diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-03-03 10:05:19 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-03-03 10:05:19 +0000 |
commit | 9a77d6b012ee9dad3e81a440d02806c8afddd954 (patch) | |
tree | 776f18ff902a4a07dc455e8d2b1217667e5cf0c4 /src/transport/gnunet-service-transport_validation.c | |
parent | 9b4bc8e6b28cd3c3b560d3ac085d9bb22d2dd8dc (diff) | |
download | gnunet-9a77d6b012ee9dad3e81a440d02806c8afddd954.tar.gz gnunet-9a77d6b012ee9dad3e81a440d02806c8afddd954.zip |
-remove 093 compatiability code, change validation order slightly
Diffstat (limited to 'src/transport/gnunet-service-transport_validation.c')
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 118 |
1 files changed, 31 insertions, 87 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index c38a5022c..f35967fb7 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -34,7 +34,6 @@ | |||
34 | #include "gnunet_peerinfo_service.h" | 34 | #include "gnunet_peerinfo_service.h" |
35 | #include "gnunet_signatures.h" | 35 | #include "gnunet_signatures.h" |
36 | 36 | ||
37 | #define KEEP_093_COMPATIBILITY GNUNET_NO | ||
38 | 37 | ||
39 | /** | 38 | /** |
40 | * How long is a PONG signature valid? We'll recycle a signature until | 39 | * How long is a PONG signature valid? We'll recycle a signature until |
@@ -580,10 +579,10 @@ revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) | |||
580 | blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next); | 579 | blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next); |
581 | if ((blocked_for.rel_value) > 0) | 580 | if ((blocked_for.rel_value) > 0) |
582 | { | 581 | { |
583 | /* Validations are blocked, have to wait for blocked_for ms */ | 582 | /* Validations are blocked, have to wait for blocked_for time */ |
584 | ve->revalidation_task = | 583 | ve->revalidation_task = |
585 | GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve); | 584 | GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve); |
586 | return; | 585 | return; |
587 | } | 586 | } |
588 | ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay); | 587 | ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay); |
589 | 588 | ||
@@ -891,26 +890,6 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
891 | 890 | ||
892 | if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp)) | 891 | if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp)) |
893 | { | 892 | { |
894 | #if KEEP_093_COMPATIBILITY | ||
895 | int idsize = sizeof (GST_my_identity); | ||
896 | if (alen <= idsize) | ||
897 | { | ||
898 | if (0 == memcmp (address.address, &GST_my_identity, alen)) | ||
899 | buggy = GNUNET_YES; | ||
900 | } | ||
901 | else if (alen <= (idsize + strlen (address.transport_name))) | ||
902 | { | ||
903 | char *achar = (char *) &address.address; | ||
904 | if ((0 == memcmp (address.address, &GST_my_identity, idsize)) && | ||
905 | (0 == memcmp (&achar[idsize], address.transport_name, alen - idsize))) | ||
906 | buggy = GNUNET_YES; | ||
907 | } | ||
908 | else | ||
909 | { | ||
910 | /* Not predicatable */ | ||
911 | return; | ||
912 | } | ||
913 | #endif | ||
914 | if (GNUNET_NO == buggy) | 893 | if (GNUNET_NO == buggy) |
915 | { | 894 | { |
916 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 895 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -958,62 +937,29 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
958 | memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge)); | 937 | memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge)); |
959 | pong->addrlen = htonl (alen + slen); | 938 | pong->addrlen = htonl (alen + slen); |
960 | memcpy (&pong[1], addr, slen); /* Copy transport plugin */ | 939 | memcpy (&pong[1], addr, slen); /* Copy transport plugin */ |
961 | #if KEEP_093_COMPATIBILITY | 940 | if (alen > 0) |
962 | if (GNUNET_YES == buggy) | ||
963 | { | 941 | { |
964 | int idsize = sizeof (GST_my_identity); | 942 | GNUNET_assert (NULL != addrend); |
965 | if (alen <= idsize) | 943 | memcpy (&((char *) &pong[1])[slen], addrend, alen); |
966 | { | 944 | } |
967 | memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen); | 945 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < |
968 | } | 946 | PONG_SIGNATURE_LIFETIME.rel_value / 4) |
969 | else if (alen <= (idsize + strlen (address.transport_name) + 1)) | 947 | { |
970 | { | 948 | /* create / update cached sig */ |
971 | memcpy (&((char *) &pong[1])[slen], &GST_my_identity, idsize); | 949 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
972 | memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize); | 950 | "Creating PONG signature to indicate ownership.\n"); |
973 | } | 951 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); |
974 | else | 952 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
975 | { | ||
976 | /* If this would happen, we would have a inconsistent PING we cannot reproduce */ | ||
977 | GNUNET_free (pong); | ||
978 | return; | ||
979 | } | ||
980 | |||
981 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n"); | ||
982 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); | ||
983 | GNUNET_assert (GNUNET_OK == | 953 | GNUNET_assert (GNUNET_OK == |
984 | GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose, | 954 | GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose, |
985 | &pong->signature)); | 955 | sig_cache)); |
986 | } | 956 | } |
987 | else | 957 | else |
988 | { | 958 | { |
989 | #endif | 959 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
990 | if (alen > 0) | ||
991 | { | ||
992 | GNUNET_assert (NULL != addrend); | ||
993 | memcpy (&((char *) &pong[1])[slen], addrend, alen); | ||
994 | } | ||
995 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < | ||
996 | PONG_SIGNATURE_LIFETIME.rel_value / 4) | ||
997 | { | ||
998 | /* create / update cached sig */ | ||
999 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1000 | "Creating PONG signature to indicate ownership.\n"); | ||
1001 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | ||
1002 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | ||
1003 | GNUNET_assert (GNUNET_OK == | ||
1004 | GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose, | ||
1005 | sig_cache)); | ||
1006 | } | ||
1007 | else | ||
1008 | { | ||
1009 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); | ||
1010 | } | ||
1011 | pong->signature = *sig_cache; | ||
1012 | |||
1013 | #if KEEP_093_COMPATIBILITY | ||
1014 | } | 960 | } |
1015 | #endif | 961 | pong->signature = *sig_cache; |
1016 | 962 | ||
1017 | GNUNET_assert (sender_address != NULL); | 963 | GNUNET_assert (sender_address != NULL); |
1018 | 964 | ||
1019 | /* first see if the session we got this PING from can be used to transmit | 965 | /* first see if the session we got this PING from can be used to transmit |
@@ -1181,7 +1127,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1181 | address.address_length = addrlen; | 1127 | address.address_length = addrlen; |
1182 | address.transport_name = tname; | 1128 | address.transport_name = tname; |
1183 | ve = find_validation_entry (NULL, &address); | 1129 | ve = find_validation_entry (NULL, &address); |
1184 | if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO)) | 1130 | if ((NULL == ve) || (GNUNET_NO == ve->expecting_pong)) |
1185 | { | 1131 | { |
1186 | GNUNET_STATISTICS_update (GST_stats, | 1132 | GNUNET_STATISTICS_update (GST_stats, |
1187 | gettext_noop | 1133 | gettext_noop |
@@ -1195,7 +1141,15 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1195 | GNUNET_break_op (0); | 1141 | GNUNET_break_op (0); |
1196 | return; | 1142 | return; |
1197 | } | 1143 | } |
1198 | 1144 | if (GNUNET_TIME_absolute_get_remaining | |
1145 | (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0) | ||
1146 | { | ||
1147 | GNUNET_STATISTICS_update (GST_stats, | ||
1148 | gettext_noop | ||
1149 | ("# PONGs dropped, signature expired"), 1, | ||
1150 | GNUNET_NO); | ||
1151 | return; | ||
1152 | } | ||
1199 | if (GNUNET_OK != | 1153 | if (GNUNET_OK != |
1200 | GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, | 1154 | GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, |
1201 | &pong->purpose, &pong->signature, | 1155 | &pong->purpose, &pong->signature, |
@@ -1207,16 +1161,6 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, | |||
1207 | GNUNET_i2s (sender)); | 1161 | GNUNET_i2s (sender)); |
1208 | return; | 1162 | return; |
1209 | } | 1163 | } |
1210 | |||
1211 | if (GNUNET_TIME_absolute_get_remaining | ||
1212 | (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0) | ||
1213 | { | ||
1214 | GNUNET_STATISTICS_update (GST_stats, | ||
1215 | gettext_noop | ||
1216 | ("# PONGs dropped, signature expired"), 1, | ||
1217 | GNUNET_NO); | ||
1218 | return; | ||
1219 | } | ||
1220 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1164 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1221 | "Address validated for peer `%s' with plugin `%s': `%s'\n", | 1165 | "Address validated for peer `%s' with plugin `%s': `%s'\n", |
1222 | GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address)); | 1166 | GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address)); |