implementing pong singature caching

author: Matthias Wachs <wachs@net.in.tum.de> 2013-03-04 13:19:03 +0000
committer: Matthias Wachs <wachs@net.in.tum.de> 2013-03-04 13:19:03 +0000
commit: 9f87b9e3b46bae22310a0328353c98fa863e2158 (patch)
tree: e2f0f43ed55168736d7e190332de2a02d75d8397 /src/transport/gnunet-service-transport_validation.c
parent: caa001ec8d1d2a9d17b576a445892efc62483707 (diff)
download: gnunet-9f87b9e3b46bae22310a0328353c98fa863e2158.tar.gz
gnunet-9f87b9e3b46bae22310a0328353c98fa863e2158.zip
1 files changed, 33 insertions, 3 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c
index f35967fb7..b7e195832 100644
--- a/src/transport/gnunet-service-transport_validation.c
+++ b/src/transport/gnunet-service-transport_validation.c
@@ -197,6 +197,11 @@ struct ValidationEntry
  struct GNUNET_PeerIdentity pid;
  /**
+   * Cached PONG signature
+   */
+  struct GNUNET_CRYPTO_EccSignature pong_sig_cache;
+  /**
   * ID of task that will clean up this entry if nothing happens.
   */
  GNUNET_SCHEDULER_TaskIdentifier timeout_task;
@@ -218,6 +223,12 @@ struct ValidationEntry
  struct GNUNET_TIME_Absolute valid_until;
  /**
+   * Until when is the cached PONG signature valid?
+   * ZERO if it is not currently considered valid.
+   */
+  struct GNUNET_TIME_Absolute pong_sig_valid_until;
+  /**
   * How long until we can try to validate this address again?
   * FOREVER if the address is for an unsupported plugin (from PEERINFO)
   * ZERO if the address is considered valid (no validation needed)
@@ -252,6 +263,7 @@ struct ValidationEntry
   */
  int expecting_pong;
  /* FIXME: DEBUGGING */
  int last_line_set_to_no;
  int last_line_set_to_yes;
@@ -657,6 +669,8 @@ find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
  ve->address = GNUNET_HELLO_address_copy (address);
  ve->public_key = *public_key;
  ve->pid = address->peer;
+  ve->pong_sig_valid_until = GNUNET_TIME_absolute_get_zero_();
+  memset (&ve->pong_sig_cache, '\0', sizeof (struct GNUNET_CRYPTO_EccSignature));
  ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
  ve->challenge =
      GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
@@ -1097,6 +1111,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
  size_t size;
  struct GNUNET_HELLO_Message *hello;
  struct GNUNET_HELLO_Address address;
+  int sig_res;
  if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
  {
@@ -1150,10 +1165,23 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
                              GNUNET_NO);
    return;
  }
-  if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+  sig_res = GNUNET_SYSERR;
+  if (0 != GNUNET_TIME_absolute_get_remaining(ve->pong_sig_valid_until).rel_value)
+  {
+                if (0 == memcmp (&ve->pong_sig_cache, &pong->signature, sizeof (struct GNUNET_CRYPTO_EccSignature)))
+                        sig_res = GNUNET_OK;
+                else
+                        sig_res = GNUNET_SYSERR;
+  }
+  else
+  {
+                sig_res = GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
                                &pong->purpose, &pong->signature,
-                                &ve->public_key))
+                                &ve->public_key);
+  }
+  if (sig_res == GNUNET_SYSERR)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Invalid signature on address %s:%s from peer `%s'\n",
@@ -1167,6 +1195,8 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
  /* validity achieved, remember it! */
  ve->expecting_pong = GNUNET_NO;
  ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
+  ve->pong_sig_cache = pong->signature;
+        ve->pong_sig_valid_until = GNUNET_TIME_absolute_ntoh (pong->expiration);
  ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
  {
    struct GNUNET_ATS_Information ats;
author	Matthias Wachs <wachs@net.in.tum.de>	2013-03-04 13:19:03 +0000
committer	Matthias Wachs <wachs@net.in.tum.de>	2013-03-04 13:19:03 +0000
commit	9f87b9e3b46bae22310a0328353c98fa863e2158 (patch)
tree	e2f0f43ed55168736d7e190332de2a02d75d8397 /src/transport/gnunet-service-transport_validation.c
parent	caa001ec8d1d2a9d17b576a445892efc62483707 (diff)
download	gnunet-9f87b9e3b46bae22310a0328353c98fa863e2158.tar.gz gnunet-9f87b9e3b46bae22310a0328353c98fa863e2158.zip

diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index f35967fb7..b7e195832 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c
@@ -197,6 +197,11 @@ struct ValidationEntry
197	struct GNUNET_PeerIdentity pid;	197	struct GNUNET_PeerIdentity pid;
198		198
199	/**	199	/**
		200	* Cached PONG signature
		201	*/
		202	struct GNUNET_CRYPTO_EccSignature pong_sig_cache;
		203
		204	/**
200	* ID of task that will clean up this entry if nothing happens.	205	* ID of task that will clean up this entry if nothing happens.
201	*/	206	*/
202	GNUNET_SCHEDULER_TaskIdentifier timeout_task;	207	GNUNET_SCHEDULER_TaskIdentifier timeout_task;
@@ -218,6 +223,12 @@ struct ValidationEntry
218	struct GNUNET_TIME_Absolute valid_until;	223	struct GNUNET_TIME_Absolute valid_until;
219		224
220	/**	225	/**
		226	* Until when is the cached PONG signature valid?
		227	* ZERO if it is not currently considered valid.
		228	*/
		229	struct GNUNET_TIME_Absolute pong_sig_valid_until;
		230
		231	/**
221	* How long until we can try to validate this address again?	232	* How long until we can try to validate this address again?
222	* FOREVER if the address is for an unsupported plugin (from PEERINFO)	233	* FOREVER if the address is for an unsupported plugin (from PEERINFO)
223	* ZERO if the address is considered valid (no validation needed)	234	* ZERO if the address is considered valid (no validation needed)
@@ -252,6 +263,7 @@ struct ValidationEntry
252	*/	263	*/
253	int expecting_pong;	264	int expecting_pong;
254		265
		266
255	/* FIXME: DEBUGGING */	267	/* FIXME: DEBUGGING */
256	int last_line_set_to_no;	268	int last_line_set_to_no;
257	int last_line_set_to_yes;	269	int last_line_set_to_yes;
@@ -657,6 +669,8 @@ find_validation_entry (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
657	ve->address = GNUNET_HELLO_address_copy (address);	669	ve->address = GNUNET_HELLO_address_copy (address);
658	ve->public_key = *public_key;	670	ve->public_key = *public_key;
659	ve->pid = address->peer;	671	ve->pid = address->peer;
		672	ve->pong_sig_valid_until = GNUNET_TIME_absolute_get_zero_();
		673	memset (&ve->pong_sig_cache, '\0', sizeof (struct GNUNET_CRYPTO_EccSignature));
660	ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;	674	ve->latency = GNUNET_TIME_UNIT_FOREVER_REL;
661	ve->challenge =	675	ve->challenge =
662	GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);	676	GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, UINT32_MAX);
@@ -1097,6 +1111,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1097	size_t size;	1111	size_t size;
1098	struct GNUNET_HELLO_Message *hello;	1112	struct GNUNET_HELLO_Message *hello;
1099	struct GNUNET_HELLO_Address address;	1113	struct GNUNET_HELLO_Address address;
		1114	int sig_res;
1100		1115
1101	if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))	1116	if (ntohs (hdr->size) < sizeof (struct TransportPongMessage))
1102	{	1117	{
@@ -1150,10 +1165,23 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1150	GNUNET_NO);	1165	GNUNET_NO);
1151	return;	1166	return;
1152	}	1167	}
1153	if (GNUNET_OK !=	1168
1154	GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,	1169	sig_res = GNUNET_SYSERR;
		1170	if (0 != GNUNET_TIME_absolute_get_remaining(ve->pong_sig_valid_until).rel_value)
		1171	{
		1172	if (0 == memcmp (&ve->pong_sig_cache, &pong->signature, sizeof (struct GNUNET_CRYPTO_EccSignature)))
		1173	sig_res = GNUNET_OK;
		1174	else
		1175	sig_res = GNUNET_SYSERR;
		1176	}
		1177	else
		1178	{
		1179	sig_res = GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
1155	&pong->purpose, &pong->signature,	1180	&pong->purpose, &pong->signature,
1156	&ve->public_key))	1181	&ve->public_key);
		1182	}
		1183
		1184	if (sig_res == GNUNET_SYSERR)
1157	{	1185	{
1158	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,	1186	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1159	"Invalid signature on address %s:%s from peer `%s'\n",	1187	"Invalid signature on address %s:%s from peer `%s'\n",
@@ -1167,6 +1195,8 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender,
1167	/* validity achieved, remember it! */	1195	/* validity achieved, remember it! */
1168	ve->expecting_pong = GNUNET_NO;	1196	ve->expecting_pong = GNUNET_NO;
1169	ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);	1197	ve->valid_until = GNUNET_TIME_relative_to_absolute (HELLO_ADDRESS_EXPIRATION);
		1198	ve->pong_sig_cache = pong->signature;
		1199	ve->pong_sig_valid_until = GNUNET_TIME_absolute_ntoh (pong->expiration);
1170	ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);	1200	ve->latency = GNUNET_TIME_absolute_get_duration (ve->send_time);
1171	{	1201	{
1172	struct GNUNET_ATS_Information ats;	1202	struct GNUNET_ATS_Information ats;