modified the DNS_Record-block

author: Philipp Tölke <toelke@in.tum.de> 2010-10-26 13:55:55 +0000
committer: Philipp Tölke <toelke@in.tum.de> 2010-10-26 13:55:55 +0000
commit: 3900beb1ed0370041bccbe84643d84a6f5204475 (patch)
tree: 18c28432dfeaac345892b4f435d3674c3aadc829 /src
parent: 8d058446a4a288d87f58a021622ecad6371519cb (diff)
download: gnunet-3900beb1ed0370041bccbe84643d84a6f5204475.tar.gz
gnunet-3900beb1ed0370041bccbe84643d84a6f5204475.zip
4 files changed, 98 insertions, 37 deletions
diff --git a/src/block/plugin_block_dns.c b/src/block/plugin_block_dns.c
index 1e1a577fc..205cff4b8 100644
--- a/src/block/plugin_block_dns.c
+++ b/src/block/plugin_block_dns.c
@@ -27,6 +27,7 @@
 #include "platform.h"
 #include "plugin_block.h"
 #include "block_dns.h"
+#include "gnunet_signatures.h"
 #define DEBUG_DHT GNUNET_NO
@@ -65,11 +66,21 @@ block_plugin_dns_evaluate (void *cls,
    if (reply_block_size == 0)
      return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
-    if (reply_block_size < sizeof(struct GNUNET_DNS_Record))
+    if (reply_block_size != sizeof(struct GNUNET_DNS_Record))
      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
    const struct GNUNET_DNS_Record* rec = reply_block;
-    if(reply_block_size != (sizeof(struct GNUNET_DNS_Record) + rec->namelen - 1))
+    if (ntohl(rec->purpose.size) != sizeof(struct GNUNET_DNS_Record) - sizeof(struct GNUNET_CRYPTO_RsaSignature))
+      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+    if (GNUNET_TIME_relative_get_zero().value == GNUNET_TIME_absolute_get_remaining(rec->expiration_time).value)
+      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
+    if (GNUNET_OK != GNUNET_CRYPTO_rsa_verify (htonl(GNUNET_SIGNATURE_PURPOSE_DNS_RECORD),
+                                               &rec->purpose,
+                                               &rec->signature,
+                                               &rec->peer))
      return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
    /* How to decide whether there are no more? */
@@ -101,7 +112,7 @@ block_plugin_dns_get_key (void *cls,
  if (type != GNUNET_BLOCK_TYPE_DNS)
    return GNUNET_SYSERR;
  const struct GNUNET_DNS_Record* rec = block;
-  GNUNET_CRYPTO_hash(rec->name, rec->namelen, key);
+  memcpy(key, &rec->service_descriptor, sizeof(GNUNET_HashCode));
  return GNUNET_OK;
 }
diff --git a/src/include/block_dns.h b/src/include/block_dns.h
index d8f3fa50e..6be82b126 100644
--- a/src/include/block_dns.h
+++ b/src/include/block_dns.h
@@ -2,26 +2,38 @@
 #define _GNVPN_BLOCKDNS_H_
 #include "gnunet_common.h"
+#include "gnunet_crypto_lib.h"
 /**
- * Bitmask describing what ip-services are supported by services
+ * Bitmask describing what IP-protocols are supported by the service
- * It is 2 bytes long
 */
-struct GNUNET_ipservices {
+enum GNUNET_DNS_ServiceTypes
-  unsigned UDP:1 GNUNET_PACKED;
+{
-  unsigned TCP:1 GNUNET_PACKED;
+  GNUNET_DNS_SERVICE_TYPE_UDP = 1,
-  unsigned RESERVED:14 GNUNET_PACKED;
+  GNUNET_DNS_SERVICE_TYPE_TCP = 2
 };
 /**
 * This is the structure describing an dns-record such as www.gnunet.
 */
 struct GNUNET_DNS_Record
 {
  /**
+   * Signature of the peer affirming that he is offering the service.
+   */
+  struct GNUNET_CRYPTO_RsaSignature signature;
+  /**
+   * Beginning of signed portion of the record, signs everything until
+   * the end of the struct.
+   */
+  struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
+  /**
   * The peer providing this service
   */
-  struct GNUNET_PeerIdentity peer;
+  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded peer;
  /**
   * The descriptor for the service
@@ -30,20 +42,20 @@ struct GNUNET_DNS_Record
  GNUNET_HashCode service_descriptor;
  /**
-   * What connection-types (UDP, TCP, ...) are supported by the service
+   * When does this record expire?
   */
-  struct GNUNET_ipservices connectiontypes;
+  struct GNUNET_TIME_Absolute expiration_time;
  /**
-   * The length of the name of the service
+   * Four TCP and UDP-Ports that are used by this service, big endian format
   */
-  unsigned char namelen;
+  uint64_t ports;
  /**
-   * The name of the service
+   * What connection-types (UDP, TCP, ...) are supported by the service.
-   * This is namelen bytes
+   * Contains an 'enum GNUNET_DNS_ServiceTypes' in big endian format.
   */
-  char name[1];
+  uint32_t service_type;
 };
 #endif
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index a3199c735..98c449486 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -97,6 +97,11 @@ extern "C"
 */
 #define GNUNET_SIGNATURE_PURPOSE_RESOLVER_RESPONSE 10
+/**
+ * Signature of an GNUNET_DNS_Record
+ */
+#define GNUNET_SIGNATURE_PURPOSE_DNS_RECORD 11
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
diff --git a/src/vpn/gnunet-service-dns.c b/src/vpn/gnunet-service-dns.c
index 1ad3c8784..0c688db34 100644
--- a/src/vpn/gnunet-service-dns.c
+++ b/src/vpn/gnunet-service-dns.c
@@ -36,6 +36,8 @@
 #include "gnunet_dht_service.h"
 #include "gnunet_block_lib.h"
 #include "block_dns.h"
+#include "gnunet_crypto_lib.h"
+#include "gnunet_signatures.h"
 struct dns_cls {
        struct GNUNET_SCHEDULER_Handle *sched;
@@ -46,6 +48,8 @@ struct dns_cls {
        unsigned short dnsoutport;
+        const struct GNUNET_CONFIGURATION_Handle *cfg;
        struct answer_packet_list *head;
        struct answer_packet_list *tail;
 };
@@ -265,28 +269,55 @@ publish_name (void *cls,
    return;
  char* name = "philipptoelke.gnunet.";
-  size_t size = sizeof(struct GNUNET_DNS_Record) + strlen(name);
+  size_t size = sizeof(struct GNUNET_DNS_Record);
-  struct GNUNET_DNS_Record *data = alloca(size);
+  struct GNUNET_DNS_Record data;
-  memset(data, 0, size);
+  memset(&data, 0, size);
-  memcpy(data->name, name, strlen(name) + 1);
-  data->namelen = strlen(name) + 1;
+  data.purpose.size = htonl(size - sizeof(struct GNUNET_CRYPTO_RsaSignature));
-  *((unsigned int*)&data->service_descriptor) = 0x11223344;
+  data.purpose.purpose = GNUNET_SIGNATURE_PURPOSE_DNS_RECORD;
-  *((unsigned int*)&data->peer) = 0x55667788;
+  GNUNET_CRYPTO_hash(name, strlen(name)+1, &data.service_descriptor);
-  GNUNET_HashCode key;
-  GNUNET_CRYPTO_hash(name, strlen(name)+1, &key);
+  char* keyfile;
-  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Putting with key %08x, len is %d\n", *((unsigned int*)&key), strlen(name));
+  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename(mycls.cfg, "GNUNETD",
+                                                           "HOSTKEY", &keyfile))
+    {
+      GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "could not read keyfile-value\n");
+      if (keyfile != NULL) GNUNET_free(keyfile);
+      return;
+    }
+  struct GNUNET_CRYPTO_RsaPrivateKey *my_private_key = GNUNET_CRYPTO_rsa_key_create_from_file(keyfile);
+  GNUNET_free(keyfile);
+  GNUNET_CRYPTO_rsa_key_get_public(my_private_key, &data.peer);
+  data.expiration_time = GNUNET_TIME_relative_to_absolute(GNUNET_TIME_UNIT_HOURS);
+  /* Sign the block
+   */
+  if (GNUNET_OK != GNUNET_CRYPTO_rsa_sign(my_private_key,
+                                          &data.purpose,
+                                          &data.signature))
+    {
+      GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "could not sign DNS_Record\n");
+      return;
+    }
+  GNUNET_free(my_private_key);
+  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Putting with key %08x\n", *((unsigned int*)&data.service_descriptor));
  GNUNET_DHT_put(mycls.dht,
-                      &key,
+                 &data.service_descriptor,
-                      GNUNET_DHT_RO_NONE,
+                 GNUNET_DHT_RO_NONE,
-                      GNUNET_BLOCK_TYPE_DNS,
+                 GNUNET_BLOCK_TYPE_DNS,
-                      size,
+                 size,
-                      (char*)data,
+                 (char*)&data,
-                      GNUNET_TIME_relative_to_absolute(GNUNET_TIME_UNIT_HOURS),
+                 GNUNET_TIME_relative_to_absolute(GNUNET_TIME_UNIT_HOURS),
-                      GNUNET_TIME_UNIT_MINUTES,
+                 GNUNET_TIME_UNIT_MINUTES,
-                      NULL,
+                 NULL,
-                      NULL);
+                 NULL);
  GNUNET_SCHEDULER_add_delayed (mycls.sched, GNUNET_TIME_UNIT_HOURS, publish_name, NULL);
 }
@@ -309,6 +340,8 @@ run (void *cls,
    {NULL, NULL, 0, 0}
  };
+  mycls.cfg = cfg;
  {
  int i;
  for (i = 0; i < 65536; i++) {
author	Philipp Tölke <toelke@in.tum.de>	2010-10-26 13:55:55 +0000
committer	Philipp Tölke <toelke@in.tum.de>	2010-10-26 13:55:55 +0000
commit	3900beb1ed0370041bccbe84643d84a6f5204475 (patch)
tree	18c28432dfeaac345892b4f435d3674c3aadc829 /src
parent	8d058446a4a288d87f58a021622ecad6371519cb (diff)
download	gnunet-3900beb1ed0370041bccbe84643d84a6f5204475.tar.gz gnunet-3900beb1ed0370041bccbe84643d84a6f5204475.zip

diff --git a/src/block/plugin_block_dns.c b/src/block/plugin_block_dns.c index 1e1a577fc..205cff4b8 100644 --- a/src/block/plugin_block_dns.c +++ b/src/block/plugin_block_dns.c
@@ -27,6 +27,7 @@
27	#include "platform.h"	27	#include "platform.h"
28	#include "plugin_block.h"	28	#include "plugin_block.h"
29	#include "block_dns.h"	29	#include "block_dns.h"
		30	#include "gnunet_signatures.h"
30		31
31	#define DEBUG_DHT GNUNET_NO	32	#define DEBUG_DHT GNUNET_NO
32		33
@@ -65,11 +66,21 @@ block_plugin_dns_evaluate (void *cls,
65	if (reply_block_size == 0)	66	if (reply_block_size == 0)
66	return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;	67	return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
67		68
68	if (reply_block_size < sizeof(struct GNUNET_DNS_Record))	69	if (reply_block_size != sizeof(struct GNUNET_DNS_Record))
69	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;	70	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
70		71
71	const struct GNUNET_DNS_Record* rec = reply_block;	72	const struct GNUNET_DNS_Record* rec = reply_block;
72	if(reply_block_size != (sizeof(struct GNUNET_DNS_Record) + rec->namelen - 1))	73
		74	if (ntohl(rec->purpose.size) != sizeof(struct GNUNET_DNS_Record) - sizeof(struct GNUNET_CRYPTO_RsaSignature))
		75	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
		76
		77	if (GNUNET_TIME_relative_get_zero().value == GNUNET_TIME_absolute_get_remaining(rec->expiration_time).value)
		78	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
		79
		80	if (GNUNET_OK != GNUNET_CRYPTO_rsa_verify (htonl(GNUNET_SIGNATURE_PURPOSE_DNS_RECORD),
		81	&rec->purpose,
		82	&rec->signature,
		83	&rec->peer))
73	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;	84	return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
74		85
75	/* How to decide whether there are no more? */	86	/* How to decide whether there are no more? */
@@ -101,7 +112,7 @@ block_plugin_dns_get_key (void *cls,
101	if (type != GNUNET_BLOCK_TYPE_DNS)	112	if (type != GNUNET_BLOCK_TYPE_DNS)
102	return GNUNET_SYSERR;	113	return GNUNET_SYSERR;
103	const struct GNUNET_DNS_Record* rec = block;	114	const struct GNUNET_DNS_Record* rec = block;
104	GNUNET_CRYPTO_hash(rec->name, rec->namelen, key);	115	memcpy(key, &rec->service_descriptor, sizeof(GNUNET_HashCode));
105	return GNUNET_OK;	116	return GNUNET_OK;
106	}	117	}
107		118


diff --git a/src/include/block_dns.h b/src/include/block_dns.h index d8f3fa50e..6be82b126 100644 --- a/src/include/block_dns.h +++ b/src/include/block_dns.h
@@ -2,26 +2,38 @@
2	#define _GNVPN_BLOCKDNS_H_	2	#define _GNVPN_BLOCKDNS_H_
3		3
4	#include "gnunet_common.h"	4	#include "gnunet_common.h"
		5	#include "gnunet_crypto_lib.h"
5		6
6	/**	7	/**
7	* Bitmask describing what ip-services are supported by services	8	* Bitmask describing what IP-protocols are supported by the service
8	* It is 2 bytes long
9	*/	9	*/
10	struct GNUNET_ipservices {	10	enum GNUNET_DNS_ServiceTypes
11	unsigned UDP:1 GNUNET_PACKED;	11	{
12	unsigned TCP:1 GNUNET_PACKED;	12	GNUNET_DNS_SERVICE_TYPE_UDP = 1,
13	unsigned RESERVED:14 GNUNET_PACKED;	13	GNUNET_DNS_SERVICE_TYPE_TCP = 2
14	};	14	};
15		15
		16
16	/**	17	/**
17	* This is the structure describing an dns-record such as www.gnunet.	18	* This is the structure describing an dns-record such as www.gnunet.
18	*/	19	*/
19	struct GNUNET_DNS_Record	20	struct GNUNET_DNS_Record
20	{	21	{
21	/**	22	/**
		23	* Signature of the peer affirming that he is offering the service.
		24	*/
		25	struct GNUNET_CRYPTO_RsaSignature signature;
		26
		27	/**
		28	* Beginning of signed portion of the record, signs everything until
		29	* the end of the struct.
		30	*/
		31	struct GNUNET_CRYPTO_RsaSignaturePurpose purpose;
		32
		33	/**
22	* The peer providing this service	34	* The peer providing this service
23	*/	35	*/
24	struct GNUNET_PeerIdentity peer;	36	struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded peer;
25		37
26	/**	38	/**
27	* The descriptor for the service	39	* The descriptor for the service
@@ -30,20 +42,20 @@ struct GNUNET_DNS_Record
30	GNUNET_HashCode service_descriptor;	42	GNUNET_HashCode service_descriptor;
31		43
32	/**	44	/**
33	* What connection-types (UDP, TCP, ...) are supported by the service	45	* When does this record expire?
34	*/	46	*/
35	struct GNUNET_ipservices connectiontypes;	47	struct GNUNET_TIME_Absolute expiration_time;
36		48
37	/**	49	/**
38	* The length of the name of the service	50	* Four TCP and UDP-Ports that are used by this service, big endian format
39	*/	51	*/
40	unsigned char namelen;	52	uint64_t ports;
41		53
42	/**	54	/**
43	* The name of the service	55	* What connection-types (UDP, TCP, ...) are supported by the service.
44	* This is namelen bytes	56	* Contains an 'enum GNUNET_DNS_ServiceTypes' in big endian format.
45	*/	57	*/
46	char name[1];	58	uint32_t service_type;
47	};	59	};
48		60
49	#endif	61	#endif


diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index a3199c735..98c449486 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h
@@ -97,6 +97,11 @@ extern "C"
97	*/	97	*/
98	#define GNUNET_SIGNATURE_PURPOSE_RESOLVER_RESPONSE 10	98	#define GNUNET_SIGNATURE_PURPOSE_RESOLVER_RESPONSE 10
99		99
		100	/**
		101	* Signature of an GNUNET_DNS_Record
		102	*/
		103	#define GNUNET_SIGNATURE_PURPOSE_DNS_RECORD 11
		104
100		105
101	#if 0 /* keep Emacsens' auto-indent happy */	106	#if 0 /* keep Emacsens' auto-indent happy */
102	{	107	{


diff --git a/src/vpn/gnunet-service-dns.c b/src/vpn/gnunet-service-dns.c index 1ad3c8784..0c688db34 100644 --- a/src/vpn/gnunet-service-dns.c +++ b/src/vpn/gnunet-service-dns.c
@@ -36,6 +36,8 @@
36	#include "gnunet_dht_service.h"	36	#include "gnunet_dht_service.h"
37	#include "gnunet_block_lib.h"	37	#include "gnunet_block_lib.h"
38	#include "block_dns.h"	38	#include "block_dns.h"
		39	#include "gnunet_crypto_lib.h"
		40	#include "gnunet_signatures.h"
39		41
40	struct dns_cls {	42	struct dns_cls {
41	struct GNUNET_SCHEDULER_Handle *sched;	43	struct GNUNET_SCHEDULER_Handle *sched;
@@ -46,6 +48,8 @@ struct dns_cls {
46		48
47	unsigned short dnsoutport;	49	unsigned short dnsoutport;
48		50
		51	const struct GNUNET_CONFIGURATION_Handle *cfg;
		52
49	struct answer_packet_list *head;	53	struct answer_packet_list *head;
50	struct answer_packet_list *tail;	54	struct answer_packet_list *tail;
51	};	55	};
@@ -265,28 +269,55 @@ publish_name (void *cls,
265	return;	269	return;
266		270
267	char* name = "philipptoelke.gnunet.";	271	char* name = "philipptoelke.gnunet.";
268	size_t size = sizeof(struct GNUNET_DNS_Record) + strlen(name);	272	size_t size = sizeof(struct GNUNET_DNS_Record);
269	struct GNUNET_DNS_Record *data = alloca(size);	273	struct GNUNET_DNS_Record data;
270	memset(data, 0, size);	274	memset(&data, 0, size);
271	memcpy(data->name, name, strlen(name) + 1);	275
272	data->namelen = strlen(name) + 1;	276	data.purpose.size = htonl(size - sizeof(struct GNUNET_CRYPTO_RsaSignature));
273	((unsigned int)&data->service_descriptor) = 0x11223344;	277	data.purpose.purpose = GNUNET_SIGNATURE_PURPOSE_DNS_RECORD;
274	((unsigned int)&data->peer) = 0x55667788;	278
275		279	GNUNET_CRYPTO_hash(name, strlen(name)+1, &data.service_descriptor);
276	GNUNET_HashCode key;	280
277	GNUNET_CRYPTO_hash(name, strlen(name)+1, &key);	281	char* keyfile;
278	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Putting with key %08x, len is %d\n", ((unsigned int)&key), strlen(name));	282	if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename(mycls.cfg, "GNUNETD",
		283	"HOSTKEY", &keyfile))
		284	{
		285	GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "could not read keyfile-value\n");
		286	if (keyfile != NULL) GNUNET_free(keyfile);
		287	return;
		288	}
		289
		290	struct GNUNET_CRYPTO_RsaPrivateKey *my_private_key = GNUNET_CRYPTO_rsa_key_create_from_file(keyfile);
		291	GNUNET_free(keyfile);
		292
		293	GNUNET_CRYPTO_rsa_key_get_public(my_private_key, &data.peer);
		294
		295	data.expiration_time = GNUNET_TIME_relative_to_absolute(GNUNET_TIME_UNIT_HOURS);
		296
		297	/* Sign the block
		298	*/
		299
		300	if (GNUNET_OK != GNUNET_CRYPTO_rsa_sign(my_private_key,
		301	&data.purpose,
		302	&data.signature))
		303	{
		304	GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "could not sign DNS_Record\n");
		305	return;
		306	}
		307	GNUNET_free(my_private_key);
		308
		309	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, "Putting with key %08x\n", ((unsigned int)&data.service_descriptor));
279		310
280	GNUNET_DHT_put(mycls.dht,	311	GNUNET_DHT_put(mycls.dht,
281	&key,	312	&data.service_descriptor,
282	GNUNET_DHT_RO_NONE,	313	GNUNET_DHT_RO_NONE,
283	GNUNET_BLOCK_TYPE_DNS,	314	GNUNET_BLOCK_TYPE_DNS,
284	size,	315	size,
285	(char*)data,	316	(char*)&data,
286	GNUNET_TIME_relative_to_absolute(GNUNET_TIME_UNIT_HOURS),	317	GNUNET_TIME_relative_to_absolute(GNUNET_TIME_UNIT_HOURS),
287	GNUNET_TIME_UNIT_MINUTES,	318	GNUNET_TIME_UNIT_MINUTES,
288	NULL,	319	NULL,
289	NULL);	320	NULL);
290		321
291	GNUNET_SCHEDULER_add_delayed (mycls.sched, GNUNET_TIME_UNIT_HOURS, publish_name, NULL);	322	GNUNET_SCHEDULER_add_delayed (mycls.sched, GNUNET_TIME_UNIT_HOURS, publish_name, NULL);
292	}	323	}
@@ -309,6 +340,8 @@ run (void *cls,
309	{NULL, NULL, 0, 0}	340	{NULL, NULL, 0, 0}
310	};	341	};
311		342
		343	mycls.cfg = cfg;
		344
312	{	345	{
313	int i;	346	int i;
314	for (i = 0; i < 65536; i++) {	347	for (i = 0; i < 65536; i++) {