From: Bart Polot Date: Mon, 27 Apr 2015 19:14:13 +0000 (+0000) Subject: - refactor kx handling X-Git-Tag: initial-import-from-subversion-38251~2052 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9e037307576cb21d9f04b9686d7c41cf4c5e37b0;p=oweals%2Fgnunet.git - refactor kx handling --- diff --git a/src/cadet/cadet_protocol.h b/src/cadet/cadet_protocol.h index dc91af304..1c0a1a89f 100644 --- a/src/cadet/cadet_protocol.h +++ b/src/cadet/cadet_protocol.h @@ -72,6 +72,7 @@ struct GNUNET_CADET_ConnectionCreate /* struct GNUNET_PeerIdentity peers[path_length]; */ }; + /** * Message for ack'ing a connection */ @@ -109,6 +110,26 @@ struct GNUNET_CADET_KX }; + +/** + * Message for encapsulation of a Key eXchange message in a connection. + */ +struct GNUNET_CADET_AX_KX +{ + /** + * Type: GNUNET_MESSAGE_TYPE_CADET_AX_KX. + */ + struct GNUNET_MessageHeader header; + + /** + * Ephemeral public ECC key (always for NIST P-521) encoded in a format + * suitable for network transmission as created using 'gcry_sexp_sprint'. + */ + struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; + +}; + + /** * Message transmitted with the signed ephemeral key of a peer. The * session key is then derived from the two ephemeral keys (ECDHE). diff --git a/src/cadet/gnunet-service-cadet_connection.c b/src/cadet/gnunet-service-cadet_connection.c index 957c81f6b..10acee8f9 100644 --- a/src/cadet/gnunet-service-cadet_connection.c +++ b/src/cadet/gnunet-service-cadet_connection.c @@ -2296,71 +2296,20 @@ handle_cadet_encrypted (const struct GNUNET_PeerIdentity *peer, */ static int handle_cadet_kx (const struct GNUNET_PeerIdentity *peer, - const struct GNUNET_CADET_KX *msg) + const struct GNUNET_CADET_KX *msg) { + const struct GNUNET_CADET_Hash* cid; struct CadetConnection *c; - struct CadetPeer *neighbor; - GNUNET_PEER_Id peer_id; - size_t size; + size_t expected_size; int fwd; - log_message (&msg->header, peer, &msg->cid); - - /* Check size */ - size = ntohs (msg->header.size); - if (size < - sizeof (struct GNUNET_CADET_KX) + - sizeof (struct GNUNET_MessageHeader)) - { - GNUNET_break_op (0); - return GNUNET_OK; - } - - /* Check connection */ - c = connection_get (&msg->cid); - if (NULL == c) - { - GNUNET_STATISTICS_update (stats, "# unknown connection", 1, GNUNET_NO); - LOG (GNUNET_ERROR_TYPE_DEBUG, "kx on unknown connection %s\n", - GNUNET_h2s (GC_h2hc (&msg->cid))); - send_broken_unknown (&msg->cid, &my_full_id, NULL, peer); - return GNUNET_OK; - } - LOG (GNUNET_ERROR_TYPE_DEBUG, " on connection %s\n", GCC_2s (c)); - - /* Check if origin is as expected */ - neighbor = get_prev_hop (c); - peer_id = GNUNET_PEER_search (peer); - if (peer_id == GCP_get_short_id (neighbor)) - { - fwd = GNUNET_YES; - } - else - { - neighbor = get_next_hop (c); - if (peer_id == GCP_get_short_id (neighbor)) - { - fwd = GNUNET_NO; - } - else - { - /* Unexpected peer sending traffic on a connection. */ - GNUNET_break_op (0); - return GNUNET_OK; - } - } + cid = &msg->cid; + log_message (&msg->header, peer, cid); - /* Count as connection confirmation. */ - if (CADET_CONNECTION_SENT == c->state || CADET_CONNECTION_ACK == c->state) - { - connection_change_state (c, CADET_CONNECTION_READY); - if (NULL != c->t) - { - if (CADET_TUNNEL_WAITING == GCT_get_cstate (c->t)) - GCT_change_cstate (c->t, CADET_TUNNEL_READY); - } - } - connection_reset_timeout (c, fwd); + expected_size = sizeof (struct GNUNET_CADET_KX) + + sizeof (struct GNUNET_MessageHeader); + c = connection_get (cid); + fwd = check_message (&msg->header, expected_size, cid, c, peer, 0); /* Is this message for us? */ if (GCC_is_terminal (c, fwd)) @@ -2422,93 +2371,6 @@ GCC_handle_encrypted (void *cls, const struct GNUNET_PeerIdentity *peer, } -/** - * Core handler for axolotl key exchange traffic. - * - * @param cls Closure (unused). - * @param message Message received. - * @param peer Neighbor who sent the message. - * - * @return GNUNET_OK, to keep the connection open. - */ -int -GCC_handle_ax_kx (void *cls, const struct GNUNET_PeerIdentity *peer, - const struct GNUNET_MessageHeader *message) -{ - const struct GNUNET_CADET_AX *msg; - struct CadetConnection *c; - size_t expected_size; - uint32_t pid; - uint32_t ttl; - int fwd; - - msg = (struct GNUNET_CADET_AX *) message; - log_message (message, peer, &msg->cid); - - expected_size = sizeof (struct GNUNET_CADET_AX) - + sizeof (struct GNUNET_MessageHeader); - c = connection_get (&msg->cid); - pid = ntohl (msg->pid); - fwd = check_message (message, expected_size, c, peer, pid); - - /* If something went wrong, discard message. */ - if (GNUNET_SYSERR == fwd) - return GNUNET_OK; - - /* Is this message for us? */ - if (GCC_is_terminal (c, fwd)) - { - GNUNET_STATISTICS_update (stats, "# messages received", 1, GNUNET_NO); - - if (NULL == c->t) - { - GNUNET_break (GNUNET_NO != c->destroy); - return GNUNET_OK; - } - GCT_handle_encrypted (c->t, message); - GCC_send_ack (c, fwd, GNUNET_NO); - return GNUNET_OK; - } - - /* Message not for us: forward to next hop */ - ttl = ntohl (msg->ttl); - LOG (GNUNET_ERROR_TYPE_DEBUG, " forwarding, ttl: %u\n", ttl); - if (ttl == 0) - { - GNUNET_STATISTICS_update (stats, "# TTL drops", 1, GNUNET_NO); - LOG (GNUNET_ERROR_TYPE_WARNING, " TTL is 0, DROPPING!\n"); - GCC_send_ack (c, fwd, GNUNET_NO); - return GNUNET_OK; - } - - GNUNET_STATISTICS_update (stats, "# messages forwarded", 1, GNUNET_NO); - GNUNET_assert (NULL == GCC_send_prebuilt_message (&msg->header, 0, 0, c, fwd, - GNUNET_NO, NULL, NULL)); - - - - return GNUNET_OK; -} - - - -/** - * Core handler for axolotl encrypted cadet network traffic. - * - * @param cls Closure (unused). - * @param message Message received. - * @param peer Neighbor who sent the message. - * - * @return GNUNET_OK, to keep the connection open. - */ -int -GCC_handle_ax (void *cls, const struct GNUNET_PeerIdentity *peer, - struct GNUNET_MessageHeader *message) -{ - return handle_cadet_encrypted (peer, message); -} - - /** * Core handler for cadet network traffic point-to-point acks. * diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c index 1462c5daa..272da9b4e 100644 --- a/src/cadet/gnunet-service-cadet_peer.c +++ b/src/cadet/gnunet-service-cadet_peer.c @@ -483,9 +483,7 @@ static struct GNUNET_CORE_MessageHandler core_handlers[] = { {&GCC_handle_poll, GNUNET_MESSAGE_TYPE_CADET_POLL, sizeof (struct GNUNET_CADET_Poll)}, {&GCC_handle_kx, GNUNET_MESSAGE_TYPE_CADET_KX, 0}, - {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0}, - {&GCC_handle_ax_kx, GNUNET_MESSAGE_TYPE_CADET_AX_KX, 0}, {NULL, 0, 0}, - {&GCC_handle_ax, GNUNET_MESSAGE_TYPE_CADET_AX, 0} + {&GCC_handle_encrypted, GNUNET_MESSAGE_TYPE_CADET_ENCRYPTED, 0} }; diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index ac49a5cad..577549f06 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c @@ -135,6 +135,21 @@ struct CadetTunnelKXCtx struct GNUNET_SCHEDULER_Task * finish_task; }; +/** + * Encryption systems possible. + */ +enum CadetTunnelEncryption +{ + /** + * Default Axolotl system. + */ + CADET_Axolotl, + + /** + * Fallback OTR-style encryption. + */ + CADET_Fallback +}; struct CadetTunnelSkippedKey { @@ -177,14 +192,24 @@ struct CadetTunnelAxolotl */ struct CadetTunnel { - /** - * Endpoint of the tunnel. - */ + /** + * Endpoint of the tunnel. + */ struct CadetPeer *peer; - /** - * State of the tunnel connectivity. - */ + /** + * Type of encryption used in the tunnel. + */ + enum CadetTunnelEncryption enc_type; + + /** + * Axolotl info. + */ + struct CadetTunnelAxolotl *ax; + + /** + * State of the tunnel connectivity. + */ enum CadetTunnelCState cstate; /** @@ -899,6 +924,13 @@ t_ax_decrypt_and_validate (struct CadetTunnel *t, void *dst, const void *src, size_t size, const struct GNUNET_CADET_Hash *msg_hmac) { + struct CadetTunnelAxolotl *ax; + + ax = t->ax; + + if (NULL == ax) + return -1; + return 0; } @@ -2005,6 +2037,14 @@ handle_ephemeral (struct CadetTunnel *t, return; } + /* If we get a proper OTR-style ephemeral, fallback to old crypto. */ + if (NULL != t->ax) + { + GNUNET_free (t->ax); + t->ax = NULL; + t->enc_type = CADET_Fallback; + } + /** * If the key is different from what we know, derive the new E/D keys. * Else destroy the rekey ctx (duplicate EPHM after successful KX). @@ -2098,6 +2138,23 @@ handle_pong (struct CadetTunnel *t, const struct GNUNET_CADET_KX_Pong *msg) } +/** + * . + * + * @param t Tunnel this message came on. + * @param msg Key eXchange Pong message. + */ +static void +handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg) +{ + + if (NULL == t->ax) + { + t->ax = GNUNET_new (struct CadetTunnelAxolotl); + } +} + + /** * Demultiplex by message type and call appropriate handler for a message * towards a channel of a local tunnel. @@ -2255,9 +2312,13 @@ GCT_handle_kx (struct CadetTunnel *t, handle_pong (t, (const struct GNUNET_CADET_KX_Pong *) message); break; + case GNUNET_MESSAGE_TYPE_CADET_AX_KX: + handle_kx_ax (t, (const struct GNUNET_CADET_AX_KX *) message); + break; + default: GNUNET_break_op (0); - LOG (GNUNET_ERROR_TYPE_DEBUG, "kx message not known (%u)\n", type); + LOG (GNUNET_ERROR_TYPE_WARNING, "kx message %s unknown\n", GC_m2s (type)); } }