diff options
Diffstat (limited to 'src/transport/gnunet-service-transport_validation.c')
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 70 |
1 files changed, 22 insertions, 48 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 4f0848c87..d7e466523 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -26,6 +26,7 @@ | |||
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet-service-transport_validation.h" | 27 | #include "gnunet-service-transport_validation.h" |
28 | #include "gnunet-service-transport_plugins.h" | 28 | #include "gnunet-service-transport_plugins.h" |
29 | #include "gnunet-service-transport_hello.h" | ||
29 | #include "gnunet-service-transport.h" | 30 | #include "gnunet-service-transport.h" |
30 | #include "gnunet_hello_lib.h" | 31 | #include "gnunet_hello_lib.h" |
31 | #include "gnunet_peerinfo_service.h" | 32 | #include "gnunet_peerinfo_service.h" |
@@ -540,6 +541,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
540 | const struct TransportPingMessage *ping; | 541 | const struct TransportPingMessage *ping; |
541 | struct TransportPongMessage *pong; | 542 | struct TransportPongMessage *pong; |
542 | struct GNUNET_TRANSPORT_PluginFunctions *papi; | 543 | struct GNUNET_TRANSPORT_PluginFunctions *papi; |
544 | struct SessionHeader *session_header; | ||
543 | const char *addr; | 545 | const char *addr; |
544 | const char *addrend; | 546 | const char *addrend; |
545 | size_t alen; | 547 | size_t alen; |
@@ -590,13 +592,14 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
590 | /* peer wants to confirm that we have an outbound connection to him; | 592 | /* peer wants to confirm that we have an outbound connection to him; |
591 | we handle this case here even though it has nothing to do with | 593 | we handle this case here even though it has nothing to do with |
592 | address validation (!) */ | 594 | address validation (!) */ |
593 | if (sender_address == NULL) | 595 | if ( (sender_address == NULL) || (session == NULL) ) |
594 | { | 596 | { |
595 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 597 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
596 | _("Refusing to create PONG since I do initiate the session with `%s'.\n"), | 598 | _("Refusing to create PONG since I do initiate the session with `%s'.\n"), |
597 | GNUNET_i2s (sender)); | 599 | GNUNET_i2s (sender)); |
598 | return; | 600 | return; |
599 | } | 601 | } |
602 | session_header = (struct SessionHeader *)session; | ||
600 | #if DEBUG_TRANSPORT | 603 | #if DEBUG_TRANSPORT |
601 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 604 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
602 | "Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n", | 605 | "Creating PONG indicating that we initiated a connection to peer `%s' using address `%s' \n", |
@@ -624,8 +627,6 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
624 | memcpy (&((char*)&pong[1])[slen], | 627 | memcpy (&((char*)&pong[1])[slen], |
625 | sender_address, | 628 | sender_address, |
626 | sender_address_len); | 629 | sender_address_len); |
627 | #if 0 | ||
628 | /* FIXME: lookup signature! */ | ||
629 | if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value < | 630 | if (GNUNET_TIME_absolute_get_remaining (session_header->pong_sig_expires).rel_value < |
630 | PONG_SIGNATURE_LIFETIME.rel_value / 4) | 631 | PONG_SIGNATURE_LIFETIME.rel_value / 4) |
631 | { | 632 | { |
@@ -637,7 +638,7 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
637 | session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | 638 | session_header->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); |
638 | pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires); | 639 | pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires); |
639 | GNUNET_assert (GNUNET_OK == | 640 | GNUNET_assert (GNUNET_OK == |
640 | GNUNET_CRYPTO_rsa_sign (my_private_key, | 641 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, |
641 | &pong->purpose, | 642 | &pong->purpose, |
642 | &session_header->pong_signature)); | 643 | &session_header->pong_signature)); |
643 | } | 644 | } |
@@ -645,21 +646,15 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
645 | { | 646 | { |
646 | pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires); | 647 | pong->expiration = GNUNET_TIME_absolute_hton (session_header->pong_sig_expires); |
647 | } | 648 | } |
648 | memcpy (&pong->signature, | 649 | pong->signature = session_header->pong_signature; |
649 | &session_header->pong_signature, | ||
650 | sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
651 | #else | ||
652 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); | ||
653 | GNUNET_assert (GNUNET_OK == | ||
654 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, | ||
655 | &pong->purpose, | ||
656 | &pong->signature)); | ||
657 | #endif | ||
658 | } | 650 | } |
659 | else | 651 | else |
660 | { | 652 | { |
661 | /* peer wants to confirm that this is one of our addresses, this is what is | 653 | /* peer wants to confirm that this is one of our addresses, this is what is |
662 | used for address validation */ | 654 | used for address validation */ |
655 | struct GNUNET_CRYPTO_RsaSignature *sig_cache; | ||
656 | struct GNUNET_TIME_Absolute *sig_cache_exp; | ||
657 | |||
663 | addrend = memchr (addr, '\0', alen); | 658 | addrend = memchr (addr, '\0', alen); |
664 | if (NULL == addrend) | 659 | if (NULL == addrend) |
665 | { | 660 | { |
@@ -669,13 +664,13 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
669 | addrend++; | 664 | addrend++; |
670 | slen = strlen(addr); | 665 | slen = strlen(addr); |
671 | alen -= slen; | 666 | alen -= slen; |
672 | papi = GST_plugins_find (addr); | 667 | |
673 | 668 | if (GNUNET_YES != | |
674 | if ( (NULL == papi) || | 669 | GST_hello_test_address (addr, |
675 | (GNUNET_OK != | 670 | addrend, |
676 | papi->check_address (papi->cls, | 671 | alen, |
677 | addrend, | 672 | &sig_cache, |
678 | alen)) ) | 673 | &sig_cache_exp)) |
679 | { | 674 | { |
680 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 675 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
681 | _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), | 676 | _("Not confirming PING with address `%s' since I cannot confirm having this address.\n"), |
@@ -699,46 +694,25 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, | |||
699 | pong->pid = GST_my_identity; | 694 | pong->pid = GST_my_identity; |
700 | memcpy (&pong[1], addr, slen); | 695 | memcpy (&pong[1], addr, slen); |
701 | memcpy (&((char*)&pong[1])[slen], addrend, alen); | 696 | memcpy (&((char*)&pong[1])[slen], addrend, alen); |
702 | #if 0 | 697 | if (GNUNET_TIME_absolute_get_remaining (*sig_cache_exp).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4) |
703 | if ( (oal != NULL) && | ||
704 | (GNUNET_TIME_absolute_get_remaining (oal->pong_sig_expires).rel_value < PONG_SIGNATURE_LIFETIME.rel_value / 4) ) | ||
705 | { | 698 | { |
706 | /* create / update cached sig */ | 699 | /* create / update cached sig */ |
707 | #if DEBUG_TRANSPORT | 700 | #if DEBUG_TRANSPORT |
708 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 701 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
709 | "Creating PONG signature to indicate ownership.\n"); | 702 | "Creating PONG signature to indicate ownership.\n"); |
710 | #endif | 703 | #endif |
711 | oal->pong_sig_expires = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); | 704 | *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); |
712 | pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires); | 705 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
713 | GNUNET_assert (GNUNET_OK == | ||
714 | GNUNET_CRYPTO_rsa_sign (my_private_key, | ||
715 | &pong->purpose, | ||
716 | &oal->pong_signature)); | ||
717 | memcpy (&pong->signature, | ||
718 | &oal->pong_signature, | ||
719 | sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
720 | } | ||
721 | else if (oal == NULL) | ||
722 | { | ||
723 | #else | ||
724 | /* not using cache (typically DV-only) */ | ||
725 | pong->expiration = GNUNET_TIME_absolute_hton (GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME)); | ||
726 | GNUNET_assert (GNUNET_OK == | 706 | GNUNET_assert (GNUNET_OK == |
727 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, | 707 | GNUNET_CRYPTO_rsa_sign (GST_my_private_key, |
728 | &pong->purpose, | 708 | &pong->purpose, |
729 | &pong->signature)); | 709 | sig_cache)); |
730 | #endif | ||
731 | #if 0 | ||
732 | } | 710 | } |
733 | else | 711 | else |
734 | { | 712 | { |
735 | /* can used cached version */ | 713 | pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); |
736 | pong->expiration = GNUNET_TIME_absolute_hton (oal->pong_sig_expires); | ||
737 | memcpy (&pong->signature, | ||
738 | &oal->pong_signature, | ||
739 | sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
740 | } | 714 | } |
741 | #endif | 715 | pong->signature = *sig_cache; |
742 | } | 716 | } |
743 | 717 | ||
744 | /* first see if the session we got this PING from can be used to transmit | 718 | /* first see if the session we got this PING from can be used to transmit |