Christian Grothoff [Sun, 19 Jun 2016 22:40:01 +0000 (22:40 +0000)]
proper shutdown
Christian Grothoff [Sun, 19 Jun 2016 22:39:40 +0000 (22:39 +0000)]
-incorrect comment
Christian Grothoff [Sun, 19 Jun 2016 22:39:22 +0000 (22:39 +0000)]
-use new connecT API
Christian Grothoff [Sun, 19 Jun 2016 22:39:09 +0000 (22:39 +0000)]
-assert on task
Christian Grothoff [Sun, 19 Jun 2016 22:38:29 +0000 (22:38 +0000)]
-fix gnunet-revocation
Christian Grothoff [Sun, 19 Jun 2016 22:26:35 +0000 (22:26 +0000)]
-fix the fix
Christian Grothoff [Sun, 19 Jun 2016 22:23:23 +0000 (22:23 +0000)]
avoid changing API for now
Christian Grothoff [Sun, 19 Jun 2016 22:16:24 +0000 (22:16 +0000)]
use new connecT API
Christian Grothoff [Sun, 19 Jun 2016 21:29:20 +0000 (21:29 +0000)]
refactoring core API to use new MQ lib
Christian Grothoff [Sun, 19 Jun 2016 19:01:21 +0000 (19:01 +0000)]
-fix typo
Christian Grothoff [Sun, 19 Jun 2016 18:50:00 +0000 (18:50 +0000)]
redefine GNUNET_MQ_queue_for_connection_client to capture client handle
Martin Schanzenbach [Sat, 18 Jun 2016 21:49:23 +0000 (21:49 +0000)]
-fix
Christian Grothoff [Sat, 18 Jun 2016 21:20:00 +0000 (21:20 +0000)]
-indentation and comments
Christian Grothoff [Sat, 18 Jun 2016 21:19:27 +0000 (21:19 +0000)]
update secretsharing to new MQ API
Christian Grothoff [Sat, 18 Jun 2016 21:07:25 +0000 (21:07 +0000)]
fix consensus to match new MQ API -- and correct CONCLUDE_DONE to be fixed-size
Christian Grothoff [Sat, 18 Jun 2016 21:01:02 +0000 (21:01 +0000)]
fix RPS to match new MQ API -- and to check message format
Christian Grothoff [Sat, 18 Jun 2016 20:38:04 +0000 (20:38 +0000)]
-fixing part of Martin's FTBFS
Christian Grothoff [Sat, 18 Jun 2016 20:26:06 +0000 (20:26 +0000)]
adapt peerstore API to new MQ API
Christian Grothoff [Sat, 18 Jun 2016 20:07:17 +0000 (20:07 +0000)]
convert conversation_api_call.c
Martin Schanzenbach [Sat, 18 Jun 2016 20:04:18 +0000 (20:04 +0000)]
-fix
Martin Schanzenbach [Sat, 18 Jun 2016 19:31:00 +0000 (19:31 +0000)]
- fix more rest and jsonapi
Christian Grothoff [Sat, 18 Jun 2016 18:49:13 +0000 (18:49 +0000)]
partial refactoring, will cause FTBFS, to be completed ASAP
Martin Schanzenbach [Sat, 18 Jun 2016 18:16:22 +0000 (18:16 +0000)]
- fix rest plugin
Martin Schanzenbach [Sat, 18 Jun 2016 18:03:42 +0000 (18:03 +0000)]
- revert to r37134. Broken build
Christophe Genevey Metat [Fri, 17 Jun 2016 15:28:55 +0000 (15:28 +0000)]
plugin datastore mysql
Jeff Burdges [Tue, 14 Jun 2016 02:50:39 +0000 (02:50 +0000)]
Fix perf_crypto_rsa.c after various changes
Not perfect, but some functionality is nolonger exposed.
Julius Bünger [Mon, 13 Jun 2016 22:46:05 +0000 (22:46 +0000)]
-rps: merge duplicate functions
Julius Bünger [Mon, 13 Jun 2016 21:44:38 +0000 (21:44 +0000)]
-rps: open channel when inserting peer in view
Christian Grothoff [Mon, 13 Jun 2016 11:40:29 +0000 (11:40 +0000)]
fix indentation, bad stack allocation of buf
Christophe Genevey Metat [Mon, 13 Jun 2016 11:24:06 +0000 (11:24 +0000)]
lcov test function
Christian Grothoff [Sat, 11 Jun 2016 14:20:28 +0000 (14:20 +0000)]
fix memroy leak
Christophe Genevey Metat [Fri, 10 Jun 2016 12:32:40 +0000 (12:32 +0000)]
finish to fix memory leak
Christophe Genevey Metat [Fri, 10 Jun 2016 09:19:27 +0000 (09:19 +0000)]
finish to fix memory leak
Christophe Genevey Metat [Thu, 9 Jun 2016 15:39:57 +0000 (15:39 +0000)]
fix memory leak
Carlo von lynX [Thu, 9 Jun 2016 14:36:14 +0000 (14:36 +0000)]
improved usability for gnunet-logread -f
Jeff Burdges [Wed, 8 Jun 2016 13:37:14 +0000 (13:37 +0000)]
Rework the error handling for gcd(r,n) != 1 so the Taler wallet can see errors.
Jeff Burdges [Tue, 7 Jun 2016 19:06:46 +0000 (19:06 +0000)]
Abstract out previous GCD(m,n)=1 commit into a single function
This should make it easier to report properly in the wallet.
Jeff Burdges [Tue, 7 Jun 2016 18:32:25 +0000 (18:32 +0000)]
Verify that GCD(m,n) != 1 when n is an RSA modulus
Much thanks to CodesInChaos <codesinchaos@gmail.com> from the
cryptography@metzdowd.com list for observing this flaw!
On Tue, 2016-06-07 at 13:39 +0200, CodesInChaos wrote:
> How do you handle the case where GCD(m, n) != 1 where m is the message
> (i.e. the full domain hash) and n the modulus? Do you reject that
> message and generate a new one?
If I understand the attack you have in mind, it goes roughly :
First, an evil exchange creates a 2048 bit RSA key pq, but issues n = p
q r_1 r_2 ... r_k as say a 4096 bit RSA key where r_i is a smallish but
preferably not so obvious primes, like not 2, 3, or 5.
Next, our evil exchange detects and records when the various r_i appear
during blinding and spending. As m is 4096 bits, then some always do
since we took the r_i smallish.
Each appearing r_i factor leaks I think several bits about the
customer's identity. If enough coins are involved in a transaction,
especially say through repeated transactions, then the customer will
quickly be deanonymized.
I could've fixed this in crypto_kdf.c but I descided it was specific
to RSA, so I did it when calling the KDF. It should be abstracted
into a common routine probably.
Also fixes a pair of memory leaks.
Christian Grothoff [Tue, 7 Jun 2016 14:48:05 +0000 (14:48 +0000)]
check for existing task
Christophe Genevey Metat [Tue, 7 Jun 2016 13:50:08 +0000 (13:50 +0000)]
written function cleanup
Gabor X Toth [Tue, 7 Jun 2016 12:55:00 +0000 (12:55 +0000)]
social cli: fix shutdown
Christian Grothoff [Tue, 7 Jun 2016 11:50:55 +0000 (11:50 +0000)]
-fix & vs &&
Christian Grothoff [Tue, 7 Jun 2016 11:47:47 +0000 (11:47 +0000)]
-fix misc issues
Christophe Genevey Metat [Tue, 7 Jun 2016 11:20:50 +0000 (11:20 +0000)]
start to fix extract vsize
Christophe Genevey Metat [Tue, 7 Jun 2016 11:16:44 +0000 (11:16 +0000)]
start to fix extract vsize
Gabor X Toth [Mon, 6 Jun 2016 20:44:39 +0000 (20:44 +0000)]
fixes
Gabor X Toth [Mon, 6 Jun 2016 20:31:03 +0000 (20:31 +0000)]
fixes
Gabor X Toth [Mon, 6 Jun 2016 20:00:23 +0000 (20:00 +0000)]
fixes
Gabor X Toth [Mon, 6 Jun 2016 20:00:18 +0000 (20:00 +0000)]
debug msgs
Christophe Genevey Metat [Mon, 6 Jun 2016 16:11:56 +0000 (16:11 +0000)]
continue to fix extract result
Christophe Genevey Metat [Fri, 3 Jun 2016 16:08:23 +0000 (16:08 +0000)]
start to fix extract result
Martin Schanzenbach [Fri, 3 Jun 2016 10:32:17 +0000 (10:32 +0000)]
-fix #4541
Christian Grothoff [Fri, 3 Jun 2016 09:53:10 +0000 (09:53 +0000)]
refactoring my API
Christophe Genevey Metat [Fri, 3 Jun 2016 09:06:30 +0000 (09:06 +0000)]
start to written extract_result
Martin Schanzenbach [Thu, 2 Jun 2016 17:35:00 +0000 (17:35 +0000)]
-oops, remove printf
Christian Grothoff [Thu, 2 Jun 2016 15:28:38 +0000 (15:28 +0000)]
-indent
Christian Grothoff [Thu, 2 Jun 2016 15:12:52 +0000 (15:12 +0000)]
invert option order for tg
Christian Grothoff [Wed, 1 Jun 2016 20:30:03 +0000 (20:30 +0000)]
Fix for #4553
Christian Grothoff [Wed, 1 Jun 2016 20:00:51 +0000 (20:00 +0000)]
fix #4546
Christian Grothoff [Wed, 1 Jun 2016 17:29:59 +0000 (17:29 +0000)]
only run tests if they are enabled
Christophe Genevey Metat [Wed, 1 Jun 2016 17:13:39 +0000 (17:13 +0000)]
fixing insert query
Christian Grothoff [Wed, 1 Jun 2016 17:08:49 +0000 (17:08 +0000)]
fix #4545: create directory for log file if it does not exist
Carlo von lynX [Tue, 31 May 2016 17:00:55 +0000 (17:00 +0000)]
taught gnunet-logread to also do what gnunet-logread-ipc used to do
Carlo von lynX [Tue, 31 May 2016 15:13:24 +0000 (15:13 +0000)]
added filters to gnunet-logread and an automation fix for gnunet-arm
Carlo von lynX [Tue, 31 May 2016 15:13:15 +0000 (15:13 +0000)]
typo in src/identity/gnunet-identity.c
Christophe Genevey Metat [Tue, 31 May 2016 13:44:31 +0000 (13:44 +0000)]
fixing query insert
Christophe Genevey Metat [Mon, 30 May 2016 16:19:14 +0000 (16:19 +0000)]
fix select request
Jeff Burdges [Mon, 30 May 2016 16:08:03 +0000 (16:08 +0000)]
Testcases for KDF mod n
Currently just that the result is smaller than n, maybe should do more.
Jeff Burdges [Mon, 30 May 2016 15:54:56 +0000 (15:54 +0000)]
Use a uniform random number mod an RSA composites for both
the blinding factor and the full domain hash.
This resolves an attack against the blinding factor in Taler:
There was a call to GNUNET_CRYPTO_kdf in
bkey = rsa_blinding_key_derive (len, bks);
that gives exactly len bits where
len = GNUNET_CRYPTO_rsa_public_key_len (pkey);
Now r = 2^(len-1)/pkey.n is the probability that a set high bit being
okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey >
pkey.n making the effective bkey be
bkey mod pkey.n = bkey - pkey.n
so the effective bkey has its high bit set with probability r/2.
We expect r to be close to 1/2 if the exchange is honest, but the
exchange can choose r otherwise.
In blind signing, the exchange sees
B = bkey * S mod pkey.n
On deposit, the exchange sees S so they can compute bkey' = B/S mod
pkey.n for all B they recorded to see if bkey' has it's high bit set.
Also, note the exchange can compute 1/S efficiently since they know the
factors of pkey.n.
I suppose that happens with probability r/(1+r) if its the wrong B, not
completely sure. If otoh we've the right B, then we've the probability
r/2 of a set high bit in the effective bkey.
Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving
the wrong and right probabilities 1/3 and 1/4, respectively.
I fear this gives the exchange a meaningful fraction of a bit of
information per coin involved in the transaction. It sounds damaging if
numerous coins were involved. And it could run across transactions in
some scenarios.
I suspect we need a more uniform deterministic pseudo-random number
generator for blinding factors. Just fyi, our old call to
gcry_mpi_randomize had this same problem.
I do not believe this caused a problem for the full domain hash, but
we can fix it easily enough anyways.
Christophe Genevey Metat [Mon, 30 May 2016 15:54:38 +0000 (15:54 +0000)]
create table for test case fixed
Martin Schanzenbach [Sun, 29 May 2016 11:19:50 +0000 (11:19 +0000)]
- Fix #4532
Christophe Genevey Metat [Fri, 27 May 2016 13:51:30 +0000 (13:51 +0000)]
begin to rewritten test case
Martin Schanzenbach [Fri, 27 May 2016 11:22:25 +0000 (11:22 +0000)]
-fix
Martin Schanzenbach [Fri, 27 May 2016 10:34:28 +0000 (10:34 +0000)]
-fix
Christophe Genevey Metat [Thu, 26 May 2016 15:52:29 +0000 (15:52 +0000)]
function result helper rewritten
Christian Grothoff [Thu, 26 May 2016 10:09:03 +0000 (10:09 +0000)]
sketch envisioned API
Christian Grothoff [Thu, 26 May 2016 10:05:04 +0000 (10:05 +0000)]
-indent fixes
Christian Grothoff [Wed, 25 May 2016 19:04:59 +0000 (19:04 +0000)]
fix #4536
Christophe Genevey Metat [Wed, 25 May 2016 16:37:52 +0000 (16:37 +0000)]
fix warning compilation libgnunetmy
Martin Schanzenbach [Wed, 25 May 2016 09:54:46 +0000 (09:54 +0000)]
- add peerstore tests
Martin Schanzenbach [Tue, 24 May 2016 20:40:15 +0000 (20:40 +0000)]
- jsonapi build fix, add peerstore flat (EXP)
Christian Grothoff [Tue, 24 May 2016 18:14:04 +0000 (18:14 +0000)]
fixing #4483: optimize blinding key storage/transmission
Christophe Genevey Metat [Tue, 24 May 2016 16:16:41 +0000 (16:16 +0000)]
test case for mysql
Christophe Genevey Metat [Tue, 24 May 2016 16:16:01 +0000 (16:16 +0000)]
fix result and query helper
Christophe Genevey Metat [Mon, 23 May 2016 15:40:28 +0000 (15:40 +0000)]
libgnunetmy begin result helper
Carlo von lynX [Mon, 23 May 2016 14:44:36 +0000 (14:44 +0000)]
social: put the sock in the right cupboard
Carlo von lynX [Mon, 23 May 2016 14:09:05 +0000 (14:09 +0000)]
social needs to start as user service, not system
Julius Bünger [Sun, 22 May 2016 07:12:56 +0000 (07:12 +0000)]
-rps: logging
Julius Bünger [Sun, 22 May 2016 07:12:53 +0000 (07:12 +0000)]
-rps: only insert online peers in the view
Julius Bünger [Sun, 22 May 2016 07:12:51 +0000 (07:12 +0000)]
-rps: check knowledge of peer
Julius Bünger [Sun, 22 May 2016 07:12:48 +0000 (07:12 +0000)]
-rps: removing unused counter
Christian Grothoff [Sat, 21 May 2016 16:16:02 +0000 (16:16 +0000)]
define GNUNET_JSON_from_data_auto
Christophe Genevey Metat [Fri, 20 May 2016 15:29:50 +0000 (15:29 +0000)]
libgnunetmy query helper
Christophe Genevey Metat [Thu, 19 May 2016 16:30:11 +0000 (16:30 +0000)]
GNUNET extract result libgnunetmy
Christian Grothoff [Thu, 19 May 2016 13:30:48 +0000 (13:30 +0000)]
extending MY api to cover result extraction
Christophe Genevey Metat [Thu, 19 May 2016 13:15:51 +0000 (13:15 +0000)]
result for libgnunetmy
Christian Grothoff [Thu, 19 May 2016 13:08:53 +0000 (13:08 +0000)]
rename.sh GNUNET_CRYPTO_rsa_BlindingKey to GNUNET_CRYPTO_RsaBlindingKey following naming conventions
Christian Grothoff [Thu, 19 May 2016 11:48:46 +0000 (11:48 +0000)]
forgot file
Christian Grothoff [Thu, 19 May 2016 10:05:51 +0000 (10:05 +0000)]
starting libgnunetmy
Julius Bünger [Mon, 16 May 2016 21:18:47 +0000 (21:18 +0000)]
-rps fix: check valid -> check online