[gnunet] branch master updated: add more information to ensure signature

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] branch master updated: add more information to ensure signature

From:	gnunet
Subject:	[gnunet] branch master updated: add more information to ensure signatures are fresh and request-specific
Date:	Mon, 10 Jan 2022 10:32:09 +0100

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository gnunet.

The following commit(s) were added to refs/heads/master by this push:
     new 8f8351c2d add more information to ensure signatures are fresh and 
request-specific
8f8351c2d is described below

commit 8f8351c2ddb2c3040195548363161a2a177c7cc0
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Jan 10 10:31:59 2022 +0100

    add more information to ensure signatures are fresh and request-specific
---
 src/dht/gnunet-service-dht_neighbours.c | 30 ++++++++++++++++++++++++------
 src/include/gnunet_dht_service.h        | 15 +++++++++++++++
 2 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/src/dht/gnunet-service-dht_neighbours.c 
b/src/dht/gnunet-service-dht_neighbours.c
index 2c9240969..95d8bb032 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -419,26 +419,36 @@ static struct GNUNET_CRYPTO_EddsaPrivateKey 
my_private_key;
  * Sign that we are routing a message from @a pred to @a succ.
  * (So the route is $PRED->us->$SUCC).
  *
+ * @param key key of the data (not necessarily the query hash)
+ * @param data payload (the block)
+ * @param data_size number of bytes in @a data
+ * @param exp_time expiration time of @a data
  * @param pred predecessor peer ID
  * @param succ successor peer ID
  * @param[out] sig where to write the signature
  *      (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP)
  */
 static void
-sign_path (const struct GNUNET_PeerIdentity *pred,
+sign_path (const struct GNUNET_HashCode *key,
+           const void *data,
+           size_t data_size,
+           struct GNUNET_TIME_Absolute exp_time,
+           const struct GNUNET_PeerIdentity *pred,
            const struct GNUNET_PeerIdentity *succ,
            struct GNUNET_CRYPTO_EddsaSignature *sig)
 {
   struct GNUNET_DHT_HopSignature hs = {
     .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
     .purpose.size = htonl (sizeof (hs)),
+    .expiration_time = GNUNET_TIME_absolute_hton (exp_time),
+    .key = *key,
     .pred = *pred,
     .succ = *succ
   };
 
-  /* TODO: we might want to cache signatures by 'hs' in the
-     future as an optimization to reduce the amount of
-     crypto operations we need to do! */
+  GNUNET_CRYPTO_hash (data,
+                      data_size,
+                      &hs.h_data);
   GNUNET_CRYPTO_eddsa_sign (&my_private_key,
                             &hs,
                             sig);
@@ -1387,7 +1397,11 @@ GDS_NEIGHBOURS_handle_put (const struct 
GDS_DATACACHE_BlockData *bd,
     {
       /* Note that the signature in 'put_path' was not initialized before,
          so this is crucial to avoid sending garbage. */
-      sign_path (&pp[put_path_length - 1].pred,
+      sign_path (&bd->key,
+                 bd->data,
+                 bd->data_size,
+                 bd->expiration_time,
+                 &pp[put_path_length - 1].pred,
                  target->id,
                  &pp[put_path_length - 1].sig);
     }
@@ -1604,7 +1618,11 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
   {
     /* Note that the signature in 'get_path' was not initialized before,
        so this is crucial to avoid sending garbage. */
-    sign_path (&paths[bd->put_path_length + get_path_length - 1].pred,
+    sign_path (&bd->key,
+               bd->data,
+               bd->data_size,
+               bd->expiration_time,
+               &paths[bd->put_path_length + get_path_length - 1].pred,
                pi->id,
                &paths[bd->put_path_length + get_path_length - 1].sig);
   }
diff --git a/src/include/gnunet_dht_service.h b/src/include/gnunet_dht_service.h
index d33ef2f0d..7376dd5f4 100644
--- a/src/include/gnunet_dht_service.h
+++ b/src/include/gnunet_dht_service.h
@@ -125,6 +125,21 @@ struct GNUNET_DHT_HopSignature
    */
   struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
 
+  /**
+   * Expiration time of the block.
+   */
+  struct GNUNET_TIME_AbsoluteNBO expiration_time;
+
+  /**
+   * Key of the block.
+   */
+  struct GNUNET_HashCode key;
+
+  /**
+   * Hash over the payload of the block.
+   */
+  struct GNUNET_HashCode h_data;
+
   /**
    * Previous hop the message was received from.  All zeros
    * if this peer was the initiator.

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated: add more information to ensure signatures are fresh and request-specific, gnunet <=

Prev by Date: [taler-exchange] branch master updated: fix amount denormalization issue
Next by Date: [gnunet] branch master updated: -export routine for path verification (untested)
Previous by thread: [taler-exchange] branch master updated: fix amount denormalization issue
Next by thread: [gnunet] branch master updated: -export routine for path verification (untested)
Index(es):
- Date
- Thread