From: Matthias Wachs Date: Fri, 9 Mar 2012 14:14:01 +0000 (+0000) Subject: - changes to signing verfifying: includes block expiration X-Git-Tag: initial-import-from-subversion-38251~14317 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5e828dc0248330d772913795257b3fda14fe9552;p=oweals%2Fgnunet.git - changes to signing verfifying: includes block expiration --- diff --git a/src/gns/test_gns_dht_delegated_lookup.c b/src/gns/test_gns_dht_delegated_lookup.c index 3b097a3d5..dc73c7b58 100644 --- a/src/gns/test_gns_dht_delegated_lookup.c +++ b/src/gns/test_gns_dht_delegated_lookup.c @@ -204,7 +204,8 @@ put_dht(void *cls, int32_t success, const char *emsg) rd.data_size = sizeof(struct in_addr); rd.data = web; rd.record_type = GNUNET_DNSPARSER_TYPE_A; - sig = GNUNET_NAMESTORE_create_signature(bob_key, TEST_RECORD_NAME, + + sig = GNUNET_NAMESTORE_create_signature(bob_key, GNUNET_TIME_absolute_get_forever(), TEST_RECORD_NAME, &rd, 1); rd_payload_length = GNUNET_NAMESTORE_records_get_size (1, &rd); nrb = GNUNET_malloc(rd_payload_length + strlen(TEST_RECORD_NAME) + 1 diff --git a/src/gns/test_gns_simple_shorten.c b/src/gns/test_gns_simple_shorten.c index fc0c0f1f0..4f8f57acb 100644 --- a/src/gns/test_gns_simple_shorten.c +++ b/src/gns/test_gns_simple_shorten.c @@ -254,7 +254,7 @@ do_shorten(void *cls, const struct GNUNET_PeerIdentity *id, /* put alice into bobs zone */ GNUNET_CRYPTO_hash(&alice_pkey, sizeof(alice_pkey), &alice_hash); rd.data = &alice_hash; - sig = GNUNET_NAMESTORE_create_signature(bob_key, TEST_AUTHORITY_ALICE, + sig = GNUNET_NAMESTORE_create_signature(bob_key, GNUNET_TIME_absolute_get_forever(), TEST_AUTHORITY_ALICE, &rd, 1); GNUNET_NAMESTORE_record_put (namestore_handle, @@ -272,7 +272,7 @@ do_shorten(void *cls, const struct GNUNET_PeerIdentity *id, rd.data_size = sizeof(struct in_addr); rd.data = web; rd.record_type = GNUNET_DNSPARSER_TYPE_A; - sig = GNUNET_NAMESTORE_create_signature(alice_key, TEST_RECORD_NAME, + sig = GNUNET_NAMESTORE_create_signature(alice_key,GNUNET_TIME_absolute_get_forever(), TEST_RECORD_NAME, &rd, 1); GNUNET_NAMESTORE_record_put (namestore_handle, @@ -290,7 +290,7 @@ do_shorten(void *cls, const struct GNUNET_PeerIdentity *id, rd.record_type = GNUNET_GNS_RECORD_PSEU; GNUNET_free(sig); - sig = GNUNET_NAMESTORE_create_signature(alice_key, "", + sig = GNUNET_NAMESTORE_create_signature(alice_key,GNUNET_TIME_absolute_get_forever(), "", &rd, 1); GNUNET_NAMESTORE_record_put (namestore_handle, diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h index 29c70a179..fbc2a4b3c 100644 --- a/src/include/gnunet_namestore_service.h +++ b/src/include/gnunet_namestore_service.h @@ -206,6 +206,7 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h, * to validate signatures received from the network. * * @param public_key public key of the zone + * @param expire block expiration * @param name name that is being mapped (at most 255 characters long) * @param rd_count number of entries in 'rd' array * @param rd array of records with data to store @@ -214,10 +215,11 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h, */ int GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key, - const char *name, - unsigned int rd_count, - const struct GNUNET_NAMESTORE_RecordData *rd, - const struct GNUNET_CRYPTO_RsaSignature *signature); + const struct GNUNET_TIME_Absolute expire, + const char *name, + unsigned int rd_count, + const struct GNUNET_NAMESTORE_RecordData *rd, + const struct GNUNET_CRYPTO_RsaSignature *signature); /** diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c index 87ecc9018..57d2dd007 100644 --- a/src/namestore/gnunet-service-namestore.c +++ b/src/namestore/gnunet-service-namestore.c @@ -212,6 +212,21 @@ int zone_to_disk_it (void *cls, } +struct GNUNET_TIME_Absolute +get_block_expiration_time (unsigned int rd_count, const struct GNUNET_NAMESTORE_RecordData *rd) +{ + int c; + struct GNUNET_TIME_Absolute expire = GNUNET_TIME_absolute_get_forever(); + if (NULL == rd) + return GNUNET_TIME_absolute_get_zero(); + for (c = 0; c < rd_count; c++) + { + if (rd[c].expiration.abs_value < expire.abs_value) + expire = rd[c].expiration; + } + return expire; +} + /** * Task run during shutdown. * @@ -231,6 +246,7 @@ cleanup_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) snc = NULL; GNUNET_CONTAINER_multihashmap_iterate(zonekeys, &zone_to_disk_it, NULL); + GNUNET_CONTAINER_multihashmap_destroy(zonekeys); for (nc = client_head; nc != NULL; nc = next) { @@ -364,6 +380,7 @@ handle_lookup_name_it (void *cls, struct GNUNET_NAMESTORE_RecordData *rd_selected = NULL; struct GNUNET_NAMESTORE_CryptoContainer *cc; struct GNUNET_CRYPTO_RsaSignature *signature_new = NULL; + struct GNUNET_TIME_Absolute e; GNUNET_HashCode zone_key_hash; char *rd_tmp; char *name_tmp; @@ -435,7 +452,8 @@ handle_lookup_name_it (void *cls, if (GNUNET_CONTAINER_multihashmap_contains(zonekeys, &zone_key_hash)) { cc = GNUNET_CONTAINER_multihashmap_get(zonekeys, &zone_key_hash); - signature_new = GNUNET_NAMESTORE_create_signature(cc->privkey, name, rd, rd_count); + e = get_block_expiration_time(rd_count, rd); + signature_new = GNUNET_NAMESTORE_create_signature(cc->privkey, e, name, rd, rd_count); GNUNET_assert (signature_new != NULL); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating signature for name `%s' with %u records in zone `%s'\n",name, copied_elements, GNUNET_h2s(&zone_key_hash)); authoritative = GNUNET_YES; @@ -444,9 +462,6 @@ handle_lookup_name_it (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "I am not authoritative for name `%s' in zone `%s'\n",name, GNUNET_h2s(&zone_key_hash)); } - if (rd_selected != rd) - GNUNET_free (rd_selected); - r_size = sizeof (struct LookupNameResponseMessage) + sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) + name_len + @@ -460,7 +475,10 @@ handle_lookup_name_it (void *cls, lnr_msg->rd_count = htons (copied_elements); lnr_msg->rd_len = htons (rd_ser_len); lnr_msg->name_len = htons (name_len); - lnr_msg->expire = GNUNET_TIME_absolute_hton(expire); + lnr_msg->expire = GNUNET_TIME_absolute_hton(get_block_expiration_time(copied_elements, rd_selected)); + + if (rd_selected != rd) + GNUNET_free (rd_selected); if (zone_key != NULL) lnr_msg->public_key = (*zone_key); @@ -811,6 +829,7 @@ static void handle_record_create (void *cls, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received `%s' message\n", "NAMESTORE_RECORD_CREATE"); struct GNUNET_NAMESTORE_Client *nc; + struct GNUNET_NAMESTORE_CryptoContainer *cc; struct CreateRecordContext crc; struct GNUNET_CRYPTO_RsaPrivateKey *pkey; struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pub; @@ -895,6 +914,19 @@ static void handle_record_create (void *cls, GNUNET_CRYPTO_rsa_key_get_public(pkey, &pub); GNUNET_CRYPTO_hash (&pub, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &pubkey_hash); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(zonekeys, &pubkey_hash)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received new private key for zone `%s'\n",GNUNET_h2s(&pubkey_hash)); + + cc = GNUNET_malloc (sizeof (struct GNUNET_NAMESTORE_CryptoContainer)); + cc->privkey = GNUNET_CRYPTO_rsa_decode_key((char *) pkey_tmp, key_len); + cc->pubkey = GNUNET_malloc(sizeof (pub)); + memcpy (cc->pubkey, &pub, sizeof(pub)); + cc->zone = pubkey_hash; + + GNUNET_CONTAINER_multihashmap_put(zonekeys, &pubkey_hash, cc, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); + } + crc.expire = GNUNET_TIME_absolute_ntoh(rp_msg->expire); crc.res = GNUNET_SYSERR; crc.pkey = pkey; @@ -909,6 +941,7 @@ static void handle_record_create (void *cls, if (res != GNUNET_SYSERR) res = GNUNET_OK; GNUNET_CRYPTO_rsa_key_free(pkey); + pkey = NULL; /* Send response */ send: @@ -1027,6 +1060,7 @@ static void handle_record_remove (void *cls, struct GNUNET_NAMESTORE_Client *nc; struct RecordRemoveResponseMessage rrr_msg; struct GNUNET_CRYPTO_RsaPrivateKey *pkey; + struct GNUNET_NAMESTORE_CryptoContainer *cc = NULL; struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pub; GNUNET_HashCode pubkey_hash; char * pkey_tmp = NULL; @@ -1120,6 +1154,18 @@ static void handle_record_remove (void *cls, GNUNET_CRYPTO_rsa_key_get_public(pkey, &pub); GNUNET_CRYPTO_hash (&pub, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &pubkey_hash); + if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(zonekeys, &pubkey_hash)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received new private key for zone `%s'\n",GNUNET_h2s(&pubkey_hash)); + cc = GNUNET_malloc (sizeof (struct GNUNET_NAMESTORE_CryptoContainer)); + cc->privkey = GNUNET_CRYPTO_rsa_decode_key((char *) pkey_tmp, key_len); + cc->pubkey = GNUNET_malloc(sizeof (pub)); + memcpy (cc->pubkey, &pub, sizeof(pub)); + cc->zone = pubkey_hash; + + GNUNET_CONTAINER_multihashmap_put(zonekeys, &pubkey_hash, cc, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); + } + struct GNUNET_NAMESTORE_RecordData rd[rd_count]; res = GNUNET_NAMESTORE_records_deserialize(rd_ser_len, rd_ser, rd_count, rd); if ((res != GNUNET_OK) || (rd_count != 1)) @@ -1334,6 +1380,7 @@ void zone_iteration_proc (void *cls, struct GNUNET_NAMESTORE_Client *nc = zi->client; struct GNUNET_NAMESTORE_CryptoContainer * cc; struct GNUNET_CRYPTO_RsaSignature *signature_new = NULL; + struct GNUNET_TIME_Absolute e; GNUNET_HashCode zone_key_hash; int authoritative = GNUNET_NO; @@ -1393,9 +1440,11 @@ void zone_iteration_proc (void *cls, if (GNUNET_CONTAINER_multihashmap_contains(zonekeys, &zone_key_hash)) { cc = GNUNET_CONTAINER_multihashmap_get(zonekeys, &zone_key_hash); - signature_new = GNUNET_NAMESTORE_create_signature(cc->privkey, name, rd, rd_count); + e = get_block_expiration_time(rd_count, rd); + expire = e; + signature_new = GNUNET_NAMESTORE_create_signature(cc->privkey, e, name, rd, rd_count); GNUNET_assert (signature_new != NULL); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating signature for name `%s' with %u records in zone `%s'\n",name, rd_count, GNUNET_h2s(&zone_key_hash)); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating signature for `%s' in zone `%s' with %u records and expiration %llu\n", name, GNUNET_h2s(&zone_key_hash), rd_count, e.abs_value); authoritative = GNUNET_YES; } diff --git a/src/namestore/namestore.h b/src/namestore/namestore.h index e0550b499..48e021f6d 100644 --- a/src/namestore/namestore.h +++ b/src/namestore/namestore.h @@ -47,9 +47,10 @@ #define GNUNET_MESSAGE_TYPE_NAMESTORE_ZONE_ITERATION_STOP 448 /** - * Create a signature based on name and records + * Sign name and records * * @param key the private key + * @param expire block expiration * @param name the name * @param rd record data * @param rd_count number of records @@ -58,9 +59,10 @@ */ struct GNUNET_CRYPTO_RsaSignature * GNUNET_NAMESTORE_create_signature (const struct GNUNET_CRYPTO_RsaPrivateKey *key, - const char *name, - const struct GNUNET_NAMESTORE_RecordData *rd, - unsigned int rd_count); + struct GNUNET_TIME_Absolute expire, + const char *name, + const struct GNUNET_NAMESTORE_RecordData *rd, + unsigned int rd_count); /** * Compares if two records are equal diff --git a/src/namestore/namestore_api.c b/src/namestore/namestore_api.c index f1dfcc0aa..f9125d325 100644 --- a/src/namestore/namestore_api.c +++ b/src/namestore/namestore_api.c @@ -1048,6 +1048,7 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h, * to validate signatures received from the network. * * @param public_key public key of the zone + * @param expire block expiration * @param name name that is being mapped (at most 255 characters long) * @param rd_count number of entries in 'rd' array * @param rd array of records with data to store @@ -1056,6 +1057,7 @@ GNUNET_NAMESTORE_record_put (struct GNUNET_NAMESTORE_Handle *h, */ int GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *public_key, + const struct GNUNET_TIME_Absolute expire, const char *name, unsigned int rd_count, const struct GNUNET_NAMESTORE_RecordData *rd, @@ -1067,6 +1069,8 @@ GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_RsaPublicKeyBinary char * name_tmp; char * rd_tmp; struct GNUNET_CRYPTO_RsaSignaturePurpose *sig_purpose; + struct GNUNET_TIME_AbsoluteNBO *expire_tmp; + struct GNUNET_TIME_AbsoluteNBO expire_nbo = GNUNET_TIME_absolute_hton(expire); GNUNET_assert (public_key != NULL); GNUNET_assert (name != NULL); @@ -1085,11 +1089,13 @@ GNUNET_NAMESTORE_verify_signature (const struct GNUNET_CRYPTO_RsaPublicKeyBinary return GNUNET_SYSERR; } - sig_purpose = GNUNET_malloc(sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + rd_ser_len + name_len); + sig_purpose = GNUNET_malloc(sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + sizeof (struct GNUNET_TIME_AbsoluteNBO) + rd_ser_len + name_len); sig_purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose)+ rd_ser_len + name_len); sig_purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); - name_tmp = (char *) &sig_purpose[1]; + expire_tmp = (struct GNUNET_TIME_AbsoluteNBO *) &sig_purpose[1]; + name_tmp = (char *) &expire_tmp[1]; rd_tmp = &name_tmp[name_len]; + memcpy (expire_tmp, &expire_nbo, sizeof (struct GNUNET_TIME_AbsoluteNBO)); memcpy (name_tmp, name, name_len); memcpy (rd_tmp, rd_ser, rd_ser_len); diff --git a/src/namestore/namestore_common.c b/src/namestore/namestore_common.c index 311388b14..b8236edf0 100644 --- a/src/namestore/namestore_common.c +++ b/src/namestore/namestore_common.c @@ -198,6 +198,7 @@ GNUNET_NAMESTORE_records_deserialize (size_t len, * Sign name and records * * @param key the private key + * @param expire block expiration * @param name the name * @param rd record data * @param rd_count number of records @@ -206,14 +207,18 @@ GNUNET_NAMESTORE_records_deserialize (size_t len, */ struct GNUNET_CRYPTO_RsaSignature * GNUNET_NAMESTORE_create_signature (const struct GNUNET_CRYPTO_RsaPrivateKey *key, + struct GNUNET_TIME_Absolute expire, const char *name, const struct GNUNET_NAMESTORE_RecordData *rd, unsigned int rd_count) { struct GNUNET_CRYPTO_RsaSignature *sig = GNUNET_malloc(sizeof (struct GNUNET_CRYPTO_RsaSignature)); struct GNUNET_CRYPTO_RsaSignaturePurpose *sig_purpose; + struct GNUNET_TIME_AbsoluteNBO expire_nbo = GNUNET_TIME_absolute_hton(expire); size_t rd_ser_len; size_t name_len; + + struct GNUNET_TIME_AbsoluteNBO *expire_tmp; char * name_tmp; char * rd_tmp; int res; @@ -230,12 +235,13 @@ GNUNET_NAMESTORE_create_signature (const struct GNUNET_CRYPTO_RsaPrivateKey *key char rd_ser[rd_ser_len]; GNUNET_NAMESTORE_records_serialize(rd_count, rd, rd_ser_len, rd_ser); - sig_purpose = GNUNET_malloc(sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + rd_ser_len + name_len); - + sig_purpose = GNUNET_malloc(sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose) + sizeof (struct GNUNET_TIME_AbsoluteNBO) + rd_ser_len + name_len); sig_purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_RsaSignaturePurpose)+ rd_ser_len + name_len); sig_purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); - name_tmp = (char *) &sig_purpose[1]; + expire_tmp = (struct GNUNET_TIME_AbsoluteNBO *) &sig_purpose[1]; + name_tmp = (char *) &expire_tmp[1]; rd_tmp = &name_tmp[name_len]; + memcpy (expire_tmp, &expire_nbo, sizeof (struct GNUNET_TIME_AbsoluteNBO)); memcpy (name_tmp, name, name_len); memcpy (rd_tmp, rd_ser, rd_ser_len); diff --git a/src/namestore/test_namestore_api_create.c b/src/namestore/test_namestore_api_create.c index f42fee206..82c2d2ab5 100644 --- a/src/namestore/test_namestore_api_create.c +++ b/src/namestore/test_namestore_api_create.c @@ -176,14 +176,14 @@ void name_lookup_second_proc (void *cls, } } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, n, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, expire, n, rd_count, rd, signature)) { GNUNET_break (0); failed = GNUNET_YES; } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, n, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire, n, rd_count, rd, signature)) { GNUNET_break (0); failed = GNUNET_YES; @@ -192,7 +192,7 @@ void name_lookup_second_proc (void *cls, struct GNUNET_NAMESTORE_RecordData rd_new[2]; rd_new[0] = *s_first_record; rd_new[1] = *s_second_record; - s_signature_updated = GNUNET_NAMESTORE_create_signature(privkey, s_name, rd_new, 2); + s_signature_updated = GNUNET_NAMESTORE_create_signature(privkey, expire, s_name, rd_new, 2); if (0 != memcmp (s_signature_updated, signature, sizeof (struct GNUNET_CRYPTO_RsaSignature))) { @@ -281,7 +281,7 @@ void name_lookup_initial_proc (void *cls, } } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, n, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire,n, rd_count, rd, signature)) { GNUNET_break (0); failed = GNUNET_YES; @@ -423,7 +423,7 @@ run (void *cls, char *const *args, const char *cfgfile, char rd_ser[rd_ser_len]; GNUNET_NAMESTORE_records_serialize(1, s_first_record, rd_ser_len, rd_ser); - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_first_record, 1); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_first_record->expiration, s_name, s_first_record, 1); /* create random zone hash */ GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &s_zone); diff --git a/src/namestore/test_namestore_api_create_update.c b/src/namestore/test_namestore_api_create_update.c index 4f8f6e05f..9e8f9c4d4 100644 --- a/src/namestore/test_namestore_api_create_update.c +++ b/src/namestore/test_namestore_api_create_update.c @@ -176,7 +176,7 @@ void name_lookup_second_proc (void *cls, } } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, n, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire, n, rd_count, rd, signature)) { GNUNET_break (0); failed = GNUNET_YES; @@ -185,7 +185,7 @@ void name_lookup_second_proc (void *cls, struct GNUNET_NAMESTORE_RecordData rd_new[2]; rd_new[0] = *s_first_record; rd_new[1] = *s_second_record; - s_signature_updated = GNUNET_NAMESTORE_create_signature(privkey, s_name, rd_new, 2); + s_signature_updated = GNUNET_NAMESTORE_create_signature(privkey, expire, s_name, rd_new, 2); if (0 != memcmp (s_signature_updated, signature, sizeof (struct GNUNET_CRYPTO_RsaSignature))) { @@ -274,7 +274,7 @@ void name_lookup_initial_proc (void *cls, } } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, n, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire, n, rd_count, rd, signature)) { GNUNET_break (0); failed = GNUNET_YES; @@ -462,7 +462,7 @@ run (void *cls, char *const *args, const char *cfgfile, char rd_ser[rd_ser_len]; GNUNET_NAMESTORE_records_serialize(1, s_first_record, rd_ser_len, rd_ser); - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_first_record, 1); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_first_record->expiration, s_name, s_first_record, 1); /* create random zone hash */ GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &s_zone); diff --git a/src/namestore/test_namestore_api_lookup.c b/src/namestore/test_namestore_api_lookup.c index 47bc9b672..4a33c6467 100644 --- a/src/namestore/test_namestore_api_lookup.c +++ b/src/namestore/test_namestore_api_lookup.c @@ -270,7 +270,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_NAMESTORE_records_serialize(RECORDS, s_rd, rd_ser_len, rd_ser); /* sign */ - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_rd, RECORDS); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_rd[0].expiration, s_name, s_rd, RECORDS); /* create random zone hash */ GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &s_zone); diff --git a/src/namestore/test_namestore_api_lookup_specific_type.c b/src/namestore/test_namestore_api_lookup_specific_type.c index 3facec50f..bd6a9f7d0 100644 --- a/src/namestore/test_namestore_api_lookup_specific_type.c +++ b/src/namestore/test_namestore_api_lookup_specific_type.c @@ -279,7 +279,7 @@ create_record (int count) for (c = 0; c < RECORDS-1; c++) { - rd[c].expiration = GNUNET_TIME_absolute_get(); + rd[c].expiration = GNUNET_TIME_absolute_get_zero(); rd[c].record_type = 1; rd[c].data_size = TEST_RECORD_DATALEN; rd[c].data = GNUNET_malloc(TEST_RECORD_DATALEN); @@ -342,7 +342,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_NAMESTORE_records_serialize(RECORDS, s_rd, rd_ser_len, rd_ser); /* sign */ - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_rd, RECORDS); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_rd[RECORDS -1].expiration, s_name, s_rd, RECORDS); /* create random zone hash */ GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &s_zone); diff --git a/src/namestore/test_namestore_api_put.c b/src/namestore/test_namestore_api_put.c index 310c9a331..190b5cec1 100644 --- a/src/namestore/test_namestore_api_put.c +++ b/src/namestore/test_namestore_api_put.c @@ -196,7 +196,7 @@ run (void *cls, char *const *args, const char *cfgfile, char * s_name = "dummy.dummy.gnunet"; s_rd = create_record (RECORDS); - signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_rd, RECORDS); + signature = GNUNET_NAMESTORE_create_signature(privkey, s_rd[0].expiration, s_name, s_rd, RECORDS); GNUNET_break (s_rd != NULL); GNUNET_break (s_name != NULL); diff --git a/src/namestore/test_namestore_api_remove.c b/src/namestore/test_namestore_api_remove.c index 88c4771d1..3b05168c5 100644 --- a/src/namestore/test_namestore_api_remove.c +++ b/src/namestore/test_namestore_api_remove.c @@ -174,7 +174,7 @@ void name_lookup_proc (void *cls, } } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, n, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire, n, rd_count, rd, signature)) { GNUNET_break (0); failed = GNUNET_YES; @@ -251,7 +251,7 @@ create_record (int count) for (c = 1; c < RECORDS; c++) { - rd[c].expiration = GNUNET_TIME_absolute_get(); + rd[c].expiration = GNUNET_TIME_absolute_get_zero(); rd[c].record_type = TEST_RECORD_TYPE; rd[c].data_size = TEST_RECORD_DATALEN; rd[c].data = GNUNET_malloc(TEST_RECORD_DATALEN); @@ -306,7 +306,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_NAMESTORE_records_serialize(RECORDS, s_rd, rd_ser_len, rd_ser); /* sign */ - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_rd, RECORDS); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_rd[0].expiration, s_name, s_rd, RECORDS); /* create random zone hash */ GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &s_zone); diff --git a/src/namestore/test_namestore_api_remove_not_existing_record.c b/src/namestore/test_namestore_api_remove_not_existing_record.c index 431e7d1a5..bf50c6f17 100644 --- a/src/namestore/test_namestore_api_remove_not_existing_record.c +++ b/src/namestore/test_namestore_api_remove_not_existing_record.c @@ -240,7 +240,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_NAMESTORE_records_serialize(RECORDS, s_rd, rd_ser_len, rd_ser); /* sign */ - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, s_rd, RECORDS); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_rd[0].expiration, s_name, s_rd, RECORDS); /* create random zone hash */ GNUNET_CRYPTO_hash (&pubkey, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &s_zone); diff --git a/src/namestore/test_namestore_api_sign_verify.c b/src/namestore/test_namestore_api_sign_verify.c index 1fb479611..b9c9eec15 100644 --- a/src/namestore/test_namestore_api_sign_verify.c +++ b/src/namestore/test_namestore_api_sign_verify.c @@ -80,6 +80,7 @@ run (void *cls, char *const *args, const char *cfgfile, privkey = GNUNET_CRYPTO_rsa_key_create_from_file(hostkey_file); GNUNET_free (hostkey_file); GNUNET_assert (privkey != NULL); + struct GNUNET_TIME_Absolute expire = GNUNET_TIME_absolute_get(); /* get public key */ GNUNET_CRYPTO_rsa_key_get_public(privkey, &pubkey); @@ -90,19 +91,19 @@ run (void *cls, char *const *args, const char *cfgfile, s_name = "dummy.dummy.gnunet"; s_rd = create_record (RECORDS); - signature = GNUNET_NAMESTORE_create_signature (privkey, s_name, s_rd, RECORDS); + signature = GNUNET_NAMESTORE_create_signature (privkey, expire, s_name, s_rd, RECORDS); GNUNET_assert (signature != NULL); - res_c = GNUNET_NAMESTORE_verify_signature(&pubkey, s_name, RECORDS, s_rd, signature); + res_c = GNUNET_NAMESTORE_verify_signature(&pubkey, expire, s_name, RECORDS, s_rd, signature); GNUNET_break (res == GNUNET_OK); GNUNET_free (signature); - signature = GNUNET_NAMESTORE_create_signature (privkey, s_name, s_rd, RECORDS); + signature = GNUNET_NAMESTORE_create_signature (privkey, expire, s_name, s_rd, RECORDS); GNUNET_break (signature != NULL); GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "FYI: The next warning is intended!\n"); - res_w = GNUNET_NAMESTORE_verify_signature(&pubkey, s_name, RECORDS - 1, s_rd, signature); + res_w = GNUNET_NAMESTORE_verify_signature(&pubkey, expire, s_name, RECORDS - 1, s_rd, signature); GNUNET_break (res_w == GNUNET_SYSERR); GNUNET_free (signature); diff --git a/src/namestore/test_namestore_api_zone_iteration.c b/src/namestore/test_namestore_api_zone_iteration.c index ffc482e0d..7433b95b0 100644 --- a/src/namestore/test_namestore_api_zone_iteration.c +++ b/src/namestore/test_namestore_api_zone_iteration.c @@ -220,8 +220,12 @@ void zone_proc (void *cls, else { /* verify signature returned from name store */ - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, name, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature (zone_key, expire, name, rd_count, rd, signature)) { + GNUNET_HashCode zone_key_hash; + GNUNET_CRYPTO_hash (zone_key, sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded), &zone_key_hash); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Verifying signature for `%s' in zone `%s' with %u records and expiration %llu failed\n", name, GNUNET_h2s(&zone_key_hash), rd_count, expire.abs_value); + failed = GNUNET_YES; GNUNET_break (0); } @@ -284,7 +288,7 @@ void zone_proc (void *cls, failed = GNUNET_YES; GNUNET_break (0); } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, name, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, expire, name, rd_count, rd, signature)) { failed = GNUNET_YES; GNUNET_break (0); @@ -430,7 +434,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_asprintf(&s_name_1, "dummy1"); s_rd_1 = create_record(1); - sig_1 = GNUNET_NAMESTORE_create_signature(privkey, s_name_1, s_rd_1, 1); + sig_1 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_1->expiration, s_name_1, s_rd_1, 1); GNUNET_NAMESTORE_record_create(nsh, privkey, s_name_1, s_rd_1, &put_cont, NULL); @@ -438,14 +442,14 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_asprintf(&s_name_2, "dummy2"); s_rd_2 = create_record(1); - sig_2 = GNUNET_NAMESTORE_create_signature(privkey, s_name_2, s_rd_2, 1); + sig_2 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_2->expiration, s_name_2, s_rd_2, 1); GNUNET_NAMESTORE_record_create(nsh, privkey, s_name_2, s_rd_2, &put_cont, NULL); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Created record 3\n"); /* name in different zone */ GNUNET_asprintf(&s_name_3, "dummy3"); s_rd_3 = create_record(1); - sig_3 = GNUNET_NAMESTORE_create_signature(privkey2, s_name_3, s_rd_3, 1); + sig_3 = GNUNET_NAMESTORE_create_signature(privkey2, s_rd_3->expiration, s_name_3, s_rd_3, 1); GNUNET_NAMESTORE_record_put (nsh, &pubkey2, s_name_3, GNUNET_TIME_absolute_get_forever(), 1, s_rd_3, sig_3, &put_cont, NULL); } diff --git a/src/namestore/test_namestore_api_zone_iteration_specific_zone.c b/src/namestore/test_namestore_api_zone_iteration_specific_zone.c index 4b0ce817f..ae8e2da5c 100644 --- a/src/namestore/test_namestore_api_zone_iteration_specific_zone.c +++ b/src/namestore/test_namestore_api_zone_iteration_specific_zone.c @@ -396,7 +396,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_asprintf(&s_name_1, "dummy1"); s_rd_1 = create_record(1); - sig_1 = GNUNET_NAMESTORE_create_signature(privkey, s_name_1, s_rd_1, 1); + sig_1 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_1[0].expiration ,s_name_1, s_rd_1, 1); GNUNET_NAMESTORE_record_create(nsh, privkey, s_name_1, s_rd_1, &put_cont, NULL); @@ -404,14 +404,14 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_asprintf(&s_name_2, "dummy2"); s_rd_2 = create_record(1); - sig_2 = GNUNET_NAMESTORE_create_signature(privkey, s_name_2, s_rd_2, 1); + sig_2 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_2[0].expiration, s_name_2, s_rd_2, 1); GNUNET_NAMESTORE_record_create(nsh, privkey, s_name_2, s_rd_2, &put_cont, NULL); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Created record 3\n"); /* name in different zone */ GNUNET_asprintf(&s_name_3, "dummy3"); s_rd_3 = create_record(1); - sig_3 = GNUNET_NAMESTORE_create_signature(privkey, s_name_3, s_rd_3, 1); + sig_3 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_3[0].expiration, s_name_3, s_rd_3, 1); GNUNET_NAMESTORE_record_put (nsh, &pubkey2, s_name_3, GNUNET_TIME_absolute_get_forever(), 1, s_rd_3, sig_3, &put_cont, NULL); } diff --git a/src/namestore/test_namestore_api_zone_iteration_stop.c b/src/namestore/test_namestore_api_zone_iteration_stop.c index 419a058fa..47b09a00c 100644 --- a/src/namestore/test_namestore_api_zone_iteration_stop.c +++ b/src/namestore/test_namestore_api_zone_iteration_stop.c @@ -226,7 +226,7 @@ void zone_proc (void *cls, { /* verify signature returned from name store */ - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, name, rd_count, rd, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(zone_key, expire, name, rd_count, rd, signature)) { failed = GNUNET_YES; GNUNET_break (0); @@ -249,7 +249,7 @@ void zone_proc (void *cls, failed = GNUNET_YES; GNUNET_break (0); } - if (0 != memcmp (signature, sig_1, sizeof (struct GNUNET_CRYPTO_RsaSignature))) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire, s_name_1, 1, s_rd_1, signature)) { failed = GNUNET_YES; GNUNET_break (0); @@ -271,7 +271,7 @@ void zone_proc (void *cls, GNUNET_break (0); } - if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey2, s_name_2, 1, s_rd_2, signature)) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey, expire, s_name_2, 1, s_rd_2, signature)) { failed = GNUNET_YES; GNUNET_break (0); @@ -292,7 +292,7 @@ void zone_proc (void *cls, failed = GNUNET_YES; GNUNET_break (0); } - if (0 != memcmp (signature, sig_3, sizeof (struct GNUNET_CRYPTO_RsaSignature))) + if (GNUNET_OK != GNUNET_NAMESTORE_verify_signature(&pubkey2, expire, s_name_3, 1, s_rd_3, signature)) { failed = GNUNET_YES; GNUNET_break (0); @@ -446,7 +446,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_asprintf(&s_name_1, "dummy1"); s_rd_1 = create_record(1); - sig_1 = GNUNET_NAMESTORE_create_signature(privkey, s_name_1, s_rd_1, 1); + sig_1 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_1[0].expiration, s_name_1, s_rd_1, 1); GNUNET_NAMESTORE_record_create(nsh, privkey, s_name_1, s_rd_1, &put_cont, NULL); @@ -454,14 +454,14 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_asprintf(&s_name_2, "dummy2"); s_rd_2 = create_record(1); - sig_2 = GNUNET_NAMESTORE_create_signature(privkey, s_name_2, s_rd_2, 1); + sig_2 = GNUNET_NAMESTORE_create_signature(privkey, s_rd_2[0].expiration, s_name_2, s_rd_2, 1); GNUNET_NAMESTORE_record_create(nsh, privkey, s_name_2, s_rd_2, &put_cont, NULL); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Created record 3\n"); /* name in different zone */ GNUNET_asprintf(&s_name_3, "dummy3"); s_rd_3 = create_record(1); - sig_3 = GNUNET_NAMESTORE_create_signature(privkey2, s_name_3, s_rd_3, 1); + sig_3 = GNUNET_NAMESTORE_create_signature(privkey2, s_rd_3[0].expiration, s_name_3, s_rd_3, 1); GNUNET_NAMESTORE_record_put (nsh, &pubkey2, s_name_3, GNUNET_TIME_absolute_get_forever(), 1, s_rd_3, sig_3, &put_cont, NULL); } diff --git a/src/namestore/test_namestore_api_zone_to_name.c b/src/namestore/test_namestore_api_zone_to_name.c index 498b1197d..ba15389f0 100644 --- a/src/namestore/test_namestore_api_zone_to_name.c +++ b/src/namestore/test_namestore_api_zone_to_name.c @@ -247,7 +247,7 @@ run (void *cls, char *const *args, const char *cfgfile, GNUNET_break (NULL != nsh); expire = GNUNET_TIME_absolute_get (); - s_signature = GNUNET_NAMESTORE_create_signature(privkey, s_name, &rd, 1); + s_signature = GNUNET_NAMESTORE_create_signature(privkey, rd.expiration, s_name, &rd, 1); GNUNET_NAMESTORE_record_put(nsh, &pubkey, s_name, expire, 1, &rd, s_signature, put_cont, NULL); GNUNET_free ((void *) rd.data);