2 This file is part of GNUnet.
3 Copyright (C) 2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
22 #include "gnunet_util_lib.h"
24 #include "gnunet_signatures.h"
25 #include "gnunet_statistics_service.h"
27 #include "cadet_protocol.h"
28 #include "cadet_path.h"
30 #include "gnunet-service-cadet_tunnel.h"
31 #include "gnunet-service-cadet_connection.h"
32 #include "gnunet-service-cadet_channel.h"
33 #include "gnunet-service-cadet_peer.h"
35 #define LOG(level, ...) GNUNET_log_from(level,"cadet-tun",__VA_ARGS__)
36 #define LOG2(level, ...) GNUNET_log_from_nocheck(level,"cadet-tun",__VA_ARGS__)
38 #define REKEY_WAIT GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 5)
40 #if !defined(GNUNET_CULL_LOGGING)
41 #define DUMP_KEYS_TO_STDERR GNUNET_YES
43 #define DUMP_KEYS_TO_STDERR GNUNET_NO
46 /******************************************************************************/
47 /******************************** STRUCTS **********************************/
48 /******************************************************************************/
52 struct CadetTChannel *next;
53 struct CadetTChannel *prev;
54 struct CadetChannel *ch;
59 * Connection list and metadata.
61 struct CadetTConnection
66 struct CadetTConnection *next;
71 struct CadetTConnection *prev;
76 struct CadetConnection *c;
79 * Creation time, to keep oldest connection alive.
81 struct GNUNET_TIME_Absolute created;
84 * Connection throughput, to keep fastest connection alive.
90 * Structure used during a Key eXchange.
92 struct CadetTunnelKXCtx
95 * Encryption ("our") old "confirmed" key, for encrypting traffic sent by us
96 * end before the key exchange is finished or times out.
98 struct GNUNET_CRYPTO_SymmetricSessionKey e_key_old;
101 * Decryption ("their") old "confirmed" key, for decrypting traffic sent by
102 * the other end before the key exchange started.
104 struct GNUNET_CRYPTO_SymmetricSessionKey d_key_old;
107 * Same as @c e_key_old, for the case of two simultaneous KX.
108 * This can happen if cadet decides to start a re-key while the peer has also
109 * started its re-key (due to network delay this is impossible to avoid).
110 * In this case, the key material generated with the peer's old ephemeral
111 * *might* (but doesn't have to) be incorrect.
112 * Since no more than two re-keys can happen simultaneously, this is enough.
114 struct GNUNET_CRYPTO_SymmetricSessionKey e_key_old2;
117 * Same as @c d_key_old, for the case described in @c e_key_old2.
119 struct GNUNET_CRYPTO_SymmetricSessionKey d_key_old2;
122 * Challenge to send and expect in the PONG.
127 * When the rekey started. One minute after this the new key will be used.
129 struct GNUNET_TIME_Absolute rekey_start_time;
132 * Task for delayed destruction of the Key eXchange context, to allow delayed
133 * messages with the old key to be decrypted successfully.
135 struct GNUNET_SCHEDULER_Task * finish_task;
139 * Encryption systems possible.
141 enum CadetTunnelEncryption
144 * Default Axolotl system.
149 * Fallback OTR-style encryption.
154 struct CadetTunnelSkippedKey
156 struct CadetTunnelSkippedKey *next;
157 struct CadetTunnelSkippedKey *prev;
159 struct GNUNET_TIME_Absolute timestamp;
161 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
162 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
165 struct CadetTunnelAxolotl
167 struct CadetTunnelSkippedKey *head;
168 struct CadetTunnelSkippedKey *tail;
172 struct GNUNET_CRYPTO_SymmetricSessionKey RK;
173 struct GNUNET_CRYPTO_SymmetricSessionKey HKs;
174 struct GNUNET_CRYPTO_SymmetricSessionKey HKr;
175 struct GNUNET_CRYPTO_SymmetricSessionKey NHKs;
176 struct GNUNET_CRYPTO_SymmetricSessionKey NHKr;
177 struct GNUNET_CRYPTO_SymmetricSessionKey CKs;
178 struct GNUNET_CRYPTO_SymmetricSessionKey CKr;
180 struct GNUNET_CRYPTO_EcdhePublicKey DHRs;
181 struct GNUNET_CRYPTO_EcdhePublicKey DHRr;
191 * Struct containing all information regarding a tunnel to a peer.
196 * Endpoint of the tunnel.
198 struct CadetPeer *peer;
201 * Type of encryption used in the tunnel.
203 enum CadetTunnelEncryption enc_type;
208 struct CadetTunnelAxolotl *ax;
211 * State of the tunnel connectivity.
213 enum CadetTunnelCState cstate;
216 * State of the tunnel encryption.
218 enum CadetTunnelEState estate;
221 * Key eXchange context.
223 struct CadetTunnelKXCtx *kx_ctx;
226 * Peer's ephemeral key, to recreate @c e_key and @c d_key when own ephemeral
229 struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
232 * Encryption ("our") key. It is only "confirmed" if kx_ctx is NULL.
234 struct GNUNET_CRYPTO_SymmetricSessionKey e_key;
237 * Decryption ("their") key. It is only "confirmed" if kx_ctx is NULL.
239 struct GNUNET_CRYPTO_SymmetricSessionKey d_key;
242 * Task to start the rekey process.
244 struct GNUNET_SCHEDULER_Task * rekey_task;
247 * Paths that are actively used to reach the destination peer.
249 struct CadetTConnection *connection_head;
250 struct CadetTConnection *connection_tail;
253 * Next connection number.
258 * Channels inside this tunnel.
260 struct CadetTChannel *channel_head;
261 struct CadetTChannel *channel_tail;
264 * Channel ID for the next created channel.
266 CADET_ChannelNumber next_chid;
269 * Destroy flag: if true, destroy on last message.
271 struct GNUNET_SCHEDULER_Task * destroy_task;
274 * Queued messages, to transmit once tunnel gets connected.
276 struct CadetTunnelDelayed *tq_head;
277 struct CadetTunnelDelayed *tq_tail;
280 * Task to trim connections if too many are present.
282 struct GNUNET_SCHEDULER_Task * trim_connections_task;
285 * Ephemeral message in the queue (to avoid queueing more than one).
287 struct CadetConnectionQueue *ephm_h;
290 * Pong message in the queue.
292 struct CadetConnectionQueue *pong_h;
297 * Struct used to save messages in a non-ready tunnel to send once connected.
299 struct CadetTunnelDelayed
304 struct CadetTunnelDelayed *next;
305 struct CadetTunnelDelayed *prev;
310 struct CadetTunnel *t;
313 * Tunnel queue given to the channel to cancel request. Update on send_queued.
315 struct CadetTunnelQueue *tq;
320 /* struct GNUNET_MessageHeader *msg; */
325 * Handle for messages queued but not yet sent.
327 struct CadetTunnelQueue
330 * Connection queue handle, to cancel if necessary.
332 struct CadetConnectionQueue *cq;
335 * Handle in case message hasn't been given to a connection yet.
337 struct CadetTunnelDelayed *tqd;
340 * Continuation to call once sent.
345 * Closure for @c cont.
351 /******************************************************************************/
352 /******************************* GLOBALS ***********************************/
353 /******************************************************************************/
356 * Global handle to the statistics service.
358 extern struct GNUNET_STATISTICS_Handle *stats;
361 * Local peer own ID (memory efficient handle).
363 extern GNUNET_PEER_Id myid;
366 * Local peer own ID (full value).
368 extern struct GNUNET_PeerIdentity my_full_id;
372 * Don't try to recover tunnels if shutting down.
374 extern int shutting_down;
378 * Set of all tunnels, in order to trigger a new exchange on rekey.
379 * Indexed by peer's ID.
381 static struct GNUNET_CONTAINER_MultiPeerMap *tunnels;
384 * Default TTL for payload packets.
386 static unsigned long long default_ttl;
391 const static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key;
394 * Own ephemeral private key.
396 static struct GNUNET_CRYPTO_EcdhePrivateKey *my_ephemeral_key;
399 * Cached message used to perform a key exchange.
401 static struct GNUNET_CADET_KX_Ephemeral kx_msg;
404 * Task to generate a new ephemeral key.
406 static struct GNUNET_SCHEDULER_Task * rekey_task;
411 static struct GNUNET_TIME_Relative rekey_period;
413 /******************************************************************************/
414 /******************************** STATIC ***********************************/
415 /******************************************************************************/
418 * Get string description for tunnel connectivity state.
420 * @param cs Tunnel state.
422 * @return String representation.
425 cstate2s (enum CadetTunnelCState cs)
431 case CADET_TUNNEL_NEW:
432 return "CADET_TUNNEL_NEW";
433 case CADET_TUNNEL_SEARCHING:
434 return "CADET_TUNNEL_SEARCHING";
435 case CADET_TUNNEL_WAITING:
436 return "CADET_TUNNEL_WAITING";
437 case CADET_TUNNEL_READY:
438 return "CADET_TUNNEL_READY";
439 case CADET_TUNNEL_SHUTDOWN:
440 return "CADET_TUNNEL_SHUTDOWN";
442 SPRINTF (buf, "%u (UNKNOWN STATE)", cs);
450 * Get string description for tunnel encryption state.
452 * @param es Tunnel state.
454 * @return String representation.
457 estate2s (enum CadetTunnelEState es)
463 case CADET_TUNNEL_KEY_UNINITIALIZED:
464 return "CADET_TUNNEL_KEY_UNINITIALIZED";
465 case CADET_TUNNEL_KEY_SENT:
466 return "CADET_TUNNEL_KEY_SENT";
467 case CADET_TUNNEL_KEY_PING:
468 return "CADET_TUNNEL_KEY_PING";
469 case CADET_TUNNEL_KEY_OK:
470 return "CADET_TUNNEL_KEY_OK";
471 case CADET_TUNNEL_KEY_REKEY:
472 return "CADET_TUNNEL_KEY_REKEY";
474 SPRINTF (buf, "%u (UNKNOWN STATE)", es);
482 * @brief Check if tunnel is ready to send traffic.
484 * Tunnel must be connected and with encryption correctly set up.
486 * @param t Tunnel to check.
488 * @return #GNUNET_YES if ready, #GNUNET_NO otherwise
491 is_ready (struct CadetTunnel *t)
495 GCT_debug (t, GNUNET_ERROR_TYPE_DEBUG);
496 ready = CADET_TUNNEL_READY == t->cstate
497 && (CADET_TUNNEL_KEY_OK == t->estate
498 || CADET_TUNNEL_KEY_REKEY == t->estate);
499 ready = ready || GCT_is_loopback (t);
505 * Check if a key is invalid (NULL pointer or all 0)
507 * @param key Key to check.
509 * @return #GNUNET_YES if key is null, #GNUNET_NO if exists and is not 0.
512 is_key_null (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
514 struct GNUNET_CRYPTO_SymmetricSessionKey null_key;
519 memset (&null_key, 0, sizeof (null_key));
520 if (0 == memcmp (key, &null_key, sizeof (null_key)))
527 * Ephemeral key message purpose size.
529 * @return Size of the part of the ephemeral key message that must be signed.
532 ephemeral_purpose_size (void)
534 return sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
535 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
536 sizeof (struct GNUNET_TIME_AbsoluteNBO) +
537 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) +
538 sizeof (struct GNUNET_PeerIdentity);
543 * Size of the encrypted part of a ping message.
545 * @return Size of the encrypted part of a ping message.
548 ping_encryption_size (void)
550 return sizeof (uint32_t);
555 * Get the channel's buffer. ONLY FOR NON-LOOPBACK CHANNELS!!
557 * @param tch Tunnel's channel handle.
559 * @return Amount of messages the channel can still buffer towards the client.
562 get_channel_buffer (const struct CadetTChannel *tch)
566 /* If channel is incoming, is terminal in the FWD direction and fwd is YES */
567 fwd = GCCH_is_terminal (tch->ch, GNUNET_YES);
569 return GCCH_get_buffer (tch->ch, fwd);
574 * Get the channel's allowance status.
576 * @param tch Tunnel's channel handle.
578 * @return #GNUNET_YES if we allowed the client to send data to us.
581 get_channel_allowed (const struct CadetTChannel *tch)
585 /* If channel is outgoing, is origin in the FWD direction and fwd is YES */
586 fwd = GCCH_is_origin (tch->ch, GNUNET_YES);
588 return GCCH_get_allowed (tch->ch, fwd);
593 * Get the connection's buffer.
595 * @param tc Tunnel's connection handle.
597 * @return Amount of messages the connection can still buffer.
600 get_connection_buffer (const struct CadetTConnection *tc)
604 /* If connection is outgoing, is origin in the FWD direction and fwd is YES */
605 fwd = GCC_is_origin (tc->c, GNUNET_YES);
607 return GCC_get_buffer (tc->c, fwd);
612 * Get the connection's allowance.
614 * @param tc Tunnel's connection handle.
616 * @return Amount of messages we have allowed the next peer to send us.
619 get_connection_allowed (const struct CadetTConnection *tc)
623 /* If connection is outgoing, is origin in the FWD direction and fwd is YES */
624 fwd = GCC_is_origin (tc->c, GNUNET_YES);
626 return GCC_get_allowed (tc->c, fwd);
631 * Check that a ephemeral key message s well formed and correctly signed.
633 * @param t Tunnel on which the message came.
634 * @param msg The ephemeral key message.
636 * @return GNUNET_OK if message is fine, GNUNET_SYSERR otherwise.
639 check_ephemeral (struct CadetTunnel *t,
640 const struct GNUNET_CADET_KX_Ephemeral *msg)
642 /* Check message size */
643 if (ntohs (msg->header.size) != sizeof (struct GNUNET_CADET_KX_Ephemeral))
644 return GNUNET_SYSERR;
646 /* Check signature size */
647 if (ntohl (msg->purpose.size) != ephemeral_purpose_size ())
648 return GNUNET_SYSERR;
651 if (0 != memcmp (&msg->origin_identity,
652 GCP_get_id (t->peer),
653 sizeof (struct GNUNET_PeerIdentity)))
654 return GNUNET_SYSERR;
656 /* Check signature */
658 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_KX,
661 &msg->origin_identity.public_key))
662 return GNUNET_SYSERR;
669 * Select the best key to use for encryption (send), based on KX status.
671 * Normally, return the current key. If there is a KX in progress and the old
672 * key is fresh enough, return the old key.
674 * @param t Tunnel to choose the key from.
676 * @return The optimal key to encrypt/hmac outgoing traffic.
678 static const struct GNUNET_CRYPTO_SymmetricSessionKey *
679 select_key (const struct CadetTunnel *t)
681 const struct GNUNET_CRYPTO_SymmetricSessionKey *key;
683 if (NULL != t->kx_ctx
684 && NULL == t->kx_ctx->finish_task)
686 struct GNUNET_TIME_Relative age;
688 age = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time);
689 LOG (GNUNET_ERROR_TYPE_DEBUG,
690 " key exchange in progress, started %s ago\n",
691 GNUNET_STRINGS_relative_time_to_string (age, GNUNET_YES));
692 // FIXME make duration of old keys configurable
693 if (age.rel_value_us < GNUNET_TIME_UNIT_MINUTES.rel_value_us)
695 LOG (GNUNET_ERROR_TYPE_DEBUG, " using old key\n");
696 key = &t->kx_ctx->e_key_old;
700 LOG (GNUNET_ERROR_TYPE_DEBUG, " using new key (old key too old)\n");
706 LOG (GNUNET_ERROR_TYPE_DEBUG, " no KX: using current key\n");
716 * @param plaintext Content to HMAC.
717 * @param size Size of @c plaintext.
718 * @param iv Initialization vector for the message.
719 * @param key Key to use.
720 * @param hmac[out] Destination to store the HMAC.
723 t_hmac (const void *plaintext, size_t size,
724 uint32_t iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
725 struct GNUNET_CADET_Hash *hmac)
727 static const char ctx[] = "cadet authentication key";
728 struct GNUNET_CRYPTO_AuthKey auth_key;
729 struct GNUNET_HashCode hash;
731 #if DUMP_KEYS_TO_STDERR
732 LOG (GNUNET_ERROR_TYPE_INFO, " HMAC with key %s\n",
733 GNUNET_h2s ((struct GNUNET_HashCode *) key));
735 GNUNET_CRYPTO_hmac_derive_key (&auth_key, key,
740 /* Two step: CADET_Hash is only 256 bits, HashCode is 512. */
741 GNUNET_CRYPTO_hmac (&auth_key, plaintext, size, &hash);
742 memcpy (hmac, &hash, sizeof (*hmac));
747 * Encrypt daforce_newest_keyta with the tunnel key.
749 * @param t Tunnel whose key to use.
750 * @param dst Destination for the encrypted data.
751 * @param src Source of the plaintext. Can overlap with @c dst.
752 * @param size Size of the plaintext.
753 * @param iv Initialization Vector to use.
754 * @param force_newest_key Force the use of the newest key, otherwise
755 * CADET will use the old key when allowed.
756 * This can happen in the case when a KX is going on
757 * and the old one hasn't expired.
760 t_encrypt (struct CadetTunnel *t, void *dst, const void *src,
761 size_t size, uint32_t iv, int force_newest_key)
763 struct GNUNET_CRYPTO_SymmetricInitializationVector siv;
764 const struct GNUNET_CRYPTO_SymmetricSessionKey *key;
767 LOG (GNUNET_ERROR_TYPE_DEBUG, " t_encrypt start\n");
769 key = GNUNET_YES == force_newest_key ? &t->e_key : select_key (t);
770 #if DUMP_KEYS_TO_STDERR
771 LOG (GNUNET_ERROR_TYPE_INFO, " ENC with key %s\n",
772 GNUNET_h2s ((struct GNUNET_HashCode *) key));
774 GNUNET_CRYPTO_symmetric_derive_iv (&siv, key, &iv, sizeof (iv), NULL);
775 LOG (GNUNET_ERROR_TYPE_DEBUG, " t_encrypt IV derived\n");
776 out_size = GNUNET_CRYPTO_symmetric_encrypt (src, size, key, &siv, dst);
777 LOG (GNUNET_ERROR_TYPE_DEBUG, " t_encrypt end\n");
784 * Decrypt and verify data with the appropriate tunnel key.
786 * @param key Key to use.
787 * @param dst Destination for the plaintext.
788 * @param src Source of the encrypted data. Can overlap with @c dst.
789 * @param size Size of the encrypted data.
790 * @param iv Initialization Vector to use.
792 * @return Size of the decrypted data, -1 if an error was encountered.
795 decrypt (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
796 void *dst, const void *src, size_t size, uint32_t iv)
798 struct GNUNET_CRYPTO_SymmetricInitializationVector siv;
801 LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt start\n");
802 LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt iv\n");
803 GNUNET_CRYPTO_symmetric_derive_iv (&siv, key, &iv, sizeof (iv), NULL);
804 LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt iv done\n");
805 out_size = GNUNET_CRYPTO_symmetric_decrypt (src, size, key, &siv, dst);
806 LOG (GNUNET_ERROR_TYPE_DEBUG, " decrypt end\n");
813 * Decrypt and verify data with the most recent tunnel key.
815 * @param t Tunnel whose key to use.
816 * @param dst Destination for the plaintext.
817 * @param src Source of the encrypted data. Can overlap with @c dst.
818 * @param size Size of the encrypted data.
819 * @param iv Initialization Vector to use.
821 * @return Size of the decrypted data, -1 if an error was encountered.
824 t_decrypt (struct CadetTunnel *t, void *dst, const void *src,
825 size_t size, uint32_t iv)
829 #if DUMP_KEYS_TO_STDERR
830 LOG (GNUNET_ERROR_TYPE_DEBUG, " t_decrypt with %s\n",
831 GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
833 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
835 GNUNET_STATISTICS_update (stats, "# non decryptable data", 1, GNUNET_NO);
836 LOG (GNUNET_ERROR_TYPE_WARNING,
837 "got data on %s without a valid key\n",
839 GCT_debug (t, GNUNET_ERROR_TYPE_WARNING);
843 out_size = decrypt (&t->d_key, dst, src, size, iv);
850 * Decrypt and verify data with the appropriate tunnel key and verify that the
851 * data has not been altered since it was sent by the remote peer.
853 * @param t Tunnel whose key to use.
854 * @param dst Destination for the plaintext.
855 * @param src Source of the encrypted data. Can overlap with @c dst.
856 * @param size Size of the encrypted data.
857 * @param iv Initialization Vector to use.
858 * @param msg_hmac HMAC of the message, cannot be NULL.
860 * @return Size of the decrypted data, -1 if an error was encountered.
863 t_decrypt_and_validate (struct CadetTunnel *t,
864 void *dst, const void *src,
865 size_t size, uint32_t iv,
866 const struct GNUNET_CADET_Hash *msg_hmac)
868 struct GNUNET_CRYPTO_SymmetricSessionKey *key;
869 struct GNUNET_CADET_Hash hmac;
872 /* Try primary (newest) key */
874 decrypted_size = decrypt (key, dst, src, size, iv);
875 t_hmac (src, size, iv, key, &hmac);
876 if (0 == memcmp (msg_hmac, &hmac, sizeof (hmac)))
877 return decrypted_size;
879 /* If no key exchange is going on, we just failed. */
880 if (NULL == t->kx_ctx)
882 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
883 "Failed checksum validation on tunnel %s with no KX\n",
885 GNUNET_STATISTICS_update (stats, "# wrong HMAC no KX", 1, GNUNET_NO);
889 /* Try secondary key, from previous KX period. */
890 key = &t->kx_ctx->d_key_old;
891 decrypted_size = decrypt (key, dst, src, size, iv);
892 t_hmac (src, size, iv, key, &hmac);
893 if (0 == memcmp (msg_hmac, &hmac, sizeof (hmac)))
894 return decrypted_size;
896 /* Hail Mary, try tertiary, key, in case of parallel re-keys. */
897 key = &t->kx_ctx->d_key_old2;
898 decrypted_size = decrypt (key, dst, src, size, iv);
899 t_hmac (src, size, iv, key, &hmac);
900 if (0 == memcmp (msg_hmac, &hmac, sizeof (hmac)))
901 return decrypted_size;
903 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
904 "Failed checksum validation on tunnel %s with KX\n",
906 GNUNET_STATISTICS_update (stats, "# wrong HMAC with KX", 1, GNUNET_NO);
911 * Decrypt and verify data with the appropriate tunnel key and verify that the
912 * data has not been altered since it was sent by the remote peer.
914 * @param t Tunnel whose key to use.
915 * @param dst Destination for the plaintext.
916 * @param src Source of the encrypted data. Can overlap with @c dst.
917 * @param size Size of the encrypted data.
918 * @param msg_hmac HMAC of the message, cannot be NULL.
920 * @return Size of the decrypted data, -1 if an error was encountered.
923 t_ax_decrypt_and_validate (struct CadetTunnel *t,
924 void *dst, const void *src, size_t size,
925 const struct GNUNET_CADET_Hash *msg_hmac)
927 struct CadetTunnelAxolotl *ax;
939 * Create key material by doing ECDH on the local and remote ephemeral keys.
941 * @param key_material Where to store the key material.
942 * @param ephemeral_key Peer's public ephemeral key.
945 derive_key_material (struct GNUNET_HashCode *key_material,
946 const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key)
949 GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key,
959 * Create a symmetic key from the identities of both ends and the key material
962 * @param key Destination for the generated key.
963 * @param sender ID of the peer that will encrypt with @c key.
964 * @param receiver ID of the peer that will decrypt with @c key.
965 * @param key_material Hash created with ECDH with the ephemeral keys.
968 derive_symmertic (struct GNUNET_CRYPTO_SymmetricSessionKey *key,
969 const struct GNUNET_PeerIdentity *sender,
970 const struct GNUNET_PeerIdentity *receiver,
971 const struct GNUNET_HashCode *key_material)
973 const char salt[] = "CADET kx salt";
975 GNUNET_CRYPTO_kdf (key, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
977 key_material, sizeof (struct GNUNET_HashCode),
978 sender, sizeof (struct GNUNET_PeerIdentity),
979 receiver, sizeof (struct GNUNET_PeerIdentity),
985 * Derive the tunnel's keys using our own and the peer's ephemeral keys.
987 * @param t Tunnel for which to create the keys.
990 create_keys (struct CadetTunnel *t)
992 struct GNUNET_HashCode km;
994 derive_key_material (&km, &t->peers_ephemeral_key);
995 derive_symmertic (&t->e_key, &my_full_id, GCP_get_id (t->peer), &km);
996 derive_symmertic (&t->d_key, GCP_get_id (t->peer), &my_full_id, &km);
997 #if DUMP_KEYS_TO_STDERR
998 LOG (GNUNET_ERROR_TYPE_INFO, "ME: %s\n",
999 GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
1000 LOG (GNUNET_ERROR_TYPE_INFO, "PE: %s\n",
1001 GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
1002 LOG (GNUNET_ERROR_TYPE_INFO, "KM: %s\n", GNUNET_h2s (&km));
1003 LOG (GNUNET_ERROR_TYPE_INFO, "EK: %s\n",
1004 GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key));
1005 LOG (GNUNET_ERROR_TYPE_INFO, "DK: %s\n",
1006 GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
1012 * Create a new Key eXchange context for the tunnel.
1014 * If the old keys were verified, keep them for old traffic. Create a new KX
1015 * timestamp and a new nonce.
1017 * @param t Tunnel for which to create the KX ctx.
1020 create_kx_ctx (struct CadetTunnel *t)
1022 LOG (GNUNET_ERROR_TYPE_INFO, " new kx ctx for %s\n", GCT_2s (t));
1024 if (NULL != t->kx_ctx)
1026 if (NULL != t->kx_ctx->finish_task)
1028 LOG (GNUNET_ERROR_TYPE_INFO, " resetting exisiting finish task\n");
1029 GNUNET_SCHEDULER_cancel (t->kx_ctx->finish_task);
1030 t->kx_ctx->finish_task = NULL;
1035 t->kx_ctx = GNUNET_new (struct CadetTunnelKXCtx);
1036 t->kx_ctx->challenge = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE,
1040 if (CADET_TUNNEL_KEY_OK == t->estate)
1042 LOG (GNUNET_ERROR_TYPE_INFO, " backing up keys\n");
1043 t->kx_ctx->d_key_old = t->d_key;
1044 t->kx_ctx->e_key_old = t->e_key;
1047 LOG (GNUNET_ERROR_TYPE_INFO, " old keys not valid, not saving\n");
1048 t->kx_ctx->rekey_start_time = GNUNET_TIME_absolute_get ();
1054 * @brief Finish the Key eXchange and destroy the old keys.
1056 * @param cls Closure (Tunnel for which to finish the KX).
1057 * @param tc Task context.
1060 finish_kx (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
1062 struct CadetTunnel *t = cls;
1064 LOG (GNUNET_ERROR_TYPE_INFO, "finish KX for %s\n", GCT_2s (t));
1066 if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN))
1068 LOG (GNUNET_ERROR_TYPE_INFO, " shutdown\n");
1072 GNUNET_free (t->kx_ctx);
1078 * Destroy a Key eXchange context for the tunnel. This function only schedules
1079 * the destruction, the freeing of the memory (and clearing of old key material)
1080 * happens after a delay!
1082 * @param t Tunnel whose KX ctx to destroy.
1085 destroy_kx_ctx (struct CadetTunnel *t)
1087 struct GNUNET_TIME_Relative delay;
1089 if (NULL == t->kx_ctx || NULL != t->kx_ctx->finish_task)
1092 if (is_key_null (&t->kx_ctx->e_key_old))
1094 t->kx_ctx->finish_task = GNUNET_SCHEDULER_add_now (finish_kx, t);
1098 delay = GNUNET_TIME_relative_divide (rekey_period, 4);
1099 delay = GNUNET_TIME_relative_min (delay, GNUNET_TIME_UNIT_MINUTES);
1101 t->kx_ctx->finish_task = GNUNET_SCHEDULER_add_delayed (delay, finish_kx, t);
1107 * Pick a connection on which send the next data message.
1109 * @param t Tunnel on which to send the message.
1111 * @return The connection on which to send the next message.
1113 static struct CadetConnection *
1114 tunnel_get_connection (struct CadetTunnel *t)
1116 struct CadetTConnection *iter;
1117 struct CadetConnection *best;
1119 unsigned int lowest_q;
1121 LOG (GNUNET_ERROR_TYPE_DEBUG, "tunnel_get_connection %s\n", GCT_2s (t));
1123 lowest_q = UINT_MAX;
1124 for (iter = t->connection_head; NULL != iter; iter = iter->next)
1126 LOG (GNUNET_ERROR_TYPE_DEBUG, " connection %s: %u\n",
1127 GCC_2s (iter->c), GCC_get_state (iter->c));
1128 if (CADET_CONNECTION_READY == GCC_get_state (iter->c))
1130 qn = GCC_get_qn (iter->c, GCC_is_origin (iter->c, GNUNET_YES));
1131 LOG (GNUNET_ERROR_TYPE_DEBUG, " q_n %u, \n", qn);
1139 LOG (GNUNET_ERROR_TYPE_DEBUG, " selected: connection %s\n", GCC_2s (best));
1145 * Callback called when a queued message is sent.
1147 * Calculates the average time and connection packet tracking.
1149 * @param cls Closure (TunnelQueue handle).
1150 * @param c Connection this message was on.
1151 * @param q Connection queue handle (unused).
1152 * @param type Type of message sent.
1153 * @param fwd Was this a FWD going message?
1154 * @param size Size of the message.
1157 tun_message_sent (void *cls,
1158 struct CadetConnection *c,
1159 struct CadetConnectionQueue *q,
1160 uint16_t type, int fwd, size_t size)
1162 struct CadetTunnelQueue *qt = cls;
1163 struct CadetTunnel *t;
1165 LOG (GNUNET_ERROR_TYPE_DEBUG, "tun_message_sent\n");
1167 GNUNET_assert (NULL != qt->cont);
1168 t = NULL == c ? NULL : GCC_get_tunnel (c);
1169 qt->cont (qt->cont_cls, t, qt, type, size);
1175 count_queued_data (const struct CadetTunnel *t)
1177 struct CadetTunnelDelayed *iter;
1180 for (count = 0, iter = t->tq_head; iter != NULL; iter = iter->next)
1187 * Delete a queued message: either was sent or the channel was destroyed
1188 * before the tunnel's key exchange had a chance to finish.
1190 * @param tqd Delayed queue handle.
1193 unqueue_data (struct CadetTunnelDelayed *tqd)
1195 GNUNET_CONTAINER_DLL_remove (tqd->t->tq_head, tqd->t->tq_tail, tqd);
1201 * Cache a message to be sent once tunnel is online.
1203 * @param t Tunnel to hold the message.
1204 * @param msg Message itself (copy will be made).
1206 static struct CadetTunnelDelayed *
1207 queue_data (struct CadetTunnel *t, const struct GNUNET_MessageHeader *msg)
1209 struct CadetTunnelDelayed *tqd;
1210 uint16_t size = ntohs (msg->size);
1212 LOG (GNUNET_ERROR_TYPE_DEBUG, "queue data on Tunnel %s\n", GCT_2s (t));
1214 if (GNUNET_YES == is_ready (t))
1220 tqd = GNUNET_malloc (sizeof (struct CadetTunnelDelayed) + size);
1223 memcpy (&tqd[1], msg, size);
1224 GNUNET_CONTAINER_DLL_insert_tail (t->tq_head, t->tq_tail, tqd);
1230 * Sends an already built message on a tunnel, encrypting it and
1231 * choosing the best connection.
1233 * @param message Message to send. Function modifies it.
1234 * @param t Tunnel on which this message is transmitted.
1235 * @param c Connection to use (autoselect if NULL).
1236 * @param force Force the tunnel to take the message (buffer overfill).
1237 * @param cont Continuation to call once message is really sent.
1238 * @param cont_cls Closure for @c cont.
1239 * @param existing_q In case this a transmission of previously queued data,
1240 * this should be TunnelQueue given to the client.
1243 * @return Handle to cancel message.
1244 * NULL if @c cont is NULL or an error happens and message is dropped.
1246 static struct CadetTunnelQueue *
1247 send_prebuilt_message (const struct GNUNET_MessageHeader *message,
1248 struct CadetTunnel *t, struct CadetConnection *c,
1249 int force, GCT_sent cont, void *cont_cls,
1250 struct CadetTunnelQueue *existing_q)
1252 struct CadetTunnelQueue *tq;
1253 struct GNUNET_CADET_Encrypted *msg;
1254 size_t size = ntohs (message->size);
1255 char cbuf[sizeof (struct GNUNET_CADET_Encrypted) + size];
1261 LOG (GNUNET_ERROR_TYPE_DEBUG, "GMT Send on Tunnel %s\n", GCT_2s (t));
1263 if (GNUNET_NO == is_ready (t))
1265 struct CadetTunnelDelayed *tqd;
1266 /* A non null existing_q indicates sending of queued data.
1267 * Should only happen after tunnel becomes ready.
1269 GNUNET_assert (NULL == existing_q);
1270 tqd = queue_data (t, message);
1273 tq = GNUNET_new (struct CadetTunnelQueue);
1277 tq->cont_cls = cont_cls;
1281 GNUNET_assert (GNUNET_NO == GCT_is_loopback (t));
1283 iv = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
1284 msg = (struct GNUNET_CADET_Encrypted *) cbuf;
1285 msg->header.type = htons (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED);
1287 GNUNET_assert (t_encrypt (t, &msg[1], message, size, iv, GNUNET_NO) == size);
1288 t_hmac (&msg[1], size, iv, select_key (t), &msg->hmac);
1289 msg->header.size = htons (sizeof (struct GNUNET_CADET_Encrypted) + size);
1292 c = tunnel_get_connection (t);
1295 /* Why is tunnel 'ready'? Should have been queued! */
1296 if (NULL != t->destroy_task)
1299 GCT_debug (t, GNUNET_ERROR_TYPE_WARNING);
1301 return NULL; /* Drop... */
1305 type = ntohs (message->type);
1308 case GNUNET_MESSAGE_TYPE_CADET_DATA:
1309 case GNUNET_MESSAGE_TYPE_CADET_DATA_ACK:
1310 if (GNUNET_MESSAGE_TYPE_CADET_DATA == type)
1311 mid = ntohl (((struct GNUNET_CADET_Data *) message)->mid);
1313 mid = ntohl (((struct GNUNET_CADET_DataACK *) message)->mid);
1315 case GNUNET_MESSAGE_TYPE_CADET_KEEPALIVE:
1316 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_CREATE:
1317 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY:
1318 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_ACK:
1319 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_NACK:
1320 msg->cid = *GCC_get_id (c);
1321 msg->ttl = htonl (default_ttl);
1325 LOG (GNUNET_ERROR_TYPE_ERROR, "type %s not valid\n", GC_m2s (type));
1327 LOG (GNUNET_ERROR_TYPE_DEBUG, "type %s\n", GC_m2s (type));
1329 fwd = GCC_is_origin (c, GNUNET_YES);
1333 GNUNET_break (NULL == GCC_send_prebuilt_message (&msg->header, type, mid, c,
1334 fwd, force, NULL, NULL));
1337 if (NULL == existing_q)
1339 tq = GNUNET_new (struct CadetTunnelQueue); /* FIXME valgrind: leak*/
1346 tq->cq = GCC_send_prebuilt_message (&msg->header, type, mid, c, fwd, force,
1347 &tun_message_sent, tq);
1348 GNUNET_assert (NULL != tq->cq);
1350 tq->cont_cls = cont_cls;
1357 * Send all cached messages that we can, tunnel is online.
1359 * @param t Tunnel that holds the messages. Cannot be loopback.
1362 send_queued_data (struct CadetTunnel *t)
1364 struct CadetTunnelDelayed *tqd;
1365 struct CadetTunnelDelayed *next;
1368 LOG (GNUNET_ERROR_TYPE_INFO, "Send queued data, tunnel %s\n", GCT_2s (t));
1370 if (GCT_is_loopback (t))
1376 if (GNUNET_NO == is_ready (t))
1378 LOG (GNUNET_ERROR_TYPE_DEBUG, " not ready yet: %s/%s\n",
1379 estate2s (t->estate), cstate2s (t->cstate));
1383 room = GCT_get_connections_buffer (t);
1384 LOG (GNUNET_ERROR_TYPE_DEBUG, " buffer space: %u\n", room);
1385 LOG (GNUNET_ERROR_TYPE_DEBUG, " tq head: %p\n", t->tq_head);
1386 for (tqd = t->tq_head; NULL != tqd && room > 0; tqd = next)
1388 LOG (GNUNET_ERROR_TYPE_DEBUG, " sending queued data\n");
1391 send_prebuilt_message ((struct GNUNET_MessageHeader *) &tqd[1],
1392 tqd->t, NULL, GNUNET_YES,
1393 NULL != tqd->tq ? tqd->tq->cont : NULL,
1394 NULL != tqd->tq ? tqd->tq->cont_cls : NULL,
1398 LOG (GNUNET_ERROR_TYPE_DEBUG, "GCT_send_queued_data end\n", GCP_2s (t->peer));
1403 * Callback called when a queued message is sent.
1405 * @param cls Closure.
1406 * @param c Connection this message was on.
1407 * @param type Type of message sent.
1408 * @param fwd Was this a FWD going message?
1409 * @param size Size of the message.
1412 ephm_sent (void *cls,
1413 struct CadetConnection *c,
1414 struct CadetConnectionQueue *q,
1415 uint16_t type, int fwd, size_t size)
1417 struct CadetTunnel *t = cls;
1418 LOG (GNUNET_ERROR_TYPE_DEBUG, "ephm_sent %s\n", GC_m2s (type));
1423 * Callback called when a queued message is sent.
1425 * @param cls Closure.
1426 * @param c Connection this message was on.
1427 * @param type Type of message sent.
1428 * @param fwd Was this a FWD going message?
1429 * @param size Size of the message.
1432 pong_sent (void *cls,
1433 struct CadetConnection *c,
1434 struct CadetConnectionQueue *q,
1435 uint16_t type, int fwd, size_t size)
1437 struct CadetTunnel *t = cls;
1438 LOG (GNUNET_ERROR_TYPE_DEBUG, "pong_sent %s\n", GC_m2s (type));
1444 * Sends key exchange message on a tunnel, choosing the best connection.
1445 * Should not be called on loopback tunnels.
1447 * @param t Tunnel on which this message is transmitted.
1448 * @param message Message to send. Function modifies it.
1450 * @return Handle to the message in the connection queue.
1452 static struct CadetConnectionQueue *
1453 send_kx (struct CadetTunnel *t,
1454 const struct GNUNET_MessageHeader *message)
1456 struct CadetConnection *c;
1457 struct GNUNET_CADET_KX *msg;
1458 size_t size = ntohs (message->size);
1459 char cbuf[sizeof (struct GNUNET_CADET_KX) + size];
1464 LOG (GNUNET_ERROR_TYPE_DEBUG, "GMT KX on Tunnel %s\n", GCT_2s (t));
1466 /* Avoid loopback. */
1467 if (GCT_is_loopback (t))
1469 LOG (GNUNET_ERROR_TYPE_DEBUG, " loopback!\n");
1473 type = ntohs (message->type);
1475 /* Even if tunnel is "being destroyed", send anyway.
1476 * Could be a response to a rekey initiated by remote peer,
1477 * who is trying to create a new channel!
1480 /* Must have a connection, or be looking for one. */
1481 if (NULL == t->connection_head)
1483 LOG (GNUNET_ERROR_TYPE_DEBUG, "%s while no connection\n", GC_m2s (type));
1484 if (CADET_TUNNEL_SEARCHING != t->cstate)
1487 GCT_debug (t, GNUNET_ERROR_TYPE_ERROR);
1488 GCP_debug (t->peer, GNUNET_ERROR_TYPE_ERROR);
1493 msg = (struct GNUNET_CADET_KX *) cbuf;
1494 msg->header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX);
1495 msg->header.size = htons (sizeof (struct GNUNET_CADET_KX) + size);
1496 c = tunnel_get_connection (t);
1499 if (NULL == t->destroy_task
1500 && CADET_TUNNEL_READY == t->cstate)
1503 GCT_debug (t, GNUNET_ERROR_TYPE_ERROR);
1509 case GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL:
1510 GNUNET_assert (NULL == t->ephm_h);
1512 memcpy (&msg[1], message, size);
1514 case GNUNET_MESSAGE_TYPE_CADET_KX_PONG:
1515 GNUNET_assert (NULL == t->pong_h);
1517 memcpy (&msg[1], message, size);
1521 LOG (GNUNET_ERROR_TYPE_DEBUG, "unkown type %s\n", GC_m2s (type));
1525 fwd = GCC_is_origin (t->connection_head->c, GNUNET_YES);
1527 return GCC_send_prebuilt_message (&msg->header, type, 0, c,
1534 * Send the ephemeral key on a tunnel.
1536 * @param t Tunnel on which to send the key.
1539 send_ephemeral (struct CadetTunnel *t)
1541 LOG (GNUNET_ERROR_TYPE_INFO, "===> EPHM for %s\n", GCT_2s (t));
1542 if (NULL != t->ephm_h)
1544 LOG (GNUNET_ERROR_TYPE_INFO, " already queued\n");
1548 kx_msg.sender_status = htonl (t->estate);
1549 kx_msg.iv = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
1550 kx_msg.nonce = t->kx_ctx->challenge;
1551 LOG (GNUNET_ERROR_TYPE_DEBUG, " send nonce c %u\n", kx_msg.nonce);
1552 t_encrypt (t, &kx_msg.nonce, &kx_msg.nonce,
1553 ping_encryption_size(), kx_msg.iv, GNUNET_YES);
1554 LOG (GNUNET_ERROR_TYPE_DEBUG, " send nonce e %u\n", kx_msg.nonce);
1555 t->ephm_h = send_kx (t, &kx_msg.header);
1560 * Send a pong message on a tunnel.
1562 * @param t Tunnel on which to send the pong.
1563 * @param challenge Value sent in the ping that we have to send back.
1566 send_pong (struct CadetTunnel *t, uint32_t challenge)
1568 struct GNUNET_CADET_KX_Pong msg;
1570 LOG (GNUNET_ERROR_TYPE_INFO, "===> PONG for %s\n", GCT_2s (t));
1571 if (NULL != t->pong_h)
1573 LOG (GNUNET_ERROR_TYPE_INFO, " already queued\n");
1576 msg.header.size = htons (sizeof (msg));
1577 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX_PONG);
1578 msg.iv = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
1579 msg.nonce = challenge;
1580 LOG (GNUNET_ERROR_TYPE_DEBUG, " sending %u\n", msg.nonce);
1581 t_encrypt (t, &msg.nonce, &msg.nonce,
1582 sizeof (msg.nonce), msg.iv, GNUNET_YES);
1583 LOG (GNUNET_ERROR_TYPE_DEBUG, " e sending %u\n", msg.nonce);
1585 t->pong_h = send_kx (t, &msg.header);
1590 * Initiate a rekey with the remote peer.
1592 * @param cls Closure (tunnel).
1593 * @param tc TaskContext.
1596 rekey_tunnel (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
1598 struct CadetTunnel *t = cls;
1600 t->rekey_task = NULL;
1602 LOG (GNUNET_ERROR_TYPE_INFO, "Re-key Tunnel %s\n", GCT_2s (t));
1603 if (NULL != tc && 0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason))
1606 GNUNET_assert (NULL != t->kx_ctx);
1607 struct GNUNET_TIME_Relative duration;
1609 duration = GNUNET_TIME_absolute_get_duration (t->kx_ctx->rekey_start_time);
1610 LOG (GNUNET_ERROR_TYPE_DEBUG, " kx started %s ago\n",
1611 GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES));
1613 // FIXME make duration of old keys configurable
1614 if (duration.rel_value_us >= GNUNET_TIME_UNIT_MINUTES.rel_value_us)
1616 LOG (GNUNET_ERROR_TYPE_DEBUG, " deleting old keys\n");
1617 memset (&t->kx_ctx->d_key_old, 0, sizeof (t->kx_ctx->d_key_old));
1618 memset (&t->kx_ctx->e_key_old, 0, sizeof (t->kx_ctx->e_key_old));
1625 case CADET_TUNNEL_KEY_UNINITIALIZED:
1626 GCT_change_estate (t, CADET_TUNNEL_KEY_SENT);
1629 case CADET_TUNNEL_KEY_SENT:
1632 case CADET_TUNNEL_KEY_OK:
1634 * - state should have changed during rekey_iterator
1635 * - task should have been canceled at pong_handle
1638 GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY);
1641 case CADET_TUNNEL_KEY_PING:
1642 case CADET_TUNNEL_KEY_REKEY:
1646 LOG (GNUNET_ERROR_TYPE_DEBUG, "Unexpected state %u\n", t->estate);
1649 // FIXME exponential backoff
1650 struct GNUNET_TIME_Relative delay;
1652 delay = GNUNET_TIME_relative_divide (rekey_period, 16);
1653 delay = GNUNET_TIME_relative_min (delay, REKEY_WAIT);
1654 LOG (GNUNET_ERROR_TYPE_DEBUG, " next call in %s\n",
1655 GNUNET_STRINGS_relative_time_to_string (delay, GNUNET_YES));
1656 t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t);
1661 * Our ephemeral key has changed, create new session key on all tunnels.
1663 * Each tunnel will start the Key Exchange with a random delay between
1664 * 0 and number_of_tunnels*100 milliseconds, so there are 10 key exchanges
1665 * per second, on average.
1667 * @param cls Closure (size of the hashmap).
1668 * @param key Current public key.
1669 * @param value Value in the hash map (tunnel).
1671 * @return #GNUNET_YES, so we should continue to iterate,
1674 rekey_iterator (void *cls,
1675 const struct GNUNET_PeerIdentity *key,
1678 struct CadetTunnel *t = value;
1679 struct GNUNET_TIME_Relative delay;
1680 long n = (long) cls;
1683 if (NULL != t->rekey_task)
1686 if (GNUNET_YES == GCT_is_loopback (t))
1689 r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, (uint32_t) n * 100);
1690 delay = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, r);
1691 t->rekey_task = GNUNET_SCHEDULER_add_delayed (delay, &rekey_tunnel, t);
1693 GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY);
1700 * Create a new ephemeral key and key message, schedule next rekeying.
1702 * @param cls Closure (unused).
1703 * @param tc TaskContext.
1706 rekey (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
1708 struct GNUNET_TIME_Absolute time;
1713 if (0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason))
1716 GNUNET_free_non_null (my_ephemeral_key);
1717 my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create ();
1719 time = GNUNET_TIME_absolute_get ();
1720 kx_msg.creation_time = GNUNET_TIME_absolute_hton (time);
1721 time = GNUNET_TIME_absolute_add (time, rekey_period);
1722 time = GNUNET_TIME_absolute_add (time, GNUNET_TIME_UNIT_MINUTES);
1723 kx_msg.expiration_time = GNUNET_TIME_absolute_hton (time);
1724 GNUNET_CRYPTO_ecdhe_key_get_public (my_ephemeral_key, &kx_msg.ephemeral_key);
1725 LOG (GNUNET_ERROR_TYPE_INFO, "GLOBAL RE-KEY, NEW EPHM: %s\n",
1726 GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
1728 GNUNET_assert (GNUNET_OK ==
1729 GNUNET_CRYPTO_eddsa_sign (my_private_key,
1731 &kx_msg.signature));
1733 n = (long) GNUNET_CONTAINER_multipeermap_size (tunnels);
1734 GNUNET_CONTAINER_multipeermap_iterate (tunnels, &rekey_iterator, (void *) n);
1736 rekey_task = GNUNET_SCHEDULER_add_delayed (rekey_period, &rekey, NULL);
1741 * Called only on shutdown, destroy every tunnel.
1743 * @param cls Closure (unused).
1744 * @param key Current public key.
1745 * @param value Value in the hash map (tunnel).
1747 * @return #GNUNET_YES, so we should continue to iterate,
1750 destroy_iterator (void *cls,
1751 const struct GNUNET_PeerIdentity *key,
1754 struct CadetTunnel *t = value;
1756 LOG (GNUNET_ERROR_TYPE_DEBUG, "GCT_shutdown destroying tunnel at %p\n", t);
1763 * Notify remote peer that we don't know a channel he is talking about,
1764 * probably CHANNEL_DESTROY was missed.
1766 * @param t Tunnel on which to notify.
1767 * @param gid ID of the channel.
1770 send_channel_destroy (struct CadetTunnel *t, unsigned int gid)
1772 struct GNUNET_CADET_ChannelManage msg;
1774 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY);
1775 msg.header.size = htons (sizeof (msg));
1776 msg.chid = htonl (gid);
1778 LOG (GNUNET_ERROR_TYPE_DEBUG,
1779 "WARNING destroying unknown channel %u on tunnel %s\n",
1781 send_prebuilt_message (&msg.header, t, NULL, GNUNET_YES, NULL, NULL, NULL);
1786 * Demultiplex data per channel and call appropriate channel handler.
1788 * @param t Tunnel on which the data came.
1789 * @param msg Data message.
1790 * @param fwd Is this message fwd? This only is meaningful in loopback channels.
1791 * #GNUNET_YES if message is FWD on the respective channel (loopback)
1792 * #GNUNET_NO if message is BCK on the respective channel (loopback)
1793 * #GNUNET_SYSERR if message on a one-ended channel (remote)
1796 handle_data (struct CadetTunnel *t,
1797 const struct GNUNET_CADET_Data *msg,
1800 struct CadetChannel *ch;
1804 size = ntohs (msg->header.size);
1806 sizeof (struct GNUNET_CADET_Data) +
1807 sizeof (struct GNUNET_MessageHeader))
1812 LOG (GNUNET_ERROR_TYPE_DEBUG, " payload of type %s\n",
1813 GC_m2s (ntohs (msg[1].header.type)));
1816 ch = GCT_get_channel (t, ntohl (msg->chid));
1819 GNUNET_STATISTICS_update (stats, "# data on unknown channel",
1821 LOG (GNUNET_ERROR_TYPE_DEBUG, "WARNING channel 0x%X unknown\n",
1823 send_channel_destroy (t, ntohl (msg->chid));
1827 GCCH_handle_data (ch, msg, fwd);
1832 * Demultiplex data ACKs per channel and update appropriate channel buffer info.
1834 * @param t Tunnel on which the DATA ACK came.
1835 * @param msg DATA ACK message.
1836 * @param fwd Is this message fwd? This only is meaningful in loopback channels.
1837 * #GNUNET_YES if message is FWD on the respective channel (loopback)
1838 * #GNUNET_NO if message is BCK on the respective channel (loopback)
1839 * #GNUNET_SYSERR if message on a one-ended channel (remote)
1842 handle_data_ack (struct CadetTunnel *t,
1843 const struct GNUNET_CADET_DataACK *msg,
1846 struct CadetChannel *ch;
1850 size = ntohs (msg->header.size);
1851 if (size != sizeof (struct GNUNET_CADET_DataACK))
1858 ch = GCT_get_channel (t, ntohl (msg->chid));
1861 GNUNET_STATISTICS_update (stats, "# data ack on unknown channel",
1863 LOG (GNUNET_ERROR_TYPE_DEBUG, "WARNING channel %u unknown\n",
1868 GCCH_handle_data_ack (ch, msg, fwd);
1873 * Handle channel create.
1875 * @param t Tunnel on which the data came.
1876 * @param msg Data message.
1879 handle_ch_create (struct CadetTunnel *t,
1880 const struct GNUNET_CADET_ChannelCreate *msg)
1882 struct CadetChannel *ch;
1886 size = ntohs (msg->header.size);
1887 if (size != sizeof (struct GNUNET_CADET_ChannelCreate))
1894 ch = GCT_get_channel (t, ntohl (msg->chid));
1895 if (NULL != ch && ! GCT_is_loopback (t))
1897 /* Probably a retransmission, safe to ignore */
1898 LOG (GNUNET_ERROR_TYPE_DEBUG, " already exists...\n");
1900 ch = GCCH_handle_create (t, msg);
1902 GCT_add_channel (t, ch);
1908 * Handle channel NACK: check correctness and call channel handler for NACKs.
1910 * @param t Tunnel on which the NACK came.
1911 * @param msg NACK message.
1914 handle_ch_nack (struct CadetTunnel *t,
1915 const struct GNUNET_CADET_ChannelManage *msg)
1917 struct CadetChannel *ch;
1921 size = ntohs (msg->header.size);
1922 if (size != sizeof (struct GNUNET_CADET_ChannelManage))
1929 ch = GCT_get_channel (t, ntohl (msg->chid));
1932 GNUNET_STATISTICS_update (stats, "# channel NACK on unknown channel",
1934 LOG (GNUNET_ERROR_TYPE_DEBUG, "WARNING channel %u unknown\n",
1939 GCCH_handle_nack (ch);
1944 * Handle a CHANNEL ACK (SYNACK/ACK).
1946 * @param t Tunnel on which the CHANNEL ACK came.
1947 * @param msg CHANNEL ACK message.
1948 * @param fwd Is this message fwd? This only is meaningful in loopback channels.
1949 * #GNUNET_YES if message is FWD on the respective channel (loopback)
1950 * #GNUNET_NO if message is BCK on the respective channel (loopback)
1951 * #GNUNET_SYSERR if message on a one-ended channel (remote)
1954 handle_ch_ack (struct CadetTunnel *t,
1955 const struct GNUNET_CADET_ChannelManage *msg,
1958 struct CadetChannel *ch;
1962 size = ntohs (msg->header.size);
1963 if (size != sizeof (struct GNUNET_CADET_ChannelManage))
1970 ch = GCT_get_channel (t, ntohl (msg->chid));
1973 GNUNET_STATISTICS_update (stats, "# channel ack on unknown channel",
1975 LOG (GNUNET_ERROR_TYPE_DEBUG, "WARNING channel %u unknown\n",
1980 GCCH_handle_ack (ch, msg, fwd);
1985 * Handle a channel destruction message.
1987 * @param t Tunnel on which the message came.
1988 * @param msg Channel destroy message.
1989 * @param fwd Is this message fwd? This only is meaningful in loopback channels.
1990 * #GNUNET_YES if message is FWD on the respective channel (loopback)
1991 * #GNUNET_NO if message is BCK on the respective channel (loopback)
1992 * #GNUNET_SYSERR if message on a one-ended channel (remote)
1995 handle_ch_destroy (struct CadetTunnel *t,
1996 const struct GNUNET_CADET_ChannelManage *msg,
1999 struct CadetChannel *ch;
2003 size = ntohs (msg->header.size);
2004 if (size != sizeof (struct GNUNET_CADET_ChannelManage))
2011 ch = GCT_get_channel (t, ntohl (msg->chid));
2014 /* Probably a retransmission, safe to ignore */
2018 GCCH_handle_destroy (ch, msg, fwd);
2023 * The peer's ephemeral key has changed: update the symmetrical keys.
2025 * @param t Tunnel this message came on.
2026 * @param msg Key eXchange message.
2029 handle_ephemeral (struct CadetTunnel *t,
2030 const struct GNUNET_CADET_KX_Ephemeral *msg)
2032 LOG (GNUNET_ERROR_TYPE_INFO, "<=== EPHM for %s\n", GCT_2s (t));
2034 if (GNUNET_OK != check_ephemeral (t, msg))
2036 GNUNET_break_op (0);
2040 /* If we get a proper OTR-style ephemeral, fallback to old crypto. */
2043 GNUNET_free (t->ax);
2045 t->enc_type = CADET_Fallback;
2049 * If the key is different from what we know, derive the new E/D keys.
2050 * Else destroy the rekey ctx (duplicate EPHM after successful KX).
2052 if (0 != memcmp (&t->peers_ephemeral_key, &msg->ephemeral_key,
2053 sizeof (msg->ephemeral_key)))
2055 #if DUMP_KEYS_TO_STDERR
2056 LOG (GNUNET_ERROR_TYPE_INFO, "OLD: %s\n",
2057 GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
2058 LOG (GNUNET_ERROR_TYPE_INFO, "NEW: %s\n",
2059 GNUNET_h2s ((struct GNUNET_HashCode *) &msg->ephemeral_key));
2061 t->peers_ephemeral_key = msg->ephemeral_key;
2065 if (CADET_TUNNEL_KEY_OK == t->estate)
2067 GCT_change_estate (t, CADET_TUNNEL_KEY_REKEY);
2069 if (NULL != t->rekey_task)
2070 GNUNET_SCHEDULER_cancel (t->rekey_task);
2071 t->rekey_task = GNUNET_SCHEDULER_add_now (rekey_tunnel, t);
2073 if (CADET_TUNNEL_KEY_SENT == t->estate)
2075 LOG (GNUNET_ERROR_TYPE_DEBUG, " our key was sent, sending challenge\n");
2077 GCT_change_estate (t, CADET_TUNNEL_KEY_PING);
2080 if (CADET_TUNNEL_KEY_UNINITIALIZED != ntohl(msg->sender_status))
2084 LOG (GNUNET_ERROR_TYPE_DEBUG, " recv nonce e %u\n", msg->nonce);
2085 t_decrypt (t, &nonce, &msg->nonce, ping_encryption_size (), msg->iv);
2086 LOG (GNUNET_ERROR_TYPE_DEBUG, " recv nonce c %u\n", nonce);
2087 send_pong (t, nonce);
2093 * Peer has answer to our challenge.
2094 * If answer is successful, consider the key exchange finished and clean
2095 * up all related state.
2097 * @param t Tunnel this message came on.
2098 * @param msg Key eXchange Pong message.
2101 handle_pong (struct CadetTunnel *t, const struct GNUNET_CADET_KX_Pong *msg)
2105 LOG (GNUNET_ERROR_TYPE_INFO, "<=== PONG for %s\n", GCT_2s (t));
2106 if (NULL == t->rekey_task)
2108 GNUNET_STATISTICS_update (stats, "# duplicate PONG messages", 1, GNUNET_NO);
2111 if (NULL == t->kx_ctx)
2113 GNUNET_STATISTICS_update (stats, "# stray PONG messages", 1, GNUNET_NO);
2117 t_decrypt (t, &challenge, &msg->nonce, sizeof (uint32_t), msg->iv);
2118 if (challenge != t->kx_ctx->challenge)
2120 LOG (GNUNET_ERROR_TYPE_WARNING, "Wrong PONG challenge on %s\n", GCT_2s (t));
2121 LOG (GNUNET_ERROR_TYPE_DEBUG, "PONG: %u (e: %u). Expected: %u.\n",
2122 challenge, msg->nonce, t->kx_ctx->challenge);
2126 GNUNET_SCHEDULER_cancel (t->rekey_task);
2127 t->rekey_task = NULL;
2129 /* Don't free the old keys right away, but after a delay.
2130 * Rationale: the KX could have happened over a very fast connection,
2131 * with payload traffic still signed with the old key stuck in a slower
2133 * Don't keep the keys longer than 1/4 the rekey period, and no longer than
2137 GCT_change_estate (t, CADET_TUNNEL_KEY_OK);
2144 * @param t Tunnel this message came on.
2145 * @param msg Key eXchange Pong message.
2148 handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
2153 t->ax = GNUNET_new (struct CadetTunnelAxolotl);
2159 * Demultiplex by message type and call appropriate handler for a message
2160 * towards a channel of a local tunnel.
2162 * @param t Tunnel this message came on.
2163 * @param msgh Message header.
2164 * @param fwd Is this message fwd? This only is meaningful in loopback channels.
2165 * #GNUNET_YES if message is FWD on the respective channel (loopback)
2166 * #GNUNET_NO if message is BCK on the respective channel (loopback)
2167 * #GNUNET_SYSERR if message on a one-ended channel (remote)
2170 handle_decrypted (struct CadetTunnel *t,
2171 const struct GNUNET_MessageHeader *msgh,
2176 type = ntohs (msgh->type);
2177 LOG (GNUNET_ERROR_TYPE_INFO, "<=== %s on %s\n", GC_m2s (type), GCT_2s (t));
2181 case GNUNET_MESSAGE_TYPE_CADET_KEEPALIVE:
2182 /* Do nothing, connection aleady got updated. */
2183 GNUNET_STATISTICS_update (stats, "# keepalives received", 1, GNUNET_NO);
2186 case GNUNET_MESSAGE_TYPE_CADET_DATA:
2187 /* Don't send hop ACK, wait for client to ACK */
2188 handle_data (t, (struct GNUNET_CADET_Data *) msgh, fwd);
2191 case GNUNET_MESSAGE_TYPE_CADET_DATA_ACK:
2192 handle_data_ack (t, (struct GNUNET_CADET_DataACK *) msgh, fwd);
2195 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_CREATE:
2196 handle_ch_create (t,
2197 (struct GNUNET_CADET_ChannelCreate *) msgh);
2200 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_NACK:
2202 (struct GNUNET_CADET_ChannelManage *) msgh);
2205 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_ACK:
2207 (struct GNUNET_CADET_ChannelManage *) msgh,
2211 case GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY:
2212 handle_ch_destroy (t,
2213 (struct GNUNET_CADET_ChannelManage *) msgh,
2218 GNUNET_break_op (0);
2219 LOG (GNUNET_ERROR_TYPE_WARNING,
2220 "end-to-end message not known (%u)\n",
2221 ntohs (msgh->type));
2222 GCT_debug (t, GNUNET_ERROR_TYPE_WARNING);
2226 /******************************************************************************/
2227 /******************************** API ***********************************/
2228 /******************************************************************************/
2230 * Decrypt old format and demultiplex by message type. Call appropriate handler
2231 * for a message towards a channel of a local tunnel.
2233 * @param t Tunnel this message came on.
2234 * @param msg Message header.
2237 GCT_handle_encrypted (struct CadetTunnel *t,
2238 const struct GNUNET_MessageHeader *msg)
2240 size_t size = ntohs (msg->size);
2241 size_t payload_size;
2244 uint16_t type = ntohs (msg->type);
2245 struct GNUNET_MessageHeader *msgh;
2248 if (GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED == type)
2250 const struct GNUNET_CADET_Encrypted *emsg;
2252 emsg = (struct GNUNET_CADET_Encrypted *) msg;
2253 payload_size = size - sizeof (struct GNUNET_CADET_Encrypted);
2254 decrypted_size = t_decrypt_and_validate (t, cbuf, &emsg[1], payload_size,
2255 emsg->iv, &emsg->hmac);
2257 else if (GNUNET_MESSAGE_TYPE_CADET_AX == type)
2259 const struct GNUNET_CADET_AX *emsg;
2261 emsg = (struct GNUNET_CADET_AX *) msg;
2262 payload_size = size - sizeof (struct GNUNET_CADET_AX);
2263 decrypted_size = t_ax_decrypt_and_validate (t, cbuf, &emsg[1],
2264 payload_size, &emsg->hmac);
2267 if (-1 == decrypted_size)
2269 GNUNET_break_op (0);
2274 while (off < decrypted_size)
2278 msgh = (struct GNUNET_MessageHeader *) &cbuf[off];
2279 msize = ntohs (msgh->size);
2280 if (msize < sizeof (struct GNUNET_MessageHeader))
2282 GNUNET_break_op (0);
2285 handle_decrypted (t, msgh, GNUNET_SYSERR);
2292 * Demultiplex an encapsulated KX message by message type.
2294 * @param t Tunnel on which the message came.
2295 * @param message Payload of KX message.
2298 GCT_handle_kx (struct CadetTunnel *t,
2299 const struct GNUNET_MessageHeader *message)
2303 type = ntohs (message->type);
2304 LOG (GNUNET_ERROR_TYPE_DEBUG, "kx message received: %s\n", GC_m2s (type));
2307 case GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL:
2308 handle_ephemeral (t, (const struct GNUNET_CADET_KX_Ephemeral *) message);
2311 case GNUNET_MESSAGE_TYPE_CADET_KX_PONG:
2312 handle_pong (t, (const struct GNUNET_CADET_KX_Pong *) message);
2315 case GNUNET_MESSAGE_TYPE_CADET_AX_KX:
2316 handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message);
2320 GNUNET_break_op (0);
2321 LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type));
2327 * Initialize the tunnel subsystem.
2329 * @param c Configuration handle.
2330 * @param key ECC private key, to derive all other keys and do crypto.
2333 GCT_init (const struct GNUNET_CONFIGURATION_Handle *c,
2334 const struct GNUNET_CRYPTO_EddsaPrivateKey *key)
2336 int expected_overhead;
2338 LOG (GNUNET_ERROR_TYPE_DEBUG, "init\n");
2340 expected_overhead = 0;
2341 expected_overhead += sizeof (struct GNUNET_CADET_Encrypted);
2342 expected_overhead += sizeof (struct GNUNET_CADET_Data);
2343 expected_overhead += sizeof (struct GNUNET_CADET_ACK);
2344 GNUNET_assert (GNUNET_CONSTANTS_CADET_P2P_OVERHEAD == expected_overhead);
2347 GNUNET_CONFIGURATION_get_value_number (c, "CADET", "DEFAULT_TTL",
2350 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_WARNING,
2351 "CADET", "DEFAULT_TTL", "USING DEFAULT");
2355 GNUNET_CONFIGURATION_get_value_time (c, "CADET", "REKEY_PERIOD",
2358 rekey_period = GNUNET_TIME_UNIT_DAYS;
2361 my_private_key = key;
2362 kx_msg.header.size = htons (sizeof (kx_msg));
2363 kx_msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_KX_EPHEMERAL);
2364 kx_msg.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CADET_KX);
2365 kx_msg.purpose.size = htonl (ephemeral_purpose_size ());
2366 kx_msg.origin_identity = my_full_id;
2367 rekey_task = GNUNET_SCHEDULER_add_now (&rekey, NULL);
2369 tunnels = GNUNET_CONTAINER_multipeermap_create (128, GNUNET_YES);
2374 * Shut down the tunnel subsystem.
2379 if (NULL != rekey_task)
2381 GNUNET_SCHEDULER_cancel (rekey_task);
2384 GNUNET_CONTAINER_multipeermap_iterate (tunnels, &destroy_iterator, NULL);
2385 GNUNET_CONTAINER_multipeermap_destroy (tunnels);
2392 * @param destination Peer this tunnel is towards.
2394 struct CadetTunnel *
2395 GCT_new (struct CadetPeer *destination)
2397 struct CadetTunnel *t;
2399 t = GNUNET_new (struct CadetTunnel);
2401 t->peer = destination;
2404 GNUNET_CONTAINER_multipeermap_put (tunnels, GCP_get_id (destination), t,
2405 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST))
2416 * Change the tunnel's connection state.
2418 * @param t Tunnel whose connection state to change.
2419 * @param cstate New connection state.
2422 GCT_change_cstate (struct CadetTunnel* t, enum CadetTunnelCState cstate)
2426 LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel %s cstate %s => %s\n",
2427 GCP_2s (t->peer), cstate2s (t->cstate), cstate2s (cstate));
2428 if (myid != GCP_get_short_id (t->peer) &&
2429 CADET_TUNNEL_READY != t->cstate &&
2430 CADET_TUNNEL_READY == cstate)
2433 if (CADET_TUNNEL_KEY_OK == t->estate)
2435 LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered send queued data\n");
2436 send_queued_data (t);
2438 else if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
2440 LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered rekey\n");
2441 if (NULL != t->rekey_task)
2442 GNUNET_SCHEDULER_cancel (t->rekey_task);
2444 rekey_tunnel (t, NULL);
2449 if (CADET_TUNNEL_READY == cstate
2450 && CONNECTIONS_PER_TUNNEL <= GCT_count_connections (t))
2452 LOG (GNUNET_ERROR_TYPE_DEBUG, " cstate triggered stop dht\n");
2453 GCP_stop_search (t->peer);
2459 * Change the tunnel encryption state.
2461 * @param t Tunnel whose encryption state to change, or NULL.
2462 * @param state New encryption state.
2465 GCT_change_estate (struct CadetTunnel* t, enum CadetTunnelEState state)
2467 enum CadetTunnelEState old;
2474 LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel %s estate was %s\n",
2475 GCP_2s (t->peer), estate2s (old));
2476 LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel %s estate is now %s\n",
2477 GCP_2s (t->peer), estate2s (t->estate));
2479 /* Send queued data if enc state changes to OK */
2480 if (myid != GCP_get_short_id (t->peer) &&
2481 CADET_TUNNEL_KEY_OK != old && CADET_TUNNEL_KEY_OK == t->estate)
2483 send_queued_data (t);
2489 * @brief Check if tunnel has too many connections, and remove one if necessary.
2491 * Currently this means the newest connection, unless it is a direct one.
2492 * Implemented as a task to avoid freeing a connection that is in the middle
2493 * of being created/processed.
2495 * @param cls Closure (Tunnel to check).
2496 * @param tc Task context.
2499 trim_connections (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
2501 struct CadetTunnel *t = cls;
2503 t->trim_connections_task = NULL;
2505 if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN))
2508 if (GCT_count_connections (t) > 2 * CONNECTIONS_PER_TUNNEL)
2510 struct CadetTConnection *iter;
2511 struct CadetTConnection *c;
2513 for (c = iter = t->connection_head; NULL != iter; iter = iter->next)
2515 if ((iter->created.abs_value_us > c->created.abs_value_us)
2516 && GNUNET_NO == GCC_is_direct (iter->c))
2523 LOG (GNUNET_ERROR_TYPE_DEBUG, "Too many connections on tunnel %s\n",
2525 LOG (GNUNET_ERROR_TYPE_DEBUG, "Destroying connection %s\n",
2538 * Add a connection to a tunnel.
2541 * @param c Connection.
2544 GCT_add_connection (struct CadetTunnel *t, struct CadetConnection *c)
2546 struct CadetTConnection *aux;
2548 GNUNET_assert (NULL != c);
2550 LOG (GNUNET_ERROR_TYPE_DEBUG, "add connection %s\n", GCC_2s (c));
2551 LOG (GNUNET_ERROR_TYPE_DEBUG, " to tunnel %s\n", GCT_2s (t));
2552 for (aux = t->connection_head; aux != NULL; aux = aux->next)
2556 aux = GNUNET_new (struct CadetTConnection);
2558 aux->created = GNUNET_TIME_absolute_get ();
2560 GNUNET_CONTAINER_DLL_insert (t->connection_head, t->connection_tail, aux);
2562 if (CADET_TUNNEL_SEARCHING == t->cstate)
2563 GCT_change_estate (t, CADET_TUNNEL_WAITING);
2565 if (NULL != t->trim_connections_task)
2566 t->trim_connections_task = GNUNET_SCHEDULER_add_now (&trim_connections, t);
2571 * Remove a connection from a tunnel.
2574 * @param c Connection.
2577 GCT_remove_connection (struct CadetTunnel *t,
2578 struct CadetConnection *c)
2580 struct CadetTConnection *aux;
2581 struct CadetTConnection *next;
2584 LOG (GNUNET_ERROR_TYPE_DEBUG, "Removing connection %s from tunnel %s\n",
2585 GCC_2s (c), GCT_2s (t));
2586 for (aux = t->connection_head; aux != NULL; aux = next)
2591 GNUNET_CONTAINER_DLL_remove (t->connection_head, t->connection_tail, aux);
2596 conns = GCT_count_connections (t);
2598 && NULL == t->destroy_task
2599 && CADET_TUNNEL_SHUTDOWN != t->cstate
2600 && GNUNET_NO == shutting_down)
2602 if (0 == GCT_count_any_connections (t))
2603 GCT_change_cstate (t, CADET_TUNNEL_SEARCHING);
2605 GCT_change_cstate (t, CADET_TUNNEL_WAITING);
2608 /* Start new connections if needed */
2609 if (CONNECTIONS_PER_TUNNEL > conns
2610 && NULL == t->destroy_task
2611 && CADET_TUNNEL_SHUTDOWN != t->cstate
2612 && GNUNET_NO == shutting_down)
2614 LOG (GNUNET_ERROR_TYPE_DEBUG, " too few connections, getting new ones\n");
2615 GCP_connect (t->peer); /* Will change cstate to WAITING when possible */
2619 /* If not marked as ready, no change is needed */
2620 if (CADET_TUNNEL_READY != t->cstate)
2623 /* Check if any connection is ready to maintain cstate */
2624 for (aux = t->connection_head; aux != NULL; aux = aux->next)
2625 if (CADET_CONNECTION_READY == GCC_get_state (aux->c))
2631 * Add a channel to a tunnel.
2634 * @param ch Channel.
2637 GCT_add_channel (struct CadetTunnel *t, struct CadetChannel *ch)
2639 struct CadetTChannel *aux;
2641 GNUNET_assert (NULL != ch);
2643 LOG (GNUNET_ERROR_TYPE_DEBUG, "Adding channel %p to tunnel %p\n", ch, t);
2645 for (aux = t->channel_head; aux != NULL; aux = aux->next)
2647 LOG (GNUNET_ERROR_TYPE_DEBUG, " already there %p\n", aux->ch);
2652 aux = GNUNET_new (struct CadetTChannel);
2654 LOG (GNUNET_ERROR_TYPE_DEBUG, " adding %p to %p\n", aux, t->channel_head);
2655 GNUNET_CONTAINER_DLL_insert_tail (t->channel_head, t->channel_tail, aux);
2657 if (NULL != t->destroy_task)
2659 GNUNET_SCHEDULER_cancel (t->destroy_task);
2660 t->destroy_task = NULL;
2661 LOG (GNUNET_ERROR_TYPE_DEBUG, " undo destroy!\n");
2667 * Remove a channel from a tunnel.
2670 * @param ch Channel.
2673 GCT_remove_channel (struct CadetTunnel *t, struct CadetChannel *ch)
2675 struct CadetTChannel *aux;
2677 LOG (GNUNET_ERROR_TYPE_DEBUG, "Removing channel %p from tunnel %p\n", ch, t);
2678 for (aux = t->channel_head; aux != NULL; aux = aux->next)
2682 LOG (GNUNET_ERROR_TYPE_DEBUG, " found! %s\n", GCCH_2s (ch));
2683 GNUNET_CONTAINER_DLL_remove (t->channel_head, t->channel_tail, aux);
2692 * Search for a channel by global ID.
2694 * @param t Tunnel containing the channel.
2695 * @param chid Public channel number.
2697 * @return channel handler, NULL if doesn't exist
2699 struct CadetChannel *
2700 GCT_get_channel (struct CadetTunnel *t, CADET_ChannelNumber chid)
2702 struct CadetTChannel *iter;
2707 for (iter = t->channel_head; NULL != iter; iter = iter->next)
2709 if (GCCH_get_id (iter->ch) == chid)
2713 return NULL == iter ? NULL : iter->ch;
2718 * @brief Destroy a tunnel and free all resources.
2720 * Should only be called a while after the tunnel has been marked as destroyed,
2721 * in case there is a new channel added to the same peer shortly after marking
2722 * the tunnel. This way we avoid a new public key handshake.
2724 * @param cls Closure (tunnel to destroy).
2725 * @param tc Task context.
2728 delayed_destroy (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
2730 struct CadetTunnel *t = cls;
2731 struct CadetTConnection *iter;
2733 LOG (GNUNET_ERROR_TYPE_DEBUG, "delayed destroying tunnel %p\n", t);
2734 if (0 != (GNUNET_SCHEDULER_REASON_SHUTDOWN & tc->reason))
2736 LOG (GNUNET_ERROR_TYPE_WARNING,
2737 "Not destroying tunnel, due to shutdown. "
2738 "Tunnel at %p should have been freed by GCT_shutdown\n", t);
2741 t->destroy_task = NULL;
2742 t->cstate = CADET_TUNNEL_SHUTDOWN;
2744 for (iter = t->connection_head; NULL != iter; iter = iter->next)
2746 GCC_send_destroy (iter->c);
2753 * Tunnel is empty: destroy it.
2755 * Notifies all connections about the destruction.
2757 * @param t Tunnel to destroy.
2760 GCT_destroy_empty (struct CadetTunnel *t)
2762 if (GNUNET_YES == shutting_down)
2763 return; /* Will be destroyed immediately anyway */
2765 if (NULL != t->destroy_task)
2767 LOG (GNUNET_ERROR_TYPE_WARNING,
2768 "Tunnel %s is already scheduled for destruction. Tunnel debug dump:\n",
2770 GCT_debug (t, GNUNET_ERROR_TYPE_WARNING);
2772 /* should never happen, tunnel can only become empty once, and the
2773 * task identifier should be NO_TASK (cleaned when the tunnel was created
2774 * or became un-empty)
2779 LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel %s empty: scheduling destruction\n",
2782 // FIXME make delay a config option
2783 t->destroy_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_MINUTES,
2784 &delayed_destroy, t);
2785 LOG (GNUNET_ERROR_TYPE_DEBUG, "Scheduled destroy of %p as %llu\n",
2786 t, t->destroy_task);
2791 * Destroy tunnel if empty (no more channels).
2793 * @param t Tunnel to destroy if empty.
2796 GCT_destroy_if_empty (struct CadetTunnel *t)
2798 LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel %s destroy if empty\n", GCT_2s (t));
2799 if (0 < GCT_count_channels (t))
2802 GCT_destroy_empty (t);
2807 * Destroy the tunnel.
2809 * This function does not generate any warning traffic to clients or peers.
2812 * Cancel messages belonging to this tunnel queued to neighbors.
2813 * Free any allocated resources linked to the tunnel.
2815 * @param t The tunnel to destroy.
2818 GCT_destroy (struct CadetTunnel *t)
2820 struct CadetTConnection *iter_c;
2821 struct CadetTConnection *next_c;
2822 struct CadetTChannel *iter_ch;
2823 struct CadetTChannel *next_ch;
2828 LOG (GNUNET_ERROR_TYPE_DEBUG, "destroying tunnel %s\n", GCP_2s (t->peer));
2830 GNUNET_break (GNUNET_YES ==
2831 GNUNET_CONTAINER_multipeermap_remove (tunnels,
2832 GCP_get_id (t->peer), t));
2834 for (iter_c = t->connection_head; NULL != iter_c; iter_c = next_c)
2836 next_c = iter_c->next;
2837 GCC_destroy (iter_c->c);
2839 for (iter_ch = t->channel_head; NULL != iter_ch; iter_ch = next_ch)
2841 next_ch = iter_ch->next;
2842 GCCH_destroy (iter_ch->ch);
2843 /* Should only happen on shutdown, but it's ok. */
2846 if (NULL != t->destroy_task)
2848 LOG (GNUNET_ERROR_TYPE_DEBUG, "cancelling dest: %llX\n", t->destroy_task);
2849 GNUNET_SCHEDULER_cancel (t->destroy_task);
2850 t->destroy_task = NULL;
2853 if (NULL != t->trim_connections_task)
2855 LOG (GNUNET_ERROR_TYPE_DEBUG, "cancelling trim: %llX\n",
2856 t->trim_connections_task);
2857 GNUNET_SCHEDULER_cancel (t->trim_connections_task);
2858 t->trim_connections_task = NULL;
2861 GNUNET_STATISTICS_update (stats, "# tunnels", -1, GNUNET_NO);
2862 GCP_set_tunnel (t->peer, NULL);
2864 if (NULL != t->rekey_task)
2866 GNUNET_SCHEDULER_cancel (t->rekey_task);
2867 t->rekey_task = NULL;
2869 if (NULL != t->kx_ctx)
2871 if (NULL != t->kx_ctx->finish_task)
2872 GNUNET_SCHEDULER_cancel (t->kx_ctx->finish_task);
2873 GNUNET_free (t->kx_ctx);
2880 * @brief Use the given path for the tunnel.
2881 * Update the next and prev hops (and RCs).
2882 * (Re)start the path refresh in case the tunnel is locally owned.
2884 * @param t Tunnel to update.
2885 * @param p Path to use.
2887 * @return Connection created.
2889 struct CadetConnection *
2890 GCT_use_path (struct CadetTunnel *t, struct CadetPeerPath *p)
2892 struct CadetConnection *c;
2893 struct GNUNET_CADET_Hash cid;
2894 unsigned int own_pos;
2896 if (NULL == t || NULL == p)
2902 if (CADET_TUNNEL_SHUTDOWN == t->cstate)
2908 for (own_pos = 0; own_pos < p->length; own_pos++)
2910 if (p->peers[own_pos] == myid)
2913 if (own_pos >= p->length)
2915 GNUNET_break_op (0);
2919 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &cid, sizeof (cid));
2920 c = GCC_new (&cid, t, p, own_pos);
2923 /* Path was flawed */
2926 GCT_add_connection (t, c);
2932 * Count all created connections of a tunnel. Not necessarily ready connections!
2934 * @param t Tunnel on which to count.
2936 * @return Number of connections created, either being established or ready.
2939 GCT_count_any_connections (struct CadetTunnel *t)
2941 struct CadetTConnection *iter;
2947 for (count = 0, iter = t->connection_head; NULL != iter; iter = iter->next)
2955 * Count established (ready) connections of a tunnel.
2957 * @param t Tunnel on which to count.
2959 * @return Number of connections.
2962 GCT_count_connections (struct CadetTunnel *t)
2964 struct CadetTConnection *iter;
2970 for (count = 0, iter = t->connection_head; NULL != iter; iter = iter->next)
2971 if (CADET_CONNECTION_READY == GCC_get_state (iter->c))
2979 * Count channels of a tunnel.
2981 * @param t Tunnel on which to count.
2983 * @return Number of channels.
2986 GCT_count_channels (struct CadetTunnel *t)
2988 struct CadetTChannel *iter;
2991 for (count = 0, iter = t->channel_head;
2993 iter = iter->next, count++) /* skip */;
3000 * Get the connectivity state of a tunnel.
3004 * @return Tunnel's connectivity state.
3006 enum CadetTunnelCState
3007 GCT_get_cstate (struct CadetTunnel *t)
3012 return (enum CadetTunnelCState) -1;
3019 * Get the encryption state of a tunnel.
3023 * @return Tunnel's encryption state.
3025 enum CadetTunnelEState
3026 GCT_get_estate (struct CadetTunnel *t)
3031 return (enum CadetTunnelEState) -1;
3037 * Get the maximum buffer space for a tunnel towards a local client.
3041 * @return Biggest buffer space offered by any channel in the tunnel.
3044 GCT_get_channels_buffer (struct CadetTunnel *t)
3046 struct CadetTChannel *iter;
3047 unsigned int buffer;
3048 unsigned int ch_buf;
3050 if (NULL == t->channel_head)
3052 /* Probably getting buffer for a channel create/handshake. */
3053 LOG (GNUNET_ERROR_TYPE_DEBUG, " no channels, allow max\n");
3058 for (iter = t->channel_head; NULL != iter; iter = iter->next)
3060 ch_buf = get_channel_buffer (iter);
3061 if (ch_buf > buffer)
3069 * Get the total buffer space for a tunnel for P2P traffic.
3073 * @return Buffer space offered by all connections in the tunnel.
3076 GCT_get_connections_buffer (struct CadetTunnel *t)
3078 struct CadetTConnection *iter;
3079 unsigned int buffer;
3081 if (GNUNET_NO == is_ready (t))
3083 if (count_queued_data (t) > 3)
3090 for (iter = t->connection_head; NULL != iter; iter = iter->next)
3092 if (GCC_get_state (iter->c) != CADET_CONNECTION_READY)
3096 buffer += get_connection_buffer (iter);
3104 * Get the tunnel's destination.
3108 * @return ID of the destination peer.
3110 const struct GNUNET_PeerIdentity *
3111 GCT_get_destination (struct CadetTunnel *t)
3113 return GCP_get_id (t->peer);
3118 * Get the tunnel's next free global channel ID.
3122 * @return GID of a channel free to use.
3125 GCT_get_next_chid (struct CadetTunnel *t)
3127 CADET_ChannelNumber chid;
3128 CADET_ChannelNumber mask;
3131 /* Set bit 30 depending on the ID relationship. Bit 31 is always 0 for GID.
3132 * If our ID is bigger or loopback tunnel, start at 0, bit 30 = 0
3133 * If peer's ID is bigger, start at 0x4... bit 30 = 1
3135 result = GNUNET_CRYPTO_cmp_peer_identity (&my_full_id, GCP_get_id (t->peer));
3140 t->next_chid |= mask;
3142 while (NULL != GCT_get_channel (t, t->next_chid))
3144 LOG (GNUNET_ERROR_TYPE_DEBUG, "Channel %u exists...\n", t->next_chid);
3145 t->next_chid = (t->next_chid + 1) & ~GNUNET_CADET_LOCAL_CHANNEL_ID_CLI;
3146 t->next_chid |= mask;
3148 chid = t->next_chid;
3149 t->next_chid = (t->next_chid + 1) & ~GNUNET_CADET_LOCAL_CHANNEL_ID_CLI;
3150 t->next_chid |= mask;
3157 * Send ACK on one or more channels due to buffer in connections.
3159 * @param t Channel which has some free buffer space.
3162 GCT_unchoke_channels (struct CadetTunnel *t)
3164 struct CadetTChannel *iter;
3165 unsigned int buffer;
3166 unsigned int channels = GCT_count_channels (t);
3167 unsigned int choked_n;
3168 struct CadetChannel *choked[channels];
3170 LOG (GNUNET_ERROR_TYPE_DEBUG, "GCT_unchoke_channels on %s\n", GCT_2s (t));
3171 LOG (GNUNET_ERROR_TYPE_DEBUG, " head: %p\n", t->channel_head);
3172 if (NULL != t->channel_head)
3173 LOG (GNUNET_ERROR_TYPE_DEBUG, " head ch: %p\n", t->channel_head->ch);
3175 /* Get buffer space */
3176 buffer = GCT_get_connections_buffer (t);
3182 /* Count and remember choked channels */
3184 for (iter = t->channel_head; NULL != iter; iter = iter->next)
3186 if (GNUNET_NO == get_channel_allowed (iter))
3188 choked[choked_n++] = iter->ch;
3192 /* Unchoke random channels */
3193 while (0 < buffer && 0 < choked_n)
3195 unsigned int r = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
3197 GCCH_allow_client (choked[r], GCCH_is_origin (choked[r], GNUNET_YES));
3200 choked[r] = choked[choked_n];
3206 * Send ACK on one or more connections due to buffer space to the client.
3208 * Iterates all connections of the tunnel and sends ACKs appropriately.
3213 GCT_send_connection_acks (struct CadetTunnel *t)
3215 struct CadetTConnection *iter;
3218 uint32_t allow_per_connection;
3220 unsigned int buffer;
3222 LOG (GNUNET_ERROR_TYPE_DEBUG, "Tunnel send connection ACKs on %s\n",
3231 if (CADET_TUNNEL_READY != t->cstate)
3234 buffer = GCT_get_channels_buffer (t);
3235 LOG (GNUNET_ERROR_TYPE_DEBUG, " buffer %u\n", buffer);
3237 /* Count connections, how many messages are already allowed */
3238 cs = GCT_count_connections (t);
3239 for (allowed = 0, iter = t->connection_head; NULL != iter; iter = iter->next)
3241 allowed += get_connection_allowed (iter);
3243 LOG (GNUNET_ERROR_TYPE_DEBUG, " allowed %u\n", allowed);
3245 /* Make sure there is no overflow */
3246 if (allowed > buffer)
3249 /* Authorize connections to send more data */
3250 to_allow = buffer - allowed;
3252 for (iter = t->connection_head;
3253 NULL != iter && to_allow > 0;
3256 if (CADET_CONNECTION_READY != GCC_get_state (iter->c)
3257 || get_connection_allowed (iter) > 64 / 3)
3261 allow_per_connection = to_allow/cs;
3262 to_allow -= allow_per_connection;
3264 GCC_allow (iter->c, allow_per_connection,
3265 GCC_is_origin (iter->c, GNUNET_NO));
3270 /* Since we don't allow if it's allowed to send 64/3, this can happen. */
3271 LOG (GNUNET_ERROR_TYPE_DEBUG, " reminding to_allow: %u\n", to_allow);
3277 * Cancel a previously sent message while it's in the queue.
3279 * ONLY can be called before the continuation given to the send function
3280 * is called. Once the continuation is called, the message is no longer in the
3283 * @param q Handle to the queue.
3286 GCT_cancel (struct CadetTunnelQueue *q)
3291 /* tun_message_sent() will be called and free q */
3293 else if (NULL != q->tqd)
3295 unqueue_data (q->tqd);
3297 if (NULL != q->cont)
3298 q->cont (q->cont_cls, NULL, q, 0, 0);
3309 * Sends an already built message on a tunnel, encrypting it and
3310 * choosing the best connection if not provided.
3312 * @param message Message to send. Function modifies it.
3313 * @param t Tunnel on which this message is transmitted.
3314 * @param c Connection to use (autoselect if NULL).
3315 * @param force Force the tunnel to take the message (buffer overfill).
3316 * @param cont Continuation to call once message is really sent.
3317 * @param cont_cls Closure for @c cont.
3319 * @return Handle to cancel message. NULL if @c cont is NULL.
3321 struct CadetTunnelQueue *
3322 GCT_send_prebuilt_message (const struct GNUNET_MessageHeader *message,
3323 struct CadetTunnel *t, struct CadetConnection *c,
3324 int force, GCT_sent cont, void *cont_cls)
3326 return send_prebuilt_message (message, t, c, force, cont, cont_cls, NULL);
3330 * Sends an already built and encrypted message on a tunnel, choosing the best
3331 * connection. Useful for re-queueing messages queued on a destroyed connection.
3333 * @param message Message to send. Function modifies it.
3334 * @param t Tunnel on which this message is transmitted.
3337 GCT_resend_message (const struct GNUNET_MessageHeader *message,
3338 struct CadetTunnel *t)
3340 struct CadetConnection *c;
3343 c = tunnel_get_connection (t);
3346 /* TODO queue in tunnel, marked as encrypted */
3347 LOG (GNUNET_ERROR_TYPE_DEBUG, "No connection available, dropping.\n");
3350 fwd = GCC_is_origin (c, GNUNET_YES);
3351 GNUNET_break (NULL == GCC_send_prebuilt_message (message, 0, 0, c, fwd,
3352 GNUNET_YES, NULL, NULL));
3357 * Is the tunnel directed towards the local peer?
3361 * @return #GNUNET_YES if it is loopback.
3364 GCT_is_loopback (const struct CadetTunnel *t)
3366 return (myid == GCP_get_short_id (t->peer));
3371 * Is the tunnel this path already?
3376 * @return #GNUNET_YES a connection uses this path.
3379 GCT_is_path_used (const struct CadetTunnel *t, const struct CadetPeerPath *p)
3381 struct CadetTConnection *iter;
3383 for (iter = t->connection_head; NULL != iter; iter = iter->next)
3384 if (path_equivalent (GCC_get_path (iter->c), p))
3392 * Get a cost of a path for a tunnel considering existing connections.
3395 * @param path Candidate path.
3397 * @return Cost of the path (path length + number of overlapping nodes)
3400 GCT_get_path_cost (const struct CadetTunnel *t,
3401 const struct CadetPeerPath *path)
3403 struct CadetTConnection *iter;
3404 const struct CadetPeerPath *aux;
3405 unsigned int overlap;
3413 GNUNET_assert (NULL != t);
3415 for (i = 0; i < path->length; i++)
3417 for (iter = t->connection_head; NULL != iter; iter = iter->next)
3419 aux = GCC_get_path (iter->c);
3423 for (j = 0; j < aux->length; j++)
3425 if (path->peers[i] == aux->peers[j])
3433 return path->length + overlap;
3438 * Get the static string for the peer this tunnel is directed.
3442 * @return Static string the destination peer's ID.
3445 GCT_2s (const struct CadetTunnel *t)
3450 return GCP_2s (t->peer);
3454 /******************************************************************************/
3455 /***************************** INFO/DEBUG *******************************/
3456 /******************************************************************************/
3459 * Log all possible info about the tunnel state.
3461 * @param t Tunnel to debug.
3462 * @param level Debug level to use.
3465 GCT_debug (const struct CadetTunnel *t, enum GNUNET_ErrorType level)
3467 struct CadetTChannel *iterch;
3468 struct CadetTConnection *iterc;
3471 do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK),
3473 __FILE__, __FUNCTION__, __LINE__);
3477 LOG2 (level, "TTT DEBUG TUNNEL TOWARDS %s\n", GCT_2s (t));
3478 LOG2 (level, "TTT cstate %s, estate %s\n",
3479 cstate2s (t->cstate), estate2s (t->estate));
3480 LOG2 (level, "TTT kx_ctx %p, rekey_task %u, finish task %u\n",
3481 t->kx_ctx, t->rekey_task, t->kx_ctx ? t->kx_ctx->finish_task : 0);
3482 #if DUMP_KEYS_TO_STDERR
3483 LOG2 (level, "TTT my EPHM\t %s\n",
3484 GNUNET_h2s ((struct GNUNET_HashCode *) &kx_msg.ephemeral_key));
3485 LOG2 (level, "TTT peers EPHM:\t %s\n",
3486 GNUNET_h2s ((struct GNUNET_HashCode *) &t->peers_ephemeral_key));
3487 LOG2 (level, "TTT ENC key:\t %s\n",
3488 GNUNET_h2s ((struct GNUNET_HashCode *) &t->e_key));
3489 LOG2 (level, "TTT DEC key:\t %s\n",
3490 GNUNET_h2s ((struct GNUNET_HashCode *) &t->d_key));
3493 LOG2 (level, "TTT OLD ENC key:\t %s\n",
3494 GNUNET_h2s ((struct GNUNET_HashCode *) &t->kx_ctx->e_key_old));
3495 LOG2 (level, "TTT OLD DEC key:\t %s\n",
3496 GNUNET_h2s ((struct GNUNET_HashCode *) &t->kx_ctx->d_key_old));
3499 LOG2 (level, "TTT tq_head %p, tq_tail %p\n", t->tq_head, t->tq_tail);
3500 LOG2 (level, "TTT destroy %u\n", t->destroy_task);
3502 LOG2 (level, "TTT channels:\n");
3503 for (iterch = t->channel_head; NULL != iterch; iterch = iterch->next)
3505 LOG2 (level, "TTT - %s\n", GCCH_2s (iterch->ch));
3508 LOG2 (level, "TTT connections:\n");
3509 for (iterc = t->connection_head; NULL != iterc; iterc = iterc->next)
3511 GCC_debug (iterc->c, level);
3514 LOG2 (level, "TTT DEBUG TUNNEL END\n");
3519 * Iterate all tunnels.
3521 * @param iter Iterator.
3522 * @param cls Closure for @c iter.
3525 GCT_iterate_all (GNUNET_CONTAINER_PeerMapIterator iter, void *cls)
3527 GNUNET_CONTAINER_multipeermap_iterate (tunnels, iter, cls);
3532 * Count all tunnels.
3534 * @return Number of tunnels to remote peers kept by this peer.
3537 GCT_count_all (void)
3539 return GNUNET_CONTAINER_multipeermap_size (tunnels);
3544 * Iterate all connections of a tunnel.
3546 * @param t Tunnel whose connections to iterate.
3547 * @param iter Iterator.
3548 * @param cls Closure for @c iter.
3551 GCT_iterate_connections (struct CadetTunnel *t, GCT_conn_iter iter, void *cls)
3553 struct CadetTConnection *ct;
3555 for (ct = t->connection_head; NULL != ct; ct = ct->next)
3561 * Iterate all channels of a tunnel.
3563 * @param t Tunnel whose channels to iterate.
3564 * @param iter Iterator.
3565 * @param cls Closure for @c iter.
3568 GCT_iterate_channels (struct CadetTunnel *t, GCT_chan_iter iter, void *cls)
3570 struct CadetTChannel *cht;
3572 for (cht = t->channel_head; NULL != cht; cht = cht->next)
3573 iter (cls, cht->ch);