[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: - added secret destroy. Started with rek
From: |
gnunet |
Subject: |
[gnunet] branch master updated: - added secret destroy. Started with rekey logic |
Date: |
Fri, 16 Oct 2020 17:47:25 +0200 |
This is an automated email from the git hooks/post-receive script.
t3sserakt pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 4b69b0866 - added secret destroy. Started with rekey logic
new cde9403a6 Merge branch 'master' of ssh://gnunet.org/gnunet
4b69b0866 is described below
commit 4b69b0866d7f29efeb92176e518ddbb6a9052033
Author: t3sserakt <t3ss@posteo.de>
AuthorDate: Fri Oct 16 17:31:04 2020 +0200
- added secret destroy. Started with rekey logic
---
src/transport/gnunet-communicator-udp.c | 83 +++++++++++++++++++++++++++++++--
1 file changed, 80 insertions(+), 3 deletions(-)
diff --git a/src/transport/gnunet-communicator-udp.c
b/src/transport/gnunet-communicator-udp.c
index 4dc65896e..e967e8e9a 100644
--- a/src/transport/gnunet-communicator-udp.c
+++ b/src/transport/gnunet-communicator-udp.c
@@ -134,7 +134,7 @@
* sense. Might make sense to adapt to RTT if we had
* a good measurement...
*/
-#define MAX_SECRETS 128
+#define MAX_SECRETS 128000
/**
* How often do we rekey based on number of bytes transmitted?
@@ -670,6 +670,11 @@ struct BroadcastInterface
int found;
};
+/**
+ * Timeout for this receiver address.
+ */
+struct GNUNET_TIME_Absolute *rekey_timeout;
+
/**
* Shared secret we finished the last kce working queue for.
*/
@@ -953,12 +958,20 @@ kce_generate (struct SharedSecret *ss, uint32_t seq)
* @param ss shared secret to destroy
*/
static void
-secret_destroy (struct SharedSecret *ss)
+secret_destroy (struct SharedSecret *ss, int withoutKce)
{
struct SenderAddress *sender;
struct ReceiverAddress *receiver;
struct KeyCacheEntry *kce;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "secret destroy %u %u\n",
+ withoutKce,
+ ss->sequence_allowed);
+
+ if (withoutKce && (ss->sequence_allowed > 0))
+ return;
+
if (NULL != (sender = ss->sender))
{
GNUNET_CONTAINER_DLL_remove (sender->ss_head, sender->ss_tail, ss);
@@ -1319,8 +1332,11 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity
*pid, void *value)
{
const struct UDPAck *ack = cls;
struct ReceiverAddress *receiver = value;
+ struct SharedSecret *pos;
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"in handle ack\n");
+ struct SharedSecret *ss_to_destroy;
(void) pid;
for (struct SharedSecret *ss = receiver->ss_head; NULL != ss; ss = ss->next)
@@ -1355,6 +1371,14 @@ handle_ack (void *cls, const struct GNUNET_PeerIdentity
*pid, void *value)
/* move ss to head to avoid discarding it anytime soon! */
GNUNET_CONTAINER_DLL_remove (receiver->ss_head, receiver->ss_tail, ss);
GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
+ pos = receiver->ss_head;
+ while ( NULL != pos)
+ {
+ ss_to_destroy = pos;
+ pos = pos->next;
+
+ secret_destroy (ss_to_destroy, GNUNET_YES);
+ }
}
// Uncomment this for alternativ 2 of backchannel functionality
@@ -1465,6 +1489,9 @@ kce_generate_cb (void *cls)
static void
consider_ss_ack (struct SharedSecret *ss, int initial)
{
+ struct SharedSecret *ss_to_destroy;
+ struct SharedSecret *pos;
+
GNUNET_assert (NULL != ss->sender);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Considering SS UDPAck %s\n",
@@ -1508,9 +1535,18 @@ consider_ss_ack (struct SharedSecret *ss, int initial)
&ss_finished->sender->target,
COMMUNICATOR_ADDRESS_PREFIX,
&ack.header);
+ pos = ss->sender->ss_head;
+ while ( NULL != pos)
+ {
+ ss_to_destroy = pos;
+ pos = pos->next;
+ secret_destroy (ss_to_destroy, GNUNET_YES);
+ }
kce_task = NULL;
}
- else if ((NULL == kce_task) && (KCN_THRESHOLD > ss->sender->acks_available))
+ else if (((NULL == kce_task) && (KCN_THRESHOLD >
+ ss->sender->acks_available)) ||
+ (ss->sender->num_secrets > MAX_SECRETS) )
{
// kce_generate (ss, ++ss->sequence_allowed);
@@ -2102,6 +2138,19 @@ mq_send_kx (struct GNUNET_MQ_Handle *mq,
size_t dpos;
gcry_cipher_hd_t out_cipher;
struct SharedSecret *ss;
+ struct SharedSecret *ss_to_destroy;
+ struct SharedSecret *pos;
+
+ if (receiver->num_secrets > MAX_SECRETS)
+ {
+ pos = receiver->ss_head;
+ while ( NULL != pos)
+ {
+ ss_to_destroy = pos;
+ pos = pos->next;
+ secret_destroy (ss_to_destroy, GNUNET_YES);
+ }
+ }
GNUNET_assert (mq == receiver->kx_mq);
@@ -2179,6 +2228,8 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
{
struct ReceiverAddress *receiver = impl_state;
uint16_t msize = ntohs (msg->size);
+ struct GNUNET_TIME_Relative rt;
+ struct SharedSecret *pos;
GNUNET_assert (mq == receiver->d_mq);
if ((msize > receiver->d_mtu) ||
@@ -2244,6 +2295,32 @@ mq_send_d (struct GNUNET_MQ_Handle *mq,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"No more acks\n");
}
+
+ /* (NULL == rekey_timeout)
+ rekey_timeout = GNUNET_TIME_relative_to_absolute (REKEY_TIME_INTERVAL);
+ else
+ {
+ rt = GNUNET_TIME_absolute_get_remaining (rekey_timeout);
+ if (0 == rt.rel_value_us)
+ {
+ rekey_timeout = NULL;
+ pos = receiver->ss_head;
+ while ( NULL != pos)
+ {
+ ss_to_destroy = pos;
+ pos = pos->next;
+ secret_destroy (ss_to_destroy, GNUNET_NO);
+ }
+ if (0 != receiver->acks_available)
+ GNUNET_TRANSPORT_communicator_mq_update (ch,
+ receiver->d_qh,
+ // TODO We can not do this.
But how can we signal this queue is not able to handle a message. Test code
interprets q-len as additional length.
+ -receiver->acks_available,
+ 1);
+ }
+ }*/
+
+
return;
}
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: - added secret destroy. Started with rekey logic,
gnunet <=