[tahoe-dev] [mm] unparseable directory
Ben Laurie
ben at links.org
Mon May 5 21:44:23 PDT 2008
zooko wrote:
> On May 5, 2008, at 11:00 AM, Ben Laurie wrote:
>
>> OK, so I run:
>>
>> curl http://127.0.0.1:8124/uri/URI%3ASSK-RO%
>> 3Apgj2oefhipe2uzulz7kyvyfcbe%
>> 3A7xoalidet7oignxsnhra77ez7qxh6ro5humhumncabv4cghdkc2q > ssk-ro
> ...
>> I get 332 bytes, the sha1sum is
>>
>> $ sha1 ssk-ro
>> SHA1 (ssk-ro) = c7ccfeb56c6a40a090709f915307fba80fd909c8
>>
>> and I attach the contents of the file, which is just garbage.
>
> Yep, so we have a bonafide data integrity failure, where the
> capability that you used, above, should have yielded a valid version
> of the mutable file contents or else failed clearly, but instead it
> returned garbage. "Valid" in that sentence means that the file
> contents (or more precisely a deterministic function of the file
> contents) were digitally signed with an RSA key, the secure hash of
> the public component of which is embedded into the capability that
> you used.
>
> Since we haven't seen anything like this in our automated tests or
> our other usage, I'm inclined to suspect a build failure (especially
> in the C/C++ code that does erasure decoding, decryption, and digital
> signature verification) on your system.
>
> The code path for integrity verification of SSK ("Sub-Space Key", as
> called by Freenet, which in our docs are called "Small Distributed
> Mutable Files") is like this:
>
> http://allmydata.org/trac/tahoe/browser/docs/mutable.txt?rev=2514#L163
>
> The access pattern for read is:
> * hash read-key to get storage index
> * use storage index to locate 'k' shares with identical 'R' values
> * either get one share, read 'k' from it, then read k-1 shares
> * or read, say, 5 shares, discover k, either get more or be finished
> * or copy k into the URIs
> * read verification key
> * hash verification key, compare against verification key hash
> * read seqnum, R, encoding parameters, signature
> * verify signature against verification key
> * read share data, compute block-hash Merkle tree and root "r"
> * read share hash chain (leading from "r" to "R")
> * validate share hash chain up to the root "R"
> * submit share data to erasure decoding
> * decrypt decoded data with read-key
> * submit plaintext to application
>
> Hm... Thinking over this it seems like the only way that all these
> steps could complete with apparent success and then give you garbage
> would be if there is a bug in the digital signature checking, the
> erasure decoding, the decryption, or if you downloaded shares which
> were actually from different encodings of the file or different
> versions of the file but which incorrectly had identical version
> numbers and root hashes.
Since you don't do an integrity check after decryption (which seems
unwise), all that needs to fail is the decryption.
> Could you use the wui (point your web browser to http://
> 127.0.0.1:8124 ) and look at the "recent uploads and downloads" page
> and see which shares from which servers were used for fetching that
> mutable file?
I don't see how to do that? I see a "retrieve" operation, but clicking
on "Done" doesn't show me any servers...
> Also, could you paste the output of "bin/tahoe --version"?
$ bin/tahoe --version
allmydata: 1.0.0-r2514, foolscap: 0.2.5, pycryptopp: 0.3.0, zfec: 1.3.4,
twisted: 2.5.0, nevow: 0.9.18, simplejson: 1.7.3, pyopenssl: 0.6,
setuptools: 0.6c8
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
More information about the tahoe-dev
mailing list