2 This file is part of GNUnet.
3 Copyright (C) 2013, 2017, 2018 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
21 * @file cadet/gnunet-service-cadet_tunnels.c
22 * @brief Information we track per tunnel.
23 * @author Bartlomiej Polot
24 * @author Christian Grothoff
27 * - proper connection evaluation during connection management:
28 * + consider quality (or quality spread?) of current connection set
29 * when deciding how often to do maintenance
30 * + interact with PEER to drive DHT GET/PUT operations based
31 * on how much we like our connections
34 #include "gnunet_util_lib.h"
35 #include "gnunet_statistics_service.h"
36 #include "gnunet_signatures.h"
37 #include "cadet_protocol.h"
38 #include "gnunet-service-cadet_channel.h"
39 #include "gnunet-service-cadet_connection.h"
40 #include "gnunet-service-cadet_tunnels.h"
41 #include "gnunet-service-cadet_peer.h"
42 #include "gnunet-service-cadet_paths.h"
45 #define LOG(level, ...) GNUNET_log_from(level,"cadet-tun",__VA_ARGS__)
48 * How often do we try to decrypt payload with unverified key
49 * material? Used to limit CPU increase upon receiving bogus
52 #define MAX_UNVERIFIED_ATTEMPTS 16
55 * How long do we wait until tearing down an idle tunnel?
57 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
60 * How long do we wait initially before retransmitting the KX?
61 * TODO: replace by 2 RTT if/once we have connection-level RTT data!
63 #define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MILLISECONDS, 250)
66 * Maximum number of skipped keys we keep in memory per tunnel.
68 #define MAX_SKIPPED_KEYS 64
71 * Maximum number of keys (and thus ratchet steps) we are willing to
72 * skip before we decide this is either a bogus packet or a DoS-attempt.
74 #define MAX_KEY_GAP 256
78 * Struct to old keys for skipped messages while advancing the Axolotl ratchet.
80 struct CadetTunnelSkippedKey
85 struct CadetTunnelSkippedKey *next;
90 struct CadetTunnelSkippedKey *prev;
93 * When was this key stored (for timeout).
95 struct GNUNET_TIME_Absolute timestamp;
100 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
105 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
108 * Key number for a given HK.
115 * Axolotl data, according to https://github.com/trevp/axolotl/wiki .
117 struct CadetTunnelAxolotl
120 * A (double linked) list of stored message keys and associated header keys
121 * for "skipped" messages, i.e. messages that have not been
122 * received despite the reception of more recent messages, (head).
124 struct CadetTunnelSkippedKey *skipped_head;
127 * Skipped messages' keys DLL, tail.
129 struct CadetTunnelSkippedKey *skipped_tail;
132 * 32-byte root key which gets updated by DH ratchet.
134 struct GNUNET_CRYPTO_SymmetricSessionKey RK;
137 * 32-byte header key (currently used for sending).
139 struct GNUNET_CRYPTO_SymmetricSessionKey HKs;
142 * 32-byte header key (currently used for receiving)
144 struct GNUNET_CRYPTO_SymmetricSessionKey HKr;
147 * 32-byte next header key (for sending), used once the
148 * ratchet advances. We are sure that the sender has this
149 * key as well only after @e ratchet_allowed is #GNUNET_YES.
151 struct GNUNET_CRYPTO_SymmetricSessionKey NHKs;
154 * 32-byte next header key (for receiving). To be tried
155 * when decrypting with @e HKr fails and thus the sender
156 * may have advanced the ratchet.
158 struct GNUNET_CRYPTO_SymmetricSessionKey NHKr;
161 * 32-byte chain keys (used for forward-secrecy) for
162 * sending messages. Updated for every message.
164 struct GNUNET_CRYPTO_SymmetricSessionKey CKs;
167 * 32-byte chain keys (used for forward-secrecy) for
168 * receiving messages. Updated for every message. If
169 * messages are skipped, the respective derived MKs
170 * (and the current @HKr) are kept in the @e skipped_head DLL.
172 struct GNUNET_CRYPTO_SymmetricSessionKey CKr;
175 * ECDH for key exchange (A0 / B0).
177 struct GNUNET_CRYPTO_EcdhePrivateKey kx_0;
180 * ECDH Ratchet key (our private key in the current DH).
182 struct GNUNET_CRYPTO_EcdhePrivateKey DHRs;
185 * ECDH Ratchet key (other peer's public key in the current DH).
187 struct GNUNET_CRYPTO_EcdhePublicKey DHRr;
190 * Last ephemeral public key received from the other peer,
191 * for duplicate detection.
193 struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral;
196 * Time when the current ratchet expires and a new one is triggered
197 * (if @e ratchet_allowed is #GNUNET_YES).
199 struct GNUNET_TIME_Absolute ratchet_expiration;
202 * Number of elements in @a skipped_head <-> @a skipped_tail.
204 unsigned int skipped;
207 * Message number (reset to 0 with each new ratchet, next message to send).
212 * Message number (reset to 0 with each new ratchet, next message to recv).
217 * Previous message numbers (# of msgs sent under prev ratchet)
222 * True (#GNUNET_YES) if we have to send a new ratchet key in next msg.
227 * True (#GNUNET_YES) if we have received a message from the
228 * other peer that uses the keys from our last ratchet step.
229 * This implies that we are again allowed to advance the ratchet,
230 * otherwise we have to wait until the other peer sees our current
231 * ephemeral key and advances first.
233 * #GNUNET_NO if we have advanced the ratched but lack any evidence
234 * that the other peer has noticed this.
239 * Number of messages recieved since our last ratchet advance.
241 * If this counter = 0, we cannot send a new ratchet key in the next
244 * If this counter > 0, we could (but don't have to) send a new key.
246 * Once the @e ratchet_counter is larger than
247 * #ratchet_messages (or @e ratchet_expiration time has past), and
248 * @e ratchet_allowed is #GNUNET_YES, we advance the ratchet.
250 unsigned int ratchet_counter;
256 * Struct used to save messages in a non-ready tunnel to send once connected.
258 struct CadetTunnelQueueEntry
261 * We are entries in a DLL
263 struct CadetTunnelQueueEntry *next;
266 * We are entries in a DLL
268 struct CadetTunnelQueueEntry *prev;
271 * Tunnel these messages belong in.
273 struct CadetTunnel *t;
276 * Continuation to call once sent (on the channel layer).
278 GCT_SendContinuation cont;
281 * Closure for @c cont.
286 * Envelope of message to send follows.
288 struct GNUNET_MQ_Envelope *env;
291 * Where to put the connection identifier into the payload
292 * of the message in @e env once we have it?
294 struct GNUNET_CADET_ConnectionTunnelIdentifier *cid;
299 * Struct containing all information regarding a tunnel to a peer.
304 * Destination of the tunnel.
306 struct CadetPeer *destination;
309 * Peer's ephemeral key, to recreate @c e_key and @c d_key when own
310 * ephemeral key changes.
312 struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
315 * Encryption ("our") key. It is only "confirmed" if kx_ctx is NULL.
317 struct GNUNET_CRYPTO_SymmetricSessionKey e_key;
320 * Decryption ("their") key. It is only "confirmed" if kx_ctx is NULL.
322 struct GNUNET_CRYPTO_SymmetricSessionKey d_key;
327 struct CadetTunnelAxolotl ax;
330 * Unverified Axolotl info, used only if we got a fresh KX (not a
331 * KX_AUTH) while our end of the tunnel was still up. In this case,
332 * we keep the fresh KX around but do not put it into action until
333 * we got encrypted payload that assures us of the authenticity of
336 struct CadetTunnelAxolotl *unverified_ax;
339 * Task scheduled if there are no more channels using the tunnel.
341 struct GNUNET_SCHEDULER_Task *destroy_task;
344 * Task to trim connections if too many are present.
346 struct GNUNET_SCHEDULER_Task *maintain_connections_task;
349 * Task to send messages from queue (if possible).
351 struct GNUNET_SCHEDULER_Task *send_task;
354 * Task to trigger KX.
356 struct GNUNET_SCHEDULER_Task *kx_task;
359 * Tokenizer for decrypted messages.
361 struct GNUNET_MessageStreamTokenizer *mst;
364 * Dispatcher for decrypted messages only (do NOT use for sending!).
366 struct GNUNET_MQ_Handle *mq;
369 * DLL of ready connections that are actively used to reach the destination peer.
371 struct CadetTConnection *connection_ready_head;
374 * DLL of ready connections that are actively used to reach the destination peer.
376 struct CadetTConnection *connection_ready_tail;
379 * DLL of connections that we maintain that might be used to reach the destination peer.
381 struct CadetTConnection *connection_busy_head;
384 * DLL of connections that we maintain that might be used to reach the destination peer.
386 struct CadetTConnection *connection_busy_tail;
389 * Channels inside this tunnel. Maps
390 * `struct GNUNET_CADET_ChannelTunnelNumber` to a `struct CadetChannel`.
392 struct GNUNET_CONTAINER_MultiHashMap32 *channels;
395 * Channel ID for the next created channel in this tunnel.
397 struct GNUNET_CADET_ChannelTunnelNumber next_ctn;
400 * Queued messages, to transmit once tunnel gets connected.
402 struct CadetTunnelQueueEntry *tq_head;
405 * Queued messages, to transmit once tunnel gets connected.
407 struct CadetTunnelQueueEntry *tq_tail;
410 * Identification of the connection from which we are currently processing
411 * a message. Only valid (non-NULL) during #handle_decrypted() and the
412 * handle-*()-functions called from our @e mq during that function.
414 struct CadetTConnection *current_ct;
417 * How long do we wait until we retry the KX?
419 struct GNUNET_TIME_Relative kx_retry_delay;
422 * When do we try the next KX?
424 struct GNUNET_TIME_Absolute next_kx_attempt;
427 * Number of connections in the @e connection_ready_head DLL.
429 unsigned int num_ready_connections;
432 * Number of connections in the @e connection_busy_head DLL.
434 unsigned int num_busy_connections;
437 * How often have we tried and failed to decrypt a message using
438 * the unverified KX material from @e unverified_ax? Used to
439 * stop trying after #MAX_UNVERIFIED_ATTEMPTS.
441 unsigned int unverified_attempts;
444 * Number of entries in the @e tq_head DLL.
449 * State of the tunnel encryption.
451 enum CadetTunnelEState estate;
454 * Force triggering KX_AUTH independent of @e estate.
456 int kx_auth_requested;
462 * Am I Alice or Betty (some call her Bob), or talking to myself?
464 * @param other the other peer
465 * @return #GNUNET_YES for Alice, #GNUNET_NO for Betty, #GNUNET_SYSERR if talking to myself
468 alice_or_betty (const struct GNUNET_PeerIdentity *other)
470 if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
473 else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
479 return GNUNET_SYSERR;
485 * Connection @a ct is now unready, clear it's ready flag
486 * and move it from the ready DLL to the busy DLL.
488 * @param ct connection to move to unready status
491 mark_connection_unready (struct CadetTConnection *ct)
493 struct CadetTunnel *t = ct->t;
495 GNUNET_assert (GNUNET_YES == ct->is_ready);
496 GNUNET_CONTAINER_DLL_remove (t->connection_ready_head,
497 t->connection_ready_tail,
499 GNUNET_assert (0 < t->num_ready_connections);
500 t->num_ready_connections--;
501 ct->is_ready = GNUNET_NO;
502 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
503 t->connection_busy_tail,
505 t->num_busy_connections++;
510 * Get the static string for the peer this tunnel is directed.
514 * @return Static string the destination peer's ID.
517 GCT_2s (const struct CadetTunnel *t)
522 return "Tunnel(NULL)";
523 GNUNET_snprintf (buf,
526 GNUNET_i2s (GCP_get_id (t->destination)));
532 * Get string description for tunnel encryption state.
534 * @param es Tunnel state.
536 * @return String representation.
539 estate2s (enum CadetTunnelEState es)
545 case CADET_TUNNEL_KEY_UNINITIALIZED:
546 return "CADET_TUNNEL_KEY_UNINITIALIZED";
547 case CADET_TUNNEL_KEY_AX_RECV:
548 return "CADET_TUNNEL_KEY_AX_RECV";
549 case CADET_TUNNEL_KEY_AX_SENT:
550 return "CADET_TUNNEL_KEY_AX_SENT";
551 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
552 return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV";
553 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
554 return "CADET_TUNNEL_KEY_AX_AUTH_SENT";
555 case CADET_TUNNEL_KEY_OK:
556 return "CADET_TUNNEL_KEY_OK";
558 GNUNET_snprintf (buf,
560 "%u (UNKNOWN STATE)",
568 * Return the peer to which this tunnel goes.
571 * @return the destination of the tunnel
574 GCT_get_destination (struct CadetTunnel *t)
576 return t->destination;
581 * Count channels of a tunnel.
583 * @param t Tunnel on which to count.
585 * @return Number of channels.
588 GCT_count_channels (struct CadetTunnel *t)
590 return GNUNET_CONTAINER_multihashmap32_size (t->channels);
595 * Lookup a channel by its @a ctn.
597 * @param t tunnel to look in
598 * @param ctn number of channel to find
599 * @return NULL if channel does not exist
601 struct CadetChannel *
602 lookup_channel (struct CadetTunnel *t,
603 struct GNUNET_CADET_ChannelTunnelNumber ctn)
605 return GNUNET_CONTAINER_multihashmap32_get (t->channels,
611 * Count all created connections of a tunnel. Not necessarily ready connections!
613 * @param t Tunnel on which to count.
615 * @return Number of connections created, either being established or ready.
618 GCT_count_any_connections (const struct CadetTunnel *t)
620 return t->num_ready_connections + t->num_busy_connections;
625 * Find first connection that is ready in the list of
626 * our connections. Picks ready connections round-robin.
628 * @param t tunnel to search
629 * @return NULL if we have no connection that is ready
631 static struct CadetTConnection *
632 get_ready_connection (struct CadetTunnel *t)
634 struct CadetTConnection *hd = t->connection_ready_head;
636 GNUNET_assert ( (NULL == hd) ||
637 (GNUNET_YES == hd->is_ready) );
643 * Get the encryption state of a tunnel.
647 * @return Tunnel's encryption state.
649 enum CadetTunnelEState
650 GCT_get_estate (struct CadetTunnel *t)
657 * Called when either we have a new connection, or a new message in the
658 * queue, or some existing connection has transmission capacity. Looks
659 * at our message queue and if there is a message, picks a connection
662 * @param cls the `struct CadetTunnel` to process messages on
665 trigger_transmissions (void *cls);
668 /* ************************************** start core crypto ***************************** */
672 * Create a new Axolotl ephemeral (ratchet) key.
674 * @param ax key material to update
677 new_ephemeral (struct CadetTunnelAxolotl *ax)
679 LOG (GNUNET_ERROR_TYPE_DEBUG,
680 "Creating new ephemeral ratchet key (DHRs)\n");
681 GNUNET_assert (GNUNET_OK ==
682 GNUNET_CRYPTO_ecdhe_key_create2 (&ax->DHRs));
689 * @param plaintext Content to HMAC.
690 * @param size Size of @c plaintext.
691 * @param iv Initialization vector for the message.
692 * @param key Key to use.
693 * @param hmac[out] Destination to store the HMAC.
696 t_hmac (const void *plaintext,
699 const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
700 struct GNUNET_ShortHashCode *hmac)
702 static const char ctx[] = "cadet authentication key";
703 struct GNUNET_CRYPTO_AuthKey auth_key;
704 struct GNUNET_HashCode hash;
706 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
712 /* Two step: GNUNET_ShortHash is only 256 bits,
713 GNUNET_HashCode is 512, so we truncate. */
714 GNUNET_CRYPTO_hmac (&auth_key,
727 * @param key Key to use.
728 * @param[out] hash Resulting HMAC.
729 * @param source Source key material (data to HMAC).
730 * @param len Length of @a source.
733 t_ax_hmac_hash (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
734 struct GNUNET_HashCode *hash,
738 static const char ctx[] = "axolotl HMAC-HASH";
739 struct GNUNET_CRYPTO_AuthKey auth_key;
741 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
745 GNUNET_CRYPTO_hmac (&auth_key,
753 * Derive a symmetric encryption key from an HMAC-HASH.
755 * @param key Key to use for the HMAC.
756 * @param[out] out Key to generate.
757 * @param source Source key material (data to HMAC).
758 * @param len Length of @a source.
761 t_hmac_derive_key (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
762 struct GNUNET_CRYPTO_SymmetricSessionKey *out,
766 static const char ctx[] = "axolotl derive key";
767 struct GNUNET_HashCode h;
773 GNUNET_CRYPTO_kdf (out, sizeof (*out),
781 * Encrypt data with the axolotl tunnel key.
783 * @param ax key material to use.
784 * @param dst Destination with @a size bytes for the encrypted data.
785 * @param src Source of the plaintext. Can overlap with @c dst, must contain @a size bytes
786 * @param size Size of the buffers at @a src and @a dst
789 t_ax_encrypt (struct CadetTunnelAxolotl *ax,
794 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
795 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
798 ax->ratchet_counter++;
799 if ( (GNUNET_YES == ax->ratchet_allowed) &&
800 ( (ratchet_messages <= ax->ratchet_counter) ||
801 (0 == GNUNET_TIME_absolute_get_remaining (ax->ratchet_expiration).rel_value_us)) )
803 ax->ratchet_flag = GNUNET_YES;
805 if (GNUNET_YES == ax->ratchet_flag)
807 /* Advance ratchet */
808 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
809 struct GNUNET_HashCode dh;
810 struct GNUNET_HashCode hmac;
811 static const char ctx[] = "axolotl ratchet";
816 /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
817 GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
820 t_ax_hmac_hash (&ax->RK,
824 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
826 &hmac, sizeof (hmac),
834 ax->ratchet_flag = GNUNET_NO;
835 ax->ratchet_allowed = GNUNET_NO;
836 ax->ratchet_counter = 0;
837 ax->ratchet_expiration
838 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(),
842 t_hmac_derive_key (&ax->CKs,
846 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
851 out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
856 GNUNET_assert (size == out_size);
857 t_hmac_derive_key (&ax->CKs,
865 * Decrypt data with the axolotl tunnel key.
867 * @param ax key material to use.
868 * @param dst Destination for the decrypted data, must contain @a size bytes.
869 * @param src Source of the ciphertext. Can overlap with @c dst, must contain @a size bytes.
870 * @param size Size of the @a src and @a dst buffers
873 t_ax_decrypt (struct CadetTunnelAxolotl *ax,
878 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
879 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
882 t_hmac_derive_key (&ax->CKr,
886 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
890 GNUNET_assert (size >= sizeof (struct GNUNET_MessageHeader));
891 out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
896 GNUNET_assert (out_size == size);
897 t_hmac_derive_key (&ax->CKr,
905 * Encrypt header with the axolotl header key.
907 * @param ax key material to use.
908 * @param[in|out] msg Message whose header to encrypt.
911 t_h_encrypt (struct CadetTunnelAxolotl *ax,
912 struct GNUNET_CADET_TunnelEncryptedMessage *msg)
914 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
917 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
921 out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header,
922 sizeof (struct GNUNET_CADET_AxHeader),
926 GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
931 * Decrypt header with the current axolotl header key.
933 * @param ax key material to use.
934 * @param src Message whose header to decrypt.
935 * @param dst Where to decrypt header to.
938 t_h_decrypt (struct CadetTunnelAxolotl *ax,
939 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
940 struct GNUNET_CADET_TunnelEncryptedMessage *dst)
942 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
945 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
949 out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
950 sizeof (struct GNUNET_CADET_AxHeader),
954 GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
959 * Delete a key from the list of skipped keys.
961 * @param ax key material to delete @a key from.
962 * @param key Key to delete.
965 delete_skipped_key (struct CadetTunnelAxolotl *ax,
966 struct CadetTunnelSkippedKey *key)
968 GNUNET_CONTAINER_DLL_remove (ax->skipped_head,
977 * Decrypt and verify data with the appropriate tunnel key and verify that the
978 * data has not been altered since it was sent by the remote peer.
980 * @param ax key material to use.
981 * @param dst Destination for the plaintext.
982 * @param src Source of the message. Can overlap with @c dst.
983 * @param size Size of the message.
984 * @return Size of the decrypted data, -1 if an error was encountered.
987 try_old_ax_keys (struct CadetTunnelAxolotl *ax,
989 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
992 struct CadetTunnelSkippedKey *key;
993 struct GNUNET_ShortHashCode *hmac;
994 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
995 struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
996 struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
1002 LOG (GNUNET_ERROR_TYPE_DEBUG,
1003 "Trying skipped keys\n");
1004 hmac = &plaintext_header.hmac;
1005 esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1007 /* Find a correct Header Key */
1009 for (key = ax->skipped_head; NULL != key; key = key->next)
1011 t_hmac (&src->ax_header,
1012 sizeof (struct GNUNET_CADET_AxHeader) + esize,
1016 if (0 == memcmp (hmac,
1020 valid_HK = &key->HK;
1027 /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
1028 GNUNET_assert (size > sizeof (struct GNUNET_CADET_TunnelEncryptedMessage));
1029 len = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1030 GNUNET_assert (len >= sizeof (struct GNUNET_MessageHeader));
1032 /* Decrypt header */
1033 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
1037 res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
1038 sizeof (struct GNUNET_CADET_AxHeader),
1041 &plaintext_header.ax_header.Ns);
1042 GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res);
1044 /* Find the correct message key */
1045 N = ntohl (plaintext_header.ax_header.Ns);
1046 while ( (NULL != key) &&
1049 if ( (NULL == key) ||
1050 (0 != memcmp (&key->HK,
1052 sizeof (*valid_HK))) )
1055 /* Decrypt payload */
1056 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
1061 res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
1066 delete_skipped_key (ax,
1073 * Delete a key from the list of skipped keys.
1075 * @param ax key material to delete from.
1076 * @param HKr Header Key to use.
1079 store_skipped_key (struct CadetTunnelAxolotl *ax,
1080 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
1082 struct CadetTunnelSkippedKey *key;
1084 key = GNUNET_new (struct CadetTunnelSkippedKey);
1085 key->timestamp = GNUNET_TIME_absolute_get ();
1088 t_hmac_derive_key (&ax->CKr,
1092 t_hmac_derive_key (&ax->CKr,
1096 GNUNET_CONTAINER_DLL_insert (ax->skipped_head,
1105 * Stage skipped AX keys and calculate the message key.
1106 * Stores each HK and MK for skipped messages.
1108 * @param ax key material to use
1109 * @param HKr Header key.
1110 * @param Np Received meesage number.
1111 * @return #GNUNET_OK if keys were stored.
1112 * #GNUNET_SYSERR if an error ocurred (@a Np not expected).
1115 store_ax_keys (struct CadetTunnelAxolotl *ax,
1116 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
1122 LOG (GNUNET_ERROR_TYPE_DEBUG,
1123 "Storing skipped keys [%u, %u)\n",
1126 if (MAX_KEY_GAP < gap)
1128 /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */
1129 /* TODO: start new key exchange on return */
1130 GNUNET_break_op (0);
1131 LOG (GNUNET_ERROR_TYPE_WARNING,
1132 "Got message %u, expected %u+\n",
1135 return GNUNET_SYSERR;
1139 /* Delayed message: don't store keys, flag to try old keys. */
1140 return GNUNET_SYSERR;
1144 store_skipped_key (ax,
1147 while (ax->skipped > MAX_SKIPPED_KEYS)
1148 delete_skipped_key (ax,
1155 * Decrypt and verify data with the appropriate tunnel key and verify that the
1156 * data has not been altered since it was sent by the remote peer.
1158 * @param ax key material to use
1159 * @param dst Destination for the plaintext.
1160 * @param src Source of the message. Can overlap with @c dst.
1161 * @param size Size of the message.
1162 * @return Size of the decrypted data, -1 if an error was encountered.
1165 t_ax_decrypt_and_validate (struct CadetTunnelAxolotl *ax,
1167 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
1170 struct GNUNET_ShortHashCode msg_hmac;
1171 struct GNUNET_HashCode hmac;
1172 struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1175 size_t esize; /* Size of encryped payload */
1177 esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1179 /* Try current HK */
1180 t_hmac (&src->ax_header,
1181 sizeof (struct GNUNET_CADET_AxHeader) + esize,
1184 if (0 != memcmp (&msg_hmac,
1188 static const char ctx[] = "axolotl ratchet";
1189 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1190 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
1191 struct GNUNET_HashCode dh;
1192 struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1195 t_hmac (&src->ax_header,
1196 sizeof (struct GNUNET_CADET_AxHeader) + esize,
1200 if (0 != memcmp (&msg_hmac,
1204 /* Try the skipped keys, if that fails, we're out of luck. */
1205 return try_old_ax_keys (ax,
1215 Np = ntohl (plaintext_header.ax_header.Ns);
1216 PNp = ntohl (plaintext_header.ax_header.PNs);
1217 DHRp = &plaintext_header.ax_header.DHRs;
1222 /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1223 GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
1226 t_ax_hmac_hash (&ax->RK,
1229 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1231 &hmac, sizeof (hmac),
1234 /* Commit "purported" keys */
1240 ax->ratchet_allowed = GNUNET_YES;
1247 Np = ntohl (plaintext_header.ax_header.Ns);
1248 PNp = ntohl (plaintext_header.ax_header.PNs);
1250 if ( (Np != ax->Nr) &&
1251 (GNUNET_OK != store_ax_keys (ax,
1255 /* Try the skipped keys, if that fails, we're out of luck. */
1256 return try_old_ax_keys (ax,
1272 * Our tunnel became ready for the first time, notify channels
1273 * that have been waiting.
1275 * @param cls our tunnel, not used
1276 * @param key unique ID of the channel, not used
1277 * @param value the `struct CadetChannel` to notify
1278 * @return #GNUNET_OK (continue to iterate)
1281 notify_tunnel_up_cb (void *cls,
1285 struct CadetChannel *ch = value;
1287 GCCH_tunnel_up (ch);
1293 * Change the tunnel encryption state.
1294 * If the encryption state changes to OK, stop the rekey task.
1296 * @param t Tunnel whose encryption state to change, or NULL.
1297 * @param state New encryption state.
1300 GCT_change_estate (struct CadetTunnel *t,
1301 enum CadetTunnelEState state)
1303 enum CadetTunnelEState old = t->estate;
1306 LOG (GNUNET_ERROR_TYPE_DEBUG,
1307 "%s estate changed from %s to %s\n",
1312 if ( (CADET_TUNNEL_KEY_OK != old) &&
1313 (CADET_TUNNEL_KEY_OK == t->estate) )
1315 if (NULL != t->kx_task)
1317 GNUNET_SCHEDULER_cancel (t->kx_task);
1320 /* notify all channels that have been waiting */
1321 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
1322 ¬ify_tunnel_up_cb,
1324 if (NULL != t->send_task)
1325 GNUNET_SCHEDULER_cancel (t->send_task);
1326 t->send_task = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
1333 * Send a KX message.
1335 * @param t tunnel on which to send the KX_AUTH
1336 * @param ct Tunnel and connection on which to send the KX_AUTH, NULL if
1337 * we are to find one that is ready.
1338 * @param ax axolotl key context to use
1341 send_kx (struct CadetTunnel *t,
1342 struct CadetTConnection *ct,
1343 struct CadetTunnelAxolotl *ax)
1345 struct CadetConnection *cc;
1346 struct GNUNET_MQ_Envelope *env;
1347 struct GNUNET_CADET_TunnelKeyExchangeMessage *msg;
1348 enum GNUNET_CADET_KX_Flags flags;
1350 if (GNUNET_YES != alice_or_betty (GCP_get_id (t->destination)))
1351 return; /* only Alice may send KX */
1352 if ( (NULL == ct) ||
1353 (GNUNET_NO == ct->is_ready) )
1354 ct = get_ready_connection (t);
1357 LOG (GNUNET_ERROR_TYPE_DEBUG,
1358 "Wanted to send %s in state %s, but no connection is ready, deferring\n",
1360 estate2s (t->estate));
1361 t->next_kx_attempt = GNUNET_TIME_absolute_get ();
1365 env = GNUNET_MQ_msg (msg,
1366 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX);
1367 flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
1368 msg->flags = htonl (flags);
1369 msg->cid = *GCC_get_id (cc);
1370 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
1371 &msg->ephemeral_key);
1373 msg->ephemeral_key_XXX = ax->kx_0;
1374 msg->private_key_XXX = *my_private_key;
1376 LOG (GNUNET_ERROR_TYPE_DEBUG,
1377 "Sending KX message to %s with ephemeral %s on CID %s\n",
1379 GNUNET_e2s (&msg->ephemeral_key),
1380 GNUNET_sh2s (&msg->cid.connection_of_tunnel));
1381 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
1383 mark_connection_unready (ct);
1384 t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
1385 t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay);
1386 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1387 GCT_change_estate (t,
1388 CADET_TUNNEL_KEY_AX_SENT);
1389 else if (CADET_TUNNEL_KEY_AX_RECV == t->estate)
1390 GCT_change_estate (t,
1391 CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
1394 GNUNET_STATISTICS_update (stats,
1402 * Send a KX_AUTH message.
1404 * @param t tunnel on which to send the KX_AUTH
1405 * @param ct Tunnel and connection on which to send the KX_AUTH, NULL if
1406 * we are to find one that is ready.
1407 * @param ax axolotl key context to use
1408 * @param force_reply Force the other peer to reply with a KX_AUTH message
1409 * (set if we would like to transmit right now, but cannot)
1412 send_kx_auth (struct CadetTunnel *t,
1413 struct CadetTConnection *ct,
1414 struct CadetTunnelAxolotl *ax,
1417 struct CadetConnection *cc;
1418 struct GNUNET_MQ_Envelope *env;
1419 struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg;
1420 enum GNUNET_CADET_KX_Flags flags;
1422 if ( (NULL == ct) ||
1423 (GNUNET_NO == ct->is_ready) )
1424 ct = get_ready_connection (t);
1427 LOG (GNUNET_ERROR_TYPE_DEBUG,
1428 "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n",
1430 t->next_kx_attempt = GNUNET_TIME_absolute_get ();
1431 t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */
1434 t->kx_auth_requested = GNUNET_NO; /* clear flag */
1436 env = GNUNET_MQ_msg (msg,
1437 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH);
1438 flags = GNUNET_CADET_KX_FLAG_NONE;
1439 if (GNUNET_YES == force_reply)
1440 flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY;
1441 msg->kx.flags = htonl (flags);
1442 msg->kx.cid = *GCC_get_id (cc);
1443 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
1444 &msg->kx.ephemeral_key);
1445 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
1446 &msg->kx.ratchet_key);
1448 msg->kx.ephemeral_key_XXX = ax->kx_0;
1449 msg->kx.private_key_XXX = *my_private_key;
1450 msg->r_ephemeral_key_XXX = ax->last_ephemeral;
1452 LOG (GNUNET_ERROR_TYPE_DEBUG,
1453 "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n",
1455 GNUNET_e2s (&msg->kx.ephemeral_key),
1456 GNUNET_sh2s (&msg->kx.cid.connection_of_tunnel));
1458 /* Compute authenticator (this is the main difference to #send_kx()) */
1459 GNUNET_CRYPTO_hash (&ax->RK,
1462 /* Compute when to be triggered again; actual job will
1463 be scheduled via #connection_ready_cb() */
1465 = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
1467 = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay);
1469 /* Send via cc, mark it as unready */
1470 mark_connection_unready (ct);
1472 /* Update state machine, unless we are already OK */
1473 if (CADET_TUNNEL_KEY_OK != t->estate)
1474 GCT_change_estate (t,
1475 CADET_TUNNEL_KEY_AX_AUTH_SENT);
1478 GNUNET_STATISTICS_update (stats,
1479 "# KX_AUTH transmitted",
1486 * Cleanup state used by @a ax.
1488 * @param ax state to free, but not memory of @a ax itself
1491 cleanup_ax (struct CadetTunnelAxolotl *ax)
1493 while (NULL != ax->skipped_head)
1494 delete_skipped_key (ax,
1496 GNUNET_assert (0 == ax->skipped);
1497 GNUNET_CRYPTO_ecdhe_key_clear (&ax->kx_0);
1498 GNUNET_CRYPTO_ecdhe_key_clear (&ax->DHRs);
1503 * Update our Axolotl key state based on the KX data we received.
1504 * Computes the new chain keys, and root keys, etc, and also checks
1505 * wether this is a replay of the current chain.
1507 * @param[in|out] axolotl chain key state to recompute
1508 * @param pid peer identity of the other peer
1509 * @param ephemeral_key ephemeral public key of the other peer
1510 * @param ratchet_key senders next ephemeral public key
1511 * @return #GNUNET_OK on success, #GNUNET_NO if the resulting
1512 * root key is already in @a ax and thus the KX is useless;
1513 * #GNUNET_SYSERR on hard errors (i.e. @a pid is #my_full_id)
1516 update_ax_by_kx (struct CadetTunnelAxolotl *ax,
1517 const struct GNUNET_PeerIdentity *pid,
1518 const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key,
1519 const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
1521 struct GNUNET_HashCode key_material[3];
1522 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1523 const char salt[] = "CADET Axolotl salt";
1526 if (GNUNET_SYSERR == (am_I_alice = alice_or_betty (pid)))
1528 GNUNET_break_op (0);
1529 return GNUNET_SYSERR;
1531 if (0 == memcmp (&ax->DHRr,
1533 sizeof (*ratchet_key)))
1535 GNUNET_STATISTICS_update (stats,
1536 "# Ratchet key already known",
1539 LOG (GNUNET_ERROR_TYPE_DEBUG,
1540 "Ratchet key already known. Ignoring KX.\n");
1544 ax->DHRr = *ratchet_key;
1545 ax->last_ephemeral = *ephemeral_key;
1547 if (GNUNET_YES == am_I_alice)
1549 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* a */
1550 ephemeral_key, /* B0 */
1555 GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */
1556 &pid->public_key, /* A */
1560 if (GNUNET_YES == am_I_alice)
1562 GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */
1563 &pid->public_key, /* B */
1568 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* b */
1569 ephemeral_key, /* A0 */
1574 GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */
1575 ephemeral_key, /* B0 or A0 */
1578 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1579 salt, sizeof (salt),
1580 &key_material, sizeof (key_material),
1583 if (0 == memcmp (&ax->RK,
1587 LOG (GNUNET_ERROR_TYPE_DEBUG,
1588 "Root key already known. Ignoring KX.\n");
1589 GNUNET_STATISTICS_update (stats,
1590 "# Root key already known",
1597 if (GNUNET_YES == am_I_alice)
1603 ax->ratchet_flag = GNUNET_YES;
1611 ax->ratchet_flag = GNUNET_NO;
1612 ax->ratchet_expiration
1613 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(),
1621 * Try to redo the KX or KX_AUTH handshake, if we can.
1623 * @param cls the `struct CadetTunnel` to do KX for.
1626 retry_kx (void *cls)
1628 struct CadetTunnel *t = cls;
1629 struct CadetTunnelAxolotl *ax;
1632 LOG (GNUNET_ERROR_TYPE_DEBUG,
1633 "Trying to make KX progress on %s in state %s\n",
1635 estate2s (t->estate));
1638 case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
1639 case CADET_TUNNEL_KEY_AX_SENT: /* trying again */
1644 case CADET_TUNNEL_KEY_AX_RECV:
1645 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
1646 /* We are responding, so only require reply
1647 if WE have a channel waiting. */
1648 if (NULL != t->unverified_ax)
1650 /* Send AX_AUTH so we might get this one verified */
1651 ax = t->unverified_ax;
1655 /* How can this be? */
1662 (0 == GCT_count_channels (t))
1666 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
1667 /* We are responding, so only require reply
1668 if WE have a channel waiting. */
1669 if (NULL != t->unverified_ax)
1671 /* Send AX_AUTH so we might get this one verified */
1672 ax = t->unverified_ax;
1676 /* How can this be? */
1683 (0 == GCT_count_channels (t))
1687 case CADET_TUNNEL_KEY_OK:
1688 /* Must have been the *other* peer asking us to
1689 respond with a KX_AUTH. */
1690 if (NULL != t->unverified_ax)
1692 /* Sending AX_AUTH in response to AX so we might get this one verified */
1693 ax = t->unverified_ax;
1697 /* Sending AX_AUTH in response to AX_AUTH */
1710 * Handle KX message that lacks authentication (and which will thus
1711 * only be considered authenticated after we respond with our own
1712 * KX_AUTH and finally successfully decrypt payload).
1714 * @param ct connection/tunnel combo that received encrypted message
1715 * @param msg the key exchange message
1718 GCT_handle_kx (struct CadetTConnection *ct,
1719 const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
1721 struct CadetTunnel *t = ct->t;
1724 GNUNET_STATISTICS_update (stats,
1729 alice_or_betty (GCP_get_id (t->destination)))
1731 /* Betty/Bob is not allowed to send KX! */
1732 GNUNET_break_op (0);
1735 LOG (GNUNET_ERROR_TYPE_DEBUG,
1736 "Received KX message from %s with ephemeral %s from %s on connection %s\n",
1738 GNUNET_e2s (&msg->ephemeral_key),
1739 GNUNET_i2s (GCP_get_id (t->destination)),
1743 memcmp (&t->ax.DHRr,
1745 sizeof (msg->ratchet_key))) &&
1747 memcmp (&t->ax.last_ephemeral,
1748 &msg->ephemeral_key,
1749 sizeof (msg->ephemeral_key))) )
1752 GNUNET_STATISTICS_update (stats,
1753 "# Duplicate KX received",
1763 /* We only keep ONE unverified KX around, so if there is an existing one,
1765 if (NULL != t->unverified_ax)
1768 memcmp (&t->unverified_ax->DHRr,
1770 sizeof (msg->ratchet_key))) &&
1772 memcmp (&t->unverified_ax->last_ephemeral,
1773 &msg->ephemeral_key,
1774 sizeof (msg->ephemeral_key))) )
1776 GNUNET_STATISTICS_update (stats,
1777 "# Duplicate unverified KX received",
1788 LOG (GNUNET_ERROR_TYPE_DEBUG,
1789 "Dropping old unverified KX state.\n");
1790 GNUNET_STATISTICS_update (stats,
1791 "# Unverified KX dropped for fresh KX",
1794 GNUNET_break (NULL == t->unverified_ax->skipped_head);
1795 memset (t->unverified_ax,
1797 sizeof (struct CadetTunnelAxolotl));
1801 LOG (GNUNET_ERROR_TYPE_DEBUG,
1802 "Creating fresh unverified KX for %s\n",
1804 GNUNET_STATISTICS_update (stats,
1808 t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl);
1810 /* Set as the 'current' RK/DHRr the one we are currently using,
1811 so that the duplicate-detection logic of
1812 #update_ax_by_kx can work. */
1813 t->unverified_ax->RK = t->ax.RK;
1814 t->unverified_ax->DHRr = t->ax.DHRr;
1815 t->unverified_ax->DHRs = t->ax.DHRs;
1816 t->unverified_ax->kx_0 = t->ax.kx_0;
1817 t->unverified_attempts = 0;
1819 /* Update 'ax' by the new key material */
1820 ret = update_ax_by_kx (t->unverified_ax,
1821 GCP_get_id (t->destination),
1822 &msg->ephemeral_key,
1824 GNUNET_break (GNUNET_SYSERR != ret);
1825 if (GNUNET_OK != ret)
1827 GNUNET_STATISTICS_update (stats,
1831 return; /* duplicate KX, nothing to do */
1833 /* move ahead in our state machine */
1834 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1835 GCT_change_estate (t,
1836 CADET_TUNNEL_KEY_AX_RECV);
1837 else if (CADET_TUNNEL_KEY_AX_SENT == t->estate)
1838 GCT_change_estate (t,
1839 CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
1841 /* KX is still not done, try again our end. */
1842 if (CADET_TUNNEL_KEY_OK != t->estate)
1844 if (NULL != t->kx_task)
1845 GNUNET_SCHEDULER_cancel (t->kx_task);
1847 = GNUNET_SCHEDULER_add_now (&retry_kx,
1855 check_ee (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1856 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2)
1858 struct GNUNET_CRYPTO_EcdhePublicKey p1;
1859 struct GNUNET_CRYPTO_EcdhePublicKey p2;
1860 struct GNUNET_HashCode hc1;
1861 struct GNUNET_HashCode hc2;
1863 GNUNET_CRYPTO_ecdhe_key_get_public (e1,
1865 GNUNET_CRYPTO_ecdhe_key_get_public (e2,
1867 GNUNET_assert (GNUNET_OK ==
1868 GNUNET_CRYPTO_ecc_ecdh (e1,
1871 GNUNET_assert (GNUNET_OK ==
1872 GNUNET_CRYPTO_ecc_ecdh (e2,
1875 GNUNET_break (0 == memcmp (&hc1,
1882 check_ed (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1883 const struct GNUNET_CRYPTO_EddsaPrivateKey *e2)
1885 struct GNUNET_CRYPTO_EcdhePublicKey p1;
1886 struct GNUNET_CRYPTO_EddsaPublicKey p2;
1887 struct GNUNET_HashCode hc1;
1888 struct GNUNET_HashCode hc2;
1890 GNUNET_CRYPTO_ecdhe_key_get_public (e1,
1892 GNUNET_CRYPTO_eddsa_key_get_public (e2,
1894 GNUNET_assert (GNUNET_OK ==
1895 GNUNET_CRYPTO_ecdh_eddsa (e1,
1898 GNUNET_assert (GNUNET_OK ==
1899 GNUNET_CRYPTO_eddsa_ecdh (e2,
1902 GNUNET_break (0 == memcmp (&hc1,
1909 test_crypto_bug (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1910 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2,
1911 const struct GNUNET_CRYPTO_EddsaPrivateKey *d1,
1912 const struct GNUNET_CRYPTO_EddsaPrivateKey *d2)
1923 * Handle KX_AUTH message.
1925 * @param ct connection/tunnel combo that received encrypted message
1926 * @param msg the key exchange message
1929 GCT_handle_kx_auth (struct CadetTConnection *ct,
1930 const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg)
1932 struct CadetTunnel *t = ct->t;
1933 struct CadetTunnelAxolotl ax_tmp;
1934 struct GNUNET_HashCode kx_auth;
1937 GNUNET_STATISTICS_update (stats,
1938 "# KX_AUTH received",
1941 if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
1942 (CADET_TUNNEL_KEY_AX_RECV == t->estate) )
1944 /* Confusing, we got a KX_AUTH before we even send our own
1945 KX. This should not happen. We'll send our own KX ASAP anyway,
1946 so let's ignore this here. */
1947 GNUNET_break_op (0);
1950 LOG (GNUNET_ERROR_TYPE_DEBUG,
1951 "Handling KX_AUTH message from %s with ephemeral %s\n",
1953 GNUNET_e2s (&msg->kx.ephemeral_key));
1954 /* We do everything in ax_tmp until we've checked the authentication
1955 so we don't clobber anything we care about by accident. */
1958 /* Update 'ax' by the new key material */
1959 ret = update_ax_by_kx (&ax_tmp,
1960 GCP_get_id (t->destination),
1961 &msg->kx.ephemeral_key,
1962 &msg->kx.ratchet_key);
1963 if (GNUNET_OK != ret)
1965 if (GNUNET_NO == ret)
1966 GNUNET_STATISTICS_update (stats,
1967 "# redundant KX_AUTH received",
1971 GNUNET_break (0); /* connect to self!? */
1974 GNUNET_CRYPTO_hash (&ax_tmp.RK,
1977 if (0 != memcmp (&kx_auth,
1981 /* This KX_AUTH is not using the latest KX/KX_AUTH data
1982 we transmitted to the sender, refuse it, try KX again. */
1983 GNUNET_STATISTICS_update (stats,
1984 "# KX_AUTH not using our last KX received (auth failure)",
1987 LOG (GNUNET_ERROR_TYPE_WARNING,
1988 "KX AUTH mismatch!\n");
1991 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1993 GNUNET_CRYPTO_ecdhe_key_get_public (&ax_tmp.kx_0,
1995 if (0 != memcmp (&ephemeral_key,
1996 &msg->r_ephemeral_key_XXX,
1997 sizeof (ephemeral_key)))
1999 LOG (GNUNET_ERROR_TYPE_WARNING,
2000 "My ephemeral is %s!\n",
2001 GNUNET_e2s (&ephemeral_key));
2002 LOG (GNUNET_ERROR_TYPE_WARNING,
2003 "Response is for ephemeral %s!\n",
2004 GNUNET_e2s (&msg->r_ephemeral_key_XXX));
2008 test_crypto_bug (&ax_tmp.kx_0,
2009 &msg->kx.ephemeral_key_XXX,
2011 &msg->kx.private_key_XXX);
2015 if (NULL == t->kx_task)
2017 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2022 /* Yep, we're good. */
2024 if (NULL != t->unverified_ax)
2026 /* We got some "stale" KX before, drop that. */
2027 cleanup_ax (t->unverified_ax);
2028 GNUNET_free (t->unverified_ax);
2029 t->unverified_ax = NULL;
2032 /* move ahead in our state machine */
2035 case CADET_TUNNEL_KEY_UNINITIALIZED:
2036 case CADET_TUNNEL_KEY_AX_RECV:
2037 /* Checked above, this is impossible. */
2040 case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */
2041 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */
2042 case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */
2043 GCT_change_estate (t,
2044 CADET_TUNNEL_KEY_OK);
2046 case CADET_TUNNEL_KEY_OK:
2047 /* Did not expect another KX_AUTH, but so what, still acceptable.
2048 Nothing to do here. */
2051 if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->kx.flags)))
2062 /* ************************************** end core crypto ***************************** */
2066 * Compute the next free channel tunnel number for this tunnel.
2068 * @param t the tunnel
2069 * @return unused number that can uniquely identify a channel in the tunnel
2071 static struct GNUNET_CADET_ChannelTunnelNumber
2072 get_next_free_ctn (struct CadetTunnel *t)
2074 #define HIGH_BIT 0x8000000
2075 struct GNUNET_CADET_ChannelTunnelNumber ret;
2080 cmp = GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
2081 GCP_get_id (GCT_get_destination (t)));
2087 GNUNET_assert (0); // loopback must never go here!
2088 ctn = ntohl (t->next_ctn.cn);
2090 GNUNET_CONTAINER_multihashmap32_get (t->channels,
2093 ctn = ((ctn + 1) & (~ HIGH_BIT));
2095 t->next_ctn.cn = htonl ((ctn + 1) & (~ HIGH_BIT));
2096 ret.cn = htonl (ctn | highbit);
2102 * Add a channel to a tunnel, and notify channel that we are ready
2103 * for transmission if we are already up. Otherwise that notification
2104 * will be done later in #notify_tunnel_up_cb().
2108 * @return unique number identifying @a ch within @a t
2110 struct GNUNET_CADET_ChannelTunnelNumber
2111 GCT_add_channel (struct CadetTunnel *t,
2112 struct CadetChannel *ch)
2114 struct GNUNET_CADET_ChannelTunnelNumber ctn;
2116 ctn = get_next_free_ctn (t);
2117 if (NULL != t->destroy_task)
2119 GNUNET_SCHEDULER_cancel (t->destroy_task);
2120 t->destroy_task = NULL;
2122 GNUNET_assert (GNUNET_YES ==
2123 GNUNET_CONTAINER_multihashmap32_put (t->channels,
2126 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
2127 LOG (GNUNET_ERROR_TYPE_DEBUG,
2128 "Adding %s to %s\n",
2133 case CADET_TUNNEL_KEY_UNINITIALIZED:
2134 /* waiting for connection to start KX */
2136 case CADET_TUNNEL_KEY_AX_RECV:
2137 case CADET_TUNNEL_KEY_AX_SENT:
2138 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
2139 /* we're currently waiting for KX to complete */
2141 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
2142 /* waiting for OTHER peer to send us data,
2143 we might need to prompt more aggressively! */
2144 if (NULL == t->kx_task)
2146 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2150 case CADET_TUNNEL_KEY_OK:
2151 /* We are ready. Tell the new channel that we are up. */
2152 GCCH_tunnel_up (ch);
2160 * We lost a connection, remove it from our list and clean up
2161 * the connection object itself.
2163 * @param ct binding of connection to tunnel of the connection that was lost.
2166 GCT_connection_lost (struct CadetTConnection *ct)
2168 struct CadetTunnel *t = ct->t;
2170 if (GNUNET_YES == ct->is_ready)
2172 GNUNET_CONTAINER_DLL_remove (t->connection_ready_head,
2173 t->connection_ready_tail,
2175 t->num_ready_connections--;
2179 GNUNET_CONTAINER_DLL_remove (t->connection_busy_head,
2180 t->connection_busy_tail,
2182 t->num_busy_connections--;
2189 * Clean up connection @a ct of a tunnel.
2191 * @param cls the `struct CadetTunnel`
2192 * @param ct connection to clean up
2195 destroy_t_connection (void *cls,
2196 struct CadetTConnection *ct)
2198 struct CadetTunnel *t = cls;
2199 struct CadetConnection *cc = ct->cc;
2201 GNUNET_assert (ct->t == t);
2202 GCT_connection_lost (ct);
2203 GCC_destroy_without_tunnel (cc);
2208 * This tunnel is no longer used, destroy it.
2210 * @param cls the idle tunnel
2213 destroy_tunnel (void *cls)
2215 struct CadetTunnel *t = cls;
2216 struct CadetTunnelQueueEntry *tq;
2218 t->destroy_task = NULL;
2219 LOG (GNUNET_ERROR_TYPE_DEBUG,
2220 "Destroying idle %s\n",
2222 GNUNET_assert (0 == GCT_count_channels (t));
2223 GCT_iterate_connections (t,
2224 &destroy_t_connection,
2226 GNUNET_assert (NULL == t->connection_ready_head);
2227 GNUNET_assert (NULL == t->connection_busy_head);
2228 while (NULL != (tq = t->tq_head))
2230 if (NULL != tq->cont)
2231 tq->cont (tq->cont_cls,
2233 GCT_send_cancel (tq);
2235 GCP_drop_tunnel (t->destination,
2237 GNUNET_CONTAINER_multihashmap32_destroy (t->channels);
2238 if (NULL != t->maintain_connections_task)
2240 GNUNET_SCHEDULER_cancel (t->maintain_connections_task);
2241 t->maintain_connections_task = NULL;
2243 if (NULL != t->send_task)
2245 GNUNET_SCHEDULER_cancel (t->send_task);
2246 t->send_task = NULL;
2248 if (NULL != t->kx_task)
2250 GNUNET_SCHEDULER_cancel (t->kx_task);
2253 GNUNET_MST_destroy (t->mst);
2254 GNUNET_MQ_destroy (t->mq);
2255 if (NULL != t->unverified_ax)
2257 cleanup_ax (t->unverified_ax);
2258 GNUNET_free (t->unverified_ax);
2260 cleanup_ax (&t->ax);
2261 GNUNET_assert (NULL == t->destroy_task);
2267 * Remove a channel from a tunnel.
2271 * @param ctn unique number identifying @a ch within @a t
2274 GCT_remove_channel (struct CadetTunnel *t,
2275 struct CadetChannel *ch,
2276 struct GNUNET_CADET_ChannelTunnelNumber ctn)
2278 LOG (GNUNET_ERROR_TYPE_DEBUG,
2279 "Removing %s from %s\n",
2282 GNUNET_assert (GNUNET_YES ==
2283 GNUNET_CONTAINER_multihashmap32_remove (t->channels,
2287 GCT_count_channels (t)) &&
2288 (NULL == t->destroy_task) )
2291 = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
2299 * Destroy remaining channels during shutdown.
2301 * @param cls the `struct CadetTunnel` of the channel
2302 * @param key key of the channel
2303 * @param value the `struct CadetChannel`
2304 * @return #GNUNET_OK (continue to iterate)
2307 destroy_remaining_channels (void *cls,
2311 struct CadetChannel *ch = value;
2313 GCCH_handle_remote_destroy (ch,
2320 * Destroys the tunnel @a t now, without delay. Used during shutdown.
2322 * @param t tunnel to destroy
2325 GCT_destroy_tunnel_now (struct CadetTunnel *t)
2327 GNUNET_assert (GNUNET_YES == shutting_down);
2328 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
2329 &destroy_remaining_channels,
2332 GCT_count_channels (t));
2333 if (NULL != t->destroy_task)
2335 GNUNET_SCHEDULER_cancel (t->destroy_task);
2336 t->destroy_task = NULL;
2343 * Send normal payload from queue in @a t via connection @a ct.
2344 * Does nothing if our payload queue is empty.
2346 * @param t tunnel to send data from
2347 * @param ct connection to use for transmission (is ready)
2350 try_send_normal_payload (struct CadetTunnel *t,
2351 struct CadetTConnection *ct)
2353 struct CadetTunnelQueueEntry *tq;
2355 GNUNET_assert (GNUNET_YES == ct->is_ready);
2359 /* no messages pending right now */
2360 LOG (GNUNET_ERROR_TYPE_DEBUG,
2361 "Not sending payload of %s on ready %s (nothing pending)\n",
2366 /* ready to send message 'tq' on tunnel 'ct' */
2367 GNUNET_assert (t == tq->t);
2368 GNUNET_CONTAINER_DLL_remove (t->tq_head,
2371 if (NULL != tq->cid)
2372 *tq->cid = *GCC_get_id (ct->cc);
2373 mark_connection_unready (ct);
2374 LOG (GNUNET_ERROR_TYPE_DEBUG,
2375 "Sending payload of %s on %s\n",
2378 GCC_transmit (ct->cc,
2380 if (NULL != tq->cont)
2381 tq->cont (tq->cont_cls,
2382 GCC_get_id (ct->cc));
2388 * A connection is @a is_ready for transmission. Looks at our message
2389 * queue and if there is a message, sends it out via the connection.
2391 * @param cls the `struct CadetTConnection` that is @a is_ready
2392 * @param is_ready #GNUNET_YES if connection are now ready,
2393 * #GNUNET_NO if connection are no longer ready
2396 connection_ready_cb (void *cls,
2399 struct CadetTConnection *ct = cls;
2400 struct CadetTunnel *t = ct->t;
2402 if (GNUNET_NO == is_ready)
2404 LOG (GNUNET_ERROR_TYPE_DEBUG,
2405 "%s no longer ready for %s\n",
2408 mark_connection_unready (ct);
2411 GNUNET_assert (GNUNET_NO == ct->is_ready);
2412 GNUNET_CONTAINER_DLL_remove (t->connection_busy_head,
2413 t->connection_busy_tail,
2415 GNUNET_assert (0 < t->num_busy_connections);
2416 t->num_busy_connections--;
2417 ct->is_ready = GNUNET_YES;
2418 GNUNET_CONTAINER_DLL_insert_tail (t->connection_ready_head,
2419 t->connection_ready_tail,
2421 t->num_ready_connections++;
2423 LOG (GNUNET_ERROR_TYPE_DEBUG,
2424 "%s now ready for %s in state %s\n",
2427 estate2s (t->estate));
2430 case CADET_TUNNEL_KEY_UNINITIALIZED:
2431 /* Do not begin KX if WE have no channels waiting! */
2432 if (0 != GNUNET_TIME_absolute_get_remaining (t->next_kx_attempt).rel_value_us)
2433 return; /* wait for timeout before retrying */
2434 /* We are uninitialized, just transmit immediately,
2435 without undue delay. */
2436 if (NULL != t->kx_task)
2438 GNUNET_SCHEDULER_cancel (t->kx_task);
2445 GCT_count_channels (t)) &&
2446 (NULL == t->destroy_task) )
2449 = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
2454 case CADET_TUNNEL_KEY_AX_RECV:
2455 case CADET_TUNNEL_KEY_AX_SENT:
2456 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
2457 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
2458 /* we're currently waiting for KX to complete, schedule job */
2459 if (NULL == t->kx_task)
2461 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2465 case CADET_TUNNEL_KEY_OK:
2466 if (GNUNET_YES == t->kx_auth_requested)
2468 if (0 != GNUNET_TIME_absolute_get_remaining (t->next_kx_attempt).rel_value_us)
2469 return; /* wait for timeout */
2470 if (NULL != t->kx_task)
2472 GNUNET_SCHEDULER_cancel (t->kx_task);
2481 try_send_normal_payload (t,
2489 * Called when either we have a new connection, or a new message in the
2490 * queue, or some existing connection has transmission capacity. Looks
2491 * at our message queue and if there is a message, picks a connection
2494 * @param cls the `struct CadetTunnel` to process messages on
2497 trigger_transmissions (void *cls)
2499 struct CadetTunnel *t = cls;
2500 struct CadetTConnection *ct;
2502 t->send_task = NULL;
2503 if (NULL == t->tq_head)
2504 return; /* no messages pending right now */
2505 ct = get_ready_connection (t);
2507 return; /* no connections ready */
2508 try_send_normal_payload (t,
2514 * Closure for #evaluate_connection. Used to assemble summary information
2515 * about the existing connections so we can evaluate a new path.
2517 struct EvaluationSummary
2521 * Minimum length of any of our connections, `UINT_MAX` if we have none.
2523 unsigned int min_length;
2526 * Maximum length of any of our connections, 0 if we have none.
2528 unsigned int max_length;
2531 * Minimum desirability of any of our connections, UINT64_MAX if we have none.
2533 GNUNET_CONTAINER_HeapCostType min_desire;
2536 * Maximum desirability of any of our connections, 0 if we have none.
2538 GNUNET_CONTAINER_HeapCostType max_desire;
2541 * Path we are comparing against for #evaluate_connection, can be NULL.
2543 struct CadetPeerPath *path;
2546 * Connection deemed the "worst" so far encountered by #evaluate_connection,
2547 * NULL if we did not yet encounter any connections.
2549 struct CadetTConnection *worst;
2552 * Numeric score of @e worst, only set if @e worst is non-NULL.
2557 * Set to #GNUNET_YES if we have a connection over @e path already.
2565 * Evaluate a connection, updating our summary information in @a cls about
2566 * what kinds of connections we have.
2568 * @param cls the `struct EvaluationSummary *` to update
2569 * @param ct a connection to include in the summary
2572 evaluate_connection (void *cls,
2573 struct CadetTConnection *ct)
2575 struct EvaluationSummary *es = cls;
2576 struct CadetConnection *cc = ct->cc;
2577 unsigned int ct_length;
2578 struct CadetPeerPath *ps;
2579 const struct CadetConnectionMetrics *metrics;
2580 GNUNET_CONTAINER_HeapCostType ct_desirability;
2581 struct GNUNET_TIME_Relative uptime;
2582 struct GNUNET_TIME_Relative last_use;
2584 double success_rate;
2586 ps = GCC_get_path (cc,
2588 LOG (GNUNET_ERROR_TYPE_DEBUG,
2589 "Evaluating path %s of existing %s\n",
2594 LOG (GNUNET_ERROR_TYPE_DEBUG,
2595 "Ignoring duplicate path %s.\n",
2596 GCPP_2s (es->path));
2597 es->duplicate = GNUNET_YES;
2600 if (NULL != es->path)
2602 int duplicate = GNUNET_YES;
2604 for (unsigned int i=0;i<ct_length;i++)
2606 GNUNET_assert (GCPP_get_length (es->path) > i);
2607 if (GCPP_get_peer_at_offset (es->path,
2609 GCPP_get_peer_at_offset (ps,
2612 duplicate = GNUNET_NO;
2616 if (GNUNET_YES == duplicate)
2618 LOG (GNUNET_ERROR_TYPE_DEBUG,
2619 "Ignoring overlapping path %s.\n",
2620 GCPP_2s (es->path));
2621 es->duplicate = GNUNET_YES;
2626 LOG (GNUNET_ERROR_TYPE_DEBUG,
2627 "Known path %s differs from proposed path\n",
2632 ct_desirability = GCPP_get_desirability (ps);
2633 metrics = GCC_get_metrics (cc);
2634 uptime = GNUNET_TIME_absolute_get_duration (metrics->age);
2635 last_use = GNUNET_TIME_absolute_get_duration (metrics->last_use);
2636 /* We add 1.0 here to avoid division by zero. */
2637 success_rate = (metrics->num_acked_transmissions + 1.0) / (metrics->num_successes + 1.0);
2640 + 100.0 / (1.0 + ct_length) /* longer paths = better */
2641 + sqrt (uptime.rel_value_us / 60000000LL) /* larger uptime = better */
2642 - last_use.rel_value_us / 1000L; /* longer idle = worse */
2643 score *= success_rate; /* weigh overall by success rate */
2645 if ( (NULL == es->worst) ||
2646 (score < es->worst_score) )
2649 es->worst_score = score;
2651 es->min_length = GNUNET_MIN (es->min_length,
2653 es->max_length = GNUNET_MAX (es->max_length,
2655 es->min_desire = GNUNET_MIN (es->min_desire,
2657 es->max_desire = GNUNET_MAX (es->max_desire,
2663 * Consider using the path @a p for the tunnel @a t.
2664 * The tunnel destination is at offset @a off in path @a p.
2666 * @param cls our tunnel
2667 * @param path a path to our destination
2668 * @param off offset of the destination on path @a path
2669 * @return #GNUNET_YES (should keep iterating)
2672 consider_path_cb (void *cls,
2673 struct CadetPeerPath *path,
2676 struct CadetTunnel *t = cls;
2677 struct EvaluationSummary es;
2678 struct CadetTConnection *ct;
2680 GNUNET_assert (off < GCPP_get_length (path));
2681 GNUNET_assert (GCPP_get_peer_at_offset (path,
2682 off) == t->destination);
2683 es.min_length = UINT_MAX;
2686 es.min_desire = UINT64_MAX;
2688 es.duplicate = GNUNET_NO;
2691 /* Compute evaluation summary over existing connections. */
2692 LOG (GNUNET_ERROR_TYPE_DEBUG,
2693 "Evaluating proposed path %s for target %s\n",
2696 /* FIXME: suspect this does not ACTUALLY iterate
2697 over all existing paths, otherwise dup detection
2699 GCT_iterate_connections (t,
2700 &evaluate_connection,
2702 if (GNUNET_YES == es.duplicate)
2705 /* FIXME: not sure we should really just count
2706 'num_connections' here, as they may all have
2707 consistently failed to connect. */
2709 /* We iterate by increasing path length; if we have enough paths and
2710 this one is more than twice as long than what we are currently
2711 using, then ignore all of these super-long ones! */
2712 if ( (GCT_count_any_connections (t) > DESIRED_CONNECTIONS_PER_TUNNEL) &&
2713 (es.min_length * 2 < off) &&
2714 (es.max_length < off) )
2716 LOG (GNUNET_ERROR_TYPE_DEBUG,
2717 "Ignoring paths of length %u, they are way too long.\n",
2721 /* If we have enough paths and this one looks no better, ignore it. */
2722 if ( (GCT_count_any_connections (t) >= DESIRED_CONNECTIONS_PER_TUNNEL) &&
2723 (es.min_length < GCPP_get_length (path)) &&
2724 (es.min_desire > GCPP_get_desirability (path)) &&
2725 (es.max_length < off) )
2727 LOG (GNUNET_ERROR_TYPE_DEBUG,
2728 "Ignoring path (%u/%llu) to %s, got something better already.\n",
2729 GCPP_get_length (path),
2730 (unsigned long long) GCPP_get_desirability (path),
2731 GCP_2s (t->destination));
2735 /* Path is interesting (better by some metric, or we don't have
2736 enough paths yet). */
2737 ct = GNUNET_new (struct CadetTConnection);
2738 ct->created = GNUNET_TIME_absolute_get ();
2740 ct->cc = GCC_create (t->destination,
2743 GNUNET_CADET_OPTION_DEFAULT, /* FIXME: set based on what channels want/need! */
2745 &connection_ready_cb,
2748 /* FIXME: schedule job to kill connection (and path?) if it takes
2749 too long to get ready! (And track performance data on how long
2750 other connections took with the tunnel!)
2751 => Note: to be done within 'connection'-logic! */
2752 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
2753 t->connection_busy_tail,
2755 t->num_busy_connections++;
2756 LOG (GNUNET_ERROR_TYPE_DEBUG,
2757 "Found interesting path %s for %s, created %s\n",
2766 * Function called to maintain the connections underlying our tunnel.
2767 * Tries to maintain (incl. tear down) connections for the tunnel, and
2768 * if there is a significant change, may trigger transmissions.
2770 * Basically, needs to check if there are connections that perform
2771 * badly, and if so eventually kill them and trigger a replacement.
2772 * The strategy is to open one more connection than
2773 * #DESIRED_CONNECTIONS_PER_TUNNEL, and then periodically kick out the
2774 * least-performing one, and then inquire for new ones.
2776 * @param cls the `struct CadetTunnel`
2779 maintain_connections_cb (void *cls)
2781 struct CadetTunnel *t = cls;
2782 struct GNUNET_TIME_Relative delay;
2783 struct EvaluationSummary es;
2785 t->maintain_connections_task = NULL;
2786 LOG (GNUNET_ERROR_TYPE_DEBUG,
2787 "Performing connection maintenance for %s.\n",
2790 es.min_length = UINT_MAX;
2793 es.min_desire = UINT64_MAX;
2796 es.duplicate = GNUNET_NO;
2797 GCT_iterate_connections (t,
2798 &evaluate_connection,
2800 if ( (NULL != es.worst) &&
2801 (GCT_count_any_connections (t) > DESIRED_CONNECTIONS_PER_TUNNEL) )
2803 /* Clear out worst-performing connection 'es.worst'. */
2804 destroy_t_connection (t,
2808 /* Consider additional paths */
2809 (void) GCP_iterate_paths (t->destination,
2813 /* FIXME: calculate when to try again based on how well we are doing;
2814 in particular, if we have to few connections, we might be able
2815 to do without this (as PATHS should tell us whenever a new path
2816 is available instantly; however, need to make sure this job is
2817 restarted after that happens).
2818 Furthermore, if the paths we do know are in a reasonably narrow
2819 quality band and are plentyful, we might also consider us stabilized
2820 and then reduce the frequency accordingly. */
2821 delay = GNUNET_TIME_UNIT_MINUTES;
2822 t->maintain_connections_task
2823 = GNUNET_SCHEDULER_add_delayed (delay,
2824 &maintain_connections_cb,
2830 * Consider using the path @a p for the tunnel @a t.
2831 * The tunnel destination is at offset @a off in path @a p.
2833 * @param cls our tunnel
2834 * @param path a path to our destination
2835 * @param off offset of the destination on path @a path
2838 GCT_consider_path (struct CadetTunnel *t,
2839 struct CadetPeerPath *p,
2842 LOG (GNUNET_ERROR_TYPE_DEBUG,
2843 "Considering %s for %s (offset %u)\n",
2847 (void) consider_path_cb (t,
2854 * We got a keepalive. Track in statistics.
2856 * @param cls the `struct CadetTunnel` for which we decrypted the message
2857 * @param msg the message we received on the tunnel
2860 handle_plaintext_keepalive (void *cls,
2861 const struct GNUNET_MessageHeader *msg)
2863 struct CadetTunnel *t = cls;
2865 LOG (GNUNET_ERROR_TYPE_DEBUG,
2866 "Received KEEPALIVE on %s\n",
2868 GNUNET_STATISTICS_update (stats,
2869 "# keepalives received",
2876 * Check that @a msg is well-formed.
2878 * @param cls the `struct CadetTunnel` for which we decrypted the message
2879 * @param msg the message we received on the tunnel
2880 * @return #GNUNET_OK (any variable-size payload goes)
2883 check_plaintext_data (void *cls,
2884 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
2891 * We received payload data for a channel. Locate the channel
2892 * and process the data, or return an error if the channel is unknown.
2894 * @param cls the `struct CadetTunnel` for which we decrypted the message
2895 * @param msg the message we received on the tunnel
2898 handle_plaintext_data (void *cls,
2899 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
2901 struct CadetTunnel *t = cls;
2902 struct CadetChannel *ch;
2904 ch = lookup_channel (t,
2908 /* We don't know about such a channel, might have been destroyed on our
2909 end in the meantime, or never existed. Send back a DESTROY. */
2910 LOG (GNUNET_ERROR_TYPE_DEBUG,
2911 "Received %u bytes of application data for unknown channel %u, sending DESTROY\n",
2912 (unsigned int) (ntohs (msg->header.size) - sizeof (*msg)),
2913 ntohl (msg->ctn.cn));
2914 GCT_send_channel_destroy (t,
2918 GCCH_handle_channel_plaintext_data (ch,
2919 GCC_get_id (t->current_ct->cc),
2925 * We received an acknowledgement for data we sent on a channel.
2926 * Locate the channel and process it, or return an error if the
2927 * channel is unknown.
2929 * @param cls the `struct CadetTunnel` for which we decrypted the message
2930 * @param ack the message we received on the tunnel
2933 handle_plaintext_data_ack (void *cls,
2934 const struct GNUNET_CADET_ChannelDataAckMessage *ack)
2936 struct CadetTunnel *t = cls;
2937 struct CadetChannel *ch;
2939 ch = lookup_channel (t,
2943 /* We don't know about such a channel, might have been destroyed on our
2944 end in the meantime, or never existed. Send back a DESTROY. */
2945 LOG (GNUNET_ERROR_TYPE_DEBUG,
2946 "Received DATA_ACK for unknown channel %u, sending DESTROY\n",
2947 ntohl (ack->ctn.cn));
2948 GCT_send_channel_destroy (t,
2952 GCCH_handle_channel_plaintext_data_ack (ch,
2953 GCC_get_id (t->current_ct->cc),
2959 * We have received a request to open a channel to a port from
2960 * another peer. Creates the incoming channel.
2962 * @param cls the `struct CadetTunnel` for which we decrypted the message
2963 * @param copen the message we received on the tunnel
2966 handle_plaintext_channel_open (void *cls,
2967 const struct GNUNET_CADET_ChannelOpenMessage *copen)
2969 struct CadetTunnel *t = cls;
2970 struct CadetChannel *ch;
2972 ch = GNUNET_CONTAINER_multihashmap32_get (t->channels,
2973 ntohl (copen->ctn.cn));
2976 LOG (GNUNET_ERROR_TYPE_DEBUG,
2977 "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
2978 GNUNET_h2s (&copen->h_port),
2981 GCCH_handle_duplicate_open (ch,
2982 GCC_get_id (t->current_ct->cc));
2985 LOG (GNUNET_ERROR_TYPE_DEBUG,
2986 "Received CHANNEL_OPEN on h_port %s from %s\n",
2987 GNUNET_h2s (&copen->h_port),
2989 ch = GCCH_channel_incoming_new (t,
2992 ntohl (copen->opt));
2993 if (NULL != t->destroy_task)
2995 GNUNET_SCHEDULER_cancel (t->destroy_task);
2996 t->destroy_task = NULL;
2998 GNUNET_assert (GNUNET_OK ==
2999 GNUNET_CONTAINER_multihashmap32_put (t->channels,
3000 ntohl (copen->ctn.cn),
3002 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
3007 * Send a DESTROY message via the tunnel.
3009 * @param t the tunnel to transmit over
3010 * @param ctn ID of the channel to destroy
3013 GCT_send_channel_destroy (struct CadetTunnel *t,
3014 struct GNUNET_CADET_ChannelTunnelNumber ctn)
3016 struct GNUNET_CADET_ChannelDestroyMessage msg;
3018 LOG (GNUNET_ERROR_TYPE_DEBUG,
3019 "Sending DESTORY message for channel ID %u\n",
3021 msg.header.size = htons (sizeof (msg));
3022 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY);
3023 msg.reserved = htonl (0);
3033 * We have received confirmation from the target peer that the
3034 * given channel could be established (the port is open).
3037 * @param cls the `struct CadetTunnel` for which we decrypted the message
3038 * @param cm the message we received on the tunnel
3041 handle_plaintext_channel_open_ack (void *cls,
3042 const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
3044 struct CadetTunnel *t = cls;
3045 struct CadetChannel *ch;
3047 ch = lookup_channel (t,
3051 /* We don't know about such a channel, might have been destroyed on our
3052 end in the meantime, or never existed. Send back a DESTROY. */
3053 LOG (GNUNET_ERROR_TYPE_DEBUG,
3054 "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n",
3055 ntohl (cm->ctn.cn));
3056 GCT_send_channel_destroy (t,
3060 LOG (GNUNET_ERROR_TYPE_DEBUG,
3061 "Received channel OPEN_ACK on channel %s from %s\n",
3064 GCCH_handle_channel_open_ack (ch,
3065 GCC_get_id (t->current_ct->cc),
3071 * We received a message saying that a channel should be destroyed.
3072 * Pass it on to the correct channel.
3074 * @param cls the `struct CadetTunnel` for which we decrypted the message
3075 * @param cm the message we received on the tunnel
3078 handle_plaintext_channel_destroy (void *cls,
3079 const struct GNUNET_CADET_ChannelDestroyMessage *cm)
3081 struct CadetTunnel *t = cls;
3082 struct CadetChannel *ch;
3084 ch = lookup_channel (t,
3088 /* We don't know about such a channel, might have been destroyed on our
3089 end in the meantime, or never existed. */
3090 LOG (GNUNET_ERROR_TYPE_DEBUG,
3091 "Received channel DESTORY for unknown channel %u. Ignoring.\n",
3092 ntohl (cm->ctn.cn));
3095 LOG (GNUNET_ERROR_TYPE_DEBUG,
3096 "Received channel DESTROY on %s from %s\n",
3099 GCCH_handle_remote_destroy (ch,
3100 GCC_get_id (t->current_ct->cc));
3105 * Handles a message we decrypted, by injecting it into
3106 * our message queue (which will do the dispatching).
3108 * @param cls the `struct CadetTunnel` that got the message
3109 * @param msg the message
3110 * @return #GNUNET_OK on success (always)
3111 * #GNUNET_NO to stop further processing (no error)
3112 * #GNUNET_SYSERR to stop further processing with error
3115 handle_decrypted (void *cls,
3116 const struct GNUNET_MessageHeader *msg)
3118 struct CadetTunnel *t = cls;
3120 GNUNET_assert (NULL != t->current_ct);
3121 GNUNET_MQ_inject_message (t->mq,
3128 * Function called if we had an error processing
3129 * an incoming decrypted message.
3131 * @param cls the `struct CadetTunnel`
3132 * @param error error code
3135 decrypted_error_cb (void *cls,
3136 enum GNUNET_MQ_Error error)
3138 GNUNET_break_op (0);
3143 * Create a tunnel to @a destionation. Must only be called
3144 * from within #GCP_get_tunnel().
3146 * @param destination where to create the tunnel to
3147 * @return new tunnel to @a destination
3149 struct CadetTunnel *
3150 GCT_create_tunnel (struct CadetPeer *destination)
3152 struct CadetTunnel *t = GNUNET_new (struct CadetTunnel);
3153 struct GNUNET_MQ_MessageHandler handlers[] = {
3154 GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
3155 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE,
3156 struct GNUNET_MessageHeader,
3158 GNUNET_MQ_hd_var_size (plaintext_data,
3159 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA,
3160 struct GNUNET_CADET_ChannelAppDataMessage,
3162 GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
3163 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK,
3164 struct GNUNET_CADET_ChannelDataAckMessage,
3166 GNUNET_MQ_hd_fixed_size (plaintext_channel_open,
3167 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN,
3168 struct GNUNET_CADET_ChannelOpenMessage,
3170 GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
3171 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK,
3172 struct GNUNET_CADET_ChannelOpenAckMessage,
3174 GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
3175 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY,
3176 struct GNUNET_CADET_ChannelDestroyMessage,
3178 GNUNET_MQ_handler_end ()
3181 t->kx_retry_delay = INITIAL_KX_RETRY_DELAY;
3182 new_ephemeral (&t->ax);
3183 GNUNET_assert (GNUNET_OK ==
3184 GNUNET_CRYPTO_ecdhe_key_create2 (&t->ax.kx_0));
3185 t->destination = destination;
3186 t->channels = GNUNET_CONTAINER_multihashmap32_create (8);
3187 t->maintain_connections_task
3188 = GNUNET_SCHEDULER_add_now (&maintain_connections_cb,
3190 t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
3195 &decrypted_error_cb,
3197 t->mst = GNUNET_MST_create (&handle_decrypted,
3204 * Add a @a connection to the @a tunnel.
3207 * @param cid connection identifer to use for the connection
3208 * @param options options for the connection
3209 * @param path path to use for the connection
3210 * @return #GNUNET_OK on success,
3211 * #GNUNET_SYSERR on failure (duplicate connection)
3214 GCT_add_inbound_connection (struct CadetTunnel *t,
3215 const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid,
3216 enum GNUNET_CADET_ChannelOption options,
3217 struct CadetPeerPath *path)
3219 struct CadetTConnection *ct;
3221 ct = GNUNET_new (struct CadetTConnection);
3222 ct->created = GNUNET_TIME_absolute_get ();
3224 ct->cc = GCC_create_inbound (t->destination,
3229 &connection_ready_cb,
3233 LOG (GNUNET_ERROR_TYPE_DEBUG,
3234 "%s refused inbound %s (duplicate)\n",
3238 return GNUNET_SYSERR;
3240 /* FIXME: schedule job to kill connection (and path?) if it takes
3241 too long to get ready! (And track performance data on how long
3242 other connections took with the tunnel!)
3243 => Note: to be done within 'connection'-logic! */
3244 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
3245 t->connection_busy_tail,
3247 t->num_busy_connections++;
3248 LOG (GNUNET_ERROR_TYPE_DEBUG,
3257 * Handle encrypted message.
3259 * @param ct connection/tunnel combo that received encrypted message
3260 * @param msg the encrypted message to decrypt
3263 GCT_handle_encrypted (struct CadetTConnection *ct,
3264 const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
3266 struct CadetTunnel *t = ct->t;
3267 uint16_t size = ntohs (msg->header.size);
3268 char cbuf [size] GNUNET_ALIGN;
3269 ssize_t decrypted_size;
3271 LOG (GNUNET_ERROR_TYPE_DEBUG,
3272 "%s received %u bytes of encrypted data in state %d\n",
3274 (unsigned int) size,
3279 case CADET_TUNNEL_KEY_UNINITIALIZED:
3280 case CADET_TUNNEL_KEY_AX_RECV:
3281 /* We did not even SEND our KX, how can the other peer
3282 send us encrypted data? Must have been that we went
3283 down and the other peer still things we are up.
3284 Let's send it KX back. */
3285 GNUNET_STATISTICS_update (stats,
3286 "# received encrypted without any KX",
3289 if (NULL != t->kx_task)
3291 GNUNET_SCHEDULER_cancel (t->kx_task);
3298 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
3299 /* We send KX, and other peer send KX to us at the same time.
3300 Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3301 GNUNET_STATISTICS_update (stats,
3302 "# received encrypted without KX_AUTH",
3305 if (NULL != t->kx_task)
3307 GNUNET_SCHEDULER_cancel (t->kx_task);
3315 case CADET_TUNNEL_KEY_AX_SENT:
3316 /* We did not get the KX of the other peer, but that
3317 might have been lost. Send our KX again immediately. */
3318 GNUNET_STATISTICS_update (stats,
3319 "# received encrypted without KX",
3322 if (NULL != t->kx_task)
3324 GNUNET_SCHEDULER_cancel (t->kx_task);
3331 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
3332 /* Great, first payload, we might graduate to OK! */
3333 case CADET_TUNNEL_KEY_OK:
3334 /* We are up and running, all good. */
3338 decrypted_size = -1;
3339 if (CADET_TUNNEL_KEY_OK == t->estate)
3341 /* We have well-established key material available,
3342 try that. (This is the common case.) */
3343 decrypted_size = t_ax_decrypt_and_validate (&t->ax,
3349 if ( (-1 == decrypted_size) &&
3350 (NULL != t->unverified_ax) )
3352 /* We have un-authenticated KX material available. We should try
3353 this as a back-up option, in case the sender crashed and
3355 decrypted_size = t_ax_decrypt_and_validate (t->unverified_ax,
3359 if (-1 != decrypted_size)
3361 /* It worked! Treat this as authentication of the AX data! */
3362 cleanup_ax (&t->ax);
3363 t->ax = *t->unverified_ax;
3364 GNUNET_free (t->unverified_ax);
3365 t->unverified_ax = NULL;
3367 if (CADET_TUNNEL_KEY_AX_AUTH_SENT == t->estate)
3369 /* First time it worked, move tunnel into production! */
3370 GCT_change_estate (t,
3371 CADET_TUNNEL_KEY_OK);
3372 if (NULL != t->send_task)
3373 GNUNET_SCHEDULER_cancel (t->send_task);
3374 t->send_task = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
3378 if (NULL != t->unverified_ax)
3380 /* We had unverified KX material that was useless; so increment
3381 counter and eventually move to ignore it. Note that we even do
3382 this increment if we successfully decrypted with the old KX
3383 material and thus didn't even both with the new one. This is
3384 the ideal case, as a malicious injection of bogus KX data
3385 basically only causes us to increment a counter a few times. */
3386 t->unverified_attempts++;
3387 LOG (GNUNET_ERROR_TYPE_DEBUG,
3388 "Failed to decrypt message with unverified KX data %u times\n",
3389 t->unverified_attempts);
3390 if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS)
3392 cleanup_ax (t->unverified_ax);
3393 GNUNET_free (t->unverified_ax);
3394 t->unverified_ax = NULL;
3398 if (-1 == decrypted_size)
3400 /* Decryption failed for good, complain. */
3401 LOG (GNUNET_ERROR_TYPE_WARNING,
3402 "%s failed to decrypt and validate encrypted data, retrying KX\n",
3404 GNUNET_STATISTICS_update (stats,
3405 "# unable to decrypt",
3408 if (NULL != t->kx_task)
3410 GNUNET_SCHEDULER_cancel (t->kx_task);
3418 GNUNET_STATISTICS_update (stats,
3419 "# decrypted bytes",
3423 /* The MST will ultimately call #handle_decrypted() on each message. */
3425 GNUNET_break_op (GNUNET_OK ==
3426 GNUNET_MST_from_buffer (t->mst,
3431 t->current_ct = NULL;
3436 * Sends an already built message on a tunnel, encrypting it and
3437 * choosing the best connection if not provided.
3439 * @param message Message to send. Function modifies it.
3440 * @param t Tunnel on which this message is transmitted.
3441 * @param cont Continuation to call once message is really sent.
3442 * @param cont_cls Closure for @c cont.
3443 * @return Handle to cancel message
3445 struct CadetTunnelQueueEntry *
3446 GCT_send (struct CadetTunnel *t,
3447 const struct GNUNET_MessageHeader *message,
3448 GCT_SendContinuation cont,
3451 struct CadetTunnelQueueEntry *tq;
3452 uint16_t payload_size;
3453 struct GNUNET_MQ_Envelope *env;
3454 struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
3456 if (CADET_TUNNEL_KEY_OK != t->estate)
3461 payload_size = ntohs (message->size);
3462 LOG (GNUNET_ERROR_TYPE_DEBUG,
3463 "Encrypting %u bytes for %s\n",
3464 (unsigned int) payload_size,
3466 env = GNUNET_MQ_msg_extra (ax_msg,
3468 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED);
3469 t_ax_encrypt (&t->ax,
3473 GNUNET_STATISTICS_update (stats,
3474 "# encrypted bytes",
3477 ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
3478 ax_msg->ax_header.PNs = htonl (t->ax.PNs);
3479 /* FIXME: we should do this once, not once per message;
3480 this is a point multiplication, and DHRs does not
3481 change all the time. */
3482 GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs,
3483 &ax_msg->ax_header.DHRs);
3484 t_h_encrypt (&t->ax,
3486 t_hmac (&ax_msg->ax_header,
3487 sizeof (struct GNUNET_CADET_AxHeader) + payload_size,
3492 tq = GNUNET_malloc (sizeof (*tq));
3495 tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */
3497 tq->cont_cls = cont_cls;
3498 GNUNET_CONTAINER_DLL_insert_tail (t->tq_head,
3501 if (NULL != t->send_task)
3502 GNUNET_SCHEDULER_cancel (t->send_task);
3504 = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
3511 * Cancel a previously sent message while it's in the queue.
3513 * ONLY can be called before the continuation given to the send
3514 * function is called. Once the continuation is called, the message is
3515 * no longer in the queue!
3517 * @param tq Handle to the queue entry to cancel.
3520 GCT_send_cancel (struct CadetTunnelQueueEntry *tq)
3522 struct CadetTunnel *t = tq->t;
3524 GNUNET_CONTAINER_DLL_remove (t->tq_head,
3527 GNUNET_MQ_discard (tq->env);
3533 * Iterate over all connections of a tunnel.
3535 * @param t Tunnel whose connections to iterate.
3536 * @param iter Iterator.
3537 * @param iter_cls Closure for @c iter.
3540 GCT_iterate_connections (struct CadetTunnel *t,
3541 GCT_ConnectionIterator iter,
3544 struct CadetTConnection *n;
3545 for (struct CadetTConnection *ct = t->connection_ready_head;
3553 for (struct CadetTConnection *ct = t->connection_busy_head;
3565 * Closure for #iterate_channels_cb.
3572 GCT_ChannelIterator iter;
3575 * Closure for @e iter.
3582 * Helper function for #GCT_iterate_channels.
3584 * @param cls the `struct ChanIterCls`
3586 * @param value a `struct CadetChannel`
3587 * @return #GNUNET_OK
3590 iterate_channels_cb (void *cls,
3594 struct ChanIterCls *ctx = cls;
3595 struct CadetChannel *ch = value;
3597 ctx->iter (ctx->iter_cls,
3604 * Iterate over all channels of a tunnel.
3606 * @param t Tunnel whose channels to iterate.
3607 * @param iter Iterator.
3608 * @param iter_cls Closure for @c iter.
3611 GCT_iterate_channels (struct CadetTunnel *t,
3612 GCT_ChannelIterator iter,
3615 struct ChanIterCls ctx;
3618 ctx.iter_cls = iter_cls;
3619 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
3620 &iterate_channels_cb,
3627 * Call #GCCH_debug() on a channel.
3629 * @param cls points to the log level to use
3631 * @param value the `struct CadetChannel` to dump
3632 * @return #GNUNET_OK (continue iteration)
3635 debug_channel (void *cls,
3639 const enum GNUNET_ErrorType *level = cls;
3640 struct CadetChannel *ch = value;
3642 GCCH_debug (ch, *level);
3647 #define LOG2(level, ...) GNUNET_log_from_nocheck(level,"cadet-tun",__VA_ARGS__)
3651 * Log all possible info about the tunnel state.
3653 * @param t Tunnel to debug.
3654 * @param level Debug level to use.
3657 GCT_debug (const struct CadetTunnel *t,
3658 enum GNUNET_ErrorType level)
3660 #if !defined(GNUNET_CULL_LOGGING)
3661 struct CadetTConnection *iter_c;
3664 do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK),
3666 __FILE__, __FUNCTION__, __LINE__);
3671 "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n",
3673 estate2s (t->estate),
3675 GCT_count_any_connections (t));
3678 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
3682 "TTT connections:\n");
3683 for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next)
3684 GCC_debug (iter_c->cc,
3686 for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next)
3687 GCC_debug (iter_c->cc,
3691 "TTT TUNNEL END\n");
3696 /* end of gnunet-service-cadet_tunnels.c */