summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2020-04-20 19:08:23 +0200
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2020-04-20 19:08:23 +0200
commitc20768b8b09fabaa3c2330cde381e894b1f90efb (patch)
tree62bca41b94c3280a09abbf9db8b50da5f354b691
parent424cd50ecd0144b264a547fe149839cf2866c21f (diff)
include buffer of 10& of epoch
-rw-r--r--src/include/gnunet_revocation_service.h6
-rw-r--r--src/revocation/gnunet-revocation.c19
-rw-r--r--src/revocation/gnunet-service-revocation.c24
-rw-r--r--src/revocation/plugin_block_revocation.c12
-rw-r--r--src/revocation/revocation_api.c70
5 files changed, 104 insertions, 27 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
index 5c2ce91de..6bd2e88d3 100644
--- a/src/include/gnunet_revocation_service.h
+++ b/src/include/gnunet_revocation_service.h
@@ -177,11 +177,13 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h);
*
* @param pow proof of work
* @param matching_bits how many bits must match (configuration)
- * @return number of epochs valid if the @a pow is acceptable, -1 if not
+ * @param epoch_length length of single epoch in configuration
+ * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not
*/
int
GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
- unsigned int matching_bits);
+ unsigned int matching_bits,
+ struct GNUNET_TIME_Relative epoch_length);
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c
index 5f3df0ee0..d290d34c7 100644
--- a/src/revocation/gnunet-revocation.c
+++ b/src/revocation/gnunet-revocation.c
@@ -347,7 +347,6 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
struct GNUNET_CRYPTO_EcdsaPublicKey key;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL;
- int epochs;
el = NULL;
if (NULL == ego)
@@ -373,19 +372,12 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
GNUNET_free (pow);
return;
}
- if (0 < (epochs =
+ if (GNUNET_YES ==
GNUNET_REVOCATION_check_pow (pow,
- (unsigned int) matching_bits)))
+ (unsigned int) matching_bits,
+ epoch_length))
{
- struct GNUNET_TIME_Absolute ts;
- struct GNUNET_TIME_Relative ttl;
- ts = GNUNET_TIME_absolute_ntoh (pow->timestamp);
- ttl = GNUNET_TIME_relative_multiply (epoch_length,
- epochs);
fprintf (stderr, "%s", _ ("Revocation certificate ready\n"));
- fprintf (stderr, "%s %s for %s\n", _ ("Valid from"),
- GNUNET_STRINGS_absolute_time_to_string (ts),
- GNUNET_STRINGS_relative_time_to_string (ttl, GNUNET_NO));
if (perform)
perform_revocation (pow);
else
@@ -499,9 +491,10 @@ run (void *cls,
return;
}
GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
- if (0 >=
+ if (GNUNET_YES !=
GNUNET_REVOCATION_check_pow (&pow,
- (unsigned int) matching_bits))
+ (unsigned int) matching_bits,
+ epoch_length))
{
struct GNUNET_REVOCATION_PowCalculationHandle *ph;
ph = GNUNET_REVOCATION_pow_init2 (&pow,
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c
index 4746a7698..bd35b1055 100644
--- a/src/revocation/gnunet-service-revocation.c
+++ b/src/revocation/gnunet-service-revocation.c
@@ -129,6 +129,11 @@ static struct GNUNET_SET_ListenHandle *revocation_union_listen_handle;
static unsigned long long revocation_work_required;
/**
+ * Length of an expiration expoch
+ */
+static struct GNUNET_TIME_Relative epoch_length;
+
+/**
* Our application ID for set union operations. Must be the
* same for all (compatible) peers.
*/
@@ -167,8 +172,9 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer)
static int
verify_revoke_message (const struct RevokeMessage *rm)
{
- if (0 >= GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
- (unsigned int) revocation_work_required))
+ if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
+ (unsigned int) revocation_work_required,
+ epoch_length))
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Proof of work invalid!\n");
@@ -846,6 +852,20 @@ run (void *cls,
GNUNET_free (fn);
return;
}
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_time (cfg,
+ "REVOCATION",
+ "EPOCH_LENGTH",
+ &epoch_length))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "REVOCATION",
+ "EPOCH_LENGTH");
+ GNUNET_SCHEDULER_shutdown ();
+ GNUNET_free (fn);
+ return;
+ }
+
revocation_set = GNUNET_SET_create (cfg,
GNUNET_SET_OPERATION_UNION);
revocation_union_listen_handle
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c
index 7c1ec26eb..f384cfe1d 100644
--- a/src/revocation/plugin_block_revocation.c
+++ b/src/revocation/plugin_block_revocation.c
@@ -52,6 +52,7 @@
struct InternalContext
{
unsigned int matching_bits;
+ struct GNUNET_TIME_Relative epoch_length;
};
@@ -144,7 +145,8 @@ block_plugin_revocation_evaluate (void *cls,
}
if (0 >=
GNUNET_REVOCATION_check_pow (&rm->proof_of_work,
- ic->matching_bits))
+ ic->matching_bits,
+ ic->epoch_length))
{
GNUNET_break_op (0);
return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
@@ -208,6 +210,7 @@ libgnunet_plugin_block_revocation_init (void *cls)
struct GNUNET_BLOCK_PluginFunctions *api;
struct InternalContext *ic;
unsigned long long matching_bits;
+ struct GNUNET_TIME_Relative epoch_length;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (cfg,
@@ -215,6 +218,12 @@ libgnunet_plugin_block_revocation_init (void *cls)
"WORKBITS",
&matching_bits))
return NULL;
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_time (cfg,
+ "REVOCATION",
+ "EPOCH_LENGTH",
+ &epoch_length))
+ return NULL;
api = GNUNET_new (struct GNUNET_BLOCK_PluginFunctions);
api->evaluate = &block_plugin_revocation_evaluate;
@@ -223,6 +232,7 @@ libgnunet_plugin_block_revocation_init (void *cls)
api->types = types;
ic = GNUNET_new (struct InternalContext);
ic->matching_bits = (unsigned int) matching_bits;
+ ic->epoch_length = epoch_length;
api->cls = ic;
return api;
}
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 2979e7400..fe600ec7a 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -311,21 +311,41 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
GNUNET_MQ_handler_end ()
};
unsigned long long matching_bits;
+ struct GNUNET_TIME_Relative epoch_length;
struct RevokeMessage *rm;
struct GNUNET_MQ_Envelope *env;
- if ((GNUNET_OK ==
+ if ((GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (cfg,
"REVOCATION",
"WORKBITS",
- &matching_bits)) &&
- (0 >= GNUNET_REVOCATION_check_pow (pow, (unsigned int) matching_bits)))
+ &matching_bits)))
+ {
+ GNUNET_break (0);
+ GNUNET_free (h);
+ return NULL;
+ }
+ if ((GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_time (cfg,
+ "REVOCATION",
+ "EPOCH_LENGTH",
+ &epoch_length)))
+ {
+ GNUNET_break (0);
+ GNUNET_free (h);
+ return NULL;
+ }
+ if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow,
+ (unsigned int) matching_bits,
+ epoch_length))
{
GNUNET_break (0);
GNUNET_free (h);
return NULL;
}
+
+
h->mq = GNUNET_CLIENT_connect (cfg,
"revocation",
handlers,
@@ -408,16 +428,21 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph)
* @param ts revocation timestamp
* @param pow proof of work value
* @param matching_bits how many bits must match (configuration)
- * @return number of epochs valid if the @a pow is acceptable, -1 if not
+ * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not
*/
int
GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
- unsigned int difficulty)
+ unsigned int difficulty,
+ struct GNUNET_TIME_Relative epoch_length)
{
char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
+ sizeof (uint64_t)
+ sizeof (uint64_t)] GNUNET_ALIGN;
struct GNUNET_HashCode result;
+ struct GNUNET_TIME_Absolute ts;
+ struct GNUNET_TIME_Absolute exp;
+ struct GNUNET_TIME_Relative ttl;
+ struct GNUNET_TIME_Relative buffer;
unsigned int score = 0;
unsigned int tmp_score = 0;
unsigned int epochs;
@@ -434,7 +459,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Proof of work signature invalid!\n");
- return -1;
+ return GNUNET_NO;
}
/**
@@ -445,7 +470,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
for (unsigned int j = i + 1; j < POW_COUNT; j++)
{
if (pow->pow[i] == pow->pow[j])
- return -1;
+ return GNUNET_NO;
}
}
GNUNET_memcpy (&buf[sizeof(uint64_t)],
@@ -471,9 +496,36 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
}
score = score / POW_COUNT;
if (score < difficulty)
- return -1;
+ return GNUNET_NO;
epochs = score - difficulty;
- return epochs;
+
+ /**
+ * Check expiration
+ */
+ ts = GNUNET_TIME_absolute_ntoh (pow->timestamp);
+ ttl = GNUNET_TIME_relative_multiply (epoch_length,
+ epochs);
+ /**
+ * Extend by 10% for unsynchronized clocks
+ */
+ buffer = GNUNET_TIME_relative_divide (epoch_length,
+ 10);
+ ts = GNUNET_TIME_absolute_subtract (ts,
+ buffer);
+
+ if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us)
+ return GNUNET_NO; /* Not yet valid. */
+ /* Revert to actual start time */
+ ts = GNUNET_TIME_absolute_add (ts,
+ buffer);
+
+ exp = GNUNET_TIME_absolute_add (ts, ttl);
+ exp = GNUNET_TIME_absolute_add (exp,
+ buffer);
+
+ if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us)
+ return GNUNET_NO; /* expired */
+ return GNUNET_YES;
}