diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-06-26 17:21:22 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-06-26 17:21:22 +0000 |
commit | 3999807382f98843cdde19211fc94484d0793087 (patch) | |
tree | eab97299e72edbfdd5d6f409db0729d9780d3e5e /src/regex/plugin_block_regex.c | |
parent | abc1a0ea19b7dc199b83749d31e32622c7469ded (diff) | |
download | gnunet-3999807382f98843cdde19211fc94484d0793087.tar.gz gnunet-3999807382f98843cdde19211fc94484d0793087.zip |
-introducing signing of regex accept states, removing PID from regex API
Diffstat (limited to 'src/regex/plugin_block_regex.c')
-rw-r--r-- | src/regex/plugin_block_regex.c | 125 |
1 files changed, 66 insertions, 59 deletions
diff --git a/src/regex/plugin_block_regex.c b/src/regex/plugin_block_regex.c index 9eeb13190..d8312a1a0 100644 --- a/src/regex/plugin_block_regex.c +++ b/src/regex/plugin_block_regex.c | |||
@@ -28,35 +28,8 @@ | |||
28 | #include "gnunet_block_plugin.h" | 28 | #include "gnunet_block_plugin.h" |
29 | #include "block_regex.h" | 29 | #include "block_regex.h" |
30 | #include "regex_block_lib.h" | 30 | #include "regex_block_lib.h" |
31 | 31 | #include "gnunet_constants.h" | |
32 | /** | 32 | #include "gnunet_signatures.h" |
33 | * Number of bits we set per entry in the bloomfilter. | ||
34 | * Do not change! | ||
35 | */ | ||
36 | #define BLOOMFILTER_K 16 | ||
37 | |||
38 | |||
39 | /** | ||
40 | * Show debug info about outgoing edges from a block. | ||
41 | * | ||
42 | * @param cls Closure (uunsed). | ||
43 | * @param token Edge label. | ||
44 | * @param len Length of @c token. | ||
45 | * @param key Block the edge point to. | ||
46 | * | ||
47 | * @return GNUNET_YES to keep iterating. | ||
48 | */ | ||
49 | static int | ||
50 | rdebug (void *cls, | ||
51 | const char *token, | ||
52 | size_t len, | ||
53 | const struct GNUNET_HashCode *key) | ||
54 | { | ||
55 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
56 | "%s: %.*s\n", | ||
57 | GNUNET_h2s (key), len, token); | ||
58 | return GNUNET_YES; | ||
59 | } | ||
60 | 33 | ||
61 | 34 | ||
62 | /** | 35 | /** |
@@ -86,8 +59,21 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type, | |||
86 | size_t xquery_size, const void *reply_block, | 59 | size_t xquery_size, const void *reply_block, |
87 | size_t reply_block_size) | 60 | size_t reply_block_size) |
88 | { | 61 | { |
89 | if (NULL == reply_block) /* queries (GET) are always valid */ | 62 | if (NULL == reply_block) |
90 | return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; | 63 | { |
64 | if (0 != xquery_size) | ||
65 | { | ||
66 | const char *s; | ||
67 | |||
68 | s = (const char *) xquery; | ||
69 | if ('\0' != s[xquery_size - 1]) /* must be valid 0-terminated string */ | ||
70 | { | ||
71 | GNUNET_break_op (0); | ||
72 | return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID; | ||
73 | } | ||
74 | } | ||
75 | return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; | ||
76 | } | ||
91 | if (0 != xquery_size) | 77 | if (0 != xquery_size) |
92 | { | 78 | { |
93 | const char *query; | 79 | const char *query; |
@@ -95,22 +81,15 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type, | |||
95 | query = (const char *) xquery; | 81 | query = (const char *) xquery; |
96 | if ('\0' != query[xquery_size - 1]) /* must be valid 0-terminated string */ | 82 | if ('\0' != query[xquery_size - 1]) /* must be valid 0-terminated string */ |
97 | { | 83 | { |
98 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 84 | GNUNET_break_op (0); |
99 | "Block xquery not a valid string\n"); | 85 | return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID; |
100 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | ||
101 | } | 86 | } |
102 | } | 87 | } |
103 | else if (NULL != query) /* PUTs don't need xquery */ | 88 | else |
104 | { | 89 | { |
105 | const struct RegexBlock *rblock = reply_block; | 90 | /* xquery is required for regex, at least an empty string */ |
106 | |||
107 | GNUNET_break_op (0); | 91 | GNUNET_break_op (0); |
108 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 92 | return GNUNET_BLOCK_EVALUATION_REQUEST_INVALID; |
109 | "Block with no xquery, query: %s, %u edges\n", | ||
110 | GNUNET_h2s (query), | ||
111 | ntohl (rblock->n_edges)); | ||
112 | REGEX_BLOCK_iterate (rblock, reply_block_size, &rdebug, NULL); | ||
113 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | ||
114 | } | 93 | } |
115 | switch (REGEX_BLOCK_check (reply_block, | 94 | switch (REGEX_BLOCK_check (reply_block, |
116 | reply_block_size, | 95 | reply_block_size, |
@@ -121,12 +100,9 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type, | |||
121 | GNUNET_break_op(0); | 100 | GNUNET_break_op(0); |
122 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 101 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
123 | case GNUNET_NO: | 102 | case GNUNET_NO: |
124 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 103 | /* xquery missmatch, can happen */ |
125 | "BLOCK XQUERY %s not accepted\n", xquery); | ||
126 | return GNUNET_BLOCK_EVALUATION_RESULT_IRRELEVANT; | 104 | return GNUNET_BLOCK_EVALUATION_RESULT_IRRELEVANT; |
127 | default: | 105 | default: |
128 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
129 | "BLOCK XQUERY %s accepted\n", xquery); | ||
130 | break; | 106 | break; |
131 | } | 107 | } |
132 | if (NULL != bf) | 108 | if (NULL != bf) |
@@ -143,7 +119,7 @@ evaluate_block_regex (void *cls, enum GNUNET_BLOCK_Type type, | |||
143 | } | 119 | } |
144 | else | 120 | else |
145 | { | 121 | { |
146 | *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K); | 122 | *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K); |
147 | } | 123 | } |
148 | GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash); | 124 | GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash); |
149 | } | 125 | } |
@@ -178,6 +154,8 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type, | |||
178 | size_t xquery_size, const void *reply_block, | 154 | size_t xquery_size, const void *reply_block, |
179 | size_t reply_block_size) | 155 | size_t reply_block_size) |
180 | { | 156 | { |
157 | const struct RegexAcceptBlock *rba; | ||
158 | |||
181 | if (0 != xquery_size) | 159 | if (0 != xquery_size) |
182 | { | 160 | { |
183 | GNUNET_break_op (0); | 161 | GNUNET_break_op (0); |
@@ -185,7 +163,31 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type, | |||
185 | } | 163 | } |
186 | if (NULL == reply_block) | 164 | if (NULL == reply_block) |
187 | return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; | 165 | return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; |
188 | if (sizeof (struct RegexAccept) != reply_block_size) | 166 | if (sizeof (struct RegexAcceptBlock) != reply_block_size) |
167 | { | ||
168 | GNUNET_break_op(0); | ||
169 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | ||
170 | } | ||
171 | rba = reply_block; | ||
172 | if (ntohl (rba->purpose.size) != | ||
173 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
174 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | ||
175 | sizeof (struct GNUNET_HashCode)) | ||
176 | { | ||
177 | GNUNET_break_op(0); | ||
178 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | ||
179 | } | ||
180 | if (0 == GNUNET_TIME_absolute_get_remaining (GNUNET_TIME_absolute_ntoh (rba->expiration_time)).rel_value) | ||
181 | { | ||
182 | /* technically invalid, but can happen without an error, so | ||
183 | we're nice by reporting it as a 'duplicate' */ | ||
184 | return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE; | ||
185 | } | ||
186 | if (GNUNET_OK != | ||
187 | GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT, | ||
188 | &rba->purpose, | ||
189 | &rba->signature, | ||
190 | &rba->public_key)) | ||
189 | { | 191 | { |
190 | GNUNET_break_op(0); | 192 | GNUNET_break_op(0); |
191 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 193 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
@@ -204,7 +206,7 @@ evaluate_block_regex_accept (void *cls, enum GNUNET_BLOCK_Type type, | |||
204 | } | 206 | } |
205 | else | 207 | else |
206 | { | 208 | { |
207 | *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, BLOOMFILTER_K); | 209 | *bf = GNUNET_CONTAINER_bloomfilter_init (NULL, 8, GNUNET_CONSTANTS_BLOOMFILTER_K); |
208 | } | 210 | } |
209 | GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash); | 211 | GNUNET_CONTAINER_bloomfilter_add (*bf, &mhash); |
210 | } | 212 | } |
@@ -247,7 +249,6 @@ block_plugin_regex_evaluate (void *cls, enum GNUNET_BLOCK_Type type, | |||
247 | xquery, xquery_size, | 249 | xquery, xquery_size, |
248 | reply_block, reply_block_size); | 250 | reply_block, reply_block_size); |
249 | break; | 251 | break; |
250 | |||
251 | case GNUNET_BLOCK_TYPE_REGEX_ACCEPT: | 252 | case GNUNET_BLOCK_TYPE_REGEX_ACCEPT: |
252 | result = evaluate_block_regex_accept (cls, type, query, bf, bf_mutator, | 253 | result = evaluate_block_regex_accept (cls, type, query, bf, bf_mutator, |
253 | xquery, xquery_size, | 254 | xquery, xquery_size, |
@@ -277,18 +278,24 @@ block_plugin_regex_get_key (void *cls, enum GNUNET_BLOCK_Type type, | |||
277 | const void *block, size_t block_size, | 278 | const void *block, size_t block_size, |
278 | struct GNUNET_HashCode * key) | 279 | struct GNUNET_HashCode * key) |
279 | { | 280 | { |
280 | int ret; | ||
281 | |||
282 | switch (type) | 281 | switch (type) |
283 | { | 282 | { |
284 | case GNUNET_BLOCK_TYPE_REGEX: | 283 | case GNUNET_BLOCK_TYPE_REGEX: |
285 | ret = REGEX_BLOCK_get_key (block, block_size, | 284 | if (GNUNET_OK != |
286 | key); | 285 | REGEX_BLOCK_get_key (block, block_size, |
287 | GNUNET_break_op (GNUNET_OK == ret); | 286 | key)) |
288 | return ret; | 287 | { |
288 | GNUNET_break_op (0); | ||
289 | return GNUNET_NO; | ||
290 | } | ||
291 | return GNUNET_OK; | ||
289 | case GNUNET_BLOCK_TYPE_REGEX_ACCEPT: | 292 | case GNUNET_BLOCK_TYPE_REGEX_ACCEPT: |
290 | GNUNET_assert (sizeof (struct RegexAccept) <= block_size); | 293 | if (sizeof (struct RegexAcceptBlock) != block_size); |
291 | *key = ((struct RegexAccept *) block)->key; | 294 | { |
295 | GNUNET_break_op (0); | ||
296 | return GNUNET_NO; | ||
297 | } | ||
298 | *key = ((struct RegexAcceptBlock *) block)->key; | ||
292 | return GNUNET_OK; | 299 | return GNUNET_OK; |
293 | default: | 300 | default: |
294 | GNUNET_break (0); | 301 | GNUNET_break (0); |