diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-14 19:47:32 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 12:11:18 +0200 |
commit | 96c802b46be51e5c45f34e2de823f787d26c2929 (patch) | |
tree | 457ccfd8f9a61563af86318739c4a8f964a57025 /src/revocation/revocation_api.c | |
parent | c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff) | |
download | gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip |
- towards crypto agility; wip
Diffstat (limited to 'src/revocation/revocation_api.c')
-rw-r--r-- | src/revocation/revocation_api.c | 129 |
1 files changed, 92 insertions, 37 deletions
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 75cfd8761..34529df35 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -160,7 +160,7 @@ handle_revocation_query_response (void *cls, | |||
160 | */ | 160 | */ |
161 | struct GNUNET_REVOCATION_Query * | 161 | struct GNUNET_REVOCATION_Query * |
162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, | 162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, |
163 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 163 | const struct GNUNET_IDENTITY_PublicKey *key, |
164 | GNUNET_REVOCATION_Callback func, | 164 | GNUNET_REVOCATION_Callback func, |
165 | void *func_cls) | 165 | void *func_cls) |
166 | { | 166 | { |
@@ -359,10 +359,12 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
359 | } | 359 | } |
360 | h->func = func; | 360 | h->func = func; |
361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
362 | env = GNUNET_MQ_msg (rm, | 362 | size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow); |
363 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 363 | env = GNUNET_MQ_msg_extra (rm, |
364 | rm->reserved = htonl (0); | 364 | extra_len, |
365 | rm->proof_of_work = *pow; | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
366 | rm->pow_size = htonl (extra_len); | ||
367 | memcpy (&rm[1], pow, extra_len); | ||
366 | GNUNET_MQ_send (h->mq, | 368 | GNUNET_MQ_send (h->mq, |
367 | env); | 369 | env); |
368 | return h; | 370 | return h; |
@@ -420,6 +422,46 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
420 | } | 422 | } |
421 | 423 | ||
422 | 424 | ||
425 | enum GNUNET_GenericReturnValue | ||
426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | ||
427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | ||
428 | { | ||
429 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | ||
430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | ||
431 | |||
432 | spurp.key = pow->key; | ||
433 | spurp.timestamp = pow->timestamp; | ||
434 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
435 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
436 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | ||
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
438 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1]; | ||
439 | if (GNUNET_OK != | ||
440 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
441 | &spurp.purpose, | ||
442 | sig, | ||
443 | key)) | ||
444 | { | ||
445 | return GNUNET_SYSERR; | ||
446 | } | ||
447 | return GNUNET_OK; | ||
448 | } | ||
449 | |||
450 | |||
451 | enum GNUNET_GenericReturnValue | ||
452 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | ||
453 | { | ||
454 | switch (ntohl (pow->key.type)) | ||
455 | { | ||
456 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
457 | return check_signature_ecdsa (pow, &pow->key.ecdsa_key); | ||
458 | default: | ||
459 | return GNUNET_SYSERR; | ||
460 | } | ||
461 | return GNUNET_SYSERR; | ||
462 | } | ||
463 | |||
464 | |||
423 | /** | 465 | /** |
424 | * Check if the given proof-of-work is valid. | 466 | * Check if the given proof-of-work is valid. |
425 | * | 467 | * |
@@ -433,10 +475,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
433 | unsigned int difficulty, | 475 | unsigned int difficulty, |
434 | struct GNUNET_TIME_Relative epoch_duration) | 476 | struct GNUNET_TIME_Relative epoch_duration) |
435 | { | 477 | { |
436 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 478 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) | 479 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) |
438 | + sizeof (uint64_t)] GNUNET_ALIGN; | 480 | + sizeof (uint64_t)] GNUNET_ALIGN; |
439 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | ||
440 | struct GNUNET_HashCode result; | 481 | struct GNUNET_HashCode result; |
441 | struct GNUNET_TIME_Absolute ts; | 482 | struct GNUNET_TIME_Absolute ts; |
442 | struct GNUNET_TIME_Absolute exp; | 483 | struct GNUNET_TIME_Absolute exp; |
@@ -450,21 +491,11 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
450 | /** | 491 | /** |
451 | * Check if signature valid | 492 | * Check if signature valid |
452 | */ | 493 | */ |
453 | spurp.key = pow->key; | 494 | if (GNUNET_OK != check_signature (pow)) |
454 | spurp.timestamp = pow->timestamp; | ||
455 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
456 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
457 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | ||
458 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
459 | if (GNUNET_OK != | ||
460 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
461 | &spurp.purpose, | ||
462 | &pow->signature, | ||
463 | &pow->key)) | ||
464 | { | 495 | { |
465 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 496 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
466 | "Proof of work signature invalid!\n"); | 497 | "Proof of work signature invalid!\n"); |
467 | return GNUNET_NO; | 498 | return GNUNET_SYSERR; |
468 | } | 499 | } |
469 | 500 | ||
470 | /** | 501 | /** |
@@ -480,7 +511,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
480 | sizeof (uint64_t)); | 511 | sizeof (uint64_t)); |
481 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 512 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
482 | &pow->key, | 513 | &pow->key, |
483 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 514 | sizeof(struct GNUNET_IDENTITY_PublicKey)); |
484 | for (unsigned int i = 0; i < POW_COUNT; i++) | 515 | for (unsigned int i = 0; i < POW_COUNT; i++) |
485 | { | 516 | { |
486 | pow_val = GNUNET_ntohll (pow->pow[i]); | 517 | pow_val = GNUNET_ntohll (pow->pow[i]); |
@@ -529,15 +560,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
529 | } | 560 | } |
530 | 561 | ||
531 | 562 | ||
532 | /** | 563 | enum GNUNET_GenericReturnValue |
533 | * Initializes a fresh PoW computation. | 564 | sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
534 | * | 565 | struct GNUNET_REVOCATION_PowP *pow) |
535 | * @param key the key to calculate the PoW for. | ||
536 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
537 | */ | ||
538 | void | ||
539 | GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
540 | struct GNUNET_REVOCATION_PowP *pow) | ||
541 | { | 566 | { |
542 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 567 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
543 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 568 | struct GNUNET_REVOCATION_SignaturePurposePS rp; |
@@ -553,14 +578,44 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
553 | rp.timestamp = pow->timestamp; | 578 | rp.timestamp = pow->timestamp; |
554 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 579 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
555 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 580 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
556 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 581 | + sizeof(struct GNUNET_IDENTITY_PublicKey) |
557 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 582 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
558 | GNUNET_CRYPTO_ecdsa_key_get_public (key, &pow->key); | ||
559 | rp.key = pow->key; | 583 | rp.key = pow->key; |
560 | GNUNET_assert (GNUNET_OK == | 584 | pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); |
561 | GNUNET_CRYPTO_ecdsa_sign_ (key, | 585 | return GNUNET_CRYPTO_ecdsa_sign_ (key, |
562 | &rp.purpose, | 586 | &rp.purpose, |
563 | &pow->signature)); | 587 | (void*) &pow[1]); |
588 | |||
589 | } | ||
590 | |||
591 | |||
592 | enum GNUNET_GenericReturnValue | ||
593 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
594 | struct GNUNET_REVOCATION_PowP *pow) | ||
595 | { | ||
596 | GNUNET_IDENTITY_key_get_public (key, &pow->key); | ||
597 | switch (ntohl (pow->key.type)) | ||
598 | { | ||
599 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
600 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | ||
601 | default: | ||
602 | return GNUNET_NO; | ||
603 | } | ||
604 | return GNUNET_NO; | ||
605 | } | ||
606 | |||
607 | |||
608 | /** | ||
609 | * Initializes a fresh PoW computation. | ||
610 | * | ||
611 | * @param key the key to calculate the PoW for. | ||
612 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
613 | */ | ||
614 | void | ||
615 | GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
616 | struct GNUNET_REVOCATION_PowP *pow) | ||
617 | { | ||
618 | GNUNET_assert (GNUNET_OK == sign_pow (key, pow)); | ||
564 | } | 619 | } |
565 | 620 | ||
566 | 621 | ||
@@ -622,7 +677,7 @@ cmp_pow_value (const void *a, const void *b) | |||
622 | enum GNUNET_GenericReturnValue | 677 | enum GNUNET_GenericReturnValue |
623 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | 678 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) |
624 | { | 679 | { |
625 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 680 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
626 | + sizeof (uint64_t) | 681 | + sizeof (uint64_t) |
627 | + sizeof (uint64_t)] GNUNET_ALIGN; | 682 | + sizeof (uint64_t)] GNUNET_ALIGN; |
628 | struct GNUNET_HashCode result; | 683 | struct GNUNET_HashCode result; |
@@ -645,7 +700,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
645 | sizeof (uint64_t)); | 700 | sizeof (uint64_t)); |
646 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 701 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
647 | &pc->pow->key, | 702 | &pc->pow->key, |
648 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 703 | sizeof(struct GNUNET_IDENTITY_PublicKey)); |
649 | GNUNET_CRYPTO_pow_hash (&salt, | 704 | GNUNET_CRYPTO_pow_hash (&salt, |
650 | buf, | 705 | buf, |
651 | sizeof(buf), | 706 | sizeof(buf), |