From 7a84f1f9ac9d07fcf67ef9e6ab77a7ff3447722f Mon Sep 17 00:00:00 2001 From: xrs Date: Wed, 22 Jan 2020 22:39:48 +0100 Subject: [PATCH] introduce signed monotime --- src/cadet/gnunet-service-cadet.h | 1 + src/cadet/gnunet-service-cadet_connection.c | 21 +++++++++- src/cadet/gnunet-service-cadet_core.c | 25 +---------- src/cadet/gnunet-service-cadet_peer.c | 46 ++++++++++++++++++++- src/cadet/gnunet-service-cadet_peer.h | 9 ++++ 5 files changed, 75 insertions(+), 27 deletions(-) diff --git a/src/cadet/gnunet-service-cadet.h b/src/cadet/gnunet-service-cadet.h index 6da0950f1..ff216f8c3 100644 --- a/src/cadet/gnunet-service-cadet.h +++ b/src/cadet/gnunet-service-cadet.h @@ -325,4 +325,5 @@ const char * GSC_2s (struct CadetClient *c); + #endif diff --git a/src/cadet/gnunet-service-cadet_connection.c b/src/cadet/gnunet-service-cadet_connection.c index 1e0f82579..540c430b7 100644 --- a/src/cadet/gnunet-service-cadet_connection.c +++ b/src/cadet/gnunet-service-cadet_connection.c @@ -618,6 +618,23 @@ GCC_handle_encrypted (struct CadetConnection *cc, } +int +set_monotime_sig (struct GNUNET_CADET_ConnectionCreateMessage * msg, + struct GNUNET_TIME_Absolute monotime) +{ + struct GNUNET_CRYPTO_EddsaPrivateKey *key; + struct CCCreatePS cp = { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR), + .purpose.size = htonl (sizeof(cp)), + .monotonic_time = GNUNET_TIME_absolute_hton (monotime)}; + + if (GNUNET_OK != GNUNET_CRYPTO_eddsa_sign (my_private_key, &cp.purpose, &msg->monotime_sig)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + /** * Send a #GNUNET_MESSAGE_TYPE_CADET_CONNECTION_CREATE message to the * first hop. @@ -643,12 +660,12 @@ send_create (void *cls) create_msg->options = 2; create_msg->cid = cc->cid; - // check for tunnel state and define tunnel_up (xrs,t3ss) + // check for tunnel state and set signed monotime (xrs,t3ss) t = GCP_get_tunnel (cc->destination, GNUNET_YES); if (NULL != t && (GCT_get_estate(t) == CADET_TUNNEL_KEY_UNINITIALIZED) && (GCT_alice_or_betty (GCP_get_id(cc->destination)) == GNUNET_NO)) { - create_msg->monotime = GNUNET_TIME_absolute_get_monotonic(we_need_config_handle_here); + create_msg->monotime = GNUNET_TIME_absolute_get_monotonic(cfg); create_msg->monotime_sig = create_monotime_sig(create_msg->monotime); } diff --git a/src/cadet/gnunet-service-cadet_core.c b/src/cadet/gnunet-service-cadet_core.c index 4cc29782e..11f78cba6 100644 --- a/src/cadet/gnunet-service-cadet_core.c +++ b/src/cadet/gnunet-service-cadet_core.c @@ -227,29 +227,6 @@ static unsigned long long cur_buffers; */ static struct GNUNET_SCHEDULER_Task *timeout_task; -static int -check_monotime_sig (struc GNUNET_PeerIdentity *pid, - const struct GNUNET_CADET_ConnectionCreateMessage *msg) -{ - - struct CCCreatePS cp = { .purpose.purpose = htonl ( - GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR), - .purpose.size = htonl (sizeof(cp)), - .monotonic_time = sender_monotonic_time}; - - if ( - GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR, - &cp.purpose, - msg->monotime_sig, - &pid->public_key)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - /** * Get the route corresponding to a hash. * @@ -848,7 +825,7 @@ handle_connection_create ( t = GCP_get_tunnel (sender, GNUNET_YES); // Check for CADET state in case the other side has lost the tunnel (xrs,t3ss) - if ((NULL != msg->monotime) && GNUNET_OK == check_monotime_sig(origin->pid, &msg) + if ((NULL != msg->monotime) && GNUNET_YES == GCP_check_monotime(origin, msg->monotime) && GNUNET_OK == check_monotime_sig(origin, &msg) (CADET_TUNNEL_KEY_OK == GCT_get_estate(t))) { GCT_change_estate (t, CADET_TUNNEL_KEY_UNINITIALIZED); diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c index 8258881d0..55654e98a 100644 --- a/src/cadet/gnunet-service-cadet_peer.c +++ b/src/cadet/gnunet-service-cadet_peer.c @@ -39,6 +39,7 @@ #include "gnunet_core_service.h" #include "gnunet_statistics_service.h" #include "cadet_protocol.h" +#include "gnunet-service-cadet.h" #include "gnunet-service-cadet_connection.h" #include "gnunet-service-cadet_dht.h" #include "gnunet-service-cadet_peer.h" @@ -118,7 +119,7 @@ struct CadetPeer /** * Last time we heard from this peer (currently not used!) */ - struct GNUNET_TIME_Absolute last_contactXXX; + struct GNUNET_TIME_Absolute last_connection_create; /** * Array of DLLs of paths traversing the peer, organized by the @@ -1552,5 +1553,48 @@ GCP_send_ooo (struct CadetPeer *cp, env); } +/* + * FIXME: documentation here + */ +static int +check_monotime_sig (struct CadetPeer peer, + const struct GNUNET_CADET_ConnectionCreateMessage *msg) +{ + + struct CCCreatePS cp = { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR), + .purpose.size = htonl (sizeof(cp)), + .monotonic_time = sender_monotonic_time}; + + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_CADET_CONNECTION_INITIATOR, + &cp.purpose, + msg->monotime_sig, + &peer->pid->public_key)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + +/* + * FIXME: comment + */ +void +GCP_update_monotime (struct CadetPeer *peer) +{ + peer->last_connection_create = GNUNET_TIME_absolute_get_monotonic(cfg); +} + +/* + * FIXME: comment + */ +int +GCP_check_monotime (struct CadetPeer *peer, GNUNET_TIME_Absolute monotime) +{ + if (monotime.abs_value_us > peer.last_connection_create.abs_value_us) + return GNUNET_YES; + return GNUNET_NO; +} /* end of gnunet-service-cadet-new_peer.c */ diff --git a/src/cadet/gnunet-service-cadet_peer.h b/src/cadet/gnunet-service-cadet_peer.h index bec0606a0..f7e3fba2b 100644 --- a/src/cadet/gnunet-service-cadet_peer.h +++ b/src/cadet/gnunet-service-cadet_peer.h @@ -402,5 +402,14 @@ void GCP_set_mq (struct CadetPeer *cp, struct GNUNET_MQ_Handle *mq); +static int +check_monotime_sig (struct CadetPeer peer, + const struct GNUNET_CADET_ConnectionCreateMessage *msg); + +void +GCP_update_monotime (struct CadetPeer *cp); + +struct GNUNET_TIME_Absolute +GCP_get_monotime (struct CadetPeer *cp); #endif -- 2.25.1