aboutsummaryrefslogtreecommitdiff
path: root/src/dht/gnunet-service-dht_neighbours.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2022-01-10 10:31:59 +0100
committerChristian Grothoff <christian@grothoff.org>2022-01-10 10:31:59 +0100
commit8f8351c2ddb2c3040195548363161a2a177c7cc0 (patch)
tree2d20e0664649e63797729622e0a9bade90d9245e /src/dht/gnunet-service-dht_neighbours.c
parent14d1628f5f19326e99597a33661f40f2f642f4f1 (diff)
downloadgnunet-8f8351c2ddb2c3040195548363161a2a177c7cc0.tar.gz
gnunet-8f8351c2ddb2c3040195548363161a2a177c7cc0.zip
add more information to ensure signatures are fresh and request-specific
Diffstat (limited to 'src/dht/gnunet-service-dht_neighbours.c')
-rw-r--r--src/dht/gnunet-service-dht_neighbours.c30
1 files changed, 24 insertions, 6 deletions
diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c
index 2c9240969..95d8bb032 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -419,26 +419,36 @@ static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key;
419 * Sign that we are routing a message from @a pred to @a succ. 419 * Sign that we are routing a message from @a pred to @a succ.
420 * (So the route is $PRED->us->$SUCC). 420 * (So the route is $PRED->us->$SUCC).
421 * 421 *
422 * @param key key of the data (not necessarily the query hash)
423 * @param data payload (the block)
424 * @param data_size number of bytes in @a data
425 * @param exp_time expiration time of @a data
422 * @param pred predecessor peer ID 426 * @param pred predecessor peer ID
423 * @param succ successor peer ID 427 * @param succ successor peer ID
424 * @param[out] sig where to write the signature 428 * @param[out] sig where to write the signature
425 * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP) 429 * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP)
426 */ 430 */
427static void 431static void
428sign_path (const struct GNUNET_PeerIdentity *pred, 432sign_path (const struct GNUNET_HashCode *key,
433 const void *data,
434 size_t data_size,
435 struct GNUNET_TIME_Absolute exp_time,
436 const struct GNUNET_PeerIdentity *pred,
429 const struct GNUNET_PeerIdentity *succ, 437 const struct GNUNET_PeerIdentity *succ,
430 struct GNUNET_CRYPTO_EddsaSignature *sig) 438 struct GNUNET_CRYPTO_EddsaSignature *sig)
431{ 439{
432 struct GNUNET_DHT_HopSignature hs = { 440 struct GNUNET_DHT_HopSignature hs = {
433 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP), 441 .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
434 .purpose.size = htonl (sizeof (hs)), 442 .purpose.size = htonl (sizeof (hs)),
443 .expiration_time = GNUNET_TIME_absolute_hton (exp_time),
444 .key = *key,
435 .pred = *pred, 445 .pred = *pred,
436 .succ = *succ 446 .succ = *succ
437 }; 447 };
438 448
439 /* TODO: we might want to cache signatures by 'hs' in the 449 GNUNET_CRYPTO_hash (data,
440 future as an optimization to reduce the amount of 450 data_size,
441 crypto operations we need to do! */ 451 &hs.h_data);
442 GNUNET_CRYPTO_eddsa_sign (&my_private_key, 452 GNUNET_CRYPTO_eddsa_sign (&my_private_key,
443 &hs, 453 &hs,
444 sig); 454 sig);
@@ -1387,7 +1397,11 @@ GDS_NEIGHBOURS_handle_put (const struct GDS_DATACACHE_BlockData *bd,
1387 { 1397 {
1388 /* Note that the signature in 'put_path' was not initialized before, 1398 /* Note that the signature in 'put_path' was not initialized before,
1389 so this is crucial to avoid sending garbage. */ 1399 so this is crucial to avoid sending garbage. */
1390 sign_path (&pp[put_path_length - 1].pred, 1400 sign_path (&bd->key,
1401 bd->data,
1402 bd->data_size,
1403 bd->expiration_time,
1404 &pp[put_path_length - 1].pred,
1391 target->id, 1405 target->id,
1392 &pp[put_path_length - 1].sig); 1406 &pp[put_path_length - 1].sig);
1393 } 1407 }
@@ -1604,7 +1618,11 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
1604 { 1618 {
1605 /* Note that the signature in 'get_path' was not initialized before, 1619 /* Note that the signature in 'get_path' was not initialized before,
1606 so this is crucial to avoid sending garbage. */ 1620 so this is crucial to avoid sending garbage. */
1607 sign_path (&paths[bd->put_path_length + get_path_length - 1].pred, 1621 sign_path (&bd->key,
1622 bd->data,
1623 bd->data_size,
1624 bd->expiration_time,
1625 &paths[bd->put_path_length + get_path_length - 1].pred,
1608 pi->id, 1626 pi->id,
1609 &paths[bd->put_path_length + get_path_length - 1].sig); 1627 &paths[bd->put_path_length + get_path_length - 1].sig);
1610 } 1628 }