diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-14 19:47:32 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 12:11:18 +0200 |
commit | 96c802b46be51e5c45f34e2de823f787d26c2929 (patch) | |
tree | 457ccfd8f9a61563af86318739c4a8f964a57025 /src/revocation | |
parent | c14e3a2769ff0f15fdbb32797e37e43ce2344fa3 (diff) | |
download | gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.tar.gz gnunet-96c802b46be51e5c45f34e2de823f787d26c2929.zip |
- towards crypto agility; wip
Diffstat (limited to 'src/revocation')
-rw-r--r-- | src/revocation/Makefile.am | 1 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation-tvg.c | 11 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation.c | 13 | ||||
-rw-r--r-- | src/revocation/gnunet-service-revocation.c | 71 | ||||
-rw-r--r-- | src/revocation/plugin_block_revocation.c | 19 | ||||
-rw-r--r-- | src/revocation/revocation.h | 11 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 129 | ||||
-rw-r--r-- | src/revocation/test_revocation.c | 21 |
8 files changed, 186 insertions, 90 deletions
diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am index 9d98502a6..d63d7213c 100644 --- a/src/revocation/Makefile.am +++ b/src/revocation/Makefile.am | |||
@@ -63,6 +63,7 @@ libgnunetrevocation_la_SOURCES = \ | |||
63 | revocation_api.c revocation.h | 63 | revocation_api.c revocation.h |
64 | libgnunetrevocation_la_LIBADD = \ | 64 | libgnunetrevocation_la_LIBADD = \ |
65 | $(top_builddir)/src/util/libgnunetutil.la \ | 65 | $(top_builddir)/src/util/libgnunetutil.la \ |
66 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
66 | $(LIBGCRYPT_LIBS) \ | 67 | $(LIBGCRYPT_LIBS) \ |
67 | $(GN_LIBINTL) $(XLIB) -lgcrypt | 68 | $(GN_LIBINTL) $(XLIB) -lgcrypt |
68 | libgnunetrevocation_la_LDFLAGS = \ | 69 | libgnunetrevocation_la_LDFLAGS = \ |
diff --git a/src/revocation/gnunet-revocation-tvg.c b/src/revocation/gnunet-revocation-tvg.c index 29df1bb4d..13dee3529 100644 --- a/src/revocation/gnunet-revocation-tvg.c +++ b/src/revocation/gnunet-revocation-tvg.c | |||
@@ -65,15 +65,16 @@ run (void *cls, | |||
65 | const char *cfgfile, | 65 | const char *cfgfile, |
66 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 66 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
67 | { | 67 | { |
68 | struct GNUNET_CRYPTO_EcdsaPrivateKey id_priv; | 68 | struct GNUNET_IDENTITY_PrivateKey id_priv; |
69 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pub; | 69 | struct GNUNET_IDENTITY_PublicKey id_pub; |
70 | struct GNUNET_REVOCATION_PowP pow; | 70 | struct GNUNET_REVOCATION_PowP pow; |
71 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; | 71 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; |
72 | struct GNUNET_TIME_Relative exp; | 72 | struct GNUNET_TIME_Relative exp; |
73 | 73 | ||
74 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv); | 74 | id_priv.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA); |
75 | GNUNET_CRYPTO_ecdsa_key_get_public (&id_priv, | 75 | GNUNET_CRYPTO_ecdsa_key_create (&id_priv.ecdsa_key); |
76 | &id_pub); | 76 | GNUNET_IDENTITY_key_get_public (&id_priv, |
77 | &id_pub); | ||
77 | fprintf (stdout, "Zone private key (d, little-endian scalar):\n"); | 78 | fprintf (stdout, "Zone private key (d, little-endian scalar):\n"); |
78 | print_bytes (&id_priv, sizeof(id_priv), 0); | 79 | print_bytes (&id_priv, sizeof(id_priv), 0); |
79 | fprintf (stdout, "\n"); | 80 | fprintf (stdout, "\n"); |
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index 0e1e482ab..2ba5d0420 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c | |||
@@ -101,7 +101,7 @@ static struct GNUNET_SCHEDULER_Task *pow_task; | |||
101 | /** | 101 | /** |
102 | * Proof-of-work object | 102 | * Proof-of-work object |
103 | */ | 103 | */ |
104 | static struct GNUNET_REVOCATION_PowP proof_of_work; | 104 | static struct GNUNET_REVOCATION_PowP *proof_of_work; |
105 | 105 | ||
106 | /** | 106 | /** |
107 | * Function run if the user aborts with CTRL-C. | 107 | * Function run if the user aborts with CTRL-C. |
@@ -325,8 +325,8 @@ calculate_pow (void *cls) | |||
325 | static void | 325 | static void |
326 | ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | 326 | ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) |
327 | { | 327 | { |
328 | struct GNUNET_CRYPTO_EcdsaPublicKey key; | 328 | struct GNUNET_IDENTITY_PublicKey key; |
329 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 329 | const struct GNUNET_IDENTITY_PrivateKey *privkey; |
330 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; | 330 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; |
331 | 331 | ||
332 | el = NULL; | 332 | el = NULL; |
@@ -403,15 +403,14 @@ run (void *cls, | |||
403 | const char *cfgfile, | 403 | const char *cfgfile, |
404 | const struct GNUNET_CONFIGURATION_Handle *c) | 404 | const struct GNUNET_CONFIGURATION_Handle *c) |
405 | { | 405 | { |
406 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | 406 | struct GNUNET_IDENTITY_PublicKey pk; |
407 | 407 | ||
408 | cfg = c; | 408 | cfg = c; |
409 | if (NULL != test_ego) | 409 | if (NULL != test_ego) |
410 | { | 410 | { |
411 | if (GNUNET_OK != | 411 | if (GNUNET_OK != |
412 | GNUNET_CRYPTO_ecdsa_public_key_from_string (test_ego, | 412 | GNUNET_IDENTITY_public_key_from_string (test_ego, |
413 | strlen (test_ego), | 413 | &pk)) |
414 | &pk)) | ||
415 | { | 414 | { |
416 | fprintf (stderr, _ ("Public key `%s' malformed\n"), test_ego); | 415 | fprintf (stderr, _ ("Public key `%s' malformed\n"), test_ego); |
417 | return; | 416 | return; |
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index ddebb38ad..56ec9f489 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c | |||
@@ -172,7 +172,8 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer) | |||
172 | static int | 172 | static int |
173 | verify_revoke_message (const struct RevokeMessage *rm) | 173 | verify_revoke_message (const struct RevokeMessage *rm) |
174 | { | 174 | { |
175 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (&rm->proof_of_work, | 175 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
176 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, | ||
176 | (unsigned | 177 | (unsigned |
177 | int) revocation_work_required, | 178 | int) revocation_work_required, |
178 | epoch_duration)) | 179 | epoch_duration)) |
@@ -236,7 +237,7 @@ handle_query_message (void *cls, | |||
236 | int res; | 237 | int res; |
237 | 238 | ||
238 | GNUNET_CRYPTO_hash (&qm->key, | 239 | GNUNET_CRYPTO_hash (&qm->key, |
239 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), | 240 | sizeof(struct GNUNET_IDENTITY_PublicKey), |
240 | &hc); | 241 | &hc); |
241 | res = GNUNET_CONTAINER_multihashmap_contains (revocation_map, | 242 | res = GNUNET_CONTAINER_multihashmap_contains (revocation_map, |
242 | &hc); | 243 | &hc); |
@@ -276,9 +277,11 @@ do_flood (void *cls, | |||
276 | return GNUNET_OK; /* peer connected to us via SET, | 277 | return GNUNET_OK; /* peer connected to us via SET, |
277 | but we have no direct CORE | 278 | but we have no direct CORE |
278 | connection for flooding */ | 279 | connection for flooding */ |
279 | e = GNUNET_MQ_msg (cp, | 280 | e = GNUNET_MQ_msg_extra (cp, |
281 | htonl (rm->pow_size), | ||
280 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 282 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
281 | *cp = *rm; | 283 | *cp = *rm; |
284 | memcpy (&cp[1], &rm[1], htonl (rm->pow_size)); | ||
282 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 285 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
283 | "Flooding revocation to `%s'\n", | 286 | "Flooding revocation to `%s'\n", |
284 | GNUNET_i2s (target)); | 287 | GNUNET_i2s (target)); |
@@ -304,8 +307,9 @@ publicize_rm (const struct RevokeMessage *rm) | |||
304 | struct GNUNET_HashCode hc; | 307 | struct GNUNET_HashCode hc; |
305 | struct GNUNET_SETU_Element e; | 308 | struct GNUNET_SETU_Element e; |
306 | 309 | ||
307 | GNUNET_CRYPTO_hash (&rm->proof_of_work.key, | 310 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
308 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), | 311 | GNUNET_CRYPTO_hash (&pow->key, |
312 | sizeof(struct GNUNET_IDENTITY_PublicKey), | ||
309 | &hc); | 313 | &hc); |
310 | if (GNUNET_YES == | 314 | if (GNUNET_YES == |
311 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, | 315 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, |
@@ -371,6 +375,23 @@ publicize_rm (const struct RevokeMessage *rm) | |||
371 | } | 375 | } |
372 | 376 | ||
373 | 377 | ||
378 | static int | ||
379 | check_revoke_message (void *cls, | ||
380 | const struct RevokeMessage *rm) | ||
381 | { | ||
382 | uint16_t size; | ||
383 | |||
384 | size = ntohs (rm->header.size); | ||
385 | if (size <= sizeof(struct RevokeMessage)) | ||
386 | { | ||
387 | GNUNET_break (0); | ||
388 | return GNUNET_SYSERR; | ||
389 | } | ||
390 | return GNUNET_OK; | ||
391 | |||
392 | } | ||
393 | |||
394 | |||
374 | /** | 395 | /** |
375 | * Handle REVOKE message from client. | 396 | * Handle REVOKE message from client. |
376 | * | 397 | * |
@@ -403,6 +424,23 @@ handle_revoke_message (void *cls, | |||
403 | } | 424 | } |
404 | 425 | ||
405 | 426 | ||
427 | static int | ||
428 | check_p2p_revoke (void *cls, | ||
429 | const struct RevokeMessage *rm) | ||
430 | { | ||
431 | uint16_t size; | ||
432 | |||
433 | size = ntohs (rm->header.size); | ||
434 | if (size <= sizeof(struct RevokeMessage)) | ||
435 | { | ||
436 | GNUNET_break (0); | ||
437 | return GNUNET_SYSERR; | ||
438 | } | ||
439 | return GNUNET_OK; | ||
440 | |||
441 | } | ||
442 | |||
443 | |||
406 | /** | 444 | /** |
407 | * Core handler for flooded revocation messages. | 445 | * Core handler for flooded revocation messages. |
408 | * | 446 | * |
@@ -784,10 +822,10 @@ run (void *cls, | |||
784 | struct GNUNET_SERVICE_Handle *service) | 822 | struct GNUNET_SERVICE_Handle *service) |
785 | { | 823 | { |
786 | struct GNUNET_MQ_MessageHandler core_handlers[] = { | 824 | struct GNUNET_MQ_MessageHandler core_handlers[] = { |
787 | GNUNET_MQ_hd_fixed_size (p2p_revoke, | 825 | GNUNET_MQ_hd_var_size (p2p_revoke, |
788 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, | 826 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, |
789 | struct RevokeMessage, | 827 | struct RevokeMessage, |
790 | NULL), | 828 | NULL), |
791 | GNUNET_MQ_handler_end () | 829 | GNUNET_MQ_handler_end () |
792 | }; | 830 | }; |
793 | char *fn; | 831 | char *fn; |
@@ -892,9 +930,10 @@ run (void *cls, | |||
892 | GNUNET_free (fn); | 930 | GNUNET_free (fn); |
893 | return; | 931 | return; |
894 | } | 932 | } |
895 | GNUNET_break (0 == ntohl (rm->reserved)); | 933 | struct GNUNET_REVOCATION_PowP *pow = (struct |
896 | GNUNET_CRYPTO_hash (&rm->proof_of_work.key, | 934 | GNUNET_REVOCATION_PowP *) &rm[1]; |
897 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), | 935 | GNUNET_CRYPTO_hash (&pow->key, |
936 | sizeof(struct GNUNET_IDENTITY_PublicKey), | ||
898 | &hc); | 937 | &hc); |
899 | GNUNET_break (GNUNET_OK == | 938 | GNUNET_break (GNUNET_OK == |
900 | GNUNET_CONTAINER_multihashmap_put (revocation_map, | 939 | GNUNET_CONTAINER_multihashmap_put (revocation_map, |
@@ -939,10 +978,10 @@ GNUNET_SERVICE_MAIN | |||
939 | GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, | 978 | GNUNET_MESSAGE_TYPE_REVOCATION_QUERY, |
940 | struct QueryMessage, | 979 | struct QueryMessage, |
941 | NULL), | 980 | NULL), |
942 | GNUNET_MQ_hd_fixed_size (revoke_message, | 981 | GNUNET_MQ_hd_var_size (revoke_message, |
943 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, | 982 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE, |
944 | struct RevokeMessage, | 983 | struct RevokeMessage, |
945 | NULL), | 984 | NULL), |
946 | GNUNET_MQ_handler_end ()); | 985 | GNUNET_MQ_handler_end ()); |
947 | 986 | ||
948 | 987 | ||
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index 291c56f70..ba3c33b6f 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c | |||
@@ -143,16 +143,16 @@ block_plugin_revocation_evaluate (void *cls, | |||
143 | GNUNET_break_op (0); | 143 | GNUNET_break_op (0); |
144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
145 | } | 145 | } |
146 | if (0 >= | 146 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
147 | GNUNET_REVOCATION_check_pow (&rm->proof_of_work, | 147 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, |
148 | ic->matching_bits, | 148 | ic->matching_bits, |
149 | ic->epoch_duration)) | 149 | ic->epoch_duration)) |
150 | { | 150 | { |
151 | GNUNET_break_op (0); | 151 | GNUNET_break_op (0); |
152 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 152 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
153 | } | 153 | } |
154 | GNUNET_CRYPTO_hash (&rm->proof_of_work.key, | 154 | GNUNET_CRYPTO_hash (&pow->key, |
155 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), | 155 | sizeof(struct GNUNET_IDENTITY_PublicKey), |
156 | &chash); | 156 | &chash); |
157 | if (GNUNET_YES == | 157 | if (GNUNET_YES == |
158 | GNUNET_BLOCK_GROUP_bf_test_and_set (group, | 158 | GNUNET_BLOCK_GROUP_bf_test_and_set (group, |
@@ -182,13 +182,14 @@ block_plugin_revocation_get_key (void *cls, | |||
182 | { | 182 | { |
183 | const struct RevokeMessage *rm = block; | 183 | const struct RevokeMessage *rm = block; |
184 | 184 | ||
185 | if (block_size != sizeof(*rm)) | 185 | if (block_size <= sizeof(*rm)) |
186 | { | 186 | { |
187 | GNUNET_break_op (0); | 187 | GNUNET_break_op (0); |
188 | return GNUNET_SYSERR; | 188 | return GNUNET_SYSERR; |
189 | } | 189 | } |
190 | GNUNET_CRYPTO_hash (&rm->proof_of_work.key, | 190 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
191 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), | 191 | GNUNET_CRYPTO_hash (&pow->key, |
192 | sizeof(struct GNUNET_IDENTITY_PublicKey), | ||
192 | key); | 193 | key); |
193 | return GNUNET_OK; | 194 | return GNUNET_OK; |
194 | } | 195 | } |
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h index 635c56cfc..c3a9c9e6b 100644 --- a/src/revocation/revocation.h +++ b/src/revocation/revocation.h | |||
@@ -49,7 +49,7 @@ struct QueryMessage | |||
49 | /** | 49 | /** |
50 | * Key to check. | 50 | * Key to check. |
51 | */ | 51 | */ |
52 | struct GNUNET_CRYPTO_EcdsaPublicKey key; | 52 | struct GNUNET_IDENTITY_PublicKey key; |
53 | }; | 53 | }; |
54 | 54 | ||
55 | 55 | ||
@@ -85,14 +85,11 @@ struct RevokeMessage | |||
85 | struct GNUNET_MessageHeader header; | 85 | struct GNUNET_MessageHeader header; |
86 | 86 | ||
87 | /** | 87 | /** |
88 | * For alignment. | 88 | * Length of PoW with signature. |
89 | */ | 89 | */ |
90 | uint32_t reserved GNUNET_PACKED; | 90 | uint32_t pow_size GNUNET_PACKED; |
91 | 91 | ||
92 | /** | 92 | /** Followed by the PoW **/ |
93 | * Number that causes a hash collision with the @e public_key. | ||
94 | */ | ||
95 | struct GNUNET_REVOCATION_PowP proof_of_work; | ||
96 | }; | 93 | }; |
97 | 94 | ||
98 | 95 | ||
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 75cfd8761..34529df35 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -160,7 +160,7 @@ handle_revocation_query_response (void *cls, | |||
160 | */ | 160 | */ |
161 | struct GNUNET_REVOCATION_Query * | 161 | struct GNUNET_REVOCATION_Query * |
162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, | 162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, |
163 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 163 | const struct GNUNET_IDENTITY_PublicKey *key, |
164 | GNUNET_REVOCATION_Callback func, | 164 | GNUNET_REVOCATION_Callback func, |
165 | void *func_cls) | 165 | void *func_cls) |
166 | { | 166 | { |
@@ -359,10 +359,12 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
359 | } | 359 | } |
360 | h->func = func; | 360 | h->func = func; |
361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
362 | env = GNUNET_MQ_msg (rm, | 362 | size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow); |
363 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 363 | env = GNUNET_MQ_msg_extra (rm, |
364 | rm->reserved = htonl (0); | 364 | extra_len, |
365 | rm->proof_of_work = *pow; | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
366 | rm->pow_size = htonl (extra_len); | ||
367 | memcpy (&rm[1], pow, extra_len); | ||
366 | GNUNET_MQ_send (h->mq, | 368 | GNUNET_MQ_send (h->mq, |
367 | env); | 369 | env); |
368 | return h; | 370 | return h; |
@@ -420,6 +422,46 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
420 | } | 422 | } |
421 | 423 | ||
422 | 424 | ||
425 | enum GNUNET_GenericReturnValue | ||
426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | ||
427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | ||
428 | { | ||
429 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | ||
430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | ||
431 | |||
432 | spurp.key = pow->key; | ||
433 | spurp.timestamp = pow->timestamp; | ||
434 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
435 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
436 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | ||
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
438 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1]; | ||
439 | if (GNUNET_OK != | ||
440 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
441 | &spurp.purpose, | ||
442 | sig, | ||
443 | key)) | ||
444 | { | ||
445 | return GNUNET_SYSERR; | ||
446 | } | ||
447 | return GNUNET_OK; | ||
448 | } | ||
449 | |||
450 | |||
451 | enum GNUNET_GenericReturnValue | ||
452 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | ||
453 | { | ||
454 | switch (ntohl (pow->key.type)) | ||
455 | { | ||
456 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
457 | return check_signature_ecdsa (pow, &pow->key.ecdsa_key); | ||
458 | default: | ||
459 | return GNUNET_SYSERR; | ||
460 | } | ||
461 | return GNUNET_SYSERR; | ||
462 | } | ||
463 | |||
464 | |||
423 | /** | 465 | /** |
424 | * Check if the given proof-of-work is valid. | 466 | * Check if the given proof-of-work is valid. |
425 | * | 467 | * |
@@ -433,10 +475,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
433 | unsigned int difficulty, | 475 | unsigned int difficulty, |
434 | struct GNUNET_TIME_Relative epoch_duration) | 476 | struct GNUNET_TIME_Relative epoch_duration) |
435 | { | 477 | { |
436 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 478 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) | 479 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) |
438 | + sizeof (uint64_t)] GNUNET_ALIGN; | 480 | + sizeof (uint64_t)] GNUNET_ALIGN; |
439 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | ||
440 | struct GNUNET_HashCode result; | 481 | struct GNUNET_HashCode result; |
441 | struct GNUNET_TIME_Absolute ts; | 482 | struct GNUNET_TIME_Absolute ts; |
442 | struct GNUNET_TIME_Absolute exp; | 483 | struct GNUNET_TIME_Absolute exp; |
@@ -450,21 +491,11 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
450 | /** | 491 | /** |
451 | * Check if signature valid | 492 | * Check if signature valid |
452 | */ | 493 | */ |
453 | spurp.key = pow->key; | 494 | if (GNUNET_OK != check_signature (pow)) |
454 | spurp.timestamp = pow->timestamp; | ||
455 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
456 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
457 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | ||
458 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
459 | if (GNUNET_OK != | ||
460 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
461 | &spurp.purpose, | ||
462 | &pow->signature, | ||
463 | &pow->key)) | ||
464 | { | 495 | { |
465 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 496 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
466 | "Proof of work signature invalid!\n"); | 497 | "Proof of work signature invalid!\n"); |
467 | return GNUNET_NO; | 498 | return GNUNET_SYSERR; |
468 | } | 499 | } |
469 | 500 | ||
470 | /** | 501 | /** |
@@ -480,7 +511,7 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
480 | sizeof (uint64_t)); | 511 | sizeof (uint64_t)); |
481 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 512 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
482 | &pow->key, | 513 | &pow->key, |
483 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 514 | sizeof(struct GNUNET_IDENTITY_PublicKey)); |
484 | for (unsigned int i = 0; i < POW_COUNT; i++) | 515 | for (unsigned int i = 0; i < POW_COUNT; i++) |
485 | { | 516 | { |
486 | pow_val = GNUNET_ntohll (pow->pow[i]); | 517 | pow_val = GNUNET_ntohll (pow->pow[i]); |
@@ -529,15 +560,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
529 | } | 560 | } |
530 | 561 | ||
531 | 562 | ||
532 | /** | 563 | enum GNUNET_GenericReturnValue |
533 | * Initializes a fresh PoW computation. | 564 | sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
534 | * | 565 | struct GNUNET_REVOCATION_PowP *pow) |
535 | * @param key the key to calculate the PoW for. | ||
536 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
537 | */ | ||
538 | void | ||
539 | GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
540 | struct GNUNET_REVOCATION_PowP *pow) | ||
541 | { | 566 | { |
542 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 567 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
543 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 568 | struct GNUNET_REVOCATION_SignaturePurposePS rp; |
@@ -553,14 +578,44 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
553 | rp.timestamp = pow->timestamp; | 578 | rp.timestamp = pow->timestamp; |
554 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 579 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
555 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 580 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
556 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 581 | + sizeof(struct GNUNET_IDENTITY_PublicKey) |
557 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 582 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
558 | GNUNET_CRYPTO_ecdsa_key_get_public (key, &pow->key); | ||
559 | rp.key = pow->key; | 583 | rp.key = pow->key; |
560 | GNUNET_assert (GNUNET_OK == | 584 | pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); |
561 | GNUNET_CRYPTO_ecdsa_sign_ (key, | 585 | return GNUNET_CRYPTO_ecdsa_sign_ (key, |
562 | &rp.purpose, | 586 | &rp.purpose, |
563 | &pow->signature)); | 587 | (void*) &pow[1]); |
588 | |||
589 | } | ||
590 | |||
591 | |||
592 | enum GNUNET_GenericReturnValue | ||
593 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
594 | struct GNUNET_REVOCATION_PowP *pow) | ||
595 | { | ||
596 | GNUNET_IDENTITY_key_get_public (key, &pow->key); | ||
597 | switch (ntohl (pow->key.type)) | ||
598 | { | ||
599 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
600 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | ||
601 | default: | ||
602 | return GNUNET_NO; | ||
603 | } | ||
604 | return GNUNET_NO; | ||
605 | } | ||
606 | |||
607 | |||
608 | /** | ||
609 | * Initializes a fresh PoW computation. | ||
610 | * | ||
611 | * @param key the key to calculate the PoW for. | ||
612 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
613 | */ | ||
614 | void | ||
615 | GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
616 | struct GNUNET_REVOCATION_PowP *pow) | ||
617 | { | ||
618 | GNUNET_assert (GNUNET_OK == sign_pow (key, pow)); | ||
564 | } | 619 | } |
565 | 620 | ||
566 | 621 | ||
@@ -622,7 +677,7 @@ cmp_pow_value (const void *a, const void *b) | |||
622 | enum GNUNET_GenericReturnValue | 677 | enum GNUNET_GenericReturnValue |
623 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | 678 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) |
624 | { | 679 | { |
625 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 680 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
626 | + sizeof (uint64_t) | 681 | + sizeof (uint64_t) |
627 | + sizeof (uint64_t)] GNUNET_ALIGN; | 682 | + sizeof (uint64_t)] GNUNET_ALIGN; |
628 | struct GNUNET_HashCode result; | 683 | struct GNUNET_HashCode result; |
@@ -645,7 +700,7 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
645 | sizeof (uint64_t)); | 700 | sizeof (uint64_t)); |
646 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 701 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
647 | &pc->pow->key, | 702 | &pc->pow->key, |
648 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 703 | sizeof(struct GNUNET_IDENTITY_PublicKey)); |
649 | GNUNET_CRYPTO_pow_hash (&salt, | 704 | GNUNET_CRYPTO_pow_hash (&salt, |
650 | buf, | 705 | buf, |
651 | sizeof(buf), | 706 | sizeof(buf), |
diff --git a/src/revocation/test_revocation.c b/src/revocation/test_revocation.c index b65567d79..58fcf2e76 100644 --- a/src/revocation/test_revocation.c +++ b/src/revocation/test_revocation.c | |||
@@ -38,8 +38,8 @@ struct TestPeer | |||
38 | struct GNUNET_TESTBED_Operation *core_op; | 38 | struct GNUNET_TESTBED_Operation *core_op; |
39 | struct GNUNET_IDENTITY_Handle *idh; | 39 | struct GNUNET_IDENTITY_Handle *idh; |
40 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 40 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
41 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 41 | const struct GNUNET_IDENTITY_PrivateKey *privkey; |
42 | struct GNUNET_CRYPTO_EcdsaPublicKey pubkey; | 42 | struct GNUNET_IDENTITY_PublicKey pubkey; |
43 | struct GNUNET_CRYPTO_EcdsaSignature sig; | 43 | struct GNUNET_CRYPTO_EcdsaSignature sig; |
44 | struct GNUNET_IDENTITY_Operation *create_id_op; | 44 | struct GNUNET_IDENTITY_Operation *create_id_op; |
45 | struct GNUNET_IDENTITY_EgoLookup *ego_lookup; | 45 | struct GNUNET_IDENTITY_EgoLookup *ego_lookup; |
@@ -142,13 +142,13 @@ revocation_cb (void *cls, enum GNUNET_GenericReturnValue is_valid) | |||
142 | } | 142 | } |
143 | 143 | ||
144 | 144 | ||
145 | static struct GNUNET_REVOCATION_PowP proof_of_work; | 145 | static struct GNUNET_REVOCATION_PowP *proof_of_work; |
146 | 146 | ||
147 | static void | 147 | static void |
148 | ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | 148 | ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) |
149 | { | 149 | { |
150 | static int completed = 0; | 150 | static int completed = 0; |
151 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 151 | const struct GNUNET_IDENTITY_PrivateKey *privkey; |
152 | 152 | ||
153 | if ((NULL != ego) && (cls == &testpeers[0])) | 153 | if ((NULL != ego) && (cls == &testpeers[0])) |
154 | { | 154 | { |
@@ -164,10 +164,11 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); | 164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); |
165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); | 165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); |
166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
167 | memset (&proof_of_work, 0, sizeof (proof_of_work)); | 167 | proof_of_work = GNUNET_malloc (sizeof (struct GNUNET_REVOCATION_PowP) + |
168 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
168 | GNUNET_REVOCATION_pow_init (privkey, | 169 | GNUNET_REVOCATION_pow_init (privkey, |
169 | &proof_of_work); | 170 | proof_of_work); |
170 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (&proof_of_work, | 171 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work, |
171 | 1, | 172 | 1, |
172 | 5); | 173 | 5); |
173 | int res = | 174 | int res = |
@@ -184,7 +185,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
184 | { | 185 | { |
185 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Egos retrieved\n"); | 186 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Egos retrieved\n"); |
186 | testpeers[1].revok_handle = GNUNET_REVOCATION_revoke (testpeers[1].cfg, | 187 | testpeers[1].revok_handle = GNUNET_REVOCATION_revoke (testpeers[1].cfg, |
187 | &proof_of_work, | 188 | proof_of_work, |
188 | &revocation_cb, | 189 | &revocation_cb, |
189 | NULL); | 190 | NULL); |
190 | GNUNET_REVOCATION_pow_stop (testpeers[1].pow); | 191 | GNUNET_REVOCATION_pow_stop (testpeers[1].pow); |
@@ -194,7 +195,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
194 | 195 | ||
195 | static void | 196 | static void |
196 | identity_create_cb (void *cls, | 197 | identity_create_cb (void *cls, |
197 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk, | 198 | const struct GNUNET_IDENTITY_PrivateKey *pk, |
198 | const char *emsg) | 199 | const char *emsg) |
199 | { | 200 | { |
200 | static int completed = 0; | 201 | static int completed = 0; |
@@ -238,11 +239,13 @@ identity_completion_cb (void *cls, | |||
238 | testpeers[0].create_id_op = GNUNET_IDENTITY_create (testpeers[0].idh, | 239 | testpeers[0].create_id_op = GNUNET_IDENTITY_create (testpeers[0].idh, |
239 | "client", | 240 | "client", |
240 | NULL, | 241 | NULL, |
242 | GNUNET_IDENTITY_TYPE_ECDSA, | ||
241 | &identity_create_cb, | 243 | &identity_create_cb, |
242 | &testpeers[0]); | 244 | &testpeers[0]); |
243 | testpeers[1].create_id_op = GNUNET_IDENTITY_create (testpeers[1].idh, | 245 | testpeers[1].create_id_op = GNUNET_IDENTITY_create (testpeers[1].idh, |
244 | "toberevoked", | 246 | "toberevoked", |
245 | NULL, | 247 | NULL, |
248 | GNUNET_IDENTITY_TYPE_ECDSA, | ||
246 | &identity_create_cb, | 249 | &identity_create_cb, |
247 | &testpeers[1]); | 250 | &testpeers[1]); |
248 | } | 251 | } |