diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-09-30 18:00:11 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-09-30 18:00:11 +0000 |
commit | 28018959b9afc2a8259f35e074869fd88b31b03e (patch) | |
tree | 5e779c55eab35f3887a82103fa0a0178117dfc27 | |
parent | 5aa6d40f357879fa5048161c8d8c689688c4c254 (diff) | |
download | gnunet-28018959b9afc2a8259f35e074869fd88b31b03e.tar.gz gnunet-28018959b9afc2a8259f35e074869fd88b31b03e.zip |
adding skeleton for revocation service
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/Makefile.am | 1 | ||||
-rw-r--r-- | src/include/Makefile.am | 1 | ||||
-rw-r--r-- | src/include/gnunet_protocols.h | 41 | ||||
-rw-r--r-- | src/include/gnunet_revocation_service.h | 143 | ||||
-rw-r--r-- | src/include/gnunet_signatures.h | 5 | ||||
-rw-r--r-- | src/revocation/Makefile.am | 20 | ||||
-rw-r--r-- | src/revocation/revocation.conf.in | 18 | ||||
-rw-r--r-- | src/revocation/revocation.h | 121 |
9 files changed, 344 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index 71832fcdf..965c483c3 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1345,6 +1345,8 @@ src/psycstore/psycstore.conf | |||
1345 | src/pt/Makefile | 1345 | src/pt/Makefile |
1346 | src/regex/Makefile | 1346 | src/regex/Makefile |
1347 | src/regex/regex.conf | 1347 | src/regex/regex.conf |
1348 | src/revocation/Makefile | ||
1349 | src/revocation/regex.conf | ||
1348 | src/scalarproduct/Makefile | 1350 | src/scalarproduct/Makefile |
1349 | src/scalarproduct/scalarproduct.conf | 1351 | src/scalarproduct/scalarproduct.conf |
1350 | src/set/Makefile | 1352 | src/set/Makefile |
diff --git a/src/Makefile.am b/src/Makefile.am index 8c107bf83..c724e3ed0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am | |||
@@ -63,6 +63,7 @@ SUBDIRS = \ | |||
63 | dns \ | 63 | dns \ |
64 | identity \ | 64 | identity \ |
65 | set \ | 65 | set \ |
66 | revocation \ | ||
66 | namestore \ | 67 | namestore \ |
67 | vpn \ | 68 | vpn \ |
68 | gns \ | 69 | gns \ |
diff --git a/src/include/Makefile.am b/src/include/Makefile.am index f93c60bdf..9a6594b41 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am | |||
@@ -70,6 +70,7 @@ gnunetinclude_HEADERS = \ | |||
70 | gnunet_protocols.h \ | 70 | gnunet_protocols.h \ |
71 | gnunet_resolver_service.h \ | 71 | gnunet_resolver_service.h \ |
72 | gnunet_regex_service.h \ | 72 | gnunet_regex_service.h \ |
73 | gnunet_revocation_service.h \ | ||
73 | gnunet_scalarproduct_service.h \ | 74 | gnunet_scalarproduct_service.h \ |
74 | gnunet_scheduler_lib.h \ | 75 | gnunet_scheduler_lib.h \ |
75 | gnunet_server_lib.h \ | 76 | gnunet_server_lib.h \ |
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h index 38dcff976..c174006cf 100644 --- a/src/include/gnunet_protocols.h +++ b/src/include/gnunet_protocols.h | |||
@@ -1932,6 +1932,31 @@ extern "C" | |||
1932 | 1932 | ||
1933 | 1933 | ||
1934 | /******************************************************************************* | 1934 | /******************************************************************************* |
1935 | * REVOCATION message types | ||
1936 | ******************************************************************************/ | ||
1937 | |||
1938 | /** | ||
1939 | * Client to service: was this key revoked? | ||
1940 | */ | ||
1941 | #define GNUNET_MESSAGE_TYPE_REVOCATION_QUERY 636 | ||
1942 | |||
1943 | /** | ||
1944 | * Service to client: answer if key was revoked! | ||
1945 | */ | ||
1946 | #define GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE 637 | ||
1947 | |||
1948 | /** | ||
1949 | * Client to service OR peer-to-peer: revoke this key! | ||
1950 | */ | ||
1951 | #define GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE 638 | ||
1952 | |||
1953 | /** | ||
1954 | * Service to client: revocation confirmed | ||
1955 | */ | ||
1956 | #define GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE 639 | ||
1957 | |||
1958 | |||
1959 | /******************************************************************************* | ||
1935 | * SCALARPRODUCT message types | 1960 | * SCALARPRODUCT message types |
1936 | ******************************************************************************/ | 1961 | ******************************************************************************/ |
1937 | 1962 | ||
@@ -2086,18 +2111,13 @@ extern "C" | |||
2086 | #define GNUNET_MESSAGE_TYPE_PSYC_STATE_MOD_CONT 710 | 2111 | #define GNUNET_MESSAGE_TYPE_PSYC_STATE_MOD_CONT 710 |
2087 | 2112 | ||
2088 | 2113 | ||
2089 | /** | ||
2090 | * Next available: 730 | ||
2091 | */ | ||
2092 | |||
2093 | |||
2094 | |||
2095 | /* WIP: no numbers assigned yet */ | ||
2096 | |||
2097 | /******************************************************************************* | 2114 | /******************************************************************************* |
2098 | * MULTICAST message types | 2115 | * MULTICAST message types |
2099 | ******************************************************************************/ | 2116 | ******************************************************************************/ |
2100 | 2117 | ||
2118 | |||
2119 | /* WIP: no numbers assigned yet */ | ||
2120 | |||
2101 | /** | 2121 | /** |
2102 | * Multicast message from the origin to all members. | 2122 | * Multicast message from the origin to all members. |
2103 | */ | 2123 | */ |
@@ -2150,6 +2170,11 @@ extern "C" | |||
2150 | #define GNUNET_MESSAGE_TYPE_MULTICAST_REPLAY_REQUEST_CANCEL | 2170 | #define GNUNET_MESSAGE_TYPE_MULTICAST_REPLAY_REQUEST_CANCEL |
2151 | 2171 | ||
2152 | 2172 | ||
2173 | /** | ||
2174 | * Next available: 750 | ||
2175 | */ | ||
2176 | |||
2177 | |||
2153 | /******************************************************************************* | 2178 | /******************************************************************************* |
2154 | * PSYC message types | 2179 | * PSYC message types |
2155 | ******************************************************************************/ | 2180 | ******************************************************************************/ |
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h new file mode 100644 index 000000000..772dbbe75 --- /dev/null +++ b/src/include/gnunet_revocation_service.h | |||
@@ -0,0 +1,143 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | (C) 2013 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public Licerevocation as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public Licerevocation for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public Licerevocation | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | #ifndef GNUNET_REVOCATION_SERVICE_H_ | ||
22 | #define GNUNET_REVOCATION_SERVICE_H_ | ||
23 | |||
24 | /** | ||
25 | * @file include/gnunet_revocation_service.h | ||
26 | * @brief API to perform and access key revocations | ||
27 | * @defgroup revocation key revocation service | ||
28 | * @{ | ||
29 | */ | ||
30 | |||
31 | #ifdef __cplusplus | ||
32 | extern "C" | ||
33 | { | ||
34 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
35 | } | ||
36 | #endif | ||
37 | #endif | ||
38 | |||
39 | #include "gnunet_util_lib.h" | ||
40 | |||
41 | /** | ||
42 | * Version of the key revocation API. | ||
43 | */ | ||
44 | #define GNUNET_REVOCATION_VERSION 0x00000000 | ||
45 | |||
46 | /** | ||
47 | * Handle for the key revocation query. | ||
48 | */ | ||
49 | struct GNUNET_REVOCATION_Query; | ||
50 | |||
51 | /** | ||
52 | * Callback to call with the result of a key revocation query. | ||
53 | * | ||
54 | * @param cls closure | ||
55 | * @param is_valid #GNUNET_NO of the key is/was revoked, | ||
56 | * #GNUNET_YES if the key is still valid | ||
57 | * | ||
58 | */ | ||
59 | typedef void (*GNUNET_REVOCATION_Callback) (void *cls, | ||
60 | int is_valid); | ||
61 | |||
62 | |||
63 | /** | ||
64 | * Check if a key was revoked. | ||
65 | * | ||
66 | * @param cfg the configuration to use | ||
67 | * @param key key to check for revocation | ||
68 | * @param func funtion to call with the result of the check | ||
69 | * @param func_cls closure to pass to @a func | ||
70 | * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback | ||
71 | */ | ||
72 | struct GNUNET_REVOCATION_Query * | ||
73 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
74 | const struct GNUNET_CRYPTO_EccPublicSignKey *key, | ||
75 | GNUNET_REVOCATION_Callback func, void *func_cls); | ||
76 | |||
77 | |||
78 | /** | ||
79 | * Cancel key revocation check. | ||
80 | * | ||
81 | * @param q query to cancel | ||
82 | */ | ||
83 | void | ||
84 | GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q); | ||
85 | |||
86 | |||
87 | /** | ||
88 | * Handle for the key revocation operation. | ||
89 | */ | ||
90 | struct GNUNET_REVOCATION_Handle; | ||
91 | |||
92 | |||
93 | /** | ||
94 | * Perform key revocation. | ||
95 | * | ||
96 | * @param cfg the configuration to use | ||
97 | * @param key key to revoke | ||
98 | * @param pow proof of work to use | ||
99 | * @param func funtion to call with the result of the check | ||
100 | * (called with `is_valid` being #GNUNET_NO if | ||
101 | * the revocation worked). | ||
102 | * @param func_cls closure to pass to @a func | ||
103 | * @return handle to use in #GNUNET_REVOCATION_cancel to stop REVOCATION from invoking the callback | ||
104 | */ | ||
105 | struct GNUNET_REVOCATION_Handle * | ||
106 | GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
107 | const struct GNUNET_CRYPTO_EccPrivateKey *key, | ||
108 | uint64_t pow, | ||
109 | GNUNET_REVOCATION_Callback func, void *func_cls); | ||
110 | |||
111 | |||
112 | /** | ||
113 | * Cancel key revocation. | ||
114 | * | ||
115 | * @param h operation to cancel | ||
116 | */ | ||
117 | void | ||
118 | GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h); | ||
119 | |||
120 | |||
121 | /** | ||
122 | * Check if the given proof-of-work value | ||
123 | * would be acceptable for revoking the given key. | ||
124 | * | ||
125 | * @param key key to check for | ||
126 | * @param pow proof of work value | ||
127 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not | ||
128 | */ | ||
129 | int | ||
130 | GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key, | ||
131 | uint64_t pow); | ||
132 | |||
133 | |||
134 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
135 | { | ||
136 | #endif | ||
137 | #ifdef __cplusplus | ||
138 | } | ||
139 | #endif | ||
140 | |||
141 | /** @} */ /* end of group revocation */ | ||
142 | |||
143 | #endif /* GNUNET_REVOCATION_SERVICE_H_ */ | ||
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h index 5ecc7830f..54cf36209 100644 --- a/src/include/gnunet_signatures.h +++ b/src/include/gnunet_signatures.h | |||
@@ -53,6 +53,11 @@ extern "C" | |||
53 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT 2 | 53 | #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT 2 |
54 | 54 | ||
55 | /** | 55 | /** |
56 | * Signature for confirming a key revocation. | ||
57 | */ | ||
58 | #define GNUNET_SIGNATURE_PURPOSE_REVOCATION 3 | ||
59 | |||
60 | /** | ||
56 | * Signature for a namespace/pseudonym advertisement (by | 61 | * Signature for a namespace/pseudonym advertisement (by |
57 | * the namespace owner). | 62 | * the namespace owner). |
58 | */ | 63 | */ |
diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am new file mode 100644 index 000000000..cc0dfd15f --- /dev/null +++ b/src/revocation/Makefile.am | |||
@@ -0,0 +1,20 @@ | |||
1 | AM_CPPFLAGS = -I$(top_srcdir)/src/include | ||
2 | |||
3 | if MINGW | ||
4 | WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols | ||
5 | endif | ||
6 | |||
7 | if USE_COVERAGE | ||
8 | AM_CFLAGS = --coverage -O0 | ||
9 | XLIB = -lgcov | ||
10 | endif | ||
11 | |||
12 | pkgcfgdir= $(pkgdatadir)/config.d/ | ||
13 | |||
14 | libexecdir= $(pkglibdir)/libexec/ | ||
15 | |||
16 | pkgcfg_DATA = \ | ||
17 | revocation.conf | ||
18 | |||
19 | |||
20 | EXTRA_DIST = revocation.h \ No newline at end of file | ||
diff --git a/src/revocation/revocation.conf.in b/src/revocation/revocation.conf.in new file mode 100644 index 000000000..9c2485117 --- /dev/null +++ b/src/revocation/revocation.conf.in | |||
@@ -0,0 +1,18 @@ | |||
1 | [revocation] | ||
2 | AUTOSTART = NO | ||
3 | # not yet... | ||
4 | @JAVAPORT@PORT = 2112 | ||
5 | HOSTNAME = localhost | ||
6 | HOME = $SERVICEHOME | ||
7 | BINARY = gnunet-service-revocation | ||
8 | ACCEPT_FROM = 127.0.0.1; | ||
9 | ACCEPT_FROM6 = ::1; | ||
10 | UNIXPATH = /tmp/gnunet-service-revocation.unix | ||
11 | UNIX_MATCH_UID = NO | ||
12 | UNIX_MATCH_GID = YES | ||
13 | |||
14 | # 2^25 hash operations take about 16-24h on a modern i7 | ||
15 | # (using only a single-core) with SCRYPT. | ||
16 | # DO NOT CHANGE THIS VALUE, doing so will break the protocol! | ||
17 | WORKBITS = 25 | ||
18 | |||
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h new file mode 100644 index 000000000..aa15fd44a --- /dev/null +++ b/src/revocation/revocation.h | |||
@@ -0,0 +1,121 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2013 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Christian Grothoff | ||
23 | * @file revocation/revocation.h | ||
24 | * @brief messages for key revocation | ||
25 | */ | ||
26 | #ifndef REVOCATION_H | ||
27 | #define REVOCATION_H | ||
28 | |||
29 | #include "gnunet_util_lib.h" | ||
30 | |||
31 | GNUNET_NETWORK_STRUCT_BEGIN | ||
32 | |||
33 | /** | ||
34 | * Query key revocation status. | ||
35 | */ | ||
36 | struct GNUNET_REVOCATION_QueryMessage | ||
37 | { | ||
38 | /** | ||
39 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY | ||
40 | */ | ||
41 | struct GNUNET_MessageHeader header; | ||
42 | |||
43 | /** | ||
44 | * For alignment. | ||
45 | */ | ||
46 | uint32_t reserved GNUNET_PACKED; | ||
47 | |||
48 | /** | ||
49 | * Key to check. | ||
50 | */ | ||
51 | struct GNUNET_CRYPTO_EccPublicSignKey key GNUNET_PACKED; | ||
52 | |||
53 | }; | ||
54 | |||
55 | |||
56 | /** | ||
57 | * Key revocation response. | ||
58 | */ | ||
59 | struct GNUNET_REVOCATION_QueryResponseMessage | ||
60 | { | ||
61 | /** | ||
62 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE | ||
63 | */ | ||
64 | struct GNUNET_MessageHeader header; | ||
65 | |||
66 | /** | ||
67 | * #GNUNET_NO if revoked, #GNUNET_YES if valid. | ||
68 | */ | ||
69 | uint32_t is_valid GNUNET_PACKED; | ||
70 | |||
71 | }; | ||
72 | |||
73 | |||
74 | /** | ||
75 | * Revoke key. These messages are exchanged between peers (during | ||
76 | * flooding) but also sent by the client to the service. When the | ||
77 | * client sends it to the service, the message is answered by a | ||
78 | * #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE (which is just | ||
79 | * in a `struct GNUNET_MessageHeader`. | ||
80 | */ | ||
81 | struct GNUNET_REVOCATION_RevokeMessage | ||
82 | { | ||
83 | /** | ||
84 | * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE | ||
85 | */ | ||
86 | struct GNUNET_MessageHeader header; | ||
87 | |||
88 | /** | ||
89 | * For alignment. | ||
90 | */ | ||
91 | uint32_t reserved GNUNET_PACKED; | ||
92 | |||
93 | /** | ||
94 | * Signature confirming revocation. | ||
95 | */ | ||
96 | struct GNUNET_CRYPTO_EccSignature signature GNUNET_PACKED; | ||
97 | |||
98 | /** | ||
99 | * Must have purpose #GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
100 | * size expands over the key and the proof of work. | ||
101 | */ | ||
102 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose GNUNET_PACKED; | ||
103 | |||
104 | /** | ||
105 | * Key to revoke. | ||
106 | */ | ||
107 | struct GNUNET_CRYPTO_EccPublicSignKey public_key GNUNET_PACKED; | ||
108 | |||
109 | /** | ||
110 | * Number that causes a hash collision with the @e public_key. | ||
111 | */ | ||
112 | uint64_t proof_of_work GNUNET_PACKED; | ||
113 | |||
114 | }; | ||
115 | |||
116 | |||
117 | GNUNET_NETWORK_STRUCT_END | ||
118 | |||
119 | |||
120 | |||
121 | #endif | ||