From c20768b8b09fabaa3c2330cde381e894b1f90efb Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Mon, 20 Apr 2020 19:08:23 +0200 Subject: [PATCH] include buffer of 10& of epoch --- src/include/gnunet_revocation_service.h | 6 +- src/revocation/gnunet-revocation.c | 19 ++---- src/revocation/gnunet-service-revocation.c | 24 +++++++- src/revocation/plugin_block_revocation.c | 12 +++- src/revocation/revocation_api.c | 70 +++++++++++++++++++--- 5 files changed, 104 insertions(+), 27 deletions(-) diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 5c2ce91de..6bd2e88d3 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h @@ -177,11 +177,13 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h); * * @param pow proof of work * @param matching_bits how many bits must match (configuration) - * @return number of epochs valid if the @a pow is acceptable, -1 if not + * @param epoch_length length of single epoch in configuration + * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not */ int GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, - unsigned int matching_bits); + unsigned int matching_bits, + struct GNUNET_TIME_Relative epoch_length); diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index 5f3df0ee0..d290d34c7 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c @@ -347,7 +347,6 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) struct GNUNET_CRYPTO_EcdsaPublicKey key; const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; - int epochs; el = NULL; if (NULL == ego) @@ -373,19 +372,12 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) GNUNET_free (pow); return; } - if (0 < (epochs = + if (GNUNET_YES == GNUNET_REVOCATION_check_pow (pow, - (unsigned int) matching_bits))) + (unsigned int) matching_bits, + epoch_length)) { - struct GNUNET_TIME_Absolute ts; - struct GNUNET_TIME_Relative ttl; - ts = GNUNET_TIME_absolute_ntoh (pow->timestamp); - ttl = GNUNET_TIME_relative_multiply (epoch_length, - epochs); fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); - fprintf (stderr, "%s %s for %s\n", _ ("Valid from"), - GNUNET_STRINGS_absolute_time_to_string (ts), - GNUNET_STRINGS_relative_time_to_string (ttl, GNUNET_NO)); if (perform) perform_revocation (pow); else @@ -499,9 +491,10 @@ run (void *cls, return; } GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); - if (0 >= + if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&pow, - (unsigned int) matching_bits)) + (unsigned int) matching_bits, + epoch_length)) { struct GNUNET_REVOCATION_PowCalculationHandle *ph; ph = GNUNET_REVOCATION_pow_init2 (&pow, diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 4746a7698..bd35b1055 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c @@ -128,6 +128,11 @@ static struct GNUNET_SET_ListenHandle *revocation_union_listen_handle; */ static unsigned long long revocation_work_required; +/** + * Length of an expiration expoch + */ +static struct GNUNET_TIME_Relative epoch_length; + /** * Our application ID for set union operations. Must be the * same for all (compatible) peers. @@ -167,8 +172,9 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer) static int verify_revoke_message (const struct RevokeMessage *rm) { - if (0 >= GNUNET_REVOCATION_check_pow (&rm->proof_of_work, - (unsigned int) revocation_work_required)) + if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->proof_of_work, + (unsigned int) revocation_work_required, + epoch_length)) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Proof of work invalid!\n"); @@ -846,6 +852,20 @@ run (void *cls, GNUNET_free (fn); return; } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (cfg, + "REVOCATION", + "EPOCH_LENGTH", + &epoch_length)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "REVOCATION", + "EPOCH_LENGTH"); + GNUNET_SCHEDULER_shutdown (); + GNUNET_free (fn); + return; + } + revocation_set = GNUNET_SET_create (cfg, GNUNET_SET_OPERATION_UNION); revocation_union_listen_handle diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index 7c1ec26eb..f384cfe1d 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c @@ -52,6 +52,7 @@ struct InternalContext { unsigned int matching_bits; + struct GNUNET_TIME_Relative epoch_length; }; @@ -144,7 +145,8 @@ block_plugin_revocation_evaluate (void *cls, } if (0 >= GNUNET_REVOCATION_check_pow (&rm->proof_of_work, - ic->matching_bits)) + ic->matching_bits, + ic->epoch_length)) { GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; @@ -208,6 +210,7 @@ libgnunet_plugin_block_revocation_init (void *cls) struct GNUNET_BLOCK_PluginFunctions *api; struct InternalContext *ic; unsigned long long matching_bits; + struct GNUNET_TIME_Relative epoch_length; if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (cfg, @@ -215,6 +218,12 @@ libgnunet_plugin_block_revocation_init (void *cls) "WORKBITS", &matching_bits)) return NULL; + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (cfg, + "REVOCATION", + "EPOCH_LENGTH", + &epoch_length)) + return NULL; api = GNUNET_new (struct GNUNET_BLOCK_PluginFunctions); api->evaluate = &block_plugin_revocation_evaluate; @@ -223,6 +232,7 @@ libgnunet_plugin_block_revocation_init (void *cls) api->types = types; ic = GNUNET_new (struct InternalContext); ic->matching_bits = (unsigned int) matching_bits; + ic->epoch_length = epoch_length; api->cls = ic; return api; } diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 2979e7400..fe600ec7a 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c @@ -311,21 +311,41 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_MQ_handler_end () }; unsigned long long matching_bits; + struct GNUNET_TIME_Relative epoch_length; struct RevokeMessage *rm; struct GNUNET_MQ_Envelope *env; - if ((GNUNET_OK == + if ((GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (cfg, "REVOCATION", "WORKBITS", - &matching_bits)) && - (0 >= GNUNET_REVOCATION_check_pow (pow, (unsigned int) matching_bits))) + &matching_bits))) + { + GNUNET_break (0); + GNUNET_free (h); + return NULL; + } + if ((GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (cfg, + "REVOCATION", + "EPOCH_LENGTH", + &epoch_length))) + { + GNUNET_break (0); + GNUNET_free (h); + return NULL; + } + if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, + (unsigned int) matching_bits, + epoch_length)) { GNUNET_break (0); GNUNET_free (h); return NULL; } + + h->mq = GNUNET_CLIENT_connect (cfg, "revocation", handlers, @@ -408,16 +428,21 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) * @param ts revocation timestamp * @param pow proof of work value * @param matching_bits how many bits must match (configuration) - * @return number of epochs valid if the @a pow is acceptable, -1 if not + * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not */ int GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, - unsigned int difficulty) + unsigned int difficulty, + struct GNUNET_TIME_Relative epoch_length) { char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t) + sizeof (uint64_t)] GNUNET_ALIGN; struct GNUNET_HashCode result; + struct GNUNET_TIME_Absolute ts; + struct GNUNET_TIME_Absolute exp; + struct GNUNET_TIME_Relative ttl; + struct GNUNET_TIME_Relative buffer; unsigned int score = 0; unsigned int tmp_score = 0; unsigned int epochs; @@ -434,7 +459,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Proof of work signature invalid!\n"); - return -1; + return GNUNET_NO; } /** @@ -445,7 +470,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, for (unsigned int j = i + 1; j < POW_COUNT; j++) { if (pow->pow[i] == pow->pow[j]) - return -1; + return GNUNET_NO; } } GNUNET_memcpy (&buf[sizeof(uint64_t)], @@ -471,9 +496,36 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow, } score = score / POW_COUNT; if (score < difficulty) - return -1; + return GNUNET_NO; epochs = score - difficulty; - return epochs; + + /** + * Check expiration + */ + ts = GNUNET_TIME_absolute_ntoh (pow->timestamp); + ttl = GNUNET_TIME_relative_multiply (epoch_length, + epochs); + /** + * Extend by 10% for unsynchronized clocks + */ + buffer = GNUNET_TIME_relative_divide (epoch_length, + 10); + ts = GNUNET_TIME_absolute_subtract (ts, + buffer); + + if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us) + return GNUNET_NO; /* Not yet valid. */ + /* Revert to actual start time */ + ts = GNUNET_TIME_absolute_add (ts, + buffer); + + exp = GNUNET_TIME_absolute_add (ts, ttl); + exp = GNUNET_TIME_absolute_add (exp, + buffer); + + if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us) + return GNUNET_NO; /* expired */ + return GNUNET_YES; } -- 2.25.1