GNUnet  0.11.x
gnunet-service-cadet_tunnels.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2013, 2017, 2018 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
33 #include "platform.h"
34 #include "gnunet_util_lib.h"
36 #include "gnunet_signatures.h"
37 #include "cadet_protocol.h"
43 
44 
45 #define LOG(level, ...) GNUNET_log_from (level, "cadet-tun", __VA_ARGS__)
46 
52 #define MAX_UNVERIFIED_ATTEMPTS 16
53 
57 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply ( \
58  GNUNET_TIME_UNIT_SECONDS, 90)
59 
64 #define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply ( \
65  GNUNET_TIME_UNIT_MILLISECONDS, 250)
66 
70 #define MAX_SKIPPED_KEYS 64
71 
76 #define MAX_KEY_GAP 256
77 
78 
83 {
88 
93 
98 
103 
108 
112  unsigned int Kn;
113 };
114 
115 
120 {
127 
132 
137 
142 
147 
154 
161 
167 
175 
180 
185 
190 
195  struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral;
196 
201  struct GNUNET_TIME_Absolute ratchet_expiration;
202 
206  unsigned int skipped;
207 
211  uint32_t Ns;
212 
216  uint32_t Nr;
217 
221  uint32_t PNs;
222 
227 
239 
252  unsigned int ratchet_counter;
253 };
254 
255 
260 {
265 
270 
274  struct CadetTunnel *t;
275 
280 
284  void *cont_cls;
285 
290 
296 };
297 
298 
303 {
308 
313  struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
314 
319 
324 
329 
338 
343 
348 
353 
358 
363 
368 
373 
378 
383 
388 
394 
399 
404 
409 
416 
420  struct GNUNET_TIME_Relative kx_retry_delay;
421 
425  struct GNUNET_TIME_Absolute next_kx_attempt;
426 
430  unsigned int num_ready_connections;
431 
435  unsigned int num_busy_connections;
436 
442  unsigned int unverified_attempts;
443 
447  unsigned int tq_len;
448 
452  enum CadetTunnelEState estate;
453 
458 };
459 
460 
467 static int
468 alice_or_betty (const struct GNUNET_PeerIdentity *other)
469 {
470  if (0 > GNUNET_memcmp (&my_full_id,
471  other))
472  return GNUNET_YES;
473  else if (0 < GNUNET_memcmp (&my_full_id,
474  other))
475  return GNUNET_NO;
476  else
477  {
478  GNUNET_break_op (0);
479  return GNUNET_SYSERR;
480  }
481 }
482 
483 
490 static void
492 {
493  struct CadetTunnel *t = ct->t;
494 
498  ct);
501  ct->is_ready = GNUNET_NO;
504  ct);
506 }
507 
508 
516 const char *
517 GCT_2s (const struct CadetTunnel *t)
518 {
519  static char buf[64];
520 
521  if (NULL == t)
522  return "Tunnel(NULL)";
523  GNUNET_snprintf (buf,
524  sizeof(buf),
525  "Tunnel %s",
527  return buf;
528 }
529 
530 
538 static const char *
540 {
541  static char buf[32];
542 
543  switch (es)
544  {
546  return "CADET_TUNNEL_KEY_UNINITIALIZED";
548  return "CADET_TUNNEL_KEY_AX_RECV";
550  return "CADET_TUNNEL_KEY_AX_SENT";
552  return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV";
554  return "CADET_TUNNEL_KEY_AX_AUTH_SENT";
555  case CADET_TUNNEL_KEY_OK:
556  return "CADET_TUNNEL_KEY_OK";
557  }
558  GNUNET_snprintf (buf,
559  sizeof(buf),
560  "%u (UNKNOWN STATE)",
561  es);
562  return buf;
563 }
564 
565 
572 struct CadetPeer *
574 {
575  return t->destination;
576 }
577 
578 
586 unsigned int
588 {
590 }
591 
592 
600 struct CadetChannel *
603 {
605  ntohl (ctn.cn));
606 }
607 
608 
616 unsigned int
618 {
620 }
621 
622 
630 static struct CadetTConnection *
632 {
633  struct CadetTConnection *hd = t->connection_ready_head;
634 
635  GNUNET_assert ((NULL == hd) ||
636  (GNUNET_YES == hd->is_ready));
637  return hd;
638 }
639 
640 
650 {
651  return t->estate;
652 }
653 
654 
663 static void
664 trigger_transmissions (void *cls);
665 
666 
667 /* ************************************** start core crypto ***************************** */
668 
669 
675 static void
677 {
679  "Creating new ephemeral ratchet key (DHRs)\n");
682 }
683 
684 
694 static void
695 t_hmac (const void *plaintext,
696  size_t size,
697  uint32_t iv,
699  struct GNUNET_ShortHashCode *hmac)
700 {
701  static const char ctx[] = "cadet authentication key";
702  struct GNUNET_CRYPTO_AuthKey auth_key;
703  struct GNUNET_HashCode hash;
704 
706  key,
707  &iv, sizeof(iv),
708  key, sizeof(*key),
709  ctx, sizeof(ctx),
710  NULL);
711  /* Two step: GNUNET_ShortHash is only 256 bits,
712  GNUNET_HashCode is 512, so we truncate. */
713  GNUNET_CRYPTO_hmac (&auth_key,
714  plaintext,
715  size,
716  &hash);
717  GNUNET_memcpy (hmac,
718  &hash,
719  sizeof(*hmac));
720 }
721 
722 
731 static void
733  struct GNUNET_HashCode *hash,
734  const void *source,
735  unsigned int len)
736 {
737  static const char ctx[] = "axolotl HMAC-HASH";
738  struct GNUNET_CRYPTO_AuthKey auth_key;
739 
741  key,
742  ctx, sizeof(ctx),
743  NULL);
744  GNUNET_CRYPTO_hmac (&auth_key,
745  source,
746  len,
747  hash);
748 }
749 
750 
759 static void
762  const void *source,
763  unsigned int len)
764 {
765  static const char ctx[] = "axolotl derive key";
766  struct GNUNET_HashCode h;
767 
768  t_ax_hmac_hash (key,
769  &h,
770  source,
771  len);
772  GNUNET_CRYPTO_kdf (out, sizeof(*out),
773  ctx, sizeof(ctx),
774  &h, sizeof(h),
775  NULL);
776 }
777 
778 
787 static void
789  void *dst,
790  const void *src,
791  size_t size)
792 {
795  size_t out_size;
796 
797  ax->ratchet_counter++;
798  if ((GNUNET_YES == ax->ratchet_allowed) &&
799  ((ratchet_messages <= ax->ratchet_counter) ||
802  {
803  ax->ratchet_flag = GNUNET_YES;
804  }
805  if (GNUNET_YES == ax->ratchet_flag)
806  {
807  /* Advance ratchet */
808  struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
809  struct GNUNET_HashCode dh;
810  struct GNUNET_HashCode hmac;
811  static const char ctx[] = "axolotl ratchet";
812 
813  new_ephemeral (ax);
814  ax->HKs = ax->NHKs;
815 
816  /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
818  &ax->DHRr,
819  &dh);
820  t_ax_hmac_hash (&ax->RK,
821  &hmac,
822  &dh,
823  sizeof(dh));
824  GNUNET_CRYPTO_kdf (keys, sizeof(keys),
825  ctx, sizeof(ctx),
826  &hmac, sizeof(hmac),
827  NULL);
828  ax->RK = keys[0];
829  ax->NHKs = keys[1];
830  ax->CKs = keys[2];
831 
832  ax->PNs = ax->Ns;
833  ax->Ns = 0;
834  ax->ratchet_flag = GNUNET_NO;
836  ax->ratchet_counter = 0;
839  ratchet_time);
840  }
841 
842  t_hmac_derive_key (&ax->CKs,
843  &MK,
844  "0",
845  1);
847  &MK,
848  NULL, 0,
849  NULL);
850 
851  out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
852  size,
853  &MK,
854  &iv,
855  dst);
856  GNUNET_assert (size == out_size);
857  t_hmac_derive_key (&ax->CKs,
858  &ax->CKs,
859  "1",
860  1);
861 }
862 
863 
872 static void
874  void *dst,
875  const void *src,
876  size_t size)
877 {
880  size_t out_size;
881 
882  t_hmac_derive_key (&ax->CKr,
883  &MK,
884  "0",
885  1);
887  &MK,
888  NULL, 0,
889  NULL);
890  GNUNET_assert (size >= sizeof(struct GNUNET_MessageHeader));
891  out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
892  size,
893  &MK,
894  &iv,
895  dst);
896  GNUNET_assert (out_size == size);
897  t_hmac_derive_key (&ax->CKr,
898  &ax->CKr,
899  "1",
900  1);
901 }
902 
903 
910 static void
913 {
915  size_t out_size;
916 
918  &ax->HKs,
919  NULL, 0,
920  NULL);
921  out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header,
922  sizeof(struct
924  &ax->HKs,
925  &iv,
926  &msg->ax_header);
927  GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == out_size);
928 }
929 
930 
938 static void
940  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
942 {
944  size_t out_size;
945 
947  &ax->HKr,
948  NULL, 0,
949  NULL);
950  out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
951  sizeof(struct
953  &ax->HKr,
954  &iv,
955  &dst->ax_header.Ns);
956  GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == out_size);
957 }
958 
959 
966 static void
968  struct CadetTunnelSkippedKey *key)
969 {
971  ax->skipped_tail,
972  key);
973  GNUNET_free (key);
974  ax->skipped--;
975 }
976 
977 
988 static ssize_t
990  void *dst,
991  const struct GNUNET_CADET_TunnelEncryptedMessage *src,
992  size_t size)
993 {
994  struct CadetTunnelSkippedKey *key;
995  struct GNUNET_ShortHashCode *hmac;
997  struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
998  struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
999  size_t esize;
1000  size_t res;
1001  size_t len;
1002  unsigned int N;
1003 
1005  "Trying skipped keys\n");
1006  hmac = &plaintext_header.hmac;
1007  esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1008 
1009  /* Find a correct Header Key */
1010  valid_HK = NULL;
1011  for (key = ax->skipped_head; NULL != key; key = key->next)
1012  {
1013  t_hmac (&src->ax_header,
1014  sizeof(struct GNUNET_CADET_AxHeader) + esize,
1015  0,
1016  &key->HK,
1017  hmac);
1018  if (0 == GNUNET_memcmp (hmac,
1019  &src->hmac))
1020  {
1021  valid_HK = &key->HK;
1022  break;
1023  }
1024  }
1025  if (NULL == key)
1026  return -1;
1027 
1028  /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
1029  GNUNET_assert (size > sizeof(struct GNUNET_CADET_TunnelEncryptedMessage));
1030  len = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1031  GNUNET_assert (len >= sizeof(struct GNUNET_MessageHeader));
1032 
1033  /* Decrypt header */
1035  &key->HK,
1036  NULL, 0,
1037  NULL);
1039  sizeof(struct GNUNET_CADET_AxHeader),
1040  &key->HK,
1041  &iv,
1042  &plaintext_header.ax_header.Ns);
1043  GNUNET_assert (sizeof(struct GNUNET_CADET_AxHeader) == res);
1044 
1045  /* Find the correct message key */
1046  N = ntohl (plaintext_header.ax_header.Ns);
1047  while ((NULL != key) &&
1048  (N != key->Kn))
1049  key = key->next;
1050  if ((NULL == key) ||
1051  (0 != GNUNET_memcmp (&key->HK,
1052  valid_HK)))
1053  return -1;
1054 
1055  /* Decrypt payload */
1057  &key->MK,
1058  NULL,
1059  0,
1060  NULL);
1061  res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
1062  len,
1063  &key->MK,
1064  &iv,
1065  dst);
1066  delete_skipped_key (ax,
1067  key);
1068  return res;
1069 }
1070 
1071 
1078 static void
1080  const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
1081 {
1082  struct CadetTunnelSkippedKey *key;
1083 
1084  key = GNUNET_new (struct CadetTunnelSkippedKey);
1086  key->Kn = ax->Nr;
1087  key->HK = ax->HKr;
1088  t_hmac_derive_key (&ax->CKr,
1089  &key->MK,
1090  "0",
1091  1);
1092  t_hmac_derive_key (&ax->CKr,
1093  &ax->CKr,
1094  "1",
1095  1);
1097  ax->skipped_tail,
1098  key);
1099  ax->skipped++;
1100  ax->Nr++;
1101 }
1102 
1103 
1114 static int
1116  const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
1117  uint32_t Np)
1118 {
1119  int gap;
1120 
1121  gap = Np - ax->Nr;
1123  "Storing skipped keys [%u, %u)\n",
1124  ax->Nr,
1125  Np);
1126  if (MAX_KEY_GAP < gap)
1127  {
1128  /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */
1129  /* TODO: start new key exchange on return */
1130  GNUNET_break_op (0);
1132  "Got message %u, expected %u+\n",
1133  Np,
1134  ax->Nr);
1135  return GNUNET_SYSERR;
1136  }
1137  if (0 > gap)
1138  {
1139  /* Delayed message: don't store keys, flag to try old keys. */
1140  return GNUNET_SYSERR;
1141  }
1142 
1143  while (ax->Nr < Np)
1144  store_skipped_key (ax,
1145  HKr);
1146 
1147  while (ax->skipped > MAX_SKIPPED_KEYS)
1148  delete_skipped_key (ax,
1149  ax->skipped_tail);
1150  return GNUNET_OK;
1151 }
1152 
1153 
1164 static ssize_t
1166  void *dst,
1167  const struct
1169  size_t size)
1170 {
1171  struct GNUNET_ShortHashCode msg_hmac;
1172  struct GNUNET_HashCode hmac;
1173  struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1174  uint32_t Np;
1175  uint32_t PNp;
1176  size_t esize; /* Size of encryped payload */
1177 
1178  esize = size - sizeof(struct GNUNET_CADET_TunnelEncryptedMessage);
1179 
1180  /* Try current HK */
1181  t_hmac (&src->ax_header,
1182  sizeof(struct GNUNET_CADET_AxHeader) + esize,
1183  0, &ax->HKr,
1184  &msg_hmac);
1185  if (0 != GNUNET_memcmp (&msg_hmac,
1186  &src->hmac))
1187  {
1188  static const char ctx[] = "axolotl ratchet";
1189  struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1191  struct GNUNET_HashCode dh;
1192  struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1193 
1194  /* Try Next HK */
1195  t_hmac (&src->ax_header,
1196  sizeof(struct GNUNET_CADET_AxHeader) + esize,
1197  0,
1198  &ax->NHKr,
1199  &msg_hmac);
1200  if (0 != GNUNET_memcmp (&msg_hmac,
1201  &src->hmac))
1202  {
1203  /* Try the skipped keys, if that fails, we're out of luck. */
1204  return try_old_ax_keys (ax,
1205  dst,
1206  src,
1207  size);
1208  }
1209  HK = ax->HKr;
1210  ax->HKr = ax->NHKr;
1211  t_h_decrypt (ax,
1212  src,
1213  &plaintext_header);
1214  Np = ntohl (plaintext_header.ax_header.Ns);
1215  PNp = ntohl (plaintext_header.ax_header.PNs);
1216  DHRp = &plaintext_header.ax_header.DHRs;
1217  store_ax_keys (ax,
1218  &HK,
1219  PNp);
1220 
1221  /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1223  DHRp,
1224  &dh);
1225  t_ax_hmac_hash (&ax->RK,
1226  &hmac,
1227  &dh, sizeof(dh));
1228  GNUNET_CRYPTO_kdf (keys, sizeof(keys),
1229  ctx, sizeof(ctx),
1230  &hmac, sizeof(hmac),
1231  NULL);
1232 
1233  /* Commit "purported" keys */
1234  ax->RK = keys[0];
1235  ax->NHKr = keys[1];
1236  ax->CKr = keys[2];
1237  ax->DHRr = *DHRp;
1238  ax->Nr = 0;
1240  }
1241  else
1242  {
1243  t_h_decrypt (ax,
1244  src,
1245  &plaintext_header);
1246  Np = ntohl (plaintext_header.ax_header.Ns);
1247  PNp = ntohl (plaintext_header.ax_header.PNs);
1248  }
1249  if ((Np != ax->Nr) &&
1250  (GNUNET_OK != store_ax_keys (ax,
1251  &ax->HKr,
1252  Np)))
1253  {
1254  /* Try the skipped keys, if that fails, we're out of luck. */
1255  return try_old_ax_keys (ax,
1256  dst,
1257  src,
1258  size);
1259  }
1260 
1261  t_ax_decrypt (ax,
1262  dst,
1263  &src[1],
1264  esize);
1265  ax->Nr = Np + 1;
1266  return esize;
1267 }
1268 
1269 
1279 static int
1281  uint32_t key,
1282  void *value)
1283 {
1284  struct CadetChannel *ch = value;
1285 
1286  GCCH_tunnel_up (ch);
1287  return GNUNET_OK;
1288 }
1289 
1290 
1298 void
1300  enum CadetTunnelEState state)
1301 {
1302  enum CadetTunnelEState old = t->estate;
1303 
1304  t->estate = state;
1306  "%s estate changed from %s to %s\n",
1307  GCT_2s (t),
1308  estate2s (old),
1309  estate2s (state));
1310 
1311  if ((CADET_TUNNEL_KEY_OK != old) &&
1312  (CADET_TUNNEL_KEY_OK == t->estate))
1313  {
1314  if (NULL != t->kx_task)
1315  {
1317  t->kx_task = NULL;
1318  }
1319  /* notify all channels that have been waiting */
1322  t);
1323  if (NULL != t->send_task)
1326  t);
1327  }
1328 }
1329 
1330 
1339 static void
1341  struct CadetTConnection *ct,
1342  struct CadetTunnelAxolotl *ax)
1343 {
1344  struct CadetConnection *cc;
1345  struct GNUNET_MQ_Envelope *env;
1348 
1350  return; /* only Alice may send KX */
1351  if ((NULL == ct) ||
1352  (GNUNET_NO == ct->is_ready))
1353  ct = get_ready_connection (t);
1354  if (NULL == ct)
1355  {
1357  "Wanted to send %s in state %s, but no connection is ready, deferring\n",
1358  GCT_2s (t),
1359  estate2s (t->estate));
1361  return;
1362  }
1363  cc = ct->cc;
1364  env = GNUNET_MQ_msg (msg,
1366  flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
1367  msg->flags = htonl (flags);
1368  msg->cid = *GCC_get_id (cc);
1370  &msg->ephemeral_key);
1371 #if DEBUG_KX
1372  msg->ephemeral_key_XXX = ax->kx_0;
1373  msg->private_key_XXX = *my_private_key;
1374 #endif
1376  "Sending KX message to %s with ephemeral %s on CID %s\n",
1377  GCT_2s (t),
1378  GNUNET_e2s (&msg->ephemeral_key),
1381  &msg->ratchet_key);
1386  GCT_change_estate (t,
1388  else if (CADET_TUNNEL_KEY_AX_RECV == t->estate)
1389  GCT_change_estate (t,
1391  GCC_transmit (cc,
1392  env);
1394  "# KX transmitted",
1395  1,
1396  GNUNET_NO);
1397 }
1398 
1399 
1410 static void
1412  struct CadetTConnection *ct,
1413  struct CadetTunnelAxolotl *ax,
1414  int force_reply)
1415 {
1416  struct CadetConnection *cc;
1417  struct GNUNET_MQ_Envelope *env;
1419  enum GNUNET_CADET_KX_Flags flags;
1420 
1421  if ((NULL == ct) ||
1422  (GNUNET_NO == ct->is_ready))
1423  ct = get_ready_connection (t);
1424  if (NULL == ct)
1425  {
1427  "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n",
1428  GCT_2s (t));
1430  t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */
1431  return;
1432  }
1433  t->kx_auth_requested = GNUNET_NO; /* clear flag */
1434  cc = ct->cc;
1435  env = GNUNET_MQ_msg (msg,
1437  flags = GNUNET_CADET_KX_FLAG_NONE;
1438  if (GNUNET_YES == force_reply)
1440  msg->kx.flags = htonl (flags);
1441  msg->kx.cid = *GCC_get_id (cc);
1443  &msg->kx.ephemeral_key);
1445  &msg->kx.ratchet_key);
1446 #if DEBUG_KX
1447  msg->kx.ephemeral_key_XXX = ax->kx_0;
1448  msg->kx.private_key_XXX = *my_private_key;
1449  msg->r_ephemeral_key_XXX = ax->last_ephemeral;
1450 #endif
1452  "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n",
1453  GCT_2s (t),
1454  GNUNET_e2s (&msg->kx.ephemeral_key),
1456 
1457  /* Compute authenticator (this is the main difference to #send_kx()) */
1458  GNUNET_CRYPTO_hash (&ax->RK,
1459  sizeof(ax->RK),
1460  &msg->auth);
1461  /* Compute when to be triggered again; actual job will
1462  be scheduled via #connection_ready_cb() */
1463  t->kx_retry_delay
1465  t->next_kx_attempt
1467 
1468  /* Send via cc, mark it as unready */
1470 
1471  /* Update state machine, unless we are already OK */
1472  if (CADET_TUNNEL_KEY_OK != t->estate)
1473  GCT_change_estate (t,
1475  GCC_transmit (cc,
1476  env);
1478  "# KX_AUTH transmitted",
1479  1,
1480  GNUNET_NO);
1481 }
1482 
1483 
1489 static void
1491 {
1492  while (NULL != ax->skipped_head)
1493  delete_skipped_key (ax,
1494  ax->skipped_head);
1495  GNUNET_assert (0 == ax->skipped);
1498 }
1499 
1500 
1514 static int
1516  const struct GNUNET_PeerIdentity *pid,
1517  const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key,
1518  const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
1519 {
1520  struct GNUNET_HashCode key_material[3];
1521  struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1522  const char salt[] = "CADET Axolotl salt";
1523  int am_I_alice;
1524 
1525  if (GNUNET_SYSERR == (am_I_alice = alice_or_betty (pid)))
1526  {
1527  GNUNET_break_op (0);
1528  return GNUNET_SYSERR;
1529  }
1530  if (0 == GNUNET_memcmp (&ax->DHRr,
1531  ratchet_key))
1532  {
1534  "# Ratchet key already known",
1535  1,
1536  GNUNET_NO);
1538  "Ratchet key already known. Ignoring KX.\n");
1539  return GNUNET_NO;
1540  }
1541 
1542  ax->DHRr = *ratchet_key;
1543  ax->last_ephemeral = *ephemeral_key;
1544  /* ECDH A B0 */
1545  if (GNUNET_YES == am_I_alice)
1546  {
1548  ephemeral_key, /* B0 */
1549  &key_material[0]);
1550  }
1551  else
1552  {
1553  GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */
1554  &pid->public_key, /* A */
1555  &key_material[0]);
1556  }
1557  /* ECDH A0 B */
1558  if (GNUNET_YES == am_I_alice)
1559  {
1560  GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */
1561  &pid->public_key, /* B */
1562  &key_material[1]);
1563  }
1564  else
1565  {
1567  ephemeral_key, /* A0 */
1568  &key_material[1]);
1569  }
1570 
1571  /* ECDH A0 B0 */
1572  GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */
1573  ephemeral_key, /* B0 or A0 */
1574  &key_material[2]);
1575  /* KDF */
1576  GNUNET_CRYPTO_kdf (keys, sizeof(keys),
1577  salt, sizeof(salt),
1578  &key_material, sizeof(key_material),
1579  NULL);
1580 
1581  if (0 == memcmp (&ax->RK,
1582  &keys[0],
1583  sizeof(ax->RK)))
1584  {
1586  "Root key already known. Ignoring KX.\n");
1588  "# Root key already known",
1589  1,
1590  GNUNET_NO);
1591  return GNUNET_NO;
1592  }
1593 
1594  ax->RK = keys[0];
1595  if (GNUNET_YES == am_I_alice)
1596  {
1597  ax->HKr = keys[1];
1598  ax->NHKs = keys[2];
1599  ax->NHKr = keys[3];
1600  ax->CKr = keys[4];
1601  ax->ratchet_flag = GNUNET_YES;
1602  }
1603  else
1604  {
1605  ax->HKs = keys[1];
1606  ax->NHKr = keys[2];
1607  ax->NHKs = keys[3];
1608  ax->CKs = keys[4];
1609  ax->ratchet_flag = GNUNET_NO;
1610  ax->ratchet_expiration
1612  ratchet_time);
1613  }
1614  return GNUNET_OK;
1615 }
1616 
1617 
1623 static void
1624 retry_kx (void *cls)
1625 {
1626  struct CadetTunnel *t = cls;
1627  struct CadetTunnelAxolotl *ax;
1628 
1629  t->kx_task = NULL;
1631  "Trying to make KX progress on %s in state %s\n",
1632  GCT_2s (t),
1633  estate2s (t->estate));
1634  switch (t->estate)
1635  {
1636  case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
1637  case CADET_TUNNEL_KEY_AX_SENT: /* trying again */
1638  send_kx (t,
1639  NULL,
1640  &t->ax);
1641  break;
1642 
1645  /* We are responding, so only require reply
1646  if WE have a channel waiting. */
1647  if (NULL != t->unverified_ax)
1648  {
1649  /* Send AX_AUTH so we might get this one verified */
1650  ax = t->unverified_ax;
1651  }
1652  else
1653  {
1654  /* How can this be? */
1655  GNUNET_break (0);
1656  ax = &t->ax;
1657  }
1658  send_kx_auth (t,
1659  NULL,
1660  ax,
1661  (0 == GCT_count_channels (t))
1662  ? GNUNET_NO
1663  : GNUNET_YES);
1664  break;
1665 
1667  /* We are responding, so only require reply
1668  if WE have a channel waiting. */
1669  if (NULL != t->unverified_ax)
1670  {
1671  /* Send AX_AUTH so we might get this one verified */
1672  ax = t->unverified_ax;
1673  }
1674  else
1675  {
1676  /* How can this be? */
1677  GNUNET_break (0);
1678  ax = &t->ax;
1679  }
1680  send_kx_auth (t,
1681  NULL,
1682  ax,
1683  (0 == GCT_count_channels (t))
1684  ? GNUNET_NO
1685  : GNUNET_YES);
1686  break;
1687 
1688  case CADET_TUNNEL_KEY_OK:
1689  /* Must have been the *other* peer asking us to
1690  respond with a KX_AUTH. */
1691  if (NULL != t->unverified_ax)
1692  {
1693  /* Sending AX_AUTH in response to AX so we might get this one verified */
1694  ax = t->unverified_ax;
1695  }
1696  else
1697  {
1698  /* Sending AX_AUTH in response to AX_AUTH */
1699  ax = &t->ax;
1700  }
1701  send_kx_auth (t,
1702  NULL,
1703  ax,
1704  GNUNET_NO);
1705  break;
1706  }
1707 }
1708 
1709 
1718 void
1721 {
1722  struct CadetTunnel *t = ct->t;
1723  int ret;
1724 
1726  "# KX received",
1727  1,
1728  GNUNET_NO);
1729  if (GNUNET_YES ==
1731  {
1732  /* Betty/Bob is not allowed to send KX! */
1733  GNUNET_break_op (0);
1734  return;
1735  }
1737  "Received KX message from %s with ephemeral %s from %s on connection %s\n",
1738  GCT_2s (t),
1739  GNUNET_e2s (&msg->ephemeral_key),
1741  GCC_2s (ct->cc));
1742 #if 1
1743  if ((0 ==
1744  memcmp (&t->ax.DHRr,
1745  &msg->ratchet_key,
1746  sizeof(msg->ratchet_key))) &&
1747  (0 ==
1748  memcmp (&t->ax.last_ephemeral,
1749  &msg->ephemeral_key,
1750  sizeof(msg->ephemeral_key))))
1751 
1752  {
1754  "# Duplicate KX received",
1755  1,
1756  GNUNET_NO);
1757  send_kx_auth (t,
1758  ct,
1759  &t->ax,
1760  GNUNET_NO);
1761  return;
1762  }
1763 #endif
1764  /* We only keep ONE unverified KX around, so if there is an existing one,
1765  clean it up. */
1766  if (NULL != t->unverified_ax)
1767  {
1768  if ((0 ==
1769  memcmp (&t->unverified_ax->DHRr,
1770  &msg->ratchet_key,
1771  sizeof(msg->ratchet_key))) &&
1772  (0 ==
1773  memcmp (&t->unverified_ax->last_ephemeral,
1774  &msg->ephemeral_key,
1775  sizeof(msg->ephemeral_key))))
1776  {
1778  "# Duplicate unverified KX received",
1779  1,
1780  GNUNET_NO);
1781 #if 1
1782  send_kx_auth (t,
1783  ct,
1784  t->unverified_ax,
1785  GNUNET_NO);
1786  return;
1787 #endif
1788  }
1790  "Dropping old unverified KX state.\n");
1792  "# Unverified KX dropped for fresh KX",
1793  1,
1794  GNUNET_NO);
1795  GNUNET_break (NULL == t->unverified_ax->skipped_head);
1796  memset (t->unverified_ax,
1797  0,
1798  sizeof(struct CadetTunnelAxolotl));
1799  }
1800  else
1801  {
1803  "Creating fresh unverified KX for %s\n",
1804  GCT_2s (t));
1806  "# Fresh KX setup",
1807  1,
1808  GNUNET_NO);
1810  }
1811  /* Set as the 'current' RK/DHRr the one we are currently using,
1812  so that the duplicate-detection logic of
1813  #update_ax_by_kx can work. */
1814  t->unverified_ax->RK = t->ax.RK;
1815  t->unverified_ax->DHRr = t->ax.DHRr;
1816  t->unverified_ax->DHRs = t->ax.DHRs;
1817  t->unverified_ax->kx_0 = t->ax.kx_0;
1818  t->unverified_attempts = 0;
1819 
1820  /* Update 'ax' by the new key material */
1821  ret = update_ax_by_kx (t->unverified_ax,
1822  GCP_get_id (t->destination),
1823  &msg->ephemeral_key,
1824  &msg->ratchet_key);
1825  GNUNET_break (GNUNET_SYSERR != ret);
1826  if (GNUNET_OK != ret)
1827  {
1829  "# Useless KX",
1830  1,
1831  GNUNET_NO);
1832  return; /* duplicate KX, nothing to do */
1833  }
1834  /* move ahead in our state machine */
1836  GCT_change_estate (t,
1838  else if (CADET_TUNNEL_KEY_AX_SENT == t->estate)
1839  GCT_change_estate (t,
1841 
1842  /* KX is still not done, try again our end. */
1843  if (CADET_TUNNEL_KEY_OK != t->estate)
1844  {
1845  if (NULL != t->kx_task)
1847  t->kx_task
1849  t);
1850  }
1851 }
1852 
1853 
1854 #if DEBUG_KX
1855 static void
1856 check_ee (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1857  const struct GNUNET_CRYPTO_EcdhePrivateKey *e2)
1858 {
1859  struct GNUNET_CRYPTO_EcdhePublicKey p1;
1860  struct GNUNET_CRYPTO_EcdhePublicKey p2;
1861  struct GNUNET_HashCode hc1;
1862  struct GNUNET_HashCode hc2;
1863 
1865  &p1);
1867  &p2);
1870  &p2,
1871  &hc1));
1874  &p1,
1875  &hc2));
1876  GNUNET_break (0 == GNUNET_memcmp (&hc1,
1877  &hc2));
1878 }
1879 
1880 
1881 static void
1882 check_ed (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1883  const struct GNUNET_CRYPTO_EddsaPrivateKey *e2)
1884 {
1885  struct GNUNET_CRYPTO_EcdhePublicKey p1;
1886  struct GNUNET_CRYPTO_EddsaPublicKey p2;
1887  struct GNUNET_HashCode hc1;
1888  struct GNUNET_HashCode hc2;
1889 
1891  &p1);
1893  &p2);
1896  &p2,
1897  &hc1));
1900  &p1,
1901  &hc2));
1902  GNUNET_break (0 == GNUNET_memcmp (&hc1,
1903  &hc2));
1904 }
1905 
1906 
1907 static void
1908 test_crypto_bug (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1909  const struct GNUNET_CRYPTO_EcdhePrivateKey *e2,
1910  const struct GNUNET_CRYPTO_EddsaPrivateKey *d1,
1911  const struct GNUNET_CRYPTO_EddsaPrivateKey *d2)
1912 {
1913  check_ee (e1, e2);
1914  check_ed (e1, d2);
1915  check_ed (e2, d1);
1916 }
1917 
1918 
1919 #endif
1920 
1921 
1928 void
1931 {
1932  struct CadetTunnel *t = ct->t;
1933  struct CadetTunnelAxolotl ax_tmp;
1934  struct GNUNET_HashCode kx_auth;
1935  int ret;
1936 
1938  "# KX_AUTH received",
1939  1,
1940  GNUNET_NO);
1941  if ((CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
1943  {
1944  /* Confusing, we got a KX_AUTH before we even send our own
1945  KX. This should not happen. We'll send our own KX ASAP anyway,
1946  so let's ignore this here. */
1947  GNUNET_break_op (0);
1948  return;
1949  }
1951  "Handling KX_AUTH message from %s with ephemeral %s\n",
1952  GCT_2s (t),
1953  GNUNET_e2s (&msg->kx.ephemeral_key));
1954  /* We do everything in ax_tmp until we've checked the authentication
1955  so we don't clobber anything we care about by accident. */
1956  ax_tmp = t->ax;
1957 
1958  /* Update 'ax' by the new key material */
1959  ret = update_ax_by_kx (&ax_tmp,
1960  GCP_get_id (t->destination),
1961  &msg->kx.ephemeral_key,
1962  &msg->kx.ratchet_key);
1963  if (GNUNET_OK != ret)
1964  {
1965  if (GNUNET_NO == ret)
1967  "# redundant KX_AUTH received",
1968  1,
1969  GNUNET_NO);
1970  else
1971  GNUNET_break (0); /* connect to self!? */
1972  return;
1973  }
1974  GNUNET_CRYPTO_hash (&ax_tmp.RK,
1975  sizeof(ax_tmp.RK),
1976  &kx_auth);
1977  if (0 != GNUNET_memcmp (&kx_auth,
1978  &msg->auth))
1979  {
1980  /* This KX_AUTH is not using the latest KX/KX_AUTH data
1981  we transmitted to the sender, refuse it, try KX again. */
1983  "# KX_AUTH not using our last KX received (auth failure)",
1984  1,
1985  GNUNET_NO);
1987  "KX AUTH mismatch!\n");
1988 #if DEBUG_KX
1989  {
1990  struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1991 
1993  &ephemeral_key);
1994  if (0 != GNUNET_memcmp (&ephemeral_key,
1995  &msg->r_ephemeral_key_XXX))
1996  {
1998  "My ephemeral is %s!\n",
1999  GNUNET_e2s (&ephemeral_key));
2001  "Response is for ephemeral %s!\n",
2002  GNUNET_e2s (&msg->r_ephemeral_key_XXX));
2003  }
2004  else
2005  {
2006  test_crypto_bug (&ax_tmp.kx_0,
2007  &msg->kx.ephemeral_key_XXX,
2009  &msg->kx.private_key_XXX);
2010  }
2011  }
2012 #endif
2013  if (NULL == t->kx_task)
2014  t->kx_task
2016  &retry_kx,
2017  t);
2018  return;
2019  }
2020  /* Yep, we're good. */
2021  t->ax = ax_tmp;
2022  if (NULL != t->unverified_ax)
2023  {
2024  /* We got some "stale" KX before, drop that. */
2027  t->unverified_ax = NULL;
2028  }
2029 
2030  /* move ahead in our state machine */
2031  switch (t->estate)
2032  {
2035  /* Checked above, this is impossible. */
2036  GNUNET_assert (0);
2037  break;
2038 
2039  case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */
2040  case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */
2041  case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */
2042  GCT_change_estate (t,
2044  break;
2045 
2046  case CADET_TUNNEL_KEY_OK:
2047  /* Did not expect another KX_AUTH, but so what, still acceptable.
2048  Nothing to do here. */
2049  break;
2050  }
2051  if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->kx.flags)))
2052  {
2053  send_kx_auth (t,
2054  NULL,
2055  &t->ax,
2056  GNUNET_NO);
2057  }
2058 }
2059 
2060 
2061 /* ************************************** end core crypto ***************************** */
2062 
2063 
2072 {
2073 #define HIGH_BIT 0x8000000
2075  uint32_t ctn;
2076  int cmp;
2077  uint32_t highbit;
2078 
2079  cmp = GNUNET_memcmp (&my_full_id,
2081  if (0 < cmp)
2082  highbit = HIGH_BIT;
2083  else if (0 > cmp)
2084  highbit = 0;
2085  else
2086  GNUNET_assert (0); // loopback must never go here!
2087  ctn = ntohl (t->next_ctn.cn);
2088  while (NULL !=
2090  ctn | highbit))
2091  {
2092  ctn = ((ctn + 1) & (~HIGH_BIT));
2093  }
2094  t->next_ctn.cn = htonl ((ctn + 1) & (~HIGH_BIT));
2095  ret.cn = htonl (ctn | highbit);
2096  return ret;
2097 }
2098 
2099 
2111  struct CadetChannel *ch)
2112 {
2114 
2115  ctn = get_next_free_ctn (t);
2116  if (NULL != t->destroy_task)
2117  {
2118  GNUNET_SCHEDULER_cancel (t->destroy_task);
2119  t->destroy_task = NULL;
2120  }
2123  ntohl (ctn.cn),
2124  ch,
2127  "Adding %s to %s\n",
2128  GCCH_2s (ch),
2129  GCT_2s (t));
2130  switch (t->estate)
2131  {
2133  /* waiting for connection to start KX */
2134  break;
2135 
2139  /* we're currently waiting for KX to complete */
2140  break;
2141 
2143  /* waiting for OTHER peer to send us data,
2144  we might need to prompt more aggressively! */
2145  if (NULL == t->kx_task)
2146  t->kx_task
2147  = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2148  &retry_kx,
2149  t);
2150  break;
2151 
2152  case CADET_TUNNEL_KEY_OK:
2153  /* We are ready. Tell the new channel that we are up. */
2154  GCCH_tunnel_up (ch);
2155  break;
2156  }
2157  return ctn;
2158 }
2159 
2160 
2167 void
2169 {
2170  struct CadetTunnel *t = ct->t;
2171 
2172  if (GNUNET_YES == ct->is_ready)
2173  {
2176  ct);
2177  t->num_ready_connections--;
2178  }
2179  else
2180  {
2183  ct);
2184  t->num_busy_connections--;
2185  }
2186  GNUNET_free (ct);
2187 }
2188 
2189 
2196 static void
2198  struct CadetTConnection *ct)
2199 {
2200  struct CadetTunnel *t = cls;
2201  struct CadetConnection *cc = ct->cc;
2202 
2203  GNUNET_assert (ct->t == t);
2204  GCT_connection_lost (ct);
2206 }
2207 
2208 
2214 static void
2215 destroy_tunnel (void *cls)
2216 {
2217  struct CadetTunnel *t = cls;
2218  struct CadetTunnelQueueEntry *tq;
2219 
2220  t->destroy_task = NULL;
2222  "Destroying idle %s\n",
2223  GCT_2s (t));
2224  GNUNET_assert (0 == GCT_count_channels (t));
2227  t);
2228  GNUNET_assert (NULL == t->connection_ready_head);
2229  GNUNET_assert (NULL == t->connection_busy_head);
2230  while (NULL != (tq = t->tq_head))
2231  {
2232  if (NULL != tq->cont)
2233  tq->cont (tq->cont_cls,
2234  NULL);
2235  GCT_send_cancel (tq);
2236  }
2238  t);
2240  if (NULL != t->maintain_connections_task)
2241  {
2243  t->maintain_connections_task = NULL;
2244  }
2245  if (NULL != t->send_task)
2246  {
2248  t->send_task = NULL;
2249  }
2250  if (NULL != t->kx_task)
2251  {
2253  t->kx_task = NULL;
2254  }
2255  GNUNET_MST_destroy (t->mst);
2256  GNUNET_MQ_destroy (t->mq);
2257  if (NULL != t->unverified_ax)
2258  {
2261  }
2262  cleanup_ax (&t->ax);
2263  GNUNET_assert (NULL == t->destroy_task);
2264  GNUNET_free (t);
2265 }
2266 
2267 
2275 void
2277  struct CadetChannel *ch,
2279 {
2281  "Removing %s from %s\n",
2282  GCCH_2s (ch),
2283  GCT_2s (t));
2286  ntohl (ctn.cn),
2287  ch));
2288  if ((0 ==
2289  GCT_count_channels (t)) &&
2290  (NULL == t->destroy_task))
2291  {
2292  t->destroy_task
2294  &destroy_tunnel,
2295  t);
2296  }
2297 }
2298 
2299 
2308 static int
2310  uint32_t key,
2311  void *value)
2312 {
2313  struct CadetChannel *ch = value;
2314 
2316  NULL);
2317  return GNUNET_OK;
2318 }
2319 
2320 
2326 void
2328 {
2332  t);
2333  GNUNET_assert (0 ==
2334  GCT_count_channels (t));
2335  if (NULL != t->destroy_task)
2336  {
2338  t->destroy_task = NULL;
2339  }
2340  destroy_tunnel (t);
2341 }
2342 
2343 
2351 static void
2353  struct CadetTConnection *ct)
2354 {
2355  struct CadetTunnelQueueEntry *tq;
2356 
2358  tq = t->tq_head;
2359  if (NULL == tq)
2360  {
2361  /* no messages pending right now */
2363  "Not sending payload of %s on ready %s (nothing pending)\n",
2364  GCT_2s (t),
2365  GCC_2s (ct->cc));
2366  return;
2367  }
2368  /* ready to send message 'tq' on tunnel 'ct' */
2369  GNUNET_assert (t == tq->t);
2371  t->tq_tail,
2372  tq);
2373  if (NULL != tq->cid)
2374  *tq->cid = *GCC_get_id (ct->cc);
2377  "Sending payload of %s on %s\n",
2378  GCT_2s (t),
2379  GCC_2s (ct->cc));
2380  GCC_transmit (ct->cc,
2381  tq->env);
2382  if (NULL != tq->cont)
2383  tq->cont (tq->cont_cls,
2384  GCC_get_id (ct->cc));
2385  GNUNET_free (tq);
2386 }
2387 
2388 
2397 static void
2399  int is_ready)
2400 {
2401  struct CadetTConnection *ct = cls;
2402  struct CadetTunnel *t = ct->t;
2403 
2404  if (GNUNET_NO == is_ready)
2405  {
2407  "%s no longer ready for %s\n",
2408  GCC_2s (ct->cc),
2409  GCT_2s (t));
2411  return;
2412  }
2413  GNUNET_assert (GNUNET_NO == ct->is_ready);
2416  ct);
2418  t->num_busy_connections--;
2419  ct->is_ready = GNUNET_YES;
2422  ct);
2423  t->num_ready_connections++;
2424 
2426  "%s now ready for %s in state %s\n",
2427  GCC_2s (ct->cc),
2428  GCT_2s (t),
2429  estate2s (t->estate));
2430  switch (t->estate)
2431  {
2433  /* Do not begin KX if WE have no channels waiting! */
2436  return; /* wait for timeout before retrying */
2437  /* We are uninitialized, just transmit immediately,
2438  without undue delay. */
2439  if (NULL != t->kx_task)
2440  {
2442  t->kx_task = NULL;
2443  }
2444  send_kx (t,
2445  ct,
2446  &t->ax);
2447  if ((0 ==
2448  GCT_count_channels (t)) &&
2449  (NULL == t->destroy_task))
2450  {
2451  t->destroy_task
2453  &destroy_tunnel,
2454  t);
2455  }
2456  break;
2457 
2462  /* we're currently waiting for KX to complete, schedule job */
2463  if (NULL == t->kx_task)
2464  t->kx_task
2466  &retry_kx,
2467  t);
2468  break;
2469 
2470  case CADET_TUNNEL_KEY_OK:
2471  if (GNUNET_YES == t->kx_auth_requested)
2472  {
2475  return; /* wait for timeout */
2476  if (NULL != t->kx_task)
2477  {
2479  t->kx_task = NULL;
2480  }
2481  send_kx_auth (t,
2482  ct,
2483  &t->ax,
2484  GNUNET_NO);
2485  return;
2486  }
2488  ct);
2489  break;
2490  }
2491 }
2492 
2493 
2502 static void
2504 {
2505  struct CadetTunnel *t = cls;
2506  struct CadetTConnection *ct;
2507 
2508  t->send_task = NULL;
2509  if (NULL == t->tq_head)
2510  return; /* no messages pending right now */
2511  ct = get_ready_connection (t);
2512  if (NULL == ct)
2513  return; /* no connections ready */
2515  ct);
2516 }
2517 
2518 
2524 {
2528  unsigned int min_length;
2529 
2533  unsigned int max_length;
2534 
2539 
2544 
2549 
2555 
2559  double worst_score;
2560 
2565 };
2566 
2567 
2575 static void
2577  struct CadetTConnection *ct)
2578 {
2579  struct EvaluationSummary *es = cls;
2580  struct CadetConnection *cc = ct->cc;
2581  unsigned int ct_length;
2582  struct CadetPeerPath *ps;
2583  const struct CadetConnectionMetrics *metrics;
2584  GNUNET_CONTAINER_HeapCostType ct_desirability;
2585  struct GNUNET_TIME_Relative uptime;
2586  struct GNUNET_TIME_Relative last_use;
2587  double score;
2588  double success_rate;
2589 
2590  ps = GCC_get_path (cc,
2591  &ct_length);
2593  "Evaluating path %s of existing %s\n",
2594  GCPP_2s (ps),
2595  GCC_2s (cc));
2596  if (ps == es->path)
2597  {
2599  "Ignoring duplicate path %s.\n",
2600  GCPP_2s (es->path));
2601  es->duplicate = GNUNET_YES;
2602  return;
2603  }
2604  if (NULL != es->path)
2605  {
2606  int duplicate = GNUNET_YES;
2607 
2608  for (unsigned int i = 0; i < ct_length; i++)
2609  {
2610  GNUNET_assert (GCPP_get_length (es->path) > i);
2611  if (GCPP_get_peer_at_offset (es->path,
2612  i) !=
2614  i))
2615  {
2616  duplicate = GNUNET_NO;
2617  break;
2618  }
2619  }
2620  if (GNUNET_YES == duplicate)
2621  {
2623  "Ignoring overlapping path %s.\n",
2624  GCPP_2s (es->path));
2625  es->duplicate = GNUNET_YES;
2626  return;
2627  }
2628  else
2629  {
2631  "Known path %s differs from proposed path\n",
2632  GCPP_2s (ps));
2633  }
2634  }
2635 
2636  ct_desirability = GCPP_get_desirability (ps);
2637  metrics = GCC_get_metrics (cc);
2638  uptime = GNUNET_TIME_absolute_get_duration (metrics->age);
2639  last_use = GNUNET_TIME_absolute_get_duration (metrics->last_use);
2640  /* We add 1.0 here to avoid division by zero. */
2641  success_rate = (metrics->num_acked_transmissions + 1.0)
2642  / (metrics->num_successes + 1.0);
2643  score
2644  = ct_desirability
2645  + 100.0 / (1.0 + ct_length) /* longer paths = better */
2646  + sqrt (uptime.rel_value_us / 60000000LL) /* larger uptime = better */
2647  - last_use.rel_value_us / 1000L; /* longer idle = worse */
2648  score *= success_rate; /* weigh overall by success rate */
2649 
2650  if ((NULL == es->worst) ||
2651  (score < es->worst_score))
2652  {
2653  es->worst = ct;
2654  es->worst_score = score;
2655  }
2656  es->min_length = GNUNET_MIN (es->min_length,
2657  ct_length);
2658  es->max_length = GNUNET_MAX (es->max_length,
2659  ct_length);
2660  es->min_desire = GNUNET_MIN (es->min_desire,
2661  ct_desirability);
2662  es->max_desire = GNUNET_MAX (es->max_desire,
2663  ct_desirability);
2664 }
2665 
2666 
2676 static int
2677 consider_path_cb (void *cls,
2678  struct CadetPeerPath *path,
2679  unsigned int off)
2680 {
2681  struct CadetTunnel *t = cls;
2682  struct EvaluationSummary es;
2683  struct CadetTConnection *ct;
2684 
2685  GNUNET_assert (off < GCPP_get_length (path));
2687  off) == t->destination);
2688  es.min_length = UINT_MAX;
2689  es.max_length = 0;
2690  es.max_desire = 0;
2691  es.min_desire = UINT64_MAX;
2692  es.path = path;
2693  es.duplicate = GNUNET_NO;
2694  es.worst = NULL;
2695 
2696  /* Compute evaluation summary over existing connections. */
2698  "Evaluating proposed path %s for target %s\n",
2699  GCPP_2s (path),
2700  GCT_2s (t));
2701  /* FIXME: suspect this does not ACTUALLY iterate
2702  over all existing paths, otherwise dup detection
2703  should work!!! */
2706  &es);
2707  if (GNUNET_YES == es.duplicate)
2708  return GNUNET_YES;
2709 
2710  /* FIXME: not sure we should really just count
2711  'num_connections' here, as they may all have
2712  consistently failed to connect. */
2713 
2714  /* We iterate by increasing path length; if we have enough paths and
2715  this one is more than twice as long than what we are currently
2716  using, then ignore all of these super-long ones! */
2718  (es.min_length * 2 < off) &&
2719  (es.max_length < off))
2720  {
2722  "Ignoring paths of length %u, they are way too long.\n",
2723  es.min_length * 2);
2724  return GNUNET_NO;
2725  }
2726  /* If we have enough paths and this one looks no better, ignore it. */
2728  (es.min_length < GCPP_get_length (path)) &&
2729  (es.min_desire > GCPP_get_desirability (path)) &&
2730  (es.max_length < off))
2731  {
2733  "Ignoring path (%u/%llu) to %s, got something better already.\n",
2734  GCPP_get_length (path),
2735  (unsigned long long) GCPP_get_desirability (path),
2736  GCP_2s (t->destination));
2737  return GNUNET_YES;
2738  }
2739 
2740  /* Path is interesting (better by some metric, or we don't have
2741  enough paths yet). */
2742  ct = GNUNET_new (struct CadetTConnection);
2744  ct->t = t;
2745  ct->cc = GCC_create (t->destination,
2746  path,
2747  off,
2748  ct,
2750  ct);
2751 
2752  /* FIXME: schedule job to kill connection (and path?) if it takes
2753  too long to get ready! (And track performance data on how long
2754  other connections took with the tunnel!)
2755  => Note: to be done within 'connection'-logic! */
2758  ct);
2759  t->num_busy_connections++;
2761  "Found interesting path %s for %s, created %s\n",
2762  GCPP_2s (path),
2763  GCT_2s (t),
2764  GCC_2s (ct->cc));
2765  return GNUNET_YES;
2766 }
2767 
2768 
2782 static void
2784 {
2785  struct CadetTunnel *t = cls;
2786  struct GNUNET_TIME_Relative delay;
2787  struct EvaluationSummary es;
2788 
2789  t->maintain_connections_task = NULL;
2791  "Performing connection maintenance for %s.\n",
2792  GCT_2s (t));
2793 
2794  es.min_length = UINT_MAX;
2795  es.max_length = 0;
2796  es.max_desire = 0;
2797  es.min_desire = UINT64_MAX;
2798  es.path = NULL;
2799  es.worst = NULL;
2800  es.duplicate = GNUNET_NO;
2803  &es);
2804  if ((NULL != es.worst) &&
2806  {
2807  /* Clear out worst-performing connection 'es.worst'. */
2809  es.worst);
2810  }
2811 
2812  /* Consider additional paths */
2813  (void) GCP_iterate_paths (t->destination,
2815  t);
2816 
2817  /* FIXME: calculate when to try again based on how well we are doing;
2818  in particular, if we have to few connections, we might be able
2819  to do without this (as PATHS should tell us whenever a new path
2820  is available instantly; however, need to make sure this job is
2821  restarted after that happens).
2822  Furthermore, if the paths we do know are in a reasonably narrow
2823  quality band and are plentyful, we might also consider us stabilized
2824  and then reduce the frequency accordingly. */delay = GNUNET_TIME_UNIT_MINUTES;
2828  t);
2829 }
2830 
2831 
2840 void
2842  struct CadetPeerPath *p,
2843  unsigned int off)
2844 {
2846  "Considering %s for %s (offset %u)\n",
2847  GCPP_2s (p),
2848  GCT_2s (t),
2849  off);
2850  (void) consider_path_cb (t,
2851  p,
2852  off);
2853 }
2854 
2855 
2862 static void
2864  const struct GNUNET_MessageHeader *msg)
2865 {
2866  struct CadetTunnel *t = cls;
2867 
2869  "Received KEEPALIVE on %s\n",
2870  GCT_2s (t));
2872  "# keepalives received",
2873  1,
2874  GNUNET_NO);
2875 }
2876 
2877 
2885 static int
2888 {
2889  return GNUNET_OK;
2890 }
2891 
2892 
2900 static void
2903 {
2904  struct CadetTunnel *t = cls;
2905  struct CadetChannel *ch;
2906 
2907  ch = lookup_channel (t,
2908  msg->ctn);
2909  if (NULL == ch)
2910  {
2911  /* We don't know about such a channel, might have been destroyed on our
2912  end in the meantime, or never existed. Send back a DESTROY. */
2914  "Received %u bytes of application data for unknown channel %u, sending DESTROY\n",
2915  (unsigned int) (ntohs (msg->header.size) - sizeof(*msg)),
2916  ntohl (msg->ctn.cn));
2918  msg->ctn);
2919  return;
2920  }
2922  GCC_get_id (t->current_ct->cc),
2923  msg);
2924 }
2925 
2926 
2935 static void
2937  const struct GNUNET_CADET_ChannelDataAckMessage *ack)
2938 {
2939  struct CadetTunnel *t = cls;
2940  struct CadetChannel *ch;
2941 
2942  ch = lookup_channel (t,
2943  ack->ctn);
2944  if (NULL == ch)
2945  {
2946  /* We don't know about such a channel, might have been destroyed on our
2947  end in the meantime, or never existed. Send back a DESTROY. */
2949  "Received DATA_ACK for unknown channel %u, sending DESTROY\n",
2950  ntohl (ack->ctn.cn));
2952  ack->ctn);
2953  return;
2954  }
2956  GCC_get_id (t->current_ct->cc),
2957  ack);
2958 }
2959 
2960 
2968 static void
2970  const struct
2972 {
2973  struct CadetTunnel *t = cls;
2974  struct CadetChannel *ch;
2975 
2977  ntohl (copen->ctn.cn));
2978  if (NULL != ch)
2979  {
2981  "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
2982  GNUNET_h2s (&copen->h_port),
2983  GCT_2s (t),
2984  GCCH_2s (ch));
2986  GCC_get_id (t->current_ct->cc));
2987  return;
2988  }
2990  "Received CHANNEL_OPEN on h_port %s from %s\n",
2991  GNUNET_h2s (&copen->h_port),
2992  GCT_2s (t));
2993  ch = GCCH_channel_incoming_new (t,
2994  copen->ctn,
2995  &copen->h_port,
2996  ntohl (copen->opt));
2997  if (NULL != t->destroy_task)
2998  {
3000  t->destroy_task = NULL;
3001  }
3004  ntohl (copen->ctn.cn),
3005  ch,
3007 }
3008 
3009 
3016 void
3019 {
3021 
3023  "Sending DESTORY message for channel ID %u\n",
3024  ntohl (ctn.cn));
3025  msg.header.size = htons (sizeof(msg));
3027  msg.reserved = htonl (0);
3028  msg.ctn = ctn;
3029  GCT_send (t,
3030  &msg.header,
3031  NULL,
3032  NULL);
3033 }
3034 
3035 
3044 static void
3046  const struct
3048 {
3049  struct CadetTunnel *t = cls;
3050  struct CadetChannel *ch;
3051 
3052  ch = lookup_channel (t,
3053  cm->ctn);
3054  if (NULL == ch)
3055  {
3056  /* We don't know about such a channel, might have been destroyed on our
3057  end in the meantime, or never existed. Send back a DESTROY. */
3059  "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n",
3060  ntohl (cm->ctn.cn));
3062  cm->ctn);
3063  return;
3064  }
3066  "Received channel OPEN_ACK on channel %s from %s\n",
3067  GCCH_2s (ch),
3068  GCT_2s (t));
3070  GCC_get_id (t->current_ct->cc),
3071  &cm->port);
3072 }
3073 
3074 
3082 static void
3084  const struct
3086 {
3087  struct CadetTunnel *t = cls;
3088  struct CadetChannel *ch;
3089 
3090  ch = lookup_channel (t,
3091  cm->ctn);
3092  if (NULL == ch)
3093  {
3094  /* We don't know about such a channel, might have been destroyed on our
3095  end in the meantime, or never existed. */
3097  "Received channel DESTORY for unknown channel %u. Ignoring.\n",
3098  ntohl (cm->ctn.cn));
3099  return;
3100  }
3102  "Received channel DESTROY on %s from %s\n",
3103  GCCH_2s (ch),
3104  GCT_2s (t));
3106  GCC_get_id (t->current_ct->cc));
3107 }
3108 
3109 
3120 static int
3121 handle_decrypted (void *cls,
3122  const struct GNUNET_MessageHeader *msg)
3123 {
3124  struct CadetTunnel *t = cls;
3125 
3126  GNUNET_assert (NULL != t->current_ct);
3128  msg);
3129  return GNUNET_OK;
3130 }
3131 
3132 
3140 static void
3142  enum GNUNET_MQ_Error error)
3143 {
3144  GNUNET_break_op (0);
3145 }
3146 
3147 
3155 struct CadetTunnel *
3157 {
3158  struct CadetTunnel *t = GNUNET_new (struct CadetTunnel);
3159  struct GNUNET_MQ_MessageHandler handlers[] = {
3160  GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
3162  struct GNUNET_MessageHeader,
3163  t),
3164  GNUNET_MQ_hd_var_size (plaintext_data,
3167  t),
3168  GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
3171  t),
3172  GNUNET_MQ_hd_fixed_size (plaintext_channel_open,
3175  t),
3176  GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
3179  t),
3180  GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
3183  t),
3185  };
3186 
3188  new_ephemeral (&t->ax);
3191  t->destination = destination;
3195  t);
3196  t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
3197  NULL,
3198  NULL,
3199  NULL,
3200  handlers,
3202  t);
3204  t);
3205  return t;
3206 }
3207 
3208 
3219 int
3221  const struct
3223  struct CadetPeerPath *path)
3224 {
3225  struct CadetTConnection *ct;
3226 
3227  ct = GNUNET_new (struct CadetTConnection);
3229  ct->t = t;
3230  ct->cc = GCC_create_inbound (t->destination,
3231  path,
3232  ct,
3233  cid,
3235  ct);
3236  if (NULL == ct->cc)
3237  {
3239  "%s refused inbound %s (duplicate)\n",
3240  GCT_2s (t),
3241  GCC_2s (ct->cc));
3242  GNUNET_free (ct);
3243  return GNUNET_SYSERR;
3244  }
3245  /* FIXME: schedule job to kill connection (and path?) if it takes
3246  too long to get ready! (And track performance data on how long
3247  other connections took with the tunnel!)
3248  => Note: to be done within 'connection'-logic! */
3251  ct);
3252  t->num_busy_connections++;
3254  "%s has new %s\n",
3255  GCT_2s (t),
3256  GCC_2s (ct->cc));
3257  return GNUNET_OK;
3258 }
3259 
3260 
3267 void
3270 {
3271  struct CadetTunnel *t = ct->t;
3272  uint16_t size = ntohs (msg->header.size);
3273  char cbuf [size] GNUNET_ALIGN;
3274  ssize_t decrypted_size;
3275 
3277  "%s received %u bytes of encrypted data in state %d\n",
3278  GCT_2s (t),
3279  (unsigned int) size,
3280  t->estate);
3281 
3282  switch (t->estate)
3283  {
3286  /* We did not even SEND our KX, how can the other peer
3287  send us encrypted data? Must have been that we went
3288  down and the other peer still things we are up.
3289  Let's send it KX back. */
3291  "# received encrypted without any KX",
3292  1,
3293  GNUNET_NO);
3294  if (NULL != t->kx_task)
3295  {
3297  t->kx_task = NULL;
3298  }
3299  send_kx (t,
3300  ct,
3301  &t->ax);
3302  return;
3303 
3305  /* We send KX, and other peer send KX to us at the same time.
3306  Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3308  "# received encrypted without KX_AUTH",
3309  1,
3310  GNUNET_NO);
3311  if (NULL != t->kx_task)
3312  {
3314  t->kx_task = NULL;
3315  }
3316  send_kx_auth (t,
3317  ct,
3318  &t->ax,
3319  GNUNET_YES);
3320  return;
3321 
3323  /* We did not get the KX of the other peer, but that
3324  might have been lost. Send our KX again immediately. */
3326  "# received encrypted without KX",
3327  1,
3328  GNUNET_NO);
3329  if (NULL != t->kx_task)
3330  {
3332  t->kx_task = NULL;
3333  }
3334  send_kx (t,
3335  ct,
3336  &t->ax);
3337  return;
3338 
3340  /* Great, first payload, we might graduate to OK! */
3341  case CADET_TUNNEL_KEY_OK:
3342  /* We are up and running, all good. */
3343  break;
3344  }
3345 
3346  decrypted_size = -1;
3347  if (CADET_TUNNEL_KEY_OK == t->estate)
3348  {
3349  /* We have well-established key material available,
3350  try that. (This is the common case.) */
3351  decrypted_size = t_ax_decrypt_and_validate (&t->ax,
3352  cbuf,
3353  msg,
3354  size);
3355  }
3356 
3357  if ((-1 == decrypted_size) &&
3358  (NULL != t->unverified_ax))
3359  {
3360  /* We have un-authenticated KX material available. We should try
3361  this as a back-up option, in case the sender crashed and
3362  switched keys. */
3363  decrypted_size = t_ax_decrypt_and_validate (t->unverified_ax,
3364  cbuf,
3365  msg,
3366  size);
3367  if (-1 != decrypted_size)
3368  {
3369  /* It worked! Treat this as authentication of the AX data! */
3370  cleanup_ax (&t->ax);
3371  t->ax = *t->unverified_ax;
3373  t->unverified_ax = NULL;
3374  }
3376  {
3377  /* First time it worked, move tunnel into production! */
3378  GCT_change_estate (t,
3380  if (NULL != t->send_task)
3383  t);
3384  }
3385  }
3386  if (NULL != t->unverified_ax)
3387  {
3388  /* We had unverified KX material that was useless; so increment
3389  counter and eventually move to ignore it. Note that we even do
3390  this increment if we successfully decrypted with the old KX
3391  material and thus didn't even both with the new one. This is
3392  the ideal case, as a malicious injection of bogus KX data
3393  basically only causes us to increment a counter a few times. */t->unverified_attempts++;
3395  "Failed to decrypt message with unverified KX data %u times\n",
3396  t->unverified_attempts);
3398  {
3401  t->unverified_ax = NULL;
3402  }
3403  }
3404 
3405  if (-1 == decrypted_size)
3406  {
3407  /* Decryption failed for good, complain. */
3409  "%s failed to decrypt and validate encrypted data, retrying KX\n",
3410  GCT_2s (t));
3412  "# unable to decrypt",
3413  1,
3414  GNUNET_NO);
3415  if (NULL != t->kx_task)
3416  {
3418  t->kx_task = NULL;
3419  }
3420  send_kx (t,
3421  ct,
3422  &t->ax);
3423  return;
3424  }
3426  "# decrypted bytes",
3427  decrypted_size,
3428  GNUNET_NO);
3429 
3430  /* The MST will ultimately call #handle_decrypted() on each message. */
3431  t->current_ct = ct;
3434  cbuf,
3435  decrypted_size,
3436  GNUNET_YES,
3437  GNUNET_NO));
3438  t->current_ct = NULL;
3439 }
3440 
3441 
3452 struct CadetTunnelQueueEntry *
3454  const struct GNUNET_MessageHeader *message,
3456  void *cont_cls)
3457 {
3458  struct CadetTunnelQueueEntry *tq;
3459  uint16_t payload_size;
3460  struct GNUNET_MQ_Envelope *env;
3461  struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
3462 
3463  if (CADET_TUNNEL_KEY_OK != t->estate)
3464  {
3465  GNUNET_break (0);
3466  return NULL;
3467  }
3468  payload_size = ntohs (message->size);
3470  "Encrypting %u bytes for %s\n",
3471  (unsigned int) payload_size,
3472  GCT_2s (t));
3473  env = GNUNET_MQ_msg_extra (ax_msg,
3474  payload_size,
3476  t_ax_encrypt (&t->ax,
3477  &ax_msg[1],
3478  message,
3479  payload_size);
3481  "# encrypted bytes",
3482  payload_size,
3483  GNUNET_NO);
3484  ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
3485  ax_msg->ax_header.PNs = htonl (t->ax.PNs);
3486  /* FIXME: we should do this once, not once per message;
3487  this is a point multiplication, and DHRs does not
3488  change all the time. */
3490  &ax_msg->ax_header.DHRs);
3491  t_h_encrypt (&t->ax,
3492  ax_msg);
3493  t_hmac (&ax_msg->ax_header,
3494  sizeof(struct GNUNET_CADET_AxHeader) + payload_size,
3495  0,
3496  &t->ax.HKs,
3497  &ax_msg->hmac);
3498 
3499  tq = GNUNET_malloc (sizeof(*tq));
3500  tq->t = t;
3501  tq->env = env;
3502  tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */
3503  tq->cont = cont;
3504  tq->cont_cls = cont_cls;
3506  t->tq_tail,
3507  tq);
3508  if (NULL != t->send_task)
3510  t->send_task
3512  t);
3513  return tq;
3514 }
3515 
3516 
3526 void
3528 {
3529  struct CadetTunnel *t = tq->t;
3530 
3532  t->tq_tail,
3533  tq);
3534  GNUNET_MQ_discard (tq->env);
3535  GNUNET_free (tq);
3536 }
3537 
3538 
3546 void
3549  void *iter_cls)
3550 {
3551  struct CadetTConnection *n;
3552 
3553  for (struct CadetTConnection *ct = t->connection_ready_head;
3554  NULL != ct;
3555  ct = n)
3556  {
3557  n = ct->next;
3558  iter (iter_cls,
3559  ct);
3560  }
3561  for (struct CadetTConnection *ct = t->connection_busy_head;
3562  NULL != ct;
3563  ct = n)
3564  {
3565  n = ct->next;
3566  iter (iter_cls,
3567  ct);
3568  }
3569 }
3570 
3571 
3576 {
3581 
3585  void *iter_cls;
3586 };
3587 
3588 
3597 static int
3599  uint32_t key,
3600  void *value)
3601 {
3602  struct ChanIterCls *ctx = cls;
3603  struct CadetChannel *ch = value;
3604 
3605  ctx->iter (ctx->iter_cls,
3606  ch);
3607  return GNUNET_OK;
3608 }
3609 
3610 
3618 void
3620  GCT_ChannelIterator iter,
3621  void *iter_cls)
3622 {
3623  struct ChanIterCls ctx;
3624 
3625  ctx.iter = iter;
3626  ctx.iter_cls = iter_cls;
3629  &ctx);
3630 }
3631 
3632 
3641 static int
3642 debug_channel (void *cls,
3643  uint32_t key,
3644  void *value)
3645 {
3646  const enum GNUNET_ErrorType *level = cls;
3647  struct CadetChannel *ch = value;
3648 
3649  GCCH_debug (ch, *level);
3650  return GNUNET_OK;
3651 }
3652 
3653 
3654 #define LOG2(level, ...) GNUNET_log_from_nocheck (level, "cadet-tun", \
3655  __VA_ARGS__)
3656 
3657 
3664 void
3665 GCT_debug (const struct CadetTunnel *t,
3666  enum GNUNET_ErrorType level)
3667 {
3668 #if ! defined(GNUNET_CULL_LOGGING)
3669  struct CadetTConnection *iter_c;
3670  int do_log;
3671 
3673  "cadet-tun",
3674  __FILE__, __FUNCTION__, __LINE__);
3675  if (0 == do_log)
3676  return;
3677 
3678  LOG2 (level,
3679  "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n",
3680  GCT_2s (t),
3681  estate2s (t->estate),
3682  t->tq_len,
3684  LOG2 (level,
3685  "TTT channels:\n");
3687  &debug_channel,
3688  &level);
3689  LOG2 (level,
3690  "TTT connections:\n");
3691  for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next)
3692  GCC_debug (iter_c->cc,
3693  level);
3694  for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next)
3695  GCC_debug (iter_c->cc,
3696  level);
3697 
3698  LOG2 (level,
3699  "TTT TUNNEL END\n");
3700 #endif
3701 }
3702 
3703 
3704 /* end of gnunet-service-cadet_tunnels.c */
struct CadetTunnelAxolotl ax
Axolotl info.
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:521
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
Closure for evaluate_connection.
Axolotl-encrypted tunnel message with application payload.
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED
Axolotl encrypted data.
struct CadetChannel * lookup_channel(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Lookup a channel by its ctn.
Struct to old keys for skipped messages while advancing the Axolotl ratchet.
void GCT_remove_channel(struct CadetTunnel *t, struct CadetChannel *ch, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Remove a channel from a tunnel.
void GCCH_handle_remote_destroy(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
Destroy channel, based on the other peer closing the connection.
static struct GNUNET_CADET_Channel * ch
Channel handle.
Definition: gnunet-cadet.c:117
struct GNUNET_CONTAINER_MultiHashMap32 * channels
Channels inside this tunnel.
static void handle_plaintext_data_ack(void *cls, const struct GNUNET_CADET_ChannelDataAckMessage *ack)
We received an acknowledgement for data we sent on a channel.
void GCT_connection_lost(struct CadetTConnection *ct)
We lost a connection, remove it from our list and clean up the connection object itself.
struct GNUNET_HashCode h_port
Hash of destination port and listener.
uint32_t cn
Which number does this channel have that uniquely identfies it within its tunnel, in network byte ord...
const char * GNUNET_sh2s(const struct GNUNET_ShortHashCode *shc)
Convert a short hash value to a string (for printing debug messages).
const struct CadetConnectionMetrics * GCC_get_metrics(struct CadetConnection *cc)
Obtain performance metrics from cc.
struct CadetPeerPath * path
Path we are comparing against for evaluate_connection, can be NULL.
struct CadetTConnection * connection_ready_tail
DLL of ready connections that are actively used to reach the destination peer.
Peer description.
struct CadetPeer * GCT_get_destination(struct CadetTunnel *t)
Return the peer to which this tunnel goes.
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
static const char * estate2s(enum CadetTunnelEState es)
Get string description for tunnel encryption state.
static void handle_plaintext_data(void *cls, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
We received payload data for a channel.
GNUnet CADET service with encryption.
uint32_t Ns
Number of messages sent with the current ratchet key.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
Low-level connection to a destination.
static void t_hmac(const void *plaintext, size_t size, uint32_t iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_ShortHashCode *hmac)
Calculate HMAC.
int duplicate
Set to GNUNET_YES if we have a connection over path already.
uint64_t rel_value_us
The actual value.
void(* GCT_SendContinuation)(void *cls, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid)
Function called when a transmission requested using GCT_send is done.
enum CadetTunnelEState GCT_get_estate(struct CadetTunnel *t)
Get the encryption state of a tunnel.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
unsigned int max_length
Maximum length of any of our connections, 0 if we have none.
struct CadetChannel * GCCH_channel_incoming_new(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn, const struct GNUNET_HashCode *h_port, uint32_t options)
Create a new channel based on a request coming in over the network.
struct CadetTunnelSkippedKey * skipped_tail
Skipped messages&#39; keys DLL, tail.
int is_ready
Is the connection currently ready for transmission?
struct GNUNET_TIME_Absolute timestamp
When was this key stored (for timeout).
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:461
A connection is a live end-to-end messaging mechanism where the peers are identified by a path and kn...
struct GNUNET_CRYPTO_SymmetricSessionKey HKr
32-byte header key (currently used for receiving)
void GCCH_tunnel_up(struct CadetChannel *ch)
Function called once and only once after a channel was bound to its tunnel via GCT_add_channel() is r...
const char * GCT_2s(const struct CadetTunnel *t)
Get the static string for the peer this tunnel is directed.
unsigned long long num_successes
Number of packets that were sent via this connection did actually receive an ACK? (Note: ACKs may be ...
int GNUNET_snprintf(char *buf, size_t size, const char *format,...)
Like snprintf, just aborts if the buffer is of insufficient size.
#define DESIRED_CONNECTIONS_PER_TUNNEL
How many connections would we like to have per tunnel?
unsigned int num_ready_connections
Number of connections in the connection_ready_head DLL.
void GCT_handle_encrypted(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
Handle encrypted message.
GNUNET_MQ_Error
Error codes for the queue.
const char * GCC_2s(const struct CadetConnection *cc)
Get a (static) string for a connection.
static int alice_or_betty(const struct GNUNET_PeerIdentity *other)
Am I Alice or Betty (some call her Bob), or talking to myself?
#define GNUNET_TIME_UNIT_MINUTES
One minute.
struct GNUNET_TIME_Absolute last_use
When was this connection last used? (by us sending or receiving a PAYLOAD message on it) ...
struct GNUNET_CADET_TunnelKeyExchangeMessage kx
Message header with key material.
struct GNUNET_PeerIdentity my_full_id
Local peer own ID.
int GNUNET_CONTAINER_multihashmap32_iterate(struct GNUNET_CONTAINER_MultiHashMap32 *map, GNUNET_CONTAINER_MulitHashMapIterator32Callback it, void *it_cls)
Iterate over all entries in the map.
uint32_t flags
Flags for the key exchange in NBO, based on enum GNUNET_CADET_KX_Flags.
struct CadetTunnel * GCT_create_tunnel(struct CadetPeer *destination)
Create a tunnel to destionation.
struct GNUNET_TIME_Absolute GNUNET_TIME_relative_to_absolute(struct GNUNET_TIME_Relative rel)
Convert relative time to an absolute time in the future.
Definition: time.c:246
struct GNUNET_MQ_Handle * mq
Dispatcher for decrypted messages only (do NOT use for sending!).
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct CadetTunnelQueueEntry * GCT_send(struct CadetTunnel *t, const struct GNUNET_MessageHeader *message, GCT_SendContinuation cont, void *cont_cls)
Sends an already built message on a tunnel, encrypting it and choosing the best connection if not pro...
void GCT_send_cancel(struct CadetTunnelQueueEntry *tq)
Cancel a previously sent message while it&#39;s in the queue.
const struct GNUNET_CADET_ConnectionTunnelIdentifier * GCC_get_id(struct CadetConnection *cc)
Obtain unique ID for the connection.
struct CadetTunnelQueueEntry * prev
We are entries in a DLL.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
struct GNUNET_TIME_Absolute ratchet_expiration
Time when the current ratchet expires and a new one is triggered (if ratchet_allowed is GNUNET_YES)...
uint32_t PNs
Previous message numbers (# of msgs sent under prev ratchet)
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK
Confirm the creation of a channel.
static void mark_connection_unready(struct CadetTConnection *ct)
Connection ct is now unready, clear it&#39;s ready flag and move it from the ready DLL to the busy DLL...
void GCCH_handle_duplicate_open(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti)
We got a GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN message again for this channel.
struct GNUNET_CRYPTO_EcdhePublicKey DHRs
Current ratchet key.
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY
Ask the cadet service to destroy a channel.
KX received and we sent KX_AUTH back, but we got no traffic yet, so we&#39;re waiting for either KX_AUTH ...
unsigned int GCT_count_any_connections(const struct CadetTunnel *t)
Count all created connections of a tunnel.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
int GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:875
struct CadetTConnection * connection_ready_head
DLL of ready connections that are actively used to reach the destination peer.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
int kx_auth_requested
Force triggering KX_AUTH independent of estate.
static void send_kx(struct CadetTunnel *t, struct CadetTConnection *ct, struct CadetTunnelAxolotl *ax)
Send a KX message.
void * iter_cls
Closure for iter.
#define GNUNET_NO
Definition: gnunet_common.h:86
void GCT_iterate_channels(struct CadetTunnel *t, GCT_ChannelIterator iter, void *iter_cls)
Iterate over all channels of a tunnel.
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
Should the peer reply with its KX details?
Information we track per tunnel.
struct GNUNET_CRYPTO_SymmetricSessionKey NHKr
32-byte next header key (for receiving).
GNUNET_ErrorType
Types of errors.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:395
uint32_t opt
Channel options.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
KX message sent, waiting for other peer&#39;s KX_AUTH.
static struct CadetTConnection * get_ready_connection(struct CadetTunnel *t)
Find first connection that is ready in the list of our connections.
static void store_skipped_key(struct CadetTunnelAxolotl *ax, const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
Delete a key from the list of skipped keys.
struct GNUNET_CADET_AxHeader ax_header
Axolotl-header that specifies which keys to use in which ratchet to decrypt the body that follows...
struct CadetConnection * GCC_create(struct CadetPeer *destination, struct CadetPeerPath *path, unsigned int off, struct CadetTConnection *ct, GCC_ReadyCallback ready_cb, void *ready_cb_cls)
Create a connection to destination via path and notify cb whenever we are ready for more data...
Encrypted axolotl header with numbers that identify which keys in which ratchet are to be used to dec...
unsigned int GCP_iterate_paths(struct CadetPeer *cp, GCP_PathIterator callback, void *callback_cls)
Iterate over the paths to a peer.
static struct GNUNET_SCHEDULER_Task * t
Main task.
uint16_t size
The length of the struct (in bytes, including the length field itself), in big-endian format...
struct CadetConnection * GCC_create_inbound(struct CadetPeer *destination, struct CadetPeerPath *path, struct CadetTConnection *ct, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, GCC_ReadyCallback ready_cb, void *ready_cb_cls)
Create a connection to destination via path and notify cb whenever we are ready for more data...
void GNUNET_STATISTICS_update(struct GNUNET_STATISTICS_Handle *handle, const char *name, int64_t delta, int make_persistent)
Set statistic value for the peer.
static void handle_plaintext_channel_destroy(void *cls, const struct GNUNET_CADET_ChannelDestroyMessage *cm)
We received a message saying that a channel should be destroyed.
struct GNUNET_SCHEDULER_Task * destroy_task
Task scheduled if there are no more channels using the tunnel.
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:438
int GNUNET_CONTAINER_multihashmap32_put(struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
void GCC_debug(struct CadetConnection *cc, enum GNUNET_ErrorType level)
Log connection info.
static int update_ax_by_kx(struct CadetTunnelAxolotl *ax, const struct GNUNET_PeerIdentity *pid, const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key, const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
Update our Axolotl key state based on the KX data we received.
struct CadetTConnection * connection_busy_head
DLL of connections that we maintain that might be used to reach the destination peer.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA
Payload data (inside an encrypted tunnel).
struct GNUNET_SCHEDULER_Task * kx_task
Task to trigger KX.
static void destroy_tunnel(void *cls)
This tunnel is no longer used, destroy it.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
struct CadetTunnelQueueEntry * tq_tail
Queued messages, to transmit once tunnel gets connected.
static int store_ax_keys(struct CadetTunnelAxolotl *ax, const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr, uint32_t Np)
Stage skipped AX keys and calculate the message key.
A 256-bit hashcode.
GCT_ChannelIterator iter
Function to call.
const char * GCP_2s(const struct CadetPeer *cp)
Get the static string for a peer ID.
void GCT_send_channel_destroy(struct CadetTunnel *t, struct GNUNET_CADET_ChannelTunnelNumber ctn)
Send a DESTROY message via the tunnel.
static void t_ax_hmac_hash(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_HashCode *hash, const void *source, unsigned int len)
Perform a HMAC.
struct GNUNET_CRYPTO_SymmetricSessionKey HK
Header key.
struct CadetTunnel * t
Tunnel this connection belongs to.
struct CadetTunnelSkippedKey * prev
DLL prev.
static void trigger_transmissions(void *cls)
Called when either we have a new connection, or a new message in the queue, or some existing connecti...
static void handle_plaintext_channel_open_ack(void *cls, const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
We have received confirmation from the target peer that the given channel could be established (the p...
const char * GCPP_2s(struct CadetPeerPath *path)
Convert a path to a human-readable string.
GNUNET_CADET_KX_Flags
Flags to be used in GNUNET_CADET_KX.
static int destroy_remaining_channels(void *cls, uint32_t key, void *value)
Destroy remaining channels during shutdown.
struct GNUNET_CRYPTO_SymmetricSessionKey CKr
32-byte chain keys (used for forward-secrecy) for receiving messages.
Performance metrics for a connection.
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN
Ask the cadet service to create a new channel.
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
struct GNUNET_TIME_Relative ratchet_time
How long until we trigger a ratched advance due to time.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1271
uint16_t type
The type of the message (GNUNET_MESSAGE_TYPE_XXXX), in big-endian format.
static ssize_t t_ax_decrypt_and_validate(struct CadetTunnelAxolotl *ax, void *dst, const struct GNUNET_CADET_TunnelEncryptedMessage *src, size_t size)
Decrypt and verify data with the appropriate tunnel key and verify that the data has not been altered...
void(* GCT_ConnectionIterator)(void *cls, struct CadetTConnection *ct)
Iterator over connections.
double worst_score
Numeric score of worst, only set if worst is non-NULL.
enum State state
current state of profiling
Information we track per peer.
struct GNUNET_MQ_Handle * GNUNET_MQ_queue_for_callbacks(GNUNET_MQ_SendImpl send, GNUNET_MQ_DestroyImpl destroy, GNUNET_MQ_CancelImpl cancel, void *impl_state, const struct GNUNET_MQ_MessageHandler *handlers, GNUNET_MQ_ErrorHandler error_handler, void *cls)
Create a message queue for the specified handlers.
Definition: mq.c:561
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
struct CadetTunnelAxolotl * unverified_ax
Unverified Axolotl info, used only if we got a fresh KX (not a KX_AUTH) while our end of the tunnel w...
int GNUNET_CONTAINER_multihashmap32_remove(struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key, const void *value)
Remove the given key-value pair from the map.
int GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:1040
static char * value
Value of the record to add/remove.
CadetTunnelEState
All the encryption states a tunnel can be in.
GNUNET_CONTAINER_HeapCostType min_desire
Minimum desirability of any of our connections, UINT64_MAX if we have none.
void GNUNET_MST_destroy(struct GNUNET_MessageStreamTokenizer *mst)
Destroys a tokenizer.
Definition: mst.c:411
struct CadetTConnection * current_ct
Identification of the connection from which we are currently processing a message.
void * GNUNET_CONTAINER_multihashmap32_get(const struct GNUNET_CONTAINER_MultiHashMap32 *map, uint32_t key)
Given a key find a value in the map matching the key.
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
ssize_t GNUNET_CRYPTO_symmetric_encrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Encrypt a block using a symmetric sessionkey.
struct GNUNET_STATISTICS_Handle * stats
Handle to the statistics service.
Struct containing all information regarding a channel to a remote client.
int GCT_add_inbound_connection(struct CadetTunnel *t, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid, struct CadetPeerPath *path)
Add a connection to the tunnel.
Message for a Key eXchange for a tunnel, with authentication.
struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral
Last ephemeral public key received from the other peer, for duplicate detection.
#define GNUNET_MAX(a, b)
Definition: gnunet_common.h:90
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1298
static void t_hmac_derive_key(const struct GNUNET_CRYPTO_SymmetricSessionKey *key, struct GNUNET_CRYPTO_SymmetricSessionKey *out, const void *source, unsigned int len)
Derive a symmetric encryption key from an HMAC-HASH.
static void delete_skipped_key(struct CadetTunnelAxolotl *ax, struct CadetTunnelSkippedKey *key)
Delete a key from the list of skipped keys.
Handle to a message stream tokenizer.
Definition: mst.c:43
#define GNUNET_MIN(a, b)
Definition: gnunet_common.h:88
#define INITIAL_KX_RETRY_DELAY
How long do we wait initially before retransmitting the KX? TODO: replace by 2 RTT if/once we have co...
void GNUNET_CRYPTO_symmetric_derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
Derive an IV.
unsigned int GNUNET_CONTAINER_multihashmap32_size(const struct GNUNET_CONTAINER_MultiHashMap32 *map)
Get the number of key-value pairs in the map.
static char buf[2048]
struct GNUNET_CADET_ConnectionTunnelIdentifier cid
ID of the connection.
unsigned int unverified_attempts
How often have we tried and failed to decrypt a message using the unverified KX material from unverif...
struct GNUNET_MessageStreamTokenizer * GNUNET_MST_create(GNUNET_MessageTokenizerCallback cb, void *cb_cls)
Create a message stream tokenizer.
Definition: mst.c:85
struct GNUNET_MessageStreamTokenizer * mst
Tokenizer for decrypted messages.
struct GNUNET_CADET_ConnectionTunnelIdentifier cid
ID of the connection.
Message for cadet data traffic.
static const u64 L[32]
void GCC_destroy_without_tunnel(struct CadetConnection *cc)
Destroy a connection, called if the tunnel association with the connection was already broken...
uint32_t PNs
Number of messages sent with the previous ratchet key.
int GNUNET_MST_from_buffer(struct GNUNET_MessageStreamTokenizer *mst, const char *buf, size_t size, int purge, int one_shot)
Add incoming data to the receive buffer and call the callback for all complete messages.
Definition: mst.c:114
void GNUNET_MQ_inject_message(struct GNUNET_MQ_Handle *mq, const struct GNUNET_MessageHeader *mh)
Call the message message handler that was registered for the type of the given message in the given m...
Definition: mq.c:202
void GCCH_handle_channel_plaintext_data_ack(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_CADET_ChannelDataAckMessage *ack)
We got an acknowledgement for payload data for a channel.
struct GNUNET_CADET_ChannelTunnelNumber GCT_add_channel(struct CadetTunnel *t, struct CadetChannel *ch)
Add a channel to a tunnel, and notify channel that we are ready for transmission if we are already up...
Internal representation of the hash map.
void GCT_debug(const struct CadetTunnel *t, enum GNUNET_ErrorType level)
Log all possible info about the tunnel state.
static ssize_t try_old_ax_keys(struct CadetTunnelAxolotl *ax, void *dst, const struct GNUNET_CADET_TunnelEncryptedMessage *src, size_t size)
Decrypt and verify data with the appropriate tunnel key and verify that the data has not been altered...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE
Announce connection is still alive (direction sensitive).
Closure for iterate_channels_cb.
A 512-bit hashcode.
uint32_t reserved
For alignment.
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1101
Message handler for a specific message type.
struct GNUNET_CRYPTO_EcdhePublicKey ratchet_key
Sender&#39;s next ephemeral public ECC key encoded in a format suitable for network transmission, as created using &#39;gcry_sexp_sprint&#39;.
static int consider_path_cb(void *cls, struct CadetPeerPath *path, unsigned int off)
Consider using the path p for the tunnel t.
void GCT_handle_kx(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
Handle KX message that lacks authentication (and which will thus only be considered authenticated aft...
static int res
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
struct GNUNET_CONTAINER_MultiHashMap32 * GNUNET_CONTAINER_multihashmap32_create(unsigned int len)
Create a 32-bit key multi hash map.
struct CadetConnection * cc
Connection handle.
struct GNUNET_MessageHeader header
Type: GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA.
void GNUNET_CONTAINER_multihashmap32_destroy(struct GNUNET_CONTAINER_MultiHashMap32 *map)
Destroy a 32-bit key hash map.
void GNUNET_MQ_discard(struct GNUNET_MQ_Envelope *mqm)
Discard the message queue message, free all allocated resources.
Definition: mq.c:323
#define LOG2(level,...)
static GstElement * source
Appsrc instance into which we write data for the pipeline.
struct GNUNET_CADET_ChannelTunnelNumber ctn
Number identifying this channel in its tunnel.
Private ECC key encoded for transmission.
Struct containing all information regarding a tunnel to a peer.
Message to acknowledge end-to-end data.
void GCCH_handle_channel_open_ack(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_HashCode *port)
We got an acknowledgement for the creation of the channel (the port is open on the other side)...
There must only be one value per key; storing a value should fail if a value under the same key alrea...
int ratchet_allowed
True (GNUNET_YES) if we have received a message from the other peer that uses the keys from our last ...
static int iterate_channels_cb(void *cls, uint32_t key, void *value)
Helper function for GCT_iterate_channels.
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_get_log_call_status(int caller_level, const char *comp, const char *file, const char *function, int line)
Decides whether a particular logging call should or should not be allowed to be made.
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
static unsigned int size
Size of the "table".
Definition: peer.c:67
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:206
static void decrypted_error_cb(void *cls, enum GNUNET_MQ_Error error)
Function called if we had an error processing an incoming decrypted message.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel within the tunnel.
uint64_t GNUNET_CONTAINER_HeapCostType
Cost by which elements in a heap can be ordered.
struct GNUNET_TIME_Absolute next_kx_attempt
When do we try the next KX?
uint32_t Nr
Message number (reset to 0 with each new ratchet, next message to recv).
Message to acknowledge opening a channel of type GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
Struct used to save messages in a non-ready tunnel to send once connected.
GNUNET_CONTAINER_HeapCostType GCPP_get_desirability(const struct CadetPeerPath *path)
Return how much we like keeping the path.
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
void GCCH_debug(struct CadetChannel *ch, enum GNUNET_ErrorType level)
Log channel info.
#define GNUNET_CONTAINER_DLL_insert_tail(head, tail, element)
Insert an element at the tail of a DLL.
void GCT_destroy_tunnel_now(struct CadetTunnel *t)
Destroys the tunnel t now, without delay.
struct CadetTunnelQueueEntry * tq_head
Queued messages, to transmit once tunnel gets connected.
#define GNUNET_TIME_STD_BACKOFF(r)
Perform our standard exponential back-off calculation, starting at 1 ms and then going by a factor of...
Handshake completed: session key available.
struct CadetPeerPath * GCC_get_path(struct CadetConnection *cc, unsigned int *off)
Obtain the path used by this connection.
Message to create a Channel.
static void evaluate_connection(void *cls, struct CadetTConnection *ct)
Evaluate a connection, updating our summary information in cls about what kinds of connections we hav...
struct CadetTunnel * t
Tunnel these messages belong in.
void GCT_consider_path(struct CadetTunnel *t, struct CadetPeerPath *p, unsigned int off)
Consider using the path p for the tunnel t.
void * cont_cls
Closure for cont.
struct GNUNET_ShortHashCode hmac
MAC of the encrypted message, used to verify message integrity.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
P2P messages used by CADET.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:189
struct CadetTunnelQueueEntry * next
We are entries in a DLL.
const char * GCCH_2s(const struct CadetChannel *ch)
Get the static string for identification of the channel.
int shutting_down
Signal that shutdown is happening: prevent recovery measures.
#define HIGH_BIT
Message to destroy a channel of type GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY.
static int notify_tunnel_up_cb(void *cls, uint32_t key, void *value)
Our tunnel became ready for the first time, notify channels that have been waiting.
static void handle_plaintext_keepalive(void *cls, const struct GNUNET_MessageHeader *msg)
We got a keepalive.
struct GNUNET_CRYPTO_EddsaPrivateKey * my_private_key
Own private key.
struct GNUNET_MQ_Envelope * env
Envelope of message to send follows.
void GCT_handle_kx_auth(struct CadetTConnection *ct, const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg)
Handle KX_AUTH message.
void GCT_change_estate(struct CadetTunnel *t, enum CadetTunnelEState state)
Change the tunnel encryption state.
Handle to a message queue.
Definition: mq.c:85
struct GNUNET_CRYPTO_SymmetricSessionKey RK
32-byte root key which gets updated by DH ratchet.
void GCC_transmit(struct CadetConnection *cc, struct GNUNET_MQ_Envelope *env)
Transmit message msg via connection cc.
Private ECC key encoded for transmission.
unsigned int Kn
Key number for a given HK.
#define N
static void maintain_connections_cb(void *cls)
Function called to maintain the connections underlying our tunnel.
struct GNUNET_CRYPTO_EcdhePublicKey DHRr
ECDH Ratchet key (other peer&#39;s public key in the current DH).
Entry in list of connections used by tunnel, with metadata.
The identity of the host (wraps the signing key of the peer).
void GCP_drop_tunnel(struct CadetPeer *cp, struct CadetTunnel *t)
The tunnel to the given peer no longer exists, remove it from our data structures, and possibly clean up the peer itself.
GNUNET_CONTAINER_HeapCostType max_desire
Maximum desirability of any of our connections, 0 if we have none.
unsigned int min_length
Minimum length of any of our connections, UINT_MAX if we have none.
struct GNUNET_HashCode port
Port number of the channel, used to prove to the initiator that the receiver knows the port...
KX message sent and received, trying to send back KX_AUTH.
static int check_plaintext_data(void *cls, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
Check that msg is well-formed.
#define GNUNET_ALIGN
gcc-ism to force alignment; we use this to align char-arrays that may then be cast to &#39;struct&#39;s...
struct CadetPeer * destination
Destination of the tunnel.
#define MAX_SKIPPED_KEYS
Maximum number of skipped keys we keep in memory per tunnel.
The peer should reply with its KX details?
struct GNUNET_CRYPTO_EcdhePrivateKey DHRs
ECDH Ratchet key (our private key in the current DH).
#define MAX_UNVERIFIED_ATTEMPTS
How often do we try to decrypt payload with unverified key material? Used to limit CPU increase upon ...
Hash uniquely identifying a connection below a tunnel.
Axolotl data, according to https://github.com/trevp/axolotl/wiki .
struct GNUNET_HashCode auth
KDF-proof that sender could compute the 3-DH, used in lieu of a signature or payload data...
static void connection_ready_cb(void *cls, int is_ready)
A connection is is_ready for transmission.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_duration(struct GNUNET_TIME_Absolute whence)
Get the duration of an operation as the difference of the current time and the given start time "henc...
Definition: time.c:375
struct CadetTunnelSkippedKey * skipped_head
A (double linked) list of stored message keys and associated header keys for "skipped" messages...
#define GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK
Confirm payload data end-to-end.
Message for a Key eXchange for a tunnel.
static void send_kx_auth(struct CadetTunnel *t, struct CadetTConnection *ct, struct CadetTunnelAxolotl *ax, int force_reply)
Send a KX_AUTH message.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
unsigned int GCT_count_channels(struct CadetTunnel *t)
Count channels of a tunnel.
Number identifying a CADET channel within a tunnel.
Entry in list of pending tasks.
Definition: scheduler.c:134
static void handle_plaintext_channel_open(void *cls, const struct GNUNET_CADET_ChannelOpenMessage *copen)
We have received a request to open a channel to a port from another peer.
struct GNUNET_TIME_Absolute created
Creation time, to keep oldest connection alive.
static void retry_kx(void *cls)
Try to redo the KX or KX_AUTH handshake, if we can.
unsigned long long num_acked_transmissions
How many packets that ought to generate an ACK did we send via this connection?
struct GNUNET_CRYPTO_SymmetricSessionKey HKs
32-byte header key (currently used for sending).
void GCCH_handle_channel_plaintext_data(struct CadetChannel *ch, const struct GNUNET_CADET_ConnectionTunnelIdentifier *cti, const struct GNUNET_CADET_ChannelAppDataMessage *msg)
We got payload data for a channel.
struct GNUNET_SCHEDULER_Task * maintain_connections_task
Task to trim connections if too many are present.
static int handle_decrypted(void *cls, const struct GNUNET_MessageHeader *msg)
Handles a message we decrypted, by injecting it into our message queue (which will do the dispatching...
static int debug_channel(void *cls, uint32_t key, void *value)
Call GCCH_debug() on a channel.
static void t_h_encrypt(struct CadetTunnelAxolotl *ax, struct GNUNET_CADET_TunnelEncryptedMessage *msg)
Encrypt header with the axolotl header key.
struct CadetPeer * GCPP_get_peer_at_offset(struct CadetPeerPath *path, unsigned int off)
Obtain the peer at offset off in path.
void GCT_iterate_connections(struct CadetTunnel *t, GCT_ConnectionIterator iter, void *iter_cls)
Iterate over all connections of a tunnel.
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
static void destroy_t_connection(void *cls, struct CadetTConnection *ct)
Clean up connection ct of a tunnel.
static void cleanup_ax(struct CadetTunnelAxolotl *ax)
Cleanup state used by ax.
Uninitialized status, we need to send KX.
#define LOG(level,...)
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH
Axolotl key exchange response with authentication.
struct GNUNET_TIME_Relative GNUNET_TIME_absolute_get_remaining(struct GNUNET_TIME_Absolute future)
Given a timestamp in the future, how much time remains until then?
Definition: time.c:331
KX message received, trying to send back KX_AUTH.
static void t_h_decrypt(struct CadetTunnelAxolotl *ax, const struct GNUNET_CADET_TunnelEncryptedMessage *src, struct GNUNET_CADET_TunnelEncryptedMessage *dst)
Decrypt header with the current axolotl header key.
struct GNUNET_SCHEDULER_Task * send_task
Task to send messages from queue (if possible).
struct GNUNET_TIME_Relative kx_retry_delay
How long do we wait until we retry the KX?
Header for all communications.
struct CadetTunnelSkippedKey * next
DLL next.
Time for absolute times used by GNUnet, in microseconds.
void GNUNET_MQ_destroy(struct GNUNET_MQ_Handle *mq)
Destroy the message queue.
Definition: mq.c:833
#define GNUNET_YES
Definition: gnunet_common.h:85
static void t_ax_encrypt(struct CadetTunnelAxolotl *ax, void *dst, const void *src, size_t size)
Encrypt data with the axolotl tunnel key.
void(* GCT_ChannelIterator)(void *cls, struct CadetChannel *ch)
Iterator over channels.
#define MAX_KEY_GAP
Maximum number of keys (and thus ratchet steps) we are willing to skip before we decide this is eithe...
unsigned int ratchet_counter
Number of messages recieved since our last ratchet advance.
struct CadetTConnection * next
Next in DLL.
unsigned int tq_len
Number of entries in the tq_head DLL.
GCT_SendContinuation cont
Continuation to call once sent (on the channel layer).
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Sender&#39;s ephemeral public ECC key encoded in a format suitable for network transmission, as created using &#39;gcry_sexp_sprint&#39;.
const char * GNUNET_e2s(const struct GNUNET_CRYPTO_EcdhePublicKey *p)
Convert a public key value to a string (for printing debug messages).
unsigned int num_busy_connections
Number of connections in the connection_busy_head DLL.
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
struct GNUNET_CRYPTO_SymmetricSessionKey CKs
32-byte chain keys (used for forward-secrecy) for sending messages.
struct GNUNET_TIME_Absolute age
When was this connection first established? (by us sending or receiving the CREATE_ACK for the first ...
static void new_ephemeral(struct CadetTunnelAxolotl *ax)
Create a new Axolotl ephemeral (ratchet) key.
ssize_t GNUNET_CRYPTO_symmetric_decrypt(const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
Decrypt a given block using a symmetric sessionkey.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_at(struct GNUNET_TIME_Absolute at, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run at the specified time.
Definition: scheduler.c:1248
struct GNUNET_CADET_ChannelTunnelNumber ctn
ID of the channel.
unsigned int skipped
Number of elements in skipped_head <-> skipped_tail.
void GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
Derive an authentication key.
Definition: crypto_hash.c:356
Information regarding a possible path to reach a peer.
static void t_ax_decrypt(struct CadetTunnelAxolotl *ax, void *dst, const void *src, size_t size)
Decrypt data with the axolotl tunnel key.
struct CadetTConnection * connection_busy_tail
DLL of connections that we maintain that might be used to reach the destination peer.
struct GNUNET_ShortHashCode connection_of_tunnel
unsigned int GCPP_get_length(struct CadetPeerPath *path)
Return the length of the path.
int ratchet_flag
True (GNUNET_YES) if we have to send a new ratchet key in next msg.
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:89
enum CadetTunnelEState estate
State of the tunnel encryption.
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
static void try_send_normal_payload(struct CadetTunnel *t, struct CadetTConnection *ct)
Send normal payload from queue in t via connection ct.
type for (message) authentication keys
struct GNUNET_CRYPTO_SymmetricSessionKey NHKs
32-byte next header key (for sending), used once the ratchet advances.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define IDLE_DESTROY_DELAY
How long do we wait until tearing down an idle tunnel?
uint32_t Ns
Message number (reset to 0 with each new ratchet, next message to send).
#define GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX
Axolotl key exchange.
#define GNUNET_free(ptr)
Wrapper around free.
const struct GNUNET_PeerIdentity * GCP_get_id(struct CadetPeer *cp)
Obtain the peer identity for a struct CadetPeer.
Time for relative time used by GNUnet, in microseconds.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
struct GNUNET_CADET_ConnectionTunnelIdentifier * cid
Where to put the connection identifier into the payload of the message in env once we have it...
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
struct GNUNET_CRYPTO_SymmetricSessionKey MK
Message key.
struct GNUNET_CRYPTO_EcdhePrivateKey kx_0
ECDH for key exchange (A0 / B0).
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:974
static struct GNUNET_CADET_ChannelTunnelNumber get_next_free_ctn(struct CadetTunnel *t)
Compute the next free channel tunnel number for this tunnel.
struct CadetTConnection * worst
Connection deemed the "worst" so far encountered by evaluate_connection, NULL if we did not yet encou...
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...