diff options
author | Matthias Wachs <wachs@net.in.tum.de> | 2012-07-05 15:37:42 +0000 |
---|---|---|
committer | Matthias Wachs <wachs@net.in.tum.de> | 2012-07-05 15:37:42 +0000 |
commit | 86be3237abd7ff9bf06f1911802e8a38fb985650 (patch) | |
tree | a2ebbc0ff922a8768510f9dd97d40aceb807b496 /src/transport/gnunet-service-transport_validation.c | |
parent | 75cb1be5b4c6322881d4664e53fe1d1afe92532d (diff) | |
download | gnunet-86be3237abd7ff9bf06f1911802e8a38fb985650.tar.gz gnunet-86be3237abd7ff9bf06f1911802e8a38fb985650.zip |
- compatibility code
Diffstat (limited to 'src/transport/gnunet-service-transport_validation.c')
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 116 |
1 files changed, 92 insertions, 24 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 3626aad82..e61d1337d 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -34,6 +34,7 @@ | |||
34 | #include "gnunet_peerinfo_service.h" | 34 | #include "gnunet_peerinfo_service.h" |
35 | #include "gnunet_signatures.h" | 35 | #include "gnunet_signatures.h" |
36 | 36 | ||
37 | #define KEEP_093_COMPATIBILITY GNUNET_YES | ||
37 | 38 | ||
38 | /** | 39 | /** |
39 | * How long is a PONG signature valid? We'll recycle a signature until | 40 | * How long is a PONG signature valid? We'll recycle a signature until |
@@ -439,8 +440,8 @@ transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid, | |||
439 | uint16_t hsize; | 440 | uint16_t hsize; |
440 | 441 | ||
441 | ve->bc = NULL; | 442 | ve->bc = NULL; |
442 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s\n", | 443 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n", |
443 | GNUNET_i2s (pid), GST_plugins_a2s (ve->address)); | 444 | GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name); |
444 | 445 | ||
445 | slen = strlen (ve->address->transport_name) + 1; | 446 | slen = strlen (ve->address->transport_name) + 1; |
446 | hello = GST_hello_get (); | 447 | hello = GST_hello_get (); |
@@ -788,6 +789,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
788 | size_t alen; | 789 | size_t alen; |
789 | size_t slen; | 790 | size_t slen; |
790 | ssize_t ret; | 791 | ssize_t ret; |
792 | int buggy = GNUNET_NO; | ||
791 | struct GNUNET_HELLO_Address address; | 793 | struct GNUNET_HELLO_Address address; |
792 | 794 | ||
793 | if (ntohs (hdr->size) < sizeof (struct TransportPingMessage)) | 795 | if (ntohs (hdr->size) < sizeof (struct TransportPingMessage)) |
@@ -831,15 +833,45 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
831 | address.address = addrend; | 833 | address.address = addrend; |
832 | address.address_length = alen; | 834 | address.address_length = alen; |
833 | address.transport_name = addr; | 835 | address.transport_name = addr; |
834 | address.peer = *sender; | 836 | address.peer = GST_my_identity; |
835 | if (GNUNET_YES != | 837 | |
836 | GST_hello_test_address (&address, &sig_cache, &sig_cache_exp)) | 838 | |
839 | if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp)) | ||
837 | { | 840 | { |
838 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 841 | #if KEEP_093_COMPATIBILITY |
839 | _ | 842 | int idsize = sizeof (GST_my_identity); |
840 | ("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), | 843 | if (alen <= idsize) |
841 | GST_plugins_a2s (&address)); | 844 | { |
842 | return; | 845 | if (0 == memcmp (address.address, &GST_my_identity, alen)) |
846 | buggy = GNUNET_YES; | ||
847 | } | ||
848 | else if (alen <= (idsize + strlen (address.transport_name))) | ||
849 | { | ||
850 | char *achar = (char *) &address.address; | ||
851 | if ((0 == memcmp (address.address, &GST_my_identity, idsize)) && | ||
852 | (0 == memcmp (&achar[idsize], address.transport_name, alen - idsize))) | ||
853 | buggy = GNUNET_YES; | ||
854 | } | ||
855 | else | ||
856 | { | ||
857 | /* Not predicatable */ | ||
858 | return; | ||
859 | } | ||
860 | #endif | ||
861 | if (GNUNET_NO == buggy) | ||
862 | { | ||
863 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
864 | "Not confirming PING from peer `%s' with address `%s' since I cannot confirm having this address.\n", | ||
865 | GNUNET_i2s (sender), | ||
866 | GST_plugins_a2s (&address)); | ||
867 | return; | ||
868 | } | ||
869 | else | ||
870 | { | ||
871 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
872 | _("Received a PING message with validation bug from `%s'\n"), | ||
873 | GNUNET_i2s (sender)); | ||
874 | } | ||
843 | } | 875 | } |
844 | } | 876 | } |
845 | else | 877 | else |
@@ -865,24 +897,61 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
865 | pong->challenge = ping->challenge; | 897 | pong->challenge = ping->challenge; |
866 | pong->addrlen = htonl (alen + slen); | 898 | pong->addrlen = htonl (alen + slen); |
867 | memcpy (&pong[1], addr, slen); | 899 | memcpy (&pong[1], addr, slen); |
868 | memcpy (&((char *) &pong[1])[slen], addrend, alen); | 900 | #if KEEP_093_COMPATIBILITY |
869 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < | 901 | if (GNUNET_YES == buggy) |
870 | PONG_SIGNATURE_LIFETIME.rel_value / 4) | ||
871 | { | 902 | { |
872 | /* create / update cached sig */ | 903 | int idsize = sizeof (GST_my_identity); |
873 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 904 | if (alen <= idsize) |
874 | "Creating PONG signature to indicate ownership.\n"); | 905 | { |
875 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | 906 | memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen); |
876 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | 907 | } |
908 | else if (alen <= (idsize + strlen (address.transport_name) + 1)) | ||
909 | { | ||
910 | memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen); | ||
911 | memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize); | ||
912 | } | ||
913 | else | ||
914 | { | ||
915 | /* If this would happen, we would have a inconsistent PING we cannot reproduce */ | ||
916 | GNUNET_free (pong); | ||
917 | return; | ||
918 | } | ||
919 | |||
920 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n"); | ||
921 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); | ||
877 | GNUNET_assert (GNUNET_OK == | 922 | GNUNET_assert (GNUNET_OK == |
878 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose, | 923 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose, |
879 | sig_cache)); | 924 | &pong->signature)); |
880 | } | 925 | } |
881 | else | 926 | else |
882 | { | 927 | { |
883 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | 928 | #endif |
929 | memcpy (&((char *) &pong[1])[slen], addrend, alen); | ||
930 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < | ||
931 | PONG_SIGNATURE_LIFETIME.rel_value / 4) | ||
932 | { | ||
933 | /* create / update cached sig */ | ||
934 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
935 | "Creating PONG signature to indicate ownership.\n"); | ||
936 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | ||
937 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | ||
938 | GNUNET_assert (GNUNET_OK == | ||
939 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose, | ||
940 | sig_cache)); | ||
941 | } | ||
942 | else | ||
943 | { | ||
944 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | ||
945 | } | ||
946 | pong->signature = *sig_cache; | ||
947 | |||
948 | #if KEEP_093_COMPATIBILITY | ||
884 | } | 949 | } |
885 | pong->signature = *sig_cache; | 950 | #endif |
951 | |||
952 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, | ||
953 | &pong->purpose, &pong->signature, | ||
954 | &GST_my_public_key)); | ||
886 | 955 | ||
887 | GNUNET_assert (sender_address != NULL); | 956 | GNUNET_assert (sender_address != NULL); |
888 | 957 | ||
@@ -1083,7 +1152,6 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1083 | } | 1152 | } |
1084 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1153 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1085 | "Address validated for peer `%s' with plugin `%s': `%s'\n", | 1154 | "Address validated for peer `%s' with plugin `%s': `%s'\n", |
1086 | |||
1087 | GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address)); | 1155 | GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address)); |
1088 | /* validity achieved, remember it! */ | 1156 | /* validity achieved, remember it! */ |
1089 | ve->expecting_pong = GNUNET_NO; | 1157 | ve->expecting_pong = GNUNET_NO; |
@@ -1130,11 +1198,11 @@ GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello) | |||
1130 | /* Add peer identity without addresses to peerinfo service */ | 1198 | /* Add peer identity without addresses to peerinfo service */ |
1131 | h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL); | 1199 | h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL); |
1132 | GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL); | 1200 | GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL); |
1133 | #if VERBOSE_VALIDATION | 1201 | |
1134 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1202 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1135 | _("Adding `%s' without addresses for peer `%s'\n"), "HELLO", | 1203 | _("Adding `%s' without addresses for peer `%s'\n"), "HELLO", |
1136 | GNUNET_i2s (&vac.pid)); | 1204 | GNUNET_i2s (&vac.pid)); |
1137 | #endif | 1205 | |
1138 | GNUNET_free (h); | 1206 | GNUNET_free (h); |
1139 | GNUNET_assert (NULL == | 1207 | GNUNET_assert (NULL == |
1140 | GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO, | 1208 | GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO, |