}
+/**
+ * Calculate HMAC.
+ *
+ * @param t Tunnel to get keys from.
+ * @param plaintext Content to HMAC.
+ * @param size Size of @c plaintext.
+ * @param iv Initialization vector for the message.
+ * @param outgoing Is this an outgoing message that we encrypted?
+ * @param hmac Destination to store the HMAC.
+ */
+static void
+t_hmac (struct MeshTunnel3 *t, const void *plaintext, size_t size, uint32_t iv,
+ int outgoing, struct GNUNET_MeshHash *hmac)
+{
+ struct GNUNET_CRYPTO_AuthKey auth_key;
+ static const char ctx[] = "mesh authentication key";
+ struct GNUNET_CRYPTO_SymmetricSessionKey *key;
+ struct GNUNET_HashCode hash;
+
+ key = outgoing ? &t->e_key : &t->d_key;
+ GNUNET_CRYPTO_hmac_derive_key (&auth_key, key,
+ &iv, sizeof (iv),
+ key, sizeof (*key),
+ ctx, sizeof (ctx),
+ NULL);
+ GNUNET_CRYPTO_hmac (&auth_key, plaintext, size, &hash);
+ memcpy (hmac, &hash, sizeof (*hmac));
+}
+
/**
* Sends an already built message on a tunnel, encrypting it and
*
* @param message Message to send. Function modifies it.
* @param t Tunnel on which this message is transmitted.
+ * @param c Connection to use (autoselect if NULL).
* @param force Force the tunnel to take the message (buffer overfill).
* @param cont Continuation to call once message is really sent.
* @param cont_cls Closure for @c cont.
*/
static struct MeshTunnel3Queue *
send_prebuilt_message (const struct GNUNET_MessageHeader *message,
- struct MeshTunnel3 *t, int force,
- GMT_sent cont, void *cont_cls,
+ struct MeshTunnel3 *t, struct MeshConnection *c,
+ int force, GMT_sent cont, void *cont_cls,
struct MeshTunnel3Queue *existing_q)
{
struct MeshTunnel3Queue *tq;
- struct MeshConnection *c;
struct GNUNET_MESH_Encrypted *msg;
size_t size = ntohs (message->size);
char cbuf[sizeof (struct GNUNET_MESH_Encrypted) + size];
msg->header.type = htons (GNUNET_MESSAGE_TYPE_MESH_ENCRYPTED);
msg->iv = iv;
GNUNET_assert (t_encrypt (t, &msg[1], message, size, iv) == size);
+ t_hmac (t, &msg[1], size, iv, GNUNET_YES, &msg->hmac);
msg->header.size = htons (sizeof (struct GNUNET_MESH_Encrypted) + size);
- c = tunnel_get_connection (t);
+
+ if (NULL == c)
+ c = tunnel_get_connection (t);
if (NULL == c)
{
if (GNUNET_SCHEDULER_NO_TASK != t->destroy_task
}
return NULL;
}
+
type = ntohs (message->type);
switch (type)
{
+ case GNUNET_MESSAGE_TYPE_MESH_KEEPALIVE:
case GNUNET_MESSAGE_TYPE_MESH_DATA:
case GNUNET_MESSAGE_TYPE_MESH_DATA_ACK:
case GNUNET_MESSAGE_TYPE_MESH_CHANNEL_CREATE:
next = tqd->next;
room--;
send_prebuilt_message ((struct GNUNET_MessageHeader *) &tqd[1],
- tqd->t, GNUNET_YES,
+ tqd->t, NULL, GNUNET_YES,
NULL != tqd->tq ? tqd->tq->cont : NULL,
NULL != tqd->tq ? tqd->tq->cont_cls : NULL,
tqd->tq);
case GNUNET_MESSAGE_TYPE_MESH_KX_EPHEMERAL:
case GNUNET_MESSAGE_TYPE_MESH_KX_PING:
case GNUNET_MESSAGE_TYPE_MESH_KX_PONG:
- msg->reserved = htonl (0);
memcpy (&msg[1], message, size);
break;
default:
LOG (GNUNET_ERROR_TYPE_DEBUG,
"WARNING destroying unknown channel %u on tunnel %s\n",
gid, GMT_2s (t));
- send_prebuilt_message (&msg.header, t, GNUNET_YES, NULL, NULL, NULL);
+ send_prebuilt_message (&msg.header, t, NULL, GNUNET_YES, NULL, NULL, NULL);
}
switch (type)
{
+ case GNUNET_MESSAGE_TYPE_MESH_KEEPALIVE:
+ /* Do nothing, connection aleady got updated. */
+ GNUNET_STATISTICS_update (stats, "# keepalives received", 1, GNUNET_NO);
+ break;
+
case GNUNET_MESSAGE_TYPE_MESH_DATA:
/* Don't send hop ACK, wait for client to ACK */
handle_data (t, (struct GNUNET_MESH_Data *) msgh, fwd);
default:
GNUNET_break_op (0);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
+ LOG (GNUNET_ERROR_TYPE_WARNING,
"end-to-end message not known (%u)\n",
ntohs (msgh->type));
GMT_debug (t);
char cbuf [payload_size];
struct GNUNET_MessageHeader *msgh;
unsigned int off;
+ struct GNUNET_MeshHash hmac;
decrypted_size = t_decrypt (t, cbuf, &msg[1], payload_size, msg->iv);
+ t_hmac (t, &msg[1], payload_size, msg->iv, GNUNET_NO, &hmac);
+ if (0 != memcmp (&hmac, &msg->hmac, sizeof (hmac)))
+ {
+ /* checksum failed */
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Failed checksum validation for a message on tunnel `%s'\n",
+ GMT_2s (t));
+ GNUNET_STATISTICS_update (stats, "# wrong HMAC", 1, GNUNET_NO);
+ return;
+ }
off = 0;
while (off < decrypted_size)
{
GMT_use_path (struct MeshTunnel3 *t, struct MeshPeerPath *p)
{
struct MeshConnection *c;
- struct GNUNET_HashCode cid;
+ struct GNUNET_MeshHash cid;
unsigned int own_pos;
if (NULL == t || NULL == p)
return NULL;
}
- GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_NONCE, &cid);
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &cid, sizeof (cid));
c = GMC_new (&cid, t, p, own_pos);
if (NULL == c)
{
/**
* Sends an already built message on a tunnel, encrypting it and
- * choosing the best connection.
+ * choosing the best connection if not provided.
*
* @param message Message to send. Function modifies it.
* @param t Tunnel on which this message is transmitted.
+ * @param c Connection to use (autoselect if NULL).
* @param force Force the tunnel to take the message (buffer overfill).
* @param cont Continuation to call once message is really sent.
* @param cont_cls Closure for @c cont.
*/
struct MeshTunnel3Queue *
GMT_send_prebuilt_message (const struct GNUNET_MessageHeader *message,
- struct MeshTunnel3 *t, int force,
- GMT_sent cont, void *cont_cls)
+ struct MeshTunnel3 *t, struct MeshConnection *c,
+ int force, GMT_sent cont, void *cont_cls)
{
- return send_prebuilt_message (message, t, force, cont, cont_cls, NULL);
+ return send_prebuilt_message (message, t, c, force, cont, cont_cls, NULL);
}