2 This file is part of GNUnet.
3 Copyright (C) 2013, 2017, 2018 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * @file cadet/gnunet-service-cadet_tunnels.c
20 * @brief Information we track per tunnel.
21 * @author Bartlomiej Polot
22 * @author Christian Grothoff
25 * - proper connection evaluation during connection management:
26 * + consider quality (or quality spread?) of current connection set
27 * when deciding how often to do maintenance
28 * + interact with PEER to drive DHT GET/PUT operations based
29 * on how much we like our connections
32 #include "gnunet_util_lib.h"
33 #include "gnunet_statistics_service.h"
34 #include "gnunet_signatures.h"
35 #include "cadet_protocol.h"
36 #include "gnunet-service-cadet_channel.h"
37 #include "gnunet-service-cadet_connection.h"
38 #include "gnunet-service-cadet_tunnels.h"
39 #include "gnunet-service-cadet_peer.h"
40 #include "gnunet-service-cadet_paths.h"
43 #define LOG(level, ...) GNUNET_log_from(level,"cadet-tun",__VA_ARGS__)
46 * How often do we try to decrypt payload with unverified key
47 * material? Used to limit CPU increase upon receiving bogus
50 #define MAX_UNVERIFIED_ATTEMPTS 16
53 * How long do we wait until tearing down an idle tunnel?
55 #define IDLE_DESTROY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 90)
58 * How long do we wait initially before retransmitting the KX?
59 * TODO: replace by 2 RTT if/once we have connection-level RTT data!
61 #define INITIAL_KX_RETRY_DELAY GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MILLISECONDS, 250)
64 * Maximum number of skipped keys we keep in memory per tunnel.
66 #define MAX_SKIPPED_KEYS 64
69 * Maximum number of keys (and thus ratchet steps) we are willing to
70 * skip before we decide this is either a bogus packet or a DoS-attempt.
72 #define MAX_KEY_GAP 256
76 * Struct to old keys for skipped messages while advancing the Axolotl ratchet.
78 struct CadetTunnelSkippedKey
83 struct CadetTunnelSkippedKey *next;
88 struct CadetTunnelSkippedKey *prev;
91 * When was this key stored (for timeout).
93 struct GNUNET_TIME_Absolute timestamp;
98 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
103 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
106 * Key number for a given HK.
113 * Axolotl data, according to https://github.com/trevp/axolotl/wiki .
115 struct CadetTunnelAxolotl
118 * A (double linked) list of stored message keys and associated header keys
119 * for "skipped" messages, i.e. messages that have not been
120 * received despite the reception of more recent messages, (head).
122 struct CadetTunnelSkippedKey *skipped_head;
125 * Skipped messages' keys DLL, tail.
127 struct CadetTunnelSkippedKey *skipped_tail;
130 * 32-byte root key which gets updated by DH ratchet.
132 struct GNUNET_CRYPTO_SymmetricSessionKey RK;
135 * 32-byte header key (currently used for sending).
137 struct GNUNET_CRYPTO_SymmetricSessionKey HKs;
140 * 32-byte header key (currently used for receiving)
142 struct GNUNET_CRYPTO_SymmetricSessionKey HKr;
145 * 32-byte next header key (for sending), used once the
146 * ratchet advances. We are sure that the sender has this
147 * key as well only after @e ratchet_allowed is #GNUNET_YES.
149 struct GNUNET_CRYPTO_SymmetricSessionKey NHKs;
152 * 32-byte next header key (for receiving). To be tried
153 * when decrypting with @e HKr fails and thus the sender
154 * may have advanced the ratchet.
156 struct GNUNET_CRYPTO_SymmetricSessionKey NHKr;
159 * 32-byte chain keys (used for forward-secrecy) for
160 * sending messages. Updated for every message.
162 struct GNUNET_CRYPTO_SymmetricSessionKey CKs;
165 * 32-byte chain keys (used for forward-secrecy) for
166 * receiving messages. Updated for every message. If
167 * messages are skipped, the respective derived MKs
168 * (and the current @HKr) are kept in the @e skipped_head DLL.
170 struct GNUNET_CRYPTO_SymmetricSessionKey CKr;
173 * ECDH for key exchange (A0 / B0).
175 struct GNUNET_CRYPTO_EcdhePrivateKey kx_0;
178 * ECDH Ratchet key (our private key in the current DH).
180 struct GNUNET_CRYPTO_EcdhePrivateKey DHRs;
183 * ECDH Ratchet key (other peer's public key in the current DH).
185 struct GNUNET_CRYPTO_EcdhePublicKey DHRr;
188 * Last ephemeral public key received from the other peer,
189 * for duplicate detection.
191 struct GNUNET_CRYPTO_EcdhePublicKey last_ephemeral;
194 * Time when the current ratchet expires and a new one is triggered
195 * (if @e ratchet_allowed is #GNUNET_YES).
197 struct GNUNET_TIME_Absolute ratchet_expiration;
200 * Number of elements in @a skipped_head <-> @a skipped_tail.
202 unsigned int skipped;
205 * Message number (reset to 0 with each new ratchet, next message to send).
210 * Message number (reset to 0 with each new ratchet, next message to recv).
215 * Previous message numbers (# of msgs sent under prev ratchet)
220 * True (#GNUNET_YES) if we have to send a new ratchet key in next msg.
225 * True (#GNUNET_YES) if we have received a message from the
226 * other peer that uses the keys from our last ratchet step.
227 * This implies that we are again allowed to advance the ratchet,
228 * otherwise we have to wait until the other peer sees our current
229 * ephemeral key and advances first.
231 * #GNUNET_NO if we have advanced the ratched but lack any evidence
232 * that the other peer has noticed this.
237 * Number of messages recieved since our last ratchet advance.
239 * If this counter = 0, we cannot send a new ratchet key in the next
242 * If this counter > 0, we could (but don't have to) send a new key.
244 * Once the @e ratchet_counter is larger than
245 * #ratchet_messages (or @e ratchet_expiration time has past), and
246 * @e ratchet_allowed is #GNUNET_YES, we advance the ratchet.
248 unsigned int ratchet_counter;
254 * Struct used to save messages in a non-ready tunnel to send once connected.
256 struct CadetTunnelQueueEntry
259 * We are entries in a DLL
261 struct CadetTunnelQueueEntry *next;
264 * We are entries in a DLL
266 struct CadetTunnelQueueEntry *prev;
269 * Tunnel these messages belong in.
271 struct CadetTunnel *t;
274 * Continuation to call once sent (on the channel layer).
276 GCT_SendContinuation cont;
279 * Closure for @c cont.
284 * Envelope of message to send follows.
286 struct GNUNET_MQ_Envelope *env;
289 * Where to put the connection identifier into the payload
290 * of the message in @e env once we have it?
292 struct GNUNET_CADET_ConnectionTunnelIdentifier *cid;
297 * Struct containing all information regarding a tunnel to a peer.
302 * Destination of the tunnel.
304 struct CadetPeer *destination;
307 * Peer's ephemeral key, to recreate @c e_key and @c d_key when own
308 * ephemeral key changes.
310 struct GNUNET_CRYPTO_EcdhePublicKey peers_ephemeral_key;
313 * Encryption ("our") key. It is only "confirmed" if kx_ctx is NULL.
315 struct GNUNET_CRYPTO_SymmetricSessionKey e_key;
318 * Decryption ("their") key. It is only "confirmed" if kx_ctx is NULL.
320 struct GNUNET_CRYPTO_SymmetricSessionKey d_key;
325 struct CadetTunnelAxolotl ax;
328 * Unverified Axolotl info, used only if we got a fresh KX (not a
329 * KX_AUTH) while our end of the tunnel was still up. In this case,
330 * we keep the fresh KX around but do not put it into action until
331 * we got encrypted payload that assures us of the authenticity of
334 struct CadetTunnelAxolotl *unverified_ax;
337 * Task scheduled if there are no more channels using the tunnel.
339 struct GNUNET_SCHEDULER_Task *destroy_task;
342 * Task to trim connections if too many are present.
344 struct GNUNET_SCHEDULER_Task *maintain_connections_task;
347 * Task to send messages from queue (if possible).
349 struct GNUNET_SCHEDULER_Task *send_task;
352 * Task to trigger KX.
354 struct GNUNET_SCHEDULER_Task *kx_task;
357 * Tokenizer for decrypted messages.
359 struct GNUNET_MessageStreamTokenizer *mst;
362 * Dispatcher for decrypted messages only (do NOT use for sending!).
364 struct GNUNET_MQ_Handle *mq;
367 * DLL of ready connections that are actively used to reach the destination peer.
369 struct CadetTConnection *connection_ready_head;
372 * DLL of ready connections that are actively used to reach the destination peer.
374 struct CadetTConnection *connection_ready_tail;
377 * DLL of connections that we maintain that might be used to reach the destination peer.
379 struct CadetTConnection *connection_busy_head;
382 * DLL of connections that we maintain that might be used to reach the destination peer.
384 struct CadetTConnection *connection_busy_tail;
387 * Channels inside this tunnel. Maps
388 * `struct GNUNET_CADET_ChannelTunnelNumber` to a `struct CadetChannel`.
390 struct GNUNET_CONTAINER_MultiHashMap32 *channels;
393 * Channel ID for the next created channel in this tunnel.
395 struct GNUNET_CADET_ChannelTunnelNumber next_ctn;
398 * Queued messages, to transmit once tunnel gets connected.
400 struct CadetTunnelQueueEntry *tq_head;
403 * Queued messages, to transmit once tunnel gets connected.
405 struct CadetTunnelQueueEntry *tq_tail;
408 * Identification of the connection from which we are currently processing
409 * a message. Only valid (non-NULL) during #handle_decrypted() and the
410 * handle-*()-functions called from our @e mq during that function.
412 struct CadetTConnection *current_ct;
415 * How long do we wait until we retry the KX?
417 struct GNUNET_TIME_Relative kx_retry_delay;
420 * When do we try the next KX?
422 struct GNUNET_TIME_Absolute next_kx_attempt;
425 * Number of connections in the @e connection_ready_head DLL.
427 unsigned int num_ready_connections;
430 * Number of connections in the @e connection_busy_head DLL.
432 unsigned int num_busy_connections;
435 * How often have we tried and failed to decrypt a message using
436 * the unverified KX material from @e unverified_ax? Used to
437 * stop trying after #MAX_UNVERIFIED_ATTEMPTS.
439 unsigned int unverified_attempts;
442 * Number of entries in the @e tq_head DLL.
447 * State of the tunnel encryption.
449 enum CadetTunnelEState estate;
452 * Force triggering KX_AUTH independent of @e estate.
454 int kx_auth_requested;
460 * Am I Alice or Betty (some call her Bob), or talking to myself?
462 * @param other the other peer
463 * @return #GNUNET_YES for Alice, #GNUNET_NO for Betty, #GNUNET_SYSERR if talking to myself
466 alice_or_betty (const struct GNUNET_PeerIdentity *other)
468 if (0 > GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
471 else if (0 < GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
477 return GNUNET_SYSERR;
483 * Connection @a ct is now unready, clear it's ready flag
484 * and move it from the ready DLL to the busy DLL.
486 * @param ct connection to move to unready status
489 mark_connection_unready (struct CadetTConnection *ct)
491 struct CadetTunnel *t = ct->t;
493 GNUNET_assert (GNUNET_YES == ct->is_ready);
494 GNUNET_CONTAINER_DLL_remove (t->connection_ready_head,
495 t->connection_ready_tail,
497 GNUNET_assert (0 < t->num_ready_connections);
498 t->num_ready_connections--;
499 ct->is_ready = GNUNET_NO;
500 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
501 t->connection_busy_tail,
503 t->num_busy_connections++;
508 * Get the static string for the peer this tunnel is directed.
512 * @return Static string the destination peer's ID.
515 GCT_2s (const struct CadetTunnel *t)
520 return "Tunnel(NULL)";
521 GNUNET_snprintf (buf,
524 GNUNET_i2s (GCP_get_id (t->destination)));
530 * Get string description for tunnel encryption state.
532 * @param es Tunnel state.
534 * @return String representation.
537 estate2s (enum CadetTunnelEState es)
543 case CADET_TUNNEL_KEY_UNINITIALIZED:
544 return "CADET_TUNNEL_KEY_UNINITIALIZED";
545 case CADET_TUNNEL_KEY_AX_RECV:
546 return "CADET_TUNNEL_KEY_AX_RECV";
547 case CADET_TUNNEL_KEY_AX_SENT:
548 return "CADET_TUNNEL_KEY_AX_SENT";
549 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
550 return "CADET_TUNNEL_KEY_AX_SENT_AND_RECV";
551 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
552 return "CADET_TUNNEL_KEY_AX_AUTH_SENT";
553 case CADET_TUNNEL_KEY_OK:
554 return "CADET_TUNNEL_KEY_OK";
556 GNUNET_snprintf (buf,
558 "%u (UNKNOWN STATE)",
566 * Return the peer to which this tunnel goes.
569 * @return the destination of the tunnel
572 GCT_get_destination (struct CadetTunnel *t)
574 return t->destination;
579 * Count channels of a tunnel.
581 * @param t Tunnel on which to count.
583 * @return Number of channels.
586 GCT_count_channels (struct CadetTunnel *t)
588 return GNUNET_CONTAINER_multihashmap32_size (t->channels);
593 * Lookup a channel by its @a ctn.
595 * @param t tunnel to look in
596 * @param ctn number of channel to find
597 * @return NULL if channel does not exist
599 struct CadetChannel *
600 lookup_channel (struct CadetTunnel *t,
601 struct GNUNET_CADET_ChannelTunnelNumber ctn)
603 return GNUNET_CONTAINER_multihashmap32_get (t->channels,
609 * Count all created connections of a tunnel. Not necessarily ready connections!
611 * @param t Tunnel on which to count.
613 * @return Number of connections created, either being established or ready.
616 GCT_count_any_connections (const struct CadetTunnel *t)
618 return t->num_ready_connections + t->num_busy_connections;
623 * Find first connection that is ready in the list of
624 * our connections. Picks ready connections round-robin.
626 * @param t tunnel to search
627 * @return NULL if we have no connection that is ready
629 static struct CadetTConnection *
630 get_ready_connection (struct CadetTunnel *t)
632 struct CadetTConnection *hd = t->connection_ready_head;
634 GNUNET_assert ( (NULL == hd) ||
635 (GNUNET_YES == hd->is_ready) );
641 * Get the encryption state of a tunnel.
645 * @return Tunnel's encryption state.
647 enum CadetTunnelEState
648 GCT_get_estate (struct CadetTunnel *t)
655 * Called when either we have a new connection, or a new message in the
656 * queue, or some existing connection has transmission capacity. Looks
657 * at our message queue and if there is a message, picks a connection
660 * @param cls the `struct CadetTunnel` to process messages on
663 trigger_transmissions (void *cls);
666 /* ************************************** start core crypto ***************************** */
670 * Create a new Axolotl ephemeral (ratchet) key.
672 * @param ax key material to update
675 new_ephemeral (struct CadetTunnelAxolotl *ax)
677 LOG (GNUNET_ERROR_TYPE_DEBUG,
678 "Creating new ephemeral ratchet key (DHRs)\n");
679 GNUNET_assert (GNUNET_OK ==
680 GNUNET_CRYPTO_ecdhe_key_create2 (&ax->DHRs));
687 * @param plaintext Content to HMAC.
688 * @param size Size of @c plaintext.
689 * @param iv Initialization vector for the message.
690 * @param key Key to use.
691 * @param hmac[out] Destination to store the HMAC.
694 t_hmac (const void *plaintext,
697 const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
698 struct GNUNET_ShortHashCode *hmac)
700 static const char ctx[] = "cadet authentication key";
701 struct GNUNET_CRYPTO_AuthKey auth_key;
702 struct GNUNET_HashCode hash;
704 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
710 /* Two step: GNUNET_ShortHash is only 256 bits,
711 GNUNET_HashCode is 512, so we truncate. */
712 GNUNET_CRYPTO_hmac (&auth_key,
725 * @param key Key to use.
726 * @param[out] hash Resulting HMAC.
727 * @param source Source key material (data to HMAC).
728 * @param len Length of @a source.
731 t_ax_hmac_hash (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
732 struct GNUNET_HashCode *hash,
736 static const char ctx[] = "axolotl HMAC-HASH";
737 struct GNUNET_CRYPTO_AuthKey auth_key;
739 GNUNET_CRYPTO_hmac_derive_key (&auth_key,
743 GNUNET_CRYPTO_hmac (&auth_key,
751 * Derive a symmetric encryption key from an HMAC-HASH.
753 * @param key Key to use for the HMAC.
754 * @param[out] out Key to generate.
755 * @param source Source key material (data to HMAC).
756 * @param len Length of @a source.
759 t_hmac_derive_key (const struct GNUNET_CRYPTO_SymmetricSessionKey *key,
760 struct GNUNET_CRYPTO_SymmetricSessionKey *out,
764 static const char ctx[] = "axolotl derive key";
765 struct GNUNET_HashCode h;
771 GNUNET_CRYPTO_kdf (out, sizeof (*out),
779 * Encrypt data with the axolotl tunnel key.
781 * @param ax key material to use.
782 * @param dst Destination with @a size bytes for the encrypted data.
783 * @param src Source of the plaintext. Can overlap with @c dst, must contain @a size bytes
784 * @param size Size of the buffers at @a src and @a dst
787 t_ax_encrypt (struct CadetTunnelAxolotl *ax,
792 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
793 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
796 ax->ratchet_counter++;
797 if ( (GNUNET_YES == ax->ratchet_allowed) &&
798 ( (ratchet_messages <= ax->ratchet_counter) ||
799 (0 == GNUNET_TIME_absolute_get_remaining (ax->ratchet_expiration).rel_value_us)) )
801 ax->ratchet_flag = GNUNET_YES;
803 if (GNUNET_YES == ax->ratchet_flag)
805 /* Advance ratchet */
806 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3];
807 struct GNUNET_HashCode dh;
808 struct GNUNET_HashCode hmac;
809 static const char ctx[] = "axolotl ratchet";
814 /* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
815 GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
818 t_ax_hmac_hash (&ax->RK,
822 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
824 &hmac, sizeof (hmac),
832 ax->ratchet_flag = GNUNET_NO;
833 ax->ratchet_allowed = GNUNET_NO;
834 ax->ratchet_counter = 0;
835 ax->ratchet_expiration
836 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(),
840 t_hmac_derive_key (&ax->CKs,
844 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
849 out_size = GNUNET_CRYPTO_symmetric_encrypt (src,
854 GNUNET_assert (size == out_size);
855 t_hmac_derive_key (&ax->CKs,
863 * Decrypt data with the axolotl tunnel key.
865 * @param ax key material to use.
866 * @param dst Destination for the decrypted data, must contain @a size bytes.
867 * @param src Source of the ciphertext. Can overlap with @c dst, must contain @a size bytes.
868 * @param size Size of the @a src and @a dst buffers
871 t_ax_decrypt (struct CadetTunnelAxolotl *ax,
876 struct GNUNET_CRYPTO_SymmetricSessionKey MK;
877 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
880 t_hmac_derive_key (&ax->CKr,
884 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
888 GNUNET_assert (size >= sizeof (struct GNUNET_MessageHeader));
889 out_size = GNUNET_CRYPTO_symmetric_decrypt (src,
894 GNUNET_assert (out_size == size);
895 t_hmac_derive_key (&ax->CKr,
903 * Encrypt header with the axolotl header key.
905 * @param ax key material to use.
906 * @param[in|out] msg Message whose header to encrypt.
909 t_h_encrypt (struct CadetTunnelAxolotl *ax,
910 struct GNUNET_CADET_TunnelEncryptedMessage *msg)
912 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
915 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
919 out_size = GNUNET_CRYPTO_symmetric_encrypt (&msg->ax_header,
920 sizeof (struct GNUNET_CADET_AxHeader),
924 GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
929 * Decrypt header with the current axolotl header key.
931 * @param ax key material to use.
932 * @param src Message whose header to decrypt.
933 * @param dst Where to decrypt header to.
936 t_h_decrypt (struct CadetTunnelAxolotl *ax,
937 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
938 struct GNUNET_CADET_TunnelEncryptedMessage *dst)
940 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
943 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
947 out_size = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
948 sizeof (struct GNUNET_CADET_AxHeader),
952 GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == out_size);
957 * Delete a key from the list of skipped keys.
959 * @param ax key material to delete @a key from.
960 * @param key Key to delete.
963 delete_skipped_key (struct CadetTunnelAxolotl *ax,
964 struct CadetTunnelSkippedKey *key)
966 GNUNET_CONTAINER_DLL_remove (ax->skipped_head,
975 * Decrypt and verify data with the appropriate tunnel key and verify that the
976 * data has not been altered since it was sent by the remote peer.
978 * @param ax key material to use.
979 * @param dst Destination for the plaintext.
980 * @param src Source of the message. Can overlap with @c dst.
981 * @param size Size of the message.
982 * @return Size of the decrypted data, -1 if an error was encountered.
985 try_old_ax_keys (struct CadetTunnelAxolotl *ax,
987 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
990 struct CadetTunnelSkippedKey *key;
991 struct GNUNET_ShortHashCode *hmac;
992 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
993 struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
994 struct GNUNET_CRYPTO_SymmetricSessionKey *valid_HK;
1000 LOG (GNUNET_ERROR_TYPE_DEBUG,
1001 "Trying skipped keys\n");
1002 hmac = &plaintext_header.hmac;
1003 esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1005 /* Find a correct Header Key */
1007 for (key = ax->skipped_head; NULL != key; key = key->next)
1009 t_hmac (&src->ax_header,
1010 sizeof (struct GNUNET_CADET_AxHeader) + esize,
1014 if (0 == memcmp (hmac,
1018 valid_HK = &key->HK;
1025 /* Should've been checked in -cadet_connection.c handle_cadet_encrypted. */
1026 GNUNET_assert (size > sizeof (struct GNUNET_CADET_TunnelEncryptedMessage));
1027 len = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1028 GNUNET_assert (len >= sizeof (struct GNUNET_MessageHeader));
1030 /* Decrypt header */
1031 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
1035 res = GNUNET_CRYPTO_symmetric_decrypt (&src->ax_header.Ns,
1036 sizeof (struct GNUNET_CADET_AxHeader),
1039 &plaintext_header.ax_header.Ns);
1040 GNUNET_assert (sizeof (struct GNUNET_CADET_AxHeader) == res);
1042 /* Find the correct message key */
1043 N = ntohl (plaintext_header.ax_header.Ns);
1044 while ( (NULL != key) &&
1047 if ( (NULL == key) ||
1048 (0 != memcmp (&key->HK,
1050 sizeof (*valid_HK))) )
1053 /* Decrypt payload */
1054 GNUNET_CRYPTO_symmetric_derive_iv (&iv,
1059 res = GNUNET_CRYPTO_symmetric_decrypt (&src[1],
1064 delete_skipped_key (ax,
1071 * Delete a key from the list of skipped keys.
1073 * @param ax key material to delete from.
1074 * @param HKr Header Key to use.
1077 store_skipped_key (struct CadetTunnelAxolotl *ax,
1078 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr)
1080 struct CadetTunnelSkippedKey *key;
1082 key = GNUNET_new (struct CadetTunnelSkippedKey);
1083 key->timestamp = GNUNET_TIME_absolute_get ();
1086 t_hmac_derive_key (&ax->CKr,
1090 t_hmac_derive_key (&ax->CKr,
1094 GNUNET_CONTAINER_DLL_insert (ax->skipped_head,
1103 * Stage skipped AX keys and calculate the message key.
1104 * Stores each HK and MK for skipped messages.
1106 * @param ax key material to use
1107 * @param HKr Header key.
1108 * @param Np Received meesage number.
1109 * @return #GNUNET_OK if keys were stored.
1110 * #GNUNET_SYSERR if an error ocurred (@a Np not expected).
1113 store_ax_keys (struct CadetTunnelAxolotl *ax,
1114 const struct GNUNET_CRYPTO_SymmetricSessionKey *HKr,
1120 LOG (GNUNET_ERROR_TYPE_DEBUG,
1121 "Storing skipped keys [%u, %u)\n",
1124 if (MAX_KEY_GAP < gap)
1126 /* Avoid DoS (forcing peer to do more than #MAX_KEY_GAP HMAC operations) */
1127 /* TODO: start new key exchange on return */
1128 GNUNET_break_op (0);
1129 LOG (GNUNET_ERROR_TYPE_WARNING,
1130 "Got message %u, expected %u+\n",
1133 return GNUNET_SYSERR;
1137 /* Delayed message: don't store keys, flag to try old keys. */
1138 return GNUNET_SYSERR;
1142 store_skipped_key (ax,
1145 while (ax->skipped > MAX_SKIPPED_KEYS)
1146 delete_skipped_key (ax,
1153 * Decrypt and verify data with the appropriate tunnel key and verify that the
1154 * data has not been altered since it was sent by the remote peer.
1156 * @param ax key material to use
1157 * @param dst Destination for the plaintext.
1158 * @param src Source of the message. Can overlap with @c dst.
1159 * @param size Size of the message.
1160 * @return Size of the decrypted data, -1 if an error was encountered.
1163 t_ax_decrypt_and_validate (struct CadetTunnelAxolotl *ax,
1165 const struct GNUNET_CADET_TunnelEncryptedMessage *src,
1168 struct GNUNET_ShortHashCode msg_hmac;
1169 struct GNUNET_HashCode hmac;
1170 struct GNUNET_CADET_TunnelEncryptedMessage plaintext_header;
1173 size_t esize; /* Size of encryped payload */
1175 esize = size - sizeof (struct GNUNET_CADET_TunnelEncryptedMessage);
1177 /* Try current HK */
1178 t_hmac (&src->ax_header,
1179 sizeof (struct GNUNET_CADET_AxHeader) + esize,
1182 if (0 != memcmp (&msg_hmac,
1186 static const char ctx[] = "axolotl ratchet";
1187 struct GNUNET_CRYPTO_SymmetricSessionKey keys[3]; /* RKp, NHKp, CKp */
1188 struct GNUNET_CRYPTO_SymmetricSessionKey HK;
1189 struct GNUNET_HashCode dh;
1190 struct GNUNET_CRYPTO_EcdhePublicKey *DHRp;
1193 t_hmac (&src->ax_header,
1194 sizeof (struct GNUNET_CADET_AxHeader) + esize,
1198 if (0 != memcmp (&msg_hmac,
1202 /* Try the skipped keys, if that fails, we're out of luck. */
1203 return try_old_ax_keys (ax,
1213 Np = ntohl (plaintext_header.ax_header.Ns);
1214 PNp = ntohl (plaintext_header.ax_header.PNs);
1215 DHRp = &plaintext_header.ax_header.DHRs;
1220 /* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
1221 GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
1224 t_ax_hmac_hash (&ax->RK,
1227 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1229 &hmac, sizeof (hmac),
1232 /* Commit "purported" keys */
1238 ax->ratchet_allowed = GNUNET_YES;
1245 Np = ntohl (plaintext_header.ax_header.Ns);
1246 PNp = ntohl (plaintext_header.ax_header.PNs);
1248 if ( (Np != ax->Nr) &&
1249 (GNUNET_OK != store_ax_keys (ax,
1253 /* Try the skipped keys, if that fails, we're out of luck. */
1254 return try_old_ax_keys (ax,
1270 * Our tunnel became ready for the first time, notify channels
1271 * that have been waiting.
1273 * @param cls our tunnel, not used
1274 * @param key unique ID of the channel, not used
1275 * @param value the `struct CadetChannel` to notify
1276 * @return #GNUNET_OK (continue to iterate)
1279 notify_tunnel_up_cb (void *cls,
1283 struct CadetChannel *ch = value;
1285 GCCH_tunnel_up (ch);
1291 * Change the tunnel encryption state.
1292 * If the encryption state changes to OK, stop the rekey task.
1294 * @param t Tunnel whose encryption state to change, or NULL.
1295 * @param state New encryption state.
1298 GCT_change_estate (struct CadetTunnel *t,
1299 enum CadetTunnelEState state)
1301 enum CadetTunnelEState old = t->estate;
1304 LOG (GNUNET_ERROR_TYPE_DEBUG,
1305 "%s estate changed from %s to %s\n",
1310 if ( (CADET_TUNNEL_KEY_OK != old) &&
1311 (CADET_TUNNEL_KEY_OK == t->estate) )
1313 if (NULL != t->kx_task)
1315 GNUNET_SCHEDULER_cancel (t->kx_task);
1318 /* notify all channels that have been waiting */
1319 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
1320 ¬ify_tunnel_up_cb,
1322 if (NULL != t->send_task)
1323 GNUNET_SCHEDULER_cancel (t->send_task);
1324 t->send_task = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
1331 * Send a KX message.
1333 * @param t tunnel on which to send the KX_AUTH
1334 * @param ct Tunnel and connection on which to send the KX_AUTH, NULL if
1335 * we are to find one that is ready.
1336 * @param ax axolotl key context to use
1339 send_kx (struct CadetTunnel *t,
1340 struct CadetTConnection *ct,
1341 struct CadetTunnelAxolotl *ax)
1343 struct CadetConnection *cc;
1344 struct GNUNET_MQ_Envelope *env;
1345 struct GNUNET_CADET_TunnelKeyExchangeMessage *msg;
1346 enum GNUNET_CADET_KX_Flags flags;
1348 if (GNUNET_YES != alice_or_betty (GCP_get_id (t->destination)))
1349 return; /* only Alice may send KX */
1350 if ( (NULL == ct) ||
1351 (GNUNET_NO == ct->is_ready) )
1352 ct = get_ready_connection (t);
1355 LOG (GNUNET_ERROR_TYPE_DEBUG,
1356 "Wanted to send %s in state %s, but no connection is ready, deferring\n",
1358 estate2s (t->estate));
1359 t->next_kx_attempt = GNUNET_TIME_absolute_get ();
1363 env = GNUNET_MQ_msg (msg,
1364 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX);
1365 flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
1366 msg->flags = htonl (flags);
1367 msg->cid = *GCC_get_id (cc);
1368 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
1369 &msg->ephemeral_key);
1371 msg->ephemeral_key_XXX = ax->kx_0;
1372 msg->private_key_XXX = *my_private_key;
1374 LOG (GNUNET_ERROR_TYPE_DEBUG,
1375 "Sending KX message to %s with ephemeral %s on CID %s\n",
1377 GNUNET_e2s (&msg->ephemeral_key),
1378 GNUNET_sh2s (&msg->cid.connection_of_tunnel));
1379 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
1381 mark_connection_unready (ct);
1382 t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
1383 t->next_kx_attempt = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay);
1384 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1385 GCT_change_estate (t,
1386 CADET_TUNNEL_KEY_AX_SENT);
1387 else if (CADET_TUNNEL_KEY_AX_RECV == t->estate)
1388 GCT_change_estate (t,
1389 CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
1392 GNUNET_STATISTICS_update (stats,
1400 * Send a KX_AUTH message.
1402 * @param t tunnel on which to send the KX_AUTH
1403 * @param ct Tunnel and connection on which to send the KX_AUTH, NULL if
1404 * we are to find one that is ready.
1405 * @param ax axolotl key context to use
1406 * @param force_reply Force the other peer to reply with a KX_AUTH message
1407 * (set if we would like to transmit right now, but cannot)
1410 send_kx_auth (struct CadetTunnel *t,
1411 struct CadetTConnection *ct,
1412 struct CadetTunnelAxolotl *ax,
1415 struct CadetConnection *cc;
1416 struct GNUNET_MQ_Envelope *env;
1417 struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg;
1418 enum GNUNET_CADET_KX_Flags flags;
1420 if ( (NULL == ct) ||
1421 (GNUNET_NO == ct->is_ready) )
1422 ct = get_ready_connection (t);
1425 LOG (GNUNET_ERROR_TYPE_DEBUG,
1426 "Wanted to send KX_AUTH on %s, but no connection is ready, deferring\n",
1428 t->next_kx_attempt = GNUNET_TIME_absolute_get ();
1429 t->kx_auth_requested = GNUNET_YES; /* queue KX_AUTH independent of estate */
1432 t->kx_auth_requested = GNUNET_NO; /* clear flag */
1434 env = GNUNET_MQ_msg (msg,
1435 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_KX_AUTH);
1436 flags = GNUNET_CADET_KX_FLAG_NONE;
1437 if (GNUNET_YES == force_reply)
1438 flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY;
1439 msg->kx.flags = htonl (flags);
1440 msg->kx.cid = *GCC_get_id (cc);
1441 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
1442 &msg->kx.ephemeral_key);
1443 GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
1444 &msg->kx.ratchet_key);
1446 msg->kx.ephemeral_key_XXX = ax->kx_0;
1447 msg->kx.private_key_XXX = *my_private_key;
1448 msg->r_ephemeral_key_XXX = ax->last_ephemeral;
1450 LOG (GNUNET_ERROR_TYPE_DEBUG,
1451 "Sending KX_AUTH message to %s with ephemeral %s on CID %s\n",
1453 GNUNET_e2s (&msg->kx.ephemeral_key),
1454 GNUNET_sh2s (&msg->kx.cid.connection_of_tunnel));
1456 /* Compute authenticator (this is the main difference to #send_kx()) */
1457 GNUNET_CRYPTO_hash (&ax->RK,
1460 /* Compute when to be triggered again; actual job will
1461 be scheduled via #connection_ready_cb() */
1463 = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
1465 = GNUNET_TIME_relative_to_absolute (t->kx_retry_delay);
1467 /* Send via cc, mark it as unready */
1468 mark_connection_unready (ct);
1470 /* Update state machine, unless we are already OK */
1471 if (CADET_TUNNEL_KEY_OK != t->estate)
1472 GCT_change_estate (t,
1473 CADET_TUNNEL_KEY_AX_AUTH_SENT);
1476 GNUNET_STATISTICS_update (stats,
1477 "# KX_AUTH transmitted",
1484 * Cleanup state used by @a ax.
1486 * @param ax state to free, but not memory of @a ax itself
1489 cleanup_ax (struct CadetTunnelAxolotl *ax)
1491 while (NULL != ax->skipped_head)
1492 delete_skipped_key (ax,
1494 GNUNET_assert (0 == ax->skipped);
1495 GNUNET_CRYPTO_ecdhe_key_clear (&ax->kx_0);
1496 GNUNET_CRYPTO_ecdhe_key_clear (&ax->DHRs);
1501 * Update our Axolotl key state based on the KX data we received.
1502 * Computes the new chain keys, and root keys, etc, and also checks
1503 * wether this is a replay of the current chain.
1505 * @param[in|out] axolotl chain key state to recompute
1506 * @param pid peer identity of the other peer
1507 * @param ephemeral_key ephemeral public key of the other peer
1508 * @param ratchet_key senders next ephemeral public key
1509 * @return #GNUNET_OK on success, #GNUNET_NO if the resulting
1510 * root key is already in @a ax and thus the KX is useless;
1511 * #GNUNET_SYSERR on hard errors (i.e. @a pid is #my_full_id)
1514 update_ax_by_kx (struct CadetTunnelAxolotl *ax,
1515 const struct GNUNET_PeerIdentity *pid,
1516 const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral_key,
1517 const struct GNUNET_CRYPTO_EcdhePublicKey *ratchet_key)
1519 struct GNUNET_HashCode key_material[3];
1520 struct GNUNET_CRYPTO_SymmetricSessionKey keys[5];
1521 const char salt[] = "CADET Axolotl salt";
1524 if (GNUNET_SYSERR == (am_I_alice = alice_or_betty (pid)))
1526 GNUNET_break_op (0);
1527 return GNUNET_SYSERR;
1529 if (0 == memcmp (&ax->DHRr,
1531 sizeof (*ratchet_key)))
1533 GNUNET_STATISTICS_update (stats,
1534 "# Ratchet key already known",
1537 LOG (GNUNET_ERROR_TYPE_DEBUG,
1538 "Ratchet key already known. Ignoring KX.\n");
1542 ax->DHRr = *ratchet_key;
1543 ax->last_ephemeral = *ephemeral_key;
1545 if (GNUNET_YES == am_I_alice)
1547 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* a */
1548 ephemeral_key, /* B0 */
1553 GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* b0 */
1554 &pid->public_key, /* A */
1558 if (GNUNET_YES == am_I_alice)
1560 GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* a0 */
1561 &pid->public_key, /* B */
1566 GNUNET_CRYPTO_eddsa_ecdh (my_private_key, /* b */
1567 ephemeral_key, /* A0 */
1572 GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* a0 or b0 */
1573 ephemeral_key, /* B0 or A0 */
1576 GNUNET_CRYPTO_kdf (keys, sizeof (keys),
1577 salt, sizeof (salt),
1578 &key_material, sizeof (key_material),
1581 if (0 == memcmp (&ax->RK,
1585 LOG (GNUNET_ERROR_TYPE_DEBUG,
1586 "Root key already known. Ignoring KX.\n");
1587 GNUNET_STATISTICS_update (stats,
1588 "# Root key already known",
1595 if (GNUNET_YES == am_I_alice)
1601 ax->ratchet_flag = GNUNET_YES;
1609 ax->ratchet_flag = GNUNET_NO;
1610 ax->ratchet_expiration
1611 = GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get(),
1619 * Try to redo the KX or KX_AUTH handshake, if we can.
1621 * @param cls the `struct CadetTunnel` to do KX for.
1624 retry_kx (void *cls)
1626 struct CadetTunnel *t = cls;
1627 struct CadetTunnelAxolotl *ax;
1630 LOG (GNUNET_ERROR_TYPE_DEBUG,
1631 "Trying to make KX progress on %s in state %s\n",
1633 estate2s (t->estate));
1636 case CADET_TUNNEL_KEY_UNINITIALIZED: /* first attempt */
1637 case CADET_TUNNEL_KEY_AX_SENT: /* trying again */
1642 case CADET_TUNNEL_KEY_AX_RECV:
1643 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
1644 /* We are responding, so only require reply
1645 if WE have a channel waiting. */
1646 if (NULL != t->unverified_ax)
1648 /* Send AX_AUTH so we might get this one verified */
1649 ax = t->unverified_ax;
1653 /* How can this be? */
1660 (0 == GCT_count_channels (t))
1664 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
1665 /* We are responding, so only require reply
1666 if WE have a channel waiting. */
1667 if (NULL != t->unverified_ax)
1669 /* Send AX_AUTH so we might get this one verified */
1670 ax = t->unverified_ax;
1674 /* How can this be? */
1681 (0 == GCT_count_channels (t))
1685 case CADET_TUNNEL_KEY_OK:
1686 /* Must have been the *other* peer asking us to
1687 respond with a KX_AUTH. */
1688 if (NULL != t->unverified_ax)
1690 /* Sending AX_AUTH in response to AX so we might get this one verified */
1691 ax = t->unverified_ax;
1695 /* Sending AX_AUTH in response to AX_AUTH */
1708 * Handle KX message that lacks authentication (and which will thus
1709 * only be considered authenticated after we respond with our own
1710 * KX_AUTH and finally successfully decrypt payload).
1712 * @param ct connection/tunnel combo that received encrypted message
1713 * @param msg the key exchange message
1716 GCT_handle_kx (struct CadetTConnection *ct,
1717 const struct GNUNET_CADET_TunnelKeyExchangeMessage *msg)
1719 struct CadetTunnel *t = ct->t;
1722 GNUNET_STATISTICS_update (stats,
1727 alice_or_betty (GCP_get_id (t->destination)))
1729 /* Betty/Bob is not allowed to send KX! */
1730 GNUNET_break_op (0);
1733 LOG (GNUNET_ERROR_TYPE_DEBUG,
1734 "Received KX message from %s with ephemeral %s from %s on connection %s\n",
1736 GNUNET_e2s (&msg->ephemeral_key),
1737 GNUNET_i2s (GCP_get_id (t->destination)),
1741 memcmp (&t->ax.DHRr,
1743 sizeof (msg->ratchet_key))) &&
1745 memcmp (&t->ax.last_ephemeral,
1746 &msg->ephemeral_key,
1747 sizeof (msg->ephemeral_key))) )
1750 GNUNET_STATISTICS_update (stats,
1751 "# Duplicate KX received",
1761 /* We only keep ONE unverified KX around, so if there is an existing one,
1763 if (NULL != t->unverified_ax)
1766 memcmp (&t->unverified_ax->DHRr,
1768 sizeof (msg->ratchet_key))) &&
1770 memcmp (&t->unverified_ax->last_ephemeral,
1771 &msg->ephemeral_key,
1772 sizeof (msg->ephemeral_key))) )
1774 GNUNET_STATISTICS_update (stats,
1775 "# Duplicate unverified KX received",
1786 LOG (GNUNET_ERROR_TYPE_DEBUG,
1787 "Dropping old unverified KX state.\n");
1788 GNUNET_STATISTICS_update (stats,
1789 "# Unverified KX dropped for fresh KX",
1792 GNUNET_break (NULL == t->unverified_ax->skipped_head);
1793 memset (t->unverified_ax,
1795 sizeof (struct CadetTunnelAxolotl));
1799 LOG (GNUNET_ERROR_TYPE_DEBUG,
1800 "Creating fresh unverified KX for %s\n",
1802 GNUNET_STATISTICS_update (stats,
1806 t->unverified_ax = GNUNET_new (struct CadetTunnelAxolotl);
1808 /* Set as the 'current' RK/DHRr the one we are currently using,
1809 so that the duplicate-detection logic of
1810 #update_ax_by_kx can work. */
1811 t->unverified_ax->RK = t->ax.RK;
1812 t->unverified_ax->DHRr = t->ax.DHRr;
1813 t->unverified_ax->DHRs = t->ax.DHRs;
1814 t->unverified_ax->kx_0 = t->ax.kx_0;
1815 t->unverified_attempts = 0;
1817 /* Update 'ax' by the new key material */
1818 ret = update_ax_by_kx (t->unverified_ax,
1819 GCP_get_id (t->destination),
1820 &msg->ephemeral_key,
1822 GNUNET_break (GNUNET_SYSERR != ret);
1823 if (GNUNET_OK != ret)
1825 GNUNET_STATISTICS_update (stats,
1829 return; /* duplicate KX, nothing to do */
1831 /* move ahead in our state machine */
1832 if (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate)
1833 GCT_change_estate (t,
1834 CADET_TUNNEL_KEY_AX_RECV);
1835 else if (CADET_TUNNEL_KEY_AX_SENT == t->estate)
1836 GCT_change_estate (t,
1837 CADET_TUNNEL_KEY_AX_SENT_AND_RECV);
1839 /* KX is still not done, try again our end. */
1840 if (CADET_TUNNEL_KEY_OK != t->estate)
1842 if (NULL != t->kx_task)
1843 GNUNET_SCHEDULER_cancel (t->kx_task);
1845 = GNUNET_SCHEDULER_add_now (&retry_kx,
1853 check_ee (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1854 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2)
1856 struct GNUNET_CRYPTO_EcdhePublicKey p1;
1857 struct GNUNET_CRYPTO_EcdhePublicKey p2;
1858 struct GNUNET_HashCode hc1;
1859 struct GNUNET_HashCode hc2;
1861 GNUNET_CRYPTO_ecdhe_key_get_public (e1,
1863 GNUNET_CRYPTO_ecdhe_key_get_public (e2,
1865 GNUNET_assert (GNUNET_OK ==
1866 GNUNET_CRYPTO_ecc_ecdh (e1,
1869 GNUNET_assert (GNUNET_OK ==
1870 GNUNET_CRYPTO_ecc_ecdh (e2,
1873 GNUNET_break (0 == memcmp (&hc1,
1880 check_ed (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1881 const struct GNUNET_CRYPTO_EddsaPrivateKey *e2)
1883 struct GNUNET_CRYPTO_EcdhePublicKey p1;
1884 struct GNUNET_CRYPTO_EddsaPublicKey p2;
1885 struct GNUNET_HashCode hc1;
1886 struct GNUNET_HashCode hc2;
1888 GNUNET_CRYPTO_ecdhe_key_get_public (e1,
1890 GNUNET_CRYPTO_eddsa_key_get_public (e2,
1892 GNUNET_assert (GNUNET_OK ==
1893 GNUNET_CRYPTO_ecdh_eddsa (e1,
1896 GNUNET_assert (GNUNET_OK ==
1897 GNUNET_CRYPTO_eddsa_ecdh (e2,
1900 GNUNET_break (0 == memcmp (&hc1,
1907 test_crypto_bug (const struct GNUNET_CRYPTO_EcdhePrivateKey *e1,
1908 const struct GNUNET_CRYPTO_EcdhePrivateKey *e2,
1909 const struct GNUNET_CRYPTO_EddsaPrivateKey *d1,
1910 const struct GNUNET_CRYPTO_EddsaPrivateKey *d2)
1921 * Handle KX_AUTH message.
1923 * @param ct connection/tunnel combo that received encrypted message
1924 * @param msg the key exchange message
1927 GCT_handle_kx_auth (struct CadetTConnection *ct,
1928 const struct GNUNET_CADET_TunnelKeyExchangeAuthMessage *msg)
1930 struct CadetTunnel *t = ct->t;
1931 struct CadetTunnelAxolotl ax_tmp;
1932 struct GNUNET_HashCode kx_auth;
1935 GNUNET_STATISTICS_update (stats,
1936 "# KX_AUTH received",
1939 if ( (CADET_TUNNEL_KEY_UNINITIALIZED == t->estate) ||
1940 (CADET_TUNNEL_KEY_AX_RECV == t->estate) )
1942 /* Confusing, we got a KX_AUTH before we even send our own
1943 KX. This should not happen. We'll send our own KX ASAP anyway,
1944 so let's ignore this here. */
1945 GNUNET_break_op (0);
1948 LOG (GNUNET_ERROR_TYPE_DEBUG,
1949 "Handling KX_AUTH message from %s with ephemeral %s\n",
1951 GNUNET_e2s (&msg->kx.ephemeral_key));
1952 /* We do everything in ax_tmp until we've checked the authentication
1953 so we don't clobber anything we care about by accident. */
1956 /* Update 'ax' by the new key material */
1957 ret = update_ax_by_kx (&ax_tmp,
1958 GCP_get_id (t->destination),
1959 &msg->kx.ephemeral_key,
1960 &msg->kx.ratchet_key);
1961 if (GNUNET_OK != ret)
1963 if (GNUNET_NO == ret)
1964 GNUNET_STATISTICS_update (stats,
1965 "# redundant KX_AUTH received",
1969 GNUNET_break (0); /* connect to self!? */
1972 GNUNET_CRYPTO_hash (&ax_tmp.RK,
1975 if (0 != memcmp (&kx_auth,
1979 /* This KX_AUTH is not using the latest KX/KX_AUTH data
1980 we transmitted to the sender, refuse it, try KX again. */
1981 GNUNET_STATISTICS_update (stats,
1982 "# KX_AUTH not using our last KX received (auth failure)",
1985 LOG (GNUNET_ERROR_TYPE_WARNING,
1986 "KX AUTH mismatch!\n");
1989 struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
1991 GNUNET_CRYPTO_ecdhe_key_get_public (&ax_tmp.kx_0,
1993 if (0 != memcmp (&ephemeral_key,
1994 &msg->r_ephemeral_key_XXX,
1995 sizeof (ephemeral_key)))
1997 LOG (GNUNET_ERROR_TYPE_WARNING,
1998 "My ephemeral is %s!\n",
1999 GNUNET_e2s (&ephemeral_key));
2000 LOG (GNUNET_ERROR_TYPE_WARNING,
2001 "Response is for ephemeral %s!\n",
2002 GNUNET_e2s (&msg->r_ephemeral_key_XXX));
2006 test_crypto_bug (&ax_tmp.kx_0,
2007 &msg->kx.ephemeral_key_XXX,
2009 &msg->kx.private_key_XXX);
2013 if (NULL == t->kx_task)
2015 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2020 /* Yep, we're good. */
2022 if (NULL != t->unverified_ax)
2024 /* We got some "stale" KX before, drop that. */
2025 cleanup_ax (t->unverified_ax);
2026 GNUNET_free (t->unverified_ax);
2027 t->unverified_ax = NULL;
2030 /* move ahead in our state machine */
2033 case CADET_TUNNEL_KEY_UNINITIALIZED:
2034 case CADET_TUNNEL_KEY_AX_RECV:
2035 /* Checked above, this is impossible. */
2038 case CADET_TUNNEL_KEY_AX_SENT: /* This is the normal case */
2039 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV: /* both peers started KX */
2040 case CADET_TUNNEL_KEY_AX_AUTH_SENT: /* both peers now did KX_AUTH */
2041 GCT_change_estate (t,
2042 CADET_TUNNEL_KEY_OK);
2044 case CADET_TUNNEL_KEY_OK:
2045 /* Did not expect another KX_AUTH, but so what, still acceptable.
2046 Nothing to do here. */
2049 if (0 != (GNUNET_CADET_KX_FLAG_FORCE_REPLY & ntohl (msg->kx.flags)))
2060 /* ************************************** end core crypto ***************************** */
2064 * Compute the next free channel tunnel number for this tunnel.
2066 * @param t the tunnel
2067 * @return unused number that can uniquely identify a channel in the tunnel
2069 static struct GNUNET_CADET_ChannelTunnelNumber
2070 get_next_free_ctn (struct CadetTunnel *t)
2072 #define HIGH_BIT 0x8000000
2073 struct GNUNET_CADET_ChannelTunnelNumber ret;
2078 cmp = GNUNET_CRYPTO_cmp_peer_identity (&my_full_id,
2079 GCP_get_id (GCT_get_destination (t)));
2085 GNUNET_assert (0); // loopback must never go here!
2086 ctn = ntohl (t->next_ctn.cn);
2088 GNUNET_CONTAINER_multihashmap32_get (t->channels,
2091 ctn = ((ctn + 1) & (~ HIGH_BIT));
2093 t->next_ctn.cn = htonl ((ctn + 1) & (~ HIGH_BIT));
2094 ret.cn = htonl (ctn | highbit);
2100 * Add a channel to a tunnel, and notify channel that we are ready
2101 * for transmission if we are already up. Otherwise that notification
2102 * will be done later in #notify_tunnel_up_cb().
2106 * @return unique number identifying @a ch within @a t
2108 struct GNUNET_CADET_ChannelTunnelNumber
2109 GCT_add_channel (struct CadetTunnel *t,
2110 struct CadetChannel *ch)
2112 struct GNUNET_CADET_ChannelTunnelNumber ctn;
2114 ctn = get_next_free_ctn (t);
2115 if (NULL != t->destroy_task)
2117 GNUNET_SCHEDULER_cancel (t->destroy_task);
2118 t->destroy_task = NULL;
2120 GNUNET_assert (GNUNET_YES ==
2121 GNUNET_CONTAINER_multihashmap32_put (t->channels,
2124 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
2125 LOG (GNUNET_ERROR_TYPE_DEBUG,
2126 "Adding %s to %s\n",
2131 case CADET_TUNNEL_KEY_UNINITIALIZED:
2132 /* waiting for connection to start KX */
2134 case CADET_TUNNEL_KEY_AX_RECV:
2135 case CADET_TUNNEL_KEY_AX_SENT:
2136 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
2137 /* we're currently waiting for KX to complete */
2139 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
2140 /* waiting for OTHER peer to send us data,
2141 we might need to prompt more aggressively! */
2142 if (NULL == t->kx_task)
2144 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2148 case CADET_TUNNEL_KEY_OK:
2149 /* We are ready. Tell the new channel that we are up. */
2150 GCCH_tunnel_up (ch);
2158 * We lost a connection, remove it from our list and clean up
2159 * the connection object itself.
2161 * @param ct binding of connection to tunnel of the connection that was lost.
2164 GCT_connection_lost (struct CadetTConnection *ct)
2166 struct CadetTunnel *t = ct->t;
2168 if (GNUNET_YES == ct->is_ready)
2170 GNUNET_CONTAINER_DLL_remove (t->connection_ready_head,
2171 t->connection_ready_tail,
2173 t->num_ready_connections--;
2177 GNUNET_CONTAINER_DLL_remove (t->connection_busy_head,
2178 t->connection_busy_tail,
2180 t->num_busy_connections--;
2187 * Clean up connection @a ct of a tunnel.
2189 * @param cls the `struct CadetTunnel`
2190 * @param ct connection to clean up
2193 destroy_t_connection (void *cls,
2194 struct CadetTConnection *ct)
2196 struct CadetTunnel *t = cls;
2197 struct CadetConnection *cc = ct->cc;
2199 GNUNET_assert (ct->t == t);
2200 GCT_connection_lost (ct);
2201 GCC_destroy_without_tunnel (cc);
2206 * This tunnel is no longer used, destroy it.
2208 * @param cls the idle tunnel
2211 destroy_tunnel (void *cls)
2213 struct CadetTunnel *t = cls;
2214 struct CadetTunnelQueueEntry *tq;
2216 t->destroy_task = NULL;
2217 LOG (GNUNET_ERROR_TYPE_DEBUG,
2218 "Destroying idle %s\n",
2220 GNUNET_assert (0 == GCT_count_channels (t));
2221 GCT_iterate_connections (t,
2222 &destroy_t_connection,
2224 GNUNET_assert (NULL == t->connection_ready_head);
2225 GNUNET_assert (NULL == t->connection_busy_head);
2226 while (NULL != (tq = t->tq_head))
2228 if (NULL != tq->cont)
2229 tq->cont (tq->cont_cls,
2231 GCT_send_cancel (tq);
2233 GCP_drop_tunnel (t->destination,
2235 GNUNET_CONTAINER_multihashmap32_destroy (t->channels);
2236 if (NULL != t->maintain_connections_task)
2238 GNUNET_SCHEDULER_cancel (t->maintain_connections_task);
2239 t->maintain_connections_task = NULL;
2241 if (NULL != t->send_task)
2243 GNUNET_SCHEDULER_cancel (t->send_task);
2244 t->send_task = NULL;
2246 if (NULL != t->kx_task)
2248 GNUNET_SCHEDULER_cancel (t->kx_task);
2251 GNUNET_MST_destroy (t->mst);
2252 GNUNET_MQ_destroy (t->mq);
2253 if (NULL != t->unverified_ax)
2255 cleanup_ax (t->unverified_ax);
2256 GNUNET_free (t->unverified_ax);
2258 cleanup_ax (&t->ax);
2259 GNUNET_assert (NULL == t->destroy_task);
2265 * Remove a channel from a tunnel.
2269 * @param ctn unique number identifying @a ch within @a t
2272 GCT_remove_channel (struct CadetTunnel *t,
2273 struct CadetChannel *ch,
2274 struct GNUNET_CADET_ChannelTunnelNumber ctn)
2276 LOG (GNUNET_ERROR_TYPE_DEBUG,
2277 "Removing %s from %s\n",
2280 GNUNET_assert (GNUNET_YES ==
2281 GNUNET_CONTAINER_multihashmap32_remove (t->channels,
2285 GCT_count_channels (t)) &&
2286 (NULL == t->destroy_task) )
2289 = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
2297 * Destroy remaining channels during shutdown.
2299 * @param cls the `struct CadetTunnel` of the channel
2300 * @param key key of the channel
2301 * @param value the `struct CadetChannel`
2302 * @return #GNUNET_OK (continue to iterate)
2305 destroy_remaining_channels (void *cls,
2309 struct CadetChannel *ch = value;
2311 GCCH_handle_remote_destroy (ch,
2318 * Destroys the tunnel @a t now, without delay. Used during shutdown.
2320 * @param t tunnel to destroy
2323 GCT_destroy_tunnel_now (struct CadetTunnel *t)
2325 GNUNET_assert (GNUNET_YES == shutting_down);
2326 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
2327 &destroy_remaining_channels,
2330 GCT_count_channels (t));
2331 if (NULL != t->destroy_task)
2333 GNUNET_SCHEDULER_cancel (t->destroy_task);
2334 t->destroy_task = NULL;
2341 * Send normal payload from queue in @a t via connection @a ct.
2342 * Does nothing if our payload queue is empty.
2344 * @param t tunnel to send data from
2345 * @param ct connection to use for transmission (is ready)
2348 try_send_normal_payload (struct CadetTunnel *t,
2349 struct CadetTConnection *ct)
2351 struct CadetTunnelQueueEntry *tq;
2353 GNUNET_assert (GNUNET_YES == ct->is_ready);
2357 /* no messages pending right now */
2358 LOG (GNUNET_ERROR_TYPE_DEBUG,
2359 "Not sending payload of %s on ready %s (nothing pending)\n",
2364 /* ready to send message 'tq' on tunnel 'ct' */
2365 GNUNET_assert (t == tq->t);
2366 GNUNET_CONTAINER_DLL_remove (t->tq_head,
2369 if (NULL != tq->cid)
2370 *tq->cid = *GCC_get_id (ct->cc);
2371 mark_connection_unready (ct);
2372 LOG (GNUNET_ERROR_TYPE_DEBUG,
2373 "Sending payload of %s on %s\n",
2376 GCC_transmit (ct->cc,
2378 if (NULL != tq->cont)
2379 tq->cont (tq->cont_cls,
2380 GCC_get_id (ct->cc));
2386 * A connection is @a is_ready for transmission. Looks at our message
2387 * queue and if there is a message, sends it out via the connection.
2389 * @param cls the `struct CadetTConnection` that is @a is_ready
2390 * @param is_ready #GNUNET_YES if connection are now ready,
2391 * #GNUNET_NO if connection are no longer ready
2394 connection_ready_cb (void *cls,
2397 struct CadetTConnection *ct = cls;
2398 struct CadetTunnel *t = ct->t;
2400 if (GNUNET_NO == is_ready)
2402 LOG (GNUNET_ERROR_TYPE_DEBUG,
2403 "%s no longer ready for %s\n",
2406 mark_connection_unready (ct);
2409 GNUNET_assert (GNUNET_NO == ct->is_ready);
2410 GNUNET_CONTAINER_DLL_remove (t->connection_busy_head,
2411 t->connection_busy_tail,
2413 GNUNET_assert (0 < t->num_busy_connections);
2414 t->num_busy_connections--;
2415 ct->is_ready = GNUNET_YES;
2416 GNUNET_CONTAINER_DLL_insert_tail (t->connection_ready_head,
2417 t->connection_ready_tail,
2419 t->num_ready_connections++;
2421 LOG (GNUNET_ERROR_TYPE_DEBUG,
2422 "%s now ready for %s in state %s\n",
2425 estate2s (t->estate));
2428 case CADET_TUNNEL_KEY_UNINITIALIZED:
2429 /* Do not begin KX if WE have no channels waiting! */
2430 if (0 != GNUNET_TIME_absolute_get_remaining (t->next_kx_attempt).rel_value_us)
2431 return; /* wait for timeout before retrying */
2432 /* We are uninitialized, just transmit immediately,
2433 without undue delay. */
2434 if (NULL != t->kx_task)
2436 GNUNET_SCHEDULER_cancel (t->kx_task);
2443 GCT_count_channels (t)) &&
2444 (NULL == t->destroy_task) )
2447 = GNUNET_SCHEDULER_add_delayed (IDLE_DESTROY_DELAY,
2452 case CADET_TUNNEL_KEY_AX_RECV:
2453 case CADET_TUNNEL_KEY_AX_SENT:
2454 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
2455 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
2456 /* we're currently waiting for KX to complete, schedule job */
2457 if (NULL == t->kx_task)
2459 = GNUNET_SCHEDULER_add_at (t->next_kx_attempt,
2463 case CADET_TUNNEL_KEY_OK:
2464 if (GNUNET_YES == t->kx_auth_requested)
2466 if (0 != GNUNET_TIME_absolute_get_remaining (t->next_kx_attempt).rel_value_us)
2467 return; /* wait for timeout */
2468 if (NULL != t->kx_task)
2470 GNUNET_SCHEDULER_cancel (t->kx_task);
2479 try_send_normal_payload (t,
2487 * Called when either we have a new connection, or a new message in the
2488 * queue, or some existing connection has transmission capacity. Looks
2489 * at our message queue and if there is a message, picks a connection
2492 * @param cls the `struct CadetTunnel` to process messages on
2495 trigger_transmissions (void *cls)
2497 struct CadetTunnel *t = cls;
2498 struct CadetTConnection *ct;
2500 t->send_task = NULL;
2501 if (NULL == t->tq_head)
2502 return; /* no messages pending right now */
2503 ct = get_ready_connection (t);
2505 return; /* no connections ready */
2506 try_send_normal_payload (t,
2512 * Closure for #evaluate_connection. Used to assemble summary information
2513 * about the existing connections so we can evaluate a new path.
2515 struct EvaluationSummary
2519 * Minimum length of any of our connections, `UINT_MAX` if we have none.
2521 unsigned int min_length;
2524 * Maximum length of any of our connections, 0 if we have none.
2526 unsigned int max_length;
2529 * Minimum desirability of any of our connections, UINT64_MAX if we have none.
2531 GNUNET_CONTAINER_HeapCostType min_desire;
2534 * Maximum desirability of any of our connections, 0 if we have none.
2536 GNUNET_CONTAINER_HeapCostType max_desire;
2539 * Path we are comparing against for #evaluate_connection, can be NULL.
2541 struct CadetPeerPath *path;
2544 * Connection deemed the "worst" so far encountered by #evaluate_connection,
2545 * NULL if we did not yet encounter any connections.
2547 struct CadetTConnection *worst;
2550 * Numeric score of @e worst, only set if @e worst is non-NULL.
2555 * Set to #GNUNET_YES if we have a connection over @e path already.
2563 * Evaluate a connection, updating our summary information in @a cls about
2564 * what kinds of connections we have.
2566 * @param cls the `struct EvaluationSummary *` to update
2567 * @param ct a connection to include in the summary
2570 evaluate_connection (void *cls,
2571 struct CadetTConnection *ct)
2573 struct EvaluationSummary *es = cls;
2574 struct CadetConnection *cc = ct->cc;
2575 unsigned int ct_length;
2576 struct CadetPeerPath *ps;
2577 const struct CadetConnectionMetrics *metrics;
2578 GNUNET_CONTAINER_HeapCostType ct_desirability;
2579 struct GNUNET_TIME_Relative uptime;
2580 struct GNUNET_TIME_Relative last_use;
2582 double success_rate;
2584 ps = GCC_get_path (cc,
2586 LOG (GNUNET_ERROR_TYPE_DEBUG,
2587 "Evaluating path %s of existing %s\n",
2592 LOG (GNUNET_ERROR_TYPE_DEBUG,
2593 "Ignoring duplicate path %s.\n",
2594 GCPP_2s (es->path));
2595 es->duplicate = GNUNET_YES;
2598 if (NULL != es->path)
2600 int duplicate = GNUNET_YES;
2602 for (unsigned int i=0;i<ct_length;i++)
2604 GNUNET_assert (GCPP_get_length (es->path) > i);
2605 if (GCPP_get_peer_at_offset (es->path,
2607 GCPP_get_peer_at_offset (ps,
2610 duplicate = GNUNET_NO;
2614 if (GNUNET_YES == duplicate)
2616 LOG (GNUNET_ERROR_TYPE_DEBUG,
2617 "Ignoring overlapping path %s.\n",
2618 GCPP_2s (es->path));
2619 es->duplicate = GNUNET_YES;
2624 LOG (GNUNET_ERROR_TYPE_DEBUG,
2625 "Known path %s differs from proposed path\n",
2630 ct_desirability = GCPP_get_desirability (ps);
2631 metrics = GCC_get_metrics (cc);
2632 uptime = GNUNET_TIME_absolute_get_duration (metrics->age);
2633 last_use = GNUNET_TIME_absolute_get_duration (metrics->last_use);
2634 /* We add 1.0 here to avoid division by zero. */
2635 success_rate = (metrics->num_acked_transmissions + 1.0) / (metrics->num_successes + 1.0);
2638 + 100.0 / (1.0 + ct_length) /* longer paths = better */
2639 + sqrt (uptime.rel_value_us / 60000000LL) /* larger uptime = better */
2640 - last_use.rel_value_us / 1000L; /* longer idle = worse */
2641 score *= success_rate; /* weigh overall by success rate */
2643 if ( (NULL == es->worst) ||
2644 (score < es->worst_score) )
2647 es->worst_score = score;
2649 es->min_length = GNUNET_MIN (es->min_length,
2651 es->max_length = GNUNET_MAX (es->max_length,
2653 es->min_desire = GNUNET_MIN (es->min_desire,
2655 es->max_desire = GNUNET_MAX (es->max_desire,
2661 * Consider using the path @a p for the tunnel @a t.
2662 * The tunnel destination is at offset @a off in path @a p.
2664 * @param cls our tunnel
2665 * @param path a path to our destination
2666 * @param off offset of the destination on path @a path
2667 * @return #GNUNET_YES (should keep iterating)
2670 consider_path_cb (void *cls,
2671 struct CadetPeerPath *path,
2674 struct CadetTunnel *t = cls;
2675 struct EvaluationSummary es;
2676 struct CadetTConnection *ct;
2678 GNUNET_assert (off < GCPP_get_length (path));
2679 GNUNET_assert (GCPP_get_peer_at_offset (path,
2680 off) == t->destination);
2681 es.min_length = UINT_MAX;
2684 es.min_desire = UINT64_MAX;
2686 es.duplicate = GNUNET_NO;
2689 /* Compute evaluation summary over existing connections. */
2690 LOG (GNUNET_ERROR_TYPE_DEBUG,
2691 "Evaluating proposed path %s for target %s\n",
2694 /* FIXME: suspect this does not ACTUALLY iterate
2695 over all existing paths, otherwise dup detection
2697 GCT_iterate_connections (t,
2698 &evaluate_connection,
2700 if (GNUNET_YES == es.duplicate)
2703 /* FIXME: not sure we should really just count
2704 'num_connections' here, as they may all have
2705 consistently failed to connect. */
2707 /* We iterate by increasing path length; if we have enough paths and
2708 this one is more than twice as long than what we are currently
2709 using, then ignore all of these super-long ones! */
2710 if ( (GCT_count_any_connections (t) > DESIRED_CONNECTIONS_PER_TUNNEL) &&
2711 (es.min_length * 2 < off) &&
2712 (es.max_length < off) )
2714 LOG (GNUNET_ERROR_TYPE_DEBUG,
2715 "Ignoring paths of length %u, they are way too long.\n",
2719 /* If we have enough paths and this one looks no better, ignore it. */
2720 if ( (GCT_count_any_connections (t) >= DESIRED_CONNECTIONS_PER_TUNNEL) &&
2721 (es.min_length < GCPP_get_length (path)) &&
2722 (es.min_desire > GCPP_get_desirability (path)) &&
2723 (es.max_length < off) )
2725 LOG (GNUNET_ERROR_TYPE_DEBUG,
2726 "Ignoring path (%u/%llu) to %s, got something better already.\n",
2727 GCPP_get_length (path),
2728 (unsigned long long) GCPP_get_desirability (path),
2729 GCP_2s (t->destination));
2733 /* Path is interesting (better by some metric, or we don't have
2734 enough paths yet). */
2735 ct = GNUNET_new (struct CadetTConnection);
2736 ct->created = GNUNET_TIME_absolute_get ();
2738 ct->cc = GCC_create (t->destination,
2741 GNUNET_CADET_OPTION_DEFAULT, /* FIXME: set based on what channels want/need! */
2743 &connection_ready_cb,
2746 /* FIXME: schedule job to kill connection (and path?) if it takes
2747 too long to get ready! (And track performance data on how long
2748 other connections took with the tunnel!)
2749 => Note: to be done within 'connection'-logic! */
2750 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
2751 t->connection_busy_tail,
2753 t->num_busy_connections++;
2754 LOG (GNUNET_ERROR_TYPE_DEBUG,
2755 "Found interesting path %s for %s, created %s\n",
2764 * Function called to maintain the connections underlying our tunnel.
2765 * Tries to maintain (incl. tear down) connections for the tunnel, and
2766 * if there is a significant change, may trigger transmissions.
2768 * Basically, needs to check if there are connections that perform
2769 * badly, and if so eventually kill them and trigger a replacement.
2770 * The strategy is to open one more connection than
2771 * #DESIRED_CONNECTIONS_PER_TUNNEL, and then periodically kick out the
2772 * least-performing one, and then inquire for new ones.
2774 * @param cls the `struct CadetTunnel`
2777 maintain_connections_cb (void *cls)
2779 struct CadetTunnel *t = cls;
2780 struct GNUNET_TIME_Relative delay;
2781 struct EvaluationSummary es;
2783 t->maintain_connections_task = NULL;
2784 LOG (GNUNET_ERROR_TYPE_DEBUG,
2785 "Performing connection maintenance for %s.\n",
2788 es.min_length = UINT_MAX;
2791 es.min_desire = UINT64_MAX;
2794 es.duplicate = GNUNET_NO;
2795 GCT_iterate_connections (t,
2796 &evaluate_connection,
2798 if ( (NULL != es.worst) &&
2799 (GCT_count_any_connections (t) > DESIRED_CONNECTIONS_PER_TUNNEL) )
2801 /* Clear out worst-performing connection 'es.worst'. */
2802 destroy_t_connection (t,
2806 /* Consider additional paths */
2807 (void) GCP_iterate_paths (t->destination,
2811 /* FIXME: calculate when to try again based on how well we are doing;
2812 in particular, if we have to few connections, we might be able
2813 to do without this (as PATHS should tell us whenever a new path
2814 is available instantly; however, need to make sure this job is
2815 restarted after that happens).
2816 Furthermore, if the paths we do know are in a reasonably narrow
2817 quality band and are plentyful, we might also consider us stabilized
2818 and then reduce the frequency accordingly. */
2819 delay = GNUNET_TIME_UNIT_MINUTES;
2820 t->maintain_connections_task
2821 = GNUNET_SCHEDULER_add_delayed (delay,
2822 &maintain_connections_cb,
2828 * Consider using the path @a p for the tunnel @a t.
2829 * The tunnel destination is at offset @a off in path @a p.
2831 * @param cls our tunnel
2832 * @param path a path to our destination
2833 * @param off offset of the destination on path @a path
2836 GCT_consider_path (struct CadetTunnel *t,
2837 struct CadetPeerPath *p,
2840 LOG (GNUNET_ERROR_TYPE_DEBUG,
2841 "Considering %s for %s (offset %u)\n",
2845 (void) consider_path_cb (t,
2852 * We got a keepalive. Track in statistics.
2854 * @param cls the `struct CadetTunnel` for which we decrypted the message
2855 * @param msg the message we received on the tunnel
2858 handle_plaintext_keepalive (void *cls,
2859 const struct GNUNET_MessageHeader *msg)
2861 struct CadetTunnel *t = cls;
2863 LOG (GNUNET_ERROR_TYPE_DEBUG,
2864 "Received KEEPALIVE on %s\n",
2866 GNUNET_STATISTICS_update (stats,
2867 "# keepalives received",
2874 * Check that @a msg is well-formed.
2876 * @param cls the `struct CadetTunnel` for which we decrypted the message
2877 * @param msg the message we received on the tunnel
2878 * @return #GNUNET_OK (any variable-size payload goes)
2881 check_plaintext_data (void *cls,
2882 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
2889 * We received payload data for a channel. Locate the channel
2890 * and process the data, or return an error if the channel is unknown.
2892 * @param cls the `struct CadetTunnel` for which we decrypted the message
2893 * @param msg the message we received on the tunnel
2896 handle_plaintext_data (void *cls,
2897 const struct GNUNET_CADET_ChannelAppDataMessage *msg)
2899 struct CadetTunnel *t = cls;
2900 struct CadetChannel *ch;
2902 ch = lookup_channel (t,
2906 /* We don't know about such a channel, might have been destroyed on our
2907 end in the meantime, or never existed. Send back a DESTROY. */
2908 LOG (GNUNET_ERROR_TYPE_DEBUG,
2909 "Received %u bytes of application data for unknown channel %u, sending DESTROY\n",
2910 (unsigned int) (ntohs (msg->header.size) - sizeof (*msg)),
2911 ntohl (msg->ctn.cn));
2912 GCT_send_channel_destroy (t,
2916 GCCH_handle_channel_plaintext_data (ch,
2917 GCC_get_id (t->current_ct->cc),
2923 * We received an acknowledgement for data we sent on a channel.
2924 * Locate the channel and process it, or return an error if the
2925 * channel is unknown.
2927 * @param cls the `struct CadetTunnel` for which we decrypted the message
2928 * @param ack the message we received on the tunnel
2931 handle_plaintext_data_ack (void *cls,
2932 const struct GNUNET_CADET_ChannelDataAckMessage *ack)
2934 struct CadetTunnel *t = cls;
2935 struct CadetChannel *ch;
2937 ch = lookup_channel (t,
2941 /* We don't know about such a channel, might have been destroyed on our
2942 end in the meantime, or never existed. Send back a DESTROY. */
2943 LOG (GNUNET_ERROR_TYPE_DEBUG,
2944 "Received DATA_ACK for unknown channel %u, sending DESTROY\n",
2945 ntohl (ack->ctn.cn));
2946 GCT_send_channel_destroy (t,
2950 GCCH_handle_channel_plaintext_data_ack (ch,
2951 GCC_get_id (t->current_ct->cc),
2957 * We have received a request to open a channel to a port from
2958 * another peer. Creates the incoming channel.
2960 * @param cls the `struct CadetTunnel` for which we decrypted the message
2961 * @param copen the message we received on the tunnel
2964 handle_plaintext_channel_open (void *cls,
2965 const struct GNUNET_CADET_ChannelOpenMessage *copen)
2967 struct CadetTunnel *t = cls;
2968 struct CadetChannel *ch;
2970 ch = GNUNET_CONTAINER_multihashmap32_get (t->channels,
2971 ntohl (copen->ctn.cn));
2974 LOG (GNUNET_ERROR_TYPE_DEBUG,
2975 "Received duplicate channel CHANNEL_OPEN on h_port %s from %s (%s), resending ACK\n",
2976 GNUNET_h2s (&copen->h_port),
2979 GCCH_handle_duplicate_open (ch,
2980 GCC_get_id (t->current_ct->cc));
2983 LOG (GNUNET_ERROR_TYPE_DEBUG,
2984 "Received CHANNEL_OPEN on h_port %s from %s\n",
2985 GNUNET_h2s (&copen->h_port),
2987 ch = GCCH_channel_incoming_new (t,
2990 ntohl (copen->opt));
2991 if (NULL != t->destroy_task)
2993 GNUNET_SCHEDULER_cancel (t->destroy_task);
2994 t->destroy_task = NULL;
2996 GNUNET_assert (GNUNET_OK ==
2997 GNUNET_CONTAINER_multihashmap32_put (t->channels,
2998 ntohl (copen->ctn.cn),
3000 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
3005 * Send a DESTROY message via the tunnel.
3007 * @param t the tunnel to transmit over
3008 * @param ctn ID of the channel to destroy
3011 GCT_send_channel_destroy (struct CadetTunnel *t,
3012 struct GNUNET_CADET_ChannelTunnelNumber ctn)
3014 struct GNUNET_CADET_ChannelDestroyMessage msg;
3016 LOG (GNUNET_ERROR_TYPE_DEBUG,
3017 "Sending DESTORY message for channel ID %u\n",
3019 msg.header.size = htons (sizeof (msg));
3020 msg.header.type = htons (GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY);
3021 msg.reserved = htonl (0);
3031 * We have received confirmation from the target peer that the
3032 * given channel could be established (the port is open).
3035 * @param cls the `struct CadetTunnel` for which we decrypted the message
3036 * @param cm the message we received on the tunnel
3039 handle_plaintext_channel_open_ack (void *cls,
3040 const struct GNUNET_CADET_ChannelOpenAckMessage *cm)
3042 struct CadetTunnel *t = cls;
3043 struct CadetChannel *ch;
3045 ch = lookup_channel (t,
3049 /* We don't know about such a channel, might have been destroyed on our
3050 end in the meantime, or never existed. Send back a DESTROY. */
3051 LOG (GNUNET_ERROR_TYPE_DEBUG,
3052 "Received channel OPEN_ACK for unknown channel %u, sending DESTROY\n",
3053 ntohl (cm->ctn.cn));
3054 GCT_send_channel_destroy (t,
3058 LOG (GNUNET_ERROR_TYPE_DEBUG,
3059 "Received channel OPEN_ACK on channel %s from %s\n",
3062 GCCH_handle_channel_open_ack (ch,
3063 GCC_get_id (t->current_ct->cc),
3069 * We received a message saying that a channel should be destroyed.
3070 * Pass it on to the correct channel.
3072 * @param cls the `struct CadetTunnel` for which we decrypted the message
3073 * @param cm the message we received on the tunnel
3076 handle_plaintext_channel_destroy (void *cls,
3077 const struct GNUNET_CADET_ChannelDestroyMessage *cm)
3079 struct CadetTunnel *t = cls;
3080 struct CadetChannel *ch;
3082 ch = lookup_channel (t,
3086 /* We don't know about such a channel, might have been destroyed on our
3087 end in the meantime, or never existed. */
3088 LOG (GNUNET_ERROR_TYPE_DEBUG,
3089 "Received channel DESTORY for unknown channel %u. Ignoring.\n",
3090 ntohl (cm->ctn.cn));
3093 LOG (GNUNET_ERROR_TYPE_DEBUG,
3094 "Received channel DESTROY on %s from %s\n",
3097 GCCH_handle_remote_destroy (ch,
3098 GCC_get_id (t->current_ct->cc));
3103 * Handles a message we decrypted, by injecting it into
3104 * our message queue (which will do the dispatching).
3106 * @param cls the `struct CadetTunnel` that got the message
3107 * @param msg the message
3108 * @return #GNUNET_OK on success (always)
3109 * #GNUNET_NO to stop further processing (no error)
3110 * #GNUNET_SYSERR to stop further processing with error
3113 handle_decrypted (void *cls,
3114 const struct GNUNET_MessageHeader *msg)
3116 struct CadetTunnel *t = cls;
3118 GNUNET_assert (NULL != t->current_ct);
3119 GNUNET_MQ_inject_message (t->mq,
3126 * Function called if we had an error processing
3127 * an incoming decrypted message.
3129 * @param cls the `struct CadetTunnel`
3130 * @param error error code
3133 decrypted_error_cb (void *cls,
3134 enum GNUNET_MQ_Error error)
3136 GNUNET_break_op (0);
3141 * Create a tunnel to @a destionation. Must only be called
3142 * from within #GCP_get_tunnel().
3144 * @param destination where to create the tunnel to
3145 * @return new tunnel to @a destination
3147 struct CadetTunnel *
3148 GCT_create_tunnel (struct CadetPeer *destination)
3150 struct CadetTunnel *t = GNUNET_new (struct CadetTunnel);
3151 struct GNUNET_MQ_MessageHandler handlers[] = {
3152 GNUNET_MQ_hd_fixed_size (plaintext_keepalive,
3153 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_KEEPALIVE,
3154 struct GNUNET_MessageHeader,
3156 GNUNET_MQ_hd_var_size (plaintext_data,
3157 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA,
3158 struct GNUNET_CADET_ChannelAppDataMessage,
3160 GNUNET_MQ_hd_fixed_size (plaintext_data_ack,
3161 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_APP_DATA_ACK,
3162 struct GNUNET_CADET_ChannelDataAckMessage,
3164 GNUNET_MQ_hd_fixed_size (plaintext_channel_open,
3165 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN,
3166 struct GNUNET_CADET_ChannelOpenMessage,
3168 GNUNET_MQ_hd_fixed_size (plaintext_channel_open_ack,
3169 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_OPEN_ACK,
3170 struct GNUNET_CADET_ChannelOpenAckMessage,
3172 GNUNET_MQ_hd_fixed_size (plaintext_channel_destroy,
3173 GNUNET_MESSAGE_TYPE_CADET_CHANNEL_DESTROY,
3174 struct GNUNET_CADET_ChannelDestroyMessage,
3176 GNUNET_MQ_handler_end ()
3179 t->kx_retry_delay = INITIAL_KX_RETRY_DELAY;
3180 new_ephemeral (&t->ax);
3181 GNUNET_assert (GNUNET_OK ==
3182 GNUNET_CRYPTO_ecdhe_key_create2 (&t->ax.kx_0));
3183 t->destination = destination;
3184 t->channels = GNUNET_CONTAINER_multihashmap32_create (8);
3185 t->maintain_connections_task
3186 = GNUNET_SCHEDULER_add_now (&maintain_connections_cb,
3188 t->mq = GNUNET_MQ_queue_for_callbacks (NULL,
3193 &decrypted_error_cb,
3195 t->mst = GNUNET_MST_create (&handle_decrypted,
3202 * Add a @a connection to the @a tunnel.
3205 * @param cid connection identifer to use for the connection
3206 * @param options options for the connection
3207 * @param path path to use for the connection
3208 * @return #GNUNET_OK on success,
3209 * #GNUNET_SYSERR on failure (duplicate connection)
3212 GCT_add_inbound_connection (struct CadetTunnel *t,
3213 const struct GNUNET_CADET_ConnectionTunnelIdentifier *cid,
3214 enum GNUNET_CADET_ChannelOption options,
3215 struct CadetPeerPath *path)
3217 struct CadetTConnection *ct;
3219 ct = GNUNET_new (struct CadetTConnection);
3220 ct->created = GNUNET_TIME_absolute_get ();
3222 ct->cc = GCC_create_inbound (t->destination,
3227 &connection_ready_cb,
3231 LOG (GNUNET_ERROR_TYPE_DEBUG,
3232 "%s refused inbound %s (duplicate)\n",
3236 return GNUNET_SYSERR;
3238 /* FIXME: schedule job to kill connection (and path?) if it takes
3239 too long to get ready! (And track performance data on how long
3240 other connections took with the tunnel!)
3241 => Note: to be done within 'connection'-logic! */
3242 GNUNET_CONTAINER_DLL_insert (t->connection_busy_head,
3243 t->connection_busy_tail,
3245 t->num_busy_connections++;
3246 LOG (GNUNET_ERROR_TYPE_DEBUG,
3255 * Handle encrypted message.
3257 * @param ct connection/tunnel combo that received encrypted message
3258 * @param msg the encrypted message to decrypt
3261 GCT_handle_encrypted (struct CadetTConnection *ct,
3262 const struct GNUNET_CADET_TunnelEncryptedMessage *msg)
3264 struct CadetTunnel *t = ct->t;
3265 uint16_t size = ntohs (msg->header.size);
3266 char cbuf [size] GNUNET_ALIGN;
3267 ssize_t decrypted_size;
3269 LOG (GNUNET_ERROR_TYPE_DEBUG,
3270 "%s received %u bytes of encrypted data in state %d\n",
3272 (unsigned int) size,
3277 case CADET_TUNNEL_KEY_UNINITIALIZED:
3278 case CADET_TUNNEL_KEY_AX_RECV:
3279 /* We did not even SEND our KX, how can the other peer
3280 send us encrypted data? Must have been that we went
3281 down and the other peer still things we are up.
3282 Let's send it KX back. */
3283 GNUNET_STATISTICS_update (stats,
3284 "# received encrypted without any KX",
3287 if (NULL != t->kx_task)
3289 GNUNET_SCHEDULER_cancel (t->kx_task);
3296 case CADET_TUNNEL_KEY_AX_SENT_AND_RECV:
3297 /* We send KX, and other peer send KX to us at the same time.
3298 Neither KX is AUTH'ed, so let's try KX_AUTH this time. */
3299 GNUNET_STATISTICS_update (stats,
3300 "# received encrypted without KX_AUTH",
3303 if (NULL != t->kx_task)
3305 GNUNET_SCHEDULER_cancel (t->kx_task);
3313 case CADET_TUNNEL_KEY_AX_SENT:
3314 /* We did not get the KX of the other peer, but that
3315 might have been lost. Send our KX again immediately. */
3316 GNUNET_STATISTICS_update (stats,
3317 "# received encrypted without KX",
3320 if (NULL != t->kx_task)
3322 GNUNET_SCHEDULER_cancel (t->kx_task);
3329 case CADET_TUNNEL_KEY_AX_AUTH_SENT:
3330 /* Great, first payload, we might graduate to OK! */
3331 case CADET_TUNNEL_KEY_OK:
3332 /* We are up and running, all good. */
3336 decrypted_size = -1;
3337 if (CADET_TUNNEL_KEY_OK == t->estate)
3339 /* We have well-established key material available,
3340 try that. (This is the common case.) */
3341 decrypted_size = t_ax_decrypt_and_validate (&t->ax,
3347 if ( (-1 == decrypted_size) &&
3348 (NULL != t->unverified_ax) )
3350 /* We have un-authenticated KX material available. We should try
3351 this as a back-up option, in case the sender crashed and
3353 decrypted_size = t_ax_decrypt_and_validate (t->unverified_ax,
3357 if (-1 != decrypted_size)
3359 /* It worked! Treat this as authentication of the AX data! */
3360 cleanup_ax (&t->ax);
3361 t->ax = *t->unverified_ax;
3362 GNUNET_free (t->unverified_ax);
3363 t->unverified_ax = NULL;
3365 if (CADET_TUNNEL_KEY_AX_AUTH_SENT == t->estate)
3367 /* First time it worked, move tunnel into production! */
3368 GCT_change_estate (t,
3369 CADET_TUNNEL_KEY_OK);
3370 if (NULL != t->send_task)
3371 GNUNET_SCHEDULER_cancel (t->send_task);
3372 t->send_task = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
3376 if (NULL != t->unverified_ax)
3378 /* We had unverified KX material that was useless; so increment
3379 counter and eventually move to ignore it. Note that we even do
3380 this increment if we successfully decrypted with the old KX
3381 material and thus didn't even both with the new one. This is
3382 the ideal case, as a malicious injection of bogus KX data
3383 basically only causes us to increment a counter a few times. */
3384 t->unverified_attempts++;
3385 LOG (GNUNET_ERROR_TYPE_DEBUG,
3386 "Failed to decrypt message with unverified KX data %u times\n",
3387 t->unverified_attempts);
3388 if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS)
3390 cleanup_ax (t->unverified_ax);
3391 GNUNET_free (t->unverified_ax);
3392 t->unverified_ax = NULL;
3396 if (-1 == decrypted_size)
3398 /* Decryption failed for good, complain. */
3399 LOG (GNUNET_ERROR_TYPE_WARNING,
3400 "%s failed to decrypt and validate encrypted data, retrying KX\n",
3402 GNUNET_STATISTICS_update (stats,
3403 "# unable to decrypt",
3406 if (NULL != t->kx_task)
3408 GNUNET_SCHEDULER_cancel (t->kx_task);
3416 GNUNET_STATISTICS_update (stats,
3417 "# decrypted bytes",
3421 /* The MST will ultimately call #handle_decrypted() on each message. */
3423 GNUNET_break_op (GNUNET_OK ==
3424 GNUNET_MST_from_buffer (t->mst,
3429 t->current_ct = NULL;
3434 * Sends an already built message on a tunnel, encrypting it and
3435 * choosing the best connection if not provided.
3437 * @param message Message to send. Function modifies it.
3438 * @param t Tunnel on which this message is transmitted.
3439 * @param cont Continuation to call once message is really sent.
3440 * @param cont_cls Closure for @c cont.
3441 * @return Handle to cancel message
3443 struct CadetTunnelQueueEntry *
3444 GCT_send (struct CadetTunnel *t,
3445 const struct GNUNET_MessageHeader *message,
3446 GCT_SendContinuation cont,
3449 struct CadetTunnelQueueEntry *tq;
3450 uint16_t payload_size;
3451 struct GNUNET_MQ_Envelope *env;
3452 struct GNUNET_CADET_TunnelEncryptedMessage *ax_msg;
3454 if (CADET_TUNNEL_KEY_OK != t->estate)
3459 payload_size = ntohs (message->size);
3460 LOG (GNUNET_ERROR_TYPE_DEBUG,
3461 "Encrypting %u bytes for %s\n",
3462 (unsigned int) payload_size,
3464 env = GNUNET_MQ_msg_extra (ax_msg,
3466 GNUNET_MESSAGE_TYPE_CADET_TUNNEL_ENCRYPTED);
3467 t_ax_encrypt (&t->ax,
3471 GNUNET_STATISTICS_update (stats,
3472 "# encrypted bytes",
3475 ax_msg->ax_header.Ns = htonl (t->ax.Ns++);
3476 ax_msg->ax_header.PNs = htonl (t->ax.PNs);
3477 /* FIXME: we should do this once, not once per message;
3478 this is a point multiplication, and DHRs does not
3479 change all the time. */
3480 GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs,
3481 &ax_msg->ax_header.DHRs);
3482 t_h_encrypt (&t->ax,
3484 t_hmac (&ax_msg->ax_header,
3485 sizeof (struct GNUNET_CADET_AxHeader) + payload_size,
3490 tq = GNUNET_malloc (sizeof (*tq));
3493 tq->cid = &ax_msg->cid; /* will initialize 'ax_msg->cid' once we know the connection */
3495 tq->cont_cls = cont_cls;
3496 GNUNET_CONTAINER_DLL_insert_tail (t->tq_head,
3499 if (NULL != t->send_task)
3500 GNUNET_SCHEDULER_cancel (t->send_task);
3502 = GNUNET_SCHEDULER_add_now (&trigger_transmissions,
3509 * Cancel a previously sent message while it's in the queue.
3511 * ONLY can be called before the continuation given to the send
3512 * function is called. Once the continuation is called, the message is
3513 * no longer in the queue!
3515 * @param tq Handle to the queue entry to cancel.
3518 GCT_send_cancel (struct CadetTunnelQueueEntry *tq)
3520 struct CadetTunnel *t = tq->t;
3522 GNUNET_CONTAINER_DLL_remove (t->tq_head,
3525 GNUNET_MQ_discard (tq->env);
3531 * Iterate over all connections of a tunnel.
3533 * @param t Tunnel whose connections to iterate.
3534 * @param iter Iterator.
3535 * @param iter_cls Closure for @c iter.
3538 GCT_iterate_connections (struct CadetTunnel *t,
3539 GCT_ConnectionIterator iter,
3542 struct CadetTConnection *n;
3543 for (struct CadetTConnection *ct = t->connection_ready_head;
3551 for (struct CadetTConnection *ct = t->connection_busy_head;
3563 * Closure for #iterate_channels_cb.
3570 GCT_ChannelIterator iter;
3573 * Closure for @e iter.
3580 * Helper function for #GCT_iterate_channels.
3582 * @param cls the `struct ChanIterCls`
3584 * @param value a `struct CadetChannel`
3585 * @return #GNUNET_OK
3588 iterate_channels_cb (void *cls,
3592 struct ChanIterCls *ctx = cls;
3593 struct CadetChannel *ch = value;
3595 ctx->iter (ctx->iter_cls,
3602 * Iterate over all channels of a tunnel.
3604 * @param t Tunnel whose channels to iterate.
3605 * @param iter Iterator.
3606 * @param iter_cls Closure for @c iter.
3609 GCT_iterate_channels (struct CadetTunnel *t,
3610 GCT_ChannelIterator iter,
3613 struct ChanIterCls ctx;
3616 ctx.iter_cls = iter_cls;
3617 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
3618 &iterate_channels_cb,
3625 * Call #GCCH_debug() on a channel.
3627 * @param cls points to the log level to use
3629 * @param value the `struct CadetChannel` to dump
3630 * @return #GNUNET_OK (continue iteration)
3633 debug_channel (void *cls,
3637 const enum GNUNET_ErrorType *level = cls;
3638 struct CadetChannel *ch = value;
3640 GCCH_debug (ch, *level);
3645 #define LOG2(level, ...) GNUNET_log_from_nocheck(level,"cadet-tun",__VA_ARGS__)
3649 * Log all possible info about the tunnel state.
3651 * @param t Tunnel to debug.
3652 * @param level Debug level to use.
3655 GCT_debug (const struct CadetTunnel *t,
3656 enum GNUNET_ErrorType level)
3658 #if !defined(GNUNET_CULL_LOGGING)
3659 struct CadetTConnection *iter_c;
3662 do_log = GNUNET_get_log_call_status (level & (~GNUNET_ERROR_TYPE_BULK),
3664 __FILE__, __FUNCTION__, __LINE__);
3669 "TTT TUNNEL TOWARDS %s in estate %s tq_len: %u #cons: %u\n",
3671 estate2s (t->estate),
3673 GCT_count_any_connections (t));
3676 GNUNET_CONTAINER_multihashmap32_iterate (t->channels,
3680 "TTT connections:\n");
3681 for (iter_c = t->connection_ready_head; NULL != iter_c; iter_c = iter_c->next)
3682 GCC_debug (iter_c->cc,
3684 for (iter_c = t->connection_busy_head; NULL != iter_c; iter_c = iter_c->next)
3685 GCC_debug (iter_c->cc,
3689 "TTT TUNNEL END\n");
3694 /* end of gnunet-service-cadet_tunnels.c */