diff options
| author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-04-20 19:08:23 +0200 |
|---|---|---|
| committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-04-20 19:08:23 +0200 |
| commit | c20768b8b09fabaa3c2330cde381e894b1f90efb (patch) | |
| tree | 62bca41b94c3280a09abbf9db8b50da5f354b691 | |
| parent | 424cd50ecd0144b264a547fe149839cf2866c21f (diff) | |
| download | gnunet-c20768b8b09fabaa3c2330cde381e894b1f90efb.tar.gz gnunet-c20768b8b09fabaa3c2330cde381e894b1f90efb.zip | |
include buffer of 10& of epoch
| -rw-r--r-- | src/include/gnunet_revocation_service.h | 6 | ||||
| -rw-r--r-- | src/revocation/gnunet-revocation.c | 19 | ||||
| -rw-r--r-- | src/revocation/gnunet-service-revocation.c | 24 | ||||
| -rw-r--r-- | src/revocation/plugin_block_revocation.c | 12 | ||||
| -rw-r--r-- | src/revocation/revocation_api.c | 70 |
5 files changed, 104 insertions, 27 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 5c2ce91de..6bd2e88d3 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h | |||
| @@ -177,11 +177,13 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h); | |||
| 177 | * | 177 | * |
| 178 | * @param pow proof of work | 178 | * @param pow proof of work |
| 179 | * @param matching_bits how many bits must match (configuration) | 179 | * @param matching_bits how many bits must match (configuration) |
| 180 | * @return number of epochs valid if the @a pow is acceptable, -1 if not | 180 | * @param epoch_length length of single epoch in configuration |
| 181 | * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not | ||
| 181 | */ | 182 | */ |
| 182 | int | 183 | int |
| 183 | GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, | 184 | GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, |
| 184 | unsigned int matching_bits); | 185 | unsigned int matching_bits, |
| 186 | struct GNUNET_TIME_Relative epoch_length); | ||
| 185 | 187 | ||
| 186 | 188 | ||
| 187 | 189 | ||
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index 5f3df0ee0..d290d34c7 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c | |||
| @@ -347,7 +347,6 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) | |||
| 347 | struct GNUNET_CRYPTO_EcdsaPublicKey key; | 347 | struct GNUNET_CRYPTO_EcdsaPublicKey key; |
| 348 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 348 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
| 349 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; | 349 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; |
| 350 | int epochs; | ||
| 351 | 350 | ||
| 352 | el = NULL; | 351 | el = NULL; |
| 353 | if (NULL == ego) | 352 | if (NULL == ego) |
| @@ -373,19 +372,12 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) | |||
| 373 | GNUNET_free (pow); | 372 | GNUNET_free (pow); |
| 374 | return; | 373 | return; |
| 375 | } | 374 | } |
| 376 | if (0 < (epochs = | 375 | if (GNUNET_YES == |
| 377 | GNUNET_REVOCATION_check_pow (pow, | 376 | GNUNET_REVOCATION_check_pow (pow, |
| 378 | (unsigned int) matching_bits))) | 377 | (unsigned int) matching_bits, |
| 378 | epoch_length)) | ||
| 379 | { | 379 | { |
| 380 | struct GNUNET_TIME_Absolute ts; | ||
| 381 | struct GNUNET_TIME_Relative ttl; | ||
| 382 | ts = GNUNET_TIME_absolute_ntoh (pow->timestamp); | ||
| 383 | ttl = GNUNET_TIME_relative_multiply (epoch_length, | ||
| 384 | epochs); | ||
| 385 | fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); | 380 | fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); |
| 386 | fprintf (stderr, "%s %s for %s\n", _ ("Valid from"), | ||
| 387 | GNUNET_STRINGS_absolute_time_to_string (ts), | ||
| 388 | GNUNET_STRINGS_relative_time_to_string (ttl, GNUNET_NO)); | ||
| 389 | if (perform) | 381 | if (perform) |
| 390 | perform_revocation (pow); | 382 | perform_revocation (pow); |
| 391 | else | 383 | else |
| @@ -499,9 +491,10 @@ run (void *cls, | |||
| 499 | return; | 491 | return; |
| 500 | } | 492 | } |
| 501 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 493 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
| 502 | if (0 >= | 494 | if (GNUNET_YES != |
| 503 | GNUNET_REVOCATION_check_pow (&pow, | 495 | GNUNET_REVOCATION_check_pow (&pow, |
| 504 | (unsigned int) matching_bits)) | 496 | (unsigned int) matching_bits, |
| 497 | epoch_length)) | ||
| 505 | { | 498 | { |
| 506 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; | 499 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; |
| 507 | ph = GNUNET_REVOCATION_pow_init2 (&pow, | 500 | ph = GNUNET_REVOCATION_pow_init2 (&pow, |
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 4746a7698..bd35b1055 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c | |||
| @@ -129,6 +129,11 @@ static struct GNUNET_SET_ListenHandle *revocation_union_listen_handle; | |||
| 129 | static unsigned long long revocation_work_required; | 129 | static unsigned long long revocation_work_required; |
| 130 | 130 | ||
| 131 | /** | 131 | /** |
| 132 | * Length of an expiration expoch | ||
| 133 | */ | ||
| 134 | static struct GNUNET_TIME_Relative epoch_length; | ||
| 135 | |||
| 136 | /** | ||
| 132 | * Our application ID for set union operations. Must be the | 137 | * Our application ID for set union operations. Must be the |
| 133 | * same for all (compatible) peers. | 138 | * same for all (compatible) peers. |
| 134 | */ | 139 | */ |
| @@ -167,8 +172,9 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer) | |||
| 167 | static int | 172 | static int |
| 168 | verify_revoke_message (const struct RevokeMessage *rm) | 173 | verify_revoke_message (const struct RevokeMessage *rm) |
| 169 | { | 174 | { |
| 170 | if (0 >= GNUNET_REVOCATION_check_pow (&rm->proof_of_work, | 175 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->proof_of_work, |
| 171 | (unsigned int) revocation_work_required)) | 176 | (unsigned int) revocation_work_required, |
| 177 | epoch_length)) | ||
| 172 | { | 178 | { |
| 173 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 179 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 174 | "Proof of work invalid!\n"); | 180 | "Proof of work invalid!\n"); |
| @@ -846,6 +852,20 @@ run (void *cls, | |||
| 846 | GNUNET_free (fn); | 852 | GNUNET_free (fn); |
| 847 | return; | 853 | return; |
| 848 | } | 854 | } |
| 855 | if (GNUNET_OK != | ||
| 856 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
| 857 | "REVOCATION", | ||
| 858 | "EPOCH_LENGTH", | ||
| 859 | &epoch_length)) | ||
| 860 | { | ||
| 861 | GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, | ||
| 862 | "REVOCATION", | ||
| 863 | "EPOCH_LENGTH"); | ||
| 864 | GNUNET_SCHEDULER_shutdown (); | ||
| 865 | GNUNET_free (fn); | ||
| 866 | return; | ||
| 867 | } | ||
| 868 | |||
| 849 | revocation_set = GNUNET_SET_create (cfg, | 869 | revocation_set = GNUNET_SET_create (cfg, |
| 850 | GNUNET_SET_OPERATION_UNION); | 870 | GNUNET_SET_OPERATION_UNION); |
| 851 | revocation_union_listen_handle | 871 | revocation_union_listen_handle |
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index 7c1ec26eb..f384cfe1d 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c | |||
| @@ -52,6 +52,7 @@ | |||
| 52 | struct InternalContext | 52 | struct InternalContext |
| 53 | { | 53 | { |
| 54 | unsigned int matching_bits; | 54 | unsigned int matching_bits; |
| 55 | struct GNUNET_TIME_Relative epoch_length; | ||
| 55 | }; | 56 | }; |
| 56 | 57 | ||
| 57 | 58 | ||
| @@ -144,7 +145,8 @@ block_plugin_revocation_evaluate (void *cls, | |||
| 144 | } | 145 | } |
| 145 | if (0 >= | 146 | if (0 >= |
| 146 | GNUNET_REVOCATION_check_pow (&rm->proof_of_work, | 147 | GNUNET_REVOCATION_check_pow (&rm->proof_of_work, |
| 147 | ic->matching_bits)) | 148 | ic->matching_bits, |
| 149 | ic->epoch_length)) | ||
| 148 | { | 150 | { |
| 149 | GNUNET_break_op (0); | 151 | GNUNET_break_op (0); |
| 150 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 152 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
| @@ -208,6 +210,7 @@ libgnunet_plugin_block_revocation_init (void *cls) | |||
| 208 | struct GNUNET_BLOCK_PluginFunctions *api; | 210 | struct GNUNET_BLOCK_PluginFunctions *api; |
| 209 | struct InternalContext *ic; | 211 | struct InternalContext *ic; |
| 210 | unsigned long long matching_bits; | 212 | unsigned long long matching_bits; |
| 213 | struct GNUNET_TIME_Relative epoch_length; | ||
| 211 | 214 | ||
| 212 | if (GNUNET_OK != | 215 | if (GNUNET_OK != |
| 213 | GNUNET_CONFIGURATION_get_value_number (cfg, | 216 | GNUNET_CONFIGURATION_get_value_number (cfg, |
| @@ -215,6 +218,12 @@ libgnunet_plugin_block_revocation_init (void *cls) | |||
| 215 | "WORKBITS", | 218 | "WORKBITS", |
| 216 | &matching_bits)) | 219 | &matching_bits)) |
| 217 | return NULL; | 220 | return NULL; |
| 221 | if (GNUNET_OK != | ||
| 222 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
| 223 | "REVOCATION", | ||
| 224 | "EPOCH_LENGTH", | ||
| 225 | &epoch_length)) | ||
| 226 | return NULL; | ||
| 218 | 227 | ||
| 219 | api = GNUNET_new (struct GNUNET_BLOCK_PluginFunctions); | 228 | api = GNUNET_new (struct GNUNET_BLOCK_PluginFunctions); |
| 220 | api->evaluate = &block_plugin_revocation_evaluate; | 229 | api->evaluate = &block_plugin_revocation_evaluate; |
| @@ -223,6 +232,7 @@ libgnunet_plugin_block_revocation_init (void *cls) | |||
| 223 | api->types = types; | 232 | api->types = types; |
| 224 | ic = GNUNET_new (struct InternalContext); | 233 | ic = GNUNET_new (struct InternalContext); |
| 225 | ic->matching_bits = (unsigned int) matching_bits; | 234 | ic->matching_bits = (unsigned int) matching_bits; |
| 235 | ic->epoch_length = epoch_length; | ||
| 226 | api->cls = ic; | 236 | api->cls = ic; |
| 227 | return api; | 237 | return api; |
| 228 | } | 238 | } |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 2979e7400..fe600ec7a 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
| @@ -311,21 +311,41 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
| 311 | GNUNET_MQ_handler_end () | 311 | GNUNET_MQ_handler_end () |
| 312 | }; | 312 | }; |
| 313 | unsigned long long matching_bits; | 313 | unsigned long long matching_bits; |
| 314 | struct GNUNET_TIME_Relative epoch_length; | ||
| 314 | struct RevokeMessage *rm; | 315 | struct RevokeMessage *rm; |
| 315 | struct GNUNET_MQ_Envelope *env; | 316 | struct GNUNET_MQ_Envelope *env; |
| 316 | 317 | ||
| 317 | if ((GNUNET_OK == | 318 | if ((GNUNET_OK != |
| 318 | GNUNET_CONFIGURATION_get_value_number (cfg, | 319 | GNUNET_CONFIGURATION_get_value_number (cfg, |
| 319 | "REVOCATION", | 320 | "REVOCATION", |
| 320 | "WORKBITS", | 321 | "WORKBITS", |
| 321 | &matching_bits)) && | 322 | &matching_bits))) |
| 322 | (0 >= GNUNET_REVOCATION_check_pow (pow, (unsigned int) matching_bits))) | 323 | { |
| 324 | GNUNET_break (0); | ||
| 325 | GNUNET_free (h); | ||
| 326 | return NULL; | ||
| 327 | } | ||
| 328 | if ((GNUNET_OK != | ||
| 329 | GNUNET_CONFIGURATION_get_value_time (cfg, | ||
| 330 | "REVOCATION", | ||
| 331 | "EPOCH_LENGTH", | ||
| 332 | &epoch_length))) | ||
| 333 | { | ||
| 334 | GNUNET_break (0); | ||
| 335 | GNUNET_free (h); | ||
| 336 | return NULL; | ||
| 337 | } | ||
| 338 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, | ||
| 339 | (unsigned int) matching_bits, | ||
| 340 | epoch_length)) | ||
| 323 | { | 341 | { |
| 324 | GNUNET_break (0); | 342 | GNUNET_break (0); |
| 325 | GNUNET_free (h); | 343 | GNUNET_free (h); |
| 326 | return NULL; | 344 | return NULL; |
| 327 | } | 345 | } |
| 328 | 346 | ||
| 347 | |||
| 348 | |||
| 329 | h->mq = GNUNET_CLIENT_connect (cfg, | 349 | h->mq = GNUNET_CLIENT_connect (cfg, |
| 330 | "revocation", | 350 | "revocation", |
| 331 | handlers, | 351 | handlers, |
| @@ -408,16 +428,21 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
| 408 | * @param ts revocation timestamp | 428 | * @param ts revocation timestamp |
| 409 | * @param pow proof of work value | 429 | * @param pow proof of work value |
| 410 | * @param matching_bits how many bits must match (configuration) | 430 | * @param matching_bits how many bits must match (configuration) |
| 411 | * @return number of epochs valid if the @a pow is acceptable, -1 if not | 431 | * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not |
| 412 | */ | 432 | */ |
| 413 | int | 433 | int |
| 414 | GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, | 434 | GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, |
| 415 | unsigned int difficulty) | 435 | unsigned int difficulty, |
| 436 | struct GNUNET_TIME_Relative epoch_length) | ||
| 416 | { | 437 | { |
| 417 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 438 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) |
| 418 | + sizeof (uint64_t) | 439 | + sizeof (uint64_t) |
| 419 | + sizeof (uint64_t)] GNUNET_ALIGN; | 440 | + sizeof (uint64_t)] GNUNET_ALIGN; |
| 420 | struct GNUNET_HashCode result; | 441 | struct GNUNET_HashCode result; |
| 442 | struct GNUNET_TIME_Absolute ts; | ||
| 443 | struct GNUNET_TIME_Absolute exp; | ||
| 444 | struct GNUNET_TIME_Relative ttl; | ||
| 445 | struct GNUNET_TIME_Relative buffer; | ||
| 421 | unsigned int score = 0; | 446 | unsigned int score = 0; |
| 422 | unsigned int tmp_score = 0; | 447 | unsigned int tmp_score = 0; |
| 423 | unsigned int epochs; | 448 | unsigned int epochs; |
| @@ -434,7 +459,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, | |||
| 434 | { | 459 | { |
| 435 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 460 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 436 | "Proof of work signature invalid!\n"); | 461 | "Proof of work signature invalid!\n"); |
| 437 | return -1; | 462 | return GNUNET_NO; |
| 438 | } | 463 | } |
| 439 | 464 | ||
| 440 | /** | 465 | /** |
| @@ -445,7 +470,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, | |||
| 445 | for (unsigned int j = i + 1; j < POW_COUNT; j++) | 470 | for (unsigned int j = i + 1; j < POW_COUNT; j++) |
| 446 | { | 471 | { |
| 447 | if (pow->pow[i] == pow->pow[j]) | 472 | if (pow->pow[i] == pow->pow[j]) |
| 448 | return -1; | 473 | return GNUNET_NO; |
| 449 | } | 474 | } |
| 450 | } | 475 | } |
| 451 | GNUNET_memcpy (&buf[sizeof(uint64_t)], | 476 | GNUNET_memcpy (&buf[sizeof(uint64_t)], |
| @@ -471,9 +496,36 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, | |||
| 471 | } | 496 | } |
| 472 | score = score / POW_COUNT; | 497 | score = score / POW_COUNT; |
| 473 | if (score < difficulty) | 498 | if (score < difficulty) |
| 474 | return -1; | 499 | return GNUNET_NO; |
| 475 | epochs = score - difficulty; | 500 | epochs = score - difficulty; |
| 476 | return epochs; | 501 | |
| 502 | /** | ||
| 503 | * Check expiration | ||
| 504 | */ | ||
| 505 | ts = GNUNET_TIME_absolute_ntoh (pow->timestamp); | ||
| 506 | ttl = GNUNET_TIME_relative_multiply (epoch_length, | ||
| 507 | epochs); | ||
| 508 | /** | ||
| 509 | * Extend by 10% for unsynchronized clocks | ||
| 510 | */ | ||
| 511 | buffer = GNUNET_TIME_relative_divide (epoch_length, | ||
| 512 | 10); | ||
| 513 | ts = GNUNET_TIME_absolute_subtract (ts, | ||
| 514 | buffer); | ||
| 515 | |||
| 516 | if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us) | ||
| 517 | return GNUNET_NO; /* Not yet valid. */ | ||
| 518 | /* Revert to actual start time */ | ||
| 519 | ts = GNUNET_TIME_absolute_add (ts, | ||
| 520 | buffer); | ||
| 521 | |||
| 522 | exp = GNUNET_TIME_absolute_add (ts, ttl); | ||
| 523 | exp = GNUNET_TIME_absolute_add (exp, | ||
| 524 | buffer); | ||
| 525 | |||
| 526 | if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us) | ||
| 527 | return GNUNET_NO; /* expired */ | ||
| 528 | return GNUNET_YES; | ||
| 477 | } | 529 | } |
| 478 | 530 | ||
| 479 | 531 | ||