- fix revocation

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-15 11:57:30 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-15 12:11:23 +0200
commit: 5d498b8e1b50373636126956d1c6addfd11ade5e (patch)
tree: f7b7f140838ed52668ad3d02eadbc94cc9936318 /src/revocation/revocation_api.c
parent: 5680378974db794d67b75473435a0651fad0cd24 (diff)
download: gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.tar.gz
gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.zip
1 files changed, 68 insertions, 19 deletions
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 34529df35..94fbc7022 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -359,7 +359,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
  }
  h->func = func;
  h->func_cls = func_cls;
-  size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow);
+  size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow);
  env = GNUNET_MQ_msg_extra (rm,
                             extra_len,
                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
@@ -426,16 +426,25 @@ enum GNUNET_GenericReturnValue
 check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,
                       const struct GNUNET_CRYPTO_EcdsaPublicKey *key)
 {
-  struct GNUNET_REVOCATION_SignaturePurposePS spurp;
+  struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp;
  struct GNUNET_CRYPTO_EcdsaSignature *sig;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  size_t ksize;
-  spurp.key = pow->key;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  ksize = GNUNET_IDENTITY_key_get_length (pk);
+  spurp.ktype = pk->type;
+  spurp.key = pk->ecdsa_key;
  spurp.timestamp = pow->timestamp;
  spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
  spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                              + sizeof(struct GNUNET_IDENTITY_PublicKey)
+                              + GNUNET_IDENTITY_key_get_length (pk)
                              + sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1];
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Expected signature payload len: %u\n",
+              ntohl (spurp.purpose.size));
+  sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize);
  if (GNUNET_OK !=
      GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
                                   &spurp.purpose,
@@ -451,10 +460,13 @@ check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,
 enum GNUNET_GenericReturnValue
 check_signature (const struct GNUNET_REVOCATION_PowP *pow)
 {
-  switch (ntohl (pow->key.type))
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  switch (ntohl (pk->type))
  {
  case GNUNET_IDENTITY_TYPE_ECDSA:
-    return check_signature_ecdsa (pow, &pow->key.ecdsa_key);
+    return check_signature_ecdsa (pow, &pk->ecdsa_key);
  default:
    return GNUNET_SYSERR;
  }
@@ -487,6 +499,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
  unsigned int tmp_score = 0;
  unsigned int epochs;
  uint64_t pow_val;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
  /**
   * Check if signature valid
@@ -510,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
                 &pow->timestamp,
                 sizeof (uint64_t));
  GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
-                 &pow->key,
+                 pk,
-                 sizeof(struct GNUNET_IDENTITY_PublicKey));
+                 GNUNET_IDENTITY_key_get_length (pk));
  for (unsigned int i = 0; i < POW_COUNT; i++)
  {
    pow_val = GNUNET_ntohll (pow->pow[i]);
@@ -565,7 +580,10 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                struct GNUNET_REVOCATION_PowP *pow)
 {
  struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
-  struct GNUNET_REVOCATION_SignaturePurposePS rp;
+  struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  size_t ksize;
+  char *sig;
  /**
   * Predate the validity period to prevent rejections due to
@@ -573,18 +591,23 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
   */
  ts = GNUNET_TIME_absolute_subtract (ts,
                                      GNUNET_TIME_UNIT_WEEKS);
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  ksize = GNUNET_IDENTITY_key_get_length (pk);
  pow->timestamp = GNUNET_TIME_absolute_hton (ts);
  rp.timestamp = pow->timestamp;
  rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
  rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
-                           + sizeof(struct GNUNET_IDENTITY_PublicKey)
+                           + ksize
                           + sizeof (struct GNUNET_TIME_AbsoluteNBO));
-  rp.key = pow->key;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-  pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
+              "Signature payload len: %u\n",
+              ntohl (rp.purpose.size));
+  rp.ktype = pk->type;
+  rp.key = pk->ecdsa_key;
+  sig = ((char*)&pow[1]) + ksize;
  return GNUNET_CRYPTO_ecdsa_sign_ (key,
                                    &rp.purpose,
-                                    (void*) &pow[1]);
+                                    (void*) sig);
 }
@@ -593,8 +616,11 @@ enum GNUNET_GenericReturnValue
 sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key,
          struct GNUNET_REVOCATION_PowP *pow)
 {
-  GNUNET_IDENTITY_key_get_public (key, &pow->key);
+  struct GNUNET_IDENTITY_PublicKey *pk;
-  switch (ntohl (pow->key.type))
+  pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  GNUNET_IDENTITY_key_get_public (key, pk);
+  switch (ntohl (pk->type))
  {
  case GNUNET_IDENTITY_TYPE_ECDSA:
    return sign_pow_ecdsa (&key->ecdsa_key, pow);
@@ -681,11 +707,13 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
           + sizeof (uint64_t)
           + sizeof (uint64_t)] GNUNET_ALIGN;
  struct GNUNET_HashCode result;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
  unsigned int zeros;
  int ret;
  uint64_t pow_nbo;
  pc->current_pow++;
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]);
  /**
   * Do not try duplicates
@@ -699,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
                 &pc->pow->timestamp,
                 sizeof (uint64_t));
  GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
-                 &pc->pow->key,
+                 pk,
-                 sizeof(struct GNUNET_IDENTITY_PublicKey));
+                 GNUNET_IDENTITY_key_get_length (pk));
  GNUNET_CRYPTO_pow_hash (&salt,
                          buf,
                          sizeof(buf),
@@ -745,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
 }
+size_t
+GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  size_t size;
+  const struct GNUNET_IDENTITY_PublicKey *pk;
+  size = sizeof (struct GNUNET_REVOCATION_PowP);
+  pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
+  size += GNUNET_IDENTITY_key_get_length (pk);
+  switch (ntohl (pk->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
+  default:
+    return 0;
+  }
+  return 0;
+}
 /* end of revocation_api.c */
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-15 11:57:30 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-15 12:11:23 +0200
commit	5d498b8e1b50373636126956d1c6addfd11ade5e (patch)
tree	f7b7f140838ed52668ad3d02eadbc94cc9936318 /src/revocation/revocation_api.c
parent	5680378974db794d67b75473435a0651fad0cd24 (diff)
download	gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.tar.gz gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.zip

diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 34529df35..94fbc7022 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c
@@ -359,7 +359,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
359	}	359	}
360	h->func = func;	360	h->func = func;
361	h->func_cls = func_cls;	361	h->func_cls = func_cls;
362	size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow);	362	size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow);
363	env = GNUNET_MQ_msg_extra (rm,	363	env = GNUNET_MQ_msg_extra (rm,
364	extra_len,	364	extra_len,
365	GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);	365	GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
@@ -426,16 +426,25 @@ enum GNUNET_GenericReturnValue
426	check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,	426	check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,
427	const struct GNUNET_CRYPTO_EcdsaPublicKey *key)	427	const struct GNUNET_CRYPTO_EcdsaPublicKey *key)
428	{	428	{
429	struct GNUNET_REVOCATION_SignaturePurposePS spurp;	429	struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp;
430	struct GNUNET_CRYPTO_EcdsaSignature *sig;	430	struct GNUNET_CRYPTO_EcdsaSignature *sig;
		431	const struct GNUNET_IDENTITY_PublicKey *pk;
		432	size_t ksize;
431		433
432	spurp.key = pow->key;	434	pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
		435	ksize = GNUNET_IDENTITY_key_get_length (pk);
		436
		437	spurp.ktype = pk->type;
		438	spurp.key = pk->ecdsa_key;
433	spurp.timestamp = pow->timestamp;	439	spurp.timestamp = pow->timestamp;
434	spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);	440	spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
435	spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)	441	spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
436	+ sizeof(struct GNUNET_IDENTITY_PublicKey)	442	+ GNUNET_IDENTITY_key_get_length (pk)
437	+ sizeof (struct GNUNET_TIME_AbsoluteNBO));	443	+ sizeof (struct GNUNET_TIME_AbsoluteNBO));
438	sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1];	444	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		445	"Expected signature payload len: %u\n",
		446	ntohl (spurp.purpose.size));
		447	sig = (struct GNUNET_CRYPTO_EcdsaSignature ) ((char)&pow[1] + ksize);
439	if (GNUNET_OK !=	448	if (GNUNET_OK !=
440	GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,	449	GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
441	&spurp.purpose,	450	&spurp.purpose,
@@ -451,10 +460,13 @@ check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow,
451	enum GNUNET_GenericReturnValue	460	enum GNUNET_GenericReturnValue
452	check_signature (const struct GNUNET_REVOCATION_PowP *pow)	461	check_signature (const struct GNUNET_REVOCATION_PowP *pow)
453	{	462	{
454	switch (ntohl (pow->key.type))	463	const struct GNUNET_IDENTITY_PublicKey *pk;
		464
		465	pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
		466	switch (ntohl (pk->type))
455	{	467	{
456	case GNUNET_IDENTITY_TYPE_ECDSA:	468	case GNUNET_IDENTITY_TYPE_ECDSA:
457	return check_signature_ecdsa (pow, &pow->key.ecdsa_key);	469	return check_signature_ecdsa (pow, &pk->ecdsa_key);
458	default:	470	default:
459	return GNUNET_SYSERR;	471	return GNUNET_SYSERR;
460	}	472	}
@@ -487,6 +499,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
487	unsigned int tmp_score = 0;	499	unsigned int tmp_score = 0;
488	unsigned int epochs;	500	unsigned int epochs;
489	uint64_t pow_val;	501	uint64_t pow_val;
		502	const struct GNUNET_IDENTITY_PublicKey *pk;
		503
		504	pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
490		505
491	/**	506	/**
492	* Check if signature valid	507	* Check if signature valid
@@ -510,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
510	&pow->timestamp,	525	&pow->timestamp,
511	sizeof (uint64_t));	526	sizeof (uint64_t));
512	GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],	527	GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
513	&pow->key,	528	pk,
514	sizeof(struct GNUNET_IDENTITY_PublicKey));	529	GNUNET_IDENTITY_key_get_length (pk));
515	for (unsigned int i = 0; i < POW_COUNT; i++)	530	for (unsigned int i = 0; i < POW_COUNT; i++)
516	{	531	{
517	pow_val = GNUNET_ntohll (pow->pow[i]);	532	pow_val = GNUNET_ntohll (pow->pow[i]);
@@ -565,7 +580,10 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
565	struct GNUNET_REVOCATION_PowP *pow)	580	struct GNUNET_REVOCATION_PowP *pow)
566	{	581	{
567	struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();	582	struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
568	struct GNUNET_REVOCATION_SignaturePurposePS rp;	583	struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp;
		584	const struct GNUNET_IDENTITY_PublicKey *pk;
		585	size_t ksize;
		586	char *sig;
569		587
570	/**	588	/**
571	* Predate the validity period to prevent rejections due to	589	* Predate the validity period to prevent rejections due to
@@ -573,18 +591,23 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
573	*/	591	*/
574	ts = GNUNET_TIME_absolute_subtract (ts,	592	ts = GNUNET_TIME_absolute_subtract (ts,
575	GNUNET_TIME_UNIT_WEEKS);	593	GNUNET_TIME_UNIT_WEEKS);
576		594	pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
		595	ksize = GNUNET_IDENTITY_key_get_length (pk);
577	pow->timestamp = GNUNET_TIME_absolute_hton (ts);	596	pow->timestamp = GNUNET_TIME_absolute_hton (ts);
578	rp.timestamp = pow->timestamp;	597	rp.timestamp = pow->timestamp;
579	rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);	598	rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);
580	rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)	599	rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
581	+ sizeof(struct GNUNET_IDENTITY_PublicKey)	600	+ ksize
582	+ sizeof (struct GNUNET_TIME_AbsoluteNBO));	601	+ sizeof (struct GNUNET_TIME_AbsoluteNBO));
583	rp.key = pow->key;	602	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
584	pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature));	603	"Signature payload len: %u\n",
		604	ntohl (rp.purpose.size));
		605	rp.ktype = pk->type;
		606	rp.key = pk->ecdsa_key;
		607	sig = ((char*)&pow[1]) + ksize;
585	return GNUNET_CRYPTO_ecdsa_sign_ (key,	608	return GNUNET_CRYPTO_ecdsa_sign_ (key,
586	&rp.purpose,	609	&rp.purpose,
587	(void*) &pow[1]);	610	(void*) sig);
588		611
589	}	612	}
590		613
@@ -593,8 +616,11 @@ enum GNUNET_GenericReturnValue
593	sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key,	616	sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key,
594	struct GNUNET_REVOCATION_PowP *pow)	617	struct GNUNET_REVOCATION_PowP *pow)
595	{	618	{
596	GNUNET_IDENTITY_key_get_public (key, &pow->key);	619	struct GNUNET_IDENTITY_PublicKey *pk;
597	switch (ntohl (pow->key.type))	620
		621	pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1];
		622	GNUNET_IDENTITY_key_get_public (key, pk);
		623	switch (ntohl (pk->type))
598	{	624	{
599	case GNUNET_IDENTITY_TYPE_ECDSA:	625	case GNUNET_IDENTITY_TYPE_ECDSA:
600	return sign_pow_ecdsa (&key->ecdsa_key, pow);	626	return sign_pow_ecdsa (&key->ecdsa_key, pow);
@@ -681,11 +707,13 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
681	+ sizeof (uint64_t)	707	+ sizeof (uint64_t)
682	+ sizeof (uint64_t)] GNUNET_ALIGN;	708	+ sizeof (uint64_t)] GNUNET_ALIGN;
683	struct GNUNET_HashCode result;	709	struct GNUNET_HashCode result;
		710	const struct GNUNET_IDENTITY_PublicKey *pk;
684	unsigned int zeros;	711	unsigned int zeros;
685	int ret;	712	int ret;
686	uint64_t pow_nbo;	713	uint64_t pow_nbo;
687		714
688	pc->current_pow++;	715	pc->current_pow++;
		716	pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]);
689		717
690	/**	718	/**
691	* Do not try duplicates	719	* Do not try duplicates
@@ -699,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
699	&pc->pow->timestamp,	727	&pc->pow->timestamp,
700	sizeof (uint64_t));	728	sizeof (uint64_t));
701	GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],	729	GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
702	&pc->pow->key,	730	pk,
703	sizeof(struct GNUNET_IDENTITY_PublicKey));	731	GNUNET_IDENTITY_key_get_length (pk));
704	GNUNET_CRYPTO_pow_hash (&salt,	732	GNUNET_CRYPTO_pow_hash (&salt,
705	buf,	733	buf,
706	sizeof(buf),	734	sizeof(buf),
@@ -745,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
745	}	773	}
746		774
747		775
		776	size_t
		777	GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow)
		778	{
		779	size_t size;
		780	const struct GNUNET_IDENTITY_PublicKey *pk;
		781
		782	size = sizeof (struct GNUNET_REVOCATION_PowP);
		783	pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1];
		784	size += GNUNET_IDENTITY_key_get_length (pk);
		785
		786	switch (ntohl (pk->type))
		787	{
		788	case GNUNET_IDENTITY_TYPE_ECDSA:
		789	return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature);
		790	default:
		791	return 0;
		792	}
		793	return 0;
		794	}
		795
		796
748	/* end of revocation_api.c */	797	/* end of revocation_api.c */