2 This file is part of GNUnet.
3 Copyright (C) 2013, 2017 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @file cadet/gnunet-service-cadet-new_tunnels.c
22 * @brief Information we track per tunnel.
23 * @author Bartlomiej Polot
24 * @author Christian Grothoff
27 * - clean up KX logic!
28 * - implement sending and receiving KX messages
29 * - implement processing of incoming decrypted plaintext messages
30 * - when managing connections, distinguish those that
31 * have (recently) had traffic from those that were
32 * never ready (or not recently)
35 #include "gnunet_util_lib.h"
36 #include "gnunet_statistics_service.h"
37 #include "gnunet_signatures.h"
38 #include "gnunet-service-cadet-new.h"
39 #include "cadet_protocol.h"
40 #include "gnunet-service-cadet-new_channel.h"
41 #include "gnunet-service-cadet-new_connection.h"
42 #include "gnunet-service-cadet-new_tunnels.h"
43 #include "gnunet-service-cadet-new_peer.h"
44 #include "gnunet-service-cadet-new_paths.h"
47 #define LOG(level, ...) GNUNET_log_from(level,"cadet-tun",__VA_ARGS__)
51 * How long do we wait until tearing down an idle tunnel?
53 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
56 * Yuck, replace by 'offsetof' expression?
59 #define AX_HEADER_SIZE (sizeof (uint32_t) * 2\
60 + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))
64 * Maximum number of skipped keys we keep in memory per tunnel.
66 #define MAX_SKIPPED_KEYS 64
69 * Maximum number of keys (and thus ratchet steps) we are willing to
70 * skip before we decide this is either a bogus packet or a DoS-attempt.
72 #define MAX_KEY_GAP 256
76 * Struct to old keys for skipped messages while advancing the Axolotl ratchet.
78 struct CadetTunnelSkippedKey
83 struct CadetTunnelSkippedKey *next;
88 struct CadetTunnelSkippedKey *prev;
91 * When was this key stored (for timeout).
93 struct GNUNET_TIME_Absolute timestamp;
98 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
103 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
106 * Key number for a given HK.
113 * Axolotl data, according to https://github.com/trevp/axolotl/wiki .
115 struct CadetTunnelAxolotl
118 * A (double linked) list of stored message keys and associated header keys
119 * for "skipped" messages, i.e. messages that have not been
120 * received despite the reception of more recent messages, (head).
122 struct CadetTunnelSkippedKey *skipped_head;
125 * Skipped messages' keys DLL, tail.
127 struct CadetTunnelSkippedKey *skipped_tail;
130 * 32-byte root key which gets updated by DH ratchet.
132 struct GNUNET_CRYPTO_SymmetricSessionKey RK;
135 * 32-byte header key (send).
137 struct GNUNET_CRYPTO_SymmetricSessionKey HKs;
140 * 32-byte header key (recv)
142 struct GNUNET_CRYPTO_SymmetricSessionKey HKr;
145 * 32-byte next header key (send).
147 struct GNUNET_CRYPTO_SymmetricSessionKey NHKs;
150 * 32-byte next header key (recv).
152 struct GNUNET_CRYPTO_SymmetricSessionKey NHKr;
155 * 32-byte chain keys (used for forward-secrecy updating, send).
157 struct GNUNET_CRYPTO_SymmetricSessionKey CKs;
160 * 32-byte chain keys (used for forward-secrecy updating, recv).
162 struct GNUNET_CRYPTO_SymmetricSessionKey CKr;
165 * ECDH for key exchange (A0 / B0).
167 struct GNUNET_CRYPTO_EcdhePrivateKey *kx_0;
170 * ECDH Ratchet key (send).
172 struct GNUNET_CRYPTO_EcdhePrivateKey *DHRs;
175 * ECDH Ratchet key (recv).
177 struct GNUNET_CRYPTO_EcdhePublicKey DHRr;
180 * When does this ratchet expire and a new one is triggered.
182 struct GNUNET_TIME_Absolute ratchet_expiration;
185 * Number of elements in @a skipped_head <-> @a skipped_tail.
187 unsigned int skipped;
190 * Message number (reset to 0 with each new ratchet, next message to send).
195 * Message number (reset to 0 with each new ratchet, next message to recv).
200 * Previous message numbers (# of msgs sent under prev ratchet)
205 * True (#GNUNET_YES) if we have to send a new ratchet key in next msg.
210 * Number of messages recieved since our last ratchet advance.
211 * - If this counter = 0, we cannot send a new ratchet key in next msg.
212 * - If this counter > 0, we can (but don't yet have to) send a new key.
214 unsigned int ratchet_allowed;
217 * Number of messages recieved since our last ratchet advance.
218 * - If this counter = 0, we cannot send a new ratchet key in next msg.
219 * - If this counter > 0, we can (but don't yet have to) send a new key.
221 unsigned int ratchet_counter;
227 * Struct used to save messages in a non-ready tunnel to send once connected.
229 struct CadetTunnelQueueEntry
232 * We are entries in a DLL
234 struct CadetTunnelQueueEntry *next;
237 * We are entries in a DLL
239 struct CadetTunnelQueueEntry *prev;
242 * Tunnel these messages belong in.
244 struct CadetTunnel *t;
247 * Continuation to call once sent (on the channel layer).
249 GNUNET_SCHEDULER_TaskCallback cont;
252 * Closure for @c cont.
257 * Envelope of message to send follows.
259 struct GNUNET_MQ_Envelope *env;
262 * Where to put the connection identifier into the payload
263 * of the message in @e env once we have it?
265 struct GNUNET_CADET_ConnectionTunnelIdentifier *cid;
270 * Struct containing all information regarding a tunnel to a peer.
275 * Destination of the tunnel.
277 struct CadetPeer *destination;
280 * Peer's ephemeral key, to recreate @c e_key and @c d_key when own
281 * ephemeral key changes.
283 struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
286 * Encryption ("our") key. It is only "confirmed" if kx_ctx is NULL.
288 struct GNUNET_CRYPTO_SymmetricSessionKey e_key;
291 * Decryption ("their") key. It is only "confirmed" if kx_ctx is NULL.
293 struct GNUNET_CRYPTO_SymmetricSessionKey d_key;
298 struct CadetTunnelAxolotl ax;
301 * State of the tunnel connectivity.
303 enum CadetTunnelCState cstate;
306 * State of the tunnel encryption.
308 enum CadetTunnelEState estate;
311 * Task to start the rekey process.
313 struct GNUNET_SCHEDULER_Task *rekey_task;
316 * Tokenizer for decrypted messages.
318 struct GNUNET_MessageStreamTokenizer *mst;
321 * Dispatcher for decrypted messages only (do NOT use for sending!).
323 struct GNUNET_MQ_Handle *mq;
326 * DLL of connections that are actively used to reach the destination peer.
328 struct CadetTConnection *connection_head;
331 * DLL of connections that are actively used to reach the destination peer.
333 struct CadetTConnection *connection_tail;
336 * Channels inside this tunnel. Maps
337 * `struct GNUNET_CADET_ChannelTunnelNumber` to a `struct CadetChannel`.
339 struct GNUNET_CONTAINER_MultiHashMap32 *channels;
342 * Channel ID for the next created channel in this tunnel.
344 struct GNUNET_CADET_ChannelTunnelNumber next_chid;
347 * Queued messages, to transmit once tunnel gets connected.
349 struct CadetTunnelQueueEntry *tq_head;
352 * Queued messages, to transmit once tunnel gets connected.
354 struct CadetTunnelQueueEntry *tq_tail;
357 * Task scheduled if there are no more channels using the tunnel.
359 struct GNUNET_SCHEDULER_Task *destroy_task;
362 * Task to trim connections if too many are present.
364 struct GNUNET_SCHEDULER_Task *maintain_connections_task;
367 * Ephemeral message in the queue (to avoid queueing more than one).
369 struct CadetConnectionQueue *ephm_hKILL;
372 * Pong message in the queue.
374 struct CadetConnectionQueue *pong_hKILL;
377 * Number of connections in the @e connection_head DLL.
379 unsigned int num_connections;
382 * Number of entries in the @e tq_head DLL.
389 * Get the static string for the peer this tunnel is directed.
393 * @return Static string the destination peer's ID.
396 GCT_2s (const struct CadetTunnel *t)
403 GNUNET_snprintf (buf,
406 GCP_2s (t->destination));
412 * Return the peer to which this tunnel goes.
415 * @return the destination of the tunnel
418 GCT_get_destination (struct CadetTunnel *t)
420 return t->destination;
425 * Count channels of a tunnel.
427 * @param t Tunnel on which to count.
429 * @return Number of channels.
432 GCT_count_channels (struct CadetTunnel *t)
434 return GNUNET_CONTAINER_multihashmap32_size (t->channels);
439 * Lookup a channel by its @a chid.
441 * @param t tunnel to look in
442 * @param chid number of channel to find
443 * @return NULL if channel does not exist
445 struct CadetChannel *
446 lookup_channel (struct CadetTunnel *t,
447 struct GNUNET_CADET_ChannelTunnelNumber chid)
449 return GNUNET_CONTAINER_multihashmap32_get (t->channels,
455 * Count all created connections of a tunnel. Not necessarily ready connections!
457 * @param t Tunnel on which to count.
459 * @return Number of connections created, either being established or ready.
462 GCT_count_any_connections (struct CadetTunnel *t)
464 return t->num_connections;
469 * Get the connectivity state of a tunnel.
473 * @return Tunnel's connectivity state.
475 enum CadetTunnelCState
476 GCT_get_cstate (struct CadetTunnel *t)
483 * Get the encryption state of a tunnel.
487 * @return Tunnel's encryption state.
489 enum CadetTunnelEState
490 GCT_get_estate (struct CadetTunnel *t)
497 * Create a new Axolotl ephemeral (ratchet) key.
502 new_ephemeral (struct CadetTunnel *t)
504 GNUNET_free_non_null (t->ax.DHRs);
505 t->ax.DHRs = GNUNET_CRYPTO_ecdhe_key_create ();
509 /* ************************************** start core crypto ***************************** */
515 * @param plaintext Content to HMAC.
516 * @param size Size of @c plaintext.
517 * @param iv Initialization vector for the message.
518 * @param key Key to use.
519 * @param hmac[out] Destination to store the HMAC.
522 t_hmac (const void *plaintext,
525 const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
526 struct GNUNET_ShortHashCode *hmac)
528 static const char ctx[] = "cadet authentication key";
529 struct GNUNET_CRYPTO_AuthKey auth_key;
530 struct GNUNET_HashCode hash;
532 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
538 /* Two step: CADET_Hash is only 256 bits, HashCode is 512. */
539 GNUNET_CRYPTO_hmac (&auth_key,
552 * @param key Key to use.
553 * @param hash[out] Resulting HMAC.
554 * @param source Source key material (data to HMAC).
555 * @param len Length of @a source.
558 t_ax_hmac_hash (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
559 struct GNUNET_HashCode *hash,
563 static const char ctx[] = "axolotl HMAC-HASH";
564 struct GNUNET_CRYPTO_AuthKey auth_key;
566 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
570 GNUNET_CRYPTO_hmac (&auth_key,
578 * Derive a symmetric encryption key from an HMAC-HASH.
580 * @param key Key to use for the HMAC.
581 * @param[out] out Key to generate.
582 * @param source Source key material (data to HMAC).
583 * @param len Length of @a source.
586 t_hmac_derive_key (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
587 struct GNUNET_CRYPTO_SymmetricSessionKey *out,
591 static const char ctx[] = "axolotl derive key";
592 struct GNUNET_HashCode h;
598 GNUNET_CRYPTO_kdf (out, sizeof (*out),
606 * Encrypt data with the axolotl tunnel key.
608 * @param t Tunnel whose key to use.
609 * @param dst Destination with @a size bytes for the encrypted data.
610 * @param src Source of the plaintext. Can overlap with @c dst, must contain @a size bytes
611 * @param size Size of the buffers at @a src and @a dst
614 t_ax_encrypt (struct CadetTunnel *t,
619 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
620 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
621 struct CadetTunnelAxolotl *ax;
625 ax->ratchet_counter++;
626 if ( (GNUNET_YES == ax->ratchet_allowed) &&
627 ( (ratchet_messages <= ax->ratchet_counter) ||
628 (0 == GNUNET_TIME_absolute_get_remaining (ax->ratchet_expiration).rel_value_us)) )
630 ax->ratchet_flag = GNUNET_YES;
632 if (GNUNET_YES == ax->ratchet_flag)
634 /* Advance ratchet */
635 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
636 struct GNUNET_HashCode dh;
637 struct GNUNET_HashCode hmac;
638 static const char ctx[] = "axolotl ratchet";
643 /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
644 GNUNET_CRYPTO_ecc_ecdh (ax->DHRs,
647 t_ax_hmac_hash (&ax->RK,
651 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
653 &hmac, sizeof (hmac),
661 ax->ratchet_flag = GNUNET_NO;
662 ax->ratchet_allowed = GNUNET_NO;
663 ax->ratchet_counter = 0;
664 ax->ratchet_expiration
665 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(),
669 t_hmac_derive_key (&ax->CKs,
673 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
678 out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
683 GNUNET_assert (size == out_size);
684 t_hmac_derive_key (&ax->CKs,
692 * Decrypt data with the axolotl tunnel key.
694 * @param t Tunnel whose key to use.
695 * @param dst Destination for the decrypted data, must contain @a size bytes.
696 * @param src Source of the ciphertext. Can overlap with @c dst, must contain @a size bytes.
697 * @param size Size of the @a src and @a dst buffers
700 t_ax_decrypt (struct CadetTunnel *t,
705 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
706 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
707 struct CadetTunnelAxolotl *ax;
711 t_hmac_derive_key (&ax->CKr,
715 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
719 GNUNET_assert (size >= sizeof (struct GNUNET_MessageHeader));
720 out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
725 GNUNET_assert (out_size == size);
726 t_hmac_derive_key (&ax->CKr,
734 * Encrypt header with the axolotl header key.
736 * @param t Tunnel whose key to use.
737 * @param msg Message whose header to encrypt.
740 t_h_encrypt (struct CadetTunnel *t,
741 struct GNUNET_CADET_TunnelEncryptedMessage *msg)
743 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
744 struct CadetTunnelAxolotl *ax;
748 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
752 out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->Ns,
757 GNUNET_assert (AX_HEADER_SIZE == out_size);
762 * Decrypt header with the current axolotl header key.
764 * @param t Tunnel whose current ax HK to use.
765 * @param src Message whose header to decrypt.
766 * @param dst Where to decrypt header to.
769 t_h_decrypt (struct CadetTunnel *t,
770 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
771 struct GNUNET_CADET_TunnelEncryptedMessage *dst)
773 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
774 struct CadetTunnelAxolotl *ax;
778 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
782 out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,
787 GNUNET_assert (AX_HEADER_SIZE == out_size);
792 * Delete a key from the list of skipped keys.
794 * @param t Tunnel to delete from.
795 * @param key Key to delete.
798 delete_skipped_key (struct CadetTunnel *t,
799 struct CadetTunnelSkippedKey *key)
801 GNUNET_CONTAINER_DLL_remove (t->ax.skipped_head,
810 * Decrypt and verify data with the appropriate tunnel key and verify that the
811 * data has not been altered since it was sent by the remote peer.
813 * @param t Tunnel whose key to use.
814 * @param dst Destination for the plaintext.
815 * @param src Source of the message. Can overlap with @c dst.
816 * @param size Size of the message.
817 * @return Size of the decrypted data, -1 if an error was encountered.
820 try_old_ax_keys (struct CadetTunnel *t,
822 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
825 struct CadetTunnelSkippedKey *key;
826 struct GNUNET_ShortHashCode *hmac;
827 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
828 struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
829 struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
835 LOG (GNUNET_ERROR_TYPE_DEBUG,
836 "Trying skipped keys\n");
837 hmac = &plaintext_header.hmac;
838 esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
840 /* Find a correct Header Key */
842 for (key = t->ax.skipped_head; NULL != key; key = key->next)
845 AX_HEADER_SIZE + esize,
849 if (0 == memcmp (hmac,
860 /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
861 GNUNET_assert (size > sizeof (struct GNUNET_CADET_TunnelEncryptedMessage));
862 len = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
863 GNUNET_assert (len >= sizeof (struct GNUNET_MessageHeader));
866 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
870 res = GNUNET_CRYPTO_symmetric_decrypt (&src->Ns,
874 &plaintext_header.Ns);
875 GNUNET_assert (AX_HEADER_SIZE == res);
877 /* Find the correct message key */
878 N = ntohl (plaintext_header.Ns);
879 while ( (NULL != key) &&
882 if ( (NULL == key) ||
883 (0 != memcmp (&key->HK,
885 sizeof (*valid_HK))) )
888 /* Decrypt payload */
889 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
894 res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
899 delete_skipped_key (t,
906 * Delete a key from the list of skipped keys.
908 * @param t Tunnel to delete from.
909 * @param HKr Header Key to use.
912 store_skipped_key (struct CadetTunnel *t,
913 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
915 struct CadetTunnelSkippedKey *key;
917 key = GNUNET_new (struct CadetTunnelSkippedKey);
918 key->timestamp = GNUNET_TIME_absolute_get ();
921 t_hmac_derive_key (&t->ax.CKr,
925 t_hmac_derive_key (&t->ax.CKr,
929 GNUNET_CONTAINER_DLL_insert (t->ax.skipped_head,
938 * Stage skipped AX keys and calculate the message key.
939 * Stores each HK and MK for skipped messages.
941 * @param t Tunnel where to stage the keys.
942 * @param HKr Header key.
943 * @param Np Received meesage number.
944 * @return #GNUNET_OK if keys were stored.
945 * #GNUNET_SYSERR if an error ocurred (Np not expected).
948 store_ax_keys (struct CadetTunnel *t,
949 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
955 LOG (GNUNET_ERROR_TYPE_DEBUG,
956 "Storing skipped keys [%u, %u)\n",
959 if (MAX_KEY_GAP < gap)
961 /* Avoid DoS (forcing peer to do 2^33 chain HMAC operations) */
962 /* TODO: start new key exchange on return */
964 LOG (GNUNET_ERROR_TYPE_WARNING,
965 "Got message %u, expected %u+\n",
968 return GNUNET_SYSERR;
972 /* Delayed message: don't store keys, flag to try old keys. */
973 return GNUNET_SYSERR;
976 while (t->ax.Nr < Np)
977 store_skipped_key (t,
980 while (t->ax.skipped > MAX_SKIPPED_KEYS)
981 delete_skipped_key (t,
988 * Decrypt and verify data with the appropriate tunnel key and verify that the
989 * data has not been altered since it was sent by the remote peer.
991 * @param t Tunnel whose key to use.
992 * @param dst Destination for the plaintext.
993 * @param src Source of the message. Can overlap with @c dst.
994 * @param size Size of the message.
995 * @return Size of the decrypted data, -1 if an error was encountered.
998 t_ax_decrypt_and_validate (struct CadetTunnel *t,
1000 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
1003 struct CadetTunnelAxolotl *ax;
1004 struct GNUNET_ShortHashCode msg_hmac;
1005 struct GNUNET_HashCode hmac;
1006 struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1009 size_t esize; /* Size of encryped payload */
1011 esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1014 /* Try current HK */
1016 AX_HEADER_SIZE + esize,
1019 if (0 != memcmp (&msg_hmac,
1023 static const char ctx[] = "axolotl ratchet";
1024 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1025 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
1026 struct GNUNET_HashCode dh;
1027 struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1031 AX_HEADER_SIZE + esize,
1035 if (0 != memcmp (&msg_hmac,
1039 /* Try the skipped keys, if that fails, we're out of luck. */
1040 return try_old_ax_keys (t,
1050 Np = ntohl (plaintext_header.Ns);
1051 PNp = ntohl (plaintext_header.PNs);
1052 DHRp = &plaintext_header.DHRs;
1057 /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1058 GNUNET_CRYPTO_ecc_ecdh (ax->DHRs,
1061 t_ax_hmac_hash (&ax->RK,
1064 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1066 &hmac, sizeof (hmac),
1069 /* Commit "purported" keys */
1075 ax->ratchet_allowed = GNUNET_YES;
1082 Np = ntohl (plaintext_header.Ns);
1083 PNp = ntohl (plaintext_header.PNs);
1085 if ( (Np != ax->Nr) &&
1086 (GNUNET_OK != store_ax_keys (t,
1090 /* Try the skipped keys, if that fails, we're out of luck. */
1091 return try_old_ax_keys (t,
1107 * Send a KX message.
1109 * FIXME: does not take care of sender-authentication yet!
1111 * @param t Tunnel on which to send it.
1112 * @param force_reply Force the other peer to reply with a KX message.
1115 send_kx (struct CadetTunnel *t,
1118 struct CadetTunnelAxolotl *ax = &t->ax;
1119 struct CadetConnection *c;
1120 struct GNUNET_MQ_Envelope *env;
1121 struct GNUNET_CADET_TunnelKeyExchangeMessage *msg;
1122 enum GNUNET_CADET_KX_Flags flags;
1125 if (NULL != t->ephm_h)
1127 LOG (GNUNET_ERROR_TYPE_INFO,
1128 " already queued, nop\n");
1132 c = NULL; // FIXME: figure out where to transmit...
1134 // GNUNET_assert (GNUNET_NO == GCT_is_loopback (t));
1135 env = GNUNET_MQ_msg (msg,
1136 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX);
1137 flags = GNUNET_CADET_KX_FLAG_NONE;
1138 if (GNUNET_YES == force_reply)
1139 flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY;
1140 msg->flags = htonl (flags);
1141 msg->cid = *GCC_get_id (c);
1142 GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0,
1143 &msg->ephemeral_key);
1144 GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs,
1147 // FIXME: send 'env'.
1149 t->ephm_h = GCC_send_prebuilt_message (&msg.header,
1153 GCC_is_origin (c, GNUNET_YES),
1154 GNUNET_YES, &ephm_sent, t);
1155 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1156 GCT_change_estate (t, CADET_TUNNEL_KEY_SENT);
1162 * Handle KX message.
1164 * FIXME: sender-authentication in KX is missing!
1166 * @param ct connection/tunnel combo that received encrypted message
1167 * @param msg the key exchange message
1170 GCT_handle_kx (struct CadetTConnection *ct,
1171 const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
1173 struct CadetTunnel *t = ct->t;
1174 struct CadetTunnelAxolotl *ax = &t->ax;
1175 struct GNUNET_HashCode key_material[3];
1176 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1177 const char salt[] = "CADET Axolotl salt";
1178 const struct GNUNET_PeerIdentity *pid;
1181 pid = GCP_get_id (t->destination);
1182 if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
1184 am_I_alice = GNUNET_YES;
1185 else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
1187 am_I_alice = GNUNET_NO;
1190 GNUNET_break_op (0);
1194 if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->flags)))
1196 if (NULL != t->rekey_task)
1198 GNUNET_SCHEDULER_cancel (t->rekey_task);
1199 t->rekey_task = NULL;
1205 if (0 == memcmp (&ax->DHRr,
1207 sizeof (msg->ratchet_key)))
1209 LOG (GNUNET_ERROR_TYPE_INFO,
1210 " known ratchet key, exit\n");
1214 ax->DHRr = msg->ratchet_key;
1217 if (GNUNET_YES == am_I_alice)
1219 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */
1220 &msg->ephemeral_key, /* B0 */
1225 GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */
1226 &pid->public_key, /* A */
1231 if (GNUNET_YES == am_I_alice)
1233 GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */
1234 &pid->public_key, /* B */
1239 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* A */
1240 &msg->ephemeral_key, /* B0 */
1247 /* (This is the triple-DH, we could probably safely skip this,
1248 as A0/B0 are already in the key material.) */
1249 GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */
1250 &msg->ephemeral_key, /* B0 or A0 */
1254 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1255 salt, sizeof (salt),
1256 &key_material, sizeof (key_material),
1259 if (0 == memcmp (&ax->RK,
1263 LOG (GNUNET_ERROR_TYPE_INFO,
1264 " known handshake key, exit\n");
1268 if (GNUNET_YES == am_I_alice)
1274 ax->ratchet_flag = GNUNET_YES;
1282 ax->ratchet_flag = GNUNET_NO;
1283 ax->ratchet_allowed = GNUNET_NO;
1284 ax->ratchet_counter = 0;
1285 ax->ratchet_expiration
1286 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(),
1294 /* After KX is done, update state machine and begin transmissions... */
1295 GCT_change_estate (t,
1296 CADET_TUNNEL_KEY_PING);
1297 send_queued_data (t);
1302 /* ************************************** end core crypto ***************************** */
1306 * Compute the next free channel tunnel number for this tunnel.
1308 * @param t the tunnel
1309 * @return unused number that can uniquely identify a channel in the tunnel
1311 static struct GNUNET_CADET_ChannelTunnelNumber
1312 get_next_free_chid (struct CadetTunnel *t)
1314 struct GNUNET_CADET_ChannelTunnelNumber ret;
1317 /* FIXME: this logic does NOT prevent both ends of the
1318 channel from picking the same CHID!
1319 Need to reserve one bit of the CHID for the
1320 direction, i.e. which side established the connection! */
1321 chid = ntohl (t->next_chid.cn);
1323 GNUNET_CONTAINER_multihashmap32_get (t->channels,
1326 t->next_chid.cn = htonl (chid + 1);
1327 ret.cn = ntohl (chid);
1333 * Add a channel to a tunnel.
1337 * @return unique number identifying @a ch within @a t
1339 struct GNUNET_CADET_ChannelTunnelNumber
1340 GCT_add_channel (struct CadetTunnel *t,
1341 struct CadetChannel *ch)
1343 struct GNUNET_CADET_ChannelTunnelNumber chid;
1345 chid = get_next_free_chid (t);
1346 GNUNET_assert (GNUNET_YES ==
1347 GNUNET_CONTAINER_multihashmap32_put (t->channels,
1350 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1356 * This tunnel is no longer used, destroy it.
1358 * @param cls the idle tunnel
1361 destroy_tunnel (void *cls)
1363 struct CadetTunnel *t = cls;
1364 struct CadetTConnection *ct;
1365 struct CadetTunnelQueueEntry *tqe;
1367 t->destroy_task = NULL;
1368 GNUNET_assert (0 == GNUNET_CONTAINER_multihashmap32_size (t->channels));
1369 while (NULL != (ct = t->connection_head))
1371 GNUNET_assert (ct->t == t);
1372 GNUNET_CONTAINER_DLL_remove (t->connection_head,
1375 GCC_destroy (ct->cc);
1378 while (NULL != (tqe = t->tq_head))
1380 GNUNET_CONTAINER_DLL_remove (t->tq_head,
1383 GNUNET_MQ_discard (tqe->env);
1386 GCP_drop_tunnel (t->destination,
1388 GNUNET_CONTAINER_multihashmap32_destroy (t->channels);
1389 if (NULL != t->maintain_connections_task)
1391 GNUNET_SCHEDULER_cancel (t->maintain_connections_task);
1392 t->maintain_connections_task = NULL;
1394 GNUNET_MST_destroy (t->mst);
1395 GNUNET_MQ_destroy (t->mq);
1401 * A connection is @a is_ready for transmission. Looks at our message
1402 * queue and if there is a message, sends it out via the connection.
1404 * @param cls the `struct CadetTConnection` that is @a is_ready
1405 * @param is_ready #GNUNET_YES if connection are now ready,
1406 * #GNUNET_NO if connection are no longer ready
1409 connection_ready_cb (void *cls,
1412 struct CadetTConnection *ct = cls;
1413 struct CadetTunnel *t = ct->t;
1414 struct CadetTunnelQueueEntry *tq = t->tq_head;
1416 if (GNUNET_NO == ct->is_ready)
1418 ct->is_ready = GNUNET_NO;
1421 ct->is_ready = GNUNET_YES;
1423 return; /* no messages pending right now */
1425 /* ready to send message 'tq' on tunnel 'ct' */
1426 GNUNET_assert (t == tq->t);
1427 GNUNET_CONTAINER_DLL_remove (t->tq_head,
1430 if (NULL != tq->cid)
1431 *tq->cid = *GCC_get_id (ct->cc);
1432 ct->is_ready = GNUNET_NO;
1433 GCC_transmit (ct->cc,
1435 if (NULL != tq->cont)
1436 tq->cont (tq->cont_cls);
1442 * Called when either we have a new connection, or a new message in the
1443 * queue, or some existing connection has transmission capacity. Looks
1444 * at our message queue and if there is a message, picks a connection
1447 * FIXME: yuck... Need better selection logic!
1449 * @param t tunnel to process messages on
1452 trigger_transmissions (struct CadetTunnel *t)
1454 struct CadetTConnection *ct;
1456 if (NULL == t->tq_head)
1457 return; /* no messages pending right now */
1458 for (ct = t->connection_head;
1461 if (GNUNET_YES == ct->is_ready)
1464 return; /* no connections ready */
1466 /* FIXME: a bit hackish to do it like this... */
1467 connection_ready_cb (ct,
1473 * Function called to maintain the connections underlying our tunnel.
1474 * Tries to maintain (incl. tear down) connections for the tunnel, and
1475 * if there is a significant change, may trigger transmissions.
1477 * Basically, needs to check if there are connections that perform
1478 * badly, and if so eventually kill them and trigger a replacement.
1479 * The strategy is to open one more connection than
1480 * #DESIRED_CONNECTIONS_PER_TUNNEL, and then periodically kick out the
1481 * least-performing one, and then inquire for new ones.
1483 * @param cls the `struct CadetTunnel`
1486 maintain_connections_cb (void *cls)
1488 struct CadetTunnel *t = cls;
1490 GNUNET_break (0); // FIXME: implement!
1495 * Consider using the path @a p for the tunnel @a t.
1496 * The tunnel destination is at offset @a off in path @a p.
1498 * @param cls our tunnel
1499 * @param path a path to our destination
1500 * @param off offset of the destination on path @a path
1501 * @return #GNUNET_YES (should keep iterating)
1504 consider_path_cb (void *cls,
1505 struct CadetPeerPath *path,
1508 struct CadetTunnel *t = cls;
1509 unsigned int min_length = UINT_MAX;
1510 GNUNET_CONTAINER_HeapCostType max_desire = 0;
1511 struct CadetTConnection *ct;
1513 /* Check if we care about the new path. */
1514 for (ct = t->connection_head;
1518 struct CadetPeerPath *ps;
1520 ps = GCC_get_path (ct->cc);
1522 return GNUNET_YES; /* duplicate */
1523 min_length = GNUNET_MIN (min_length,
1524 GCPP_get_length (ps));
1525 max_desire = GNUNET_MAX (max_desire,
1526 GCPP_get_desirability (ps));
1529 /* FIXME: not sure we should really just count
1530 'num_connections' here, as they may all have
1531 consistently failed to connect. */
1533 /* We iterate by increasing path length; if we have enough paths and
1534 this one is more than twice as long than what we are currently
1535 using, then ignore all of these super-long ones! */
1536 if ( (t->num_connections > DESIRED_CONNECTIONS_PER_TUNNEL) &&
1537 (min_length * 2 < off) )
1539 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1540 "Ignoring paths of length %u, they are way too long.\n",
1544 /* If we have enough paths and this one looks no better, ignore it. */
1545 if ( (t->num_connections >= DESIRED_CONNECTIONS_PER_TUNNEL) &&
1546 (min_length < GCPP_get_length (path)) &&
1547 (max_desire > GCPP_get_desirability (path)) )
1549 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1550 "Ignoring path (%u/%llu) to %s, got something better already.\n",
1551 GCPP_get_length (path),
1552 (unsigned long long) GCPP_get_desirability (path),
1553 GCP_2s (t->destination));
1557 /* Path is interesting (better by some metric, or we don't have
1558 enough paths yet). */
1559 ct = GNUNET_new (struct CadetTConnection);
1560 ct->created = GNUNET_TIME_absolute_get ();
1562 ct->cc = GCC_create (t->destination,
1565 &connection_ready_cb,
1567 /* FIXME: schedule job to kill connection (and path?) if it takes
1568 too long to get ready! (And track performance data on how long
1569 other connections took with the tunnel!)
1570 => Note: to be done within 'connection'-logic! */
1571 GNUNET_CONTAINER_DLL_insert (t->connection_head,
1574 t->num_connections++;
1580 * Consider using the path @a p for the tunnel @a t.
1581 * The tunnel destination is at offset @a off in path @a p.
1583 * @param cls our tunnel
1584 * @param path a path to our destination
1585 * @param off offset of the destination on path @a path
1588 GCT_consider_path (struct CadetTunnel *t,
1589 struct CadetPeerPath *p,
1592 (void) consider_path_cb (t,
1601 * @param cls the `struct CadetTunnel` for which we decrypted the message
1602 * @param msg the message we received on the tunnel
1605 handle_plaintext_keepalive (void *cls,
1606 const struct GNUNET_MessageHeader *msg)
1608 struct CadetTunnel *t = cls;
1609 GNUNET_break (0); // FIXME
1614 * Check that @a msg is well-formed.
1616 * @param cls the `struct CadetTunnel` for which we decrypted the message
1617 * @param msg the message we received on the tunnel
1618 * @return #GNUNET_OK (any variable-size payload goes)
1621 check_plaintext_data (void *cls,
1622 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
1629 * We received payload data for a channel. Locate the channel
1630 * and process the data, or return an error if the channel is unknown.
1632 * @param cls the `struct CadetTunnel` for which we decrypted the message
1633 * @param msg the message we received on the tunnel
1636 handle_plaintext_data (void *cls,
1637 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
1639 struct CadetTunnel *t = cls;
1640 struct CadetChannel *ch;
1642 ch = lookup_channel (t,
1646 /* We don't know about such a channel, might have been destroyed on our
1647 end in the meantime, or never existed. Send back a DESTROY. */
1648 GCT_send_channel_destroy (t,
1652 GCCH_handle_channel_plaintext_data (ch,
1658 * We received an acknowledgement for data we sent on a channel.
1659 * Locate the channel and process it, or return an error if the
1660 * channel is unknown.
1662 * @param cls the `struct CadetTunnel` for which we decrypted the message
1663 * @param ack the message we received on the tunnel
1666 handle_plaintext_data_ack (void *cls,
1667 const struct GNUNET_CADET_ChannelDataAckMessage *ack)
1669 struct CadetTunnel *t = cls;
1670 struct CadetChannel *ch;
1672 ch = lookup_channel (t,
1676 /* We don't know about such a channel, might have been destroyed on our
1677 end in the meantime, or never existed. Send back a DESTROY. */
1678 GCT_send_channel_destroy (t,
1682 GCCH_handle_channel_plaintext_data_ack (ch,
1688 * We have received a request to open a channel to a port from
1689 * another peer. Creates the incoming channel.
1691 * @param cls the `struct CadetTunnel` for which we decrypted the message
1692 * @param cc the message we received on the tunnel
1695 handle_plaintext_channel_create (void *cls,
1696 const struct GNUNET_CADET_ChannelOpenMessage *cc)
1698 struct CadetTunnel *t = cls;
1699 struct CadetChannel *ch;
1700 struct GNUNET_CADET_ChannelTunnelNumber chid;
1702 chid = get_next_free_chid (t);
1703 ch = GCCH_channel_incoming_new (t,
1707 GNUNET_assert (GNUNET_OK ==
1708 GNUNET_CONTAINER_multihashmap32_put (t->channels,
1711 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
1716 * Send a DESTROY message via the tunnel.
1718 * @param t the tunnel to transmit over
1719 * @param chid ID of the channel to destroy
1722 GCT_send_channel_destroy (struct CadetTunnel *t,
1723 struct GNUNET_CADET_ChannelTunnelNumber chid)
1725 struct GNUNET_CADET_ChannelManageMessage msg;
1727 msg.header.size = htons (sizeof (msg));
1728 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY);
1729 msg.reserved = htonl (0);
1739 * We have received confirmation from the target peer that the
1740 * given channel could be established (the port is open).
1743 * @param cls the `struct CadetTunnel` for which we decrypted the message
1744 * @param cm the message we received on the tunnel
1747 handle_plaintext_channel_ack (void *cls,
1748 const struct GNUNET_CADET_ChannelManageMessage *cm)
1750 struct CadetTunnel *t = cls;
1751 struct CadetChannel *ch;
1753 ch = lookup_channel (t,
1757 /* We don't know about such a channel, might have been destroyed on our
1758 end in the meantime, or never existed. Send back a DESTROY. */
1759 GCT_send_channel_destroy (t,
1763 GCCH_handle_channel_create_ack (ch);
1768 * We received a message saying that a channel should be destroyed.
1769 * Pass it on to the correct channel.
1771 * @param cls the `struct CadetTunnel` for which we decrypted the message
1772 * @param cm the message we received on the tunnel
1775 handle_plaintext_channel_destroy (void *cls,
1776 const struct GNUNET_CADET_ChannelManageMessage *cm)
1778 struct CadetTunnel *t = cls;
1779 struct CadetChannel *cc = lookup_channel (t,
1782 GCCH_handle_remote_destroy (cc);
1787 * Handles a message we decrypted, by injecting it into
1788 * our message queue (which will do the dispatching).
1790 * @param cls the `struct CadetTunnel` that got the message
1791 * @param msg the message
1792 * @return #GNUNET_OK (continue to process)
1795 handle_decrypted (void *cls,
1796 const struct GNUNET_MessageHeader *msg)
1798 struct CadetTunnel *t = cls;
1800 GNUNET_MQ_inject_message (t->mq,
1807 * Function called if we had an error processing
1808 * an incoming decrypted message.
1810 * @param cls the `struct CadetTunnel`
1811 * @param error error code
1814 decrypted_error_cb (void *cls,
1815 enum GNUNET_MQ_Error error)
1817 GNUNET_break_op (0);
1822 * Create a tunnel to @a destionation. Must only be called
1823 * from within #GCP_get_tunnel().
1825 * @param destination where to create the tunnel to
1826 * @return new tunnel to @a destination
1828 struct CadetTunnel *
1829 GCT_create_tunnel (struct CadetPeer *destination)
1831 struct GNUNET_MQ_MessageHandler handlers[] = {
1832 GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
1833 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE,
1834 struct GNUNET_MessageHeader,
1836 GNUNET_MQ_hd_var_size (plaintext_data,
1837 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA,
1838 struct GNUNET_CADET_ChannelAppDataMessage,
1840 GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
1841 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK,
1842 struct GNUNET_CADET_ChannelDataAckMessage,
1844 GNUNET_MQ_hd_fixed_size (plaintext_channel_create,
1845 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN,
1846 struct GNUNET_CADET_ChannelOpenMessage,
1848 GNUNET_MQ_hd_fixed_size (plaintext_channel_ack,
1849 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK,
1850 struct GNUNET_CADET_ChannelManageMessage,
1852 GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
1853 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY,
1854 struct GNUNET_CADET_ChannelManageMessage,
1856 GNUNET_MQ_handler_end ()
1858 struct CadetTunnel *t;
1860 t = GNUNET_new (struct CadetTunnel);
1861 t->destination = destination;
1862 t->channels = GNUNET_CONTAINER_multihashmap32_create (8);
1863 (void) GCP_iterate_paths (destination,
1866 t->maintain_connections_task
1867 = GNUNET_SCHEDULER_add_now (&maintain_connections_cb,
1869 t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
1874 &decrypted_error_cb,
1876 t->mst = GNUNET_MST_create (&handle_decrypted,
1883 * Remove a channel from a tunnel.
1887 * @param gid unique number identifying @a ch within @a t
1890 GCT_remove_channel (struct CadetTunnel *t,
1891 struct CadetChannel *ch,
1892 struct GNUNET_CADET_ChannelTunnelNumber gid)
1894 GNUNET_assert (GNUNET_YES ==
1895 GNUNET_CONTAINER_multihashmap32_remove (t->channels,
1899 GNUNET_CONTAINER_multihashmap32_size (t->channels))
1901 t->destroy_task = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
1909 * Change the tunnel encryption state.
1910 * If the encryption state changes to OK, stop the rekey task.
1912 * @param t Tunnel whose encryption state to change, or NULL.
1913 * @param state New encryption state.
1916 GCT_change_estate (struct CadetTunnel *t,
1917 enum CadetTunnelEState state)
1919 enum CadetTunnelEState old = t->estate;
1922 LOG (GNUNET_ERROR_TYPE_DEBUG,
1923 "Tunnel %s estate changed from %d to %d\n",
1928 if ( (CADET_TUNNEL_KEY_OK != old) &&
1929 (CADET_TUNNEL_KEY_OK == t->estate) )
1931 if (NULL != t->rekey_task)
1933 GNUNET_SCHEDULER_cancel (t->rekey_task);
1934 t->rekey_task = NULL;
1937 /* Send queued data if tunnel is not loopback */
1938 if (myid != GCP_get_short_id (t->peer))
1939 send_queued_data (t);
1946 * Add a @a connection to the @a tunnel.
1949 * @param cid connection identifer to use for the connection
1950 * @param path path to use for the connection
1953 GCT_add_inbound_connection (struct CadetTunnel *t,
1954 const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid,
1955 struct CadetPeerPath *path)
1957 struct CadetConnection *cc;
1958 struct CadetTConnection *ct;
1960 ct = GNUNET_new (struct CadetTConnection);
1961 ct->created = GNUNET_TIME_absolute_get ();
1963 ct->cc = GCC_create_inbound (t->destination,
1967 &connection_ready_cb,
1969 /* FIXME: schedule job to kill connection (and path?) if it takes
1970 too long to get ready! (And track performance data on how long
1971 other connections took with the tunnel!)
1972 => Note: to be done within 'connection'-logic! */
1973 GNUNET_CONTAINER_DLL_insert (t->connection_head,
1976 t->num_connections++;
1981 * Handle encrypted message.
1983 * @param ct connection/tunnel combo that received encrypted message
1984 * @param msg the encrypted message to decrypt
1987 GCT_handle_encrypted (struct CadetTConnection *ct,
1988 const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
1990 struct CadetTunnel *t = ct->t;
1991 uint16_t size = ntohs (msg->header.size);
1992 char cbuf [size] GNUNET_ALIGN;
1993 ssize_t decrypted_size;
1995 GNUNET_STATISTICS_update (stats,
1996 "# received encrypted",
2000 decrypted_size = t_ax_decrypt_and_validate (t,
2005 if (-1 == decrypted_size)
2007 GNUNET_STATISTICS_update (stats,
2008 "# unable to decrypt",
2011 if (CADET_TUNNEL_KEY_PING <= t->estate)
2013 GNUNET_break_op (0);
2014 LOG (GNUNET_ERROR_TYPE_WARNING,
2015 "Wrong crypto, tunnel %s\n",
2018 GNUNET_ERROR_TYPE_WARNING);
2023 GCT_change_estate (t,
2024 CADET_TUNNEL_KEY_OK);
2025 /* The MST will ultimately call #handle_decrypted() on each message. */
2026 GNUNET_break_op (GNUNET_OK ==
2027 GNUNET_MST_from_buffer (t->mst,
2036 * Sends an already built message on a tunnel, encrypting it and
2037 * choosing the best connection if not provided.
2039 * @param message Message to send. Function modifies it.
2040 * @param t Tunnel on which this message is transmitted.
2041 * @param cont Continuation to call once message is really sent.
2042 * @param cont_cls Closure for @c cont.
2043 * @return Handle to cancel message. NULL if @c cont is NULL.
2045 struct CadetTunnelQueueEntry *
2046 GCT_send (struct CadetTunnel *t,
2047 const struct GNUNET_MessageHeader *message,
2048 GNUNET_SCHEDULER_TaskCallback cont,
2051 struct CadetTunnelQueueEntry *tq;
2052 uint16_t payload_size;
2053 struct GNUNET_MQ_Envelope *env;
2054 struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
2056 /* FIXME: what about KX not yet being ready? (see "is_ready()" check in old code!) */
2058 payload_size = ntohs (message->size);
2059 env = GNUNET_MQ_msg_extra (ax_msg,
2061 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED);
2066 ax_msg->Ns = htonl (t->ax.Ns++);
2067 ax_msg->PNs = htonl (t->ax.PNs);
2068 GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,
2072 t_hmac (&ax_msg->Ns,
2073 AX_HEADER_SIZE + payload_size,
2077 // ax_msg->pid = htonl (GCC_get_pid (c, fwd)); // FIXME: connection flow-control not (re)implemented yet!
2079 tq = GNUNET_malloc (sizeof (*tq));
2082 tq->cid = &ax_msg->cid;
2084 tq->cont_cls = cont_cls;
2085 GNUNET_CONTAINER_DLL_insert_tail (t->tq_head,
2088 trigger_transmissions (t);
2094 * Cancel a previously sent message while it's in the queue.
2096 * ONLY can be called before the continuation given to the send
2097 * function is called. Once the continuation is called, the message is
2098 * no longer in the queue!
2100 * @param q Handle to the queue entry to cancel.
2103 GCT_send_cancel (struct CadetTunnelQueueEntry *q)
2105 struct CadetTunnel *t = q->t;
2107 GNUNET_CONTAINER_DLL_remove (t->tq_head,
2115 * Iterate over all connections of a tunnel.
2117 * @param t Tunnel whose connections to iterate.
2118 * @param iter Iterator.
2119 * @param iter_cls Closure for @c iter.
2122 GCT_iterate_connections (struct CadetTunnel *t,
2123 GCT_ConnectionIterator iter,
2126 for (struct CadetTConnection *ct = t->connection_head;
2135 * Closure for #iterate_channels_cb.
2142 GCT_ChannelIterator iter;
2145 * Closure for @e iter.
2152 * Helper function for #GCT_iterate_channels.
2154 * @param cls the `struct ChanIterCls`
2156 * @param value a `struct CadetChannel`
2157 * @return #GNUNET_OK
2160 iterate_channels_cb (void *cls,
2164 struct ChanIterCls *ctx = cls;
2165 struct CadetChannel *ch = value;
2167 ctx->iter (ctx->iter_cls,
2174 * Iterate over all channels of a tunnel.
2176 * @param t Tunnel whose channels to iterate.
2177 * @param iter Iterator.
2178 * @param iter_cls Closure for @c iter.
2181 GCT_iterate_channels (struct CadetTunnel *t,
2182 GCT_ChannelIterator iter,
2185 struct ChanIterCls ctx;
2188 ctx.iter_cls = iter_cls;
2189 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
2190 &iterate_channels_cb,
2197 * Call #GCCH_debug() on a channel.
2199 * @param cls points to the log level to use
2201 * @param value the `struct CadetChannel` to dump
2202 * @return #GNUNET_OK (continue iteration)
2205 debug_channel (void *cls,
2209 const enum GNUNET_ErrorType *level = cls;
2210 struct CadetChannel *ch = value;
2212 GCCH_debug (ch, *level);
2218 * Get string description for tunnel connectivity state.
2220 * @param cs Tunnel state.
2222 * @return String representation.
2225 cstate2s (enum CadetTunnelCState cs)
2227 static char buf[32];
2231 case CADET_TUNNEL_NEW:
2232 return "CADET_TUNNEL_NEW";
2233 case CADET_TUNNEL_SEARCHING:
2234 return "CADET_TUNNEL_SEARCHING";
2235 case CADET_TUNNEL_WAITING:
2236 return "CADET_TUNNEL_WAITING";
2237 case CADET_TUNNEL_READY:
2238 return "CADET_TUNNEL_READY";
2239 case CADET_TUNNEL_SHUTDOWN:
2240 return "CADET_TUNNEL_SHUTDOWN";
2242 SPRINTF (buf, "%u (UNKNOWN STATE)", cs);
2249 * Get string description for tunnel encryption state.
2251 * @param es Tunnel state.
2253 * @return String representation.
2256 estate2s (enum CadetTunnelEState es)
2258 static char buf[32];
2262 case CADET_TUNNEL_KEY_UNINITIALIZED:
2263 return "CADET_TUNNEL_KEY_UNINITIALIZED";
2264 case CADET_TUNNEL_KEY_SENT:
2265 return "CADET_TUNNEL_KEY_SENT";
2266 case CADET_TUNNEL_KEY_PING:
2267 return "CADET_TUNNEL_KEY_PING";
2268 case CADET_TUNNEL_KEY_OK:
2269 return "CADET_TUNNEL_KEY_OK";
2270 case CADET_TUNNEL_KEY_REKEY:
2271 return "CADET_TUNNEL_KEY_REKEY";
2273 SPRINTF (buf, "%u (UNKNOWN STATE)", es);
2279 #define LOG2(level, ...) GNUNET_log_from_nocheck(level,"cadet-tun",__VA_ARGS__)
2283 * Log all possible info about the tunnel state.
2285 * @param t Tunnel to debug.
2286 * @param level Debug level to use.
2289 GCT_debug (const struct CadetTunnel *t,
2290 enum GNUNET_ErrorType level)
2292 struct CadetTConnection *iter_c;
2295 do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK),
2297 __FILE__, __FUNCTION__, __LINE__);
2302 "TTT TUNNEL TOWARDS %s in cstate %s, estate %s tq_len: %u #cons: %u\n",
2304 cstate2s (t->cstate),
2305 estate2s (t->estate),
2307 t->num_connections);
2308 #if DUMP_KEYS_TO_STDERR
2309 ax_debug (t->ax, level);
2313 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
2317 "TTT connections:\n");
2318 for (iter_c = t->connection_head; NULL != iter_c; iter_c = iter_c->next)
2319 GCC_debug (iter_c->cc,
2323 "TTT TUNNEL END\n");
2327 /* end of gnunet-service-cadet-new_tunnels.c */