-introducing signing of regex accept states, removing PID from regex API

author: Christian Grothoff <christian@grothoff.org> 2013-06-26 17:21:22 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-06-26 17:21:22 +0000
commit: 3999807382f98843cdde19211fc94484d0793087 (patch)
tree: eab97299e72edbfdd5d6f409db0729d9780d3e5e /src/regex/plugin_block_regex.c
parent: abc1a0ea19b7dc199b83749d31e32622c7469ded (diff)
download: gnunet-3999807382f98843cdde19211fc94484d0793087.tar.gz
gnunet-3999807382f98843cdde19211fc94484d0793087.zip
1 files changed, 66 insertions, 59 deletions
diff --git a/src/regex/plugin_block_regex.c b/src/regex/plugin_block_regex.c
index 9eeb13190..d8312a1a0 100644
--- a/src/regex/plugin_block_regex.c
+++ b/src/regex/plugin_block_regex.c
@@ -28,35 +28,8 @@
 #include "gnunet_block_plugin.h"
 #include "block_regex.h"
 #include "regex_block_lib.h"
+#include "gnunet_constants.h"
-/**
+#include "gnunet_signatures.h"
- * Number of bits we set per entry in the bloomfilter.
- * Do not change!
- */
-#define BLOOMFILTER_K 16
-/**
- * Show debug info about outgoing edges from a block.
- * 
- * @param cls Closure (uunsed).
- * @param token Edge label.
- * @param len Length of @c token.
- * @param key Block the edge point to.
- * 
- * @return GNUNET_YES to keep iterating.
- */
-static int
-rdebug (void *cls,
-        const char *token,
-        size_t len,
-        const struct GNUNET_HashCode *key)
-{
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
-              "%s: %.*s\n",
-              GNUNET_h2s (key), len, token);
-  return GNUNET_YES;
-}
 /**
@@ -86,8 +59,21 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
                      size_t xquery_size, const void *reply_block,
                      size_t reply_block_size)
 {
-  if (NULL == reply_block) /* queries (GET) are always valid */
+  if (NULL == reply_block)
-    return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
+    {
+      if (0 != xquery_size)
+        {
+          const char *s;  
+          
+          s = (const char *) xquery;
+          if ('\0' != s[xquery_size - 1]) /* must be valid 0-terminated string */
+            {
+              GNUNET_break_op (0);
+              return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
+            }
+        }
+      return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
+    }
  if (0 != xquery_size)
  {
    const char *query;
@@ -95,22 +81,15 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
    query = (const char *) xquery;
    if ('\0' != query[xquery_size - 1]) /* must be valid 0-terminated string */
    {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+      GNUNET_break_op (0);
-                  "Block xquery not a valid string\n");
+      return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
-      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
    }
  }
-  else if (NULL != query) /* PUTs don't need xquery */
+  else 
  {
-    const struct RegexBlock *rblock = reply_block;
+    /* xquery is required for regex, at least an empty string */
    GNUNET_break_op (0);
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
+    return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
-                "Block with no xquery, query: %s, %u edges\n",
-                GNUNET_h2s (query), 
-                ntohl (rblock->n_edges));
-    REGEX_BLOCK_iterate (rblock, reply_block_size, &rdebug, NULL);
-    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
  }
  switch (REGEX_BLOCK_check (reply_block,
                             reply_block_size,
@@ -121,12 +100,9 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
      GNUNET_break_op(0);
      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
    case GNUNET_NO:
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+      /* xquery missmatch, can happen */
-                  "BLOCK XQUERY %s not accepted\n", xquery);
      return GNUNET_BLOCK_EVALUATION_RESULT_IRRELEVANT;
    default:
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "BLOCK XQUERY %s accepted\n", xquery);
      break;
  }
  if (NULL != bf)
@@ -143,7 +119,7 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
    }
    else
    {
-      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K);
+      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K);
    }
    GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);
  }
@@ -178,6 +154,8 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
                             size_t xquery_size, const void *reply_block,
                             size_t reply_block_size)
 {
+  const struct RegexAcceptBlock *rba;
  if (0 != xquery_size)
  {
    GNUNET_break_op (0);
@@ -185,7 +163,31 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
  }
  if (NULL == reply_block)
    return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
-  if (sizeof (struct RegexAccept) != reply_block_size)
+  if (sizeof (struct RegexAcceptBlock) != reply_block_size)
+  {
+    GNUNET_break_op(0);
+    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+  }
+  rba = reply_block;
+  if (ntohl (rba->purpose.size) !=
+      sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+      sizeof (struct GNUNET_TIME_AbsoluteNBO) +
+      sizeof (struct GNUNET_HashCode)) 
+  {
+    GNUNET_break_op(0);
+    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+  }
+  if (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (rba->expiration_time)).rel_value)
+  {
+    /* technically invalid, but can happen without an error, so
+       we're nice by reporting it as a 'duplicate' */
+    return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE;
+  }  
+  if (GNUNET_OK !=
+      GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT,
+                                &rba->purpose,
+                                &rba->signature,
+                                &rba->public_key))
  {
    GNUNET_break_op(0);
    return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
@@ -204,7 +206,7 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
    }
    else
    {
-      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K);
+      *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K);
    }
    GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);
  }
@@ -247,7 +249,6 @@ block_plugin_regex_evaluate (void *cls, enum GNUNET_BLOCK_Type type,
                                     xquery, xquery_size,
                                     reply_block, reply_block_size);
      break;
    case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:
      result = evaluate_block_regex_accept (cls, type, query, bf, bf_mutator,
                                            xquery, xquery_size,
@@ -277,18 +278,24 @@ block_plugin_regex_get_key (void *cls, enum GNUNET_BLOCK_Type type,
                            const void *block, size_t block_size,
                            struct GNUNET_HashCode * key)
 {
-  int ret;
  switch (type)
  {
    case GNUNET_BLOCK_TYPE_REGEX:
-      ret = REGEX_BLOCK_get_key (block, block_size,
+      if (GNUNET_OK !=
-                                 key);
+          REGEX_BLOCK_get_key (block, block_size,
-      GNUNET_break_op (GNUNET_OK == ret);
+                               key))
-      return ret;
+      {
+        GNUNET_break_op (0);
+        return GNUNET_NO;
+      }
+      return GNUNET_OK;
    case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:
-      GNUNET_assert (sizeof (struct RegexAccept) <= block_size);
+      if (sizeof (struct RegexAcceptBlock) != block_size);
-      *key = ((struct RegexAccept *) block)->key;
+      {
+        GNUNET_break_op (0);
+        return GNUNET_NO;
+      }
+      *key = ((struct RegexAcceptBlock *) block)->key;
      return GNUNET_OK;
    default:
      GNUNET_break (0);
author	Christian Grothoff <christian@grothoff.org>	2013-06-26 17:21:22 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-06-26 17:21:22 +0000
commit	3999807382f98843cdde19211fc94484d0793087 (patch)
tree	eab97299e72edbfdd5d6f409db0729d9780d3e5e /src/regex/plugin_block_regex.c
parent	abc1a0ea19b7dc199b83749d31e32622c7469ded (diff)
download	gnunet-3999807382f98843cdde19211fc94484d0793087.tar.gz gnunet-3999807382f98843cdde19211fc94484d0793087.zip

diff --git a/src/regex/plugin_block_regex.c b/src/regex/plugin_block_regex.c index 9eeb13190..d8312a1a0 100644 --- a/src/regex/plugin_block_regex.c +++ b/src/regex/plugin_block_regex.c
@@ -28,35 +28,8 @@
28	#include "gnunet_block_plugin.h"	28	#include "gnunet_block_plugin.h"
29	#include "block_regex.h"	29	#include "block_regex.h"
30	#include "regex_block_lib.h"	30	#include "regex_block_lib.h"
31		31	#include "gnunet_constants.h"
32	/**	32	#include "gnunet_signatures.h"
33	* Number of bits we set per entry in the bloomfilter.
34	* Do not change!
35	*/
36	#define BLOOMFILTER_K 16
37
38
39	/**
40	* Show debug info about outgoing edges from a block.
41	*
42	* @param cls Closure (uunsed).
43	* @param token Edge label.
44	* @param len Length of @c token.
45	* @param key Block the edge point to.
46	*
47	* @return GNUNET_YES to keep iterating.
48	*/
49	static int
50	rdebug (void *cls,
51	const char *token,
52	size_t len,
53	const struct GNUNET_HashCode *key)
54	{
55	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
56	"%s: %.*s\n",
57	GNUNET_h2s (key), len, token);
58	return GNUNET_YES;
59	}
60		33
61		34
62	/**	35	/**
@@ -86,8 +59,21 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
86	size_t xquery_size, const void *reply_block,	59	size_t xquery_size, const void *reply_block,
87	size_t reply_block_size)	60	size_t reply_block_size)
88	{	61	{
89	if (NULL == reply_block) /* queries (GET) are always valid */	62	if (NULL == reply_block)
90	return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;	63	{
		64	if (0 != xquery_size)
		65	{
		66	const char *s;
		67
		68	s = (const char *) xquery;
		69	if ('\0' != s[xquery_size - 1]) /* must be valid 0-terminated string */
		70	{
		71	GNUNET_break_op (0);
		72	return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
		73	}
		74	}
		75	return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
		76	}
91	if (0 != xquery_size)	77	if (0 != xquery_size)
92	{	78	{
93	const char *query;	79	const char *query;
@@ -95,22 +81,15 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
95	query = (const char *) xquery;	81	query = (const char *) xquery;
96	if ('\0' != query[xquery_size - 1]) /* must be valid 0-terminated string */	82	if ('\0' != query[xquery_size - 1]) /* must be valid 0-terminated string */
97	{	83	{
98	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	84	GNUNET_break_op (0);
99	"Block xquery not a valid string\n");	85	return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
100	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
101	}	86	}
102	}	87	}
103	else if (NULL != query) /* PUTs don't need xquery */	88	else
104	{	89	{
105	const struct RegexBlock *rblock = reply_block;	90	/* xquery is required for regex, at least an empty string */
106
107	GNUNET_break_op (0);	91	GNUNET_break_op (0);
108	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	92	return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID;
109	"Block with no xquery, query: %s, %u edges\n",
110	GNUNET_h2s (query),
111	ntohl (rblock->n_edges));
112	REGEX_BLOCK_iterate (rblock, reply_block_size, &rdebug, NULL);
113	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
114	}	93	}
115	switch (REGEX_BLOCK_check (reply_block,	94	switch (REGEX_BLOCK_check (reply_block,
116	reply_block_size,	95	reply_block_size,
@@ -121,12 +100,9 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
121	GNUNET_break_op(0);	100	GNUNET_break_op(0);
122	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;	101	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
123	case GNUNET_NO:	102	case GNUNET_NO:
124	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	103	/* xquery missmatch, can happen */
125	"BLOCK XQUERY %s not accepted\n", xquery);
126	return GNUNET_BLOCK_EVALUATION_RESULT_IRRELEVANT;	104	return GNUNET_BLOCK_EVALUATION_RESULT_IRRELEVANT;
127	default:	105	default:
128	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
129	"BLOCK XQUERY %s accepted\n", xquery);
130	break;	106	break;
131	}	107	}
132	if (NULL != bf)	108	if (NULL != bf)
@@ -143,7 +119,7 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type,
143	}	119	}
144	else	120	else
145	{	121	{
146	*bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K);	122	*bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K);
147	}	123	}
148	GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);	124	GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);
149	}	125	}
@@ -178,6 +154,8 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
178	size_t xquery_size, const void *reply_block,	154	size_t xquery_size, const void *reply_block,
179	size_t reply_block_size)	155	size_t reply_block_size)
180	{	156	{
		157	const struct RegexAcceptBlock *rba;
		158
181	if (0 != xquery_size)	159	if (0 != xquery_size)
182	{	160	{
183	GNUNET_break_op (0);	161	GNUNET_break_op (0);
@@ -185,7 +163,31 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
185	}	163	}
186	if (NULL == reply_block)	164	if (NULL == reply_block)
187	return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;	165	return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
188	if (sizeof (struct RegexAccept) != reply_block_size)	166	if (sizeof (struct RegexAcceptBlock) != reply_block_size)
		167	{
		168	GNUNET_break_op(0);
		169	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
		170	}
		171	rba = reply_block;
		172	if (ntohl (rba->purpose.size) !=
		173	sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
		174	sizeof (struct GNUNET_TIME_AbsoluteNBO) +
		175	sizeof (struct GNUNET_HashCode))
		176	{
		177	GNUNET_break_op(0);
		178	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
		179	}
		180	if (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (rba->expiration_time)).rel_value)
		181	{
		182	/* technically invalid, but can happen without an error, so
		183	we're nice by reporting it as a 'duplicate' */
		184	return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE;
		185	}
		186	if (GNUNET_OK !=
		187	GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT,
		188	&rba->purpose,
		189	&rba->signature,
		190	&rba->public_key))
189	{	191	{
190	GNUNET_break_op(0);	192	GNUNET_break_op(0);
191	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;	193	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
@@ -204,7 +206,7 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type,
204	}	206	}
205	else	207	else
206	{	208	{
207	*bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K);	209	*bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K);
208	}	210	}
209	GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);	211	GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash);
210	}	212	}
@@ -247,7 +249,6 @@ block_plugin_regex_evaluate (void *cls, enum GNUNET_BLOCK_Type type,
247	xquery, xquery_size,	249	xquery, xquery_size,
248	reply_block, reply_block_size);	250	reply_block, reply_block_size);
249	break;	251	break;
250
251	case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:	252	case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:
252	result = evaluate_block_regex_accept (cls, type, query, bf, bf_mutator,	253	result = evaluate_block_regex_accept (cls, type, query, bf, bf_mutator,
253	xquery, xquery_size,	254	xquery, xquery_size,
@@ -277,18 +278,24 @@ block_plugin_regex_get_key (void *cls, enum GNUNET_BLOCK_Type type,
277	const void *block, size_t block_size,	278	const void *block, size_t block_size,
278	struct GNUNET_HashCode * key)	279	struct GNUNET_HashCode * key)
279	{	280	{
280	int ret;
281
282	switch (type)	281	switch (type)
283	{	282	{
284	case GNUNET_BLOCK_TYPE_REGEX:	283	case GNUNET_BLOCK_TYPE_REGEX:
285	ret = REGEX_BLOCK_get_key (block, block_size,	284	if (GNUNET_OK !=
286	key);	285	REGEX_BLOCK_get_key (block, block_size,
287	GNUNET_break_op (GNUNET_OK == ret);	286	key))
288	return ret;	287	{
		288	GNUNET_break_op (0);
		289	return GNUNET_NO;
		290	}
		291	return GNUNET_OK;
289	case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:	292	case GNUNET_BLOCK_TYPE_REGEX_ACCEPT:
290	GNUNET_assert (sizeof (struct RegexAccept) <= block_size);	293	if (sizeof (struct RegexAcceptBlock) != block_size);
291	key = ((struct RegexAccept ) block)->key;	294	{
		295	GNUNET_break_op (0);
		296	return GNUNET_NO;
		297	}
		298	key = ((struct RegexAcceptBlock ) block)->key;
292	return GNUNET_OK;	299	return GNUNET_OK;
293	default:	300	default:
294	GNUNET_break (0);	301	GNUNET_break (0);