1 files changed, 286 insertions, 68 deletions
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 51dd5972d..b4e45727b 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -19,6 +19,9 @@
 */
 /**
+ * @addtogroup GNS
+ * @{
+ *
 * @author Christian Grothoff
 *
 * @file
@@ -34,6 +37,8 @@
 #ifndef GNUNET_GNSRECORD_LIB_H
 #define GNUNET_GNSRECORD_LIB_H
+#include "gnunet_common.h"
 #include "gnunet_identity_service.h"
 #ifdef __cplusplus
@@ -66,59 +71,102 @@ extern "C" {
 #include "gnu_name_system_record_types.h"
 /**
+ * When comparing flags for record equality for removal,
+ * which flags should must match (in addition to the type,
+ * name, expiration value and data of the record)?  All flags
+ * that are not listed here will be ignored for this purpose.
+ * (for example, we don't expect that users will remember to
+ * pass the '--private' option when removing a record from
+ * the namestore, hence we don't require this particular option
+ * to match upon removal).  See also
+ * #GNUNET_GNSRECORD_records_cmp.
+ */
+#define GNUNET_GNSRECORD_RF_RCMP_FLAGS (GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)
+/**
 * Flags that can be set for a record.
- * MUST fit into 16 bit.
+ * The numbers in the registry correspond to the bit index as specified in
+ * LSD0001 Chapter "Resource Records".
+ * Each enum member represents the 16-bit integer value of the flags field if
+ * only that particular flag was set.
+ * The value can be used to efficiently compare the bitmask setting for the
+ * record flag in C.
+ * WARNING: The values are in host byte order! In order to correctly check
+ * against the flags field a record, the respective fields must
+ * also be converted to HBO (or the enum value to NBO).
 */
 enum GNUNET_GNSRECORD_Flags
 {
  /**
-   * No special options.
+   * Entry for no flags / cleared flags.
   */
  GNUNET_GNSRECORD_RF_NONE = 0,
  /**
-   * This record is critical. If it cannot be processed
+   * This record is critical. If it cannot be processed (for example because the record type is unknown) resolution MUST fail
-   * (for example beacuse the record type is unknown)
-   * resolution MUST fail
   */
-  GNUNET_GNSRECORD_RF_CRITICAL = 1,
+  GNUNET_GNSRECORD_RF_CRITICAL = 1 << (15 - 15),
  /**
-   * This record should not be used unless all (other) records with an absolute
+   * This record should not be used unless all (other) records in the set with an absolute expiration time have expired.
-   * expiration time have expired.
   */
-  GNUNET_GNSRECORD_RF_SHADOW_RECORD = 2,
+  GNUNET_GNSRECORD_RF_SHADOW = 1 << (15 - 14),
  /**
   * This is a supplemental record.
   */
-  GNUNET_GNSRECORD_RF_SUPPLEMENTAL = 4,
+  GNUNET_GNSRECORD_RF_SUPPLEMENTAL = 1 << (15 - 13),
  /**
-   * This expiration time of the record is a relative
+   * Maintenance records. E.g. TOMBSTONEs
-   * time (not an absolute time).
   */
-  GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION = 16384, /* 2^14 */
+  GNUNET_GNSRECORD_RF_MAINTENANCE = 1 << (15 - 2),
  /**
-   * This is a private record of this peer and it should
+   * This expiration time of the record is a relative time (not an absolute time). Used in GNUnet implementation.
-   * thus not be handed out to other peers.
   */
-  GNUNET_GNSRECORD_RF_PRIVATE = 32768, /* 2^15 */
+  GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION = 1 << (15 - 1),
+  /**
+   * This is a private record of this peer and it should thus not be published.
+   */
+  GNUNET_GNSRECORD_RF_PRIVATE = 1 << (15 - 0),
+};
 /**
- * When comparing flags for record equality for removal,
+ * Filter for GNUNET_GNSRECORD_normalize_record_set().
- * which flags should must match (in addition to the type,
- * name, expiration value and data of the record)?  All flags
- * that are not listed here will be ignored for this purpose.
- * (for example, we don't expect that users will remember to
- * pass the '--private' option when removing a record from
- * the namestore, hence we don't require this particular option
- * to match upon removal).  See also
- * #GNUNET_GNSRECORD_records_cmp.
 */
-#define GNUNET_GNSRECORD_RF_RCMP_FLAGS (GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)
+enum GNUNET_GNSRECORD_Filter
+{
+  /**
+   * No filter flags set.
+   * Private and public records are returned,
+   * maintenance records (TOMBSTONE etc) are not.
+   */
+  GNUNET_GNSRECORD_FILTER_NONE = 0,
+  /**
+   * Include maintenance records (TOMBSTONE etc).
+   */
+  GNUNET_GNSRECORD_FILTER_INCLUDE_MAINTENANCE = 1,
+  /**
+   * Filter private records
+   */
+  GNUNET_GNSRECORD_FILTER_OMIT_PRIVATE = 2,
+  /**
+   * Filter public records.
+   * FIXME: Not implemented
+   */
+  // GNUNET_NAMESTORE_FILTER_OMIT_PUBLIC = 4,
 };
@@ -283,6 +331,31 @@ struct GNUNET_GNSRECORD_BoxRecord
  /* followed by the 'original' record */
 };
+/**
+ * Record type used to box up SMIMEA records.  For example, a
+ * SMIMEA record for "c93f1e400f26708f98cb19d936620da35eec8f72e57
+ * f9eec01c1afd6._smimecert.foo.gnu" will be stored under
+ * "foo.gnu" as a SBOX record with the local-path of the associated
+ * e-mails hash turnicated to 28 octets encoded as hex and protocol _smimecert
+ * and record_type "SMIMEA".  When a BOX record is received, GNS
+ * unboxes it if the name contained "hash._PROTO", otherwise GNS
+ * leaves it untouched.  This is done to ensure that SMIMEA
+ * records do not require a separate network request, thus making SMIMEA
+ * records inseparable from the "main" A/AAAA/VPN/etc. records.
+ */
+struct GNUNET_GNSRECORD_SBoxRecord
+{
+  /**
+   * GNS record type of the boxed record. In NBO.
+   */
+  uint32_t record_type GNUNET_PACKED;
+  /* followed by the zero terminated hostname prefix */
+  /* followed by the 'original' record */
+};
 /**
 * Record type used internally to keep track of reverse mappings into a
 * namespace.
@@ -295,7 +368,7 @@ struct GNUNET_GNSRECORD_ReverseRecord
  /**
   * The public key of the namespace the is delegating to our namespace
   */
-  struct GNUNET_IDENTITY_PublicKey pkey;
+  struct GNUNET_CRYPTO_PublicKey pkey;
  /**
   * The expiration time of the delegation
@@ -450,7 +523,7 @@ GNUNET_GNSRECORD_string_normalize (const char *src);
 * #GNUNET_GNSRECORD_z2s.
 */
 const char *
-GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z);
+GNUNET_GNSRECORD_z2s (const struct GNUNET_CRYPTO_PublicKey *z);
 /**
@@ -464,7 +537,7 @@ GNUNET_GNSRECORD_z2s (const struct GNUNET_IDENTITY_PublicKey *z);
 *         key in an encoding suitable for DNS labels.
 */
 const char *
-GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey);
+GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_PublicKey *pkey);
 /**
@@ -478,7 +551,7 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_IDENTITY_PublicKey *pkey);
 */
 int
 GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
-                               struct GNUNET_IDENTITY_PublicKey *pkey);
+                               struct GNUNET_CRYPTO_PublicKey *pkey);
 /**
@@ -490,12 +563,13 @@ GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
 */
 void
 GNUNET_GNSRECORD_query_from_private_key (
-  const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label,
+  const struct GNUNET_CRYPTO_PrivateKey *zone, const char *label,
  struct GNUNET_HashCode *query);
 /**
 * Calculate the DHT query for a given @a label in a given @a zone.
+ * FIXME: We may want to plugin-ize this at some point.
 *
 * @param pub public key of the zone
 * @param label label of the record
@@ -503,7 +577,7 @@ GNUNET_GNSRECORD_query_from_private_key (
 */
 void
 GNUNET_GNSRECORD_query_from_public_key (
-  const struct GNUNET_IDENTITY_PublicKey *pub, const char *label,
+  const struct GNUNET_CRYPTO_PublicKey *pub, const char *label,
  struct GNUNET_HashCode *query);
@@ -517,10 +591,23 @@ GNUNET_GNSRECORD_query_from_public_key (
 */
 ssize_t
 GNUNET_GNSRECORD_block_calculate_size (const struct
-                                       GNUNET_IDENTITY_PrivateKey *key,
+                                       GNUNET_CRYPTO_PrivateKey *key,
                                       const struct GNUNET_GNSRECORD_Data *rd,
                                       unsigned int rd_count);
+/**
+ * Sign a block create with #GNUNET_GNSRECORD_block_create_unsigned
+ *
+ * @param key the private key
+ * @param label the label of the block
+ * @param block the unsigned block
+ * @return GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_block_sign (const struct
+                             GNUNET_CRYPTO_PrivateKey *key,
+                             const char *label,
+                             struct GNUNET_GNSRECORD_Block *block);
 /**
 * Sign name and records
@@ -534,7 +621,7 @@ GNUNET_GNSRECORD_block_calculate_size (const struct
 * @return GNUNET_OK on success
 */
 enum GNUNET_GenericReturnValue
-GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
+GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_PrivateKey *key,
                               struct GNUNET_TIME_Absolute expire,
                               const char *label,
                               const struct GNUNET_GNSRECORD_Data *rd,
@@ -543,6 +630,31 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
 /**
+ * Create name and records but do not sign!
+ * Sign later with #GNUNET_GNSRECORD_block_sign().
+ * Cache derived public key (also keeps the
+ * private key in static memory, so do not use this function if
+ * keeping the private key in the process'es RAM is a major issue).
+ *
+ * @param key the private key
+ * @param expire block expiration
+ * @param label the name for the records
+ * @param rd record data
+ * @param rd_count number of records in @a rd
+ * @param result the block buffer. Will be allocated.
+ * @return GNUNET_OK on success.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_block_create_unsigned (const struct
+                                        GNUNET_CRYPTO_PrivateKey *key,
+                                        struct GNUNET_TIME_Absolute expire,
+                                        const char *label,
+                                        const struct GNUNET_GNSRECORD_Data *rd,
+                                        unsigned int rd_count,
+                                        struct GNUNET_GNSRECORD_Block **result);
+/**
 * Sign name and records, cache derived public key (also keeps the
 * private key in static memory, so do not use this function if
 * keeping the private key in the process'es RAM is a major issue).
@@ -556,7 +668,7 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
 * @return GNUNET_OK on success.
 */
 enum GNUNET_GenericReturnValue
-GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key,
+GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_PrivateKey *key,
                                struct GNUNET_TIME_Absolute expire,
                                const char *label,
                                const struct GNUNET_GNSRECORD_Data *rd,
@@ -571,7 +683,7 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *key,
 * @param block block to verify
 * @return #GNUNET_OK if the signature is valid
 */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block);
@@ -586,10 +698,10 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block);
 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the block was
 *        not well-formed
 */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_block_decrypt (
  const struct GNUNET_GNSRECORD_Block *block,
-  const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label,
+  const struct GNUNET_CRYPTO_PublicKey *zone_key, const char *label,
  GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls);
@@ -600,7 +712,7 @@ GNUNET_GNSRECORD_block_decrypt (
 * @param b another record
 * @return #GNUNET_YES if the records are equal, or #GNUNET_NO if not.
 */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_records_cmp (const struct GNUNET_GNSRECORD_Data *a,
                              const struct GNUNET_GNSRECORD_Data *b);
@@ -669,7 +781,7 @@ enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_identity_from_data (const char *data,
                                     size_t data_size,
                                     uint32_t type,
-                                     struct GNUNET_IDENTITY_PublicKey *key);
+                                     struct GNUNET_CRYPTO_PublicKey *key);
 /**
@@ -683,7 +795,7 @@ GNUNET_GNSRECORD_identity_from_data (const char *data,
 */
 enum GNUNET_GenericReturnValue
 GNUNET_GNSRECORD_data_from_identity (const struct
-                                     GNUNET_IDENTITY_PublicKey *key,
+                                     GNUNET_CRYPTO_PublicKey *key,
                                     char **data,
                                     size_t *data_size,
                                     uint32_t *type);
@@ -720,9 +832,9 @@ GNUNET_GNSRECORD_is_critical (uint32_t type);
 * @param rd input records
 * @param rd_count size of the @a rd and @a rd_public arrays
 * @param rd_public where to write the converted records
- * @param rd_public_count number of records written to @a rd_public
+ * @param rd_count_public number of records written to @a rd_public
 * @param min_expiry the minimum expiration of this set
- * @param include_private GNUNET_YES if private records should be included.
+ * @param filter the record set filter, see GNUNET_GNSRECORD_Filter.
 * @param emsg the error message if something went wrong
 * @return GNUNET_OK if set could be normalized and is consistent
 */
@@ -733,43 +845,147 @@ GNUNET_GNSRECORD_normalize_record_set (const char *label,
                                       struct GNUNET_GNSRECORD_Data *rd_public,
                                       unsigned int *rd_count_public,
                                       struct GNUNET_TIME_Absolute *min_expiry,
-                                       int include_private,
+                                       enum GNUNET_GNSRECORD_Filter filter,
                                       char **emsg);
+/**
+ * Check label for invalid characters.
+ *
+ * @param label the label to check
+ * @param emsg an error message (NULL if label is valid). Will be allocated.
+ * @return GNUNET_OK if label is valid.
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_GNSRECORD_label_check (const char*label, char **emsg);
+/**
+ * Maximum length of a revocation
+ */
+#define GNUNET_MAX_POW_SIZE sizeof(struct GNUNET_GNSRECORD_PowP)  \
+  + sizeof(struct GNUNET_CRYPTO_PublicKey)  \
+  + 1024                                      // FIXME max sig_len
+/**
+ * The proof-of-work narrowing factor.
+ * The number of PoWs that are calculates as part of revocation.
+ */
+#define POW_COUNT 32
+GNUNET_NETWORK_STRUCT_BEGIN
 /**
- * Convert namestore records from the internal format to that
+ * Struct for a proof of work as part of the revocation.
- * suitable for publication (removes private records).
+ */
+struct GNUNET_GNSRECORD_PowP
+{
+  /**
+   * The timestamp of the revocation
+   */
+  struct GNUNET_TIME_AbsoluteNBO timestamp;
+  /**
+   * The TTL of this revocation (purely informational)
+   */
+  struct GNUNET_TIME_RelativeNBO ttl;
+  /**
+   * The PoWs
+   */
+  uint64_t pow[POW_COUNT] GNUNET_PACKED;
+  /** followed by the public key type, the key and a signature **/
+};
+/**
+ * The signature object we use for the PoW
+ */
+struct GNUNET_GNSRECORD_SignaturePurposePS
+{
+  /**
+   * The signature purpose
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+  /**
+   * The timestamp of the revocation
+   */
+  struct GNUNET_TIME_AbsoluteNBO timestamp;
+  /** Followed by the zone public key type and key **/
+};
+GNUNET_NETWORK_STRUCT_END
+/**
+ * Handle to a running proof-of-work calculation.
+ */
+struct GNUNET_GNSRECORD_PowCalculationHandle;
+/**
+ * Check if the given proof-of-work is valid.
 *
- * @param label the label under which this set is (supposed to be) published.
+ * @param pow proof of work
- * @param rd input records
+ * @param matching_bits how many bits must match (configuration)
- * @param rd_count size of the @a rd and @a rd_public arrays
+ * @param epoch_duration length of single epoch in configuration
- * @param rd_public where to write the converted records
+ * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
- * @param rd_public_count number of records written to @a rd_public
- * @param expiry the expiration of the block
- * @param emsg the error message if something went wrong
- * @return GNUNET_OK if set is consistent and can be exported
 */
 enum GNUNET_GenericReturnValue
-GNUNET_GNSRECORD_convert_records_for_export (const char *label,
+GNUNET_GNSRECORD_check_pow (const struct GNUNET_GNSRECORD_PowP *pow,
-                                             const struct
+                            unsigned int matching_bits,
-                                             GNUNET_GNSRECORD_Data *rd,
+                            struct GNUNET_TIME_Relative epoch_duration);
-                                             unsigned int rd_count,
-                                             struct GNUNET_GNSRECORD_Data *
-                                             rd_public,
-                                             unsigned int *rd_count_public,
-                                             struct GNUNET_TIME_Absolute *expiry,
-                                             char **emsg);
 /**
- * Check label for invalid characters.
+ * Initializes a fresh PoW computation.
 *
- * @param label the label to check
+ * @param key the key to calculate the PoW for.
- * @param emsg an error message (NULL if label is valid). Will be allocated.
+ * @param pow the pow object to work with in the calculation.
- * @return GNUNET_OK if label is valid.
+ */
+void
+GNUNET_GNSRECORD_pow_init (const struct GNUNET_CRYPTO_PrivateKey *key,
+                           struct GNUNET_GNSRECORD_PowP *pow);
+/**
+ * Starts a proof-of-work calculation given the pow object as well as
+ * target epochs and difficulty.
+ *
+ * @param pow the PoW to based calculations on.
+ * @param epochs the number of epochs for which the PoW must be valid.
+ * @param difficulty the base difficulty of the PoW.
+ * @return a handle for use in PoW rounds
+ */
+struct GNUNET_GNSRECORD_PowCalculationHandle*
+GNUNET_GNSRECORD_pow_start (struct GNUNET_GNSRECORD_PowP *pow,
+                            int epochs,
+                            unsigned int difficulty);
+/**
+ * Calculate a single round in the key revocation PoW.
+ *
+ * @param pc handle to the PoW, initially called with NULL.
+ * @return GNUNET_YES if the @a pow is acceptable, GNUNET_NO if not
 */
 enum GNUNET_GenericReturnValue
-GNUNET_GNSRECORD_label_check (const char*label, char **emsg);
+GNUNET_GNSRECORD_pow_round (struct GNUNET_GNSRECORD_PowCalculationHandle *pc);
+size_t
+GNUNET_GNSRECORD_proof_get_size (const struct GNUNET_GNSRECORD_PowP *pow);
+/**
+ * Stop a PoW calculation
+ *
+ * @param pc the calculation to clean up
+ * @return #GNUNET_YES if pow valid, #GNUNET_NO if pow was set but is not
+ * valid
+ */
+void
+GNUNET_GNSRECORD_pow_stop (struct GNUNET_GNSRECORD_PowCalculationHandle *pc);
 #if 0 /* keep Emacsens' auto-indent happy */
 {
@@ -781,3 +997,5 @@ GNUNET_GNSRECORD_label_check (const char*label, char **emsg);
 #endif
 /** @} */ /* end of group */
+/** @} */ /* end of group addition */