re-enabling signature caching code

author: Christian Grothoff <christian@grothoff.org> 2011-08-06 20:38:34 +0000
committer: Christian Grothoff <christian@grothoff.org> 2011-08-06 20:38:34 +0000
commit: aab59b27c0226b3028bf093b9e5426455c96ee81 (patch)
tree: d6919c4934c6412ecf6dcadc9d1e72c2e280200b /src/transport/gnunet-service-transport_validation.c
parent: 4700ee225497a1dbfbda029f0cee5321a40654da (diff)
download: gnunet-aab59b27c0226b3028bf093b9e5426455c96ee81.tar.gz
gnunet-aab59b27c0226b3028bf093b9e5426455c96ee81.zip
1 files changed, 22 insertions, 48 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c
index 4f0848c87..d7e466523 100644
--- a/src/transport/gnunet-service-transport_validation.c
+++ b/src/transport/gnunet-service-transport_validation.c
@@ -26,6 +26,7 @@
 #include "platform.h"
 #include "gnunet-service-transport_validation.h"
 #include "gnunet-service-transport_plugins.h"
+#include "gnunet-service-transport_hello.h"
 #include "gnunet-service-transport.h"
 #include "gnunet_hello_lib.h"
 #include "gnunet_peerinfo_service.h"
@@ -540,6 +541,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
  const struct TransportPingMessage *ping;
  struct TransportPongMessage *pong;
  struct GNUNET_TRANSPORT_PluginFunctions *papi;
+  struct SessionHeader *session_header;
  const char *addr;
  const char *addrend;
  size_t alen;
@@ -590,13 +592,14 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
      /* peer wants to confirm that we have an outbound connection to him; 
         we handle this case here even though it has nothing to do with
         address validation (!) */
-      if (sender_address == NULL)
+      if ( (sender_address == NULL) || (session == NULL) )
        {
          GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                      _("Refusing to create PONG since I do initiate the session with `%s'.\n"),
                      GNUNET_i2s (sender));
          return;
        }
+      session_header = (struct SessionHeader *)session;
 #if DEBUG_TRANSPORT
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                  "Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n",
@@ -624,8 +627,6 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
      memcpy (&((char*)&pong[1])[slen],
              sender_address,
              sender_address_len);
-#if 0
-      /* FIXME: lookup signature! */
      if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value < 
          PONG_SIGNATURE_LIFETIME.rel_value / 4)
        {
@@ -637,7 +638,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
          session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
          pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);
          GNUNET_assert (GNUNET_OK ==
-                         GNUNET_CRYPTO_rsa_sign (my_private_key,
+                         GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
                                                 &pong->purpose,
                                                 &session_header->pong_signature));
        }
@@ -645,21 +646,15 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
        {
          pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);
        }
-      memcpy (&pong->signature,
+      pong->signature = session_header->pong_signature;
-              &session_header->pong_signature,
-              sizeof (struct GNUNET_CRYPTO_RsaSignature));
-#else
-      pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
-      GNUNET_assert (GNUNET_OK ==
-                     GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
-                                             &pong->purpose,
-                                             &pong->signature));
-#endif
    }
  else
    {
      /* peer wants to confirm that this is one of our addresses, this is what is
         used for address validation */
+      struct GNUNET_CRYPTO_RsaSignature *sig_cache;
+      struct GNUNET_TIME_Absolute *sig_cache_exp;
      addrend = memchr (addr, '\0', alen);
      if (NULL == addrend)
        {
@@ -669,13 +664,13 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
      addrend++;
      slen = strlen(addr);
      alen -= slen;
-      papi = GST_plugins_find (addr);
-      
+      if (GNUNET_YES !=
-      if ( (NULL == papi) ||
+          GST_hello_test_address (addr,
-           (GNUNET_OK !=
+                                  addrend,
-            papi->check_address (papi->cls,
+                                  alen,
-                                 addrend,
+                                  &sig_cache,
-                                 alen)) )
+                                  &sig_cache_exp))
        {
          GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                      _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
@@ -699,46 +694,25 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
      pong->pid = GST_my_identity;
      memcpy (&pong[1], addr, slen);
      memcpy (&((char*)&pong[1])[slen], addrend, alen);
-#if 0
+      if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4)
-      if ( (oal != NULL) &&
-           (GNUNET_TIME_absolute_get_remaining (oal->pong_sig_expires).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4) )
        {
          /* create / update cached sig */
 #if DEBUG_TRANSPORT
          GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                      "Creating PONG signature to indicate ownership.\n");
 #endif
-          oal->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
+          *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
-          pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires);
+          pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
-          GNUNET_assert (GNUNET_OK ==
-                         GNUNET_CRYPTO_rsa_sign (my_private_key,
-                                                 &pong->purpose,
-                                                 &oal->pong_signature));
-          memcpy (&pong->signature,
-                  &oal->pong_signature,
-                  sizeof (struct GNUNET_CRYPTO_RsaSignature));
-        }
-      else if (oal == NULL)
-        {
-#else
-          /* not using cache (typically DV-only) */
-          pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
          GNUNET_assert (GNUNET_OK ==
                         GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
                                                 &pong->purpose,
-                                                 &pong->signature));
+                                                 sig_cache));
-#endif
-#if 0
        }
      else
        {
-          /* can used cached version */
+          pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
-          pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires);
-          memcpy (&pong->signature,
-                  &oal->pong_signature,
-                  sizeof (struct GNUNET_CRYPTO_RsaSignature));
        }
-#endif
+      pong->signature = *sig_cache;
    }
  /* first see if the session we got this PING from can be used to transmit
author	Christian Grothoff <christian@grothoff.org>	2011-08-06 20:38:34 +0000
committer	Christian Grothoff <christian@grothoff.org>	2011-08-06 20:38:34 +0000
commit	aab59b27c0226b3028bf093b9e5426455c96ee81 (patch)
tree	d6919c4934c6412ecf6dcadc9d1e72c2e280200b /src/transport/gnunet-service-transport_validation.c
parent	4700ee225497a1dbfbda029f0cee5321a40654da (diff)
download	gnunet-aab59b27c0226b3028bf093b9e5426455c96ee81.tar.gz gnunet-aab59b27c0226b3028bf093b9e5426455c96ee81.zip

diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 4f0848c87..d7e466523 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c
@@ -26,6 +26,7 @@
26	#include "platform.h"	26	#include "platform.h"
27	#include "gnunet-service-transport_validation.h"	27	#include "gnunet-service-transport_validation.h"
28	#include "gnunet-service-transport_plugins.h"	28	#include "gnunet-service-transport_plugins.h"
		29	#include "gnunet-service-transport_hello.h"
29	#include "gnunet-service-transport.h"	30	#include "gnunet-service-transport.h"
30	#include "gnunet_hello_lib.h"	31	#include "gnunet_hello_lib.h"
31	#include "gnunet_peerinfo_service.h"	32	#include "gnunet_peerinfo_service.h"
@@ -540,6 +541,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
540	const struct TransportPingMessage *ping;	541	const struct TransportPingMessage *ping;
541	struct TransportPongMessage *pong;	542	struct TransportPongMessage *pong;
542	struct GNUNET_TRANSPORT_PluginFunctions *papi;	543	struct GNUNET_TRANSPORT_PluginFunctions *papi;
		544	struct SessionHeader *session_header;
543	const char *addr;	545	const char *addr;
544	const char *addrend;	546	const char *addrend;
545	size_t alen;	547	size_t alen;
@@ -590,13 +592,14 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
590	/* peer wants to confirm that we have an outbound connection to him;	592	/* peer wants to confirm that we have an outbound connection to him;
591	we handle this case here even though it has nothing to do with	593	we handle this case here even though it has nothing to do with
592	address validation (!) */	594	address validation (!) */
593	if (sender_address == NULL)	595	if ( (sender_address == NULL) \|\| (session == NULL) )
594	{	596	{
595	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	597	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
596	_("Refusing to create PONG since I do initiate the session with `%s'.\n"),	598	_("Refusing to create PONG since I do initiate the session with `%s'.\n"),
597	GNUNET_i2s (sender));	599	GNUNET_i2s (sender));
598	return;	600	return;
599	}	601	}
		602	session_header = (struct SessionHeader *)session;
600	#if DEBUG_TRANSPORT	603	#if DEBUG_TRANSPORT
601	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	604	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
602	"Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n",	605	"Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n",
@@ -624,8 +627,6 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
624	memcpy (&((char*)&pong[1])[slen],	627	memcpy (&((char*)&pong[1])[slen],
625	sender_address,	628	sender_address,
626	sender_address_len);	629	sender_address_len);
627	#if 0
628	/* FIXME: lookup signature! */
629	if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value <	630	if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value <
630	PONG_SIGNATURE_LIFETIME.rel_value / 4)	631	PONG_SIGNATURE_LIFETIME.rel_value / 4)
631	{	632	{
@@ -637,7 +638,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
637	session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);	638	session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
638	pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);	639	pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);
639	GNUNET_assert (GNUNET_OK ==	640	GNUNET_assert (GNUNET_OK ==
640	GNUNET_CRYPTO_rsa_sign (my_private_key,	641	GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
641	&pong->purpose,	642	&pong->purpose,
642	&session_header->pong_signature));	643	&session_header->pong_signature));
643	}	644	}
@@ -645,21 +646,15 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
645	{	646	{
646	pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);	647	pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires);
647	}	648	}
648	memcpy (&pong->signature,	649	pong->signature = session_header->pong_signature;
649	&session_header->pong_signature,
650	sizeof (struct GNUNET_CRYPTO_RsaSignature));
651	#else
652	pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
653	GNUNET_assert (GNUNET_OK ==
654	GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
655	&pong->purpose,
656	&pong->signature));
657	#endif
658	}	650	}
659	else	651	else
660	{	652	{
661	/* peer wants to confirm that this is one of our addresses, this is what is	653	/* peer wants to confirm that this is one of our addresses, this is what is
662	used for address validation */	654	used for address validation */
		655	struct GNUNET_CRYPTO_RsaSignature *sig_cache;
		656	struct GNUNET_TIME_Absolute *sig_cache_exp;
		657
663	addrend = memchr (addr, '\0', alen);	658	addrend = memchr (addr, '\0', alen);
664	if (NULL == addrend)	659	if (NULL == addrend)
665	{	660	{
@@ -669,13 +664,13 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
669	addrend++;	664	addrend++;
670	slen = strlen(addr);	665	slen = strlen(addr);
671	alen -= slen;	666	alen -= slen;
672	papi = GST_plugins_find (addr);	667
673		668	if (GNUNET_YES !=
674	if ( (NULL == papi) \|\|	669	GST_hello_test_address (addr,
675	(GNUNET_OK !=	670	addrend,
676	papi->check_address (papi->cls,	671	alen,
677	addrend,	672	&sig_cache,
678	alen)) )	673	&sig_cache_exp))
679	{	674	{
680	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	675	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
681	_("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),	676	_("Not confirming PING with address `%s' since I cannot confirm having this address.\n"),
@@ -699,46 +694,25 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender,
699	pong->pid = GST_my_identity;	694	pong->pid = GST_my_identity;
700	memcpy (&pong[1], addr, slen);	695	memcpy (&pong[1], addr, slen);
701	memcpy (&((char*)&pong[1])[slen], addrend, alen);	696	memcpy (&((char*)&pong[1])[slen], addrend, alen);
702	#if 0	697	if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4)
703	if ( (oal != NULL) &&
704	(GNUNET_TIME_absolute_get_remaining (oal->pong_sig_expires).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4) )
705	{	698	{
706	/* create / update cached sig */	699	/* create / update cached sig */
707	#if DEBUG_TRANSPORT	700	#if DEBUG_TRANSPORT
708	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	701	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
709	"Creating PONG signature to indicate ownership.\n");	702	"Creating PONG signature to indicate ownership.\n");
710	#endif	703	#endif
711	oal->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);	704	*sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME);
712	pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires);	705	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
713	GNUNET_assert (GNUNET_OK ==
714	GNUNET_CRYPTO_rsa_sign (my_private_key,
715	&pong->purpose,
716	&oal->pong_signature));
717	memcpy (&pong->signature,
718	&oal->pong_signature,
719	sizeof (struct GNUNET_CRYPTO_RsaSignature));
720	}
721	else if (oal == NULL)
722	{
723	#else
724	/* not using cache (typically DV-only) */
725	pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME));
726	GNUNET_assert (GNUNET_OK ==	706	GNUNET_assert (GNUNET_OK ==
727	GNUNET_CRYPTO_rsa_sign (GST_my_private_key,	707	GNUNET_CRYPTO_rsa_sign (GST_my_private_key,
728	&pong->purpose,	708	&pong->purpose,
729	&pong->signature));	709	sig_cache));
730	#endif
731	#if 0
732	}	710	}
733	else	711	else
734	{	712	{
735	/* can used cached version */	713	pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp);
736	pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires);
737	memcpy (&pong->signature,
738	&oal->pong_signature,
739	sizeof (struct GNUNET_CRYPTO_RsaSignature));
740	}	714	}
741	#endif	715	pong->signature = *sig_cache;
742	}	716	}
743		717
744	/* first see if the session we got this PING from can be used to transmit	718	/* first see if the session we got this PING from can be used to transmit