instrumented various rhizome functions.

This commit is contained in:
gardners 2012-06-26 16:02:49 +09:30
parent 19f7e32ba7
commit e542b41746
2 changed files with 53 additions and 44 deletions

View File

@ -87,21 +87,22 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
unsigned char bkin[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES], unsigned char bkin[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES],
unsigned char bkout[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES]) unsigned char bkout[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES])
{ {
IN();
if (crypto_sign_edwards25519sha512batch_SECRETKEYBYTES > crypto_hash_sha512_BYTES) if (crypto_sign_edwards25519sha512batch_SECRETKEYBYTES > crypto_hash_sha512_BYTES)
return WHY("BK needs to be longer than it can be"); { RETURN(WHY("BK needs to be longer than it can be")); }
int cn=0,in=0,kp=0; int cn=0,in=0,kp=0;
if (!keyring_find_sid(keyring,&cn,&in,&kp,authorSid)) { if (!keyring_find_sid(keyring,&cn,&in,&kp,authorSid)) {
if (debug & DEBUG_RHIZOME) DEBUG("identity not in keyring"); if (debug & DEBUG_RHIZOME) DEBUG("identity not in keyring");
return 1; { RETURN(1); }
} }
kp = keyring_identity_find_keytype(keyring, cn, in, KEYTYPE_RHIZOME); kp = keyring_identity_find_keytype(keyring, cn, in, KEYTYPE_RHIZOME);
if (kp == -1) { if (kp == -1) {
if (debug & DEBUG_RHIZOME) DEBUG("identity has no Rhizome Secret"); if (debug & DEBUG_RHIZOME) DEBUG("identity has no Rhizome Secret");
return 2; RETURN(2);
} }
int rs_len=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key_len; int rs_len=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key_len;
if (rs_len<16||rs_len>1024) if (rs_len<16||rs_len>1024)
return WHYF("invalid Rhizome Secret: length=%d", rs_len); { RETURN(WHYF("invalid Rhizome Secret: length=%d", rs_len)); }
unsigned char *rs=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key; unsigned char *rs=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key;
int combined_len=rs_len+crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES; int combined_len=rs_len+crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES;
unsigned char buffer[combined_len]; unsigned char buffer[combined_len];
@ -114,7 +115,7 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
bkout[i]=bkin[i]^hash[i]; bkout[i]=bkin[i]^hash[i];
bzero(&buffer[0],combined_len); bzero(&buffer[0],combined_len);
bzero(&hash[0],crypto_hash_sha512_BYTES); bzero(&hash[0],crypto_hash_sha512_BYTES);
return 0; RETURN(0);
} }
/* See if the manifest has a BK entry, and if so, use it to obtain the /* See if the manifest has a BK entry, and if so, use it to obtain the
@ -131,18 +132,20 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
*/ */
int rhizome_extract_privatekey(rhizome_manifest *m, const unsigned char *authorSid) int rhizome_extract_privatekey(rhizome_manifest *m, const unsigned char *authorSid)
{ {
IN();
char desc[1024];
char *bk = rhizome_manifest_get(m, "BK", NULL, 0); char *bk = rhizome_manifest_get(m, "BK", NULL, 0);
if (!bk) return WHY("missing BK field"); if (!bk) { RETURN(WHY("missing BK field")); }
unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES]; unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES];
if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1) if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1)
return WHYF("invalid BK field: %s", bk); { RETURN(WHYF("invalid BK field: %s", bk)); }
switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) { switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) {
case -1: case -1:
return WHY("rhizome_bk_xor() failed"); RETURN(WHY("rhizome_bk_xor() failed"));
case 0: case 0:
return rhizome_verify_bundle_privatekey(m); RETURN(rhizome_verify_bundle_privatekey(m));
} }
return WHYF("Rhizome secret for %s not found. (Have you unlocked the identity?)", alloca_tohex_sid(authorSid)); RETURN(WHYF("Rhizome secret for %s not found. (Have you unlocked the identity?)", alloca_tohex_sid(authorSid)));
} }
/* /*
@ -155,14 +158,15 @@ int rhizome_extract_privatekey(rhizome_manifest *m, const unsigned char *authorS
*/ */
int rhizome_is_self_signed(rhizome_manifest *m) int rhizome_is_self_signed(rhizome_manifest *m)
{ {
IN();
char *bk = rhizome_manifest_get(m, "BK", NULL, 0); char *bk = rhizome_manifest_get(m, "BK", NULL, 0);
if (!bk) { if (!bk) {
if (debug & DEBUG_RHIZOME) DEBUGF("missing BK field"); if (debug & DEBUG_RHIZOME) DEBUGF("missing BK field");
return 1; RETURN(1);
} }
unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES]; unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES];
if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1) if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1)
return WHYF("invalid BK field: %s", bk); { RETURN(WHYF("invalid BK field: %s", bk)); }
int cn = 0, in = 0, kp = 0; int cn = 0, in = 0, kp = 0;
for (; keyring_next_identity(keyring, &cn, &in, &kp); ++kp) { for (; keyring_next_identity(keyring, &cn, &in, &kp); ++kp) {
const unsigned char *authorSid = keyring->contexts[cn]->identities[in]->keypairs[kp]->public_key; const unsigned char *authorSid = keyring->contexts[cn]->identities[in]->keypairs[kp]->public_key;
@ -171,15 +175,15 @@ int rhizome_is_self_signed(rhizome_manifest *m)
if (rkp != -1) { if (rkp != -1) {
switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) { switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) {
case -1: case -1:
return WHY("rhizome_bk_xor() failed"); RETURN(WHY("rhizome_bk_xor() failed"));
case 0: case 0:
if (rhizome_verify_bundle_privatekey(m) == 0) if (rhizome_verify_bundle_privatekey(m) == 0)
return 0; // bingo RETURN(0); // bingo
break; break;
} }
} }
} }
return 2; // not self signed RETURN(2); // not self signed
} }
/* Verify the validity of the manifest's sccret key. /* Verify the validity of the manifest's sccret key.
@ -189,6 +193,7 @@ int rhizome_is_self_signed(rhizome_manifest *m)
*/ */
int rhizome_verify_bundle_privatekey(rhizome_manifest *m) int rhizome_verify_bundle_privatekey(rhizome_manifest *m)
{ {
IN();
#ifdef HAVE_CRYPTO_SIGN_NACL_GE25519_H #ifdef HAVE_CRYPTO_SIGN_NACL_GE25519_H
# include "crypto_sign_edwards25519sha512batch_ref/ge25519.h" # include "crypto_sign_edwards25519sha512batch_ref/ge25519.h"
#else #else
@ -207,31 +212,32 @@ int rhizome_verify_bundle_privatekey(rhizome_manifest *m)
bzero(&scsk,sizeof(scsk)); bzero(&scsk,sizeof(scsk));
if (memcmp(pk, m->cryptoSignPublic, crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES) == 0) { if (memcmp(pk, m->cryptoSignPublic, crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES) == 0) {
m->haveSecret = 1; m->haveSecret = 1;
return 0; // valid RETURN(0); // valid
} }
m->haveSecret = 0; m->haveSecret = 0;
if (debug & DEBUG_RHIZOME) { if (debug & DEBUG_RHIZOME) {
DEBUGF(" stored public key = %s*", alloca_tohex(m->cryptoSignPublic, 8)); DEBUGF(" stored public key = %s*", alloca_tohex(m->cryptoSignPublic, 8));
DEBUGF("computed public key = %s*", alloca_tohex(pk, 8)); DEBUGF("computed public key = %s*", alloca_tohex(pk, 8));
} }
return 1; // invalid RETURN(1); // invalid
#else //!ge25519 #else //!ge25519
/* XXX Need to test key by signing and testing signature validity. */ /* XXX Need to test key by signing and testing signature validity. */
/* For the time being barf so that the caller does not think we have a validated BK /* For the time being barf so that the caller does not think we have a validated BK
when in fact we do not. */ when in fact we do not. */
m->haveSecret=0; m->haveSecret=0;
return WHY("ge25519 function not available"); RETURN(WHY("ge25519 function not available"));
#endif //!ge25519 #endif //!ge25519
} }
rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *authorSid) rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *authorSid)
{ {
IN();
unsigned char *hash=m->manifesthash; unsigned char *hash=m->manifesthash;
unsigned char *publicKeyBytes=m->cryptoSignPublic; unsigned char *publicKeyBytes=m->cryptoSignPublic;
if (!m->haveSecret && rhizome_extract_privatekey(m, authorSid)) { if (!m->haveSecret && rhizome_extract_privatekey(m, authorSid)) {
WHY("Cannot find secret key to sign manifest data."); WHY("Cannot find secret key to sign manifest data.");
return NULL; RETURN(NULL);
} }
/* Signature is formed by running crypto_sign_edwards25519sha512batch() on the /* Signature is formed by running crypto_sign_edwards25519sha512batch() on the
@ -245,7 +251,7 @@ rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *a
&hash[0],mLen,m->cryptoSignSecret); &hash[0],mLen,m->cryptoSignSecret);
if (r) { if (r) {
WHY("crypto_sign() failed."); WHY("crypto_sign() failed.");
return NULL; RETURN(NULL);
} }
rhizome_signature *out=calloc(sizeof(rhizome_signature),1); rhizome_signature *out=calloc(sizeof(rhizome_signature),1);
@ -261,23 +267,24 @@ rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *a
out->signature[0]=out->signatureLength; out->signature[0]=out->signatureLength;
return out; RETURN(out);
} }
int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs) int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
{ {
IN();
unsigned char sigBuf[256]; unsigned char sigBuf[256];
unsigned char verifyBuf[256]; unsigned char verifyBuf[256];
unsigned char publicKey[256]; unsigned char publicKey[256];
if (!m) return WHY("NULL pointer passed in as manifest"); if (!m) { RETURN(WHY("NULL pointer passed in as manifest")); }
if ((*ofs)>=m->manifest_all_bytes) return 0; if ((*ofs)>=m->manifest_all_bytes) { RETURN(0); }
int len=m->manifestdata[*ofs]; int len=m->manifestdata[*ofs];
if (!len) { if (!len) {
(*ofs)=m->manifest_bytes; (*ofs)=m->manifest_bytes;
m->errors++; m->errors++;
return WHY("Zero byte signature blocks are not allowed, assuming signature section corrupt."); RETURN(WHY("Zero byte signature blocks are not allowed, assuming signature section corrupt."));
} }
/* Each signature type is required to have a different length to detect it. /* Each signature type is required to have a different length to detect it.
@ -301,7 +308,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
if (r) { if (r) {
(*ofs)+=len; (*ofs)+=len;
m->errors++; m->errors++;
return WHY("Error in signature block (verification failed)."); RETURN(WHY("Error in signature block (verification failed)."));
} else { } else {
/* Signature block passes, so add to list of signatures */ /* Signature block passes, so add to list of signatures */
m->signatureTypes[m->sig_count]=len; m->signatureTypes[m->sig_count]=len;
@ -309,7 +316,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
=malloc(crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES); =malloc(crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES);
if(!m->signatories[m->sig_count]) { if(!m->signatories[m->sig_count]) {
(*ofs)+=len; (*ofs)+=len;
return WHY("malloc() failed when reading signature block"); RETURN(WHY("malloc() failed when reading signature block"));
} }
bcopy(&publicKey[0],m->signatories[m->sig_count], bcopy(&publicKey[0],m->signatories[m->sig_count],
crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES); crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES);
@ -320,7 +327,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
default: default:
(*ofs)+=len; (*ofs)+=len;
m->errors++; m->errors++;
return WHY("Encountered illegal or malformed signature block"); RETURN(WHY("Encountered illegal or malformed signature block"));
} }
else else
{ {
@ -330,5 +337,5 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
} }
(*ofs)+=len; (*ofs)+=len;
return 0; RETURN(0);
} }

View File

@ -23,6 +23,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar) int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar)
{ {
IN();
/* BAR = Bundle Advertisement Record. /* BAR = Bundle Advertisement Record.
Basically a 32byte precis of a given manifest, that includes version, time-to-live Basically a 32byte precis of a given manifest, that includes version, time-to-live
and geographic bounding box information that is used to help manage flooding of and geographic bounding box information that is used to help manage flooding of
@ -38,7 +39,7 @@ int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar)
16 bits - max longitude (-180 - +180). 16 bits - max longitude (-180 - +180).
*/ */
if (!m) return WHY("null manifest passed in"); if (!m) { RETURN(WHY("null manifest passed in")); }
int i; int i;
@ -66,13 +67,14 @@ int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar)
v=(maxLat+90)*(65535/180); bar[28]=(v>>8)&0xff; bar[29]=(v>>0)&0xff; v=(maxLat+90)*(65535/180); bar[28]=(v>>8)&0xff; bar[29]=(v>>0)&0xff;
v=(maxLong+180)*(65535/360); bar[30]=(v>>8)&0xff; bar[31]=(v>>0)&0xff; v=(maxLong+180)*(65535/360); bar[30]=(v>>8)&0xff; bar[31]=(v>>0)&0xff;
return 0; RETURN(0);
} }
int bundles_available=-1; int bundles_available=-1;
int bundle_offset[2]={0,0}; int bundle_offset[2]={0,0};
int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e) int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
{ {
IN();
int voice_mode=0; int voice_mode=0;
/* behave differently during voice mode. /* behave differently during voice mode.
@ -87,7 +89,7 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
*/ */
long long now=overlay_gettime_ms(); long long now=overlay_gettime_ms();
if (now<rhizome_voice_timeout) voice_mode=1; if (now<rhizome_voice_timeout) voice_mode=1;
if (voice_mode) if (random()&3) return 0; if (voice_mode) if (random()&3) { RETURN(0); }
int pass; int pass;
int bytes=e->sizeLimit-e->length; int bytes=e->sizeLimit-e->length;
@ -99,12 +101,12 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
int bytes_available=bytes-overhead-1 /* one byte held for expanding RFS */; int bytes_available=bytes-overhead-1 /* one byte held for expanding RFS */;
int bundles_advertised=0; int bundles_advertised=0;
if (slots<1) return WHY("No room for node advertisements"); if (slots<1) { RETURN(WHY("No room for node advertisements")); }
if (!rhizome_db) return WHY("Rhizome not enabled"); if (!rhizome_db) { RETURN(WHY("Rhizome not enabled")); }
if (ob_append_byte(e,OF_TYPE_RHIZOME_ADVERT)) if (ob_append_byte(e,OF_TYPE_RHIZOME_ADVERT))
return WHY("could not add rhizome bundle advertisement header"); { RETURN(WHY("could not add rhizome bundle advertisement header")); }
ob_append_byte(e,1); /* TTL */ ob_append_byte(e,1); /* TTL */
int rfs_offset=e->length; /* remember where the RFS byte gets stored int rfs_offset=e->length; /* remember where the RFS byte gets stored
so that we can patch it later */ so that we can patch it later */
@ -141,7 +143,7 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
/* Get number of bundles available if required */ /* Get number of bundles available if required */
long long tmp = 0; long long tmp = 0;
if (sqlite_exec_int64(&tmp, "SELECT COUNT(BAR) FROM MANIFESTS;") != 1) if (sqlite_exec_int64(&tmp, "SELECT COUNT(BAR) FROM MANIFESTS;") != 1)
return WHY("Could not count BARs for advertisement"); { RETURN(WHY("Could not count BARs for advertisement")); }
bundles_available = (int) tmp; bundles_available = (int) tmp;
if (bundles_available==-1||(bundle_offset[0]>=bundles_available)) if (bundles_available==-1||(bundle_offset[0]>=bundles_available))
bundle_offset[0]=0; bundle_offset[0]=0;
@ -177,7 +179,7 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
sqlite3_close(rhizome_db); rhizome_db=NULL; sqlite3_close(rhizome_db); rhizome_db=NULL;
WHY(query); WHY(query);
WHY(sqlite3_errmsg(rhizome_db)); WHY(sqlite3_errmsg(rhizome_db));
return WHY("Could not prepare sql statement for fetching BARs for advertisement."); RETURN(WHY("Could not prepare sql statement for fetching BARs for advertisement."));
} }
while((bytes_used<bytes_available)&&(sqlite3_step(statement)==SQLITE_ROW)&& while((bytes_used<bytes_available)&&(sqlite3_step(statement)==SQLITE_ROW)&&
(e->length+RHIZOME_BAR_BYTES<=e->sizeLimit)) (e->length+RHIZOME_BAR_BYTES<=e->sizeLimit))
@ -316,12 +318,13 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
e->length++; e->length++;
} }
return 0; RETURN(0);
} }
int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now) int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
{ {
if (!f) return -1; IN();
if (!f) { RETURN(-1); }
int ofs=0; int ofs=0;
int ad_frame_type=f->payload->bytes[ofs++]; int ad_frame_type=f->payload->bytes[ofs++];
int manifest_length; int manifest_length;
@ -354,19 +357,19 @@ int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
m = rhizome_new_manifest(); m = rhizome_new_manifest();
if (!m) { if (!m) {
WHY("Out of manifests"); WHY("Out of manifests");
return 0; RETURN(0);
} }
if (rhizome_read_manifest_file(m, (char *)&f->payload->bytes[ofs], if (rhizome_read_manifest_file(m, (char *)&f->payload->bytes[ofs],
manifest_length) == -1) { manifest_length) == -1) {
WHY("Error importing manifest body"); WHY("Error importing manifest body");
rhizome_manifest_free(m); rhizome_manifest_free(m);
return 0; RETURN(0);
} }
char manifest_id_prefix[RHIZOME_MANIFEST_ID_STRLEN + 1]; char manifest_id_prefix[RHIZOME_MANIFEST_ID_STRLEN + 1];
if (rhizome_manifest_get(m, "id", manifest_id_prefix, sizeof manifest_id_prefix) == NULL) { if (rhizome_manifest_get(m, "id", manifest_id_prefix, sizeof manifest_id_prefix) == NULL) {
WHY("Manifest does not contain 'id' field"); WHY("Manifest does not contain 'id' field");
rhizome_manifest_free(m); rhizome_manifest_free(m);
return 0; RETURN(0);
} }
/* trim manifest ID to a prefix for ease of debugging /* trim manifest ID to a prefix for ease of debugging
(that is the only use of this */ (that is the only use of this */
@ -385,7 +388,7 @@ int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
offering the same manifest */ offering the same manifest */
WARN("Ignoring manifest announcment with no signature"); WARN("Ignoring manifest announcment with no signature");
rhizome_manifest_free(m); rhizome_manifest_free(m);
return 0; RETURN(0);
} }
int importManifest=0; int importManifest=0;
if (rhizome_ignore_manifest_check(m,(struct sockaddr_in *)f->recvaddr)) if (rhizome_ignore_manifest_check(m,(struct sockaddr_in *)f->recvaddr))
@ -448,6 +451,5 @@ int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
ofs+=manifest_length; ofs+=manifest_length;
} }
} }
RETURN(0);
return 0;
} }