diff options
| author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 11:57:30 +0200 |
|---|---|---|
| committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 12:11:23 +0200 |
| commit | 5d498b8e1b50373636126956d1c6addfd11ade5e (patch) | |
| tree | f7b7f140838ed52668ad3d02eadbc94cc9936318 | |
| parent | 5680378974db794d67b75473435a0651fad0cd24 (diff) | |
| download | gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.tar.gz gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.zip | |
- fix revocation
| -rw-r--r-- | src/include/gnunet_revocation_service.h | 32 | ||||
| -rw-r--r-- | src/revocation/gnunet-revocation.c | 58 | ||||
| -rw-r--r-- | src/revocation/gnunet-service-revocation.c | 12 | ||||
| -rw-r--r-- | src/revocation/plugin_block_revocation.c | 12 | ||||
| -rw-r--r-- | src/revocation/revocation_api.c | 87 | ||||
| -rw-r--r-- | src/revocation/test_revocation.c | 3 |
6 files changed, 142 insertions, 62 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 479cc61d7..18c1f2674 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h | |||
| @@ -53,6 +53,13 @@ extern "C" | |||
| 53 | #define GNUNET_REVOCATION_VERSION 0x00000001 | 53 | #define GNUNET_REVOCATION_VERSION 0x00000001 |
| 54 | 54 | ||
| 55 | /** | 55 | /** |
| 56 | * Maximum length of a revocation | ||
| 57 | */ | ||
| 58 | #define GNUNET_REVOCATION_MAX_PROOF_SIZE sizeof(struct GNUNET_REVOCATION_PowP) +\ | ||
| 59 | sizeof(struct GNUNET_IDENTITY_PublicKey) +\ | ||
| 60 | 1024 //FIXME max sig_len | ||
| 61 | |||
| 62 | /** | ||
| 56 | * The proof-of-work narrowing factor. | 63 | * The proof-of-work narrowing factor. |
| 57 | * The number of PoWs that are calculates as part of revocation. | 64 | * The number of PoWs that are calculates as part of revocation. |
| 58 | */ | 65 | */ |
| @@ -81,24 +88,14 @@ struct GNUNET_REVOCATION_PowP | |||
| 81 | */ | 88 | */ |
| 82 | uint64_t pow[POW_COUNT] GNUNET_PACKED; | 89 | uint64_t pow[POW_COUNT] GNUNET_PACKED; |
| 83 | 90 | ||
| 84 | /** | 91 | /** followed by the public key type, the key and a signature **/ |
| 85 | * The revoked public key | ||
| 86 | */ | ||
| 87 | struct GNUNET_IDENTITY_PublicKey key; | ||
| 88 | |||
| 89 | /** | ||
| 90 | * Length of the signature | ||
| 91 | */ | ||
| 92 | uint32_t sig_len; | ||
| 93 | |||
| 94 | /** followed by a signature **/ | ||
| 95 | }; | 92 | }; |
| 96 | 93 | ||
| 97 | 94 | ||
| 98 | /** | 95 | /** |
| 99 | * The signature object we use for the PoW | 96 | * The signature object we use for the PoW |
| 100 | */ | 97 | */ |
| 101 | struct GNUNET_REVOCATION_SignaturePurposePS | 98 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS |
| 102 | { | 99 | { |
| 103 | /** | 100 | /** |
| 104 | * The signature purpose | 101 | * The signature purpose |
| @@ -106,9 +103,14 @@ struct GNUNET_REVOCATION_SignaturePurposePS | |||
| 106 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | 103 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; |
| 107 | 104 | ||
| 108 | /** | 105 | /** |
| 106 | * Type of the key | ||
| 107 | */ | ||
| 108 | uint32_t ktype; | ||
| 109 | |||
| 110 | /** | ||
| 109 | * The revoked public key | 111 | * The revoked public key |
| 110 | */ | 112 | */ |
| 111 | struct GNUNET_IDENTITY_PublicKey key; | 113 | struct GNUNET_CRYPTO_EcdsaPublicKey key; |
| 112 | 114 | ||
| 113 | /** | 115 | /** |
| 114 | * The timestamp of the revocation | 116 | * The timestamp of the revocation |
| @@ -260,6 +262,10 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc); | |||
| 260 | void | 262 | void |
| 261 | GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc); | 263 | GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc); |
| 262 | 264 | ||
| 265 | size_t | ||
| 266 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow); | ||
| 267 | |||
| 268 | |||
| 263 | #if 0 /* keep Emacsens' auto-indent happy */ | 269 | #if 0 /* keep Emacsens' auto-indent happy */ |
| 264 | { | 270 | { |
| 265 | #endif | 271 | #endif |
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index 2ba5d0420..d59ea7c81 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c | |||
| @@ -213,7 +213,7 @@ static void | |||
| 213 | perform_revocation () | 213 | perform_revocation () |
| 214 | { | 214 | { |
| 215 | h = GNUNET_REVOCATION_revoke (cfg, | 215 | h = GNUNET_REVOCATION_revoke (cfg, |
| 216 | &proof_of_work, | 216 | proof_of_work, |
| 217 | &print_revocation_result, | 217 | &print_revocation_result, |
| 218 | NULL); | 218 | NULL); |
| 219 | } | 219 | } |
| @@ -228,11 +228,12 @@ perform_revocation () | |||
| 228 | static void | 228 | static void |
| 229 | sync_pow () | 229 | sync_pow () |
| 230 | { | 230 | { |
| 231 | size_t psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
| 231 | if ((NULL != filename) && | 232 | if ((NULL != filename) && |
| 232 | (sizeof(struct GNUNET_REVOCATION_PowP) != | 233 | (psize != |
| 233 | GNUNET_DISK_fn_write (filename, | 234 | GNUNET_DISK_fn_write (filename, |
| 234 | &proof_of_work, | 235 | proof_of_work, |
| 235 | sizeof(struct GNUNET_REVOCATION_PowP), | 236 | psize, |
| 236 | GNUNET_DISK_PERM_USER_READ | 237 | GNUNET_DISK_PERM_USER_READ |
| 237 | | GNUNET_DISK_PERM_USER_WRITE))) | 238 | | GNUNET_DISK_PERM_USER_WRITE))) |
| 238 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); | 239 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); |
| @@ -269,6 +270,7 @@ static void | |||
| 269 | calculate_pow (void *cls) | 270 | calculate_pow (void *cls) |
| 270 | { | 271 | { |
| 271 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls; | 272 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls; |
| 273 | size_t psize; | ||
| 272 | 274 | ||
| 273 | /* store temporary results */ | 275 | /* store temporary results */ |
| 274 | pow_task = NULL; | 276 | pow_task = NULL; |
| @@ -277,11 +279,12 @@ calculate_pow (void *cls) | |||
| 277 | /* actually do POW calculation */ | 279 | /* actually do POW calculation */ |
| 278 | if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph)) | 280 | if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph)) |
| 279 | { | 281 | { |
| 282 | psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
| 280 | if ((NULL != filename) && | 283 | if ((NULL != filename) && |
| 281 | (sizeof(struct GNUNET_REVOCATION_PowP) != | 284 | (psize != |
| 282 | GNUNET_DISK_fn_write (filename, | 285 | GNUNET_DISK_fn_write (filename, |
| 283 | &proof_of_work, | 286 | proof_of_work, |
| 284 | sizeof(struct GNUNET_REVOCATION_PowP), | 287 | psize, |
| 285 | GNUNET_DISK_PERM_USER_READ | 288 | GNUNET_DISK_PERM_USER_READ |
| 286 | | GNUNET_DISK_PERM_USER_WRITE))) | 289 | | GNUNET_DISK_PERM_USER_WRITE))) |
| 287 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); | 290 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); |
| @@ -328,6 +331,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
| 328 | struct GNUNET_IDENTITY_PublicKey key; | 331 | struct GNUNET_IDENTITY_PublicKey key; |
| 329 | const struct GNUNET_IDENTITY_PrivateKey *privkey; | 332 | const struct GNUNET_IDENTITY_PrivateKey *privkey; |
| 330 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; | 333 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; |
| 334 | size_t psize; | ||
| 331 | 335 | ||
| 332 | el = NULL; | 336 | el = NULL; |
| 333 | if (NULL == ego) | 337 | if (NULL == ego) |
| @@ -338,12 +342,15 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
| 338 | } | 342 | } |
| 339 | GNUNET_IDENTITY_ego_get_public_key (ego, &key); | 343 | GNUNET_IDENTITY_ego_get_public_key (ego, &key); |
| 340 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 344 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
| 341 | memset (&proof_of_work, 0, sizeof (proof_of_work)); | 345 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); |
| 342 | if ((NULL != filename) && (GNUNET_YES == GNUNET_DISK_file_test (filename)) && | 346 | if ((NULL != filename) && (GNUNET_YES == GNUNET_DISK_file_test (filename)) && |
| 343 | (sizeof(proof_of_work) == | 347 | (0 < (psize = |
| 344 | GNUNET_DISK_fn_read (filename, &proof_of_work, sizeof(proof_of_work)))) | 348 | GNUNET_DISK_fn_read (filename, proof_of_work, |
| 349 | GNUNET_REVOCATION_MAX_PROOF_SIZE)))) | ||
| 345 | { | 350 | { |
| 346 | if (0 != GNUNET_memcmp (&proof_of_work.key, &key)) | 351 | size_t ksize = GNUNET_IDENTITY_key_get_length (&key); |
| 352 | if (((psize - sizeof (*proof_of_work)) < ksize) || // Key too small | ||
| 353 | (0 != memcmp (&proof_of_work[1], &key, ksize))) // Keys do not match | ||
| 347 | { | 354 | { |
| 348 | fprintf (stderr, | 355 | fprintf (stderr, |
| 349 | _ ("Error: revocation certificate in `%s' is not for `%s'\n"), | 356 | _ ("Error: revocation certificate in `%s' is not for `%s'\n"), |
| @@ -352,7 +359,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
| 352 | return; | 359 | return; |
| 353 | } | 360 | } |
| 354 | if (GNUNET_YES == | 361 | if (GNUNET_YES == |
| 355 | GNUNET_REVOCATION_check_pow (&proof_of_work, | 362 | GNUNET_REVOCATION_check_pow (proof_of_work, |
| 356 | (unsigned int) matching_bits, | 363 | (unsigned int) matching_bits, |
| 357 | epoch_duration)) | 364 | epoch_duration)) |
| 358 | { | 365 | { |
| @@ -369,7 +376,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
| 369 | fprintf (stderr, | 376 | fprintf (stderr, |
| 370 | "%s", | 377 | "%s", |
| 371 | _ ("Continuing calculation where left off...\n")); | 378 | _ ("Continuing calculation where left off...\n")); |
| 372 | ph = GNUNET_REVOCATION_pow_start (&proof_of_work, | 379 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, |
| 373 | epochs, | 380 | epochs, |
| 374 | matching_bits); | 381 | matching_bits); |
| 375 | } | 382 | } |
| @@ -379,8 +386,8 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
| 379 | if (NULL == ph) | 386 | if (NULL == ph) |
| 380 | { | 387 | { |
| 381 | GNUNET_REVOCATION_pow_init (privkey, | 388 | GNUNET_REVOCATION_pow_init (privkey, |
| 382 | &proof_of_work); | 389 | proof_of_work); |
| 383 | ph = GNUNET_REVOCATION_pow_start (&proof_of_work, | 390 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, |
| 384 | epochs, /* Epochs */ | 391 | epochs, /* Epochs */ |
| 385 | matching_bits); | 392 | matching_bits); |
| 386 | } | 393 | } |
| @@ -404,6 +411,7 @@ run (void *cls, | |||
| 404 | const struct GNUNET_CONFIGURATION_Handle *c) | 411 | const struct GNUNET_CONFIGURATION_Handle *c) |
| 405 | { | 412 | { |
| 406 | struct GNUNET_IDENTITY_PublicKey pk; | 413 | struct GNUNET_IDENTITY_PublicKey pk; |
| 414 | size_t psize; | ||
| 407 | 415 | ||
| 408 | cfg = c; | 416 | cfg = c; |
| 409 | if (NULL != test_ego) | 417 | if (NULL != test_ego) |
| @@ -462,23 +470,33 @@ run (void *cls, | |||
| 462 | } | 470 | } |
| 463 | if ((NULL != filename) && (perform)) | 471 | if ((NULL != filename) && (perform)) |
| 464 | { | 472 | { |
| 465 | if (sizeof(proof_of_work) != GNUNET_DISK_fn_read (filename, | 473 | size_t bread; |
| 466 | &proof_of_work, | 474 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); |
| 467 | sizeof(proof_of_work))) | 475 | if (0 < (bread = GNUNET_DISK_fn_read (filename, |
| 476 | proof_of_work, | ||
| 477 | GNUNET_REVOCATION_MAX_PROOF_SIZE))) | ||
| 468 | { | 478 | { |
| 469 | fprintf (stderr, | 479 | fprintf (stderr, |
| 470 | _ ("Failed to read revocation certificate from `%s'\n"), | 480 | _ ("Failed to read revocation certificate from `%s'\n"), |
| 471 | filename); | 481 | filename); |
| 472 | return; | 482 | return; |
| 473 | } | 483 | } |
| 484 | psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
| 485 | if (bread != psize) | ||
| 486 | { | ||
| 487 | fprintf (stderr, | ||
| 488 | _ ("Revocation certificate corrupted in `%s'\n"), | ||
| 489 | filename); | ||
| 490 | return; | ||
| 491 | } | ||
| 474 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 492 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
| 475 | if (GNUNET_YES != | 493 | if (GNUNET_YES != |
| 476 | GNUNET_REVOCATION_check_pow (&proof_of_work, | 494 | GNUNET_REVOCATION_check_pow (proof_of_work, |
| 477 | (unsigned int) matching_bits, | 495 | (unsigned int) matching_bits, |
| 478 | epoch_duration)) | 496 | epoch_duration)) |
| 479 | { | 497 | { |
| 480 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; | 498 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; |
| 481 | ph = GNUNET_REVOCATION_pow_start (&proof_of_work, | 499 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, |
| 482 | epochs, /* Epochs */ | 500 | epochs, /* Epochs */ |
| 483 | matching_bits); | 501 | matching_bits); |
| 484 | 502 | ||
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 56ec9f489..0fa92f4a6 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c | |||
| @@ -306,10 +306,12 @@ publicize_rm (const struct RevokeMessage *rm) | |||
| 306 | struct RevokeMessage *cp; | 306 | struct RevokeMessage *cp; |
| 307 | struct GNUNET_HashCode hc; | 307 | struct GNUNET_HashCode hc; |
| 308 | struct GNUNET_SETU_Element e; | 308 | struct GNUNET_SETU_Element e; |
| 309 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 309 | 310 | ||
| 310 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; | 311 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
| 311 | GNUNET_CRYPTO_hash (&pow->key, | 312 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
| 312 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 313 | GNUNET_CRYPTO_hash (pk, |
| 314 | GNUNET_IDENTITY_key_get_length (pk), | ||
| 313 | &hc); | 315 | &hc); |
| 314 | if (GNUNET_YES == | 316 | if (GNUNET_YES == |
| 315 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, | 317 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, |
| @@ -832,6 +834,7 @@ run (void *cls, | |||
| 832 | uint64_t left; | 834 | uint64_t left; |
| 833 | struct RevokeMessage *rm; | 835 | struct RevokeMessage *rm; |
| 834 | struct GNUNET_HashCode hc; | 836 | struct GNUNET_HashCode hc; |
| 837 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 835 | 838 | ||
| 836 | GNUNET_CRYPTO_hash ("revocation-set-union-application-id", | 839 | GNUNET_CRYPTO_hash ("revocation-set-union-application-id", |
| 837 | strlen ("revocation-set-union-application-id"), | 840 | strlen ("revocation-set-union-application-id"), |
| @@ -932,8 +935,9 @@ run (void *cls, | |||
| 932 | } | 935 | } |
| 933 | struct GNUNET_REVOCATION_PowP *pow = (struct | 936 | struct GNUNET_REVOCATION_PowP *pow = (struct |
| 934 | GNUNET_REVOCATION_PowP *) &rm[1]; | 937 | GNUNET_REVOCATION_PowP *) &rm[1]; |
| 935 | GNUNET_CRYPTO_hash (&pow->key, | 938 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
| 936 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 939 | GNUNET_CRYPTO_hash (pk, |
| 940 | GNUNET_IDENTITY_key_get_length (pk), | ||
| 937 | &hc); | 941 | &hc); |
| 938 | GNUNET_break (GNUNET_OK == | 942 | GNUNET_break (GNUNET_OK == |
| 939 | GNUNET_CONTAINER_multihashmap_put (revocation_map, | 943 | GNUNET_CONTAINER_multihashmap_put (revocation_map, |
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index ba3c33b6f..3c9344a49 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c | |||
| @@ -144,6 +144,8 @@ block_plugin_revocation_evaluate (void *cls, | |||
| 144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
| 145 | } | 145 | } |
| 146 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; | 146 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
| 147 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 148 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
| 147 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, | 149 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, |
| 148 | ic->matching_bits, | 150 | ic->matching_bits, |
| 149 | ic->epoch_duration)) | 151 | ic->epoch_duration)) |
| @@ -151,8 +153,8 @@ block_plugin_revocation_evaluate (void *cls, | |||
| 151 | GNUNET_break_op (0); | 153 | GNUNET_break_op (0); |
| 152 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 154 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
| 153 | } | 155 | } |
| 154 | GNUNET_CRYPTO_hash (&pow->key, | 156 | GNUNET_CRYPTO_hash (pk, |
| 155 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 157 | GNUNET_IDENTITY_key_get_length (pk), |
| 156 | &chash); | 158 | &chash); |
| 157 | if (GNUNET_YES == | 159 | if (GNUNET_YES == |
| 158 | GNUNET_BLOCK_GROUP_bf_test_and_set (group, | 160 | GNUNET_BLOCK_GROUP_bf_test_and_set (group, |
| @@ -188,8 +190,10 @@ block_plugin_revocation_get_key (void *cls, | |||
| 188 | return GNUNET_SYSERR; | 190 | return GNUNET_SYSERR; |
| 189 | } | 191 | } |
| 190 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; | 192 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
| 191 | GNUNET_CRYPTO_hash (&pow->key, | 193 | const struct GNUNET_IDENTITY_PublicKey *pk; |
| 192 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 194 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
| 195 | GNUNET_CRYPTO_hash (pk, | ||
| 196 | GNUNET_IDENTITY_key_get_length (pk), | ||
| 193 | key); | 197 | key); |
| 194 | return GNUNET_OK; | 198 | return GNUNET_OK; |
| 195 | } | 199 | } |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 34529df35..94fbc7022 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
| @@ -359,7 +359,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
| 359 | } | 359 | } |
| 360 | h->func = func; | 360 | h->func = func; |
| 361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
| 362 | size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow); | 362 | size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow); |
| 363 | env = GNUNET_MQ_msg_extra (rm, | 363 | env = GNUNET_MQ_msg_extra (rm, |
| 364 | extra_len, | 364 | extra_len, |
| 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
| @@ -426,16 +426,25 @@ enum GNUNET_GenericReturnValue | |||
| 426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | 426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, |
| 427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | 427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) |
| 428 | { | 428 | { |
| 429 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | 429 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp; |
| 430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | 430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; |
| 431 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 432 | size_t ksize; | ||
| 431 | 433 | ||
| 432 | spurp.key = pow->key; | 434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
| 435 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
| 436 | |||
| 437 | spurp.ktype = pk->type; | ||
| 438 | spurp.key = pk->ecdsa_key; | ||
| 433 | spurp.timestamp = pow->timestamp; | 439 | spurp.timestamp = pow->timestamp; |
| 434 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 440 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
| 435 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 441 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
| 436 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | 442 | + GNUNET_IDENTITY_key_get_length (pk) |
| 437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 443 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
| 438 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1]; | 444 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 445 | "Expected signature payload len: %u\n", | ||
| 446 | ntohl (spurp.purpose.size)); | ||
| 447 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); | ||
| 439 | if (GNUNET_OK != | 448 | if (GNUNET_OK != |
| 440 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | 449 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, |
| 441 | &spurp.purpose, | 450 | &spurp.purpose, |
| @@ -451,10 +460,13 @@ check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | |||
| 451 | enum GNUNET_GenericReturnValue | 460 | enum GNUNET_GenericReturnValue |
| 452 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | 461 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) |
| 453 | { | 462 | { |
| 454 | switch (ntohl (pow->key.type)) | 463 | const struct GNUNET_IDENTITY_PublicKey *pk; |
| 464 | |||
| 465 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
| 466 | switch (ntohl (pk->type)) | ||
| 455 | { | 467 | { |
| 456 | case GNUNET_IDENTITY_TYPE_ECDSA: | 468 | case GNUNET_IDENTITY_TYPE_ECDSA: |
| 457 | return check_signature_ecdsa (pow, &pow->key.ecdsa_key); | 469 | return check_signature_ecdsa (pow, &pk->ecdsa_key); |
| 458 | default: | 470 | default: |
| 459 | return GNUNET_SYSERR; | 471 | return GNUNET_SYSERR; |
| 460 | } | 472 | } |
| @@ -487,6 +499,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
| 487 | unsigned int tmp_score = 0; | 499 | unsigned int tmp_score = 0; |
| 488 | unsigned int epochs; | 500 | unsigned int epochs; |
| 489 | uint64_t pow_val; | 501 | uint64_t pow_val; |
| 502 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 503 | |||
| 504 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
| 490 | 505 | ||
| 491 | /** | 506 | /** |
| 492 | * Check if signature valid | 507 | * Check if signature valid |
| @@ -510,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
| 510 | &pow->timestamp, | 525 | &pow->timestamp, |
| 511 | sizeof (uint64_t)); | 526 | sizeof (uint64_t)); |
| 512 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 527 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
| 513 | &pow->key, | 528 | pk, |
| 514 | sizeof(struct GNUNET_IDENTITY_PublicKey)); | 529 | GNUNET_IDENTITY_key_get_length (pk)); |
| 515 | for (unsigned int i = 0; i < POW_COUNT; i++) | 530 | for (unsigned int i = 0; i < POW_COUNT; i++) |
| 516 | { | 531 | { |
| 517 | pow_val = GNUNET_ntohll (pow->pow[i]); | 532 | pow_val = GNUNET_ntohll (pow->pow[i]); |
| @@ -565,7 +580,10 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
| 565 | struct GNUNET_REVOCATION_PowP *pow) | 580 | struct GNUNET_REVOCATION_PowP *pow) |
| 566 | { | 581 | { |
| 567 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 582 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
| 568 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 583 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp; |
| 584 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 585 | size_t ksize; | ||
| 586 | char *sig; | ||
| 569 | 587 | ||
| 570 | /** | 588 | /** |
| 571 | * Predate the validity period to prevent rejections due to | 589 | * Predate the validity period to prevent rejections due to |
| @@ -573,18 +591,23 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
| 573 | */ | 591 | */ |
| 574 | ts = GNUNET_TIME_absolute_subtract (ts, | 592 | ts = GNUNET_TIME_absolute_subtract (ts, |
| 575 | GNUNET_TIME_UNIT_WEEKS); | 593 | GNUNET_TIME_UNIT_WEEKS); |
| 576 | 594 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | |
| 595 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
| 577 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | 596 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); |
| 578 | rp.timestamp = pow->timestamp; | 597 | rp.timestamp = pow->timestamp; |
| 579 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 598 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
| 580 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 599 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
| 581 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | 600 | + ksize |
| 582 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 601 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
| 583 | rp.key = pow->key; | 602 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 584 | pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | 603 | "Signature payload len: %u\n", |
| 604 | ntohl (rp.purpose.size)); | ||
| 605 | rp.ktype = pk->type; | ||
| 606 | rp.key = pk->ecdsa_key; | ||
| 607 | sig = ((char*)&pow[1]) + ksize; | ||
| 585 | return GNUNET_CRYPTO_ecdsa_sign_ (key, | 608 | return GNUNET_CRYPTO_ecdsa_sign_ (key, |
| 586 | &rp.purpose, | 609 | &rp.purpose, |
| 587 | (void*) &pow[1]); | 610 | (void*) sig); |
| 588 | 611 | ||
| 589 | } | 612 | } |
| 590 | 613 | ||
| @@ -593,8 +616,11 @@ enum GNUNET_GenericReturnValue | |||
| 593 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | 616 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, |
| 594 | struct GNUNET_REVOCATION_PowP *pow) | 617 | struct GNUNET_REVOCATION_PowP *pow) |
| 595 | { | 618 | { |
| 596 | GNUNET_IDENTITY_key_get_public (key, &pow->key); | 619 | struct GNUNET_IDENTITY_PublicKey *pk; |
| 597 | switch (ntohl (pow->key.type)) | 620 | |
| 621 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
| 622 | GNUNET_IDENTITY_key_get_public (key, pk); | ||
| 623 | switch (ntohl (pk->type)) | ||
| 598 | { | 624 | { |
| 599 | case GNUNET_IDENTITY_TYPE_ECDSA: | 625 | case GNUNET_IDENTITY_TYPE_ECDSA: |
| 600 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | 626 | return sign_pow_ecdsa (&key->ecdsa_key, pow); |
| @@ -681,11 +707,13 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
| 681 | + sizeof (uint64_t) | 707 | + sizeof (uint64_t) |
| 682 | + sizeof (uint64_t)] GNUNET_ALIGN; | 708 | + sizeof (uint64_t)] GNUNET_ALIGN; |
| 683 | struct GNUNET_HashCode result; | 709 | struct GNUNET_HashCode result; |
| 710 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 684 | unsigned int zeros; | 711 | unsigned int zeros; |
| 685 | int ret; | 712 | int ret; |
| 686 | uint64_t pow_nbo; | 713 | uint64_t pow_nbo; |
| 687 | 714 | ||
| 688 | pc->current_pow++; | 715 | pc->current_pow++; |
| 716 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]); | ||
| 689 | 717 | ||
| 690 | /** | 718 | /** |
| 691 | * Do not try duplicates | 719 | * Do not try duplicates |
| @@ -699,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
| 699 | &pc->pow->timestamp, | 727 | &pc->pow->timestamp, |
| 700 | sizeof (uint64_t)); | 728 | sizeof (uint64_t)); |
| 701 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 729 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
| 702 | &pc->pow->key, | 730 | pk, |
| 703 | sizeof(struct GNUNET_IDENTITY_PublicKey)); | 731 | GNUNET_IDENTITY_key_get_length (pk)); |
| 704 | GNUNET_CRYPTO_pow_hash (&salt, | 732 | GNUNET_CRYPTO_pow_hash (&salt, |
| 705 | buf, | 733 | buf, |
| 706 | sizeof(buf), | 734 | sizeof(buf), |
| @@ -745,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
| 745 | } | 773 | } |
| 746 | 774 | ||
| 747 | 775 | ||
| 776 | size_t | ||
| 777 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | ||
| 778 | { | ||
| 779 | size_t size; | ||
| 780 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
| 781 | |||
| 782 | size = sizeof (struct GNUNET_REVOCATION_PowP); | ||
| 783 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
| 784 | size += GNUNET_IDENTITY_key_get_length (pk); | ||
| 785 | |||
| 786 | switch (ntohl (pk->type)) | ||
| 787 | { | ||
| 788 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
| 789 | return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
| 790 | default: | ||
| 791 | return 0; | ||
| 792 | } | ||
| 793 | return 0; | ||
| 794 | } | ||
| 795 | |||
| 796 | |||
| 748 | /* end of revocation_api.c */ | 797 | /* end of revocation_api.c */ |
diff --git a/src/revocation/test_revocation.c b/src/revocation/test_revocation.c index 58fcf2e76..c6457016f 100644 --- a/src/revocation/test_revocation.c +++ b/src/revocation/test_revocation.c | |||
| @@ -164,8 +164,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
| 164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); | 164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); |
| 165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); | 165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); |
| 166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
| 167 | proof_of_work = GNUNET_malloc (sizeof (struct GNUNET_REVOCATION_PowP) + | 167 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); |
| 168 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
| 169 | GNUNET_REVOCATION_pow_init (privkey, | 168 | GNUNET_REVOCATION_pow_init (privkey, |
| 170 | proof_of_work); | 169 | proof_of_work); |
| 171 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work, | 170 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work, |