commit 5982cb44ba9b28751b69a818d32afe2d2b99db1c
parent 8f8351c2ddb2c3040195548363161a2a177c7cc0
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 10 Jan 2022 10:43:06 +0100
-export routine for path verification (untested)
Diffstat:
2 files changed, 65 insertions(+), 1 deletion(-)
diff --git a/src/dht/dht_api.c b/src/dht/dht_api.c
@@ -28,6 +28,7 @@
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_constants.h"
+#include "gnunet_signatures.h"
#include "gnunet_arm_service.h"
#include "gnunet_hello_lib.h"
#include "gnunet_protocols.h"
@@ -1189,7 +1190,43 @@ GNUNET_DHT_pp2s (const struct GNUNET_DHT_PathElement *path,
(i == path_len - 1) ? "" : "-");
}
return buf;
+}
+
+unsigned int
+GNUNET_DHT_verify_path (const struct GNUNET_HashCode *key,
+ const void *data,
+ size_t data_size,
+ struct GNUNET_TIME_Absolute exp_time,
+ const struct GNUNET_DHT_PathElement *path,
+ unsigned int path_len,
+ const struct GNUNET_PeerIdentity *me)
+{
+
+ struct GNUNET_DHT_HopSignature hs = {
+ .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_DHT_HOP),
+ .purpose.size = htonl (sizeof (hs)),
+ .expiration_time = GNUNET_TIME_absolute_hton (exp_time),
+ .key = *key,
+ };
+ unsigned int i = path_len - 1;
+
+ GNUNET_CRYPTO_hash (data,
+ data_size,
+ &hs.h_data);
+ while (i > 0)
+ {
+ hs.pred = path[i - 1].pred;
+ hs.succ = (path_len == i + 1) ? *me : path[i + 1].pred;
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_DHT_HOP,
+ &hs,
+ &path[i - 1].sig,
+ &path[i].pred.public_key))
+ return i;
+ i--;
+ }
+ return i;
}
diff --git a/src/include/gnunet_dht_service.h b/src/include/gnunet_dht_service.h
@@ -473,7 +473,7 @@ GNUNET_DHT_monitor_stop (struct GNUNET_DHT_MonitorHandle *handle);
* Convert a peer path to a human-readable string.
*
* @param path array of path elements to convert to a string
- * @param num_pids length of the @a pids array
+ * @param path_len length of the @a path array
* @return string representing the array of @a pids
*/
char *
@@ -481,6 +481,33 @@ GNUNET_DHT_pp2s (const struct GNUNET_DHT_PathElement *path,
unsigned int path_len);
+/**
+ * Verify signatures on a @a path, in reverse order (starting at
+ * the last element of the path). Note that the last signature
+ * on the path is never verified as that is the slot where our
+ * peer (@a me) would need to sign.
+ *
+ * @param key key of the data (not necessarily the query hash)
+ * @param data payload (the block)
+ * @param data_size number of bytes in @a data
+ * @param exp_time expiration time of @a data
+ * @param path array of path elements to verify
+ * @param path_len length of the @a path array
+ * @param me our own peer identity (needed to verify the last element)
+ * @return 0 on success, otherwise the index of
+ * the last path element that succeeded with verification;
+ * @a path_len -1 if no signature was valid
+ */
+unsigned int
+GNUNET_DHT_verify_path (const struct GNUNET_HashCode *key,
+ const void *data,
+ size_t data_size,
+ struct GNUNET_TIME_Absolute exp_time,
+ const struct GNUNET_DHT_PathElement *path,
+ unsigned int path_len,
+ const struct GNUNET_PeerIdentity *me);
+
+
#if 0 /* keep Emacsens' auto-indent happy */
{
#endif
