From 11ae9f030e13d07c505a4d5477d592ddb4b3acf6 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 8 Apr 2020 16:56:33 +0200 Subject: fix sign api for to address #6164 --- src/transport/gnunet-communicator-tcp.c | 31 +++++---- src/transport/gnunet-communicator-udp.c | 16 ++--- src/transport/gnunet-service-tng.c | 74 ++++++++++++---------- .../gnunet-service-transport_neighbours.c | 8 +-- .../gnunet-service-transport_validation.c | 7 +- 5 files changed, 70 insertions(+), 66 deletions(-) (limited to 'src/transport') diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c index 045a57d0f..2786ba184 100644 --- a/src/transport/gnunet-communicator-tcp.c +++ b/src/transport/gnunet-communicator-tcp.c @@ -880,7 +880,7 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey) /* FIXME: check monotonic time is monotonic... */ if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY, - &thp.purpose, + &thp, &rekey->sender_sig, &queue->target.public_key)) { @@ -1063,8 +1063,7 @@ queue_read (void *cls) However, we have to take into account that the plaintext buffer may have already contained data and not jumpt too far ahead in the ciphertext. If there is no rekey and the last message is incomplete (max > total), - it is safe to keep the decryption so we shift by 'max' */ - if (GNUNET_YES == queue->rekeyed) + it is safe to keep the decryption so we shift by 'max' */if (GNUNET_YES == queue->rekeyed) { max = total - old_pread_off; queue->rekeyed = GNUNET_NO; @@ -1284,9 +1283,9 @@ inject_rekey (struct Queue *queue) thp.receiver = queue->target; thp.ephemeral = rekey.ephemeral; thp.monotonic_time = rekey.monotonic_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &thp.purpose, - &rekey.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &thp, + &rekey.sender_sig); calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac); /* Encrypt rekey message with 'old' cipher */ GNUNET_assert (0 == @@ -1586,9 +1585,9 @@ transmit_kx (struct Queue *queue, ths.receiver = queue->target; ths.ephemeral = *epub; ths.monotonic_time = tc.monotonic_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &ths.purpose, - &tc.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &ths, + &tc.sender_sig); GNUNET_assert (0 == gcry_cipher_encrypt (queue->out_cipher, &queue->cwrite_buf[queue->cwrite_off], @@ -1654,7 +1653,7 @@ decrypt_and_check_tc (struct Queue *queue, from this sender! */ return GNUNET_CRYPTO_eddsa_verify ( GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE, - &ths.purpose, + &ths, &tc->sender_sig, &tc->sender.public_key); } @@ -1953,7 +1952,7 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address) queue->address_len = in_len; queue->sock = sock; boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND); - //queue->mq_awaits_continue = GNUNET_YES; + // queue->mq_awaits_continue = GNUNET_YES; queue->read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, queue->sock, @@ -2155,9 +2154,9 @@ run (void *cls, max_queue_length = DEFAULT_MAX_QUEUE_LENGTH; if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - COMMUNICATOR_CONFIG_SECTION, - "REKEY_INTERVAL", - &rekey_interval)) + COMMUNICATOR_CONFIG_SECTION, + "REKEY_INTERVAL", + &rekey_interval)) rekey_interval = DEFAULT_REKEY_INTERVAL; in = tcp_address_to_sockaddr (bindto, &in_len); @@ -2286,8 +2285,8 @@ main (int argc, char *const *argv) options, &run, NULL)) - ? 0 - : 1; + ? 0 + : 1; GNUNET_free ((void *) argv); return ret; } diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index d767689b9..1542a7702 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c @@ -1533,7 +1533,7 @@ verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral, uhs.monotonic_time = uc->monotonic_time; return GNUNET_CRYPTO_eddsa_verify ( GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE, - &uhs.purpose, + &uhs, &uc->sender_sig, &uc->sender.public_key); } @@ -1634,7 +1634,7 @@ sock_read (void *cls) GNUNET_CRYPTO_hash (&sa, salen, &uhs.h_address); if (GNUNET_OK == GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST, - &uhs.purpose, + &uhs, &ub->sender_sig, &ub->sender.public_key)) { @@ -1932,9 +1932,9 @@ mq_send (struct GNUNET_MQ_Handle *mq, uhs.receiver = receiver->target; GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral); uhs.monotonic_time = uc.monotonic_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &uhs.purpose, - &uc.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &uhs, + &uc.sender_sig); /* Leave space for kx */ dpos = sizeof(kx); /* Append encrypted uc to dgram */ @@ -2534,9 +2534,9 @@ iface_proc (void *cls, ubs.purpose.size = htonl (sizeof(ubs)); ubs.sender = my_identity; GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address); - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &ubs.purpose, - &bi->bcm.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &ubs, + &bi->bcm.sender_sig); if (NULL != broadcast_addr) { bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi); diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index 8d68d90a6..75763fd9d 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c @@ -4137,9 +4137,9 @@ update_ephemeral (struct DistanceVector *dv) ec.purpose.size = htonl (sizeof(ec)); ec.target = dv->target; ec.ephemeral_key = dv->ephemeral_key; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &ec.purpose, - &dv->sender_sig)); + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &ec, + &dv->sender_sig); } @@ -6391,17 +6391,17 @@ forward_dv_learn (const struct GNUNET_PeerIdentity *next_hop, GNUNET_memcpy (dhops, hops, sizeof(struct DVPathEntryP) * nhops); dhops[nhops].hop = GST_my_identity; { - struct DvHopPS dhp = { .purpose.purpose = - htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP), - .purpose.size = htonl (sizeof(dhp)), - .pred = dhops[nhops - 1].hop, - .succ = *next_hop, - .challenge = msg->challenge }; + struct DvHopPS dhp = { + .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP), + .purpose.size = htonl (sizeof(dhp)), + .pred = dhops[nhops - 1].hop, + .succ = *next_hop, + .challenge = msg->challenge + }; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &dhp.purpose, - &dhops[nhops].hop_sig)); + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &dhp, + &dhops[nhops].hop_sig); } route_control_message_without_fc (next_hop, &fwd->header, @@ -6434,7 +6434,7 @@ validate_dv_initiator_signature ( if ( GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR, - &ip.purpose, + &ip, init_sig, &init->public_key)) { @@ -6770,7 +6770,7 @@ handle_dv_learn (void *cls, const struct TransportDVLearnMessage *dvl) if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP, - &dhp.purpose, + &dhp, &hops[i].hop_sig, &hops[i].hop.public_key)) { @@ -7422,7 +7422,7 @@ handle_dv_box (void *cls, const struct TransportDVBoxMessage *dvb) GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL, - &ec.purpose, + &ec, &ppay.sender_sig, &ppay.sender.public_key)) { @@ -7728,15 +7728,16 @@ handle_validation_challenge ( tvr.validity_duration = validity_duration; { /* create signature */ - struct TransportValidationPS tvp = - { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), + struct TransportValidationPS tvp = { + .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), .purpose.size = htonl (sizeof(tvp)), .validity_duration = validity_duration, - .challenge = tvc->challenge }; + .challenge = tvc->challenge + }; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &tvp.purpose, - &tvr.signature)); + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &tvp, + &tvr.signature); } route_control_message_without_fc (&cmc->im.sender, &tvr.header, @@ -7921,16 +7922,17 @@ handle_validation_response ( { /* check signature */ - struct TransportValidationPS tvp = - { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), + struct TransportValidationPS tvp = { + .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), .purpose.size = htonl (sizeof(tvp)), .validity_duration = tvr->validity_duration, - .challenge = tvr->challenge }; + .challenge = tvr->challenge + }; if ( GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE, - &tvp.purpose, + &tvp, &tvr->signature, &cmc->im.sender.public_key)) { @@ -9393,15 +9395,17 @@ start_dv_learn (void *cls) dvl.monotonic_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg)); { - struct DvInitPS dvip = { .purpose.purpose = htonl ( - GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR), - .purpose.size = htonl (sizeof(dvip)), - .monotonic_time = dvl.monotonic_time, - .challenge = lle->challenge }; - - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &dvip.purpose, - &dvl.init_sig)); + struct DvInitPS dvip = { + .purpose.purpose = htonl ( + GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR), + .purpose.size = htonl (sizeof(dvip)), + .monotonic_time = dvl.monotonic_time, + .challenge = lle->challenge + }; + + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &dvip, + &dvl.init_sig); } dvl.initiator = GST_my_identity; dvl.challenge = lle->challenge; diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index 9c6cebc24..ec64ca607 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c @@ -1045,9 +1045,9 @@ send_disconnect (struct NeighbourMapEntry *n) GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); disconnect_msg.public_key = GST_my_identity.public_key; GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &disconnect_msg.purpose, - &disconnect_msg.signature)); + GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key, + &disconnect_msg.purpose, + &disconnect_msg.signature)); (void) send_with_session (n, &disconnect_msg, @@ -3763,7 +3763,7 @@ GST_neighbours_handle_disconnect_message (const struct return; } if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( + GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT, &sdm->purpose, &sdm->signature, diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 631b0a8f8..610c45a21 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c @@ -1271,8 +1271,9 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, &pong->purpose, - sig_cache)) + GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key, + &pong->purpose, + sig_cache)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Failed to create PONG signature for peer `%s'\n"), @@ -1559,7 +1560,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, if (GNUNET_YES == do_verify) { /* Do expensive verification */ - sig_res = GNUNET_CRYPTO_eddsa_verify ( + sig_res = GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, &pong->purpose, &pong->signature, -- cgit v1.2.3