View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004556GNUnetcore servicepublic2016-06-02 15:412018-06-07 00:36
ReporterBart Polot Assigned ToChristian Grothoff  
PrioritylowSeverityminorReproducibilityalways
Status closedResolutionunable to reproduce 
Product VersionGit master 
Target Version0.11.0Fixed in Version0.11.0pre66 
Summary0004556: Core does not deal properly with changing identities
DescriptionAfter changing a peer's identity, other peers in the network complain:

Jun 02 15:33:47-431526 core-1103 ERROR Received EPHEMERAL_KEY from RP12, but expected 5SQE80MC1CX0DY6RMRSC87XKQWZP25RHXHC1EMT29GNQV9FE2AGG
Jun 02 15:33:47-431729 core-1103 WARNING External protocol violation detected at gnunet-service-core_kx.c:890.

Message repeats every ten seconds.

However, it seems that the peers are in fact connected:

$ gnunet-core
Thu Jun 02 15:38:23 2016: connection established RP12 (timeout in 299 s)
Thu Jun 02 15:38:23 2016: key sent 5SQE (timeout in 0 ms)
[...]
Steps To Reproduce- set up a new machine
- start GNUnet
- shut it down after a few minutes
- copy a new (unique) private_key.ecc
- restart GNUnet
Additional Information$ gnunet-statistics -s core
         core # encrypted bytes given to transport: 369347394
         core # bytes of messages of type 148 received: 260584274
         core # bytes encrypted: 309697458
         core # avg payload per encrypted message: 358
         core # bytes decrypted: 259196826
         core # bytes of payload decrypted: 247759566
         core # bytes of messages of type 262 received: 6189904
         core # bytes of messages of type 147 received: 21151820
         core # bytes of messages of type 268 received: 1287280
         core # bytes of messages of type 282 received: 5629582
         core # DATA message dropped (out of order): 18712
         core # bytes of messages of type 256 received: 986908
         core # type map refreshes sent: 656
         core # PING messages dropped (out of order): 888
         core # PING messages received: 1239
         core # ephemeral keys received: 1170
         core # type maps received: 978
         core # rekey operations confirmed via PONG: 98
         core # PONG messages decrypted: 342
         core # PONG messages received: 436
         core # PING messages transmitted: 479
         core # EPHEMERAL_KEY messages received: 321
         core # bytes of messages of type 257 received: 127512
         core # bytes of messages of type 17 received: 76224
         core # bytes of messages of type 322 received: 40656
         core # valid typemap confirmations received: 185
         core # peers connected: 12
         core # session keys confirmed via PONG: 197
         core # PONG messages created: 351
         core # key exchanges initiated: 365
         core # neighbour entries allocated: 13
         core # key exchanges stopped: 352
         core # sessions terminated by transport disconnect: 352
         core # bytes of messages of type 146 received: 75894
         core # bytes of messages of type 269 received: 27760
         core # bytes of messages of type 258 received: 144700
         core # timeouts prevented via PONG: 39
         core # keepalive messages sent: 145
         core # bytes of messages of type 266 received: 17208
         core # sessions terminated by timeout: 4
         core # PONG messages dropped (out of order): 94
         core # bytes of messages of type 280 received: 360
         core # messages discarded (session disconnected): 2
         core # send requests dropped (disconnected): 2
         core # updates to my type map: 5
TagsNo tags attached.

Activities

Christian Grothoff

2016-06-02 17:46

manager   ~0010851

Well, I suspect what happen is that the other peers establish a connection to our "old" transport address, thinking we're the "old" peer. Transport of the other peer's doesn't necessarily do challenge-response on the "old" transport address, as that happened recently already (address already validated). Then "core" comes along for challenge-response and fails ("new" identity = crypto bad). At the same time, we probably discover the "new" peer, do another handshake and that one works...

So one could argue that the warning is just too stern.

Christian Grothoff

2018-06-07 00:36

manager   ~0012986

I'll declare this one fixed, various KX issues were addressed recently.

Issue History

Date Modified Username Field Change
2016-06-02 15:41 Bart Polot New Issue
2016-06-02 17:46 Christian Grothoff Note Added: 0010851
2016-06-02 17:46 Christian Grothoff Assigned To => Christian Grothoff
2016-06-02 17:46 Christian Grothoff Status new => assigned
2018-06-07 00:36 Christian Grothoff Status assigned => closed
2018-06-07 00:36 Christian Grothoff Resolution open => unable to reproduce
2018-06-07 00:36 Christian Grothoff Fixed in Version => 0.11.0pre66
2018-06-07 00:36 Christian Grothoff Note Added: 0012986