GNUnet  0.11.x
Functions
gnunet-service-core_kx.h File Reference

code for managing the key exchange (SET_KEY, PING, PONG) with other peers More...

#include "gnunet_util_lib.h"
#include "gnunet_transport_service.h"
Include dependency graph for gnunet-service-core_kx.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

void GSC_KX_encrypt_and_transmit (struct GSC_KeyExchangeInfo *kx, const void *payload, size_t payload_size)
 Encrypt and transmit a message with the given payload. More...
 
int GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Initialize KX subsystem. More...
 
void GSC_KX_done (void)
 Shutdown KX subsystem. More...
 
int GSC_NEIGHBOURS_check_excess_bandwidth (const struct GSC_KeyExchangeInfo *target)
 Check if the given neighbour has excess bandwidth available. More...
 
unsigned int GSC_NEIGHBOURS_get_queue_length (const struct GSC_KeyExchangeInfo *target)
 Check how many messages are queued for the given neighbour. More...
 
void GSC_KX_handle_client_monitor_peers (struct GNUNET_MQ_Handle *mq)
 Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request. More...
 

Detailed Description

code for managing the key exchange (SET_KEY, PING, PONG) with other peers

Author
Christian Grothoff

Definition in file gnunet-service-core_kx.h.

Function Documentation

◆ GSC_KX_encrypt_and_transmit()

void GSC_KX_encrypt_and_transmit ( struct GSC_KeyExchangeInfo kx,
const void *  payload,
size_t  payload_size 
)

Encrypt and transmit a message with the given payload.

Parameters
kxkey exchange context
payloadpayload of the message
payload_sizenumber of bytes in 'payload'
kxkey exchange context
payloadpayload of the message
payload_sizenumber of bytes in payload

Definition at line 1403 of file gnunet-service-core_kx.c.

References calculate_seed(), derive_auth_key(), derive_iv(), do_encrypt(), GSC_KeyExchangeInfo::encrypt_key, ENCRYPTED_HEADER_SIZE, env, GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hmac(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_h2s(), GNUNET_h2s2(), GNUNET_i2s(), GNUNET_log, GNUNET_memcpy, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MQ_msg_extra, GNUNET_MQ_send(), GNUNET_NO, GNUNET_OK, GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GSC_KeyExchangeInfo::has_excess_bandwidth, EncryptedMessage::hmac, EncryptedMessage::iv_seed, GSC_KeyExchangeInfo::last_sequence_number_sent, GSC_KeyExchangeInfo::mq, GSC_KeyExchangeInfo::peer, ph, and EncryptedMessage::sequence_number.

Referenced by transmit_typemap_task(), and try_transmission().

1406 {
1407  size_t used = payload_size + sizeof(struct EncryptedMessage);
1408  char pbuf[used]; /* plaintext */
1409  struct EncryptedMessage *em; /* encrypted message */
1410  struct EncryptedMessage *ph; /* plaintext header */
1411  struct GNUNET_MQ_Envelope *env;
1413  struct GNUNET_CRYPTO_AuthKey auth_key;
1414 
1415  ph = (struct EncryptedMessage *) pbuf;
1416  ph->sequence_number = htonl (++kx->last_sequence_number_sent);
1417  ph->iv_seed = calculate_seed (kx);
1418  ph->reserved = 0;
1420  GNUNET_memcpy (&ph[1], payload, payload_size);
1421  env = GNUNET_MQ_msg_extra (em,
1422  payload_size,
1424  em->iv_seed = ph->iv_seed;
1425  derive_iv (&iv, &kx->encrypt_key, ph->iv_seed, kx->peer);
1427  &iv,
1428  &ph->sequence_number,
1429  &em->sequence_number,
1430  used - ENCRYPTED_HEADER_SIZE));
1431 #if DEBUG_KX
1432  {
1433  struct GNUNET_HashCode hc;
1434 
1435  GNUNET_CRYPTO_hash (&ph->sequence_number,
1436  used - ENCRYPTED_HEADER_SIZE,
1437  &hc);
1439  "Encrypted payload `%s' of %u bytes for %s\n",
1440  GNUNET_h2s (&hc),
1441  (unsigned int) (used - ENCRYPTED_HEADER_SIZE),
1442  GNUNET_i2s (kx->peer));
1443  }
1444 #endif
1445  derive_auth_key (&auth_key, &kx->encrypt_key, ph->iv_seed);
1446  GNUNET_CRYPTO_hmac (&auth_key,
1447  &em->sequence_number,
1448  used - ENCRYPTED_HEADER_SIZE,
1449  &em->hmac);
1450 #if DEBUG_KX
1451  {
1452  struct GNUNET_HashCode hc;
1453 
1454  GNUNET_CRYPTO_hash (&auth_key, sizeof(auth_key), &hc);
1456  "For peer %s, used AC %s to create hmac %s\n",
1457  GNUNET_i2s (kx->peer),
1458  GNUNET_h2s (&hc),
1459  GNUNET_h2s2 (&em->hmac));
1460  }
1461 #endif
1463  GNUNET_MQ_send (kx->mq, env);
1464 }
const struct GNUNET_PeerIdentity * peer
Identity of the peer.
uint32_t sequence_number
Sequence number, in network byte order.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_ATS_PerformanceHandle * ph
ATS performance handle used.
Definition: gnunet-ats.c:116
uint32_t last_sequence_number_sent
last sequence number transmitted
static int do_encrypt(struct GSC_KeyExchangeInfo *kx, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const void *in, void *out, size_t size)
Encrypt size bytes from in and write the result to out.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
struct GNUNET_HashCode hmac
MAC of the encrypted message (starting at sequence_number), used to verify message integrity...
static void derive_auth_key(struct GNUNET_CRYPTO_AuthKey *akey, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed)
Derive an authentication key from "set key" information.
void GNUNET_CRYPTO_hmac(const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104)
Definition: crypto_hash.c:455
struct GNUNET_MQ_Handle * mq
Message queue for sending messages to peer.
const char * GNUNET_h2s2(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
#define GNUNET_MQ_msg_extra(mvar, esize, type)
Allocate an envelope, with extra space allocated after the space needed by the message struct...
Definition: gnunet_mq_lib.h:52
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
Encapsulation for encrypted messages exchanged between peers.
A 512-bit hashcode.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
uint32_t iv_seed
Random value used for IV generation.
static uint32_t calculate_seed(struct GSC_KeyExchangeInfo *kx)
Calculate seed value we should use for a message.
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
static unsigned long long payload
How much data are we currently storing in the database?
#define ENCRYPTED_HEADER_SIZE
Number of bytes (at the beginning) of struct EncryptedMessage that are NOT encrypted.
#define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE
Encapsulation for an encrypted message between peers.
static void derive_iv(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, uint32_t seed, const struct GNUNET_PeerIdentity *identity)
Derive an IV from packet information.
int has_excess_bandwidth
GNUNET_YES if this peer currently has excess bandwidth.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_SymmetricSessionKey encrypt_key
Key we use to encrypt our messages for the other peer (initialized by us when we do the handshake)...
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:355
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:657
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
type for (message) authentication keys
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_KX_init()

int GSC_KX_init ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Initialize KX subsystem.

Parameters
pkprivate key to use for the peer
Returns
GNUNET_OK on success, GNUNET_SYSERR on failure

Definition at line 1798 of file gnunet-service-core_kx.c.

References current_ekm, do_rekey(), EphemeralKeyMessage::ephemeral_key, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_INFO, GNUNET_h2s(), GNUNET_log, GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE, GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY, GNUNET_MESSAGE_TYPE_CORE_PING, GNUNET_MESSAGE_TYPE_CORE_PONG, GNUNET_MQ_handler_end, GNUNET_MQ_hd_fixed_size, GNUNET_MQ_hd_var_size, GNUNET_notification_context_create(), GNUNET_OK, GNUNET_SCHEDULER_add_delayed(), GNUNET_SYSERR, GNUNET_TRANSPORT_core_connect(), GSC_cfg, GSC_KX_done(), GSC_my_identity, handle_transport_notify_connect(), handle_transport_notify_disconnect(), handle_transport_notify_excess_bw(), my_ephemeral_key, my_private_key, ping(), pk, pong(), GNUNET_PeerIdentity::public_key, REKEY_FREQUENCY, and sign_ephemeral_key().

Referenced by run().

1799 {
1801  { GNUNET_MQ_hd_fixed_size (ephemeral_key,
1803  struct EphemeralKeyMessage,
1804  NULL),
1807  struct PingMessage,
1808  NULL),
1811  struct PongMessage,
1812  NULL),
1813  GNUNET_MQ_hd_var_size (encrypted,
1815  struct EncryptedMessage,
1816  NULL),
1817  GNUNET_MQ_handler_end () };
1818 
1819  my_private_key = *pk;
1823  sign_ephemeral_key ();
1824  {
1825  struct GNUNET_HashCode eh;
1826 
1828  sizeof(current_ekm.ephemeral_key),
1829  &eh);
1831  "Starting with ephemeral key %s\n",
1832  GNUNET_h2s (&eh));
1833  }
1834 
1837  transport =
1839  &GSC_my_identity,
1840  handlers,
1841  NULL,
1845  if (NULL == transport)
1846  {
1847  GSC_KX_done ();
1848  return GNUNET_SYSERR;
1849  }
1850  return GNUNET_OK;
1851 }
static struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key
Our ephemeral private key.
static void ping(void *cls)
Send a ping to destination.
static void do_rekey(void *cls)
Task run to trigger rekeying.
struct GNUNET_CRYPTO_EcdsaPrivateKey pk
Private key from command line option, or NULL.
Response to a PING.
static struct GNUNET_TRANSPORT_CoreHandle * transport
Transport service.
#define GNUNET_MQ_hd_fixed_size(name, code, str, ctx)
static void handle_transport_notify_excess_bw(void *cls, const struct GNUNET_PeerIdentity *pid, void *connect_cls)
One of our neighbours has excess bandwidth, remember this.
const char * GNUNET_h2s(const struct GNUNET_HashCode *hc)
Convert a hash value to a string (for printing debug messages).
static void sign_ephemeral_key()
Setup the message that links the ephemeral key to our persistent public key and generate the appropri...
struct GNUNET_TRANSPORT_CoreHandle * GNUNET_TRANSPORT_core_connect(const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_PeerIdentity *self, const struct GNUNET_MQ_MessageHandler *handlers, void *cls, GNUNET_TRANSPORT_NotifyConnect nc, GNUNET_TRANSPORT_NotifyDisconnect nd)
Connect to the transport service.
#define GNUNET_MESSAGE_TYPE_CORE_PONG
Confirmation that other peer is alive.
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:508
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1269
static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key
Our private key.
static struct GNUNET_CADET_MessageHandler handlers[]
Handlers, for diverse services.
We're sending an (encrypted) PING to the other peer to check if it can decrypt.
#define GNUNET_MQ_hd_var_size(name, code, str, ctx)
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
Encapsulation for encrypted messages exchanged between peers.
A 512-bit hashcode.
Message handler for a specific message type.
#define GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY
Session key exchange between peers.
struct GNUNET_PeerIdentity GSC_my_identity
Our identity.
static void pong(struct GNUNET_CADET_Channel *channel, const struct CadetPingMessage *ping)
Reply with a pong to origin.
struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key
Ephemeral public ECC key.
static void * handle_transport_notify_connect(void *cls, const struct GNUNET_PeerIdentity *pid, struct GNUNET_MQ_Handle *mq)
Function called by transport to notify us that a peer connected to us (on the network level)...
#define GNUNET_MESSAGE_TYPE_CORE_PING
Check that other peer is alive (challenge).
static struct GNUNET_NotificationContext * nc
Notification context for broadcasting to monitors.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:193
struct GNUNET_NotificationContext * GNUNET_notification_context_create(unsigned int queue_length)
Create a new notification context.
Definition: nc.c:121
#define GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE
Encapsulation for an encrypted message between peers.
static struct GNUNET_SCHEDULER_Task * rekey_task
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
#define REKEY_FREQUENCY
How often do we rekey?
#define GNUNET_log(kind,...)
static struct EphemeralKeyMessage current_ekm
Current message we send for a key exchange.
static void handle_transport_notify_disconnect(void *cls, const struct GNUNET_PeerIdentity *peer, void *handler_cls)
Function called by transport telling us that a peer disconnected.
Message transmitted with the signed ephemeral key of a peer.
void GSC_KX_done()
Shutdown KX subsystem.
#define GNUNET_MQ_handler_end()
End-marker for the handlers array.
const struct GNUNET_CONFIGURATION_Handle * GSC_cfg
Our configuration.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_KX_done()

void GSC_KX_done ( void  )

Shutdown KX subsystem.

Definition at line 1858 of file gnunet-service-core_kx.c.

References GNUNET_notification_context_destroy(), GNUNET_SCHEDULER_cancel(), GNUNET_TRANSPORT_core_disconnect(), my_ephemeral_key, and my_private_key.

Referenced by GSC_KX_init(), and shutdown_task().

1859 {
1860  if (NULL != transport)
1861  {
1863  transport = NULL;
1864  }
1865  if (NULL != rekey_task)
1866  {
1868  rekey_task = NULL;
1869  }
1870  memset (&my_ephemeral_key,
1871  0,
1872  sizeof (my_ephemeral_key));
1873  memset (&my_private_key,
1874  0,
1875  sizeof (my_private_key));
1876  if (NULL != nc)
1877  {
1879  nc = NULL;
1880  }
1881 }
static struct GNUNET_CRYPTO_EcdhePrivateKey my_ephemeral_key
Our ephemeral private key.
static struct GNUNET_TRANSPORT_CoreHandle * transport
Transport service.
static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key
Our private key.
static struct GNUNET_NotificationContext * nc
Notification context for broadcasting to monitors.
static struct GNUNET_SCHEDULER_Task * rekey_task
Task scheduled for periodic re-generation (and thus rekeying) of our ephemeral key.
void GNUNET_TRANSPORT_core_disconnect(struct GNUNET_TRANSPORT_CoreHandle *handle)
Disconnect from the transport service.
void GNUNET_notification_context_destroy(struct GNUNET_NotificationContext *nc)
Destroy the context, force disconnect for all subscribers.
Definition: nc.c:137
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:972
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_NEIGHBOURS_check_excess_bandwidth()

int GSC_NEIGHBOURS_check_excess_bandwidth ( const struct GSC_KeyExchangeInfo kxinfo)

Check if the given neighbour has excess bandwidth available.

Parameters
targetneighbour to check
Returns
GNUNET_YES if excess bandwidth is available, GNUNET_NO if not

Definition at line 1904 of file gnunet-service-core_kx.c.

References GSC_KeyExchangeInfo::has_excess_bandwidth.

Referenced by try_transmission().

1905 {
1906  return kxinfo->has_excess_bandwidth;
1907 }
int has_excess_bandwidth
GNUNET_YES if this peer currently has excess bandwidth.
Here is the caller graph for this function:

◆ GSC_NEIGHBOURS_get_queue_length()

unsigned int GSC_NEIGHBOURS_get_queue_length ( const struct GSC_KeyExchangeInfo kxinfo)

Check how many messages are queued for the given neighbour.

Parameters
targetneighbour to check
Returns
number of items in the message queue
Parameters
kxinfodata about neighbour to check
Returns
number of items in the message queue

Definition at line 1891 of file gnunet-service-core_kx.c.

References GNUNET_MQ_get_length(), and GSC_KeyExchangeInfo::mq.

Referenced by try_transmission().

1892 {
1893  return GNUNET_MQ_get_length (kxinfo->mq);
1894 }
struct GNUNET_MQ_Handle * mq
Message queue for sending messages to peer.
unsigned int GNUNET_MQ_get_length(struct GNUNET_MQ_Handle *mq)
Obtain the current length of the message queue.
Definition: mq.c:337
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GSC_KX_handle_client_monitor_peers()

void GSC_KX_handle_client_monitor_peers ( struct GNUNET_MQ_Handle mq)

Handle GNUNET_MESSAGE_TYPE_CORE_MONITOR_PEERS request.

For this request type, the client does not have to have transmitted an INIT request. All current peers are returned, regardless of which message types they accept.

Parameters
mqmessage queue to add for monitoring

Definition at line 1919 of file gnunet-service-core_kx.c.

References env, GNUNET_CORE_KX_ITERATION_FINISHED, GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY, GNUNET_MQ_msg, GNUNET_MQ_send(), GNUNET_notification_context_add(), GNUNET_TIME_absolute_hton(), GNUNET_TIME_UNIT_FOREVER_ABS, msg, GSC_KeyExchangeInfo::next, GSC_KeyExchangeInfo::peer, MonitorNotifyMessage::peer, MonitorNotifyMessage::state, GSC_KeyExchangeInfo::status, GSC_KeyExchangeInfo::timeout, and MonitorNotifyMessage::timeout.

Referenced by handle_client_monitor_peers().

1920 {
1921  struct GNUNET_MQ_Envelope *env;
1922  struct MonitorNotifyMessage *done_msg;
1923  struct GSC_KeyExchangeInfo *kx;
1924 
1926  for (kx = kx_head; NULL != kx; kx = kx->next)
1927  {
1928  struct GNUNET_MQ_Envelope *env;
1929  struct MonitorNotifyMessage *msg;
1930 
1932  msg->state = htonl ((uint32_t) kx->status);
1933  msg->peer = *kx->peer;
1935  GNUNET_MQ_send (mq, env);
1936  }
1938  done_msg->state = htonl ((uint32_t) GNUNET_CORE_KX_ITERATION_FINISHED);
1940  GNUNET_MQ_send (mq, env);
1941 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
const struct GNUNET_PeerIdentity * peer
Identity of the peer.
enum GNUNET_CORE_KxState status
What is our connection status?
struct GNUNET_TIME_AbsoluteNBO timeout
How long will we stay in this state (if nothing else happens)?
Definition: core.h:322
#define GNUNET_MQ_msg(mvar, type)
Allocate a GNUNET_MQ_Envelope.
Definition: gnunet_mq_lib.h:67
static struct GSC_KeyExchangeInfo * kx_head
DLL head.
void GNUNET_notification_context_add(struct GNUNET_NotificationContext *nc, struct GNUNET_MQ_Handle *mq)
Add a subscriber to the notification context.
Definition: nc.c:160
#define GNUNET_TIME_UNIT_FOREVER_ABS
Constant used to specify "forever".
struct GSC_KeyExchangeInfo * next
DLL.
Information about the status of a key exchange with another peer.
This is not a state in a peer's state machine, but a special value used with the GNUNET_CORE_MonitorC...
struct GNUNET_MQ_Envelope * env
Definition: 005.c:1
static struct GNUNET_NotificationContext * nc
Notification context for broadcasting to monitors.
uint32_t state
New peer state, an enum GNUNET_CORE_KxState in NBO.
Definition: core.h:312
struct GNUNET_TIME_Absolute timeout
When should the session time out (if there are no PONGs)?
void GNUNET_MQ_send(struct GNUNET_MQ_Handle *mq, struct GNUNET_MQ_Envelope *ev)
Send a message with the given message queue.
Definition: mq.c:355
Message sent by the service to monitor clients to notify them about a peer changing status...
Definition: core.h:302
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:657
#define GNUNET_MESSAGE_TYPE_CORE_MONITOR_NOTIFY
Reply for monitor by CORE service.
struct GNUNET_PeerIdentity peer
Identity of the peer.
Definition: core.h:317
Here is the call graph for this function:
Here is the caller graph for this function: