-remove 093 compatiability code, change validation order slightly

author: Christian Grothoff <christian@grothoff.org> 2013-03-03 10:05:19 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-03-03 10:05:19 +0000
commit: 9a77d6b012ee9dad3e81a440d02806c8afddd954 (patch)
tree: 776f18ff902a4a07dc455e8d2b1217667e5cf0c4 /src/transport/gnunet-service-transport_validation.c
parent: 9b4bc8e6b28cd3c3b560d3ac085d9bb22d2dd8dc (diff)
download: gnunet-9a77d6b012ee9dad3e81a440d02806c8afddd954.tar.gz
gnunet-9a77d6b012ee9dad3e81a440d02806c8afddd954.zip
1 files changed, 31 insertions, 87 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c
index c38a5022c..f35967fb7 100644
--- a/src/transport/gnunet-service-transport_validation.c
+++ b/src/transport/gnunet-service-transport_validation.c
@@ -34,7 +34,6 @@
 #include "gnunet_peerinfo_service.h"
 #include "gnunet_signatures.h"
-#define KEEP_093_COMPATIBILITY GNUNET_NO
 /**
 * How long is a PONG signature valid?  We'll recycle a signature until
@@ -580,10 +579,10 @@ revalidate_address (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next);
  if ((blocked_for.rel_value) > 0)
  {
-                /* Validations are blocked, have to wait for blocked_for ms */
+    /* Validations are blocked, have to wait for blocked_for time */
-      ve->revalidation_task =
+    ve->revalidation_task =
-          GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);
+      GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);
-      return;
+    return;
  }
  ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
@@ -891,26 +890,6 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
    if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
    {
-#if KEEP_093_COMPATIBILITY
-      int idsize = sizeof (GST_my_identity);
-      if (alen <= idsize)
-      {
-        if (0 == memcmp (address.address, &GST_my_identity, alen))
-          buggy = GNUNET_YES;
-      }
-      else if (alen <= (idsize + strlen (address.transport_name)))
-      {
-        char *achar = (char *) &address.address;
-        if ((0 == memcmp (address.address, &GST_my_identity, idsize)) &&
-            (0 == memcmp (&achar[idsize], address.transport_name, alen - idsize)))
-          buggy = GNUNET_YES;
-      }
-      else
-      {
-        /* Not predicatable */
-        return;
-      }
-#endif
      if (GNUNET_NO == buggy)
      {
        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -958,62 +937,29 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
  memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));
  pong->addrlen = htonl (alen + slen);
  memcpy (&pong[1], addr, slen);   /* Copy transport plugin */
-#if KEEP_093_COMPATIBILITY
+  if (alen > 0)
-  if (GNUNET_YES == buggy)
  {
-    int idsize = sizeof (GST_my_identity);
+    GNUNET_assert (NULL != addrend);
-    if (alen <= idsize)
+    memcpy (&((char *) &pong[1])[slen], addrend, alen);
-    {
+  }
-      memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);
+  if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
-    }
+      PONG_SIGNATURE_LIFETIME.rel_value / 4)
-    else if (alen <= (idsize + strlen (address.transport_name) + 1))
+  {
-    {
+    /* create / update cached sig */
-      memcpy (&((char *) &pong[1])[slen], &GST_my_identity, idsize);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-      memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize);
+                "Creating PONG signature to indicate ownership.\n");
-    }
+    *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
-    else
+    pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
-    {
-      /* If this would happen, we would have a inconsistent PING we cannot reproduce */
-      GNUNET_free (pong);
-      return;
-    }
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
-    pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
    GNUNET_assert (GNUNET_OK ==
-                   GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
+                   GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
-                                           &pong->signature));
+                                           sig_cache));
  }
  else
  {
-#endif
+    pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
-    if (alen > 0)
-    {
-        GNUNET_assert (NULL != addrend);
-        memcpy (&((char *) &pong[1])[slen], addrend, alen);
-    }
-    if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
-        PONG_SIGNATURE_LIFETIME.rel_value / 4)
-    {
-      /* create / update cached sig */
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Creating PONG signature to indicate ownership.\n");
-      *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
-      pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
-      GNUNET_assert (GNUNET_OK ==
-                     GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
-                                             sig_cache));
-    }
-    else
-    {
-      pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
-    }
-    pong->signature = *sig_cache;
-#if KEEP_093_COMPATIBILITY
  }
-#endif
+  pong->signature = *sig_cache;
+  
  GNUNET_assert (sender_address != NULL);
  /* first see if the session we got this PING from can be used to transmit
@@ -1181,7 +1127,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
  address.address_length = addrlen;
  address.transport_name = tname;
  ve = find_validation_entry (NULL, &address);
-  if ((NULL == ve) || (ve->expecting_pong == GNUNET_NO))
+  if ((NULL == ve) || (GNUNET_NO == ve->expecting_pong))
  {
    GNUNET_STATISTICS_update (GST_stats,
                              gettext_noop
@@ -1195,7 +1141,15 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
    GNUNET_break_op (0);
    return;
  }
+  if (GNUNET_TIME_absolute_get_remaining
+      (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
+  {
+    GNUNET_STATISTICS_update (GST_stats,
+                              gettext_noop
+                              ("# PONGs dropped, signature expired"), 1,
+                              GNUNET_NO);
+    return;
+  }
  if (GNUNET_OK !=
      GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
                                &pong->purpose, &pong->signature,
@@ -1207,16 +1161,6 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
                GNUNET_i2s (sender));
    return;
  }
-  if (GNUNET_TIME_absolute_get_remaining
-      (GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
-  {
-    GNUNET_STATISTICS_update (GST_stats,
-                              gettext_noop
-                              ("# PONGs dropped, signature expired"), 1,
-                              GNUNET_NO);
-    return;
-  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Address validated for peer `%s' with plugin `%s': `%s'\n",
              GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));
author	Christian Grothoff <christian@grothoff.org>	2013-03-03 10:05:19 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-03-03 10:05:19 +0000
commit	9a77d6b012ee9dad3e81a440d02806c8afddd954 (patch)
tree	776f18ff902a4a07dc455e8d2b1217667e5cf0c4 /src/transport/gnunet-service-transport_validation.c
parent	9b4bc8e6b28cd3c3b560d3ac085d9bb22d2dd8dc (diff)
download	gnunet-9a77d6b012ee9dad3e81a440d02806c8afddd954.tar.gz gnunet-9a77d6b012ee9dad3e81a440d02806c8afddd954.zip

diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index c38a5022c..f35967fb7 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c
@@ -34,7 +34,6 @@
34	#include "gnunet_peerinfo_service.h"	34	#include "gnunet_peerinfo_service.h"
35	#include "gnunet_signatures.h"	35	#include "gnunet_signatures.h"
36		36
37	#define KEEP_093_COMPATIBILITY GNUNET_NO
38		37
39	/**	38	/**
40	* How long is a PONG signature valid? We'll recycle a signature until	39	* How long is a PONG signature valid? We'll recycle a signature until
@@ -580,10 +579,10 @@ revalidate_address (void cls, const struct GNUNET_SCHEDULER_TaskContext tc)
580	blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next);	579	blocked_for = GNUNET_TIME_absolute_get_remaining(validation_next);
581	if ((blocked_for.rel_value) > 0)	580	if ((blocked_for.rel_value) > 0)
582	{	581	{
583	/* Validations are blocked, have to wait for blocked_for ms */	582	/* Validations are blocked, have to wait for blocked_for time */
584	ve->revalidation_task =	583	ve->revalidation_task =
585	GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);	584	GNUNET_SCHEDULER_add_delayed (blocked_for, &revalidate_address, ve);
586	return;	585	return;
587	}	586	}
588	ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);	587	ve->revalidation_block = GNUNET_TIME_relative_to_absolute (canonical_delay);
589		588
@@ -891,26 +890,6 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
891		890
892	if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))	891	if (GNUNET_YES != GST_hello_test_address (&address, &sig_cache, &sig_cache_exp))
893	{	892	{
894	#if KEEP_093_COMPATIBILITY
895	int idsize = sizeof (GST_my_identity);
896	if (alen <= idsize)
897	{
898	if (0 == memcmp (address.address, &GST_my_identity, alen))
899	buggy = GNUNET_YES;
900	}
901	else if (alen <= (idsize + strlen (address.transport_name)))
902	{
903	char achar = (char ) &address.address;
904	if ((0 == memcmp (address.address, &GST_my_identity, idsize)) &&
905	(0 == memcmp (&achar[idsize], address.transport_name, alen - idsize)))
906	buggy = GNUNET_YES;
907	}
908	else
909	{
910	/* Not predicatable */
911	return;
912	}
913	#endif
914	if (GNUNET_NO == buggy)	893	if (GNUNET_NO == buggy)
915	{	894	{
916	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	895	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -958,62 +937,29 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
958	memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));	937	memcpy (&pong->challenge, &ping->challenge, sizeof (ping->challenge));
959	pong->addrlen = htonl (alen + slen);	938	pong->addrlen = htonl (alen + slen);
960	memcpy (&pong[1], addr, slen); /* Copy transport plugin */	939	memcpy (&pong[1], addr, slen); /* Copy transport plugin */
961	#if KEEP_093_COMPATIBILITY	940	if (alen > 0)
962	if (GNUNET_YES == buggy)
963	{	941	{
964	int idsize = sizeof (GST_my_identity);	942	GNUNET_assert (NULL != addrend);
965	if (alen <= idsize)	943	memcpy (&((char *) &pong[1])[slen], addrend, alen);
966	{	944	}
967	memcpy (&((char *) &pong[1])[slen], &GST_my_identity, alen);	945	if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
968	}	946	PONG_SIGNATURE_LIFETIME.rel_value / 4)
969	else if (alen <= (idsize + strlen (address.transport_name) + 1))	947	{
970	{	948	/* create / update cached sig */
971	memcpy (&((char *) &pong[1])[slen], &GST_my_identity, idsize);	949	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
972	memcpy (&((char *) &pong[1])[slen + idsize], address.transport_name, alen-idsize);	950	"Creating PONG signature to indicate ownership.\n");
973	}	951	*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
974	else	952	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
975	{
976	/* If this would happen, we would have a inconsistent PING we cannot reproduce */
977	GNUNET_free (pong);
978	return;
979	}
980
981	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating buggy PONG signature to indicate ownership.\n");
982	pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
983	GNUNET_assert (GNUNET_OK ==	953	GNUNET_assert (GNUNET_OK ==
984	GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,	954	GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
985	&pong->signature));	955	sig_cache));
986	}	956	}
987	else	957	else
988	{	958	{
989	#endif	959	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
990	if (alen > 0)
991	{
992	GNUNET_assert (NULL != addrend);
993	memcpy (&((char *) &pong[1])[slen], addrend, alen);
994	}
995	if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value <
996	PONG_SIGNATURE_LIFETIME.rel_value / 4)
997	{
998	/* create / update cached sig */
999	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1000	"Creating PONG signature to indicate ownership.\n");
1001	*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
1002	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
1003	GNUNET_assert (GNUNET_OK ==
1004	GNUNET_CRYPTO_ecc_sign (GST_my_private_key, &pong->purpose,
1005	sig_cache));
1006	}
1007	else
1008	{
1009	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
1010	}
1011	pong->signature = *sig_cache;
1012
1013	#if KEEP_093_COMPATIBILITY
1014	}	960	}
1015	#endif	961	pong->signature = *sig_cache;
1016		962
1017	GNUNET_assert (sender_address != NULL);	963	GNUNET_assert (sender_address != NULL);
1018		964
1019	/* first see if the session we got this PING from can be used to transmit	965	/* first see if the session we got this PING from can be used to transmit
@@ -1181,7 +1127,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1181	address.address_length = addrlen;	1127	address.address_length = addrlen;
1182	address.transport_name = tname;	1128	address.transport_name = tname;
1183	ve = find_validation_entry (NULL, &address);	1129	ve = find_validation_entry (NULL, &address);
1184	if ((NULL == ve) \|\| (ve->expecting_pong == GNUNET_NO))	1130	if ((NULL == ve) \|\| (GNUNET_NO == ve->expecting_pong))
1185	{	1131	{
1186	GNUNET_STATISTICS_update (GST_stats,	1132	GNUNET_STATISTICS_update (GST_stats,
1187	gettext_noop	1133	gettext_noop
@@ -1195,7 +1141,15 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1195	GNUNET_break_op (0);	1141	GNUNET_break_op (0);
1196	return;	1142	return;
1197	}	1143	}
1198		1144	if (GNUNET_TIME_absolute_get_remaining
		1145	(GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
		1146	{
		1147	GNUNET_STATISTICS_update (GST_stats,
		1148	gettext_noop
		1149	("# PONGs dropped, signature expired"), 1,
		1150	GNUNET_NO);
		1151	return;
		1152	}
1199	if (GNUNET_OK !=	1153	if (GNUNET_OK !=
1200	GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,	1154	GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1201	&pong->purpose, &pong->signature,	1155	&pong->purpose, &pong->signature,
@@ -1207,16 +1161,6 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1207	GNUNET_i2s (sender));	1161	GNUNET_i2s (sender));
1208	return;	1162	return;
1209	}	1163	}
1210
1211	if (GNUNET_TIME_absolute_get_remaining
1212	(GNUNET_TIME_absolute_ntoh (pong->expiration)).rel_value == 0)
1213	{
1214	GNUNET_STATISTICS_update (GST_stats,
1215	gettext_noop
1216	("# PONGs dropped, signature expired"), 1,
1217	GNUNET_NO);
1218	return;
1219	}
1220	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1164	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1221	"Address validated for peer `%s' with plugin `%s': `%s'\n",	1165	"Address validated for peer `%s' with plugin `%s': `%s'\n",
1222	GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));	1166	GNUNET_i2s (sender), tname, GST_plugins_a2s (ve->address));