diff options
-rw-r--r-- | src/include/gnunet_signatures.h | 17 | ||||
-rw-r--r-- | src/transport/gnunet-service-tng.c | 233 |
2 files changed, 246 insertions, 4 deletions
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index 218dcbace..37a4ca1fb 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h | |||
@@ -204,24 +204,33 @@ extern "C" | |||
204 | 204 | ||
205 | /** | 205 | /** |
206 | * Signature used by TCP communicator handshake, | 206 | * Signature used by TCP communicator handshake, |
207 | */ | 207 | */ |
208 | #define GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE 31 | 208 | #define GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE 31 |
209 | 209 | ||
210 | /** | 210 | /** |
211 | * Signature used by TCP communicator rekey. | 211 | * Signature used by TCP communicator rekey. |
212 | */ | 212 | */ |
213 | #define GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY 32 | 213 | #define GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY 32 |
214 | 214 | ||
215 | /** | 215 | /** |
216 | * Signature used by UDP communicator handshake | 216 | * Signature used by UDP communicator handshake |
217 | */ | 217 | */ |
218 | #define GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE 33 | 218 | #define GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE 33 |
219 | 219 | ||
220 | /** | 220 | /** |
221 | * Signature used by UDP broadcasts. | 221 | * Signature used by UDP broadcasts. |
222 | */ | 222 | */ |
223 | #define GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST 34 | 223 | #define GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST 34 |
224 | 224 | ||
225 | /** | ||
226 | * Signature by a peer affirming that it received a | ||
227 | * challenge (and stating how long it expects the | ||
228 | * address on which the challenge was received to | ||
229 | * remain valid). | ||
230 | */ | ||
231 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE 35 | ||
232 | |||
233 | |||
225 | #if 0 /* keep Emacsens' auto-indent happy */ | 234 | #if 0 /* keep Emacsens' auto-indent happy */ |
226 | { | 235 | { |
227 | #endif | 236 | #endif |
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index 4d4ac509a..6c9e0589c 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c | |||
@@ -124,6 +124,22 @@ | |||
124 | #define REASSEMBLY_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) | 124 | #define REASSEMBLY_EXPIRATION GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 4) |
125 | 125 | ||
126 | /** | 126 | /** |
127 | * What is the fastest rate at which we send challenges *if* we keep learning | ||
128 | * an address (gossip, DHT, etc.)? | ||
129 | */ | ||
130 | #define FAST_VALIDATION_CHALLENGE_FREQ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 1) | ||
131 | |||
132 | /** | ||
133 | * What is the slowest rate at which we send challenges? | ||
134 | */ | ||
135 | #define MAX_VALIDATION_CHALLENGE_FREQ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_DAYS, 1) | ||
136 | |||
137 | /** | ||
138 | * When do we forget an invalid address for sure? | ||
139 | */ | ||
140 | #define MAX_ADDRESS_VALID_UNTIL GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MONTHS, 1) | ||
141 | |||
142 | /** | ||
127 | * How many messages can we have pending for a given communicator | 143 | * How many messages can we have pending for a given communicator |
128 | * process before we start to throttle that communicator? | 144 | * process before we start to throttle that communicator? |
129 | * | 145 | * |
@@ -521,6 +537,105 @@ struct TransportDVBox | |||
521 | }; | 537 | }; |
522 | 538 | ||
523 | 539 | ||
540 | /** | ||
541 | * Message send to another peer to validate that it can indeed | ||
542 | * receive messages at a particular address. | ||
543 | */ | ||
544 | struct TransportValidationChallenge | ||
545 | { | ||
546 | |||
547 | /** | ||
548 | * Type is #GNUNET_MESSAGE_TYPE_ADDRESS_VALIDATION_CHALLENGE | ||
549 | */ | ||
550 | struct GNUNET_MessageHeader header; | ||
551 | |||
552 | /** | ||
553 | * Zero. | ||
554 | */ | ||
555 | uint32_t reserved GNUNET_PACKED; | ||
556 | |||
557 | /** | ||
558 | * Challenge to be signed by the receiving peer. | ||
559 | */ | ||
560 | struct GNUNET_ShortHashCode challenge; | ||
561 | |||
562 | /** | ||
563 | * Timestamp of the sender, to be copied into the reply | ||
564 | * to allow sender to calculate RTT. | ||
565 | */ | ||
566 | struct GNUNET_TIME_AbsoluteNBO sender_time; | ||
567 | }; | ||
568 | |||
569 | |||
570 | /** | ||
571 | * Message signed by a peer to confirm that it can indeed | ||
572 | * receive messages at a particular address. | ||
573 | */ | ||
574 | struct TransportValidationPS | ||
575 | { | ||
576 | |||
577 | /** | ||
578 | * Purpose is #GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE | ||
579 | */ | ||
580 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
581 | |||
582 | /** | ||
583 | * How long does the sender believe the address on | ||
584 | * which the challenge was received to remain valid? | ||
585 | */ | ||
586 | struct GNUNET_TIME_RelativeNBO validity_duration; | ||
587 | |||
588 | /** | ||
589 | * Challenge signed by the receiving peer. | ||
590 | */ | ||
591 | struct GNUNET_ShortHashCode challenge; | ||
592 | |||
593 | }; | ||
594 | |||
595 | |||
596 | /** | ||
597 | * Message send to a peer to respond to a | ||
598 | * #GNUNET_MESSAGE_TYPE_ADDRESS_VALIDATION_CHALLENGE | ||
599 | */ | ||
600 | struct TransportValidationResponse | ||
601 | { | ||
602 | |||
603 | /** | ||
604 | * Type is #GNUNET_MESSAGE_TYPE_ADDRESS_VALIDATION_RESPONSE | ||
605 | */ | ||
606 | struct GNUNET_MessageHeader header; | ||
607 | |||
608 | /** | ||
609 | * Zero. | ||
610 | */ | ||
611 | uint32_t reserved GNUNET_PACKED; | ||
612 | |||
613 | /** | ||
614 | * The peer's signature matching the | ||
615 | * #GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE purpose. | ||
616 | */ | ||
617 | struct GNUNET_CRYPTO_EddsaSignature signature; | ||
618 | |||
619 | /** | ||
620 | * The challenge that was signed by the receiving peer. | ||
621 | */ | ||
622 | struct GNUNET_ShortHashCode challenge; | ||
623 | |||
624 | /** | ||
625 | * Original timestamp of the sender (was @code{sender_time}), | ||
626 | * copied into the reply to allow sender to calculate RTT. | ||
627 | */ | ||
628 | struct GNUNET_TIME_AbsoluteNBO origin_time; | ||
629 | |||
630 | /** | ||
631 | * How long does the sender believe this address to remain | ||
632 | * valid? | ||
633 | */ | ||
634 | struct GNUNET_TIME_RelativeNBO validity_duration; | ||
635 | }; | ||
636 | |||
637 | |||
638 | |||
524 | GNUNET_NETWORK_STRUCT_END | 639 | GNUNET_NETWORK_STRUCT_END |
525 | 640 | ||
526 | 641 | ||
@@ -1428,6 +1543,111 @@ struct TransportClient | |||
1428 | 1543 | ||
1429 | 1544 | ||
1430 | /** | 1545 | /** |
1546 | * State we keep for validation activities. Each of these | ||
1547 | * is both in the #validation_heap and the #validation_map. | ||
1548 | */ | ||
1549 | struct ValidationState | ||
1550 | { | ||
1551 | |||
1552 | /** | ||
1553 | * For which peer is @a address to be validated (or possibly valid)? | ||
1554 | * Serves as key in the #validation_map. | ||
1555 | */ | ||
1556 | struct GNUNET_PeerIdentity pid; | ||
1557 | |||
1558 | /** | ||
1559 | * How long did the peer claim this @e address to be valid? Capped at | ||
1560 | * minimum of #MAX_ADDRESS_VALID_UNTIL relative to the time where we last | ||
1561 | * were told about the address and the value claimed by the other peer at | ||
1562 | * that time. May be updated similarly when validation succeeds. | ||
1563 | */ | ||
1564 | struct GNUNET_TIME_Absolute valid_until; | ||
1565 | |||
1566 | /** | ||
1567 | * How long do *we* consider this @e address to be valid? | ||
1568 | * In the past or zero if we have not yet validated it. | ||
1569 | */ | ||
1570 | struct GNUNET_TIME_Absolute validated_until; | ||
1571 | |||
1572 | /** | ||
1573 | * When did we FIRST use the current @e challenge in a message? | ||
1574 | * Used to sanity-check @code{origin_time} in the response when | ||
1575 | * calculating the RTT. If the @code{origin_time} is not in | ||
1576 | * the expected range, the response is discarded as malicious. | ||
1577 | */ | ||
1578 | struct GNUNET_TIME_Absolute first_challenge_use; | ||
1579 | |||
1580 | /** | ||
1581 | * When did we LAST use the current @e challenge in a message? | ||
1582 | * Used to sanity-check @code{origin_time} in the response when | ||
1583 | * calculating the RTT. If the @code{origin_time} is not in | ||
1584 | * the expected range, the response is discarded as malicious. | ||
1585 | */ | ||
1586 | struct GNUNET_TIME_Absolute last_challenge_use; | ||
1587 | |||
1588 | /** | ||
1589 | * Next time we will send the @e challenge to the peer, if this time is past | ||
1590 | * @e valid_until, this validation state is released at this time. If the | ||
1591 | * address is valid, @e next_challenge is set to @e validated_until MINUS @e | ||
1592 | * validation_delay * 3, such that we will try to re-validate before the | ||
1593 | * validity actually expires. | ||
1594 | */ | ||
1595 | struct GNUNET_TIME_Absolute next_challenge; | ||
1596 | |||
1597 | /** | ||
1598 | * Current backoff factor we're applying for sending the @a challenge. | ||
1599 | * Reset to 0 if the @a challenge is confirmed upon validation. | ||
1600 | * Reduced to minimum of #FAST_VALIDATION_CHALLENGE_FREQ and half of the | ||
1601 | * existing value if we receive an unvalidated address again over | ||
1602 | * another channel (and thus should consider the information "fresh"). | ||
1603 | * Maximum is #MAX_VALIDATION_CHALLENGE_FREQ. | ||
1604 | */ | ||
1605 | struct GNUNET_TIME_Relative challenge_backoff; | ||
1606 | |||
1607 | /** | ||
1608 | * Initially set to "forever". Once @e validated_until is set, this value is | ||
1609 | * set to the RTT that tells us how long it took to receive the validation. | ||
1610 | */ | ||
1611 | struct GNUNET_TIME_Relative validation_rtt; | ||
1612 | |||
1613 | /** | ||
1614 | * The challenge we sent to the peer to get it to validate the address. Note | ||
1615 | * that we rotate the challenge whenever we update @e validated_until to | ||
1616 | * avoid attacks where a peer simply replays an old challenge in the future. | ||
1617 | * (We must not rotate more often as otherwise we may discard valid answers | ||
1618 | * due to packet losses, latency and reorderings on the network). | ||
1619 | */ | ||
1620 | struct GNUNET_ShortHashCode challenge; | ||
1621 | |||
1622 | /** | ||
1623 | * Claimed address of the peer. | ||
1624 | */ | ||
1625 | char *address; | ||
1626 | |||
1627 | /** | ||
1628 | * Entry in the #validation_heap, which is sorted by @e next_challenge. The | ||
1629 | * heap is used to figure out when the next validation activity should be | ||
1630 | * run. | ||
1631 | */ | ||
1632 | struct GNUNET_CONTAINER_HeapNode *hn; | ||
1633 | |||
1634 | /** | ||
1635 | * Handle to a PEERSTORE store operation for this @e address. NULL if | ||
1636 | * no PEERSTORE operation is pending. | ||
1637 | */ | ||
1638 | struct GNUNET_PEERSTORE_StoreContext *sc; | ||
1639 | |||
1640 | /** | ||
1641 | * Network type (presumably) associated with @e address. NEEDED? | ||
1642 | */ | ||
1643 | enum GNUNET_NetworkType nt; | ||
1644 | |||
1645 | }; | ||
1646 | |||
1647 | |||
1648 | |||
1649 | |||
1650 | /** | ||
1431 | * Head of linked list of all clients to this service. | 1651 | * Head of linked list of all clients to this service. |
1432 | */ | 1652 | */ |
1433 | static struct TransportClient *clients_head; | 1653 | static struct TransportClient *clients_head; |
@@ -1470,6 +1690,19 @@ static struct GNUNET_CONTAINER_MultiPeerMap *neighbours; | |||
1470 | static struct GNUNET_CONTAINER_MultiPeerMap *dv_routes; | 1690 | static struct GNUNET_CONTAINER_MultiPeerMap *dv_routes; |
1471 | 1691 | ||
1472 | /** | 1692 | /** |
1693 | * Map from PIDs to `struct ValidationState` entries describing | ||
1694 | * addresses we are aware of and their validity state. | ||
1695 | */ | ||
1696 | static struct GNUNET_CONTAINER_MultiPeerMap *validation_map; | ||
1697 | |||
1698 | /** | ||
1699 | * MIN Heap sorted by "next_challenge" to `struct ValidationState` entries | ||
1700 | * sorting addresses we are aware of by when we should next try to (re)validate | ||
1701 | * (or expire) them. | ||
1702 | */ | ||
1703 | static struct GNUNET_CONTAINER_Heap *validation_heap; | ||
1704 | |||
1705 | /** | ||
1473 | * Database for peer's HELLOs. | 1706 | * Database for peer's HELLOs. |
1474 | */ | 1707 | */ |
1475 | static struct GNUNET_PEERSTORE_Handle *peerstore; | 1708 | static struct GNUNET_PEERSTORE_Handle *peerstore; |