diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-02-01 15:48:52 +0100 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-02-01 15:48:52 +0100 |
commit | 816bab695d6a7f4e359865e83b687d45ff66a2b1 (patch) | |
tree | 9e36e1d3d61e402a00119b727855fd71f01b795c | |
parent | 8e8f974d798b20e298de6583e8ad0b07ef9b0992 (diff) | |
download | gnunet-816bab695d6a7f4e359865e83b687d45ff66a2b1.tar.gz gnunet-816bab695d6a7f4e359865e83b687d45ff66a2b1.zip |
GNS: Fix revocation wire format
-rw-r--r-- | src/identity/identity_api.c | 75 | ||||
-rw-r--r-- | src/include/gnunet_identity_service.h | 59 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation-tvg.c | 23 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 20 |
4 files changed, 167 insertions, 10 deletions
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 4a7a69211..471569cb3 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c | |||
@@ -1063,6 +1063,25 @@ GNUNET_IDENTITY_signature_get_length (const struct | |||
1063 | 1063 | ||
1064 | 1064 | ||
1065 | ssize_t | 1065 | ssize_t |
1066 | GNUNET_IDENTITY_signature_get_raw_length_by_type (uint32_t type) | ||
1067 | { | ||
1068 | switch (ntohl (type)) | ||
1069 | { | ||
1070 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
1071 | return sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
1072 | break; | ||
1073 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
1074 | return sizeof (struct GNUNET_CRYPTO_EddsaSignature); | ||
1075 | break; | ||
1076 | default: | ||
1077 | GNUNET_break (0); | ||
1078 | } | ||
1079 | return -1; | ||
1080 | } | ||
1081 | |||
1082 | |||
1083 | |||
1084 | ssize_t | ||
1066 | GNUNET_IDENTITY_read_signature_from_buffer (struct | 1085 | GNUNET_IDENTITY_read_signature_from_buffer (struct |
1067 | GNUNET_IDENTITY_Signature *sig, | 1086 | GNUNET_IDENTITY_Signature *sig, |
1068 | const void*buffer, | 1087 | const void*buffer, |
@@ -1099,6 +1118,31 @@ GNUNET_IDENTITY_write_signature_to_buffer (const struct | |||
1099 | return length; | 1118 | return length; |
1100 | } | 1119 | } |
1101 | 1120 | ||
1121 | enum GNUNET_GenericReturnValue | ||
1122 | GNUNET_IDENTITY_sign_raw_ (const struct | ||
1123 | GNUNET_IDENTITY_PrivateKey *priv, | ||
1124 | const struct | ||
1125 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
1126 | unsigned char *sig) | ||
1127 | { | ||
1128 | switch (ntohl (priv->type)) | ||
1129 | { | ||
1130 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
1131 | return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose, | ||
1132 | (struct GNUNET_CRYPTO_EcdsaSignature*)sig); | ||
1133 | break; | ||
1134 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
1135 | return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose, | ||
1136 | (struct GNUNET_CRYPTO_EddsaSignature*)sig); | ||
1137 | break; | ||
1138 | default: | ||
1139 | GNUNET_break (0); | ||
1140 | } | ||
1141 | |||
1142 | return GNUNET_SYSERR; | ||
1143 | } | ||
1144 | |||
1145 | |||
1102 | 1146 | ||
1103 | enum GNUNET_GenericReturnValue | 1147 | enum GNUNET_GenericReturnValue |
1104 | GNUNET_IDENTITY_sign_ (const struct | 1148 | GNUNET_IDENTITY_sign_ (const struct |
@@ -1155,6 +1199,37 @@ GNUNET_IDENTITY_signature_verify_ (uint32_t purpose, | |||
1155 | } | 1199 | } |
1156 | 1200 | ||
1157 | 1201 | ||
1202 | enum GNUNET_GenericReturnValue | ||
1203 | GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose, | ||
1204 | const struct | ||
1205 | GNUNET_CRYPTO_EccSignaturePurpose * | ||
1206 | validate, | ||
1207 | const unsigned char *sig, | ||
1208 | const struct | ||
1209 | GNUNET_IDENTITY_PublicKey *pub) | ||
1210 | { | ||
1211 | switch (ntohl (pub->type)) | ||
1212 | { | ||
1213 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
1214 | return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate, | ||
1215 | (struct GNUNET_CRYPTO_EcdsaSignature*)sig, | ||
1216 | &(pub->ecdsa_key)); | ||
1217 | break; | ||
1218 | case GNUNET_IDENTITY_TYPE_EDDSA: | ||
1219 | return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate, | ||
1220 | (struct GNUNET_CRYPTO_EddsaSignature*)sig, | ||
1221 | &(pub->eddsa_key)); | ||
1222 | break; | ||
1223 | default: | ||
1224 | GNUNET_break (0); | ||
1225 | } | ||
1226 | |||
1227 | return GNUNET_SYSERR; | ||
1228 | } | ||
1229 | |||
1230 | |||
1231 | |||
1232 | |||
1158 | ssize_t | 1233 | ssize_t |
1159 | GNUNET_IDENTITY_encrypt (const void *block, | 1234 | GNUNET_IDENTITY_encrypt (const void *block, |
1160 | size_t size, | 1235 | size_t size, |
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h index b2a45577f..227c7f486 100644 --- a/src/include/gnunet_identity_service.h +++ b/src/include/gnunet_identity_service.h | |||
@@ -459,6 +459,21 @@ GNUNET_IDENTITY_signature_get_length (const struct | |||
459 | 459 | ||
460 | 460 | ||
461 | /** | 461 | /** |
462 | * Get the compacted length of a signature by type. | ||
463 | * Compacted means that it returns the minimum number of bytes this | ||
464 | * signature is long, as opposed to the union structure inside | ||
465 | * #GNUNET_IDENTITY_Signature. | ||
466 | * Useful for compact serializations. | ||
467 | * | ||
468 | * @param sig the signature. | ||
469 | * @return -1 on error, else the compacted length of the signature. | ||
470 | */ | ||
471 | ssize_t | ||
472 | GNUNET_IDENTITY_signature_get_raw_length_by_type (const uint32_t type); | ||
473 | |||
474 | |||
475 | |||
476 | /** | ||
462 | * Reads a #GNUNET_IDENTITY_Signature from a compact buffer. | 477 | * Reads a #GNUNET_IDENTITY_Signature from a compact buffer. |
463 | * The buffer has to contain at least the compacted length of | 478 | * The buffer has to contain at least the compacted length of |
464 | * a #GNUNET_IDENTITY_Signature in bytes. | 479 | * a #GNUNET_IDENTITY_Signature in bytes. |
@@ -516,6 +531,26 @@ GNUNET_IDENTITY_sign_ (const struct | |||
516 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, | 531 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, |
517 | struct GNUNET_IDENTITY_Signature *sig); | 532 | struct GNUNET_IDENTITY_Signature *sig); |
518 | 533 | ||
534 | /** | ||
535 | * @brief Sign a given block. | ||
536 | * | ||
537 | * The @a purpose data is the beginning of the data of which the signature is | ||
538 | * to be created. The `size` field in @a purpose must correctly indicate the | ||
539 | * number of bytes of the data structure, including its header. | ||
540 | * The signature payload and length depends on the key type. | ||
541 | * | ||
542 | * @param priv private key to use for the signing | ||
543 | * @param purpose what to sign (size, purpose) | ||
544 | * @param[out] sig where to write the signature | ||
545 | * @return #GNUNET_SYSERR on error, #GNUNET_OK on success | ||
546 | */ | ||
547 | enum GNUNET_GenericReturnValue | ||
548 | GNUNET_IDENTITY_sign_raw_ (const struct | ||
549 | GNUNET_IDENTITY_PrivateKey *priv, | ||
550 | const struct | ||
551 | GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
552 | unsigned char *sig); | ||
553 | |||
519 | 554 | ||
520 | /** | 555 | /** |
521 | * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey. | 556 | * @brief Sign a given block with #GNUNET_IDENTITY_PrivateKey. |
@@ -566,6 +601,30 @@ GNUNET_IDENTITY_signature_verify_ (uint32_t purpose, | |||
566 | const struct | 601 | const struct |
567 | GNUNET_IDENTITY_PublicKey *pub); | 602 | GNUNET_IDENTITY_PublicKey *pub); |
568 | 603 | ||
604 | /** | ||
605 | * @brief Verify a given signature. | ||
606 | * | ||
607 | * The @a validate data is the beginning of the data of which the signature | ||
608 | * is to be verified. The `size` field in @a validate must correctly indicate | ||
609 | * the number of bytes of the data structure, including its header. If @a | ||
610 | * purpose does not match the purpose given in @a validate (the latter must be | ||
611 | * in big endian), signature verification fails. | ||
612 | * | ||
613 | * @param purpose what is the purpose that the signature should have? | ||
614 | * @param validate block to validate (size, purpose, data) | ||
615 | * @param sig signature that is being validated | ||
616 | * @param pub public key of the signer | ||
617 | * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid | ||
618 | */ | ||
619 | enum GNUNET_GenericReturnValue | ||
620 | GNUNET_IDENTITY_signature_verify_raw_ (uint32_t purpose, | ||
621 | const struct | ||
622 | GNUNET_CRYPTO_EccSignaturePurpose * | ||
623 | validate, | ||
624 | const unsigned char *sig, | ||
625 | const struct | ||
626 | GNUNET_IDENTITY_PublicKey *pub); | ||
627 | |||
569 | 628 | ||
570 | /** | 629 | /** |
571 | * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey. | 630 | * @brief Verify a given signature with #GNUNET_IDENTITY_PublicKey. |
diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c index 0838cecc4..f1d4b0334 100644 --- a/src/revocation/gnunet-revocation-tvg.c +++ b/src/revocation/gnunet-revocation-tvg.c | |||
@@ -34,6 +34,28 @@ | |||
34 | #define TEST_EPOCHS 2 | 34 | #define TEST_EPOCHS 2 |
35 | #define TEST_DIFFICULTY 5 | 35 | #define TEST_DIFFICULTY 5 |
36 | 36 | ||
37 | static char* d_pkey = | ||
38 | "6fea32c05af58bfa979553d188605fd57d8bf9cc263b78d5f7478c07b998ed70"; | ||
39 | |||
40 | int parsehex(char *src, char *dst, size_t dstlen, int invert) | ||
41 | { | ||
42 | char *line = src; | ||
43 | char *data = line; | ||
44 | int off; | ||
45 | int read_byte; | ||
46 | int data_len = 0; | ||
47 | |||
48 | while (sscanf(data, " %02x%n", &read_byte, &off) == 1) { | ||
49 | if (invert) | ||
50 | dst[dstlen - 1 - data_len++] = read_byte; | ||
51 | else | ||
52 | dst[data_len++] = read_byte; | ||
53 | data += off; | ||
54 | } | ||
55 | return data_len; | ||
56 | } | ||
57 | |||
58 | |||
37 | static void | 59 | static void |
38 | print_bytes_ (void *buf, | 60 | print_bytes_ (void *buf, |
39 | size_t buf_len, | 61 | size_t buf_len, |
@@ -87,6 +109,7 @@ run (void *cls, | |||
87 | 109 | ||
88 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA); | 110 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA); |
89 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); | 111 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); |
112 | parsehex(d_pkey,(char*)&id_priv.ecdsa_key, sizeof (id_priv.ecdsa_key), 1); | ||
90 | GNUNET_IDENTITY_key_get_public (&id_priv, | 113 | GNUNET_IDENTITY_key_get_public (&id_priv, |
91 | &id_pub); | 114 | &id_pub); |
92 | GNUNET_STRINGS_data_to_string (&id_pub, | 115 | GNUNET_STRINGS_data_to_string (&id_pub, |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index d5bd53e56..8f05b88fd 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -410,7 +410,7 @@ check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | |||
410 | const struct GNUNET_IDENTITY_PublicKey *key) | 410 | const struct GNUNET_IDENTITY_PublicKey *key) |
411 | { | 411 | { |
412 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; | 412 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; |
413 | struct GNUNET_IDENTITY_Signature *sig; | 413 | unsigned char *sig; |
414 | const struct GNUNET_IDENTITY_PublicKey *pk; | 414 | const struct GNUNET_IDENTITY_PublicKey *pk; |
415 | size_t ksize; | 415 | size_t ksize; |
416 | 416 | ||
@@ -427,12 +427,12 @@ check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | |||
427 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 427 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
428 | "Expected signature payload len: %u\n", | 428 | "Expected signature payload len: %u\n", |
429 | ntohl (spurp->purpose.size)); | 429 | ntohl (spurp->purpose.size)); |
430 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); | 430 | sig = ((unsigned char*) &pow[1] + ksize); |
431 | if (GNUNET_OK != | 431 | if (GNUNET_OK != |
432 | GNUNET_IDENTITY_signature_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | 432 | GNUNET_IDENTITY_signature_verify_raw_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, |
433 | &spurp->purpose, | 433 | &spurp->purpose, |
434 | sig, | 434 | sig, |
435 | key)) | 435 | key)) |
436 | { | 436 | { |
437 | return GNUNET_SYSERR; | 437 | return GNUNET_SYSERR; |
438 | } | 438 | } |
@@ -588,9 +588,9 @@ sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
588 | ((char*) &rp[1]), | 588 | ((char*) &rp[1]), |
589 | ksize); | 589 | ksize); |
590 | sig = ((char*) &pow[1]) + ksize; | 590 | sig = ((char*) &pow[1]) + ksize; |
591 | int result = GNUNET_IDENTITY_sign_ (key, | 591 | int result = GNUNET_IDENTITY_sign_raw_ (key, |
592 | &rp->purpose, | 592 | &rp->purpose, |
593 | (void*) sig); | 593 | (void*) sig); |
594 | if (result == GNUNET_SYSERR) | 594 | if (result == GNUNET_SYSERR) |
595 | return GNUNET_NO; | 595 | return GNUNET_NO; |
596 | else | 596 | else |
@@ -768,7 +768,7 @@ GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | |||
768 | ksize = GNUNET_IDENTITY_key_get_length (pk); | 768 | ksize = GNUNET_IDENTITY_key_get_length (pk); |
769 | size += ksize; | 769 | size += ksize; |
770 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); | 770 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); |
771 | size += GNUNET_IDENTITY_signature_get_length (sig); | 771 | size += GNUNET_IDENTITY_signature_get_raw_length_by_type (pk->type); |
772 | return size; | 772 | return size; |
773 | } | 773 | } |
774 | 774 | ||