[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 119/164: Added some security checks
|
From: |
gnunet |
|
Subject: |
[gnunet] 119/164: Added some security checks |
|
Date: |
Fri, 30 Jul 2021 15:33:05 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
commit 6ca3b53c696d1473f6a89415b90f5666688491a8
Author: Elias Summermatter <elias.summermatter@seccom.ch>
AuthorDate: Sat May 29 14:30:48 2021 +0200
Added some security checks
---
src/setu/gnunet-service-setu.c | 193 +++++++++++++++++++++++++++-----
src/setu/gnunet-service-setu_protocol.h | 8 +-
src/setu/perf_setu_api.c | 8 +-
3 files changed, 176 insertions(+), 33 deletions(-)
diff --git a/src/setu/gnunet-service-setu.c b/src/setu/gnunet-service-setu.c
index 4416cd7ec..a309568e7 100644
--- a/src/setu/gnunet-service-setu.c
+++ b/src/setu/gnunet-service-setu.c
@@ -100,6 +100,19 @@
*/
#define DIFFERENTIAL_RTT_MEAN 3.65145
+/**
+ * Security level used for byzantine checks (2^80)
+ */
+
+#define SECURITY_LEVEL (long long unsigned) 1 << 30
+
+/**
+ * Is the estimated probabily for a new round this values
+ * is based on the bsc thesis of Elias Summermatter (2021)
+ */
+
+#define PROBABILITY_FOR_NEW_ROUND 0.15
+
/**
* Current phase we are in for a union operation.
@@ -507,6 +520,11 @@ struct Operation
* Estimated or committed set difference at the start
*/
uint64_t remote_set_diff;
+
+ /**
+ * Estimated or committed set difference at the start
+ */
+ uint64_t local_set_diff;
};
@@ -922,10 +940,20 @@ estimate_best_mode_of_operation(uint64_t avg_element_size,
uint64_t est_set_diff_local,
uint64_t bandwith_latency_tradeoff,
uint64_t ibf_bucket_number_factor) {
+
/*
- * Calculate bytes for full Sync
+ * In case of initial sync fall to predefined states
*/
+ if(0 == local_set_size)
+ return FULL_SYNC_REMOTE_SENDING_FIRST;
+ if(0 == remote_set_size)
+ return FULL_SYNC_LOCAL_SENDING_FIRST;
+
+ /*
+ * Calculate bytes for full Sync
+ */
+
uint8_t SIZEOF_FULL_DONE_HEADER = 4;
uint8_t SIZEOF_DONE_HEADER = 4;
uint8_t RTT_MIN_FULL = 2;
@@ -994,10 +1022,10 @@ estimate_best_mode_of_operation(uint64_t
avg_element_size,
if (total_bytes_full_remote_send_first >
total_bytes_full_local_send_first) {
return FULL_SYNC_LOCAL_SENDING_FIRST; //
FULL_SYNC_LOCAL_SENDING_FIRST;
} else {
- return FULL_SYNC_LOCAL_SENDING_FIRST; //
FULL_SYNC_REMOTE_SENDING_FIRST;
+ return FULL_SYNC_REMOTE_SENDING_FIRST; //
FULL_SYNC_REMOTE_SENDING_FIRST;
}
} else {
- return FULL_SYNC_LOCAL_SENDING_FIRST;
+ return DIFFERENTIAL_SYNC;
}
}
@@ -1435,10 +1463,9 @@ fail_union_operation (struct Operation *op)
* @return GNUNET_OK if
*/
-static int
+static void
full_sync_plausibility_check (struct Operation *op) {
- uint32_t security_level_ub = 1 << 30;
- long double security_level_lb = (1 / (long double) security_level_ub);
+ long double security_level_lb = (long double) 1 / (SECURITY_LEVEL);
uint64_t duplicates = op->received_fresh - op->received_total;
/*
@@ -1453,7 +1480,7 @@ full_sync_plausibility_check (struct Operation *op) {
duplicates);
GNUNET_break_op (0);
fail_union_operation (op);
- return GNUNET_SYSERR;
+ return;
}
}
@@ -1470,17 +1497,35 @@ full_sync_plausibility_check (struct Operation *op) {
long double exponent = (op->received_total - (op->received_fresh *
((long double) op->initial_size /
(long double) op->remote_set_diff)));
long double value = powl(base, exponent);
- if(value < security_level_lb || value > security_level_ub) {
+ if(value < security_level_lb || value > SECURITY_LEVEL) {
LOG (GNUNET_ERROR_TYPE_ERROR,
"PROTOCOL VIOLATION: Other peer violated probabilistic rule
for receiving "
"to many duplicated full element : %LF\n",
value);
GNUNET_break_op (0);
fail_union_operation (op);
- return GNUNET_SYSERR;
+ return;
}
}
- return GNUNET_OK;
+}
+/**
+ * Limit active passive switches in differential sync to configured security
level
+ * @param op
+ */
+
+static void
+check_max_differential_rounds(struct Operation *op)
+{
+ long double probability =
powl(PROBABILITY_FOR_NEW_ROUND,op->differential_sync_iterations);
+ if ((long double) 1 / (SECURITY_LEVEL) > probability) {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "PROTOCOL VIOLATION: Other peer violated probabilistic rule for
to many active passive "
+ "switches in differential sync: %u\n",
+ op->differential_sync_iterations);
+ GNUNET_break_op (0);
+ fail_union_operation (op);
+ return;
+ }
}
@@ -2011,6 +2056,9 @@ handle_union_p2p_strata_estimator (void *cls,
size_t len;
int is_compressed;
+ op->local_element_count = GNUNET_CONTAINER_multihashmap_size(
+ op->set->content->elements);
+
LOG (GNUNET_ERROR_TYPE_ERROR,
"START OPERATION %u\n", op->peer_site);
@@ -2073,8 +2121,37 @@ handle_union_p2p_strata_estimator (void *cls,
op->se);
/* Calculate remote local diff */
- int diff_remote = remote_se->stratas[0]->strata[0]->remote_decoded_count;
- int diff_local = remote_se->stratas[0]->strata[0]->local_decoded_count;
+ long diff_remote = remote_se->stratas[0]->strata[0]->remote_decoded_count;
+ long diff_local = remote_se->stratas[0]->strata[0]->local_decoded_count;
+
+ /* Prevent estimations from overshooting max element */
+ if(diff_remote + op->remote_element_count > op->upper_element_boundary)
+ diff_remote = op->upper_element_boundary - op->remote_element_count;
+ if(diff_local + op->local_element_count > op->upper_element_boundary)
+ diff_local = op->upper_element_boundary - op->local_element_count;
+ if(diff_remote < 0 || diff_local < 0) {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "PROTOCOL VIOLATION: More element is set as upper boundary or other
peer is "
+ "malicious: remote diff %ld, local diff: %ld\n",
+ diff_remote, diff_local);
+ GNUNET_break_op (0);
+ fail_union_operation (op);
+ return;
+ }
+
+ /* Make estimation more precise in initial sync cases */
+ if(0 == op->remote_element_count) {
+ diff_remote = 0;
+ diff_local = op->local_element_count;
+ }
+ if(0 == op->local_element_count) {
+ diff_local = 0;
+ diff_remote = op->remote_element_count;
+ }
+
+
+
+
diff = diff_remote + diff_local;
op->remote_set_diff = diff_remote;
@@ -2085,16 +2162,17 @@ handle_union_p2p_strata_estimator (void *cls,
diff,
diff_remote,
diff_local);
-
-
- /** Calculate avg element size **/
- GNUNET_CONTAINER_multihashmap_iterate (op->set->content->elements,
-
&determinate_avg_element_size_iterator,
- op);
- uint64_t avg_element_size = op->total_elements_size_local /
op->number_elements_local;
+ /** Calculate avg element size if not initial sync **/
+ uint64_t avg_element_size = 0;
+ if(0 == op->number_elements_local) {
+ GNUNET_CONTAINER_multihashmap_iterate(op->set->content->elements,
+
&determinate_avg_element_size_iterator,
+ op);
+ avg_element_size = op->total_elements_size_local /
op->number_elements_local;
+ }
op->mode_of_operation = estimate_best_mode_of_operation(avg_element_size,
-
GNUNET_CONTAINER_multihashmap_size (
+
GNUNET_CONTAINER_multihashmap_size(
op->set->content->elements),
op->remote_element_count,
diff_local,
@@ -2102,6 +2180,7 @@ handle_union_p2p_strata_estimator (void *cls,
op->rtt_bandwidth_tradeoff,
op->ibf_bucket_number_factor);
+
perf_rtt.se_diff_local = diff_local;
perf_rtt.se_diff_remote = diff_remote;
perf_rtt.se_diff = diff;
@@ -2155,7 +2234,8 @@ handle_union_p2p_strata_estimator (void *cls,
struct GNUNET_MQ_Envelope *ev;
ev = GNUNET_MQ_msg_extra(signal_msg,sizeof(struct
TransmitFullMessage),GNUNET_MESSAGE_TYPE_SETU_P2P_SEND_FULL);
signal_msg->remote_set_difference = htonl( diff_local);
- signal_msg->set_size = htonl(op->number_elements_local);
+ signal_msg->remote_set_size = htonl(op->number_elements_local);
+ signal_msg->local_set_difference = htonl(diff_remote);
GNUNET_MQ_send (op->mq,
ev);
send_full_set (op);
@@ -2171,7 +2251,8 @@ handle_union_p2p_strata_estimator (void *cls,
struct TransmitFullMessage *signal_msg;
ev = GNUNET_MQ_msg_extra(signal_msg,sizeof(struct
TransmitFullMessage),GNUNET_MESSAGE_TYPE_SETU_P2P_REQUEST_FULL);
signal_msg->remote_set_difference = htonl(diff_local);
- signal_msg->set_size = htonl(op->number_elements_local);
+ signal_msg->remote_set_size = htonl(op->number_elements_local);
+ signal_msg->local_set_difference = htonl(diff_remote);
GNUNET_MQ_send (op->mq,
ev);
}
@@ -2521,8 +2602,39 @@ handle_union_p2p_send_full (void *cls,
return;
}
- op->remote_element_count = ntohl(msg->set_size);
+ op->remote_element_count = ntohl(msg->remote_set_size);
op->remote_set_diff = ntohl(msg->remote_set_difference);
+ op->local_set_diff = ntohl(msg->local_set_difference);
+
+ /** Calculate avg element size if not initial sync **/
+ uint64_t avg_element_size = 0;
+ if(0 == op->number_elements_local) {
+
+ GNUNET_CONTAINER_multihashmap_iterate (op->set->content->elements,
+
&determinate_avg_element_size_iterator,
+ op);
+ avg_element_size = op->total_elements_size_local /
op->number_elements_local;
+ }
+
+ int mode_of_operation = estimate_best_mode_of_operation(avg_element_size,
+
op->remote_element_count,
+
GNUNET_CONTAINER_multihashmap_size(
+
op->set->content->elements),
+
op->remote_set_diff,
+ op->local_set_diff,
+
op->rtt_bandwidth_tradeoff,
+
op->ibf_bucket_number_factor);
+
+ if(FULL_SYNC_LOCAL_SENDING_FIRST != mode_of_operation)
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "PROTOCOL VIOLATION: Remote peer choose to send his full set
first but correct mode would have been"
+ " : %d\n", mode_of_operation);
+ GNUNET_break_op (0);
+ fail_union_operation (op);
+ return;
+ }
+
op->phase = PHASE_FULL_RECEIVING;
}
@@ -2613,6 +2725,7 @@ handle_union_p2p_ibf (void *cls,
return;
}
op->differential_sync_iterations++;
+ check_max_differential_rounds(op);
perf_rtt.ibf.received += 1;
perf_rtt.ibf.received_var_bytes += (ntohs (msg->header.size) - sizeof *msg);
@@ -3192,18 +3305,40 @@ handle_union_p2p_request_full (void *cls,
return;
}
- op->remote_element_count = ntohl(msg->set_size);
+ op->remote_element_count = ntohl(msg->remote_set_size);
op->remote_set_diff = ntohl(msg->remote_set_difference);
+ op->local_set_diff = ntohl(msg->local_set_difference);
perf_rtt.request_full.received += 1;
- LOG (GNUNET_ERROR_TYPE_DEBUG,
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
"Received request for full set transmission\n");
- if (PHASE_EXPECT_IBF != op->phase)
+
+ /** Calculate avg element size if not initial sync **/
+ uint64_t avg_element_size = 0;
+ if(0 == op->number_elements_local) {
+ GNUNET_CONTAINER_multihashmap_iterate (op->set->content->elements,
+
&determinate_avg_element_size_iterator,
+ op);
+ avg_element_size = op->total_elements_size_local /
op->number_elements_local;
+ }
+
+ int mode_of_operation = estimate_best_mode_of_operation(avg_element_size,
+
op->remote_element_count,
+
GNUNET_CONTAINER_multihashmap_size(
+
op->set->content->elements),
+ op->remote_set_diff,
+ op->local_set_diff,
+
op->rtt_bandwidth_tradeoff,
+
op->ibf_bucket_number_factor);
+ if(FULL_SYNC_REMOTE_SENDING_FIRST != mode_of_operation)
{
- GNUNET_break_op (0);
- fail_union_operation (op);
- return;
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "PROTOCOL VIOLATION: Remote peer choose to send his full set first
but correct mode would have been"
+ " : %d\n", mode_of_operation);
+ GNUNET_break_op (0);
+ fail_union_operation (op);
+ return;
}
// FIXME: we need to check that our set is larger than the
diff --git a/src/setu/gnunet-service-setu_protocol.h
b/src/setu/gnunet-service-setu_protocol.h
index d2cfd94c1..58a04e945 100644
--- a/src/setu/gnunet-service-setu_protocol.h
+++ b/src/setu/gnunet-service-setu_protocol.h
@@ -233,10 +233,14 @@ struct TransmitFullMessage
uint32_t remote_set_difference;
/**
- * Local set size
+ * Total remote set size
*/
- uint32_t set_size;
+ uint32_t remote_set_size;
+ /**
+ * Local set difference calculated with strata estimator
+ */
+ uint32_t local_set_difference;
};
diff --git a/src/setu/perf_setu_api.c b/src/setu/perf_setu_api.c
index 724a13ba4..a10851b2b 100644
--- a/src/setu/perf_setu_api.c
+++ b/src/setu/perf_setu_api.c
@@ -404,7 +404,7 @@ run (void *cls,
"Running real set-reconciliation\n");
//init_set1 ();
// limit ~23800 element total
- initRandomSets(45, 500,500,32);
+ initRandomSets(0, 500,1,32);
}
void perf_thread() {
@@ -425,6 +425,10 @@ static void run_petf_thread(int total_runs) {
//Father code (before child processes start)
for (int processed = 0; processed < total_runs;) {
for (int id = 0; id < core_count; id++) {
+ perf_thread();
+ processed += 1;
+ }
+ /**
if(processed >= total_runs) break;
if ((child_pid = fork()) == 0) {
@@ -433,7 +437,7 @@ static void run_petf_thread(int total_runs) {
}
processed += 1;
}
- while ((wpid = wait(&status)) > 0);
+ while ((wpid = wait(&status)) > 0);**/
}
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] 106/164: Added configuration new configration options as api options fixes memory leak, (continued)
- [gnunet] 106/164: Added configuration new configration options as api options fixes memory leak, gnunet, 2021/07/30
- [gnunet] 105/164: Added randum seed for randum map, gnunet, 2021/07/30
- [gnunet] 104/164: Added full send commit message + changes request full message, gnunet, 2021/07/30
- [gnunet] 121/164: Made SE vary sizes depending on new formula, gnunet, 2021/07/30
- [gnunet] 129/164: Fixed some warnings, gnunet, 2021/07/30
- [gnunet] 131/164: Fixed all warnings/notices for gcc and clang, gnunet, 2021/07/30
- [gnunet] 103/164: Fixed some phase stuff and shuffle full sending elements, gnunet, 2021/07/30
- [gnunet] 123/164: Disable performance messurement, gnunet, 2021/07/30
- [gnunet] 111/164: Improved IBF with salt + prime ibf size, gnunet, 2021/07/30
- [gnunet] 128/164: Added some more comment, gnunet, 2021/07/30
- [gnunet] 119/164: Added some security checks,
gnunet <=
- [gnunet] 143/164: Added some comments, gnunet, 2021/07/30
- [gnunet] 139/164: Fixed wrong argument for mode of operation, gnunet, 2021/07/30
- [gnunet] 80/164: Perf test, gnunet, 2021/07/30
- [gnunet] 84/164: Perf test, gnunet, 2021/07/30
- [gnunet] 110/164: Improved IBF with salt + prime ibf size, gnunet, 2021/07/30
- [gnunet] 113/164: Salt mul 7 for salt optimization, gnunet, 2021/07/30
- [gnunet] 117/164: Prepare fore messurement 4, gnunet, 2021/07/30
- [gnunet] 109/164: Added multi strata estimator, gnunet, 2021/07/30
- [gnunet] 130/164: Cleaned some more warnings, gnunet, 2021/07/30
- [gnunet] 142/164: Maded struct camelcase, gnunet, 2021/07/30