diff options
-rw-r--r-- | src/include/gnunet_revocation_service.h | 4 | ||||
-rw-r--r-- | src/revocation/gnunet-revocation.c | 22 | ||||
-rw-r--r-- | src/revocation/gnunet-service-revocation.c | 3 | ||||
-rw-r--r-- | src/revocation/plugin_block_revocation.c | 3 | ||||
-rw-r--r-- | src/revocation/revocation.h | 5 | ||||
-rw-r--r-- | src/revocation/revocation_api.c | 17 | ||||
-rw-r--r-- | src/util/crypto_pow.c | 39 |
7 files changed, 51 insertions, 42 deletions
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h index 7222cedc1..1e1abb787 100644 --- a/src/include/gnunet_revocation_service.h +++ b/src/include/gnunet_revocation_service.h | |||
@@ -105,6 +105,7 @@ struct GNUNET_REVOCATION_Handle; | |||
105 | * @param key public key of the key to revoke | 105 | * @param key public key of the key to revoke |
106 | * @param sig signature to use on the revocation (should have been | 106 | * @param sig signature to use on the revocation (should have been |
107 | * created using #GNUNET_REVOCATION_sign_revocation). | 107 | * created using #GNUNET_REVOCATION_sign_revocation). |
108 | * @param ts revocation timestamp | ||
108 | * @param pow proof of work to use (should have been created by | 109 | * @param pow proof of work to use (should have been created by |
109 | * iteratively calling #GNUNET_REVOCATION_check_pow) | 110 | * iteratively calling #GNUNET_REVOCATION_check_pow) |
110 | * @param func funtion to call with the result of the check | 111 | * @param func funtion to call with the result of the check |
@@ -117,6 +118,7 @@ struct GNUNET_REVOCATION_Handle * | |||
117 | GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | 118 | GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, |
118 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 119 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, |
119 | const struct GNUNET_CRYPTO_EcdsaSignature *sig, | 120 | const struct GNUNET_CRYPTO_EcdsaSignature *sig, |
121 | const struct GNUNET_TIME_Absolute *ts, | ||
120 | uint64_t pow, | 122 | uint64_t pow, |
121 | GNUNET_REVOCATION_Callback func, void *func_cls); | 123 | GNUNET_REVOCATION_Callback func, void *func_cls); |
122 | 124 | ||
@@ -135,12 +137,14 @@ GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h); | |||
135 | * would be acceptable for revoking the given key. | 137 | * would be acceptable for revoking the given key. |
136 | * | 138 | * |
137 | * @param key key to check for | 139 | * @param key key to check for |
140 | * @param ts revocation timestamp | ||
138 | * @param pow proof of work value | 141 | * @param pow proof of work value |
139 | * @param matching_bits how many bits must match (configuration) | 142 | * @param matching_bits how many bits must match (configuration) |
140 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not | 143 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not |
141 | */ | 144 | */ |
142 | int | 145 | int |
143 | GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 146 | GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key, |
147 | const struct GNUNET_TIME_Absolute *ts, | ||
144 | uint64_t pow, | 148 | uint64_t pow, |
145 | unsigned int matching_bits); | 149 | unsigned int matching_bits); |
146 | 150 | ||
diff --git a/src/revocation/gnunet-revocation.c b/src/revocation/gnunet-revocation.c index f5aa2d17e..42ec71d16 100644 --- a/src/revocation/gnunet-revocation.c +++ b/src/revocation/gnunet-revocation.c | |||
@@ -203,6 +203,11 @@ struct RevocationData | |||
203 | struct GNUNET_CRYPTO_EcdsaSignature sig; | 203 | struct GNUNET_CRYPTO_EcdsaSignature sig; |
204 | 204 | ||
205 | /** | 205 | /** |
206 | * Time of revocation | ||
207 | */ | ||
208 | struct GNUNET_TIME_AbsoluteNBO ts; | ||
209 | |||
210 | /** | ||
206 | * Proof of work (in NBO). | 211 | * Proof of work (in NBO). |
207 | */ | 212 | */ |
208 | uint64_t pow GNUNET_PACKED; | 213 | uint64_t pow GNUNET_PACKED; |
@@ -215,9 +220,13 @@ struct RevocationData | |||
215 | static void | 220 | static void |
216 | perform_revocation (const struct RevocationData *rd) | 221 | perform_revocation (const struct RevocationData *rd) |
217 | { | 222 | { |
223 | struct GNUNET_TIME_Absolute ts; | ||
224 | |||
225 | ts = GNUNET_TIME_absolute_ntoh (rd->ts); | ||
218 | h = GNUNET_REVOCATION_revoke (cfg, | 226 | h = GNUNET_REVOCATION_revoke (cfg, |
219 | &rd->key, | 227 | &rd->key, |
220 | &rd->sig, | 228 | &rd->sig, |
229 | &ts, | ||
221 | rd->pow, | 230 | rd->pow, |
222 | &print_revocation_result, | 231 | &print_revocation_result, |
223 | NULL); | 232 | NULL); |
@@ -273,6 +282,7 @@ static void | |||
273 | calculate_pow (void *cls) | 282 | calculate_pow (void *cls) |
274 | { | 283 | { |
275 | struct RevocationData *rd = cls; | 284 | struct RevocationData *rd = cls; |
285 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_ntoh (rd->ts); | ||
276 | 286 | ||
277 | /* store temporary results */ | 287 | /* store temporary results */ |
278 | pow_task = NULL; | 288 | pow_task = NULL; |
@@ -290,6 +300,7 @@ calculate_pow (void *cls) | |||
290 | /* actually do POW calculation */ | 300 | /* actually do POW calculation */ |
291 | rd->pow++; | 301 | rd->pow++; |
292 | if (GNUNET_OK == GNUNET_REVOCATION_check_pow (&rd->key, | 302 | if (GNUNET_OK == GNUNET_REVOCATION_check_pow (&rd->key, |
303 | &ts, | ||
293 | rd->pow, | 304 | rd->pow, |
294 | (unsigned int) matching_bits)) | 305 | (unsigned int) matching_bits)) |
295 | { | 306 | { |
@@ -331,6 +342,7 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) | |||
331 | { | 342 | { |
332 | struct RevocationData *rd; | 343 | struct RevocationData *rd; |
333 | struct GNUNET_CRYPTO_EcdsaPublicKey key; | 344 | struct GNUNET_CRYPTO_EcdsaPublicKey key; |
345 | struct GNUNET_TIME_Absolute ts; | ||
334 | 346 | ||
335 | el = NULL; | 347 | el = NULL; |
336 | if (NULL == ego) | 348 | if (NULL == ego) |
@@ -361,9 +373,14 @@ ego_callback (void *cls, const struct GNUNET_IDENTITY_Ego *ego) | |||
361 | ego), | 373 | ego), |
362 | &rd->sig); | 374 | &rd->sig); |
363 | rd->key = key; | 375 | rd->key = key; |
376 | rd->ts = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); | ||
364 | } | 377 | } |
378 | ts = GNUNET_TIME_absolute_ntoh (rd->ts); | ||
365 | if (GNUNET_YES == | 379 | if (GNUNET_YES == |
366 | GNUNET_REVOCATION_check_pow (&key, rd->pow, (unsigned int) matching_bits)) | 380 | GNUNET_REVOCATION_check_pow (&key, |
381 | &ts, | ||
382 | rd->pow, | ||
383 | (unsigned int) matching_bits)) | ||
367 | { | 384 | { |
368 | fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); | 385 | fprintf (stderr, "%s", _ ("Revocation certificate ready\n")); |
369 | if (perform) | 386 | if (perform) |
@@ -397,6 +414,7 @@ run (void *cls, | |||
397 | { | 414 | { |
398 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | 415 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; |
399 | struct RevocationData rd; | 416 | struct RevocationData rd; |
417 | struct GNUNET_TIME_Absolute ts; | ||
400 | 418 | ||
401 | cfg = c; | 419 | cfg = c; |
402 | if (NULL != test_ego) | 420 | if (NULL != test_ego) |
@@ -453,8 +471,10 @@ run (void *cls, | |||
453 | return; | 471 | return; |
454 | } | 472 | } |
455 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 473 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
474 | ts = GNUNET_TIME_absolute_ntoh (rd.ts); | ||
456 | if (GNUNET_YES != | 475 | if (GNUNET_YES != |
457 | GNUNET_REVOCATION_check_pow (&rd.key, | 476 | GNUNET_REVOCATION_check_pow (&rd.key, |
477 | &ts, | ||
458 | rd.pow, | 478 | rd.pow, |
459 | (unsigned int) matching_bits)) | 479 | (unsigned int) matching_bits)) |
460 | { | 480 | { |
diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 3e811cd9a..ff75faa2c 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c | |||
@@ -167,8 +167,11 @@ new_peer_entry (const struct GNUNET_PeerIdentity *peer) | |||
167 | static int | 167 | static int |
168 | verify_revoke_message (const struct RevokeMessage *rm) | 168 | verify_revoke_message (const struct RevokeMessage *rm) |
169 | { | 169 | { |
170 | struct GNUNET_TIME_Absolute ts; | ||
171 | ts = GNUNET_TIME_absolute_ntoh (rm->ts); | ||
170 | if (GNUNET_YES != | 172 | if (GNUNET_YES != |
171 | GNUNET_REVOCATION_check_pow (&rm->public_key, | 173 | GNUNET_REVOCATION_check_pow (&rm->public_key, |
174 | &ts, | ||
172 | rm->proof_of_work, | 175 | rm->proof_of_work, |
173 | (unsigned int) revocation_work_required)) | 176 | (unsigned int) revocation_work_required)) |
174 | { | 177 | { |
diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index 8d16b8781..57234fa36 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c | |||
@@ -134,6 +134,7 @@ block_plugin_revocation_evaluate (void *cls, | |||
134 | struct InternalContext *ic = cls; | 134 | struct InternalContext *ic = cls; |
135 | struct GNUNET_HashCode chash; | 135 | struct GNUNET_HashCode chash; |
136 | const struct RevokeMessage *rm = reply_block; | 136 | const struct RevokeMessage *rm = reply_block; |
137 | struct GNUNET_TIME_Absolute ts; | ||
137 | 138 | ||
138 | if (NULL == reply_block) | 139 | if (NULL == reply_block) |
139 | return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; | 140 | return GNUNET_BLOCK_EVALUATION_REQUEST_VALID; |
@@ -142,8 +143,10 @@ block_plugin_revocation_evaluate (void *cls, | |||
142 | GNUNET_break_op (0); | 143 | GNUNET_break_op (0); |
143 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; | 144 | return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; |
144 | } | 145 | } |
146 | ts = GNUNET_TIME_absolute_ntoh (rm->ts); | ||
145 | if (GNUNET_YES != | 147 | if (GNUNET_YES != |
146 | GNUNET_REVOCATION_check_pow (&rm->public_key, | 148 | GNUNET_REVOCATION_check_pow (&rm->public_key, |
149 | &ts, | ||
147 | rm->proof_of_work, | 150 | rm->proof_of_work, |
148 | ic->matching_bits)) | 151 | ic->matching_bits)) |
149 | { | 152 | { |
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h index b6e7a07ec..184f58e0a 100644 --- a/src/revocation/revocation.h +++ b/src/revocation/revocation.h | |||
@@ -89,6 +89,11 @@ struct RevokeMessage | |||
89 | uint32_t reserved GNUNET_PACKED; | 89 | uint32_t reserved GNUNET_PACKED; |
90 | 90 | ||
91 | /** | 91 | /** |
92 | * Timestamp | ||
93 | */ | ||
94 | struct GNUNET_TIME_AbsoluteNBO ts; | ||
95 | |||
96 | /** | ||
92 | * Number that causes a hash collision with the @e public_key. | 97 | * Number that causes a hash collision with the @e public_key. |
93 | */ | 98 | */ |
94 | uint64_t proof_of_work GNUNET_PACKED; | 99 | uint64_t proof_of_work GNUNET_PACKED; |
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 4755d4816..c2aafd254 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -235,6 +235,7 @@ handle_revocation_response (void *cls, | |||
235 | * @param key public key of the key to revoke | 235 | * @param key public key of the key to revoke |
236 | * @param sig signature to use on the revocation (should have been | 236 | * @param sig signature to use on the revocation (should have been |
237 | * created using #GNUNET_REVOCATION_sign_revocation). | 237 | * created using #GNUNET_REVOCATION_sign_revocation). |
238 | * @param ts revocation timestamp | ||
238 | * @param pow proof of work to use (should have been created by | 239 | * @param pow proof of work to use (should have been created by |
239 | * iteratively calling #GNUNET_REVOCATION_check_pow) | 240 | * iteratively calling #GNUNET_REVOCATION_check_pow) |
240 | * @param func funtion to call with the result of the check | 241 | * @param func funtion to call with the result of the check |
@@ -247,6 +248,7 @@ struct GNUNET_REVOCATION_Handle * | |||
247 | GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | 248 | GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, |
248 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 249 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, |
249 | const struct GNUNET_CRYPTO_EcdsaSignature *sig, | 250 | const struct GNUNET_CRYPTO_EcdsaSignature *sig, |
251 | const struct GNUNET_TIME_Absolute *ts, | ||
250 | uint64_t pow, | 252 | uint64_t pow, |
251 | GNUNET_REVOCATION_Callback func, | 253 | GNUNET_REVOCATION_Callback func, |
252 | void *func_cls) | 254 | void *func_cls) |
@@ -271,6 +273,7 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
271 | &matching_bits)) && | 273 | &matching_bits)) && |
272 | (GNUNET_YES != | 274 | (GNUNET_YES != |
273 | GNUNET_REVOCATION_check_pow (key, | 275 | GNUNET_REVOCATION_check_pow (key, |
276 | ts, | ||
274 | pow, | 277 | pow, |
275 | (unsigned int) matching_bits))) | 278 | (unsigned int) matching_bits))) |
276 | { | 279 | { |
@@ -346,22 +349,32 @@ count_leading_zeroes (const struct GNUNET_HashCode *hash) | |||
346 | * would be acceptable for revoking the given key. | 349 | * would be acceptable for revoking the given key. |
347 | * | 350 | * |
348 | * @param key key to check for | 351 | * @param key key to check for |
352 | * @param ts revocation timestamp | ||
349 | * @param pow proof of work value | 353 | * @param pow proof of work value |
350 | * @param matching_bits how many bits must match (configuration) | 354 | * @param matching_bits how many bits must match (configuration) |
351 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not | 355 | * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not |
352 | */ | 356 | */ |
353 | int | 357 | int |
354 | GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 358 | GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EcdsaPublicKey *key, |
359 | const struct GNUNET_TIME_Absolute *ts, | ||
355 | uint64_t pow, | 360 | uint64_t pow, |
356 | unsigned int matching_bits) | 361 | unsigned int matching_bits) |
357 | { | 362 | { |
358 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 363 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) |
359 | + sizeof(pow)] GNUNET_ALIGN; | 364 | + sizeof(pow) |
365 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)] GNUNET_ALIGN; | ||
360 | struct GNUNET_HashCode result; | 366 | struct GNUNET_HashCode result; |
367 | struct GNUNET_TIME_AbsoluteNBO ts_nbo; | ||
361 | 368 | ||
362 | GNUNET_memcpy (buf, &pow, sizeof(pow)); | 369 | ts_nbo = GNUNET_TIME_absolute_hton (*ts); |
370 | |||
371 | GNUNET_memcpy (buf, &pow, sizeof(pow)) ; | ||
363 | GNUNET_memcpy (&buf[sizeof(pow)], key, | 372 | GNUNET_memcpy (&buf[sizeof(pow)], key, |
364 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 373 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); |
374 | GNUNET_memcpy (&buf[sizeof(pow) + sizeof (struct GNUNET_TIME_AbsoluteNBO)], | ||
375 | &ts_nbo, | ||
376 | sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
377 | |||
365 | GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", | 378 | GNUNET_CRYPTO_pow_hash ("gnunet-revocation-proof-of-work", |
366 | buf, | 379 | buf, |
367 | sizeof(buf), | 380 | sizeof(buf), |
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c index 5e225f244..1ab4443d1 100644 --- a/src/util/crypto_pow.c +++ b/src/util/crypto_pow.c | |||
@@ -47,12 +47,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, | |||
47 | struct GNUNET_HashCode *result) | 47 | struct GNUNET_HashCode *result) |
48 | { | 48 | { |
49 | #ifdef LSD0001 | 49 | #ifdef LSD0001 |
50 | char twofish_iv[128 / 8]; // 128 bit IV | ||
51 | char twofish_key[256 / 8]; // 256 bit Key | ||
52 | char rbuf[buf_len]; | ||
53 | int rc; | ||
54 | gcry_cipher_hd_t handle; | ||
55 | |||
56 | GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */ | 50 | GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */ |
57 | 1024, /* memory (1 MiB) */ | 51 | 1024, /* memory (1 MiB) */ |
58 | 1, /* threads */ | 52 | 1, /* threads */ |
@@ -60,39 +54,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, | |||
60 | buf_len, | 54 | buf_len, |
61 | salt, | 55 | salt, |
62 | strlen (salt), | 56 | strlen (salt), |
63 | &twofish_key, | ||
64 | sizeof (twofish_key))); | ||
65 | |||
66 | GNUNET_CRYPTO_kdf (twofish_iv, | ||
67 | sizeof (twofish_iv), | ||
68 | "gnunet-proof-of-work-iv", | ||
69 | strlen ("gnunet-proof-of-work-iv"), | ||
70 | twofish_key, | ||
71 | sizeof(twofish_key), | ||
72 | salt, | ||
73 | strlen (salt), | ||
74 | NULL, 0); | ||
75 | GNUNET_assert (0 == | ||
76 | gcry_cipher_open (&handle, GCRY_CIPHER_TWOFISH, | ||
77 | GCRY_CIPHER_MODE_CFB, 0)); | ||
78 | rc = gcry_cipher_setkey (handle, | ||
79 | twofish_key, | ||
80 | sizeof(twofish_key)); | ||
81 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); | ||
82 | rc = gcry_cipher_setiv (handle, | ||
83 | twofish_iv, | ||
84 | sizeof(twofish_iv)); | ||
85 | GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY)); | ||
86 | GNUNET_assert (0 == gcry_cipher_encrypt (handle, &rbuf, buf_len, buf, | ||
87 | buf_len)); | ||
88 | gcry_cipher_close (handle); | ||
89 | GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */ | ||
90 | 1024, /* memory (1 MiB) */ | ||
91 | 1, /* threads */ | ||
92 | rbuf, | ||
93 | buf_len, | ||
94 | salt, | ||
95 | strlen (salt), | ||
96 | result, | 57 | result, |
97 | sizeof (struct | 58 | sizeof (struct |
98 | GNUNET_HashCode))); | 59 | GNUNET_HashCode))); |