[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: -hack up GET/PUT signatures, still broke
From: |
gnunet |
Subject: |
[gnunet] branch master updated: -hack up GET/PUT signatures, still broken by design |
Date: |
Sat, 26 Feb 2022 01:57:16 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 8fe9edb11 -hack up GET/PUT signatures, still broken by design
8fe9edb11 is described below
commit 8fe9edb11728c34de80242b438cbb0d75e26a04d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Feb 26 01:57:13 2022 +0100
-hack up GET/PUT signatures, still broken by design
---
contrib/gana | 2 +-
po/POTFILES.in | 3 -
src/dht/Makefile.am | 2 +-
src/dht/dht_api.c | 159 ++++++++++++++++++++--------
src/dht/gnunet-service-dht.h | 3 +-
src/dht/gnunet-service-dht_clients.c | 29 +++---
src/dht/gnunet-service-dht_neighbours.c | 177 +++++++++++++++++++++-----------
src/dht/gnunet-service-dht_neighbours.h | 3 +-
src/dht/gnunet-service-dht_routing.c | 10 +-
src/dht/test_dht_topo.c | 26 +++--
src/include/gnunet_dht_service.h | 51 +++++++--
11 files changed, 321 insertions(+), 144 deletions(-)
diff --git a/contrib/gana b/contrib/gana
index ca97ba9b2..887d4485e 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit ca97ba9b2ba3d47197456dec2ec4a4c9358329f3
+Subproject commit 887d4485ea88e42e0b339b7a992420bc1e4e1e7f
diff --git a/po/POTFILES.in b/po/POTFILES.in
index d2e44dec1..5c1152e7c 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -175,7 +175,6 @@ src/gns/nss/nss_gns_query.c
src/gns/plugin_block_gns.c
src/gns/plugin_gnsrecord_gns.c
src/gns/plugin_rest_gns.c
-src/gns/test.c
src/gnsrecord/gnsrecord.c
src/gnsrecord/gnsrecord_crypto.c
src/gnsrecord/gnsrecord_misc.c
@@ -183,7 +182,6 @@ src/gnsrecord/gnsrecord_serialization.c
src/gnsrecord/gnunet-gnsrecord-tvg.c
src/gnsrecord/json_gnsrecord.c
src/gnsrecord/plugin_gnsrecord_dns.c
-src/gnsrecord/test.c
src/hello/address.c
src/hello/gnunet-hello.c
src/hello/hello-ng.c
@@ -316,7 +314,6 @@ src/reclaim/plugin_rest_reclaim.c
src/reclaim/reclaim_api.c
src/reclaim/reclaim_attribute.c
src/reclaim/reclaim_credential.c
-src/reclaim/test.c
src/regex/gnunet-daemon-regexprofiler.c
src/regex/gnunet-regex-profiler.c
src/regex/gnunet-regex-simulation-profiler.c
diff --git a/src/dht/Makefile.am b/src/dht/Makefile.am
index f9cd26094..1e14367c8 100644
--- a/src/dht/Makefile.am
+++ b/src/dht/Makefile.am
@@ -90,7 +90,7 @@ gnunet_dht_hello_SOURCES = \
gnunet_dht_hello_LDADD = \
libgnunetdht.la \
$(top_builddir)/src/util/libgnunetutil.la
-gnunet_dht_get_LDFLAGS = \
+gnunet_dht_hello_LDFLAGS = \
$(GN_LIBINTL)
gnunet_dht_put_SOURCES = \
diff --git a/src/dht/dht_api.c b/src/dht/dht_api.c
index d60653dd4..a16db6d4b 100644
--- a/src/dht/dht_api.c
+++ b/src/dht/dht_api.c
@@ -561,9 +561,10 @@ handle_monitor_get (void *cls,
const struct GNUNET_DHT_MonitorGetMessage *msg)
{
struct GNUNET_DHT_Handle *handle = cls;
- struct GNUNET_DHT_MonitorHandle *mh;
- for (mh = handle->monitor_head; NULL != mh; mh = mh->next)
+ for (struct GNUNET_DHT_MonitorHandle *mh = handle->monitor_head;
+ NULL != mh;
+ mh = mh->next)
{
if (NULL == mh->get_cb)
continue;
@@ -626,10 +627,12 @@ handle_monitor_get_resp (void *cls,
const struct GNUNET_DHT_PathElement *path;
uint32_t getl = ntohl (msg->get_path_length);
uint32_t putl = ntohl (msg->put_path_length);
- struct GNUNET_DHT_MonitorHandle *mh;
+
path = (const struct GNUNET_DHT_PathElement *) &msg[1];
- for (mh = handle->monitor_head; NULL != mh; mh = mh->next)
+ for (struct GNUNET_DHT_MonitorHandle *mh = handle->monitor_head;
+ NULL != mh;
+ mh = mh->next)
{
if (NULL == mh->get_resp_cb)
continue;
@@ -641,9 +644,9 @@ handle_monitor_get_resp (void *cls,
sizeof(struct GNUNET_HashCode)))))
mh->get_resp_cb (mh->cb_cls,
(enum GNUNET_BLOCK_Type) ntohl (msg->type),
- path,
+ &path[putl],
getl,
- &path[getl],
+ path,
putl,
GNUNET_TIME_absolute_ntoh (msg->expiration_time),
&msg->key,
@@ -773,12 +776,18 @@ process_client_result (void *cls,
uint16_t type = ntohl (crm->type);
uint32_t put_path_length = ntohl (crm->put_path_length);
uint32_t get_path_length = ntohl (crm->get_path_length);
- const struct GNUNET_DHT_PathElement *put_path;
- const struct GNUNET_DHT_PathElement *get_path;
+ const struct GNUNET_DHT_PathElement *put_path
+ = (const struct GNUNET_DHT_PathElement *) &crm[1];
+ const struct GNUNET_DHT_PathElement *get_path
+ = &put_path[put_path_length];
+ const void *data
+ = &get_path[get_path_length];
+ size_t meta_length
+ = sizeof(struct GNUNET_DHT_PathElement) * (get_path_length
+ + put_path_length);
+ size_t data_length
+ = msize - meta_length;
struct GNUNET_HashCode hc;
- size_t data_length;
- size_t meta_length;
- const void *data;
if (crm->unique_id != get_handle->unique_id)
{
@@ -797,11 +806,7 @@ process_client_result (void *cls,
GNUNET_break (0);
return GNUNET_YES;
}
- meta_length =
- sizeof(struct GNUNET_DHT_PathElement) * (get_path_length +
put_path_length);
- data_length = msize - meta_length;
- put_path = (const struct GNUNET_DHT_PathElement *) &crm[1];
- get_path = &put_path[put_path_length];
+
{
char *pp;
char *gp;
@@ -819,7 +824,6 @@ process_client_result (void *cls,
GNUNET_free (gp);
GNUNET_free (pp);
}
- data = &get_path[get_path_length];
/* remember that we've seen this result */
GNUNET_CRYPTO_hash (data,
data_length,
@@ -1296,7 +1300,7 @@ GNUNET_DHT_pp2s (const struct GNUNET_DHT_PathElement
*path,
unsigned int
-GNUNET_DHT_verify_path (const struct GNUNET_HashCode *key,
+GNUNET_DHT_verify_path (const struct GNUNET_HashCode *query_hash,
const void *data,
size_t data_size,
struct GNUNET_TIME_Absolute exp_time,
@@ -1306,50 +1310,125 @@ GNUNET_DHT_verify_path (const struct GNUNET_HashCode
*key,
unsigned int get_path_len,
const struct GNUNET_PeerIdentity *me)
{
- struct GNUNET_DHT_HopSignature hs = {
- .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
- .purpose.size = htonl (sizeof (hs)),
+ struct GNUNET_DHT_PutHopSignature phs = {
+ .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP),
+ .purpose.size = htonl (sizeof (phs)),
+ .expiration_time = GNUNET_TIME_absolute_hton (exp_time)
+ };
+ struct GNUNET_DHT_ResultHopSignature ghs = {
+ .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_RESULT_HOP),
+ .purpose.size = htonl (sizeof (ghs)),
.expiration_time = GNUNET_TIME_absolute_hton (exp_time),
- .key = *key,
};
+ const struct GNUNET_PeerIdentity *pred;
+ const struct GNUNET_PeerIdentity *succ;
unsigned int i;
if (0 == get_path_len + put_path_len)
return 0;
+ if (0 != get_path_len)
+ {
+ GNUNET_assert (NULL != query_hash);
+ ghs.query_hash = *query_hash;
+ }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"%s is verifying signatures for %s with GPL: %u PPL: %u!\n",
GNUNET_i2s (me),
- GNUNET_h2s (key),
+ NULL != query_hash ? GNUNET_h2s (query_hash) : "<null>",
get_path_len,
put_path_len);
+ for (unsigned int j = 0; j<put_path_len; j++)
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "PP%u=%s\n",
+ j,
+ GNUNET_i2s (&put_path[j].pred));
+ for (unsigned int j = 0; j<get_path_len; j++)
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "GP%u=%s\n",
+ j,
+ GNUNET_i2s (&get_path[j].pred));
+
i = put_path_len + get_path_len - 1;
GNUNET_CRYPTO_hash (data,
data_size,
- &hs.h_data);
+ &phs.h_data);
+ ghs.h_data = phs.h_data;
while (i > 0)
{
- hs.pred = (i - 1 >= put_path_len)
- ? get_path[i - put_path_len - 1].pred
- : put_path[i - 1].pred;
+ pred = (i - 1 >= put_path_len)
+ ? &get_path[i - put_path_len - 1].pred
+ : &put_path[i - 1].pred;
if (i + 1 == get_path_len + put_path_len)
- hs.succ = *me;
+ succ = me;
else
- hs.succ = (i + 1 >= put_path_len)
- ? get_path[i + 1 - put_path_len].pred
- : put_path[i + 1].pred;
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- GNUNET_SIGNATURE_PURPOSE_DHT_HOP,
- &hs,
- (i - 1 >= put_path_len)
- ? &get_path[i - put_path_len - 1].sig
+ succ = (i + 1 >= put_path_len)
+ ? &get_path[i + 1 - put_path_len].pred
+ : &put_path[i + 1].pred;
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "PRED: %s\n",
+ GNUNET_i2s (pred));
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "SUCC: %s\n",
+ GNUNET_i2s (succ));
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "SIGNER: %s\n",
+ GNUNET_i2s ((i >= put_path_len)
+ ? &get_path[i - put_path_len].pred
+ : &put_path[i].pred));
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "SIG: %s\n",
+ GNUNET_B2S ((i - 1 >= put_path_len)
+ ? &get_path[i - put_path_len - 1].sig
+ : &put_path[i - 1].sig));
+ if ( (i + 1 >= put_path_len) &&
+ (0 != get_path_len) )
+ {
+ /* NOTE: the last signature inside the 'PUT'
+ path is from the cross-over point and already
+ of type RESULT_HOP, but only if we have
+ a non-empty 'GET' path! */
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Key: %s offset %u\n",
+ GNUNET_h2s (query_hash),
+ i);
+ ghs.pred = *pred;
+ ghs.succ = *succ;
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_verify (
+ GNUNET_SIGNATURE_PURPOSE_DHT_RESULT_HOP,
+ &ghs,
+ (i - 1 >= put_path_len)
+ ? &get_path[i - put_path_len - 1].sig
: &put_path[i - 1].sig,
- (i >= put_path_len)
+ (i >= put_path_len)
? &get_path[i - put_path_len].pred.public_key
: &put_path[i].pred.public_key))
+ {
+ GNUNET_break_op (0);
+ return i;
+ }
+ }
+ else
{
- GNUNET_break_op (0);
- return i;
+ phs.pred = *pred;
+ phs.succ = *succ;
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "offset %u\n",
+ i);
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_verify (
+ GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP,
+ &phs,
+ (i - 1 >= put_path_len)
+ ? &get_path[i - put_path_len - 1].sig
+ : &put_path[i - 1].sig,
+ (i >= put_path_len)
+ ? &get_path[i - put_path_len].pred.public_key
+ : &put_path[i].pred.public_key))
+ {
+ GNUNET_break_op (0);
+ return i;
+ }
}
i--;
}
diff --git a/src/dht/gnunet-service-dht.h b/src/dht/gnunet-service-dht.h
index d3bb39455..a1513fcce 100644
--- a/src/dht/gnunet-service-dht.h
+++ b/src/dht/gnunet-service-dht.h
@@ -146,8 +146,9 @@ GDS_u_hold (struct GDS_Underlay *u,
* @param query_hash hash of the original query, might not match key in @a bd
* @param get_path_length number of entries in @a get_path
* @param get_path path the reply has taken
+ * @return true on success, false on failures
*/
-void
+bool
GDS_CLIENTS_handle_reply (const struct GDS_DATACACHE_BlockData *bd,
const struct GNUNET_HashCode *query_hash,
unsigned int get_path_length,
diff --git a/src/dht/gnunet-service-dht_clients.c
b/src/dht/gnunet-service-dht_clients.c
index 049e3d1f1..d6ce97666 100644
--- a/src/dht/gnunet-service-dht_clients.c
+++ b/src/dht/gnunet-service-dht_clients.c
@@ -515,9 +515,9 @@ handle_dht_local_put (void *cls,
"CLIENT-PUT %s\n",
GNUNET_h2s_full (&dht_msg->key));
/* give to local clients */
- GDS_CLIENTS_handle_reply (&bd,
- &bd.key,
- 0, NULL /* get path */);
+ GNUNET_break (GDS_CLIENTS_handle_reply (&bd,
+ &bd.key,
+ 0, NULL /* get path */));
{
struct GNUNET_CONTAINER_BloomFilter *peer_bf;
@@ -568,9 +568,9 @@ handle_local_result (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Datacache provided result for query key %s\n",
GNUNET_h2s (&bd->key));
- GDS_CLIENTS_handle_reply (bd,
- &bd->key,
- 0, NULL /* get_path */);
+ GNUNET_break (GDS_CLIENTS_handle_reply (bd,
+ &bd->key,
+ 0, NULL /* get_path */));
}
@@ -1002,7 +1002,7 @@ forward_reply (void *cls,
reply->put_path_length = htonl (frc->bd->put_path_length);
reply->unique_id = record->unique_id;
reply->expiration = GNUNET_TIME_absolute_hton (frc->bd->expiration_time);
- reply->key = frc->bd->key;
+ reply->key = *query_hash;
paths = (struct GNUNET_DHT_PathElement *) &reply[1];
GNUNET_memcpy (paths,
frc->bd->put_path,
@@ -1027,7 +1027,7 @@ forward_reply (void *cls,
}
-void
+bool
GDS_CLIENTS_handle_reply (const struct GDS_DATACACHE_BlockData *bd,
const struct GNUNET_HashCode *query_hash,
unsigned int get_path_length,
@@ -1042,22 +1042,22 @@ GDS_CLIENTS_handle_reply (const struct
GDS_DATACACHE_BlockData *bd,
if (msize >= GNUNET_MAX_MESSAGE_SIZE)
{
GNUNET_break (0);
- return;
+ return false;
}
#if SANITY_CHECKS
if (0 !=
- GNUNET_DHT_verify_path (&bd->key,
+ GNUNET_DHT_verify_path (query_hash,
bd->data,
bd->data_size,
bd->expiration_time,
- get_path,
- get_path_length,
bd->put_path,
bd->put_path_length,
+ get_path,
+ get_path_length,
&GDS_my_identity))
{
- GNUNET_break_op (0);
- return;
+ GNUNET_break (0);
+ return false;
}
#endif
frc.bd = bd;
@@ -1082,6 +1082,7 @@ GDS_CLIENTS_handle_reply (const struct
GDS_DATACACHE_BlockData *bd,
1,
GNUNET_NO);
}
+ return true;
}
diff --git a/src/dht/gnunet-service-dht_neighbours.c
b/src/dht/gnunet-service-dht_neighbours.c
index 284380647..f542dd6af 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -519,22 +519,60 @@ do_send (struct PeerInfo *pi,
* @param pred predecessor peer ID
* @param succ successor peer ID
* @param[out] sig where to write the signature
+ * (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP)
+ */
+static void
+sign_put_path (const void *data,
+ size_t data_size,
+ struct GNUNET_TIME_Absolute exp_time,
+ const struct GNUNET_PeerIdentity *pred,
+ const struct GNUNET_PeerIdentity *succ,
+ struct GNUNET_CRYPTO_EddsaSignature *sig)
+{
+ struct GNUNET_DHT_PutHopSignature hs = {
+ .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP),
+ .purpose.size = htonl (sizeof (hs)),
+ .expiration_time = GNUNET_TIME_absolute_hton (exp_time),
+ .pred = *pred,
+ .succ = *succ
+ };
+
+ GNUNET_CRYPTO_hash (data,
+ data_size,
+ &hs.h_data);
+ GNUNET_CRYPTO_eddsa_sign (&GDS_my_private_key,
+ &hs,
+ sig);
+}
+
+
+/**
+ * Sign that we are routing a message from @a pred to @a succ.
+ * (So the route is $PRED->us->$SUCC).
+ *
+ * @param query_hash query being answered
+ * @param data payload (the block)
+ * @param data_size number of bytes in @a data
+ * @param exp_time expiration time of @a data
+ * @param pred predecessor peer ID
+ * @param succ successor peer ID
+ * @param[out] sig where to write the signature
* (of purpose #GNUNET_SIGNATURE_PURPOSE_DHT_HOP)
*/
static void
-sign_path (const struct GNUNET_HashCode *key,
- const void *data,
- size_t data_size,
- struct GNUNET_TIME_Absolute exp_time,
- const struct GNUNET_PeerIdentity *pred,
- const struct GNUNET_PeerIdentity *succ,
- struct GNUNET_CRYPTO_EddsaSignature *sig)
+sign_result_path (const struct GNUNET_HashCode *query_hash,
+ const void *data,
+ size_t data_size,
+ struct GNUNET_TIME_Absolute exp_time,
+ const struct GNUNET_PeerIdentity *pred,
+ const struct GNUNET_PeerIdentity *succ,
+ struct GNUNET_CRYPTO_EddsaSignature *sig)
{
- struct GNUNET_DHT_HopSignature hs = {
- .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
+ struct GNUNET_DHT_ResultHopSignature hs = {
+ .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_RESULT_HOP),
.purpose.size = htonl (sizeof (hs)),
.expiration_time = GNUNET_TIME_absolute_hton (exp_time),
- .key = *key,
+ .query_hash = *query_hash,
.pred = *pred,
.succ = *succ
};
@@ -1299,7 +1337,7 @@ GDS_NEIGHBOURS_handle_put (const struct
GDS_DATACACHE_BlockData *bd,
GNUNET_assert (NULL != bf);
#if SANITY_CHECKS
if (0 !=
- GNUNET_DHT_verify_path (&bd->key,
+ GNUNET_DHT_verify_path (NULL,
bd->data,
bd->data_size,
bd->expiration_time,
@@ -1393,13 +1431,12 @@ GDS_NEIGHBOURS_handle_put (const struct
GDS_DATACACHE_BlockData *bd,
{
/* Note that the signature in 'put_path' was not initialized before,
so this is crucial to avoid sending garbage. */
- sign_path (&bd->key,
- bd->data,
- bd->data_size,
- bd->expiration_time,
- &pp[put_path_length - 1].pred,
- &target->id,
- &pp[put_path_length - 1].sig);
+ sign_put_path (bd->data,
+ bd->data_size,
+ bd->expiration_time,
+ &pp[put_path_length - 1].pred,
+ &target->id,
+ &pp[put_path_length - 1].sig);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Signing PUT PATH %u => %s\n",
put_path_length,
@@ -1546,7 +1583,7 @@ GDS_NEIGHBOURS_lookup_peer (const struct
GNUNET_PeerIdentity *target)
}
-void
+bool
GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
const struct GDS_DATACACHE_BlockData *bd,
const struct GNUNET_HashCode *query_hash,
@@ -1559,7 +1596,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
#if SANITY_CHECKS
if (0 !=
- GNUNET_DHT_verify_path (&bd->key,
+ GNUNET_DHT_verify_path (query_hash,
bd->data,
bd->data_size,
bd->expiration_time,
@@ -1570,8 +1607,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
&GDS_my_identity))
{
GNUNET_break_op (0);
- get_path_length = 0;
- ppl = 0;
+ return false;
}
#endif
msize = bd->data_size + (get_path_length + ppl)
@@ -1596,7 +1632,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
(bd->data_size > GNUNET_MAX_MESSAGE_SIZE))
{
GNUNET_break (0);
- return;
+ return false;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Forwarding reply for key %s to peer %s\n",
@@ -1645,13 +1681,13 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
{
/* Note that the last signature in 'paths' was not initialized before,
so this is crucial to avoid sending garbage. */
- sign_path (query_hash,
- bd->data,
- bd->data_size,
- bd->expiration_time,
- &paths[ppl + get_path_length - 1].pred,
- &pi->id,
- &paths[ppl + get_path_length - 1].sig);
+ sign_result_path (query_hash,
+ bd->data,
+ bd->data_size,
+ bd->expiration_time,
+ &paths[ppl + get_path_length - 1].pred,
+ &pi->id,
+ &paths[ppl + get_path_length - 1].sig);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Signing GET PATH %u/%u of %s => %s\n",
ppl,
@@ -1683,7 +1719,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
&pi->id))
{
GNUNET_break (0);
- return;
+ return false;
}
}
#endif
@@ -1692,6 +1728,7 @@ GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
do_send (pi,
&prm->header);
}
+ return true;
}
@@ -1870,9 +1907,9 @@ handle_dht_p2p_put (void *cls,
}
/* give to local clients */
- GDS_CLIENTS_handle_reply (&bd,
- &bd.key,
- 0, NULL /* get path */);
+ GNUNET_break (GDS_CLIENTS_handle_reply (&bd,
+ &bd.key,
+ 0, NULL /* get path */));
/* store locally */
if ( (0 != (options & GNUNET_DHT_RO_DEMULTIPLEX_EVERYWHERE)) ||
@@ -1958,10 +1995,10 @@ handle_find_my_hello (struct PeerInfo *pi,
.data_size = block_size
};
- GDS_NEIGHBOURS_handle_reply (pi,
- &bd,
- query_hash,
- 0, NULL /* get path */);
+ GNUNET_break (GDS_NEIGHBOURS_handle_reply (pi,
+ &bd,
+ query_hash,
+ 0, NULL /* get path */));
}
else
{
@@ -2013,10 +2050,10 @@ handle_find_local_hello (struct PeerInfo *pi,
.data_size = peer->hello_size
};
- GDS_NEIGHBOURS_handle_reply (pi,
- &bd,
- query_hash,
- 0, NULL /* get path */);
+ GNUNET_break (GDS_NEIGHBOURS_handle_reply (pi,
+ &bd,
+ query_hash,
+ 0, NULL /* get path */));
}
}
@@ -2033,10 +2070,10 @@ handle_local_result (void *cls,
{
struct PeerInfo *peer = cls;
- GDS_NEIGHBOURS_handle_reply (peer,
- bd,
- &bd->key,
- 0, NULL /* get path */);
+ GNUNET_break (GDS_NEIGHBOURS_handle_reply (peer,
+ bd,
+ &bd->key,
+ 0, NULL /* get path */));
}
@@ -2230,8 +2267,9 @@ handle_dht_p2p_get (void *cls,
* @param query_hash hash of the original query, might not match key in @a bd
* @param get_path_length number of entries in @a get_path
* @param get_path path the reply has taken
+ * @return true on success
*/
-static void
+static bool
process_reply_with_path (const struct GDS_DATACACHE_BlockData *bd,
const struct GNUNET_HashCode *query_hash,
unsigned int get_path_length,
@@ -2240,10 +2278,14 @@ process_reply_with_path (const struct
GDS_DATACACHE_BlockData *bd,
/* forward to local clients */
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Forwarding reply to local clients\n");
- GDS_CLIENTS_handle_reply (bd,
- query_hash,
- get_path_length,
- get_path);
+ if (! GDS_CLIENTS_handle_reply (bd,
+ query_hash,
+ get_path_length,
+ get_path))
+ {
+ GNUNET_break (0);
+ return false;
+ }
GDS_CLIENTS_process_get_resp (bd,
get_path,
get_path_length);
@@ -2268,6 +2310,7 @@ process_reply_with_path (const struct
GDS_DATACACHE_BlockData *bd,
query_hash,
get_path_length,
get_path);
+ return true;
}
@@ -2282,6 +2325,8 @@ static enum GNUNET_GenericReturnValue
check_dht_p2p_result (void *cls,
const struct PeerResultMessage *prm)
{
+ struct Target *t = cls;
+ struct PeerInfo *peer = t->pi;
uint16_t get_path_length = ntohs (prm->get_path_length);
uint16_t put_path_length = ntohs (prm->put_path_length);
uint16_t msize = ntohs (prm->header.size);
@@ -2289,8 +2334,8 @@ check_dht_p2p_result (void *cls,
= (const struct GNUNET_DHT_PathElement *) &prm[1];
const struct GNUNET_DHT_PathElement *gp
= &pp[put_path_length];
+ struct GNUNET_DHT_PathElement gpx[get_path_length + 1];
- (void) cls;
if ( (msize <
sizeof(struct PeerResultMessage)
+ (get_path_length + put_path_length)
@@ -2305,6 +2350,14 @@ check_dht_p2p_result (void *cls,
}
#if SANITY_CHECKS
+ memcpy (gpx,
+ gp,
+ get_path_length
+ * sizeof (struct GNUNET_DHT_PathElement));
+ gpx[get_path_length].pred = peer->id;
+ memset (&gpx[get_path_length].sig,
+ 0,
+ sizeof (gpx[get_path_length].sig));
if (0 !=
GNUNET_DHT_verify_path (&prm->key,
&gp[get_path_length],
@@ -2314,8 +2367,8 @@ check_dht_p2p_result (void *cls,
GNUNET_TIME_absolute_ntoh (prm->expiration_time),
pp,
put_path_length,
- gp,
- get_path_length,
+ gpx,
+ get_path_length + 1,
&GDS_my_identity))
{
GNUNET_break_op (0);
@@ -2483,10 +2536,10 @@ handle_dht_p2p_result (void *cls,
"Truncating path at %u/%u\n",
i,
get_path_length);
- process_reply_with_path (&bd,
- &prm->key,
- i,
- get_path);
+ GNUNET_break (process_reply_with_path (&bd,
+ &prm->key,
+ i,
+ get_path));
return;
}
@@ -2505,10 +2558,10 @@ handle_dht_p2p_result (void *cls,
"Extending GET path of length %u with %s\n",
get_path_length,
GNUNET_i2s (&peer->id));
- process_reply_with_path (&bd,
- &prm->key,
- get_path_length + 1,
- xget_path);
+ GNUNET_break (process_reply_with_path (&bd,
+ &prm->key,
+ get_path_length + 1,
+ xget_path));
}
}
diff --git a/src/dht/gnunet-service-dht_neighbours.h
b/src/dht/gnunet-service-dht_neighbours.h
index fdaf655bd..4f4172f71 100644
--- a/src/dht/gnunet-service-dht_neighbours.h
+++ b/src/dht/gnunet-service-dht_neighbours.h
@@ -108,8 +108,9 @@ GDS_NEIGHBOURS_handle_get (enum GNUNET_BLOCK_Type type,
* @param query_hash query that was used for the request
* @param get_path_length number of entries in put_path
* @param get_path peers this reply has traversed so far (if tracked)
+ * @return true on success
*/
-void
+bool
GDS_NEIGHBOURS_handle_reply (struct PeerInfo *pi,
const struct GDS_DATACACHE_BlockData *bd,
const struct GNUNET_HashCode *query_hash,
diff --git a/src/dht/gnunet-service-dht_routing.c
b/src/dht/gnunet-service-dht_routing.c
index c07b06c5e..da9919e82 100644
--- a/src/dht/gnunet-service-dht_routing.c
+++ b/src/dht/gnunet-service-dht_routing.c
@@ -195,11 +195,11 @@ process (void *cls,
GNUNET_h2s (query_hash));
return GNUNET_OK;
}
- GDS_NEIGHBOURS_handle_reply (pi,
- &bdx,
- query_hash,
- get_path_length,
- pc->get_path);
+ GNUNET_break (GDS_NEIGHBOURS_handle_reply (pi,
+ &bdx,
+ query_hash,
+ get_path_length,
+ pc->get_path));
}
break;
case GNUNET_BLOCK_REPLY_OK_DUPLICATE:
diff --git a/src/dht/test_dht_topo.c b/src/dht/test_dht_topo.c
index 30e7749ca..fa57e13b5 100644
--- a/src/dht/test_dht_topo.c
+++ b/src/dht/test_dht_topo.c
@@ -326,7 +326,7 @@ timeout_cb (void *cls)
*
* @param cls closure with our 'struct GetOperation'
* @param exp when will this value expire
- * @param key key of the result
+ * @param query query hash
* @param get_path peers on reply path (or NULL if not recorded)
* @param get_path_length number of entries in @a get_path
* @param put_path peers on the PUT path (or NULL if not recorded)
@@ -338,7 +338,7 @@ timeout_cb (void *cls)
static void
dht_get_handler (void *cls,
struct GNUNET_TIME_Absolute exp,
- const struct GNUNET_HashCode *key,
+ const struct GNUNET_HashCode *query,
const struct GNUNET_DHT_PathElement *get_path,
unsigned int get_path_length,
const struct GNUNET_DHT_PathElement *put_path,
@@ -359,8 +359,15 @@ dht_get_handler (void *cls,
GNUNET_break (0);
return;
}
- GNUNET_CRYPTO_hash (key,
- sizeof(*key),
+ if (0 != GNUNET_memcmp (query,
+ &get_op->key))
+ {
+ /* exact search should only yield exact results */
+ GNUNET_break (0);
+ return;
+ }
+ GNUNET_CRYPTO_hash (query,
+ sizeof(*query),
&want);
if (0 != memcmp (&want,
data,
@@ -370,19 +377,22 @@ dht_get_handler (void *cls,
return;
}
if (0 !=
- GNUNET_DHT_verify_path (key,
+ GNUNET_DHT_verify_path (query,
data,
size,
exp,
- get_path,
- get_path_length,
put_path,
put_path_length,
+ get_path,
+ get_path_length,
&get_op->me))
{
GNUNET_break (0);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Path signature verification failed!\n");
+ "Path signature (%u/%u) verification failed for peer %s!\n",
+ get_path_length,
+ put_path_length,
+ GNUNET_i2s (&get_op->me));
}
else
{
diff --git a/src/include/gnunet_dht_service.h b/src/include/gnunet_dht_service.h
index e0f9f6fc3..4e14d981d 100644
--- a/src/include/gnunet_dht_service.h
+++ b/src/include/gnunet_dht_service.h
@@ -118,10 +118,10 @@ GNUNET_NETWORK_STRUCT_BEGIN
/**
* Message signed by a peer when doing path tracking.
*/
-struct GNUNET_DHT_HopSignature
+struct GNUNET_DHT_PutHopSignature
{
/**
- * Must be #GNUNET_SIGNATURE_PURPOSE_DHT_HOP.
+ * Must be #GNUNET_SIGNATURE_PURPOSE_DHT_PUT_HOP.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
@@ -131,9 +131,43 @@ struct GNUNET_DHT_HopSignature
struct GNUNET_TIME_AbsoluteNBO expiration_time;
/**
- * Key of the block.
+ * Hash over the payload of the block.
+ */
+ struct GNUNET_HashCode h_data;
+
+ /**
+ * Previous hop the message was received from. All zeros
+ * if this peer was the initiator.
*/
- struct GNUNET_HashCode key;
+ struct GNUNET_PeerIdentity pred;
+
+ /**
+ * Next hop the message was forwarded to.
+ */
+ struct GNUNET_PeerIdentity succ;
+};
+
+
+/**
+ * Message signed by a peer when doing path tracking
+ * for RESULT (GET) hops.
+ */
+struct GNUNET_DHT_ResultHopSignature
+{
+ /**
+ * Must be #GNUNET_SIGNATURE_PURPOSE_DHT_RESULT_HOP.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Expiration time of the block.
+ */
+ struct GNUNET_TIME_AbsoluteNBO expiration_time;
+
+ /**
+ * Query hash of the GET that is being answered.
+ */
+ struct GNUNET_HashCode query_hash;
/**
* Hash over the payload of the block.
@@ -181,6 +215,7 @@ struct GNUNET_DHT_PathElement
};
+
GNUNET_NETWORK_STRUCT_END
/**
@@ -266,7 +301,7 @@ GNUNET_DHT_put_cancel (struct GNUNET_DHT_PutHandle *ph);
*
* @param cls closure
* @param exp when will this value expire
- * @param key key of the result
+ * @param query_hash key of the query
* @param get_path peers on reply path (or NULL if not recorded)
* [0] = datastore's first neighbor, [length - 1] = local peer
* @param get_path_length number of entries in @a get_path
@@ -282,7 +317,7 @@ GNUNET_DHT_put_cancel (struct GNUNET_DHT_PutHandle *ph);
typedef void
(*GNUNET_DHT_GetIterator) (void *cls,
struct GNUNET_TIME_Absolute exp,
- const struct GNUNET_HashCode *key,
+ const struct GNUNET_HashCode *query_hash,
const struct GNUNET_DHT_PathElement *get_path,
unsigned int get_path_length,
const struct GNUNET_DHT_PathElement *put_path,
@@ -487,7 +522,7 @@ GNUNET_DHT_pp2s (const struct GNUNET_DHT_PathElement *path,
* the last signature on the path is never verified as that is the slot where
* our peer (@a me) would need to sign.
*
- * @param key key of the data (not necessarily the query hash)
+ * @param query_hash the query hash, not necessarily the key of the block
* @param data payload (the block)
* @param data_size number of bytes in @a data
* @param exp_time expiration time of @a data
@@ -501,7 +536,7 @@ GNUNET_DHT_pp2s (const struct GNUNET_DHT_PathElement *path,
* @a get_path_len + @a put_path_len - 1 if no signature was valid
*/
unsigned int
-GNUNET_DHT_verify_path (const struct GNUNET_HashCode *key,
+GNUNET_DHT_verify_path (const struct GNUNET_HashCode *query_hash,
const void *data,
size_t data_size,
struct GNUNET_TIME_Absolute exp_time,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: -hack up GET/PUT signatures, still broken by design,
gnunet <=