- compatibility code

author: Matthias Wachs <wachs@net.in.tum.de> 2012-07-05 15:37:42 +0000
committer: Matthias Wachs <wachs@net.in.tum.de> 2012-07-05 15:37:42 +0000
commit: 86be3237abd7ff9bf06f1911802e8a38fb985650 (patch)
tree: a2ebbc0ff922a8768510f9dd97d40aceb807b496 /src/transport/gnunet-service-transport_validation.c
parent: 75cb1be5b4c6322881d4664e53fe1d1afe92532d (diff)
download: gnunet-86be3237abd7ff9bf06f1911802e8a38fb985650.tar.gz
gnunet-86be3237abd7ff9bf06f1911802e8a38fb985650.zip
1 files changed, 92 insertions, 24 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c
index 3626aad82..e61d1337d 100644
--- a/src/transport/gnunet-service-transport_validation.c
+++ b/src/transport/gnunet-service-transport_validation.c
@@ -34,6 +34,7 @@
 #include "gnunet_peerinfo_service.h"
 #include "gnunet_signatures.h"
+#define KEEP_093_COMPATIBILITY GNUNET_YES
 /**
 * How long is a PONG signature valid?  We'll recycle a signature until
@@ -439,8 +440,8 @@ transmit_ping_if_allowed (void *cls, const struct GNUNET_PeerIdentity *pid,
  uint16_t hsize;
  ve->bc = NULL;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s\n",
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n",
-              GNUNET_i2s (pid), GST_plugins_a2s (ve->address));
+              GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
  slen = strlen (ve->address->transport_name) + 1;
  hello = GST_hello_get ();
@@ -788,6 +789,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
  size_t alen;
  size_t slen;
  ssize_t ret;
+  int buggy = GNUNET_NO;
  struct GNUNET_HELLO_Address address;
  if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
@@ -831,15 +833,45 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
    address.address = addrend;
    address.address_length = alen;
    address.transport_name = addr;
-    address.peer = *sender;
+    address.peer = GST_my_identity;
-    if (GNUNET_YES !=
-        GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
+    if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
    {
-      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+#if KEEP_093_COMPATIBILITY
-                  _
+      int idsize = sizeof (GST_my_identity);
-                  ("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
+      if (alen <= idsize)
-                  GST_plugins_a2s (&address));
+      {
-      return;
+        if (0 == memcmp (address.address, &GST_my_identity, alen))
+          buggy = GNUNET_YES;
+      }
+      else if (alen <= (idsize + strlen (address.transport_name)))
+      {
+        char *achar = (char *) &address.address;
+        if ((0 == memcmp (address.address, &GST_my_identity, idsize)) &&
+            (0 == memcmp (&achar[idsize], address.transport_name, alen - idsize)))
+          buggy = GNUNET_YES;
+      }
+      else
+      {
+        /* Not predicatable */
+        return;
+      }
+#endif
+      if (GNUNET_NO == buggy)
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "Not confirming PING from peer `%s' with address `%s' since I cannot confirm having this address.\n",
+                    GNUNET_i2s (sender),
+                    GST_plugins_a2s (&address));
+        return;
+      }
+      else
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    _("Received a PING message with validation bug from `%s'\n"),
+                    GNUNET_i2s (sender));
+      }
    }
  }
  else
@@ -865,24 +897,61 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
  pong->challenge = ping->challenge;
  pong->addrlen = htonl (alen + slen);
  memcpy (&pong[1], addr, slen);
-  memcpy (&((char *) &pong[1])[slen], addrend, alen);
+#if KEEP_093_COMPATIBILITY
-  if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
+  if (GNUNET_YES == buggy)
-      PONG_SIGNATURE_LIFETIME.rel_value / 4)
  {
-    /* create / update cached sig */
+    int idsize = sizeof (GST_my_identity);
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+    if (alen <= idsize)
-                "Creating PONG signature to indicate ownership.\n");
+    {
-    *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
+      memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
-    pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
+    }
+    else if (alen <= (idsize + strlen (address.transport_name) + 1))
+    {
+      memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
+      memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize);
+    }
+    else
+    {
+      /* If this would happen, we would have a inconsistent PING we cannot reproduce */
+      GNUNET_free (pong);
+      return;
+    }
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
+    pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
    GNUNET_assert (GNUNET_OK ==
                   GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
-                                           sig_cache));
+                                           &pong->signature));
  }
  else
  {
-    pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
+#endif
+    memcpy (&((char *) &pong[1])[slen], addrend, alen);
+    if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
+        PONG_SIGNATURE_LIFETIME.rel_value / 4)
+    {
+      /* create / update cached sig */
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Creating PONG signature to indicate ownership.\n");
+      *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
+      pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
+                                             sig_cache));
+    }
+    else
+    {
+      pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
+    }
+    pong->signature = *sig_cache;
+#if KEEP_093_COMPATIBILITY
  }
-  pong->signature = *sig_cache;
+#endif
+  GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+                            &pong->purpose, &pong->signature,
+                            &GST_my_public_key));
  GNUNET_assert (sender_address != NULL);
@@ -1083,7 +1152,6 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Address validated for peer `%s' with plugin `%s': `%s'\n",
              GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));
  /* validity achieved, remember it! */
  ve->expecting_pong = GNUNET_NO;
@@ -1130,11 +1198,11 @@ GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
  /* Add peer identity without addresses to peerinfo service */
  h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
  GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL);
-#if VERBOSE_VALIDATION
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              _("Adding `%s' without addresses for peer `%s'\n"), "HELLO",
              GNUNET_i2s (&vac.pid));
-#endif
  GNUNET_free (h);
  GNUNET_assert (NULL ==
                 GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,
author	Matthias Wachs <wachs@net.in.tum.de>	2012-07-05 15:37:42 +0000
committer	Matthias Wachs <wachs@net.in.tum.de>	2012-07-05 15:37:42 +0000
commit	86be3237abd7ff9bf06f1911802e8a38fb985650 (patch)
tree	a2ebbc0ff922a8768510f9dd97d40aceb807b496 /src/transport/gnunet-service-transport_validation.c
parent	75cb1be5b4c6322881d4664e53fe1d1afe92532d (diff)
download	gnunet-86be3237abd7ff9bf06f1911802e8a38fb985650.tar.gz gnunet-86be3237abd7ff9bf06f1911802e8a38fb985650.zip

diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 3626aad82..e61d1337d 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c
@@ -34,6 +34,7 @@
34	#include "gnunet_peerinfo_service.h"	34	#include "gnunet_peerinfo_service.h"
35	#include "gnunet_signatures.h"	35	#include "gnunet_signatures.h"
36		36
		37	#define KEEP_093_COMPATIBILITY GNUNET_YES
37		38
38	/**	39	/**
39	* How long is a PONG signature valid? We'll recycle a signature until	40	* How long is a PONG signature valid? We'll recycle a signature until
@@ -439,8 +440,8 @@ transmit_ping_if_allowed (void cls, const struct GNUNET_PeerIdentity pid,
439	uint16_t hsize;	440	uint16_t hsize;
440		441
441	ve->bc = NULL;	442	ve->bc = NULL;
442	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s\n",	443	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Transmitting plain PING to `%s' %s %s\n",
443	GNUNET_i2s (pid), GST_plugins_a2s (ve->address));	444	GNUNET_i2s (pid), GST_plugins_a2s (ve->address), ve->address->transport_name);
444		445
445	slen = strlen (ve->address->transport_name) + 1;	446	slen = strlen (ve->address->transport_name) + 1;
446	hello = GST_hello_get ();	447	hello = GST_hello_get ();
@@ -788,6 +789,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
788	size_t alen;	789	size_t alen;
789	size_t slen;	790	size_t slen;
790	ssize_t ret;	791	ssize_t ret;
		792	int buggy = GNUNET_NO;
791	struct GNUNET_HELLO_Address address;	793	struct GNUNET_HELLO_Address address;
792		794
793	if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))	795	if (ntohs (hdr->size) < sizeof (struct TransportPingMessage))
@@ -831,15 +833,45 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
831	address.address = addrend;	833	address.address = addrend;
832	address.address_length = alen;	834	address.address_length = alen;
833	address.transport_name = addr;	835	address.transport_name = addr;
834	address.peer = *sender;	836	address.peer = GST_my_identity;
835	if (GNUNET_YES !=	837
836	GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))	838
		839	if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
837	{	840	{
838	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	841	#if KEEP_093_COMPATIBILITY
839	_	842	int idsize = sizeof (GST_my_identity);
840	("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),	843	if (alen <= idsize)
841	GST_plugins_a2s (&address));	844	{
842	return;	845	if (0 == memcmp (address.address, &GST_my_identity, alen))
		846	buggy = GNUNET_YES;
		847	}
		848	else if (alen <= (idsize + strlen (address.transport_name)))
		849	{
		850	char achar = (char ) &address.address;
		851	if ((0 == memcmp (address.address, &GST_my_identity, idsize)) &&
		852	(0 == memcmp (&achar[idsize], address.transport_name, alen - idsize)))
		853	buggy = GNUNET_YES;
		854	}
		855	else
		856	{
		857	/* Not predicatable */
		858	return;
		859	}
		860	#endif
		861	if (GNUNET_NO == buggy)
		862	{
		863	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		864	"Not confirming PING from peer `%s' with address `%s' since I cannot confirm having this address.\n",
		865	GNUNET_i2s (sender),
		866	GST_plugins_a2s (&address));
		867	return;
		868	}
		869	else
		870	{
		871	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		872	_("Received a PING message with validation bug from `%s'\n"),
		873	GNUNET_i2s (sender));
		874	}
843	}	875	}
844	}	876	}
845	else	877	else
@@ -865,24 +897,61 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
865	pong->challenge = ping->challenge;	897	pong->challenge = ping->challenge;
866	pong->addrlen = htonl (alen + slen);	898	pong->addrlen = htonl (alen + slen);
867	memcpy (&pong[1], addr, slen);	899	memcpy (&pong[1], addr, slen);
868	memcpy (&((char *) &pong[1])[slen], addrend, alen);	900	#if KEEP_093_COMPATIBILITY
869	if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <	901	if (GNUNET_YES == buggy)
870	PONG_SIGNATURE_LIFETIME.rel_value / 4)
871	{	902	{
872	/* create / update cached sig */	903	int idsize = sizeof (GST_my_identity);
873	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	904	if (alen <= idsize)
874	"Creating PONG signature to indicate ownership.\n");	905	{
875	*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);	906	memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
876	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);	907	}
		908	else if (alen <= (idsize + strlen (address.transport_name) + 1))
		909	{
		910	memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
		911	memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize);
		912	}
		913	else
		914	{
		915	/* If this would happen, we would have a inconsistent PING we cannot reproduce */
		916	GNUNET_free (pong);
		917	return;
		918	}
		919
		920	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
		921	pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
877	GNUNET_assert (GNUNET_OK ==	922	GNUNET_assert (GNUNET_OK ==
878	GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,	923	GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
879	sig_cache));	924	&pong->signature));
880	}	925	}
881	else	926	else
882	{	927	{
883	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);	928	#endif
		929	memcpy (&((char *) &pong[1])[slen], addrend, alen);
		930	if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
		931	PONG_SIGNATURE_LIFETIME.rel_value / 4)
		932	{
		933	/* create / update cached sig */
		934	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		935	"Creating PONG signature to indicate ownership.\n");
		936	*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
		937	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
		938	GNUNET_assert (GNUNET_OK ==
		939	GNUNET_CRYPTO_rsa_sign (GST_my_private_key, &pong->purpose,
		940	sig_cache));
		941	}
		942	else
		943	{
		944	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
		945	}
		946	pong->signature = *sig_cache;
		947
		948	#if KEEP_093_COMPATIBILITY
884	}	949	}
885	pong->signature = *sig_cache;	950	#endif
		951
		952	GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_rsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
		953	&pong->purpose, &pong->signature,
		954	&GST_my_public_key));
886		955
887	GNUNET_assert (sender_address != NULL);	956	GNUNET_assert (sender_address != NULL);
888		957
@@ -1083,7 +1152,6 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1083	}	1152	}
1084	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1153	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1085	"Address validated for peer `%s' with plugin `%s': `%s'\n",	1154	"Address validated for peer `%s' with plugin `%s': `%s'\n",
1086
1087	GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));	1155	GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));
1088	/* validity achieved, remember it! */	1156	/* validity achieved, remember it! */
1089	ve->expecting_pong = GNUNET_NO;	1157	ve->expecting_pong = GNUNET_NO;
@@ -1130,11 +1198,11 @@ GST_validation_handle_hello (const struct GNUNET_MessageHeader *hello)
1130	/* Add peer identity without addresses to peerinfo service */	1198	/* Add peer identity without addresses to peerinfo service */
1131	h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);	1199	h = GNUNET_HELLO_create (&vac.public_key, NULL, NULL);
1132	GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL);	1200	GNUNET_PEERINFO_add_peer (GST_peerinfo, h, NULL, NULL);
1133	#if VERBOSE_VALIDATION	1201
1134	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1202	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1135	_("Adding `%s' without addresses for peer `%s'\n"), "HELLO",	1203	_("Adding `%s' without addresses for peer `%s'\n"), "HELLO",
1136	GNUNET_i2s (&vac.pid));	1204	GNUNET_i2s (&vac.pid));
1137	#endif	1205
1138	GNUNET_free (h);	1206	GNUNET_free (h);
1139	GNUNET_assert (NULL ==	1207	GNUNET_assert (NULL ==
1140	GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,	1208	GNUNET_HELLO_iterate_addresses (hm, GNUNET_NO,