diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 11:57:30 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-15 12:11:23 +0200 |
commit | 5d498b8e1b50373636126956d1c6addfd11ade5e (patch) | |
tree | f7b7f140838ed52668ad3d02eadbc94cc9936318 /src | |
parent | 5680378974db794d67b75473435a0651fad0cd24 (diff) | |
download | gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.tar.gz gnunet-5d498b8e1b50373636126956d1c6addfd11ade5e.zip |
- fix revocation
Diffstat (limited to 'src')
-rw-r--r-- | src/include/gnunet_revocation_service.h | 32 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation.c | 58 | ||||
-rw-r--r-- | src/revocation/gnunet-service-revocation.c | 12 | ||||
-rw-r--r-- | src/revocation/plugin_block_revocation.c | 12 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 87 | ||||
-rw-r--r-- | src/revocation/test_revocation.c | 3 |
6 files changed, 142 insertions, 62 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 479cc61d7..18c1f2674 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h | |||
@@ -53,6 +53,13 @@ extern "C" | |||
53 | #define GNUNET_REVOCATION_VERSION 0x00000001 | 53 | #define GNUNET_REVOCATION_VERSION 0x00000001 |
54 | 54 | ||
55 | /** | 55 | /** |
56 | * Maximum length of a revocation | ||
57 | */ | ||
58 | #define GNUNET_REVOCATION_MAX_PROOF_SIZE sizeof(struct GNUNET_REVOCATION_PowP) +\ | ||
59 | sizeof(struct GNUNET_IDENTITY_PublicKey) +\ | ||
60 | 1024 //FIXME max sig_len | ||
61 | |||
62 | /** | ||
56 | * The proof-of-work narrowing factor. | 63 | * The proof-of-work narrowing factor. |
57 | * The number of PoWs that are calculates as part of revocation. | 64 | * The number of PoWs that are calculates as part of revocation. |
58 | */ | 65 | */ |
@@ -81,24 +88,14 @@ struct GNUNET_REVOCATION_PowP | |||
81 | */ | 88 | */ |
82 | uint64_t pow[POW_COUNT] GNUNET_PACKED; | 89 | uint64_t pow[POW_COUNT] GNUNET_PACKED; |
83 | 90 | ||
84 | /** | 91 | /** followed by the public key type, the key and a signature **/ |
85 | * The revoked public key | ||
86 | */ | ||
87 | struct GNUNET_IDENTITY_PublicKey key; | ||
88 | |||
89 | /** | ||
90 | * Length of the signature | ||
91 | */ | ||
92 | uint32_t sig_len; | ||
93 | |||
94 | /** followed by a signature **/ | ||
95 | }; | 92 | }; |
96 | 93 | ||
97 | 94 | ||
98 | /** | 95 | /** |
99 | * The signature object we use for the PoW | 96 | * The signature object we use for the PoW |
100 | */ | 97 | */ |
101 | struct GNUNET_REVOCATION_SignaturePurposePS | 98 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS |
102 | { | 99 | { |
103 | /** | 100 | /** |
104 | * The signature purpose | 101 | * The signature purpose |
@@ -106,9 +103,14 @@ struct GNUNET_REVOCATION_SignaturePurposePS | |||
106 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | 103 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; |
107 | 104 | ||
108 | /** | 105 | /** |
106 | * Type of the key | ||
107 | */ | ||
108 | uint32_t ktype; | ||
109 | |||
110 | /** | ||
109 | * The revoked public key | 111 | * The revoked public key |
110 | */ | 112 | */ |
111 | struct GNUNET_IDENTITY_PublicKey key; | 113 | struct GNUNET_CRYPTO_EcdsaPublicKey key; |
112 | 114 | ||
113 | /** | 115 | /** |
114 | * The timestamp of the revocation | 116 | * The timestamp of the revocation |
@@ -260,6 +262,10 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc); | |||
260 | void | 262 | void |
261 | GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc); | 263 | GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc); |
262 | 264 | ||
265 | size_t | ||
266 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow); | ||
267 | |||
268 | |||
263 | #if 0 /* keep Emacsens' auto-indent happy */ | 269 | #if 0 /* keep Emacsens' auto-indent happy */ |
264 | { | 270 | { |
265 | #endif | 271 | #endif |
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index 2ba5d0420..d59ea7c81 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c | |||
@@ -213,7 +213,7 @@ static void | |||
213 | perform_revocation () | 213 | perform_revocation () |
214 | { | 214 | { |
215 | h = GNUNET_REVOCATION_revoke (cfg, | 215 | h = GNUNET_REVOCATION_revoke (cfg, |
216 | &proof_of_work, | 216 | proof_of_work, |
217 | &print_revocation_result, | 217 | &print_revocation_result, |
218 | NULL); | 218 | NULL); |
219 | } | 219 | } |
@@ -228,11 +228,12 @@ perform_revocation () | |||
228 | static void | 228 | static void |
229 | sync_pow () | 229 | sync_pow () |
230 | { | 230 | { |
231 | size_t psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
231 | if ((NULL != filename) && | 232 | if ((NULL != filename) && |
232 | (sizeof(struct GNUNET_REVOCATION_PowP) != | 233 | (psize != |
233 | GNUNET_DISK_fn_write (filename, | 234 | GNUNET_DISK_fn_write (filename, |
234 | &proof_of_work, | 235 | proof_of_work, |
235 | sizeof(struct GNUNET_REVOCATION_PowP), | 236 | psize, |
236 | GNUNET_DISK_PERM_USER_READ | 237 | GNUNET_DISK_PERM_USER_READ |
237 | | GNUNET_DISK_PERM_USER_WRITE))) | 238 | | GNUNET_DISK_PERM_USER_WRITE))) |
238 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); | 239 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); |
@@ -269,6 +270,7 @@ static void | |||
269 | calculate_pow (void *cls) | 270 | calculate_pow (void *cls) |
270 | { | 271 | { |
271 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls; | 272 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = cls; |
273 | size_t psize; | ||
272 | 274 | ||
273 | /* store temporary results */ | 275 | /* store temporary results */ |
274 | pow_task = NULL; | 276 | pow_task = NULL; |
@@ -277,11 +279,12 @@ calculate_pow (void *cls) | |||
277 | /* actually do POW calculation */ | 279 | /* actually do POW calculation */ |
278 | if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph)) | 280 | if (GNUNET_OK == GNUNET_REVOCATION_pow_round (ph)) |
279 | { | 281 | { |
282 | psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
280 | if ((NULL != filename) && | 283 | if ((NULL != filename) && |
281 | (sizeof(struct GNUNET_REVOCATION_PowP) != | 284 | (psize != |
282 | GNUNET_DISK_fn_write (filename, | 285 | GNUNET_DISK_fn_write (filename, |
283 | &proof_of_work, | 286 | proof_of_work, |
284 | sizeof(struct GNUNET_REVOCATION_PowP), | 287 | psize, |
285 | GNUNET_DISK_PERM_USER_READ | 288 | GNUNET_DISK_PERM_USER_READ |
286 | | GNUNET_DISK_PERM_USER_WRITE))) | 289 | | GNUNET_DISK_PERM_USER_WRITE))) |
287 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); | 290 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", filename); |
@@ -328,6 +331,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
328 | struct GNUNET_IDENTITY_PublicKey key; | 331 | struct GNUNET_IDENTITY_PublicKey key; |
329 | const struct GNUNET_IDENTITY_PrivateKey *privkey; | 332 | const struct GNUNET_IDENTITY_PrivateKey *privkey; |
330 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; | 333 | struct GNUNET_REVOCATION_PowCalculationHandle *ph = NULL; |
334 | size_t psize; | ||
331 | 335 | ||
332 | el = NULL; | 336 | el = NULL; |
333 | if (NULL == ego) | 337 | if (NULL == ego) |
@@ -338,12 +342,15 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
338 | } | 342 | } |
339 | GNUNET_IDENTITY_ego_get_public_key (ego, &key); | 343 | GNUNET_IDENTITY_ego_get_public_key (ego, &key); |
340 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 344 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
341 | memset (&proof_of_work, 0, sizeof (proof_of_work)); | 345 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); |
342 | if ((NULL != filename) && (GNUNET_YES == GNUNET_DISK_file_test (filename)) && | 346 | if ((NULL != filename) && (GNUNET_YES == GNUNET_DISK_file_test (filename)) && |
343 | (sizeof(proof_of_work) == | 347 | (0 < (psize = |
344 | GNUNET_DISK_fn_read (filename, &proof_of_work, sizeof(proof_of_work)))) | 348 | GNUNET_DISK_fn_read (filename, proof_of_work, |
349 | GNUNET_REVOCATION_MAX_PROOF_SIZE)))) | ||
345 | { | 350 | { |
346 | if (0 != GNUNET_memcmp (&proof_of_work.key, &key)) | 351 | size_t ksize = GNUNET_IDENTITY_key_get_length (&key); |
352 | if (((psize - sizeof (*proof_of_work)) < ksize) || // Key too small | ||
353 | (0 != memcmp (&proof_of_work[1], &key, ksize))) // Keys do not match | ||
347 | { | 354 | { |
348 | fprintf (stderr, | 355 | fprintf (stderr, |
349 | _ ("Error: revocation certificate in `%s' is not for `%s'\n"), | 356 | _ ("Error: revocation certificate in `%s' is not for `%s'\n"), |
@@ -352,7 +359,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
352 | return; | 359 | return; |
353 | } | 360 | } |
354 | if (GNUNET_YES == | 361 | if (GNUNET_YES == |
355 | GNUNET_REVOCATION_check_pow (&proof_of_work, | 362 | GNUNET_REVOCATION_check_pow (proof_of_work, |
356 | (unsigned int) matching_bits, | 363 | (unsigned int) matching_bits, |
357 | epoch_duration)) | 364 | epoch_duration)) |
358 | { | 365 | { |
@@ -369,7 +376,7 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
369 | fprintf (stderr, | 376 | fprintf (stderr, |
370 | "%s", | 377 | "%s", |
371 | _ ("Continuing calculation where left off...\n")); | 378 | _ ("Continuing calculation where left off...\n")); |
372 | ph = GNUNET_REVOCATION_pow_start (&proof_of_work, | 379 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, |
373 | epochs, | 380 | epochs, |
374 | matching_bits); | 381 | matching_bits); |
375 | } | 382 | } |
@@ -379,8 +386,8 @@ ego_callback (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
379 | if (NULL == ph) | 386 | if (NULL == ph) |
380 | { | 387 | { |
381 | GNUNET_REVOCATION_pow_init (privkey, | 388 | GNUNET_REVOCATION_pow_init (privkey, |
382 | &proof_of_work); | 389 | proof_of_work); |
383 | ph = GNUNET_REVOCATION_pow_start (&proof_of_work, | 390 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, |
384 | epochs, /* Epochs */ | 391 | epochs, /* Epochs */ |
385 | matching_bits); | 392 | matching_bits); |
386 | } | 393 | } |
@@ -404,6 +411,7 @@ run (void *cls, | |||
404 | const struct GNUNET_CONFIGURATION_Handle *c) | 411 | const struct GNUNET_CONFIGURATION_Handle *c) |
405 | { | 412 | { |
406 | struct GNUNET_IDENTITY_PublicKey pk; | 413 | struct GNUNET_IDENTITY_PublicKey pk; |
414 | size_t psize; | ||
407 | 415 | ||
408 | cfg = c; | 416 | cfg = c; |
409 | if (NULL != test_ego) | 417 | if (NULL != test_ego) |
@@ -462,23 +470,33 @@ run (void *cls, | |||
462 | } | 470 | } |
463 | if ((NULL != filename) && (perform)) | 471 | if ((NULL != filename) && (perform)) |
464 | { | 472 | { |
465 | if (sizeof(proof_of_work) != GNUNET_DISK_fn_read (filename, | 473 | size_t bread; |
466 | &proof_of_work, | 474 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); |
467 | sizeof(proof_of_work))) | 475 | if (0 < (bread = GNUNET_DISK_fn_read (filename, |
476 | proof_of_work, | ||
477 | GNUNET_REVOCATION_MAX_PROOF_SIZE))) | ||
468 | { | 478 | { |
469 | fprintf (stderr, | 479 | fprintf (stderr, |
470 | _ ("Failed to read revocation certificate from `%s'\n"), | 480 | _ ("Failed to read revocation certificate from `%s'\n"), |
471 | filename); | 481 | filename); |
472 | return; | 482 | return; |
473 | } | 483 | } |
484 | psize = GNUNET_REVOCATION_proof_get_size (proof_of_work); | ||
485 | if (bread != psize) | ||
486 | { | ||
487 | fprintf (stderr, | ||
488 | _ ("Revocation certificate corrupted in `%s'\n"), | ||
489 | filename); | ||
490 | return; | ||
491 | } | ||
474 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 492 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
475 | if (GNUNET_YES != | 493 | if (GNUNET_YES != |
476 | GNUNET_REVOCATION_check_pow (&proof_of_work, | 494 | GNUNET_REVOCATION_check_pow (proof_of_work, |
477 | (unsigned int) matching_bits, | 495 | (unsigned int) matching_bits, |
478 | epoch_duration)) | 496 | epoch_duration)) |
479 | { | 497 | { |
480 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; | 498 | struct GNUNET_REVOCATION_PowCalculationHandle *ph; |
481 | ph = GNUNET_REVOCATION_pow_start (&proof_of_work, | 499 | ph = GNUNET_REVOCATION_pow_start (proof_of_work, |
482 | epochs, /* Epochs */ | 500 | epochs, /* Epochs */ |
483 | matching_bits); | 501 | matching_bits); |
484 | 502 | ||
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 56ec9f489..0fa92f4a6 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c | |||
@@ -306,10 +306,12 @@ publicize_rm (const struct RevokeMessage *rm) | |||
306 | struct RevokeMessage *cp; | 306 | struct RevokeMessage *cp; |
307 | struct GNUNET_HashCode hc; | 307 | struct GNUNET_HashCode hc; |
308 | struct GNUNET_SETU_Element e; | 308 | struct GNUNET_SETU_Element e; |
309 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
309 | 310 | ||
310 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; | 311 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
311 | GNUNET_CRYPTO_hash (&pow->key, | 312 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
312 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 313 | GNUNET_CRYPTO_hash (pk, |
314 | GNUNET_IDENTITY_key_get_length (pk), | ||
313 | &hc); | 315 | &hc); |
314 | if (GNUNET_YES == | 316 | if (GNUNET_YES == |
315 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, | 317 | GNUNET_CONTAINER_multihashmap_contains (revocation_map, |
@@ -832,6 +834,7 @@ run (void *cls, | |||
832 | uint64_t left; | 834 | uint64_t left; |
833 | struct RevokeMessage *rm; | 835 | struct RevokeMessage *rm; |
834 | struct GNUNET_HashCode hc; | 836 | struct GNUNET_HashCode hc; |
837 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
835 | 838 | ||
836 | GNUNET_CRYPTO_hash ("revocation-set-union-application-id", | 839 | GNUNET_CRYPTO_hash ("revocation-set-union-application-id", |
837 | strlen ("revocation-set-union-application-id"), | 840 | strlen ("revocation-set-union-application-id"), |
@@ -932,8 +935,9 @@ run (void *cls, | |||
932 | } | 935 | } |
933 | struct GNUNET_REVOCATION_PowP *pow = (struct | 936 | struct GNUNET_REVOCATION_PowP *pow = (struct |
934 | GNUNET_REVOCATION_PowP *) &rm[1]; | 937 | GNUNET_REVOCATION_PowP *) &rm[1]; |
935 | GNUNET_CRYPTO_hash (&pow->key, | 938 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
936 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 939 | GNUNET_CRYPTO_hash (pk, |
940 | GNUNET_IDENTITY_key_get_length (pk), | ||
937 | &hc); | 941 | &hc); |
938 | GNUNET_break (GNUNET_OK == | 942 | GNUNET_break (GNUNET_OK == |
939 | GNUNET_CONTAINER_multihashmap_put (revocation_map, | 943 | GNUNET_CONTAINER_multihashmap_put (revocation_map, |
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index ba3c33b6f..3c9344a49 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c | |||
@@ -144,6 +144,8 @@ block_plugin_revocation_evaluate (void *cls, | |||
144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
145 | } | 145 | } |
146 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; | 146 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
147 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
148 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
147 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, | 149 | if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow, |
148 | ic->matching_bits, | 150 | ic->matching_bits, |
149 | ic->epoch_duration)) | 151 | ic->epoch_duration)) |
@@ -151,8 +153,8 @@ block_plugin_revocation_evaluate (void *cls, | |||
151 | GNUNET_break_op (0); | 153 | GNUNET_break_op (0); |
152 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 154 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
153 | } | 155 | } |
154 | GNUNET_CRYPTO_hash (&pow->key, | 156 | GNUNET_CRYPTO_hash (pk, |
155 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 157 | GNUNET_IDENTITY_key_get_length (pk), |
156 | &chash); | 158 | &chash); |
157 | if (GNUNET_YES == | 159 | if (GNUNET_YES == |
158 | GNUNET_BLOCK_GROUP_bf_test_and_set (group, | 160 | GNUNET_BLOCK_GROUP_bf_test_and_set (group, |
@@ -188,8 +190,10 @@ block_plugin_revocation_get_key (void *cls, | |||
188 | return GNUNET_SYSERR; | 190 | return GNUNET_SYSERR; |
189 | } | 191 | } |
190 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; | 192 | struct GNUNET_REVOCATION_PowP *pow = (struct GNUNET_REVOCATION_PowP *) &rm[1]; |
191 | GNUNET_CRYPTO_hash (&pow->key, | 193 | const struct GNUNET_IDENTITY_PublicKey *pk; |
192 | sizeof(struct GNUNET_IDENTITY_PublicKey), | 194 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
195 | GNUNET_CRYPTO_hash (pk, | ||
196 | GNUNET_IDENTITY_key_get_length (pk), | ||
193 | key); | 197 | key); |
194 | return GNUNET_OK; | 198 | return GNUNET_OK; |
195 | } | 199 | } |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 34529df35..94fbc7022 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -359,7 +359,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
359 | } | 359 | } |
360 | h->func = func; | 360 | h->func = func; |
361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
362 | size_t extra_len = ntohl (pow->sig_len) + sizeof (*pow); | 362 | size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow); |
363 | env = GNUNET_MQ_msg_extra (rm, | 363 | env = GNUNET_MQ_msg_extra (rm, |
364 | extra_len, | 364 | extra_len, |
365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
@@ -426,16 +426,25 @@ enum GNUNET_GenericReturnValue | |||
426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | 426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, |
427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | 427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) |
428 | { | 428 | { |
429 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | 429 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp; |
430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | 430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; |
431 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
432 | size_t ksize; | ||
431 | 433 | ||
432 | spurp.key = pow->key; | 434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; |
435 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
436 | |||
437 | spurp.ktype = pk->type; | ||
438 | spurp.key = pk->ecdsa_key; | ||
433 | spurp.timestamp = pow->timestamp; | 439 | spurp.timestamp = pow->timestamp; |
434 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 440 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
435 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 441 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
436 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | 442 | + GNUNET_IDENTITY_key_get_length (pk) |
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 443 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
438 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) &pow[1]; | 444 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
445 | "Expected signature payload len: %u\n", | ||
446 | ntohl (spurp.purpose.size)); | ||
447 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); | ||
439 | if (GNUNET_OK != | 448 | if (GNUNET_OK != |
440 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | 449 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, |
441 | &spurp.purpose, | 450 | &spurp.purpose, |
@@ -451,10 +460,13 @@ check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | |||
451 | enum GNUNET_GenericReturnValue | 460 | enum GNUNET_GenericReturnValue |
452 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | 461 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) |
453 | { | 462 | { |
454 | switch (ntohl (pow->key.type)) | 463 | const struct GNUNET_IDENTITY_PublicKey *pk; |
464 | |||
465 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
466 | switch (ntohl (pk->type)) | ||
455 | { | 467 | { |
456 | case GNUNET_IDENTITY_TYPE_ECDSA: | 468 | case GNUNET_IDENTITY_TYPE_ECDSA: |
457 | return check_signature_ecdsa (pow, &pow->key.ecdsa_key); | 469 | return check_signature_ecdsa (pow, &pk->ecdsa_key); |
458 | default: | 470 | default: |
459 | return GNUNET_SYSERR; | 471 | return GNUNET_SYSERR; |
460 | } | 472 | } |
@@ -487,6 +499,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
487 | unsigned int tmp_score = 0; | 499 | unsigned int tmp_score = 0; |
488 | unsigned int epochs; | 500 | unsigned int epochs; |
489 | uint64_t pow_val; | 501 | uint64_t pow_val; |
502 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
503 | |||
504 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
490 | 505 | ||
491 | /** | 506 | /** |
492 | * Check if signature valid | 507 | * Check if signature valid |
@@ -510,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
510 | &pow->timestamp, | 525 | &pow->timestamp, |
511 | sizeof (uint64_t)); | 526 | sizeof (uint64_t)); |
512 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 527 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
513 | &pow->key, | 528 | pk, |
514 | sizeof(struct GNUNET_IDENTITY_PublicKey)); | 529 | GNUNET_IDENTITY_key_get_length (pk)); |
515 | for (unsigned int i = 0; i < POW_COUNT; i++) | 530 | for (unsigned int i = 0; i < POW_COUNT; i++) |
516 | { | 531 | { |
517 | pow_val = GNUNET_ntohll (pow->pow[i]); | 532 | pow_val = GNUNET_ntohll (pow->pow[i]); |
@@ -565,7 +580,10 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
565 | struct GNUNET_REVOCATION_PowP *pow) | 580 | struct GNUNET_REVOCATION_PowP *pow) |
566 | { | 581 | { |
567 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 582 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
568 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 583 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp; |
584 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
585 | size_t ksize; | ||
586 | char *sig; | ||
569 | 587 | ||
570 | /** | 588 | /** |
571 | * Predate the validity period to prevent rejections due to | 589 | * Predate the validity period to prevent rejections due to |
@@ -573,18 +591,23 @@ sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
573 | */ | 591 | */ |
574 | ts = GNUNET_TIME_absolute_subtract (ts, | 592 | ts = GNUNET_TIME_absolute_subtract (ts, |
575 | GNUNET_TIME_UNIT_WEEKS); | 593 | GNUNET_TIME_UNIT_WEEKS); |
576 | 594 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | |
595 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
577 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | 596 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); |
578 | rp.timestamp = pow->timestamp; | 597 | rp.timestamp = pow->timestamp; |
579 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 598 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
580 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 599 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
581 | + sizeof(struct GNUNET_IDENTITY_PublicKey) | 600 | + ksize |
582 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 601 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
583 | rp.key = pow->key; | 602 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
584 | pow->sig_len = htonl (sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | 603 | "Signature payload len: %u\n", |
604 | ntohl (rp.purpose.size)); | ||
605 | rp.ktype = pk->type; | ||
606 | rp.key = pk->ecdsa_key; | ||
607 | sig = ((char*)&pow[1]) + ksize; | ||
585 | return GNUNET_CRYPTO_ecdsa_sign_ (key, | 608 | return GNUNET_CRYPTO_ecdsa_sign_ (key, |
586 | &rp.purpose, | 609 | &rp.purpose, |
587 | (void*) &pow[1]); | 610 | (void*) sig); |
588 | 611 | ||
589 | } | 612 | } |
590 | 613 | ||
@@ -593,8 +616,11 @@ enum GNUNET_GenericReturnValue | |||
593 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | 616 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, |
594 | struct GNUNET_REVOCATION_PowP *pow) | 617 | struct GNUNET_REVOCATION_PowP *pow) |
595 | { | 618 | { |
596 | GNUNET_IDENTITY_key_get_public (key, &pow->key); | 619 | struct GNUNET_IDENTITY_PublicKey *pk; |
597 | switch (ntohl (pow->key.type)) | 620 | |
621 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
622 | GNUNET_IDENTITY_key_get_public (key, pk); | ||
623 | switch (ntohl (pk->type)) | ||
598 | { | 624 | { |
599 | case GNUNET_IDENTITY_TYPE_ECDSA: | 625 | case GNUNET_IDENTITY_TYPE_ECDSA: |
600 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | 626 | return sign_pow_ecdsa (&key->ecdsa_key, pow); |
@@ -681,11 +707,13 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
681 | + sizeof (uint64_t) | 707 | + sizeof (uint64_t) |
682 | + sizeof (uint64_t)] GNUNET_ALIGN; | 708 | + sizeof (uint64_t)] GNUNET_ALIGN; |
683 | struct GNUNET_HashCode result; | 709 | struct GNUNET_HashCode result; |
710 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
684 | unsigned int zeros; | 711 | unsigned int zeros; |
685 | int ret; | 712 | int ret; |
686 | uint64_t pow_nbo; | 713 | uint64_t pow_nbo; |
687 | 714 | ||
688 | pc->current_pow++; | 715 | pc->current_pow++; |
716 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]); | ||
689 | 717 | ||
690 | /** | 718 | /** |
691 | * Do not try duplicates | 719 | * Do not try duplicates |
@@ -699,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
699 | &pc->pow->timestamp, | 727 | &pc->pow->timestamp, |
700 | sizeof (uint64_t)); | 728 | sizeof (uint64_t)); |
701 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 729 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
702 | &pc->pow->key, | 730 | pk, |
703 | sizeof(struct GNUNET_IDENTITY_PublicKey)); | 731 | GNUNET_IDENTITY_key_get_length (pk)); |
704 | GNUNET_CRYPTO_pow_hash (&salt, | 732 | GNUNET_CRYPTO_pow_hash (&salt, |
705 | buf, | 733 | buf, |
706 | sizeof(buf), | 734 | sizeof(buf), |
@@ -745,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
745 | } | 773 | } |
746 | 774 | ||
747 | 775 | ||
776 | size_t | ||
777 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | ||
778 | { | ||
779 | size_t size; | ||
780 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
781 | |||
782 | size = sizeof (struct GNUNET_REVOCATION_PowP); | ||
783 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
784 | size += GNUNET_IDENTITY_key_get_length (pk); | ||
785 | |||
786 | switch (ntohl (pk->type)) | ||
787 | { | ||
788 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
789 | return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
790 | default: | ||
791 | return 0; | ||
792 | } | ||
793 | return 0; | ||
794 | } | ||
795 | |||
796 | |||
748 | /* end of revocation_api.c */ | 797 | /* end of revocation_api.c */ |
diff --git a/src/revocation/test_revocation.c b/src/revocation/test_revocation.c index 58fcf2e76..c6457016f 100644 --- a/src/revocation/test_revocation.c +++ b/src/revocation/test_revocation.c | |||
@@ -164,8 +164,7 @@ ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); | 164 | GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey); |
165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); | 165 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n"); |
166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 166 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
167 | proof_of_work = GNUNET_malloc (sizeof (struct GNUNET_REVOCATION_PowP) + | 167 | proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE); |
168 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
169 | GNUNET_REVOCATION_pow_init (privkey, | 168 | GNUNET_REVOCATION_pow_init (privkey, |
170 | proof_of_work); | 169 | proof_of_work); |
171 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work, | 170 | testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work, |