diff options
-rw-r--r-- | src/Makefile.am | 3 | ||||
-rw-r--r-- | src/fs/Makefile.am | 14 | ||||
-rw-r--r-- | src/fs/fs_pseudonym.c (renamed from src/util/pseudonym.c) | 130 | ||||
-rw-r--r-- | src/fs/plugin_block_fs.c | 1 | ||||
-rw-r--r-- | src/fs/test_pseudonym.c (renamed from src/util/test_pseudonym.c) | 8 | ||||
-rw-r--r-- | src/include/Makefile.am | 1 | ||||
-rw-r--r-- | src/include/block_fs.h | 1 | ||||
-rw-r--r-- | src/include/gnunet_fs_service.h | 371 | ||||
-rw-r--r-- | src/include/gnunet_pseudonym_lib.h | 418 | ||||
-rw-r--r-- | src/include/gnunet_util_lib.h | 1 | ||||
-rw-r--r-- | src/util/Makefile.am | 7 |
11 files changed, 490 insertions, 465 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 771432a91..11e260e5a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am | |||
@@ -3,7 +3,7 @@ | |||
3 | #endif | 3 | #endif |
4 | 4 | ||
5 | if HAVE_EXPERIMENTAL | 5 | if HAVE_EXPERIMENTAL |
6 | EXP_DIR = chat consensus dv | 6 | EXP_DIR = fs chat consensus dv |
7 | endif | 7 | endif |
8 | 8 | ||
9 | if LINUX | 9 | if LINUX |
@@ -55,7 +55,6 @@ SUBDIRS = \ | |||
55 | mesh \ | 55 | mesh \ |
56 | lockmanager \ | 56 | lockmanager \ |
57 | stream \ | 57 | stream \ |
58 | fs \ | ||
59 | $(LINUX_DIR) \ | 58 | $(LINUX_DIR) \ |
60 | $(MINGW_DIR) \ | 59 | $(MINGW_DIR) \ |
61 | integration-tests \ | 60 | integration-tests \ |
diff --git a/src/fs/Makefile.am b/src/fs/Makefile.am index 54267c57c..e9d5f40db 100644 --- a/src/fs/Makefile.am +++ b/src/fs/Makefile.am | |||
@@ -34,6 +34,7 @@ libgnunetfs_la_SOURCES = \ | |||
34 | fs_file_information.c \ | 34 | fs_file_information.c \ |
35 | fs_getopt.c \ | 35 | fs_getopt.c \ |
36 | fs_list_indexed.c \ | 36 | fs_list_indexed.c \ |
37 | fs_pseudonym.c \ | ||
37 | fs_publish.c \ | 38 | fs_publish.c \ |
38 | fs_publish_ksk.c \ | 39 | fs_publish_ksk.c \ |
39 | fs_misc.c \ | 40 | fs_misc.c \ |
@@ -47,7 +48,7 @@ libgnunetfs_la_SOURCES = \ | |||
47 | libgnunetfs_la_LIBADD = \ | 48 | libgnunetfs_la_LIBADD = \ |
48 | $(top_builddir)/src/datastore/libgnunetdatastore.la \ | 49 | $(top_builddir)/src/datastore/libgnunetdatastore.la \ |
49 | $(top_builddir)/src/util/libgnunetutil.la \ | 50 | $(top_builddir)/src/util/libgnunetutil.la \ |
50 | $(GN_LIBINTL) $(XLIB) -lunistring -lextractor | 51 | $(GN_LIBINTL) $(XLIB) -lunistring -lextractor -lgcrypt |
51 | 52 | ||
52 | libgnunetfs_la_LDFLAGS = \ | 53 | libgnunetfs_la_LDFLAGS = \ |
53 | $(GN_LIB_LDFLAGS) $(WINFLAGS) \ | 54 | $(GN_LIB_LDFLAGS) $(WINFLAGS) \ |
@@ -214,6 +215,7 @@ libgnunet_plugin_block_fs_la_SOURCES = \ | |||
214 | plugin_block_fs.c | 215 | plugin_block_fs.c |
215 | libgnunet_plugin_block_fs_la_LIBADD = \ | 216 | libgnunet_plugin_block_fs_la_LIBADD = \ |
216 | $(top_builddir)/src/block/libgnunetblock.la \ | 217 | $(top_builddir)/src/block/libgnunetblock.la \ |
218 | $(top_builddir)/src/fs/libgnunetfs.la \ | ||
217 | $(top_builddir)/src/util/libgnunetutil.la \ | 219 | $(top_builddir)/src/util/libgnunetutil.la \ |
218 | $(LTLIBINTL) | 220 | $(LTLIBINTL) |
219 | libgnunet_plugin_block_fs_la_LDFLAGS = \ | 221 | libgnunet_plugin_block_fs_la_LDFLAGS = \ |
@@ -243,6 +245,7 @@ check_PROGRAMS = \ | |||
243 | test_fs_list_indexed \ | 245 | test_fs_list_indexed \ |
244 | test_fs_namespace \ | 246 | test_fs_namespace \ |
245 | test_fs_namespace_list_updateable \ | 247 | test_fs_namespace_list_updateable \ |
248 | test_pseudonym \ | ||
246 | test_fs_publish \ | 249 | test_fs_publish \ |
247 | test_fs_publish_persistence \ | 250 | test_fs_publish_persistence \ |
248 | test_fs_search \ | 251 | test_fs_search \ |
@@ -288,6 +291,7 @@ TESTS = \ | |||
288 | test_fs_list_indexed \ | 291 | test_fs_list_indexed \ |
289 | test_fs_namespace \ | 292 | test_fs_namespace \ |
290 | test_fs_namespace_list_updateable \ | 293 | test_fs_namespace_list_updateable \ |
294 | test_pseudonym \ | ||
291 | test_fs_publish \ | 295 | test_fs_publish \ |
292 | test_fs_publish_persistence \ | 296 | test_fs_publish_persistence \ |
293 | test_fs_search \ | 297 | test_fs_search \ |
@@ -308,6 +312,14 @@ TESTS = \ | |||
308 | endif | 312 | endif |
309 | 313 | ||
310 | 314 | ||
315 | test_pseudonym_SOURCES = \ | ||
316 | test_pseudonym.c | ||
317 | test_pseudonym_LDADD = \ | ||
318 | -lgcrypt \ | ||
319 | $(top_builddir)/src/fs/libgnunetfs.la \ | ||
320 | $(top_builddir)/src/util/libgnunetutil.la | ||
321 | |||
322 | |||
311 | test_fs_directory_SOURCES = \ | 323 | test_fs_directory_SOURCES = \ |
312 | test_fs_directory.c | 324 | test_fs_directory.c |
313 | test_fs_directory_LDADD = \ | 325 | test_fs_directory_LDADD = \ |
diff --git a/src/util/pseudonym.c b/src/fs/fs_pseudonym.c index 497f6ad6f..5e9c9816e 100644 --- a/src/util/pseudonym.c +++ b/src/fs/fs_pseudonym.c | |||
@@ -18,8 +18,8 @@ | |||
18 | Boston, MA 02111-1307, USA. | 18 | Boston, MA 02111-1307, USA. |
19 | */ | 19 | */ |
20 | /** | 20 | /** |
21 | * @file util/pseudonym.c | 21 | * @file fs/fs_pseudonym.c |
22 | * @brief helper functions | 22 | * @brief pseudonym functions |
23 | * @author Christian Grothoff | 23 | * @author Christian Grothoff |
24 | * | 24 | * |
25 | * TODO: | 25 | * TODO: |
@@ -27,13 +27,11 @@ | |||
27 | * provided by stubs that merely pretend to work! | 27 | * provided by stubs that merely pretend to work! |
28 | */ | 28 | */ |
29 | #include "platform.h" | 29 | #include "platform.h" |
30 | #include "gnunet_common.h" | 30 | #include "gnunet_util_lib.h" |
31 | #include "gnunet_container_lib.h" | 31 | #include "gnunet_fs_service.h" |
32 | #include "gnunet_disk_lib.h" | ||
33 | #include "gnunet_pseudonym_lib.h" | ||
34 | #include "gnunet_bio_lib.h" | ||
35 | #include <gcrypt.h> | 32 | #include <gcrypt.h> |
36 | 33 | ||
34 | |||
37 | #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) | 35 | #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) |
38 | 36 | ||
39 | #define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall) | 37 | #define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall) |
@@ -61,7 +59,7 @@ | |||
61 | /** | 59 | /** |
62 | * Configuration section we use. | 60 | * Configuration section we use. |
63 | */ | 61 | */ |
64 | #define GNUNET_CLIENT_SERVICE_NAME "client" | 62 | #define GNUNET_CLIENT_SERVICE_NAME "fs" |
65 | 63 | ||
66 | 64 | ||
67 | /* ************************* Disk operations (pseudonym data mgmt) **************** */ | 65 | /* ************************* Disk operations (pseudonym data mgmt) **************** */ |
@@ -1069,17 +1067,19 @@ data_to_pkcs1 (const struct GNUNET_PseudonymSignaturePurpose *purpose) | |||
1069 | return data; | 1067 | return data; |
1070 | } | 1068 | } |
1071 | 1069 | ||
1070 | gcry_ctx_t xctx; | ||
1071 | |||
1072 | 1072 | ||
1073 | /** | 1073 | /** |
1074 | * Cryptographically sign some data with the pseudonym. | 1074 | * Cryptographically sign some data with the pseudonym. |
1075 | * | 1075 | * |
1076 | * @param ph private key used for signing (corresponds to 'x' in #2564) | 1076 | * @param ph private key 'd' used for signing (corresponds to 'x' in #2564) |
1077 | * @param purpose data to sign | 1077 | * @param purpose data to sign |
1078 | * @param seed hash of the plaintext of the data that we are signing, | 1078 | * @param seed hash of the plaintext of the data that we are signing, |
1079 | * used for deterministic PRNG for anonymous signing; | 1079 | * used for deterministic PRNG for anonymous signing; |
1080 | * corresponds to 'k' in section 2.7 of #2564 | 1080 | * corresponds to 'k' in section 2.7 of #2564 |
1081 | * @param signing_key modifier to apply to the private key for signing; | 1081 | * @param signing_key modifier to apply to the private key for signing ('h'); |
1082 | * corresponds to 'h' in section 2.3 of #2564. | 1082 | * see section 2.3 of #2564. |
1083 | * @param signature where to store the signature | 1083 | * @param signature where to store the signature |
1084 | * @return GNUNET_SYSERR on failure | 1084 | * @return GNUNET_SYSERR on failure |
1085 | */ | 1085 | */ |
@@ -1092,10 +1092,10 @@ GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | |||
1092 | { | 1092 | { |
1093 | size_t size; | 1093 | size_t size; |
1094 | size_t erroff; | 1094 | size_t erroff; |
1095 | gcry_mpi_t x; | 1095 | gcry_mpi_t d; |
1096 | gcry_mpi_t k; | 1096 | gcry_mpi_t k; |
1097 | gcry_mpi_t h; | 1097 | gcry_mpi_t h; |
1098 | gcry_mpi_t d; | 1098 | gcry_mpi_t dh; |
1099 | gcry_mpi_t n; /* n from P-256 */ | 1099 | gcry_mpi_t n; /* n from P-256 */ |
1100 | gcry_sexp_t spriv; | 1100 | gcry_sexp_t spriv; |
1101 | gcry_sexp_t data; | 1101 | gcry_sexp_t data; |
@@ -1103,23 +1103,23 @@ GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | |||
1103 | gcry_mpi_t rs[2]; | 1103 | gcry_mpi_t rs[2]; |
1104 | int rc; | 1104 | int rc; |
1105 | 1105 | ||
1106 | /* get private key 'x' from pseudonym */ | 1106 | /* get private key 'd' from pseudonym */ |
1107 | size = sizeof (ph->d); | 1107 | size = sizeof (ph->d); |
1108 | if (0 != (rc = gcry_mpi_scan (&x, GCRYMPI_FMT_USG, | 1108 | if (0 != (rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, |
1109 | &ph->d, | 1109 | &ph->d, |
1110 | size, &size))) | 1110 | size, &size))) |
1111 | { | 1111 | { |
1112 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 1112 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
1113 | return GNUNET_SYSERR; | 1113 | return GNUNET_SYSERR; |
1114 | } | 1114 | } |
1115 | /* get 'h' value from signing key */ | 1115 | /* get 'x' value from signing key */ |
1116 | size = sizeof (struct GNUNET_HashCode); | 1116 | size = sizeof (struct GNUNET_HashCode); |
1117 | if (0 != (rc = gcry_mpi_scan (&h, GCRYMPI_FMT_USG, | 1117 | if (0 != (rc = gcry_mpi_scan (&h, GCRYMPI_FMT_USG, |
1118 | signing_key, | 1118 | signing_key, |
1119 | size, &size))) | 1119 | size, &size))) |
1120 | { | 1120 | { |
1121 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 1121 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
1122 | gcry_mpi_release (x); | 1122 | gcry_mpi_release (d); |
1123 | return GNUNET_SYSERR; | 1123 | return GNUNET_SYSERR; |
1124 | } | 1124 | } |
1125 | 1125 | ||
@@ -1128,28 +1128,66 @@ GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | |||
1128 | "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 0, NULL))) | 1128 | "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 0, NULL))) |
1129 | { | 1129 | { |
1130 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 1130 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
1131 | gcry_mpi_release (x); | 1131 | gcry_mpi_release (d); |
1132 | gcry_mpi_release (h); | 1132 | gcry_mpi_release (h); |
1133 | return GNUNET_SYSERR; | 1133 | return GNUNET_SYSERR; |
1134 | } | 1134 | } |
1135 | 1135 | ||
1136 | /* calculate d = x + h mod n */ | 1136 | /* calculate dx = d + h mod n */ |
1137 | d = gcry_mpi_new (256); | 1137 | dh = gcry_mpi_new (256); |
1138 | gcry_mpi_addm (d, x, h, n); | 1138 | gcry_mpi_addm (dh, d, h, n); |
1139 | gcry_mpi_release (x); | 1139 | // gcry_mpi_release (d); |
1140 | gcry_mpi_release (h); | 1140 | // gcry_mpi_release (h); |
1141 | gcry_mpi_release (n); | 1141 | gcry_mpi_release (n); |
1142 | |||
1143 | if (1) { | ||
1144 | gcry_mpi_point_t g; | ||
1145 | gcry_mpi_point_t v; | ||
1146 | gcry_mpi_point_t hg; | ||
1147 | gcry_mpi_point_t q; | ||
1148 | gcry_mpi_t v_x; | ||
1149 | gcry_mpi_t v_y; | ||
1150 | |||
1151 | gcry_mpi_ec_new (&xctx, NULL, "NIST P-256"); | ||
1152 | g = gcry_mpi_ec_get_point ("g", xctx, 0); | ||
1153 | |||
1154 | hg = gcry_mpi_point_new (0); | ||
1155 | gcry_mpi_ec_mul (hg, h, g, xctx); | ||
1156 | fprintf (stderr, "\nExpected verification hG value:\n"); | ||
1157 | v_x = gcry_mpi_new (256); | ||
1158 | v_y = gcry_mpi_new (256); | ||
1159 | gcry_mpi_ec_get_affine (v_x, v_y, hg, xctx); | ||
1160 | gcry_mpi_dump (v_x); | ||
1161 | gcry_mpi_dump (v_y); | ||
1162 | |||
1163 | q = gcry_mpi_point_new (0); | ||
1164 | gcry_mpi_ec_mul (q, d, g, xctx); | ||
1165 | fprintf (stderr, "\nExpected verification q value:\n"); | ||
1166 | gcry_mpi_ec_get_affine (v_x, v_y, q, xctx); | ||
1167 | gcry_mpi_dump (v_x); | ||
1168 | gcry_mpi_dump (v_y); | ||
1169 | |||
1170 | v = gcry_mpi_point_new (0); | ||
1171 | gcry_mpi_ec_add (v, q, hg, xctx); | ||
1172 | gcry_mpi_ec_get_affine (v_x, v_y, v, xctx); | ||
1173 | fprintf (stderr, "\nExpected verification key public point value V := q + hG:\n"); | ||
1174 | gcry_mpi_dump (v_x); | ||
1175 | gcry_mpi_dump (v_y); | ||
1176 | fprintf (stderr, "\n"); | ||
1177 | |||
1178 | } | ||
1179 | |||
1142 | 1180 | ||
1143 | /* now build sexpression with the signing key */ | 1181 | /* now build sexpression with the signing key */ |
1144 | if (0 != (rc = gcry_sexp_build (&spriv, &erroff, | 1182 | if (0 != (rc = gcry_sexp_build (&spriv, &erroff, |
1145 | "(private-key(ecdsa(curve \"NIST P-256\")(d %m)))", | 1183 | "(private-key(ecdsa(curve \"NIST P-256\")(d %m)))", |
1146 | d))) | 1184 | dh))) |
1147 | { | 1185 | { |
1148 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | 1186 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); |
1149 | gcry_mpi_release (d); | 1187 | gcry_mpi_release (dh); |
1150 | return GNUNET_SYSERR; | 1188 | return GNUNET_SYSERR; |
1151 | } | 1189 | } |
1152 | gcry_mpi_release (d); | 1190 | gcry_mpi_release (dh); |
1153 | /* prepare data for signing */ | 1191 | /* prepare data for signing */ |
1154 | data = data_to_pkcs1 (purpose); | 1192 | data = data_to_pkcs1 (purpose); |
1155 | 1193 | ||
@@ -1162,7 +1200,6 @@ GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | |||
1162 | size, &size))) | 1200 | size, &size))) |
1163 | { | 1201 | { |
1164 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 1202 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
1165 | gcry_mpi_release (x); | ||
1166 | return GNUNET_SYSERR; | 1203 | return GNUNET_SYSERR; |
1167 | } | 1204 | } |
1168 | } | 1205 | } |
@@ -1276,10 +1313,10 @@ get_context_from_pseudonym (struct GNUNET_PseudonymIdentifier *pseudonym) | |||
1276 | * Given a pseudonym and a signing key, derive the corresponding public | 1313 | * Given a pseudonym and a signing key, derive the corresponding public |
1277 | * key that would be used to verify the resulting signature. | 1314 | * key that would be used to verify the resulting signature. |
1278 | * | 1315 | * |
1279 | * @param pseudonym the public key (g^x in DSA, dQ in ECDSA) | 1316 | * @param pseudonym the public key (dQ in ECDSA) |
1280 | * @param signing_key input to derive 'h' (see section 2.4 of #2564) | 1317 | * @param signing_key input to derive 'h' (see section 2.4 of #2564) |
1281 | * @param verification_key resulting public key to verify the signature | 1318 | * @param verification_key resulting public key to verify the signature |
1282 | * created from the 'ph' of 'pseudonym' and the 'signing_key'; | 1319 | * created from the '(d+h)' of 'pseudonym' and the 'signing_key'; |
1283 | * the value stored here can then be given to GNUNET_PSEUDONYM_verify. | 1320 | * the value stored here can then be given to GNUNET_PSEUDONYM_verify. |
1284 | * @return GNUNET_OK on success, GNUNET_SYSERR on error | 1321 | * @return GNUNET_OK on success, GNUNET_SYSERR on error |
1285 | */ | 1322 | */ |
@@ -1320,19 +1357,45 @@ GNUNET_PSEUDONYM_derive_verification_key (struct GNUNET_PseudonymIdentifier *pse | |||
1320 | /* then call the 'multiply' function, to compute the product hG */ | 1357 | /* then call the 'multiply' function, to compute the product hG */ |
1321 | hg = gcry_mpi_point_new (0); | 1358 | hg = gcry_mpi_point_new (0); |
1322 | gcry_mpi_ec_mul (hg, h, g, ctx); | 1359 | gcry_mpi_ec_mul (hg, h, g, ctx); |
1360 | |||
1361 | { | ||
1362 | fprintf (stderr, "\nVerification hG value:\n"); | ||
1363 | v_x = gcry_mpi_new (256); | ||
1364 | v_y = gcry_mpi_new (256); | ||
1365 | gcry_mpi_ec_get_affine (v_x, v_y, hg, ctx); | ||
1366 | gcry_mpi_dump (v_x); | ||
1367 | gcry_mpi_dump (v_y); | ||
1368 | } | ||
1323 | gcry_mpi_release (h); | 1369 | gcry_mpi_release (h); |
1324 | 1370 | ||
1325 | /* get Q = dG from 'pseudonym' */ | 1371 | /* get Q = dG from 'pseudonym' */ |
1326 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | 1372 | q = gcry_mpi_ec_get_point ("q", ctx, 0); |
1327 | 1373 | { | |
1328 | /* calculate V = q + hG = dG + hG */ | 1374 | fprintf (stderr, "\nVerification q value:\n"); |
1375 | v_x = gcry_mpi_new (256); | ||
1376 | v_y = gcry_mpi_new (256); | ||
1377 | gcry_mpi_ec_get_affine (v_x, v_y, q, ctx); | ||
1378 | gcry_mpi_dump (v_x); | ||
1379 | gcry_mpi_dump (v_y); | ||
1380 | } | ||
1381 | /* calculate V = Q + hG = dG + hG = (d + h)G*/ | ||
1329 | v = gcry_mpi_point_new (0); | 1382 | v = gcry_mpi_point_new (0); |
1330 | gcry_mpi_ec_add (v, q, hg, ctx); | 1383 | gcry_mpi_ec_add (v, q, hg, xctx); |
1384 | /* FIXME: free 'hg'? */ | ||
1331 | 1385 | ||
1332 | /* store 'v' point in "verification_key" */ | 1386 | /* store 'v' point in "verification_key" */ |
1333 | v_x = gcry_mpi_new (256); | 1387 | v_x = gcry_mpi_new (256); |
1334 | v_y = gcry_mpi_new (256); | 1388 | v_y = gcry_mpi_new (256); |
1335 | gcry_mpi_ec_get_affine (v_x, v_y, v, ctx); | 1389 | gcry_mpi_ec_get_affine (v_x, v_y, v, xctx); |
1390 | |||
1391 | { | ||
1392 | fprintf (stderr, "\nVerification key public point value V := q + hG:\n"); | ||
1393 | gcry_mpi_dump (v_x); | ||
1394 | gcry_mpi_dump (v_y); | ||
1395 | fprintf (stderr, " <=== WTF!?\n"); | ||
1396 | } | ||
1397 | |||
1398 | |||
1336 | gcry_mpi_point_release (v); | 1399 | gcry_mpi_point_release (v); |
1337 | gcry_ctx_release (ctx); | 1400 | gcry_ctx_release (ctx); |
1338 | 1401 | ||
@@ -1480,6 +1543,7 @@ GNUNET_PSEUDONYM_verify (const struct GNUNET_PseudonymSignaturePurpose *purpose, | |||
1480 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1543 | LOG (GNUNET_ERROR_TYPE_WARNING, |
1481 | _("ECDSA signature verification failed at %s:%d: %s\n"), __FILE__, | 1544 | _("ECDSA signature verification failed at %s:%d: %s\n"), __FILE__, |
1482 | __LINE__, gcry_strerror (rc)); | 1545 | __LINE__, gcry_strerror (rc)); |
1546 | exit (1); | ||
1483 | return GNUNET_SYSERR; | 1547 | return GNUNET_SYSERR; |
1484 | } | 1548 | } |
1485 | return GNUNET_OK; | 1549 | return GNUNET_OK; |
diff --git a/src/fs/plugin_block_fs.c b/src/fs/plugin_block_fs.c index 468dd96a3..a05283f16 100644 --- a/src/fs/plugin_block_fs.c +++ b/src/fs/plugin_block_fs.c | |||
@@ -26,6 +26,7 @@ | |||
26 | 26 | ||
27 | #include "platform.h" | 27 | #include "platform.h" |
28 | #include "gnunet_block_plugin.h" | 28 | #include "gnunet_block_plugin.h" |
29 | #include "gnunet_fs_service.h" | ||
29 | #include "block_fs.h" | 30 | #include "block_fs.h" |
30 | #include "gnunet_signatures.h" | 31 | #include "gnunet_signatures.h" |
31 | 32 | ||
diff --git a/src/util/test_pseudonym.c b/src/fs/test_pseudonym.c index a3b3f3fdb..5247d6dcc 100644 --- a/src/util/test_pseudonym.c +++ b/src/fs/test_pseudonym.c | |||
@@ -19,13 +19,14 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * @file util/test_pseudonym.c | 22 | * @file fs/test_pseudonym.c |
23 | * @brief testcase for pseudonym.c | 23 | * @brief testcase for fs_pseudonym.c |
24 | * @author Christian Grothoff | 24 | * @author Christian Grothoff |
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet_common.h" | 27 | #include "gnunet_common.h" |
28 | #include "gnunet_util_lib.h" | 28 | #include "gnunet_util_lib.h" |
29 | #include "gnunet_fs_service.h" | ||
29 | #include "gnunet_signatures.h" | 30 | #include "gnunet_signatures.h" |
30 | 31 | ||
31 | #define CHECK(a) do { if (!(a)) { ok = GNUNET_NO; GNUNET_break(0); goto FAILURE; } } while (0) | 32 | #define CHECK(a) do { if (!(a)) { ok = GNUNET_NO; GNUNET_break(0); goto FAILURE; } } while (0) |
@@ -222,12 +223,15 @@ test_signature (struct GNUNET_PseudonymHandle *ph, | |||
222 | struct GNUNET_PseudonymIdentifier verification_key; | 223 | struct GNUNET_PseudonymIdentifier verification_key; |
223 | 224 | ||
224 | GNUNET_PSEUDONYM_sign (ph, purpose, seed, signing_key, &signature); | 225 | GNUNET_PSEUDONYM_sign (ph, purpose, seed, signing_key, &signature); |
226 | if (0) | ||
227 | { | ||
225 | GNUNET_PSEUDONYM_sign (ph, purpose, seed, signing_key, &signature2); | 228 | GNUNET_PSEUDONYM_sign (ph, purpose, seed, signing_key, &signature2); |
226 | /* with seed, two sigs must be identical, without, they must be different! */ | 229 | /* with seed, two sigs must be identical, without, they must be different! */ |
227 | if (NULL != seed) | 230 | if (NULL != seed) |
228 | GNUNET_break (0 == memcmp (&signature, &signature2, sizeof (signature))); | 231 | GNUNET_break (0 == memcmp (&signature, &signature2, sizeof (signature))); |
229 | else /* crypto not implemented, thus for now 'break' */ | 232 | else /* crypto not implemented, thus for now 'break' */ |
230 | GNUNET_break (0 != memcmp (&signature, &signature2, sizeof (signature))); | 233 | GNUNET_break (0 != memcmp (&signature, &signature2, sizeof (signature))); |
234 | } | ||
231 | GNUNET_PSEUDONYM_get_identifier (ph, &pseudonym); | 235 | GNUNET_PSEUDONYM_get_identifier (ph, &pseudonym); |
232 | GNUNET_PSEUDONYM_derive_verification_key (&pseudonym, | 236 | GNUNET_PSEUDONYM_derive_verification_key (&pseudonym, |
233 | signing_key, | 237 | signing_key, |
diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 0d7a52d39..e27fc7027 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am | |||
@@ -67,7 +67,6 @@ gnunetinclude_HEADERS = \ | |||
67 | gnunet_postgres_lib.h \ | 67 | gnunet_postgres_lib.h \ |
68 | gnunet_program_lib.h \ | 68 | gnunet_program_lib.h \ |
69 | gnunet_protocols.h \ | 69 | gnunet_protocols.h \ |
70 | gnunet_pseudonym_lib.h \ | ||
71 | gnunet_resolver_service.h \ | 70 | gnunet_resolver_service.h \ |
72 | gnunet_regex_lib.h \ | 71 | gnunet_regex_lib.h \ |
73 | gnunet_scheduler_lib.h \ | 72 | gnunet_scheduler_lib.h \ |
diff --git a/src/include/block_fs.h b/src/include/block_fs.h index 6f37dcf0e..233d8035e 100644 --- a/src/include/block_fs.h +++ b/src/include/block_fs.h | |||
@@ -27,6 +27,7 @@ | |||
27 | #define BLOCK_FS_H | 27 | #define BLOCK_FS_H |
28 | 28 | ||
29 | #include "gnunet_util_lib.h" | 29 | #include "gnunet_util_lib.h" |
30 | #include "gnunet_fs_service.h" | ||
30 | 31 | ||
31 | 32 | ||
32 | /** | 33 | /** |
diff --git a/src/include/gnunet_fs_service.h b/src/include/gnunet_fs_service.h index 931406e2d..6143f0630 100644 --- a/src/include/gnunet_fs_service.h +++ b/src/include/gnunet_fs_service.h | |||
@@ -79,6 +79,78 @@ extern "C" | |||
79 | */ | 79 | */ |
80 | struct GNUNET_FS_Uri; | 80 | struct GNUNET_FS_Uri; |
81 | 81 | ||
82 | |||
83 | /** | ||
84 | * Identifier for a GNUnet pseudonym (the public key). | ||
85 | * Q-point, Q=dp. | ||
86 | */ | ||
87 | struct GNUNET_PseudonymIdentifier | ||
88 | { | ||
89 | /** | ||
90 | * Q consists of an x- and a y-value, each mod p (256 bits), | ||
91 | * given here in affine coordinates. | ||
92 | */ | ||
93 | unsigned char q_x[256 / 8]; | ||
94 | |||
95 | /** | ||
96 | * Q consists of an x- and a y-value, each mod p (256 bits), | ||
97 | * given here in affine coordinates. | ||
98 | */ | ||
99 | unsigned char q_y[256 / 8]; | ||
100 | |||
101 | }; | ||
102 | |||
103 | |||
104 | /** | ||
105 | * Handle for a pseudonym (private key). | ||
106 | */ | ||
107 | struct GNUNET_PseudonymHandle; | ||
108 | |||
109 | |||
110 | /** | ||
111 | * Signature made with a pseudonym (includes the full public key). | ||
112 | * The ECDSA signature is a pair (r,s) with r = x1 mod n where | ||
113 | * (x1,y1) = kG for "random" k and s = k^{-1}(z + rd) mod n, | ||
114 | * where z is derived from the hash of the message that is being | ||
115 | * signed. | ||
116 | */ | ||
117 | struct GNUNET_PseudonymSignature | ||
118 | { | ||
119 | |||
120 | /** | ||
121 | * Who created the signature? (public key of the signer), 'd' value in NIST P-256. | ||
122 | */ | ||
123 | struct GNUNET_PseudonymIdentifier signer; | ||
124 | |||
125 | /** | ||
126 | * Binary ECDSA signature data, r-value. Value is mod n, and n is 256 bits. | ||
127 | */ | ||
128 | unsigned char sig_r[256 / 8]; | ||
129 | |||
130 | /** | ||
131 | * Binary ECDSA signature data, s-value. Value is mod n, and n is 256 bits. | ||
132 | */ | ||
133 | unsigned char sig_s[256 / 8]; | ||
134 | }; | ||
135 | |||
136 | |||
137 | /** | ||
138 | * Purpose for signature made with a pseudonym. | ||
139 | */ | ||
140 | struct GNUNET_PseudonymSignaturePurpose | ||
141 | { | ||
142 | /** | ||
143 | * How many bytes are being signed (including this header)? | ||
144 | */ | ||
145 | uint32_t size; | ||
146 | |||
147 | /** | ||
148 | * What is the context/purpose of the signature? | ||
149 | */ | ||
150 | uint32_t purpose; | ||
151 | }; | ||
152 | |||
153 | |||
82 | /** | 154 | /** |
83 | * Iterator over keywords | 155 | * Iterator over keywords |
84 | * | 156 | * |
@@ -90,6 +162,303 @@ struct GNUNET_FS_Uri; | |||
90 | typedef int (*GNUNET_FS_KeywordIterator) (void *cls, const char *keyword, | 162 | typedef int (*GNUNET_FS_KeywordIterator) (void *cls, const char *keyword, |
91 | int is_mandatory); | 163 | int is_mandatory); |
92 | 164 | ||
165 | |||
166 | |||
167 | |||
168 | /** | ||
169 | * Create a pseudonym. | ||
170 | * | ||
171 | * @param filename name of the file to use for storage, NULL for in-memory only | ||
172 | * @return handle to the private key of the pseudonym | ||
173 | */ | ||
174 | struct GNUNET_PseudonymHandle * | ||
175 | GNUNET_PSEUDONYM_create (const char *filename); | ||
176 | |||
177 | |||
178 | /** | ||
179 | * Create a pseudonym, from a file that must already exist. | ||
180 | * | ||
181 | * @param filename name of the file to use for storage, NULL for in-memory only | ||
182 | * @return handle to the private key of the pseudonym | ||
183 | */ | ||
184 | struct GNUNET_PseudonymHandle * | ||
185 | GNUNET_PSEUDONYM_create_from_existing_file (const char *filename); | ||
186 | |||
187 | |||
188 | /** | ||
189 | * Get the handle for the 'anonymous' pseudonym shared by all users. | ||
190 | * That pseudonym uses a fixed 'secret' for the private key; this | ||
191 | * construction is useful to make anonymous and pseudonymous APIs | ||
192 | * (and packets) indistinguishable on the network. See #2564. | ||
193 | * | ||
194 | * @return handle to the (non-secret) private key of the 'anonymous' pseudonym | ||
195 | */ | ||
196 | struct GNUNET_PseudonymHandle * | ||
197 | GNUNET_PSEUDONYM_get_anonymous_pseudonym_handle (void); | ||
198 | |||
199 | |||
200 | /** | ||
201 | * Destroy a pseudonym handle. Does NOT remove the private key from | ||
202 | * the disk. | ||
203 | * | ||
204 | * @param ph pseudonym handle to destroy | ||
205 | */ | ||
206 | void | ||
207 | GNUNET_PSEUDONYM_destroy (struct GNUNET_PseudonymHandle *ph); | ||
208 | |||
209 | |||
210 | /** | ||
211 | * Cryptographically sign some data with the pseudonym. | ||
212 | * | ||
213 | * @param ph private key used for signing (corresponds to 'x' in #2564) | ||
214 | * @param purpose data to sign | ||
215 | * @param seed hash of the plaintext of the data that we are signing, | ||
216 | * used for deterministic PRNG for anonymous signing; | ||
217 | * corresponds to 'k' in section 2.7 of #2564 | ||
218 | * @param signing_key modifier to apply to the private key for signing; | ||
219 | * corresponds to 'h' in section 2.3 of #2564. | ||
220 | * @param signature where to store the signature | ||
221 | * @return GNUNET_SYSERR on failure | ||
222 | */ | ||
223 | int | ||
224 | GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | ||
225 | const struct GNUNET_PseudonymSignaturePurpose *purpose, | ||
226 | const struct GNUNET_HashCode *seed, | ||
227 | const struct GNUNET_HashCode *signing_key, | ||
228 | struct GNUNET_PseudonymSignature *signature); | ||
229 | |||
230 | |||
231 | /** | ||
232 | * Given a pseudonym and a signing key, derive the corresponding public | ||
233 | * key that would be used to verify the resulting signature. | ||
234 | * | ||
235 | * @param pseudonym the public key (g^x in DSA, dQ in ECDSA) | ||
236 | * @param signing_key input to derive 'h' (see section 2.4 of #2564) | ||
237 | * @param verification_key resulting public key to verify the signature | ||
238 | * created from the 'ph' of 'pseudonym' and the 'signing_key'; | ||
239 | * the value stored here can then be given to GNUNET_PSEUDONYM_verify. | ||
240 | * @return GNUNET_OK on success, GNUNET_SYSERR on error | ||
241 | */ | ||
242 | int | ||
243 | GNUNET_PSEUDONYM_derive_verification_key (struct GNUNET_PseudonymIdentifier *pseudonym, | ||
244 | const struct GNUNET_HashCode *signing_key, | ||
245 | struct GNUNET_PseudonymIdentifier *verification_key); | ||
246 | |||
247 | |||
248 | /** | ||
249 | * Verify a signature made with a pseudonym. | ||
250 | * | ||
251 | * @param purpose data that was signed | ||
252 | * @param signature signature to verify | ||
253 | * @param verification_key public key to use for checking the signature; | ||
254 | * corresponds to 'g^(x+h)' in section 2.4 of #2564. | ||
255 | * @return GNUNET_OK on success (signature valid, 'pseudonym' set), | ||
256 | * GNUNET_SYSERR if the signature is invalid | ||
257 | */ | ||
258 | int | ||
259 | GNUNET_PSEUDONYM_verify (const struct GNUNET_PseudonymSignaturePurpose *purpose, | ||
260 | const struct GNUNET_PseudonymSignature *signature, | ||
261 | const struct GNUNET_PseudonymIdentifier *verification_key); | ||
262 | |||
263 | |||
264 | /** | ||
265 | * Get the identifier (public key) of a pseudonym. | ||
266 | * | ||
267 | * @param ph pseudonym handle with the private key | ||
268 | * @param pseudonym pseudonym identifier (set based on 'ph') | ||
269 | */ | ||
270 | void | ||
271 | GNUNET_PSEUDONYM_get_identifier (struct GNUNET_PseudonymHandle *ph, | ||
272 | struct GNUNET_PseudonymIdentifier *pseudonym); | ||
273 | |||
274 | |||
275 | |||
276 | /** | ||
277 | * Iterator over all known pseudonyms. | ||
278 | * | ||
279 | * @param cls closure | ||
280 | * @param pseudonym hash code of public key of pseudonym | ||
281 | * @param name name of the pseudonym (might be NULL) | ||
282 | * @param unique_name unique name of the pseudonym (might be NULL) | ||
283 | * @param md meta data known about the pseudonym | ||
284 | * @param rating the local rating of the pseudonym | ||
285 | * @return GNUNET_OK to continue iteration, GNUNET_SYSERR to abort | ||
286 | */ | ||
287 | typedef int (*GNUNET_PSEUDONYM_Iterator) (void *cls, | ||
288 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
289 | const char *name, | ||
290 | const char *unique_name, | ||
291 | const struct GNUNET_CONTAINER_MetaData *md, | ||
292 | int32_t rating); | ||
293 | |||
294 | |||
295 | /** | ||
296 | * Change the rank of a pseudonym. | ||
297 | * | ||
298 | * @param cfg overall configuration | ||
299 | * @param pseudonym identity of the pseudonym | ||
300 | * @param delta by how much should the rating be changed? | ||
301 | * @return new rating of the pseudonym | ||
302 | */ | ||
303 | int | ||
304 | GNUNET_PSEUDONYM_rank (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
305 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
306 | int32_t delta); | ||
307 | |||
308 | |||
309 | /** | ||
310 | * Add a pseudonym to the set of known pseudonyms. | ||
311 | * For all pseudonym advertisements that we discover | ||
312 | * FS should automatically call this function. | ||
313 | * | ||
314 | * @param cfg overall configuration | ||
315 | * @param pseudonym the pseudonym identifier | ||
316 | * @param meta metadata for the pseudonym | ||
317 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
318 | */ | ||
319 | int | ||
320 | GNUNET_PSEUDONYM_add (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
321 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
322 | const struct GNUNET_CONTAINER_MetaData *meta); | ||
323 | |||
324 | |||
325 | /** | ||
326 | * List all known pseudonyms. | ||
327 | * | ||
328 | * @param cfg overall configuration | ||
329 | * @param iterator function to call for each pseudonym | ||
330 | * @param iterator_cls closure for iterator | ||
331 | * @return number of pseudonyms found | ||
332 | */ | ||
333 | int | ||
334 | GNUNET_PSEUDONYM_list_all (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
335 | GNUNET_PSEUDONYM_Iterator iterator, | ||
336 | void *iterator_cls); | ||
337 | |||
338 | |||
339 | /** | ||
340 | * Handle for a discovery callback registration. | ||
341 | */ | ||
342 | struct GNUNET_PSEUDONYM_DiscoveryHandle; | ||
343 | |||
344 | |||
345 | /** | ||
346 | * Register callback to be invoked whenever we discover | ||
347 | * a new pseudonym. | ||
348 | * | ||
349 | * @param cfg our configuration | ||
350 | * @param iterator function to invoke on discovery | ||
351 | * @param iterator_cls closure for iterator | ||
352 | * @return registration handle | ||
353 | */ | ||
354 | struct GNUNET_PSEUDONYM_DiscoveryHandle * | ||
355 | GNUNET_PSEUDONYM_discovery_callback_register (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
356 | GNUNET_PSEUDONYM_Iterator iterator, | ||
357 | void *iterator_cls); | ||
358 | |||
359 | |||
360 | /** | ||
361 | * Unregister pseudonym discovery callback. | ||
362 | * | ||
363 | * @param dh registration to unregister | ||
364 | */ | ||
365 | void | ||
366 | GNUNET_PSEUDONYM_discovery_callback_unregister (struct GNUNET_PSEUDONYM_DiscoveryHandle *dh); | ||
367 | |||
368 | |||
369 | /** | ||
370 | * Return unique variant of the pseudonym name. Use after | ||
371 | * GNUNET_PSEUDONYM_id_to_name() to make sure that name is unique. | ||
372 | * | ||
373 | * @param cfg configuration | ||
374 | * @param pseudonym cryptographic ID of the pseudonym | ||
375 | * @param name name to uniquify | ||
376 | * @param suffix if not NULL, filled with the suffix value | ||
377 | * @return NULL on failure (should never happen), name on success. | ||
378 | * Free the name with GNUNET_free(). | ||
379 | */ | ||
380 | char * | ||
381 | GNUNET_PSEUDONYM_name_uniquify (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
382 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
383 | const char *name, | ||
384 | unsigned int *suffix); | ||
385 | |||
386 | |||
387 | /** | ||
388 | * Get pseudonym name, metadata and rank. This is a wrapper around | ||
389 | * internal read_info() call, and ensures that returned data is not | ||
390 | * invalid (not NULL). Writing back information returned by this | ||
391 | * function will give a name "no-name" to pseudonyms that have no | ||
392 | * name. This side-effect is unavoidable, but hardly harmful. | ||
393 | * | ||
394 | * @param cfg configuration | ||
395 | * @param pseudonym cryptographic ID of the pseudonym | ||
396 | * @param ret_meta a location to store metadata pointer. NULL, if metadata | ||
397 | * is not needed. Destroy with GNUNET_CONTAINER_meta_data_destroy(). | ||
398 | * @param ret_rank a location to store rank. NULL, if rank not needed. | ||
399 | * @param ret_name a location to store human-readable name. Name is not unique. | ||
400 | * NULL, if name is not needed. Free with GNUNET_free(). | ||
401 | * @param name_is_a_dup is set to GNUNET_YES, if ret_name was filled with | ||
402 | * a duplicate of a "no-name" placeholder | ||
403 | * @return GNUNET_OK on success. GNUENT_SYSERR if the data was | ||
404 | * unobtainable (in that case ret_* are filled with placeholders - | ||
405 | * empty metadata container, rank -1 and a "no-name" name). | ||
406 | */ | ||
407 | int | ||
408 | GNUNET_PSEUDONYM_get_info (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
409 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
410 | struct GNUNET_CONTAINER_MetaData **ret_meta, | ||
411 | int32_t *ret_rank, | ||
412 | char **ret_name, | ||
413 | int *name_is_a_dup); | ||
414 | |||
415 | |||
416 | /** | ||
417 | * Get the pseudonym ID belonging to the given pseudonym name. | ||
418 | * | ||
419 | * @param cfg configuration to use | ||
420 | * @param ns_uname unique (!) human-readable name for the pseudonym | ||
421 | * @param pseudonym set to pseudonym ID based on 'ns_uname' | ||
422 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
423 | */ | ||
424 | int | ||
425 | GNUNET_PSEUDONYM_name_to_id (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
426 | const char *ns_uname, | ||
427 | struct GNUNET_PseudonymIdentifier *pseudonym); | ||
428 | |||
429 | |||
430 | /** | ||
431 | * Set the pseudonym metadata, rank and name. | ||
432 | * | ||
433 | * @param cfg overall configuration | ||
434 | * @param pseudonym id of the pseudonym | ||
435 | * @param name name to set. Must be the non-unique version of it. | ||
436 | * May be NULL, in which case it erases pseudonym's name! | ||
437 | * @param md metadata to set | ||
438 | * May be NULL, in which case it erases pseudonym's metadata! | ||
439 | * @param rank rank to assign | ||
440 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
441 | */ | ||
442 | int | ||
443 | GNUNET_PSEUDONYM_set_info (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
444 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
445 | const char *name, | ||
446 | const struct GNUNET_CONTAINER_MetaData *md, | ||
447 | int32_t rank); | ||
448 | |||
449 | |||
450 | /** | ||
451 | * Remove pseudonym from the set of known pseudonyms. | ||
452 | * | ||
453 | * @param cfg overall configuration | ||
454 | * @param id the pseudonym identifier | ||
455 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
456 | */ | ||
457 | int | ||
458 | GNUNET_PSEUDONYM_remove (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
459 | const struct GNUNET_PseudonymIdentifier *id); | ||
460 | |||
461 | |||
93 | /** | 462 | /** |
94 | * Get a unique key from a URI. This is for putting URIs | 463 | * Get a unique key from a URI. This is for putting URIs |
95 | * into HashMaps. The key may change between FS implementations. | 464 | * into HashMaps. The key may change between FS implementations. |
@@ -100,6 +469,7 @@ typedef int (*GNUNET_FS_KeywordIterator) (void *cls, const char *keyword, | |||
100 | void | 469 | void |
101 | GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, struct GNUNET_HashCode * key); | 470 | GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, struct GNUNET_HashCode * key); |
102 | 471 | ||
472 | |||
103 | /** | 473 | /** |
104 | * Convert a URI to a UTF-8 String. | 474 | * Convert a URI to a UTF-8 String. |
105 | * | 475 | * |
@@ -109,6 +479,7 @@ GNUNET_FS_uri_to_key (const struct GNUNET_FS_Uri *uri, struct GNUNET_HashCode * | |||
109 | char * | 479 | char * |
110 | GNUNET_FS_uri_to_string (const struct GNUNET_FS_Uri *uri); | 480 | GNUNET_FS_uri_to_string (const struct GNUNET_FS_Uri *uri); |
111 | 481 | ||
482 | |||
112 | /** | 483 | /** |
113 | * Convert keyword URI to a human readable format | 484 | * Convert keyword URI to a human readable format |
114 | * (i.e. the search query that was used in the first place) | 485 | * (i.e. the search query that was used in the first place) |
diff --git a/src/include/gnunet_pseudonym_lib.h b/src/include/gnunet_pseudonym_lib.h deleted file mode 100644 index e0b36887b..000000000 --- a/src/include/gnunet_pseudonym_lib.h +++ /dev/null | |||
@@ -1,418 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2001--2013 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file include/gnunet_pseudonym_lib.h | ||
23 | * @brief functions related to pseudonyms | ||
24 | * @author Christian Grothoff | ||
25 | */ | ||
26 | |||
27 | #ifndef GNUNET_PSEUDONYM_LIB_H | ||
28 | #define GNUNET_PSEUDONYM_LIB_H | ||
29 | |||
30 | #ifdef __cplusplus | ||
31 | extern "C" | ||
32 | { | ||
33 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
34 | } | ||
35 | #endif | ||
36 | #endif | ||
37 | |||
38 | #include "gnunet_common.h" | ||
39 | #include "gnunet_configuration_lib.h" | ||
40 | #include "gnunet_container_lib.h" | ||
41 | |||
42 | |||
43 | /** | ||
44 | * Identifier for a GNUnet pseudonym (the public key). | ||
45 | * Q-point, Q=dp. | ||
46 | */ | ||
47 | struct GNUNET_PseudonymIdentifier | ||
48 | { | ||
49 | /** | ||
50 | * Q consists of an x- and a y-value, each mod p (256 bits), | ||
51 | * given here in affine coordinates. | ||
52 | */ | ||
53 | unsigned char q_x[256 / 8]; | ||
54 | |||
55 | /** | ||
56 | * Q consists of an x- and a y-value, each mod p (256 bits), | ||
57 | * given here in affine coordinates. | ||
58 | */ | ||
59 | unsigned char q_y[256 / 8]; | ||
60 | |||
61 | }; | ||
62 | |||
63 | |||
64 | /** | ||
65 | * Handle for a pseudonym (private key). | ||
66 | */ | ||
67 | struct GNUNET_PseudonymHandle; | ||
68 | |||
69 | |||
70 | /** | ||
71 | * Signature made with a pseudonym (includes the full public key). | ||
72 | * The ECDSA signature is a pair (r,s) with r = x1 mod n where | ||
73 | * (x1,y1) = kG for "random" k and s = k^{-1}(z + rd) mod n, | ||
74 | * where z is derived from the hash of the message that is being | ||
75 | * signed. | ||
76 | */ | ||
77 | struct GNUNET_PseudonymSignature | ||
78 | { | ||
79 | |||
80 | /** | ||
81 | * Who created the signature? (public key of the signer), 'd' value in NIST P-256. | ||
82 | */ | ||
83 | struct GNUNET_PseudonymIdentifier signer; | ||
84 | |||
85 | /** | ||
86 | * Binary ECDSA signature data, r-value. Value is mod n, and n is 256 bits. | ||
87 | */ | ||
88 | unsigned char sig_r[256 / 8]; | ||
89 | |||
90 | /** | ||
91 | * Binary ECDSA signature data, s-value. Value is mod n, and n is 256 bits. | ||
92 | */ | ||
93 | unsigned char sig_s[256 / 8]; | ||
94 | }; | ||
95 | |||
96 | |||
97 | /** | ||
98 | * Purpose for signature made with a pseudonym. | ||
99 | */ | ||
100 | struct GNUNET_PseudonymSignaturePurpose | ||
101 | { | ||
102 | /** | ||
103 | * How many bytes are being signed (including this header)? | ||
104 | */ | ||
105 | uint32_t size; | ||
106 | |||
107 | /** | ||
108 | * What is the context/purpose of the signature? | ||
109 | */ | ||
110 | uint32_t purpose; | ||
111 | }; | ||
112 | |||
113 | |||
114 | /** | ||
115 | * Create a pseudonym. | ||
116 | * | ||
117 | * @param filename name of the file to use for storage, NULL for in-memory only | ||
118 | * @return handle to the private key of the pseudonym | ||
119 | */ | ||
120 | struct GNUNET_PseudonymHandle * | ||
121 | GNUNET_PSEUDONYM_create (const char *filename); | ||
122 | |||
123 | |||
124 | /** | ||
125 | * Create a pseudonym, from a file that must already exist. | ||
126 | * | ||
127 | * @param filename name of the file to use for storage, NULL for in-memory only | ||
128 | * @return handle to the private key of the pseudonym | ||
129 | */ | ||
130 | struct GNUNET_PseudonymHandle * | ||
131 | GNUNET_PSEUDONYM_create_from_existing_file (const char *filename); | ||
132 | |||
133 | |||
134 | /** | ||
135 | * Get the handle for the 'anonymous' pseudonym shared by all users. | ||
136 | * That pseudonym uses a fixed 'secret' for the private key; this | ||
137 | * construction is useful to make anonymous and pseudonymous APIs | ||
138 | * (and packets) indistinguishable on the network. See #2564. | ||
139 | * | ||
140 | * @return handle to the (non-secret) private key of the 'anonymous' pseudonym | ||
141 | */ | ||
142 | struct GNUNET_PseudonymHandle * | ||
143 | GNUNET_PSEUDONYM_get_anonymous_pseudonym_handle (void); | ||
144 | |||
145 | |||
146 | /** | ||
147 | * Destroy a pseudonym handle. Does NOT remove the private key from | ||
148 | * the disk. | ||
149 | * | ||
150 | * @param ph pseudonym handle to destroy | ||
151 | */ | ||
152 | void | ||
153 | GNUNET_PSEUDONYM_destroy (struct GNUNET_PseudonymHandle *ph); | ||
154 | |||
155 | |||
156 | /** | ||
157 | * Cryptographically sign some data with the pseudonym. | ||
158 | * | ||
159 | * @param ph private key used for signing (corresponds to 'x' in #2564) | ||
160 | * @param purpose data to sign | ||
161 | * @param seed hash of the plaintext of the data that we are signing, | ||
162 | * used for deterministic PRNG for anonymous signing; | ||
163 | * corresponds to 'k' in section 2.7 of #2564 | ||
164 | * @param signing_key modifier to apply to the private key for signing; | ||
165 | * corresponds to 'h' in section 2.3 of #2564. | ||
166 | * @param signature where to store the signature | ||
167 | * @return GNUNET_SYSERR on failure | ||
168 | */ | ||
169 | int | ||
170 | GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | ||
171 | const struct GNUNET_PseudonymSignaturePurpose *purpose, | ||
172 | const struct GNUNET_HashCode *seed, | ||
173 | const struct GNUNET_HashCode *signing_key, | ||
174 | struct GNUNET_PseudonymSignature *signature); | ||
175 | |||
176 | |||
177 | /** | ||
178 | * Given a pseudonym and a signing key, derive the corresponding public | ||
179 | * key that would be used to verify the resulting signature. | ||
180 | * | ||
181 | * @param pseudonym the public key (g^x in DSA, dQ in ECDSA) | ||
182 | * @param signing_key input to derive 'h' (see section 2.4 of #2564) | ||
183 | * @param verification_key resulting public key to verify the signature | ||
184 | * created from the 'ph' of 'pseudonym' and the 'signing_key'; | ||
185 | * the value stored here can then be given to GNUNET_PSEUDONYM_verify. | ||
186 | * @return GNUNET_OK on success, GNUNET_SYSERR on error | ||
187 | */ | ||
188 | int | ||
189 | GNUNET_PSEUDONYM_derive_verification_key (struct GNUNET_PseudonymIdentifier *pseudonym, | ||
190 | const struct GNUNET_HashCode *signing_key, | ||
191 | struct GNUNET_PseudonymIdentifier *verification_key); | ||
192 | |||
193 | |||
194 | /** | ||
195 | * Verify a signature made with a pseudonym. | ||
196 | * | ||
197 | * @param purpose data that was signed | ||
198 | * @param signature signature to verify | ||
199 | * @param verification_key public key to use for checking the signature; | ||
200 | * corresponds to 'g^(x+h)' in section 2.4 of #2564. | ||
201 | * @return GNUNET_OK on success (signature valid, 'pseudonym' set), | ||
202 | * GNUNET_SYSERR if the signature is invalid | ||
203 | */ | ||
204 | int | ||
205 | GNUNET_PSEUDONYM_verify (const struct GNUNET_PseudonymSignaturePurpose *purpose, | ||
206 | const struct GNUNET_PseudonymSignature *signature, | ||
207 | const struct GNUNET_PseudonymIdentifier *verification_key); | ||
208 | |||
209 | |||
210 | /** | ||
211 | * Get the identifier (public key) of a pseudonym. | ||
212 | * | ||
213 | * @param ph pseudonym handle with the private key | ||
214 | * @param pseudonym pseudonym identifier (set based on 'ph') | ||
215 | */ | ||
216 | void | ||
217 | GNUNET_PSEUDONYM_get_identifier (struct GNUNET_PseudonymHandle *ph, | ||
218 | struct GNUNET_PseudonymIdentifier *pseudonym); | ||
219 | |||
220 | |||
221 | |||
222 | /** | ||
223 | * Iterator over all known pseudonyms. | ||
224 | * | ||
225 | * @param cls closure | ||
226 | * @param pseudonym hash code of public key of pseudonym | ||
227 | * @param name name of the pseudonym (might be NULL) | ||
228 | * @param unique_name unique name of the pseudonym (might be NULL) | ||
229 | * @param md meta data known about the pseudonym | ||
230 | * @param rating the local rating of the pseudonym | ||
231 | * @return GNUNET_OK to continue iteration, GNUNET_SYSERR to abort | ||
232 | */ | ||
233 | typedef int (*GNUNET_PSEUDONYM_Iterator) (void *cls, | ||
234 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
235 | const char *name, | ||
236 | const char *unique_name, | ||
237 | const struct GNUNET_CONTAINER_MetaData *md, | ||
238 | int32_t rating); | ||
239 | |||
240 | |||
241 | /** | ||
242 | * Change the rank of a pseudonym. | ||
243 | * | ||
244 | * @param cfg overall configuration | ||
245 | * @param pseudonym identity of the pseudonym | ||
246 | * @param delta by how much should the rating be changed? | ||
247 | * @return new rating of the pseudonym | ||
248 | */ | ||
249 | int | ||
250 | GNUNET_PSEUDONYM_rank (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
251 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
252 | int32_t delta); | ||
253 | |||
254 | |||
255 | /** | ||
256 | * Add a pseudonym to the set of known pseudonyms. | ||
257 | * For all pseudonym advertisements that we discover | ||
258 | * FS should automatically call this function. | ||
259 | * | ||
260 | * @param cfg overall configuration | ||
261 | * @param pseudonym the pseudonym identifier | ||
262 | * @param meta metadata for the pseudonym | ||
263 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
264 | */ | ||
265 | int | ||
266 | GNUNET_PSEUDONYM_add (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
267 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
268 | const struct GNUNET_CONTAINER_MetaData *meta); | ||
269 | |||
270 | |||
271 | /** | ||
272 | * List all known pseudonyms. | ||
273 | * | ||
274 | * @param cfg overall configuration | ||
275 | * @param iterator function to call for each pseudonym | ||
276 | * @param iterator_cls closure for iterator | ||
277 | * @return number of pseudonyms found | ||
278 | */ | ||
279 | int | ||
280 | GNUNET_PSEUDONYM_list_all (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
281 | GNUNET_PSEUDONYM_Iterator iterator, | ||
282 | void *iterator_cls); | ||
283 | |||
284 | |||
285 | /** | ||
286 | * Handle for a discovery callback registration. | ||
287 | */ | ||
288 | struct GNUNET_PSEUDONYM_DiscoveryHandle; | ||
289 | |||
290 | |||
291 | /** | ||
292 | * Register callback to be invoked whenever we discover | ||
293 | * a new pseudonym. | ||
294 | * | ||
295 | * @param cfg our configuration | ||
296 | * @param iterator function to invoke on discovery | ||
297 | * @param iterator_cls closure for iterator | ||
298 | * @return registration handle | ||
299 | */ | ||
300 | struct GNUNET_PSEUDONYM_DiscoveryHandle * | ||
301 | GNUNET_PSEUDONYM_discovery_callback_register (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
302 | GNUNET_PSEUDONYM_Iterator iterator, | ||
303 | void *iterator_cls); | ||
304 | |||
305 | |||
306 | /** | ||
307 | * Unregister pseudonym discovery callback. | ||
308 | * | ||
309 | * @param dh registration to unregister | ||
310 | */ | ||
311 | void | ||
312 | GNUNET_PSEUDONYM_discovery_callback_unregister (struct GNUNET_PSEUDONYM_DiscoveryHandle *dh); | ||
313 | |||
314 | |||
315 | /** | ||
316 | * Return unique variant of the pseudonym name. Use after | ||
317 | * GNUNET_PSEUDONYM_id_to_name() to make sure that name is unique. | ||
318 | * | ||
319 | * @param cfg configuration | ||
320 | * @param pseudonym cryptographic ID of the pseudonym | ||
321 | * @param name name to uniquify | ||
322 | * @param suffix if not NULL, filled with the suffix value | ||
323 | * @return NULL on failure (should never happen), name on success. | ||
324 | * Free the name with GNUNET_free(). | ||
325 | */ | ||
326 | char * | ||
327 | GNUNET_PSEUDONYM_name_uniquify (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
328 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
329 | const char *name, | ||
330 | unsigned int *suffix); | ||
331 | |||
332 | |||
333 | /** | ||
334 | * Get pseudonym name, metadata and rank. This is a wrapper around | ||
335 | * internal read_info() call, and ensures that returned data is not | ||
336 | * invalid (not NULL). Writing back information returned by this | ||
337 | * function will give a name "no-name" to pseudonyms that have no | ||
338 | * name. This side-effect is unavoidable, but hardly harmful. | ||
339 | * | ||
340 | * @param cfg configuration | ||
341 | * @param pseudonym cryptographic ID of the pseudonym | ||
342 | * @param ret_meta a location to store metadata pointer. NULL, if metadata | ||
343 | * is not needed. Destroy with GNUNET_CONTAINER_meta_data_destroy(). | ||
344 | * @param ret_rank a location to store rank. NULL, if rank not needed. | ||
345 | * @param ret_name a location to store human-readable name. Name is not unique. | ||
346 | * NULL, if name is not needed. Free with GNUNET_free(). | ||
347 | * @param name_is_a_dup is set to GNUNET_YES, if ret_name was filled with | ||
348 | * a duplicate of a "no-name" placeholder | ||
349 | * @return GNUNET_OK on success. GNUENT_SYSERR if the data was | ||
350 | * unobtainable (in that case ret_* are filled with placeholders - | ||
351 | * empty metadata container, rank -1 and a "no-name" name). | ||
352 | */ | ||
353 | int | ||
354 | GNUNET_PSEUDONYM_get_info (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
355 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
356 | struct GNUNET_CONTAINER_MetaData **ret_meta, | ||
357 | int32_t *ret_rank, | ||
358 | char **ret_name, | ||
359 | int *name_is_a_dup); | ||
360 | |||
361 | |||
362 | /** | ||
363 | * Get the pseudonym ID belonging to the given pseudonym name. | ||
364 | * | ||
365 | * @param cfg configuration to use | ||
366 | * @param ns_uname unique (!) human-readable name for the pseudonym | ||
367 | * @param pseudonym set to pseudonym ID based on 'ns_uname' | ||
368 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
369 | */ | ||
370 | int | ||
371 | GNUNET_PSEUDONYM_name_to_id (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
372 | const char *ns_uname, | ||
373 | struct GNUNET_PseudonymIdentifier *pseudonym); | ||
374 | |||
375 | |||
376 | /** | ||
377 | * Set the pseudonym metadata, rank and name. | ||
378 | * | ||
379 | * @param cfg overall configuration | ||
380 | * @param pseudonym id of the pseudonym | ||
381 | * @param name name to set. Must be the non-unique version of it. | ||
382 | * May be NULL, in which case it erases pseudonym's name! | ||
383 | * @param md metadata to set | ||
384 | * May be NULL, in which case it erases pseudonym's metadata! | ||
385 | * @param rank rank to assign | ||
386 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
387 | */ | ||
388 | int | ||
389 | GNUNET_PSEUDONYM_set_info (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
390 | const struct GNUNET_PseudonymIdentifier *pseudonym, | ||
391 | const char *name, | ||
392 | const struct GNUNET_CONTAINER_MetaData *md, | ||
393 | int32_t rank); | ||
394 | |||
395 | |||
396 | /** | ||
397 | * Remove pseudonym from the set of known pseudonyms. | ||
398 | * | ||
399 | * @param cfg overall configuration | ||
400 | * @param id the pseudonym identifier | ||
401 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | ||
402 | */ | ||
403 | int | ||
404 | GNUNET_PSEUDONYM_remove (const struct GNUNET_CONFIGURATION_Handle *cfg, | ||
405 | const struct GNUNET_PseudonymIdentifier *id); | ||
406 | |||
407 | |||
408 | |||
409 | #if 0 /* keep Emacsens' auto-indent happy */ | ||
410 | { | ||
411 | #endif | ||
412 | #ifdef __cplusplus | ||
413 | } | ||
414 | #endif | ||
415 | |||
416 | /* ifndef GNUNET_PSEUDONYM_LIB_H */ | ||
417 | #endif | ||
418 | /* end of gnunet_pseudonym_lib.h */ | ||
diff --git a/src/include/gnunet_util_lib.h b/src/include/gnunet_util_lib.h index 5f01cded8..30ec7cd3f 100644 --- a/src/include/gnunet_util_lib.h +++ b/src/include/gnunet_util_lib.h | |||
@@ -53,7 +53,6 @@ extern "C" | |||
53 | #include "gnunet_plugin_lib.h" | 53 | #include "gnunet_plugin_lib.h" |
54 | #include "gnunet_program_lib.h" | 54 | #include "gnunet_program_lib.h" |
55 | #include "gnunet_protocols.h" | 55 | #include "gnunet_protocols.h" |
56 | #include "gnunet_pseudonym_lib.h" | ||
57 | #include "gnunet_scheduler_lib.h" | 56 | #include "gnunet_scheduler_lib.h" |
58 | #include "gnunet_server_lib.h" | 57 | #include "gnunet_server_lib.h" |
59 | #include "gnunet_service_lib.h" | 58 | #include "gnunet_service_lib.h" |
diff --git a/src/util/Makefile.am b/src/util/Makefile.am index ef9ec7281..42d91c0ba 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am | |||
@@ -96,7 +96,6 @@ libgnunetutil_la_SOURCES = \ | |||
96 | peer.c \ | 96 | peer.c \ |
97 | plugin.c \ | 97 | plugin.c \ |
98 | program.c \ | 98 | program.c \ |
99 | pseudonym.c \ | ||
100 | resolver_api.c resolver.h \ | 99 | resolver_api.c resolver.h \ |
101 | scheduler.c \ | 100 | scheduler.c \ |
102 | server.c \ | 101 | server.c \ |
@@ -234,7 +233,6 @@ check_PROGRAMS = \ | |||
234 | test_peer \ | 233 | test_peer \ |
235 | test_plugin \ | 234 | test_plugin \ |
236 | test_program \ | 235 | test_program \ |
237 | test_pseudonym \ | ||
238 | test_resolver_api \ | 236 | test_resolver_api \ |
239 | test_scheduler \ | 237 | test_scheduler \ |
240 | test_scheduler_delay \ | 238 | test_scheduler_delay \ |
@@ -436,11 +434,6 @@ test_program_SOURCES = \ | |||
436 | test_program_LDADD = \ | 434 | test_program_LDADD = \ |
437 | $(top_builddir)/src/util/libgnunetutil.la | 435 | $(top_builddir)/src/util/libgnunetutil.la |
438 | 436 | ||
439 | test_pseudonym_SOURCES = \ | ||
440 | test_pseudonym.c | ||
441 | test_pseudonym_LDADD = \ | ||
442 | $(top_builddir)/src/util/libgnunetutil.la | ||
443 | |||
444 | test_resolver_api_SOURCES = \ | 437 | test_resolver_api_SOURCES = \ |
445 | test_resolver_api.c | 438 | test_resolver_api.c |
446 | test_resolver_api_LDADD = \ | 439 | test_resolver_api_LDADD = \ |