diff options
author | TheJackiMonster <thejackimonster@gmail.com> | 2020-11-05 22:04:41 +0100 |
---|---|---|
committer | TheJackiMonster <thejackimonster@gmail.com> | 2020-11-05 22:04:41 +0100 |
commit | bd73336f5d7168f92574cf19703ec242c97e6062 (patch) | |
tree | 7fdb248c9a76ec78406406cf6f10faa79d8416c4 | |
parent | c07ae5c8d29202466f066e4dcddbfd091513db7c (diff) | |
download | gnunet-bd73336f5d7168f92574cf19703ec242c97e6062.tar.gz gnunet-bd73336f5d7168f92574cf19703ec242c97e6062.zip |
revocation and reclaim updated verification
Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
-rw-r--r-- | src/include/gnunet_revocation_service.h | 9 | ||||
-rw-r--r-- | src/reclaim/oidc_helper.c | 26 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 53 |
3 files changed, 34 insertions, 54 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 18c1f2674..3ad8f864b 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h | |||
@@ -95,7 +95,7 @@ struct GNUNET_REVOCATION_PowP | |||
95 | /** | 95 | /** |
96 | * The signature object we use for the PoW | 96 | * The signature object we use for the PoW |
97 | */ | 97 | */ |
98 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS | 98 | struct GNUNET_REVOCATION_SignaturePurposePS |
99 | { | 99 | { |
100 | /** | 100 | /** |
101 | * The signature purpose | 101 | * The signature purpose |
@@ -103,14 +103,9 @@ struct GNUNET_REVOCATION_EcdsaSignaturePurposePS | |||
103 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | 103 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; |
104 | 104 | ||
105 | /** | 105 | /** |
106 | * Type of the key | ||
107 | */ | ||
108 | uint32_t ktype; | ||
109 | |||
110 | /** | ||
111 | * The revoked public key | 106 | * The revoked public key |
112 | */ | 107 | */ |
113 | struct GNUNET_CRYPTO_EcdsaPublicKey key; | 108 | struct GNUNET_IDENTITY_PublicKey key; |
114 | 109 | ||
115 | /** | 110 | /** |
116 | * The timestamp of the revocation | 111 | * The timestamp of the revocation |
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index c3ff07976..0caa46b90 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -525,7 +525,7 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | |||
525 | // Get length | 525 | // Get length |
526 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 526 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
527 | + payload_len + sizeof(struct | 527 | + payload_len + sizeof(struct |
528 | GNUNET_CRYPTO_EcdsaSignature); | 528 | GNUNET_IDENTITY_Signature); |
529 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 529 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
530 | "Length of data to encode: %lu\n", | 530 | "Length of data to encode: %lu\n", |
531 | code_payload_len); | 531 | code_payload_len); |
@@ -544,10 +544,10 @@ OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | |||
544 | buf_ptr += payload_len; | 544 | buf_ptr += payload_len; |
545 | // Sign and store signature | 545 | // Sign and store signature |
546 | if (GNUNET_SYSERR == | 546 | if (GNUNET_SYSERR == |
547 | GNUNET_CRYPTO_ecdsa_sign_ (&issuer->ecdsa_key, | 547 | GNUNET_IDENTITY_private_key_sign_ (issuer, |
548 | purpose, | 548 | purpose, |
549 | (struct GNUNET_CRYPTO_EcdsaSignature *) | 549 | (struct GNUNET_IDENTITY_Signature *) |
550 | buf_ptr)) | 550 | buf_ptr)) |
551 | { | 551 | { |
552 | GNUNET_break (0); | 552 | GNUNET_break (0); |
553 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); | 553 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); |
@@ -593,7 +593,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
593 | char *code_challenge; | 593 | char *code_challenge; |
594 | char *code_verifier_hash; | 594 | char *code_verifier_hash; |
595 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 595 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
596 | struct GNUNET_CRYPTO_EcdsaSignature *signature; | 596 | struct GNUNET_IDENTITY_Signature *signature; |
597 | uint32_t code_challenge_len; | 597 | uint32_t code_challenge_len; |
598 | uint32_t attrs_ser_len; | 598 | uint32_t attrs_ser_len; |
599 | uint32_t pres_ser_len; | 599 | uint32_t pres_ser_len; |
@@ -609,7 +609,7 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
609 | (void **) &code_payload); | 609 | (void **) &code_payload); |
610 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 610 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
611 | + sizeof(struct OIDC_Parameters) | 611 | + sizeof(struct OIDC_Parameters) |
612 | + sizeof(struct GNUNET_CRYPTO_EcdsaSignature)) | 612 | + sizeof(struct GNUNET_IDENTITY_Signature)) |
613 | { | 613 | { |
614 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); | 614 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); |
615 | GNUNET_free (code_payload); | 615 | GNUNET_free (code_payload); |
@@ -620,10 +620,10 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
620 | plaintext_len = code_payload_len; | 620 | plaintext_len = code_payload_len; |
621 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); | 621 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); |
622 | ptr = (char *) &purpose[1]; | 622 | ptr = (char *) &purpose[1]; |
623 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EcdsaSignature); | 623 | plaintext_len -= sizeof(struct GNUNET_IDENTITY_Signature); |
624 | plaintext = ptr; | 624 | plaintext = ptr; |
625 | ptr += plaintext_len; | 625 | ptr += plaintext_len; |
626 | signature = (struct GNUNET_CRYPTO_EcdsaSignature *) ptr; | 626 | signature = (struct GNUNET_IDENTITY_Signature *) ptr; |
627 | params = (struct OIDC_Parameters *) plaintext; | 627 | params = (struct OIDC_Parameters *) plaintext; |
628 | 628 | ||
629 | // cmp code_challenge code_verifier | 629 | // cmp code_challenge code_verifier |
@@ -684,10 +684,10 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, | |||
684 | return GNUNET_SYSERR; | 684 | return GNUNET_SYSERR; |
685 | } | 685 | } |
686 | if (GNUNET_OK != | 686 | if (GNUNET_OK != |
687 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, | 687 | GNUNET_IDENTITY_public_key_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, |
688 | purpose, | 688 | purpose, |
689 | signature, | 689 | signature, |
690 | &ticket->identity.ecdsa_key)) | 690 | &(ticket->identity))) |
691 | { | 691 | { |
692 | GNUNET_free (code_payload); | 692 | GNUNET_free (code_payload); |
693 | if (NULL != *nonce_str) | 693 | if (NULL != *nonce_str) |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 94fbc7022..ee0150064 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -423,19 +423,18 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
423 | 423 | ||
424 | 424 | ||
425 | enum GNUNET_GenericReturnValue | 425 | enum GNUNET_GenericReturnValue |
426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | 426 | check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, |
427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | 427 | const struct GNUNET_IDENTITY_PublicKey *key) |
428 | { | 428 | { |
429 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp; | 429 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; |
430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | 430 | struct GNUNET_IDENTITY_Signature *sig; |
431 | const struct GNUNET_IDENTITY_PublicKey *pk; | 431 | const struct GNUNET_IDENTITY_PublicKey *pk; |
432 | size_t ksize; | 432 | size_t ksize; |
433 | 433 | ||
434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | 434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
435 | ksize = GNUNET_IDENTITY_key_get_length (pk); | 435 | ksize = GNUNET_IDENTITY_key_get_length (pk); |
436 | 436 | ||
437 | spurp.ktype = pk->type; | 437 | spurp.key = *pk; |
438 | spurp.key = pk->ecdsa_key; | ||
439 | spurp.timestamp = pow->timestamp; | 438 | spurp.timestamp = pow->timestamp; |
440 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 439 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
441 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 440 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
@@ -446,10 +445,10 @@ check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | |||
446 | ntohl (spurp.purpose.size)); | 445 | ntohl (spurp.purpose.size)); |
447 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); | 446 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); |
448 | if (GNUNET_OK != | 447 | if (GNUNET_OK != |
449 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | 448 | GNUNET_IDENTITY_public_key_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, |
450 | &spurp.purpose, | 449 | &spurp.purpose, |
451 | sig, | 450 | sig, |
452 | key)) | 451 | key)) |
453 | { | 452 | { |
454 | return GNUNET_SYSERR; | 453 | return GNUNET_SYSERR; |
455 | } | 454 | } |
@@ -463,14 +462,7 @@ check_signature (const struct GNUNET_REVOCATION_PowP *pow) | |||
463 | const struct GNUNET_IDENTITY_PublicKey *pk; | 462 | const struct GNUNET_IDENTITY_PublicKey *pk; |
464 | 463 | ||
465 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | 464 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
466 | switch (ntohl (pk->type)) | 465 | return check_signature_identity (pow, pk); |
467 | { | ||
468 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
469 | return check_signature_ecdsa (pow, &pk->ecdsa_key); | ||
470 | default: | ||
471 | return GNUNET_SYSERR; | ||
472 | } | ||
473 | return GNUNET_SYSERR; | ||
474 | } | 466 | } |
475 | 467 | ||
476 | 468 | ||
@@ -576,11 +568,11 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
576 | 568 | ||
577 | 569 | ||
578 | enum GNUNET_GenericReturnValue | 570 | enum GNUNET_GenericReturnValue |
579 | sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | 571 | sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key, |
580 | struct GNUNET_REVOCATION_PowP *pow) | 572 | struct GNUNET_REVOCATION_PowP *pow) |
581 | { | 573 | { |
582 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 574 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
583 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp; | 575 | struct GNUNET_REVOCATION_SignaturePurposePS rp; |
584 | const struct GNUNET_IDENTITY_PublicKey *pk; | 576 | const struct GNUNET_IDENTITY_PublicKey *pk; |
585 | size_t ksize; | 577 | size_t ksize; |
586 | char *sig; | 578 | char *sig; |
@@ -602,13 +594,13 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
602 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 594 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
603 | "Signature payload len: %u\n", | 595 | "Signature payload len: %u\n", |
604 | ntohl (rp.purpose.size)); | 596 | ntohl (rp.purpose.size)); |
605 | rp.ktype = pk->type; | 597 | rp.key = *pk; |
606 | rp.key = pk->ecdsa_key; | ||
607 | sig = ((char*)&pow[1]) + ksize; | 598 | sig = ((char*)&pow[1]) + ksize; |
608 | return GNUNET_CRYPTO_ecdsa_sign_ (key, | 599 | int result = GNUNET_IDENTITY_private_key_sign_ (key, |
609 | &rp.purpose, | 600 | &rp.purpose, |
610 | (void*) sig); | 601 | (void*) sig); |
611 | 602 | if (result == GNUNET_SYSERR) return GNUNET_NO; | |
603 | else return result; | ||
612 | } | 604 | } |
613 | 605 | ||
614 | 606 | ||
@@ -620,14 +612,7 @@ sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
620 | 612 | ||
621 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | 613 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
622 | GNUNET_IDENTITY_key_get_public (key, pk); | 614 | GNUNET_IDENTITY_key_get_public (key, pk); |
623 | switch (ntohl (pk->type)) | 615 | return sign_pow_identity (key, pow); |
624 | { | ||
625 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
626 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | ||
627 | default: | ||
628 | return GNUNET_NO; | ||
629 | } | ||
630 | return GNUNET_NO; | ||
631 | } | 616 | } |
632 | 617 | ||
633 | 618 | ||