diff options
author | Christian Grothoff <christian@grothoff.org> | 2010-02-23 10:10:39 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2010-02-23 10:10:39 +0000 |
commit | c30d9ea5af167ff86db1a9ddba435ebc333c46fb (patch) | |
tree | 6dbd9ef26f56b768bdfa39426692f996e86f598c | |
parent | aeb60f732c91f08bbcc4d9f2f307f2f4d43f9131 (diff) | |
download | gnunet-c30d9ea5af167ff86db1a9ddba435ebc333c46fb.tar.gz gnunet-c30d9ea5af167ff86db1a9ddba435ebc333c46fb.zip |
fix
-rw-r--r-- | src/core/core.h | 2 | ||||
-rw-r--r-- | src/core/gnunet-service-core.c | 44 |
2 files changed, 28 insertions, 18 deletions
diff --git a/src/core/core.h b/src/core/core.h index 701078ee5..d74ee06f6 100644 --- a/src/core/core.h +++ b/src/core/core.h | |||
@@ -29,7 +29,7 @@ | |||
29 | /** | 29 | /** |
30 | * General core debugging. | 30 | * General core debugging. |
31 | */ | 31 | */ |
32 | #define DEBUG_CORE GNUNET_NO | 32 | #define DEBUG_CORE GNUNET_YES |
33 | 33 | ||
34 | /** | 34 | /** |
35 | * Debugging interaction core-clients. | 35 | * Debugging interaction core-clients. |
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c index 9351a31c2..fbd1f46ed 100644 --- a/src/core/gnunet-service-core.c +++ b/src/core/gnunet-service-core.c | |||
@@ -169,7 +169,7 @@ enum PeerStateMachine | |||
169 | * Number of bytes (at the beginning) of "struct EncryptedMessage" | 169 | * Number of bytes (at the beginning) of "struct EncryptedMessage" |
170 | * that are NOT encrypted. | 170 | * that are NOT encrypted. |
171 | */ | 171 | */ |
172 | #define ENCRYPTED_HEADER_SIZE (sizeof(struct GNUNET_MessageHeader) + sizeof(uint32_t) + sizeof(GNUNET_HashCode)) | 172 | #define ENCRYPTED_HEADER_SIZE (sizeof(struct GNUNET_MessageHeader) + sizeof(uint32_t)) |
173 | 173 | ||
174 | 174 | ||
175 | /** | 175 | /** |
@@ -184,15 +184,15 @@ struct EncryptedMessage | |||
184 | struct GNUNET_MessageHeader header; | 184 | struct GNUNET_MessageHeader header; |
185 | 185 | ||
186 | /** | 186 | /** |
187 | * Always zero. | 187 | * Random value used for IV generation. ENCRYPTED_HEADER_SIZE must |
188 | * be set to the offset of the *next* field. | ||
188 | */ | 189 | */ |
189 | uint32_t reserved GNUNET_PACKED; | 190 | uint32_t iv_seed GNUNET_PACKED; |
190 | 191 | ||
191 | /** | 192 | /** |
192 | * Hash of the plaintext, used to verify message integrity; | 193 | * Hash of the plaintext (starting at 'sequence_number'), used to |
193 | * ALSO used as the IV for the symmetric cipher! Everything | 194 | * verify message integrity. Everything after this hash (including |
194 | * after this hash will be encrypted. ENCRYPTED_HEADER_SIZE | 195 | * this hash itself) will be encrypted. |
195 | * must be set to the offset of the next field. | ||
196 | */ | 196 | */ |
197 | GNUNET_HashCode plaintext_hash; | 197 | GNUNET_HashCode plaintext_hash; |
198 | 198 | ||
@@ -971,7 +971,7 @@ handle_client_request_info (void *cls, | |||
971 | &n->available_recv_window, | 971 | &n->available_recv_window, |
972 | &n->last_arw_update, n->bpm_in); | 972 | &n->last_arw_update, n->bpm_in); |
973 | if (n->available_recv_window < want_reserv) | 973 | if (n->available_recv_window < want_reserv) |
974 | got_reserv = n->available_recv_window; | 974 | got_reserv = 0; /* all or nothing */ |
975 | else | 975 | else |
976 | got_reserv = want_reserv; | 976 | got_reserv = want_reserv; |
977 | n->available_recv_window -= got_reserv; | 977 | n->available_recv_window -= got_reserv; |
@@ -1730,6 +1730,7 @@ process_plaintext_neighbour_queue (struct Neighbour *n) | |||
1730 | unsigned int priority; | 1730 | unsigned int priority; |
1731 | struct GNUNET_TIME_Absolute deadline; | 1731 | struct GNUNET_TIME_Absolute deadline; |
1732 | struct GNUNET_TIME_Relative retry_time; | 1732 | struct GNUNET_TIME_Relative retry_time; |
1733 | GNUNET_HashCode iv; | ||
1733 | 1734 | ||
1734 | if (n->retry_plaintext_task != GNUNET_SCHEDULER_NO_TASK) | 1735 | if (n->retry_plaintext_task != GNUNET_SCHEDULER_NO_TASK) |
1735 | { | 1736 | { |
@@ -1816,6 +1817,7 @@ process_plaintext_neighbour_queue (struct Neighbour *n) | |||
1816 | &retry_plaintext_processing, n); | 1817 | &retry_plaintext_processing, n); |
1817 | return; | 1818 | return; |
1818 | } | 1819 | } |
1820 | ph->iv_seed = htonl (GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, -1)); | ||
1819 | ph->sequence_number = htonl (++n->last_sequence_number_sent); | 1821 | ph->sequence_number = htonl (++n->last_sequence_number_sent); |
1820 | ph->inbound_bpm_limit = htonl (n->bpm_in); | 1822 | ph->inbound_bpm_limit = htonl (n->bpm_in); |
1821 | ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); | 1823 | ph->timestamp = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); |
@@ -1828,9 +1830,12 @@ process_plaintext_neighbour_queue (struct Neighbour *n) | |||
1828 | em = (struct EncryptedMessage *) &me[1]; | 1830 | em = (struct EncryptedMessage *) &me[1]; |
1829 | em->header.size = htons (used); | 1831 | em->header.size = htons (used); |
1830 | em->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE); | 1832 | em->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE); |
1831 | em->reserved = htonl (0); | 1833 | em->iv_seed = ph->iv_seed; |
1832 | esize = used - ENCRYPTED_HEADER_SIZE; | 1834 | esize = used - ENCRYPTED_HEADER_SIZE; |
1833 | GNUNET_CRYPTO_hash (&ph->sequence_number, esize, &em->plaintext_hash); | 1835 | GNUNET_CRYPTO_hash (&ph->sequence_number, |
1836 | esize - sizeof (GNUNET_HashCode), | ||
1837 | &ph->plaintext_hash); | ||
1838 | GNUNET_CRYPTO_hash (&ph->iv_seed, sizeof (uint32_t), &iv); | ||
1834 | /* encrypt */ | 1839 | /* encrypt */ |
1835 | #if DEBUG_CORE | 1840 | #if DEBUG_CORE |
1836 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1841 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -1841,9 +1846,9 @@ process_plaintext_neighbour_queue (struct Neighbour *n) | |||
1841 | #endif | 1846 | #endif |
1842 | GNUNET_assert (GNUNET_OK == | 1847 | GNUNET_assert (GNUNET_OK == |
1843 | do_encrypt (n, | 1848 | do_encrypt (n, |
1844 | &em->plaintext_hash, | 1849 | &iv, |
1845 | &ph->sequence_number, | 1850 | &ph->plaintext_hash, |
1846 | &em->sequence_number, esize)); | 1851 | &em->plaintext_hash, esize)); |
1847 | /* append to transmission list */ | 1852 | /* append to transmission list */ |
1848 | GNUNET_CONTAINER_DLL_insert_after (n->encrypted_head, | 1853 | GNUNET_CONTAINER_DLL_insert_after (n->encrypted_head, |
1849 | n->encrypted_tail, | 1854 | n->encrypted_tail, |
@@ -2893,25 +2898,30 @@ handle_encrypted_message (struct Neighbour *n, | |||
2893 | size_t off; | 2898 | size_t off; |
2894 | uint32_t snum; | 2899 | uint32_t snum; |
2895 | struct GNUNET_TIME_Absolute t; | 2900 | struct GNUNET_TIME_Absolute t; |
2901 | GNUNET_HashCode iv; | ||
2896 | 2902 | ||
2897 | #if DEBUG_CORE | 2903 | #if DEBUG_CORE |
2898 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2904 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2899 | "Core service receives `%s' request from `%4s'.\n", | 2905 | "Core service receives `%s' request from `%4s'.\n", |
2900 | "ENCRYPTED_MESSAGE", GNUNET_i2s (&n->peer)); | 2906 | "ENCRYPTED_MESSAGE", GNUNET_i2s (&n->peer)); |
2901 | #endif | 2907 | #endif |
2908 | GNUNET_CRYPTO_hash (&m->iv_seed, sizeof (uint32_t), &iv); | ||
2902 | /* decrypt */ | 2909 | /* decrypt */ |
2903 | if (GNUNET_OK != | 2910 | if (GNUNET_OK != |
2904 | do_decrypt (n, | 2911 | do_decrypt (n, |
2912 | &iv, | ||
2905 | &m->plaintext_hash, | 2913 | &m->plaintext_hash, |
2906 | &m->sequence_number, | 2914 | &buf[ENCRYPTED_HEADER_SIZE], |
2907 | &buf[ENCRYPTED_HEADER_SIZE], size - ENCRYPTED_HEADER_SIZE)) | 2915 | size - ENCRYPTED_HEADER_SIZE)) |
2908 | return; | 2916 | return; |
2909 | pt = (struct EncryptedMessage *) buf; | 2917 | pt = (struct EncryptedMessage *) buf; |
2910 | 2918 | ||
2911 | /* validate hash */ | 2919 | /* validate hash */ |
2912 | GNUNET_CRYPTO_hash (&pt->sequence_number, | 2920 | GNUNET_CRYPTO_hash (&pt->sequence_number, |
2913 | size - ENCRYPTED_HEADER_SIZE, &ph); | 2921 | size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode), &ph); |
2914 | if (0 != memcmp (&ph, &m->plaintext_hash, sizeof (GNUNET_HashCode))) | 2922 | if (0 != memcmp (&ph, |
2923 | &pt->plaintext_hash, | ||
2924 | sizeof (GNUNET_HashCode))) | ||
2915 | { | 2925 | { |
2916 | /* checksum failed */ | 2926 | /* checksum failed */ |
2917 | GNUNET_break_op (0); | 2927 | GNUNET_break_op (0); |