iter = iter;
3633  ctx.iter_cls = iter_cls;
3636  &ctx);
3637 }
3638 
3639 
3648 static int
3649 debug_channel (void *cls,
3650  uint32_t key,
3651  void *value)
3652 {
3653  const enum GNUNET_ErrorType *level = cls;
3654  struct CadetChannel *ch = value;
3655 
3656  GCCH_debug (ch, *level);
3657  return GNUNET_OK;
3658 }
3659 
3660 
3661 #define LOG2(level, ...) GNUNET_log_from_nocheck (level, "cadet-tun", \
3662  __VA_ARGS__)
3663 
3664 
3671 void
3672 GCT_debug (const struct CadetTunnel *t,
3673  enum GNUNET_ErrorType level)
3674 {
3675 #if ! defined(GNUNET_CULL_LOGGING)
3676  struct CadetTConnection *iter_c;
3677  int do_log;
3678 
3680  "cadet-tun",
3681  __FILE__, __FUNCTION__, __LINE__);
3682  if (0 == do_log)
3683  return;
3684 
3685  LOG2 (level,
3686  "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n",
3687  GCT_2s (t),
3688  estate2s (t->estate),
3689  t->tq_len,
3691  LOG2 (level,
3692  "TTT channels:\n");
3694  &debug_channel,
3695  &level);
3696  LOG2 (level,
3697  "TTT connections:\n");
3698  for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next)
3699  GCC_debug (iter_c->cc,
3700  level);
3701  for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next)
3702  GCC_debug (iter_c->cc,
3703  level);
3704 
3705  LOG2 (level,
3706  "TTT TUNNEL END\n");
3707 #endif
3708 }
3709 
3710 
3711 /* end of gnunet-service-cadet_tunnels.c */
struct CadetTunnelAxolotl ax
Axolotl info.
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:630
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
Closure for evaluate_connection.
Axolotl-encrypted tunnel message with application payload.
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED
Axolotl encrypted data.
struct CadetChannel * lookup_channel(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Lookup a channel by its ctn.
Struct to old keys for skipped messages while advancing the Axolotl ratchet.
void GCT_remove_channel(struct CadetTunnel *t, struct CadetChannel *ch, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Remove a channel from a tunnel.
void GCCH_handle_remote_destroy(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
Destroy channel, based on the other peer closing the connection.
static struct GNUNET_CADET_Channel * ch
Channel handle.
Definition: gnunet-cadet.c:117
struct GNUNET_CONTAINER_MultiHashMap32 * channels
Channels inside this tunnel.
static void handle_plaintext_data_ack(void *cls, const struct GNUNET_CADET_ChannelDataAckMessage *ack)
We received an acknowledgement for data we sent on a channel.
void GCT_connection_lost(struct CadetTConnection *ct)
We lost a connection, remove it from our list and clean up the connection object itself.
struct GNUNET_HashCode h_port
Hash of destination port and listener.
uint32_t cn
Which number does this channel have that uniquely identfies it within its tunnel, in network byte ord...
const char * GNUNET_sh2s(const struct GNUNET_ShortHashCode *shc)
Convert a short hash value to a string (for printing debug messages).
const struct CadetConnectionMetrics * GCC_get_metrics(struct CadetConnection *cc)
Obtain performance metrics from cc.
struct CadetPeerPath * path
Path we are comparing against for evaluate_connection, can be NULL.
struct CadetTConnection * connection_ready_tail
DLL of ready connections that are actively used to reach the destination peer.
Peer description.
struct CadetPeer * GCT_get_destination(struct CadetTunnel *t)
Return the peer to which this tunnel goes.
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
static const char * estate2s(enum CadetTunnelEState es)
Get string description for tunnel encryption state.
static void handle_plaintext_data(void *cls, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
We received payload data for a channel.
GNUnet CADET service with encryption.
uint32_t Ns
Number of messages sent with the current ratchet key.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
Low-level connection to a destination.
static void t_hmac(const void *plaintext, size_t size, uint32_t iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_ShortHashCode *hmac)
Calculate HMAC.
int duplicate
Set to GNUNET_YES if we have a connection over path already.
uint64_t rel_value_us
The actual value.
void(* GCT_SendContinuation)(void *cls, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid)
Function called when a transmission requested using GCT_send is done.
enum CadetTunnelEState GCT_get_estate(struct CadetTunnel *t)
Get the encryption state of a tunnel.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
unsigned int max_length
Maximum length of any of our connections, 0 if we have none.
struct CadetChannel * GCCH_channel_incoming_new(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn, const struct GNUNET_HashCode *h_port, uint32_t options)
Create a new channel based on a request coming in over the network.
struct CadetTunnelSkippedKey * skipped_tail
Skipped messages&#39; keys DLL, tail.
int is_ready
Is the connection currently ready for transmission?
struct GNUNET_TIME_Absolute timestamp
When was this key stored (for timeout).
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:570
A connection is a live end-to-end messaging mechanism where the peers are identified by a path and kn...
struct GNUNET_CRYPTO_SymmetricSessionKey HKr
32-byte header key (currently used for receiving)
void GCCH_tunnel_up(struct CadetChannel *ch)
Function called once and only once after a channel was bound to its tunnel via GCT_add_channel() is r...
const char * GCT_2s(const struct CadetTunnel *t)
Get the static string for the peer this tunnel is directed.
unsigned long long num_successes
Number of packets that were sent via this connection did actually receive an ACK? (Note: ACKs may be ...
int GNUNET_snprintf(char *buf, size_t size, const char *format,...)
Like snprintf, just aborts if the buffer is of insufficient size.
#define DESIRED_CONNECTIONS_PER_TUNNEL
How many connections would we like to have per tunnel?
unsigned int num_ready_connections
Number of connections in the connection_ready_head DLL.
void GCT_handle_encrypted(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
Handle encrypted message.
GNUNET_MQ_Error
Error codes for the queue.
const char * GCC_2s(const struct CadetConnection *cc)
Get a (static) string for a connection.
static int alice_or_betty(const struct GNUNET_PeerIdentity *other)
Am I Alice or Betty (some call her Bob), or talking to myself?
#define GNUNET_TIME_UNIT_MINUTES
One minute.
struct GNUNET_TIME_Absolute last_use
When was this connection last used? (by us sending or receiving a PAYLOAD message on it) ...
struct GNUNET_CADET_TunnelKeyExchangeMessage kx
Message header with key material.
struct GNUNET_PeerIdentity my_full_id
Local peer own ID.
int GNUNET_CONTAINER_multihashmap32_iterate(struct GNUNET_CONTAINER_MultiHashMap32 *map, GNUNET_CONTAINER_MulitHashMapIterator32Callback it, void *it_cls)
Iterate over all entries in the map.
uint32_t flags
Flags for the key exchange in NBO, based on enum GNUNET_CADET_KX_Flags.
struct CadetTunnel * GCT_create_tunnel(struct CadetPeer *destination)
Create a tunnel to destionation.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:246
struct GNUNET_MQ_Handle * mq
Dispatcher for decrypted messages only (do NOT use for sending!).
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct CadetTunnelQueueEntry * GCT_send(struct CadetTunnel *t, const struct GNUNET_MessageHeader *message, GCT_SendContinuation cont, void *cont_cls)
Sends an already built message on a tunnel, encrypting it and choosing the best connection if not pro...
void GCT_send_cancel(struct CadetTunnelQueueEntry *tq)
Cancel a previously sent message while it&#39;s in the queue.
const struct GNUNET_CADET_ConnectionTunnelIdentifier * GCC_get_id(struct CadetConnection *cc)
Obtain unique ID for the connection.
struct CadetTunnelQueueEntry * prev
We are entries in a DLL.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
struct GNUNET_TIME_Absolute ratchet_expiration
Time when the current ratchet expires and a new one is triggered (if ratchet_allowed is GNUNET_YES)...
uint32_t PNs
Previous message numbers (# of msgs sent under prev ratchet)
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK
Confirm the creation of a channel.
static void mark_connection_unready(struct CadetTConnection *ct)
Connection ct is now unready, clear it&#39;s ready flag and move it from the ready DLL to the busy DLL...
void GCCH_handle_duplicate_open(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
We got a GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN message again for this channel.
struct GNUNET_CRYPTO_EcdhePublicKey DHRs
Current ratchet key.
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY
Ask the cadet service to destroy a channel.
KX received and we sent KX_AUTH back, but we got no traffic yet, so we&#39;re waiting for either KX_AUTH ...
unsigned int GCT_count_any_connections(const struct CadetTunnel *t)
Count all created connections of a tunnel.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
int GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:1182
struct CadetTConnection * connection_ready_head
DLL of ready connections that are actively used to reach the destination peer.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
int kx_auth_requested
Force triggering KX_AUTH independent of estate.
static void send_kx(struct CadetTunnel *t, struct CadetTConnection *ct, struct CadetTunnelAxolotl *ax)
Send a KX message.
void * iter_cls
Closure for iter.
#define GNUNET_NO
Definition: gnunet_common.h:78
void GCT_iterate_channels(struct CadetTunnel *t, GCT_ChannelIterator iter, void *iter_cls)
Iterate over all channels of a tunnel.
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
Should the peer reply with its KX details?
Information we track per tunnel.
struct GNUNET_CRYPTO_SymmetricSessionKey NHKr
32-byte next header key (for receiving).
GNUNET_ErrorType
Types of errors.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:395
uint32_t opt
Channel options.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
KX message sent, waiting for other peer&#39;s KX_AUTH.
static struct CadetTConnection * get_ready_connection(struct CadetTunnel *t)
Find first connection that is ready in the list of our connections.
static void store_skipped_key(struct CadetTunnelAxolotl *ax, const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
Delete a key from the list of skipped keys.
struct GNUNET_CADET_AxHeader ax_header
Axolotl-header that specifies which keys to use in which ratchet to decrypt the body that follows...
struct CadetConnection * GCC_create(struct CadetPeer *destination, struct CadetPeerPath *path, unsigned int off, struct CadetTConnection *ct, GCC_ReadyCallback ready_cb, void *ready_cb_cls)
Create a connection to destination via path and notify cb whenever we are ready for more data...
Encrypted axolotl header with numbers that identify which keys in which ratchet are to be used to dec...
unsigned int GCP_iterate_paths(struct CadetPeer *cp, GCP_PathIterator callback, void *callback_cls)
Iterate over the paths to a peer.
static struct GNUNET_SCHEDULER_Task * t
Main task.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
struct CadetConnection * GCC_create_inbound(struct CadetPeer *destination, struct CadetPeerPath *path, struct CadetTConnection *ct, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, GCC_ReadyCallback ready_cb, void *ready_cb_cls)
Create a connection to destination via path and notify cb whenever we are ready for more data...
void GNUNET_STATISTICS_update(struct GNUNET_STATISTICS_Handle *handle, const char *name, int64_t delta, int make_persistent)
Set statistic value for the peer.
static void handle_plaintext_channel_destroy(void *cls, const struct GNUNET_CADET_ChannelDestroyMessage *cm)
We received a message saying that a channel should be destroyed.
struct GNUNET_SCHEDULER_Task * destroy_task
Task scheduled if there are no more channels using the tunnel.
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:438
int GNUNET_CONTAINER_multihashmap32_put(struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
void GCC_debug(struct CadetConnection *cc, enum GNUNET_ErrorType level)
Log connection info.
static int update_ax_by_kx(struct CadetTunnelAxolotl *ax, const struct GNUNET_PeerIdentity *pid, const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key, const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
Update our Axolotl key state based on the KX data we received.
struct CadetTConnection * connection_busy_head
DLL of connections that we maintain that might be used to reach the destination peer.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA
Payload data (inside an encrypted tunnel).
struct GNUNET_SCHEDULER_Task * kx_task
Task to trigger KX.
static void destroy_tunnel(void *cls)
This tunnel is no longer used, destroy it.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
struct CadetTunnelQueueEntry * tq_tail
Queued messages, to transmit once tunnel gets connected.
static int store_ax_keys(struct CadetTunnelAxolotl *ax, const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr, uint32_t Np)
Stage skipped AX keys and calculate the message key.
A 256-bit hashcode.
GCT_ChannelIterator iter
Function to call.
const char * GCP_2s(const struct CadetPeer *cp)
Get the static string for a peer ID.
void GCT_send_channel_destroy(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Send a DESTROY message via the tunnel.
static void t_ax_hmac_hash(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_HashCode *hash, const void *source, unsigned int len)
Perform a HMAC.
struct GNUNET_CRYPTO_SymmetricSessionKey HK
Header key.
struct CadetTunnel * t
Tunnel this connection belongs to.
struct CadetTunnelSkippedKey * prev
DLL prev.
static void trigger_transmissions(void *cls)
Called when either we have a new connection, or a new message in the queue, or some existing connecti...
static void handle_plaintext_channel_open_ack(void *cls, const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
We have received confirmation from the target peer that the given channel could be established (the p...
const char * GCPP_2s(struct CadetPeerPath *path)
Convert a path to a human-readable string.
GNUNET_CADET_KX_Flags
Flags to be used in GNUNET_CADET_KX.
static int destroy_remaining_channels(void *cls, uint32_t key, void *value)
Destroy remaining channels during shutdown.
struct GNUNET_CRYPTO_SymmetricSessionKey CKr
32-byte chain keys (used for forward-secrecy) for receiving messages.
Performance metrics for a connection.
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN
Ask the cadet service to create a new channel.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
struct GNUNET_TIME_Relative ratchet_time
How long until we trigger a ratched advance due to time.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1253
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
static ssize_t t_ax_decrypt_and_validate(struct CadetTunnelAxolotl *ax, void *dst, const struct GNUNET_CADET_TunnelEncryptedMessage *src, size_t size)
Decrypt and verify data with the appropriate tunnel key and verify that the data has not been altered...
void(* GCT_ConnectionIterator)(void *cls, struct CadetTConnection *ct)
Iterator over connections.
double worst_score
Numeric score of worst, only set if worst is non-NULL.
enum State state
current state of profiling
Information we track per peer.
struct GNUNET_MQ_Handle * GNUNET_MQ_queue_for_callbacks(GNUNET_MQ_SendImpl send, GNUNET_MQ_DestroyImpl destroy, GNUNET_MQ_CancelImpl cancel, void *impl_state, const struct GNUNET_MQ_MessageHandler *handlers, GNUNET_MQ_ErrorHandler error_handler, void *cls)
Create a message queue for the specified handlers.
Definition: mq.c:552
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
struct CadetTunnelAxolotl * unverified_ax
Unverified Axolotl info, used only if we got a fresh KX (not a KX_AUTH) while our end of the tunnel w...
int GNUNET_CONTAINER_multihashmap32_remove(struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key, const void *value)
Remove the given key-value pair from the map.
int GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:1502
static char * value
Value of the record to add/remove.
CadetTunnelEState
All the encryption states a tunnel can be in.
GNUNET_CONTAINER_HeapCostType min_desire
Minimum desirability of any of our connections, UINT64_MAX if we have none.
void GNUNET_MST_destroy(struct GNUNET_MessageStreamTokenizer *mst)
Destroys a tokenizer.
Definition: mst.c:411
struct CadetTConnection * current_ct
Identification of the connection from which we are currently processing a message.
void * GNUNET_CONTAINER_multihashmap32_get(const struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key)
Given a key find a value in the map matching the key.
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
struct GNUNET_STATISTICS_Handle * stats
Handle to the statistics service.
Struct containing all information regarding a channel to a remote client.
int GCT_add_inbound_connection(struct CadetTunnel *t, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, struct CadetPeerPath *path)
Add a connection to the tunnel.
Message for a Key eXchange for a tunnel, with authentication.
struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral
Last ephemeral public key received from the other peer, for duplicate detection.
#define GNUNET_MAX(a, b)
Definition: gnunet_common.h:82
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1280
static void t_hmac_derive_key(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_CRYPTO_SymmetricSessionKey *out, const void *source, unsigned int len)
Derive a symmetric encryption key from an HMAC-HASH.
static void delete_skipped_key(struct CadetTunnelAxolotl *ax, struct CadetTunnelSkippedKey *key)
Delete a key from the list of skipped keys.
Handle to a message stream tokenizer.
Definition: mst.c:43
#define GNUNET_MIN(a, b)
Definition: gnunet_common.h:80
#define INITIAL_KX_RETRY_DELAY
How long do we wait initially before retransmitting the KX? TODO: replace by 2 RTT if/once we have co...
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
unsigned int GNUNET_CONTAINER_multihashmap32_size(const struct GNUNET_CONTAINER_MultiHashMap32 *map)
Get the number of key-value pairs in the map.
static char buf[2048]
struct GNUNET_CADET_ConnectionTunnelIdentifier cid
ID of the connection.
unsigned int unverified_attempts
How often have we tried and failed to decrypt a message using the unverified KX material from unverif...
struct GNUNET_MessageStreamTokenizer * GNUNET_MST_create(GNUNET_MessageTokenizerCallback cb, void *cb_cls)
Create a message stream tokenizer.
Definition: mst.c:85
struct GNUNET_MessageStreamTokenizer * mst
Tokenizer for decrypted messages.
struct GNUNET_CADET_ConnectionTunnelIdentifier cid
ID of the connection.
Message for cadet data traffic.
void GCC_destroy_without_tunnel(struct CadetConnection *cc)
Destroy a connection, called if the tunnel association with the connection was already broken...
uint32_t PNs
Number of messages sent with the previous ratchet key.
int GNUNET_MST_from_buffer(struct GNUNET_MessageStreamTokenizer *mst, const char *buf, size_t size, int purge, int one_shot)
Add incoming data to the receive buffer and call the callback for all complete messages.
Definition: mst.c:114
void GNUNET_MQ_inject_message(struct GNUNET_MQ_Handle *mq, const struct GNUNET_MessageHeader *mh)
Call the message message handler that was registered for the type of the given message in the given m...
Definition: mq.c:202
void GCCH_handle_channel_plaintext_data_ack(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_CADET_ChannelDataAckMessage *ack)
We got an acknowledgement for payload data for a channel.
struct GNUNET_CADET_ChannelTunnelNumber GCT_add_channel(struct CadetTunnel *t, struct CadetChannel *ch)
Add a channel to a tunnel, and notify channel that we are ready for transmission if we are already up...
Internal representation of the hash map.
void GCT_debug(const struct CadetTunnel *t, enum GNUNET_ErrorType level)
Log all possible info about the tunnel state.
static ssize_t try_old_ax_keys(struct CadetTunnelAxolotl *ax, void *dst, const struct GNUNET_CADET_TunnelEncryptedMessage *src, size_t size)
Decrypt and verify data with the appropriate tunnel key and verify that the data has not been altered...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE
Announce connection is still alive (direction sensitive).
Closure for iterate_channels_cb.
A 512-bit hashcode.
uint32_t reserved
For alignment.
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1612
Message handler for a specific message type.
struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key
Sender&#39;s next ephemeral public ECC key encoded in a format suitable for network transmission, as created using &#39;gcry_sexp_sprint&#39;.
static int consider_path_cb(void *cls, struct CadetPeerPath *path, unsigned int off)
Consider using the path p for the tunnel t.
void GCT_handle_kx(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
Handle KX message that lacks authentication (and which will thus only be considered authenticated aft...
static int res
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
struct GNUNET_CONTAINER_MultiHashMap32 * GNUNET_CONTAINER_multihashmap32_create(unsigned int len)
Create a 32-bit key multi hash map.
struct CadetConnection * cc
Connection handle.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA.
void GNUNET_CONTAINER_multihashmap32_destroy(struct GNUNET_CONTAINER_MultiHashMap32 *map)
Destroy a 32-bit key hash map.
void GNUNET_MQ_discard(struct GNUNET_MQ_Envelope *mqm)
Discard the message queue message, free all allocated resources.
Definition: mq.c:321
#define LOG2(level,...)
static GstElement * source
Appsrc instance into which we write data for the pipeline.
struct GNUNET_CADET_ChannelTunnelNumber ctn
Number identifying this channel in its tunnel.
Private ECC key encoded for transmission.
Struct containing all information regarding a tunnel to a peer.
Message to acknowledge end-to-end data.
void GCCH_handle_channel_open_ack(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_HashCode *port)
We got an acknowledgement for the creation of the channel (the port is open on the other side)...
There must only be one value per key; storing a value should fail if a value under the same key alrea...
int ratchet_allowed
True (GNUNET_YES) if we have received a message from the other peer that uses the keys from our last ...
static int iterate_channels_cb(void *cls, uint32_t key, void *value)
Helper function for GCT_iterate_channels.
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_get_log_call_status(int caller_level, const char *comp, const char *file, const char *function, int line)
Decides whether a particular logging call should or should not be allowed to be made.
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
static unsigned int size
Size of the "table".
Definition: peer.c:67
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:301
static void decrypted_error_cb(void *cls, enum GNUNET_MQ_Error error)
Function called if we had an error processing an incoming decrypted message.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel within the tunnel.
uint64_t GNUNET_CONTAINER_HeapCostType
Cost by which elements in a heap can be ordered.
struct GNUNET_TIME_Absolute next_kx_attempt
When do we try the next KX?
uint32_t Nr
Message number (reset to 0 with each new ratchet, next message to recv).
Message to acknowledge opening a channel of type GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
Struct used to save messages in a non-ready tunnel to send once connected.
GNUNET_CONTAINER_HeapCostType GCPP_get_desirability(const struct CadetPeerPath *path)
Return how much we like keeping the path.
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
void GCCH_debug(struct CadetChannel *ch, enum GNUNET_ErrorType level)
Log channel info.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
void GCT_destroy_tunnel_now(struct CadetTunnel *t)
Destroys the tunnel t now, without delay.
struct CadetTunnelQueueEntry * tq_head
Queued messages, to transmit once tunnel gets connected.
#define GNUNET_TIME_STD_BACKOFF(r)
Perform our standard exponential back-off calculation, starting at 1 ms and then going by a factor of...
Handshake completed: session key available.
struct CadetPeerPath * GCC_get_path(struct CadetConnection *cc, unsigned int *off)
Obtain the path used by this connection.
Message to create a Channel.
static void evaluate_connection(void *cls, struct CadetTConnection *ct)
Evaluate a connection, updating our summary information in cls about what kinds of connections we hav...
struct CadetTunnel * t
Tunnel these messages belong in.
void GCT_consider_path(struct CadetTunnel *t, struct CadetPeerPath *p, unsigned int off)
Consider using the path p for the tunnel t.
void * cont_cls
Closure for cont.
struct GNUNET_ShortHashCode hmac
MAC of the encrypted message, used to verify message integrity.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
P2P messages used by CADET.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:270
struct CadetTunnelQueueEntry * next
We are entries in a DLL.
const char * GCCH_2s(const struct CadetChannel *ch)
Get the static string for identification of the channel.
int shutting_down
Signal that shutdown is happening: prevent recovery measures.
#define HIGH_BIT
Message to destroy a channel of type GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
static int notify_tunnel_up_cb(void *cls, uint32_t key, void *value)
Our tunnel became ready for the first time, notify channels that have been waiting.
static void handle_plaintext_keepalive(void *cls, const struct GNUNET_MessageHeader *msg)
We got a keepalive.
struct GNUNET_CRYPTO_EddsaPrivateKey * my_private_key
Own private key.
struct GNUNET_MQ_Envelope * env
Envelope of message to send follows.
void GCT_handle_kx_auth(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg)
Handle KX_AUTH message.
void GCT_change_estate(struct CadetTunnel *t, enum CadetTunnelEState state)
Change the tunnel encryption state.
Handle to a message queue.
Definition: mq.c:85
struct GNUNET_CRYPTO_SymmetricSessionKey RK
32-byte root key which gets updated by DH ratchet.
void GCC_transmit(struct CadetConnection *cc, struct GNUNET_MQ_Envelope *env)
Transmit message msg via connection cc.
Private ECC key encoded for transmission.
unsigned int Kn
Key number for a given HK.
#define N
static void maintain_connections_cb(void *cls)
Function called to maintain the connections underlying our tunnel.
struct GNUNET_CRYPTO_EcdhePublicKey DHRr
ECDH Ratchet key (other peer&#39;s public key in the current DH).
Entry in list of connections used by tunnel, with metadata.
The identity of the host (wraps the signing key of the peer).
void GCP_drop_tunnel(struct CadetPeer *cp, struct CadetTunnel *t)
The tunnel to the given peer no longer exists, remove it from our data structures, and possibly clean up the peer itself.
GNUNET_CONTAINER_HeapCostType max_desire
Maximum desirability of any of our connections, 0 if we have none.
unsigned int min_length
Minimum length of any of our connections, UINT_MAX if we have none.
struct GNUNET_HashCode port
Port number of the channel, used to prove to the initiator that the receiver knows the port...
KX message sent and received, trying to send back KX_AUTH.
static int check_plaintext_data(void *cls, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
Check that msg is well-formed.
#define GNUNET_ALIGN
gcc-ism to force alignment; we use this to align char-arrays that may then be cast to &#39;struct&#39;s...
struct CadetPeer * destination
Destination of the tunnel.
#define MAX_SKIPPED_KEYS
Maximum number of skipped keys we keep in memory per tunnel.
The peer should reply with its KX details?
struct GNUNET_CRYPTO_EcdhePrivateKey DHRs
ECDH Ratchet key (our private key in the current DH).
#define MAX_UNVERIFIED_ATTEMPTS
How often do we try to decrypt payload with unverified key material? Used to limit CPU increase upon ...
Hash uniquely identifying a connection below a tunnel.
Axolotl data, according to https://github.com/trevp/axolotl/wiki .
struct GNUNET_HashCode auth
KDF-proof that sender could compute the 3-DH, used in lieu of a signature or payload data...
static void connection_ready_cb(void *cls, int is_ready)
A connection is is_ready for transmission.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_duration(struct GNUNET_TIME_Absolute whence)
Get the duration of an operation as the difference of the current time and the given start time "henc...
Definition: time.c:375
struct CadetTunnelSkippedKey * skipped_head
A (double linked) list of stored message keys and associated header keys for "skipped" messages...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK
Confirm payload data end-to-end.
Message for a Key eXchange for a tunnel.
static void send_kx_auth(struct CadetTunnel *t, struct CadetTConnection *ct, struct CadetTunnelAxolotl *ax, int force_reply)
Send a KX_AUTH message.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
unsigned int GCT_count_channels(struct CadetTunnel *t)
Count channels of a tunnel.
Number identifying a CADET channel within a tunnel.
Entry in list of pending tasks.
Definition: scheduler.c:134
static void handle_plaintext_channel_open(void *cls, const struct GNUNET_CADET_ChannelOpenMessage *copen)
We have received a request to open a channel to a port from another peer.
struct GNUNET_TIME_Absolute created
Creation time, to keep oldest connection alive.
static void retry_kx(void *cls)
Try to redo the KX or KX_AUTH handshake, if we can.
unsigned long long num_acked_transmissions
How many packets that ought to generate an ACK did we send via this connection?
struct GNUNET_CRYPTO_SymmetricSessionKey HKs
32-byte header key (currently used for sending).
void GCCH_handle_channel_plaintext_data(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
We got payload data for a channel.
struct GNUNET_SCHEDULER_Task * maintain_connections_task
Task to trim connections if too many are present.
static int handle_decrypted(void *cls, const struct GNUNET_MessageHeader *msg)
Handles a message we decrypted, by injecting it into our message queue (which will do the dispatching...
static int debug_channel(void *cls, uint32_t key, void *value)
Call GCCH_debug() on a channel.
static void t_h_encrypt(struct CadetTunnelAxolotl *ax, struct GNUNET_CADET_TunnelEncryptedMessage *msg)
Encrypt header with the axolotl header key.
struct CadetPeer * GCPP_get_peer_at_offset(struct CadetPeerPath *path, unsigned int off)
Obtain the peer at offset off in path.
void GCT_iterate_connections(struct CadetTunnel *t, GCT_ConnectionIterator iter, void *iter_cls)
Iterate over all connections of a tunnel.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
static void destroy_t_connection(void *cls, struct CadetTConnection *ct)
Clean up connection ct of a tunnel.
static void cleanup_ax(struct CadetTunnelAxolotl *ax)
Cleanup state used by ax.
Uninitialized status, we need to send KX.
#define LOG(level,...)
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH
Axolotl key exchange response with authentication.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_remaining(struct GNUNET_TIME_Absolute future)
Given a timestamp in the future, how much time remains until then?
Definition: time.c:331
KX message received, trying to send back KX_AUTH.
static void t_h_decrypt(struct CadetTunnelAxolotl *ax, const struct GNUNET_CADET_TunnelEncryptedMessage *src, struct GNUNET_CADET_TunnelEncryptedMessage *dst)
Decrypt header with the current axolotl header key.
struct GNUNET_SCHEDULER_Task * send_task
Task to send messages from queue (if possible).
struct GNUNET_TIME_Relative kx_retry_delay
How long do we wait until we retry the KX?
Header for all communications.
struct CadetTunnelSkippedKey * next
DLL next.
Time for absolute times used by GNUnet, in microseconds.
void GNUNET_MQ_destroy(struct GNUNET_MQ_Handle *mq)
Destroy the message queue.
Definition: mq.c:824
#define GNUNET_YES
Definition: gnunet_common.h:77
static void t_ax_encrypt(struct CadetTunnelAxolotl *ax, void *dst, const void *src, size_t size)
Encrypt data with the axolotl tunnel key.
void(* GCT_ChannelIterator)(void *cls, struct CadetChannel *ch)
Iterator over channels.
#define MAX_KEY_GAP
Maximum number of keys (and thus ratchet steps) we are willing to skip before we decide this is eithe...
unsigned int ratchet_counter
Number of messages recieved since our last ratchet advance.
struct CadetTConnection * next
Next in DLL.
unsigned int tq_len
Number of entries in the tq_head DLL.
GCT_SendContinuation cont
Continuation to call once sent (on the channel layer).
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Sender&#39;s ephemeral public ECC key encoded in a format suitable for network transmission, as created using &#39;gcry_sexp_sprint&#39;.
const char * GNUNET_e2s(const struct GNUNET_CRYPTO_EcdhePublicKey *p)
Convert a public key value to a string (for printing debug messages).
unsigned int num_busy_connections
Number of connections in the connection_busy_head DLL.
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
struct GNUNET_CRYPTO_SymmetricSessionKey CKs
32-byte chain keys (used for forward-secrecy) for sending messages.
struct GNUNET_TIME_Absolute age
When was this connection first established? (by us sending or receiving the CREATE_ACK for the first ...
static void new_ephemeral(struct CadetTunnelAxolotl *ax)
Create a new Axolotl ephemeral (ratchet) key.
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_at(struct GNUNET_TIME_Absolute at, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run at the specified time.
Definition: scheduler.c:1230
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
unsigned int skipped
Number of elements in skipped_head <-> skipped_tail.
void GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
Derive an authentication key.
Definition: crypto_hash.c:356
Information regarding a possible path to reach a peer.
static void t_ax_decrypt(struct CadetTunnelAxolotl *ax, void *dst, const void *src, size_t size)
Decrypt data with the axolotl tunnel key.
struct CadetTConnection * connection_busy_tail
DLL of connections that we maintain that might be used to reach the destination peer.
struct GNUNET_ShortHashCode connection_of_tunnel
unsigned int GCPP_get_length(struct CadetPeerPath *path)
Return the length of the path.
int ratchet_flag
True (GNUNET_YES) if we have to send a new ratchet key in next msg.
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:89
enum CadetTunnelEState estate
State of the tunnel encryption.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
static void try_send_normal_payload(struct CadetTunnel *t, struct CadetTConnection *ct)
Send normal payload from queue in t via connection ct.
type for (message) authentication keys
struct GNUNET_CRYPTO_SymmetricSessionKey NHKs
32-byte next header key (for sending), used once the ratchet advances.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define IDLE_DESTROY_DELAY
How long do we wait until tearing down an idle tunnel?
uint32_t Ns
Message number (reset to 0 with each new ratchet, next message to send).
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX
Axolotl key exchange.
#define GNUNET_free(ptr)
Wrapper around free.
const struct GNUNET_PeerIdentity * GCP_get_id(struct CadetPeer *cp)
Obtain the peer identity for a struct CadetPeer.
Time for relative time used by GNUnet, in microseconds.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
struct GNUNET_CADET_ConnectionTunnelIdentifier * cid
Where to put the connection identifier into the payload of the message in env once we have it...
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
struct GNUNET_CRYPTO_SymmetricSessionKey MK
Message key.
struct GNUNET_CRYPTO_EcdhePrivateKey kx_0
ECDH for key exchange (A0 / B0).
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:966
static struct GNUNET_CADET_ChannelTunnelNumber get_next_free_ctn(struct CadetTunnel *t)
Compute the next free channel tunnel number for this tunnel.
struct CadetTConnection * worst
Connection deemed the "worst" so far encountered by evaluate_connection, NULL if we did not yet encou...
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...