Merge lp:~rene-hummen/hipl/puzzle-fixes into lp:hipl

On 07.04.2011, at 21:59, Christof Mroz wrote:
> Review: Needs Fixing
> Overall, this is definately cleaner than the old code.
>
> There is one piece of code that does not match its corresponding comment; as soon as this is clarified (or fixed), I'll approve.
> Would be nice if you could address the other points too (mainly missing documentation for newly added functions).
>
>> +static int hip_calculate_puzzle_solution(const struct puzzle_common *const compute_puzzle,
>> + unsigned char sha_digest[SHA_DIGEST_LENGTH],
>> + const int difficulty)
>> {
>> - uint64_t mask = 0;
>> - uint64_t randval = 0;
>> - uint64_t maxtries = 0;
>> - uint64_t digest = 0;
>> - uint8_t cookie[48];
>> - int err = 0;
>> - const union {
>> - struct hip_puzzle pz;
>> - struct hip_solution sl;
>> - } *u;
>> -
>> - HIP_HEXDUMP("puzzle", puzzle_or_solution,
>> - (mode == HIP_VERIFY_PUZZLE ? sizeof(struct hip_solution) :
>> - sizeof(struct hip_puzzle)));
>> -
>> - /* pre-create cookie */
>> - u = puzzle_or_solution;
>> -
>> - HIP_IFEL(u->pz.K > HIP_PUZZLE_MAX_K, 0,
>> - "Cookie K %u is higher than we are willing to calculate"
>> - " (current max K=%d)\n", u->pz.K, HIP_PUZZLE_MAX_K);
>> -
>> - mask = hton64((1ULL << u->pz.K) - 1);
>> - memcpy(cookie, &u->pz.I, sizeof(uint64_t));
>> -
>> - HIP_DEBUG("(u->pz.I: 0x%llx\n", u->pz.I);
>> -
>> - if (mode == HIP_VERIFY_PUZZLE) {
>> - ipv6_addr_copy((hip_hit_t *) (cookie + 8), &hdr->hits);
>> - ipv6_addr_copy((hip_hit_t *) (cookie + 24), &hdr->hitr);
>> - randval = u->sl.J;
>> - maxtries = 1;
>> - } else if (mode == HIP_SOLVE_PUZZLE) {
>> - ipv6_addr_copy((hip_hit_t *) (cookie + 8), &hdr->hitr);
>> - ipv6_addr_copy((hip_hit_t *) (cookie + 24), &hdr->hits);
>> - maxtries = 1ULL << (u->pz.K + 3);
>> - get_random_bytes(&randval, sizeof(uint64_t));
>> + uint32_t truncated_digest = 0;
>> + int err = -1;
>> +
>> + HIP_IFEL(difficulty > max_puzzle_difficulty,
>> + 1, "difficulty exceeds max. configured difficulty\n");
>> +
>> + HIP_IFEL(hip_build_digest(HIP_DIGEST_SHA1,
>> + compute_puzzle,
>> + sizeof(struct puzzle_common),
>> + sha_digest),
>> + -1, "failed to compute hash digest\n");
>
> You could return early with a (successful) solution of zero if difficulty == 0.
> If the caller is responsible of taking that shortcut, I'd add an assertion here to catch future callers who forget about this.

Done. I don't see your point in adding an assertion here.

>> + /* we are interested in the 8 least significant bytes */
>> + truncated_digest = *(uint32_t *) &sha_digest[SHA_DIGEST_LENGTH - sizeof(uint32_t)];
>
> The 8 least significant bytes have index 0..7. Also, sizeof(uint32_t) is 4, not 8.
>
>> +int hip_solve_puzzle(const uint64_t puzzle,
>> + const int difficulty,
>> + const hip_hit_t...

On 08.04.2011, at 06:35, Miika Komu wrote:
> Review: Needs Information
> The algorithm seems changed. Did you test it against the old, interoperable implementation?

I had already tested the following scenarios:
1.) puzzle-fixes <-> trunk
2.) trunk <-> puzzle-fixes
3.) puzzle-fixes <-> puzzle-fixes

All worked fine for me.

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

 review abstain

I have no opinion on this merge request, just some minor comments
that you may wish to ignore or adapt at your discretion...

On Fri, Apr 08, 2011 at 03:41:24PM +0000, René Hummen wrote:
>
> --- lib/core/solve.c 2011-01-24 10:21:17 +0000
> +++ lib/core/solve.c 2011-04-08 15:41:17 +0000
> @@ -28,11 +28,14 @@
>
> #include <errno.h>
> +#include <openssl/rand.h>
> #include <stdint.h>
> #include <string.h>
> +#include <strings.h>

nit:

#include <errno.h>
#include <stdint.h>
#include <string.h>
#include <strings.h>
#include <openssl/rand.h>

> @@ -43,104 +46,170 @@
> +static int hip_calculate_puzzle_solution(const struct puzzle_common *const compute_puzzle,
> + unsigned char sha_digest[SHA_DIGEST_LENGTH],
> + const int difficulty)
> {
> + HIP_IFEL(difficulty > max_puzzle_difficulty,
> + -1, "difficulty exceeds max. configured difficulty\n");
> +
> + HIP_IFEL(hip_build_digest(HIP_DIGEST_SHA1,
> + compute_puzzle,
> + sizeof(struct puzzle_common),
> + sha_digest),
> + -1, "failed to compute hash digest\n");
> +
> + /* check if position of first least significant 1-bit is higher than
> + * difficulty */
> + if (ffs(truncated_digest) > difficulty) {
> + err = 0;
> } else {
> + err = 1;
> + }
> +
> +out_err:
> + return err;
> +}

I would suggest doing that without HIP_IFEL, that would even save two
lines in the if/else clause.

> +/**
> + * Solve a computational puzzle for HIP
> + *
> + * @param puzzle puzzle to be solved
> + * @param difficulty difficulty of the puzzle
> + * @param initiator_hit initiator HIT of the message exchange
> + * @param responder_hit responder HIT of the message exchange
> + * @param solution computed puzzle solution
> + * @return 0 when solution was found, 1 in case no solution was found after
> + * MAX_PUZZLE_SOLUTION_TRIES, -1 in case of an error
> + */
> +int hip_solve_puzzle(const uint8_t puzzle[PUZZLE_LENGTH],
> + const int difficulty,
> + const hip_hit_t initiator_hit,
> + const hip_hit_t responder_hit,
> + uint8_t solution[PUZZLE_LENGTH])

Having solution as third parameter would feel more natural to me.

> +/**
> + * Verify a computational puzzle for HIP
> + *
> + * @param puzzle puzzle to be verified
> + * @param difficulty difficulty of the puzzle
> + * @param initiator_hit initiator HIT of the message exchange
> + * @param responder_hit responder HIT of the message exchange
> + * @param solution puzzle solution to be verified
> + * @return 0 when solution is correct, -1 otherwise
> + */
> +int hip_verify_puzzle_solution(const uint8_t puzzle[PUZZLE_LENGTH],
> + const uint8_t difficulty,
> + const hip_hit_t initiator_hit,
> + const hip_hit_t responder_hit,
> + const uint8_t solution[PUZZLE_LENGTH])

Having solution as third paramete...

Looks good; feel free to address the following points.

> + * Computes a single iteration for a computational puzzle
> + *
> + * @param compute_puzzle puzzle to be solved or verified
> + * @param sha_digest buffer for hash digest
> + * @param difficulty difficulty of the puzzle (number of leading zeros)
> + * @return 0 when hash has >= #difficulty least significant bits as zeros, 1
> + * when hash has < #difficulty least significant bits as zeros,
> + * -1 in case of an error
> */

@a difficulty

> +/**
> + * Solve a computational puzzle for HIP
> + *
> + * @param puzzle puzzle to be solved
> + * @param difficulty difficulty of the puzzle
> + * @param initiator_hit initiator HIT of the message exchange
> + * @param responder_hit responder HIT of the message exchange
> + * @param solution computed puzzle solution
> + * @return 0 when solution was found, 1 in case no solution was found after
> + * MAX_PUZZLE_SOLUTION_TRIES, -1 in case of an error
> + */

Prepend :: to create a hyperlink to a global in doxygen, e.g.
::MAX_PUZZLE_SOLUTION_TRIES in this case.

> + ipv6_addr_copy(&compute_puzzle.initiator_hit, &initiator_hit);
> + ipv6_addr_copy(&compute_puzzle.responder_hit, &responder_hit);

struct in6_addr can be copied using assignment AFAIK (there are more instances of this).

Hi René!

> === modified file 'hipd/cookie.c'
> --- hipd/cookie.c 2011-04-05 16:44:22 +0000
> +++ hipd/cookie.c 2011-04-08 15:41:17 +0000
> @@ -56,7 +56,7 @@
>
> #define HIP_R1TABLESIZE 3 /* precreate only this many R1s */
>
> -static int hip_cookie_difficulty = 1ULL; /* a difficulty of i leads to approx. 2^(i-1) hash computations during BEX */
> +static int hip_cookie_difficulty = 0; /* a difficulty of i leads to approx. 2^(i-1) hash computations during BEX */

[L] 'cookie' and 'puzzle' seem to refer to the same thing. It would be
great if this ambiguity were removed from the code and only a single
name was used.

> @@ -77,9 +77,9 @@
> */
> static int hip_set_cookie_difficulty(int k)

[M] 'const int k' for const correctness and boyscouting

> {
> - if (k > HIP_PUZZLE_MAX_K || k < 1) {
> + if (k > max_puzzle_difficulty || k < 0) {

[M] k is not ever supposed to be < 0, correct? If yes, please give it
an unsigned type.

> === modified file 'lib/core/builder.c'
> --- lib/core/builder.c 2011-04-07 16:58:58 +0000
> +++ lib/core/builder.c 2011-04-08 15:41:17 +0000
> @@ -2385,7 +2385,8 @@
> * @return zero for success, or non-zero on error
> */
> int hip_build_param_puzzle(struct hip_common *msg, uint8_t val_K,
> - uint8_t lifetime, uint32_t opaque, uint64_t random_i)
> + uint8_t lifetime, uint32_t opaque,
> + const uint8_t random_i[PUZZLE_LENGTH])

[M] const correctness for boyscouting

> === modified file 'lib/core/builder.h'
> --- lib/core/builder.h 2011-04-02 20:38:36 +0000
> +++ lib/core/builder.h 2011-04-08 15:41:17 +0000
> @@ -130,7 +130,7 @@
> uint8_t,
> uint8_t,
> uint32_t,
> - uint64_t);
> + const uint8_t *);

[M] 'const uint8_t *const'?

> @@ -150,7 +150,7 @@
> uint8_t);
> int hip_build_param_solution(struct hip_common *,
> const struct hip_puzzle *,
> - uint64_t);
> + uint8_t *);

[M] 'uint8_t *const'?

> === modified file 'lib/core/protodefs.h'
> --- lib/core/protodefs.h 2011-02-04 14:44:37 +0000
> +++ lib/core/protodefs.h 2011-04-08 15:41:17 +0000
> @@ -737,13 +737,17 @@
> uint64_t generation;
> } __attribute__ ((packed));
>
> +
> +/* puzzle and solutions are defined to have a length of 8 bytes */
> +#define PUZZLE_LENGTH 8

[M] 'const unsigned PUZZLE_LENGTH = 8;'

> === modified file 'lib/core/solve.c'
> --- lib/core/solve.c 2011-01-24 10:21:17 +0000
> +++ lib/core/solve.c 2011-04-08 15:41:17 +0000
> @@ -43,104 +46,170 @@
> #include "protodefs.h"
> #include "solve.h"
>
> +struct puzzle_common {
> + uint8_t puzzle[PUZZLE_LENGTH];
> + hip_hit_t initiator_hit;
> + hip_hit_t responder_hit;
> + uint8_t solution[PUZZLE_LENGTH];
> +} __attribute__ ((packed));

[M] The type is undocumented.

[M] The name 'puzzle_common' is not very descriptive (its opposite
'puzzle_uncommon' would be similarly helpful in understanding the
struct's purpose)...

Forgot my verdict on this merge proposal.

On 08.04.2011, at 20:08, Christof Mroz wrote:
> Review: Approve
> Looks good; feel free to address the following points.
>
>> + ipv6_addr_copy(&compute_puzzle.initiator_hit, &initiator_hit);
>> + ipv6_addr_copy(&compute_puzzle.responder_hit, &responder_hit);
>
> struct in6_addr can be copied using assignment AFAIK (there are more instances of this).

I don't see why a simple assignment should be sufficient with the following struct definition:

/*
 * IPv6 address
 */
struct in6_addr {
 union {
  __uint8_t __u6_addr8[16];
  __uint16_t __u6_addr16[8];
  __uint32_t __u6_addr32[4];
 } __u6_addr; /* 128-bit IP6 address */
};

In each case, in6_addr contains array, so we would merely copy pointers, right?

Ciao,
René

--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Chair of Communication and Distributed Systems
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://www.comsys.rwth-aachen.de/team/rene-hummen/

On Tue, 12 Apr 2011 13:15:56 +0200, René Hummen
<email address hidden> wrote:

>>> + ipv6_addr_copy(&compute_puzzle.initiator_hit, &initiator_hit);
>>> + ipv6_addr_copy(&compute_puzzle.responder_hit, &responder_hit);
>>
>> struct in6_addr can be copied using assignment AFAIK (there are more
>> instances of this).
>
> I don't see why a simple assignment should be sufficient with the
> following struct definition:

All I know is that the following works:

struct in6_addr a,b;
// ...
a = b;

I personally prefer this over an explicit byte copy... unless
ipv6_addr_copy does something extra. Assignment of structs is really
nothing else than a typesafe version of memcpy(&a, &b, sizeof(a)).

> In each case, in6_addr contains array, so we would merely copy pointers,
> right?

I'd say yes: an IPv6 address is essentially an opaque array of 16 bytes.

Thanks for this detailed review! Below the comments I did not address in the branch.

On 09.04.2011, at 02:04, Stefan Götz wrote:
> Hi René!
>
>> === modified file 'hipd/cookie.c'
>> --- hipd/cookie.c 2011-04-05 16:44:22 +0000
>> +++ hipd/cookie.c 2011-04-08 15:41:17 +0000
>> @@ -56,7 +56,7 @@
>>
>> #define HIP_R1TABLESIZE 3 /* precreate only this many R1s */
>>
>> -static int hip_cookie_difficulty = 1ULL; /* a difficulty of i leads to approx. 2^(i-1) hash computations during BEX */
>> +static int hip_cookie_difficulty = 0; /* a difficulty of i leads to approx. 2^(i-1) hash computations during BEX */
>
> [L] 'cookie' and 'puzzle' seem to refer to the same thing. It would be
> great if this ambiguity were removed from the code and only a single
> name was used.

Agreed, but that's not in the focus of this branch. I wouldn't want to change hip_cookie_difficulty to hip_puzzle_difficulty here, as the variable is located in cookie.c. Instead, we should probably rename the whole cookie functionality to puzzle.

>> === modified file 'lib/core/protodefs.h'
>> --- lib/core/protodefs.h 2011-02-04 14:44:37 +0000
>> +++ lib/core/protodefs.h 2011-04-08 15:41:17 +0000
>> @@ -737,13 +737,17 @@
>> uint64_t generation;
>> } __attribute__ ((packed));
>>
>> +
>> +/* puzzle and solutions are defined to have a length of 8 bytes */
>> +#define PUZZLE_LENGTH 8
>
> [M] 'const unsigned PUZZLE_LENGTH = 8;'

This won't work as I'm using PUZZLE_LENGTH for array definitions in structs, etc.

>> +static int hip_calculate_puzzle_solution(const struct puzzle_common *const compute_puzzle,
>> + unsigned char sha_digest[SHA_DIGEST_LENGTH],
>> + const int difficulty)
>> {
>
> [M] It seems that 'sha_digest' is accessed only within this function
> but never by any of its callers. Please declare it as a local variable
> instead of a function parameter.

It's called in a for loop by hip_solve_puzzle(). I don't want memory to be
allocated each time.

> [M] Since this function returns only two distinct values, please use
> 'bool' instead of 'int'

It returns -1, 0, and 1.

>> +int hip_verify_puzzle_solution(const uint8_t puzzle[PUZZLE_LENGTH],
>> + const uint8_t difficulty,
>> + const hip_hit_t initiator_hit,
>> + const hip_hit_t responder_hit,
>> + const uint8_t solution[PUZZLE_LENGTH])
>
> [M] This function only returns two distinct values. Please use 'bool'
> as the return type instead.

It's done like this everywhere in HIPL for notifying about errors. I don't want to introduce a "new way" of doing that in this branch.

> Btw. I like it that hip_hit_t's are passed around by value as opposed
> by error-prone reference.

Me too :)

>> === modified file 'lib/core/solve.h'
>> --- lib/core/solve.h 2010-10-15 15:29:14 +0000
>> +++ lib/core/solve.h 2011-04-08 15:41:17 +0000
>> @@ -30,10 +30,20 @@
>>
>> #include "protodefs.h"
>>
>> -#define HIP_PUZZLE_MAX_K 28
>> -
>> -uint64_t hip_solve_puzzle(const void *puzzle,
>> - ...

>> struct in6_addr can be copied using assignment AFAIK (there are more instances of this).
>
> I don't see why a simple assignment should be sufficient with the following struct definition:
>
> /*
>  * IPv6 address
>  */
> struct in6_addr {
>        union {
>                __uint8_t   __u6_addr8[16];
>                __uint16_t  __u6_addr16[8];
>                __uint32_t  __u6_addr32[4];
>        } __u6_addr;                    /* 128-bit IP6 address */
> };
>
> In each case, in6_addr contains array, so we would merely copy pointers, right?

No. The struct contains the actual array data. If you have the following:

int a[2];

Then you can use 'a' as if it was a pointer. However, the memory for
two integers is definitely allocated through this statement, be it in
a struct or as a variable.

Another way to look at it: if you really want a struct to contain an
array of uint32_t's (maybe plus some other data), there simply is no
other way of doing that than saying:

struct x {
     uint32_t a[4];
};

That array is 16 bytes long - sizeof will say the same.

Due to that: in6_addr should be assignable without a problem.

Yet another reason why it is possible: you can pass in6_addr structs
as function parameters by value. That implies that they can be copied
by assignment.

Stefan

Hi Rene!

Anything I haven't commented on I agree with and consider my previous
comments to be void.

>>> +static int hip_calculate_puzzle_solution(const struct puzzle_common *const compute_puzzle,
>>> +                                         unsigned char sha_digest[SHA_DIGEST_LENGTH],
>>> +                                         const int difficulty)
>>> {
>>
>> [M] It seems that 'sha_digest' is accessed only within this function
>> but never by any of its callers. Please declare it as a local variable
>> instead of a function parameter.
>
> It's called in a for loop by hip_solve_puzzle(). I don't want memory to be
> allocated each time.

Ok - please fix this, nevertheless:

1) If malloc() were to be used in each iteration, I'd agree. But as a
local variable, there is zero allocation overhead. The 'allocation'
happens on the stack and is essentially taken care of by the compiler
at compile time, as with any other local variable.

2) The next best option would be to declare sha_digest as a static
local variable - then that memory would be kept around in a fixed
location between calls. I'm pretty sure though that this solution is
still inferior to a non-static local variable because the non-static
local variable on the stack has better chances of being in the cache
and fewer chances for hash collisions.

>>> +/* right now we only support difficulties up to sizeof(int), as only ffs
>>> + * is available on OpenWRT */
>>
>> [M] 'difficulties of up to sizeof(int)' is incorrect because in fact
>> it is 'MIN(28, sizeof(int))'.
>
> Nope, the difficulty can be max sizeof(int). It might be any lower value though.
>
>>> +static const int max_puzzle_difficulty = sizeof(int) * 8 >= 28 ? 28 : sizeof(int) * 8;

Hm - maybe we misunderstand each other. What I'm trying to say is that
I read the code as follows:

if (sizeof(int) * 8) is greater than or equal to 28, then mpd is set to 28.
if (sizeof(int) * 8) is less than 28, then mpd is set to (sizeof(int)
* 8), i.e., a number smaller than 28.

So on 32-bit and 64-bit machines, we end up with 28. 16-bit machine: 16.

My complaint is the following: the comment says that a difficulty of
up to sizeof(int) [*8 I guess] is supported. On 32-bit and 64-bit
machines, that is incorrect as the maximum supported difficulty is 28
bits, not 32 or 64.

I guess the code is alright - it's the comment that bugs me, because
to me, it contradicts the code.

Stefan