diff options
Diffstat (limited to 'src/revocation/revocation_api.c')
-rw-r--r-- | src/revocation/revocation_api.c | 188 |
1 files changed, 146 insertions, 42 deletions
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index 75cfd8761..94fbc7022 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c | |||
@@ -160,7 +160,7 @@ handle_revocation_query_response (void *cls, | |||
160 | */ | 160 | */ |
161 | struct GNUNET_REVOCATION_Query * | 161 | struct GNUNET_REVOCATION_Query * |
162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, | 162 | GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg, |
163 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key, | 163 | const struct GNUNET_IDENTITY_PublicKey *key, |
164 | GNUNET_REVOCATION_Callback func, | 164 | GNUNET_REVOCATION_Callback func, |
165 | void *func_cls) | 165 | void *func_cls) |
166 | { | 166 | { |
@@ -359,10 +359,12 @@ GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
359 | } | 359 | } |
360 | h->func = func; | 360 | h->func = func; |
361 | h->func_cls = func_cls; | 361 | h->func_cls = func_cls; |
362 | env = GNUNET_MQ_msg (rm, | 362 | size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow); |
363 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); | 363 | env = GNUNET_MQ_msg_extra (rm, |
364 | rm->reserved = htonl (0); | 364 | extra_len, |
365 | rm->proof_of_work = *pow; | 365 | GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE); |
366 | rm->pow_size = htonl (extra_len); | ||
367 | memcpy (&rm[1], pow, extra_len); | ||
366 | GNUNET_MQ_send (h->mq, | 368 | GNUNET_MQ_send (h->mq, |
367 | env); | 369 | env); |
368 | return h; | 370 | return h; |
@@ -420,6 +422,58 @@ calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph) | |||
420 | } | 422 | } |
421 | 423 | ||
422 | 424 | ||
425 | enum GNUNET_GenericReturnValue | ||
426 | check_signature_ecdsa (const struct GNUNET_REVOCATION_PowP *pow, | ||
427 | const struct GNUNET_CRYPTO_EcdsaPublicKey *key) | ||
428 | { | ||
429 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS spurp; | ||
430 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | ||
431 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
432 | size_t ksize; | ||
433 | |||
434 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
435 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
436 | |||
437 | spurp.ktype = pk->type; | ||
438 | spurp.key = pk->ecdsa_key; | ||
439 | spurp.timestamp = pow->timestamp; | ||
440 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
441 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
442 | + GNUNET_IDENTITY_key_get_length (pk) | ||
443 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
444 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
445 | "Expected signature payload len: %u\n", | ||
446 | ntohl (spurp.purpose.size)); | ||
447 | sig = (struct GNUNET_CRYPTO_EcdsaSignature *) ((char*)&pow[1] + ksize); | ||
448 | if (GNUNET_OK != | ||
449 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
450 | &spurp.purpose, | ||
451 | sig, | ||
452 | key)) | ||
453 | { | ||
454 | return GNUNET_SYSERR; | ||
455 | } | ||
456 | return GNUNET_OK; | ||
457 | } | ||
458 | |||
459 | |||
460 | enum GNUNET_GenericReturnValue | ||
461 | check_signature (const struct GNUNET_REVOCATION_PowP *pow) | ||
462 | { | ||
463 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
464 | |||
465 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
466 | switch (ntohl (pk->type)) | ||
467 | { | ||
468 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
469 | return check_signature_ecdsa (pow, &pk->ecdsa_key); | ||
470 | default: | ||
471 | return GNUNET_SYSERR; | ||
472 | } | ||
473 | return GNUNET_SYSERR; | ||
474 | } | ||
475 | |||
476 | |||
423 | /** | 477 | /** |
424 | * Check if the given proof-of-work is valid. | 478 | * Check if the given proof-of-work is valid. |
425 | * | 479 | * |
@@ -433,10 +487,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
433 | unsigned int difficulty, | 487 | unsigned int difficulty, |
434 | struct GNUNET_TIME_Relative epoch_duration) | 488 | struct GNUNET_TIME_Relative epoch_duration) |
435 | { | 489 | { |
436 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 490 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
437 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) | 491 | + sizeof (struct GNUNET_TIME_AbsoluteNBO) |
438 | + sizeof (uint64_t)] GNUNET_ALIGN; | 492 | + sizeof (uint64_t)] GNUNET_ALIGN; |
439 | struct GNUNET_REVOCATION_SignaturePurposePS spurp; | ||
440 | struct GNUNET_HashCode result; | 493 | struct GNUNET_HashCode result; |
441 | struct GNUNET_TIME_Absolute ts; | 494 | struct GNUNET_TIME_Absolute ts; |
442 | struct GNUNET_TIME_Absolute exp; | 495 | struct GNUNET_TIME_Absolute exp; |
@@ -446,25 +499,18 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
446 | unsigned int tmp_score = 0; | 499 | unsigned int tmp_score = 0; |
447 | unsigned int epochs; | 500 | unsigned int epochs; |
448 | uint64_t pow_val; | 501 | uint64_t pow_val; |
502 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
503 | |||
504 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
449 | 505 | ||
450 | /** | 506 | /** |
451 | * Check if signature valid | 507 | * Check if signature valid |
452 | */ | 508 | */ |
453 | spurp.key = pow->key; | 509 | if (GNUNET_OK != check_signature (pow)) |
454 | spurp.timestamp = pow->timestamp; | ||
455 | spurp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | ||
456 | spurp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
457 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | ||
458 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
459 | if (GNUNET_OK != | ||
460 | GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, | ||
461 | &spurp.purpose, | ||
462 | &pow->signature, | ||
463 | &pow->key)) | ||
464 | { | 510 | { |
465 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 511 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
466 | "Proof of work signature invalid!\n"); | 512 | "Proof of work signature invalid!\n"); |
467 | return GNUNET_NO; | 513 | return GNUNET_SYSERR; |
468 | } | 514 | } |
469 | 515 | ||
470 | /** | 516 | /** |
@@ -479,8 +525,8 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
479 | &pow->timestamp, | 525 | &pow->timestamp, |
480 | sizeof (uint64_t)); | 526 | sizeof (uint64_t)); |
481 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 527 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
482 | &pow->key, | 528 | pk, |
483 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 529 | GNUNET_IDENTITY_key_get_length (pk)); |
484 | for (unsigned int i = 0; i < POW_COUNT; i++) | 530 | for (unsigned int i = 0; i < POW_COUNT; i++) |
485 | { | 531 | { |
486 | pow_val = GNUNET_ntohll (pow->pow[i]); | 532 | pow_val = GNUNET_ntohll (pow->pow[i]); |
@@ -529,18 +575,15 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow, | |||
529 | } | 575 | } |
530 | 576 | ||
531 | 577 | ||
532 | /** | 578 | enum GNUNET_GenericReturnValue |
533 | * Initializes a fresh PoW computation. | 579 | sign_pow_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, |
534 | * | 580 | struct GNUNET_REVOCATION_PowP *pow) |
535 | * @param key the key to calculate the PoW for. | ||
536 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
537 | */ | ||
538 | void | ||
539 | GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | ||
540 | struct GNUNET_REVOCATION_PowP *pow) | ||
541 | { | 581 | { |
542 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); | 582 | struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get (); |
543 | struct GNUNET_REVOCATION_SignaturePurposePS rp; | 583 | struct GNUNET_REVOCATION_EcdsaSignaturePurposePS rp; |
584 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
585 | size_t ksize; | ||
586 | char *sig; | ||
544 | 587 | ||
545 | /** | 588 | /** |
546 | * Predate the validity period to prevent rejections due to | 589 | * Predate the validity period to prevent rejections due to |
@@ -548,19 +591,57 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
548 | */ | 591 | */ |
549 | ts = GNUNET_TIME_absolute_subtract (ts, | 592 | ts = GNUNET_TIME_absolute_subtract (ts, |
550 | GNUNET_TIME_UNIT_WEEKS); | 593 | GNUNET_TIME_UNIT_WEEKS); |
551 | 594 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | |
595 | ksize = GNUNET_IDENTITY_key_get_length (pk); | ||
552 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); | 596 | pow->timestamp = GNUNET_TIME_absolute_hton (ts); |
553 | rp.timestamp = pow->timestamp; | 597 | rp.timestamp = pow->timestamp; |
554 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); | 598 | rp.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION); |
555 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 599 | rp.purpose.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
556 | + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 600 | + ksize |
557 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 601 | + sizeof (struct GNUNET_TIME_AbsoluteNBO)); |
558 | GNUNET_CRYPTO_ecdsa_key_get_public (key, &pow->key); | 602 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
559 | rp.key = pow->key; | 603 | "Signature payload len: %u\n", |
560 | GNUNET_assert (GNUNET_OK == | 604 | ntohl (rp.purpose.size)); |
561 | GNUNET_CRYPTO_ecdsa_sign_ (key, | 605 | rp.ktype = pk->type; |
562 | &rp.purpose, | 606 | rp.key = pk->ecdsa_key; |
563 | &pow->signature)); | 607 | sig = ((char*)&pow[1]) + ksize; |
608 | return GNUNET_CRYPTO_ecdsa_sign_ (key, | ||
609 | &rp.purpose, | ||
610 | (void*) sig); | ||
611 | |||
612 | } | ||
613 | |||
614 | |||
615 | enum GNUNET_GenericReturnValue | ||
616 | sign_pow (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
617 | struct GNUNET_REVOCATION_PowP *pow) | ||
618 | { | ||
619 | struct GNUNET_IDENTITY_PublicKey *pk; | ||
620 | |||
621 | pk = (struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
622 | GNUNET_IDENTITY_key_get_public (key, pk); | ||
623 | switch (ntohl (pk->type)) | ||
624 | { | ||
625 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
626 | return sign_pow_ecdsa (&key->ecdsa_key, pow); | ||
627 | default: | ||
628 | return GNUNET_NO; | ||
629 | } | ||
630 | return GNUNET_NO; | ||
631 | } | ||
632 | |||
633 | |||
634 | /** | ||
635 | * Initializes a fresh PoW computation. | ||
636 | * | ||
637 | * @param key the key to calculate the PoW for. | ||
638 | * @param[out] pow starting point for PoW calculation (not yet valid) | ||
639 | */ | ||
640 | void | ||
641 | GNUNET_REVOCATION_pow_init (const struct GNUNET_IDENTITY_PrivateKey *key, | ||
642 | struct GNUNET_REVOCATION_PowP *pow) | ||
643 | { | ||
644 | GNUNET_assert (GNUNET_OK == sign_pow (key, pow)); | ||
564 | } | 645 | } |
565 | 646 | ||
566 | 647 | ||
@@ -622,15 +703,17 @@ cmp_pow_value (const void *a, const void *b) | |||
622 | enum GNUNET_GenericReturnValue | 703 | enum GNUNET_GenericReturnValue |
623 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | 704 | GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) |
624 | { | 705 | { |
625 | char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) | 706 | char buf[sizeof(struct GNUNET_IDENTITY_PublicKey) |
626 | + sizeof (uint64_t) | 707 | + sizeof (uint64_t) |
627 | + sizeof (uint64_t)] GNUNET_ALIGN; | 708 | + sizeof (uint64_t)] GNUNET_ALIGN; |
628 | struct GNUNET_HashCode result; | 709 | struct GNUNET_HashCode result; |
710 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
629 | unsigned int zeros; | 711 | unsigned int zeros; |
630 | int ret; | 712 | int ret; |
631 | uint64_t pow_nbo; | 713 | uint64_t pow_nbo; |
632 | 714 | ||
633 | pc->current_pow++; | 715 | pc->current_pow++; |
716 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &(pc->pow[1]); | ||
634 | 717 | ||
635 | /** | 718 | /** |
636 | * Do not try duplicates | 719 | * Do not try duplicates |
@@ -644,8 +727,8 @@ GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
644 | &pc->pow->timestamp, | 727 | &pc->pow->timestamp, |
645 | sizeof (uint64_t)); | 728 | sizeof (uint64_t)); |
646 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], | 729 | GNUNET_memcpy (&buf[sizeof(uint64_t) * 2], |
647 | &pc->pow->key, | 730 | pk, |
648 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); | 731 | GNUNET_IDENTITY_key_get_length (pk)); |
649 | GNUNET_CRYPTO_pow_hash (&salt, | 732 | GNUNET_CRYPTO_pow_hash (&salt, |
650 | buf, | 733 | buf, |
651 | sizeof(buf), | 734 | sizeof(buf), |
@@ -690,4 +773,25 @@ GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc) | |||
690 | } | 773 | } |
691 | 774 | ||
692 | 775 | ||
776 | size_t | ||
777 | GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow) | ||
778 | { | ||
779 | size_t size; | ||
780 | const struct GNUNET_IDENTITY_PublicKey *pk; | ||
781 | |||
782 | size = sizeof (struct GNUNET_REVOCATION_PowP); | ||
783 | pk = (const struct GNUNET_IDENTITY_PublicKey *) &pow[1]; | ||
784 | size += GNUNET_IDENTITY_key_get_length (pk); | ||
785 | |||
786 | switch (ntohl (pk->type)) | ||
787 | { | ||
788 | case GNUNET_IDENTITY_TYPE_ECDSA: | ||
789 | return size + sizeof (struct GNUNET_CRYPTO_EcdsaSignature); | ||
790 | default: | ||
791 | return 0; | ||
792 | } | ||
793 | return 0; | ||
794 | } | ||
795 | |||
796 | |||
693 | /* end of revocation_api.c */ | 797 | /* end of revocation_api.c */ |