[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: -DHT: implement path signing (but signat
From: |
gnunet |
Subject: |
[gnunet] branch master updated: -DHT: implement path signing (but signatures are not yet being verified) |
Date: |
Sun, 09 Jan 2022 18:12:03 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new a327860b1 -DHT: implement path signing (but signatures are not yet
being verified)
a327860b1 is described below
commit a327860b118e10e170a9721ea36ba5eeccf2bb8e
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Jan 9 18:11:58 2022 +0100
-DHT: implement path signing (but signatures are not yet being verified)
---
src/core/gnunet-service-core.c | 16 +++----
src/core/gnunet-service-core_kx.c | 7 +--
src/dht/gnunet-service-dht_neighbours.c | 85 +++++++++++++++++++++++++++++++--
3 files changed, 92 insertions(+), 16 deletions(-)
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c
index 8f53072d9..c9c3e3ff5 100644
--- a/src/core/gnunet-service-core.c
+++ b/src/core/gnunet-service-core.c
@@ -271,9 +271,9 @@ GSC_CLIENTS_solicit_request (struct GSC_ClientActiveRequest
*car)
GNUNET_CONTAINER_multipeermap_contains (c->connectmap, &car->target))
{
/* connection has gone down since, drop request */
- GNUNET_assert (0 != memcmp (&car->target,
- &GSC_my_identity,
- sizeof(struct GNUNET_PeerIdentity)));
+ GNUNET_assert (0 !=
+ GNUNET_memcmp (&car->target,
+ &GSC_my_identity));
GSC_SESSIONS_dequeue_request (car);
GSC_CLIENTS_reject_request (car, GNUNET_NO);
return;
@@ -314,9 +314,8 @@ handle_client_send_request (void *cls, const struct
SendMessageRequest *req)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Client asked for transmission to `%s'\n",
GNUNET_i2s (&req->peer));
- is_loopback = (0 == memcmp (&req->peer,
- &GSC_my_identity,
- sizeof(struct GNUNET_PeerIdentity)));
+ is_loopback = (0 == GNUNET_memcmp (&req->peer,
+ &GSC_my_identity));
if ((! is_loopback) &&
(GNUNET_YES !=
GNUNET_CONTAINER_multipeermap_contains (c->connectmap, &req->peer)))
@@ -419,9 +418,8 @@ tokenized_cb (void *cls, const struct GNUNET_MessageHeader
*message)
gettext_noop ("# bytes of messages of type %u received"),
(unsigned int) ntohs (message->type));
GNUNET_STATISTICS_update (GSC_stats, buf, ntohs (message->size), GNUNET_NO);
- if (0 == memcmp (&car->target,
- &GSC_my_identity,
- sizeof(struct GNUNET_PeerIdentity)))
+ if (0 == GNUNET_memcmp (&car->target,
+ &GSC_my_identity))
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Delivering message of type %u to myself\n",
diff --git a/src/core/gnunet-service-core_kx.c
b/src/core/gnunet-service-core_kx.c
index a79ef075b..07c346485 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -1797,8 +1797,8 @@ do_rekey (void *cls)
int
GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
{
- struct GNUNET_MQ_MessageHandler handlers[] =
- { GNUNET_MQ_hd_fixed_size (ephemeral_key,
+ struct GNUNET_MQ_MessageHandler handlers[] = {
+ GNUNET_MQ_hd_fixed_size (ephemeral_key,
GNUNET_MESSAGE_TYPE_CORE_EPHEMERAL_KEY,
struct EphemeralKeyMessage,
NULL),
@@ -1814,7 +1814,8 @@ GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE,
struct EncryptedMessage,
NULL),
- GNUNET_MQ_handler_end () };
+ GNUNET_MQ_handler_end ()
+ };
my_private_key = *pk;
GNUNET_CRYPTO_eddsa_key_get_public (&my_private_key,
diff --git a/src/dht/gnunet-service-dht_neighbours.c
b/src/dht/gnunet-service-dht_neighbours.c
index e100ae2ee..4affc7682 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -27,6 +27,7 @@
#include "platform.h"
#include "gnunet_constants.h"
#include "gnunet_protocols.h"
+#include "gnunet_signatures.h"
#include "gnunet_ats_service.h"
#include "gnunet_core_service.h"
#include "gnunet_hello_lib.h"
@@ -408,6 +409,38 @@ static struct GNUNET_CORE_Handle *core_api;
*/
static struct GNUNET_ATS_ConnectivityHandle *ats_ch;
+/**
+ * Our private key.
+ */
+static struct GNUNET_CRYPTO_EddsaPrivateKey my_private_key;
+
+
+/**
+ * Sign that we are routing a message from @a pred to @a succ.
+ * (So the route is $PRED->us->$SUCC).
+ *
+ * @param pred predecessor peer ID
+ * @param succ successor peer ID
+ * @param[out] sig where to write the signature
+ * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP)
+ */
+static void
+sign_path (const struct GNUNET_PeerIdentity *pred,
+ const struct GNUNET_PeerIdentity *succ,
+ struct GNUNET_CRYPTO_EddsaSignature *sig)
+{
+ struct GNUNET_DHT_HopSignature hs = {
+ .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
+ .purpose.size = htonl (sizeof (hs)),
+ .pred = *pred,
+ .succ = *succ
+ };
+
+ GNUNET_CRYPTO_eddsa_sign (&my_private_key,
+ &hs,
+ sig);
+}
+
/**
* Find the optimal bucket for this key.
@@ -1287,7 +1320,7 @@ GDS_NEIGHBOURS_handle_put (const struct
GDS_DATACACHE_BlockData *bd,
GNUNET_i2s (&my_identity));
return GNUNET_NO;
}
- msize = bd->put_path_length * sizeof(struct GNUNET_PeerIdentity)
+ msize = bd->put_path_length * sizeof(struct GNUNET_DHT_PathElement)
+ bd->data_size;
if (msize + sizeof(struct PeerPutMessage)
>= GNUNET_CONSTANTS_MAX_ENCRYPTED_MESSAGE_SIZE)
@@ -1308,7 +1341,7 @@ GDS_NEIGHBOURS_handle_put (const struct
GDS_DATACACHE_BlockData *bd,
struct PeerInfo *target = targets[i];
struct GNUNET_MQ_Envelope *env;
struct PeerPutMessage *ppm;
- struct GNUNET_PeerIdentity *pp;
+ struct GNUNET_DHT_PathElement *pp;
if (GNUNET_MQ_get_length (target->mq) >= MAXIMUM_PENDING_PER_PEER)
{
@@ -1342,10 +1375,20 @@ GDS_NEIGHBOURS_handle_put (const struct
GDS_DATACACHE_BlockData *bd,
ppm->bloomfilter,
DHT_BLOOM_SIZE));
ppm->key = bd->key;
- pp = (struct GNUNET_PeerIdentity *) &ppm[1];
+ pp = (struct GNUNET_DHT_PathElement *) &ppm[1];
GNUNET_memcpy (pp,
bd->put_path,
- sizeof(struct GNUNET_PeerIdentity) * put_path_length);
+ sizeof (struct GNUNET_DHT_PathElement) * put_path_length);
+ /* 0 == put_path_length means path is not being tracked */
+ if (0 != put_path_length)
+ {
+ /* Note that the signature in 'put_path' was not initialized before,
+ so this is crucial to avoid sending garbage. */
+ sign_path (&pp[put_path_length - 1].pred,
+ target->id,
+ &pp[put_path_length - 1].sig);
+ }
+
GNUNET_memcpy (&pp[put_path_length],
bd->data,
bd->data_size);
@@ -1553,6 +1596,15 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
GNUNET_memcpy (&paths[bd->put_path_length],
get_path,
get_path_length * sizeof(struct GNUNET_DHT_PathElement));
+ /* 0 == get_path_length means path is not being tracked */
+ if (0 != get_path_length)
+ {
+ /* Note that the signature in 'get_path' was not initialized before,
+ so this is crucial to avoid sending garbage. */
+ sign_path (&paths[bd->put_path_length + get_path_length - 1].pred,
+ pi->id,
+ &paths[bd->put_path_length + get_path_length - 1].sig);
+ }
GNUNET_memcpy (&paths[bd->put_path_length + get_path_length],
bd->data,
bd->data_size);
@@ -2326,6 +2378,31 @@ GDS_NEIGHBOURS_init ()
= GNUNET_CONFIGURATION_get_value_yesno (GDS_cfg,
"DHT",
"CACHE_RESULTS");
+ {
+ char *keyfile;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (GDS_cfg,
+ "PEER",
+ "PRIVATE_KEY",
+ &keyfile))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Core service is lacking HOSTKEY configuration setting.
Exiting.\n");
+ return GNUNET_SYSERR;
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_CRYPTO_eddsa_key_from_file (keyfile,
+ GNUNET_YES,
+ &my_private_key))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to setup peer's private key\n");
+ GNUNET_free (keyfile);
+ return GNUNET_SYSERR;
+ }
+ GNUNET_free (keyfile);
+ }
ats_ch = GNUNET_ATS_connectivity_init (GDS_cfg);
core_api = GNUNET_CORE_connect (GDS_cfg,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated: -DHT: implement path signing (but signatures are not yet being verified),
gnunet <=