diff options
Diffstat (limited to 'src/gnsrecord/gnsrecord_crypto.c')
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 484 |
1 files changed, 241 insertions, 243 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index 2785a4a59..6eda1e962 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -11,12 +11,12 @@ | |||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | 11 | WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | Affero General Public License for more details. | 13 | Affero General Public License for more details. |
14 | 14 | ||
15 | You should have received a copy of the GNU Affero General Public License | 15 | You should have received a copy of the GNU Affero General Public License |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
17 | 17 | ||
18 | SPDX-License-Identifier: AGPL3.0-or-later | 18 | SPDX-License-Identifier: AGPL3.0-or-later |
19 | */ | 19 | */ |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * @file gnsrecord/gnsrecord_crypto.c | 22 | * @file gnsrecord/gnsrecord_crypto.c |
@@ -35,7 +35,7 @@ | |||
35 | #include "gnunet_tun_lib.h" | 35 | #include "gnunet_tun_lib.h" |
36 | 36 | ||
37 | 37 | ||
38 | #define LOG(kind,...) GNUNET_log_from (kind, "gnsrecord",__VA_ARGS__) | 38 | #define LOG(kind, ...) GNUNET_log_from(kind, "gnsrecord", __VA_ARGS__) |
39 | 39 | ||
40 | 40 | ||
41 | /** | 41 | /** |
@@ -47,24 +47,24 @@ | |||
47 | * @param pub public key to use for KDF | 47 | * @param pub public key to use for KDF |
48 | */ | 48 | */ |
49 | static void | 49 | static void |
50 | derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 50 | derive_block_aes_key(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
51 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 51 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
52 | const char *label, | 52 | const char *label, |
53 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) | 53 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) |
54 | { | 54 | { |
55 | static const char ctx_key[] = "gns-aes-ctx-key"; | 55 | static const char ctx_key[] = "gns-aes-ctx-key"; |
56 | static const char ctx_iv[] = "gns-aes-ctx-iv"; | 56 | static const char ctx_iv[] = "gns-aes-ctx-iv"; |
57 | 57 | ||
58 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | 58 | GNUNET_CRYPTO_kdf(skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), |
59 | pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), | 59 | pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), |
60 | label, strlen (label), | 60 | label, strlen(label), |
61 | ctx_key, strlen (ctx_key), | 61 | ctx_key, strlen(ctx_key), |
62 | NULL, 0); | 62 | NULL, 0); |
63 | GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), | 63 | GNUNET_CRYPTO_kdf(iv, sizeof(struct GNUNET_CRYPTO_SymmetricInitializationVector), |
64 | pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), | 64 | pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), |
65 | label, strlen (label), | 65 | label, strlen(label), |
66 | ctx_iv, strlen (ctx_iv), | 66 | ctx_iv, strlen(ctx_iv), |
67 | NULL, 0); | 67 | NULL, 0); |
68 | } | 68 | } |
69 | 69 | ||
70 | 70 | ||
@@ -80,15 +80,15 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | |||
80 | * @return NULL on error (block too large) | 80 | * @return NULL on error (block too large) |
81 | */ | 81 | */ |
82 | struct GNUNET_GNSRECORD_Block * | 82 | struct GNUNET_GNSRECORD_Block * |
83 | block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 83 | block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
84 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, | 84 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, |
85 | struct GNUNET_TIME_Absolute expire, | 85 | struct GNUNET_TIME_Absolute expire, |
86 | const char *label, | 86 | const char *label, |
87 | const struct GNUNET_GNSRECORD_Data *rd, | 87 | const struct GNUNET_GNSRECORD_Data *rd, |
88 | unsigned int rd_count) | 88 | unsigned int rd_count) |
89 | { | 89 | { |
90 | ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, | 90 | ssize_t payload_len = GNUNET_GNSRECORD_records_get_size(rd_count, |
91 | rd); | 91 | rd); |
92 | struct GNUNET_GNSRECORD_Block *block; | 92 | struct GNUNET_GNSRECORD_Block *block; |
93 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; | 93 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; |
94 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 94 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
@@ -98,80 +98,80 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
98 | struct GNUNET_TIME_Absolute now; | 98 | struct GNUNET_TIME_Absolute now; |
99 | 99 | ||
100 | if (payload_len < 0) | 100 | if (payload_len < 0) |
101 | { | 101 | { |
102 | GNUNET_break (0); | 102 | GNUNET_break(0); |
103 | return NULL; | 103 | return NULL; |
104 | } | 104 | } |
105 | if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) | 105 | if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) |
106 | { | 106 | { |
107 | GNUNET_break (0); | 107 | GNUNET_break(0); |
108 | return NULL; | 108 | return NULL; |
109 | } | 109 | } |
110 | /* convert relative to absolute times */ | 110 | /* convert relative to absolute times */ |
111 | now = GNUNET_TIME_absolute_get (); | 111 | now = GNUNET_TIME_absolute_get(); |
112 | for (unsigned int i=0;i<rd_count;i++) | 112 | for (unsigned int i = 0; i < rd_count; i++) |
113 | { | ||
114 | rdc[i] = rd[i]; | ||
115 | if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) | ||
116 | { | 113 | { |
117 | struct GNUNET_TIME_Relative t; | 114 | rdc[i] = rd[i]; |
115 | if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) | ||
116 | { | ||
117 | struct GNUNET_TIME_Relative t; | ||
118 | 118 | ||
119 | /* encrypted blocks must never have relative expiration times, convert! */ | 119 | /* encrypted blocks must never have relative expiration times, convert! */ |
120 | rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 120 | rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; |
121 | t.rel_value_us = rdc[i].expiration_time; | 121 | t.rel_value_us = rdc[i].expiration_time; |
122 | rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us; | 122 | rdc[i].expiration_time = GNUNET_TIME_absolute_add(now, t).abs_value_us; |
123 | } | ||
123 | } | 124 | } |
124 | } | ||
125 | /* serialize */ | 125 | /* serialize */ |
126 | rd_count_nbo = htonl (rd_count); | 126 | rd_count_nbo = htonl(rd_count); |
127 | { | 127 | { |
128 | char payload[sizeof (uint32_t) + payload_len]; | 128 | char payload[sizeof(uint32_t) + payload_len]; |
129 | 129 | ||
130 | GNUNET_memcpy (payload, | 130 | GNUNET_memcpy(payload, |
131 | &rd_count_nbo, | 131 | &rd_count_nbo, |
132 | sizeof (uint32_t)); | 132 | sizeof(uint32_t)); |
133 | GNUNET_assert (payload_len == | 133 | GNUNET_assert(payload_len == |
134 | GNUNET_GNSRECORD_records_serialize (rd_count, | 134 | GNUNET_GNSRECORD_records_serialize(rd_count, |
135 | rdc, | 135 | rdc, |
136 | payload_len, | 136 | payload_len, |
137 | &payload[sizeof (uint32_t)])); | 137 | &payload[sizeof(uint32_t)])); |
138 | block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + | 138 | block = GNUNET_malloc(sizeof(struct GNUNET_GNSRECORD_Block) + |
139 | sizeof (uint32_t) + | 139 | sizeof(uint32_t) + |
140 | payload_len); | 140 | payload_len); |
141 | block->purpose.size = htonl (sizeof (uint32_t) + | 141 | block->purpose.size = htonl(sizeof(uint32_t) + |
142 | payload_len + | 142 | payload_len + |
143 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 143 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + |
144 | sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 144 | sizeof(struct GNUNET_TIME_AbsoluteNBO)); |
145 | block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); | 145 | block->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); |
146 | block->expiration_time = GNUNET_TIME_absolute_hton (expire); | 146 | block->expiration_time = GNUNET_TIME_absolute_hton(expire); |
147 | /* encrypt and sign */ | 147 | /* encrypt and sign */ |
148 | dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key, | 148 | dkey = GNUNET_CRYPTO_ecdsa_private_key_derive(key, |
149 | label, | 149 | label, |
150 | "gns"); | 150 | "gns"); |
151 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, | 151 | GNUNET_CRYPTO_ecdsa_key_get_public(dkey, |
152 | &block->derived_key); | 152 | &block->derived_key); |
153 | derive_block_aes_key (&iv, | 153 | derive_block_aes_key(&iv, |
154 | &skey, | 154 | &skey, |
155 | label, | 155 | label, |
156 | pkey); | 156 | pkey); |
157 | GNUNET_break (payload_len + sizeof (uint32_t) == | 157 | GNUNET_break(payload_len + sizeof(uint32_t) == |
158 | GNUNET_CRYPTO_symmetric_encrypt (payload, | 158 | GNUNET_CRYPTO_symmetric_encrypt(payload, |
159 | payload_len + sizeof (uint32_t), | 159 | payload_len + sizeof(uint32_t), |
160 | &skey, | 160 | &skey, |
161 | &iv, | 161 | &iv, |
162 | &block[1])); | 162 | &block[1])); |
163 | } | 163 | } |
164 | if (GNUNET_OK != | 164 | if (GNUNET_OK != |
165 | GNUNET_CRYPTO_ecdsa_sign (dkey, | 165 | GNUNET_CRYPTO_ecdsa_sign(dkey, |
166 | &block->purpose, | 166 | &block->purpose, |
167 | &block->signature)) | 167 | &block->signature)) |
168 | { | 168 | { |
169 | GNUNET_break (0); | 169 | GNUNET_break(0); |
170 | GNUNET_free (dkey); | 170 | GNUNET_free(dkey); |
171 | GNUNET_free (block); | 171 | GNUNET_free(block); |
172 | return NULL; | 172 | return NULL; |
173 | } | 173 | } |
174 | GNUNET_free (dkey); | 174 | GNUNET_free(dkey); |
175 | return block; | 175 | return block; |
176 | } | 176 | } |
177 | 177 | ||
@@ -187,30 +187,29 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
187 | * @return NULL on error (block too large) | 187 | * @return NULL on error (block too large) |
188 | */ | 188 | */ |
189 | struct GNUNET_GNSRECORD_Block * | 189 | struct GNUNET_GNSRECORD_Block * |
190 | GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 190 | GNUNET_GNSRECORD_block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
191 | struct GNUNET_TIME_Absolute expire, | 191 | struct GNUNET_TIME_Absolute expire, |
192 | const char *label, | 192 | const char *label, |
193 | const struct GNUNET_GNSRECORD_Data *rd, | 193 | const struct GNUNET_GNSRECORD_Data *rd, |
194 | unsigned int rd_count) | 194 | unsigned int rd_count) |
195 | { | 195 | { |
196 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 196 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
197 | 197 | ||
198 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | 198 | GNUNET_CRYPTO_ecdsa_key_get_public(key, |
199 | &pkey); | 199 | &pkey); |
200 | return block_create (key, | 200 | return block_create(key, |
201 | &pkey, | 201 | &pkey, |
202 | expire, | 202 | expire, |
203 | label, | 203 | label, |
204 | rd, | 204 | rd, |
205 | rd_count); | 205 | rd_count); |
206 | } | 206 | } |
207 | 207 | ||
208 | 208 | ||
209 | /** | 209 | /** |
210 | * Line in cache mapping private keys to public keys. | 210 | * Line in cache mapping private keys to public keys. |
211 | */ | 211 | */ |
212 | struct KeyCacheLine | 212 | struct KeyCacheLine { |
213 | { | ||
214 | /** | 213 | /** |
215 | * A private key. | 214 | * A private key. |
216 | */ | 215 | */ |
@@ -220,7 +219,6 @@ struct KeyCacheLine | |||
220 | * Associated public key. | 219 | * Associated public key. |
221 | */ | 220 | */ |
222 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 221 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
223 | |||
224 | }; | 222 | }; |
225 | 223 | ||
226 | 224 | ||
@@ -237,33 +235,33 @@ struct KeyCacheLine | |||
237 | * @return NULL on error (block too large) | 235 | * @return NULL on error (block too large) |
238 | */ | 236 | */ |
239 | struct GNUNET_GNSRECORD_Block * | 237 | struct GNUNET_GNSRECORD_Block * |
240 | GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 238 | GNUNET_GNSRECORD_block_create2(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
241 | struct GNUNET_TIME_Absolute expire, | 239 | struct GNUNET_TIME_Absolute expire, |
242 | const char *label, | 240 | const char *label, |
243 | const struct GNUNET_GNSRECORD_Data *rd, | 241 | const struct GNUNET_GNSRECORD_Data *rd, |
244 | unsigned int rd_count) | 242 | unsigned int rd_count) |
245 | { | 243 | { |
246 | #define CSIZE 64 | 244 | #define CSIZE 64 |
247 | static struct KeyCacheLine cache[CSIZE]; | 245 | static struct KeyCacheLine cache[CSIZE]; |
248 | struct KeyCacheLine *line; | 246 | struct KeyCacheLine *line; |
249 | 247 | ||
250 | line = &cache[(*(unsigned int *) key) % CSIZE]; | 248 | line = &cache[(*(unsigned int *)key) % CSIZE]; |
251 | if (0 != memcmp (&line->key, | 249 | if (0 != memcmp(&line->key, |
252 | key, | 250 | key, |
253 | sizeof (*key))) | 251 | sizeof(*key))) |
254 | { | 252 | { |
255 | /* cache miss, recompute */ | 253 | /* cache miss, recompute */ |
256 | line->key = *key; | 254 | line->key = *key; |
257 | GNUNET_CRYPTO_ecdsa_key_get_public (key, | 255 | GNUNET_CRYPTO_ecdsa_key_get_public(key, |
258 | &line->pkey); | 256 | &line->pkey); |
259 | } | 257 | } |
260 | #undef CSIZE | 258 | #undef CSIZE |
261 | return block_create (key, | 259 | return block_create(key, |
262 | &line->pkey, | 260 | &line->pkey, |
263 | expire, | 261 | expire, |
264 | label, | 262 | label, |
265 | rd, | 263 | rd, |
266 | rd_count); | 264 | rd_count); |
267 | } | 265 | } |
268 | 266 | ||
269 | 267 | ||
@@ -276,12 +274,12 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
276 | * @return #GNUNET_OK if the signature is valid | 274 | * @return #GNUNET_OK if the signature is valid |
277 | */ | 275 | */ |
278 | int | 276 | int |
279 | GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) | 277 | GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block) |
280 | { | 278 | { |
281 | return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, | 279 | return GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, |
282 | &block->purpose, | 280 | &block->purpose, |
283 | &block->signature, | 281 | &block->signature, |
284 | &block->derived_key); | 282 | &block->derived_key); |
285 | } | 283 | } |
286 | 284 | ||
287 | 285 | ||
@@ -297,124 +295,124 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) | |||
297 | * not well-formed | 295 | * not well-formed |
298 | */ | 296 | */ |
299 | int | 297 | int |
300 | GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | 298 | GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block, |
301 | const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, | 299 | const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, |
302 | const char *label, | 300 | const char *label, |
303 | GNUNET_GNSRECORD_RecordCallback proc, | 301 | GNUNET_GNSRECORD_RecordCallback proc, |
304 | void *proc_cls) | 302 | void *proc_cls) |
305 | { | 303 | { |
306 | size_t payload_len = ntohl (block->purpose.size) - | 304 | size_t payload_len = ntohl(block->purpose.size) - |
307 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) - | 305 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - |
308 | sizeof (struct GNUNET_TIME_AbsoluteNBO); | 306 | sizeof(struct GNUNET_TIME_AbsoluteNBO); |
309 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 307 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
310 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 308 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
311 | 309 | ||
312 | if (ntohl (block->purpose.size) < | 310 | if (ntohl(block->purpose.size) < |
313 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 311 | sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + |
314 | sizeof (struct GNUNET_TIME_AbsoluteNBO)) | 312 | sizeof(struct GNUNET_TIME_AbsoluteNBO)) |
315 | { | 313 | { |
316 | GNUNET_break_op (0); | 314 | GNUNET_break_op(0); |
317 | return GNUNET_SYSERR; | 315 | return GNUNET_SYSERR; |
318 | } | 316 | } |
319 | derive_block_aes_key (&iv, | 317 | derive_block_aes_key(&iv, |
320 | &skey, | 318 | &skey, |
321 | label, | 319 | label, |
322 | zone_key); | 320 | zone_key); |
323 | { | 321 | { |
324 | char payload[payload_len]; | 322 | char payload[payload_len]; |
325 | uint32_t rd_count; | 323 | uint32_t rd_count; |
326 | 324 | ||
327 | GNUNET_break (payload_len == | 325 | GNUNET_break(payload_len == |
328 | GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len, | 326 | GNUNET_CRYPTO_symmetric_decrypt(&block[1], payload_len, |
329 | &skey, &iv, | 327 | &skey, &iv, |
330 | payload)); | 328 | payload)); |
331 | GNUNET_memcpy (&rd_count, | 329 | GNUNET_memcpy(&rd_count, |
332 | payload, | 330 | payload, |
333 | sizeof (uint32_t)); | 331 | sizeof(uint32_t)); |
334 | rd_count = ntohl (rd_count); | 332 | rd_count = ntohl(rd_count); |
335 | if (rd_count > 2048) | 333 | if (rd_count > 2048) |
336 | { | 334 | { |
337 | /* limit to sane value */ | 335 | /* limit to sane value */ |
338 | GNUNET_break_op (0); | 336 | GNUNET_break_op(0); |
339 | return GNUNET_SYSERR; | 337 | return GNUNET_SYSERR; |
340 | } | 338 | } |
341 | { | 339 | { |
342 | struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)]; | 340 | struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)]; |
343 | unsigned int j; | 341 | unsigned int j; |
344 | struct GNUNET_TIME_Absolute now; | 342 | struct GNUNET_TIME_Absolute now; |
345 | 343 | ||
346 | if (GNUNET_OK != | 344 | if (GNUNET_OK != |
347 | GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof (uint32_t), | 345 | GNUNET_GNSRECORD_records_deserialize(payload_len - sizeof(uint32_t), |
348 | &payload[sizeof (uint32_t)], | 346 | &payload[sizeof(uint32_t)], |
349 | rd_count, | 347 | rd_count, |
350 | rd)) | 348 | rd)) |
351 | { | ||
352 | GNUNET_break_op (0); | ||
353 | return GNUNET_SYSERR; | ||
354 | } | ||
355 | /* hide expired records */ | ||
356 | now = GNUNET_TIME_absolute_get (); | ||
357 | j = 0; | ||
358 | for (unsigned int i=0;i<rd_count;i++) | ||
359 | { | ||
360 | if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) | ||
361 | { | 349 | { |
362 | /* encrypted blocks must never have relative expiration times, skip! */ | 350 | GNUNET_break_op(0); |
363 | GNUNET_break_op (0); | 351 | return GNUNET_SYSERR; |
364 | continue; | ||
365 | } | 352 | } |
366 | 353 | /* hide expired records */ | |
367 | if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) | 354 | now = GNUNET_TIME_absolute_get(); |
355 | j = 0; | ||
356 | for (unsigned int i = 0; i < rd_count; i++) | ||
368 | { | 357 | { |
369 | int include_record = GNUNET_YES; | 358 | if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) |
370 | /* Shadow record, figure out if we have a not expired active record */ | 359 | { |
371 | for (unsigned int k=0;k<rd_count;k++) | 360 | /* encrypted blocks must never have relative expiration times, skip! */ |
372 | { | 361 | GNUNET_break_op(0); |
373 | if (k == i) | ||
374 | continue; | 362 | continue; |
375 | if (rd[i].expiration_time < now.abs_value_us) | 363 | } |
376 | include_record = GNUNET_NO; /* Shadow record is expired */ | 364 | |
377 | if ( (rd[k].record_type == rd[i].record_type) && | 365 | if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) |
378 | (rd[k].expiration_time >= now.abs_value_us) && | ||
379 | (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) ) | ||
380 | { | 366 | { |
381 | include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */ | 367 | int include_record = GNUNET_YES; |
382 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 368 | /* Shadow record, figure out if we have a not expired active record */ |
383 | "Ignoring shadow record\n"); | 369 | for (unsigned int k = 0; k < rd_count; k++) |
384 | break; | 370 | { |
371 | if (k == i) | ||
372 | continue; | ||
373 | if (rd[i].expiration_time < now.abs_value_us) | ||
374 | include_record = GNUNET_NO; /* Shadow record is expired */ | ||
375 | if ((rd[k].record_type == rd[i].record_type) && | ||
376 | (rd[k].expiration_time >= now.abs_value_us) && | ||
377 | (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))) | ||
378 | { | ||
379 | include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */ | ||
380 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | ||
381 | "Ignoring shadow record\n"); | ||
382 | break; | ||
383 | } | ||
384 | } | ||
385 | if (GNUNET_YES == include_record) | ||
386 | { | ||
387 | rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */ | ||
388 | if (j != i) | ||
389 | rd[j] = rd[i]; | ||
390 | j++; | ||
391 | } | ||
392 | } | ||
393 | else if (rd[i].expiration_time >= now.abs_value_us) | ||
394 | { | ||
395 | /* Include this record */ | ||
396 | if (j != i) | ||
397 | rd[j] = rd[i]; | ||
398 | j++; | ||
399 | } | ||
400 | else | ||
401 | { | ||
402 | struct GNUNET_TIME_Absolute at; | ||
403 | |||
404 | at.abs_value_us = rd[i].expiration_time; | ||
405 | GNUNET_log(GNUNET_ERROR_TYPE_INFO, | ||
406 | "Excluding record that expired %s (%llu ago)\n", | ||
407 | GNUNET_STRINGS_absolute_time_to_string(at), | ||
408 | (unsigned long long)rd[i].expiration_time - now.abs_value_us); | ||
385 | } | 409 | } |
386 | } | ||
387 | if (GNUNET_YES == include_record) | ||
388 | { | ||
389 | rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */ | ||
390 | if (j != i) | ||
391 | rd[j] = rd[i]; | ||
392 | j++; | ||
393 | } | ||
394 | } | ||
395 | else if (rd[i].expiration_time >= now.abs_value_us) | ||
396 | { | ||
397 | /* Include this record */ | ||
398 | if (j != i) | ||
399 | rd[j] = rd[i]; | ||
400 | j++; | ||
401 | } | 410 | } |
402 | else | ||
403 | { | ||
404 | struct GNUNET_TIME_Absolute at; | ||
405 | |||
406 | at.abs_value_us = rd[i].expiration_time; | ||
407 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
408 | "Excluding record that expired %s (%llu ago)\n", | ||
409 | GNUNET_STRINGS_absolute_time_to_string (at), | ||
410 | (unsigned long long) rd[i].expiration_time - now.abs_value_us); | ||
411 | } | ||
412 | } | ||
413 | rd_count = j; | 411 | rd_count = j; |
414 | if (NULL != proc) | 412 | if (NULL != proc) |
415 | proc (proc_cls, | 413 | proc(proc_cls, |
416 | rd_count, | 414 | rd_count, |
417 | (0 != rd_count) ? rd : NULL); | 415 | (0 != rd_count) ? rd : NULL); |
418 | } | 416 | } |
419 | } | 417 | } |
420 | return GNUNET_OK; | 418 | return GNUNET_OK; |
@@ -429,17 +427,17 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, | |||
429 | * @param query hash to use for the query | 427 | * @param query hash to use for the query |
430 | */ | 428 | */ |
431 | void | 429 | void |
432 | GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | 430 | GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, |
433 | const char *label, | 431 | const char *label, |
434 | struct GNUNET_HashCode *query) | 432 | struct GNUNET_HashCode *query) |
435 | { | 433 | { |
436 | struct GNUNET_CRYPTO_EcdsaPublicKey pub; | 434 | struct GNUNET_CRYPTO_EcdsaPublicKey pub; |
437 | 435 | ||
438 | GNUNET_CRYPTO_ecdsa_key_get_public (zone, | 436 | GNUNET_CRYPTO_ecdsa_key_get_public(zone, |
439 | &pub); | 437 | &pub); |
440 | GNUNET_GNSRECORD_query_from_public_key (&pub, | 438 | GNUNET_GNSRECORD_query_from_public_key(&pub, |
441 | label, | 439 | label, |
442 | query); | 440 | query); |
443 | } | 441 | } |
444 | 442 | ||
445 | 443 | ||
@@ -451,19 +449,19 @@ GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivate | |||
451 | * @param query hash to use for the query | 449 | * @param query hash to use for the query |
452 | */ | 450 | */ |
453 | void | 451 | void |
454 | GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, | 452 | GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, |
455 | const char *label, | 453 | const char *label, |
456 | struct GNUNET_HashCode *query) | 454 | struct GNUNET_HashCode *query) |
457 | { | 455 | { |
458 | struct GNUNET_CRYPTO_EcdsaPublicKey pd; | 456 | struct GNUNET_CRYPTO_EcdsaPublicKey pd; |
459 | 457 | ||
460 | GNUNET_CRYPTO_ecdsa_public_key_derive (pub, | 458 | GNUNET_CRYPTO_ecdsa_public_key_derive(pub, |
461 | label, | 459 | label, |
462 | "gns", | 460 | "gns", |
463 | &pd); | 461 | &pd); |
464 | GNUNET_CRYPTO_hash (&pd, | 462 | GNUNET_CRYPTO_hash(&pd, |
465 | sizeof (pd), | 463 | sizeof(pd), |
466 | query); | 464 | query); |
467 | } | 465 | } |
468 | 466 | ||
469 | 467 | ||