summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2020-04-18 19:46:44 +0200
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2020-04-18 19:46:44 +0200
commitf00c18e631ce8bdaf80d20f236ef275c9cb99291 (patch)
tree7926acf614e631febcbd5c99243d9c00edd2fbc2
parent91cccda131a12be139d50effe4657c6b24e36135 (diff)
simplify pow even more; add timestamp to revocation pow
-rw-r--r--src/include/gnunet_revocation_service.h4
-rw-r--r--src/revocation/gnunet-revocation.c22
-rw-r--r--src/revocation/gnunet-service-revocation.c3
-rw-r--r--src/revocation/plugin_block_revocation.c3
-rw-r--r--src/revocation/revocation.h5
-rw-r--r--src/revocation/revocation_api.c17
-rw-r--r--src/util/crypto_pow.c39
7 files changed, 51 insertions, 42 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
index 7222cedc1..1e1abb787 100644
--- a/src/include/gnunet_revocation_service.h
+++ b/src/include/gnunet_revocation_service.h
@@ -105,6 +105,7 @@ struct GNUNET_REVOCATION_Handle;
* @param key public key of the key to revoke
* @param sig signature to use on the revocation (should have been
* created using #GNUNET_REVOCATION_sign_revocation).
+ * @param ts revocation timestamp
* @param pow proof of work to use (should have been created by
* iteratively calling #GNUNET_REVOCATION_check_pow)
* @param func funtion to call with the result of the check
@@ -117,6 +118,7 @@ struct GNUNET_REVOCATION_Handle *
GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+ const struct GNUNET_TIME_Absolute *ts,
uint64_t pow,
GNUNET_REVOCATION_Callback func, void *func_cls);
@@ -135,12 +137,14 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h);
* would be acceptable for revoking the given key.
*
* @param key key to check for
+ * @param ts revocation timestamp
* @param pow proof of work value
* @param matching_bits how many bits must match (configuration)
* @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
*/
int
GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+ const struct GNUNET_TIME_Absolute *ts,
uint64_t pow,
unsigned int matching_bits);
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c
index f5aa2d17e..42ec71d16 100644
--- a/src/revocation/gnunet-revocation.c
+++ b/src/revocation/gnunet-revocation.c
@@ -203,6 +203,11 @@ struct RevocationData
struct GNUNET_CRYPTO_EcdsaSignature sig;
/**
+ * Time of revocation
+ */
+ struct GNUNET_TIME_AbsoluteNBO ts;
+
+ /**
* Proof of work (in NBO).
*/
uint64_t pow GNUNET_PACKED;
@@ -215,9 +220,13 @@ struct RevocationData
static void
perform_revocation (const struct RevocationData *rd)
{
+ struct GNUNET_TIME_Absolute ts;
+
+ ts = GNUNET_TIME_absolute_ntoh (rd->ts);
h = GNUNET_REVOCATION_revoke (cfg,
&rd->key,
&rd->sig,
+ &ts,
rd->pow,
&print_revocation_result,
NULL);
@@ -273,6 +282,7 @@ static void
calculate_pow (void *cls)
{
struct RevocationData *rd = cls;
+ struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_ntoh (rd->ts);
/* store temporary results */
pow_task = NULL;
@@ -290,6 +300,7 @@ calculate_pow (void *cls)
/* actually do POW calculation */
rd->pow++;
if (GNUNET_OK == GNUNET_REVOCATION_check_pow (&rd->key,
+ &ts,
rd->pow,
(unsigned int) matching_bits))
{
@@ -331,6 +342,7 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
{
struct RevocationData *rd;
struct GNUNET_CRYPTO_EcdsaPublicKey key;
+ struct GNUNET_TIME_Absolute ts;
el = NULL;
if (NULL == ego)
@@ -361,9 +373,14 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
ego),
&rd->sig);
rd->key = key;
+ rd->ts = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ());
}
+ ts = GNUNET_TIME_absolute_ntoh (rd->ts);
if (GNUNET_YES ==
- GNUNET_REVOCATION_check_pow (&key, rd->pow, (unsigned int) matching_bits))
+ GNUNET_REVOCATION_check_pow (&key,
+ &ts,
+ rd->pow,
+ (unsigned int) matching_bits))
{
fprintf (stderr, "%s", _ ("Revocation certificate ready\n"));
if (perform)
@@ -397,6 +414,7 @@ run (void *cls,
{
struct GNUNET_CRYPTO_EcdsaPublicKey pk;
struct RevocationData rd;
+ struct GNUNET_TIME_Absolute ts;
cfg = c;
if (NULL != test_ego)
@@ -453,8 +471,10 @@ run (void *cls,
return;
}
GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
+ ts = GNUNET_TIME_absolute_ntoh (rd.ts);
if (GNUNET_YES !=
GNUNET_REVOCATION_check_pow (&rd.key,
+ &ts,
rd.pow,
(unsigned int) matching_bits))
{
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c
index 3e811cd9a..ff75faa2c 100644
--- a/src/revocation/gnunet-service-revocation.c
+++ b/src/revocation/gnunet-service-revocation.c
@@ -167,8 +167,11 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer)
static int
verify_revoke_message (const struct RevokeMessage *rm)
{
+ struct GNUNET_TIME_Absolute ts;
+ ts = GNUNET_TIME_absolute_ntoh (rm->ts);
if (GNUNET_YES !=
GNUNET_REVOCATION_check_pow (&rm->public_key,
+ &ts,
rm->proof_of_work,
(unsigned int) revocation_work_required))
{
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c
index 8d16b8781..57234fa36 100644
--- a/src/revocation/plugin_block_revocation.c
+++ b/src/revocation/plugin_block_revocation.c
@@ -134,6 +134,7 @@ block_plugin_revocation_evaluate (void *cls,
struct InternalContext *ic = cls;
struct GNUNET_HashCode chash;
const struct RevokeMessage *rm = reply_block;
+ struct GNUNET_TIME_Absolute ts;
if (NULL == reply_block)
return GNUNET_BLOCK_EVALUATION_REQUEST_VALID;
@@ -142,8 +143,10 @@ block_plugin_revocation_evaluate (void *cls,
GNUNET_break_op (0);
return GNUNET_BLOCK_EVALUATION_RESULT_INVALID;
}
+ ts = GNUNET_TIME_absolute_ntoh (rm->ts);
if (GNUNET_YES !=
GNUNET_REVOCATION_check_pow (&rm->public_key,
+ &ts,
rm->proof_of_work,
ic->matching_bits))
{
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h
index b6e7a07ec..184f58e0a 100644
--- a/src/revocation/revocation.h
+++ b/src/revocation/revocation.h
@@ -89,6 +89,11 @@ struct RevokeMessage
uint32_t reserved GNUNET_PACKED;
/**
+ * Timestamp
+ */
+ struct GNUNET_TIME_AbsoluteNBO ts;
+
+ /**
* Number that causes a hash collision with the @e public_key.
*/
uint64_t proof_of_work GNUNET_PACKED;
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 4755d4816..c2aafd254 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -235,6 +235,7 @@ handle_revocation_response (void *cls,
* @param key public key of the key to revoke
* @param sig signature to use on the revocation (should have been
* created using #GNUNET_REVOCATION_sign_revocation).
+ * @param ts revocation timestamp
* @param pow proof of work to use (should have been created by
* iteratively calling #GNUNET_REVOCATION_check_pow)
* @param func funtion to call with the result of the check
@@ -247,6 +248,7 @@ struct GNUNET_REVOCATION_Handle *
GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+ const struct GNUNET_TIME_Absolute *ts,
uint64_t pow,
GNUNET_REVOCATION_Callback func,
void *func_cls)
@@ -271,6 +273,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
&matching_bits)) &&
(GNUNET_YES !=
GNUNET_REVOCATION_check_pow (key,
+ ts,
pow,
(unsigned int) matching_bits)))
{
@@ -346,22 +349,32 @@ count_leading_zeroes (const struct GNUNET_HashCode *hash)
* would be acceptable for revoking the given key.
*
* @param key key to check for
+ * @param ts revocation timestamp
* @param pow proof of work value
* @param matching_bits how many bits must match (configuration)
* @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
*/
int
GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key,
+ const struct GNUNET_TIME_Absolute *ts,
uint64_t pow,
unsigned int matching_bits)
{
char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
- + sizeof(pow)] GNUNET_ALIGN;
+ + sizeof(pow)
+ + sizeof (struct GNUNET_TIME_AbsoluteNBO)] GNUNET_ALIGN;
struct GNUNET_HashCode result;
+ struct GNUNET_TIME_AbsoluteNBO ts_nbo;
- GNUNET_memcpy (buf, &pow, sizeof(pow));
+ ts_nbo = GNUNET_TIME_absolute_hton (*ts);
+
+ GNUNET_memcpy (buf, &pow, sizeof(pow)) ;
GNUNET_memcpy (&buf[sizeof(pow)], key,
sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey));
+ GNUNET_memcpy (&buf[sizeof(pow) + sizeof (struct GNUNET_TIME_AbsoluteNBO)],
+ &ts_nbo,
+ sizeof (struct GNUNET_TIME_AbsoluteNBO));
+
GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work",
buf,
sizeof(buf),
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c
index 5e225f244..1ab4443d1 100644
--- a/src/util/crypto_pow.c
+++ b/src/util/crypto_pow.c
@@ -47,12 +47,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt,
struct GNUNET_HashCode *result)
{
#ifdef LSD0001
- char twofish_iv[128 / 8]; // 128 bit IV
- char twofish_key[256 / 8]; // 256 bit Key
- char rbuf[buf_len];
- int rc;
- gcry_cipher_hd_t handle;
-
GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */
1024, /* memory (1 MiB) */
1, /* threads */
@@ -60,39 +54,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt,
buf_len,
salt,
strlen (salt),
- &twofish_key,
- sizeof (twofish_key)));
-
- GNUNET_CRYPTO_kdf (twofish_iv,
- sizeof (twofish_iv),
- "gnunet-proof-of-work-iv",
- strlen ("gnunet-proof-of-work-iv"),
- twofish_key,
- sizeof(twofish_key),
- salt,
- strlen (salt),
- NULL, 0);
- GNUNET_assert (0 ==
- gcry_cipher_open (&handle, GCRY_CIPHER_TWOFISH,
- GCRY_CIPHER_MODE_CFB, 0));
- rc = gcry_cipher_setkey (handle,
- twofish_key,
- sizeof(twofish_key));
- GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- rc = gcry_cipher_setiv (handle,
- twofish_iv,
- sizeof(twofish_iv));
- GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
- GNUNET_assert (0 == gcry_cipher_encrypt (handle, &rbuf, buf_len, buf,
- buf_len));
- gcry_cipher_close (handle);
- GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */
- 1024, /* memory (1 MiB) */
- 1, /* threads */
- rbuf,
- buf_len,
- salt,
- strlen (salt),
result,
sizeof (struct
GNUNET_HashCode)));