diff options
Diffstat (limited to 'src/revocation/revocation_api.c')
-rw-r--r-- | src/revocation/revocation_api.c | 182 |
1 files changed, 136 insertions, 46 deletions
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 75cfd8761..791c3d008 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -160,7 +160,7 @@ handle_revocation_query_response (void *cls, | |||
160 | */ | 160 | */ |
161 | struct GNUNET_REVOCATION_Query * | 161 | struct GNUNET_REVOCATION_Query * |
162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, | 162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, |
163 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 163 | const struct GNUNET_IDENTITY_PublicKey *key, |
164 | GNUNET_REVOCATION_Callback func, | 164 | GNUNET_REVOCATION_Callback func, |
165 | void *func_cls) | 165 | void *func_cls) |
166 | { | 166 | { |
@@ -359,10 +359,12 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
359 | } | 359 | } |
360 | h->func = func; | 360 | h->func = func; |
361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
362 | env = GNUNET_MQ_msg (rm, | 362 | size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow); |
363 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 363 | env = GNUNET_MQ_msg_extra (rm, |
364 | rm->reserved = htonl (0); | 364 | extra_len, |
365 | rm->proof_of_work = *pow; | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
366 | rm->pow_size = htonl (extra_len); | ||
367 | memcpy (&rm[1], pow, extra_len); | ||
366 | GNUNET_MQ_send (h->mq, | 368 | GNUNET_MQ_send (h->mq, |
367 | env); | 369 | env); |
368 | return h; | 370 | return h; |
@@ -420,6 +422,51 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
420 | } | 422 | } |
421 | 423 | ||
422 | 424 | ||
425 | enum GNUNET_GenericReturnValue | ||
426 | check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow, | ||
427 | const struct GNUNET_IDENTITY_PublicKey *key) | ||
428 | { | ||
429 | struct GNUNET_REVOCATION_SignaturePurposePS *spurp; | ||
430 | struct GNUNET_IDENTITY_Signature *sig; | ||
431 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
432 | size_t ksize; | ||
433 | |||
434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
435 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
436 | |||
437 | spurp = GNUNET_malloc (sizeof (*spurp) + ksize); | ||
438 | spurp->timestamp = pow->timestamp; | ||
439 | spurp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
440 | spurp->purpose.size = htonl (sizeof(*spurp) + ksize); | ||
441 | GNUNET_IDENTITY_write_key_to_buffer (pk, | ||
442 | (char*) &spurp[1], | ||
443 | ksize); | ||
444 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
445 | "Expected signature payload len: %u\n", | ||
446 | ntohl (spurp->purpose.size)); | ||
447 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); | ||
448 | if (GNUNET_OK != | ||
449 | GNUNET_IDENTITY_signature_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
450 | &spurp->purpose, | ||
451 | sig, | ||
452 | key)) | ||
453 | { | ||
454 | return GNUNET_SYSERR; | ||
455 | } | ||
456 | return GNUNET_OK; | ||
457 | } | ||
458 | |||
459 | |||
460 | enum GNUNET_GenericReturnValue | ||
461 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | ||
462 | { | ||
463 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
464 | |||
465 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
466 | return check_signature_identity (pow, pk); | ||
467 | } | ||
468 | |||
469 | |||
423 | /** | 470 | /** |
424 | * Check if the given proof-of-work is valid. | 471 | * Check if the given proof-of-work is valid. |
425 | * | 472 | * |
@@ -433,10 +480,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
433 | unsigned int difficulty, | 480 | unsigned int difficulty, |
434 | struct GNUNET_TIME_Relative epoch_duration) | 481 | struct GNUNET_TIME_Relative epoch_duration) |
435 | { | 482 | { |
436 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 483 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) | 484 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) |
438 | + sizeof (uint64_t)] GNUNET_ALIGN; | 485 | + sizeof (uint64_t)] GNUNET_ALIGN; |
439 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | ||
440 | struct GNUNET_HashCode result; | 486 | struct GNUNET_HashCode result; |
441 | struct GNUNET_TIME_Absolute ts; | 487 | struct GNUNET_TIME_Absolute ts; |
442 | struct GNUNET_TIME_Absolute exp; | 488 | struct GNUNET_TIME_Absolute exp; |
@@ -446,25 +492,18 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
446 | unsigned int tmp_score = 0; | 492 | unsigned int tmp_score = 0; |
447 | unsigned int epochs; | 493 | unsigned int epochs; |
448 | uint64_t pow_val; | 494 | uint64_t pow_val; |
495 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
496 | |||
497 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
449 | 498 | ||
450 | /** | 499 | /** |
451 | * Check if signature valid | 500 | * Check if signature valid |
452 | */ | 501 | */ |
453 | spurp.key = pow->key; | 502 | if (GNUNET_OK != check_signature (pow)) |
454 | spurp.timestamp = pow->timestamp; | ||
455 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
456 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
457 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | ||
458 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
459 | if (GNUNET_OK != | ||
460 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
461 | &spurp.purpose, | ||
462 | &pow->signature, | ||
463 | &pow->key)) | ||
464 | { | 503 | { |
465 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 504 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
466 | "Proof of work signature invalid!\n"); | 505 | "Proof of work signature invalid!\n"); |
467 | return GNUNET_NO; | 506 | return GNUNET_SYSERR; |
468 | } | 507 | } |
469 | 508 | ||
470 | /** | 509 | /** |
@@ -479,8 +518,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
479 | &pow->timestamp, | 518 | &pow->timestamp, |
480 | sizeof (uint64_t)); | 519 | sizeof (uint64_t)); |
481 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 520 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
482 | &pow->key, | 521 | pk, |
483 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 522 | GNUNET_IDENTITY_key_get_length (pk)); |
484 | for (unsigned int i = 0; i < POW_COUNT; i++) | 523 | for (unsigned int i = 0; i < POW_COUNT; i++) |
485 | { | 524 | { |
486 | pow_val = GNUNET_ntohll (pow->pow[i]); | 525 | pow_val = GNUNET_ntohll (pow->pow[i]); |
@@ -529,18 +568,15 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
529 | } | 568 | } |
530 | 569 | ||
531 | 570 | ||
532 | /** | 571 | enum GNUNET_GenericReturnValue |
533 | * Initializes a fresh PoW computation. | 572 | sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key, |
534 | * | 573 | struct GNUNET_REVOCATION_PowP *pow) |
535 | * @param key the key to calculate the PoW for. | ||
536 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
537 | */ | ||
538 | void | ||
539 | GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
540 | struct GNUNET_REVOCATION_PowP *pow) | ||
541 | { | 574 | { |
542 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 575 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
543 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 576 | struct GNUNET_REVOCATION_SignaturePurposePS *rp; |
577 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
578 | size_t ksize; | ||
579 | char *sig; | ||
544 | 580 | ||
545 | /** | 581 | /** |
546 | * Predate the validity period to prevent rejections due to | 582 | * Predate the validity period to prevent rejections due to |
@@ -548,19 +584,53 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
548 | */ | 584 | */ |
549 | ts = GNUNET_TIME_absolute_subtract (ts, | 585 | ts = GNUNET_TIME_absolute_subtract (ts, |
550 | GNUNET_TIME_UNIT_WEEKS); | 586 | GNUNET_TIME_UNIT_WEEKS); |
551 | 587 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | |
588 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
552 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | 589 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); |
553 | rp.timestamp = pow->timestamp; | 590 | rp = GNUNET_malloc (sizeof (*rp) + ksize); |
554 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 591 | rp->timestamp = pow->timestamp; |
555 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 592 | rp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
556 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 593 | rp->purpose.size = htonl (sizeof(*rp) + ksize); |
557 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 594 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
558 | GNUNET_CRYPTO_ecdsa_key_get_public (key, &pow->key); | 595 | "Signature payload len: %u\n", |
559 | rp.key = pow->key; | 596 | ntohl (rp->purpose.size)); |
560 | GNUNET_assert (GNUNET_OK == | 597 | GNUNET_IDENTITY_write_key_to_buffer (pk, |
561 | GNUNET_CRYPTO_ecdsa_sign_ (key, | 598 | ((char*) &rp[1]), |
562 | &rp.purpose, | 599 | ksize); |
563 | &pow->signature)); | 600 | sig = ((char*) &pow[1]) + ksize; |
601 | int result = GNUNET_IDENTITY_sign_ (key, | ||
602 | &rp->purpose, | ||
603 | (void*) sig); | ||
604 | if (result == GNUNET_SYSERR) | ||
605 | return GNUNET_NO; | ||
606 | else | ||
607 | return result; | ||
608 | } | ||
609 | |||
610 | |||
611 | enum GNUNET_GenericReturnValue | ||
612 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
613 | struct GNUNET_REVOCATION_PowP *pow) | ||
614 | { | ||
615 | struct GNUNET_IDENTITY_PublicKey *pk; | ||
616 | |||
617 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
618 | GNUNET_IDENTITY_key_get_public (key, pk); | ||
619 | return sign_pow_identity (key, pow); | ||
620 | } | ||
621 | |||
622 | |||
623 | /** | ||
624 | * Initializes a fresh PoW computation. | ||
625 | * | ||
626 | * @param key the key to calculate the PoW for. | ||
627 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
628 | */ | ||
629 | void | ||
630 | GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
631 | struct GNUNET_REVOCATION_PowP *pow) | ||
632 | { | ||
633 | GNUNET_assert (GNUNET_OK == sign_pow (key, pow)); | ||
564 | } | 634 | } |
565 | 635 | ||
566 | 636 | ||
@@ -622,15 +692,17 @@ cmp_pow_value (const void *a, const void *b) | |||
622 | enum GNUNET_GenericReturnValue | 692 | enum GNUNET_GenericReturnValue |
623 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | 693 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) |
624 | { | 694 | { |
625 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 695 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
626 | + sizeof (uint64_t) | 696 | + sizeof (uint64_t) |
627 | + sizeof (uint64_t)] GNUNET_ALIGN; | 697 | + sizeof (uint64_t)] GNUNET_ALIGN; |
628 | struct GNUNET_HashCode result; | 698 | struct GNUNET_HashCode result; |
699 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
629 | unsigned int zeros; | 700 | unsigned int zeros; |
630 | int ret; | 701 | int ret; |
631 | uint64_t pow_nbo; | 702 | uint64_t pow_nbo; |
632 | 703 | ||
633 | pc->current_pow++; | 704 | pc->current_pow++; |
705 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]); | ||
634 | 706 | ||
635 | /** | 707 | /** |
636 | * Do not try duplicates | 708 | * Do not try duplicates |
@@ -644,8 +716,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
644 | &pc->pow->timestamp, | 716 | &pc->pow->timestamp, |
645 | sizeof (uint64_t)); | 717 | sizeof (uint64_t)); |
646 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 718 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
647 | &pc->pow->key, | 719 | pk, |
648 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 720 | GNUNET_IDENTITY_key_get_length (pk)); |
649 | GNUNET_CRYPTO_pow_hash (&salt, | 721 | GNUNET_CRYPTO_pow_hash (&salt, |
650 | buf, | 722 | buf, |
651 | sizeof(buf), | 723 | sizeof(buf), |
@@ -690,4 +762,22 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
690 | } | 762 | } |
691 | 763 | ||
692 | 764 | ||
765 | size_t | ||
766 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | ||
767 | { | ||
768 | size_t size; | ||
769 | size_t ksize; | ||
770 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
771 | const struct GNUNET_IDENTITY_Signature *sig; | ||
772 | |||
773 | size = sizeof (struct GNUNET_REVOCATION_PowP); | ||
774 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
775 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
776 | size += ksize; | ||
777 | sig = (struct GNUNET_IDENTITY_Signature *) ((char*) &pow[1] + ksize); | ||
778 | size += GNUNET_IDENTITY_signature_get_length (sig); | ||
779 | return size; | ||
780 | } | ||
781 | |||
782 | |||
693 | /* end of revocation_api.c */ | 783 | /* end of revocation_api.c */ |