1 files changed, 241 insertions, 243 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 2785a4a59..6eda1e962 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -11,12 +11,12 @@
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.
-    
     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
     SPDX-License-Identifier: AGPL3.0-or-later
-*/
+ */
 /**
 * @file gnsrecord/gnsrecord_crypto.c
@@ -35,7 +35,7 @@
 #include "gnunet_tun_lib.h"
-#define LOG(kind,...) GNUNET_log_from (kind, "gnsrecord",__VA_ARGS__)
+#define LOG(kind, ...) GNUNET_log_from(kind, "gnsrecord", __VA_ARGS__)
 /**
@@ -47,24 +47,24 @@
 * @param pub public key to use for KDF
 */
 static void
-derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
+derive_block_aes_key(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
-                      struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+                     struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
-                      const char *label,
+                     const char *label,
-                      const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
+                     const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 {
  static const char ctx_key[] = "gns-aes-ctx-key";
  static const char ctx_iv[] = "gns-aes-ctx-iv";
-  GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
+  GNUNET_CRYPTO_kdf(skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
-                     pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
+                    pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
-                     label, strlen (label),
+                    label, strlen(label),
-                     ctx_key, strlen (ctx_key),
+                    ctx_key, strlen(ctx_key),
-                     NULL, 0);
+                    NULL, 0);
-  GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
+  GNUNET_CRYPTO_kdf(iv, sizeof(struct GNUNET_CRYPTO_SymmetricInitializationVector),
-                     pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
+                    pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
-                     label, strlen (label),
+                    label, strlen(label),
-                     ctx_iv, strlen (ctx_iv),
+                    ctx_iv, strlen(ctx_iv),
-                     NULL, 0);
+                    NULL, 0);
 }
@@ -80,15 +80,15 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
 * @return NULL on error (block too large)
 */
 struct GNUNET_GNSRECORD_Block *
-block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
-              const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
+             const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
-              struct GNUNET_TIME_Absolute expire,
+             struct GNUNET_TIME_Absolute expire,
-              const char *label,
+             const char *label,
-              const struct GNUNET_GNSRECORD_Data *rd,
+             const struct GNUNET_GNSRECORD_Data *rd,
-              unsigned int rd_count)
+             unsigned int rd_count)
 {
-  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
+  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size(rd_count,
-                                                           rd);
+                                                          rd);
  struct GNUNET_GNSRECORD_Block *block;
  struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -98,80 +98,80 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
  struct GNUNET_TIME_Absolute now;
  if (payload_len < 0)
-  {
+    {
-    GNUNET_break (0);
+      GNUNET_break(0);
-    return NULL;
+      return NULL;
-  }
+    }
  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
-  {
+    {
-    GNUNET_break (0);
+      GNUNET_break(0);
-    return NULL;
+      return NULL;
-  }
+    }
  /* convert relative to absolute times */
-  now = GNUNET_TIME_absolute_get ();
+  now = GNUNET_TIME_absolute_get();
-  for (unsigned int i=0;i<rd_count;i++)
+  for (unsigned int i = 0; i < rd_count; i++)
-  {
-    rdc[i] = rd[i];
-    if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
    {
-      struct GNUNET_TIME_Relative t;
+      rdc[i] = rd[i];
+      if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
+        {
+          struct GNUNET_TIME_Relative t;
-      /* encrypted blocks must never have relative expiration times, convert! */
+          /* encrypted blocks must never have relative expiration times, convert! */
-      rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+          rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-      t.rel_value_us = rdc[i].expiration_time;
+          t.rel_value_us = rdc[i].expiration_time;
-      rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
+          rdc[i].expiration_time = GNUNET_TIME_absolute_add(now, t).abs_value_us;
+        }
    }
-  }
  /* serialize */
-  rd_count_nbo = htonl (rd_count);
+  rd_count_nbo = htonl(rd_count);
  {
-    char payload[sizeof (uint32_t) + payload_len];
+    char payload[sizeof(uint32_t) + payload_len];
-    GNUNET_memcpy (payload,
+    GNUNET_memcpy(payload,
-                   &rd_count_nbo,
+                  &rd_count_nbo,
-                   sizeof (uint32_t));
+                  sizeof(uint32_t));
-    GNUNET_assert (payload_len ==
+    GNUNET_assert(payload_len ==
-                   GNUNET_GNSRECORD_records_serialize (rd_count,
+                  GNUNET_GNSRECORD_records_serialize(rd_count,
-                                                       rdc,
+                                                     rdc,
-                                                       payload_len,
+                                                     payload_len,
-                                                       &payload[sizeof (uint32_t)]));
+                                                     &payload[sizeof(uint32_t)]));
-    block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +
+    block = GNUNET_malloc(sizeof(struct GNUNET_GNSRECORD_Block) +
-                           sizeof (uint32_t) +
+                          sizeof(uint32_t) +
-                           payload_len);
+                          payload_len);
-    block->purpose.size = htonl (sizeof (uint32_t) +
+    block->purpose.size = htonl(sizeof(uint32_t) +
-                                 payload_len +
+                                payload_len +
-                                 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                                sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
-                                 sizeof (struct GNUNET_TIME_AbsoluteNBO));
+                                sizeof(struct GNUNET_TIME_AbsoluteNBO));
-    block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
+    block->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
-    block->expiration_time = GNUNET_TIME_absolute_hton (expire);
+    block->expiration_time = GNUNET_TIME_absolute_hton(expire);
    /* encrypt and sign */
-    dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
+    dkey = GNUNET_CRYPTO_ecdsa_private_key_derive(key,
-                                                   label,
+                                                  label,
-                                                   "gns");
+                                                  "gns");
-    GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
+    GNUNET_CRYPTO_ecdsa_key_get_public(dkey,
-                                        &block->derived_key);
+                                       &block->derived_key);
-    derive_block_aes_key (&iv,
+    derive_block_aes_key(&iv,
-                          &skey,
+                         &skey,
-                          label,
+                         label,
-                          pkey);
+                         pkey);
-    GNUNET_break (payload_len + sizeof (uint32_t) ==
+    GNUNET_break(payload_len + sizeof(uint32_t) ==
-                  GNUNET_CRYPTO_symmetric_encrypt (payload,
+                 GNUNET_CRYPTO_symmetric_encrypt(payload,
-                                                   payload_len + sizeof (uint32_t),
+                                                 payload_len + sizeof(uint32_t),
-                                                   &skey,
+                                                 &skey,
-                                                   &iv,
+                                                 &iv,
-                                                   &block[1]));
+                                                 &block[1]));
  }
  if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_sign (dkey,
+      GNUNET_CRYPTO_ecdsa_sign(dkey,
-                                &block->purpose,
+                               &block->purpose,
-                                &block->signature))
+                               &block->signature))
-  {
+    {
-    GNUNET_break (0);
+      GNUNET_break(0);
-    GNUNET_free (dkey);
+      GNUNET_free(dkey);
-    GNUNET_free (block);
+      GNUNET_free(block);
-    return NULL;
+      return NULL;
-  }
+    }
-  GNUNET_free (dkey);
+  GNUNET_free(dkey);
  return block;
 }
@@ -187,30 +187,29 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 * @return NULL on error (block too large)
 */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
-                               struct GNUNET_TIME_Absolute expire,
+                              struct GNUNET_TIME_Absolute expire,
-                               const char *label,
+                              const char *label,
-                               const struct GNUNET_GNSRECORD_Data *rd,
+                              const struct GNUNET_GNSRECORD_Data *rd,
-                               unsigned int rd_count)
+                              unsigned int rd_count)
 {
  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
-  GNUNET_CRYPTO_ecdsa_key_get_public (key,
+  GNUNET_CRYPTO_ecdsa_key_get_public(key,
-                                      &pkey);
+                                     &pkey);
-  return block_create (key,
+  return block_create(key,
-                       &pkey,
+                      &pkey,
-                       expire,
+                      expire,
-                       label,
+                      label,
-                       rd,
+                      rd,
-                       rd_count);
+                      rd_count);
 }
 /**
 * Line in cache mapping private keys to public keys.
 */
-struct KeyCacheLine
+struct KeyCacheLine {
-{
  /**
   * A private key.
   */
@@ -220,7 +219,6 @@ struct KeyCacheLine
   * Associated public key.
   */
  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
 };
@@ -237,33 +235,33 @@ struct KeyCacheLine
 * @return NULL on error (block too large)
 */
 struct GNUNET_GNSRECORD_Block *
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
+GNUNET_GNSRECORD_block_create2(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
-                                struct GNUNET_TIME_Absolute expire,
+                               struct GNUNET_TIME_Absolute expire,
-                                const char *label,
+                               const char *label,
-                                const struct GNUNET_GNSRECORD_Data *rd,
+                               const struct GNUNET_GNSRECORD_Data *rd,
-                                unsigned int rd_count)
+                               unsigned int rd_count)
 {
 #define CSIZE 64
  static struct KeyCacheLine cache[CSIZE];
  struct KeyCacheLine *line;
-  line = &cache[(*(unsigned int *) key) % CSIZE];
+  line = &cache[(*(unsigned int *)key) % CSIZE];
-  if (0 != memcmp (&line->key,
+  if (0 != memcmp(&line->key,
-                   key,
+                  key,
-                   sizeof (*key)))
+                  sizeof(*key)))
-  {
+    {
-    /* cache miss, recompute */
+      /* cache miss, recompute */
-    line->key = *key;
+      line->key = *key;
-    GNUNET_CRYPTO_ecdsa_key_get_public (key,
+      GNUNET_CRYPTO_ecdsa_key_get_public(key,
-                                        &line->pkey);
+                                         &line->pkey);
-  }
+    }
 #undef CSIZE
-  return block_create (key,
+  return block_create(key,
-                       &line->pkey,
+                      &line->pkey,
-                       expire,
+                      expire,
-                       label,
+                      label,
-                       rd,
+                      rd,
-                       rd_count);
+                      rd_count);
 }
@@ -276,12 +274,12 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
 * @return #GNUNET_OK if the signature is valid
 */
 int
-GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
+GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block)
 {
-  return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
+  return GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
-                                     &block->purpose,
+                                    &block->purpose,
-                                     &block->signature,
+                                    &block->signature,
-                                     &block->derived_key);
+                                    &block->derived_key);
 }
@@ -297,124 +295,124 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 *        not well-formed
 */
 int
-GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
+GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block,
-                                const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
+                               const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
-                                const char *label,
+                               const char *label,
-                                GNUNET_GNSRECORD_RecordCallback proc,
+                               GNUNET_GNSRECORD_RecordCallback proc,
-                                void *proc_cls)
+                               void *proc_cls)
 {
-  size_t payload_len = ntohl (block->purpose.size) -
+  size_t payload_len = ntohl(block->purpose.size) -
-    sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) -
+                       sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) -
-    sizeof (struct GNUNET_TIME_AbsoluteNBO);
+                       sizeof(struct GNUNET_TIME_AbsoluteNBO);
  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
  struct GNUNET_CRYPTO_SymmetricSessionKey skey;
-  if (ntohl (block->purpose.size) <
+  if (ntohl(block->purpose.size) <
-      sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+      sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
-      sizeof (struct GNUNET_TIME_AbsoluteNBO))
+      sizeof(struct GNUNET_TIME_AbsoluteNBO))
-  {
+    {
-    GNUNET_break_op (0);
+      GNUNET_break_op(0);
-    return GNUNET_SYSERR;
+      return GNUNET_SYSERR;
-  }
+    }
-  derive_block_aes_key (&iv,
+  derive_block_aes_key(&iv,
-                        &skey,
+                       &skey,
-                        label,
+                       label,
-                        zone_key);
+                       zone_key);
  {
    char payload[payload_len];
    uint32_t rd_count;
-    GNUNET_break (payload_len ==
+    GNUNET_break(payload_len ==
-                  GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len,
+                 GNUNET_CRYPTO_symmetric_decrypt(&block[1], payload_len,
-                                                   &skey, &iv,
+                                                 &skey, &iv,
-                                                   payload));
+                                                 payload));
-    GNUNET_memcpy (&rd_count,
+    GNUNET_memcpy(&rd_count,
-                   payload,
+                  payload,
-                   sizeof (uint32_t));
+                  sizeof(uint32_t));
-    rd_count = ntohl (rd_count);
+    rd_count = ntohl(rd_count);
    if (rd_count > 2048)
-    {
+      {
-      /* limit to sane value */
+        /* limit to sane value */
-      GNUNET_break_op (0);
+        GNUNET_break_op(0);
-      return GNUNET_SYSERR;
+        return GNUNET_SYSERR;
-    }
+      }
    {
      struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)];
      unsigned int j;
      struct GNUNET_TIME_Absolute now;
      if (GNUNET_OK !=
-          GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof (uint32_t),
+          GNUNET_GNSRECORD_records_deserialize(payload_len - sizeof(uint32_t),
-                                                &payload[sizeof (uint32_t)],
+                                               &payload[sizeof(uint32_t)],
-                                                rd_count,
+                                               rd_count,
-                                                rd))
+                                               rd))
-      {
-        GNUNET_break_op (0);
-        return GNUNET_SYSERR;
-      }
-      /* hide expired records */
-      now = GNUNET_TIME_absolute_get ();
-      j = 0;
-      for (unsigned int i=0;i<rd_count;i++)
-      {
-        if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
        {
-          /* encrypted blocks must never have relative expiration times, skip! */
+          GNUNET_break_op(0);
-          GNUNET_break_op (0);
+          return GNUNET_SYSERR;
-          continue;
        }
+      /* hide expired records */
-        if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
+      now = GNUNET_TIME_absolute_get();
+      j = 0;
+      for (unsigned int i = 0; i < rd_count; i++)
        {
-          int include_record = GNUNET_YES;
+          if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
-          /* Shadow record, figure out if we have a not expired active record */
+            {
-          for (unsigned int k=0;k<rd_count;k++)
+              /* encrypted blocks must never have relative expiration times, skip! */
-          {
+              GNUNET_break_op(0);
-            if (k == i)
              continue;
-            if (rd[i].expiration_time < now.abs_value_us)
+            }
-              include_record = GNUNET_NO; /* Shadow record is expired */
-            if ( (rd[k].record_type == rd[i].record_type) &&
+          if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
-                 (rd[k].expiration_time >= now.abs_value_us) &&
-                 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) )
            {
-              include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
+              int include_record = GNUNET_YES;
-              GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              /* Shadow record, figure out if we have a not expired active record */
-                          "Ignoring shadow record\n");
+              for (unsigned int k = 0; k < rd_count; k++)
-              break;
+                {
+                  if (k == i)
+                    continue;
+                  if (rd[i].expiration_time < now.abs_value_us)
+                    include_record = GNUNET_NO; /* Shadow record is expired */
+                  if ((rd[k].record_type == rd[i].record_type) &&
+                      (rd[k].expiration_time >= now.abs_value_us) &&
+                      (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)))
+                    {
+                      include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
+                      GNUNET_log(GNUNET_ERROR_TYPE_INFO,
+                                 "Ignoring shadow record\n");
+                      break;
+                    }
+                }
+              if (GNUNET_YES == include_record)
+                {
+                  rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
+                  if (j != i)
+                    rd[j] = rd[i];
+                  j++;
+                }
+            }
+          else if (rd[i].expiration_time >= now.abs_value_us)
+            {
+              /* Include this record */
+              if (j != i)
+                rd[j] = rd[i];
+              j++;
+            }
+          else
+            {
+              struct GNUNET_TIME_Absolute at;
+              at.abs_value_us = rd[i].expiration_time;
+              GNUNET_log(GNUNET_ERROR_TYPE_INFO,
+                         "Excluding record that expired %s (%llu ago)\n",
+                         GNUNET_STRINGS_absolute_time_to_string(at),
+                         (unsigned long long)rd[i].expiration_time - now.abs_value_us);
            }
-          }
-          if (GNUNET_YES == include_record)
-          {
-            rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
-            if (j != i)
-              rd[j] = rd[i];
-            j++;
-          }
-        }
-        else if (rd[i].expiration_time >= now.abs_value_us)
-        {
-          /* Include this record */
-          if (j != i)
-            rd[j] = rd[i];
-          j++;
        }
-        else
-        {
-          struct GNUNET_TIME_Absolute at;
-          at.abs_value_us = rd[i].expiration_time;
-          GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                      "Excluding record that expired %s (%llu ago)\n",
-                      GNUNET_STRINGS_absolute_time_to_string (at),
-                      (unsigned long long) rd[i].expiration_time - now.abs_value_us);
-        }
-      }
      rd_count = j;
      if (NULL != proc)
-        proc (proc_cls,
+        proc(proc_cls,
-              rd_count,
+             rd_count,
-              (0 != rd_count) ? rd : NULL);
+             (0 != rd_count) ? rd : NULL);
    }
  }
  return GNUNET_OK;
@@ -429,17 +427,17 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
 * @param query hash to use for the query
 */
 void
-GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                                         const char *label,
+                                        const char *label,
-                                         struct GNUNET_HashCode *query)
+                                        struct GNUNET_HashCode *query)
 {
  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
-  GNUNET_CRYPTO_ecdsa_key_get_public (zone,
+  GNUNET_CRYPTO_ecdsa_key_get_public(zone,
-                                      &pub);
+                                     &pub);
-  GNUNET_GNSRECORD_query_from_public_key (&pub,
+  GNUNET_GNSRECORD_query_from_public_key(&pub,
-                                          label,
+                                         label,
-                                          query);
+                                         query);
 }
@@ -451,19 +449,19 @@ GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivate
 * @param query hash to use for the query
 */
 void
-GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
+GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
-                                        const char *label,
+                                       const char *label,
-                                        struct GNUNET_HashCode *query)
+                                       struct GNUNET_HashCode *query)
 {
  struct GNUNET_CRYPTO_EcdsaPublicKey pd;
-  GNUNET_CRYPTO_ecdsa_public_key_derive (pub,
+  GNUNET_CRYPTO_ecdsa_public_key_derive(pub,
-                                         label,
+                                        label,
-                                         "gns",
+                                        "gns",
-                                         &pd);
+                                        &pd);
-  GNUNET_CRYPTO_hash (&pd,
+  GNUNET_CRYPTO_hash(&pd,
-                      sizeof (pd),
+                     sizeof(pd),
-                      query);
+                     query);
 }

diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index 2785a4a59..6eda1e962 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -11,12 +11,12 @@
11	WITHOUT ANY WARRANTY; without even the implied warranty of	11	WITHOUT ANY WARRANTY; without even the implied warranty of
12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13	Affero General Public License for more details.	13	Affero General Public License for more details.
14		14
15	You should have received a copy of the GNU Affero General Public License	15	You should have received a copy of the GNU Affero General Public License
16	along with this program. If not, see <http://www.gnu.org/licenses/>.	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
17		17
18	SPDX-License-Identifier: AGPL3.0-or-later	18	SPDX-License-Identifier: AGPL3.0-or-later
19	*/	19	*/
20		20
21	/**	21	/**
22	* @file gnsrecord/gnsrecord_crypto.c	22	* @file gnsrecord/gnsrecord_crypto.c
@@ -35,7 +35,7 @@
35	#include "gnunet_tun_lib.h"	35	#include "gnunet_tun_lib.h"
36		36
37		37
38	#define LOG(kind,...) GNUNET_log_from (kind, "gnsrecord",__VA_ARGS__)	38	#define LOG(kind, ...) GNUNET_log_from(kind, "gnsrecord", __VA_ARGS__)
39		39
40		40
41	/**	41	/**
@@ -47,24 +47,24 @@
47	* @param pub public key to use for KDF	47	* @param pub public key to use for KDF
48	*/	48	*/
49	static void	49	static void
50	derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,	50	derive_block_aes_key(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
51	struct GNUNET_CRYPTO_SymmetricSessionKey *skey,	51	struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
52	const char *label,	52	const char *label,
53	const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)	53	const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
54	{	54	{
55	static const char ctx_key[] = "gns-aes-ctx-key";	55	static const char ctx_key[] = "gns-aes-ctx-key";
56	static const char ctx_iv[] = "gns-aes-ctx-iv";	56	static const char ctx_iv[] = "gns-aes-ctx-iv";
57		57
58	GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),	58	GNUNET_CRYPTO_kdf(skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey),
59	pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),	59	pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
60	label, strlen (label),	60	label, strlen(label),
61	ctx_key, strlen (ctx_key),	61	ctx_key, strlen(ctx_key),
62	NULL, 0);	62	NULL, 0);
63	GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),	63	GNUNET_CRYPTO_kdf(iv, sizeof(struct GNUNET_CRYPTO_SymmetricInitializationVector),
64	pub, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),	64	pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
65	label, strlen (label),	65	label, strlen(label),
66	ctx_iv, strlen (ctx_iv),	66	ctx_iv, strlen(ctx_iv),
67	NULL, 0);	67	NULL, 0);
68	}	68	}
69		69
70		70
@@ -80,15 +80,15 @@ derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
80	* @return NULL on error (block too large)	80	* @return NULL on error (block too large)
81	*/	81	*/
82	struct GNUNET_GNSRECORD_Block *	82	struct GNUNET_GNSRECORD_Block *
83	block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,	83	block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
84	const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,	84	const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
85	struct GNUNET_TIME_Absolute expire,	85	struct GNUNET_TIME_Absolute expire,
86	const char *label,	86	const char *label,
87	const struct GNUNET_GNSRECORD_Data *rd,	87	const struct GNUNET_GNSRECORD_Data *rd,
88	unsigned int rd_count)	88	unsigned int rd_count)
89	{	89	{
90	ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,	90	ssize_t payload_len = GNUNET_GNSRECORD_records_get_size(rd_count,
91	rd);	91	rd);
92	struct GNUNET_GNSRECORD_Block *block;	92	struct GNUNET_GNSRECORD_Block *block;
93	struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;	93	struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
94	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;	94	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -98,80 +98,80 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
98	struct GNUNET_TIME_Absolute now;	98	struct GNUNET_TIME_Absolute now;
99		99
100	if (payload_len < 0)	100	if (payload_len < 0)
101	{	101	{
102	GNUNET_break (0);	102	GNUNET_break(0);
103	return NULL;	103	return NULL;
104	}	104	}
105	if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)	105	if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
106	{	106	{
107	GNUNET_break (0);	107	GNUNET_break(0);
108	return NULL;	108	return NULL;
109	}	109	}
110	/* convert relative to absolute times */	110	/* convert relative to absolute times */
111	now = GNUNET_TIME_absolute_get ();	111	now = GNUNET_TIME_absolute_get();
112	for (unsigned int i=0;i<rd_count;i++)	112	for (unsigned int i = 0; i < rd_count; i++)
113	{
114	rdc[i] = rd[i];
115	if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
116	{	113	{
117	struct GNUNET_TIME_Relative t;	114	rdc[i] = rd[i];
		115	if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
		116	{
		117	struct GNUNET_TIME_Relative t;
118		118
119	/* encrypted blocks must never have relative expiration times, convert! */	119	/* encrypted blocks must never have relative expiration times, convert! */
120	rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;	120	rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
121	t.rel_value_us = rdc[i].expiration_time;	121	t.rel_value_us = rdc[i].expiration_time;
122	rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;	122	rdc[i].expiration_time = GNUNET_TIME_absolute_add(now, t).abs_value_us;
		123	}
123	}	124	}
124	}
125	/* serialize */	125	/* serialize */
126	rd_count_nbo = htonl (rd_count);	126	rd_count_nbo = htonl(rd_count);
127	{	127	{
128	char payload[sizeof (uint32_t) + payload_len];	128	char payload[sizeof(uint32_t) + payload_len];
129		129
130	GNUNET_memcpy (payload,	130	GNUNET_memcpy(payload,
131	&rd_count_nbo,	131	&rd_count_nbo,
132	sizeof (uint32_t));	132	sizeof(uint32_t));
133	GNUNET_assert (payload_len ==	133	GNUNET_assert(payload_len ==
134	GNUNET_GNSRECORD_records_serialize (rd_count,	134	GNUNET_GNSRECORD_records_serialize(rd_count,
135	rdc,	135	rdc,
136	payload_len,	136	payload_len,
137	&payload[sizeof (uint32_t)]));	137	&payload[sizeof(uint32_t)]));
138	block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) +	138	block = GNUNET_malloc(sizeof(struct GNUNET_GNSRECORD_Block) +
139	sizeof (uint32_t) +	139	sizeof(uint32_t) +
140	payload_len);	140	payload_len);
141	block->purpose.size = htonl (sizeof (uint32_t) +	141	block->purpose.size = htonl(sizeof(uint32_t) +
142	payload_len +	142	payload_len +
143	sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +	143	sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
144	sizeof (struct GNUNET_TIME_AbsoluteNBO));	144	sizeof(struct GNUNET_TIME_AbsoluteNBO));
145	block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);	145	block->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
146	block->expiration_time = GNUNET_TIME_absolute_hton (expire);	146	block->expiration_time = GNUNET_TIME_absolute_hton(expire);
147	/* encrypt and sign */	147	/* encrypt and sign */
148	dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,	148	dkey = GNUNET_CRYPTO_ecdsa_private_key_derive(key,
149	label,	149	label,
150	"gns");	150	"gns");
151	GNUNET_CRYPTO_ecdsa_key_get_public (dkey,	151	GNUNET_CRYPTO_ecdsa_key_get_public(dkey,
152	&block->derived_key);	152	&block->derived_key);
153	derive_block_aes_key (&iv,	153	derive_block_aes_key(&iv,
154	&skey,	154	&skey,
155	label,	155	label,
156	pkey);	156	pkey);
157	GNUNET_break (payload_len + sizeof (uint32_t) ==	157	GNUNET_break(payload_len + sizeof(uint32_t) ==
158	GNUNET_CRYPTO_symmetric_encrypt (payload,	158	GNUNET_CRYPTO_symmetric_encrypt(payload,
159	payload_len + sizeof (uint32_t),	159	payload_len + sizeof(uint32_t),
160	&skey,	160	&skey,
161	&iv,	161	&iv,
162	&block[1]));	162	&block[1]));
163	}	163	}
164	if (GNUNET_OK !=	164	if (GNUNET_OK !=
165	GNUNET_CRYPTO_ecdsa_sign (dkey,	165	GNUNET_CRYPTO_ecdsa_sign(dkey,
166	&block->purpose,	166	&block->purpose,
167	&block->signature))	167	&block->signature))
168	{	168	{
169	GNUNET_break (0);	169	GNUNET_break(0);
170	GNUNET_free (dkey);	170	GNUNET_free(dkey);
171	GNUNET_free (block);	171	GNUNET_free(block);
172	return NULL;	172	return NULL;
173	}	173	}
174	GNUNET_free (dkey);	174	GNUNET_free(dkey);
175	return block;	175	return block;
176	}	176	}
177		177
@@ -187,30 +187,29 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
187	* @return NULL on error (block too large)	187	* @return NULL on error (block too large)
188	*/	188	*/
189	struct GNUNET_GNSRECORD_Block *	189	struct GNUNET_GNSRECORD_Block *
190	GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,	190	GNUNET_GNSRECORD_block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
191	struct GNUNET_TIME_Absolute expire,	191	struct GNUNET_TIME_Absolute expire,
192	const char *label,	192	const char *label,
193	const struct GNUNET_GNSRECORD_Data *rd,	193	const struct GNUNET_GNSRECORD_Data *rd,
194	unsigned int rd_count)	194	unsigned int rd_count)
195	{	195	{
196	struct GNUNET_CRYPTO_EcdsaPublicKey pkey;	196	struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
197		197
198	GNUNET_CRYPTO_ecdsa_key_get_public (key,	198	GNUNET_CRYPTO_ecdsa_key_get_public(key,
199	&pkey);	199	&pkey);
200	return block_create (key,	200	return block_create(key,
201	&pkey,	201	&pkey,
202	expire,	202	expire,
203	label,	203	label,
204	rd,	204	rd,
205	rd_count);	205	rd_count);
206	}	206	}
207		207
208		208
209	/**	209	/**
210	* Line in cache mapping private keys to public keys.	210	* Line in cache mapping private keys to public keys.
211	*/	211	*/
212	struct KeyCacheLine	212	struct KeyCacheLine {
213	{
214	/**	213	/**
215	* A private key.	214	* A private key.
216	*/	215	*/
@@ -220,7 +219,6 @@ struct KeyCacheLine
220	* Associated public key.	219	* Associated public key.
221	*/	220	*/
222	struct GNUNET_CRYPTO_EcdsaPublicKey pkey;	221	struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
223
224	};	222	};
225		223
226		224
@@ -237,33 +235,33 @@ struct KeyCacheLine
237	* @return NULL on error (block too large)	235	* @return NULL on error (block too large)
238	*/	236	*/
239	struct GNUNET_GNSRECORD_Block *	237	struct GNUNET_GNSRECORD_Block *
240	GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,	238	GNUNET_GNSRECORD_block_create2(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
241	struct GNUNET_TIME_Absolute expire,	239	struct GNUNET_TIME_Absolute expire,
242	const char *label,	240	const char *label,
243	const struct GNUNET_GNSRECORD_Data *rd,	241	const struct GNUNET_GNSRECORD_Data *rd,
244	unsigned int rd_count)	242	unsigned int rd_count)
245	{	243	{
246	#define CSIZE 64	244	#define CSIZE 64
247	static struct KeyCacheLine cache[CSIZE];	245	static struct KeyCacheLine cache[CSIZE];
248	struct KeyCacheLine *line;	246	struct KeyCacheLine *line;
249		247
250	line = &cache[((unsigned int ) key) % CSIZE];	248	line = &cache[((unsigned int )key) % CSIZE];
251	if (0 != memcmp (&line->key,	249	if (0 != memcmp(&line->key,
252	key,	250	key,
253	sizeof (*key)))	251	sizeof(*key)))
254	{	252	{
255	/* cache miss, recompute */	253	/* cache miss, recompute */
256	line->key = *key;	254	line->key = *key;
257	GNUNET_CRYPTO_ecdsa_key_get_public (key,	255	GNUNET_CRYPTO_ecdsa_key_get_public(key,
258	&line->pkey);	256	&line->pkey);
259	}	257	}
260	#undef CSIZE	258	#undef CSIZE
261	return block_create (key,	259	return block_create(key,
262	&line->pkey,	260	&line->pkey,
263	expire,	261	expire,
264	label,	262	label,
265	rd,	263	rd,
266	rd_count);	264	rd_count);
267	}	265	}
268		266
269		267
@@ -276,12 +274,12 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
276	* @return #GNUNET_OK if the signature is valid	274	* @return #GNUNET_OK if the signature is valid
277	*/	275	*/
278	int	276	int
279	GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)	277	GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block)
280	{	278	{
281	return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,	279	return GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
282	&block->purpose,	280	&block->purpose,
283	&block->signature,	281	&block->signature,
284	&block->derived_key);	282	&block->derived_key);
285	}	283	}
286		284
287		285
@@ -297,124 +295,124 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
297	* not well-formed	295	* not well-formed
298	*/	296	*/
299	int	297	int
300	GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,	298	GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block,
301	const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key,	299	const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
302	const char *label,	300	const char *label,
303	GNUNET_GNSRECORD_RecordCallback proc,	301	GNUNET_GNSRECORD_RecordCallback proc,
304	void *proc_cls)	302	void *proc_cls)
305	{	303	{
306	size_t payload_len = ntohl (block->purpose.size) -	304	size_t payload_len = ntohl(block->purpose.size) -
307	sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) -	305	sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) -
308	sizeof (struct GNUNET_TIME_AbsoluteNBO);	306	sizeof(struct GNUNET_TIME_AbsoluteNBO);
309	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;	307	struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
310	struct GNUNET_CRYPTO_SymmetricSessionKey skey;	308	struct GNUNET_CRYPTO_SymmetricSessionKey skey;
311		309
312	if (ntohl (block->purpose.size) <	310	if (ntohl(block->purpose.size) <
313	sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +	311	sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) +
314	sizeof (struct GNUNET_TIME_AbsoluteNBO))	312	sizeof(struct GNUNET_TIME_AbsoluteNBO))
315	{	313	{
316	GNUNET_break_op (0);	314	GNUNET_break_op(0);
317	return GNUNET_SYSERR;	315	return GNUNET_SYSERR;
318	}	316	}
319	derive_block_aes_key (&iv,	317	derive_block_aes_key(&iv,
320	&skey,	318	&skey,
321	label,	319	label,
322	zone_key);	320	zone_key);
323	{	321	{
324	char payload[payload_len];	322	char payload[payload_len];
325	uint32_t rd_count;	323	uint32_t rd_count;
326		324
327	GNUNET_break (payload_len ==	325	GNUNET_break(payload_len ==
328	GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len,	326	GNUNET_CRYPTO_symmetric_decrypt(&block[1], payload_len,
329	&skey, &iv,	327	&skey, &iv,
330	payload));	328	payload));
331	GNUNET_memcpy (&rd_count,	329	GNUNET_memcpy(&rd_count,
332	payload,	330	payload,
333	sizeof (uint32_t));	331	sizeof(uint32_t));
334	rd_count = ntohl (rd_count);	332	rd_count = ntohl(rd_count);
335	if (rd_count > 2048)	333	if (rd_count > 2048)
336	{	334	{
337	/* limit to sane value */	335	/* limit to sane value */
338	GNUNET_break_op (0);	336	GNUNET_break_op(0);
339	return GNUNET_SYSERR;	337	return GNUNET_SYSERR;
340	}	338	}
341	{	339	{
342	struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)];	340	struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)];
343	unsigned int j;	341	unsigned int j;
344	struct GNUNET_TIME_Absolute now;	342	struct GNUNET_TIME_Absolute now;
345		343
346	if (GNUNET_OK !=	344	if (GNUNET_OK !=
347	GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof (uint32_t),	345	GNUNET_GNSRECORD_records_deserialize(payload_len - sizeof(uint32_t),
348	&payload[sizeof (uint32_t)],	346	&payload[sizeof(uint32_t)],
349	rd_count,	347	rd_count,
350	rd))	348	rd))
351	{
352	GNUNET_break_op (0);
353	return GNUNET_SYSERR;
354	}
355	/* hide expired records */
356	now = GNUNET_TIME_absolute_get ();
357	j = 0;
358	for (unsigned int i=0;i<rd_count;i++)
359	{
360	if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
361	{	349	{
362	/* encrypted blocks must never have relative expiration times, skip! */	350	GNUNET_break_op(0);
363	GNUNET_break_op (0);	351	return GNUNET_SYSERR;
364	continue;
365	}	352	}
366		353	/* hide expired records */
367	if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))	354	now = GNUNET_TIME_absolute_get();
		355	j = 0;
		356	for (unsigned int i = 0; i < rd_count; i++)
368	{	357	{
369	int include_record = GNUNET_YES;	358	if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
370	/* Shadow record, figure out if we have a not expired active record */	359	{
371	for (unsigned int k=0;k<rd_count;k++)	360	/* encrypted blocks must never have relative expiration times, skip! */
372	{	361	GNUNET_break_op(0);
373	if (k == i)
374	continue;	362	continue;
375	if (rd[i].expiration_time < now.abs_value_us)	363	}
376	include_record = GNUNET_NO; /* Shadow record is expired */	364
377	if ( (rd[k].record_type == rd[i].record_type) &&	365	if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
378	(rd[k].expiration_time >= now.abs_value_us) &&
379	(0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) )
380	{	366	{
381	include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */	367	int include_record = GNUNET_YES;
382	GNUNET_log (GNUNET_ERROR_TYPE_INFO,	368	/* Shadow record, figure out if we have a not expired active record */
383	"Ignoring shadow record\n");	369	for (unsigned int k = 0; k < rd_count; k++)
384	break;	370	{
		371	if (k == i)
		372	continue;
		373	if (rd[i].expiration_time < now.abs_value_us)
		374	include_record = GNUNET_NO; /* Shadow record is expired */
		375	if ((rd[k].record_type == rd[i].record_type) &&
		376	(rd[k].expiration_time >= now.abs_value_us) &&
		377	(0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)))
		378	{
		379	include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
		380	GNUNET_log(GNUNET_ERROR_TYPE_INFO,
		381	"Ignoring shadow record\n");
		382	break;
		383	}
		384	}
		385	if (GNUNET_YES == include_record)
		386	{
		387	rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
		388	if (j != i)
		389	rd[j] = rd[i];
		390	j++;
		391	}
		392	}
		393	else if (rd[i].expiration_time >= now.abs_value_us)
		394	{
		395	/* Include this record */
		396	if (j != i)
		397	rd[j] = rd[i];
		398	j++;
		399	}
		400	else
		401	{
		402	struct GNUNET_TIME_Absolute at;
		403
		404	at.abs_value_us = rd[i].expiration_time;
		405	GNUNET_log(GNUNET_ERROR_TYPE_INFO,
		406	"Excluding record that expired %s (%llu ago)\n",
		407	GNUNET_STRINGS_absolute_time_to_string(at),
		408	(unsigned long long)rd[i].expiration_time - now.abs_value_us);
385	}	409	}
386	}
387	if (GNUNET_YES == include_record)
388	{
389	rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
390	if (j != i)
391	rd[j] = rd[i];
392	j++;
393	}
394	}
395	else if (rd[i].expiration_time >= now.abs_value_us)
396	{
397	/* Include this record */
398	if (j != i)
399	rd[j] = rd[i];
400	j++;
401	}	410	}
402	else
403	{
404	struct GNUNET_TIME_Absolute at;
405
406	at.abs_value_us = rd[i].expiration_time;
407	GNUNET_log (GNUNET_ERROR_TYPE_INFO,
408	"Excluding record that expired %s (%llu ago)\n",
409	GNUNET_STRINGS_absolute_time_to_string (at),
410	(unsigned long long) rd[i].expiration_time - now.abs_value_us);
411	}
412	}
413	rd_count = j;	411	rd_count = j;
414	if (NULL != proc)	412	if (NULL != proc)
415	proc (proc_cls,	413	proc(proc_cls,
416	rd_count,	414	rd_count,
417	(0 != rd_count) ? rd : NULL);	415	(0 != rd_count) ? rd : NULL);
418	}	416	}
419	}	417	}
420	return GNUNET_OK;	418	return GNUNET_OK;
@@ -429,17 +427,17 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
429	* @param query hash to use for the query	427	* @param query hash to use for the query
430	*/	428	*/
431	void	429	void
432	GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,	430	GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
433	const char *label,	431	const char *label,
434	struct GNUNET_HashCode *query)	432	struct GNUNET_HashCode *query)
435	{	433	{
436	struct GNUNET_CRYPTO_EcdsaPublicKey pub;	434	struct GNUNET_CRYPTO_EcdsaPublicKey pub;
437		435
438	GNUNET_CRYPTO_ecdsa_key_get_public (zone,	436	GNUNET_CRYPTO_ecdsa_key_get_public(zone,
439	&pub);	437	&pub);
440	GNUNET_GNSRECORD_query_from_public_key (&pub,	438	GNUNET_GNSRECORD_query_from_public_key(&pub,
441	label,	439	label,
442	query);	440	query);
443	}	441	}
444		442
445		443
@@ -451,19 +449,19 @@ GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_EcdsaPrivate
451	* @param query hash to use for the query	449	* @param query hash to use for the query
452	*/	450	*/
453	void	451	void
454	GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,	452	GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
455	const char *label,	453	const char *label,
456	struct GNUNET_HashCode *query)	454	struct GNUNET_HashCode *query)
457	{	455	{
458	struct GNUNET_CRYPTO_EcdsaPublicKey pd;	456	struct GNUNET_CRYPTO_EcdsaPublicKey pd;
459		457
460	GNUNET_CRYPTO_ecdsa_public_key_derive (pub,	458	GNUNET_CRYPTO_ecdsa_public_key_derive(pub,
461	label,	459	label,
462	"gns",	460	"gns",
463	&pd);	461	&pd);
464	GNUNET_CRYPTO_hash (&pd,	462	GNUNET_CRYPTO_hash(&pd,
465	sizeof (pd),	463	sizeof(pd),
466	query);	464	query);
467	}	465	}
468		466
469		467