diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-01-10 10:31:59 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-01-10 10:31:59 +0100 |
commit | 8f8351c2ddb2c3040195548363161a2a177c7cc0 (patch) | |
tree | 2d20e0664649e63797729622e0a9bade90d9245e /src/dht/gnunet-service-dht_neighbours.c | |
parent | 14d1628f5f19326e99597a33661f40f2f642f4f1 (diff) | |
download | gnunet-8f8351c2ddb2c3040195548363161a2a177c7cc0.tar.gz gnunet-8f8351c2ddb2c3040195548363161a2a177c7cc0.zip |
add more information to ensure signatures are fresh and request-specific
Diffstat (limited to 'src/dht/gnunet-service-dht_neighbours.c')
-rw-r--r-- | src/dht/gnunet-service-dht_neighbours.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c index 2c9240969..95d8bb032 100644 --- a/src/dht/gnunet-service-dht_neighbours.c +++ b/src/dht/gnunet-service-dht_neighbours.c | |||
@@ -419,26 +419,36 @@ static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key; | |||
419 | * Sign that we are routing a message from @a pred to @a succ. | 419 | * Sign that we are routing a message from @a pred to @a succ. |
420 | * (So the route is $PRED->us->$SUCC). | 420 | * (So the route is $PRED->us->$SUCC). |
421 | * | 421 | * |
422 | * @param key key of the data (not necessarily the query hash) | ||
423 | * @param data payload (the block) | ||
424 | * @param data_size number of bytes in @a data | ||
425 | * @param exp_time expiration time of @a data | ||
422 | * @param pred predecessor peer ID | 426 | * @param pred predecessor peer ID |
423 | * @param succ successor peer ID | 427 | * @param succ successor peer ID |
424 | * @param[out] sig where to write the signature | 428 | * @param[out] sig where to write the signature |
425 | * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP) | 429 | * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP) |
426 | */ | 430 | */ |
427 | static void | 431 | static void |
428 | sign_path (const struct GNUNET_PeerIdentity *pred, | 432 | sign_path (const struct GNUNET_HashCode *key, |
433 | const void *data, | ||
434 | size_t data_size, | ||
435 | struct GNUNET_TIME_Absolute exp_time, | ||
436 | const struct GNUNET_PeerIdentity *pred, | ||
429 | const struct GNUNET_PeerIdentity *succ, | 437 | const struct GNUNET_PeerIdentity *succ, |
430 | struct GNUNET_CRYPTO_EddsaSignature *sig) | 438 | struct GNUNET_CRYPTO_EddsaSignature *sig) |
431 | { | 439 | { |
432 | struct GNUNET_DHT_HopSignature hs = { | 440 | struct GNUNET_DHT_HopSignature hs = { |
433 | .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP), | 441 | .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP), |
434 | .purpose.size = htonl (sizeof (hs)), | 442 | .purpose.size = htonl (sizeof (hs)), |
443 | .expiration_time = GNUNET_TIME_absolute_hton (exp_time), | ||
444 | .key = *key, | ||
435 | .pred = *pred, | 445 | .pred = *pred, |
436 | .succ = *succ | 446 | .succ = *succ |
437 | }; | 447 | }; |
438 | 448 | ||
439 | /* TODO: we might want to cache signatures by 'hs' in the | 449 | GNUNET_CRYPTO_hash (data, |
440 | future as an optimization to reduce the amount of | 450 | data_size, |
441 | crypto operations we need to do! */ | 451 | &hs.h_data); |
442 | GNUNET_CRYPTO_eddsa_sign (&my_private_key, | 452 | GNUNET_CRYPTO_eddsa_sign (&my_private_key, |
443 | &hs, | 453 | &hs, |
444 | sig); | 454 | sig); |
@@ -1387,7 +1397,11 @@ GDS_NEIGHBOURS_handle_put (const struct GDS_DATACACHE_BlockData *bd, | |||
1387 | { | 1397 | { |
1388 | /* Note that the signature in 'put_path' was not initialized before, | 1398 | /* Note that the signature in 'put_path' was not initialized before, |
1389 | so this is crucial to avoid sending garbage. */ | 1399 | so this is crucial to avoid sending garbage. */ |
1390 | sign_path (&pp[put_path_length - 1].pred, | 1400 | sign_path (&bd->key, |
1401 | bd->data, | ||
1402 | bd->data_size, | ||
1403 | bd->expiration_time, | ||
1404 | &pp[put_path_length - 1].pred, | ||
1391 | target->id, | 1405 | target->id, |
1392 | &pp[put_path_length - 1].sig); | 1406 | &pp[put_path_length - 1].sig); |
1393 | } | 1407 | } |
@@ -1604,7 +1618,11 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi, | |||
1604 | { | 1618 | { |
1605 | /* Note that the signature in 'get_path' was not initialized before, | 1619 | /* Note that the signature in 'get_path' was not initialized before, |
1606 | so this is crucial to avoid sending garbage. */ | 1620 | so this is crucial to avoid sending garbage. */ |
1607 | sign_path (&paths[bd->put_path_length + get_path_length - 1].pred, | 1621 | sign_path (&bd->key, |
1622 | bd->data, | ||
1623 | bd->data_size, | ||
1624 | bd->expiration_time, | ||
1625 | &paths[bd->put_path_length + get_path_length - 1].pred, | ||
1608 | pi->id, | 1626 | pi->id, |
1609 | &paths[bd->put_path_length + get_path_length - 1].sig); | 1627 | &paths[bd->put_path_length + get_path_length - 1].sig); |
1610 | } | 1628 | } |