aboutsummaryrefslogtreecommitdiff
path: root/src/dht/gnunet-service-dht_neighbours.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2022-02-26 11:26:36 +0100
committerChristian Grothoff <christian@grothoff.org>2022-02-26 11:26:41 +0100
commit7164ab94bd02201f492f6b47698a1e9d14944eb6 (patch)
treeb9f8b5f2a4fdbf732d6d71708713da0ef9b60451 /src/dht/gnunet-service-dht_neighbours.c
parent7dbabde5ecd77ab73a2d630db9f1df418ac987b8 (diff)
downloadgnunet-7164ab94bd02201f492f6b47698a1e9d14944eb6.tar.gz
gnunet-7164ab94bd02201f492f6b47698a1e9d14944eb6.zip
-remove query hash from what is being signed over
Diffstat (limited to 'src/dht/gnunet-service-dht_neighbours.c')
-rw-r--r--src/dht/gnunet-service-dht_neighbours.c212
1 files changed, 101 insertions, 111 deletions
diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c
index f542dd6af..db4ecb34a 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -40,8 +40,11 @@
40 40
41/** 41/**
42 * Enable slow sanity checks to debug issues. 42 * Enable slow sanity checks to debug issues.
43 * 0: do not check
44 * 1: check all external inputs
45 * 2: check internal computations as well
43 */ 46 */
44#define SANITY_CHECKS 1 47#define SANITY_CHECKS 2
45 48
46/** 49/**
47 * How many buckets will we allow in total. 50 * How many buckets will we allow in total.
@@ -522,15 +525,15 @@ do_send (struct PeerInfo *pi,
522 * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP) 525 * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP)
523 */ 526 */
524static void 527static void
525sign_put_path (const void *data, 528sign_path (const void *data,
526 size_t data_size, 529 size_t data_size,
527 struct GNUNET_TIME_Absolute exp_time, 530 struct GNUNET_TIME_Absolute exp_time,
528 const struct GNUNET_PeerIdentity *pred, 531 const struct GNUNET_PeerIdentity *pred,
529 const struct GNUNET_PeerIdentity *succ, 532 const struct GNUNET_PeerIdentity *succ,
530 struct GNUNET_CRYPTO_EddsaSignature *sig) 533 struct GNUNET_CRYPTO_EddsaSignature *sig)
531{ 534{
532 struct GNUNET_DHT_PutHopSignature hs = { 535 struct GNUNET_DHT_HopSignature hs = {
533 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP), 536 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
534 .purpose.size = htonl (sizeof (hs)), 537 .purpose.size = htonl (sizeof (hs)),
535 .expiration_time = GNUNET_TIME_absolute_hton (exp_time), 538 .expiration_time = GNUNET_TIME_absolute_hton (exp_time),
536 .pred = *pred, 539 .pred = *pred,
@@ -547,46 +550,6 @@ sign_put_path (const void *data,
547 550
548 551
549/** 552/**
550 * Sign that we are routing a message from @a pred to @a succ.
551 * (So the route is $PRED->us->$SUCC).
552 *
553 * @param query_hash query being answered
554 * @param data payload (the block)
555 * @param data_size number of bytes in @a data
556 * @param exp_time expiration time of @a data
557 * @param pred predecessor peer ID
558 * @param succ successor peer ID
559 * @param[out] sig where to write the signature
560 * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP)
561 */
562static void
563sign_result_path (const struct GNUNET_HashCode *query_hash,
564 const void *data,
565 size_t data_size,
566 struct GNUNET_TIME_Absolute exp_time,
567 const struct GNUNET_PeerIdentity *pred,
568 const struct GNUNET_PeerIdentity *succ,
569 struct GNUNET_CRYPTO_EddsaSignature *sig)
570{
571 struct GNUNET_DHT_ResultHopSignature hs = {
572 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_RESULT_HOP),
573 .purpose.size = htonl (sizeof (hs)),
574 .expiration_time = GNUNET_TIME_absolute_hton (exp_time),
575 .query_hash = *query_hash,
576 .pred = *pred,
577 .succ = *succ
578 };
579
580 GNUNET_CRYPTO_hash (data,
581 data_size,
582 &hs.h_data);
583 GNUNET_CRYPTO_eddsa_sign (&GDS_my_private_key,
584 &hs,
585 sig);
586}
587
588
589/**
590 * Find the optimal bucket for this key. 553 * Find the optimal bucket for this key.
591 * 554 *
592 * @param hc the hashcode to compare our identity to 555 * @param hc the hashcode to compare our identity to
@@ -1335,10 +1298,9 @@ GDS_NEIGHBOURS_handle_put (const struct GDS_DATACACHE_BlockData *bd,
1335 unsigned int put_path_length = bd->put_path_length; 1298 unsigned int put_path_length = bd->put_path_length;
1336 1299
1337 GNUNET_assert (NULL != bf); 1300 GNUNET_assert (NULL != bf);
1338#if SANITY_CHECKS 1301#if SANITY_CHECKS > 1
1339 if (0 != 1302 if (0 !=
1340 GNUNET_DHT_verify_path (NULL, 1303 GNUNET_DHT_verify_path (bd->data,
1341 bd->data,
1342 bd->data_size, 1304 bd->data_size,
1343 bd->expiration_time, 1305 bd->expiration_time,
1344 bd->put_path, 1306 bd->put_path,
@@ -1431,12 +1393,12 @@ GDS_NEIGHBOURS_handle_put (const struct GDS_DATACACHE_BlockData *bd,
1431 { 1393 {
1432 /* Note that the signature in 'put_path' was not initialized before, 1394 /* Note that the signature in 'put_path' was not initialized before,
1433 so this is crucial to avoid sending garbage. */ 1395 so this is crucial to avoid sending garbage. */
1434 sign_put_path (bd->data, 1396 sign_path (bd->data,
1435 bd->data_size, 1397 bd->data_size,
1436 bd->expiration_time, 1398 bd->expiration_time,
1437 &pp[put_path_length - 1].pred, 1399 &pp[put_path_length - 1].pred,
1438 &target->id, 1400 &target->id,
1439 &pp[put_path_length - 1].sig); 1401 &pp[put_path_length - 1].sig);
1440 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1402 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1441 "Signing PUT PATH %u => %s\n", 1403 "Signing PUT PATH %u => %s\n",
1442 put_path_length, 1404 put_path_length,
@@ -1594,10 +1556,9 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
1594 size_t msize; 1556 size_t msize;
1595 unsigned int ppl = bd->put_path_length; 1557 unsigned int ppl = bd->put_path_length;
1596 1558
1597#if SANITY_CHECKS 1559#if SANITY_CHECKS > 1
1598 if (0 != 1560 if (0 !=
1599 GNUNET_DHT_verify_path (query_hash, 1561 GNUNET_DHT_verify_path (bd->data,
1600 bd->data,
1601 bd->data_size, 1562 bd->data_size,
1602 bd->expiration_time, 1563 bd->expiration_time,
1603 bd->put_path, 1564 bd->put_path,
@@ -1634,7 +1595,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
1634 GNUNET_break (0); 1595 GNUNET_break (0);
1635 return false; 1596 return false;
1636 } 1597 }
1637 GNUNET_log (GNUNET_ERROR_TYPE_INFO, 1598 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1638 "Forwarding reply for key %s to peer %s\n", 1599 "Forwarding reply for key %s to peer %s\n",
1639 GNUNET_h2s (query_hash), 1600 GNUNET_h2s (query_hash),
1640 GNUNET_i2s (&pi->id)); 1601 GNUNET_i2s (&pi->id));
@@ -1681,13 +1642,12 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
1681 { 1642 {
1682 /* Note that the last signature in 'paths' was not initialized before, 1643 /* Note that the last signature in 'paths' was not initialized before,
1683 so this is crucial to avoid sending garbage. */ 1644 so this is crucial to avoid sending garbage. */
1684 sign_result_path (query_hash, 1645 sign_path (bd->data,
1685 bd->data, 1646 bd->data_size,
1686 bd->data_size, 1647 bd->expiration_time,
1687 bd->expiration_time, 1648 &paths[ppl + get_path_length - 1].pred,
1688 &paths[ppl + get_path_length - 1].pred, 1649 &pi->id,
1689 &pi->id, 1650 &paths[ppl + get_path_length - 1].sig);
1690 &paths[ppl + get_path_length - 1].sig);
1691 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1651 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1692 "Signing GET PATH %u/%u of %s => %s\n", 1652 "Signing GET PATH %u/%u of %s => %s\n",
1693 ppl, 1653 ppl,
@@ -1699,7 +1659,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
1699 bd->data, 1659 bd->data,
1700 bd->data_size); 1660 bd->data_size);
1701 1661
1702#if SANITY_CHECKS 1662#if SANITY_CHECKS > 1
1703 { 1663 {
1704 struct GNUNET_DHT_PathElement xpaths[get_path_length + 1]; 1664 struct GNUNET_DHT_PathElement xpaths[get_path_length + 1];
1705 1665
@@ -1708,8 +1668,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
1708 get_path_length * sizeof (struct GNUNET_DHT_PathElement)); 1668 get_path_length * sizeof (struct GNUNET_DHT_PathElement));
1709 xpaths[get_path_length].pred = GDS_my_identity; 1669 xpaths[get_path_length].pred = GDS_my_identity;
1710 if (0 != 1670 if (0 !=
1711 GNUNET_DHT_verify_path (&prm->key, 1671 GNUNET_DHT_verify_path (bd->data,
1712 bd->data,
1713 bd->data_size, 1672 bd->data_size,
1714 bd->expiration_time, 1673 bd->expiration_time,
1715 paths, 1674 paths,
@@ -1743,10 +1702,24 @@ static enum GNUNET_GenericReturnValue
1743check_dht_p2p_put (void *cls, 1702check_dht_p2p_put (void *cls,
1744 const struct PeerPutMessage *put) 1703 const struct PeerPutMessage *put)
1745{ 1704{
1705 struct Target *t = cls;
1706 struct PeerInfo *peer = t->pi;
1707 enum GNUNET_DHT_RouteOption options
1708 = (enum GNUNET_DHT_RouteOption) ntohs (put->options);
1709 const struct GNUNET_DHT_PathElement *put_path
1710 = (const struct GNUNET_DHT_PathElement *) &put[1];
1746 uint16_t msize = ntohs (put->header.size); 1711 uint16_t msize = ntohs (put->header.size);
1747 uint16_t putlen = ntohs (put->put_path_length); 1712 uint16_t putlen = ntohs (put->put_path_length);
1713 struct GDS_DATACACHE_BlockData bd = {
1714 .key = put->key,
1715 .expiration_time = GNUNET_TIME_absolute_ntoh (put->expiration_time),
1716 .type = ntohl (put->type),
1717 .data_size = msize - (sizeof(*put)
1718 + putlen * sizeof(struct GNUNET_DHT_PathElement)),
1719 .data = &put_path[putlen]
1720 };
1721 struct GNUNET_DHT_PathElement pp[putlen + 1];
1748 1722
1749 (void) cls;
1750 if ( (msize < 1723 if ( (msize <
1751 sizeof(struct PeerPutMessage) 1724 sizeof(struct PeerPutMessage)
1752 + putlen * sizeof(struct GNUNET_DHT_PathElement)) || 1725 + putlen * sizeof(struct GNUNET_DHT_PathElement)) ||
@@ -1756,6 +1729,52 @@ check_dht_p2p_put (void *cls,
1756 GNUNET_break_op (0); 1729 GNUNET_break_op (0);
1757 return GNUNET_SYSERR; 1730 return GNUNET_SYSERR;
1758 } 1731 }
1732
1733 GNUNET_memcpy (pp,
1734 put_path,
1735 putlen * sizeof(struct GNUNET_DHT_PathElement));
1736 pp[putlen].pred = peer->id;
1737 /* zero-out signature, not valid until we actually do forward! */
1738 memset (&pp[putlen].sig,
1739 0,
1740 sizeof (pp[putlen].sig));
1741#if SANITY_CHECKS
1742 /* extend 'put path' by sender */
1743 if (0 != (options & GNUNET_DHT_RO_RECORD_ROUTE))
1744 {
1745 for (unsigned int i = 0; i <= putlen; i++)
1746 {
1747 for (unsigned int j = 0; j < i; j++)
1748 {
1749 GNUNET_break (0 !=
1750 GNUNET_memcmp (&pp[i].pred,
1751 &pp[j].pred));
1752 }
1753 if (i < putlen)
1754 GNUNET_break (0 !=
1755 GNUNET_memcmp (&pp[i].pred,
1756 &peer->id));
1757 }
1758 if (0 !=
1759 GNUNET_DHT_verify_path (bd.data,
1760 bd.data_size,
1761 bd.expiration_time,
1762 pp,
1763 putlen + 1,
1764 NULL, 0, /* get_path */
1765 &GDS_my_identity))
1766 {
1767 GNUNET_break_op (0);
1768 return GNUNET_SYSERR;
1769 }
1770 }
1771 else if (0 != putlen)
1772 {
1773 GNUNET_break_op (0);
1774 return GNUNET_SYSERR;
1775 }
1776#endif
1777
1759 return GNUNET_OK; 1778 return GNUNET_OK;
1760} 1779}
1761 1780
@@ -1775,19 +1794,19 @@ handle_dht_p2p_put (void *cls,
1775 uint16_t msize = ntohs (put->header.size); 1794 uint16_t msize = ntohs (put->header.size);
1776 enum GNUNET_DHT_RouteOption options 1795 enum GNUNET_DHT_RouteOption options
1777 = (enum GNUNET_DHT_RouteOption) ntohs (put->options); 1796 = (enum GNUNET_DHT_RouteOption) ntohs (put->options);
1778 struct GDS_DATACACHE_BlockData bd = {
1779 .key = put->key,
1780 .expiration_time = GNUNET_TIME_absolute_ntoh (put->expiration_time),
1781 .type = ntohl (put->type)
1782 };
1783 const struct GNUNET_DHT_PathElement *put_path 1797 const struct GNUNET_DHT_PathElement *put_path
1784 = (const struct GNUNET_DHT_PathElement *) &put[1]; 1798 = (const struct GNUNET_DHT_PathElement *) &put[1];
1785 uint16_t putlen 1799 uint16_t putlen
1786 = ntohs (put->put_path_length); 1800 = ntohs (put->put_path_length);
1801 struct GDS_DATACACHE_BlockData bd = {
1802 .key = put->key,
1803 .expiration_time = GNUNET_TIME_absolute_ntoh (put->expiration_time),
1804 .type = ntohl (put->type),
1805 .data_size = msize - (sizeof(*put)
1806 + putlen * sizeof(struct GNUNET_DHT_PathElement)),
1807 .data = &put_path[putlen]
1808 };
1787 1809
1788 bd.data_size = msize - (sizeof(*put)
1789 + putlen * sizeof(struct GNUNET_DHT_PathElement));
1790 bd.data = &put_path[putlen];
1791 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1810 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1792 "PUT for `%s' from %s with RO (%s/%s)\n", 1811 "PUT for `%s' from %s with RO (%s/%s)\n",
1793 GNUNET_h2s (&put->key), 1812 GNUNET_h2s (&put->key),
@@ -1872,34 +1891,6 @@ handle_dht_p2p_put (void *cls,
1872 memset (&pp[putlen].sig, 1891 memset (&pp[putlen].sig,
1873 0, 1892 0,
1874 sizeof (pp[putlen].sig)); 1893 sizeof (pp[putlen].sig));
1875#if SANITY_CHECKS
1876 for (unsigned int i = 0; i <= putlen; i++)
1877 {
1878 for (unsigned int j = 0; j < i; j++)
1879 {
1880 GNUNET_break (0 !=
1881 GNUNET_memcmp (&pp[i].pred,
1882 &pp[j].pred));
1883 }
1884 if (i < putlen)
1885 GNUNET_break (0 !=
1886 GNUNET_memcmp (&pp[i].pred,
1887 &peer->id));
1888 }
1889 if (0 !=
1890 GNUNET_DHT_verify_path (&bd.key,
1891 bd.data,
1892 bd.data_size,
1893 bd.expiration_time,
1894 bd.put_path,
1895 putlen,
1896 NULL, 0, /* get_path */
1897 &GDS_my_identity))
1898 {
1899 GNUNET_break_op (0);
1900 putlen = 0;
1901 }
1902#endif
1903 } 1894 }
1904 else 1895 else
1905 { 1896 {
@@ -2359,8 +2350,7 @@ check_dht_p2p_result (void *cls,
2359 0, 2350 0,
2360 sizeof (gpx[get_path_length].sig)); 2351 sizeof (gpx[get_path_length].sig));
2361 if (0 != 2352 if (0 !=
2362 GNUNET_DHT_verify_path (&prm->key, 2353 GNUNET_DHT_verify_path (&gp[get_path_length],
2363 &gp[get_path_length],
2364 msize - (sizeof(struct PeerResultMessage) 2354 msize - (sizeof(struct PeerResultMessage)
2365 + (get_path_length + put_path_length) 2355 + (get_path_length + put_path_length)
2366 * sizeof(struct GNUNET_DHT_PathElement)), 2356 * sizeof(struct GNUNET_DHT_PathElement)),