From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 17 Jan 2017 18:58:31 +0000 (+0100)
Subject: towards decrypting traffic in new CADET
X-Git-Tag: taler-0.2.1~419
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7f756511ec2bafd5a5a2c3f2c40f7c08f3c39f85;p=oweals%2Fgnunet.git

towards decrypting traffic in new CADET
---

diff --git a/src/cadet/gnunet-service-cadet-new_connection.c b/src/cadet/gnunet-service-cadet-new_connection.c
index 6b802b69a..ff0579dc2 100644
--- a/src/cadet/gnunet-service-cadet-new_connection.c
+++ b/src/cadet/gnunet-service-cadet-new_connection.c
@@ -25,12 +25,20 @@
  *        end-to-end routes and transmits messages along the route
  * @author Bartlomiej Polot
  * @author Christian Grothoff
+ *
+ * TODO:
+ * - congestion control
+ * - GCC_debug()
+ * - keepalive messages
+ * - performance metrics
+ * - back-off reset
  */
 #include "platform.h"
 #include "gnunet-service-cadet-new_channel.h"
+#include "gnunet-service-cadet-new_connection.h"
 #include "gnunet-service-cadet-new_paths.h"
 #include "gnunet-service-cadet-new_peer.h"
-#include "gnunet-service-cadet-new_connection.h"
+#include "gnunet-service-cadet-new_tunnels.h"
 #include "gnunet_cadet_service.h"
 #include "cadet_protocol.h"
 
@@ -247,7 +255,8 @@ void
 GCC_handle_kx (struct CadetConnection *cc,
                const struct GNUNET_CADET_KX *msg)
 {
-  GNUNET_assert (0); // FIXME: not implemented
+  GCT_handle_kx (cc->ct,
+                 msg);
 }
 
 
@@ -261,7 +270,8 @@ void
 GCC_handle_encrypted (struct CadetConnection *cc,
                       const struct GNUNET_CADET_Encrypted *msg)
 {
-  GNUNET_assert (0); // FIXME: not implemented
+  GCT_handle_encrypted (cc->ct,
+                        msg);
 }
 
 
diff --git a/src/cadet/gnunet-service-cadet-new_core.c b/src/cadet/gnunet-service-cadet-new_core.c
index 3980f2e2d..943191a0b 100644
--- a/src/cadet/gnunet-service-cadet-new_core.c
+++ b/src/cadet/gnunet-service-cadet-new_core.c
@@ -259,6 +259,8 @@ handle_broken (void *cls,
       return;
     }
     GCC_destroy (cc);
+
+    /* FIXME: also destroy the path up to the specified link! */
     return;
   }
 
@@ -268,6 +270,7 @@ handle_broken (void *cls,
                  &msg->cid,
                  &msg->header);
   destroy_route (route);
+  /* FIXME: also destroy paths we MAY have up to the specified link! */
 }
 
 
diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.c b/src/cadet/gnunet-service-cadet-new_tunnels.c
index 01511d65e..7d281022c 100644
--- a/src/cadet/gnunet-service-cadet-new_tunnels.c
+++ b/src/cadet/gnunet-service-cadet-new_tunnels.c
@@ -33,6 +33,7 @@
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
+#include "gnunet_statistics_service.h"
 #include "gnunet_signatures.h"
 #include "cadet_protocol.h"
 #include "cadet_path.h"
@@ -1423,6 +1424,135 @@ GCT_remove_channel (struct CadetTunnel *t,
 }
 
 
+/**
+ * Change the tunnel encryption state.
+ * If the encryption state changes to OK, stop the rekey task.
+ *
+ * @param t Tunnel whose encryption state to change, or NULL.
+ * @param state New encryption state.
+ */
+void
+GCT_change_estate (struct CadetTunnel *t,
+                   enum CadetTunnelEState state)
+{
+  enum CadetTunnelEState old = t->estate;
+
+  t->estate = state;
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Tunnel %s estate changed from %d to %d\n",
+       GCT_2s (t),
+       old,
+       state);
+
+  if ( (CADET_TUNNEL_KEY_OK != old) &&
+       (CADET_TUNNEL_KEY_OK == t->estate) )
+  {
+    if (NULL != t->rekey_task)
+    {
+      GNUNET_SCHEDULER_cancel (t->rekey_task);
+      t->rekey_task = NULL;
+    }
+#if FIXME
+    /* Send queued data if tunnel is not loopback */
+    if (myid != GCP_get_short_id (t->peer))
+      send_queued_data (t);
+#endif
+  }
+}
+
+
+/**
+ * Handle KX message.
+ *
+ * @param ct connection/tunnel combo that received encrypted message
+ * @param msg the key exchange message
+ */
+void
+GCT_handle_kx (struct CadetTConnection *ct,
+               const struct GNUNET_CADET_KX *msg)
+{
+  GNUNET_break (0); // not implemented
+}
+
+
+/**
+ * Handle encrypted message.
+ *
+ * @param ct connection/tunnel combo that received encrypted message
+ * @param msg the encrypted message to decrypt
+ */
+void
+GCT_handle_encrypted (struct CadetTConnection *ct,
+                      const struct GNUNET_CADET_Encrypted *msg)
+{
+  struct CadetTunnel *t = ct->t;
+  uint16_t size = ntohs (msg->header.size);
+  char cbuf [size] GNUNET_ALIGN;
+  ssize_t decrypted_size;
+  const struct GNUNET_MessageHeader *msgh;
+  unsigned int off;
+
+  GNUNET_STATISTICS_update (stats,
+                            "# received encrypted",
+                            1,
+                            GNUNET_NO);
+
+  decrypted_size = t_ax_decrypt_and_validate (t,
+                                              cbuf,
+                                              msg,
+                                              size);
+
+  if (-1 == decrypted_size)
+  {
+    GNUNET_STATISTICS_update (stats,
+                              "# unable to decrypt",
+                              1,
+                              GNUNET_NO);
+    if (CADET_TUNNEL_KEY_PING <= t->estate)
+    {
+      GNUNET_break_op (0);
+      LOG (GNUNET_ERROR_TYPE_WARNING,
+           "Wrong crypto, tunnel %s\n",
+           GCT_2s (t));
+      GCT_debug (t,
+                 GNUNET_ERROR_TYPE_WARNING);
+    }
+    return;
+  }
+
+  GCT_change_estate (t,
+                     CADET_TUNNEL_KEY_OK);
+
+#if 0
+  /* FIXME: this is bad, as the structs returned from
+     this loop may be unaligned, see util's MST for
+     how to do this right.
+     => Change MST API to use new MQ-style handlers! */
+  off = 0;
+  while (off + sizeof (struct GNUNET_MessageHeader) <= decrypted_size)
+  {
+    uint16_t msize;
+
+    msgh = (const struct GNUNET_MessageHeader *) &cbuf[off];
+    msize = ntohs (msgh->size);
+    if (msize < sizeof (struct GNUNET_MessageHeader))
+    {
+      GNUNET_break_op (0);
+      return;
+    }
+    if (off + msize < decrypted_size)
+    {
+      GNUNET_break_op (0);
+      return;
+    }
+    handle_decrypted (t,
+                      msgh);
+    off += msize;
+  }
+#endif
+}
+
+
 /**
  * Sends an already built message on a tunnel, encrypting it and
  * choosing the best connection if not provided.
diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.h b/src/cadet/gnunet-service-cadet-new_tunnels.h
index 0abe99f70..c0e179771 100644
--- a/src/cadet/gnunet-service-cadet-new_tunnels.h
+++ b/src/cadet/gnunet-service-cadet-new_tunnels.h
@@ -29,6 +29,8 @@
 #define GNUNET_SERVICE_CADET_TUNNELS_H
 
 #include "gnunet-service-cadet-new.h"
+#include "cadet_protocol.h"
+
 
 /**
  * How many connections would we like to have per tunnel?
@@ -315,6 +317,28 @@ enum CadetTunnelEState
 GCT_get_estate (struct CadetTunnel *t);
 
 
+/**
+ * Handle KX message.
+ *
+ * @param ct connection/tunnel combo that received encrypted message
+ * @param msg the key exchange message
+ */
+void
+GCT_handle_kx (struct CadetTConnection *ct,
+               const struct GNUNET_CADET_KX *msg);
+
+
+/**
+ * Handle encrypted message.
+ *
+ * @param ct connection/tunnel combo that received encrypted message
+ * @param msg the encrypted message to decrypt
+ */
+void
+GCT_handle_encrypted (struct CadetTConnection *ct,
+                      const struct GNUNET_CADET_Encrypted *msg);
+
+
 /**
  * Log all possible info about the tunnel state.
  *