diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 11:57:30 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 12:11:23 +0200 |
commit | 5d498b8e1b50373636126956d1c6addfd11ade5e (patch) | |
tree | f7b7f140838ed52668ad3d02eadbc94cc9936318 /src/revocation/revocation_api.c | |
parent | 5680378974db794d67b75473435a0651fad0cd24 (diff) | |
download | gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.tar.gz gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.zip |
- fix revocation
Diffstat (limited to 'src/revocation/revocation_api.c')
-rw-r--r-- | src/revocation/revocation_api.c | 87 |
1 files changed, 68 insertions, 19 deletions
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 34529df35..94fbc7022 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -359,7 +359,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
359 | } | 359 | } |
360 | h->func = func; | 360 | h->func = func; |
361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
362 | size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow); | 362 | size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow); |
363 | env = GNUNET_MQ_msg_extra (rm, | 363 | env = GNUNET_MQ_msg_extra (rm, |
364 | extra_len, | 364 | extra_len, |
365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
@@ -426,16 +426,25 @@ enum GNUNET_GenericReturnValue | |||
426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | 426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, |
427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | 427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) |
428 | { | 428 | { |
429 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | 429 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp; |
430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | 430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; |
431 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
432 | size_t ksize; | ||
431 | 433 | ||
432 | spurp.key = pow->key; | 434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
435 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
436 | |||
437 | spurp.ktype = pk->type; | ||
438 | spurp.key = pk->ecdsa_key; | ||
433 | spurp.timestamp = pow->timestamp; | 439 | spurp.timestamp = pow->timestamp; |
434 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 440 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
435 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 441 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
436 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | 442 | + GNUNET_IDENTITY_key_get_length (pk) |
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 443 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
438 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1]; | 444 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
445 | "Expected signature payload len: %u\n", | ||
446 | ntohl (spurp.purpose.size)); | ||
447 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); | ||
439 | if (GNUNET_OK != | 448 | if (GNUNET_OK != |
440 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | 449 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, |
441 | &spurp.purpose, | 450 | &spurp.purpose, |
@@ -451,10 +460,13 @@ check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | |||
451 | enum GNUNET_GenericReturnValue | 460 | enum GNUNET_GenericReturnValue |
452 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | 461 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) |
453 | { | 462 | { |
454 | switch (ntohl (pow->key.type)) | 463 | const struct GNUNET_IDENTITY_PublicKey *pk; |
464 | |||
465 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
466 | switch (ntohl (pk->type)) | ||
455 | { | 467 | { |
456 | case GNUNET_IDENTITY_TYPE_ECDSA: | 468 | case GNUNET_IDENTITY_TYPE_ECDSA: |
457 | return check_signature_ecdsa (pow, &pow->key.ecdsa_key); | 469 | return check_signature_ecdsa (pow, &pk->ecdsa_key); |
458 | default: | 470 | default: |
459 | return GNUNET_SYSERR; | 471 | return GNUNET_SYSERR; |
460 | } | 472 | } |
@@ -487,6 +499,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
487 | unsigned int tmp_score = 0; | 499 | unsigned int tmp_score = 0; |
488 | unsigned int epochs; | 500 | unsigned int epochs; |
489 | uint64_t pow_val; | 501 | uint64_t pow_val; |
502 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
503 | |||
504 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
490 | 505 | ||
491 | /** | 506 | /** |
492 | * Check if signature valid | 507 | * Check if signature valid |
@@ -510,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
510 | &pow->timestamp, | 525 | &pow->timestamp, |
511 | sizeof (uint64_t)); | 526 | sizeof (uint64_t)); |
512 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 527 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
513 | &pow->key, | 528 | pk, |
514 | sizeof(struct GNUNET_IDENTITY_PublicKey)); | 529 | GNUNET_IDENTITY_key_get_length (pk)); |
515 | for (unsigned int i = 0; i < POW_COUNT; i++) | 530 | for (unsigned int i = 0; i < POW_COUNT; i++) |
516 | { | 531 | { |
517 | pow_val = GNUNET_ntohll (pow->pow[i]); | 532 | pow_val = GNUNET_ntohll (pow->pow[i]); |
@@ -565,7 +580,10 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
565 | struct GNUNET_REVOCATION_PowP *pow) | 580 | struct GNUNET_REVOCATION_PowP *pow) |
566 | { | 581 | { |
567 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 582 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
568 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 583 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp; |
584 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
585 | size_t ksize; | ||
586 | char *sig; | ||
569 | 587 | ||
570 | /** | 588 | /** |
571 | * Predate the validity period to prevent rejections due to | 589 | * Predate the validity period to prevent rejections due to |
@@ -573,18 +591,23 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
573 | */ | 591 | */ |
574 | ts = GNUNET_TIME_absolute_subtract (ts, | 592 | ts = GNUNET_TIME_absolute_subtract (ts, |
575 | GNUNET_TIME_UNIT_WEEKS); | 593 | GNUNET_TIME_UNIT_WEEKS); |
576 | 594 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | |
595 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
577 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | 596 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); |
578 | rp.timestamp = pow->timestamp; | 597 | rp.timestamp = pow->timestamp; |
579 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 598 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
580 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 599 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
581 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | 600 | + ksize |
582 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 601 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
583 | rp.key = pow->key; | 602 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
584 | pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | 603 | "Signature payload len: %u\n", |
604 | ntohl (rp.purpose.size)); | ||
605 | rp.ktype = pk->type; | ||
606 | rp.key = pk->ecdsa_key; | ||
607 | sig = ((char*)&pow[1]) + ksize; | ||
585 | return GNUNET_CRYPTO_ecdsa_sign_ (key, | 608 | return GNUNET_CRYPTO_ecdsa_sign_ (key, |
586 | &rp.purpose, | 609 | &rp.purpose, |
587 | (void*) &pow[1]); | 610 | (void*) sig); |
588 | 611 | ||
589 | } | 612 | } |
590 | 613 | ||
@@ -593,8 +616,11 @@ enum GNUNET_GenericReturnValue | |||
593 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | 616 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, |
594 | struct GNUNET_REVOCATION_PowP *pow) | 617 | struct GNUNET_REVOCATION_PowP *pow) |
595 | { | 618 | { |
596 | GNUNET_IDENTITY_key_get_public (key, &pow->key); | 619 | struct GNUNET_IDENTITY_PublicKey *pk; |
597 | switch (ntohl (pow->key.type)) | 620 | |
621 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
622 | GNUNET_IDENTITY_key_get_public (key, pk); | ||
623 | switch (ntohl (pk->type)) | ||
598 | { | 624 | { |
599 | case GNUNET_IDENTITY_TYPE_ECDSA: | 625 | case GNUNET_IDENTITY_TYPE_ECDSA: |
600 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | 626 | return sign_pow_ecdsa (&key->ecdsa_key, pow); |
@@ -681,11 +707,13 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
681 | + sizeof (uint64_t) | 707 | + sizeof (uint64_t) |
682 | + sizeof (uint64_t)] GNUNET_ALIGN; | 708 | + sizeof (uint64_t)] GNUNET_ALIGN; |
683 | struct GNUNET_HashCode result; | 709 | struct GNUNET_HashCode result; |
710 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
684 | unsigned int zeros; | 711 | unsigned int zeros; |
685 | int ret; | 712 | int ret; |
686 | uint64_t pow_nbo; | 713 | uint64_t pow_nbo; |
687 | 714 | ||
688 | pc->current_pow++; | 715 | pc->current_pow++; |
716 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]); | ||
689 | 717 | ||
690 | /** | 718 | /** |
691 | * Do not try duplicates | 719 | * Do not try duplicates |
@@ -699,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
699 | &pc->pow->timestamp, | 727 | &pc->pow->timestamp, |
700 | sizeof (uint64_t)); | 728 | sizeof (uint64_t)); |
701 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 729 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
702 | &pc->pow->key, | 730 | pk, |
703 | sizeof(struct GNUNET_IDENTITY_PublicKey)); | 731 | GNUNET_IDENTITY_key_get_length (pk)); |
704 | GNUNET_CRYPTO_pow_hash (&salt, | 732 | GNUNET_CRYPTO_pow_hash (&salt, |
705 | buf, | 733 | buf, |
706 | sizeof(buf), | 734 | sizeof(buf), |
@@ -745,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
745 | } | 773 | } |
746 | 774 | ||
747 | 775 | ||
776 | size_t | ||
777 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | ||
778 | { | ||
779 | size_t size; | ||
780 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
781 | |||
782 | size = sizeof (struct GNUNET_REVOCATION_PowP); | ||
783 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
784 | size += GNUNET_IDENTITY_key_get_length (pk); | ||
785 | |||
786 | switch (ntohl (pk->type)) | ||
787 | { | ||
788 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
789 | return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
790 | default: | ||
791 | return 0; | ||
792 | } | ||
793 | return 0; | ||
794 | } | ||
795 | |||
796 | |||
748 | /* end of revocation_api.c */ | 797 | /* end of revocation_api.c */ |