[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated (7f4ddbcab -> 5fa1c7dc8)
|
From: |
gnunet |
|
Subject: |
[gnunet] branch master updated (7f4ddbcab -> 5fa1c7dc8) |
|
Date: |
Tue, 21 Jul 2020 12:37:22 +0200 |
This is an automated email from the git hooks/post-receive script.
t3sserakt pushed a change to branch master
in repository gnunet.
from 7f4ddbcab merge flags into enum for GNUNET_DISK_pipe() API, fixing
#6188
new 0c9911d73 TNG: Implemented 5530: add replay protection to TCP
communicator. Added monotime value checks
new d63986fa2 - make PREFIX work for communicator, to use valgrind and gdb
new 17d84245f - fixed mem leaks.
new 5fa1c7dc8 Merge branch 'master' of ssh://gnunet.org/gnunet
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/core/gnunet-service-core_kx.c | 113 ----
src/include/gnunet_core_service.h | 116 ++++
src/include/gnunet_crypto_lib.h | 11 +
src/include/gnunet_peerstore_service.h | 18 +
src/include/gnunet_protocols.h | 5 +
src/include/gnunet_signatures.h | 5 +
src/transport/Makefile.am | 1 +
src/transport/gnunet-communicator-tcp.c | 680 +++++++++++++++++++--
src/transport/gnunet-service-tng.c | 13 -
src/transport/test_communicator_basic.c | 16 +
.../test_communicator_tcp_basic_peer1.conf | 5 +
.../test_communicator_tcp_basic_peer2.conf | 5 +
.../test_communicator_tcp_rekey_peer1.conf | 9 +
.../test_communicator_tcp_rekey_peer2.conf | 9 +
.../test_communicator_udp_backchannel_peer1.conf | 7 +
.../test_communicator_udp_backchannel_peer2.conf | 7 +
.../test_communicator_udp_basic_peer1.conf | 7 +
.../test_communicator_udp_basic_peer2.conf | 8 +
.../test_communicator_udp_rekey_peer1.conf | 7 +
.../test_communicator_udp_rekey_peer2.conf | 7 +
.../test_communicator_unix_basic_peer1.conf | 7 +
.../test_communicator_unix_basic_peer2.conf | 7 +
src/transport/transport-testing2.c | 77 ++-
23 files changed, 940 insertions(+), 200 deletions(-)
diff --git a/src/core/gnunet-service-core_kx.c
b/src/core/gnunet-service-core_kx.c
index cafe658e8..a79ef075b 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -76,119 +76,6 @@
GNUNET_NETWORK_STRUCT_BEGIN
-/**
- * Message transmitted with the signed ephemeral key of a peer. The
- * session key is then derived from the two ephemeral keys (ECDHE).
- */
-struct EphemeralKeyMessage
-{
- /**
- * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Status of the sender (should be in `enum PeerStateMachine`), nbo.
- */
- int32_t sender_status GNUNET_PACKED;
-
- /**
- * An ECC signature of the @e origin_identity asserting the validity
- * of the given ephemeral key.
- */
- struct GNUNET_CRYPTO_EddsaSignature signature;
-
- /**
- * Information about what is being signed.
- */
- struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
-
- /**
- * At what time was this key created (beginning of validity).
- */
- struct GNUNET_TIME_AbsoluteNBO creation_time;
-
- /**
- * When does the given ephemeral key expire (end of validity).
- */
- struct GNUNET_TIME_AbsoluteNBO expiration_time;
-
- /**
- * Ephemeral public ECC key.
- */
- struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
-
- /**
- * Public key of the signing peer (persistent version, not the
- * ephemeral public key).
- */
- struct GNUNET_PeerIdentity origin_identity;
-};
-
-
-/**
- * We're sending an (encrypted) PING to the other peer to check if it
- * can decrypt. The other peer should respond with a PONG with the
- * same content, except this time encrypted with the receiver's key.
- */
-struct PingMessage
-{
- /**
- * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING.
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Seed for the IV
- */
- uint32_t iv_seed GNUNET_PACKED;
-
- /**
- * Intended target of the PING, used primarily to check
- * that decryption actually worked.
- */
- struct GNUNET_PeerIdentity target;
-
- /**
- * Random number chosen to make replay harder.
- */
- uint32_t challenge GNUNET_PACKED;
-};
-
-
-/**
- * Response to a PING. Includes data from the original PING.
- */
-struct PongMessage
-{
- /**
- * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG.
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Seed for the IV
- */
- uint32_t iv_seed GNUNET_PACKED;
-
- /**
- * Random number to make replay attacks harder.
- */
- uint32_t challenge GNUNET_PACKED;
-
- /**
- * Reserved, always zero.
- */
- uint32_t reserved;
-
- /**
- * Intended target of the PING, used primarily to check
- * that decryption actually worked.
- */
- struct GNUNET_PeerIdentity target;
-};
-
-
/**
* Encapsulation for encrypted messages exchanged between
* peers. Followed by the actual encrypted data.
diff --git a/src/include/gnunet_core_service.h
b/src/include/gnunet_core_service.h
index 66b292c3c..60bc3c2a6 100644
--- a/src/include/gnunet_core_service.h
+++ b/src/include/gnunet_core_service.h
@@ -48,6 +48,122 @@ extern "C" {
*/
#define GNUNET_CORE_VERSION 0x00000001
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Message transmitted with the signed ephemeral key of a peer. The
+ * session key is then derived from the two ephemeral keys (ECDHE).
+ */
+struct EphemeralKeyMessage
+{
+ /**
+ * Message type is #GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Status of the sender (should be in `enum PeerStateMachine`), nbo.
+ */
+ int32_t sender_status GNUNET_PACKED;
+
+ /**
+ * An ECC signature of the @e origin_identity asserting the validity
+ * of the given ephemeral key.
+ */
+ struct GNUNET_CRYPTO_EddsaSignature signature;
+
+ /**
+ * Information about what is being signed.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * At what time was this key created (beginning of validity).
+ */
+ struct GNUNET_TIME_AbsoluteNBO creation_time;
+
+ /**
+ * When does the given ephemeral key expire (end of validity).
+ */
+ struct GNUNET_TIME_AbsoluteNBO expiration_time;
+
+ /**
+ * Ephemeral public ECC key.
+ */
+ struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key;
+
+ /**
+ * Public key of the signing peer (persistent version, not the
+ * ephemeral public key).
+ */
+ struct GNUNET_PeerIdentity origin_identity;
+};
+
+
+/**
+ * We're sending an (encrypted) PING to the other peer to check if it
+ * can decrypt. The other peer should respond with a PONG with the
+ * same content, except this time encrypted with the receiver's key.
+ */
+struct PingMessage
+{
+ /**
+ * Message type is #GNUNET_MESSAGE_TYPE_CORE_PING.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Seed for the IV
+ */
+ uint32_t iv_seed GNUNET_PACKED;
+
+ /**
+ * Intended target of the PING, used primarily to check
+ * that decryption actually worked.
+ */
+ struct GNUNET_PeerIdentity target;
+
+ /**
+ * Random number chosen to make replay harder.
+ */
+ uint32_t challenge GNUNET_PACKED;
+};
+
+
+/**
+ * Response to a PING. Includes data from the original PING.
+ */
+struct PongMessage
+{
+ /**
+ * Message type is #GNUNET_MESSAGE_TYPE_CORE_PONG.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Seed for the IV
+ */
+ uint32_t iv_seed GNUNET_PACKED;
+
+ /**
+ * Random number to make replay attacks harder.
+ */
+ uint32_t challenge GNUNET_PACKED;
+
+ /**
+ * Reserved, always zero.
+ */
+ uint32_t reserved;
+
+ /**
+ * Intended target of the PING, used primarily to check
+ * that decryption actually worked.
+ */
+ struct GNUNET_PeerIdentity target;
+};
+
+
+GNUNET_NETWORK_STRUCT_END
/**
* Opaque handle to the service.
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 320701643..c1b0b3b1b 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -289,6 +289,17 @@ struct GNUNET_CRYPTO_SymmetricSessionKey
unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
};
+/**
+ * Type of a nonce used for challenges.
+ */
+struct ChallengeNonceP
+{
+ /**
+ * The value of the nonce. Note that this is NOT a hash.
+ */
+ struct GNUNET_ShortHashCode value;
+};
+
GNUNET_NETWORK_STRUCT_END
/**
diff --git a/src/include/gnunet_peerstore_service.h
b/src/include/gnunet_peerstore_service.h
index cd68dad66..91a8f2e66 100644
--- a/src/include/gnunet_peerstore_service.h
+++ b/src/include/gnunet_peerstore_service.h
@@ -67,6 +67,24 @@ extern "C" {
#define GNUNET_PEERSTORE_TRANSPORT_DVLEARN_MONOTIME \
"transport-dv-learn-monotonic-time"
+/**
+ * Key used to store sender's monotonic time from handshake message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE \
+ "transport-tcp-communicator-handshake"
+
+/**
+ * Key used to store sender's monotonic time from handshake ack message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK \
+ "transport-tcp-communicator-handshake-ack"
+
+/**
+ * Key used to store sender's monotonic time from rekey message.
+ */
+#define GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY \
+ "transport-tcp-communicator-rekey"
+
/**
* Options for storing values in PEERSTORE
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 0db6150aa..5af58664f 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -3292,6 +3292,11 @@ extern "C" {
*/
#define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH 1452
+/**
+ * TCP communicator confirmation ack.
+ */
+#define GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK 1453
+
/**
* UDP KX acknowledgement.
*/
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index 503113770..7c0c1d104 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -246,6 +246,11 @@ extern "C"
*/
#define GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR 38
+/**
+ * Signature by a peer sending back the nonce received at initial handshake.
+ */
+#define GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK 39
+
#if 0 /* keep Emacsens' auto-indent happy */
{
#endif
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 354bb1cf4..e0369059d 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -278,6 +278,7 @@ gnunet_communicator_tcp_SOURCES = \
gnunet-communicator-tcp.c
gnunet_communicator_tcp_LDADD = \
libgnunettransportcommunicator.la \
+ $(top_builddir)/src/peerstore/libgnunetpeerstore.la \
$(top_builddir)/src/nat/libgnunetnatnew.la \
$(top_builddir)/src/nt/libgnunetnt.la \
$(top_builddir)/src/statistics/libgnunetstatistics.la \
diff --git a/src/transport/gnunet-communicator-tcp.c
b/src/transport/gnunet-communicator-tcp.c
index 177b5c26c..ec9f5986a 100644
--- a/src/transport/gnunet-communicator-tcp.c
+++ b/src/transport/gnunet-communicator-tcp.c
@@ -24,26 +24,22 @@
* @author Christian Grothoff
*
* TODO:
- * - support DNS names in BINDTO option (#5528)
* - support NAT connection reversal method (#5529)
* - support other TCP-specific NAT traversal methods (#5531)
- * - add replay protection support to the protocol by
- * adding a nonce in the KX and requiring (!) a
- * nounce ACK to be send within the first X bytes of
- * data (#5530)
*/
#include "platform.h"
#include "gnunet_util_lib.h"
+#include "gnunet_core_service.h"
+#include "gnunet_peerstore_service.h"
#include "gnunet_protocols.h"
#include "gnunet_signatures.h"
#include "gnunet_constants.h"
#include "gnunet_nt_lib.h"
#include "gnunet_nat_service.h"
#include "gnunet_statistics_service.h"
-#include "gnunet_ats_transport_service.h"
-#include "transport.h"
#include "gnunet_transport_communication_service.h"
#include "gnunet_resolver_service.h"
+
/**
* How long do we believe our addresses to remain up (before
* the other peer should revalidate).
@@ -91,6 +87,13 @@
(sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) \
+ sizeof(struct TCPConfirmation))
+/**
+ * Size of the initial core key exchange messages.
+ */
+#define INITIAL_CORE_KX_SIZE \
+ (sizeof(struct EphemeralKeyMessage) \
+ + sizeof(struct PingMessage) \
+ + sizeof(struct PongMessage))
/**
* Address prefix used by the communicator.
@@ -136,8 +139,45 @@ struct TcpHandshakeSignature
* (if receiver persists times by sender).
*/
struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no
stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
};
+/**
+ * Signature we use to verify that the ack from the receiver of the ephemeral
key was really send by
+ * the specified sender.
+ */
+struct TcpHandshakeAckSignature
+{
+ /**
+ * Purpose must be #GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Identity of the inititor of the TCP connection (TCP client).
+ */
+ struct GNUNET_PeerIdentity sender;
+
+ /**
+ * Presumed identity of the target of the TCP connection (TCP server)
+ */
+ struct GNUNET_PeerIdentity receiver;
+
+ /**
+ * Monotonic time of @e sender, to possibly help detect replay attacks
+ * (if receiver persists times by sender).
+ */
+ struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no
stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+};
/**
* Encrypted continuation of TCP initial handshake.
@@ -159,8 +199,48 @@ struct TCPConfirmation
* (if receiver persists times by sender).
*/
struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no
stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+
};
+/**
+ * Ack for the encrypted continuation of TCP initial handshake.
+ */
+struct TCPConfirmationAck
+{
+
+
+ /**
+ * Type is #GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK.
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Sender's identity
+ */
+ struct GNUNET_PeerIdentity sender;
+
+ /**
+ * Sender's signature of type
#GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK
+ */
+ struct GNUNET_CRYPTO_EddsaSignature sender_sig;
+
+ /**
+ * Monotonic time of @e sender, to possibly help detect replay attacks
+ * (if receiver persists times by sender).
+ */
+ struct GNUNET_TIME_AbsoluteNBO monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no
stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+
+};
/**
* TCP message box. Always sent encrypted!
@@ -456,6 +536,56 @@ struct Queue
* re-decrypt ciphertext.
*/
int rekeyed;
+
+ /**
+ * Monotonic time value for rekey message.
+ */
+ struct GNUNET_TIME_AbsoluteNBO rekey_monotonic_time;
+
+ /**
+ * Monotonic time value for handshake message.
+ */
+ struct GNUNET_TIME_AbsoluteNBO handshake_monotonic_time;
+
+ /**
+ * Monotonic time value for handshake ack message.
+ */
+ struct GNUNET_TIME_AbsoluteNBO handshake_ack_monotonic_time;
+
+ /**
+ * Challenge value used to protect against replay attack, if there is no
stored monotonic time value.
+ */
+ struct ChallengeNonceP challenge;
+
+ /**
+ * Iteration Context for retrieving the monotonic time send with key for
rekeying.
+ */
+ struct GNUNET_PEERSTORE_IterateContext *rekey_monotime_get;
+
+ /**
+ * Iteration Context for retrieving the monotonic time send with the
handshake.
+ */
+ struct GNUNET_PEERSTORE_IterateContext *handshake_monotime_get;
+
+ /**
+ * Iteration Context for retrieving the monotonic time send with the
handshake ack.
+ */
+ struct GNUNET_PEERSTORE_IterateContext *handshake_ack_monotime_get;
+
+ /**
+ * Store Context for retrieving the monotonic time send with key for
rekeying.
+ */
+ struct GNUNET_PEERSTORE_StoreContext *rekey_monotime_sc;
+
+ /**
+ * Store Context for retrieving the monotonic time send with the handshake.
+ */
+ struct GNUNET_PEERSTORE_StoreContext *handshake_monotime_sc;
+
+ /**
+ * Store Context for retrieving the monotonic time send with the handshake
ack.
+ */
+ struct GNUNET_PEERSTORE_StoreContext *handshake_ack_monotime_sc;
};
@@ -535,7 +665,7 @@ struct PortOnlyIpv4Ipv6
/**
* Length of ipv4 address.
*/
- socklen_t *addr_len_ipv4;
+ socklen_t addr_len_ipv4;
/**
* Ipv6 address we like to bind to.
@@ -545,7 +675,7 @@ struct PortOnlyIpv4Ipv6
/**
* Length of ipv6 address.
*/
- socklen_t *addr_len_ipv6;
+ socklen_t addr_len_ipv6;
};
@@ -657,6 +787,16 @@ struct Addresses *addrs_tail;
*/
int addrs_lens;
+/**
+ * Size of data received without KX challenge played back.
+ */
+size_t unverified_size;
+
+/**
+ * Database for peer's HELLOs.
+ */
+static struct GNUNET_PEERSTORE_Handle *peerstore;
+
/**
* We have been notified that our listen socket has something to
* read. Do the read and reschedule this function to be called again
@@ -687,6 +827,36 @@ queue_destroy (struct Queue *queue)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Disconnecting queue for peer `%s'\n",
GNUNET_i2s (&queue->target));
+ if (NULL != queue->rekey_monotime_sc)
+ {
+ GNUNET_PEERSTORE_store_cancel (queue->rekey_monotime_sc);
+ queue->rekey_monotime_sc = NULL;
+ }
+ if (NULL != queue->handshake_monotime_sc)
+ {
+ GNUNET_PEERSTORE_store_cancel (queue->handshake_monotime_sc);
+ queue->handshake_monotime_sc = NULL;
+ }
+ if (NULL != queue->handshake_ack_monotime_sc)
+ {
+ GNUNET_PEERSTORE_store_cancel (queue->handshake_ack_monotime_sc);
+ queue->handshake_ack_monotime_sc = NULL;
+ }
+ if (NULL != queue->rekey_monotime_get)
+ {
+ GNUNET_PEERSTORE_iterate_cancel (queue->rekey_monotime_get);
+ queue->rekey_monotime_get = NULL;
+ }
+ if (NULL != queue->handshake_monotime_get)
+ {
+ GNUNET_PEERSTORE_iterate_cancel (queue->handshake_monotime_get);
+ queue->handshake_monotime_get = NULL;
+ }
+ if (NULL != queue->handshake_ack_monotime_get)
+ {
+ GNUNET_PEERSTORE_iterate_cancel (queue->handshake_ack_monotime_get);
+ queue->handshake_ack_monotime_get = NULL;
+ }
if (NULL != (mq = queue->mq))
{
queue->mq = NULL;
@@ -964,6 +1134,78 @@ setup_in_cipher (const struct
GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
setup_cipher (&dh, &my_identity, &queue->in_cipher, &queue->in_hmac);
}
+/**
+ * Callback called when peerstore store operation for rekey monotime value is
finished.
+ * @param cls Queue context the store operation was executed.
+ * @param success Store operation was successful (GNUNET_OK) or not.
+ */
+static void
+rekey_monotime_store_cb (void *cls, int success)
+{
+ struct Queue *queue = cls;
+ if (GNUNET_OK != success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store rekey monotonic time in PEERSTORE!\n");
+ }
+ queue->rekey_monotime_sc = NULL;
+}
+
+/**
+ * Callback called by peerstore when records for
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY
+ * where found.
+ * @param cls Queue context the store operation was executed.
+ * @param record The record found or NULL if there is no record left.
+ * @param emsg Message from peerstore.
+ */
+static void
+rekey_monotime_cb (void *cls,
+ const struct GNUNET_PEERSTORE_Record *record,
+ const char *emsg)
+{
+ struct Queue *queue = cls;
+ struct GNUNET_TIME_AbsoluteNBO *mtbe;
+ struct GNUNET_TIME_Absolute mt;
+ const struct GNUNET_PeerIdentity *pid;
+ struct GNUNET_TIME_AbsoluteNBO *rekey_monotonic_time;
+
+ (void) emsg;
+
+ rekey_monotonic_time = &queue->rekey_monotonic_time;
+ pid = &queue->target;
+ if (NULL == record)
+ {
+ queue->rekey_monotime_get = NULL;
+ return;
+ }
+ if (sizeof(*mtbe) != record->value_size)
+ {
+ GNUNET_break (0);
+ return;
+ }
+ mtbe = record->value;
+ mt = GNUNET_TIME_absolute_ntoh (*mtbe);
+ if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh (
+ queue->rekey_monotonic_time).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Queue from %s dropped, rekey monotime in the past\n",
+ GNUNET_i2s (&queue->target));
+ GNUNET_break (0);
+ queue_finish (queue);
+ return;
+ }
+ queue->rekey_monotime_sc = GNUNET_PEERSTORE_store (peerstore,
+
"transport_tcp_communicator",
+ pid,
+
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY,
+ rekey_monotonic_time,
+
sizeof(rekey_monotonic_time),
+
GNUNET_TIME_UNIT_FOREVER_ABS,
+
GNUNET_PEERSTORE_STOREOPTION_REPLACE,
+ &rekey_monotime_store_cb,
+ queue);
+}
/**
* Handle @a rekey message on @a queue. The message was already
@@ -983,7 +1225,6 @@ do_rekey (struct Queue *queue, const struct TCPRekey
*rekey)
thp.receiver = my_identity;
thp.ephemeral = rekey->ephemeral;
thp.monotonic_time = rekey->monotonic_time;
- /* FIXME: check monotonic time is monotonic... */
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY,
&thp,
@@ -994,11 +1235,93 @@ do_rekey (struct Queue *queue, const struct TCPRekey
*rekey)
queue_finish (queue);
return;
}
+ queue->rekey_monotonic_time = rekey->monotonic_time;
+ queue->rekey_monotime_get = GNUNET_PEERSTORE_iterate (peerstore,
+
"transport_tcp_communicator",
+ &queue->target,
+
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_REKEY,
+ &rekey_monotime_cb,
+ queue);
gcry_cipher_close (queue->in_cipher);
queue->rekeyed = GNUNET_YES;
setup_in_cipher (&rekey->ephemeral, queue);
}
+/**
+ * Callback called when peerstore store operation for handshake ack monotime
value is finished.
+ * @param cls Queue context the store operation was executed.
+ * @param success Store operation was successful (GNUNET_OK) or not.
+ */
+static void
+handshake_ack_monotime_store_cb (void *cls, int success)
+{
+ struct Queue *queue = cls;
+
+ if (GNUNET_OK != success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store handshake ack monotonic time in
PEERSTORE!\n");
+ }
+ queue->handshake_ack_monotime_sc = NULL;
+}
+
+/**
+ * Callback called by peerstore when records for
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK
+ * where found.
+ * @param cls Queue context the store operation was executed.
+ * @param record The record found or NULL if there is no record left.
+ * @param emsg Message from peerstore.
+ */
+static void
+handshake_ack_monotime_cb (void *cls,
+ const struct GNUNET_PEERSTORE_Record *record,
+ const char *emsg)
+{
+ struct Queue *queue = cls;
+ struct GNUNET_TIME_AbsoluteNBO *mtbe;
+ struct GNUNET_TIME_Absolute mt;
+ const struct GNUNET_PeerIdentity *pid;
+ struct GNUNET_TIME_AbsoluteNBO *handshake_ack_monotonic_time;
+
+ (void) emsg;
+
+ handshake_ack_monotonic_time = &queue->handshake_ack_monotonic_time;
+ pid = &queue->target;
+ if (NULL == record)
+ {
+ queue->handshake_ack_monotime_get = NULL;
+ return;
+ }
+ if (sizeof(*mtbe) != record->value_size)
+ {
+ GNUNET_break (0);
+ return;
+ }
+ mtbe = record->value;
+ mt = GNUNET_TIME_absolute_ntoh (*mtbe);
+ if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh (
+ queue->handshake_ack_monotonic_time).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Queue from %s dropped, handshake ack monotime in the past\n",
+ GNUNET_i2s (&queue->target));
+ GNUNET_break (0);
+ queue_finish (queue);
+ return;
+ }
+ queue->handshake_ack_monotime_sc = GNUNET_PEERSTORE_store (peerstore,
+
"transport_tcp_communicator",
+ pid,
+
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK,
+
handshake_ack_monotonic_time,
+ sizeof(
+
handshake_ack_monotonic_time),
+
GNUNET_TIME_UNIT_FOREVER_ABS,
+
GNUNET_PEERSTORE_STOREOPTION_REPLACE,
+ &
+
handshake_ack_monotime_store_cb,
+ queue);
+}
/**
* Test if we have received a full message in plaintext.
@@ -1012,6 +1335,8 @@ try_handle_plaintext (struct Queue *queue)
{
const struct GNUNET_MessageHeader *hdr =
(const struct GNUNET_MessageHeader *) queue->pread_buf;
+ const struct TCPConfirmationAck *tca = (const struct
+ TCPConfirmationAck *)
queue->pread_buf;
const struct TCPBox *box = (const struct TCPBox *) queue->pread_buf;
const struct TCPRekey *rekey = (const struct TCPRekey *) queue->pread_buf;
const struct TCPFinish *fin = (const struct TCPFinish *) queue->pread_buf;
@@ -1020,12 +1345,92 @@ try_handle_plaintext (struct Queue *queue)
struct GNUNET_ShortHashCode tmac;
uint16_t type;
size_t size = 0; /* make compiler happy */
+ struct TcpHandshakeAckSignature thas;
+ const struct ChallengeNonceP challenge = queue->challenge;
- if (sizeof(*hdr) > queue->pread_off)
+ if ((sizeof(*hdr) > queue->pread_off))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, not even a header!\n");
return 0; /* not even a header */
+ }
+
+ if ((-1 != unverified_size) && (unverified_size > INITIAL_CORE_KX_SIZE))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Already received data of size %u bigger than KX size %u!\n",
+ unverified_size,
+ INITIAL_CORE_KX_SIZE);
+ GNUNET_break_op (0);
+ queue_finish (queue);
+ return 0;
+ }
+
type = ntohs (hdr->type);
switch (type)
{
+ case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK:
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "start processing ack\n");
+ if (sizeof(*tca) > queue->pread_off)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext size of tca greater than pread
offset.\n");
+ return 0;
+ }
+ if (ntohs (hdr->size) != sizeof(*tca))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext size does not match message type.\n");
+ GNUNET_break_op (0);
+ queue_finish (queue);
+ return 0;
+ }
+
+ thas.purpose.purpose = htonl (
+ GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK);
+ thas.purpose.size = htonl (sizeof(thas));
+ thas.sender = tca->sender;
+ thas.receiver = my_identity;
+ thas.monotonic_time = tca->monotonic_time;
+ thas.challenge = tca->challenge;
+
+ if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_verify (
+ GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK,
+ &thas,
+ &tca->sender_sig,
+ &tca->sender.public_key))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Verification of signature failed!\n");
+ GNUNET_break (0);
+ queue_finish (queue);
+ return 0;
+ }
+ if (0 != GNUNET_memcmp (&tca->challenge, &challenge))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Challenge in TCPConfirmationAck not correct!\n");
+ GNUNET_break (0);
+ queue_finish (queue);
+ return 0;
+ }
+
+ queue->handshake_ack_monotime_get = GNUNET_PEERSTORE_iterate (peerstore,
+
"transport_tcp_communicator",
+
&queue->target,
+
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE_ACK,
+ &
+
handshake_ack_monotime_cb,
+ queue);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, ack processed!");
+
+ unverified_size = -1;
+
+ size = ntohs (hdr->size);
+ break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_BOX:
/* Special case: header size excludes box itself! */
if (ntohs (hdr->size) + sizeof(struct TCPBox) > queue->pread_off)
@@ -1039,6 +1444,8 @@ try_handle_plaintext (struct Queue *queue)
}
pass_plaintext_to_core (queue, (const void *) &box[1], ntohs (hdr->size));
size = ntohs (hdr->size) + sizeof(*box);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, box processed!\n");
break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_REKEY:
@@ -1061,6 +1468,8 @@ try_handle_plaintext (struct Queue *queue)
}
do_rekey (queue, rekey);
size = ntohs (hdr->size);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, rekey processed!\n");
break;
case GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_FINISH:
@@ -1083,14 +1492,20 @@ try_handle_plaintext (struct Queue *queue)
}
/* handle FINISH by destroying queue */
queue_destroy (queue);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, finish processed!\n");
break;
default:
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Handling plaintext, nothing processed!\n");
GNUNET_break_op (0);
queue_finish (queue);
return 0;
}
GNUNET_assert (0 != size);
+ if (-1 != unverified_size)
+ unverified_size += size;
return size;
}
@@ -1216,10 +1631,6 @@ tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len,
struct sockaddr_in6 v6,
{
struct sockaddr *in;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "1 address %s\n",
- GNUNET_a2s (in, *sock_len));
-
v6.sin6_family = AF_INET6;
v6.sin6_port = htons ((uint16_t) port);
#if HAVE_SOCKADDR_IN_SIN_LEN
@@ -1227,9 +1638,6 @@ tcp_address_to_sockaddr_numeric_v6 (socklen_t *sock_len,
struct sockaddr_in6 v6,
#endif
in = GNUNET_memdup (&v6, sizeof(v6));
*sock_len = sizeof(struct sockaddr_in6);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "address %s\n",
- GNUNET_a2s (in, *sock_len));
return in;
}
@@ -1294,7 +1702,7 @@ tcp_address_to_sockaddr_port_only (const char *bindto,
unsigned int *port)
i4 = GNUNET_malloc (sizeof(struct sockaddr_in));
po->addr_ipv4 = tcp_address_to_sockaddr_numeric_v4 (&sock_len_ipv4, *i4,
*port);
- po->addr_len_ipv4 = &sock_len_ipv4;
+ po->addr_len_ipv4 = sock_len_ipv4;
}
else
{
@@ -1302,21 +1710,19 @@ tcp_address_to_sockaddr_port_only (const char *bindto,
unsigned int *port)
i4 = GNUNET_malloc (sizeof(struct sockaddr_in));
po->addr_ipv4 = tcp_address_to_sockaddr_numeric_v4 (&sock_len_ipv4, *i4,
*port);
- po->addr_len_ipv4 = &sock_len_ipv4;
-
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "3.5 address %s\n",
- GNUNET_a2s (po->addr_ipv4, sock_len_ipv4));
+ po->addr_len_ipv4 = sock_len_ipv4;
i6 = GNUNET_malloc (sizeof(struct sockaddr_in6));
po->addr_ipv6 = tcp_address_to_sockaddr_numeric_v6 (&sock_len_ipv6, *i6,
*port);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "3 address %s\n",
- GNUNET_a2s (po->addr_ipv6, sock_len_ipv6));
- po->addr_len_ipv6 = &sock_len_ipv6;
+ po->addr_len_ipv6 = sock_len_ipv6;
+
+ GNUNET_free (i6);
}
+
+ GNUNET_free (i4);
+
return po;
}
@@ -1361,7 +1767,7 @@ extract_address (const char *bindto)
}
}
- // GNUNET_free(cp);
+ GNUNET_free (cp);
return start;
}
@@ -1827,12 +2233,16 @@ transmit_kx (struct Queue *queue,
tc.sender = my_identity;
tc.monotonic_time =
GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ &tc.challenge,
+ sizeof(tc.challenge));
ths.purpose.purpose = htonl (GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE);
ths.purpose.size = htonl (sizeof(ths));
ths.sender = my_identity;
ths.receiver = queue->target;
ths.ephemeral = *epub;
ths.monotonic_time = tc.monotonic_time;
+ ths.challenge = tc.challenge;
GNUNET_CRYPTO_eddsa_sign (my_private_key,
&ths,
&tc.sender_sig);
@@ -1842,7 +2252,12 @@ transmit_kx (struct Queue *queue,
sizeof(tc),
&tc,
sizeof(tc)));
+ queue->challenge = tc.challenge;
queue->cwrite_off += sizeof(tc);
+
+ GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
+ "transport",
+ "handshake written\n");
}
@@ -1864,6 +2279,80 @@ start_initial_kx_out (struct Queue *queue)
transmit_kx (queue, &epub);
}
+/**
+ * Callback called when peerstore store operation for handshake monotime is
finished.
+ * @param cls Queue context the store operation was executed.
+ * @param success Store operation was successful (GNUNET_OK) or not.
+ */
+static void
+handshake_monotime_store_cb (void *cls, int success)
+{
+ struct Queue *queue = cls;
+ if (GNUNET_OK != success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store handshake monotonic time in PEERSTORE!\n");
+ }
+ queue->handshake_monotime_sc = NULL;
+}
+
+/**
+ * Callback called by peerstore when records for
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE
+ * where found.
+ * @param cls Queue context the store operation was executed.
+ * @param record The record found or NULL if there is no record left.
+ * @param emsg Message from peerstore.
+ */
+static void
+handshake_monotime_cb (void *cls,
+ const struct GNUNET_PEERSTORE_Record *record,
+ const char *emsg)
+{
+ struct Queue *queue = cls;
+ struct GNUNET_TIME_AbsoluteNBO *mtbe;
+ struct GNUNET_TIME_Absolute mt;
+ const struct GNUNET_PeerIdentity *pid;
+ struct GNUNET_TIME_AbsoluteNBO *handshake_monotonic_time;
+
+ (void) emsg;
+
+ handshake_monotonic_time = &queue->handshake_monotonic_time;
+ pid = &queue->target;
+ if (NULL == record)
+ {
+ queue->handshake_monotime_get = NULL;
+ return;
+ }
+ if (sizeof(*mtbe) != record->value_size)
+ {
+ GNUNET_break (0);
+ return;
+ }
+ mtbe = record->value;
+ mt = GNUNET_TIME_absolute_ntoh (*mtbe);
+ if (mt.abs_value_us > GNUNET_TIME_absolute_ntoh (
+ queue->handshake_monotonic_time).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Queue from %s dropped, handshake monotime in the past\n",
+ GNUNET_i2s (&queue->target));
+ GNUNET_break (0);
+ queue_finish (queue);
+ return;
+ }
+ queue->handshake_monotime_sc = GNUNET_PEERSTORE_store (peerstore,
+
"transport_tcp_communicator",
+ pid,
+
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE,
+
handshake_monotonic_time,
+ sizeof(
+
handshake_monotonic_time),
+
GNUNET_TIME_UNIT_FOREVER_ABS,
+
GNUNET_PEERSTORE_STOREOPTION_REPLACE,
+ &
+
handshake_monotime_store_cb,
+ queue);
+}
/**
* We have received the first bytes from the other side on a @a queue.
@@ -1896,13 +2385,19 @@ decrypt_and_check_tc (struct Queue *queue,
ths.receiver = my_identity;
memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey));
ths.monotonic_time = tc->monotonic_time;
- /* FIXME: check monotonic time against previous mono times
- from this sender! */
+ ths.challenge = tc->challenge;
return GNUNET_CRYPTO_eddsa_verify (
GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE,
&ths,
&tc->sender_sig,
&tc->sender.public_key);
+ queue->handshake_monotime_get = GNUNET_PEERSTORE_iterate (peerstore,
+
"transport_tcp_communicator",
+ &queue->target,
+
GNUNET_PEERSTORE_TRANSPORT_TCP_COMMUNICATOR_HANDSHAKE,
+ &
+
handshake_monotime_cb,
+ queue);
}
@@ -1930,6 +2425,47 @@ free_proto_queue (struct ProtoQueue *pq)
GNUNET_free (pq);
}
+/**
+ * Sending challenge with TcpConfirmationAck back to sender of ephemeral key.
+ *
+ * @param tc The TCPConfirmation originally send.
+ * @param queue The queue context.
+ */
+static void
+send_challenge (struct TCPConfirmation tc, struct Queue *queue)
+{
+ struct TCPConfirmationAck tca;
+ struct TcpHandshakeAckSignature thas;
+
+ GNUNET_log_from_nocheck (GNUNET_ERROR_TYPE_DEBUG,
+ "transport",
+ "sending challenge\n");
+
+ tca.header.type = ntohs (
+ GNUNET_MESSAGE_TYPE_COMMUNICATOR_TCP_CONFIRMATION_ACK);
+ tca.header.size = ntohs (sizeof(tca));
+ tca.challenge = tc.challenge;
+ tca.sender = my_identity;
+ tca.monotonic_time =
+ GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (cfg));
+ thas.purpose.purpose = htonl (
+ GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE_ACK);
+ thas.purpose.size = htonl (sizeof(thas));
+ thas.sender = my_identity;
+ thas.receiver = queue->target;
+ thas.monotonic_time = tca.monotonic_time;
+ thas.challenge = tca.challenge;
+ GNUNET_CRYPTO_eddsa_sign (my_private_key,
+ &thas,
+ &tca.sender_sig);
+ GNUNET_assert (0 ==
+ gcry_cipher_encrypt (queue->out_cipher,
+ &queue->cwrite_buf[queue->cwrite_off],
+ sizeof(tca),
+ &tca,
+ sizeof(tca)));
+ queue->cwrite_off += sizeof(tca);
+}
/**
* Read from the socket of the proto queue until we have enough data
@@ -1999,6 +2535,11 @@ proto_read_kx (void *cls)
queue->listen_task = pq->listen_task;
queue->listen_sock = pq->listen_sock;
queue->sock = pq->sock;
+
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "start kx proto\n");
+
start_initial_kx_out (queue);
boot_queue (queue, GNUNET_TRANSPORT_CS_INBOUND);
queue->read_task =
@@ -2011,6 +2552,8 @@ proto_read_kx (void *cls)
queue->sock,
&queue_write,
queue);
+ send_challenge (tc, queue);
+
GNUNET_CONTAINER_DLL_remove (proto_head, proto_tail, pq);
GNUNET_free (pq);
}
@@ -2134,7 +2677,7 @@ queue_read_kx (void *cls)
queue_destroy (queue);
return;
}
-
+ send_challenge (tc, queue);
/* update queue timeout */
reschedule_queue_timeout (queue);
/* prepare to continue with regular read task immediately */
@@ -2227,6 +2770,11 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity
*peer, const char *address)
queue->sock,
&queue_read_kx,
queue);
+
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "start kx mq_init\n");
+
start_initial_kx_out (queue);
queue->write_task =
GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
@@ -2346,10 +2894,6 @@ nat_address_cb (void *cls,
char *my_addr;
struct GNUNET_TRANSPORT_AddressIdentifier *ai;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "1 nat_address %s\n",
- GNUNET_a2s (addr, addrlen));
-
if (GNUNET_YES == add_remove)
{
enum GNUNET_NetworkType nt;
@@ -2399,10 +2943,6 @@ init_socket (const struct sockaddr *addr,
return GNUNET_SYSERR;
}
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "4 address %s\n",
- GNUNET_a2s (addr, in_len));
-
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"address %s\n",
GNUNET_a2s (addr, in_len));
@@ -2465,7 +3005,8 @@ init_socket (const struct sockaddr *addr,
GNUNET_ERROR_TYPE_ERROR,
_ (
"Transport service is lacking key configuration settings.
Exiting.\n"));
- GNUNET_RESOLVER_request_cancel (resolve_request_handle);
+ if (NULL != resolve_request_handle)
+ GNUNET_RESOLVER_request_cancel (resolve_request_handle);
GNUNET_SCHEDULER_shutdown ();
return GNUNET_SYSERR;
}
@@ -2496,7 +3037,8 @@ init_socket (const struct sockaddr *addr,
if (NULL == ch)
{
GNUNET_break (0);
- GNUNET_RESOLVER_request_cancel (resolve_request_handle);
+ if (NULL != resolve_request_handle)
+ GNUNET_RESOLVER_request_cancel (resolve_request_handle);
GNUNET_SCHEDULER_shutdown ();
return GNUNET_SYSERR;
}
@@ -2518,35 +3060,20 @@ nat_register ()
int i;
struct Addresses *pos;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "nat here\n");
-
i = 0;
saddrs = GNUNET_malloc ((addrs_lens + 1) * sizeof(struct sockaddr *));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "2 nat here\n");
-
saddr_lens = GNUNET_malloc ((addrs_lens + 1) * sizeof(socklen_t));
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "3 nat here\n");
-
for (pos = addrs_head; NULL != pos; pos = pos->next)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "5 nat here\n");
-
saddr_lens[i] = addrs_head->addr_len;
saddrs[i] = GNUNET_malloc (saddr_lens[i]);
saddrs[i] = addrs_head->addr;
i++;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "6 nat here\n");
-
}
nat = GNUNET_NAT_register (cfg,
@@ -2559,10 +3086,18 @@ nat_register ()
NULL /* FIXME: support reversal: #5529 */,
NULL /* closure */);
+ i = 0;
+
+ /*for (i = addrs_lens - 1; i >= 0; i--)
+ GNUNET_free (saddrs[i]);*/
+ GNUNET_free_non_null (saddrs);
+ GNUNET_free_non_null (saddr_lens);
+
if (NULL == nat)
{
GNUNET_break (0);
- GNUNET_RESOLVER_request_cancel (resolve_request_handle);
+ if (NULL != resolve_request_handle)
+ GNUNET_RESOLVER_request_cancel (resolve_request_handle);
GNUNET_SCHEDULER_shutdown ();
}
}
@@ -2662,6 +3197,8 @@ run (void *cls,
char dummy[2];
char *rest = NULL;
struct PortOnlyIpv4Ipv6 *po;
+ socklen_t addr_len_ipv4;
+ socklen_t addr_len_ipv6;
(void) cls;
cfg = c;
@@ -2689,6 +3226,13 @@ run (void *cls,
&rekey_interval))
rekey_interval = DEFAULT_REKEY_INTERVAL;
+ peerstore = GNUNET_PEERSTORE_connect (cfg);
+ if (NULL == peerstore)
+ {
+ GNUNET_break (0);
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ }
// cp = GNUNET_strdup (bindto);
start = extract_address (bindto);
@@ -2697,16 +3241,24 @@ run (void *cls,
{
po = tcp_address_to_sockaddr_port_only (bindto, &port);
- if (NULL != &po->addr_ipv4)
+ addr_len_ipv4 = po->addr_len_ipv4;
+
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "address po %s\n",
+ GNUNET_a2s (po->addr_ipv4, addr_len_ipv4));
+
+ if (NULL != po->addr_ipv4)
{
- init_socket (po->addr_ipv4, *po->addr_len_ipv4);
- add_addr (po->addr_ipv4, *po->addr_len_ipv4);
+ init_socket (po->addr_ipv4, addr_len_ipv4);
+ add_addr (po->addr_ipv4, addr_len_ipv4);
}
- if (NULL != &po->addr_ipv6)
+ if (NULL != po->addr_ipv6)
{
- init_socket (po->addr_ipv6, *po->addr_len_ipv6);
- add_addr (po->addr_ipv6, *po->addr_len_ipv6);
+ addr_len_ipv6 = po->addr_len_ipv6;
+ init_socket (po->addr_ipv6, addr_len_ipv6);
+ add_addr (po->addr_ipv6, addr_len_ipv6);
}
nat_register ();
diff --git a/src/transport/gnunet-service-tng.c
b/src/transport/gnunet-service-tng.c
index 5f3178939..baefdfa88 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -329,19 +329,6 @@ struct AcknowledgementUUIDP
struct GNUNET_Uuid value;
};
-
-/**
- * Type of a nonce used for challenges.
- */
-struct ChallengeNonceP
-{
- /**
- * The value of the nonce. Note that this is NOT a hash.
- */
- struct GNUNET_ShortHashCode value;
-};
-
-
/**
* Outer layer of an encapsulated backchannel message.
*/
diff --git a/src/transport/test_communicator_basic.c
b/src/transport/test_communicator_basic.c
index 45c268684..e2d2eb73c 100644
--- a/src/transport/test_communicator_basic.c
+++ b/src/transport/test_communicator_basic.c
@@ -587,6 +587,7 @@ main (int argc,
GNUNET_asprintf (&communicator_binary,
"gnunet-communicator-%s",
communicator_name);
+
if (GNUNET_OK !=
GNUNET_log_setup ("test_communicator_basic",
"DEBUG",
@@ -645,6 +646,21 @@ main (int argc,
GNUNET_i2s_full (&peer_id[i]));
}
LOG (GNUNET_ERROR_TYPE_MESSAGE, "Starting test...\n");
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "argv[0]: %s\n",
+ argv[0]);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "test_name: %s\n",
+ test_name);
+
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "communicator_name: %s\n",
+ communicator_name);
+
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "communicator_binary: %s\n",
+ communicator_binary);
+
GNUNET_SCHEDULER_run (&run,
NULL);
return ret;
diff --git a/src/transport/test_communicator_tcp_basic_peer1.conf
b/src/transport/test_communicator_tcp_basic_peer1.conf
index d0293ff51..c08737b7b 100644
--- a/src/transport/test_communicator_tcp_basic_peer1.conf
+++ b/src/transport/test_communicator_tcp_basic_peer1.conf
@@ -19,10 +19,15 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
[communicator-tcp]
+#PREFIX = xterm -geometry 100x85 -T peer1 -e gdb --args
+#PREFIX = valgrind --leak-check=full --track-origins=yes
BINDTO = 60002
DISABLE_V6 = NO
diff --git a/src/transport/test_communicator_tcp_basic_peer2.conf
b/src/transport/test_communicator_tcp_basic_peer2.conf
index 5b9050547..45b7e7844 100644
--- a/src/transport/test_communicator_tcp_basic_peer2.conf
+++ b/src/transport/test_communicator_tcp_basic_peer2.conf
@@ -20,10 +20,15 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
[communicator-tcp]
+#PREFIX = xterm -geometry 100x85 -T peer2 -e gdb --args
+#PREFIX = valgrind --leak-check=full --track-origins=yes
BINDTO = 60003
DISABLE_V6 = NO
diff --git a/src/transport/test_communicator_tcp_rekey_peer1.conf
b/src/transport/test_communicator_tcp_rekey_peer1.conf
index 18028cd48..901f415ef 100644
--- a/src/transport/test_communicator_tcp_rekey_peer1.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer1.conf
@@ -20,10 +20,19 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
[communicator-tcp]
+#PREFIX = xterm -geometry 100x85 -T peer1 -e gdb --args
+#PREFIX = valgrind --leak-check=full --track-origins=yes
BINDTO = 60002
DISABLE_V6 = YES
REKEY_INTERVAL = 100ms
diff --git a/src/transport/test_communicator_tcp_rekey_peer2.conf
b/src/transport/test_communicator_tcp_rekey_peer2.conf
index 7d7179578..138650a3b 100644
--- a/src/transport/test_communicator_tcp_rekey_peer2.conf
+++ b/src/transport/test_communicator_tcp_rekey_peer2.conf
@@ -20,10 +20,19 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
[communicator-tcp]
+#PREFIX = xterm -geometry 100x85 -T peer1 -e gdb --args
+#PREFIX = valgrind --leak-check=full --track-origins=yes
BINDTO = 60003
DISABLE_V6 = YES
REKEY_INTERVAL = 100ms
diff --git a/src/transport/test_communicator_udp_backchannel_peer1.conf
b/src/transport/test_communicator_udp_backchannel_peer1.conf
index 0c595b77b..b99a76d6c 100644
--- a/src/transport/test_communicator_udp_backchannel_peer1.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
diff --git a/src/transport/test_communicator_udp_backchannel_peer2.conf
b/src/transport/test_communicator_udp_backchannel_peer2.conf
index d29f37ec9..48bd54c8b 100644
--- a/src/transport/test_communicator_udp_backchannel_peer2.conf
+++ b/src/transport/test_communicator_udp_backchannel_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
diff --git a/src/transport/test_communicator_udp_basic_peer1.conf
b/src/transport/test_communicator_udp_basic_peer1.conf
index 4cfb6f72f..d53a55210 100644
--- a/src/transport/test_communicator_udp_basic_peer1.conf
+++ b/src/transport/test_communicator_udp_basic_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-udp]
BINDTO = 60002
DISABLE_V6 = YES
diff --git a/src/transport/test_communicator_udp_basic_peer2.conf
b/src/transport/test_communicator_udp_basic_peer2.conf
index b9bed2756..f05ebc5cb 100644
--- a/src/transport/test_communicator_udp_basic_peer2.conf
+++ b/src/transport/test_communicator_udp_basic_peer2.conf
@@ -20,6 +20,14 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-udp]
BINDTO = 60003
DISABLE_V6 = YES
diff --git a/src/transport/test_communicator_udp_rekey_peer1.conf
b/src/transport/test_communicator_udp_rekey_peer1.conf
index 18028cd48..e7161e488 100644
--- a/src/transport/test_communicator_udp_rekey_peer1.conf
+++ b/src/transport/test_communicator_udp_rekey_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_1.sock
diff --git a/src/transport/test_communicator_udp_rekey_peer2.conf
b/src/transport/test_communicator_udp_rekey_peer2.conf
index 7d7179578..8f175a405 100644
--- a/src/transport/test_communicator_udp_rekey_peer2.conf
+++ b/src/transport/test_communicator_udp_rekey_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/test_gnunet-communicator-unix_2.sock
diff --git a/src/transport/test_communicator_unix_basic_peer1.conf
b/src/transport/test_communicator_unix_basic_peer1.conf
index d50588007..71283e381 100644
--- a/src/transport/test_communicator_unix_basic_peer1.conf
+++ b/src/transport/test_communicator_unix_basic_peer1.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_1.sock
UNIXPATH = $GNUNET_TMP/communicator-unix-1/nat.sock
ENABLE_IPSCAN = YES
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-1/peerstore.sock
+
+[resolver]
+PORT = 62089
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_1.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-1.sock
diff --git a/src/transport/test_communicator_unix_basic_peer2.conf
b/src/transport/test_communicator_unix_basic_peer2.conf
index fe27ef1a6..ac95845b2 100644
--- a/src/transport/test_communicator_unix_basic_peer2.conf
+++ b/src/transport/test_communicator_unix_basic_peer2.conf
@@ -20,6 +20,13 @@ UNIXPATH =
$GNUNET_RUNTIME_DIR/gnunet-service-transport_test_2.sock
[nat]
UNIXPATH = $GNUNET_TMP/communicator-unix-2/nat.sock
+[peerstore]
+UNIXPATH = $GNUNET_TMP/test-communicator-unix-2/peerstore.sock
+
+[resolver]
+PORT = 62090
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-resolver_test_2.sock
+
[communicator-unix]
UNIXPATH = $GNUNET_RUNTIME_DIR/communicator-unix-2.sock
diff --git a/src/transport/transport-testing2.c
b/src/transport/transport-testing2.c
index 772ad9f2d..10b064241 100644
--- a/src/transport/transport-testing2.c
+++ b/src/transport/transport-testing2.c
@@ -113,6 +113,11 @@ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle
*/
struct GNUNET_OS_Process *resolver_proc;
+ /**
+ * peerstore service process
+ */
+ struct GNUNET_OS_Process *ps_proc;
+
/**
* @brief Task that will be run on shutdown to stop and clean communicator
*/
@@ -892,6 +897,12 @@ shutdown_process (struct GNUNET_OS_Process *proc)
GNUNET_OS_process_destroy (proc);
}
+static void
+shutdown_peerstore (void *cls)
+{
+ struct GNUNET_OS_Process *proc = cls;
+ shutdown_process (proc);
+}
static void
shutdown_communicator (void *cls)
@@ -912,19 +923,31 @@ communicator_start (
const char *binary_name)
{
char *binary;
+ char *loprefix;
+ char *section_name;
LOG (GNUNET_ERROR_TYPE_DEBUG, "communicator_start\n");
+
+ section_name = strchr (binary_name, '-');
+ section_name++;
+
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (tc_h->cfg,
+ section_name,
+ "PREFIX",
+ &loprefix))
+ loprefix = GNUNET_strdup ("");
+
+
binary = GNUNET_OS_get_libexec_binary_path (binary_name);
- tc_h->c_proc = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_OUT_AND_ERR
- | GNUNET_OS_USE_PIPE_CONTROL,
- NULL,
- NULL,
- NULL,
- binary,
- binary_name,
- "-c",
- tc_h->cfg_filename,
- NULL);
+ tc_h->c_proc = GNUNET_OS_start_process_s (GNUNET_YES,
+ GNUNET_OS_INHERIT_STD_OUT_AND_ERR,
+ NULL,
+ loprefix,
+ binary,
+ binary_name,
+ "-c",
+ tc_h->cfg_filename,
+ NULL);
if (NULL == tc_h->c_proc)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start communicator!");
@@ -991,6 +1014,37 @@ resolver_start (struct
}
+/**
+ * @brief Start Peerstore
+ *
+ */
+static void
+peerstore_start (
+ struct GNUNET_TRANSPORT_TESTING_TransportCommunicatorHandle *tc_h)
+{
+ char *binary;
+
+ LOG (GNUNET_ERROR_TYPE_DEBUG, "peerstore_start\n");
+ binary = GNUNET_OS_get_libexec_binary_path ("gnunet-service-peerstore");
+ tc_h->ps_proc = GNUNET_OS_start_process (GNUNET_YES,
+ GNUNET_OS_INHERIT_STD_OUT_AND_ERR,
+ NULL,
+ NULL,
+ NULL,
+ binary,
+ "gnunet-service-peerstore",
+ "-c",
+ tc_h->cfg_filename,
+ NULL);
+ if (NULL == tc_h->ps_proc)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to start Peerstore!");
+ return;
+ }
+ LOG (GNUNET_ERROR_TYPE_INFO, "started Peerstore\n");
+ GNUNET_free (binary);
+}
+
/**
* @brief Start NAT
*
@@ -1087,6 +1141,8 @@
GNUNET_TRANSPORT_TESTING_transport_communicator_service_start (
nat_start (tc_h);
/* Start resolver service */
resolver_start (tc_h);
+ /* Start peerstore service */
+ peerstore_start (tc_h);
/* Schedule start communicator */
communicator_start (tc_h,
binary_name);
@@ -1102,6 +1158,7 @@
GNUNET_TRANSPORT_TESTING_transport_communicator_service_stop (
shutdown_service (tc_h->sh);
shutdown_nat (tc_h->nat_proc);
shutdown_resolver (tc_h->resolver_proc);
+ shutdown_peerstore (tc_h->ps_proc);
GNUNET_CONFIGURATION_destroy (tc_h->cfg);
GNUNET_free (tc_h);
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated (7f4ddbcab -> 5fa1c7dc8),
gnunet <=